@williambeto/ai-workflow 2.2.0 → 2.2.6

package/dist-assets/skills/product-planning/SKILL.md

@@ -1,166 +1,17 @@
 ---
 name: product-planning
 description: Skill-backed capability for product planning work
+governance: dist-assets/docs/policies/SKILLS_COMMON_GOVERNANCE.md
 ---
 
 # Product Planning Skill Contract
 
-
-## Runtime compatibility
-
-This file is plain Markdown and must remain usable as project instructions in OpenCode, Codex, Gemini, and Claude.
-
-Do not use runtime-specific tool syntax unless the file is explicitly a runtime adapter/template.
-
-If the runtime cannot call another agent directly, provide a useful handoff with exact next action instead of pretending delegation happened.
-
+This skill operates under the rules defined in the [Skills Common Governance Policy](../../docs/policies/SKILLS_COMMON_GOVERNANCE.md).
 
 ## Purpose
 
 Provide reusable domain guidance for `product-planning` work.
 
-## Behavioral contract core
-
-These rules are loaded directly because they are too important to depend on optional reference lookup.
-
-- Preserve the requested scope and existing behavior unless change is explicit.
-- Use the owning primary agent; a skill supplies domain judgment and must not pretend that delegation occurred.
-- Load the project conventions and the domain references named by this skill before making domain decisions.
-- Do not invent capabilities, integrations, metrics, users, evidence, validation, security properties, or completed work.
-- Use the smallest safe execution mode and keep artifacts proportional.
-- Implementation support must include relevant documentation, tests, validation, and current-task evidence.
-- A blocking finding remains `FAIL_QUALITY_GATE` or `BLOCKED`; never soften it to obtain completion.
-
-## Required context
-
-Before domain work, inspect the files, conventions, scripts, constraints, and existing behavior directly relevant to the request. If required context is unavailable, return a precise handoff or blocker instead of guessing.
-
-## Finalization requirements
-
-- Return the canonical status and concrete evidence to the owning agent.
-- Write-capable work requires a safe non-protected branch, observed relevant validation, and no unresolved material failure. Workflow files are not proof by themselves.
-- Do not self-approve work that requires an independent validation owner.
-
-## Execution modes
-
-```txt
-readonly → Inspect → Report → Recommendation
-quick → Branch recovery/check → Implement → Document if behavior or usage changed → Test/Validate → Evidence
-standard → Compact requirement → Compact technical plan → Implement → Document → Test/Validate → Compact evidence
-full → Spec draft → Spec review → Technical plan → PR breakdown → Implementation → Documentation → Test/Validate → Evidence report
-```
-
-## Use when
-
-Use this skill when the owning primary agent needs domain support related to `product planning`.
-
-## Do not use when
-
-- The task belongs to another primary owner.
-- The skill would bypass Branch Gate, validation, or evidence.
-- The skill would expand scope beyond the user request.
-
-## What good looks like
-
-- clear scope;
-- correct file placement;
-- evidence-based output;
-- validation appropriate to the selected mode;
-- useful handoff when outside domain.
-
-## Execution checklist
-
-1. Confirm the primary owner.
-2. Confirm the execution mode.
-3. Confirm scope.
-4. Apply domain-specific guidance.
-5. Identify validation and evidence needs.
-6. Return output to the primary owner.
-
-
-## Workflow guardrails
-
-Skills standardize domain work; they do not replace execution ownership.
-
-- Do not bypass Branch Gate Auto-Recovery.
-- Do not tell the owner to skip documentation, tests, validation, or evidence.
-- For implementation support, require modern UI quality when user-facing UI is involved.
-- Return guidance to the owning primary agent/command so execution can continue.
-
-## Validation checklist
-
-- Evidence is concrete.
-- Validation is run or marked NOT_RUN with reason.
-- Tests, documentation, and UI impact are addressed using explicit criteria: docs for runtime/API/config/user-facing changes; tests for behavior/data/validation/API helpers; UI checks for user-facing surfaces.
-- Output is not generic.
-
-
-## Quality gates
-
-Do not mark `PASS` when:
-
-- validation is missing or invented;
-- automated tests were technically viable but ignored or downgraded to `NOT_RUN`;
-- documentation was required but ignored;
-- user-facing UI is poor/raw or lacks relevant states;
-- files are in the wrong location;
-- scope expanded without approval;
-- the response is generic and not useful;
-- release/publish/tag/deploy action lacks explicit approval.
-
-
-
-## Severity scale
-
-Use this scale whenever the skill classifies findings or risks.
-
-### High
-
-High severity means likely to break runtime behavior, safety gates, user-facing functionality, data integrity, release safety, or required docs/tests/evidence.
-
-### Medium
-
-Medium severity means likely to reduce quality, maintainability, consistency, accessibility, or validation confidence without immediately breaking execution.
-
-### Low
-
-Low severity means wording, clarity, minor polish, or non-blocking maintainability improvement.
-
-## Expected output
-
-```md
-## Skill Support Report
-
-Status: PASS | PASS_WITH_NOTES | FAIL_QUALITY_GATE | BLOCKED | NOT_RUN
-
-Skill:
-- product-planning
-
-Mode:
-- readonly | quick | standard | full
-
-Guidance:
-- ...
-
-Evidence:
-- ...
-
-Recommendation:
-- ...
-```
-
-## Quality failure examples
-
-- Claiming success without evidence.
-- Editing files on a protected branch.
-- Ignoring correct file placement.
-- Producing generic advice when executable guidance is required.
-- Over-engineering a simple task.
-- Skipping relevant UI/test/docs quality when the task requires it.
-
-## Stop conditions
+## Domain-Specific Guidance
 
