agents-templated 2.2.0 → 2.2.2

package/templates/.claude/rules/workflows.mdc

@@ -0,0 +1,61 @@
+---
+title: "Development Workflow Guidelines"
+description: "Apply when optimizing development process, running pre-commit checks, or keeping project healthy"
+alwaysApply: false
+version: "1.0.0"
+tags: ["workflow", "quality", "validation", "commit"]
+globs:
+  - "**/*"
+triggers:
+  - "User asks about workflow or pre-commit steps"
+  - "Need to keep project validated"
+  - "Running quality gates before merge"
+  - "Post-hardening verification needed"
+---
+
+# Development Workflow Guidelines
+
+Technology-agnostic suggestions for keeping the project healthy and maintaining quality before commits.
+
+## When This Rule Applies
+
+Use this guidance when the user asks about workflow, pre-commit checks, or keeping the project validated. Do not force these steps on every change—treat them as recommended practices.
+
+## Project Health (agents-templated)
+
+If this project was scaffolded with agents-templated:
+
+- **Periodically**: Run `agents-templated validate` to ensure required docs and rules are present; run `agents-templated doctor` for environment and configuration recommendations.
+- **After pulling template updates**: Run `agents-templated update --check-only` to see available updates, then `agents-templated update` if you want to apply them (with backup).
+
+These commands help keep agent rules, documentation, and security patterns in sync.
+
+## Pre-Commit Quality Gates
+
+Before committing, consider running (in order):
+
+1. **Lint** – Your stack's linter (e.g. ESLint, Pylint, golangci-lint) to catch style and simple issues.
+2. **Type check** – If applicable (TypeScript, mypy, etc.) to catch type errors.
+3. **Tests** – At least the fast test suite (e.g. unit tests) so regressions are caught early.
+4. **Project validation** – For agents-templated projects, `agents-templated validate` can confirm setup is intact.
+
+For high-risk or distributed-client releases, add hardening-specific checks before merge/release:
+
+5. **Hardening profile selection** – Document threat model and selected profile from `.claude/rules/hardening.mdc`.
+6. **Post-hardening verification** – Run functional regression and performance checks on hardened artifacts.
+7. **Artifact controls** – Verify restricted handling for symbol/mapping/debug artifacts and confirm rollback path.
+
+Do not commit with failing lint or tests unless the user explicitly requests a WIP commit (e.g. with `--no-verify` or a clear "work in progress" message).
+
+## Commit Messages
+
+- Prefer clear, descriptive messages (e.g. conventional commits: `feat:`, `fix:`, `docs:`).
+- Reference issues or tickets when relevant (e.g. "Closes #123").
+- Keep the body focused on what changed and why, not how.
+
+## Summary
+
+- Use **agents-templated validate** and **doctor** to maintain project setup and get recommendations.
+- Run **lint**, **type check**, and **tests** before committing when possible.
+- For hardening-required releases, include profile rationale, post-hardening verification evidence, and rollback readiness.
+- Write clear commit messages and reference issues where applicable.

package/templates/.cursorrules

@@ -1,9 +1,6 @@
-<!-- GENERATED FILE - DO NOT EDIT DIRECTLY -->
-<!-- Source of truth: instructions/source/core.md -->
 <!-- Tool profile: cursor-compat -->
 # Cursor Rules
 
-Primary policy source: `instructions/source/core.md`.
+Primary policy source: `CLAUDE.md`.
 Load policy only from the canonical source file above.
-Do not duplicate, summarize, or inline rules in this file.
-If this file and the canonical source conflict, the canonical source wins.
+If this file and CLAUDE.md conflict, CLAUDE.md wins.

package/templates/CLAUDE.md

@@ -7,23 +7,23 @@ All policy, routing, and skill governance lives here — edit this file directly
 
