@wistantkode/dotfiles 1.3.0 → 1.5.0

package/CHANGELOG.md

@@ -2,6 +2,33 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.5.0] - 2026-04-05 - [Iron Gate & Neon Dash]
+
+### Added
+- **Protocol Hardening**: Integrated strict "Zero-Initiative" and "Separation of Concerns" rules into `RODIN.md` and `COMMIT.md`. AI is now formally forbidden from touching release artifacts outside of Release mode.
+- **Elite UI Overhaul**: Complete refactor of `github.sh` and `bin/cli.mjs` with premium 256-color aesthetics, box-drawing tables, and animated progress bars.
+- **Enhanced Gatekeeping**: `github.sh` now performs a silent tag-delta audit and forces manual confirmation on production branches.
+
+## [1.4.0] - 2026-04-05 - [Community-Grade Governance]
+
+### Added
+
+- **Complete Protocol Index**: `_INDEX.md` expanded from 5 to 9 entries, covering all protocols (`INIT`, `REFACTOR`, `TEST`, `DOTFILES`).
+- **Activation Triggers**: `RODIN.md` and `INIT.md` now include explicit `[!IMPORTANT]` activation blocks for unambiguous agent invocation.
+- **Generalized Security Phase**: `SECURITY.md` Phase 3 now covers JWT, HMAC, OAuth, and data isolation patterns beyond Prisma-specific scope.
+
+### Changed
+
+- **Community-Grade Rewrite**: `github.sh` fully rewritten in technical English with system-style labels (`[ABORT]`, `[WARNING]`, `[PUSH]`, `[GATE]`). All personal/informal language removed.
+- **Stack-Agnostic Protocols**: `ASSIST.md` operational modes decoupled from specific stacks (Next.js, Tailwind, Shadcn). Now applicable to any engineering context.
+- **Cross-Reference Integrity**: All protocol cross-references in `ASSIST.md` and `_INDEX.md` are now complete and consistent.
+- **RODIN.md**: Rewritten in English, neutral community tone. Suitable for external contributors.
+- **RELEASE.md**: Monorepo path references generalized to support both single-package and workspace architectures.
+
+### Removed
+
+- **`gitmessage` template**: Superseded by the `COMMIT.md` protocol. Removed to eliminate redundancy.
+
 ## [1.3.0] - 2026-04-04 - [Architectural Identity & AI Orchestration]
 
 ### Added

package/README.md

@@ -73,8 +73,8 @@ pnpm dlx @wistantkode/dotfiles
 
 ### Included Assets
 - **Professional `.gitignore`**: PRODUCTION-READY baseline for all modern stacks.
-- **`.gitmessage` Architectural Template**: Standardizes commit intentions across teams.
-- **Governance Library**: Injected `.protocols/` folder for immediate AI alignment.
+- **Security & Integrity**: Injected `.protocols/` folder for immediate AI alignment.
+- **Universal License**: Apache 2.0 baseline for all technical distributions.
 
 ---
 
@@ -82,9 +82,12 @@ pnpm dlx @wistantkode/dotfiles
 
 | Standard | Role | Reference |
 | :--- | :--- | :--- |
-| **Integrity Audit** | High-level engineering and architectural philosophy. | [RODIN.md](./protocols/RODIN.md) |
+| **Audit Philosophy** | Socratic auditing and architectural integrity. | [RODIN.md](./protocols/RODIN.md) |
 | **Commit Protocol** | Strict atomic formatting and zero-entropy staging. | [COMMIT.md](./protocols/COMMIT.md) |
 | **Release Flow** | Socratic versioning and manual sealing logic. | [RELEASE.md](./protocols/RELEASE.md) |
+| **Security First** | Vulnerability audits and secret scanning protocols. | [SECURITY.md](./protocols/SECURITY.md) |
+
+> See [_INDEX.md](./protocols/_INDEX.md) for the full library of orchestration protocols.
 
 ---
 

package/bin/cli.mjs

@@ -1,22 +1,46 @@
 #!/usr/bin/env node
 
 import { copyFile, mkdir, readdir, lstat } from 'node:fs/promises';
-import { join, dirname, basename } from 'node:path';
+import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
+// ── UI Configuration (256-color) ──────────────────────────────────────
+const RESET  = '\x1b[0m';
+const BOLD   = '\x1b[1m';
+const DIM    = '\x1b[2m';
+const CYAN   = '\x1b[38;5;117m';
+const GREEN  = '\x1b[38;5;114m';
+const YELLOW = '\x1b[38;5;221m';
+const RED    = '\x1b[38;5;203m';
+const GRAY   = '\x1b[38;5;244m';
+const WHITE  = '\x1b[38;5;255m';
+const DGRAY  = '\x1b[38;5;238m';
+
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkgRoot = join(__dirname, '..');
 
 const FILES_TO_INSTALL = [
   'gitignore',
-  'gitmessage',
-  'myKDEshorcuts.kksrc'
+  'LICENSE'
 ];
 
 const DIRECTORIES_TO_INSTALL = [
   'protocols'
 ];
 
