@neikyun/ciel 6.11.2 → 6.13.0

package/assets/skills/utility/issue-closer/SKILL.md

@@ -0,0 +1,106 @@
+---
+name: issue-closer
+description: Closes GitHub issues with a structured evidence comment — what was fixed, concrete observed staging evidence (logs/curl/DOM — NOT code diffs), and PR/SHA reference. Enforces closure gate from prouver-verifier. Never closes without evidence.
+allowed-tools: Bash
+---
+
+# issue-closer — Structured issue closure
+
+## What this covers
+Implements the PROUVER closure gate: before any issue is marked closed, an evidence comment must be posted. Closing without evidence is lying to future-you.
+
+## Core principle
+**No evidence, no closure.** A code diff proves you wrote code. Staging evidence proves it works. Only the latter closes an issue.
+
+## Inputs
+
+- Issue number(s)
+- Fix description (1 line)
+- Concrete evidence: staging log excerpt, curl output, DOM snapshot, or screenshot — NOT code diff
+- PR number or commit SHA that contains the fix
+
+## Process
+
+### 1. Check current state
+
+```bash
+gh issue view <N> --json state,comments
+```
+
+If already closed AND evidence comment exists → no action needed.
+If already closed AND no evidence comment → post evidence comment (closure without evidence = not closed).
+If open → post evidence comment + close.
+
+### 2. Post evidence comment
+
+```markdown
+Fixed: <1-line description>
+
+**Evidence** (from staging):
+<concrete log excerpt / curl output / DOM snapshot / screenshot>
+
+PR: #<N>
+Commit: <SHA>
+```
+
+Use `gh issue comment <N> --body "$(cat <<'EOF' ... EOF)"` for formatting.
+
+### 3. Close if still open
+
+```bash
+gh issue close <N> --reason completed
+```
+
+### 4. Confirm
+
+```bash
+gh issue view <N> --json state,comments
+```
+
+State: `closed`. Last comment: evidence format. → DONE.
+
+## Common patterns
+
+### Good closure comment
+
+```markdown
+Fixed: prevent N+1 query in user dashboard endpoint
+
+**Evidence** (from staging):
+$ curl -s https://staging.example.com/api/dashboard | jq '.query_count'
+12
+(was 103 before fix — confirmed via pg_stat_statements)
+
+PR: #568
+Commit: a1b2c3d
+```
+
+### Bad closure comment
+
+```markdown
+Fixed in PR #568.
+```
+
+Problems: no evidence, no staging verification, just a code reference.
+
+## Anti-patterns
+
+- **Closing with code diff as evidence** — code diff proves you wrote code, not that it works
+- **Closing without staging evidence** — always verify on staging first
+- **Copy-paste evidence across issues** — if one PR closes 3 issues, each gets specific evidence
+- **Auto-close via merge commit** — the auto-close doesn't add evidence. Close explicitly via this skill.
+- **"It should work now"** — this is hope, not evidence
+
+## How to verify
+
+- [ ] Evidence comment posted before closure?
+- [ ] Evidence is from staging (not local)?
+- [ ] Evidence is concrete (log/curl/DOM, not "fixed in PR")?
+- [ ] Issue state is `closed` with reason `completed`?
+- [ ] Last comment matches evidence format (Fixed + Evidence + PR + Commit)?
+
+## When triggered
+
+- After `prouver-verifier` PROUVER step completes
+- After PR merge when auto-close didn't add evidence
+- User request: "close issue #N"

package/assets/skills/utility/issue-creator/SKILL.md

@@ -0,0 +1,200 @@
+---
+name: issue-creator
+description: Creates a GitHub issue from an RCA verdict, bug report, or feature request. Fills structured body (Problem / Root cause / Proposed fix / Acceptance criteria / Linked evidence). Uses `gh issue create`. Returns the issue number so downstream skills (branch-setup, commit-writer, pr-opener) can link to it. Mandatory on Critical tasks for audit trail, default-on for Standard tasks fixing a bug, skippable on Trivial. Inline — deterministic `gh` command.
+allowed-tools: Bash, Read
+context: inline
+---
+
+# issue-creator — Every fix starts with an issue
+
+"Audit trail first" is a 2026 compliance baseline (SOC 2, ISO 27001). Every production-affecting change needs a traceable reason. Ciel enforces this by creating the issue BEFORE opening a branch.