 ## Reference Index
 
-### Rule modules (`.github/instructions/rules/`)
-
-| Module | File | Governs |
-|--------|------|---------|
-| Security | `.github/instructions/rules/security.mdc` | Validation, authn/authz, secrets, rate limiting |
-| Testing | `.github/instructions/rules/testing.mdc` | Strategy, coverage mix, test discipline |
-| Core | `.github/instructions/rules/core.mdc` | Type safety, runtime boundaries, error modeling |
-| Database | `.github/instructions/rules/database.mdc` | ORM patterns, migrations, query safety |
-| Frontend | `.github/instructions/rules/frontend.mdc` | Accessibility, responsiveness, client trust boundaries |
-| Style | `.github/instructions/rules/style.mdc` | Naming, modularity, separation of concerns |
-| System Workflow | `.github/instructions/rules/system-workflow.mdc` | Branching, PR structure, review gates |
-| Workflows | `.github/instructions/rules/workflows.mdc` | Automation, CI/CD, deployment gates |
-| Hardening | `.github/instructions/rules/hardening.mdc` | Threat modeling, audit mode, dependency review |
-| Intent Routing | `.github/instructions/rules/intent-routing.mdc` | Deterministic task-to-rule mapping |
-| Planning | `.github/instructions/rules/planning.mdc` | Feature discussion and implementation planning |
-| AI Integration | `.github/instructions/rules/ai-integration.mdc` | LLM safety, cost controls, fallback behavior |
-| Guardrails | `.github/instructions/rules/guardrails.mdc` | Hard stops, scope control, reversibility, minimal footprint |
+### Rule modules (`.claude/rules/`)
+
+| Module | File | Apply when... |
+|--------|------|---------------|
+| Security | `.claude/rules/security.mdc` | Implementing authentication, validating inputs, protecting against injection attacks |
+| Testing | `.claude/rules/testing.mdc` | Adding tests, verifying coverage, validating quality before deployment |
+| Core | `.claude/rules/core.mdc` | Designing architecture, setting up projects, defining type systems |
+| Database | `.claude/rules/database.mdc` | Designing schema, building data access layers, optimizing queries |
+| Frontend | `.claude/rules/frontend.mdc` | Building UI components, designing pages, creating forms, implementing accessibility |
+| Style | `.claude/rules/style.mdc` | Organizing code, naming variables, improving clarity and maintainability |
+| System Workflow | `.claude/rules/system-workflow.mdc` | Planning delivery phases, defining acceptance criteria, establishing rollback |
+| Workflows | `.claude/rules/workflows.mdc` | Optimizing development process, running pre-commit checks, keeping project healthy |
+| Hardening | `.claude/rules/hardening.mdc` | Building distributed apps, protecting IP logic, preparing production releases |
+| Intent Routing | `.claude/rules/intent-routing.mdc` | Determining which rule applies, routing to correct execution pathway |
+| Planning | `.claude/rules/planning.mdc` | Implementing features, designing systems, making architectural decisions |
+| AI Integration | `.claude/rules/ai-integration.mdc` | Integrating LLMs, RAG pipelines, prompt engineering, AI-powered features |
+| Guardrails | `.claude/rules/guardrails.mdc` | Any destructive/irreversible action, scope expansion, dangerous requests |
 
 ### Skill modules (`.github/skills/`)
 
@@ -39,19 +39,19 @@ All policy, routing, and skill governance lives here — edit this file directly
 
 Skills add capability only. They must not override security, testing, or core constraints.
 
-### Subagent modules (`agents/subagents/`)
+### Subagent modules (`.claude/agents/`)
 