-- Stop when domain guidance is complete.
-- Do not complete as “done” when another owner is required; return the needed owner/command so the owning agent can continue when the runtime can act.
-- Stop if required evidence is missing.
-- Stop if asked to bypass safety gates.
+Add specific capability guidelines, validation checklists, or design rules related to `product-planning` here.

package/dist-assets/skills/project-memory/SKILL.md

@@ -1,166 +1,36 @@
 ---
 name: project-memory
 description: Skill-backed capability for project memory work
+governance: dist-assets/docs/policies/SKILLS_COMMON_GOVERNANCE.md
 ---
 
 # Project Memory Skill Contract
 
-
-## Runtime compatibility
-
-This file is plain Markdown and must remain usable as project instructions in OpenCode, Codex, Gemini, and Claude.
-
-Do not use runtime-specific tool syntax unless the file is explicitly a runtime adapter/template.
-
-If the runtime cannot call another agent directly, provide a useful handoff with exact next action instead of pretending delegation happened.
-
+This skill operates under the rules defined in the [Skills Common Governance Policy](../../docs/policies/SKILLS_COMMON_GOVERNANCE.md).
 
 ## Purpose
 
-Provide reusable domain guidance for `project-memory` work.
-
-## Behavioral contract core
-
-These rules are loaded directly because they are too important to depend on optional reference lookup.
-
-- Preserve the requested scope and existing behavior unless change is explicit.
-- Use the owning primary agent; a skill supplies domain judgment and must not pretend that delegation occurred.
-- Load the project conventions and the domain references named by this skill before making domain decisions.
-- Do not invent capabilities, integrations, metrics, users, evidence, validation, security properties, or completed work.
-- Use the smallest safe execution mode and keep artifacts proportional.
-- Implementation support must include relevant documentation, tests, validation, and current-task evidence.
-- A blocking finding remains `FAIL_QUALITY_GATE` or `BLOCKED`; never soften it to obtain completion.
-
-## Required context
-
-Before domain work, inspect the files, conventions, scripts, constraints, and existing behavior directly relevant to the request. If required context is unavailable, return a precise handoff or blocker instead of guessing.
-
-## Finalization requirements
-
-- Return the canonical status and concrete evidence to the owning agent.
-- Write-capable work requires a safe non-protected branch, observed relevant validation, and no unresolved material failure. Workflow files are not proof by themselves.
-- Do not self-approve work that requires an independent validation owner.
-
-## Execution modes
-
-```txt
-readonly → Inspect → Report → Recommendation
-quick → Branch recovery/check → Implement → Document if behavior or usage changed → Test/Validate → Evidence
-standard → Compact requirement → Compact technical plan → Implement → Document → Test/Validate → Compact evidence
-full → Spec draft → Spec review → Technical plan → PR breakdown → Implementation → Documentation → Test/Validate → Evidence report
-```
-
-## Use when
-
-Use this skill when the owning primary agent needs domain support related to `project memory`.
-
-## Do not use when
-
-- The task belongs to another primary owner.
-- The skill would bypass Branch Gate, validation, or evidence.
-- The skill would expand scope beyond the user request.
-
-## What good looks like
-
-- clear scope;
-- correct file placement;
-- evidence-based output;
-- validation appropriate to the selected mode;
-- useful handoff when outside domain.
-
-## Execution checklist
-
-1. Confirm the primary owner.
-2. Confirm the execution mode.
-3. Confirm scope.
-4. Apply domain-specific guidance.
-5. Identify validation and evidence needs.
-6. Return output to the primary owner.
-
-
-## Workflow guardrails
+Provide reusable domain guidance for managing project memory, context state, and change history in the repository.
 
