@minhduydev/mdpi 0.4.1 → 0.5.0

package/dist/template/.pi/skills/zustand/SKILL.md

@@ -0,0 +1,333 @@
+---
+name: zustand
+description: Use when implementing global or shared state management in React with Zustand v5. Covers store creation, slices pattern, middleware, selective subscriptions, React 19 + SSR integration. MUST load before any state management implementation.
+---
+
+# Zustand v5
+
+## When to Use
+
+- Managing global or shared client-side state in React
+- Replacing Redux, Jotai, or Context for state management
+- Creating stores that are used across multiple components
+- Implementing slices for domain-separated state
+- Persisting state to localStorage or sessionStorage
+- Using middleware (immer, devtools, persist)
+
+## When NOT to Use
+
+- Server state (use TanStack Query or Server Components)
+- Form state (use React Hook Form or Server Actions)
+- Single-component local state (use `useState` or `useReducer`)
+- Server Components (Zustand is client-only)
+
+## Setup
+
+```bash
+npm install zustand
+```
+
+## Basic Store
+
+```tsx
+// stores/counter.ts
+import { create } from 'zustand'
+
+interface CounterState {
+  count: number
+  increment: () => void
+  decrement: () => void
+  reset: () => void
+}
+
+export const useCounterStore = create<CounterState>((set) => ({
+  count: 0,
+  increment: () => set((state) => ({ count: state.count + 1 })),
+  decrement: () => set((state) => ({ count: state.count - 1 })),
+  reset: () => set({ count: 0 }),
+}))
+```
+
+```tsx
+// components/Counter.tsx
+'use client'
+
+import { useCounterStore } from '@/stores/counter'
+
+export function Counter() {
+  const { count, increment, decrement } = useCounterStore()
+
+  return (
+    <div>
+      <p>Count: {count}</p>
+      <button onClick={increment}>+</button>
+      <button onClick={decrement}>-</button>
+    </div>
+  )
+}
+```
+
+## Slices Pattern
+
+Split store into domain slices:
+
+```tsx
+// stores/index.ts
+import { create } from 'zustand'
+import { createAuthSlice, type AuthSlice } from './slices/auth'
+import { createCartSlice, type CartSlice } from './slices/cart'
+
+type Store = AuthSlice & CartSlice
+
+export const useStore = create<Store>()((...args) => ({
+  ...createAuthSlice(...args),
+  ...createCartSlice(...args),
+}))
+```
+
+```tsx
+// stores/slices/auth.ts
+import type { StateCreator } from 'zustand'
+
+export interface AuthSlice {
+  user: User | null
+  login: (credentials: Credentials) => Promise<void>
+  logout: () => void
+}
+
+export const createAuthSlice: StateCreator<AuthSlice, [], [], AuthSlice> = (set) => ({
+  user: null,
+  login: async (credentials) => {
+    const user = await api.login(credentials)
+    set({ user })
+  },
+  logout: () => set({ user: null }),
+})
+```
+
+## Selective Subscriptions
+
+Zustand re-renders only when **used** state changes:
+
+```tsx
+// ❌ Whole store — re-renders on any change
+const { count, name } = useStore()
+
+// ✅ Selective — re-renders only when count changes
+const count = useStore((state) => state.count)
+const increment = useStore((state) => state.increment) // Stable reference
+
+// ✅ Multiple values — useShallow for objects
+import { useShallow } from 'zustand/react/shallow'
+
+const { name, email } = useStore(
+  useShallow((state) => ({ name: state.user.name, email: state.user.email }))
+)
+```
+
+`useShallow` does shallow equality — avoids re-render when both values are the same.
