@windyroad/itil 0.20.0 → 0.21.0-preview.213

package/.claude-plugin/plugin.json

@@ -1,5 +1,5 @@
 {
   "name": "wr-itil",
-  "version": "0.20.0",
+  "version": "0.21.0",
   "description": "ITIL-aligned IT service management for Claude Code"
 }

package/hooks/hooks.json

@@ -15,6 +15,10 @@
       {
         "matcher": "Bash",
         "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/p057-staging-trap-detect.sh" }]
+      },
+      {
+        "matcher": "Bash",
+        "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/pre-publish-intake-gate.sh" }]
       }
     ],
     "Stop": [

package/hooks/pre-publish-intake-gate.sh

@@ -0,0 +1,130 @@
+#!/bin/bash
+# PreToolUse:Bash hook (P065 / ADR-036 Trigger 2): blocks `npm publish`
+# and `gh pr merge` of a `changeset-release/*` PR when the project is
+# missing one or more of the five intake files.
+#
+# Required intake files (per ADR-036 Detection step 5):
+#   .github/ISSUE_TEMPLATE/config.yml
+#   .github/ISSUE_TEMPLATE/problem-report.yml
+#   SECURITY.md
+#   SUPPORT.md
+#   CONTRIBUTING.md
+#
+# Bypass / opt-out paths (in priority order, per architect direction):
+#   1. INTAKE_BYPASS=1 in env       -> short-circuit BEFORE existence check
+#                                      (consistent with RISK_BYPASS naming
+#                                      convention in external-comms-gate.sh)
+#   2. .claude/.intake-scaffold-declined marker present -> permit
+#                                      (ADR-009 marker semantics; explicit
+#                                      decline by adopter, persistent until
+#                                      file deleted)
+#   3. All five intake files present -> permit (idempotent default)
+#   4. Otherwise                    -> deny + delegate to /wr-itil:scaffold-intake
+#
+# This hook composes with risk-scorer's git-push-gate.sh: both fire on
+# Bash with `gh pr merge` matchers, and either may deny independently.
+# In practice git-push-gate denies all `gh pr merge` and routes to
+# `npm run release:watch` which subsequently runs `npm publish` — at
+# which point this hook fires.
+
+set -euo pipefail
+
+# ---------- 1. Bypass: check INTAKE_BYPASS BEFORE anything else ----------
+if [ "${INTAKE_BYPASS:-0}" = "1" ]; then
+    exit 0
+fi
+
+INPUT=$(cat)
+
+TOOL_NAME=$(printf '%s' "$INPUT" | python3 -c "
+import sys, json
+try:
+    print(json.load(sys.stdin).get('tool_name', ''))
+except Exception:
+    print('')
+" 2>/dev/null || echo "")
+
+# Out of scope: only Bash invocations are gated.
+[ "$TOOL_NAME" = "Bash" ] || exit 0
+
+COMMAND=$(printf '%s' "$INPUT" | python3 -c "
+import sys, json
+try:
+    print(json.load(sys.stdin).get('tool_input', {}).get('command', ''))
+except Exception:
+    print('')
+" 2>/dev/null || echo "")
+
+# ---------- Surface detection ----------
+IN_SCOPE=0
+
+# Match `npm publish` (with or without flags).
+if echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*npm publish(\s|$)'; then
+    IN_SCOPE=1
+fi
+
+# Match `gh pr merge` against a changeset-release/* PR. The changesets
+# release-PR pattern is the only `gh pr merge` shape that flips the
+# publish boundary. A regular feature-branch merge does not.
+if echo "$COMMAND" | grep -qE '(^|;|&&|\|\|)\s*gh pr merge\b' \
+   && echo "$COMMAND" | grep -qE 'changeset-release/'; then
+    IN_SCOPE=1
+fi
+
+[ "$IN_SCOPE" = "1" ] || exit 0
+
+# ---------- 2. Decline marker (ADR-009 persistent marker) ----------
+if [ -f ".claude/.intake-scaffold-declined" ]; then
+    exit 0
+fi
+
+# ---------- 3. Intake-file existence check ----------
+MISSING=()
+for path in \
+    ".github/ISSUE_TEMPLATE/config.yml" \
+    ".github/ISSUE_TEMPLATE/problem-report.yml" \
+    "SECURITY.md" \
+    "SUPPORT.md" \
+    "CONTRIBUTING.md"; do
+    if [ ! -f "$path" ]; then
+        MISSING+=("$path")
+    fi
+done
+
+if [ "${#MISSING[@]}" -eq 0 ]; then
+    exit 0
+fi
+
+# ---------- 4. Deny + delegate ----------
+deny_reason() {
+    local missing_list
+    missing_list=$(printf '  - %s\n' "${MISSING[@]}")
+    cat <<EOF
+BLOCKED (P065 / ADR-036 pre-publish intake gate): ${#MISSING[@]} of 5 intake files missing — downstream reporters would hit a blank issue form and have no declared security-disclosure channel.
+
+Missing:
+${missing_list}
+
+Recovery, in priority order:
+  1. Run /wr-itil:scaffold-intake to scaffold the missing intake files (recommended for first-time adopters).
+  2. Set INTAKE_BYPASS=1 to override for documented exceptions:
+       INTAKE_BYPASS=1 npm publish
+  3. Decline scaffolding entirely (suppresses the gate indefinitely):
+       mkdir -p .claude && touch .claude/.intake-scaffold-declined
+EOF
+}
+
+REASON=$(deny_reason)
+
+python3 -c "
+import json, sys
+print(json.dumps({
+    'hookSpecificOutput': {
+        'hookEventName': 'PreToolUse',
+        'permissionDecision': 'deny',
+        'permissionDecisionReason': sys.argv[1]
+    }
+}))
+" "$REASON"
+
+exit 0

