@trieungoctam/vibekit 1.0.0

package/skills/core/cook/references/intent-detection.md

@@ -0,0 +1,101 @@
+# Intent Detection Logic
+
+Detect user intent from natural language and route to appropriate workflow.
+
+## Detection Algorithm
+
+```
+FUNCTION detectMode(input):
+  # Priority 1: Explicit flags (override all)
+  IF input contains "--fast": RETURN "fast"
+  IF input contains "--parallel": RETURN "parallel"
+  IF input contains "--auto": RETURN "auto"
+  IF input contains "--no-test": RETURN "no-test"
+
+  # Priority 2: Plan path detection
+  IF input matches path pattern (./plans/*, plan.md, phase-*.md):
+    RETURN "code"
+
+  # Priority 3: Keyword detection (case-insensitive)
+  keywords = lowercase(input)
+
+  IF keywords contains ["fast", "quick", "rapidly", "asap"]:
+    RETURN "fast"
+
+  IF keywords contains ["trust me", "auto", "yolo", "just do it"]:
+    RETURN "auto"
+
+  IF keywords contains ["no test", "skip test", "without test"]:
+    RETURN "no-test"
+
+  # Priority 4: Complexity detection
+  features = extractFeatures(input)  # comma-separated or "and"-joined items
+  IF count(features) >= 3 OR keywords contains "parallel":
+    RETURN "parallel"
+
+  # Default: interactive workflow
+  RETURN "interactive"
+```
+
+## Feature Extraction
+
+Detect multiple features from natural language:
+
+```
+"implement auth, payments, and notifications" → ["auth", "payments", "notifications"]
+"add login + signup + password reset"        → ["login", "signup", "password reset"]
+"create dashboard with charts and tables"    → single feature (dashboard)
+```
+
+**Parallel trigger:** 3+ distinct features = parallel mode
+
+## Mode Behaviors
+
+| Mode | Skip Research | Skip Test | Review Gates | Auto-Approve | Parallel Exec |
+|------|---------------|-----------|--------------|--------------|---------------|
+| interactive | ✗ | ✗ | **Yes (stops)** | ✗ | ✗ |
+| auto | ✗ | ✗ | **No (skips)** | ✓ (score≥9.5) | ✓ (all phases) |
+| fast | ✓ | ✗ | Yes (stops) | ✗ | ✗ |
+| parallel | Optional | ✗ | Yes (stops) | ✗ | ✓ |
+| no-test | ✗ | ✓ | Yes (stops) | ✗ | ✗ |
+| code | ✓ | ✗ | Yes (stops) | Per plan | Per plan |
+
+**Review Gates:** Human approval checkpoints between major steps (see `workflow-steps.md`).
+- All modes EXCEPT `auto` stop at review gates for human approval.
+- `auto` mode is the only mode that runs continuously without stopping.
+
+## Examples
+
+```
+"/cook implement user auth"
+→ Mode: interactive (default, stops at review gates)
+
+"/cook plans/260120-auth/phase-02-api.md"
+→ Mode: code (path detected, stops at review gates)
+
+"/cook quick fix for the login bug"
+→ Mode: fast ("quick" keyword, stops at review gates)
+
+"/cook implement auth, payments, notifications, shipping"
+→ Mode: parallel (4 features, stops at review gates)
+
+"/cook implement dashboard --fast"
+→ Mode: fast (explicit flag, stops at review gates)
+
+"/cook implement everything --auto"
+→ Mode: auto (NO STOPS, implements all phases continuously)
+
+"/cook implement dashboard trust me"
+→ Mode: auto ("trust me" keyword, NO STOPS)
+```
+
+**Note:** Only `--auto` flag or "trust me"/"auto"/"yolo" keywords enable continuous execution.
+
+## Conflict Resolution
+
+When multiple signals detected, priority order:
+1. Explicit flags (`--fast`, `--auto`, etc.)
+2. Path detection (plan files)
+3. Keywords in text
+4. Feature count analysis
+5. Default (interactive)

package/skills/core/cook/references/review-cycle.md

@@ -0,0 +1,75 @@
+# Code Review Cycle
+
+Interactive review-fix cycle used in code workflows.
