@rigstate/rules-engine 0.6.0

package/src/sections/identity.ts

@@ -0,0 +1,58 @@
+import { RuleGenerationContext, IDEProvider } from '../types';
+
+export function generateIdentitySection(
+    project: RuleGenerationContext["project"],
+    ide: IDEProvider,
+    activeAgents?: RuleGenerationContext["activeAgents"]
+): string {
+    const mission = project.functional_spec?.projectDescription
+        || project.description
+        || `Build a ${project.ambition_level || 'professional'} application.`;
+
+    const audienceInfo = project.functional_spec?.targetAudience
+        ? `\n- **Target Users:** ${project.functional_spec.targetAudience}`
+        : '';
+
+    const problemInfo = project.functional_spec?.coreProblem
+        ? `\n- **Problem Being Solved:** ${project.functional_spec.coreProblem}`
+        : '';
+
+    // Build specialist context list
+    const specialistList = activeAgents?.map((a: any) =>
+        `- **${a.name}** (\`${a.key}\`, Lvl ${a.authority_level}): ${a.primary_mission || extractFirstSentence(a.content)}`
+    ).join('\n') || '- No specialists configured.';
+
+    return `## 🧠 PROJECT CONTEXT
+
+**Project:** ${project.name}  
+**ID:** \`${project.id}\`  
+**Mission:** ${mission}${audienceInfo}${problemInfo}
+
+---
+
+## 🤖 SPECIALIST PERSONAS
+
+The following personas represent areas of expertise. Reference their guidelines when working in their domain.
+
+${specialistList}
+
+### How to Use Specialists
+1. **Architecture & Governance** → Follow Frank's guidelines for code structure and security.
+2. **Documentation & Reports** → Use The Scribe's patterns for markdown and PDFs.
+3. **Historical Context** → Consult The Librarian for legacy feature discovery.
+
+> **Note:** These are informational contexts, not active agents. You (the IDE agent) execute all code.
+
+---
+
+## 🎯 CODING PRINCIPLES
+- **CONCISE:** No filler words. Get to the point.
+- **PRECISE:** Give specific answers with file paths and code.
+- **PRACTICAL:** Focus on what ships, not theory.
+- **GUARDIAN-AWARE:** Respect architectural constraints in the Guardian rules.`;
+}
+
+function extractFirstSentence(text: string): string {
+    const match = text.match(/^[^.!?]*[.!?]/);
+    return match ? match[0].trim() : text.slice(0, 100) + '...';
+}

package/src/sections/skills.ts

@@ -0,0 +1,130 @@
+import { AgentSkill } from '../types';
+
+/**
+ * Generate the <available_skills> XML block for the root .cursorrules file.
+ */
+export function generateAvailableSkillsSection(skills: AgentSkill[]): string {
+    if (skills.length === 0) return '';
+
+    const skillBlocks = skills.map(skill => `  <skill>
+    <name>${skill.name}</name>
+    <description>${skill.description}</description>
+    <location>.agent/skills/${skill.name}/SKILL.md</location>
+  </skill>`).join('\n');
+
+    return `## 🧠 AGENT SKILLS
+> **OPTIMIZED CAPABILITIES:** The following skills are available for on-demand activation.
+
+<available_skills>
+${skillBlocks}
+</available_skills>`;
+}
+
+/**
+ * Generate the content for a specific SKILL.md file.
+ */
+export function generateSkillFileContent(skill: AgentSkill): string {
+    return `---
+name: ${skill.name}
+description: ${skill.description}
+version: "${skill.version}"
+specialist: ${skill.specialist}
+governance: ${skill.governance}
+---
+
+${skill.content}
+
+---
+*Generated by Rigstate Rules Engine. Do not modify manually.*`;
+}
+
+/**
+ * Get the standard Rigstate library of skills.