-Skills standardize domain work; they do not replace execution ownership.
+## Domain-Specific Guidance
 
-- Do not bypass Branch Gate Auto-Recovery.
-- Do not tell the owner to skip documentation, tests, validation, or evidence.
-- For implementation support, require modern UI quality when user-facing UI is involved.
-- Return guidance to the owning primary agent/command so execution can continue.
+### 1. State Tracking (`.workflow-state.json`)
+- Maintain sync with actual branch/pr progress.
+- Mark phases (`bootstrap`, `requirement`, `specification`, `technicalPlan`, `prBreakdown`) as `done` only when their target files are committed.
+- Keep the `current` state object aligned with the active checkout branch.
 
-## Validation checklist
+### 2. Context Pruning & Memory Density
+- Keep checklists and task logs concise.
+- Remove obsolete or completed task drafts.
+- Do not let debug dumps, cache directories, or uncompressed log files accumulate in the memory directory (`.ai-workflow/`).
 
-- Evidence is concrete.
-- Validation is run or marked NOT_RUN with reason.
-- Tests, documentation, and UI impact are addressed using explicit criteria: docs for runtime/API/config/user-facing changes; tests for behavior/data/validation/API helpers; UI checks for user-facing surfaces.
-- Output is not generic.
+### 3. Change Proposals & ADRs
+- Draft ADRs under `docs/adr/` when making structural or architectural decisions.
+- Follow the standard formatting template: Context, Options Considered, Decision, Consequences, and Compliance.
 
-
-## Quality gates
+## Quality Gates (Domain-Specific)
 
 Do not mark `PASS` when:
-
-- validation is missing or invented;
-- automated tests were technically viable but ignored or downgraded to `NOT_RUN`;
-- documentation was required but ignored;
-- user-facing UI is poor/raw or lacks relevant states;
-- files are in the wrong location;
-- scope expanded without approval;
-- the response is generic and not useful;
-- release/publish/tag/deploy action lacks explicit approval.
-
-
-
-## Severity scale
-
-Use this scale whenever the skill classifies findings or risks.
-
-### High
-
-High severity means likely to break runtime behavior, safety gates, user-facing functionality, data integrity, release safety, or required docs/tests/evidence.
-
-### Medium
-
-Medium severity means likely to reduce quality, maintainability, consistency, accessibility, or validation confidence without immediately breaking execution.
-
-### Low
-
-Low severity means wording, clarity, minor polish, or non-blocking maintainability improvement.
-
-## Expected output
-
-```md
-## Skill Support Report
-
-Status: PASS | PASS_WITH_NOTES | FAIL_QUALITY_GATE | BLOCKED | NOT_RUN
-
-Skill:
-- project-memory
-
-Mode:
-- readonly | quick | standard | full
-
-Guidance:
-- ...
-
-Evidence:
-- ...
-
-Recommendation:
-- ...
-```
-
-## Quality failure examples
-
-- Claiming success without evidence.
-- Editing files on a protected branch.
-- Ignoring correct file placement.
-- Producing generic advice when executable guidance is required.
-- Over-engineering a simple task.
-- Skipping relevant UI/test/docs quality when the task requires it.
-
-## Stop conditions
-
-- Stop when domain guidance is complete.
-- Do not complete as “done” when another owner is required; return the needed owner/command so the owning agent can continue when the runtime can act.
-- Stop if required evidence is missing.
-- Stop if asked to bypass safety gates.
+- The state tracker `.workflow-state.json` is out of sync with git status.
+- Cache or debug logs are left uncleaned in the workspace.
+- A structural architectural change has been implemented without an ADR.

package/dist-assets/skills/prompt-engineer/SKILL.md

@@ -1,166 +1,17 @@
 ---
 name: prompt-engineer
 description: Skill-backed capability for prompt engineer work
+governance: dist-assets/docs/policies/SKILLS_COMMON_GOVERNANCE.md
 ---
 
 # Prompt Engineer Skill Contract
 
-
-## Runtime compatibility
-
-This file is plain Markdown and must remain usable as project instructions in OpenCode, Codex, Gemini, and Claude.
-
-Do not use runtime-specific tool syntax unless the file is explicitly a runtime adapter/template.
-
-If the runtime cannot call another agent directly, provide a useful handoff with exact next action instead of pretending delegation happened.
-
+This skill operates under the rules defined in the [Skills Common Governance Policy](../../docs/policies/SKILLS_COMMON_GOVERNANCE.md).
 
 ## Purpose
 
 Provide reusable domain guidance for `prompt-engineer` work.
 