+
+## Interactive Cycle (max 3 cycles)
+
+```
+cycle = 0
+LOOP:
+  1. Run code-reviewer → score, critical_count, warnings, suggestions
+
+  2. DISPLAY FINDINGS:
+     ┌─────────────────────────────────────────┐
+     │ Code Review Results: [score]/10         │
+     ├─────────────────────────────────────────┤
+     │ Summary: [what implemented], tests      │
+     │ [X/X passed]                            │
+     ├─────────────────────────────────────────┤
+     │ Critical Issues ([N]): MUST FIX         │
+     │  - [issue] at [file:line]               │
+     │ Warnings ([N]): SHOULD FIX              │
+     │  - [issue] at [file:line]               │
+     │ Suggestions ([N]): NICE TO HAVE         │
+     │  - [suggestion]                         │
+     └─────────────────────────────────────────┘
+
+  3. AskUserQuestion (header: "Review & Approve"):
+     IF critical_count > 0:
+       - "Fix critical issues" → fix, re-run tester, cycle++, LOOP
+       - "Fix all issues" → fix all, re-run tester, cycle++, LOOP
+       - "Approve anyway" → PROCEED
+       - "Abort" → stop
+     ELSE:
+       - "Approve" → PROCEED
+       - "Fix warnings/suggestions" → fix, cycle++, LOOP
+       - "Abort" → stop
+
+  4. IF cycle >= 3 AND user selects fix:
+     → "⚠ 3 review cycles completed. Final decision required."
+     → AskUserQuestion: "Approve with noted issues" / "Abort workflow"
+```
+
+## Auto-Handling Cycle (for auto modes)
+
+```
+cycle = 0
+LOOP:
+  1. Run code-reviewer → score, critical_count, warnings
+
+  2. IF score >= 9.5 AND critical_count == 0:
+     → Auto-approve, PROCEED
+
+  3. ELSE IF critical_count > 0 AND cycle < 3:
+     → Auto-fix critical issues
+     → Re-run tester
+     → cycle++, LOOP
+
+  4. ELSE IF critical_count > 0 AND cycle >= 3:
+     → ESCALATE TO USER
+
+  5. ELSE (no critical, score < 9.5):
+     → Approve with warnings logged, PROCEED
+```
+
+## Critical Issues Definition
+- Security: XSS, SQL injection, OWASP vulnerabilities
+- Performance: bottlenecks, inefficient algorithms
+- Architecture: violations of patterns, coupling
+- Principles: YAGNI, KISS, DRY violations
+
+## Output Formats
+- Waiting: `⏸ Step 4: Code reviewed - [score]/10 - WAITING for approval`
+- After fix: `✓ Step 4: [old]/10 → Fixed [N] issues → [new]/10 - Approved`
+- Auto-approved: `✓ Step 4: Code reviewed - 9.8/10 - Auto-approved`
+- Approved: `✓ Step 4: Code reviewed - [score]/10 - User approved`

package/skills/core/cook/references/subagent-patterns.md

@@ -0,0 +1,75 @@
+# Subagent Patterns
+
+Standard patterns for spawning and using subagents in cook workflows.