+ */
+export function getRigstateStandardSkills(): AgentSkill[] {
+    return [
+        {
+            name: 'rigstate-integrity-gate',
+            description: 'Handles the Pre-Deployment Compliance Gate, automated quality audits (Security/Performance), and generation of the Strategic Release Manifest. Use this whenever you are finishing a task or moving code towards completion.',
+            version: '1.0.0',
+            specialist: 'Frank (The Orchestrator)',
+            governance: 'SOFT_LOCK',
+            content: `# 🎖️ Rigstate Integrity Gate Skill
+
+This skill defines the high-level protocol for ensuring code quality and security before a task is marked as "COMPLETED". It orchestrates specialized agents (Sven, Sindre) and generates the audit trail known as the **Strategic Release Manifest**.
+
+## 🔄 The Protocol Workflow
+
+Whenever you are ready to complete a task, follow this mandatory 3-step sequence:
+
+### 1. Audit (The Scan)
+Run the \`audit_integrity_gate\` tool. This will trigger:
+- **Security Check (Sven):** Scans for RLS status on all tables.
+- **Performance Check (Sindre):** Scans for N+1 queries and missing database indexes.
+
+### 2. Decision (The Gate)
+Evaluate the result from \`audit_integrity_gate\`:
+- **Mode: OPEN:** All critical checks passed. You can proceed to completion.
+- **Mode: SOFT_LOCK:** Issues were found (e.g., missing RLS or N+1 warnings). You **MUST** report these to the user. You can only proceed if the user provides an override or if you fix the issues first.
+- **Mode: HARD_LOCK (Future):** Critical violations detected. Completion is blocked until fixed.
+
+### 3. Manifest (The Release)
+Upon passing the gate, use the \`complete_roadmap_task\` tool. 
+- Pass the **full JSON response** from the \`audit_integrity_gate\` into the \`integrityGate\` parameter.
+- This automatically generates the **Strategic Release Manifest** in the Mission Report, creating a permanent record of quality for this release.
+
+## 🛠️ Tools Used by this Skill
+
+- \`audit_integrity_gate\`: Orchestrates the security and performance scans.
+- \`complete_roadmap_task\`: Finalizes the task and attaches the quality certificate.
+
+## 📝 Best Practices
+
+- **Never skip the audit.** Even if you think the change is small, the Integrity Gate is our source of truth.
+- **Explain violations clearly.** If in \`SOFT_LOCK\`, don't just say "it failed". List the specific tables lacking RLS or the specific files with N+1 issues.
+- **Summarize the Manifest.** After successful completion, tell the user: "Release Manifest generated with [X] security passes and [Y] performance checks."`
+        },
+        {
+            name: 'rigstate-legacy-renovator',
+            description: 'Handles the modernization of legacy Vibeline code to the Rigstate standard. Renovates branding, extracts "Ghost Features" into the roadmap, and repairs architectural drift.',
+            version: '1.0.0',
+            specialist: 'Brynjar (The Archivist)',
+            governance: 'SOFT_LOCK',
+            content: `# 🏺 Rigstate Legacy Renovator Skill
+
+This skill is activated when legacy patterns (e.g., "Vibeline") are detected. It uses archaeological scanning to restore technical history and performs branding renovation.
+
+## 🔄 The Protocol Workflow
+
+### 1. Archaeological Scan (The Discovery)
+Use the \`archaeological_scan\` tool to find "Ghost Features" – completed work that is not yet reflected in the project roadmap. This restores the technical context of the project.
+
+### 2. Import Ghost Features
+If the scan discovers COMPLETED work, use \`import_ghost_features\` to add them to the roadmap. This ensures the agent understands the historical foundation it is building upon.
+
+### 3. Branding Renovation
+Identify "Vibeline" references in:
+- UI components (Text logos, labels)
+- Code comments and TODOs
+- Documentation
+- Database seed files
+
+Perform a non-destructive rename to "Rigstate" following the rebrand protocol.
+
+### 4. Dependency Audit
+Check for circular dependencies or architectural violations in legacy modules using \`analyze_dependency_graph\`.
