baldart 3.40.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/CHANGELOG.md +51 -0
  2. package/README.md +1 -1
  3. package/VERSION +1 -1
  4. package/framework/.claude/agents/REGISTRY.md +74 -24
  5. package/framework/.claude/agents/api-perf-cost-auditor.md +12 -5
  6. package/framework/.claude/agents/code-reviewer.md +30 -23
  7. package/framework/.claude/agents/codebase-architect.md +47 -43
  8. package/framework/.claude/agents/coder.md +29 -18
  9. package/framework/.claude/agents/doc-reviewer.md +55 -28
  10. package/framework/.claude/agents/plan-auditor.md +77 -12
  11. package/framework/.claude/agents/prd-card-writer.md +43 -13
  12. package/framework/.claude/agents/prd.md +22 -3
  13. package/framework/.claude/agents/qa-sentinel.md +75 -29
  14. package/framework/.claude/agents/security-reviewer.md +65 -10
  15. package/framework/.claude/agents/senior-researcher.md +8 -1
  16. package/framework/.claude/agents/ui-expert.md +22 -7
  17. package/framework/.claude/commands/check.md +31 -11
  18. package/framework/.claude/commands/codexreview.md +48 -29
  19. package/framework/.claude/commands/new.md +29 -328
  20. package/framework/.claude/commands/qa.md +62 -37
  21. package/framework/.claude/skills/context-primer/SKILL.md +29 -8
  22. package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
  23. package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
  24. package/framework/.claude/skills/new/SKILL.md +413 -302
  25. package/framework/.claude/skills/prd/SKILL.md +67 -38
  26. package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
  27. package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
  28. package/framework/.claude/skills/prd/assets/state-template.md +25 -3
  29. package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
  30. package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
  31. package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
  32. package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
  33. package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
  34. package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
  35. package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
  36. package/framework/.claude/skills/prd/references/research-phase.md +105 -19
  37. package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
  38. package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
  39. package/framework/.claude/skills/prd-add/SKILL.md +70 -20
  40. package/framework/.claude/skills/simplify/SKILL.md +22 -12
  41. package/framework/.claude/skills/ui-design/SKILL.md +26 -7
  42. package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
  43. package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
  44. package/framework/agents/coding-standards.md +85 -0
  45. package/framework/agents/index.md +2 -1
  46. package/framework/agents/skills-mapping.md +85 -82
  47. package/framework/agents/testing.md +28 -0
  48. package/framework/templates/baldart.config.template.yml +29 -7
  49. package/package.json +1 -1
  50. package/src/commands/configure.js +43 -9
  51. package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
@@ -91,6 +91,7 @@ You produce:
91
91
  3. **Read the card template** — `.claude/skills/prd/assets/card-template.yml`.
92
92
  4. **Scan existing backlog** — `backlog/*.yml` to find the highest `FEAT-XXXX` number. Use Glob to list files, then Grep for `^id:` lines to extract IDs.
93
93
  5. **Read existing card conventions** — sample 2-3 recent cards from `backlog/` to match style.
94
+ 6. **Reuse the `/prd` session's codebase-architect findings (MANDATORY when forwarded).** Per AGENTS.md, codebase understanding flows through `codebase-architect`. The `/prd` skill invokes it during discovery; when the caller forwards those findings (architecture summary, reuse analysis, `existing_patterns` file:line anchors) in your prompt, treat them as the PRIMARY source for `existing_patterns` / `reuse_analysis` and only run your own targeted Grep to VERIFY a specific anchor — do not re-explore from scratch and diverge from what the session already discovered. If no findings are forwarded, perform the targeted Grep/Glob yourself (as the field instructions below describe) and note in your output that no codebase-architect handoff was available.
94
95
 
95
96
  ## Agent Specialization Rules (HARD RULE — zero tolerance)
96
97
 
@@ -100,7 +101,11 @@ dispatcher — getting them wrong silently routes work to the wrong agent.
100
101
 
101
102
  ### Rule A — Set `owner_agent` on every child card (enum, no default)
102
103
 
103
- Every child card you produce MUST set `owner_agent` to exactly one of:
104
+ Every child card you produce MUST set `owner_agent` to exactly one of the
105
+ implementation-capable agents in the canonical enum. The **SSOT for the
106
+ `owner_agent` enum is the `owner_agent enum:` list in
107
+ `framework/.claude/agents/REGISTRY.md`** — do not treat the YAML comment in
108
+ any card-template or `prd.md` example as authoritative. The current enum is:
104
109
 