package/hooks/test/pre-publish-intake-gate.bats

@@ -0,0 +1,144 @@
+#!/usr/bin/env bats
+
+# P065 / ADR-036: pre-publish-intake-gate.sh PreToolUse:Bash hook must deny
+# `npm publish` (and changesets-release `gh pr merge`) when the four intake
+# files are missing, unless the project has opted out via the decline
+# marker (`.claude/.intake-scaffold-declined`) or the user sets the
+# `INTAKE_BYPASS=1` env override.
+#
+# Required intake files (per ADR-036 Detection step 5):
+#   .github/ISSUE_TEMPLATE/config.yml
+#   .github/ISSUE_TEMPLATE/problem-report.yml
+#   SECURITY.md
+#   SUPPORT.md
+#   CONTRIBUTING.md
+#
+# Per feedback_behavioural_tests.md (P081): behavioural assertions —
+# simulate the hook's payload on stdin and assert on emitted JSON
+# permissionDecision and exit status. No source-grep on hook content.
+
+setup() {
+  SCRIPT_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  HOOK="$SCRIPT_DIR/pre-publish-intake-gate.sh"
+  ORIG_DIR="$PWD"
+  TEST_DIR=$(mktemp -d)
+  cd "$TEST_DIR"
+  unset INTAKE_BYPASS
+}
+
+teardown() {
+  cd "$ORIG_DIR"
+  rm -rf "$TEST_DIR"
+  unset INTAKE_BYPASS
+}
+
+# Helper: simulate the PreToolUse:Bash payload on stdin.
+run_bash_hook() {
+  local cmd="$1"
+  local json
+  json=$(printf '{"tool_name":"Bash","tool_input":{"command":"%s"}}' "$cmd")
+  echo "$json" | bash "$HOOK"
+}
+
+# Helper: scaffold all five intake files in the test directory.
+scaffold_all_intake() {
+  mkdir -p .github/ISSUE_TEMPLATE
+  echo "blank_issues_enabled: false" > .github/ISSUE_TEMPLATE/config.yml
+  echo "name: Report a problem" > .github/ISSUE_TEMPLATE/problem-report.yml
+  echo "# Security Policy" > SECURITY.md
+  echo "# Getting Help" > SUPPORT.md
+  echo "# Contributing" > CONTRIBUTING.md
+}
+
+# Helper: set the decline marker.
+decline() {
+  mkdir -p .claude
+  : > .claude/.intake-scaffold-declined
+}
+
+# --- Allow paths ---
+
+@test "allow: npm publish proceeds when all five intake files are present" {
+  scaffold_all_intake
+  run run_bash_hook "npm publish"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}
+
+@test "allow: missing intake but decline marker present permits publish" {
+  decline
+  run run_bash_hook "npm publish"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}
+
+@test "allow: missing intake but INTAKE_BYPASS=1 permits publish (checked BEFORE existence)" {
+  # Architect direction: INTAKE_BYPASS must short-circuit before the
+  # existence check fires.
+  INTAKE_BYPASS=1 run run_bash_hook "npm publish"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}
+
+@test "allow: non-publish bash commands are out of scope" {
+  run run_bash_hook "ls -la"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+  run run_bash_hook "git status"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}
+
+@test "allow: non-Bash tool calls are out of scope" {
+  json='{"tool_name":"Read","tool_input":{"file_path":"foo"}}'
+  run bash -c "echo '$json' | bash $HOOK"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}
+
+# --- Deny paths ---
+
+@test "deny: npm publish with no intake files, no marker, no bypass" {
+  run run_bash_hook "npm publish"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"\"permissionDecision\": \"deny\""* ]]
+  [[ "$output" == *"intake"* ]]
+  [[ "$output" == *"scaffold-intake"* ]]
+}
+
+@test "deny: npm publish with partial intake (3 of 5) still denies" {
+  mkdir -p .github/ISSUE_TEMPLATE
+  echo "blank_issues_enabled: false" > .github/ISSUE_TEMPLATE/config.yml
+  echo "name: Report a problem" > .github/ISSUE_TEMPLATE/problem-report.yml
+  echo "# Security Policy" > SECURITY.md
+  # SUPPORT.md and CONTRIBUTING.md missing
+  run run_bash_hook "npm publish"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"\"permissionDecision\": \"deny\""* ]]
+}
+
+@test "deny message names the recovery affordances (skill, marker, bypass)" {
+  run run_bash_hook "npm publish"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"scaffold-intake"* ]]
+  [[ "$output" == *"INTAKE_BYPASS"* ]]
+  [[ "$output" == *".intake-scaffold-declined"* ]]
+}
+
+# --- gh pr merge on changeset-release/* ---
+
+@test "deny: gh pr merge of a changeset-release/* PR with missing intake" {
+  # ADR-036 Trigger 2 also matches gh pr merge against changeset-release/*
+  # branches (the changesets release-PR pattern).
+  run run_bash_hook "gh pr merge 42 --repo windyroad/example --branch changeset-release/main"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"\"permissionDecision\": \"deny\""* ]]
+}
+
+@test "allow: gh pr merge of a non-changeset PR is out of scope" {
+  # Only the changeset-release/* branch pattern is in scope; a regular
+  # feature-branch merge does not flip the publish boundary.
+  run run_bash_hook "gh pr merge 99 --branch feature/foo"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/itil",
-  "version": "0.20.0",
+  "version": "0.21.0-preview.213",
   "description": "ITIL-aligned IT service management for Claude Code (problem, and future incident/change skills)",
   "bin": {
     "windyroad-itil": "./bin/install.mjs"

package/skills/manage-problem/SKILL.md

@@ -13,6 +13,25 @@ Create, update, or transition problem tickets following an ITIL-aligned problem
 
 When referencing problem IDs, ADR IDs, or JTBD IDs in prose output, always include the human-readable title on first mention. Use the format `P029 (Edit gate overhead for governance docs)`, not bare `P029`. Tables with separate ID and Title columns are fine as-is.
 
+## First-run intake-scaffold pointer (P065 / ADR-036)
+
+This skill is one of the two host skills wired to surface the [`/wr-itil:scaffold-intake`](../scaffold-intake/SKILL.md) skill on first invocation in a project that has not yet adopted the OSS intake surface. The contract is documented in [ADR-036](../../../../docs/decisions/036-scaffold-downstream-oss-intake.proposed.md) (Scaffold downstream OSS intake — skill + layered triggers).
+
+**Preamble check** (run before Step 0 of any operation):
+
+1. Look for the four intake paths: `.github/ISSUE_TEMPLATE/config.yml`, `.github/ISSUE_TEMPLATE/problem-report.yml`, `SECURITY.md`, `SUPPORT.md`, `CONTRIBUTING.md`.
+2. Look for `.claude/.intake-scaffold-declined` (explicit decline marker — never re-prompt).
+3. Look for `.claude/.intake-scaffold-done` (done marker — already scaffolded).
+
+If any intake file is missing AND both markers are absent, surface the scaffold-intake skill:
+
+| Mode | Behaviour |
+|---|---|
+| **Foreground (interactive)** | Fire one-shot `AskUserQuestion` per ADR-013 Rule 1: header `"Scaffold OSS intake?"`, three options — **Scaffold now** (delegate to `/wr-itil:scaffold-intake`), **Not now (ask again next session)** (no marker; re-prompt next time), **Decline (never prompt in this project)** (write `.claude/.intake-scaffold-declined`). |
+| **AFK orchestrator (Rule 6 fail-safe)** | Do **not** fire `AskUserQuestion`. Append a one-line `"pending intake scaffold"` note to the iteration's `ITERATION_SUMMARY` notes field. Do **not** auto-scaffold — JTBD-006 forbids the agent from making this judgement call. The user catches up on next interactive session. |
+
+The preamble check is a one-shot; the `.intake-scaffold-done` and `.intake-scaffold-declined` markers (ADR-009 persistent-marker semantics) suppress re-prompts in subsequent sessions without TTL expiry.
+
 ## Operations
 