+
+## Middleware
+
+### Persist (localStorage)
+
+```tsx
+import { create } from 'zustand'
+import { persist } from 'zustand/middleware'
+
+export const useSettingsStore = create(
+  persist(
+    (set) => ({
+      theme: 'light',
+      setTheme: (theme: 'light' | 'dark') => set({ theme }),
+    }),
+    {
+      name: 'app-settings',  // localStorage key
+      partialize: (state) => ({ theme: state.theme }),  // Only persist theme
+    }
+  )
+)
+```
+
+### Immer (Immutable Updates)
+
+```tsx
+import { create } from 'zustand'
+import { immer } from 'zustand/middleware/immer'
+
+export const useTodoStore = create(
+  immer((set) => ({
+    todos: [] as Todo[],
+    addTodo: (text: string) =>
+      set((state) => {
+        state.todos.push({ id: crypto.randomUUID(), text, done: false })
+      }),
+    toggleTodo: (id: string) =>
+      set((state) => {
+        const todo = state.todos.find((t) => t.id === id)
+        if (todo) todo.done = !todo.done
+      }),
+  }))
+)
+```
+
+### DevTools
+
+```tsx
+import { create } from 'zustand'
+import { devtools } from 'zustand/middleware'
+
+export const useStore = create(
+  devtools(
+    (set) => ({
+      count: 0,
+      increment: () => set((s) => ({ count: s.count + 1 }), false, 'increment'),
+    }),
+    { name: 'AppStore' }  // Name in Redux DevTools
+  )
+)
+```
+
+### Combining Multiple Middleware
+
+```tsx
+import { create } from 'zustand'
+import { devtools, persist, immer } from 'zustand/middleware'
+
+export const useStore = create(
+  devtools(
+    persist(
+      immer((set) => ({
+        // store...
+      })),
+      { name: 'app-storage' }
+    ),
+    { name: 'AppStore' }
+  )
+)
+```
+
+## React 19 + Server Components
+
+Zustand is **client-only**. Pattern for Next.js App Router:
+
+```tsx
+// stores/useStore.ts
+import { create } from 'zustand'
+
+export const useStore = create<Store>((set) => ({
+  // ...
+}))
+```
+
+```tsx
+// components/ClientWrapper.tsx
+'use client'
+
+import { useStore } from '@/stores/useStore'
+
+export function ClientWrapper({ children }) {
+  const data = useStore((s) => s.data)
+
+  return <div>{children}</div>
+}
+```
+
+**Rules**:
+- Stores are defined outside components (module scope)
+- Store consumers must be in `'use client'` components
+- Server Components can import the store type but cannot `useStore()`
+- Use React Context to provide a store instance if you need SSR hydration
+
+## SSR Hydration Pattern
+
+```tsx
+// app/providers.tsx
+'use client'
+
+import { type ReactNode, createContext, useContext, useRef } from 'react'
+import { type StoreApi, useStore } from 'zustand'
+
+// Create context for store
+const StoreContext = createContext<StoreApi<AppStore> | null>(null)
+
+export function StoreProvider({ children }: { children: ReactNode }) {
+  const storeRef = useRef<StoreApi<AppStore>>()
+
+  if (!storeRef.current) {
+    storeRef.current = createAppStore()
+  }
+
+  return (
+    <StoreContext.Provider value={storeRef.current}>
+      {children}
+    </StoreContext.Provider>
+  )
+}
+
+// Hook to use the store
+export function useAppStore<T>(selector: (state: AppStore) => T): T {
+  const store = useContext(StoreContext)
+  if (!store) throw new Error('Missing StoreProvider')
+  return useStore(store, selector)
+}
+```
+
+## Async Actions
+
+```tsx
+// Async actions are just async functions in the store:
+interface UserStore {
+  user: User | null
+  loading: boolean
+  error: Error | null
+  fetchUser: (id: string) => Promise<void>
+}
+
+export const useUserStore = create<UserStore>((set) => ({
+  user: null,
+  loading: false,
+  error: null,
+  fetchUser: async (id) => {
+    set({ loading: true, error: null })
+    try {
+      const user = await api.getUser(id)
+      set({ user, loading: false })
+    } catch (error) {
+      set({ error: error as Error, loading: false })
+    }
+  },
+}))
+```
+
+## When to Use Zustand vs Context vs TanStack Query
+
+| Tool | Best for |
+|------|----------|
+| **Zustand** | Global client state: theme, auth, cart, UI preferences |
+| **React Context** | Dependency injection, theming, auth provider — static values that rarely change |