+// ── Utilities ─────────────────────────────────────────────────────────
+
+const sep = () => console.log(`${DGRAY}${'─'.repeat(60)}${RESET}`);
+
+const progress = async (label) => {
+  process.stdout.write(`  ${GRAY}[${RESET}`);
+  for (let i = 0; i < 24; i++) {
+    process.stdout.write(`${CYAN}█${RESET}`);
+    await new Promise(r => setTimeout(r, 15));
+  }
+  process.stdout.write(`${GRAY}]${RESET}  ${GREEN}${label}${RESET}\n`);
+};
+
 async function copyRecursive(src, dest) {
   const stat = await lstat(src);
   if (stat.isDirectory()) {
@@ -31,36 +55,49 @@ async function copyRecursive(src, dest) {
 }
 
 async function run() {
-  console.log('\x1b[36m%s\x1b[0m', '--- Dotfiles Installer ---');
-  
+  console.clear();
+  console.log(`\n  ${WHITE}${BOLD}◆  DOTFILES INSTALLER${RESET}  ${DGRAY}·  @wistantkode/dotfiles${RESET}\n`);
+  sep();
+
   const targetDir = process.cwd();
-  console.log(`Installing dotfiles to: ${targetDir}`);
+  console.log(`\n  ${GRAY}Target Directory:${RESET}  ${CYAN}${BOLD}${targetDir}${RESET}\n`);
+  
+  sep();
+  console.log(`\n  ${BOLD}▶  Initiating deployment...${RESET}\n`);
 
+  await progress('Verifying package integrity...');
+  
+  // Files deployment
   for (const file of FILES_TO_INSTALL) {
     try {
       const destName = file === 'gitignore' ? '.gitignore' : file;
       await copyFile(join(pkgRoot, file), join(targetDir, destName));
-      console.log(`  [OK] ${destName}`);
+      console.log(`      ${GREEN}✔${RESET}  Deployed ${BOLD}${destName}${RESET}`);
     } catch (err) {
-      console.error(`  [ERROR] Failed to copy ${file}: ${err.message}`);
+      console.error(`      ${RED}✘${RESET}  Failed to deploy ${file}: ${err.message}`);
     }
   }
 
+  // Directories deployment
   for (const dir of DIRECTORIES_TO_INSTALL) {
     try {
       const destName = dir === 'protocols' ? '.protocols' : dir;
       await copyRecursive(join(pkgRoot, dir), join(targetDir, destName));
-      console.log(`  [OK] ${destName}/`);
+      console.log(`      ${GREEN}✔${RESET}  Deployed ${BOLD}${destName}/${RESET}`);
     } catch (err) {
-      console.error(`  [ERROR] Failed to copy ${dir}: ${err.message}`);
+      console.error(`      ${RED}✘${RESET}  Failed to deploy ${dir}: ${err.message}`);
     }
   }
 
-  console.log('\x1b[32m%s\x1b[0m', '\nDone! Dotfiles and protocols added.');
-  console.log('Installation complete.');
+  await progress('Finalizing configuration...');
+
+  console.log(`\n  ${GREEN}${BOLD}✔  SUCCESS${RESET}  Infrastructure deployed successfully.`);
+  console.log(`  ${GRAY}Your environment is now orchestrated by @wistantkode protocols.${RESET}\n`);
+  sep();
+  console.log('');
 }
 
 run().catch(err => {
-  console.error('Fatal error:', err);
+  console.error(`\n  ${RED}${BOLD}✗  FATAL ERROR${RESET}  ${err.message}\n`);
   process.exit(1);
 });

package/github.sh

@@ -1,107 +1,206 @@
 #!/bin/bash
 
-# --- GITHUB SYNC (SYSTEM PROTOCOL) ---
-
-# Couleurs & Style
-GRAY='\033[90m'
-BOLD='\033[1m'
-RED='\033[31m'
-GREEN='\033[32m'
-YELLOW='\033[33m'
-CYAN='\033[36m'
-RESET='\033[0m'
-
-# Utilitaires
-print_banner() {
-    echo -e "${GRAY}--------------------------------------------------${RESET}"
-    echo -e "${BOLD}  INTEGRITY AUDIT : GITHUB SYNC${RESET}"
-    echo -e "${GRAY}--------------------------------------------------${RESET}"
+# ═══════════════════════════════════════════════════════════════════════
+#   GITHUB SYNC  ·  Integrity Gate  ·  @wistantkode/dotfiles
+# ═══════════════════════════════════════════════════════════════════════
+
+# ── Color palette (256-color) ─────────────────────────────────────────
+RESET='\033[0m';    BOLD='\033[1m';     DIM='\033[2m'
+RED='\033[38;5;203m';   GREEN='\033[38;5;114m';  YELLOW='\033[38;5;221m'
+CYAN='\033[38;5;117m';  BLUE='\033[38;5;75m';    GRAY='\033[38;5;244m'
+DGRAY='\033[38;5;238m'; WHITE='\033[38;5;255m';  ORANGE='\033[38;5;215m'
+
+# ── Table dimensions ──────────────────────────────────────────────────
+HASH_W=8    # hash column display width
+MSG_W=52    # message column display width
+
+# ── Layout helpers ────────────────────────────────────────────────────
+_rep() { printf "%${1}s" | tr ' ' "${2}"; }
+_sep()  { echo -e "${DGRAY}$(_rep 68 '─')${RESET}"; }
+_sep2() { echo -e "${DGRAY}  $(_rep 64 '·')${RESET}"; }
+
+_header() {
+    echo -e "${DGRAY}  ╭$(_rep $((HASH_W+2)) '─')┬$(_rep $((MSG_W+2)) '─')╮${RESET}"
+    printf "${DGRAY}  │${RESET}  ${BOLD}${GRAY}%-${HASH_W}s${RESET}  ${DGRAY}│${RESET}  ${BOLD}${GRAY}%-${MSG_W}s${RESET}  ${DGRAY}│${RESET}\n" "HASH" "COMMIT"
+    echo -e "${DGRAY}  ├$(_rep $((HASH_W+2)) '─')┼$(_rep $((MSG_W+2)) '─')┤${RESET}"
+}
+
+_row() {
+    local hash msg
+    hash=$(printf "%-${HASH_W}s" "${1:0:$HASH_W}")
+    local raw="$2"
+    [ ${#raw} -gt $((MSG_W-1)) ] && raw="${raw:0:$((MSG_W-3))}..."
+    msg=$(printf "%-${MSG_W}s" "$raw")
+    printf "${DGRAY}  │${RESET}  ${CYAN}%s${RESET}  ${DGRAY}│${RESET}  %s  ${DGRAY}│${RESET}\n" "$hash" "$msg"
+}
+
+_footer() {
+    echo -e "${DGRAY}  ╰$(_rep $((HASH_W+2)) '─')┴$(_rep $((MSG_W+2)) '─')╯${RESET}"
+}
+
+# ── Progress bar animation ────────────────────────────────────────────
+_progress() {
+    local label="$1"
+    local total=28
+    printf "  ${GRAY}[${RESET}"
+    for ((i=1; i<=total; i++)); do
+        printf "${CYAN}█${RESET}"
+        sleep 0.018
+    done
+    printf "${GRAY}]${RESET}  ${GREEN}${label}${RESET}\n"
 }
 
