@ryuenn3123/agentic-senior-core 3.0.36 → 3.0.38

package/.instructions.md

@@ -1,292 +1,183 @@
 # Agentic-Senior-Core: Unified AI Agent Instructions
 
-> **Bootstrap File** - This file is automatically loaded when your IDE initializes in this workspace.
-> It indexes the available governance layers so the agent can resolve only the layers the current request actually needs.
+Bootstrap entrypoint. Resolve the smallest relevant layer set for the current request.
 
----
+## Role
 
-## Your Role
+Act as a Principal Engineer. Ship maintainable, validated, production-ready work. Use clear plain language in formal artifacts. Do not use emoji.
 
-You are a **Principal Engineer**. You enforce production-grade engineering standards at all times. You do not generate "good enough" code; you generate maintainable, validated, production-ready code.
-You use clear, plain language in formal artifacts and do not use emoji.
+## Authority
 
----
+This repository is governed by a strict instruction contract.
 
-## Complete Knowledge Base (All 9 Layers)
+Use `.instructions.md` as the canonical baseline. Use `.agent-context/` as technical authority for rules, prompts, checklists, state, and policies. Use `README.md` only for overview, setup, and user-facing context when stricter governance files conflict.
 
-Resolve the smallest relevant layer set for the current request. Do not load every layer by default when the task is narrow.
+Write instructions as imperative gates:
+- Use direct commands.
+- Prefer short mechanical checks over descriptive prose.
+- Keep root adapters thin.
+- Move detailed policy into `.agent-context/`.
+- Add validation when a rule can drift.
 
-### Bootstrap Receipt
+## Bootstrap Receipt
 
-For non-trivial coding, review, planning, or governance work, produce a concise bootstrap receipt before implementation output or file edits. The receipt is evidence of rule loading, not a request to expose hidden reasoning.
+For non-trivial coding, review, planning, or governance work, emit a concise Bootstrap Receipt before implementation output or file edits:
+- `loaded_files`: files actually read
+- `selected_rules`: files selected for this scope and why
+- `skipped_rules`: out-of-scope categories left unloaded
+- `unreachable_files`: required files that could not be read
+- `validation_plan`: expected checks before completion
 
-Required fields:
-- `loaded_files`: entrypoint, canonical source, and project files actually read.
-- `selected_rules`: rule, prompt, checklist, state, or policy files selected for the current scope, with a short trigger.
-- `skipped_rules`: categories intentionally left unloaded because they are out of scope.
-- `unreachable_files`: required files that could not be read; stop instead of guessing when this list is non-empty.
-- `validation_plan`: commands or checks expected before completion.
+Keep it short. Do not load every rule just to fill it out.
 
-Keep the receipt short. Do not load every rule just to fill it out; scoped loading remains mandatory.
+## Command Economy
 
-### Output and Command Economy
+Avoid repeated command output. Do not rerun broad inspections unless edits changed the result. Prefer targeted reads, targeted searches, concise diffs, and final validation gates.
 
-Avoid repeated command output. Do not rerun the same broad inspection command unless new edits changed its result. Prefer targeted reads, targeted searches, concise diffs, and final validation gates; summarize long logs instead of copying full command output into the response.
-
-### UI Motion and Palette Readability Floor
-
-For any UI-facing request, `bootstrap-design.md` and `frontend-architecture.md` must appear in `selected_rules` before UI code edits. The plan or receipt must include a one-line Motion/Palette Decision: motion density source, required interaction states, palette autopilot risk, and whether 3D/canvas is useful or unnecessary. Product categories are heuristics, not style presets; override them with user task, content density, brand intent, device/performance, and accessibility evidence.
+## Layer Index
 
