@zigrivers/scaffold 2.38.1 → 2.44.2

package/pipeline/quality/review-operations.md

@@ -34,17 +34,24 @@ independent review validation.
 - (mvp) Monitoring verified against minimum set: latency, error rate, and saturation
 - (deep) Alert thresholds have rationale
 - (deep) Common failure scenarios have runbook entries
+- (mvp) At least production environment operations documented
 - (deep) Dev/staging/production environment differences documented in operations runbook
-- Every finding categorized P0-P3 with specific runbook section, metric, and issue
-- Fix plan documented for all P0/P1 findings; fixes applied to operations-runbook.md and re-validated
-- Downstream readiness confirmed — no unresolved P0 or P1 findings remain before security step proceeds
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (deep) Each health check endpoint specifies expected status code, response time SLA, failure thresholds
+- (mvp) Every finding categorized P0-P3 (P0 = Breaks downstream work. P1 = Prevents quality milestone. P2 = Known tech debt. P3 = Polish.) with specific runbook section, metric, and issue
+- (mvp) Fix plan documented for all P0/P1 findings; fixes applied to operations-runbook.md and re-validated
+- (mvp) Downstream readiness confirmed — no unresolved P0 or P1 findings remain before security step proceeds
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Methodology Scaling
 - **deep**: Full multi-pass review. Multi-model review dispatched to Codex and
   Gemini if available, with graceful fallback to Claude-only enhanced review.
 - **mvp**: Deployment coverage only.
-- **custom:depth(1-5)**: Depth 1: monitoring and logging pass only. Depth 2: add deployment and rollback pass. Depth 3: add incident response and scaling passes. Depth 4: add external model review. Depth 5: multi-model review with reconciliation.
+- **custom:depth(1-5)**:
+  - Depth 1: Monitoring and logging pass only (1 review pass)
+  - Depth 2: Add deployment and rollback pass (2 review passes)
+  - Depth 3: Add incident response and scaling passes (4 review passes)
+  - Depth 4: Add external model review (4 review passes + external dispatch)
+  - Depth 5: Multi-model review with reconciliation (4 review passes + multi-model synthesis)
 
 ## Mode Detection
 Re-review mode if previous review exists. If multi-model review artifacts exist

package/pipeline/quality/review-security.md

@@ -38,17 +38,22 @@ independent review validation.
 - (deep) Secrets management covers: all environment variables, API keys, database credentials, and third-party tokens
 - (deep) Dependency audit scope covers all dependencies
 - (deep) Threat model covers all trust boundaries
-- (deep) Data classification covers every entity in the domain model
-- Every finding categorized P0-P3 with specific control, boundary, and issue
-- Fix plan documented for all P0/P1 findings; fixes applied to security-review.md and re-validated
-- Downstream readiness confirmed — no unresolved P0 or P1 findings remain before planning phase proceeds
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (deep) If docs/domain-models/ exists, data classification covers every entity in the domain model. Otherwise, data classification derived from user stories and API contracts.
+- (mvp) Every finding categorized P0-P3 (P0 = Breaks downstream work. P1 = Prevents quality milestone. P2 = Known tech debt. P3 = Polish.) with specific control, boundary, and issue
+- (mvp) Fix plan documented for all P0/P1 findings; fixes applied to security-review.md and re-validated
+- (mvp) Downstream readiness confirmed — no unresolved P0 or P1 findings remain before planning phase proceeds
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Methodology Scaling
 - **deep**: Full multi-pass review. Multi-model review dispatched to Codex and
   Gemini if available, with graceful fallback to Claude-only enhanced review.
 - **mvp**: OWASP coverage check only.
-- **custom:depth(1-5)**: Depth 1: OWASP top 10 and secrets management pass only. Depth 2: add auth boundary and input validation passes. Depth 3: add dependency audit and data protection passes. Depth 4: add external model security review. Depth 5: multi-model security review with reconciliation.
+- **custom:depth(1-5)**:
+  - Depth 1: OWASP top 10 and secrets management pass only (1 review pass)
+  - Depth 2: Add auth boundary and input validation passes (2 review passes)
+  - Depth 3: Add dependency audit and data protection passes (4 review passes)
+  - Depth 4: Add external model security review (4 review passes + external dispatch)
+  - Depth 5: Multi-model security review with reconciliation (4 review passes + multi-model synthesis)
 
 ## Mode Detection
 Re-review mode if previous review exists. If multi-model review artifacts exist

package/pipeline/quality/review-testing.md

@@ -33,21 +33,26 @@ independent review validation.
 