 - **Create**: `problem <title or description>` — creates a new open problem

package/skills/manage-problem/test/manage-problem-first-run-intake-prompt.bats

@@ -0,0 +1,43 @@
+#!/usr/bin/env bats
+
+# P065 / ADR-036 Confirmation line 198: manage-problem SKILL.md must
+# wire the first-run intake-scaffold prompt — citing ADR-036 + the AFK
+# fail-safe + the marker contract.
+#
+# Doc-lint structural test (Permitted Exception per ADR-005). The wiring
+# itself is a SKILL.md preamble pointer (architect direction 2026-04-26),
+# so behavioural assertions live at the contract layer of scaffold-intake;
+# this bats fixes the wiring point so future maintainers cannot silently
+# remove the cross-reference.
+
+setup() {
+  REPO_ROOT="$(cd "$(dirname "$BATS_TEST_FILENAME")/../../../../.." && pwd)"
+  SKILL_MD="$REPO_ROOT/packages/itil/skills/manage-problem/SKILL.md"
+}
+
+@test "manage-problem: SKILL.md cites ADR-036 (first-run-prompt contract)" {
+  run grep -F 'ADR-036' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "manage-problem: SKILL.md cross-references the scaffold-intake skill" {
+  run grep -F 'wr-itil:scaffold-intake' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "manage-problem: SKILL.md documents the first-run intake-scaffold detection clause" {
+  # Detection clause must reference at least one intake-file path AND the
+  # decline marker so future maintainers see how the trigger fires.
+  run grep -iE 'intake' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -F '.claude/.intake-scaffold-declined' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "manage-problem: SKILL.md documents the AFK fail-safe (no AskUserQuestion in AFK; iteration-report note)" {
+  # Per ADR-013 Rule 6, the AFK orchestrator branch must not fire
+  # AskUserQuestion. The SKILL.md preamble pointer must call out this
+  # fail-safe so adopters reading the skill understand the divergence.
+  run grep -iE 'afk|rule 6' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}

package/skills/report-upstream/SKILL.md

@@ -36,6 +36,12 @@ This skill **does NOT** implement ADR-027's Step-0 auto-delegation pattern. Per
 
 **Trigger to revisit**: if a second skill that reads upstream repo content lands (per ADR-024's Reassessment Criteria), reconsider whether the cross-cutting "read upstream" pattern should move into a Step-0-delegated subagent that this skill calls.
 
+## Reciprocal sibling: scaffold-intake (P065 / ADR-036)
+
+This skill files reports against an upstream's intake surface. Its reciprocal — [`/wr-itil:scaffold-intake`](../scaffold-intake/SKILL.md) — scaffolds the intake surface on a downstream project so that downstream can in turn be a target of further `report-upstream` calls. Together they close the ecosystem-level intake-shape discipline P055 partial coverage left open. Adopters who run this skill against a target without an `.github/ISSUE_TEMPLATE/` directory should be encouraged to suggest the target adopt `/wr-itil:scaffold-intake` to gain the full problem-first intake set this skill prefers (per ADR-033 Step 3 classifier).
+
+[ADR-036](../../../../docs/decisions/036-scaffold-downstream-oss-intake.proposed.md) is the design record for the reciprocal-scaffolding side; it establishes the layered triggers (first-run prompt + pre-publish gate + optional CI check) and the marker-suppressed lifecycle.
+
 ## Voice-tone gate interaction (ADR-028)
 
 The skill's `gh issue create` (Step 5) and `gh api repos/.../security-advisories` (Step 6) calls are **on the gated surface list per [ADR-028](../../../docs/decisions/028-voice-tone-gate-external-comms.proposed.md)** (Voice-tone gate on external communications). Expected behaviour during these tool calls:

package/skills/scaffold-intake/SKILL.md

@@ -0,0 +1,196 @@
+---
+name: wr-itil:scaffold-intake
+description: Scaffold the four OSS intake surfaces (.github/ISSUE_TEMPLATE/, SECURITY.md, SUPPORT.md, CONTRIBUTING.md) for a downstream project that adopts @windyroad/itil. Idempotent, foreground-synchronous, and respects ADR-009 marker semantics. Implements the contract in ADR-036.
+allowed-tools: Read, Write, Edit, Bash, Glob, Grep, AskUserQuestion
+---
+
+# Scaffold Intake — Downstream OSS Intake Skill
+
+Scaffold the five intake files every project in the Windy Road ecosystem needs to receive structured problem reports and route security disclosure properly:
+
+- `.github/ISSUE_TEMPLATE/config.yml`
+- `.github/ISSUE_TEMPLATE/problem-report.yml`
+- `SECURITY.md`
+- `SUPPORT.md`
+- `CONTRIBUTING.md`
+
+Templates are seeded from this repo's P066-corrected problem-first intake set and are substituted with per-project values for project name, repository URL, plugin list, and security-contact path.
+
+This skill implements the contract in [ADR-036](../../../../docs/decisions/036-scaffold-downstream-oss-intake.proposed.md) (Scaffold downstream OSS intake — skill + layered triggers). It is the reciprocal of [`/wr-itil:report-upstream`](../report-upstream/SKILL.md) — that skill files reports against upstream intake; this skill creates the intake surface so a downstream project can be a target.
+
+## Pattern
+
+This skill is **foreground-synchronous** per [ADR-032](../../../../docs/decisions/032-governance-skill-invocation-patterns.proposed.md) (Governance skill invocation patterns). Scaffolding writes files into the project that the user normally wants to review before they commit; the wrapped-pattern subagent shape would defeat that review. The skill commits its own work per [ADR-014](../../../../docs/decisions/014-governance-skills-commit-their-own-work.proposed.md).
+
+## Invocation
+
+```
+/wr-itil:scaffold-intake [--dry-run] [--force] [--project-name <name>] [--project-url <url>] [--security-contact <path>] [--ci]
+```
+
+| Flag | Effect |
+|---|---|
+| `--dry-run` | Preview the files that would be scaffolded; no writes. |
+| `--force` | Overwrite present files after a diff-and-replace prompt. Off by default — present files are reported as "already present" and skipped. |
+| `--project-name <name>` | Override auto-detected project name (default: `package.json` `name`, fallback to repo dirname). |
+| `--project-url <url>` | Override auto-detected repository URL (default: `package.json` `repository.url`, fallback to `git remote get-url origin`). |
+| `--security-contact <path>` | Override the security-disclosure path written into SECURITY.md (default: `Use GitHub Security Advisories`). |
+| `--ci` | Also emit `.github/workflows/intake-check.yml` (Trigger 3, optional). |
+
+## Steps
+
+### 1. Detect project metadata
+
+```bash
+PROJECT_NAME=$(node -p "require('./package.json').name" 2>/dev/null || basename "$PWD")
+PROJECT_URL=$(node -p "require('./package.json').repository?.url || ''" 2>/dev/null \
+              | sed -E 's|^git\+||; s|\.git$||' \
+              || git remote get-url origin 2>/dev/null \
+              || echo "")
+YEAR=$(date +%Y)
+```
+
+`--project-name` and `--project-url` flags override the auto-detected values when supplied. `package.json` shapes vary across adopters; if detection produces empty values, surface a clear error suggesting the override flags rather than substituting an empty token.
+
+Plugin list: enumerate installed `@windyroad/*` packages from `.claude-plugin/plugin.json` (if present) or from `package.json` dev-dependencies. Used for the SUPPORT.md "affected plugin or component" enumeration.
+
+### 2. Enumerate target paths
+
+Required intake files (per ADR-036 Detection step 5):
+
+```
+.github/ISSUE_TEMPLATE/config.yml
+.github/ISSUE_TEMPLATE/problem-report.yml
+SECURITY.md
+SUPPORT.md
+CONTRIBUTING.md
+```
+
+For each path: classify as **missing**, **present-and-current** (template-substituted output matches existing file content), or **present-and-outdated** (existing differs from substituted template).
+
+### 3. AskUserQuestion: which files to scaffold (foreground only)
+
+In foreground (interactive) mode, fire `AskUserQuestion` per ADR-013 Rule 1 with options scoped to the missing set:
+
+- **Scaffold all missing** — write every absent template, skip present files.
+- **Scaffold with review** — preview each substituted template before writing.
+- **Dry-run** — preview only, no writes.
+- **Cancel** — exit without action.
+
+If `--force` is set AND outdated-present files exist, the prompt offers a fifth option for diff-and-replace per file. Architect direction (2026-04-26): keep the prompt one-shot when missing list is small; per-file prompts only when the user explicitly opts into review.
+
+### 4. Substitute templates and write files
+
+Templates live in `templates/` adjacent to this SKILL.md. Substitution is mustache-style — no runtime dependency:
+
+| Token | Value source |
+|---|---|
+| `{{project_name}}` | Detected or `--project-name` flag. |
+| `{{project_url}}` | Detected or `--project-url` flag. |
+| `{{plugin_list}}` | Comma-separated installed `@windyroad/*` plugins. |
+| `{{security_contact}}` | Detected from existing SECURITY.md (when only that file is present); else `--security-contact` flag; fallback `Use GitHub Security Advisories`. |
+| `{{year}}` | `date +%Y` at scaffold time. |
+
+`sed` substitution sketch (idempotent, no runtime tooling):
+
+```bash
+sed \
+  -e "s|{{project_name}}|$PROJECT_NAME|g" \
+  -e "s|{{project_url}}|$PROJECT_URL|g" \
+  -e "s|{{plugin_list}}|$PLUGIN_LIST|g" \
+  -e "s|{{security_contact}}|$SECURITY_CONTACT|g" \
+  -e "s|{{year}}|$YEAR|g" \
+  templates/SECURITY.md.tmpl > SECURITY.md
+```
+
+For each missing file: substitute, write to the target path, report the write + a short diff to stdout.
+
+For each present-and-current file: report "already present — skipped" without modification.
+
+For each present-and-outdated file: when `--force` is set, offer diff-and-replace; otherwise skip with a clear note that `--force` would update it.
+
+### 5. Mark scaffold as done
+
+After successful write:
+
+```bash
+mkdir -p .claude
+: > .claude/.intake-scaffold-done
+```
+
+The marker suppresses Trigger-1 first-run prompts in subsequent `/wr-itil:manage-problem` and `/wr-itil:work-problems` invocations. ADR-009 marker semantics — persistent (no TTL), file-presence is the policy signal, deletable to reset.
+
+### 6. Commit per ADR-014
+
+```bash
+git add .github/ISSUE_TEMPLATE/ SECURITY.md SUPPORT.md CONTRIBUTING.md .claude/.intake-scaffold-done
+git -c commit.gpgsign=false commit -m "docs: scaffold OSS intake (ISSUE_TEMPLATE, SECURITY, SUPPORT, CONTRIBUTING)"
+```
+
+Follow the project's existing commit-gate flow: the commit triggers `wr-risk-scorer:pipeline` per ADR-014; remediation suggestions are applied per ADR-042 if residual exceeds appetite.
+
+## Idempotency
+
+The skill is idempotent by construction:
+
+- Present files are skipped unless `--force`.
+- Re-running the skill on a fully-scaffolded project produces no diff.
+- The done marker prevents the host first-run prompt from re-firing.
+
+## Rule 6 audit (per ADR-032)
+
+Every `AskUserQuestion` branch this skill uses must enumerate its AFK fail-safe per ADR-013 Rule 6. The audit table below documents each branch:
+
+| AskUserQuestion branch | Resolution |
+|---|---|
+| Step 3: "Which files to scaffold?" (foreground invocation) | Foreground-synchronous — user is in-session; `AskUserQuestion` fires normally. |
+| Step 4: "Overwrite outdated present file with updated template?" (with `--force`) | Foreground-synchronous; same as Step 3. |
+| First-run prompt fired from `/wr-itil:manage-problem` or `/wr-itil:work-problems` (foreground invocation) | Foreground-synchronous per the hosting skill's pattern. |
+| First-run prompt fired from an AFK orchestrator iteration | **Fail-safe (Rule 6)**: do NOT fire `AskUserQuestion` and do NOT auto-scaffold. Append a single one-line "pending intake scaffold" note to the orchestrator's iteration report; defer the prompt to the user's next interactive session. JTBD-006 forbids the agent from making this judgement call. |
+
+## Trigger surfaces (layered)
+
+The skill is reachable via three trigger surfaces, layered so a soft prompt fires weeks before the hard publish stop. ADR-036 specifies the exact contract.
+
+### Trigger 1: First-run prompt from manage-problem / work-problems
+
+When `/wr-itil:manage-problem` or `/wr-itil:work-problems` fires in a foreground session, the host skill's preamble checks:
+
+- Is `.github/ISSUE_TEMPLATE/` missing OR are any of the four other intake files absent?
+- Is `.claude/.intake-scaffold-declined` absent?
+- Is `.claude/.intake-scaffold-done` absent?
+
+When all three checks pass, the host emits a one-shot `AskUserQuestion` prompt with three options — **Scaffold now**, **Not now (ask again next session)**, **Decline (never prompt in this project)**. On "Decline", write `.claude/.intake-scaffold-declined` and never re-prompt unless the user deletes the marker.
+
+**AFK fail-safe**: when the host is invoked from an AFK orchestrator, do NOT fire the prompt. Append a one-line "pending intake scaffold" note to the iteration report and continue. The user catches up on next interactive session.
+
+### Trigger 2: Pre-publish PreToolUse gate (hard stop)
+
+`packages/itil/hooks/pre-publish-intake-gate.sh` matches `npm publish` and `gh pr merge ... changeset-release/*` and denies if any of the five intake files are missing AND the decline marker is absent AND `INTAKE_BYPASS` is not set.
+
+**Override paths** (in priority order):
+1. `INTAKE_BYPASS=1 npm publish` — short-circuits the gate before existence check (consistent with `RISK_BYPASS` naming).
+2. `.claude/.intake-scaffold-declined` marker — explicit opt-out.
+3. Run `/wr-itil:scaffold-intake` to remove the cause.
+
+### Trigger 3: Optional CI check (deferred to v2)
+
+`--ci` flag emits `.github/workflows/intake-check.yml` asserting the four files exist on every PR. Not shipped by default; layered ADD-on for adopters with GitHub Actions.
+
+## Idempotent re-runs and template drift
+
+When this repo's intake files evolve (e.g., a future P066-style reform), downstream adopters' previously-scaffolded files stay frozen. Re-running the skill at any time picks up the diff: the present-and-outdated branch reports each file's diff and, with `--force`, performs diff-and-replace. Template drift policy (when this should fire automatically) is out of scope for v1 — see ADR-036 Reassessment Criteria.
+
+## Related
+
+- [ADR-036](../../../../docs/decisions/036-scaffold-downstream-oss-intake.proposed.md) — design record (driver decision).
+- [ADR-024](../../../../docs/decisions/024-cross-project-problem-reporting-contract.proposed.md) — sibling skill (`/wr-itil:report-upstream`); reciprocal pair.
+- [ADR-032](../../../../docs/decisions/032-governance-skill-invocation-patterns.proposed.md) — foreground-synchronous pattern + Rule 6 audit requirement.
+- [ADR-013](../../../../docs/decisions/013-structured-user-interaction-for-governance-decisions.proposed.md) — Rule 1 (interactive prompt) + Rule 6 (AFK fail-safe).
+- [ADR-009](../../../../docs/decisions/009-gate-marker-lifecycle.proposed.md) — marker lifecycle (the `.intake-scaffold-{done,declined}` markers).
+- [ADR-014](../../../../docs/decisions/014-governance-skills-commit-their-own-work.proposed.md) — commit discipline.
+- P065 — driver ticket.
+- P066 — parent (template seed source); the corrected problem-first intake shape this skill propagates.
+- JTBD-301 — primary persona; downstream-project intake coverage.
+- JTBD-101 — clear patterns for adopters extending the suite.
+- JTBD-006 — AFK fail-safe constraint.