+| **TanStack Query** | Server state: data fetching, caching, mutations |
+| **useState/useReducer** | Local component state |
+
+## Common Pitfalls
+
+| Pitfall | Fix |
+|---------|-----|
+| Using Zustand for server state | Use TanStack Query for fetched data — Zustand for client-only state |
+| `useStore()` without selector — re-renders on any change | Always use selectors: `useStore(s => s.count)` |
+| Multiple values returned as new object every render | Use `useShallow` for object selectors |
+| Store in Server Component | Move store usage to `'use client'` |
+| `getState()` in render | `getState()` is for callbacks/outside React, not render |
+| Large stores with everything in one file | Use slices pattern to separate domains |
+| Recreating store on every render | Define store outside component or use `useRef` for context pattern |
+
+## Verification
+
+- [ ] Store defined outside component (module scope) or via `useRef` in provider
+- [ ] All store consumers are in `'use client'` components
+- [ ] Selectors used for granular subscriptions — no destructured `useStore()`
+- [ ] `useShallow` used for multi-value object selectors
+- [ ] Server state (fetched data) managed by TanStack Query, not Zustand
+- [ ] Slices pattern used for stores with multiple domains
+- [ ] `persist` middleware configured with `partialize` to avoid storing sensitive data
+- [ ] DevTools middleware enabled (development only)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@minhduydev/mdpi",
-  "version": "0.4.1",
+  "version": "0.5.0",
   "description": "CLI to scaffold and manage a Pi coding-agent kit (.pi/) in any repo",
   "keywords": [
     "pi",

package/dist/template/.pi/prompts/loop-check.md

@@ -1,87 +0,0 @@
----
-description: NO-GO qualification gate — decide whether a task is safe to run as an unattended loop
-argument-hint: "<task description> [--help]"
----
-
-# Loop-Check: $ARGUMENTS
-
-Qualify a task before it is ever scheduled as an unattended loop. Emit a single GO/NO-GO verdict with the cited condition that produced it. This prompt is the gate *before* the gate — it refuses work a loop cannot honestly judge.
-
-> Refuse first, test second, checklist last. Never let "looks automatable" override the refuse-list.
-
-## Parse Arguments
-
-| Argument       | Default  | Description                                      |
-| ------------- | -------- | ------------------------------------------------ |
-| `<task>`      | required | The task proposed for unattended looping          |
-| `--help`      | false    | Show this usage                                   |
-
-## Step 1 — Refuse-List (Immediate NO-GO)
-
-If the task touches any of these, **stop here** and emit NO-GO. Do not proceed to the 2-condition test.
-
-- **auth** — login, sessions, tokens, permissions, auth flows, auth module rewrites
-- **payments** — billing, checkout, refunds, subscriptions, payment provider integration
-- **architecture** — framework/library switches, schema migrations, new DB tables, new services, breaking API changes
-
-> Rationale: these need human judgement a loop cannot provide. The refuse-list is the honest ceiling, not a configurable preference.
-
-If a refuse-list category is hit → `CONDITION: <refused category> refused` (e.g. `CONDITION: architecture refused`).
-
-## Step 2 — The 2-Condition Test
-
-Both conditions must hold. If either fails, emit NO-GO citing the failed condition.
-
-1. **Verification is automated.** There exists an objective command whose **exit code** decides pass/fail — `npm test`, `tsc --noEmit`, `eslint`, a custom gate script. The stop condition is computational (exit code), never an LLM's opinion. If the only "check" is "the agent says it looks good" → FAIL.
-2. **The token budget absorbs the waste.** The cost of one wasted run (gate fails, no-op, early-exit) is small enough that running on the scheduled cadence does not blow the budget. If a single failed run is expensive (large model, long context, many turns) and there is no per-run cap → FAIL.
-
-If condition 1 fails → `CONDITION: verification not automated (no exit-code gate)`.
-If condition 2 fails → `CONDITION: budget does not absorb waste (uncapped/expensive failed run)`.
