@zhixuan92/multi-model-agent-core 4.0.6 → 4.1.0

package/dist/tools/audit/implementer-criteria.js

@@ -1,36 +1,138 @@
 /**
  * Audit-specific implementer criteria.
  *
- * Audit examines a prose artifact (spec, design doc, API contract,
- * config, plan). The "thing being examined" is text — not source code —
- * so evidence and scope rules differ from review/debug:
+ * AUDIT'S PURPOSE — read this before adding categories.
+ * Most audit targets are spec / plan / design / recommendation files that
+ * will subsequently be EXECUTED BY A LOW-JUDGMENT WORKER (a sub-agent that
+ * follows the spec literally, with little ability to disambiguate or
+ * choose between alternatives). The audit's success criterion is:
+ *
+ *   "After audit + fixes, can a literal-following worker execute this
+ *    artifact without failing, picking wrong, or getting stuck?"
+ *
+ * That criterion is what makes a finding load-bearing. Stylistic nits
+ * don't block execution; ambiguity, contradictions, missing verification,
+ * unspecified branches, out-of-order steps, and overloaded terms do.
+ *
+ * EVIDENCE & SCOPE for prose artifacts.
+ * Audit examines a prose artifact (spec, design doc, plan, recommendation
+ * doc, API contract, config, brief). The "thing being examined" is text —
+ * not source code — so evidence and scope rules differ from review/debug:
  *
  *  - Evidence is a doc quote, OR a precise reference to a section/item
  *    that *should* address the issue but doesn't (absence-finding), OR
- *    a doc-claim + contradicting source (wrong-claim finding).
+ *    a doc-claim + contradicting source (wrong-claim finding), OR
+ *    two sections of the doc that contradict each other (internal-
+ *    coherence finding).
  *  - Scope is the document and what it directly references; cross-section
  *    reasoning IS the value of an audit.
+ *
+ * The failure-mode rubric below tells the worker WHAT KINDS of issues to
+ * look for in a prose artifact. Without it, workers calibrated on code
+ * audits collapse to surface-level proofreading on documents.
  */
+/**
+ * The orientation block. Goes at the TOP of every audit prompt.
+ *
+ * This is the load-bearing addition. Without an explicit purpose statement,
+ * workers default to "find issues in this doc" — which produces stylistic
+ * proofreading. With this orientation, they look for issues that would
+ * BLOCK EXECUTION by a literal-following worker, which is what the caller
+ * actually needs.
+ */
+export const AUDIT_PURPOSE_ORIENTATION = [
+    'Why this audit exists:',
+    'The artifact you are auditing is most likely a spec, plan, design doc, or recommendation doc that will subsequently be EXECUTED BY A LOW-JUDGMENT WORKER — a sub-agent that follows instructions literally, has limited ability to disambiguate, and cannot recover from contradictions.',
+    '',
+    'Your job is to find anywhere a literal-following worker would:',
+    '- get stuck on ambiguity (e.g. "implement the function" with no signature, location, or contract)',
+    '- pick wrong on an unspecified branch (e.g. "if X then Y" with no "otherwise")',
+    '- implement contradictions (section A says use X, section B says use Y, both apparently authoritative)',
+    '- skip a requirement that is implicit or buried (the worker only does what is explicitly stated)',
+    '- be unable to verify completion (no acceptance criteria, no done condition, no test command)',
+    '- misinterpret an overloaded term (the same word means two different things in two sections)',
+    '- execute steps out of order (step 3 needs the output of step 5)',
+    '- act on an unbounded scope ("fix the bug" with no scope boundary)',
+    '- need context that is referenced but not provided (a helper, a flag, a file the spec assumes the worker knows)',
+    '- produce data of an unspecified shape (return value, file format, error envelope)',
+    '',
+    'A finding that points at any of these failure-mode triggers is high-value EVEN IF the prose reads cleanly. Conversely, a stylistic nit that does not block execution is low-priority no matter how clean the wording.',
+    '',
+    'When you have completed this audit and its fixes have been applied, the test is: would a worker that reads only this artifact, follows it literally, and asks no clarifying questions, produce the right outcome? If yes, the audit succeeded.',
+].join('\n');
 export const EVIDENCE_RULE_AUDIT = [
     'Evidence grounding (REQUIRED for every finding):',
     '- For issues IN the doc: quote the exact passage that demonstrates the issue.',
-    '- For ABSENCES (the doc is silent on something it should specify): name the section that should address it. Example: "Section 3.2 enumerates failure modes but does not specify queue-overflow behavior."',
+    '- For ABSENCES (the doc is silent on something it should specify): name the section that should address it. Example: "Section 3.2 enumerates failure modes but does not specify queue-overflow behavior." This is an absence-finding and is fully valid evidence.',
     '- For WRONG-CLAIM findings: quote the doc\'s claim AND the source that contradicts it (the actual code, the referenced spec, etc.).',
-    '- A finding without one of these three forms of evidence is speculation. Note "investigation needed" in your summary instead.',
+    '- For INTERNAL-COHERENCE findings (two parts of the doc conflict, a recommendation contradicts a stated constraint, a fix relies on something the doc forbids): quote both passages OR quote one and name the section ID of the other.',
+    '- A finding without one of these four forms of evidence is speculation. Note "investigation needed" in your summary instead.',
 ].join('\n');
 export const SCOPE_RULE_AUDIT = [
     'Scope:',
     '- The document itself plus any artifact the document directly references (cited code, linked spec, embedded config).',
-    '- Cross-section reasoning within the document IS in scope and often the highest-value kind of finding.',
+    '- Cross-section reasoning within the document IS in scope and is often the highest-value kind of finding.',
     '- Do NOT enumerate the repository or glob across all source files. If verifying a referenced file or symbol, read or grep for that specific name only — the goal is to evaluate the document, not catalog the codebase.',
     '- Out of scope: speculation about content the document does not reference; coding-style nits on inline code examples (those belong in a code review, not an audit).',
 ].join('\n');
+/**
+ * The failure-mode rubric for prose-document audits.
+ *
+ * This is the load-bearing addition. Without an explicit taxonomy, workers
+ * calibrated on source-code rubrics (off-by-one, type mismatches, dead code)
+ * have nothing to look for in a spec/plan/recommendation doc and emit only
+ * surface nits. The 11 categories below cover what actually goes wrong in
+ * non-trivial prose artifacts and are independent of the audit-type label.
+ */
+export const DOC_AUDIT_FAILURE_MODES = [
+    'Look for these kinds of issues — applicable to ALL prose-document audits regardless of auditType. The auditType (default / security / performance) tells you which lens to weight, but every doc audit should sweep the full taxonomy:',
+    '',
+    '1. RECOMMENDATION-COHERENCE — does the proposed fix actually solve the stated problem given the doc\'s own stated constraints? A fix that requires X when the doc forbids X is logically incomplete. **Always check fixes against any explicit principles, constraints, invariants, or "what we won\'t do" sections in the doc itself.** Example: a doc that lists "no persistence" as a principle cannot have a fix that disambiguates "id existed before" from "id never existed" without persistence — that fix is unimplementable.',