+
+---
+
+## Inputs
+
+```
+TITLE: [1-line summary — imperative verb, ≤ 70 chars]
+BODY_SOURCE: [rca-verdict | bug-report | feature-request]
+RCA_VERDICT: [output from debug-reasoning-rca, if BODY_SOURCE=rca-verdict]
+LABELS: [comma-separated, e.g., "bug,production,critical"]
+ASSIGNEES: [optional, e.g., "@me"]
+```
+
+### Auto-inference sources
+
+- **TITLE** → from RCA VERDICT symptom (1 sentence) or user prompt's core ask
+- **LABELS** → infer from Ciel depth: Critical → `bug,critical`, Standard + bug intent → `bug`, feature intent → `enhancement`
+- **ASSIGNEES** → `@me` by default (the user running Ciel)
+
+---
+
+## Preflight
+
+```bash
+# Verify gh CLI installed + authenticated
+command -v gh || { echo "gh CLI not installed — abort"; exit 1; }
+gh auth status 2>&1 | grep -q "Logged in" || { echo "gh not authenticated — run: gh auth login"; exit 1; }
+```
+
+If preflight fails, BLOCK the skill, instruct the user to install/authenticate.
+
+---
+
+## Process
+
+### 1. Check for duplicates
+
+```bash
+# Search open issues with similar title
+gh issue list --state=open --search "<title keywords>" --limit 5
+```
+
+If a matching open issue exists (≥70% keyword overlap), RETURN that issue number instead of creating a duplicate. Report: `[DUPE] Reusing existing issue #<N>`.
+
+### 2. Build the body
+
+Use this template (adapt per BODY_SOURCE):
+
+**For rca-verdict (bug):**
+```markdown
+## Problem
+
+<Symptom in 1 sentence>
+
+## Repro
+
+```
+<exact command or "flaky — ~1/N runs">
+```
+
+## Root cause
+
+<From RCA Phase 4 Semantic diff>
+
+EXPECTED: <...>
+ACTUAL:   <...>
+GAP:      <...>
+ROOT:     <...>
+
+Supported hypothesis: H<n> [FAULT-TYPE]: <cause>
+
+## Proposed fix
+
+- Direct: <from RCA Phase 5 Direct fix>
+- Systemic (Critical only): <test/alert/process gap to close>
+
+## Acceptance criteria
+
+- [ ] <testable condition 1>
+- [ ] <testable condition 2>
+- [ ] Existing tests still pass
+- [ ] New regression test added (if systemic fix applies)
+
+## Evidence
+
+- Production logs: <log snippet or path>
+- Git blame: <commit that introduced the issue, if identified>
+- RCA full output: <paste or link>
+
+🤖 Filed by Ciel (debug-reasoning-rca + issue-creator)
+```
+
+**For feature-request:**
+```markdown
+## Goal
+
+<1-sentence goal>
+
+## Motivation
+
+<Why this is needed now — user story, metric, constraint>
+
+## Proposed approach
+
+<High-level approach from evaluer-sizer if available>
+
+## Acceptance criteria
+
+- [ ] <testable>
+- [ ] <testable>
+- [ ] Documentation updated
+- [ ] Relevant tests added
+
+## Out of scope
+
+- <NOT-X from quoi-framer>
+
+🤖 Filed by Ciel
+```
+
+### 3. Create the issue
+
+```bash
+gh issue create \
+  --title "<title>" \
+  --body-file /tmp/ciel-issue-body-$$ \
+  --label "<labels>" \
+  --assignee "<assignees>"
+```
+
+Capture the returned URL, extract the issue number.
+
+### 4. Emit output for downstream skills
+
+```
+[ISSUE CREATED]
+Number: #<N>
+URL: https://github.com/<org>/<repo>/issues/<N>
+Title: <title>
+Labels: <labels>
+```
+
+Pass `#<N>` to `branch-setup` and future `commit-writer` / `pr-opener` calls.
+
+---
+
+## Guardrails
+
+- **Never create without gh auth** — preflight must pass.
+- **Respect existing issues** — dupe check is mandatory; don't pollute the tracker.
+- **Don't create on forks** — check `gh repo view --json nameWithOwner` matches upstream. Otherwise ask user to confirm.
+- **Critical label enforcement** — if Ciel depth is Critical, the issue MUST have the `critical` label (compliance audit).