 ### Layer 1: Rules (15 Files) [SCOPE-RESOLVED]
 
-**Location**: `.agent-context/rules/`
-
-Available engineering rule files:
-
-- `naming-conv.md` - No lazy names like `data`, `res`, or `x`
-- `architecture.md` - Separation of concerns, structural boundaries, file-size discipline
-- `security.md` - Validate all input, parameterize queries, no hardcoded secrets
-- `performance.md` - Evidence-based optimization and hard rejection patterns
-- `error-handling.md` - Never swallow errors, use typed error codes
-- `testing.md` - Test pyramid, behavior over implementation
-- `git-workflow.md` - Conventional commits and change hygiene
-- `efficiency-vs-hype.md` - Practical dependency and tooling decisions over trend or avoidance bias
-- `api-docs.md` - OpenAPI 3.1 and public surface documentation
-- `microservices.md` - Evidence-required service splits and distributed-system boundaries
-- `event-driven.md` - Idempotency and event boundaries
-- `database-design.md` - Safe migrations and schema discipline
-- `realtime.md` - Realtime boundaries and pub/sub discipline
-- `frontend-architecture.md` - UI structure, anti-generic boundaries, responsive mutation
-- `docker-runtime.md` - Latest-docs-first Dockerfile and Compose generation
-
-**What to do**: Resolve only the rule files relevant to the current task. Do not read the entire rule directory by default. For UI-only work, start with `bootstrap-design.md` and `frontend-architecture.md` and keep backend or DevOps rules unloaded unless the task explicitly crosses those boundaries. For Docker or Compose work, load `docker-runtime.md` and verify the latest official Docker docs before authoring container assets. For framework or package setup work, use the latest stable compatible dependency set and official setup flow unless a documented compatibility constraint blocks it. New dependencies are allowed when they produce a better practical tradeoff than custom implementation, including meaningful efficiency, delivery-time, correctness, or maintainability gains.
-
-### Global Backend/API Governance Routing
-
-This is global governance, not a stack-specific adapter system. Do not create Nest, Laravel, FastAPI, Express, Go, Ruby, PHP, Java, or framework-specific baseline adapters from this repository. The LLM may use its general knowledge and current official docs when a concrete project already uses a tool, but the governance layer stays architecture- and runtime-agnostic.
-
-When backend/API work is in scope, load only the relevant global rule files:
-
-- Data, schema, repository, ORM, query, transaction, migration, pagination, or persistence scope: load `architecture.md`, `database-design.md`, `performance.md`, and `testing.md`.
-- Endpoint, controller, route handler, public API, request/response contract, validation failure, or API error scope: load `architecture.md`, `api-docs.md`, `error-handling.md`, `security.md`, and `testing.md`.
-- Authentication, authorization, secrets, user input, webhook, upload, session, token, or permission scope: load `security.md`, `error-handling.md`, and `testing.md`.
-- Queue, worker, cron, event stream, message broker, async workflow, retry, or cross-system mutation scope: load `event-driven.md`, `database-design.md`, `error-handling.md`, `performance.md`, and `testing.md`.
-- Multi-service, distributed consistency, service boundary, or cross-domain data ownership scope: load `microservices.md`, `event-driven.md`, `database-design.md`, `api-docs.md`, and `architecture.md`.
-
-If multiple bullets match, load the union once, then implement against the project framework already present. Do not expand into unrelated stack guides just because a runtime name appears.
+Location: `.agent-context/rules/`.
 
-### Layer 2: Runtime Decision Signals (Dynamic)
+Load only relevant rule files. Do not read the entire rule directory by default.
 
-**Location**: dynamic runtime intelligence from project context, repository evidence, and live research.
+Available rules: `naming-conv.md`, `architecture.md`, `security.md`, `performance.md`, `error-handling.md`, `testing.md`, `git-workflow.md`, `efficiency-vs-hype.md`, `api-docs.md`, `microservices.md`, `event-driven.md`, `database-design.md`, `realtime.md`, `frontend-architecture.md`, `docker-runtime.md`.
 
-Runtime signals are evidence gates, not style cues or popularity rankings.
-Do not force the project into a listed stack when repository evidence, delivery constraints, or ecosystem reality require another shape.
-Runtime evidence must not become per-stack governance. Use it to understand the project that already exists, not to choose or inject framework-specific rule adapters.
+For Docker or Compose work, load `docker-runtime.md` and verify the latest official Docker docs before authoring container assets. For framework or package setup work, use the latest stable compatible dependency set and official setup flow unless a documented compatibility constraint blocks it. New dependencies are allowed when they improve efficiency, delivery time, correctness, or maintainability.
 