-
-## Step 3 — 30-Second Checklist
-
-Confirm every item. Any miss → NO-GO citing the missing item.
-
-- [ ] **Objective gate exists** — a named command with a pass = exit 0 contract (write it down; "tests" without a command is not a gate).
-- [ ] **Hard stop exists** — a non-negotiable exit condition: repeated gate failure, budget cap hit, or forbidden path touched. The loop exits; it does not improvise.
-- [ ] **Human approves merge/deploy/dependency changes** — the loop may open PRs and stage work; a human merges, deploys, and changes deps. No auto-merge.
-
-Missing gate → `CONDITION: no objective gate`.
-Missing hard stop → `CONDITION: no hard stop`.
-No human-approval boundary → `CONDITION: no human-approval boundary on merge/deploy/deps`.
-
-## Step 4 — Emit Verdict
-
-Output **exactly** these two lines and nothing else as the decision:
-
-```
-VERDICT: GO
-CONDITION: verification automated + budget absorbs waste
-```
-
-or
-
-```
-VERDICT: NO-GO
-CONDITION: <cited condition from Step 1, 2, or 3>
-```
-
-- `VERDICT` is `GO` or `NO-GO` — no other values.
-- `CONDITION` cites the specific condition that produced the verdict. For GO, cite both passing conditions. For NO-GO, cite the first failing condition (Step 1 overrides Step 2 overrides Step 3).
-- Do not add rationale, recommendations, or next steps after the verdict lines. The verdict is the contract.
-
-## Worked Examples
-
-- **"triage failing CI nightly"** with `npm test` gate, no-op early-exit <5k tokens → `VERDICT: GO` / `CONDITION: verification automated + budget absorbs waste`
-- **"rewrite auth module"** → `VERDICT: NO-GO` / `CONDITION: auth refused`
-- **"migrate from REST to GraphQL"** → `VERDICT: NO-GO` / `CONDITION: architecture refused`
-- **"keep docs in sync with code weekly"** with no gate command → `VERDICT: NO-GO` / `CONDITION: verification not automated (no exit-code gate)`
-
-## Related
-
-| Companion | Role |
-|---|---|
-| `loop-engineering` skill | The 2-condition test, refuse-list, and 5 building blocks this gate codifies |
-| `/loop-init` | Scaffold `.pi/loops/<name>/` once a task is GO |
-| `/loop-review` | Maker/checker verification — the gate *during* a run |
-| `loop-audit` | Readiness scoring (L0-L3) for an already-GO loop |

package/dist/template/.pi/prompts/loop-init.md

@@ -1,157 +0,0 @@
----
-description: Scaffold a new unattended loop at .pi/loops/<name>/ with VISION, STATE, and a per-loop SKILL stub
-argument-hint: "<name> [--help]"
----
-
-# Loop Init: $ARGUMENTS
-
-Scaffold a new loop-engineering harness at `.pi/loops/<name>/` from the templates shipped in `.pi/templates/`. Run once per loop. The scaffold is the contract + ledger + procedure the orchestrator (T9/T10) drives unattended.
-
-> **Prerequisite:** `/loop-check <task>` returned GO. If not, refuse and tell the user to qualify the task first.
-
-## Parse Arguments
-
-| Argument | Default   | Description                                  |
-| -------- | --------- | -------------------------------------------- |
-| `<name>` | required  | Loop slug; used as directory name `loop/<name>/<ts>` branch prefix |
-| `--help` | false     | Show this usage                              |
-
-**Validation:** `<name>` must be a filesystem-safe slug (`^[a-z0-9][a-z0-9-]*$`, lowercase). Reject names containing `/`, spaces, or upper-case. Trim surrounding whitespace before use.
-
-## When to Use
-
-- You want to start a new unattended loop (nightly CI triage, dependency bumps, doc sync, PR babysitting).
-- `/loop-check <task>` already returned GO (verification automated + token budget absorbs waste + human approves merge/deploy/deps).
-- You need the contract (VISION.md), dedup ledger (STATE.json + STATE.md), and per-loop procedure (SKILL.md) that the orchestrator will drive.