+- **Body under 65 KB** — GitHub's hard limit; truncate + link to gist if RCA evidence exceeds.
+- **One issue per root cause** — don't bundle unrelated symptoms. If RCA found 2 distinct root causes, create 2 issues.
+
+---
+
+## When triggered
+
+- After `debug-reasoning-rca` returns a verdict with `confidence: HIGH` or `MEDIUM`
+- Start of a FEATURE intent task (non-trivial)
+- Explicit user ask: "file an issue for this"
+- Before `branch-setup` (issue number is an input)
+
+---
+
+## How to verify
+
+- [ ] `gh auth status` passes?
+- [ ] Duplicate check performed? (`gh issue list --search` ran)
+- [ ] Issue created on GitHub? (`gh issue view <N>` succeeds)
+- [ ] Body has Problem/Root cause/Acceptance criteria sections?
+- [ ] Labels applied (type + severity for bugs)?
+- [ ] Issue number returned for downstream skills?
+- [ ] Critical tasks have `critical` label?
+
+## Anti-pattern
+
+```
+❌ RCA completes → jump straight to writing code → commit → PR → no paper trail
+✅ RCA completes → issue-creator → branch-setup → work → pr-opener → issue-closer
+```
+
+---
+
+## References
+
+- GitHub CLI — cli.github.com/manual/gh_issue_create
+- Ciel pipeline: issue-creator → branch-setup → (FAIRE work) → pr-opener → issue-closer
+- SOC 2 audit trail requirement for production changes

package/assets/skills/utility/pr-merger/SKILL.md

@@ -0,0 +1,189 @@
+---
+name: pr-merger
+description: Merges a GitHub PR safely — reads branch protection (reviews, checks, CODEOWNERS), flips draft→ready on green CI, picks squash/rebase/merge from repo config, uses `--auto`. Gated by prouver-verifier VERDICT=DONE. Hands off to issue-closer + branch-cleaner. Invoke on "merge PR" / "auto-merge" / "land this PR". Inline.
+allowed-tools: Bash, Read
+context: inline
+---
+
+# pr-merger — Close the loop with branch-protection awareness
+
+Opening a PR is only half the workflow. `pr-merger` owns the other half: flip draft → ready, wait for green CI + approvals, respect branch protection, pick the right merge strategy, then hand off to post-merge cleanup.
+
+---
+
+## Inputs
+
+```
+PR_NUMBER: [from current branch via `gh pr view --json number` or explicit]
+MERGE_STRATEGY: [squash | rebase | merge — default: read from repo settings]
+AUTO: [true | false — default true; uses --auto to queue behind protection gates]
+DELETE_BRANCH: [true | false — default true; deletes source branch after merge]
+PROUVER_VERDICT: [DONE | PENDING — must be DONE to proceed]
+```
+
+### Auto-inference sources
+
+- **PR_NUMBER** → `gh pr view --json number --jq .number` from current branch
+- **MERGE_STRATEGY** → `gh api repos/{owner}/{repo} --jq '.allow_squash_merge, .allow_rebase_merge, .allow_merge_commit'` — prefer squash > rebase > merge if multiple allowed. Match repo convention from last 10 merged PRs.