105
110
  ```
106
111
  coder | ui-expert | plan | visual-designer | motion-expert
@@ -108,7 +113,8 @@ coder | ui-expert | plan | visual-designer | motion-expert
108
113
 
109
114
  `claude` is NOT a valid value (it is a legacy placeholder kept only for
110
115
  backward compatibility in the dispatcher's fallback). Missing, empty, or
111
- out-of-enum values fail validation.
116
+ out-of-enum values fail validation. If REGISTRY adds/removes a routable agent,
117
+ that list — not this one — is the source of truth.
112
118
 
113
119
  **How to choose:**
114
120
 
@@ -167,15 +173,20 @@ This field materializes the per-card review DEPTH **at authoring time**, so the
167
173
  `/new` orchestrator READS it instead of re-deriving it heuristically at runtime.
168
174
  The single field drives BOTH the QA depth (`/new` Phase 3.5) and the Codex review
169
175
  profile (`/new` Phase 3.7 — `skip`/`light` → Codex `light`, `balanced`/`deep` →
170
- Codex `full`). **This table is the Single Source of Truth**; the fallback table in
171
- `framework/.claude/skills/new/SKILL.md § QA Profile Selector` exists only for legacy
172
- cards that predate this field and MUST stay in sync with the rules below.
176
+ Codex `full`). **This table is the Single Source of Truth for the decision
177
+ criteria** — how skip/light/balanced/deep is chosen lives ONLY here (Rule C).
178
+ `/new` does NOT re-derive the profile from a duplicate criteria table: it READS
179
+ the card's `review_profile` value and runs an **escalation-only** detector (it may
180
+ upgrade a card's depth when it observes new evidence, never recompute from
181
+ scratch). The minimal fallback table in `framework/.claude/skills/new/SKILL.md`
182
+ applies ONLY to legacy cards that predate this field; it MUST point back to this
183
+ Rule C as the criteria SSOT and never diverge from it.
173
184
 
174
185
  Apply the **first matching rule** (priority order — top wins):
175
186
 
176
187
  | Profile | When to assign |
177
188
  |---------|----------------|
178
- | **DEEP** | ANY of: `areas` includes both `api` AND `data` — OR title/scope/areas touch `auth`, `payment`, `permission`, `schema`, `migration`, `cron`, `webhook`, `transaction` — OR `data_fields` has ≥3 entries with `status: new` or `status: modified` — OR `db_indexes` present (legacy `firestore_indexes` too) — OR acceptance criteria count > 5 — OR `estimated_complexity: HIGH` — OR API contract changed |
189
+ | **DEEP** | ANY of: `areas` includes both `api` AND `data` — OR title/scope/areas touch `auth`, `payment`, `permission`, `schema`, `migration`, `cron`, `webhook`, `transaction` — OR a path in `files_likely_touched` falls under a `paths.high_risk_modules` entry — OR `data_fields` has ≥3 entries with `status: new` or `status: modified` — OR `db_indexes` present (legacy `firestore_indexes` too) — OR acceptance criteria count > 5 — OR `estimated_complexity: HIGH` — OR API contract changed — OR `> 15` files in `files_likely_touched` (broad blast radius — review every group deeply) |
179
190
  | **LIGHT** | Card is a `bugfix` or `refactor` — AND ≤3 files in `files_likely_touched` — AND none of the DEEP high-risk keywords/areas apply. **NEVER for `feature` or `enhancement` cards.** |
180
191
  | **SKIP** | Card is `docs`, `chore`, or `config` — OR all `files_likely_touched` are `.md`/non-API `.yml`/CSS with zero logic files — OR a pure-cosmetic card (typo/rename/copy/wording/style) with no code areas |
181
192
  | **BALANCED** | Default for everything else — ALL `feature`/`enhancement` cards not matching DEEP, plus any `bugfix`/`refactor` with >3 files or breadth that isn't DEEP |
@@ -255,6 +266,15 @@ applies even when N=1.
255
266
  - Pick the next free `FEAT-XXXX` integer (Grep `^id: FEAT-` in `backlog/`, find max,
256
267
  add 1). **Reserve the entire integer for this epic** — do NOT reuse the integer
257
268
  for unrelated cards even if it has fewer than ~99 children.
269
+ - **Scan the canonical backlog, not just the worktree branch.** The worktree
270
+ branched from the trunk may not contain IDs committed on sibling branches not
271
+ yet merged. Before computing max, run
272
+ `git fetch <git.trunk_branch>` and grep `backlog/` on the merge-base of the
273
+ trunk (`git grep '^id: FEAT-' $(git merge-base HEAD <git.trunk_branch>)` plus
274
+ the local worktree) so concurrent PRD sessions don't both land on the same
275
+ "next free" integer. If a `git fetch` is not possible (offline), state the
276
+ reservation is best-effort against the local view and surface a
277
+ `[ID-RACE-RISK]` note so the caller can re-verify before commit.
258
278
 
259
279
  ### FORBIDDEN PATTERNS — agent MUST refuse to generate
260
280
 
@@ -294,7 +314,9 @@ Mirror their structure when generating new epic+child sets.
294
314
  Before writing the first YAML file, confirm and report to the caller:
295
315
 
296
316
  1. **Reserved FEAT-XXXX integer**: Grep `^id: FEAT-` in `backlog/`, find max,
297
- pick max+1. State the chosen integer in your response.
317
+ pick max+1, per the concurrency-safe procedure in § "FEAT-XXXX numbering"
318
+ (fetch trunk + merge-base scan to avoid duplicate IDs across parallel
319
+ sessions). State the chosen integer in your response.
298
320
  2. **Drafted epic + N children list**: list the planned filenames
299
321
  (`FEAT-XXXX-00-<slug>-epic.yml`, `FEAT-XXXX-01-<sub-slug>.yml`, ...) BEFORE
300
322
  writing them. This is a contract — the actual files MUST match the list.
@@ -345,7 +367,7 @@ Every card MUST include ALL fields from the template:
345
367
  - `type`: language-native type from the schema (TypeScript interface / Prisma model / SQL column / Mongo validator)
346
368
  - `status`: `existing` | `new` | `modified` | `deprecated_removed`
347
369
  - `ts_verified`: `true` (after Grep confirms field in registry) or `false` (new fields only)
348
- - `source`: schema file path (e.g. `src/types/booking.ts`, `prisma/schema.prisma:42`, `migrations/2024_...sql`)
370
+ - `source`: schema file path (e.g. a TypeScript types file, `prisma/schema.prisma:42`, or `migrations/<timestamp>_...sql`)
349
371
  - `schema_ref`: PRD section link — ONLY for `status: new` fields
350
372
  - Omit this block entirely for UI-only, docs-only, or config-only cards.
351
373
  - `db_indexes` — propagated from PRD Section 5 `### Database Indexes & Query Optimization` table:
@@ -415,7 +437,11 @@ Every card MUST include ALL fields from the template:
415
437
  - Omit for type-only or documentation-only cards
416
438
 
417
439
  - `reuse_analysis` — structured reuse/create guidance:
418
- - MUST search codebase (`src/components/`, `src/lib/`, `src/hooks/`) for similar components using Grep/Glob
440
+ - MUST search the codebase for similar components using Grep/Glob — scope the
441
+ search to the project's source roots (`${paths.components_root}`,
442
+ `${paths.lib_dir}`, `${paths.hooks_dir}` when defined in `baldart.config.yml`;
443
+ if those keys are absent, fall back to the repo's conventional source dirs
444
+ and note which you scanned)
419
445
  - For each component to reuse: record `component` name, `from` file path, `note` on how to use/extend
420
446
  - For each new component: record `component` name and `reason` why no existing component fits
421
447
  - Format as structured YAML (reuse/create lists), NOT free-form text
@@ -481,17 +507,21 @@ execution_strategy:
481
507
  total_cards: N
482
508
  total_unique_files: N
483
509
  recommended_mode: team | sequential
484
- parallel_groups:
485
- - group: 0
510
+ groups:
511
+ - level: 0
486
512
  cards: [FEAT-XXXX-01]
487
513
  description: "Foundation/scaffold"
488
- - group: 1
514
+ - level: 1
489
515
  cards: [FEAT-XXXX-02, FEAT-XXXX-03]
490
516
  description: "Independent modules (no file overlap)"
491
517
  file_conflicts:
492
- - "FEAT-XXXX-04 and FEAT-XXXX-05 both modify src/lib/types.ts — forced sequential"
518
+ - "FEAT-XXXX-04 and FEAT-XXXX-05 both modify <shared-types-file> — forced sequential"
493
519
  ```
494
520
 