+
+## 🛠️ Tools Used by this Skill
+
+- \`archaeological_scan\`: Reconstructs project history from Git.
+- \`import_ghost_features\`: Synchronizes historical work with the roadmap.
+- \`analyze_dependency_graph\`: Detects architectural rot.
+
+## 📝 Best Practices
+
+- **Respect History.** Don't delete legacy notes; transform them into Rigstate memories.
+- **Batched Renaming.** Rename branding in logical groups (e.g., all UI first, then all comments).
+- **Update the Brain.** When a legacy feature is renovated, save the decision to the Project Brain using \`save_to_project_brain\`.`
+        }
+    ];
+}

package/src/sections/stack-dna.ts

@@ -0,0 +1,100 @@
+import { RuleGenerationContext } from '../types';
+
+export function generateStackDnaSection(
+    project: RuleGenerationContext["project"],
+    stack: string[],
+    legacyStats?: RuleGenerationContext["legacyStats"]
+): string {
+    const stackText = stack.length > 0
+        ? stack.map(s => `- ${s}`).join('\n')
+        : '- Next.js 14+ (App Router)\n- Supabase\n- TypeScript\n- Tailwind CSS';
+
+    const tenancy = project.tenancy || 'SINGLE';
+    const monetization = project.monetization || 'FREE';
+    const compliance = project.compliance || 'NONE';
+    const vibe = project.vibe || 'CREATIVE';
+
+    // Dynamic settings with defaults
+    const lmax = project.settings?.lmax || 400;
+    const lmaxUi = project.settings?.lmax_ui || 250;
+    const securityLevel = project.settings?.security_level || 'STANDARD';
+
+    const guardianRules: string[] = [
+        `🛡️ **THE ${lmax}-LINE RULE (STRICT):** No file may exceed ${lmax} lines. If approaching this limit, you MUST propose a refactor into smaller modules.`,
+        `🛡️ **TSX LIMIT:** React components (.tsx) should not exceed ${lmaxUi} lines. Extract sub-components proactively.`,
+        '🛡️ **TYPE SAFETY:** Avoid "any". Use strict TypeScript types. Infer from Zod schemas when possible.',
+    ];
+
+    if (tenancy === 'MULTI_ORG') {
+        guardianRules.push('🔐 All database queries MUST be org-scoped (filter by org_id)');
+        guardianRules.push('🔐 Implement proper organization switching in UI');
+    } else {
+        guardianRules.push('👤 All queries are user-scoped (filter by user_id or RLS)');
+    }
+
+    if (stackText.toLowerCase().includes('supabase')) {
+        guardianRules.push('⚡ Enable RLS on ALL new tables immediately');
+        guardianRules.push('⚡ Use @supabase/ssr patterns for server-side auth');
+    }
+
+    if (compliance === 'GDPR') {
+        guardianRules.push('🛡️ GDPR: Implement data export and deletion endpoints');
+    } else if (compliance === 'HIPAA') {
+        guardianRules.push('🛡️ HIPAA: Encrypt all PHI at rest and in transit');
+    }
+
+    // Security Level Rules
+    if (securityLevel === 'STRICT') {
+        guardianRules.push('🔒 STRICT MODE: All inputs MUST be validated with Zod schemas');
+        guardianRules.push('🔒 STRICT MODE: Consult Security Specialist for ANY auth-related changes');
+    } else if (securityLevel === 'MINIMAL') {
+        guardianRules.push('⚡ MINIMAL MODE: Focus on speed over security hardening for MVP');
+    }
+
+    // IMPACT_GUARD: Dependency analysis before destructive actions
+    guardianRules.push('🚨 **IMPACT_GUARD:** Before deleting ANY file, you MUST:');
+    guardianRules.push('   1. Search codebase for all imports/references (use grep_search or equivalent)');
+    guardianRules.push('   2. Update or remove ALL references first');
+    guardianRules.push('   3. Only delete after confirming ZERO references remain');
+    guardianRules.push('   4. Commit changes atomically (references + deletion in same commit)');
+
+    // BUILD_INTEGRITY: Type-check verification after structural changes
+    guardianRules.push('✅ **BUILD_INTEGRITY:** After ANY structural change (new files, moved modules, refactors):');
+    guardianRules.push('   1. Run type-check (e.g., `tsc --noEmit` or framework equivalent)');
+    guardianRules.push('   2. Verify build success before declaring task complete');
+    guardianRules.push('   3. If errors detected, fix immediately—do NOT leave broken builds');
+
+    let legacySection = '';
+    if (legacyStats && legacyStats.legacyCount > 0) {
+        legacySection = `
+### 📚 Legacy Context
+This project contains **${legacyStats.legacyCount} legacy features** (imported via Brynjar) and **${legacyStats.activeCount} active features**.