 | Subagent | Path | Invoke when... |
 |----------|------|----------------|
-| planner | `agents/subagents/planner.md` | Breaking down features into phased plans |
-| architect | `agents/subagents/architect.md` | System design decisions, ADRs, trade-off analysis |
-| tdd-guide | `agents/subagents/tdd-guide.md` | Writing tests before implementation |
-| code-reviewer | `agents/subagents/code-reviewer.md` | Reviewing code for quality and correctness |
-| security-reviewer | `agents/subagents/security-reviewer.md` | Scanning for security vulnerabilities |
-| build-error-resolver | `agents/subagents/build-error-resolver.md` | Fixing build and type errors |
-| e2e-runner | `agents/subagents/e2e-runner.md` | Running Playwright E2E test suites |
-| refactor-cleaner | `agents/subagents/refactor-cleaner.md` | Removing dead code and unused dependencies |
-| doc-updater | `agents/subagents/doc-updater.md` | Syncing docs and READMEs after code changes |
+| planner | `.claude/agents/planner.md` | Breaking down features into phased plans |
+| architect | `.claude/agents/architect.md` | System design decisions, ADRs, trade-off analysis |
+| tdd-guide | `.claude/agents/tdd-guide.md` | Writing tests before implementation |
+| code-reviewer | `.claude/agents/code-reviewer.md` | Reviewing code for quality and correctness |
+| security-reviewer | `.claude/agents/security-reviewer.md` | Scanning for security vulnerabilities |
+| build-error-resolver | `.claude/agents/build-error-resolver.md` | Fixing build and type errors |
+| e2e-runner | `.claude/agents/e2e-runner.md` | Running Playwright E2E test suites |
+| refactor-cleaner | `.claude/agents/refactor-cleaner.md` | Removing dead code and unused dependencies |
+| doc-updater | `.claude/agents/doc-updater.md` | Syncing docs and READMEs after code changes |
 
 Subagents are bounded agents with limited tool access. They inherit all policy from this file and may not override security, testing, or core constraints.
 
@@ -59,40 +59,40 @@ Subagents are bounded agents with limited tool access. They inherit all policy f
 
 ## Always Enforce
 
-1. **Security-first (non-overrideable)** — `.github/instructions/rules/security.mdc`
+1. **Security-first (non-overrideable)** — `.claude/rules/security.mdc`
    - Validate all external inputs at boundaries.
    - Require authentication and role-based authorization for protected operations.
    - Rate-limit public APIs.
    - Never expose secrets, credentials, or PII in logs/errors/responses.
 
-2. **Testing discipline (non-overrideable)** — `.github/instructions/rules/testing.mdc`
+2. **Testing discipline (non-overrideable)** — `.claude/rules/testing.mdc`
    - Coverage mix target: Unit 80% / Integration 15% / E2E 5%.
    - Business logic must have tests; critical flows need integration coverage.
    - Never disable/remove tests to pass builds.
 
-3. **Type safety and runtime boundaries** — `.github/instructions/rules/core.mdc`
+3. **Type safety and runtime boundaries** — `.claude/rules/core.mdc`
    - Strong internal typing, runtime validation at boundaries, explicit error models.
 
-4. **Database integrity** — `.github/instructions/rules/database.mdc`
+4. **Database integrity** — `.claude/rules/database.mdc`
    - Prefer ORM/ODM, justify raw queries, enforce DB constraints, prevent N+1, reversible migrations.
 
-5. **Frontend standards** — `.github/instructions/rules/frontend.mdc`
+5. **Frontend standards** — `.claude/rules/frontend.mdc`
    - WCAG 2.1 AA, responsive defaults, clear loading/error states, no unsafe client trust.
 
-6. **Style and consistency** — `.github/instructions/rules/style.mdc`
+6. **Style and consistency** — `.claude/rules/style.mdc`
    - Consistent naming, small composable modules, explicit contracts, no magic values.
 
-7. **Workflow discipline** — `.github/instructions/rules/system-workflow.mdc`, `.github/instructions/rules/workflows.mdc`
+7. **Workflow discipline** — `.claude/rules/system-workflow.mdc`, `.claude/rules/workflows.mdc`
    - Feature branches only, no direct main edits, deterministic PR structure, review gates.
 
-8. **Hardening mode** — `.github/instructions/rules/hardening.mdc`
+8. **Hardening mode** — `.claude/rules/hardening.mdc`
    - In hardening/audit contexts: assume hostile input, threat-model, validate config safety, strict rate limits, dependency audit.
 