+    '2. INTERNAL CONTRADICTION — does section A say something incompatible with section B? Does a methodology disclaimer ("these numbers are approximations") undercut a load-bearing claim built on those same numbers? Does a "do not auto-X" rule sit next to an "auto-X above threshold" recommendation?',
+    '3. CROSS-ITEM DUPLICATION — are two items addressing the same root cause without acknowledging each other? Should they be merged or cross-referenced? Look across the WHOLE doc for items that target the same underlying problem from different angles.',
+    '4. INDEPENDENCE-CLAIMED-WITHOUT-EVIDENCE — is X asserted as independent of Y when the evidence shows correlation, co-occurrence, or shared mechanism?',
+    '5. ARGUMENT SOUNDNESS — does the evidence chain support the conclusion? Does a headline ("95% wasted") rest on data the doc itself flags as unreliable? Does a severity rating match the evidence depth?',
+    '6. COMPLETENESS AGAINST CONSTRAINTS — does any constraint stated elsewhere render a recommendation infeasible? Is a fix step that depends on persistence proposed in a doc that forbids persistence? **If the doc has a principles, invariants, or constraints section, walk every recommendation through every constraint and flag mismatches.**',
+    '7. FIX ACTIONABILITY — is the proposed fix complete enough to implement, or does it stop at "fix it" / vague verbs? Does it leave open which subsystem owns the change? Are step-by-step actions or only goals?',
+    '8. DRIFT / STALENESS — does any claim in one section contradict more recently revised material in the same doc? **Specifically: count items the doc claims to discuss (e.g. "across all three sessions", "the four highest-impact items", "we have N tools") and verify the count against the actual list elsewhere.** If the count is wrong, that\'s drift. Other drift signals: version labels, renamed sections, references to removed items.',
+    '9. SCOPE-CREEP / FRAMING — do recommendations exceed what the evidence supports? Does the framing (table title, bucket label, headline) misrepresent what the row contents actually say?',
+    '10. STRUCTURAL CONSISTENCY — do similar items in a list/table follow the same shape? If one row has a Verification subsection and the others don\'t, that\'s structural inconsistency. If items are numbered "1, 1b, 2, 3" the duplicate "1" is a structural break. If a column is labeled "Fix direction" but one row\'s cell holds verification criteria, that\'s a column-content mismatch.',
+    '11. METADATA COMPLETENESS — for living/revised documents: is there a "last updated" / "as of" / version stamp? When findings claim "still unfixed in version X", is there a date timeline that supports the claim?',
+    '',
+    'Severity calibration for doc audits:',
+    '- critical: a recommendation that, if implemented, would fail or cause harm because the doc is internally incoherent (e.g. a fix that depends on something the doc forbids). Or: a contradiction that would silently lead to wrong implementation if a reader followed both passages.',
+    '- high: a substantive missing recommendation, an incorrect claim of independence between two issues, an evidence chain that does not support a load-bearing conclusion, OR a fix that violates a stated principle/constraint of the doc itself.',
+    '- medium: argument soundness gap, fix actionability gap, drift between sections (item-count mismatch), structural inconsistency between similar items, scope-creep risk that needs a guardrail.',
+    '- low: stylistic, labeling, or formatting issues; missing metadata; minor cross-reference fixes.',
+].join('\n');
+/**
+ * Counter-balance to the SEVERITY_LADDER's anti-inflation hint.
+ *
+ * The shared severity ladder ends with "Workers commonly inflate — resist
+ * the urge." That bias is correct for code reviews, where over-flagging
+ * stylistic preferences is the common failure. For prose-document audits
+ * the opposite is true: workers UNDER-find because they have nothing to
+ * pattern-match against in their training. This block tells the worker
+ * the doc-audit failure mode is silence, not noise.
+ */
+export const THOROUGHNESS_REMINDER_AUDIT = [
+    'Thoroughness expectation for prose-document audits:',
+    '- For non-trivial documents (>500 words), zero or 1-2 findings is unusual and usually indicates the rubric was applied too narrowly. Sweep the full failure-mode taxonomy above before declaring "no findings."',
+    '- The SEVERITY_LADDER warns against inflation. That warning is calibrated for code reviews — for prose audits the typical failure mode is the opposite (under-finding because the worker only looked for surface nits). Apply the failure-mode taxonomy thoroughly first; THEN calibrate severity downward where the impact is small.',
+    '- Do not invent findings to hit a quota. But if you have applied all 11 failure modes and still have only stylistic nits, double-check categories 1, 2, 5, 6, and 8 (recommendation-coherence, internal contradiction, argument soundness, completeness against constraints, drift) — these are the ones workers most often miss on first pass.',
+    '',
+    'Principle-mapping pass (REQUIRED when the doc has a principles / constraints / "what we won\'t do" section):',
+    '- Make ONE explicit pass walking each recommendation against each principle/constraint listed in the doc.',
+    '- For each (recommendation, constraint) pair, ask: does this recommendation, as written, require something the constraint forbids? Or rely on something the constraint says is unavailable?',
+    '- Worked example (illustrative — DO NOT match this verbatim against the doc you are auditing). Suppose a doc states Principle X: "Operations must be deterministic — no random sources." Suppose recommendation R proposes: "On request collision, generate a fresh tiebreaker using the system entropy pool." Chain: the tiebreaker uses entropy; entropy is non-deterministic; Principle X forbids non-determinism; therefore R is unimplementable as written without breaking Principle X. → File this as a HIGH-severity recommendation-coherence finding. The general pattern: a fix that REQUIRES something a constraint FORBIDS, or RELIES ON something a constraint says is UNAVAILABLE, is a load-bearing finding regardless of how clean the fix\'s prose reads.',
+    '- Most workers miss findings of this shape on first pass because the chain spans two non-adjacent sections. The principle-mapping pass forces you to make the chain.',
+].join('\n');
 export const ANNOTATOR_AWARENESS_AUDIT = [
     'After your output, an annotator validates each finding against this audit-specific rubric:',
-    '- Is the finding about the document (contradiction / absence / ambiguity / wrong claim / scope gap)?',
-    '- Is the evidence either a doc quote OR a precise reference for absence-findings OR a doc-claim + contradicting source?',
-    '- Is the severity calibrated to actual downstream-execution impact?',
+    '- Is the finding about the document (contradiction / absence / ambiguity / wrong claim / scope gap / recommendation-coherence / argument-soundness)?',
+    '- Is the evidence one of the four valid shapes: doc quote, absence-reference, claim+contradiction, OR internal-coherence cross-section reference?',
+    '- Is the severity calibrated to actual downstream-execution impact (does following the recommendation as written produce a wrong outcome)?',
     '- Is the finding within the document\'s scope, or is it speculation about untouched material?',
-    'Self-check before emitting. Findings that fail any check are downgraded or dropped.',
+    'Self-check before emitting. Findings that fail any check are downgraded or dropped — but logical-coherence and argument-soundness findings backed by section references are FULLY VALID, do NOT downgrade them as "speculation."',
 ].join('\n');
 //# sourceMappingURL=implementer-criteria.js.map