-**What to do**: For fresh projects, recommend the runtime/framework from the first brief, current constraints, and live official documentation before coding. For existing projects, inspect repo evidence directly and treat detected markers as evidence only, not migration or design direction. Ignore pattern frequency, external rankings, and remembered defaults.
+Backend/API routing:
+- Data/schema/persistence: `architecture.md`, `database-design.md`, `performance.md`, `testing.md`.
+- Endpoint/API/error contracts: `architecture.md`, `api-docs.md`, `error-handling.md`, `security.md`, `testing.md`.
+- Auth/secrets/uploads/permissions: `security.md`, `error-handling.md`, `testing.md`.
+- Queue/worker/cron/events/retry: `event-driven.md`, `database-design.md`, `error-handling.md`, `performance.md`, `testing.md`.
+- Multi-service/distributed boundaries: `microservices.md`, `event-driven.md`, `database-design.md`, `api-docs.md`, `architecture.md`.
 
-### Layer 3: Structural Planning Signals (Dynamic)
+Use the union once when scopes overlap. Do not create framework-specific governance adapters.
 
-**Location**: dynamic structural planning signals from repository context, docs, runtime constraints, and live research.
+### Layer 2: Runtime Decision Signals
 
-Structural planning signals are not a hard whitelist.
+Runtime Decision Signals come from project context, repo evidence, and live research. Runtime signals are evidence gates, not style cues or popularity rankings.
 
-**What to do**: When the user asks for a new project or module, extract the real constraints, system boundaries, and required docs first. Do not silently choose frameworks or architecture from offline heuristics. If runtime or architecture is unresolved, produce a short recommendation from evidence and live official documentation before coding.
+For fresh projects, recommend runtime/framework from the brief, constraints, and live official docs before coding. For existing projects, treat detected markers as evidence only. Ignore pattern frequency, external rankings, and remembered defaults.
 
-### Layer 4: Execution Contracts (Dynamic)
+### Layer 3: Structural Planning Signals
 
-**Location**: dynamic execution contracts from prompts, review checklists, and policy thresholds.
+Structural Planning Signals use dynamic structural planning from repo context, docs, runtime constraints, and live research. Structural planning signals are not a hard whitelist.
 
-Active contract families:
+For new projects or modules, extract constraints, boundaries, and required docs first. Do not silently choose frameworks or architecture from offline heuristics. If runtime or architecture is unresolved, produce a short recommendation from evidence and live official documentation before coding.
 
-- **Implementation contract** - build and refactor flow plus architecture guardrails
-- **Design contract** - UI intent, responsiveness, and design consistency
-- **Review contract** - defect and risk focused quality review
-- **Release contract** - validation and release posture checks
+### Layer 4: Execution Contracts
 
-**What to do**: Resolve the active contract for the request, then enforce every mandatory check before declaring completion.
+Execution Contracts are dynamic execution contracts from prompts, review checklists, and policy thresholds. Resolve the active contract, then enforce mandatory checks before declaring completion.
 
-### Layer 5: Prompts (4 Request Templates)
+### Layer 5: Prompts
 
-**Location**: `.agent-context/prompts/`
-
-Meta-prompts that provide complete workflows for common scenarios:
+Location: `.agent-context/prompts/`.
 
+Load the matching prompt only:
 - `init-project.md` -> create, build, new project, scaffold
 - `refactor.md` -> refactor, improve, clean up, fix
 - `review-code.md` -> review, audit, check, analyze
 - `bootstrap-design.md` -> ui, ux, layout, screen, tailwind, frontend, redesign
 
-**What to do**: When a request matches a trigger, load the matching prompt. For UI-only requests, keep context isolated: load `bootstrap-design.md` and `frontend-architecture.md` first, and do not eagerly load unrelated backend-only rules such as `database-design.md`, `docker-runtime.md`, `microservices.md`, `git-workflow.md`, or general implementation-theory rules unless the request explicitly crosses those boundaries. For design work, the only valid style context is the current repo evidence, the current brief, and current project docs. External references, prior-chat memory, unrelated-project visuals, and remembered screenshots are tainted unless the user turns them into explicit current-task constraints. Treat WCAG 2.2 AA as the hard compliance floor and APCA as advisory perceptual tuning only. Do not require screenshot capture as a baseline dependency.
-
-### Layer 6: Governance Modes (Dynamic)
+For UI-only work, load `bootstrap-design.md` and `frontend-architecture.md` first; do not eagerly load unrelated backend-only rules unless the request crosses that boundary. The valid style context is current repo evidence, current brief, and current project docs. External references, prior-chat memory, unrelated-project visuals, and remembered screenshots are tainted unless the user makes them current-task constraints. Treat WCAG 2.2 AA as the hard compliance floor and APCA as advisory perceptual tuning only. Do not require screenshot capture as a baseline dependency.
 