package/skills/scaffold-intake/templates/CONTRIBUTING.md.tmpl

@@ -0,0 +1,31 @@
+# Contributing
+
+Thanks for your interest in {{project_name}}. This guide covers how to contribute code, decisions, and bug reports.
+
+## Before you start
+
+- **Problems**: open an issue first using the **Report a problem** template under `.github/ISSUE_TEMPLATE/`. You do not need to pre-classify it as a bug or a feature -- this project practises ITIL problem management, so triage decides the category. Drive-by PRs without an issue are harder to merge because the problem framing is missing.
+- **Security vulnerabilities**: do not open a public issue. See [SECURITY.md](SECURITY.md).
+- **Usage questions**: use [Discussions]({{project_url}}/discussions), not issues.
+
+## Pull requests
+
+1. **Branch off the default branch**.
+2. **Make your change** with tests where applicable.
+3. **Open the PR** with a clear description of what is changing and why.
+
+### Commit style
+
+- Follow Conventional Commits (`feat:`, `fix:`, `docs:`, `chore:`, etc.).
+- Reference problem tickets in the commit message when the work closes one.
+- Sign-off is not required.
+
+## Code of conduct
+
+Be kind. Engage in good faith. Critique ideas, not people. Maintainers reserve the right to lock or remove discussions, issues, or PRs that derail into personal attacks.
+
+## License
+
+By contributing, you agree your contributions are licensed under {{project_name}}'s license. See the project root for the canonical LICENSE file.
+
+Copyright (c) {{year}} the {{project_name}} contributors.

package/skills/scaffold-intake/templates/SECURITY.md.tmpl

@@ -0,0 +1,39 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+**Do not file a public issue for security vulnerabilities.**
+
+{{security_contact}} to disclose privately. Maintainers receive an email; the report stays private until a fix ships.
+
+A useful report includes:
+
+- The affected version of {{project_name}} (e.g. `{{project_name}}@x.y.z`).
+- The runtime / platform you reproduced on.
+- Reproduction steps that demonstrate the impact.
+- Your assessment of impact (data loss, code execution, escalation, secret leak, etc.).
+- Any suggested fix or mitigation.
+
+## What's in scope
+
+Code shipped from this repository: {{project_url}}.
+
+## What's out of scope
+
+- Vulnerabilities in third-party dependencies -- report to their maintainers.
+- Issues that require an attacker to already have local code-execution on the user's machine.
+
+## Disclosure timeline
+
+We aim to:
+
+- **Acknowledge** the report within 7 calendar days.
+- **Provide an initial assessment** (in scope, severity, planned fix) within 14 days.
+- **Ship a fix** within 90 days for confirmed vulnerabilities, with most resolved sooner.
+- **Coordinate disclosure** with the reporter so a public advisory and credit can be published when the fix lands.
+
+If we cannot meet a 90-day timeline, we will say so in the advisory thread before the deadline.
+
+## Credit
+
+Reporters who follow this private-disclosure path are credited in the published advisory unless they ask to remain anonymous.

package/skills/scaffold-intake/templates/SUPPORT.md.tmpl

@@ -0,0 +1,32 @@
+# Getting Help
+
+Where to go depends on what you need:
+
+## Usage questions, configuration help, pattern advice
+
+[GitHub Discussions]({{project_url}}/discussions). Discussions stay searchable for the next person who hits the same question.
+
+Before posting, search existing discussions and the project README.
+
+## Report a problem
+
+[Open an issue]({{project_url}}/issues/new/choose) using the **Report a problem** template. You do not need to pre-classify it as a bug or feature -- this project practises ITIL problem management, and triage decides whether the root cause is a defect, a missing capability, a documentation gap, or something else. Describe what you observed and let triage decide the category.
+
+Include:
+
+- A description of what is happening and what you expected
+- Observable symptoms (errors, command output, transcripts, screenshots -- redact secrets)
+- Any workaround you tried, even if it did not help
+- Affected component and version of {{project_name}}
+- Runtime / platform and operating system
+- Minimal reproduction steps or evidence
+
+The template prompts for these. Issues without the template fields are slower to triage.
+
+## Security vulnerabilities
+
+**Do not open a public issue.** {{security_contact}} for private disclosure. See [SECURITY.md](SECURITY.md) for the disclosure timeline and what's in scope.
+
+## Project documentation
+
+Start with the README at the root of {{project_url}} for project-specific behaviour.

package/skills/scaffold-intake/templates/config.yml.tmpl

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Ask a question (GitHub Discussions)
+    url: {{project_url}}/discussions
+    about: For usage help, configuration questions, and pattern advice. The issue tracker is for problems -- triage decides whether the root cause is a defect, a missing capability, or something else.
+  - name: Report a security vulnerability
+    url: {{project_url}}/security/advisories/new
+    about: Use GitHub Security Advisories for private disclosure. Do not file a public issue. See SECURITY.md.

package/skills/scaffold-intake/templates/problem-report.yml.tmpl

@@ -0,0 +1,87 @@
+name: Report a problem
+description: Report a problem with {{project_name}}. You do not need to pre-classify it as a bug or feature -- triage decides.
+title: "[problem] "
+labels: ["problem", "needs-triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting a problem. This project practises ITIL problem management -- you describe what you observed, and triage decides whether the root cause is a defect, a missing capability, a documentation gap, or something else. You do not need to choose in advance.
+
+        For security vulnerabilities, **do not file here** -- use [GitHub Security Advisories]({{project_url}}/security/advisories/new) instead. For usage questions, use [Discussions]({{project_url}}/discussions).
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: What is happening? What did you expect instead? Describe the observation, not the fix.
+      placeholder: |
+        e.g. "When I run the tool in a fresh project, it reports no items even though the source data has them. I expected it to list them."
+    validations:
+      required: true
+
+  - type: textarea
+    id: symptoms
+    attributes:
+      label: Symptoms
+      description: Observable behaviour -- error messages, command output, transcript snippets, screenshots. Redact secrets.
+      placeholder: |
+        - Command returns exit code 1
+        - Output contains "project root not found"
+        - ...
+    validations:
+      required: true
+
+  - type: textarea
+    id: workaround
+    attributes:
+      label: Workaround
+      description: Anything you tried that got you unstuck, even if temporary. "None found" is a valid answer.
+      placeholder: |
+        Retried after restarting -- same result. No workaround found.
+
+  - type: input
+    id: affected-component
+    attributes:
+      label: Affected component
+      description: Which part of {{project_name}} is involved? "multiple" or "unsure" is a valid answer -- triage will re-scope.
+      placeholder: "e.g. CLI / UI / specific module"
+    validations:
+      required: true
+
+  - type: input
+    id: frequency
+    attributes:
+      label: Frequency
+      description: How often does this happen? (every time, intermittently, once, ...)
+      placeholder: "e.g. every time I run the command"
+    validations:
+      required: true
+
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Version, runtime, and operating system.
+      placeholder: |
+        - {{project_name}} version: x.y.z
+        - Runtime: Node 20.x / Python 3.12 / ...
+        - OS: macOS 15.2
+    validations:
+      required: true
+
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence
+      description: Minimal reproduction steps, transcript links, screenshots, or related prior discussions. Feeds the investigation tasks triage will open.
+      placeholder: |
+        1. Clone the repo
+        2. Run the failing command
+        3. Observe output
+
+  - type: textarea
+    id: additional
+    attributes:
+      label: Additional context
+      description: Anything else relevant -- related tickets, prior art, a hypothesis you already formed.

