@windyroad/itil 0.25.0 → 0.26.0

package/.claude-plugin/plugin.json

@@ -1,5 +1,5 @@
 {
   "name": "wr-itil",
-  "version": "0.25.0",
+  "version": "0.26.0",
   "description": "ITIL-aligned IT service management for Claude Code"
 }

package/README.md

@@ -86,6 +86,8 @@ See [ADR-011](../../docs/decisions/011-manage-incident-skill.proposed.md) for th
 | `/wr-itil:review-problems` | Re-rate every open and known-error ticket and refresh the WSJF ranking |
 | `/wr-itil:reconcile-readme` | Detect and correct drift between `docs/problems/README.md` and on-disk ticket inventory |
 | `/wr-itil:report-upstream` | Report a local problem as a structured issue against an upstream repository (ADR-024) |
+| `/wr-itil:capture-rfc` | Lightweight RFC-capture skill — mandatory problem-trace per ADR-060 I1 invariant; opens a coordinated multi-commit change traceable to ≥ 1 driving problem (Phase 1 of the Problem-RFC-Story framework, P170 / ADR-060) |
+| `/wr-itil:manage-rfc` | Heavyweight RFC intake + lifecycle management — proposed → accepted → in-progress → verifying → closed; sibling to `manage-problem` at the RFC tier (ADR-060) |
 | `/wr-itil:manage-incident` | Declare, triage, mitigate, and close an incident with evidence-first discipline |
 | `/wr-itil:list-incidents` | Read-only display of active incidents by severity |
 | `/wr-itil:mitigate-incident` / `/wr-itil:restore-incident` / `/wr-itil:close-incident` / `/wr-itil:link-incident` | Incident lifecycle transitions (ADR-011) |
@@ -106,6 +108,7 @@ This plugin serves the [Jobs to be Done](../../docs/jtbd/) below. Per [ADR-051](
 ### Solo developer
 
 - **[JTBD-006 Progress the Backlog While I'm Away](../../docs/jtbd/solo-developer/JTBD-006-work-backlog-afk.proposed.md)** — `/wr-itil:work-problems` is the AFK orchestrator that loops through the WSJF-ranked backlog, working tickets without interactive input until quota or a stop condition fires.
+- **[JTBD-008 Decompose a Fix Into Coordinated Changes](../../docs/jtbd/solo-developer/JTBD-008-decompose-fix-into-coordinated-changes.proposed.md)** — `/wr-itil:capture-rfc` + `/wr-itil:manage-rfc` are the capture-time decomposition surface for multi-commit coordinated changes traced to a driving problem; the I1 trace-to-problem invariant is gate-enforced at capture-rfc time (P170 / ADR-060).
 
 ### Plugin user (currency anchor)
 

package/bin/wr-itil-reconcile-rfcs

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+exec "$(dirname "$0")/../scripts/reconcile-rfcs.sh" "$@"

package/hooks/hooks.json

@@ -37,6 +37,12 @@
         "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/itil-changeset-discipline.sh" }]
       }
     ],
+    "PostToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/itil-rfc-trailer-advisory.sh" }]
+      }
+    ],
     "Stop": [
       { "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/itil-assistant-output-review.sh" }] }
     ]