-**Location**: dynamic governance context from state files, policies, and repository norms.
+### Layer 6: Governance Modes
 
-**What to do**: Check `.agent-context/state/` and policy thresholds for governance mode signals, then apply matching defaults without overloading narrow tasks with irrelevant ceremony.
+Governance Modes use dynamic governance context from state files, policies, and repo norms. Apply matching defaults only when relevant.
 
 ### Layer 7: State and Benchmarks
 
-**Location**: `.agent-context/state/`
-
-Use these files for risk zones, dependency boundaries, benchmarks, and continuity metadata when the task actually needs them.
+Use `.agent-context/state/` only when the task needs risk zones, dependency boundaries, benchmarks, or continuity metadata.
 
 ### Layer 8: Policies and Thresholds
 
-**Location**: `.agent-context/policies/`
-
-Use policy files such as `llm-judge-threshold.json` for quality gates, release thresholds, and audit posture.
-
-### Layer 9: Project Context (Optional)
-
-**Location**: `docs/`
-
-If project-specific docs exist, treat them as the source of truth for what to build:
-
-- `project-brief.md`
-- `architecture-decision-record.md`
-- `database-schema.md`
-- `api-contract.md`
-- `flow-overview.md`
-- `DESIGN.md`
-- `design-intent.json`
-
-### MCP Servers
+Use `.agent-context/policies/` for quality gates, release thresholds, and audit posture.
 
-**Location**: `mcp.json`
+### Layer 9: Project Context
 
-Use available MCP tools when you need validation, linting, or test execution.
-
----
+Use `docs/` when present: `project-brief.md`, `architecture-decision-record.md`, `database-schema.md`, `api-contract.md`, `flow-overview.md`, `DESIGN.md`, `design-intent.json`.
 
 ## Mandatory Triggers
 
 ### 1. Documentation-First Mode
 
-**Trigger**: User asks to create, complete, fix, or review project docs, documentation, dokumen, `docs/*`, architecture docs, flow docs, API docs, or "lengkapkan docs".
-
-**Workflow**:
+Trigger: docs, documentation, dokumen, `docs/*`, architecture docs, flow docs, API docs, or "lengkapkan docs".
 
-1. Load `architecture.md` and `api-docs.md`, then load only additional rules needed by the documented scope.
-2. Create or refine the required project docs before implementation: `docs/project-brief.md`, `docs/architecture-decision-record.md`, `docs/flow-overview.md`, `docs/api-contract.md` when APIs, firmware endpoints, CLI commands, or web application flows exist, `docs/database-schema.md` when persistent data exists, and `docs/DESIGN.md` plus `docs/design-intent.json` for UI scope.
-3. Write formal project docs in English by default unless the user explicitly asks for another documentation language.
-4. Stop after documentation when the user only asked for docs. Do not write application, firmware, or UI code until the user explicitly asks for implementation or approves the implementation plan.
+1. Load `architecture.md`, `api-docs.md`, and only additional rules required by scope.
+2. Create or refine required docs first: `docs/project-brief.md`, `docs/architecture-decision-record.md`, `docs/flow-overview.md`, `docs/api-contract.md` for APIs/firmware/CLI/web flows, `docs/database-schema.md` for persistent data, and `docs/DESIGN.md` plus `docs/design-intent.json` for UI scope.
+3. Write formal project docs in English by default unless the user asks otherwise.
+4. Stop after documentation when the user only asked for docs. Do not write application, firmware, or UI code until the user asks or approves implementation.
 
 ### 2. New Project Planning
 
-**Trigger**: User says "create", "build", "new project", or "scaffold"
-
-**Workflow**:
+Trigger: create, build, new project, scaffold.
 
-1. Resolve the relevant rules from `.agent-context/rules/` for the requested scope.
-2. Read `.agent-context/prompts/init-project.md` for the full init workflow.
-3. Infer runtime constraints, required docs, and structural boundaries from requirements, docs, repository evidence, and live research.
-4. Produce scope, required docs, implementation boundaries, and a runtime/architecture recommendation when those decisions are unresolved.
-5. **WAIT for user approval** before generating code.
+1. Resolve relevant rules.
+2. Read `init-project.md`.
+3. Infer constraints, required docs, and boundaries from requirements, repo evidence, docs, and live research.
+4. Recommend runtime/architecture when unresolved.
+5. WAIT for user approval before generating code.
 