package/dist/tools/audit/implementer-criteria.js.map

@@ -1 +1 @@
-{"version":3,"file":"implementer-criteria.js","sourceRoot":"","sources":["../../../src/tools/audit/implementer-criteria.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,+EAA+E;IAC/E,2MAA2M;IAC3M,qIAAqI;IACrI,+HAA+H;CAChI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,QAAQ;IACR,sHAAsH;IACtH,wGAAwG;IACxG,yNAAyN;IACzN,qKAAqK;CACtK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,4FAA4F;IAC5F,sGAAsG;IACtG,yHAAyH;IACzH,qEAAqE;IACrE,+FAA+F;IAC/F,qFAAqF;CACtF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC"}
+{"version":3,"file":"implementer-criteria.js","sourceRoot":"","sources":["../../../src/tools/audit/implementer-criteria.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,wBAAwB;IACxB,0RAA0R;IAC1R,EAAE;IACF,gEAAgE;IAChE,mGAAmG;IACnG,gFAAgF;IAChF,wGAAwG;IACxG,kGAAkG;IAClG,+FAA+F;IAC/F,8FAA8F;IAC9F,kEAAkE;IAClE,oEAAoE;IACpE,iHAAiH;IACjH,oFAAoF;IACpF,EAAE;IACF,uNAAuN;IACvN,EAAE;IACF,gPAAgP;CACjP,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,+EAA+E;IAC/E,mQAAmQ;IACnQ,qIAAqI;IACrI,wOAAwO;IACxO,8HAA8H;CAC/H,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,QAAQ;IACR,sHAAsH;IACtH,2GAA2G;IAC3G,yNAAyN;IACzN,qKAAqK;CACtK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,wOAAwO;IACxO,EAAE;IACF,wgBAAwgB;IACxgB,ySAAyS;IACzS,0PAA0P;IAC1P,uJAAuJ;IACvJ,0MAA0M;IAC1M,mVAAmV;IACnV,iNAAiN;IACjN,kbAAkb;IAClb,0LAA0L;IAC1L,gYAAgY;IAChY,oNAAoN;IACpN,EAAE;IACF,sCAAsC;IACtC,uRAAuR;IACvR,iPAAiP;IACjP,iMAAiM;IACjM,kGAAkG;CACnG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,qDAAqD;IACrD,iNAAiN;IACjN,uUAAuU;IACvU,iVAAiV;IACjV,EAAE;IACF,8GAA8G;IAC9G,2GAA2G;IAC3G,6LAA6L;IAC7L,4uBAA4uB;IAC5uB,sKAAsK;CACvK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,4FAA4F;IAC5F,sJAAsJ;IACtJ,mJAAmJ;IACnJ,4IAA4I;IAC5I,+FAA+F;IAC/F,kOAAkO;CACnO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC"}

package/dist/tools/audit/schema.d.ts

@@ -1,18 +1,11 @@
 import { z } from 'zod';
 export declare const inputSchema: z.ZodObject<{
     document: z.ZodOptional<z.ZodString>;
-    auditType: z.ZodUnion<readonly [z.ZodEnum<{
+    auditType: z.ZodDefault<z.ZodEnum<{
+        default: "default";
         security: "security";
         performance: "performance";
-        style: "style";
-        correctness: "correctness";
-        general: "general";
-    }>, z.ZodArray<z.ZodEnum<{
-        security: "security";
-        performance: "performance";
-        style: "style";
-        correctness: "correctness";
-    }>>]>;
+    }>>;
     filePaths: z.ZodOptional<z.ZodArray<z.ZodString>>;
     contextBlockIds: z.ZodOptional<z.ZodArray<z.ZodString>>;
 }, z.core.$strip>;

package/dist/tools/audit/schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/tools/audit/schema.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;iBAUtB,CAAC;AAEH,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEhD,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAA8B,CAAC;AAExD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC"}
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/tools/audit/schema.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,eAAO,MAAM,WAAW;;;;;;;;;iBAStB,CAAC;AAEH,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEhD,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAA8B,CAAC;AAExD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC"}

package/dist/tools/audit/schema.js

@@ -6,10 +6,9 @@ import { buildOutputEnvelopeSchema } from '../shared-output.js';
 // cross-package coupling.
 export const inputSchema = z.object({
     document: z.string().optional().describe('Inline document content to audit'),
-    auditType: z.union([
-        z.enum(['security', 'performance', 'correctness', 'style', 'general']),
-        z.array(z.enum(['security', 'performance', 'correctness', 'style'])).min(1),
-    ]).describe('Audit focus.'),
+    auditType: z.enum(['default', 'security', 'performance'])
+        .default('default')
+        .describe('Audit focus. `default` is the comprehensive sweep — recommended for specs, plans, designs, recommendation docs, post-mortems. Use `security` or `performance` only when you specifically want to narrow the lens to that single dimension (threat models, scaling designs).'),
     filePaths: z.array(z.string()).optional()
         .describe('Files the sub-agent should focus on. Multiple files are processed in parallel.'),
     contextBlockIds: z.array(z.string()).optional()

package/dist/tools/audit/schema.js.map

@@ -1 +1 @@
-{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../src/tools/audit/schema.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAEhE,uFAAuF;AACvF,2EAA2E;AAC3E,0BAA0B;AAC1B,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;IAC5E,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC;QACjB,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACtE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;KAC5E,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC;IAC3B,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SACtC,QAAQ,CAAC,gFAAgF,CAAC;IAC7F,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SAC5C,QAAQ,CAAC,mHAAmH,CAAC;CACjI,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC"}
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../src/tools/audit/schema.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAEhE,uFAAuF;AACvF,2EAA2E;AAC3E,0BAA0B;AAC1B,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;IAC5E,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;SACtD,OAAO,CAAC,SAAS,CAAC;SAClB,QAAQ,CAAC,6QAA6Q,CAAC;IAC1R,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SACtC,QAAQ,CAAC,gFAAgF,CAAC;IAC7F,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;SAC5C,QAAQ,CAAC,mHAAmH,CAAC;CACjI,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC"}

package/dist/tools/audit/tool-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tool-config.d.ts","sourceRoot":"","sources":["../../../src/tools/audit/tool-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAe,KAAK,KAAK,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,qDAAqD,CAAC;AAE1G,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAUvE,wBAAgB,aAAa,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAYjE;AAID,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAkCD,wBAAgB,cAAc,CAAC,KAAK,EAAE,KAAK,GAAG,cAAc,EAAE,CA0B7D;AAgED,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,KAAK,EAAE,cAAc,EAAE,WAAW,CAyBrE,CAAC"}
+{"version":3,"file":"tool-config.d.ts","sourceRoot":"","sources":["../../../src/tools/audit/tool-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAe,KAAK,KAAK,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,qDAAqD,CAAC;AAE1G,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAavE,wBAAgB,aAAa,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAYjE;AAID,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AA6CD,wBAAgB,cAAc,CAAC,KAAK,EAAE,KAAK,GAAG,cAAc,EAAE,CA0B7D;AAgFD,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,KAAK,EAAE,cAAc,EAAE,WAAW,CAyBrE,CAAC"}