+- **PROUVER_VERDICT** → output of `prouver-verifier` in same session
+
+---
+
+## Preflight
+
+```bash
+gh auth status 2>&1 | grep -q "Logged in" || { echo "gh not authenticated"; exit 1; }
+
+# PR must exist and be open
+PR_NUMBER=${PR_NUMBER:-$(gh pr view --json number --jq .number 2>/dev/null)}
+[ -z "$PR_NUMBER" ] && { echo "No PR found for current branch"; exit 1; }
+
+STATE=$(gh pr view "$PR_NUMBER" --json state --jq .state)
+[ "$STATE" = "OPEN" ] || { echo "PR #$PR_NUMBER is $STATE — cannot merge"; exit 1; }
+
+# prouver-verifier gate
+[ "$PROUVER_VERDICT" = "DONE" ] || { echo "prouver-verifier verdict is $PROUVER_VERDICT — run it first"; exit 1; }
+```
+
+---
+
+## Process
+
+### 1. Read branch protection rules
+
+```bash
+OWNER_REPO=$(gh repo view --json nameWithOwner --jq .nameWithOwner)
+BASE=$(gh pr view "$PR_NUMBER" --json baseRefName --jq .baseRefName)
+
+# Protection settings (may return 404 if unprotected — treat as unprotected)
+PROTECTION=$(gh api "repos/$OWNER_REPO/branches/$BASE/protection" 2>/dev/null || echo "{}")
+
+REQUIRED_REVIEWS=$(echo "$PROTECTION" | jq -r '.required_pull_request_reviews.required_approving_review_count // 0')
+REQUIRED_CHECKS=$(echo "$PROTECTION" | jq -r '.required_status_checks.contexts // [] | join(",")')
+REQUIRES_CODEOWNERS=$(echo "$PROTECTION" | jq -r '.required_pull_request_reviews.require_code_owner_reviews // false')
+```
+
+### 2. Verify approvals + checks
+
+```bash
+# Approvals
+APPROVED=$(gh pr view "$PR_NUMBER" --json reviewDecision --jq .reviewDecision)
+if [ "$REQUIRED_REVIEWS" -gt 0 ] && [ "$APPROVED" != "APPROVED" ]; then
+  echo "PR needs approval (reviewDecision=$APPROVED, required=$REQUIRED_REVIEWS)"
+  echo "Action: request review via gh pr edit --add-reviewer @user OR wait"
+  exit 1
+fi
+
+# Required status checks
+CHECKS=$(gh pr view "$PR_NUMBER" --json statusCheckRollup --jq '.statusCheckRollup[] | select(.conclusion != "SUCCESS" and .conclusion != "NEUTRAL" and .conclusion != "SKIPPED") | .name')
+if [ -n "$CHECKS" ]; then
+  echo "Failing/pending checks:"
+  echo "$CHECKS"
+  echo "Hand off to ci-watcher for retry/flaky detection"
+  exit 1
+fi
+```
+
+### 3. Flip draft → ready (if still draft + CI green)
+
+```bash
+IS_DRAFT=$(gh pr view "$PR_NUMBER" --json isDraft --jq .isDraft)
+if [ "$IS_DRAFT" = "true" ]; then
+  echo "Flipping draft → ready (CI is green)"
+  gh pr ready "$PR_NUMBER"
+fi
+```
+
+### 4. Pick merge strategy
+
+```bash
+case "$MERGE_STRATEGY" in
+  squash)  FLAG="--squash" ;;
+  rebase)  FLAG="--rebase" ;;
+  merge)   FLAG="--merge" ;;
+  *)       echo "Unknown strategy: $MERGE_STRATEGY"; exit 1 ;;
+esac
+
+# delete-branch flag
+DELETE_FLAG=""
+[ "$DELETE_BRANCH" = "true" ] && DELETE_FLAG="--delete-branch"
+
+# auto flag
+AUTO_FLAG=""
+[ "$AUTO" = "true" ] && AUTO_FLAG="--auto"
+```
+
+### 5. Merge
+
+```bash
+gh pr merge "$PR_NUMBER" $FLAG $AUTO_FLAG $DELETE_FLAG
+MERGE_STATUS=$?
+```
+
+If `--auto` is set, GitHub queues the merge. If not, the merge completes synchronously.
+
+### 6. Emit output + hand off
+
+```
+[PR MERGED] (or [PR QUEUED] if --auto pending on checks)
+Number: #<P>
+Strategy: <squash|rebase|merge>
+Branch deleted: <yes|no>
+
+Handoff:
+- issue-closer (if PR closes an issue — from `Closes #N` in body)
+- branch-cleaner (local cleanup of merged branch)
+```
+
+Post-merge, the caller should invoke `issue-closer` and `branch-cleaner` in sequence.
+
+---
+
+## Guardrails
+
+- **prouver-verifier gate is non-negotiable** — never merge without DONE verdict. Skipping skips evidence capture.
+- **Never merge a draft** — flip to ready first, explicitly.
+- **Never bypass branch protection** — if protection fails, surface the reason and stop. Don't suggest disabling protection.
+- **Match repo strategy** — a repo that only allows squash should never receive `--merge`. Read settings, don't assume.
+- **Never `--admin`** — admin merge bypasses protection. Refuse unless user explicitly requests AND explains why.
+- **Auto-merge requires protection** — `--auto` only works if branch protection is configured. Fall back to synchronous merge if not.
+- **Respect `[WIP]` / `[DO NOT MERGE]` in title** — block merge, surface the marker.