+
+## Task Tool Pattern
+```
+Task(subagent_type="[type]", prompt="[task description]", description="[brief]")
+```
+
+## Research Phase
+```
+Task(subagent_type="researcher", prompt="Research [topic]. Report ≤150 lines.", description="Research [topic]")
+```
+- Use multiple researchers in parallel for different topics
+- Keep reports ≤150 lines with citations
+
+## Scout Phase
+```
+Task(subagent_type="scout", prompt="Find files related to [feature] in codebase", description="Scout [feature]")
+```
+- Use `/ck:scout ext` (preferred) or `/ck:scout` (fallback)
+
+## Planning Phase
+```
+Task(subagent_type="planner", prompt="Create implementation plan based on reports: [reports]. Save to [path]", description="Plan [feature]")
+```
+- Input: researcher and scout reports
+- Output: `plan.md` + `phase-XX-*.md` files
+
+## UI Implementation
+```
+Task(subagent_type="ui-ux-designer", prompt="Implement [feature] UI per ./docs/design-guidelines.md", description="UI [feature]")
+```
+- For frontend work
+- Follow design guidelines
+
+## Testing
+```
+Task(subagent_type="tester", prompt="Run test suite for plan phase [phase-name]", description="Test [phase]")
+```
+- Must achieve 100% pass rate
+
+## Debugging
+```
+Task(subagent_type="debugger", prompt="Analyze failures: [details]", description="Debug [issue]")
+```
+- Use when tests fail
+- Provides root cause analysis
+
+## Code Review
+```
+Task(subagent_type="code-reviewer", prompt="Review changes for [phase]. Check security, performance, YAGNI/KISS/DRY. Return score (X/10), critical, warnings, suggestions.", description="Review [phase]")
+```
+
+## Project Management
+```
+Task(subagent_type="project-manager", prompt="Run full sync-back in [plan-path]: reconcile completed tasks with all phase files, backfill stale completed checkboxes across all phases, update plan.md status/progress, and report unresolved mappings.", description="Update plan")
+```
+
+## Documentation
+```
+Task(subagent_type="docs-manager", prompt="Update docs for [phase]. Changed files: [list]", description="Update docs")
+```
+
+## Git Operations
+```
+Task(subagent_type="git-manager", prompt="Stage and commit changes with conventional commit message", description="Commit changes")
+```
+
+## Parallel Execution
+```
+Task(subagent_type="fullstack-developer", prompt="Implement [phase-file] with file ownership: [files]", description="Implement phase [N]")
+```
+- Launch multiple for parallel phases
+- Include file ownership boundaries

package/skills/core/cook/references/workflow-steps.md

@@ -0,0 +1,172 @@
+# Unified Workflow Steps
+
+All modes share core steps with mode-specific variations.
+
+## Step 0: Intent Detection & Setup
+
+1. Parse input with `intent-detection.md` rules
+2. Log detected mode: `✓ Step 0: Mode [X] - [reason]`
+3. If mode=code: detect plan path, set active plan
+4. Use `TaskCreate` to create workflow step tasks (with dependencies if complex)
+
+**Output:** `✓ Step 0: Mode [interactive|auto|fast|parallel|no-test|code] - [detection reason]`
+
+## Step 1: Research (skip if fast/code mode)
+
+**Interactive/Auto:**
+- Spawn multiple `researcher` agents in parallel
+- Use `/ck:scout ext` or `scout` agent for codebase search
+- Keep reports ≤150 lines
+
+**Parallel:**
+- Optional: max 2 researchers if complex
+
+**Output:** `✓ Step 1: Research complete - [N] reports gathered`
+
+### [Review Gate 1] Post-Research (skip if auto mode)
+- Present research summary to user
+- Use `AskUserQuestion` to ask: "Proceed to planning?" / "Request more research" / "Abort"
+- **Auto mode:** Skip this gate
+
+## Step 2: Planning
+
+**Interactive/Auto/No-test:**
+- Use `planner` agent with research context
+- Create `plan.md` + `phase-XX-*.md` files
+
+**Fast:**
+- Use `/ck:plan --fast` with scout results only
+- Minimal planning, focus on action
+
+**Parallel:**
+- Use `/ck:plan --parallel` for dependency graph + file ownership matrix
+
+**Code:**
+- Skip - plan already exists
+- Parse existing plan for phases
+
+**Output:** `✓ Step 2: Plan created - [N] phases`
+
+### [Review Gate 2] Post-Plan (skip if auto mode)
+- Present plan overview with phases
+- Use `AskUserQuestion` to ask: "Validate the plan or approve plan to start implementation?" - "Validate" / "Approve" / "Abort" / "Other" ("Request revisions")
+  - "Validate": run `/ck:plan validate` slash command
+  - "Approve": continue to implementation
+  - "Abort": stop the workflow
+  - "Other": revise the plan based on user's feedback
+- **Auto mode:** Skip this gate
+
+## Step 3: Implementation
+
+**IMPORTANT:**
+1. `TaskList` first — check for existing tasks (hydrated by planning skill in same session)
+2. If tasks exist → pick them up, skip re-creation
+3. If no tasks → read plan phases, `TaskCreate` for each unchecked `[ ]` item with priority order and metadata (`phase`, `planDir`, `phaseFile`)
+4. Tasks can be blocked by other tasks via `addBlockedBy`
+
+**All modes:**
+- Use `TaskUpdate` to mark tasks as `in_progress` immediately.