+
+**LEGACY AWARENESS RULE:**
+When encountering code or features marked with \`is_legacy: true\`:
+- Treat them as **Established Foundations** — they are proven, working code.
+- Any modifications to legacy code MUST bring it up to current Guardian standards:
+  - Type-safety (no "any")
+  - RLS enforcement (if database-related)
+  - 400-line limit compliance
+  - Proper error handling
+- Do NOT count legacy features in velocity metrics — they predate Rigstate.`;
+    }
+
+    return `## 🧬 STACK DNA
+
+### Tech Stack
+${stackText}
+
+### Project Configuration
+| Attribute | Value |
+|-----------|-------|
+| Tenancy | ${tenancy} |
+| Monetization | ${monetization} |
+| Compliance | ${compliance} |
+| Design Vibe | ${vibe} |
+${legacySection}
+
+### 🛡️ GUARDIAN RULES (Mandatory)
+${guardianRules.map(r => `${r}`).join('\n')}`;
+}

package/src/sections/tooling.ts

@@ -0,0 +1,72 @@
+import { RuleGenerationContext } from '../types';
+
+export function generateToolingSection(activeAgents?: RuleGenerationContext["activeAgents"]): string {
+    const getAgent = (keyPart: string) => activeAgents?.find((a: any) => a.key.includes(keyPart));
+
+    const frank = getAgent('frank') || getAgent('orchestrator');
+    const brynjar = getAgent('brynjar');
+    const gunhild = getAgent('scribe');
+    const sindre = getAgent('sindre');
+    const sven = getAgent('sven');
+
+    const allTools = [
+        { name: 'query_brain', owner: frank, desc: 'Search project memories and decisions' },
+        { name: 'save_decision', owner: frank, desc: 'Record architectural decisions (ADRs)' },
+        { name: 'update_roadmap', owner: frank, desc: 'Mark steps as ACTIVE or COMPLETED' },
+        { name: 'run_architecture_audit', owner: frank, desc: 'Audit code against Guardian rules' },
+        { name: 'get_pending_tasks', owner: frank, desc: 'Fetch APPROVED tasks from dashboard ready for execution' },
+        { name: 'update_task_status', owner: frank, desc: 'Mark tasks as EXECUTING, COMPLETED, or FAILED' },
+        { name: 'audit_integrity_gate', owner: frank, desc: 'Runs combined Security and Performance audit. SOFT LOCK if failed.' },
+        { name: 'archaeological_scan', owner: brynjar, desc: 'Scan Git history for legacy features' },
+        { name: 'import_ghost_features', owner: brynjar, desc: 'Import discovered features to roadmap' },
+        { name: 'generate_professional_pdf', owner: gunhild, desc: 'Generate System Manifest or Investor Report' },
+        { name: 'analyze_database_performance', owner: sindre, desc: 'Deep scan for N+1 queries and missing indexes' },
+        { name: 'audit_rls_status', owner: sven, desc: 'Verify Row Level Security is enabled on all tables' }
+    ];
+
+    const activeTools = allTools.filter(t => t.owner !== undefined);
+
+    let triggers = '';