package/dist/tools/audit/tool-config.js

@@ -4,7 +4,7 @@ import { auditReportSchema } from '../../reporting/report-parser-slots/audit-rep
 import { auditHeadlineTemplate } from '../../reporting/headline-templates/audit.js';
 import { DEFAULT_TASK_TIMEOUT_MS } from '../../config/schema.js';
 import { SEVERITY_LADDER } from '../../review/templates/finding-criteria.js';
-import { EVIDENCE_RULE_AUDIT, SCOPE_RULE_AUDIT, ANNOTATOR_AWARENESS_AUDIT, } from './implementer-criteria.js';
+import { AUDIT_PURPOSE_ORIENTATION, EVIDENCE_RULE_AUDIT, SCOPE_RULE_AUDIT, ANNOTATOR_AWARENESS_AUDIT, DOC_AUDIT_FAILURE_MODES, THOROUGHNESS_REMINDER_AUDIT, } from './implementer-criteria.js';
 export function registerAudit(registry) {
     registry.register({
         routeName: 'audit',
@@ -18,32 +18,37 @@ export function registerAudit(registry) {
         responseShapeName: 'BatchResponse',
     });
 }
+/**
+ * Per-audit-type "done" conditions.
+ *
+ * The audit tool's primary target is prose artifacts: specs, plans,
+ * recommendation docs, design docs, briefs, API contracts, configs.
+ * A secondary target is source code (when filePaths point at .ts/.py/etc.).
+ *
+ * `default` is the comprehensive sweep — what 90%+ of audit calls should
+ * use. `security` and `performance` are narrow opt-in lenses for cases
+ * where the caller specifically wants ONE dimension (a threat model, a
+ * scaling design). The full failure-mode taxonomy applies regardless;
+ * the lens just tells the worker which dimension to weight slightly more.
+ */
 const AUDIT_DONE_CONDITIONS = {
-    security: 'Identify all security vulnerabilities (injection, auth bypass, data exposure, OWASP top 10). Each finding has severity (critical/high/medium/low), location, and remediation.',
-    performance: 'Identify all performance issues (O(n²) loops, unnecessary allocations, missing caching, blocking I/O). Each finding has impact level, location, and fix recommendation.',
-    correctness: 'Identify all logic errors, off-by-one bugs, unhandled edge cases, type mismatches, and contract violations. Each finding has severity, location, and correct behavior.',
-    style: 'Identify all style issues (naming, formatting, dead code, inconsistent patterns). Each finding has location and recommended fix.',
-    general: 'Identify issues across security, performance, correctness, and style. Each finding has category, severity, location, and remediation.',
+    default: 'Comprehensive audit. Apply the full failure-mode taxonomy through the executability lens (the orientation block above). For prose artifacts (specs, plans, recommendation docs, designs, post-mortems, audits, briefs): emphasize RECOMMENDATION-COHERENCE, INTERNAL CONTRADICTION, ARGUMENT SOUNDNESS, COMPLETENESS AGAINST CONSTRAINTS, FIX ACTIONABILITY, DRIFT, and SCOPE-CREEP — i.e., would a literal-following worker who reads this artifact and follows it without judgment produce the right outcome? Are sections internally consistent? Does each recommendation actually solve its stated problem given the doc\'s own constraints? Sweep style/clarity issues only when they would cause a worker to misinterpret. For source code: logic errors, contract violations, off-by-one bugs, type mismatches, unhandled edge cases. Each finding has severity (critical/high/medium/low), location, and remediation.',
+    security: 'Narrow lens: security ONLY. Use this only when the caller specifically wants security findings and not general audit findings. For prose artifacts (threat models, security designs, auth specs): identify missing controls, ambiguous trust boundaries, undeclared attack surfaces, leaked-secret patterns in examples, recommendations that introduce new attack surface without mitigation, and threat-model gaps. For source code: injection, auth bypass, data exposure, OWASP top 10. Apply the full failure-mode taxonomy through the security lens. Skip non-security findings. Each finding has severity, location, and remediation.',
+    performance: 'Narrow lens: performance ONLY. Use this only when the caller specifically wants performance findings and not general audit findings. For prose artifacts (designs, scaling plans, latency-sensitive specs): identify unstated complexity, missing hot-path consideration, unbounded loops in proposed designs, omitted scaling story, recommendations that mandate work that does not scale, and missing latency/throughput targets. For source code: O(n²) loops, unnecessary allocations, missing caching, blocking I/O. Apply the full failure-mode taxonomy through the performance lens. Skip non-performance findings. Each finding has impact level, location, and fix recommendation.',
 };
 const DELTA_AUDIT_SUFFIX = ' Perform a full audit (do not reduce thoroughness). Verify each prior finding as fixed or unfixed. Omit fixed prior findings from the main report. Include unfixed prior findings and new findings. End with a summary of which prior findings were resolved.';
 function resolveAuditTypeText(auditType) {
-    if (auditType === 'general')
-        return 'security, performance, correctness, and style';
-    if (Array.isArray(auditType))
-        return auditType.join(', ');
-    return auditType;
+    // Defensive: at the HTTP layer Zod's `.default('default')` fires, but
+    // internal callers may still construct Input directly without going
+    // through the schema. Treat undefined as the same as `'default'`.
+    const t = auditType ?? 'default';
+    if (t === 'default')
+        return 'comprehensive (executability + correctness + clarity, with security and performance lenses applied)';
+    return `narrow (${t} only)`;
 }
 function resolveDoneCondition(auditType, hasContextBlocks) {
-    let base;
-    if (auditType === 'general') {
-        base = AUDIT_DONE_CONDITIONS.general;
-    }
-    else if (Array.isArray(auditType)) {
-        base = auditType.map(t => AUDIT_DONE_CONDITIONS[t]).join(' ');
-    }
-    else {
-        base = AUDIT_DONE_CONDITIONS[auditType] ?? AUDIT_DONE_CONDITIONS.general;
-    }
+    const t = auditType ?? 'default';
+    const base = AUDIT_DONE_CONDITIONS[t] ?? AUDIT_DONE_CONDITIONS.default;
     return hasContextBlocks ? base + DELTA_AUDIT_SUFFIX : base;
 }
 function hasContent(value) {
@@ -75,6 +80,12 @@ export function auditBriefSlot(input) {
         }];
 }
 const FINDING_FORMAT_INSTRUCTIONS = [
+    // Orientation goes FIRST — the worker needs to know why this audit
+    // exists before reading the format spec / taxonomy / evidence rules.
+    // Without it, workers calibrated on "find issues in this doc" produce
+    // stylistic proofreading; with it, they target executability blockers.
+    AUDIT_PURPOSE_ORIENTATION,
+    '',
     'Produce a narrative audit report. Use this EXACT per-finding format — both the structured reviewer and the deterministic fallback extract from this same format:',
     '',
     '## Finding 1: <one-line title>',
@@ -97,6 +108,16 @@ const FINDING_FORMAT_INSTRUCTIONS = [
     // Result: fewer downgraded findings, fewer missed criticals.
     SEVERITY_LADDER,
     '',
+    // Doc-audit failure-mode taxonomy. Without this block, workers calibrated
+    // on code-audit rubrics produce only surface-level proofreading nits on
+    // prose artifacts. The 11 categories below are what actually goes wrong
+    // in non-trivial specs/plans/recommendation docs.
+    DOC_AUDIT_FAILURE_MODES,
+    '',
+    // Counter-balances the SEVERITY_LADDER's anti-inflation hint for the
+    // prose-document case, where the typical failure is under-finding.
+    THOROUGHNESS_REMINDER_AUDIT,
+    '',
     EVIDENCE_RULE_AUDIT,
     '',
     SCOPE_RULE_AUDIT,