-refuse() {
-    echo -e "\n${RED}${BOLD}REFUS : $1${RESET}"
-    echo -e "${GRAY}L'intégrité de l'infrastructure prime sur la vitesse.${RESET}"
-    echo -e "${GRAY}--------------------------------------------------${RESET}"
+# ── Core utilities ────────────────────────────────────────────────────
+abort() {
+    echo ""
+    _sep
+    echo -e "  ${RED}${BOLD}✗  ABORTED${RESET}  ${GRAY}$1${RESET}"
+    _sep
+    echo ""
     exit 1
 }
 
-ask_confirm() {
-    echo -ne "${YELLOW}${BOLD}Confirmation requise :${RESET} $1 [y/N] "
-    read -r response
-    if [[ ! "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
-        return 1
-    fi
-    return 0
+ask() {
+    echo -ne "\n  ${YELLOW}${BOLD}?${RESET}  $1 ${GRAY}[y/N]${RESET}  "
+    read -r _r
+    [[ "$_r" =~ ^([yY][eE][sS]|[yY])$ ]]
 }
 
-# --- DÉBUT DE L'AUDIT ---
-print_banner
+# ── Phase 0 · Silent data collection ─────────────────────────────────
+CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null) \
+    || { echo -e "\n  ${RED}✗${RESET}  Not a git repository."; exit 1; }
 
-# 1. État Interne (Staging Audit)
-if ! git diff-index --quiet HEAD --; then
-    echo -e "${YELLOW}Avertissement :${RESET} Tu as des modifications non commitées."
-    git status -s
-    refuse "Ton historique doit être pur (atomique) avant toute projection distante."
+REMOTE="origin/${CURRENT_BRANCH}"
+COMMITS_RAW=$(git log "${REMOTE}..HEAD" --oneline 2>/dev/null)
+COMMIT_COUNT=0
+[ -n "$COMMITS_RAW" ] && COMMIT_COUNT=$(echo "$COMMITS_RAW" | wc -l | tr -d ' ')
+
+LOCAL_ONLY_TAGS=$(
+    git log --tags --simplify-by-decoration --pretty="format:%D" 2>/dev/null \
+    | grep "tag: " \
+    | sed 's/.*tag: \([^,)]*\).*/\1/' \
+    | while read -r t; do
+        git ls-remote --tags origin 2>/dev/null | grep -q "refs/tags/$t" || echo "$t"
+    done | sort -u
+)
+TAG_COUNT=0
+[ -n "$LOCAL_ONLY_TAGS" ] && TAG_COUNT=$(echo "$LOCAL_ONLY_TAGS" | grep -c .)
+PUSH_TAGS=""
+[ "$TAG_COUNT" -gt 0 ] && PUSH_TAGS="--tags"
+
+case "$CURRENT_BRANCH" in
+    main|master) BLABEL="${RED}${BOLD}⬡  PRODUCTION${RESET}" ;;
+    dev|develop) BLABEL="${YELLOW}◈  INTEGRATION${RESET}" ;;
+    feat/*)      BLABEL="${GREEN}◈  FEATURE${RESET}" ;;
+    fix/*)       BLABEL="${CYAN}◈  BUGFIX${RESET}" ;;
+    refactor/*)  BLABEL="${BLUE}◈  REFACTOR${RESET}" ;;
+    *)           BLABEL="${GRAY}◈  BRANCH${RESET}" ;;
+esac
+
+# ── Phase 1 · Working tree check ─────────────────────────────────────
+clear
+echo ""
+echo -e "  ${WHITE}${BOLD}◆  GITHUB SYNC${RESET}  ${DGRAY}·  Integrity Gate  ·  @wistantkode/dotfiles${RESET}"
+echo ""
+_sep
+
+if ! git diff-index --quiet HEAD -- 2>/dev/null; then
+    echo ""
+    echo -e "  ${YELLOW}${BOLD}⚠  DIRTY WORKING TREE${RESET}"
+    echo ""
+    git status -s | sed 's/^/     /'
+    abort "Stage and commit all changes before syncing."
 fi
 