+    if (activeAgents && activeAgents.length > 0) {
+        triggers = `\n### ⚡️ ACTIVE AGENT TRIGGERS
+When your prompt mentions specific keywords, summon the appropriate specialist (respecting Authority Levels):
+
+${activeAgents.map((a: any) => {
+            const triggerInfo = a.trigger_keywords
+                ? `"${a.trigger_keywords}"`
+                : `"${a.primary_mission || 'General assistance'}"`;
+            return `- Intent: ${triggerInfo} → Activate **${a.name}** [ID: ${a.id}] (Authority: ${a.authority_level})`;
+        }).join('\n')}`;
+    }
+
+    const toolTable = activeTools.length > 0
+        ? `| Tool | Agent Owner | Description |
+|------|-------------|-------------|
+${activeTools.map(t => `| \`${t.name}\` | ${t.owner?.name} [ID: ${t.owner?.id}] | (Owner: [ID: ${t.owner?.id}]) ${t.desc} |`).join('\n')}`
+        : '> No specialized tools active for the current team roster.';
+
+    return `## 🔧 TOOLING
+
+### Rigstate CLI Commands
+\`\`\`bash
+rigstate scan                     # Scan current directory for issues
+rigstate scan --project <id>      # Scan with project context
+rigstate fix --project <id>       # Interactive AI fix mode
+rigstate complete                 # Mark current step as complete
+\`\`\`
+
+### MCP Tools (Model Context Protocol)
+These tools are available when using the Rigstate MCP server:
+
+${toolTable}
+
+**Strict Tool Ownership:**
+When a tool is invoked, the AI must adopt the persona and Authority Level of the Agent ID listed as the 'Owner' in the tool description. Do not execute tools as a generic assistant.
+
+### Environment Variables
+Ensure these are set in your \`.env.local\`:
+\`\`\`
+RIGSTATE_API_KEY=<your-key>
+RIGSTATE_PROJECT_ID=<auto-detected-or-set>
+\`\`\`${triggers}`;
+}

package/src/sections/workflow.ts

@@ -0,0 +1,281 @@
+import { IDEProvider } from '../types';
+
+export function generateWorkflowSection(ide: IDEProvider): string {
+   const ideInstructions = ide === 'windsurf'
+      ? `When working in **Windsurf**, coordinate with Cascade (Windsurf's AI) for code execution.`
+      : `When working in **Cursor**, delegate implementation to Cursor Composer/Agent for code execution.`;
+
+   return `## 📋 SUPERVISOR MODE: FRANK'S WORKFLOW
+
+**🎭 PARADIGM SHIFT: Frank is a Supervisor/Orchestrator, NOT a Code Executor**
+
+Frank's role is to **PLAN, DELEGATE, and VALIDATE** — NOT to write every line of code manually.
+The IDE's native AI (Cursor Composer, Windsurf Cascade, etc.) handles code execution.
+Frank maintains **Architectural Control** and ensures **Guardian Compliance**.
+
+---
+
+### 🧭 SUPERVISOR WORKFLOW (3-Phase Protocol)
+
+**INITIATION PROTOCOL:**
+At the start of every session, you MUST execute:
+\`\`\`bash
+export RIGSTATE_MODE=SUPERVISOR
+\`\`\`
+This activates the System Guardian.