+
+---
+
+## When triggered
+
+- End of Standard pipeline after `pr-opener` + `prouver-verifier` + `ci-watcher` all return green
+- User says: "merge this PR", "enable auto-merge", "land this"
+- Skipped on Trivial tasks (direct push to main)
+
+---
+
+## Anti-pattern
+
+```
+❌ gh pr merge 42 --admin --merge    # bypasses protection AND wrong strategy
+✅ pr-merger reads protection, picks squash (repo convention), --auto queues behind CI
+```
+
+```
+❌ Merge PR while draft                 # reviewers haven't been asked yet
+✅ gh pr ready first, then gh pr merge
+```
+
+---
+
+## Handoff to downstream skills
+
+- `issue-closer` — reads `Closes #N` from PR body, posts evidence comment, closes issue
+- `branch-cleaner` — deletes merged branch locally + prunes remote refs
+- `changelog-updater` — if PR has `release-note` label or is on a version-bump branch
+
+---
+
+## References
+
+- GitHub CLI — cli.github.com/manual/gh_pr_merge
+- Branch protection API — docs.github.com/en/rest/branches/branch-protection
+- Merge queue — docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue
+- Ciel pipeline: pr-opener → ci-watcher → pr-merger → issue-closer → branch-cleaner

package/assets/skills/utility/pr-opener/SKILL.md

@@ -0,0 +1,180 @@
+---
+name: pr-opener
+description: Opens a GitHub pull request for the current branch using `gh pr create`. Composes the body with Summary + Test plan + Closes #N, auto-links the tracked issue (Closes #N), attaches Ciel verification evidence (tests passing, CI green, RELIRE verdict). Runs after FAIRE completion, before the user asks. The final step of the automated workflow before issue-closer. Inline — deterministic `gh` command.
+allowed-tools: Bash, Read
+context: inline
+---
+
+# pr-opener — Close the loop, link the issue
+
+A PR without an issue link is a commit without a reason. Ciel's `pr-opener` guarantees every PR auto-closes its source issue on merge.
+
+---
+
+## Inputs
+
+```
+ISSUE_NUMBER: [from .git/ciel-work-context written by branch-setup]
+BRANCH: [current branch — from git rev-parse]
+TITLE: [1-line summary — imperative, ≤ 70 chars]
+BASE_BRANCH: [main usually, from .git/ciel-work-context]
+DRAFT: [true|false — default false, true if CI not yet green]
+```
+
+### Auto-inference sources
+
+- **ISSUE_NUMBER, BRANCH, BASE_BRANCH** → read `.git/ciel-work-context`
+- **TITLE** → derive from the latest commit message on the branch (`git log -1 --format=%s`), strip conventional-commit prefix if present
+- **DRAFT** → true if `gh run list --branch=$BRANCH --limit=1 --json status --jq '.[0].status'` returns in_progress OR any test is failing
+
+---
+
+## Preflight
+
+```bash
+# 1. gh auth
+gh auth status 2>&1 | grep -q "Logged in" || { echo "gh not authenticated"; exit 1; }
+
+# 2. Branch pushed to origin
+CURRENT=$(git rev-parse --abbrev-ref HEAD)
+git ls-remote --exit-code origin "$CURRENT" > /dev/null 2>&1 || {
+  echo "Branch not pushed — pushing now"
+  git push -u origin "$CURRENT"
+}
+
+# 3. Work context exists
+[ -f .git/ciel-work-context ] || { echo "No .git/ciel-work-context — did branch-setup run?"; exit 1; }
+
+# 4. Not already a PR open for this branch
+gh pr list --head "$CURRENT" --state=open --json number --jq '.[0].number' | grep -q . && {
+  PR_NUM=$(gh pr list --head "$CURRENT" --state=open --json number --jq '.[0].number')
+  echo "PR already exists: #$PR_NUM — updating body instead"
+  UPDATE_MODE=true
+}
+```
+
+---
+
+## Process
+
+### 1. Compose the PR body
+
+Extract linked issue from branch name (`<type>/<N>-...` → issue #N) or `.git/ciel-work-context`.
+
+Summarize changes from commits + diff stat: top 3 changes by impact (by lines changed or commit subject classification). Avoid exhaustive file list.