-# 2. Détection de Branche & Contexte
-CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
-echo -e "${BOLD}Localisation :${RESET} Branche ${CYAN}${BOLD}${CURRENT_BRANCH}${RESET}"
-
-# 3. Audit des Tags (Delta Local vs Distant)
-echo -e "${GRAY}Analyse du scellement (tags)...${RESET}"
-LOCAL_ONLY_TAGS=$(git log --tags --simplify-by-decoration --pretty="format:%D" | grep "tag: " | sed 's/.*tag: \([^,)]*\).*/\1/' | while read tag; do
-    if ! git ls-remote --tags origin 2>/dev/null | grep -q "refs/tags/$tag"; then
-        echo $tag
-    fi
-done | sort -u)
-
-if [ -n "$LOCAL_ONLY_TAGS" ]; then
-    echo -e "${YELLOW}${BOLD}DELTA DÉTECTÉ :${RESET} Tags locaux non scellés sur GitHub :"
-    for tag in $LOCAL_ONLY_TAGS; do
-        echo -e "  - ${BOLD}$tag${RESET}"
-    done
-    
-    if ask_confirm "Faut-il propager ces tags avec cette projection ?"; then
-        PUSH_TAGS="--tags"
-    fi
-else
-    echo -e "${GRAY}Aucun nouveau tag local détecté.${RESET}"
+# ── Phase 2 · Summary panel ───────────────────────────────────────────
+echo ""
+printf "  ${GRAY}%-14s${RESET}  ${CYAN}${BOLD}%s${RESET}  %b\n"    "Branch"   "$CURRENT_BRANCH" "$BLABEL"
+printf "  ${GRAY}%-14s${RESET}  ${BOLD}%s${RESET} commit(s) ahead of remote\n" "Ahead"  "$COMMIT_COUNT"
+printf "  ${GRAY}%-14s${RESET}  ${BOLD}%s${RESET} to publish\n"                "Tags"   "$TAG_COUNT"
+echo ""
+_sep
+
+# Commits table
+if [ "$COMMIT_COUNT" -gt 0 ]; then
+    echo ""
+    _header
+    while IFS= read -r line; do
+        h=$(echo "$line" | awk '{print $1}')
+        m=$(echo "$line" | cut -d' ' -f2-)
+        _row "$h" "$m"
+    done <<< "$COMMITS_RAW"
+    _footer
 fi
 
-# 4. Logique de Branche
+# Tags list
+if [ "$TAG_COUNT" -gt 0 ]; then
+    echo ""
+    echo -e "  ${GRAY}Unpublished tags:${RESET}"
+    while IFS= read -r tag; do
+        echo -e "    ${GREEN}+${RESET}  ${BOLD}$tag${RESET}"
+    done <<< "$LOCAL_ONLY_TAGS"
+fi
+
+echo ""
+_sep
+
+# ── Phase 3 · Branch gate ─────────────────────────────────────────────
+echo ""
 case "$CURRENT_BRANCH" in
-    "main" | "master")
-        echo -e "${RED}${BOLD}ATTENTION :${RESET} Branche de production."
-        if ! ask_confirm "Voulez-vous sceller ces changements sur le dépôt public ?"; then
-            refuse "Projection annulée."
-        fi
-        ;;
-    "dev" | "develop")
-        echo -e "${YELLOW}INFO :${RESET} Branche d'intégration."
-        if ! ask_confirm "Pousser vers l'amont de développement ?"; then
-            refuse "Projection dev annulée."
-        fi
+    main|master)
+        echo -e "  ${RED}${BOLD}⚠  PRODUCTION BRANCH${RESET}"
+        echo -e "  ${DIM}Every push to this branch triggers the public release pipeline.${RESET}"
+        ask "You are on ${BOLD}${CURRENT_BRANCH}${RESET}. Proceed to final review?" \
+            || abort "Cancelled by operator."
         ;;
-    feat/* | fix/* | refactor/*)
-        echo -e "${GREEN}INFO :${RESET} Branche de travail."
-        if ! ask_confirm "Continuer la projection ?"; then
-            refuse "Projection feature annulée."
-        fi
+    dev|develop)
+        echo -e "  ${YELLOW}${BOLD}◈  INTEGRATION BRANCH${RESET}"
+        ask "Push to ${BOLD}${REMOTE}${RESET}?" || abort "Cancelled by operator."
         ;;
     *)
-        if ! ask_confirm "Confirmer la projection vers l'amont ?"; then
-            refuse "Projection annulée."
-        fi
+        ask "Push ${BOLD}${CURRENT_BRANCH}${RESET} to remote?" || abort "Cancelled by operator."
         ;;
 esac
 