 ## Quality Criteria
 - (mvp) Coverage gaps by layer documented with severity
-- (deep) Domain invariant test cases verified
+- (deep) If docs/domain-models/ exists, domain invariant test cases verified. Otherwise, test invariants derived from story acceptance criteria.
 - (deep) Each test environment assumption verified against actual environment config or flagged as unverifiable
 - (deep) Performance test coverage assessed against NFRs
 - (deep) Integration boundaries have integration tests defined
-- Every finding categorized P0-P3 with specific test layer, gap, and issue
-- Fix plan documented for all P0/P1 findings; fixes applied to tdd-standards.md and re-validated
-- Downstream readiness confirmed — no unresolved P0 or P1 findings remain before operations step proceeds
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Every finding categorized P0-P3 (P0 = Breaks downstream work. P1 = Prevents quality milestone. P2 = Known tech debt. P3 = Polish.) with specific test layer, gap, and issue
+- (mvp) Fix plan documented for all P0/P1 findings; fixes applied to tdd-standards.md and re-validated
+- (mvp) Downstream readiness confirmed — no unresolved P0 or P1 findings remain before operations step proceeds
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Methodology Scaling
 - **deep**: Full multi-pass review targeting all testing failure modes. Multi-model
   review dispatched to Codex and Gemini if available, with graceful fallback
   to Claude-only enhanced review.
 - **mvp**: Coverage gap check only.
-- **custom:depth(1-5)**: Depth 1: test coverage and pyramid balance pass only. Depth 2: add test quality and naming convention passes. Depth 3: add edge case coverage and CI integration passes. Depth 4: add external model review. Depth 5: multi-model review with reconciliation.
+- **custom:depth(1-5)**:
+  - Depth 1: Test coverage and pyramid balance pass only (1 review pass)
+  - Depth 2: Add test quality and naming convention passes (2 review passes)
+  - Depth 3: Add edge case coverage and CI integration passes (4 review passes)
+  - Depth 4: Add external model review (4 review passes + external dispatch)
+  - Depth 5: Multi-model review with reconciliation (4 review passes + multi-model synthesis)
 
 ## Mode Detection
 Re-review mode if docs/reviews/review-testing.md or docs/reviews/testing/

package/pipeline/quality/security.md

@@ -47,8 +47,12 @@ threat modeling across all trust boundaries.
   scope. Compliance checklist (if applicable).
 - **mvp**: Key security controls. Auth approach. No secrets in code.
   Basic input validation strategy.
-- **custom:depth(1-5)**: Depth 1-2: MVP-style. Depth 3: add threat model.
-  Depth 4-5: full security review.
+- **custom:depth(1-5)**:
+  - Depth 1: key security controls and auth approach.
+  - Depth 2: add secrets management strategy and basic input validation.
+  - Depth 3: add threat model (basic STRIDE) and data classification.
+  - Depth 4: full threat model with OWASP analysis per component and compliance checklist.
+  - Depth 5: full security review with penetration testing scope, dependency audit strategy, and advanced controls.
 
 ## Mode Detection
 Check for docs/security-review.md. If it exists, operate in update mode: read

package/pipeline/quality/story-tests.md

@@ -36,15 +36,17 @@ pending/skipped — developers implement them during TDD execution.
   ACs → test cases, and layer assignments (unit/integration/e2e)
 