+- Execute phase tasks sequentially (Step 3.1, 3.2, etc.)
+- Use `ui-ux-designer` for frontend
+- Use `ck:ai-multimodal` for image assets
+- Run type checking after each file
+
+**Parallel mode:**
+- Utilize all tools of Claude Tasks: `TaskCreate`, `TaskUpdate`, `TaskGet` and `TaskList`
+- Launch multiple `fullstack-developer` agents
+- When agents pick up a task, use `TaskUpdate` to assign task to agent and mark tasks as `in_progress` immediately.
+- Respect file ownership boundaries
+- Wait for parallel group before next
+
+**Output:** `✓ Step 3: Implemented [N] files - [X/Y] tasks complete`
+
+### [Review Gate 3] Post-Implementation (skip if auto mode)
+- Present implementation summary (files changed, key changes)
+- Use `AskUserQuestion` to ask: "Proceed to testing?" / "Request implementation changes" / "Abort"
+- **Auto mode:** Skip this gate
+
+## Step 4: Testing (skip if no-test mode)
+
+**All modes (except no-test):**
+- Write tests: happy path, edge cases, errors
+- **MUST** spawn `tester` subagent: `Task(subagent_type="tester", prompt="Run test suite", description="Run tests")`
+- If failures: **MUST** spawn `debugger` subagent → fix → repeat
+- **Forbidden:** fake mocks, commented tests, changed assertions, skipping subagent delegation
+
+**Output:** `✓ Step 4: Tests [X/X passed] - tester subagent invoked`
+
+### [Review Gate 4] Post-Testing (skip if auto mode)
+- Present test results summary
+- Use `AskUserQuestion` to ask: "Proceed to code review?" / "Request test fixes" / "Abort"
+- **Auto mode:** Skip this gate
+
+## Step 5: Code Review
+
+**All modes - MANDATORY subagent:**
+- **MUST** spawn `code-reviewer` subagent: `Task(subagent_type="code-reviewer", prompt="Review changes. Return score, critical issues, warnings.", description="Code review")`
+- **DO NOT** review code yourself - delegate to subagent
+
+**Interactive/Parallel/Code/No-test:**
+- Interactive cycle (max 3): see `review-cycle.md`
+- Requires user approval
+
+**Auto:**
+- Auto-approve if score≥9.5 AND 0 critical
+- Auto-fix critical (max 3 cycles)
+- Escalate to user after 3 failed cycles
+
+**Fast:**
+- Simplified review, no fix loop
+- User approves or aborts
+
+**Output:** `✓ Step 5: Review [score]/10 - [Approved|Auto-approved] - code-reviewer subagent invoked`
+
+## Step 6: Finalize
+
+**All modes - MANDATORY subagents (NON-NEGOTIABLE):**
+1. **MUST** spawn these subagents in parallel:
+   - `Task(subagent_type="project-manager", prompt="Run full sync-back for [plan-path]: reconcile all completed Claude Tasks with all phase files, backfill stale completed checkboxes across every phase, then update plan.md frontmatter/table progress. Do NOT only mark current phase.", description="Update plan")`
+   - `Task(subagent_type="docs-manager", prompt="Update docs for changes.", description="Update docs")`
+2. Project-manager sync-back MUST include:
+   - Sweep all `phase-XX-*.md` files in the plan directory.
+   - Mark every completed item `[ ] → [x]` based on completed tasks (including earlier phases finished before current phase).
+   - Update `plan.md` status/progress (`pending`/`in-progress`/`completed`) from actual checkbox state.