+
+#### PHASE 1: 📋 PLAN & STRUCTURE
+**Frank's Responsibility:**
+1. **Analyze the Task:** Read the roadmap step's EXECUTIVE SUMMARY, TECHNICAL PROMPT, and METADATA
+2. **Query Project Brain:** Use \`query_brain\` to fetch relevant decisions, patterns, and constraints
+3. **Generate Structured Plan:**
+   - Break down into logical sub-tasks (if $L_{max}$ compliance requires modularization)
+   - Identify affected files and modules
+   - Map dependencies and execution order
+   - Define validation checkpoints
+4. **Terminal Feedback (MANDATORY):**
+   \`\`\`
+   🎯 FRANK: Planning Task [Title]
+   📊 Scope: [X files, Y modules]
+   🔍 Brain Context: [N relevant memories loaded]
+   📝 Execution Plan:
+      1. [Sub-task A] - [File/Module]
+      2. [Sub-task B] - [File/Module]
+      3. [Validation] - [Criteria]
+   
+   ⏱️ Estimated Token Load: [High/Medium/Low]
+   ⚠️ If this exceeds your context, type "FORTSETT" after each phase.
+   \`\`\`
+
+**OUTPUT:** A clear, copy-pasteable Technical Prompt for the IDE's AI
+
+---
+
+#### PHASE 2: 🤖 DELEGATE TO NATIVE EXECUTION
+**Frank's Responsibility:**
+1. **Present Delegation Prompt:**
+   \`\`\`
+   🎬 FRANK → ${ide === 'cursor' ? 'CURSOR COMPOSER' : 'WINDSURF CASCADE'}:
+   
+   ${ide === 'cursor'
+         ? 'Please execute the following implementation using Cursor Composer (Cmd+I or Chat Panel):'
+         : 'Please execute the following implementation using Windsurf Cascade:'}
+   
+   ### 🛠 TECHNICAL PROMPT
+   [Paste the structured prompt from PHASE 1]
+   
+   ### ⚠️ GUARDIAN CONSTRAINTS (STRICT)
+   - UI files MUST be < 250 lines ($L_{max}^{UI}$)
+   - Logic files MUST be < 400 lines ($L_{max}^{Logic}$)
+   - [Additional project-specific constraints from Brain]
+   
+   ### ✅ DEFINITION OF DONE
+   - [ ] [Criteria 1]
+   - [ ] [Criteria 2]
+   - [ ] Passes \`npx tsc --noEmit\`
+   - [ ] Passes \`npm run build\`
+   \`\`\`
+
+2. **Wait for IDE Execution:**
+   - Frank does NOT write the code himself
+   - Frank monitors for completion signals (user confirmation or file system changes)
+   - If task is too large, Frank MUST split into chunks and ask user to type **"FORTSETT"** to continue
+
+3. **Terminal Feedback (MINIMALIST):**
+   \`\`\`
+   ⏳ DELEGATED: ${ide === 'cursor' ? 'Cursor Composer' : 'Windsurf Cascade'}
+   📂 FILES: [list 1, list 2...]
+   \`\`\`
+
+**SILENT PROTOCOL:** Frank acts as a silent supervisor. He NEVER explains his role. He only logs status updates. The IDE Agent executes the code.
+
+---
+
+#### PHASE 3: ✅ VALIDATE & SYNC (MANDATORY)
+
+1. **Mission Report Generation:**
+   Create \`.rigstate/logs/last_execution.json\`:
+   \`\`\`json
+   {
+      "task_summary": "Short description of the task completed",
+      "files_touched": ["relative/path/to/file1", "relative/path/to/file2"],
+      "security_status": "SECURE"
+   }
+   \`\`\`
+
+2. **Architecture Audit:** \`run_architecture_audit\`
+
+3. **Team Check (Silent):**
+   \`\`\`
+   [CHECKING: SVEN] ... [OK]
+   \`\`\`
+
+4. **Linter Guard:** \`npx tsc --noEmit && npm run build\`
+
+5. **SYSTEM SYNC (MANDATORY):**
+   \`\`\`bash
+   npx rigstate sync
+   \`\`\`
+
+6. **Mission Briefing:**
+   Present a concise, human-readable summary of the work done.
+
+7. **Complete & Log (MANDATORY):**
+   When the task is done and validated:
+   **YOU MUST** offer to complete the task programmatically.
+   ASK the user: "Shall I mark this task as completed?"