 ## Quality Criteria
-- (mvp) Every user story in docs/user-stories.md has a corresponding test file
+- (mvp) Every Must-have user story has a corresponding test file
 - (mvp) Every acceptance criterion has at least one tagged test case
-- Test cases are tagged with story ID and AC ID for traceability
+- (mvp) Test cases are tagged with story ID and AC ID for traceability
 - (deep) Test layer assignment: single-function ACs → unit; cross-component ACs → integration; full user journey ACs → e2e
-- Test files use the project's test framework from docs/tech-stack.md
-- All test cases are created as pending/skipped (not implemented)
-- docs/story-tests-map.md shows 100% AC-to-test-case coverage
-- Test file location follows conventions from docs/project-structure.md
+- (mvp) Test files use the project's test framework from docs/tech-stack.md
+- (mvp) All test cases are created as pending/skipped (or equivalent framework pause/skip mechanism) (not implemented)
+- (mvp) docs/story-tests-map.md shows 100% AC-to-test-case coverage
+- (mvp) Test file location follows conventions from docs/project-structure.md
 - (deep) Test data fixtures and dependencies documented for each test file
+- (deep) Each pending test case includes story ID and AC ID tags, GWT structure, and at least one assertion hint
+- (mvp) If api-contracts.md does not exist, API test skeletons derived from user story acceptance criteria instead
 
 ## Methodology Scaling
 - **deep**: All stories get test files. Negative test cases for every happy path
@@ -52,9 +54,12 @@ pending/skipped — developers implement them during TDD execution.
   e2e where applicable). Traceability matrix with confidence analysis.
 - **mvp**: Test files for Must-have stories only. One test case per AC. No
   layer splitting — all tests in acceptance/ directory.
-- **custom:depth(1-5)**: Depth 1: Must-have stories only. Depth 2: add
-  Should-have. Depth 3: add negative cases. Depth 4: add boundary conditions
-  and layer splitting. Depth 5: full suite with all stories and edge cases.
+- **custom:depth(1-5)**:
+  - Depth 1: Must-have stories only, one test case per AC
+  - Depth 2: Add Should-have stories
+  - Depth 3: Add negative test cases for every happy-path AC
+  - Depth 4: Add boundary condition tests and layer splitting (unit/integration/e2e)
+  - Depth 5: Full suite — all stories including Could-have, edge cases, and confidence analysis in traceability matrix
 
 ## Mode Detection
 Update mode if tests/acceptance/ directory exists. In update mode: add test

package/pipeline/specification/api-contracts.md

@@ -27,7 +27,8 @@ enabling parallel development with confidence.
   shapes, error contracts, auth requirements
 
 ## Quality Criteria
-- (mvp) Every domain operation that crosses a component boundary has an API endpoint
+- (mvp) Every domain operation that crosses a component boundary maps to >= 1 API endpoint
+- (mvp) If domain-models/ does not exist, API boundaries derived from user story acceptance criteria
 - (mvp) Every endpoint documents: success response code, error response codes, error response body schema, and at least 2 domain-specific error codes per endpoint with human-readable reason phrases (e.g., 400 `invalid_email`, 409 `user_already_exists`)
 - (mvp) Authentication and authorization requirements per endpoint
 - (deep) Versioning strategy documented (if applicable)
@@ -35,6 +36,7 @@ enabling parallel development with confidence.
 - (deep) Idempotency documented for mutating operations
 - (deep) Pagination schema documented for all list endpoints (cursor or offset, page size limits, total count)
 - (mvp) Example request and response payloads included for each endpoint
+- (mvp) Every API endpoint from system-architecture.md is specified
 
 ## Methodology Scaling
 - **deep**: OpenAPI-style specification. Full request/response schemas with
@@ -42,8 +44,12 @@ enabling parallel development with confidence.
   SDK generation considerations.
 - **mvp**: Endpoint list with HTTP methods and brief descriptions. Key
   request/response shapes. Auth approach.
-- **custom:depth(1-5)**: Depth 1-2: endpoint list. Depth 3: add schemas and
-  error contracts. Depth 4-5: full OpenAPI-style spec.
+- **custom:depth(1-5)**:
+  - Depth 1: endpoint list with HTTP methods and brief descriptions.
+  - Depth 2: endpoint list with key request/response shapes and auth approach.
+  - Depth 3: add full schemas, error contracts with domain-specific codes, and example payloads.
+  - Depth 4: full OpenAPI-style spec with rate limiting, pagination, and idempotency documentation.
+  - Depth 5: full spec with SDK generation considerations, versioning strategy, and auth flow diagrams.
 