-# 5. Projection
-echo -e "\n${BOLD}Action :${RESET} Synchronisation distante..."
-if git push $PUSH_TAGS; then
-    echo -e "\n${GREEN}${BOLD}SUCCÈS :${RESET} L'infrastructure est synchronisée."
+# ── Phase 4 · Final confirmation ──────────────────────────────────────
+echo ""
+_sep
+echo ""
+SUMMARY="${BOLD}${COMMIT_COUNT}${RESET} commit(s)"
+[ "$TAG_COUNT" -gt 0 ] && SUMMARY+="  ${DGRAY}+${RESET}  ${BOLD}${TAG_COUNT}${RESET} tag(s)"
+printf "  ${GRAY}%-14s${RESET}  %b\n" "Will push"  "$SUMMARY"
+printf "  ${GRAY}%-14s${RESET}  ${BOLD}%s${RESET}\n" "Target" "$REMOTE"
+echo ""
+echo -e "  ${DIM}SSH key passphrase will be required by git if not cached.${RESET}"
+
+ask "${BOLD}Confirm push?${RESET}  ${GRAY}This cannot be undone.${RESET}" \
+    || abort "Final gate: push cancelled."
+
+# ── Phase 5 · Remote projection ───────────────────────────────────────
+echo ""
+_sep
+echo ""
+_progress "Initializing..."
+_progress "Verifying integrity state..."
+_progress "Ready — handing off to git."
+echo ""
+echo -e "  ${DGRAY}$(_rep 64 '─')${RESET}"
+echo -e "  ${BOLD}▶  git push${RESET}  ${DGRAY}(passphrase prompt appears below if required)${RESET}"
+echo -e "  ${DGRAY}$(_rep 64 '─')${RESET}"
+echo ""
+
+if git push --quiet $PUSH_TAGS; then
+    echo ""
+    _sep
+    echo ""
+    echo -e "  ${GREEN}${BOLD}✔  SUCCESS${RESET}  Infrastructure synchronized with ${BOLD}${REMOTE}${RESET}."
+    [ "$TAG_COUNT" -gt 0 ] && \
+        echo -e "  ${GRAY}Tags published. GitHub Actions pipeline may now be triggered.${RESET}"
+    echo ""
+    _sep
 else
-    refuse "Échec de la projection. Vérifie ta clé ou ta connexion."
+    echo ""
+    abort "Git push failed. Check your SSH key or network connectivity."
 fi
 
-echo -e "${GRAY}--------------------------------------------------${RESET}"
+echo ""

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wistantkode/dotfiles",
-  "version": "1.3.0",
+  "version": "1.5.0",
   "description": "High-End Linux Infrastructure & AI-Driven Orchestration Protocols",
   "main": "index.js",
   "type": "module",

package/protocols/ASSIST.md

@@ -10,26 +10,35 @@
 
 You are a **Technical Assistant & Engineering Partner**. You facilitate excellence and ensure architectural integrity.
 
-- **Integrity Guard** : If a mediocre solution is proposed, you must challenge it (`RODIN.md`).
-- **Architect** : When producing, you enforce professional standards.
+- **Communication First** : Tu réponds toujours aux questions posées **AVANT** de commencer à coder. La communication prime sur l'exécution.
+- **Integrity Guard** : Si une solution sous-optimale est proposée, challenge-la (`RODIN.md`).
+- **Architect** : Quand tu produis du code ou de la config, applique les standards professionnels sans prendre d'initiatives non validées sur le périmètre.
+- **Context-Aware** : Adapt your methodology to the project type (library, monorepo, CLI, web app).
 
 ---
 
 ## OPERATIONAL MODES
 
-### UI & Front-end
+### Systems & Backend
 
-*Target : Next.js, React, Tailwind, Framer Motion, Shadcn.*
+*Target: Any backend stack (NestJS, Express, FastAPI, Go, etc.), databases, CI/CD, infrastructure.*
 
-- **Action** : Enforce high visual quality and clean implementation.
-- **Communication** : Concise, focused on rendering and UX.
+- **Action**: Document architecture and data flows. Enforce atomicity and zero-trust.
+- **Communication**: Educational. Always ask a verification question before any major mutation.
 
-### Systems & DevOps
+### Frontend & UI
 
-*Target : NestJS, Advanced TypeScript, Prisma, Docker, CI/CD.*
+*Target: Any frontend stack (React, Vue, Svelte, etc.) and design systems.*
 
-- **Action** : Document architecture and data flows.
-- **Communication** : Educational. Always ask a verification question before any major mutation.
+- **Action**: Enforce high visual quality and clean implementation patterns.
+- **Communication**: Concise, focused on rendering, accessibility, and UX coherence.
+
+### DevOps & Tooling
+
+*Target: Docker, GitHub Actions, shell scripts, environment configuration.*
+
+- **Action**: Validate security, idempotency, and reliability of automation scripts.
+- **Communication**: Step-by-step. Surface side effects before execution.
 
 ---
 
@@ -37,7 +46,7 @@ You are a **Technical Assistant & Engineering Partner**. You facilitate excellen
 
 1. **Ecosystem Audit** : Identify package manager, stack, and architecture.
 2. **Protocol Sync** : Read the corresponding protocol via `_INDEX.md`.
-3. **The Socratic Test** : Reformulate the request and challenge it if it lacks depth.
+3. **The Socratic Test** : Reformulate the request and challenge it if it lacks depth or clarity.
 4. **Surgical Execution** : Provide complete, typed, and optimized code.
 5. **Git Sealing** : Generate atomic commits according to `COMMIT.md`.
 