package/dist/tools/audit/tool-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"tool-config.js","sourceRoot":"","sources":["../../../src/tools/audit/tool-config.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAc,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gDAAgD,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAoB,MAAM,qDAAqD,CAAC;AAC1G,OAAO,EAAE,qBAAqB,EAAE,MAAM,6CAA6C,CAAC;AAGpF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,4CAA4C,CAAC;AAC7E,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,2BAA2B,CAAC;AAEnC,MAAM,UAAU,aAAa,CAAC,QAA6B;IACzD,QAAQ,CAAC,QAAQ,CAAC;QAChB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,MAAM;QAClB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,MAAM;QACf,MAAM,EAAE,WAAW;QACnB,YAAY,EAAE,WAAW;QACzB,gBAAgB,EAAE,SAAS;QAC3B,oBAAoB,EAAE,KAAK;QAC3B,iBAAiB,EAAE,eAAe;KACnC,CAAC,CAAC;AACL,CAAC;AAcD,MAAM,qBAAqB,GAA2B;IACpD,QAAQ,EAAE,+KAA+K;IACzL,WAAW,EAAE,yKAAyK;IACtL,WAAW,EAAE,wKAAwK;IACrL,KAAK,EAAE,kIAAkI;IACzI,OAAO,EAAE,uIAAuI;CACjJ,CAAC;AAEF,MAAM,kBAAkB,GAAG,+PAA+P,CAAC;AAE3R,SAAS,oBAAoB,CAAC,SAA6B;IACzD,IAAI,SAAS,KAAK,SAAS;QAAE,OAAO,+CAA+C,CAAC;IACpF,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAAC,SAA6B,EAAE,gBAAyB;IACpF,IAAI,IAAY,CAAC;IACjB,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,GAAG,qBAAqB,CAAC,OAAO,CAAC;IACvC,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,qBAAqB,CAAC,SAAS,CAAC,IAAI,qBAAqB,CAAC,OAAO,CAAC;IAC3E,CAAC;IACD,OAAO,gBAAgB,CAAC,CAAC,CAAC,IAAI,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7D,CAAC;AAED,SAAS,UAAU,CAAC,KAAyB;IAC3C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAY;IACzC,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IAClG,MAAM,aAAa,GAAG,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,oBAAoB,CAAC,KAAK,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE5E,0DAA0D;IAC1D,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,OAAO,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAC3B,aAAa;YACb,IAAI;YACJ,SAAS,EAAE,CAAC,EAAE,CAAC;YACf,gBAAgB;YAChB,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,WAAW,EAAE,EAAE;SAChB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,OAAO,CAAC;YACN,aAAa;YACb,IAAI;YACJ,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,UAAU;YACrB,gBAAgB;YAChB,eAAe,EAAE,KAAK,CAAC,eAAe;SACvC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,2BAA2B,GAAG;IAClC,kKAAkK;IAClK,EAAE;IACF,gCAAgC;IAChC,4CAA4C;IAC5C,yCAAyC;IACzC,oCAAoC;IACpC,2CAA2C;IAC3C,EAAE;IACF,gCAAgC;IAChC,iBAAiB;IACjB,OAAO;IACP,EAAE;IACF,QAAQ;IACR,8HAA8H;IAC9H,6GAA6G;IAC7G,mGAAmG;IACnG,EAAE;IACF,oEAAoE;IACpE,+DAA+D;IAC/D,6DAA6D;IAC7D,eAAe;IACf,EAAE;IACF,mBAAmB;IACnB,EAAE;IACF,gBAAgB;IAChB,EAAE;IACF,yBAAyB;CAC1B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,wBAAwB,GAAG;IAC/B,qGAAqG;IACrG,6KAA6K;CAC9K,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,SAAS,oBAAoB,CAAC,SAAmB;IAC/C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,OAAO,kCAAkC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACrF,CAAC;AAED,SAAS,WAAW,CAAC,KAAqB;IACxC,MAAM,KAAK,GAAa,CAAC,aAAa,KAAK,CAAC,aAAa,UAAU,CAAC,CAAC;IAErE,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,kCAAkC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,IAAI,KAAK,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,mEAAmE;IACnE,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACvC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAExC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAmD;IACxE,IAAI,EAAE,OAAO;IACb,QAAQ,EAAE,WAAW;IACrB,SAAS,EAAE,SAAS;IACpB,SAAS,EAAE,cAAc;IACzB,aAAa,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC9B,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC;QAC1B,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,cAAc;QAC5B,kBAAkB,EAAE,KAAK;QACzB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,IAAI,MAAM;QAC3C,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,IAAI,uBAAuB;QACpE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE;QACjD,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,IAAI,UAAU;QAC/D,GAAG,EAAE,GAAG,CAAC,cAAc,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG;QACvC,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACnE,SAAS,EAAE,GAAG,CAAC,SAAS;KACZ,CAAA;IACd,YAAY,EAAE,iBAAiB;IAC/B,gBAAgB,EAAE,qBAAqB;IACvC,eAAe,EAAE;QACf,SAAS,EAAE,oBAAoB;KAChC;CACF,CAAC"}
+{"version":3,"file":"tool-config.js","sourceRoot":"","sources":["../../../src/tools/audit/tool-config.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAc,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gDAAgD,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAoB,MAAM,qDAAqD,CAAC;AAC1G,OAAO,EAAE,qBAAqB,EAAE,MAAM,6CAA6C,CAAC;AAGpF,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,4CAA4C,CAAC;AAC7E,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,yBAAyB,EACzB,uBAAuB,EACvB,2BAA2B,GAC5B,MAAM,2BAA2B,CAAC;AAEnC,MAAM,UAAU,aAAa,CAAC,QAA6B;IACzD,QAAQ,CAAC,QAAQ,CAAC;QAChB,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,MAAM;QAClB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,MAAM;QACf,MAAM,EAAE,WAAW;QACnB,YAAY,EAAE,WAAW;QACzB,gBAAgB,EAAE,SAAS;QAC3B,oBAAoB,EAAE,KAAK;QAC3B,iBAAiB,EAAE,eAAe;KACnC,CAAC,CAAC;AACL,CAAC;AAcD;;;;;;;;;;;;GAYG;AACH,MAAM,qBAAqB,GAA2B;IACpD,OAAO,EACL,+3BAA+3B;IACj4B,QAAQ,EACN,+mBAA+mB;IACjnB,WAAW,EACT,+pBAA+pB;CAClqB,CAAC;AAEF,MAAM,kBAAkB,GAAG,+PAA+P,CAAC;AAE3R,SAAS,oBAAoB,CAAC,SAAyC;IACrE,sEAAsE;IACtE,oEAAoE;IACpE,kEAAkE;IAClE,MAAM,CAAC,GAAG,SAAS,IAAI,SAAS,CAAC;IACjC,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,qGAAqG,CAAC;IAClI,OAAO,WAAW,CAAC,QAAQ,CAAC;AAC9B,CAAC;AAED,SAAS,oBAAoB,CAAC,SAAyC,EAAE,gBAAyB;IAChG,MAAM,CAAC,GAAG,SAAS,IAAI,SAAS,CAAC;IACjC,MAAM,IAAI,GAAG,qBAAqB,CAAC,CAAC,CAAC,IAAI,qBAAqB,CAAC,OAAO,CAAC;IACvE,OAAO,gBAAgB,CAAC,CAAC,CAAC,IAAI,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC;AAC7D,CAAC;AAED,SAAS,UAAU,CAAC,KAAyB;IAC3C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAY;IACzC,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;IAClG,MAAM,aAAa,GAAG,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,oBAAoB,CAAC,KAAK,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAE5E,0DAA0D;IAC1D,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC1D,OAAO,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAC3B,aAAa;YACb,IAAI;YACJ,SAAS,EAAE,CAAC,EAAE,CAAC;YACf,gBAAgB;YAChB,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,WAAW,EAAE,EAAE;SAChB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,OAAO,CAAC;YACN,aAAa;YACb,IAAI;YACJ,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,SAAS,EAAE,UAAU;YACrB,gBAAgB;YAChB,eAAe,EAAE,KAAK,CAAC,eAAe;SACvC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,2BAA2B,GAAG;IAClC,mEAAmE;IACnE,qEAAqE;IACrE,sEAAsE;IACtE,uEAAuE;IACvE,yBAAyB;IACzB,EAAE;IACF,kKAAkK;IAClK,EAAE;IACF,gCAAgC;IAChC,4CAA4C;IAC5C,yCAAyC;IACzC,oCAAoC;IACpC,2CAA2C;IAC3C,EAAE;IACF,gCAAgC;IAChC,iBAAiB;IACjB,OAAO;IACP,EAAE;IACF,QAAQ;IACR,8HAA8H;IAC9H,6GAA6G;IAC7G,mGAAmG;IACnG,EAAE;IACF,oEAAoE;IACpE,+DAA+D;IAC/D,6DAA6D;IAC7D,eAAe;IACf,EAAE;IACF,0EAA0E;IAC1E,wEAAwE;IACxE,wEAAwE;IACxE,kDAAkD;IAClD,uBAAuB;IACvB,EAAE;IACF,qEAAqE;IACrE,mEAAmE;IACnE,2BAA2B;IAC3B,EAAE;IACF,mBAAmB;IACnB,EAAE;IACF,gBAAgB;IAChB,EAAE;IACF,yBAAyB;CAC1B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,wBAAwB,GAAG;IAC/B,qGAAqG;IACrG,6KAA6K;CAC9K,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,SAAS,oBAAoB,CAAC,SAAmB;IAC/C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,OAAO,kCAAkC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACrF,CAAC;AAED,SAAS,WAAW,CAAC,KAAqB;IACxC,MAAM,KAAK,GAAa,CAAC,aAAa,KAAK,CAAC,aAAa,UAAU,CAAC,CAAC;IAErE,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,kCAAkC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,IAAI,KAAK,CAAC,QAAQ;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC;IAED,mEAAmE;IACnE,qEAAqE;IACrE,gEAAgE;IAChE,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACvC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAExC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAmD;IACxE,IAAI,EAAE,OAAO;IACb,QAAQ,EAAE,WAAW;IACrB,SAAS,EAAE,SAAS;IACpB,SAAS,EAAE,cAAc;IACzB,aAAa,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC9B,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC;QAC1B,SAAS,EAAE,SAAS;QACpB,YAAY,EAAE,cAAc;QAC5B,kBAAkB,EAAE,KAAK;QACzB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,IAAI,MAAM;QAC3C,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS,IAAI,uBAAuB;QACpE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE;QACjD,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,aAAa,IAAI,UAAU;QAC/D,GAAG,EAAE,GAAG,CAAC,cAAc,EAAE,GAAG,IAAI,GAAG,CAAC,GAAG;QACvC,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QACnE,SAAS,EAAE,GAAG,CAAC,SAAS;KACZ,CAAA;IACd,YAAY,EAAE,iBAAiB;IAC/B,gBAAgB,EAAE,qBAAqB;IACvC,eAAe,EAAE;QACf,SAAS,EAAE,oBAAoB;KAChC;CACF,CAAC"}