 ## Mode Detection
 Check for docs/api-contracts.md. If it exists, operate in update mode: read

package/pipeline/specification/database-schema.md

@@ -29,19 +29,25 @@ from the application's query patterns.
 
 ## Quality Criteria
 - (mvp) Every domain entity maps to a table/collection (or justified denormalization)
+- (mvp) If domain-models/ does not exist, entities derived from user story nouns and PRD feature descriptions
 - (mvp) Relationships match domain model relationships
 - (mvp) Constraints enforce domain invariants at the database level
 - (deep) Migration strategy specifies: migration tool, forward migration approach, rollback approach, and data preservation policy
 - (deep) Every migration is reversible (rollback script or equivalent exists)
 - (mvp) Indexes cover all query patterns referenced in docs/api-contracts.md (if it exists)
+- (mvp) Schema does not contradict upstream domain models (entity names, relationships, and invariants match docs/domain-models/)
 
 ## Methodology Scaling
 - **deep**: Full schema specification. CREATE TABLE statements or equivalent.
   Index justification with query patterns. Normalization analysis. Migration
   plan with rollback strategy. Seed data strategy.
 - **mvp**: Entity-to-table mapping. Key relationships. Primary indexes only.
-- **custom:depth(1-5)**: Depth 1-2: mapping only. Depth 3: add indexes and
-  constraints. Depth 4-5: full specification with migrations.
+- **custom:depth(1-5)**:
+  - Depth 1: entity-to-table mapping with primary keys only.
+  - Depth 2: entity-to-table mapping with key relationships and primary indexes.
+  - Depth 3: add secondary indexes, constraints enforcing domain invariants, and normalization analysis.
+  - Depth 4: full specification with migration plan, rollback strategy, and index justification with query patterns.
+  - Depth 5: full specification with seed data strategy, performance annotations, and multi-environment migration considerations.
 
 ## Mode Detection
 Check for docs/database-schema.md. If it exists, operate in update mode: read

package/pipeline/specification/review-api.md

@@ -33,21 +33,27 @@ independent review validation.
 
 ## Quality Criteria
 - (mvp) Operation coverage against domain model verified
-- (deep) Error contracts complete and consistent
+- (deep) Error contracts complete: every endpoint documents ≥2 domain-specific error codes, human-readable reason phrases, and a consistent error response schema
 - (deep) Auth requirements specified for every endpoint
 - (deep) Versioning strategy consistent with ADRs
 - (deep) Idempotency documented for all mutating operations
-- (mvp) Every finding categorized P0-P3 with specific endpoint, field, and issue
+- (mvp) Every finding categorized P0-P3 (P0 = Breaks downstream work. P1 = Prevents quality milestone. P2 = Known tech debt. P3 = Polish.) with specific endpoint, field, and issue
 - (mvp) Fix plan documented for all P0/P1 findings; fixes applied to api-contracts.md and re-validated
+- (mvp) Review report includes explicit Readiness Status section
 - (mvp) Downstream readiness confirmed — no unresolved P0 or P1 findings remain before UX spec proceeds
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Methodology Scaling
 - **deep**: Full multi-pass review targeting all API failure modes. Multi-model
   review dispatched to Codex and Gemini if available, with graceful fallback
   to Claude-only enhanced review.
 - **mvp**: Operation coverage check only.
-- **custom:depth(1-5)**: Depth 1: endpoint coverage and response format pass only. Depth 2: add error handling and auth requirement passes. Depth 3: add idempotency, pagination, and versioning passes. Depth 4: add external model API review. Depth 5: multi-model review with reconciliation.
+- **custom:depth(1-5)**:
+  - Depth 1: Endpoint coverage and response format pass only (1 review pass)
+  - Depth 2: Add error handling and auth requirement passes (2 review passes)
+  - Depth 3: Add idempotency, pagination, and versioning passes (4 review passes)
+  - Depth 4: Add external model API review (4 review passes + external dispatch)
+  - Depth 5: Multi-model review with reconciliation (4 review passes + multi-model synthesis)
 