package/hooks/itil-rfc-trailer-advisory.sh

@@ -0,0 +1,198 @@
+#!/bin/bash
+# P170: PostToolUse:Bash hook — detects `git commit` invocations whose
+# HEAD commit message carries a `Refs: RFC-<NNN>` trailer (the
+# commit-message RFC trailer convention introduced by ADR-060 Phase 1
+# item 12 + finding 8). For each such trailer, the hook checks whether
+# the driving problem ticket(s) `## RFCs` reverse-trace section lists
+# the RFC; emits a stderr advisory when stale.
+#
+# This is the SECONDARY surface for the auto-maintained `## RFCs` section
+# contract. The PRIMARY surface is skill-side inline refresh in
+# `/wr-itil:capture-rfc` Step 6 + `/wr-itil:manage-rfc` Step 7+9 (architect
+# Q1 verdict). The hook is the drift-detection backstop for ARBITRARY
+# commits — `feat(...)` / `fix(...)` / `chore(...)` commits that carry
+# `Refs: RFC-<NNN>` trailers but were authored OUTSIDE the RFC skills
+# and therefore did not run the inline refresh.
+#
+# Advisory-only per architect Q2 verdict + ADR-014 single-commit grain:
+# the hook NEVER auto-fixes (no follow-up commit; no working-tree edit
+# after the commit lands). It emits a stderr advisory pointing the
+# user at `/wr-itil:manage-rfc <RFC-NNN>` to refresh the reverse-trace
+# in a subsequent commit, OR at `wr-itil-reconcile-rfcs docs/rfcs
+# docs/problems` to verify drift in batch.
+#
+# Allow paths (silent-on-pass per ADR-045 Pattern 1):
+#   - tool_name != "Bash"           (only Bash invocations gated)
+#   - command lacks `git commit`     (non-commit Bash bypasses)
+#   - BYPASS_RFC_TRAILER_ADVISORY=1  (env-var escape)
+#   - outside git work tree
+#   - no `./docs/rfcs/`              (RFC framework not adopted)
+#   - no `./docs/problems/`          (problem framework not adopted)
+#   - HEAD commit lacks Refs: RFC trailer
+#   - all referenced RFCs' driving problems' `## RFCs` tables are current
+#
+# Multi-`Refs:` malformed-per-finding-8 advisory: when HEAD's commit
+# message carries multiple `Refs: RFC-<NNN>` trailer lines, the hook
+# emits a malformed-per-finding-8 advisory directing the user to split
+# the commit (one commit advances at most one RFC per ADR-060 finding
+# 8). The split itself is user-side work; the hook flags only.
+#
+# Failmode (per ADR-013 Rule 6 fail-open): on parse error in the
+# trailer, on a Refs: trailer pointing to a non-existent RFC file
+# (could be a capture-rfc invocation in flight), on `git interpret-trailers`
+# failure — exit 0 silently. The reconcile-rfcs.sh batch surface
+# catches these cases at the next manage-rfc Step 0 preflight per
+# Confirmation criterion 3.
+#
+# Cost: one git invocation per `git commit` Bash call (~30-60ms). No
+# marker (per-invocation deterministic; mirrors P125 staging-detect.sh
+# and P141 itil-changeset-discipline.sh precedent).
+#
+# References:
+#   ADR-005 — plugin testing strategy (hook bats live under hooks/test/).
+#   ADR-013 Rule 6 — fail-open on missing inputs / parse errors.
+#   ADR-014 — single-commit grain (this hook never auto-fixes via
+#             follow-up commit; advisory-only).
+#   ADR-038 — progressive disclosure / advisory band ≤300 bytes.
+#   ADR-045 — hook injection budget; Pattern 1 silent-on-pass.
+#   ADR-051 — load-bearing-from-the-start (drift detection ships at
+#             the same time as the convention; never deferred).
+#   ADR-052 — behavioural-tests default; bats live alongside.
+#   ADR-060 — Phase 1 item 12 + Confirmation criterion 3.
+#   P170    — driving problem ticket.
+#   P081    — behavioural tests preferred over structural greps.
+#   P125    — sibling per-invocation no-marker hook precedent.
+#   P141    — sibling commit-time gate hook precedent.
+
+INPUT=$(cat)
+
+TOOL_NAME=$(echo "$INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_name', ''))
+except:
+    print('')
+" 2>/dev/null || echo "")
+
+# Only fire on Bash.