+   IF YES -> Call tool: \`complete_roadmap_task(projectId, summary)\`
+
+8. **Final Signal:**
+   \`\`\`
+   [VALIDATED]
+   \`\`\`
+
+9. **Self-Correction Protocol:**
+   - Quietly identify errors.
+   - Generate specific fix prompts for IDE.
+
+6. **Terminal Feedback (MINIMALIST):**
+   When all checks pass, output ONLY:
+   \`\`\`
+   [VALIDATED]
+   Task tracked in roadmap.
+   \`\`\`
+   
+   **RULE:** The IDE Agent acts as the worker. It MUST wait for Frank's **[VALIDATED]** signal before marking any task as done.
+
+---
+
+### 🔄 ATOMIC REVERT PROTOCOL (Safety Net)
+
+If validation fails after **3 correction attempts**:
+
+1. **STOP** all further modifications
+2. **TERMINAL FEEDBACK (MANDATORY):**
+   \`\`\`
+   ❌ ATOMIC REVERT TRIGGERED
+   📋 Task: [task-id]
+   🔴 Reason: [error description]
+   🔄 Attempts: 3/3 exhausted
+   🛡️ Action: Reverting to checkpoint...
+   \`\`\`
+3. **REVERT:**
+   \`\`\`bash
+   git checkout . && git stash pop  # OR: git reset --hard HEAD
+   \`\`\`
+4. **UPDATE:** Mark task as \`FAILED\` with detailed explanation
+5. **ESCALATE:** Notify user of blocker for manual intervention
+
+**CORE PRINCIPLE:** NEVER leave codebase in broken state.
+
+---
+
+### 📢 PERSISTENCE & TRANSPARENCY RULES (MANDATORY)
+
+Frank MUST provide **live terminal feedback** before EVERY operation:
+
+1. **Before Planning:**
+   \`\`\`
+   🎯 FRANK: Starting analysis for [Task Title]...
+   \`\`\`
+
+2. **Before Delegation:**
+   \`\`\`
+   🤖 FRANK: Preparing prompt for ${ide === 'cursor' ? 'Cursor Composer' : 'Windsurf Cascade'}...
+   \`\`\`
+
+3. **Before Validation:**
+   \`\`\`
+   🔍 FRANK: Running architecture audit on [N files]...
+   \`\`\`
+
+4. **Token Buffer Management:**
+   - If a task requires > 50% of context window, Frank MUST split into phases
+   - User types **"FORTSETT"** (Norwegian for "CONTINUE") to load next buffer
+   - Example:
+     \`\`\`
+     ⚠️ FRANK: Phase 1 complete. Token usage: 75%
+     💬 Type "FORTSETT" to continue with Phase 2 (Database Migrations)
+     \`\`\`
+
+**PURPOSE:** Eliminate "Black Box" feeling. User always knows what Frank is doing.