 ## Mode Detection
 Re-review mode if previous review exists. If multi-model review artifacts exist

package/pipeline/specification/review-database.md

@@ -36,17 +36,22 @@ independent review validation.
 - (deep) Index coverage for known query patterns verified
 - (deep) Migration safety assessed
 - (mvp) Referential integrity matches domain invariants
-- (mvp) Every finding categorized P0-P3 with specific table, column, and issue
+- (mvp) Every finding categorized P0-P3 (P0 = Breaks downstream work. P1 = Prevents quality milestone. P2 = Known tech debt. P3 = Polish.) with specific table, column, and issue
 - (mvp) Fix plan documented for all P0/P1 findings; fixes applied to database-schema.md and re-validated
 - (mvp) Downstream readiness confirmed — no unresolved P0 or P1 findings remain before API contracts proceed
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Methodology Scaling
 - **deep**: Full multi-pass review targeting all schema failure modes. Multi-model
   review dispatched to Codex and Gemini if available, with graceful fallback
   to Claude-only enhanced review.
 - **mvp**: Entity coverage check only.
-- **custom:depth(1-5)**: Depth 1: entity coverage and normalization pass only. Depth 2: add index strategy and migration safety passes. Depth 3: add query performance and data integrity passes. Depth 4: add external model review. Depth 5: multi-model review with reconciliation.
+- **custom:depth(1-5)**:
+  - Depth 1: Entity coverage and normalization pass only (1 review pass)
+  - Depth 2: Add index strategy and migration safety passes (2 review passes)
+  - Depth 3: Add query performance and data integrity passes (4 review passes)
+  - Depth 4: Add external model review (4 review passes + external dispatch)
+  - Depth 5: Multi-model review with reconciliation (4 review passes + multi-model synthesis)
 
 ## Mode Detection
 Re-review mode if previous review exists. If multi-model review artifacts exist

package/pipeline/specification/review-ux.md

@@ -37,16 +37,22 @@ independent review validation.
 - (deep) Every user action has at minimum: loading, success, and error states documented
 - (deep) Design system consistency verified
 - (deep) Error states present for all failure-capable actions
-- (mvp) Every finding categorized P0-P3 with specific flow, screen, and issue
+- (mvp) Every finding categorized P0-P3 (P0 = Breaks downstream work. P1 = Prevents quality milestone. P2 = Known tech debt. P3 = Polish.) with specific flow, screen, and issue
 - (mvp) Fix plan documented for all P0/P1 findings; fixes applied to ux-spec.md and re-validated
+- (mvp) Review report includes explicit Readiness Status section
 - (mvp) Downstream readiness confirmed — no unresolved P0 or P1 findings remain before quality phase proceeds
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Methodology Scaling
 - **deep**: Full multi-pass review. Multi-model review dispatched to Codex and
   Gemini if available, with graceful fallback to Claude-only enhanced review.
 - **mvp**: Journey coverage only.
-- **custom:depth(1-5)**: Depth 1: flow completeness and accessibility pass only. Depth 2: add responsive design and error state passes. Depth 3: add interaction patterns and platform consistency passes. Depth 4: add external model UX review. Depth 5: multi-model review with reconciliation.
+- **custom:depth(1-5)**:
+  - Depth 1: Flow completeness and accessibility pass only (1 review pass)
+  - Depth 2: Add responsive design and error state passes (2 review passes)
+  - Depth 3: Add interaction patterns and platform consistency passes (4 review passes)
+  - Depth 4: Add external model UX review (4 review passes + external dispatch)
+  - Depth 5: Multi-model review with reconciliation (4 review passes + multi-model synthesis)
 
 ## Mode Detection
 Re-review mode if previous review exists. If multi-model review artifacts exist

package/pipeline/specification/ux-spec.md

@@ -29,9 +29,10 @@ step consumes those tokens, it does not redefine them.
 - docs/ux-spec.md — UX specification with flows, components, design system
 