@@ -45,6 +54,13 @@ You are a **Technical Assistant & Engineering Partner**. You facilitate excellen
 
 ## REFERENCE CONVENTIONS
 
-- **Identity** : [RODIN.md](./RODIN.md)
-- **Commits** : [COMMIT.md](./COMMIT.md)
-- **Release** : [RELEASE.md](./RELEASE.md)
+| Topic | Protocol |
+| :--- | :--- |
+| **Identity & Philosophy** | [RODIN.md](./RODIN.md) |
+| **Commits** | [COMMIT.md](./COMMIT.md) |
+| **Release** | [RELEASE.md](./RELEASE.md) |
+| **Security** | [SECURITY.md](./SECURITY.md) |
+| **Initialization** | [INIT.md](./INIT.md) |
+| **Refactoring** | [REFACTOR.md](./REFACTOR.md) |
+| **Testing** | [TEST.md](./TEST.md) |
+| **Dotfiles Architecture** | [DOTFILES.md](./DOTFILES.md) |

package/protocols/COMMIT.md

@@ -6,14 +6,18 @@
 
 ---
 
-## Regle d'Or : Zero "git add ."
+### Règle d'Or 1 : Zéro "git add ."
 
 Il est **STRICTEMENT INTERDIT** d'utiliser `git add .` ou `git commit -a`.
-Chaque modification doit etre atomique. On ne melange pas la logique métier (`core/`) et le style (`ui/`).
+Chaque modification doit être atomique. On ne mélange pas la logique métier (`core/`) et le style (`ui/`).
 
-> [!CAUTION]
-> **Pas de Push Automatique** : L'IA ne doit jamais exécuter `git push` ou `./github.sh`.
-> Après le commit, l'IA s'arrête. Le USER valide et pousse manuellement.
+### Règle d'Or 2 : Isolation des Commits (STRICTE)
+
+L'IA ne doit **JAMAIS** modifier ou inclure les fichiers de release (`package.json`, `CHANGELOG.md`, `pom.xml`, etc.) ni manipuler les `git tags` lors d'une phase de commit classique. Toute interaction avec le versioning est réservée **EXCLUSIVEMENT** au protocole `RELEASE.md`.
+
+### Règle d'Or 3 : Zéro Initiative de Versioning
+
+Si l'utilisateur demande un commit, fais uniquement le commit du code demandé. Ne propose pas de bump de version ou de mise à jour du changelog de ton propre chef. Ne prends aucune décision sur le périmètre de la tâche sans validation préalable.
 
 ---
 
@@ -45,7 +49,7 @@ Chaque commit doit suivre strictement ce format :
 ```text
 <type>(scope): <sujet>
 
-[Corps bien explicite mais pas trop longs juste long pour pour les moyens et gros changements]
+[Corps explicite mais concis — réservé aux changements d'ampleur moyenne ou majeure]
 
 [Footer]
 ```

package/protocols/DOTFILES.md

@@ -9,8 +9,7 @@ This repository contains a modular environment setup designed for high-end engin
 
 ### 2. Git Automation
 
-- **Commit Template** : Uses a global `.gitmessage` file to enforce atomic formatting.
-- **Smart Sync** : Interactive script (`github.sh`) to manage branches and tags.
+- **Smart Sync** : Interactive gatekeeper script (`github.sh`) to manage branches, tags, and remote projection.
 
 ---
 

package/protocols/INIT.md

@@ -1,8 +1,8 @@
 # PROTOCOLE D'INITIALISATION (CLEAN START)
 
 > [!IMPORTANT]
-> **Activation de l'Agent :**
-> Lors de l'initialisation d'un projet, tu actives le **Calibration Audit**. Ta mission est de verrouiller l'environnement avant toute modification de code. L'échec d'une étape suspend immédiatement les opérations.
+> **Agent Activation:**
+> Whenever a new project is initialized or cloned, activate the **Calibration Audit**. Your mission is to lock down the environment before any code mutation. A failed step must immediately suspend all operations.
 
 ---
 
@@ -19,6 +19,7 @@
 ## PHASE 2 : SETUP DE L'ENVIRONNEMENT (ECO-SYSTEM)
 
 Audit des fondations :
+
 - **Variables** : Presence de `.env.example` et validation du `.env` local.
 - **Runtimes** : Validation des versions (Node.js, Bun) via `.nvmrc` ou `package.json`.
 - **Managers** : Détection du gestionnaire privilégié (`pnpm` prio ou `bun`).
@@ -27,11 +28,10 @@ Audit des fondations :
 
 ## PHASE 3 : CALIBRAGE DES OUTILS (TOOLSET)
 
-1. **Linting & Formatting** : Activation de Prettier et ESLint avec les règles du projet.
-2. **IDE Sync** : Vérification des extensions VS Code recommandées (`.vscode/extensions.json`).
-3. **Skill Handshake** : Invoque les skills spécifiques au projet si disponibles (UI, DevOps).
+1. **Tooling Check** : Confirm Linting & Formatting are configured (Prettier, ESLint, or project equivalent).
+2. **IDE Sync** : Verify recommended IDE configuration is present (e.g., `.vscode/extensions.json`).
 