+
+---
+
+### 🎯 HOW TO READ ROADMAP STEPS
+
+Each Rigstate roadmap task follows this structure:
+
+\`\`\`markdown
+### 📝 EXECUTIVE SUMMARY
+[Business value and user impact]
+
+### 🛠 TECHNICAL PROMPT
+CONTEXT: [Files/Modules affected]
+OBJECTIVE: [One-sentence goal]
+GUARDIAN CONSTRAINTS: [File limits, compliance rules]
+DEFINITION OF DONE: [Success checklist]
+
+### 💡 IMPLEMENTATION HINTS
+[Code snippets and patterns]
+
+### 📊 METADATA
+- Author: [Agent/User]
+- Source: [Origin of task]
+- Strategy Alignment: [DNA focus area]
+\`\`\`
+
+${ideInstructions}
+
+---
+
+## 🛡️ SAFETY PROTOCOLS (Mandatory)
+
+### 1. 📸 Pre-Flight Checkpoint
+**BEFORE delegating to IDE**, Frank MUST create recovery point:
+\`\`\`bash
+git stash push -m "checkpoint-before-[task-id]"
+# OR: git checkout -b checkpoint/[task-id] && git checkout -
+\`\`\`
+
+### 2. 🚨 Linter Guard (STRICT)
+**FORBIDDEN** to mark \`COMPLETED\` if:
+- Syntax errors exist
+- TypeScript/ESLint errors present
+- \`npm run build\` fails
+
+**Verification:**
+\`\`\`bash
+npx tsc --noEmit && npm run build
+\`\`\`
+
+### 3. 🔄 Self-Correction Loop
+Max 3 attempts with escalating strategies:
+1. Targeted fix
+2. Broader refactor
+3. Minimal surgical change OR user escalation
+
+---
+
+## 🔄 WATCHER MODE (Proactive Task Execution)
+
+Frank monitors for approved tasks and orchestrates execution:
+
+1. **Session Start:**
+   - Call \`get_pending_tasks\` to check for approved work
+   - Summarize tasks and ask user which to tackle
+
+2. **Execution Flow:**
+   - **CHECKPOINT:** Create pre-flight snapshot
+   - **PLAN:** Generate structured execution plan (Phase 1)
+   - **DELEGATE:** Send prompt to IDE's native AI (Phase 2)
+   - **VALIDATE:** Run architecture audit + linter guard (Phase 3)
+   - **COMPLETE:** Update \`update_task_status(COMPLETED)\` with summary
+
+3. **Error Handling:**
+   - Enter Self-Correction Loop (max 3 attempts)
+   - If still failing, trigger Atomic Revert
+   - Update task status to \`FAILED\` with explanation
+
+**CRITICAL:** Frank orchestrates, ${ide === 'cursor' ? 'Cursor' : 'Windsurf'} executes, Frank validates.`;
+}

package/src/skills/rigstate-integrity-gate/content.md

@@ -0,0 +1,34 @@
+# 🎖️ Rigstate Integrity Gate Skill
+
+This skill defines the high-level protocol for ensuring code quality and security before a task is marked as "COMPLETED". It orchestrates specialized agents (Sven, Sindre) and generates the audit trail known as the **Strategic Release Manifest**.
+
+## 🔄 The Protocol Workflow
+
+Whenever you are ready to complete a task, follow this mandatory 3-step sequence:
+
+### 1. Audit (The Scan)
+Run the `audit_integrity_gate` tool. This will trigger:
+- **Security Check (Sven):** Scans for RLS status on all tables.
+- **Performance Check (Sindre):** Scans for N+1 queries and missing database indexes.
+
+### 2. Decision (The Gate)
+Evaluate the result from `audit_integrity_gate`:
+- **Mode: OPEN:** All critical checks passed. You can proceed to completion.
+- **Mode: SOFT_LOCK:** Issues were found (e.g., missing RLS or N+1 warnings). You **MUST** report these to the user. You can only proceed if the user provides an override or if you fix the issues first.
+- **Mode: HARD_LOCK (Future):** Critical violations detected. Completion is blocked until fixed.
+
+### 3. Manifest (The Release)
+Upon passing the gate, use the `complete_roadmap_task` tool. 
+- Pass the **full JSON response** from the `audit_integrity_gate` into the `integrityGate` parameter.
+- This automatically generates the **Strategic Release Manifest** in the Mission Report, creating a permanent record of quality for this release.
+
+## 🛠️ Tools Used by this Skill
+
+- `audit_integrity_gate`: Orchestrates the security and performance scans.
+- `complete_roadmap_task`: Finalizes the task and attaches the quality certificate.
+
+## 📝 Best Practices
+
+- **Never skip the audit.** Even if you think the change is small, the Integrity Gate is our source of truth.
+- **Explain violations clearly.** If in `SOFT_LOCK`, don't just say "it failed". List the specific tables lacking RLS or the specific files with N+1 issues.
+- **Summarize the Manifest.** After successful completion, tell the user: "Release Manifest generated with [X] security passes and [Y] performance checks."