package/dist/tools/debug/implementer-criteria.d.ts

@@ -1,12 +1,52 @@
 /**
  * Debug-specific implementer criteria.
  *
- * Debug is hypothesis-driven root-cause investigation. The shared
- * "do not speculate about caller behavior" rule directly contradicts
- * debug's job — debugging IS speculation, narrowed by evidence.
- * Cross-file tracing is required, not forbidden.
+ * DEBUG'S PURPOSE — read this before adding categories.
+ * mma-debug is hypothesis-driven root-cause investigation. The output is
+ * a fix specification, not a hint. The success criterion is:
+ *
+ *   "Could a maintainer who reads ONLY your debug report apply the fix,
+ *    reproduce the original failure, verify the fix, and re-merge —
+ *    without redoing the investigation?"
+ *
+ * That criterion is what makes a finding load-bearing. A correctly-
+ * identified line that is just a SYMPTOM (the real cause is upstream)
+ * is the debug-equivalent of an unimplementable fix — it sends the
+ * maintainer down the wrong path. A hypothesis with no falsifier is a
+ * guess dressed up as a finding.
+ *
+ * Debug is hypothesis-driven; cross-file tracing is required, not
+ * forbidden. Findings are evidence chains, not point observations.
+ */
+/**
+ * The orientation block. Goes at the TOP of every debug prompt.
+ *
+ * Without an explicit purpose statement, workers default to "find a
+ * suspicious line" — which often points at the symptom, not the cause.
+ * With this orientation, they trace from the failure point upstream
+ * until they hit something that, if changed, would prevent the failure.
  */
+export declare const DEBUG_PURPOSE_ORIENTATION: string;
 export declare const EVIDENCE_RULE_DEBUG: string;
 export declare const SCOPE_RULE_DEBUG: string;
+/**
+ * The failure-mode taxonomy for debug investigations.
+ *
+ * Without this block, workers default to "find a suspicious line" —
+ * which catches surface symptoms but misses the chain upstream that
+ * actually caused the failure. The 9 categories below are the patterns
+ * a careful debugger would consciously check for.
+ */
+export declare const DEBUG_FAILURE_MODES: string;
+/**
+ * Counter-balance to the SEVERITY_LADDER's anti-inflation hint.
+ *
+ * The shared severity ladder warns against inflation. For debug, the
+ * common failure is the OPPOSITE — workers stop at the first plausible
+ * explanation (over-confidence on a shallow trace) rather than tracing
+ * to the actual cause. This block tells the worker the typical debug
+ * failure is shallow root-cause, not noisy hypothesis lists.
+ */
+export declare const THOROUGHNESS_REMINDER_DEBUG: string;
 export declare const ANNOTATOR_AWARENESS_DEBUG: string;
 //# sourceMappingURL=implementer-criteria.d.ts.map

package/dist/tools/debug/implementer-criteria.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"implementer-criteria.d.ts","sourceRoot":"","sources":["../../../src/tools/debug/implementer-criteria.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,eAAO,MAAM,mBAAmB,QAMpB,CAAC;AAEb,eAAO,MAAM,gBAAgB,QAIjB,CAAC;AAEb,eAAO,MAAM,yBAAyB,QAO1B,CAAC"}
+{"version":3,"file":"implementer-criteria.d.ts","sourceRoot":"","sources":["../../../src/tools/debug/implementer-criteria.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,yBAAyB,QAe1B,CAAC;AAEb,eAAO,MAAM,mBAAmB,QAQpB,CAAC;AAEb,eAAO,MAAM,gBAAgB,QAMjB,CAAC;AAEb;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,QAkBpB,CAAC;AAEb;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,QAa5B,CAAC;AAEb,eAAO,MAAM,yBAAyB,QAS1B,CAAC"}