+if [ "$TOOL_NAME" != "Bash" ]; then
+  exit 0
+fi
+
+COMMAND=$(echo "$INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_input', {}).get('command', ''))
+except:
+    print('')
+" 2>/dev/null || echo "")
+
+# Only fire on `git commit` invocations.
+case "$COMMAND" in
+  *"git commit"*) ;;
+  *) exit 0 ;;
+esac
+
+# Bypass via env var.
+if [ "${BYPASS_RFC_TRAILER_ADVISORY:-}" = "1" ]; then
+  exit 0
+fi
+
+# Fail-open if not in a git work tree.
+git rev-parse --is-inside-work-tree >/dev/null 2>&1 || exit 0
+
+# Fail-open if RFC / problem framework not adopted.
+[ -d "./docs/rfcs" ] || exit 0
+[ -d "./docs/problems" ] || exit 0
+
+# Read HEAD commit message.
+COMMIT_MSG=$(git log -1 --format='%B' HEAD 2>/dev/null) || exit 0
+[ -n "$COMMIT_MSG" ] || exit 0
+
+# Parse `Refs:` trailers via git's native parser. The `key=Refs` filter
+# extracts every Refs: line; we then keep only those naming RFC-<NNN>.
+TRAILERS=$(printf '%s\n' "$COMMIT_MSG" | git interpret-trailers --parse 2>/dev/null \
+  | grep -E '^Refs:[[:space:]]+RFC-[0-9]{3}' || true)
+
+# No RFC trailer → silent.
+[ -n "$TRAILERS" ] || exit 0
+
+# Multi-Refs: malformed-per-finding-8 advisory.
+TRAILER_COUNT=$(printf '%s\n' "$TRAILERS" | wc -l | tr -d ' ')
+if [ "$TRAILER_COUNT" -gt 1 ]; then
+  echo "P170 ADVISORY: HEAD commit carries ${TRAILER_COUNT} Refs: RFC trailers (malformed-per-finding-8 — one commit advances at most one RFC per ADR-060). Recovery: split the commit; rerun /wr-itil:manage-rfc on each RFC. Bypass: BYPASS_RFC_TRAILER_ADVISORY=1." >&2
+  exit 0
+fi
+
+# Single trailer — extract RFC ID.
+RFC_ID=$(printf '%s' "$TRAILERS" | grep -oE 'RFC-[0-9]{3}' | head -1)
+[ -n "$RFC_ID" ] || exit 0
+RFC_NUM="${RFC_ID#RFC-}"
+
+# Locate the RFC file (any status suffix).
+shopt -s nullglob
+RFC_FILES=(./docs/rfcs/RFC-${RFC_NUM}-*.md)
+shopt -u nullglob
+if [ ${#RFC_FILES[@]} -eq 0 ]; then
+  # RFC file not yet on disk (capture-rfc may be in flight). Fail-open.
+  exit 0
+fi
+RFC_FILE="${RFC_FILES[0]}"
+
+# Parse RFC frontmatter `problems: [P<NNN>, P<NNN>, ...]`.
+RAW_PROBLEMS=$(awk '/^problems:/ { print; exit }' "$RFC_FILE")
+INNER=$(echo "$RAW_PROBLEMS" | sed -E 's/^[[:space:]]*problems:[[:space:]]*\[//; s/\][[:space:]]*$//')
+
+# Tokenise.
+PIDS=()
+while IFS= read -r tok; do
+  tok=$(echo "$tok" | tr -d ' "'\''')
+  case "$tok" in
+    P[0-9][0-9][0-9]) PIDS+=("$tok") ;;
+  esac
+done <<< "$(echo "$INNER" | tr ',' '\n')"
+
+# No claims → fail-open (RFC has no problem trace; trailer hook can't
+# verify anything).
+if [ ${#PIDS[@]} -eq 0 ]; then
+  exit 0
+fi
+
+# For each PID, check whether the problem's `## RFCs` table lists RFC_ID.
+STALE_PIDS=""
+for pid in "${PIDS[@]}"; do
+  pnum="${pid#P}"
+  shopt -s nullglob
+  PFILES=(./docs/problems/${pnum}-*.md)
+  shopt -u nullglob
+  if [ ${#PFILES[@]} -eq 0 ]; then
+    # Problem file missing — fail-open (could be a stale frontmatter
+    # claim or a problem in flight).
+    continue
+  fi
+  pfile="${PFILES[0]}"
+
+  # Locate `## RFCs` section.
+  sec_start=$(awk '/^## RFCs[[:space:]]*$/ { print NR; exit }' "$pfile")
+  if [ -z "$sec_start" ]; then
+    STALE_PIDS="${STALE_PIDS:+$STALE_PIDS,}$pid"
+    continue
+  fi
+
+  # Check if the section lists RFC_ID.
+  if ! awk -v start="$sec_start" -v rid="$RFC_ID" '
+    NR > start && /^## / { exit }
+    NR > start && index($0, rid) > 0 { print "found"; exit }
+  ' "$pfile" | grep -q found; then
+    STALE_PIDS="${STALE_PIDS:+$STALE_PIDS,}$pid"
+  fi
+done
+
+# No drift → silent.
+[ -n "$STALE_PIDS" ] || exit 0
+
+# Emit advisory (per ADR-045 ≤300 byte band; stderr; exit 0).
+echo "P170 ADVISORY: HEAD commit ${RFC_ID} trailer; problem(s) ${STALE_PIDS} ## RFCs section stale (skill-side refresh missed). Recovery: /wr-itil:manage-rfc ${RFC_ID} OR wr-itil-reconcile-rfcs docs/rfcs docs/problems. Bypass: BYPASS_RFC_TRAILER_ADVISORY=1." >&2
+exit 0