-
-Do NOT use for:
-- One-off tasks (use `/create` or `/fix`).
-- Tasks `/loop-check` refused (auth, payments, architecture) — refuse here too.
-
-## The Scaffold Steps
-
-### 1. Create the loop directory
-
-Create `.pi/loops/<name>/` (parent `.pi/loops/` may not exist yet — create it).
-
-### 2. Copy the four artifacts
-
-Copy map (exact source → destination):
-
-| Source (template)                         | Destination                          | Purpose                                   |
-| ----------------------------------------- | ------------------------------------ | ----------------------------------------- |
-| `.pi/templates/loop-vision.md`            | `.pi/loops/<name>/VISION.md`         | Anti goal-drift contract (FR2)            |
-| `.pi/templates/loop-state.md`             | `.pi/loops/<name>/STATE.md`           | Human-readable state mirror (FR3)        |
-| `.pi/templates/loop-state.json`           | `.pi/loops/<name>/STATE.json`         | Machine dedup ledger (FR3, authoritative) |
-| (new stub)                                | `.pi/loops/<name>/SKILL.md`           | Per-loop procedure (classification + fix patterns) |
-
-Copy the three templates byte-for-byte first (placeholders intact), then fill placeholders in the copied files. The `SKILL.md` stub is not a template — write a minimal seed:
-
-```markdown
----
-name: <name>
-description: Per-loop procedure for <name> — classify, fix, escalate
----
-
-# Loop Procedure: <name>
-
-Reread `VISION.md` at the start of every run. Do not act outside it.
-
-## Procedure
-
-1. Reread `VISION.md` (boundaries authoritative).
-2. Read `STATE.json` — build the dedup set from `processed[]`.
-3. Fetch candidate items (per the loop's source: CI runs, PRs, packages, commits).
-4. For each item: skip if in `processed[]`; else classify → fix / escalate / reject.
-5. Run the Gate command (the ```bash block directly under `## Gate` in VISION.md); ship only on exit 0.
-6. Append to `STATE.json.processed[]`, `completed[]`, `escalated[]`, or `failures[]`.
-7. Enforce hard stops (see VISION.md "Hard stops").
-
-## Classification rubric
-
-<!-- Fill by hand after supervising the first manual runs. -->
-
-## Fix patterns
-
-<!-- Fill by hand as repeatable fixes are discovered. -->
-```
-
-### 3. Fill `<name>` placeholders
-
-In the copied `VISION.md`, `STATE.md`, and `STATE.json`, replace every placeholder occurrence with the actual loop name:
-
-- `<loop-name>` → `<name>`
-- Leave human-fill placeholders (`[Owner]`, `[Date]`, `[cron expression or "manual"]`, `[Allowed action 1]`, `<GATE_COMMAND>`, etc.) as bracketed prompts for the user to edit by hand — do NOT invent values.
-
-Tell the user explicitly which placeholders still need their input.
-
-### 4. Print the rollout order
-
-After scaffolding, print this rollout order so the user knows the path from scaffold to unattended run:
-
-```
-Rollout order:
-  1. check      — /loop-check <task> (already GO; re-run if scope changes)
-  2. init       — /loop-init <name>   (this step — scaffold created)
-  3. supervise  — run the loop's SKILL.md manually in a session; refine classification/fix patterns
-  4. wire       — copy loop-orchestrator.ts/.sh + loop-github-action.yml; set cadence + gate + scope
-  5. run        — schedule cron/launchd (local) or GitHub Actions `on: schedule` (CI); loop runs unattended
-  6. review     — /loop-review <name> for interactive maker/checker verify
-  7. audit/cost — loop-audit scores readiness (L0-L3); track cost-per-accepted-change; kill if acceptance < 50%
-```
-
-## Idempotency Guard
-
-Before writing anything:
-
-1. Check whether `.pi/loops/<name>/` already exists.