package/dist/tools/debug/implementer-criteria.js

@@ -1,29 +1,121 @@
 /**
  * Debug-specific implementer criteria.
  *
- * Debug is hypothesis-driven root-cause investigation. The shared
- * "do not speculate about caller behavior" rule directly contradicts
- * debug's job — debugging IS speculation, narrowed by evidence.
- * Cross-file tracing is required, not forbidden.
+ * DEBUG'S PURPOSE — read this before adding categories.
+ * mma-debug is hypothesis-driven root-cause investigation. The output is
+ * a fix specification, not a hint. The success criterion is:
+ *
+ *   "Could a maintainer who reads ONLY your debug report apply the fix,
+ *    reproduce the original failure, verify the fix, and re-merge —
+ *    without redoing the investigation?"
+ *
+ * That criterion is what makes a finding load-bearing. A correctly-
+ * identified line that is just a SYMPTOM (the real cause is upstream)
+ * is the debug-equivalent of an unimplementable fix — it sends the
+ * maintainer down the wrong path. A hypothesis with no falsifier is a
+ * guess dressed up as a finding.
+ *
+ * Debug is hypothesis-driven; cross-file tracing is required, not
+ * forbidden. Findings are evidence chains, not point observations.
+ */
+/**
+ * The orientation block. Goes at the TOP of every debug prompt.
+ *
+ * Without an explicit purpose statement, workers default to "find a
+ * suspicious line" — which often points at the symptom, not the cause.
+ * With this orientation, they trace from the failure point upstream
+ * until they hit something that, if changed, would prevent the failure.
  */
+export const DEBUG_PURPOSE_ORIENTATION = [
+    'Why this debug investigation exists:',
+    'mma-debug produces a fix specification a maintainer can apply WITHOUT redoing the investigation. Your output replaces the maintainer\'s own root-cause work — not augments it.',
+    '',
+    'For your output to clear that bar, every finding must answer:',
+    '- Reproduction: how does the maintainer trigger the failure (command, input, state)?',
+    '- Symptom: where does the failure surface (file:line of the error, the failing assertion, the wrong output)?',
+    '- Cause: where is the actual defect (file:line that, if changed, would prevent the failure)?',
+    '- Trace: the evidence chain that links symptom to cause — each step a file:line citation or an observed value.',
+    '- Fix: the specific change to make at the cause (PROPOSE only — read-only contract; the caller applies).',
+    '- Falsifier: how the maintainer can verify the fix works (the assertion that should now pass, the wrong output that should now be right).',
+    '',
+    'A finding missing the trace from symptom to cause is a guess. A finding that names a symptom location as the cause is misdirection. Both are worse than no finding because they send the maintainer down the wrong path.',
+    '',
+    'The completion test: would a maintainer who reads only your report and the source code reproduce the failure, find the cited cause, apply the proposed fix, and confirm the falsifier — all without doing the investigation a second time?',
+].join('\n');
 export const EVIDENCE_RULE_DEBUG = [
     'Evidence grounding (REQUIRED for every finding):',
-    '- Each finding is a hypothesis with a supporting evidence chain.',
-    '- Evidence: the reproducer + the code path traced from failure point to suspected cause + observed output.',
-    '- Hypothesis-level findings with PARTIAL evidence are valid — that\'s how root-causing works. Show your reasoning chain.',
-    '- Severity reflects evidence strength: confirmed root cause = `high`; plausible candidate = `medium`; ruled out = `low` (or note in summary, not as a Finding).',
+    '- Each finding is a hypothesis with a supporting evidence chain. Cite `file:line` at every step of the chain.',
+    '- The chain has at least three points: SYMPTOM (where the failure surfaces) → INTERMEDIATE STATE (the wrong value, the unexpected branch, the missing call) → CAUSE (the file:line that, if changed, would prevent the failure).',
+    '- Evidence forms accepted: reproducer commands, captured logs / stack traces, observed values, and code-path traces with file:line per step.',
+    '- Hypothesis-level findings with PARTIAL evidence are valid — that is how root-causing works. Show the reasoning chain. State which step is firm and which is conjecture.',
+    '- A hypothesis with NO falsifier (no way to check if the proposed cause is right) is a guess, not a finding. Always state how the maintainer can verify the fix.',
+    '- Severity reflects evidence strength AND impact: confirmed root cause that ships a wrong fix = `critical`; confirmed root cause = `high`; plausible candidate with most of the chain = `medium`; partial trace / multiple plausible explanations = `low` (or note in summary).',
 ].join('\n');
 export const SCOPE_RULE_DEBUG = [
     'Scope:',
     '- Follow the failure path wherever it leads. Cross-file tracing is required.',
+    '- Reproduction discovery IS in scope: if the caller did not provide reproduction steps, infer them from test files, error messages, or recent commits and state your inferred reproduction explicitly.',
+    '- Pre-existing-vs-new separation: if multiple bugs are entangled in the same failure, separate them. Identify which is the one the caller asked about; note the others under "Other defects observed (out of scope for this investigation)".',
     '- Out of scope: applying fixes (debug is read-only — propose, do not apply); rewriting code; auditing unrelated subsystems; broadening into general code review.',
 ].join('\n');
+/**
+ * The failure-mode taxonomy for debug investigations.
+ *
+ * Without this block, workers default to "find a suspicious line" —
+ * which catches surface symptoms but misses the chain upstream that
+ * actually caused the failure. The 9 categories below are the patterns
+ * a careful debugger would consciously check for.
+ */
+export const DEBUG_FAILURE_MODES = [
+    'Patterns to consciously check for. Apply on EVERY debug investigation:',
+    '',
+    '1. SYMPTOM-NOT-CAUSE — the suspicious line you first hit is where the failure SURFACES, not where it is CAUSED. Trace upstream until you find a state that, if changed, prevents the failure. The cited cause must be upstream of the cited symptom in the call/data flow.',
+    '2. SCAPEGOAT FILE — the failing test or the throwing line is in a file that is just the messenger. The actual defect lives in a file the failure passes through. Read the call stack / data path and place the finding at the source, not the sink.',
+    '3. INCOMPLETE TRACE — the chain from symptom to cause has unfilled gaps ("...somewhere in the middleware..."). Each step in the trace must be a file:line citation or an observed value. Gaps mean the maintainer redoes the investigation.',
+    '4. UNTESTED HYPOTHESIS — the proposed fix has no falsifier. Always state HOW the maintainer can verify the fix worked: which assertion now passes, which output is now right, which command no longer errors.',
+    '5. PARALLEL CAUSES — more than one independent root cause is plausible. If the evidence is consistent with two unrelated mechanisms, name both as separate findings. Do NOT collapse them.',
+    '6. PRE-EXISTING-VS-NEW ENTANGLEMENT — multiple bugs are entangled in one failure. Separate them. Identify which one the caller asked about; note the others under a separate section.',
+    '7. WRONG FIX SCOPE — the proposed fix is broader than the cause requires (a refactor when a one-line fix would do) or narrower than the cause requires (a band-aid that masks the bug). Match fix scope to the cause depth.',
+    '8. MISSING REPRODUCTION — there is no command, input, or state the maintainer can use to trigger the failure. Without reproduction the fix cannot be verified. If the caller did not provide one, infer it and state it explicitly.',
+    '9. CONFIDENCE OVERSTATEMENT — the chain has gaps but the finding is filed at `high` severity. Calibrate severity to evidence strength: gaps in the chain = lower severity OR explicit "this is the most likely candidate; verify by X" caveat.',
+    '',
+    'Severity calibration for debug:',
+    '- critical: confirmed root cause where applying the proposed fix incorrectly would ship a regression (e.g. fix at the wrong layer that hides the bug).',
+    '- high: confirmed root cause with full chain symptom → cause → reproduction → falsifier. The maintainer can apply directly.',
+    '- medium: plausible cause with most of the chain, one or two gaps the maintainer can fill. Mark gaps explicitly.',
+    '- low: partial trace, multiple candidates, or hypothesis without sufficient evidence. Use sparingly — most findings should be medium or high.',
+].join('\n');
+/**
+ * Counter-balance to the SEVERITY_LADDER's anti-inflation hint.
+ *
+ * The shared severity ladder warns against inflation. For debug, the
+ * common failure is the OPPOSITE — workers stop at the first plausible
+ * explanation (over-confidence on a shallow trace) rather than tracing
+ * to the actual cause. This block tells the worker the typical debug
+ * failure is shallow root-cause, not noisy hypothesis lists.
+ */
+export const THOROUGHNESS_REMINDER_DEBUG = [
+    'Thoroughness expectation for debug investigations:',
+    '- For non-trivial failures (test failure, runtime error, unexpected behavior), stopping at the first plausible explanation is the typical debug failure mode. Always check for SYMPTOM-NOT-CAUSE before filing a finding: ask "if I changed this line, would the failure still happen via a different path?"',
+    '- The SEVERITY_LADDER warns against inflation. That warning is calibrated for code reviews — for debug, the common failure is OVER-CONFIDENCE on a shallow trace (calling a symptom location the cause). Apply the failure-mode taxonomy first; THEN calibrate severity.',
+    '- Do not invent hypotheses to hit a quota. But if you have only one finding and the failure is non-trivial, double-check categories 1, 2, 3, and 5 (symptom-not-cause, scapegoat file, incomplete trace, parallel causes) — these are the ones investigators most often miss on first pass.',
+    '- Limit yourself to 3-5 most-likely hypotheses. Do NOT enumerate implausible ones to pad the list.',
+    '',
+    'Symptom → cause walk (REQUIRED on every investigation):',
+    '- Start at the SYMPTOM (where the failure surfaces — the error message, the failing assertion, the wrong output).',
+    '- Walk UPSTREAM in the call/data flow. At each step, check whether the state at that point is consistent with the failure or already wrong. The point where the state first becomes wrong is the cause.',
+    '- For each step in the walk, cite a file:line. If the walk crosses a function boundary, cite both sides (caller line + callee line).',
+    '- Worked example. A test fails with `TypeError: cannot read property "id" of undefined` at `tests/users.test.ts:42` (assertion on the response). The walk: assertion sees `response.user === undefined`; the route handler at `src/handlers/getUser.ts:18` returns `{ user: rows[0] }` from a DB call; the DB call at `src/db/users.ts:34` returns `[]` for the test fixture id; the fixture loader at `tests/fixtures/users.ts:12` writes to a different table than the handler reads. → CAUSE is `tests/fixtures/users.ts:12` (wrong table). The TypeError at `tests/users.test.ts:42` is the SYMPTOM. A finding that named `getUser.ts:18` as the cause would have shipped a fix that adds null-checking — masking the bug instead of fixing it.',
+    '- Most investigators miss findings of this shape on first pass because the failing line is loud and the upstream cause is quiet. The symptom → cause walk forces the trace.',
+].join('\n');
 export const ANNOTATOR_AWARENESS_DEBUG = [
     'After your output, an annotator validates each finding against this debug rubric:',
-    '- Is each finding a hypothesis or evidence chain (not an unrelated observation)?',
-    '- Does the reasoning chain logically connect the cited evidence to the hypothesis?',
-    '- Did you propose fixes without applying them (read-only contract)?',
-    '- Is severity calibrated to evidence strength?',
-    'Self-check before emitting. Findings that fail any check are downgraded or dropped.',
+    '- Is each finding a hypothesis with a complete trace from symptom to cause (not a point observation at the symptom)?',
+    '- Does the cited cause come UPSTREAM of the cited symptom in the call/data flow?',
+    '- Is there a reproduction step the maintainer can use to trigger the failure?',
+    '- Is there a falsifier the maintainer can use to verify the fix?',
+    '- Did you propose fixes WITHOUT applying them (read-only contract)?',
+    '- Is severity calibrated to evidence strength (gaps in chain = lower severity, not the same severity with hand-waving)?',
+    'Self-check before emitting. Findings that fail any check are downgraded or dropped — but partial-evidence hypotheses with explicit "the gap is here, verify by X" notes are FULLY VALID, do NOT downgrade them as "speculation". Debug is speculation narrowed by evidence; hand-waving is the failure mode, not careful gap-marking.',
 ].join('\n');
 //# sourceMappingURL=implementer-criteria.js.map