package/hooks/lib/create-gate.sh

@@ -52,6 +52,36 @@ mark_step2_complete() {
   : > "/tmp/manage-problem-grep-${SESSION_ID}"
 }
 
+# Returns 0 if the RFC capture-step marker exists for SESSION_ID; 1 otherwise.
+# Empty SESSION_ID => returns 1 (no marker).
+#
+# Sibling marker per architect verdict on capture-rfc sub-decision (a) —
+# preserves audit-trail per-surface granularity (problem-tier vs RFC-tier
+# capture). Marker name: /tmp/wr-itil-rfc-capture-grep-${SESSION_ID}.
+#
+# Usage: if check_rfc_capture_gate "$SESSION_ID"; then exit 0; fi
+check_rfc_capture_gate() {
+  local SESSION_ID="$1"
+  [ -n "$SESSION_ID" ] || return 1
+  [ -f "/tmp/wr-itil-rfc-capture-grep-${SESSION_ID}" ]
+}
+
+# Writes the RFC capture-step marker for SESSION_ID. Empty SESSION_ID => no-op.
+# Idempotent — safe to call more than once per session.
+#
+# Per ADR-060 + capture-rfc Step 2: the marker records that capture-rfc has
+# run its problem-trace validation pass (the RFC-tier analogue of the
+# manage-problem Step 2 duplicate-grep). Per-session scope so a single
+# capture-rfc invocation may write multiple RFC files (e.g. multi-problem
+# trace splits) without re-validating.
+#
+# Usage: mark_rfc_capture_complete "$SESSION_ID"
+mark_rfc_capture_complete() {
+  local SESSION_ID="$1"
+  [ -n "$SESSION_ID" ] || return 0
+  : > "/tmp/wr-itil-rfc-capture-grep-${SESSION_ID}"
+}
+
 # Emit fail-closed deny JSON for PreToolUse hooks.
 # Usage: create_gate_deny "BLOCKED: <reason>"
 create_gate_deny() {