+
+Assemble with:
+
+```
+ISSUE_NUMBER: <N>
+BRANCH: <branch>
+COMMITS: git log origin/$BASE_BRANCH..HEAD --oneline
+CHANGED_FILES: git diff --stat origin/$BASE_BRANCH...HEAD
+RELIRE_VERDICT: [from critic agent if invoked]
+CI_STATUS: gh run list --branch=<branch> --limit=1 --json conclusion
+EVIDENCE: [prouver-verifier output if applicable]
+```
+
+Expected body structure (generated):
+
+```markdown
+## Summary
+
+<1-3 bullets — what changed and why>
+
+## Closes
+
+Closes #<N>
+
+## Changes
+
+<git diff --stat output>
+
+## Test plan
+
+- [x] Unit tests pass (<N> added/modified)
+- [x] Integration tests pass
+- [x] Manual verification: <staging evidence from prouver-verifier>
+- [x] No regression on existing suites
+
+## Evidence
+
+- Staging logs: <snippet>
+- CI run: <URL to gh run>
+- RELIRE verdict: <BLOCKING: none | IMPORTANT: N | MINOR: N>
+
+🤖 Opened by Ciel (pr-opener)
+```
+
+### 2. Create or update the PR
+
+```bash
+if [ -z "$UPDATE_MODE" ]; then
+  gh pr create \
+    --base "$BASE_BRANCH" \
+    --head "$CURRENT" \
+    --title "<title>" \
+    --body-file /tmp/ciel-pr-body-$$ \
+    $([ "$DRAFT" = "true" ] && echo "--draft")
+else
+  gh pr edit "$PR_NUM" --body-file /tmp/ciel-pr-body-$$
+fi
+```
+
+### 3. Emit output
+
+```
+[PR OPENED]
+Number: #<P>
+URL: https://github.com/<org>/<repo>/pull/<P>
+Closes: #<N>
+Draft: <true|false>
+CI: <pending|running|passed|failed>
+```
+
+---
+
+## Guardrails
+
+- **Closes #N is mandatory** — if the work came from an issue, the PR MUST close it on merge. This is what makes the workflow a closed loop.
+- **Draft if CI red** — don't request review on a broken PR. Flip to ready only after CI green.
+- **Body ≤ 65 KB** — GitHub limit; truncate evidence + link to gist if needed.
+- **Push before PR** — branch must be on origin. Auto-push if not.
+- **Respect existing PR** — if one is already open for this branch, UPDATE it, don't create a duplicate.
+- **Never auto-merge** — opening the PR is the end of Ciel's automated work. Merge decision is the user's.
+- **`prouver-verifier` MUST have run green before the merge command** (mirror of `skills/ciel/SKILL.md`) — applies to every merge path: `gh pr merge [--auto|--squash|--merge|--rebase]`, `git push` direct-to-default, GitHub UI "Merge" button. If pr-opener is asked to auto-merge (e.g., user passes a `--merge-when-green` intent), refuse unless `.git/ciel-prouver-verdict` exists with `verdict=PASS`.
+- **Never `--no-verify`** — pre-push hooks run; if they fail, investigate, don't skip.
+
+---
+
+## When triggered
+
+- End of FAIRE step when a branch was created by `branch-setup`
+- `prouver-verifier` PROUVER step completes successfully
+- User says "open a PR" after finishing work
+- Skip if Trivial task (direct push to main was the intent)
+
+---
+
+## How to verify
+
+- [ ] `gh auth status` passes?
+- [ ] Branch pushed to origin?
+- [ ] `.git/ciel-work-context` exists?
+- [ ] PR created/updated on GitHub? (`gh pr view` succeeds)
+- [ ] `Closes #N` present in body?
+- [ ] Body has Summary + Test plan + Evidence sections?
+- [ ] Draft status correct? (draft if CI red, ready if green)
+- [ ] No duplicate PR? (checked for existing open PR first)
+
+## Handoff to issue-closer
+
+`pr-opener` DOES NOT close the issue — `issue-closer` does that POST-merge with evidence. The PR body's `Closes #N` is a GitHub-level auto-close hook; `issue-closer` adds the structured comment with production evidence after merge lands.
+
+---
+
+## References
+
+- GitHub CLI — cli.github.com/manual/gh_pr_create
+- GitHub auto-close keywords — docs.github.com/en/issues/tracking-your-work-with-issues/closing-an-issue-automatically
+- Ciel pipeline: issue-creator → branch-setup → FAIRE → pr-opener → issue-closer (post-merge)