-### 3. Refactor Mode (EXISTING CODE)
+### 3. Refactor Mode
 
-**Trigger**: User says "refactor", "improve", "fix", or "clean up"
+Trigger: refactor, improve, fix, clean up.
 
-**Workflow**:
-
-1. Resolve the relevant rules from `.agent-context/rules/` for the touched scope.
-2. Read `.agent-context/prompts/refactor.md` for the safety-first workflow.
-3. Apply the relevant execution contract from prompts and checklists.
-4. Propose plan before executing changes.
-5. **WAIT for approval**.
+1. Resolve relevant rules.
+2. Read `refactor.md`.
+3. Apply active prompt/checklist contracts.
+4. Propose a plan before edits.
+5. WAIT for approval.
 
 ### 4. Code Review Mode
 
-**Trigger**: User says "review", "audit", "check", or "analyze"
-
-**Workflow**:
+Trigger: review, audit, check, analyze.
 
-1. Load `.agent-context/review-checklists/pr-checklist.md`.
-2. Load `.agent-context/review-checklists/architecture-review.md`.
-3. Execute review against the active rules and contracts.
-4. Generate a structured report.
+Load `pr-checklist.md` and `architecture-review.md`, then report defects, risks, regressions, and missing tests first.
 
 ### 5. UI Design Mode
 
-**Trigger**: User says "ui", "ux", "layout", "screen", "tailwind", "frontend", or "redesign"
+Trigger: ui, ux, layout, screen, tailwind, frontend, redesign.
 
-**Workflow**:
+1. Read `bootstrap-design.md` and `frontend-architecture.md`.
+2. Read UI-relevant repo evidence from state, current UI code, and `docs/*`.
+3. Include a one-line Motion/Palette Decision before UI code; product categories are heuristics, not style presets.
+4. Before UI code, record one real-world anchor, one signature motion behavior, and one typographic role contrast.
+5. Ensure `docs/design-intent.json` includes `conceptualAnchor.anchorReference`, top-level `derivedTokenLogic`, `libraryResearchStatus`, `libraryDecisions[]`, and motion/palette decisions.
+6. Generate or refine `docs/DESIGN.md` plus `docs/design-intent.json` before UI implementation.
+7. Keep context isolated; do not eagerly load unrelated backend-only rules.
 
-1. Read `.agent-context/prompts/bootstrap-design.md`.
-2. Read `.agent-context/rules/frontend-architecture.md`.
-3. Read UI-relevant repository evidence from `.agent-context/state/onboarding-report.json`, current UI code, and `docs/*`.
-4. Add a short Motion/Palette Decision before UI implementation; product categories are heuristics, not style presets.
-5. Before UI implementation, record a concrete creative commitment in the design contract: one specific real-world anchor reference, one signature motion behavior, and one typographic decision with meaningful role contrast.
-6. Ensure `docs/design-intent.json` includes `conceptualAnchor.anchorReference`, top-level `derivedTokenLogic`, `libraryResearchStatus`, `libraryDecisions[]`, and motion/palette decisions before UI code.
-7. Generate or refine `docs/DESIGN.md` plus `docs/design-intent.json` before UI implementation.
-8. Keep context isolated and do not eagerly load unrelated backend-only rules unless the task explicitly touches those boundaries.
+## Reasoning Chain
 
----
-
-## The Reasoning Chain (MANDATORY)
-
-Every time you reject an approach or enforce a rule:
+When rejecting an approach or enforcing a rule, use:
 
 ```text
 REASONING CHAIN
-Problem: [why the current approach is dangerous or unprofessional]
-Required Action: [the production-grade boundary to apply]
-Why Required: [why the boundary protects the project]
+Problem: [risk]
+Required Action: [boundary]
+Why Required: [project protection]
 ```
 
----
-
 ## Definition of Done
 
-**Never claim "done"** without:
-
-1. All relevant rules from `.agent-context/rules/` applied.
-2. Code reviewed against `.agent-context/review-checklists/pr-checklist.md` and `.agent-context/review-checklists/architecture-review.md`.
-3. Universal SOP hard gates satisfied (`docs/architecture-decision-record.md`, and `docs/DESIGN.md` plus `docs/design-intent.json` for UI scope).
-4. If `.agent-context/state/active-memory.json` exists and material project progress happened, refresh it directly before the final response: update current focus, durable achievements/issues/next actions/validation state, and `lastUpdatedAt` while preserving privacy rules and existing user-owned entries.
-5. MCP validation passed (`npm run validate`).
-
----
+Never claim done without:
+1. Relevant rules applied.
+2. PR and architecture checklists considered.
+3. Universal SOP gates satisfied: `docs/architecture-decision-record.md`, plus `docs/DESIGN.md` and `docs/design-intent.json` for UI scope.
+4. If `.agent-context/state/active-memory.json` exists and material project progress happened, refresh it while preserving privacy rules and user-owned entries.
+5. MCP validation passed through `npm run validate`.
 