package/hooks/manage-problem-enforce-create.sh

@@ -1,35 +1,53 @@
 #!/bin/bash
 # P119: PreToolUse:Write enforcement hook for new problem ticket creation.
+# P170 / ADR-060: extended to also gate new RFC ticket creation under docs/rfcs/.
 #
-# BLOCKS Write to docs/problems/<NNN>-*.<status>.md when the file does not
-# yet exist on disk and the per-session Step-2 grep marker is absent.
-# Marker is set by /wr-itil:manage-problem Step 2 (duplicate-check) at the
-# end of its grep pass — present marker means the agent has run the
-# duplicate-check for this session and may write new tickets.
+# BLOCKS Write to:
+#   - docs/problems/<NNN>-*.<status>.md      (when file does not yet exist
+#                                             and Step-2 grep marker absent)
+#   - docs/rfcs/RFC-<NNN>-*.<status>.md      (when file does not yet exist
+#                                             and capture-rfc marker absent)
+#
+# Marker convention:
+#   - /tmp/manage-problem-grep-${SESSION_ID}        (problems tier;
+#                                                    set by manage-problem /
+#                                                    capture-problem Step 2)
+#   - /tmp/wr-itil-rfc-capture-grep-${SESSION_ID}   (RFC tier;
+#                                                    set by capture-rfc Step 2 /
+#                                                    manage-rfc creation flow)
 #
 # Out of scope (allow-listed):
-#   - docs/problems/README.md  — regenerated by Steps 5/6/7 (chicken-and-egg)
+#   - docs/problems/README.md  — regenerated by manage-problem Steps 5/6/7
+#   - docs/rfcs/README.md      — regenerated by manage-rfc transitions / review
 #   - Existing files           — Edit-flow / status transitions are
-#                                governed by /wr-itil:transition-problem,
-#                                not new-ticket creation
+#                                governed by /wr-itil:transition-problem and
+#                                /wr-itil:manage-rfc respectively
 #   - Edit tool                — only Write is gated; Edit on existing
 #                                tickets is normal status-transition shape
-#   - Non-ticket basenames     — only docs/problems/<NNN>-*.md ticket-shaped
-#                                paths are gated (NOTES.md, archive/, etc.
-#                                are project housekeeping, not tickets)
+#   - Non-ticket basenames     — only ticket-shaped paths are gated:
+#                                problems: NNN-*.md  (3-digit prefix)
+#                                rfcs:     RFC-NNN-*.md
+#                                Other docs (NOTES.md, archive/, etc.)
+#                                are project housekeeping, not tickets
 #
-# ADR-031 forward-compat: matcher uses docs/problems/ prefix + numeric
-# basename, agnostic to current suffix-based layout (docs/problems/NNN-*.<status>.md)
-# vs. future per-state subdirectory layout (docs/problems/<state>/NNN-*.md).
+# ADR-031 forward-compat: matcher uses path-prefix + ticket-shape basename,
+# agnostic to current suffix-based layout vs. future per-state subdirectory
+# layout. Branch deny message names the right skill (manage-problem /
+# capture-problem for problems-tier; capture-rfc / manage-rfc for RFC-tier).
 #
 # References:
-#   ADR-009 — gate marker lifecycle (per-session /tmp markers).
-#   ADR-013 Rule 1 — deny redirects to /wr-itil:manage-problem where
-#                    Step 2 fires AskUserQuestion if duplicates exist.
-#   ADR-022 — problem lifecycle (status suffixes covered: open / known-error /
-#             verifying / parked).
-#   ADR-038 — progressive disclosure (deny message stays terse + actionable).
-#   P119    — agent bypasses Step 2 by writing tickets directly.
+#   ADR-009  — gate marker lifecycle (per-session /tmp markers).
+#   ADR-013 Rule 1 — deny redirects to the relevant skill (manage-problem
+#                    for problems; capture-rfc for RFCs) where Step 2 fires.
+#   ADR-022  — problem lifecycle (status suffixes covered: open / known-error /
+#              verifying / parked).
+#   ADR-038  — progressive disclosure (deny message stays terse + actionable).
+#   ADR-051  — load-bearing-from-the-start (RFC I1 trace-to-problem invariant
+#              ships as a hard-block from day one, not advisory-then-escalate).
+#   ADR-060  — Problem-RFC-Story framework; introduces RFC tier + I1
+#              hard-block at capture-rfc.
+#   P119     — agent bypasses Step 2 by writing tickets directly.
+#   P170     — driver problem ticket for the RFC framework introduction.
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 # shellcheck source=lib/create-gate.sh
@@ -81,29 +99,44 @@ if [ -z "$SESSION_ID" ]; then
   exit 0
 fi
 
-# Match docs/problems/ paths only. Both absolute (project-root prefixed)
-# and relative shapes are accepted because Claude Code passes absolute
-# paths in tool_input.file_path but tests and direct invocations may
-# use relative paths.
+# Match docs/problems/ OR docs/rfcs/ paths only. Both absolute
+# (project-root prefixed) and relative shapes are accepted because
+# Claude Code passes absolute paths in tool_input.file_path but tests
+# and direct invocations may use relative paths.
+TIER=""
 case "$FILE_PATH" in
-  *docs/problems/*) ;;
+  *docs/problems/*) TIER="problems" ;;
+  *docs/rfcs/*)     TIER="rfcs" ;;
   *) exit 0 ;;
 esac
 
 BASENAME=$(basename "$FILE_PATH")
 
-# Allow-list: docs/problems/README.md is regenerated by Steps 5/6/7.
-# Gating it would chicken-and-egg the skill itself.
+# Allow-list: README.md regenerated by skill flows (chicken-and-egg).
+# Applies to both tiers: docs/problems/README.md (manage-problem Steps 5/6/7)
+# and docs/rfcs/README.md (manage-rfc transitions / review).
 if [ "$BASENAME" = "README.md" ]; then
   exit 0
 fi
 