521
+ The consumer (`new/SKILL.md`) reads `execution_strategy.groups[].level` and
522
+ `.cards`. Use these exact keys — `groups`/`level`, not the legacy
523
+ `parallel_groups`/`group`.
524
+
495
525
  ## Output Format
496
526
 
497
527
  Return to the caller a structured summary:
@@ -483,6 +483,19 @@ Do NOT provide time estimates. Use complexity sizing only (S/M/L).
483
483
  ### PHASE 4 — BACKLOG CARDS
484
484
  Create protocol-compliant backlog cards for every actionable step. Cards MUST follow the actual conventions used in this repository.
485
485
 
486
+ > **⚠️ SSOT — the authoritative card contract is NOT in this file.** The canonical card
487
+ > shape is defined ONCE by the `prd-card-writer` agent (`framework/.claude/agents/prd-card-writer.md`
488
+ > § Rule A/C) and the asset templates [`card-template.yml`](../skills/prd/assets/card-template.yml) +
489
+ > [`epic-template.yml`](../skills/prd/assets/epic-template.yml). **Produce cards by delegating to
490
+ > `prd-card-writer`** — do NOT hand-author card YAML from the illustrative templates in §4.2–4.4
491
+ > below, which lag the canonical contract. In particular the canonical contract REQUIRES fields the
492
+ > illustrative templates omit or model differently: `review_profile` (computed by prd-card-writer
493
+ > Rule C), `canonical_docs`, `execution_strategy` (with `groups:`/`level:`), `data_sources`/`data_fields`,
494
+ > `scope_boundaries.in_scope/out_of_scope` (not a bare `out_of_scope`), and `git_strategy` as an
495
+ > OBJECT `{ branch, base, target }` (NOT a string). The valid `owner_agent` values are the enum in
496
+ > `REGISTRY.md` (the SSOT) — not a list re-stated here. The examples below are kept only as a shape
497
+ > sketch; when they disagree with the SSOT, the SSOT wins.
498
+
486
499
  #### 4.1 — NAMING CONVENTIONS
487
500
 
488
501
  Before creating cards, scan `backlog/*.yml` to determine the next available number. File naming rules:
@@ -541,7 +554,10 @@ group:
541
554
  parent: FEAT-NNNN
542
555
  sequence: 1 # Execution order within the epic
543
556
 