package/skills/scaffold-intake/test/scaffold-intake-contract.bats

@@ -0,0 +1,126 @@
+#!/usr/bin/env bats
+
+# P065 / ADR-036 / ADR-037 Confirmation: scaffold-intake SKILL.md must
+# encode the contract documented in ADR-036's Decision Outcome.
+#
+# Doc-lint structural test (Permitted Exception per ADR-005 — structural
+# SKILL.md content checks, not behavioural). Mirrors the report-upstream
+# contract bats pattern and the ADR-037 "Source review (at implementation
+# time)" requirement that every shipped skill ships at least one
+# `<skill>-contract.bats`.
+
+setup() {
+  REPO_ROOT="$(cd "$(dirname "$BATS_TEST_FILENAME")/../../../../.." && pwd)"
+  SKILL_MD="$REPO_ROOT/packages/itil/skills/scaffold-intake/SKILL.md"
+  TEMPLATE_DIR="$REPO_ROOT/packages/itil/skills/scaffold-intake/templates"
+}
+
+@test "scaffold-intake: SKILL.md exists" {
+  [ -f "$SKILL_MD" ]
+}
+
+@test "scaffold-intake: SKILL.md frontmatter declares the skill name" {
+  run grep -F 'name: wr-itil:scaffold-intake' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md cross-references ADR-036 (driver decision)" {
+  run grep -F 'ADR-036' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md cites ADR-032 foreground-synchronous pattern" {
+  run grep -F 'ADR-032' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -iE 'foreground.synchronous' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md contains an explicit Rule 6 audit section (ADR-032 + ADR-013 Rule 6)" {
+  # ADR-032 line 191 requires every skill that uses AskUserQuestion to
+  # carry an enumerable Rule 6 audit. ADR-036 lines 92-97 ship the table
+  # shape.
+  run grep -iE 'rule 6 audit|rule-6 audit' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md enumerates the three trigger surfaces (ADR-036)" {
+  # Trigger 1: first-run prompt from manage-problem / work-problems.
+  # Trigger 2: pre-publish PreToolUse gate (hard stop).
+  # Trigger 3: optional CI check (deferred / --ci flag).
+  run grep -iE 'trigger 1|first-run' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -iE 'trigger 2|pre-publish' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -iE 'trigger 3|ci check|--ci' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md cites the INTAKE_BYPASS env override (ADR-036)" {
+  run grep -F 'INTAKE_BYPASS' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md cites both marker files (ADR-036 + ADR-009)" {
+  run grep -F '.claude/.intake-scaffold-done' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -F '.claude/.intake-scaffold-declined' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md documents idempotent + --force semantics (ADR-036)" {
+  run grep -iE 'idempotent' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -F -- '--force' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -F -- '--dry-run' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md enumerates the five required intake files (ADR-036 Detection 5)" {
+  for path in 'config.yml' 'problem-report.yml' 'SECURITY.md' 'SUPPORT.md' 'CONTRIBUTING.md'; do
+    run grep -F "$path" "$SKILL_MD"
+    [ "$status" -eq 0 ] || { echo "missing reference: $path"; return 1; }
+  done
+}
+
+@test "scaffold-intake: SKILL.md documents AFK fail-safe (no auto-scaffold) per JTBD-006" {
+  # JTBD-006 + ADR-013 Rule 6: AFK orchestrator branch must NOT auto-write
+  # template files. The skill documents this as a Rule 6 fail-safe.
+  run grep -iE 'afk|rule 6' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+  run grep -iE 'no auto.?scaffold|do not auto.?scaffold|silent note|pending.intake.scaffold' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: SKILL.md cites ADR-014 commit discipline" {
+  run grep -F 'ADR-014' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+# --- Templates directory ---
+
+@test "scaffold-intake: templates/ directory exists with five template seeds" {
+  [ -d "$TEMPLATE_DIR" ]
+  [ -f "$TEMPLATE_DIR/config.yml.tmpl" ]
+  [ -f "$TEMPLATE_DIR/problem-report.yml.tmpl" ]
+  [ -f "$TEMPLATE_DIR/SECURITY.md.tmpl" ]
+  [ -f "$TEMPLATE_DIR/SUPPORT.md.tmpl" ]
+  [ -f "$TEMPLATE_DIR/CONTRIBUTING.md.tmpl" ]
+}
+
+@test "scaffold-intake: problem-report.yml.tmpl is problem-first (P066 shape)" {
+  run grep -F 'title: "[problem] "' "$TEMPLATE_DIR/problem-report.yml.tmpl"
+  [ "$status" -eq 0 ]
+  run grep -F 'labels: ["problem", "needs-triage"]' "$TEMPLATE_DIR/problem-report.yml.tmpl"
+  [ "$status" -eq 0 ]
+}
+
+@test "scaffold-intake: templates use mustache-style substitution tokens (ADR-036)" {
+  # ADR-036 declares the token list. Each token must appear in at least
+  # one template file for the substitution surface to be wired.
+  for token in '{{project_name}}' '{{project_url}}' '{{security_contact}}'; do
+    run grep -rF "$token" "$TEMPLATE_DIR/"
+    [ "$status" -eq 0 ] || { echo "missing token: $token"; return 1; }
+  done
+}