+   - Return unresolved mappings if any completed task cannot be matched to a phase file.
+3. Use `TaskUpdate` to mark Claude Tasks complete after sync-back confirmation.
+4. Onboarding check (API keys, env vars)
+5. **MUST** spawn git subagent: `Task(subagent_type="git-manager", prompt="Stage and commit changes", description="Commit")`
+
+**CRITICAL:** Step 6 is INCOMPLETE without spawning all 3 subagents. DO NOT skip subagent delegation.
+
+**Auto mode:** Continue to next phase automatically, start from **Step 3**.
+**Others:** Ask user before next phase
+
+**Output:** `✓ Step 6: Finalized - 3 subagents invoked - Full-plan sync-back completed - Committed`
+
+## Mode-Specific Flow Summary
+
+Legend: `[R]` = Review Gate (human approval required)
+
+```
+interactive: 0 → 1 → [R] → 2 → [R] → 3 → [R] → 4 → [R] → 5(user) → 6
+auto:        0 → 1 → 2 → 3 → 4 → 5(auto) → 6 → next phase (NO stops)
+fast:        0 → skip → 2(fast) → [R] → 3 → [R] → 4 → [R] → 5(simple) → 6
+parallel:    0 → 1? → [R] → 2(parallel) → [R] → 3(multi-agent) → [R] → 4 → [R] → 5(user) → 6
+no-test:     0 → 1 → [R] → 2 → [R] → 3 → [R] → skip → 5(user) → 6
+code:        0 → skip → skip → 3 → [R] → 4 → [R] → 5(user) → 6
+```
+
+**Key difference:** `auto` mode is the ONLY mode that skips all review gates.
+
+## Critical Rules
+
+- Never skip steps without mode justification
+- **MANDATORY SUBAGENT DELEGATION:** Steps 4, 5, 6 MUST spawn subagents via Task tool. DO NOT implement directly.
+  - Step 4: `tester` (and `debugger` if failures)
+  - Step 5: `code-reviewer`
+  - Step 6: `project-manager`, `docs-manager`, `git-manager`
+- Use `TaskCreate` to create Claude Tasks for each unchecked item with priority order and dependencies.
+- Use `TaskUpdate` to mark Claude Tasks `in_progress` when picking up a task.
+- Use `TaskUpdate` to mark Claude Tasks `complete` immediately after finalizing the task.
+- All step outputs follow format: `✓ Step [N]: [status] - [metrics]`
+- **VALIDATION:** If Task tool calls = 0 at end of workflow, the workflow is INCOMPLETE.

package/skills/core/debug/SKILL.md

@@ -0,0 +1,121 @@
+---
+name: debug
+description: "Debug systematically with root cause analysis before fixes. Use for bugs, test failures, unexpected behavior, performance issues, call stack tracing, multi-layer validation, log analysis, CI/CD failures, database diagnostics, system investigation."
+version: 4.0.0
+languages: all
+argument-hint: "[error or issue description]"
+---
+
+# Debugging & System Investigation
+
+Comprehensive framework combining systematic debugging, root cause tracing, defense-in-depth validation, verification protocols, and system-level investigation (logs, CI/CD, databases, performance).
+
+## Core Principle
+
+**NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST**
+
+Random fixes waste time and create new bugs. Find root cause, fix at source, validate at every layer, verify before claiming success.
+
+## When to Use
+
+**Code-level:** Test failures, bugs, unexpected behavior, build failures, integration problems
+**System-level:** Server errors, CI/CD pipeline failures, performance degradation, database issues, log analysis
+**Always:** Before claiming work complete
+
+## Techniques
+
+### 1. Systematic Debugging (`references/systematic-debugging.md`)
+
+Four-phase framework: Root Cause Investigation → Pattern Analysis → Hypothesis Testing → Implementation. Complete each phase before proceeding. No fixes without Phase 1.
+
+**Load when:** Any bug/issue requiring investigation and fix
+
+### 2. Root Cause Tracing (`references/root-cause-tracing.md`)
+
+Trace bugs backward through call stack to find original trigger. Fix at source, not symptom. Includes `scripts/find-polluter.sh` for bisecting test pollution.