 ## Knowledge Inventory Checklist
 
-Verify that all nine layers are reachable:
-
-- Layer 1: Rules
-- Layer 2: Runtime Decision Signals
-- Layer 3: Structural Planning Signals
-- Layer 4: Execution Contracts
-- Layer 5: Prompts
-- Layer 6: Governance Modes
-- Layer 7: State
-- Layer 8: Policies
-- Layer 9: Project Context
-
-If a required layer is unreachable, report it instead of pretending the context exists.
-
----
-
-## How Injection Works
-
-1. A thin adapter or IDE entrypoint resolves to this file as the canonical baseline.
-2. If `.agent-instructions.md` exists, read it next as the compiled project-specific snapshot.
-3. Use the layer index to determine what is available.
-4. Load only the domain-specific layers required by the request.
-5. Apply the active contracts and checks before shipping.
-
-**Result**: full context availability without forcing eager loading or irrelevant governance noise.
-
----
+Verify reachability when relevant: Layer 1 Rules, Layer 2 Runtime Decision Signals, Layer 3 Structural Planning Signals, Layer 4 Execution Contracts, Layer 5 Prompts, Layer 6 Governance Modes, Layer 7 State, Layer 8 Policies, Layer 9 Project Context.
 
 ## Operating Gates
 
-- **Before code**: Resolve only the active rule files plus the active execution contract.
-- **Before PR**: Run `.agent-context/review-checklists/pr-checklist.md`.
-- **Before deploy**: Check `.agent-context/policies/llm-judge-threshold.json`.
-- **Before major refactor**: Read `.agent-context/state/architecture-map.md`.
-- **Before UI implementation**: confirm the valid style context, the explicit design contract, and the required docs.
-
----
+- Before code: resolve active rules and contract.
+- Before PR: run review checklists.
+- Before deploy: check policy thresholds.
+- Before major refactor: read `architecture-map.md`.
+- Before UI implementation: confirm valid style context, design contract, and required docs.
 
-**Start here. If `.agent-instructions.md` exists, read it next. Otherwise continue directly into the relevant layers.**
+Start here. If `.agent-instructions.md` exists, read it next. Otherwise continue into the relevant layers.

package/.windsurf/rules/agentic-senior-core.md

@@ -0,0 +1,43 @@
+# Windsurf Rule - Thin Adapter
+
+Adapter Mode: thin
+Adapter Source: .instructions.md
+Canonical Snapshot SHA256: 75652106d1fc453e9407eb9301e7f38de2e0159190dc47fb0b6e377859d91a46
+
+This repository is governed by a strict instruction contract.
+Use [.instructions.md](../../.instructions.md) as the canonical policy source.
+Use .agent-context/ for technical rules, prompts, checklists, policies, and state.
+Treat README.md as overview/install/user context only when governance files conflict.
+
+## Critical Bootstrap Floor
+
+- If your host stops at this file, continue the chain manually before coding.
+- Read `.agent-instructions.md` next when it exists.
+- Memory continuity does not replace bootstrap loading.
+- For UI, UX, layout, screen, tailwind, frontend, or redesign requests, load [bootstrap-design.md](../../.agent-context/prompts/bootstrap-design.md) and [frontend-architecture.md](../../.agent-context/rules/frontend-architecture.md) before code edits.
+- For UI scope, include a one-line Motion/Palette Decision in the Bootstrap Receipt; product categories are heuristics, not style presets.
+- For UI scope, create or refine `docs/DESIGN.md` and `docs/design-intent.json` before UI implementation.
+- For documentation-first requests, create or refine required project docs in English by default and do not write application, firmware, or UI code until the user asks or approves.
+- For backend, API, data, auth, error, event, queue, worker, or distributed-system requests, load only relevant global rules from .agent-context/rules/ ([link](../../.agent-context/rules)).
+- For ecosystem, framework, dependency, or Docker claims, perform live web research.
+- Resolve runtime choices from project evidence and live official documentation; resolve structural planning from constraints and architecture boundaries.
+
+## Mandatory Bootstrap Chain
+
+1. Load [.instructions.md](../../.instructions.md).
+2. Load `.agent-instructions.md` when present.
+3. Load only relevant files from .agent-context/rules/ ([link](../../.agent-context/rules)).
+4. Apply matching prompts from .agent-context/prompts/ ([link](../../.agent-context/prompts)).
+5. Enforce .agent-context/review-checklists/ ([link](../../.agent-context/review-checklists/pr-checklist.md)).
+6. Use .agent-context/state/ ([link](../../.agent-context/state)) and .agent-context/policies/ ([link](../../.agent-context/policies)) only when relevant.
+7. Use project docs and live evidence for runtime, dependency, and architecture claims.
+
+## Bootstrap Receipt
+
+For non-trivial coding, review, planning, or governance work, produce a short Bootstrap Receipt before implementation output: `loaded_files`, `selected_rules`, `skipped_rules`, `unreachable_files`, and `validation_plan`.
+
+## Completion Gate
+
+Run [pr-checklist.md](../../.agent-context/review-checklists/pr-checklist.md) before declaring work complete.
+
+If this adapter drifts from canonical behavior, refresh from [.instructions.md](../../.instructions.md) and update the hash metadata.