package/skills/scaffold-intake/test/scaffold-intake-fixture.bats

@@ -0,0 +1,161 @@
+#!/usr/bin/env bats
+
+# P065 / ADR-036 Confirmation behavioural-replay 1+2:
+# Fixture-based behavioural test for scaffold-intake. Exercises the skill's
+# core write-and-substitute contract against a mock empty downstream repo.
+#
+# This is the behavioural counterpart to scaffold-intake-contract.bats.
+# It does NOT invoke the skill via Claude Code — it asserts the
+# contract by replaying the skill's documented bash steps:
+#   1. detect project name + url from package.json
+#   2. enumerate missing intake files
+#   3. write substituted templates to the correct paths
+#   4. mark .claude/.intake-scaffold-done
+# The bats reads templates/*.tmpl directly, applies the substitution rules
+# defined in ADR-036, and asserts on the resulting files.
+#
+# Per feedback_behavioural_tests.md (P081): asserts observable file-system
+# outcomes (files exist, content substituted, idempotent re-run no-ops),
+# not source content.
+
+setup() {
+  REPO_ROOT="$(cd "$(dirname "$BATS_TEST_FILENAME")/../../../../.." && pwd)"
+  TEMPLATE_DIR="$REPO_ROOT/packages/itil/skills/scaffold-intake/templates"
+  ORIG_DIR="$PWD"
+  TEST_DIR=$(mktemp -d)
+  cd "$TEST_DIR"
+
+  # Seed a minimal package.json so the skill's detection step has inputs.
+  cat > package.json <<'JSON'
+{
+  "name": "example-downstream",
+  "repository": {
+    "url": "https://github.com/example/downstream.git"
+  }
+}
+JSON
+}
+
+teardown() {
+  cd "$ORIG_DIR"
+  rm -rf "$TEST_DIR"
+}
+
+# Helper: replay the skill's substitute-and-write step for one template.
+# This is the inline mustache-style substitution declared in ADR-036.
+scaffold_one() {
+  local tmpl="$1"
+  local out="$2"
+  local project_name="example-downstream"
+  local project_url="https://github.com/example/downstream"
+  local security_contact="Use GitHub Security Advisories"
+  local plugin_list="@windyroad/itil"
+  local year="2026"
+  mkdir -p "$(dirname "$out")"
+  sed \
+    -e "s|{{project_name}}|$project_name|g" \
+    -e "s|{{project_url}}|$project_url|g" \
+    -e "s|{{security_contact}}|$security_contact|g" \
+    -e "s|{{plugin_list}}|$plugin_list|g" \
+    -e "s|{{year}}|$year|g" \
+    "$TEMPLATE_DIR/$tmpl" > "$out"
+}
+
+scaffold_all() {
+  scaffold_one "config.yml.tmpl" ".github/ISSUE_TEMPLATE/config.yml"
+  scaffold_one "problem-report.yml.tmpl" ".github/ISSUE_TEMPLATE/problem-report.yml"
+  scaffold_one "SECURITY.md.tmpl" "SECURITY.md"
+  scaffold_one "SUPPORT.md.tmpl" "SUPPORT.md"
+  scaffold_one "CONTRIBUTING.md.tmpl" "CONTRIBUTING.md"
+  mkdir -p .claude
+  : > .claude/.intake-scaffold-done
+}
+
+# --- Empty repo: scaffold writes all five files ---
+
+@test "fixture: empty repo gains all five intake files" {
+  scaffold_all
+  [ -f .github/ISSUE_TEMPLATE/config.yml ]
+  [ -f .github/ISSUE_TEMPLATE/problem-report.yml ]
+  [ -f SECURITY.md ]
+  [ -f SUPPORT.md ]
+  [ -f CONTRIBUTING.md ]
+}
+
+@test "fixture: substitution tokens are resolved (no raw {{...}} left in scaffolded files)" {
+  scaffold_all
+  for f in \
+    .github/ISSUE_TEMPLATE/config.yml \
+    .github/ISSUE_TEMPLATE/problem-report.yml \
+    SECURITY.md \
+    SUPPORT.md \
+    CONTRIBUTING.md; do
+    run grep -F '{{' "$f"
+    [ "$status" -ne 0 ] || { echo "raw mustache token left in $f"; return 1; }
+  done
+}
+
+@test "fixture: project_name substitution propagated into scaffolded SECURITY.md or CONTRIBUTING.md" {
+  scaffold_all
+  # The project name should appear at least once in either SECURITY.md or
+  # CONTRIBUTING.md; the exact placement is template-dependent but
+  # ABSENCE from both files would indicate a substitution miss.
+  run bash -c "grep -F 'example-downstream' SECURITY.md SUPPORT.md CONTRIBUTING.md"
+  [ "$status" -eq 0 ]
+}
+
+@test "fixture: scaffolded problem-report.yml retains problem-first shape (P066)" {
+  scaffold_all
+  run grep -F 'title: "[problem] "' .github/ISSUE_TEMPLATE/problem-report.yml
+  [ "$status" -eq 0 ]
+  run grep -F 'labels: ["problem", "needs-triage"]' .github/ISSUE_TEMPLATE/problem-report.yml
+  [ "$status" -eq 0 ]
+}
+
+@test "fixture: done marker written after successful scaffold" {
+  scaffold_all
+  [ -f .claude/.intake-scaffold-done ]
+}
+
+# --- Idempotency: re-scaffolding produces no diff ---
+
+@test "fixture: full re-application is idempotent (no diff)" {
+  scaffold_all
+  # Snapshot.
+  cp -R . "$TEST_DIR/.snapshot-1"
+  # Re-apply.
+  scaffold_all
+  # Diff against snapshot — exclude the snapshot dir itself + any tmp.
+  run diff -ru \
+    --exclude='.snapshot-1' \
+    --exclude='.git' \
+    "$TEST_DIR/.snapshot-1" "$TEST_DIR"
+  # diff exit 0 means no differences.
+  [ "$status" -eq 0 ]
+}
+
+# --- Partial repo: pre-existing CONTRIBUTING.md is preserved ---
+
+@test "fixture: pre-existing CONTRIBUTING.md is preserved (idempotent skip)" {
+  echo "# Custom Contributing" > CONTRIBUTING.md
+  echo "Custom adopter content; must not be overwritten by scaffold." >> CONTRIBUTING.md
+  ORIGINAL=$(cat CONTRIBUTING.md)
+
+  # Scaffold the OTHER four files (skill skips the existing one).
+  scaffold_one "config.yml.tmpl" ".github/ISSUE_TEMPLATE/config.yml"
+  scaffold_one "problem-report.yml.tmpl" ".github/ISSUE_TEMPLATE/problem-report.yml"
+  scaffold_one "SECURITY.md.tmpl" "SECURITY.md"
+  scaffold_one "SUPPORT.md.tmpl" "SUPPORT.md"
+  # Deliberately do NOT call scaffold_one for CONTRIBUTING.md — that's
+  # the skill's idempotent skip behaviour for present files.
+
+  # Other files were created.
+  [ -f .github/ISSUE_TEMPLATE/config.yml ]
+  [ -f .github/ISSUE_TEMPLATE/problem-report.yml ]
+  [ -f SECURITY.md ]
+  [ -f SUPPORT.md ]
+
+  # CONTRIBUTING.md unchanged.
+  AFTER=$(cat CONTRIBUTING.md)
+  [ "$ORIGINAL" = "$AFTER" ]
+}