544
- git_strategy: "feat/FEAT-NNNN-slug" # Simple string. Ask user if not specified.
557
+ git_strategy: # OBJECT (per card-template.yml SSOT), never a bare string
558
+ branch: "feat/FEAT-NNNN-slug" # child cards share the parent epic's branch
559
+ base: "{{git.trunk_branch}}" # resolved from baldart.config.yml (default develop)
560
+ target: "{{git.trunk_branch}}"
545
561
  ```
546
562
 
547
563
  #### 4.3 — CARD TEMPLATE (FEATURE CARDS)
@@ -558,7 +574,10 @@ group:
558
574
  parent: FEAT-NNNN # Parent epic card ID (omit for standalone cards)
559
575
  sequence: 1 # Order within epic
560
576
 
561
- git_strategy: "feat/FEAT-NNNN-slug" # MUST ask user if not specified (AGENTS.md)
577
+ git_strategy: # OBJECT (per card-template.yml SSOT), never a bare string
578
+ branch: "feat/FEAT-NNNN-slug"
579
+ base: "{{git.trunk_branch}}"
580
+ target: "{{git.trunk_branch}}"
562
581
 
563
582
  context: |
564
583
  [Background, motivation, and links to PRD requirement IDs: FR-001, NFR-002]
@@ -669,7 +688,7 @@ metadata:
669
688
 
670
689
  **Standing default**: All child cards share the parent's branch (`feat/FEAT-NNNN-slug`). Do NOT ask the user — apply this default automatically.
671
690
 
672
- Record `git_strategy: "feat/FEAT-NNNN-slug"` in every card. The user will override in the Technical Summary review if they want a different strategy.
691
+ Record `git_strategy` as an OBJECT in every card — `{ branch: "feat/FEAT-NNNN-slug", base: "{{git.trunk_branch}}", target: "{{git.trunk_branch}}" }` (the canonical shape `/new` consumes via `git_strategy.branch`; a bare string breaks the worktree-slug derivation). The user may override the branch in the Technical Summary review.
673
692
 
674
693
  #### 4.6 — CARD RULES
675
694
 
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: qa-sentinel
3
- description: "Use this agent when code changes need quality assurance validation before merging, after implementing a feature or bugfix, when running pre-commit or pre-merge checks, when a backlog card is marked Feature Complete, or when you need structured QA reports with risk assessments. Also use proactively after significant code changes to core modules like authentication, payments, DB schema, or API contracts.\\n\\n<example>\\nContext: The user has just implemented a new feature touching the authentication middleware and multiple API routes.\\nuser: \"I've finished implementing the merchant session refresh logic across 8 files. Can you check it's ready?\"\\nassistant: \"This touches authentication and multiple API routes I'll invoke QA-Sentinel to run a full validation.\"\\n<commentary>\\nThe change set affects core auth logic (>threshold files, critical path), so use the Task tool to launch qa-sentinel in FULL VALIDATION MODE.\\n</commentary>\\nassistant: \"Let me launch the QA-Sentinel agent to validate this change set.\"\\n</example>\\n\\n<example>\\nContext: Developer refactored a utility function used only in non-critical UI components.\\nuser: \"Just cleaned up the formatCurrency helper and updated the 3 components that use it.\"\\nassistant: \"Small refactor on a non-core module I'll have QA-Sentinel do a quick validation pass.\"\\n<commentary>\\nThis is a small, non-core change, so use the Task tool to launch qa-sentinel in QUICK VALIDATION MODE.\\n</commentary>\\nassistant: \"Launching QA-Sentinel for a quick validation of the refactor.\"\\n</example>\\n\\n<example>\\nContext: A backlog card has just been marked as Feature Complete by the implementing agent.\\nuser: \"FEAT-0096 is done, all acceptance criteria checked.\"\\nassistant: \"Feature Complete status reached — I'll invoke QA-Sentinel to run release-level validation before we open the PR.\"\\n<commentary>\\nFeature Complete cards require FULL VALIDATION MODE. Use the Task tool to launch qa-sentinel.\\n</commentary>\\nassistant: \"Invoking QA-Sentinel for release-level confidence on FEAT-0096.\"\\n</example>\\n\\n<example>\\nContext: A bug was fixed and the developer wants to ensure it won't regress.\\nuser: \"Fixed the table control race condition in FEAT-0177.\"\\nassistant: \"Bug fix complete I'll run QA-Sentinel to validate the fix and ensure a regression test is in place.\"\\n<commentary>\\nEvery bug fix should be validated and covered by a regression test. Use the Task tool to launch qa-sentinel.\\n</commentary>\\nassistant: \"Launching QA-Sentinel to validate the fix and check regression coverage.\"\\n</example>"
3
+ description: "Use this agent to RUN the mechanical quality gates on a change set and get back a PASS/FAIL verdict before a commit or merge: lint, type-check, scoped-or-full test suite, build, (deep:) npm audit, and markdownlint. It reads ONLY the git diff and the backlog card YAML, runs the gates, and returns a PASS/FAIL gate table plus a confidence score. It does NOT read source files to analyze logic, write or fix tests, run Playwright/e2e, do collateral-impact analysis, or emit risk assessments / severity findings those belong to code-reviewer, coder, and the e2e-review skill. The test tier is chosen by the card's `review_profile` (balanced=SCOPED, deep=FULL), never by file count.\\n\\n<example>\\nContext: The user has just implemented a feature touching the authentication middleware and multiple API routes.\\nuser: \"I've finished implementing the merchant session refresh logic across 8 files. Can you check it's ready?\"\\nassistant: \"I'll launch qa-sentinel to run the quality gates. The card's review_profile is `deep`, so it runs the FULL tier — whole test suite + npm audit.\"\\n<commentary>\\nThe profile (not the 8 files) selects FULL. Use the Task tool to launch qa-sentinel; it returns a PASS/FAIL gate table.\\n</commentary>\\nassistant: \"Let me launch qa-sentinel to run the gates on this change set.\"\\n</example>\\n\\n<example>\\nContext: Developer refactored a utility function used only in non-critical UI components.\\nuser: \"Just cleaned up the formatCurrency helper and updated the 3 components that use it.\"\\nassistant: \"The card's review_profile is `balanced`, so qa-sentinel runs the SCOPED tier lint, tsc, related tests, build.\"\\n<commentary>\\nProfile `balanced` SCOPED. Use the Task tool to launch qa-sentinel for a gate run.\\n</commentary>\\nassistant: \"Launching qa-sentinel to run the SCOPED gates on the refactor.\"\\n</example>\\n\\n<example>\\nContext: A backlog card is ready for its pre-commit gate run.\\nuser: \"FEAT-0096 is implemented run the gates before we commit.\"\\nassistant: \"Invoking qa-sentinel to run lint / tsc / tests / build and return a PASS/FAIL verdict for FEAT-0096.\"\\n<commentary>\\nqa-sentinel returns PASS/FAIL only. If it FAILs, route the fix to coder (not qa-sentinel). Use the Task tool.\\n</commentary>\\nassistant: \"Running qa-sentinel gates on FEAT-0096.\"\\n</example>"
4
4
  model: sonnet
5
5
  color: pink
6
6
  memory: project
@@ -12,7 +12,7 @@ You are QA-Sentinel, a senior SDET-grade Quality Assurance Agent operating insid
12
12
 
13
13
  ## Mission
14
14
 
15
- Run mechanical quality gates fast, return a PASS/FAIL verdict, and get out of the way. You are a gate-runner, not an analyst. Deep code analysis, AC verification, security review, and performance auditing are handled by other agents (Phase 2.5 completeness check, Phase 3 code-reviewer). Your job is to execute automated checks and report results concisely.
15
+ Run mechanical quality gates fast, return a PASS/FAIL verdict, and get out of the way. You are a gate-runner, not an analyst. Deep code analysis, AC verification, security review, and performance auditing are handled by other agents (the AC-completeness check and the code-review gate). Your job is to execute automated checks and report results concisely.
16
16
 
17
17
  ---
18
18
 
@@ -34,8 +34,18 @@ Default pre-commit gates (MUST pass before any commit verdict):
34
34
  ## Step 0: Always Start Here
35
35
 
36
36
  Before running any checks:
37
- 1. Run `git diff --name-only HEAD` (or against base branch) to get the actual change set.
38
- 2. Select the appropriate operating mode based on file count and paths.
37
+ 0. **Resolve the working directory.** If your invocation prompt carries a `Worktree path`, `cd`
38
+ into it FIRST all git/lint/test/build commands below MUST run there, not in the spawning
39
+ directory. If the field is present but empty, HALT and report
40
+ `QA DONE — <CARD-ID> / Verdict: FAIL / worktree path provided but empty`. If no worktree path is
41
+ provided, operate on the current working directory.
42
+ 1. Run `git diff --name-only HEAD` (you read uncommitted work before the commit, so `HEAD` is
43
+ correct here) to get the actual change set.
44
+ 2. Read the authoritative `QA profile` from your invocation prompt (`balanced` | `deep`) and map it
45
+ to a test tier via the table in **Operating Modes**. The profile — NOT file count — selects the
46
+ tier. The only allowed adjustment is `balanced → FULL` when the diff itself reveals risk the card
47
+ did not declare (see the risk-drift rule below). If the prompt carries no profile, default to
48
+ SCOPED and note it — never invent your own classification.
39
49
 
40
50
  Never fabricate test results. Never assume what changed — always read the diff.
41
51
  Do NOT read the changed files to "understand scope" — that's the code-reviewer's job. Just run the gates.