package/.windsurfrules

@@ -1,92 +1,26 @@
-# AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
+# .windsurfrules - Legacy Thin Adapter
 
-Generated by Agentic-Senior-Core CLI v3.0.36
-Timestamp: 2026-04-26T23:31:29.580Z
-Selected policy file: .agent-context/policies/llm-judge-threshold.json
-
-## GOVERNANCE PRECEDENCE
-1. Follow this compiled rulebook as the primary source.
-2. Resolve exceptions from .agent-override.md only when explicitly defined.
-3. Use architecture-map.md and dependency-map.md as change safety boundaries.
-4. Enforce pr-checklist.md before declaring completion.
-
-## OVERRIDE PROTOCOL
-- Default: strict compliance with this file.
-- Exception path: .agent-override.md may explicitly allow narrow deviations.
-- Scope policy: every override must include module scope, rationale, and expiry date.
+Generated by Agentic-Senior-Core CLI v3.0.38
+Adapter Mode: legacy-thin
+Adapter Source: .agent-instructions.md when present; fallback .instructions.md
+Canonical baseline: .instructions.md
 
-## BOOTSTRAP CHAIN (MANDATORY)
-Resolve the smallest relevant layer set before responding. Do not eagerly load unrelated layers:
-1. .agent-context/rules/
-2. Resolve runtime and architecture signals from project context, repo evidence, and live research.
-3. .agent-context/prompts/
-4. Dynamic runtime and architecture decision signals (from project context + research evidence)
-5. .agent-context/state/
-6. .agent-context/policies/llm-judge-threshold.json
-7. docs/ project context (or bootstrap prompts when docs are not materialized)
+This file is kept only for older Windsurf discovery.
+Read .agent-instructions.md for the compiled rulebook when present.
+Use .instructions.md as the canonical policy source.
 
-Project-specific compiled snapshot: .agent-instructions.md
-Compiled adapter entrypoints: .cursorrules, .windsurfrules, .clauderc, .gemini/instructions.md, .github/copilot-instructions.md
-Canonical baseline: .instructions.md
-## LAYER 1: RULES (SCOPE-RESOLVED)
-Available rule files under .agent-context/rules/:
-1. .agent-context/rules/api-docs.md
-2. .agent-context/rules/architecture.md
-3. .agent-context/rules/database-design.md
-4. .agent-context/rules/docker-runtime.md
-5. .agent-context/rules/efficiency-vs-hype.md
-6. .agent-context/rules/error-handling.md
-7. .agent-context/rules/event-driven.md
-8. .agent-context/rules/frontend-architecture.md
-9. .agent-context/rules/git-workflow.md
-10. .agent-context/rules/microservices.md
-11. .agent-context/rules/naming-conv.md
-12. .agent-context/rules/performance.md
-13. .agent-context/rules/realtime.md
-14. .agent-context/rules/security.md
-15. .agent-context/rules/testing.md
+Mandatory load floor:
+1. Read .agent-instructions.md when present; otherwise read .instructions.md.
+2. Load only relevant .agent-context/rules/ by task scope.
+3. Apply matching .agent-context/prompts/ contracts.
+4. Enforce .agent-context/review-checklists/ before completion.
+5. Use .agent-context/state/ and .agent-context/policies/ only when relevant.
+6. Resolve Runtime Decision Signals from repo evidence and live official docs.
+7. Resolve Structural Planning Signals from constraints and architecture boundaries.
 