package/skills/scaffold-intake/test/scaffold-intake-secrets-absent.bats

@@ -0,0 +1,87 @@
+#!/usr/bin/env bats
+
+# P065 / ADR-036 / ADR-037 Confirmation: scaffold-intake's templates and
+# SKILL.md must not leak absolute paths, host-specific identifiers, or
+# secrets that would compromise downstream adopters who scaffold from
+# them.
+#
+# Sentinel test: per ADR-037 "Source review", every skill that emits
+# user-substituted content ships a `<skill>-secrets-absent.bats` to
+# catch hardcoded environment leakage at PR time.
+
+setup() {
+  REPO_ROOT="$(cd "$(dirname "$BATS_TEST_FILENAME")/../../../../.." && pwd)"
+  TEMPLATE_DIR="$REPO_ROOT/packages/itil/skills/scaffold-intake/templates"
+  SKILL_MD="$REPO_ROOT/packages/itil/skills/scaffold-intake/SKILL.md"
+}
+
+# --- Templates: no absolute paths from the author's environment ---
+
+@test "secrets-absent: templates contain no /Users/ or /home/ absolute paths" {
+  run grep -rE '/Users/[a-zA-Z0-9_-]+/' "$TEMPLATE_DIR/"
+  [ "$status" -ne 0 ]
+  run grep -rE '/home/[a-zA-Z0-9_-]+/' "$TEMPLATE_DIR/"
+  [ "$status" -ne 0 ]
+}
+
+@test "secrets-absent: templates contain no Windows-style absolute paths" {
+  run grep -rE '[A-Z]:\\Users\\' "$TEMPLATE_DIR/"
+  [ "$status" -ne 0 ]
+}
+
+# --- Templates: no obvious credential shapes ---
+
+@test "secrets-absent: templates contain no credential-shaped tokens (AKIA, ghp_, sk_, github_pat_)" {
+  run grep -rE 'AKIA[0-9A-Z]{16}|ghp_[A-Za-z0-9]{36}|github_pat_[A-Za-z0-9_]{80,}|sk_(live|test)_[A-Za-z0-9]{24,}' "$TEMPLATE_DIR/"
+  [ "$status" -ne 0 ]
+}
+
+@test "secrets-absent: templates contain no aws_access or aws_secret keys in plain text" {
+  run grep -rEi 'aws_access_key_id|aws_secret_access_key' "$TEMPLATE_DIR/"
+  [ "$status" -ne 0 ]
+}
+
+# --- Templates: name-of-this-repo must be substituted, not hardcoded ---
+
+@test "secrets-absent: templates do not hardcode 'windyroad/agent-plugins' (must use {{project_url}}/{{project_name}} substitution)" {
+  # The author repo is windyroad/agent-plugins; downstream-scaffolded
+  # files must use the per-project substitution token, not the literal
+  # author repo. Otherwise downstream adopters get our SECURITY.md
+  # advisory URL pointing to OUR security advisories, which is wrong.
+  #
+  # Allow it ONLY in commentary lines that explain "templated from this
+  # repo's intake".
+  run grep -rl 'windyroad/agent-plugins' "$TEMPLATE_DIR/"
+  if [ "$status" -eq 0 ]; then
+    # Anything found must be inside a comment explicitly framing it as
+    # an example. Fail otherwise.
+    while read -r f; do
+      run grep -nE 'windyroad/agent-plugins' "$f"
+      while read -r line; do
+        line_no="${line%%:*}"
+        line_text="${line#*:}"
+        # Allow only if line begins with a comment marker (#) AND mentions example/seed.
+        if echo "$line_text" | grep -qE '^[[:space:]]*#' && echo "$line_text" | grep -qiE 'example|seed|template|reference'; then
+          continue
+        fi
+        echo "hardcoded windyroad/agent-plugins reference at $f:$line_no"
+        echo "   $line_text"
+        return 1
+      done <<< "$output"
+    done < <(grep -rl 'windyroad/agent-plugins' "$TEMPLATE_DIR/")
+  fi
+}
+
+# --- SKILL.md: no transcript-leak shapes ---
+
+@test "secrets-absent: SKILL.md contains no /Users/ or /home/ absolute paths" {
+  run grep -E '/Users/[a-zA-Z0-9_-]+/' "$SKILL_MD"
+  [ "$status" -ne 0 ]
+  run grep -E '/home/[a-zA-Z0-9_-]+/' "$SKILL_MD"
+  [ "$status" -ne 0 ]
+}
+
+@test "secrets-absent: SKILL.md contains no credential-shaped tokens" {
+  run grep -E 'AKIA[0-9A-Z]{16}|ghp_[A-Za-z0-9]{36}|github_pat_[A-Za-z0-9_]{80,}' "$SKILL_MD"
+  [ "$status" -ne 0 ]
+}

package/skills/work-problems/SKILL.md

@@ -14,6 +14,24 @@ The user is AFK during this process, so every decision point that would normally
 
 Each iteration is one cycle of: scan backlog, pick highest-WSJF problem, work it, report result. The loop continues until a stop condition is met.
 
+## First-run intake-scaffold pointer (P065 / ADR-036)
+
+This skill is one of the two host skills wired to surface the [`/wr-itil:scaffold-intake`](../scaffold-intake/SKILL.md) skill on first invocation in a project that has not yet adopted the OSS intake surface. The contract is documented in [ADR-036](../../../../docs/decisions/036-scaffold-downstream-oss-intake.proposed.md) (Scaffold downstream OSS intake — skill + layered triggers).
+
+**Preamble check** (run once at session start, before Step 0 of the loop):
+
+1. Look for the four intake paths: `.github/ISSUE_TEMPLATE/config.yml`, `.github/ISSUE_TEMPLATE/problem-report.yml`, `SECURITY.md`, `SUPPORT.md`, `CONTRIBUTING.md`.
+2. Look for `.claude/.intake-scaffold-declined` (explicit decline marker — never re-prompt).
+3. Look for `.claude/.intake-scaffold-done` (done marker — already scaffolded).
+
+If any intake file is missing AND both markers are absent: this skill is **always invoked from an AFK orchestrator context** (per the skill's allowed-tools and persona). The Rule 6 fail-safe applies unconditionally:
+
+- Do **not** fire `AskUserQuestion`.
+- Do **not** auto-scaffold.
+- Append a one-line `"pending intake scaffold"` note to the iteration's `ITERATION_SUMMARY` notes field. The note is a per-iteration audit trail signal — accumulating one line per AFK iter is acceptable per ADR-036 § Bad consequences and JTBD-006 "audit trail — every action taken during AFK mode should be traceable".
+
+The user reviews the pending note on their next interactive session and runs `/wr-itil:scaffold-intake` (or `/wr-itil:manage-problem` with the foreground prompt branch) at that point. JTBD-006 forbids the agent from making this judgement call autonomously.
+
 ### Step 0: Preflight (per ADR-019)
 
 Before opening the work loop, reconcile local state with origin so the orchestrator does not iterate against a stale backlog or create tickets with IDs that collide with parallel sessions (P040).

package/skills/work-problems/test/work-problems-first-run-intake-prompt.bats

@@ -0,0 +1,36 @@
+#!/usr/bin/env bats
+
+# P065 / ADR-036 Confirmation line 199: work-problems SKILL.md must wire
+# the first-run intake-scaffold pointer + AFK fail-safe + marker contract.
+#
+# Doc-lint structural test (Permitted Exception per ADR-005). Sister bats
+# to manage-problem-first-run-intake-prompt.bats.
+
+setup() {
+  REPO_ROOT="$(cd "$(dirname "$BATS_TEST_FILENAME")/../../../../.." && pwd)"
+  SKILL_MD="$REPO_ROOT/packages/itil/skills/work-problems/SKILL.md"
+}
+
+@test "work-problems: SKILL.md cites ADR-036 (first-run-prompt contract)" {
+  run grep -F 'ADR-036' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "work-problems: SKILL.md cross-references the scaffold-intake skill" {
+  run grep -F 'wr-itil:scaffold-intake' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "work-problems: SKILL.md documents the AFK fail-safe (no auto-scaffold; iteration-report pending-note)" {
+  # AFK orchestrator branch must NOT auto-scaffold; instead the iteration
+  # appends a one-line "pending intake scaffold" note to its summary.
+  # The SKILL.md preamble pointer documents this so AFK consumers see
+  # the divergence at glance.
+  run grep -iE 'pending.intake.scaffold|pending intake scaffold|silent note' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}
+
+@test "work-problems: SKILL.md cites the decline marker path (ADR-009 + ADR-036)" {
+  run grep -F '.claude/.intake-scaffold-declined' "$SKILL_MD"
+  [ "$status" -eq 0 ]
+}