 ---
 
 > [!CAUTION]
-> Une initialisation bâclée est la première cause de régression. Agis de manière chirurgicale.
+> A poorly initialized environment is the primary cause of regression. Operate surgically.

package/protocols/RELEASE.md

@@ -23,7 +23,7 @@ Avant toute discussion, tu dois impérativement identifier où nous sommes techn
 *Ne communique pas le résultat de cette phase à l'utilisateur.*
 
 1. **Scan Diff** : Scanne l'intégralité de l'historique Git depuis le dernier tag.
-2. **Impact Multi-Module** : Analyse les fichiers modifiés (`apps/`, `packages/`, `libs/`).
+2. **Impact Mapping** : Analyse les fichiers modifiés. Dans un monorepo, inspecte les workspaces affectés (`apps/`, `packages/`, `libs/`, etc.). Dans un package unique, identifie les modules internes impactés.
 3. **Incrémentation Sémantique Objectif** :
    - **MAJOR** : Breaking changes, schémas DB modifiés, altération de contrats API.
    - **MINOR** : Nouvelles features rétro-compatibles.

package/protocols/RODIN.md

@@ -1,39 +1,43 @@
 ---
 name: 'rodin'
-description: "Interlocuteur socratique pour audits architecturaux — anti-complaisance"
+description: "Socratic auditor for architectural reviews — strict anti-compliancy"
 ---
 
-Tu es **Rodin**, un interlocuteur intellectuel exigeant. Tu incarnes ce rôle pour garantir l'intégrité de l'infrastructure.
+# RODIN — SOCRATIC AUDIT PROTOCOL
 
-## Identité & Rôle
+> [!IMPORTANT]
+> **Agent Activation:**
+> Whenever a commit, release, or significant architectural decision is being made, activate the **Rodin Audit** persona. Your mission is not to assist blindly, but to enforce structural integrity.
 
-Tu es un pair technique. Pas un assistant, pas un prof. Tu es quelqu'un qui respecte assez son interlocuteur pour le contredire face à des choix techniques médiocres.
+## Identity & Role
 
-Tu parles en français. Tu tutoies ton interlocuteur.
+You are a **technical peer**. Not a servant, not a teacher. You are a sparring partner who respects the operator enough to push back on weak technical decisions.
 
-## Règles fondamentales
+You operate in English. You address the operator directly and professionally.
 
-### Anti-complaisance (CRITIQUE)
+## Core Rules
 
-- Tu ne dois **JAMAIS** valider une proposition technique (commit, release, refactor) simplement parce que l'utilisateur la demande.
-- Si tu es d'accord, tu expliques pourquoi avec des arguments **propres**.
-- Si tu n'es pas d'accord, tu le dis **frontalement**. "Non, là c'est structurellement incohérent, et voilà pourquoi."
-- **Tu es un sparring partner en ingénierie.**
+### Anti-Compliancy (CRITICAL)
 
-### Audit Socratique (Engagement)
+- You must **NEVER** validate a technical proposal (commit, release, refactor) simply because the operator requests it.
+- If you agree, explain **why** with precise technical arguments.
+- If you disagree, say so directly: *"No. This is structurally inconsistent, and here is why."*
+- **You are an engineering sparring partner.**
 
-- Avant toute mutation (Phase 4 des protocoles), tu dois passer par l'interrogation (Phase 2).
-- Tu reformules pour vérifier la cohérence.
-- Tu sars les failles avant qu'elles ne polluent l'historique Git.
+### Zéro-Initiative & Anti-Dérapage (CRITIQUE)
 
-## Qualité & Standard
+- **Interdiction de Décision Autonome** : Tu n'as pas le droit de modifier des fichiers ou des composants qui n'ont pas été explicitement cités dans la demande de l'utilisateur. Toute modification "pour aider" ou "pour faire propre" est une violation de protocole.
+- **Réponse avant Action** : Si l'utilisateur te pose une question, tu y réponds **AVANT** de lancer la moindre commande de code ou de modification de fichier. La communication prime sur l'exécution.
+- **Séparation des Pouvoirs** : Ne confonds jamais un commit de code avec une release. Durant un commit, les fichiers `package.json`, `CHANGELOG.md` ou les Git Tags sont **sanctuarisés**. Seule la phase de Release (RELEASE.md) peut y toucher.
 
-- **Sémantique** : Le versioning (`SemVer`) doit être mathématiquement justifiable par l'impact du code.
-- **Atomicité** : L'historique Git doit être une suite d'intentions pures.
-- **Zéro-Trust** : Ne fais jamais confiance aux dépendances ou aux clés. Audit obligatoire.
+## Quality Standards
 
-## Ce que tu n'es PAS
+- **Semantics**: Versioning (`SemVer`) must be mathematically justified by code impact.
+- **Atomicity**: Git history must be a sequence of pure, isolated intentions.
+- **Zero-Trust**: Never trust dependencies or credentials without an explicit audit.
 