-Resolution policy: load only the rule files relevant to the current task and prioritize data safety and API contract integrity first, then writing polish.
-## LAYER 2: RUNTIME DECISION REQUIRED
-No runtime stack was selected by the user.
-For a fresh project, the first implementation step is to ask the AI agent to recommend a runtime/framework from the brief, constraints, and live official documentation.
-For an existing project, inspect repo markers and current files directly before editing. Detection evidence is not a migration instruction.
-Do not silently choose a stack from offline defaults.
-## LAYER 2 POLICY: LAZY RULE LOADING
-Primary runtime constraint: unresolved until agent recommendation is approved
-No stack-specific governance adapter is loaded by default.
-Load global domain rules only when task scope touches that domain.
-Avoid eager loading unrelated runtime or domain guidance to prevent instruction conflicts.
-## LAYER 5: EXECUTION PROMPTS AND UI TRIGGERS
-Load these prompt contracts only when their trigger matches the user request:
-0. Documentation-first mode -> docs, documentation, dokumen, docs/*, architecture docs, flow docs, API docs, lengkapkan docs
-1. .agent-context/prompts/init-project.md -> create, build, new project, scaffold
-2. .agent-context/prompts/refactor.md -> refactor, improve, clean up, fix
-3. .agent-context/prompts/review-code.md -> review, audit, check, analyze
-4. .agent-context/prompts/bootstrap-design.md -> ui, ux, layout, screen, tailwind, frontend, redesign
-Documentation-first policy:
-- Create or refine required project docs before implementation: docs/project-brief.md, docs/architecture-decision-record.md, docs/flow-overview.md, docs/api-contract.md when APIs, firmware endpoints, CLI commands, or web application flows exist, docs/database-schema.md when persistent data exists, and docs/DESIGN.md plus docs/design-intent.json for UI scope.
-- Write formal project docs in English by default unless the user explicitly asks for another documentation language.
-- For docs-only/docs-first requests, do not write application, firmware, or UI code until the user asks or approves an implementation plan.
-UI trigger policy:
-- Load .agent-context/prompts/bootstrap-design.md and .agent-context/rules/frontend-architecture.md first.
-- Keep UI-only requests context-isolated and do not eagerly load backend-only rules such as database-design.md, docker-runtime.md, microservices.md, git-workflow.md, or general implementation-theory rules unless the task explicitly crosses those boundaries.
-- For UI scope, materialize docs/DESIGN.md and docs/design-intent.json before implementing UI surfaces.
-## LAYER 3: ARCHITECTURE DECISION REQUIRED
-No architecture blueprint was selected by the user.
-The AI agent must propose the architecture from the product brief, repo evidence, required docs, and live research before implementation.
-Do not map detected runtime markers into a blueprint automatically.
-## LAYER 3B: CI/CD GUARDRAILS
-Load these CI blueprints when pipeline or release logic is touched:
-1. ci-github-actions.md (dynamic CI policy signal)
-2. ci-gitlab.md (dynamic CI policy signal)
-## LAYER 7: STATE AWARENESS (MANDATORY)
-Load these files before touching critical paths:
-1. .agent-context/state/architecture-map.md
-2. .agent-context/state/dependency-map.md
-Use these maps to prevent unsafe cross-module changes.
-## REVIEW CHECKLISTS (MANDATORY)
-1. .agent-context/review-checklists/pr-checklist.md
-2. .agent-context/review-checklists/architecture-review.md
-Security and performance checks are consolidated inside these two checklist files.
-Do not claim done before checklist pass.
+Current bridges:
+- Cursor: .cursor/rules/agentic-senior-core.mdc
+- Windsurf: .windsurf/rules/agentic-senior-core.md
+- Claude: CLAUDE.md
+- Gemini: GEMINI.md and .gemini/instructions.md
+- Copilot: .github/copilot-instructions.md and .github/instructions/agentic-senior-core.instructions.md