package/dist/tools/debug/implementer-criteria.js.map

@@ -1 +1 @@
-{"version":3,"file":"implementer-criteria.js","sourceRoot":"","sources":["../../../src/tools/debug/implementer-criteria.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,kEAAkE;IAClE,4GAA4G;IAC5G,0HAA0H;IAC1H,iKAAiK;CAClK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,QAAQ;IACR,8EAA8E;IAC9E,kKAAkK;CACnK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,mFAAmF;IACnF,kFAAkF;IAClF,oFAAoF;IACpF,qEAAqE;IACrE,gDAAgD;IAChD,qFAAqF;CACtF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC"}
+{"version":3,"file":"implementer-criteria.js","sourceRoot":"","sources":["../../../src/tools/debug/implementer-criteria.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,sCAAsC;IACtC,gLAAgL;IAChL,EAAE;IACF,+DAA+D;IAC/D,sFAAsF;IACtF,8GAA8G;IAC9G,8FAA8F;IAC9F,gHAAgH;IAChH,0GAA0G;IAC1G,2IAA2I;IAC3I,EAAE;IACF,0NAA0N;IAC1N,EAAE;IACF,4OAA4O;CAC7O,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,kDAAkD;IAClD,+GAA+G;IAC/G,kOAAkO;IAClO,8IAA8I;IAC9I,2KAA2K;IAC3K,kKAAkK;IAClK,iRAAiR;CAClR,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,QAAQ;IACR,8EAA8E;IAC9E,wMAAwM;IACxM,8OAA8O;IAC9O,kKAAkK;CACnK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,wEAAwE;IACxE,EAAE;IACF,4QAA4Q;IAC5Q,qPAAqP;IACrP,6OAA6O;IAC7O,+MAA+M;IAC/M,4LAA4L;IAC5L,uLAAuL;IACvL,6NAA6N;IAC7N,qOAAqO;IACrO,gPAAgP;IAChP,EAAE;IACF,iCAAiC;IACjC,wJAAwJ;IACxJ,6HAA6H;IAC7H,kHAAkH;IAClH,+IAA+I;CAChJ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,oDAAoD;IACpD,8SAA8S;IAC9S,0QAA0Q;IAC1Q,6RAA6R;IAC7R,oGAAoG;IACpG,EAAE;IACF,yDAAyD;IACzD,mHAAmH;IACnH,yMAAyM;IACzM,sIAAsI;IACtI,qtBAAqtB;IACrtB,6KAA6K;CAC9K,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,yBAAyB,GAAG;IACvC,mFAAmF;IACnF,sHAAsH;IACtH,kFAAkF;IAClF,+EAA+E;IAC/E,kEAAkE;IAClE,qEAAqE;IACrE,yHAAyH;IACzH,uUAAuU;CACxU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC"}

package/dist/tools/debug/tool-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tool-config.d.ts","sourceRoot":"","sources":["../../../src/tools/debug/tool-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAElF,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEvE,OAAO,EAAkB,KAAK,cAAc,EAAE,MAAM,4CAA4C,CAAC;AAUjG,wBAAgB,aAAa,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAYjE;AAoCD,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,CAoCjE,CAAC"}
+{"version":3,"file":"tool-config.d.ts","sourceRoot":"","sources":["../../../src/tools/debug/tool-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAElF,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AAEvE,OAAO,EAAkB,KAAK,cAAc,EAAE,MAAM,4CAA4C,CAAC;AAajG,wBAAgB,aAAa,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI,CAYjE;AAsDD,eAAO,MAAM,UAAU,EAAE,UAAU,CAAC,KAAK,EAAE,cAAc,EAAE,OAAO,CAoCjE,CAAC"}