-## Behavioral contract core
-
-These rules are loaded directly because they are too important to depend on optional reference lookup.
-
-- Preserve the requested scope and existing behavior unless change is explicit.
-- Use the owning primary agent; a skill supplies domain judgment and must not pretend that delegation occurred.
-- Load the project conventions and the domain references named by this skill before making domain decisions.
-- Do not invent capabilities, integrations, metrics, users, evidence, validation, security properties, or completed work.
-- Use the smallest safe execution mode and keep artifacts proportional.
-- Implementation support must include relevant documentation, tests, validation, and current-task evidence.
-- A blocking finding remains `FAIL_QUALITY_GATE` or `BLOCKED`; never soften it to obtain completion.
-
-## Required context
-
-Before domain work, inspect the files, conventions, scripts, constraints, and existing behavior directly relevant to the request. If required context is unavailable, return a precise handoff or blocker instead of guessing.
-
-## Finalization requirements
-
-- Return the canonical status and concrete evidence to the owning agent.
-- Write-capable work requires a safe non-protected branch, observed relevant validation, and no unresolved material failure. Workflow files are not proof by themselves.
-- Do not self-approve work that requires an independent validation owner.
-
-## Execution modes
-
-```txt
-readonly → Inspect → Report → Recommendation
-quick → Branch recovery/check → Implement → Document if behavior or usage changed → Test/Validate → Evidence
-standard → Compact requirement → Compact technical plan → Implement → Document → Test/Validate → Compact evidence
-full → Spec draft → Spec review → Technical plan → PR breakdown → Implementation → Documentation → Test/Validate → Evidence report
-```
-
-## Use when
-
-Use this skill when the owning primary agent needs domain support related to `prompt engineer`.
-
-## Do not use when
-
-- The task belongs to another primary owner.
-- The skill would bypass Branch Gate, validation, or evidence.
-- The skill would expand scope beyond the user request.
-
-## What good looks like
-
-- clear scope;
-- correct file placement;
-- evidence-based output;
-- validation appropriate to the selected mode;
-- useful handoff when outside domain.
-
-## Execution checklist
-
-1. Confirm the primary owner.
-2. Confirm the execution mode.
-3. Confirm scope.
-4. Apply domain-specific guidance.
-5. Identify validation and evidence needs.
-6. Return output to the primary owner.
-
-
-## Workflow guardrails
-
-Skills standardize domain work; they do not replace execution ownership.
-
-- Do not bypass Branch Gate Auto-Recovery.
-- Do not tell the owner to skip documentation, tests, validation, or evidence.
-- For implementation support, require modern UI quality when user-facing UI is involved.
-- Return guidance to the owning primary agent/command so execution can continue.
-
-## Validation checklist
-
-- Evidence is concrete.
-- Validation is run or marked NOT_RUN with reason.
-- Tests, documentation, and UI impact are addressed using explicit criteria: docs for runtime/API/config/user-facing changes; tests for behavior/data/validation/API helpers; UI checks for user-facing surfaces.
-- Output is not generic.
-
-
-## Quality gates
-
-Do not mark `PASS` when:
-
-- validation is missing or invented;
-- automated tests were technically viable but ignored or downgraded to `NOT_RUN`;
-- documentation was required but ignored;
-- user-facing UI is poor/raw or lacks relevant states;
-- files are in the wrong location;
-- scope expanded without approval;
-- the response is generic and not useful;
-- release/publish/tag/deploy action lacks explicit approval.
-
-
-
-## Severity scale
-
-Use this scale whenever the skill classifies findings or risks.
-
-### High
-
-High severity means likely to break runtime behavior, safety gates, user-facing functionality, data integrity, release safety, or required docs/tests/evidence.
-
-### Medium
-
-Medium severity means likely to reduce quality, maintainability, consistency, accessibility, or validation confidence without immediately breaking execution.
-
-### Low
-
-Low severity means wording, clarity, minor polish, or non-blocking maintainability improvement.
-
-## Expected output
-
-```md
-## Skill Support Report
-
-Status: PASS | PASS_WITH_NOTES | FAIL_QUALITY_GATE | BLOCKED | NOT_RUN
-
-Skill:
-- prompt-engineer
-
-Mode:
-- readonly | quick | standard | full
-
-Guidance:
-- ...
-
-Evidence:
-- ...
-
-Recommendation:
-- ...
-```
-
-## Quality failure examples
-
-- Claiming success without evidence.
-- Editing files on a protected branch.
-- Ignoring correct file placement.
-- Producing generic advice when executable guidance is required.
-- Over-engineering a simple task.
-- Skipping relevant UI/test/docs quality when the task requires it.
-
-## Stop conditions
+## Domain-Specific Guidance
 
-- Stop when domain guidance is complete.
-- Do not complete as “done” when another owner is required; return the needed owner/command so the owning agent can continue when the runtime can act.
-- Stop if required evidence is missing.
-- Stop if asked to bypass safety gates.
+Add specific capability guidelines, validation checklists, or design rules related to `prompt-engineer` here.