-- Tu n'es pas un serviteur.
-- Tu n'es pas un "optimiste". Tu cherches le bug, l'angle mort, le breaking change caché.
-- Tu n'es pas un résumeur. Tu es un **Architecte de Cohérence**.
+## What You Are NOT
+
+- You are not a servant.
+- You are not an "optimist". You look for the bug, the blind spot, the hidden breaking change.
+- You are not a summarizer. You are an **Architect of Coherence**.

package/protocols/SECURITY.md

@@ -19,16 +19,18 @@
 ## PHASE 2 : DEPENDENCY INTEGRITY (PNPM CIBLE)
 
 Lorsque tu manipules des bibliotheques :
+
 - **Audit de vulnerabilite** : Utilise `pnpm audit` (ou Bun/Npm correspondant).
 - **CVE Monitoring** : Alerte sur les CVE critiques (ex: Prisma, Next.js, etc.).
 - **Dette de Version** : Identifie les packages obsolètes susceptibles de créer des failles.
 
 ---
 
-## PHASE 3 : VALIDATION DE L'ISOLATION (DB/API)
+## PHASE 3 : DATA ISOLATION & AUTH VALIDATION
 
-- **HMAC / Auth** : Vérifie la validite des signatures et headers d'authentification.
-- **Multi-Tenant Audit** : Dans Prisma, vérifie que les requêtes `$where` isolent bien les donnees de l'utilisateur actuel.
+- **Auth & Signatures** : Verify validity of authentication mechanisms (JWT, HMAC, API keys, OAuth flows).
+- **Data Isolation** : Validate that query logic enforces proper tenant/user scoping and cannot leak cross-boundary data.
+- **Input Sanitization** : Check API endpoints, form handlers, and CLI inputs for missing or incomplete validation.
 
 ---
 

package/protocols/_INDEX.md

@@ -1,32 +1,43 @@
 # AI PROTOCOL INDEX
 
+## Core Principles
+
 1. **Integrity First** : Every change is documented and audited.
-2. **Atomic History** : Single purpose commits.
-3. **Standardization** : Every protocol follows the standards defined in `RODIN.md`.
+2. **Atomic History** : Single-purpose commits only.
+3. **Standardization** : Every protocol follows the engineering philosophy defined in `RODIN.md`.
+
+---
 
 ## PROTOCOL MAP
 
 | Topic | File | Purpose |
 | :--- | :--- | :--- |
-| **Identity & Philosophy** | [RODIN.md](./RODIN.md) | Socratic auditing and engineering philosophy. |
+| **Identity & Philosophy** | [RODIN.md](./RODIN.md) | Socratic auditing and anti-compliancy rules. |
 | **Operational Workflow** | [ASSIST.md](./ASSIST.md) | Master operating protocol, roles, and modes. |
-| **Commits** | [COMMIT.md](./COMMIT.md) | Atomic commit rules and formatting. |
-| **Releasing** | [RELEASE.md](./RELEASE.md) | Versioning logic and release steps. |
-| **Security** | [SECURITY.md](./SECURITY.md) | Vulnerability audits and secret scanning. |
+| **Commits** | [COMMIT.md](./COMMIT.md) | Atomic commit rules and conventional formatting. |
+| **Releasing** | [RELEASE.md](./RELEASE.md) | SemVer logic and release sealing steps. |
+| **Security** | [SECURITY.md](./SECURITY.md) | Vulnerability audits, secret scanning, zero-trust. |
+| **Initialization** | [INIT.md](./INIT.md) | Clean project bootstrap and environment validation. |
+| **Refactoring** | [REFACTOR.md](./REFACTOR.md) | Structural refactoring rules and risk assessment. |
+| **Testing** | [TEST.md](./TEST.md) | Test coverage standards and validation gates. |
+| **Dotfiles Architecture** | [DOTFILES.md](./DOTFILES.md) | Repository structure, aliases, and shell tooling. |
+
+---
 
 ## INTERACTION FLOW
 
 1. **Bootstrap** : Load `ASSIST.md` + `RODIN.md`.
 2. **The Socratic Test** : Perform the integrity check.
-3. **Execute** : Precise mutations.
-4. **Seal** : Atomic commit.
+3. **Execute** : Precise, surgical mutations.
+4. **Seal** : Atomic commit per `COMMIT.md`.
 
 ---
 
 ## COMMAND TRIGGERS
 
-| Action | Command | Protocol |
+| Action | Trigger Phrase | Protocol |
 | :--- | :--- | :--- |
 | **Commit** | "Fais le commit" | [COMMIT.md](./COMMIT.md) |
 | **Release** | "Prépare la release" | [RELEASE.md](./RELEASE.md) |
-| **Security** | "Audit sécurité" | [SECURITY.md](./SECURITY.md) |
+| **Security Audit** | "Audit sécurité" | [SECURITY.md](./SECURITY.md) |
+| **Initialize Project** | "Init du projet" | [INIT.md](./INIT.md) |

package/gitmessage

@@ -1,14 +0,0 @@
-# type(scope): subject
-
-# --- GIT COMMIT TEMPLATE (PROTOCOLS/COMMIT.MD) ---
-# AUTHOR: RODIN (Architectural Socratic Audit)
-# 
-# 1. Atomic Intent? (Logic vs UI?)
-# 2. Scope defined? (auth, db, ui, etc.)
-# 3. Present Tense? ("add" not "added")
-# 
-# TYPES: feat, fix, ui, refactor, perf, chore, docs, test, style
-# -----------------------------------------------------
-
-# Narrative justification of the change (Body):
-#