-9. **Planning discipline** — `.github/instructions/rules/planning.mdc`
+9. **Planning discipline** — `.claude/rules/planning.mdc`
    - Every feature discussion or implementation produces a `.github/prompts/` plan file.
    - Plans are updated as work progresses, not discarded.
 
-10. **Guardrails (non-overrideable)** — `.github/instructions/rules/guardrails.mdc`
+10. **Guardrails (non-overrideable)** — `.claude/rules/guardrails.mdc`
    - Require `CONFIRM-DESTRUCTIVE:<target>` token before any destructive/irreversible action.
    - Work only within the defined task scope; no silent expansion.
    - Classify every action by reversibility before executing.

package/templates/README.md

@@ -3,7 +3,7 @@
 [![npm version](https://img.shields.io/npm/v/agents-templated.svg)](https://www.npmjs.com/package/agents-templated)
 [![npm downloads](https://img.shields.io/npm/dm/agents-templated.svg)](https://www.npmjs.com/package/agents-templated)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![GitHub stars](https://img.shields.io/github/stars/rickandrew2/agents-projects-templated?style=social)](https://github.com/rickandrew2/agents-templated)
+[![GitHub stars](https://img.shields.io/github/stars/rickandrew2/agents-templated?style=social)](https://github.com/rickandrew2/agents-templated)
 
 > **Agents Templated** is a CLI tool and npm package that instantly scaffolds production-ready project structures with enterprise-grade development patterns, security guidelines, and AI assistant configurations. Designed for developers who want to start projects the right way—with proven OWASP security practices, comprehensive testing strategies (80/15/5 coverage targets), and agent-based architecture patterns—without being locked into specific frameworks. It generates unified configuration files that work seamlessly with Cursor, GitHub Copilot, Claude, and Google Gemini, allowing AI assistants to automatically follow best practices from day one. Whether you're building a Next.js app, Django API, Go microservice, or any custom stack, Agents Templated provides the guardrails and patterns you need while giving you complete freedom to choose your technology.
 
@@ -105,7 +105,7 @@ Agents Templated automatically configures compatible wrappers for major AI codin
 | **Claude** | `CLAUDE.md` | ✅ Compatible |
 | **Generic agents** | `AGENTS.MD` | ✅ Compatible |
 
-**Single source of truth:** `instructions/source/core.md` drives generated tool-compatible instruction files.
+**Single source of truth:** `CLAUDE.md` drives generated tool-compatible instruction files.
 
 ---
 
@@ -395,7 +395,7 @@ await agentsTemplated.install('./my-project', {
 
 When contributing to this template:
 1. Maintain technology-agnostic patterns
-2. Update relevant rule files in `agents/rules/`
+2. Update relevant rule files in `.github/instructions/rules/`
 3. Keep documentation synchronized with code changes
 4. Follow security and testing patterns
 5. Ensure AI assistant configurations remain compatible

package/templates/agent-docs/ARCHITECTURE.md

@@ -3,7 +3,7 @@
 This is a **technology-agnostic development template** with enterprise-grade patterns for security, testing, and developer experience.
 These guidelines are for both humans and AI assistants working with any technology stack.
 
-- Canonical AI policy source lives in `instructions/source/core.md`.
+- Canonical AI policy source lives in `CLAUDE.md`.
 - **Agent responsibilities** and MCP integration are documented in `AGENTS.MD`.
 - **Detailed implementation rules** live in `.github/instructions/rules/*.mdc` files.
 - **Custom skills** for domain-specific tasks are organized in `.github/skills/` (see [Skills Guide](../.github/skills/README.md)).
@@ -224,8 +224,8 @@ Review the options above and select technologies that fit your:
 