+
+**Load when:** Error deep in call stack, unclear where invalid data originated
+
+### 3. Defense-in-Depth (`references/defense-in-depth.md`)
+
+Validate at every layer: Entry validation → Business logic → Environment guards → Debug instrumentation
+
+**Load when:** After finding root cause, need comprehensive validation
+
+### 4. Verification (`references/verification.md`)
+
+**Iron law:** NO COMPLETION CLAIMS WITHOUT FRESH VERIFICATION EVIDENCE. Run command. Read output. Then claim result.
+
+**Load when:** About to claim work complete, fixed, or passing
+
+### 5. Investigation Methodology (`references/investigation-methodology.md`)
+
+Five-step structured investigation for system-level issues: Initial Assessment → Data Collection → Analysis → Root Cause ID → Solution Development
+
+**Load when:** Server incidents, system behavior analysis, multi-component failures
+
+### 6. Log & CI/CD Analysis (`references/log-and-ci-analysis.md`)
+
+Collect and analyze logs from servers, CI/CD pipelines (GitHub Actions), application layers. Tools: `gh` CLI, structured log queries, correlation across sources.
+
+**Load when:** CI/CD pipeline failures, server errors, deployment issues
+
+### 7. Performance Diagnostics (`references/performance-diagnostics.md`)
+
+Identify bottlenecks, analyze query performance, develop optimization strategies. Covers database queries, API response times, resource utilization.
+
+**Load when:** Performance degradation, slow queries, high latency, resource exhaustion
+
+### 8. Reporting Standards (`references/reporting-standards.md`)
+
+Structured diagnostic reports: Executive Summary → Technical Analysis → Recommendations → Evidence
+
+**Load when:** Need to produce investigation report or diagnostic summary
+
+### 9. Task Management (`references/task-management-debugging.md`)
+
+Track investigation pipelines via Claude Native Tasks (TaskCreate, TaskUpdate, TaskList). Hydration pattern for multi-step investigations with dependency chains and parallel evidence collection.
+
+**Load when:** Multi-component investigation (3+ steps), parallel log collection, coordinating debugger subagents
+
+### 10. Frontend Verification (`references/frontend-verification.md`)
+
+Visual verification of frontend implementations via Chrome MCP (Claude Chrome Extension) or `ck:chrome-devtools` skill fallback. Detect if frontend-related → check Chrome MCP availability → screenshot + console error check → report. Skip if not frontend.
+
+**Load when:** Implementation touches frontend files (tsx/jsx/vue/svelte/html/css), UI bugs, visual regressions
+
+## Quick Reference
+
+```
+Code bug       → systematic-debugging.md (Phase 1-4)
+  Deep in stack  → root-cause-tracing.md (trace backward)
+  Found cause    → defense-in-depth.md (add layers)
+  Claiming done  → verification.md (verify first)
+
+System issue   → investigation-methodology.md (5 steps)
+  CI/CD failure  → log-and-ci-analysis.md
+  Slow system    → performance-diagnostics.md
+  Need report    → reporting-standards.md
+
+Frontend fix   → frontend-verification.md (Chrome/devtools)
+```
+
+## Tools Integration
+
+- **Database:** `psql` for PostgreSQL queries and diagnostics
+- **CI/CD:** `gh` CLI for GitHub Actions logs and pipeline debugging
+- **Codebase:** `ck:docs-seeker` skill for package/plugin docs; `repomix` for codebase summary
+- **Scouting:** `/ck:scout` or `/ck:scout ext` for finding relevant files
+- **Frontend:** Chrome browser or `ck:chrome-devtools` skill for visual verification (screenshots, console, network)
+- **Skills:** Activate `ck:problem-solving` skill when stuck on complex issues
+
+## Red Flags
+
+Stop and follow process if thinking:
+- "Quick fix for now, investigate later"
+- "Just try changing X and see if it works"
+- "It's probably X, let me fix that"
+- "Should work now" / "Seems fixed"
+- "Tests pass, we're done"
+
+**All mean:** Return to systematic process.