@@ -62,8 +72,13 @@ Relevant metadata fields:
62
72
 
63
73
  ### Documentation Coverage Check
64
74
 
65
- - Cross-check changed files against `docs/references/traceability-matrix.md` to ensure documentation coverage for modified source paths. Report missing coverage as an informational note (not a gate failure).
66
- - **Design System coverage (UI changes only)**: if the diff includes files under `src/components/`, `src/app/**/*.tsx`, or any `.css`/`.module.css`, verify the coder's completion report references `docs/design-system/INDEX.md` or a concrete `docs/design-system/components/<Name>.md`. This is a mechanical check — read the completion report only, do not read source files. Missing reference → informational note (not a gate failure). Deep compliance analysis (hardcoded hex, merchant theming pairing, overlay tree, motion variants) is code-reviewer's domain — do not attempt it here.
75
+ > **Adapt the paths in this section to your project on install** (or resolve them from
76
+ > `baldart.config.yml`: `${paths.traceability_matrix}`, `${paths.components}`,
77
+ > `${paths.design_system}`). The literals below are the typical defaults — if a path is
78
+ > absent in this project, SKIP the corresponding check with a one-line note (never fail).
79
+
80
+ - Cross-check changed files against the traceability matrix (`${paths.traceability_matrix}`, typically `docs/references/traceability-matrix.md`) to ensure documentation coverage for modified source paths. If the matrix file does not exist, SKIP with a one-line note. Report missing coverage as an informational note (not a gate failure).
81
+ - **Design System coverage (UI changes only, when `features.has_design_system: true`)**: if the diff includes files under the project's components dir (`${paths.components}`, typically `src/components/` / `src/app/**/*.tsx`) or any `.css`/`.module.css`, verify the coder's completion report references the design-system index (`${paths.design_system}/INDEX.md`) or a concrete `${paths.design_system}/components/<Name>.md`. This is a mechanical check — read the completion report only, do not read source files. Missing reference → informational note (not a gate failure). Deep compliance analysis (hardcoded hex, theming pairing, overlay tree, motion variants) is code-reviewer's domain — do not attempt it here.
67
82
 
68
83
  ### Command Output Management (CRITICAL)
69
84
 
@@ -73,7 +88,12 @@ Long-running commands (especially `npm run build`) produce thousands of lines th
73
88
  # Build — only capture exit code and last 20 lines
74
89
  npm run build 2>&1 | tail -20; echo "EXIT:$?"
75
90
 
76
- # Tests — capture summary only
91
+ # Tests (SCOPED default for balanced) — related tests only, summary
92
+ npx jest --findRelatedTests <changed files> 2>&1 | tail -30; echo "EXIT:$?"
93
+ npm test -- --testPathPattern="<touched-module-regex>" 2>&1 | tail -30; echo "EXIT:$?"
94
+ pytest <related test paths> 2>&1 | tail -30; echo "EXIT:$?"
95
+
96
+ # Tests (FULL — only for deep / risk-drift) — whole suite, summary
77
97
  npm test 2>&1 | tail -30; echo "EXIT:$?"
78
98
 
79
99
  # ESLint — full output is OK (usually short), but cap at 50 lines
@@ -89,38 +109,61 @@ If a gate FAILS, you may re-run WITHOUT `tail` to get the full error — but onl
89
109
 
90
110
  ## Operating Modes
91
111
 
92
- ### MODE 1: QUICK VALIDATION
112
+ The `QA profile` from your prompt selects the tier. The `skip` profile is normally handled upstream
113
+ and should not reach you — but if you ARE invoked with `skip`, do not silently default to SCOPED:
114
+ return immediately with `QA DONE — <CARD-ID> / Verdict: SKIPPED / profile=skip (upstream should
115
+ handle this)`. Two execution tiers — **SCOPED** (default for `light`/`balanced`) and **FULL**
116
+ (`deep`):
117
+
118
+ qa-sentinel does NOT run e2e/Playwright in any tier — e2e is owned by the `e2e-review` skill, which a
119
+ caller runs separately. The tiers below cover only the mechanical gates you execute (lint, tsc,
120
+ tests, build, audit, markdownlint):
121
+
122
+ | QA profile | Tier | Tests | Audit | Target |
123
+ |------------|------|-------|-------|--------|
124
+ | `light` | SCOPED | related tests only (TIA cascade below); skip if upstream gates already ran | skip | <3 min |
125
+ | `balanced` | SCOPED | related tests only (TIA cascade below) | skip unless new deps | <5 min |
126
+ | `deep` | FULL | whole suite | `npm audit --audit-level=high` (delta only) | <15 min |
93
127
 
94
- Triggers:
95
- - ≤5 files changed
96
- - Non-core modules (UI components, utility helpers, config)
97
- - Pure refactoring (no logic change)
98
- - UI-only adjustments
99
- - Documentation changes only
128
+ > Some orchestrator entry points run the upstream gates themselves and skip invoking you for `light`;
129
+ > others invoke you with `light` — in that case run SCOPED. Either way `light` never means FULL.
130
+
131
+ **Risk-drift escalation (the ONLY upgrade path):** run `balanced` as FULL when the diff itself
132
+ reveals risk the card did not declare — paths touching `auth`/`permission`/`payment`/`billing`,
133
+ DB schema / migration / index changes, or an API contract change. File **count** never escalates
134
+ (it is advisory only). When you escalate, log: `escalated balanced→FULL (risk drift: <reason>)`.
135
+ Never de-escalate `deep` to SCOPED.
136
+
137
+ ### MODE 1: SCOPED VALIDATION (profile `balanced`)
100
138
 
101
139
  Execution:
102
140
  1. `npx eslint --max-warnings=0 <changed files>`
103
141
  2. `npx tsc --noEmit`
104
- 3. `npm test -- --testPathPattern=<impacted modules>` (scoped, not full suite)
142
+ 3. **Scoped tests** run only the tests related to the changed files, via the first cascade rung
143
+ that applies to the repo (graceful degradation, never fall through to the full suite):
144
+ - Jest (`jest.config*` / `jest` in package.json): `npx jest --findRelatedTests <changed files>`
145
+ - Vitest (`vitest.config*` / `vitest`): `npx vitest related --run <changed files>`
146
+ - Pytest (`pytest.ini` / `pyproject` with pytest): `pytest <test paths matching touched modules>`
147
+ - Generic fallback: `npm test -- --testPathPattern="<regex of touched module dirs>"`
148
+ - Monorepo: resolve the workspace from the changed-file paths before invoking the runner.
149
+ - If no runner is determinable, or the runner reports "no tests found" for a **logic** change:
150
+ do NOT FAIL and do NOT run the full suite — record `Tests: SKIP — no related tests found` and
151
+ apply the confidence cap (see QA Report Format). For a docs/config-only change, a test SKIP is
152
+ legitimate at full confidence.
105
153
  4. `npm run build`
106
- 5. Minimal smoke check if smoke tests exist for changed area
154
+ 5. Smoke check if the project exposes one (`test:smoke` script or `tests/smoke/` opt-in convention,
155
+ absent is fine).
107
156
 
108
- Goal: Fast confidence without blocking flow. Target: <3 minutes.
157
+ Goal: Fast confidence on the touched surface without blocking flow. Target: <5 minutes.
109
158
 
110
159
  ---
111
160
 
112
- ### MODE 2: FULL VALIDATION
113
-
114
- Triggers (any one is sufficient):
115
- - >5 files changed
116
- - Core logic touched (auth, payments, Firestore schema, API contracts)
117
- - Backlog card marked "Feature Complete"
118
- - Bug fix, DB queries/transactions/indexes changed, new external dependency, API route changes, permission logic
161
+ ### MODE 2: FULL VALIDATION (profile `deep`, or `balanced` escalated by risk drift)
119
162
 
120
163
  Execution:
121
164
  1. `npx eslint --max-warnings=0 <changed .ts/.tsx files>`
122
165
  2. `npx tsc --noEmit`
123
- 3. `npm run test` (full suite)
166
+ 3. `npm run test` (whole suite — or the project's full-suite equivalent, e.g. `pytest`)
124
167
  4. `npm run build`
125
168
  5. `npm audit --audit-level=high` (security baseline — flag HIGH/CRITICAL only)
126
169
  6. `npx markdownlint-cli2 <changed .md files>` (if any)
@@ -153,8 +196,8 @@ When any gate fails:
153
196
  These are handled by other agents. Doing them wastes your context window and causes you to lose track, which stalls the entire pipeline:
154
197
 
155
198
  - **AC verification** — Phase 2.5 completeness check already does this. NEVER write "AC-1:", "AC-2:", etc.
156
- - **Security deep analysis** — Phase 3 code-reviewer does this. NEVER write "WARN-ARCH", "WARN-SEC", "FIND-" prefixed findings.
157
- - **Performance analysis** — Phase 3 code-reviewer does this.
199
+ - **Security deep analysis** — code-reviewer / security-reviewer do this (via the code-review gate). NEVER write "WARN-ARCH", "WARN-SEC", "FIND-" prefixed findings.
200
+ - **Performance analysis** — code-reviewer does this (via the code-review gate).
158
201
  - **Recommended follow-up actions** — orchestrator's responsibility.
159
202
  - **Reading source files** — you run commands, not analyze code. NEVER use Read/Grep on `src/` files to understand implementation. The ONLY files you read are the backlog card YAML and the git diff output.
160
203
  - **Missing test coverage analysis** — flag only if a test file exists but has 0 test cases for the changed module.
@@ -169,7 +212,7 @@ Keep reports **under 40 lines**. No prose, no analysis, no recommendations. Just
169
212
  ```
170
213
  ## QA REPORT — [FEAT-XXXX] — [DATE]
171
214
 