 ### 2. Adapt the Template
 - Update `.github/instructions/rules/*.mdc` files with technology-specific patterns
-- Keep `.cursorrules`, `.github/copilot-instructions.md`, `AGENTS.MD`, and `CLAUDE.md` as minimal wrappers that point to `instructions/source/core.md`
-- Update `instructions/source/core.md` with stack-specific guidelines
+- Keep `.cursorrules`, `.github/copilot-instructions.md`, `AGENTS.MD`, and `CLAUDE.md` as minimal wrappers that point to `CLAUDE.md`
+- Update `CLAUDE.md` with stack-specific guidelines
 - Create appropriate configuration files for your chosen tools
 
 ### 3. Implement Core Patterns

package/templates/agent-docs/README.md

@@ -6,12 +6,11 @@ This template has been installed by the agents-templated npm package.
 
 Depending on what you installed, you may have:
 
-- **AGENTS.MD**: Agent patterns and delegation guide
+- **AGENTS.MD**: Generic compatibility wrapper for AI assistants
 - **ARCHITECTURE.md**: Project guidelines and architecture
-- **AGENTS.MD**: Instructions for AI assistants
-- **agents/rules/**: Development rules and patterns (6 files)
-- **agents/skills/**: Reusable agent skills
-- **instructions/source/core.md**: Canonical policy source (single source of truth)
+- **CLAUDE.md**: Canonical policy source (single source of truth)
+- **.github/instructions/rules/**: Rule modules (`*.mdc`)
+- **.github/skills/**: Skill modules (`*/SKILL.md`)
 - **CLAUDE.md**: Claude compatibility wrapper
 - **.github/copilot-instructions.md**: GitHub Copilot compatibility wrapper
 - **.cursorrules**: Cursor compatibility wrapper
@@ -36,8 +35,8 @@ agents-templated list
 
 ## Rules and Skills
 
-- **Rules** (`agents/rules/*.mdc`): Define *how to behave* - patterns, principles, and standards for your team
-- **Skills** (`agents/skills/*/SKILL.md`): Define *how to execute specific tasks* - domain-specific workflows and specialized knowledge
+- **Rules** (`.github/instructions/rules/*.mdc`): Define *how to behave* - patterns, principles, and standards for your team
+- **Skills** (`.github/skills/*/SKILL.md`): Define *how to execute specific tasks* - domain-specific workflows and specialized knowledge
 
 ### Using Skills in Your AI Assistants
 
@@ -45,31 +44,31 @@ Skills can be referenced in all AI configuration files:
 
 **In `.cursorrules` (Cursor IDE):**
 ```
-When the user asks about [domain], use the [skill-name] skill from agents/skills/
+When the user asks about [domain], use the [skill-name] skill from .github/skills/[skill-name]/SKILL.md
 ```
 
 **In `CLAUDE.md` (Claude):**
 ```
 
-When working on [domain-specific task], reference the [skill-name] skill in agents/skills/[skill-name]/SKILL.md
+When working on [domain-specific task], reference the [skill-name] skill in .github/skills/[skill-name]/SKILL.md
 ```
 
 **In `.github/copilot-instructions.md` (GitHub Copilot):**
 ```
-When helping with [domain-specific task], reference the [skill-name] skill from agents/skills/[skill-name]/SKILL.md
+When helping with [domain-specific task], reference the [skill-name] skill from .github/skills/[skill-name]/SKILL.md
 ```
 
-All wrappers point to `instructions/source/core.md`, and skills can be referenced from any assistant through that canonical policy. Create custom skills in `agents/skills/` to extend capabilities across your entire team.
+All wrappers point to `CLAUDE.md`, and skills can be referenced from any assistant through that canonical policy. Create custom skills in `.github/skills/` to extend capabilities across your entire team.
 