 ## Quality Criteria
-- (mvp) Every PRD user journey has a corresponding flow with all states documented
+- (mvp) Every user story's acceptance criteria maps to >= 1 documented flow
+- (mvp) If design-system.md does not exist, use framework defaults for spacing, typography, and color
 - (mvp) Component hierarchy covers all UI states (loading, error, empty, populated)
-- References design tokens from docs/design-system.md (does not redefine them)
+- (mvp) References design tokens from docs/design-system.md (does not redefine them)
 - (deep) Accessibility requirements documented (WCAG level, keyboard nav, screen readers)
 - (deep) Responsive breakpoints defined with layout behavior per breakpoint
 - (mvp) Error states documented for every user action that can fail
@@ -42,8 +43,12 @@ step consumes those tokens, it does not redefine them.
   Complete design system. Interaction state machines. Accessibility audit
   checklist. Animation and transition specs.
 - **mvp**: Key user flows. Core component list. Basic design tokens.
-- **custom:depth(1-5)**: Depth 1-2: flows and components. Depth 3: add design
-  system. Depth 4-5: full specification with accessibility.
+- **custom:depth(1-5)**:
+  - Depth 1: key user flows with primary states (success and error).
+  - Depth 2: user flows with core component list and basic state documentation.
+  - Depth 3: add design system token references, interaction state machines, and responsive behavior.
+  - Depth 4: full specification with accessibility audit, keyboard navigation, and screen reader considerations.
+  - Depth 5: full specification with animation/transition specs, comprehensive WCAG compliance checklist, and detailed wireframe descriptions.
 
 ## Mode Detection
 Check for docs/ux-spec.md. If it exists, operate in update mode: read existing

package/pipeline/validation/critical-path-walkthrough.md

@@ -32,12 +32,12 @@ spec gaps along the critical path.
 - docs/validation/critical-path-walkthrough/gemini-review.json (depth 4+, if available) — raw Gemini findings
 
 ## Quality Criteria
-- (mvp) Top critical user journeys (all Must-have epics, minimum 3) traced end-to-end
+- (mvp) User specifies >= 3 Must-have epics as critical user journeys; each traced end-to-end
 - (deep) Every journey verified at each layer: PRD → Story → UX → API → Architecture → DB → Task
 - (deep) Each critical path verified against story acceptance criteria for behavioral correctness
-- Missing layers or broken handoffs documented with specific gap description
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Missing layers or broken handoffs documented with specific gap description
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -57,7 +57,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: identify critical path and verify task ordering. Depth 2: add dependency bottleneck analysis. Depth 3: full walkthrough simulating agent execution of critical path tasks. Depth 4: add external model simulation. Depth 5: multi-model walkthrough with divergence analysis.
+- **custom:depth(1-5)**:
+  - Depth 1: identify critical path and verify task ordering.
+  - Depth 2: add dependency bottleneck analysis.
+  - Depth 3: full walkthrough simulating agent execution of critical path tasks.
+  - Depth 4: add external model simulation.
+  - Depth 5: multi-model walkthrough with divergence analysis.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/validation/cross-phase-consistency.md

@@ -33,9 +33,9 @@ drift patterns.
 - (mvp) Entity names are consistent across domain models, database schema, and API contracts (zero mismatches)
 - (mvp) Technology references match `docs/tech-stack.md` in all documents
 - (deep) Data flow descriptions in architecture match API endpoint definitions
-- (deep) Terminology is consistent (same concept never uses two different names)
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (deep) Every named entity in the domain model has exactly one name used consistently across domain-models/, api-contracts.md, database-schema.md, and ux-spec.md
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -55,7 +55,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: entity name check across PRD, user stories, and domain models. Depth 2: add tech stack reference consistency. Depth 3: full terminology audit across all documents with naming collision detection. Depth 4: add external model cross-check. Depth 5: multi-model reconciliation of consistency findings.
+- **custom:depth(1-5)**:
+  - Depth 1: entity name check across PRD, user stories, and domain models.
+  - Depth 2: add tech stack reference consistency.
+  - Depth 3: full terminology audit across all documents with naming collision detection.
+  - Depth 4: add external model cross-check.
+  - Depth 5: multi-model reconciliation of consistency findings.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/validation/decision-completeness.md