package/skills/core/debug/references/defense-in-depth.md

@@ -0,0 +1,124 @@
+# Defense-in-Depth Validation
+
+Validate at every layer data passes through to make bugs impossible.
+
+## Core Principle
+
+**Validate at EVERY layer data passes through. Make bug structurally impossible.**
+
+When fix bug caused by invalid data, adding validation at one place feels sufficient. But single check can be bypassed by different code paths, refactoring, or mocks.
+
+## Why Multiple Layers
+
+Single validation: "We fixed bug"
+Multiple layers: "We made bug impossible"
+
+Different layers catch different cases:
+- Entry validation catches most bugs
+- Business logic catches edge cases
+- Environment guards prevent context-specific dangers
+- Debug logging helps when other layers fail
+
+## The Four Layers
+
+### Layer 1: Entry Point Validation
+**Purpose:** Reject obviously invalid input at API boundary
+
+```typescript
+function createProject(name: string, workingDirectory: string) {
+  if (!workingDirectory || workingDirectory.trim() === '') {
+    throw new Error('workingDirectory cannot be empty');
+  }
+  if (!existsSync(workingDirectory)) {
+    throw new Error(`workingDirectory does not exist: ${workingDirectory}`);
+  }
+  if (!statSync(workingDirectory).isDirectory()) {
+    throw new Error(`workingDirectory is not a directory: ${workingDirectory}`);
+  }
+  // proceed
+}
+```
+
+### Layer 2: Business Logic Validation
+**Purpose:** Ensure data makes sense for this operation
+
+```typescript
+function initializeWorkspace(projectDir: string, sessionId: string) {
+  if (!projectDir) {
+    throw new Error('projectDir required for workspace initialization');
+  }
+  // proceed
+}
+```
+
+### Layer 3: Environment Guards
+**Purpose:** Prevent dangerous operations in specific contexts
+
+```typescript
+async function gitInit(directory: string) {
+  // In tests, refuse git init outside temp directories
+  if (process.env.NODE_ENV === 'test') {
+    const normalized = normalize(resolve(directory));
+    const tmpDir = normalize(resolve(tmpdir()));
+
+    if (!normalized.startsWith(tmpDir)) {
+      throw new Error(
+        `Refusing git init outside temp dir during tests: ${directory}`
+      );
+    }
+  }
+  // proceed
+}
+```
+
+### Layer 4: Debug Instrumentation
+**Purpose:** Capture context for forensics
+
+```typescript
+async function gitInit(directory: string) {
+  const stack = new Error().stack;
+  logger.debug('About to git init', {
+    directory,
+    cwd: process.cwd(),
+    stack,
+  });
+  // proceed
+}
+```
+
+## Applying the Pattern
+
+When find bug:
+
+1. **Trace data flow** - Where does bad value originate? Where used?
+2. **Map all checkpoints** - List every point data passes through
+3. **Add validation at each layer** - Entry, business, environment, debug
+4. **Test each layer** - Try to bypass layer 1, verify layer 2 catches it
+
+## Example from Real Session
+
+Bug: Empty `projectDir` caused `git init` in source code
+
+**Data flow:**
+1. Test setup → empty string
+2. `Project.create(name, '')`
+3. `WorkspaceManager.createWorkspace('')`
+4. `git init` runs in `process.cwd()`
+
+**Four layers added:**
+- Layer 1: `Project.create()` validates not empty/exists/writable
+- Layer 2: `WorkspaceManager` validates projectDir not empty
+- Layer 3: `WorktreeManager` refuses git init outside tmpdir in tests
+- Layer 4: Stack trace logging before git init
+
+**Result:** All 1847 tests passed, bug impossible to reproduce
+
+## Key Insight
+
+All four layers were necessary. During testing, each layer caught bugs others missed:
+- Different code paths bypassed entry validation
+- Mocks bypassed business logic checks
+- Edge cases on different platforms needed environment guards
+- Debug logging identified structural misuse
+
+**Don't stop at one validation point.** Add checks at every layer.