 ## Getting Started
 
 1. Review AGENTS.MD for AI assistance guidance
 2. Review ARCHITECTURE.md for overall project guidelines
 3. Adapt the rules to your specific technology stack
-4. Create custom skills in `agents/skills/` for your domain
+4. Create custom skills in `.github/skills/` for your domain
 5. Configure your AI assistants (Cursor, Copilot, Claude, generic agents) to reference your skills
 
 ## Documentation
 
-For full documentation, visit: https://github.com/rickandrew2/agents-projects-templated
+For full documentation, visit: https://github.com/rickandrew2/agents-templated
 

package/templates/agents/rules/ai-integration.mdc

@@ -1,10 +1,18 @@
 ---
 title: "AI / LLM Integration"
-description: "Safety, cost, and quality rules for integrating large language models into applications"
-version: "1.0.0"
+description: "Apply when integrating LLMs, RAG pipelines, prompt engineering, or building AI-powered features. Covers safety, cost, and quality"
+version: "3.0.0"
 tags: ["ai", "llm", "openai", "anthropic", "rag", "prompt-engineering", "safety"]
 alwaysApply: false
 globs: ["**/*llm*", "**/*openai*", "**/*anthropic*", "**/*langchain*", "**/*rag*", "**/ai/**"]
+triggers:
+  - "Integrating OpenAI or other LLM API"
+  - "Building RAG pipeline or semantic search"
+  - "Implementing prompt template or engineering"
+  - "Adding AI-powered feature to application"
+  - "Evaluating LLM responses or quality"
+  - "Optimizing LLM API costs"
+  - "Implementing AI moderation or safety controls"
 ---
 
 ## Purpose

package/templates/agents/rules/core.mdc

@@ -1,11 +1,18 @@
 ---
 title: "Core Project Guidelines"
-description: "Enterprise-grade architecture and best practices for technology-agnostic development"
+description: "Apply to all architecture, type safety, code organization, and enterprise quality standards. Foundation for every feature"
 alwaysApply: true
 version: "3.0.0"
 tags: ["architecture", "core", "enterprise", "technology-agnostic"]
 globs:
   - "*"
+triggers:
+  - "Designing application architecture"
+  - "Setting up new project or module"
+  - "Defining type systems and validation"
+  - "Organizing code structure"
+  - "Improving code quality standards"
+  - "Making testing or performance decisions"
 ---
 
 ## Developer Identity

package/templates/agents/rules/database.mdc

@@ -1,12 +1,20 @@
 ---
 title: "Database and Data Layer Guidelines"
-description: "Database-agnostic patterns for data access and schema design"
+description: "Apply when designing schema, building data access layers, optimizing queries, or managing database operations"
 alwaysApply: true
 version: "3.0.0"
 tags: ["database", "backend", "data", "orm", "schema"]
 globs:
   - "src/models/**/*"
   - "src/data/**/*"
+triggers:
+  - "Designing database schema"
+  - "Adding database migrations"
+  - "Building data access layer"
+  - "Querying or filtering data"
+  - "Optimizing slow queries"
+  - "Managing relationships between entities"
+  - "Handling data validation in models"
 ---
 
 # Database and Data Layer Guidelines
@@ -302,4 +310,4 @@ Test: Cascade delete
 
 ---
 
-Remember: Good database design prevents bugs, improves performance, and makes your application maintainable.
+Remember: Good database design prevents bugs, improves performance, and makes your application maintainable.

package/templates/agents/rules/frontend.mdc

@@ -1,6 +1,6 @@
 ---
 title: "Frontend Development Guidelines"
-description: "Framework-agnostic frontend development patterns with security and accessibility"
+description: "Apply when building UI components, designing pages, creating forms, or implementing accessibility and responsive interfaces"
 alwaysApply: true
 version: "3.0.0"
 tags: ["frontend", "ui", "ux", "security", "accessibility"]
@@ -8,6 +8,14 @@ globs:
   - "src/**/*"
   - "components/**/*"
   - "public/**/*"
+triggers:
+  - "Building UI components or pages"
+  - "Creating forms and handling user input"
+  - "Designing responsive layouts"
+  - "Implementing accessibility features"
+  - "Styling and theming interfaces"
+  - "Building navigation and routing"
+  - "Implementing client-side state management"
 ---
 