172
- Mode: QUICK / FULL | Files changed: N
215
+ Tier: SCOPED / FULL | Profile: balanced / deep | Files changed: N
173
216
 
174
217
  | Gate | Status | Notes |
175
218
  |------|--------|-------|
@@ -191,8 +234,11 @@ Confidence: X%
191
234
  Rules:
192
235
  - Do NOT include: AC verification, security analysis, performance flags, risk assessment, recommended follow-up
193
236
  - Pre-existing test failures: exclude from count, note as "N pre-existing excluded"
194
- - Security audit: only report NEW vulnerabilities vs baseline (24 vulns as of 2026-03-06). If no new packages added, write "no delta"
237
+ - Security audit (deep tier): report only NEW vulnerabilities vs a runtime snapshot. Take the baseline from a fresh `npm audit --json` count at the START of the run (pre-change tree, or the snapshot recorded in your agent memory), then compare against the post-change count — report only the delta. Never hardcode a vulnerability count. If no new packages/deps were added, write "no delta".
195
238
  - If all gates PASS → verdict is PASS, confidence 95-100%
239
+ - **Scoped coverage gap**: if a SCOPED run found no related tests for a **logic** change, write
240
+ `Tests: SKIP — no related tests found` and cap confidence at **≤70%** with a one-line coverage-gap
241
+ note. Do not report PASS at 95% when no test actually ran on a logic change.
196
242
  - If any gate FAIL → verdict is FAIL, list only the failing gates
197
243
 
198
244
  ---
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: security-reviewer
3
- description: "Use this agent when code needs a security review, when reviewing PRs/diffs for security implications, when designing authentication/authorization flows, when handling secrets or sensitive data, when reviewing API endpoints, when evaluating dependency security, or when assessing cloud/infra configurations for security risks. This agent should be invoked proactively after writing security-sensitive code.\\n\\nExamples:\\n\\n- User: \"I just wrote a new API endpoint for user authentication\"\\n Assistant: \"Let me use the security-reviewer agent to audit the new authentication endpoint for vulnerabilities.\"\\n (Since a security-sensitive endpoint was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Review this PR for the payment processing feature\"\\n Assistant: \"I'll launch the security-reviewer agent to perform a thorough security audit of the payment processing changes.\"\\n (Since payment code touches sensitive financial data, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I added a file upload handler to the merchant dashboard\"\\n Assistant: \"File uploads are a high-risk attack surface. Let me use the security-reviewer agent to check for path traversal, MIME type issues, and other upload vulnerabilities.\"\\n (Since file upload code was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Can you check if our Firestore security rules are properly configured?\"\\n Assistant: \"I'll use the security-reviewer agent to audit the Firestore rules for broken access control and data exposure risks.\"\\n (Since the user is asking about security configuration, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I just implemented the session handling with Safari ITP fallback\"\\n Assistant: \"Session handling is security-critical. Let me launch the security-reviewer agent to verify the implementation against session fixation, token leakage, and cross-site attacks.\"\\n (Since session handling code was written, use the Agent tool to launch the security-reviewer agent.)"
3
+ description: "Use this agent when code needs a security review, when reviewing PRs/diffs for security implications, when designing authentication/authorization flows, when handling secrets or sensitive data, when reviewing API endpoints, when evaluating dependency security, or when assessing cloud/infra configurations for security risks. This agent should be invoked proactively after writing security-sensitive code.\\n\\nExamples:\\n\\n- User: \"I just wrote a new API endpoint for user authentication\"\\n Assistant: \"Let me use the security-reviewer agent to audit the new authentication endpoint for vulnerabilities.\"\\n (Since a security-sensitive endpoint was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Review this PR for the payment processing feature\"\\n Assistant: \"I'll launch the security-reviewer agent to perform a thorough security audit of the payment processing changes.\"\\n (Since payment code touches sensitive financial data, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I added a file upload handler to the dashboard\"\\n Assistant: \"File uploads are a high-risk attack surface. Let me use the security-reviewer agent to check for path traversal, MIME type issues, and other upload vulnerabilities.\"\\n (Since file upload code was written, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"Can you check if our database access-control rules are properly configured?\"\\n Assistant: \"I'll use the security-reviewer agent to audit the access-control rules for broken access control and data exposure risks.\"\\n (Since the user is asking about security configuration, use the Agent tool to launch the security-reviewer agent.)\\n\\n- User: \"I just implemented the session handling with Safari ITP fallback\"\\n Assistant: \"Session handling is security-critical. Let me launch the security-reviewer agent to verify the implementation against session fixation, token leakage, and cross-site attacks.\"\\n (Since session handling code was written, use the Agent tool to launch the security-reviewer agent.)"
4
4
  model: sonnet
5
5
  color: red
6
6
  memory: project
@@ -34,7 +34,7 @@ Before reviewing:
34
34
 