@@ -35,8 +35,8 @@ decisions.
 - (mvp) No two ADRs contradict each other
 - (deep) Every ADR has alternatives-considered section with pros/cons
 - (deep) Every ADR referenced in `docs/system-architecture.md` exists in `docs/adrs/`
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -56,7 +56,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: verify each major tech choice has an ADR. Depth 2: add alternatives-considered check. Depth 3: full ADR completeness audit (rationale, consequences, status). Depth 4: add external model review of decision quality. Depth 5: multi-model reconciliation of decision coverage.
+- **custom:depth(1-5)**:
+  - Depth 1: verify each major tech choice has an ADR.
+  - Depth 2: add alternatives-considered check.
+  - Depth 3: full ADR completeness audit (rationale, consequences, status).
+  - Depth 4: add external model review of decision quality.
+  - Depth 5: multi-model reconciliation of decision coverage.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/validation/dependency-graph-validation.md

@@ -36,8 +36,8 @@ and completeness issues.
 - (deep) Critical path identified and total estimated duration documented
 - (deep) No task is blocked by more than 3 sequential dependencies (flag deep chains)
 - (deep) Wave assignments are consistent with dependency ordering
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -57,7 +57,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: cycle detection and basic ordering check. Depth 2: add transitive dependency completeness. Depth 3: full DAG validation with critical path identification and parallelization opportunities. Depth 4: add external model review. Depth 5: multi-model validation with optimization recommendations.
+- **custom:depth(1-5)**:
+  - Depth 1: cycle detection and basic ordering check.
+  - Depth 2: add transitive dependency completeness.
+  - Depth 3: full DAG validation with critical path identification and parallelization opportunities.
+  - Depth 4: add external model review.
+  - Depth 5: multi-model validation with optimization recommendations.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/validation/implementability-dry-run.md

@@ -31,13 +31,12 @@ when simulating implementation.
 - docs/validation/implementability-dry-run/gemini-review.json (depth 4+, if available) — raw Gemini findings
 
 ## Quality Criteria
-- (mvp) Every task has sufficient input specification for an agent to start without guessing
-- (mvp) Every task has testable acceptance criteria
+- (mvp) Every task specifies: input file paths, expected output artifacts, testable acceptance criteria, and references to upstream documents
 - (deep) No task references undefined concepts, components, or APIs
 - (deep) Every task's dependencies are present in the implementation plan
 - (deep) Shared code patterns identified and documented (no duplication risk across tasks)
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -57,7 +56,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: verify each task has enough context to start. Depth 2: add tool/dependency availability check. Depth 3: full dry-run simulation of first 3 tasks with quality gate verification. Depth 4: add external model dry-run. Depth 5: multi-model dry-run with implementation plan revision recommendations.
+- **custom:depth(1-5)**:
+  - Depth 1: verify each task has enough context to start.
+  - Depth 2: add tool/dependency availability check.
+  - Depth 3: full dry-run simulation of first 3 tasks with quality gate verification.
+  - Depth 4: add external model dry-run.
+  - Depth 5: multi-model dry-run with implementation plan revision recommendations.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/validation/scope-creep-check.md

@@ -33,13 +33,13 @@ differently, surfacing subtle creep.
 - docs/validation/scope-creep-check/gemini-review.json (depth 4+, if available) — raw Gemini findings
 
 ## Quality Criteria
-- (mvp) Every user story traces back to a PRD feature or requirement
-- (mvp) Every architecture component traces to a PRD requirement
-- Items beyond PRD scope are flagged with disposition (remove, defer, or justify)
+- (mvp) Every user story maps to a PRD feature or requirement
+- (mvp) Every architecture component maps to a PRD requirement
+- (mvp) Items beyond PRD scope are flagged with disposition (remove, defer, or justify)
 - (deep) No "gold-plating" — implementation tasks do not exceed story acceptance criteria
 - (deep) Feature count has not grown beyond PRD scope without documented justification
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -59,7 +59,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: feature count comparison (PRD vs implementation plan). Depth 2: add component-level tracing. Depth 3: full story-level and task-level audit against original PRD scope. Depth 4: add external model scope assessment. Depth 5: multi-model scope review with risk-weighted creep analysis.
+- **custom:depth(1-5)**:
+  - Depth 1: feature count comparison (PRD vs implementation plan).
+  - Depth 2: add component-level tracing.
+  - Depth 3: full story-level and task-level audit against original PRD scope.
+  - Depth 4: add external model scope assessment.
+  - Depth 5: multi-model scope review with risk-weighted creep analysis.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/validation/traceability-matrix.md