 # Frontend Development Guidelines
@@ -214,4 +222,4 @@ E2E tests:
 
 ---
 
-Remember: Build user interfaces that work for everyone, load quickly, and provide excellent user experience.
+Remember: Build user interfaces that work for everyone, load quickly, and provide excellent user experience.

package/templates/agents/rules/guardrails.mdc

@@ -1,9 +1,17 @@
 ---
 alwaysApply: true
 title: "AI Agent Guardrails"
-description: "Behavioral constraints preventing dangerous, irreversible, or out-of-scope agent actions"
-version: "1.0.0"
+description: "Apply before any irreversible action, scope expansion, dangerous request, or system change. Safety constraints that cannot be weakened"
+version: "3.0.0"
 tags: ["guardrails", "safety", "scope", "reversibility", "agent-behavior"]
+triggers:
+  - "Planning destructive or irreversible action"
+  - "Deleting files, databases, or deployment"
+  - "Modifying security or authentication"
+  - "Making scope expansion decisions"
+  - "Evaluating request safety and reversibility"
+  - "Handling secrets or sensitive data"
+  - "Making agent behavioral decisions"
 ---
 
 ## Purpose

package/templates/agents/rules/hardening.mdc

@@ -1,8 +1,16 @@
 ---
 title: "Application Hardening & Obfuscation"
-description: "Risk-based hardening model including obfuscation, tamper resilience, and verification"
-version: "1.0.0"
+description: "Apply when building distributed apps, protecting IP logic, preparing production releases, or hardening against reverse engineering"
+version: "3.0.0"
 tags: ["hardening", "obfuscation", "anti-tamper", "security"]
+triggers:
+  - "Preparing mobile or desktop app for release"
+  - "Protecting proprietary business logic"
+  - "Hardening against reverse engineering"
+  - "Building distributed client applications"
+  - "Preparing production release with hardening"
+  - "Implementing tamper detection"
+  - "Adding integrity checks to release"
 ---
 
 ## Purpose

package/templates/agents/rules/intent-routing.mdc

@@ -1,8 +1,16 @@
 ---
 title: "Intent Routing & Command Selection"
-description: "Deterministic intent routing from natural language to executable command contracts"
-version: "1.0.0"
+description: "Apply when determining which rule applies, routing to correct execution pathway, or making command selection decisions"
+version: "3.0.0"
 tags: ["routing", "deterministic", "workflow", "commands"]
+triggers:
+  - "User makes natural language request"
+  - "Determining which rule applies"
+  - "Routing to correct execution pathway"
+  - "Selecting command or agent to invoke"
+  - "Handling ambiguous user intent"
+  - "Making safety behavior decisions"
+  - "Validating action scope and appropriateness"
 ---
 
 ## Purpose

package/templates/agents/rules/planning.mdc

@@ -1,9 +1,17 @@
 ---
 title: "Planning Discipline"
-description: "Every feature discussion or implementation must produce a reusable prompt plan file in .github/prompts/"
-version: "1.0.0"
+description: "Apply when implementing features, designing systems, discussing architecture, or making implementation decisions. Produces reusable prompt plan files"
+version: "3.0.0"
 tags: ["planning", "workflow", "documentation", "prompts"]
 alwaysApply: true
+triggers:
+  - "User requests a new feature"
+  - "Planning implementation approach"
+  - "Discussing architectural changes"
+  - "Breaking down user stories"
+  - "Creating acceptance criteria"
+  - "Designing database schema"
+  - "Planning deployment phases"
 ---
 
 ## Purpose

package/templates/agents/rules/security.mdc

@@ -1,8 +1,17 @@
 ---
 title: "Security Rules & Best Practices"
-description: "Framework and language-agnostic security patterns for enterprise applications"
+description: "Apply when implementing authentication, authorization, API validation, secrets management, or protecting against OWASP Top 10 vulnerabilities"
+alwaysApply: true
 version: "3.0.0"
-tags: ["security", "owasp", "authentication", "validation"]
+tags: ["security", "auth", "validation", "secrets", "owasp"]
+triggers:
+  - "User adds login/authentication to project"
+  - "Building API endpoints or handling user input"
+  - "Storing passwords, tokens, or sensitive data"
+  - "Validating form inputs or API requests"
+  - "Protecting against injection, XSS, CSRF"
+  - "Adding authorization/permissions to endpoints"
+  - "Integrating third-party APIs or external services"
 ---
 