-2. **If it exists:** STOP. Do not overwrite. Ask the user:
-   > `.pi/loops/<name>/` already exists. Overwrite all files (VISION.md, STATE.md, STATE.json, SKILL.md)? This destroys any hand-edited contract/state. (y/N)
-3. **Refuse overwrite without explicit confirmation.** On `N` or no answer, abort and report the existing tree without modifying it.
-4. **If it does not exist:** proceed with the scaffold.
-
-This guard protects hand-edited VISION.md contracts and STATE.json dedup ledgers from being clobbered by a re-run.
-
-## Output
-
-Print:
-
-1. **Created tree** (e.g.):
-   ```
-   .pi/loops/<name>/
-   ├── VISION.md   (contract — fill [Owner], [Date], cadence, Scope, Gate)
-   ├── STATE.md    (human-readable state mirror)
-   ├── STATE.json  (machine dedup ledger — authoritative)
-   └── SKILL.md    (per-loop procedure — fill classification + fix patterns by hand)
-   ```
-2. **Rollout order** (the 7-step block above).
-3. **Placeholders still needing input** (list each `[...]` / `<GATE_COMMAND>` the user must fill by hand, with file:line where useful).
-4. **Next step:** `supervise` — run the loop's `SKILL.md` manually in a session and refine classification/fix patterns before wiring the orchestrator.
-
-## Failure Handling
-
-| Scenario                              | Action                                                        |
-| ------------------------------------- | ------------------------------------------------------------ |
-| `<name>` missing or invalid slug      | Abort with the validation regex and an example               |
-| `.pi/loops/<name>/` exists, no confirm| Abort, print existing tree, do not modify                     |
-| Template missing from `.pi/templates/`| Abort, list which template is missing (T2 must be shipped first) |
-| `<name>` would collide with a reserved path | Abort, suggest an alternate slug                        |
-
-## Stop Conditions
-
-- `<name>` invalid → stop, report the regex.
-- Directory exists and user declines overwrite → stop, report existing tree.
-- Any of the three templates missing → stop, report (T2 prerequisite unmet).
-
-## Related Commands
-
-| Need                     | Command           |
-| ------------------------ | ----------------- |
-| Qualify a task first     | `/loop-check`     |
-| Review a running loop    | `/loop-review`    |
-| Audit loop readiness     | `loop-audit`      |
-
-## Related Skills
-
-- `loop-engineering` — 2-condition test, 5 building blocks, VISION/state contract, failure modes
-- `planning-and-task-breakdown` — decompose the loop's procedure into verifiable steps

package/dist/template/.pi/prompts/loop-review.md

@@ -1,90 +0,0 @@
----
-description: Maker/checker review for a loop — spawns a verifier subagent that runs the gate and inspects the diff, then emits ACCEPT/REJECT with evidence
-argument-hint: "<loop-name> [--help]"
----
-
-# Loop Review: $ARGUMENTS
-
-Run the maker/checker gate for `<loop-name>`: dispatch an independent **verifier subagent** that runs the `## Gate` command from the loop's `VISION.md` via bash and reads the exit code, inspect the working-tree diff for scope creep and forbidden touches, then emit exactly `DECISION: ACCEPT|REJECT` plus `EVIDENCE:`. The maker never self-approves — default to **REJECT** on any uncertainty.
-
-## When to Use
-
-- After a loop's maker (the `pi -p` capability-deprived agent) reports its work done and before the orchestrator ships.
-- Interactive `/loop-review <loop-name>` to manually gate a loop cycle.
-- Whenever you need an independent, computational gate decision — never trust the maker's self-report.
-- Do **not** use for the orchestrator's own gate run (FR7); this prompt is the interactive maker/checker wrapper around the same gate-parse contract.
-
-## The Verifier Subagent
-
-Dispatch a **verifier** as an independent subagent so the maker cannot influence or self-approve the decision. The verifier's sole job: run the gate, read the exit code, collect diff findings, return raw evidence.
-
-### Dispatch
-
-Use the `subagent` tool with **type `review`**. Pass a prompt that instructs the verifier to:
-
-1. Read `.pi/loops/<loop-name>/VISION.md` (or wherever the loop's VISION lives for this run) from disk — do not trust context-supplied copies.