@@ -35,14 +35,14 @@ coverage gaps.
 - docs/validation/traceability-matrix/gemini-review.json (depth 4+, if available) — raw Gemini findings
 
 ## Quality Criteria
-- (mvp) Every PRD requirement maps to >= 1 user story
+- (mvp) Every feature and user-facing behavior in the PRD's feature list maps to >= 1 user story
 - (mvp) Every user story maps to >= 1 implementation task
 - (deep) Every acceptance criterion maps to >= 1 test case (verified against `docs/story-tests-map.md`)
 - (deep) Every test case maps to >= 1 implementation task
-- (deep) No orphan items in either direction at any layer
+- (deep) Every Must-have and Should-have item maps to >= 1 downstream artifact. Nice-to-have items may be orphaned with explicit rationale.
 - (deep) Bidirectional traceability verified: PRD → Stories → Domain → Architecture → Tasks
-- Findings categorized P0-P3 with specific file, section, and issue for each
-- (depth 4+) Multi-model findings synthesized with consensus/disagreement analysis
+- (mvp) Findings categorized P0-P3 with specific file, section, and issue for each
+- (depth 4+) Multi-model findings synthesized: Consensus (all models agree), Majority (2+ models agree), or Divergent (models disagree — present to user for decision)
 
 ## Finding Disposition
 - **P0 (blocking)**: Must be resolved before proceeding to implementation. Create
@@ -62,7 +62,12 @@ proceeding without acknowledgment.
   dispatched to Codex and Gemini if available, with graceful fallback to
   Claude-only enhanced validation.
 - **mvp**: High-level scan for blocking issues only.
-- **custom:depth(1-5)**: Depth 1: PRD requirement to user story mapping only. Depth 2: add story to implementation task mapping. Depth 3: full bidirectional chain (PRD → story → task → test → eval). Depth 4: add external model verification of coverage gaps. Depth 5: multi-model reconciliation with gap resolution recommendations.
+- **custom:depth(1-5)**:
+  - Depth 1: PRD requirement to user story mapping only.
+  - Depth 2: add story to implementation task mapping.
+  - Depth 3: full bidirectional chain (PRD → story → task → test → eval).
+  - Depth 4: add external model verification of coverage gaps.
+  - Depth 5: multi-model reconciliation with gap resolution recommendations.
 
 ## Mode Detection
 Not applicable — validation always runs fresh against current artifacts. If

package/pipeline/vision/create-vision.md

@@ -30,7 +30,7 @@ throughout the entire pipeline.
 - (mvp) Vision statement describes positive change in the world, not a product feature
 - (mvp) Vision statement is a single sentence of 25 words or fewer
 - (mvp) Target audience defined by behaviors and motivations, not demographics
-- (deep) For each competitor, at least one strength is documented alongside weaknesses
+- (deep) Each named competitor has >= 1 documented strength and >= 1 documented weakness with specific examples
 - (mvp) Each guiding principle is framed as 'We choose X over Y' where Y is a legitimate alternative
 - (deep) Anti-vision contains >= 3 named traps, each referencing a concrete product direction or feature class
 - (deep) Business model addresses sustainability without being a full business plan
@@ -43,9 +43,12 @@ throughout the entire pipeline.
   analysis, multi-year success horizon. 3-5 pages.
 - **mvp**: Vision statement, target audience, core problem, value proposition,
   2-3 guiding principles. 1 page. Enough to anchor the PRD.
-- **custom:depth(1-5)**: Depth 1-2: MVP-style. Depth 3: add competitive
-  landscape and anti-vision. Depth 4: add business model and strategic risks.
-  Depth 5: full document with all 12 sections.
+- **custom:depth(1-5)**:
+  - Depth 1: MVP-style — vision statement, target audience, core problem, value proposition. 1 page.
+  - Depth 2: MVP + 2-3 guiding principles with tradeoff framing. 1-2 pages.
+  - Depth 3: Add competitive landscape and anti-vision. 2-3 pages.
+  - Depth 4: Add business model, strategic risks, and success horizon. 3-4 pages.
+  - Depth 5: Full document with all 12 sections, multi-year success criteria. 3-5 pages.
 
 ## Mode Detection
 If docs/vision.md exists, this is an update. Read and analyze the existing