 # Security Rules & Best Practices

package/templates/agents/rules/style.mdc

@@ -1,11 +1,19 @@
 ---
 title: "Code Style and Standards"
-description: "Language-agnostic naming conventions, formatting rules, and code quality standards"
+description: "Apply when organizing code, naming variables/functions, improving clarity, formatting with consistency, and maintaining code quality"
 alwaysApply: true
 version: "3.0.0"
 tags: ["style", "formatting", "naming", "quality"]
 globs:
   - "**/*"
+triggers:
+  - "Writing new code or functions"
+  - "Organizing code structure"
+  - "Naming variables, functions, or classes"
+  - "Formatting code for readability"
+  - "Improving code documentation"
+  - "Refactoring for clarity"
+  - "Following project conventions"
 ---
 
 # Code Style and Standards
@@ -341,4 +349,4 @@ Test names describe what is being tested:
 ---
 
 Remember: **Write code for humans first, computers second.**
-Clean code is maintainable code, and maintainable code is more secure, performant, and bug-free.
+Clean code is maintainable code, and maintainable code is more secure, performant, and bug-free.

package/templates/agents/rules/system-workflow.mdc

@@ -1,8 +1,16 @@
 ---
 title: "System Workflow Orchestration"
-description: "Lifecycle gates and required artifacts for systematic delivery"
-version: "1.0.0"
+description: "Apply when planning delivery phases, defining acceptance criteria, establishing rollback procedures, or orchestrating multi-step workflows"
+version: "3.0.0"
 tags: ["workflow", "gates", "delivery", "governance"]
+triggers:
+  - "Implementing feature with multiple phases"
+  - "Defining deployment gates and approval"
+  - "Planning rollback strategy"
+  - "Creating acceptance criteria"
+  - "Coordinating deployment across services"
+  - "Planning database migration"
+  - "Managing breaking API changes"
 ---
 
 ## Purpose

package/templates/agents/rules/testing.mdc

@@ -1,8 +1,16 @@
 ---
 title: "Testing Guidelines & Best Practices"
-description: "Framework and language-agnostic testing strategy for enterprise applications"
+description: "Apply when adding tests, verifying coverage, or validating quality before deployment. Always required for business logic and critical flows"
 version: "3.0.0"
 tags: ["testing", "quality", "coverage", "e2e", "a11y"]
+triggers:
+  - "User requests tests for business logic"
+  - "Implementing a new feature"
+  - "Fixing a bug"
+  - "Need to verify API endpoints work"
+  - "Checking application behavior"
+  - "Hardening release artifacts"
+  - "CI/CD validation needed before deployment"
 ---
 
 # Testing Guidelines & Best Practices

package/templates/agents/rules/workflows.mdc

@@ -1,11 +1,19 @@
 ---
 title: "Development Workflow Guidelines"
-description: "Optional development workflow: project health checks and pre-commit quality gates"
+description: "Apply to optimize development process, running pre-commit checks, enforcing quality gates, and keeping project healthy"
 alwaysApply: false
-version: "1.0.0"
+version: "3.0.0"
 tags: ["workflow", "quality", "validation", "commit"]
 globs:
   - "**/*"
+triggers:
+  - "Running pre-commit hooks"
+  - "Validating code quality gates"
+  - "Setting up CI/CD pipeline"
+  - "Checking code before commit"
+  - "Running linting or formatting"
+  - "Executing test suites automatically"
+  - "Maintaining project health and standards"
 ---
 
 # Development Workflow Guidelines