-# Only gate ticket-shaped basenames: NNN-... (3-digit prefix).
+# Only gate ticket-shaped basenames per tier:
+#   problems: NNN-... (3-digit prefix)
+#   rfcs:     RFC-NNN-...
 # Non-ticket files (NOTES.md, archive/index.md, etc.) are project
-# housekeeping and don't need the duplicate-check.
-case "$BASENAME" in
-  [0-9][0-9][0-9]-*) ;;
-  *) exit 0 ;;
+# housekeeping and don't need the gate.
+case "$TIER" in
+  problems)
+    case "$BASENAME" in
+      [0-9][0-9][0-9]-*) ;;
+      *) exit 0 ;;
+    esac
+    ;;
+  rfcs)
+    case "$BASENAME" in
+      RFC-[0-9][0-9][0-9]-*) ;;
+      *) exit 0 ;;
+    esac
+    ;;
 esac
 
 # Existing file — Edit-flow / status-transition path. Only block
@@ -112,19 +145,31 @@ if [ -f "$FILE_PATH" ]; then
   exit 0
 fi
 
-# New ticket Write: gate on the Step-2 grep marker.
-if check_create_gate "$SESSION_ID"; then
-  exit 0
-fi
-
 # P142 / ADR-050: the runtime-SID instrumentation hook
 # (itil-runtime-sid-marker.sh) writes the runtime stdin session_id to a
 # per-machine marker on every PreToolUse:Bash|Write|Edit|Read event. The
 # `get_current_session_id` helper reads that marker as the authoritative
-# SID, so the marker `mark_step2_complete` writes is bound to the same
-# session_id this hook will see on the subsequent Write. SID-mismatch
-# denial is structurally eliminated; the only remaining deny path is
-# the routine "Step 2 grep has not run yet for this session" case, for
-# which the deny message stays focused and skill-pointing.
-create_gate_deny "BLOCKED: Cannot Write '${BASENAME}' under docs/problems/ without running /wr-itil:manage-problem Step 2 (duplicate-check) first. New problem tickets MUST be created via the skill so the duplicate-prevention grep fires before the file lands. Invoke the Skill tool with skill='wr-itil:manage-problem' and a description of the new problem; Step 2 will grep for related existing tickets and surface any matches via AskUserQuestion before creating the new ticket. (P119)"
+# SID, so the marker `mark_step2_complete` / `mark_rfc_capture_complete`
+# writes is bound to the same session_id this hook will see on the
+# subsequent Write. SID-mismatch denial is structurally eliminated; the
+# only remaining deny path is the routine "duplicate-check / capture
+# step has not run yet for this session" case.
+
+# New ticket Write: gate on the tier-specific marker.
+case "$TIER" in
+  problems)
+    if check_create_gate "$SESSION_ID"; then
+      exit 0
+    fi
+    create_gate_deny "BLOCKED: Cannot Write '${BASENAME}' under docs/problems/ without running /wr-itil:manage-problem Step 2 (duplicate-check) first. New problem tickets MUST be created via the skill so the duplicate-prevention grep fires before the file lands. Invoke the Skill tool with skill='wr-itil:manage-problem' and a description of the new problem; Step 2 will grep for related existing tickets and surface any matches via AskUserQuestion before creating the new ticket. (P119)"
+    exit 0
+    ;;
+  rfcs)
+    if check_rfc_capture_gate "$SESSION_ID"; then
+      exit 0
+    fi
+    create_gate_deny "BLOCKED: Cannot Write '${BASENAME}' under docs/rfcs/ without running /wr-itil:capture-rfc Step 2 (problem-trace validation) first. New RFC tickets MUST be created via the skill so the I1 trace-to-problem invariant is enforced before the file lands. Invoke the Skill tool with skill='wr-itil:capture-rfc' supplying the leading problem-trace argument (P<NNN> or P<NNN>,P<NNN>,...); Step 2 will validate that each traced problem exists. Without a problem-trace, capture-rfc emits a deny log entry to logs/rfc-capture-denials.jsonl per ADR-060 § Confirmation criterion 1 + § Reassessment trace-violation-rate criterion. (P170 / ADR-060)"
+    exit 0
+    ;;
+esac
 exit 0