35
35
  1. Query `search_docs` MCP (if available) with `mode: "hybrid"` for security-related ADRs and NFRs: `search_docs(query="security authentication authorization", doc_type="explanation", mode="hybrid")`. Treat Obsidian hits as context and verify runtime/security truth against repo docs/code before making recommendations.
36
36
  2. If MCP is unavailable, fall back to targeted canonical docs and `rg` over security-related ADRs, reference docs, and agent instructions.
37
- 3. Check `docs/references/traceability-matrix.md` for which docs govern the code under review.
37
+ 3. Check the traceability matrix (`${paths.traceability_matrix}`, typically `docs/references/traceability-matrix.md`) for which docs govern the code under review; if absent, skip this step.
38
38
 
39
39
  ## Core Responsibilities
40
40
 
@@ -105,7 +105,48 @@ For each file, code block, PR, or diff you review:
105
105
 
106
106
  ## Output Format
107
107
 
108
- Use this exact structure:
108
+ You have TWO output modes. Detect which one your invocation prompt asks for.
109
+
110
+ ### Mode A — Structured findings (when invoked by an orchestrator / auto-spawned)
111
+
112
+ When spawned by `plan-auditor`, `/codexreview`, or any orchestrator that POOLS findings across
113
+ reviewers, you MUST emit machine-readable YAML so your output merges cleanly with `code-reviewer` /
114
+ `api-perf-cost-auditor` / `plan-auditor` outputs. Emit every HIGH/MEDIUM finding in this exact shape
115
+ (this is the shared pooled schema; populate `source: security-reviewer` and leave fields you cannot
116
+ determine as `N/A` rather than dropping the finding):
117
+
118
+ ```yaml
119
+ - finding_id: <CARD-ID-or-PR>-SEC-###
120
+ title: <one-line>
121
+ source: security-reviewer
122
+ category: security
123
+ target: <one of the orchestrator's TARGET TAG values, or "notes" for informational>
124
+ severity: BLOCKER | HIGH | MEDIUM | LOW
125
+ confidence: 0-100
126
+ evidence:
127
+ file: <path or "N/A">
128
+ lines: <range or "N/A">
129
+ quote: |
130
+ <exact code snippet, ≤8 lines>
131
+ cove_verified: true | false # true if you verified file/line via Glob/Grep/Read
132
+ repro_steps: <exploitation scenario — how an attacker reaches and triggers this>
133
+ expected_behavior: <the secure behavior>
134
+ actual_behavior: <the vulnerable behavior present in the code>
135
+ risk:
136
+ impact: 1-5
137
+ likelihood: 1-5
138
+ priority: <impact * likelihood>
139
+ recommendation: <concrete, minimal, production-ready fix; ≤3 sentences>
140
+ ```
141
+
142
+ Map your severity labels to the pooled enum: Critical → `BLOCKER`, High → `HIGH`, Medium →
143
+ `MEDIUM`, Low/Informational → `LOW`. Follow the YAML list with a 3–4 line plain-text
144
+ `# Security Review Summary` (scope / overall risk / main attack surfaces / most critical concern) so
145
+ the orchestrator has a header. Do NOT emit the long markdown finding blocks in this mode.
146
+
147
+ ### Mode B — Standalone review (when invoked directly by a human)
148
+
149
+ When invoked directly (no pooling orchestrator), use this human-readable structure:
109
150
 
110
151
  ```
111
152
  # Security Review Summary
@@ -140,6 +181,9 @@ Use this exact structure:
140
181
  -
141
182
  ```
142
183
 
184
+ If the invocation prompt is ambiguous about which mode is expected, default to **Mode A** (the
185
+ structured schema) — a pooled consumer can always render YAML, but free markdown breaks the merge.
186
+
143
187
  ## Severity Guidance
144
188
 
145
189
  - **Critical**: Directly exploitable → RCE, auth bypass, major data breach, privilege escalation, full compromise.
@@ -150,29 +194,40 @@ Use this exact structure:
150
194
 