-2. Extract the gate command using the **exact gate-parse contract** below.
-3. Run the gate via bash and capture the **exit code** (the computational signal — never an opinion).
-4. Inspect the working-tree/staged diff for scope creep and forbidden paths (see The Diff Check).
-5. Return raw evidence only: exit code, gate command run, diff findings (paths touched, any forbidden hits). **No verdict** — the maker (this agent) issues the verdict.
-
-### Gate-parse contract (must match T2 exactly)
-
-Extract the gate command from `VISION.md` as: **the SINGLE fenced ```bash block located directly under the `## Gate` heading** — require **EXACTLY ONE** such block directly under `## Gate` (zero or more-than-one → REJECT / hard fail). Take that single block's content, strip trailing whitespace, run it via `bash -c "<command>"`, and read the exit code.
-
-- `exit 0`   → PASS → ship (orchestrator pushes `loop/<name>/<ts>` + opens PR)
-- non-zero   → FAIL → no ship; record failure in `STATE.json.failures[]`; cleanup worktree
-
-The gate decision is **computational (exit code), never an LLM's opinion**. If `## Gate` is missing, the fenced block is empty, or the block count under `## Gate` is not exactly one (zero or more-than-one), treat that as a hard fail: emit `DECISION: REJECT` with `EVIDENCE: gate not parseable` and do not run anything.
-
-### Evidence to collect from the verifier
-
-- The exact gate command extracted (verbatim, after whitespace strip).
-- The bash exit code (integer).
-- stdout/stderr tail (last ~20 lines) — enough to cite a concrete failure.
-- List of paths touched in the diff (added/modified/deleted).
-- Any forbidden-path hits (see The Diff Check).
-
-## The Diff Check
-
-Independently of the verifier (or have the verifier report and you confirm), inspect the diff against the loop's declared boundaries.
-
-### Scope creep
-
-Compare every path in the diff to `## Scope` and `## Out-of-scope` in `VISION.md`. Any touched path that is not clearly inside `## Scope` is scope creep → REJECT. When a path is ambiguous (not explicitly listed in either section), treat it as out-of-scope and escalate, do not approve.
-
-### Forbidden touches (always REJECT)
-
-Regardless of scope wording, REJECT immediately if the diff touches any of:
-
-- `VISION.md` (the loop contract itself — protected path).
-- The gate command / gate script referenced by `## Gate`.
-- `package.json`, `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock`, or any lockfile.
-- Any path under `## Out-of-scope` in `VISION.md`.
-- Auth, payments, or architectural-decision files (per `## Human-approval-required`).
-
-Cite the offending path verbatim in `EVIDENCE:`.
-
-## Output Contract
-
-Emit exactly two lines (no prose around them, no extra fields):
-
-```
-DECISION: ACCEPT|REJECT
-EVIDENCE: <exit code + diff findings>
-```
-
-- `DECISION: ACCEPT` only when the verifier reports **exit code 0** AND the diff has zero scope-creep and zero forbidden-touch findings.
-- `DECISION: REJECT` otherwise. `EVIDENCE:` must cite the concrete signal — e.g. `gate exit 1: npm test failed (see stderr tail)` or `forbidden touch: package.json` or `scope creep: src/auth/* not in VISION.md Scope`.
-- The orchestrator consumes these two lines machine-readably; do not decorate them with markdown, prefixes, or commentary.
-
-## Default-Reject Rule
-
-**The maker never self-approves.** The verdict is issued here (the maker/checker prompt), but the *evidence* comes from the independent verifier subagent — never from the maker's own self-report. On any uncertainty — gate not parseable, exit code unreadable, diff not inspectable, scope ambiguous, verifier subagent failed to return — emit:
-
-```
-DECISION: REJECT
-EVIDENCE: <what was uncertain — e.g. "verifier did not return exit code" / "scope ambiguous for src/foo.ts">
-```
-
-Default-reject is the safe state; the orchestrator records it and retries or escalates. Never substitute opinion for the computational exit-code signal.