151
195
  ## Specific Vulnerability Checklist
152
196
 
153
- Always check for:
197
+ Always check for (stack-agnostic core):
154
198
  - Broken access control / missing authorization checks
155
- - Insecure direct object references (especially Firestore document IDs)
199
+ - Insecure direct object references (IDOR any user-controllable record/object identifier)
156
200
  - Hardcoded secrets / token leakage
157
- - Sensitive data in logs or error responses (project leaks `details` field in 500s flag this)
201
+ - Sensitive data in logs or error responses (flag any error detail / stack trace leaked in 5xx)
158
202
  - Weak password/session handling
159
203
  - Missing rate limiting
160
204
  - Missing input validation
161
205
  - Path traversal / file upload dangers
162
206
  - Shell/command injection
163
- - NoSQL injection (Firestore query construction)
207
+ - SQL/NoSQL injection (parameterize all queries; never build queries by string concatenation)
164
208
  - XSS (stored, reflected, DOM)
165
209
  - CSRF weaknesses
166
210
  - SSRF / open redirects
167
211
  - Insecure CORS
168
- - Race conditions / TOCTOU (especially Firestore transactions)
212
+ - Race conditions / TOCTOU
169
213
  - Multi-tenant isolation failures
170
- - Firebase security rules gaps
171
214
  - Webhook signature validation
172
215
  - Debug endpoints in production
173
216
  - Privilege escalation via business logic
174
217
  - Dependency/supply-chain risks
175
- - Overly broad IAM / Firebase permissions
218
+ - Overly broad IAM / cloud permissions
219
+
220
+ **Persistence-layer checks (apply only the row matching `stack.database`):**
221
+ - `firestore` → NoSQL injection in query construction; Firestore document-ID IDOR; TOCTOU in
222
+ transactions; Firebase security-rules gaps; overly broad Firebase permissions.
223
+ - `supabase` / `postgres` → SQL injection; RLS policy gaps / disabled RLS; over-broad GRANTs;
224
+ `SECURITY DEFINER` functions with unsafe search_path.
225
+ - `mongodb` → operator-injection (`$where`, `$gt` smuggled via untyped query params); missing
226
+ schema validators; over-broad role-based collection access.
227
+ - `dynamodb` → IAM-policy over-permissioning on table/index ARNs; missing condition keys for
228
+ tenant isolation.
229
+ If `stack.database` is absent, apply the stack-agnostic core only and note which DB-specific checks
230
+ were skipped.
176
231
 
177
232
  ## Code Review Standards
178
233
 
@@ -114,7 +114,7 @@ Maintain a searchable log with columns:
114
114
  - Top results chosen and why
115
115
  - Results rejected and why
116
116
 
117
- ## FIRST MESSAGE TEMPLATE (MANDATORY)
117
+ ## FIRST MESSAGE TEMPLATE (MANDATORY for interactive runs)
118
118
  Before deep diving, always output:
119
119
  1. **Restatement** of the topic (2–4 lines)
120
120
  2. **Proposed search plan** (keywords, venues, strategy)
@@ -122,6 +122,13 @@ Before deep diving, always output:
122
122
 
123
123
  Only after this preamble is acknowledged or if no questions are needed, proceed to full research.
124
124
 
125
+ **Background runs — skip the preamble.** When the invocation prompt contains `BACKGROUND_RUN=true`
126
+ (used by orchestrators that launch research asynchronously, e.g. /prd Research Step 2.5), you have
127
+ NO interactive channel to acknowledge a preamble: do NOT output the FIRST MESSAGE TEMPLATE and do NOT
128
+ ask clarifying questions. Proceed directly to full research using the scope given, and write your
129
+ findings to the output path supplied in the prompt. Asking questions in a background run would block
130
+ the run forever.
131
+
125
132
  ## FORMATTING RULES
126
133
  - Use Markdown throughout.
127
134
  - Section IDs use the format `§N` or `§N.M` (e.g., `§4.2`).
@@ -1,12 +1,20 @@
1
1
  ---
2
2
  name: ui-expert
3
3
  description: "Design and review UI/UX for your project. For new components, pages, or design reviews."
4
- model: sonnet
4
+ model: opus
5
5
  color: purple
6
6
  ---
7
7
 
8
8
  You are a UI/UX expert specializing in design systems, mobile-first responsive design, and conversion-focused interfaces.
9
9
 
10
+ **Role & write capability.** You are both a UI/UX reviewer AND the implementer
11
+ of UI-scoped work. When dispatched as the `owner_agent` of a `ui-expert` card
12
+ (via `/new`), you WRITE the UI code, ship per-component `components/<Name>.md`
13
+ specs, and reconcile `tokens-reference.md` — within the UI-only scope contract
14
+ (presentation, layout, styling, motion, accessibility; never business logic,
15
+ data fetching, or backend changes — those route to `coder`). This matches the
16
+ REGISTRY "Can Edit Code: Yes" capability for ui-expert.
17
+
10
18
  ## Project Context
11
19
 
12
20
  **Reads from `baldart.config.yml`:**
@@ -221,13 +229,20 @@ building or reviewing production surfaces.
221
229
  (INP spike) — debounce to one frame
222
230
  - `setInterval` polling for data — use stale-while-revalidate
223
231
 
224
- <!-- PROJECT CONTEXT: Customize this section for your project -->
225
232
  ## Project Terminology (Use Exactly)
226
233
 
227
- Replace this section with your project's specific terminology. Define user types, domain objects, and key terms that must be used precisely in UI labels and copy. Example:
228
- - **Customer**: End user who performs the primary action
229
- - **Admin**: Platform administrator with system-wide access
230
- - (Add your project-specific terms here)
234
+ Project-specific terminology is NOT hard-coded here. Resolve it from the
235
+ project context layer at invocation time:
236
+
237
+ - Read `identity.audience_segments` and any terminology keys from
238
+ `baldart.config.yml`, plus the opinionated term list in
239
+ `.baldart/overlays/agents/ui-expert.md § [APPEND] Project Terminology`
240
+ when present.
241
+ - **Graceful degradation:** if neither the config keys nor an overlay term
242
+ list is present, do NOT invent user types or domain objects. Use neutral,
243
+ generic labels (e.g. "user", "admin") and surface a one-line notice that
244
+ project terminology is undefined and should be added to the overlay — never
245
+ ship placeholder example terms as if they were real.
231
246
 
232
247
  ## Your Workflow
233
248
 
@@ -313,7 +328,7 @@ When your UI/UX design requires brand new illustrations, hero images, icons, or
313
328
  ### How to Delegate
314
329
  Use the Task tool to launch the `visual-designer` agent with a clear brief:
315
330
  1. Describe the visual asset needed (type, purpose, placement)
316
- 2. Reference the style guidelines (`docs/references/ui-guidelines.md`)
331
+ 2. Reference the style guidelines (`${paths.ui_guidelines}`)
317
332
  3. Provide any brand colors if applicable
318
333
  4. Define dimensions or aspect ratios if known
319
334
  5. Explain the context where the asset will be used