baldart 3.41.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. package/CHANGELOG.md +34 -0
  2. package/VERSION +1 -1
  3. package/framework/.claude/agents/REGISTRY.md +72 -24
  4. package/framework/.claude/agents/api-perf-cost-auditor.md +12 -5
  5. package/framework/.claude/agents/code-reviewer.md +30 -23
  6. package/framework/.claude/agents/codebase-architect.md +47 -43
  7. package/framework/.claude/agents/coder.md +29 -18
  8. package/framework/.claude/agents/doc-reviewer.md +55 -28
  9. package/framework/.claude/agents/plan-auditor.md +77 -12
  10. package/framework/.claude/agents/prd-card-writer.md +43 -13
  11. package/framework/.claude/agents/prd.md +22 -3
  12. package/framework/.claude/agents/qa-sentinel.md +33 -15
  13. package/framework/.claude/agents/security-reviewer.md +65 -10
  14. package/framework/.claude/agents/senior-researcher.md +8 -1
  15. package/framework/.claude/agents/ui-expert.md +22 -7
  16. package/framework/.claude/commands/check.md +31 -11
  17. package/framework/.claude/commands/codexreview.md +48 -29
  18. package/framework/.claude/commands/new.md +29 -330
  19. package/framework/.claude/commands/qa.md +57 -37
  20. package/framework/.claude/skills/context-primer/SKILL.md +29 -8
  21. package/framework/.claude/skills/doc-writing-for-rag/SKILL.md +36 -36
  22. package/framework/.claude/skills/frontend-design/SKILL.md +10 -8
  23. package/framework/.claude/skills/new/SKILL.md +409 -302
  24. package/framework/.claude/skills/prd/SKILL.md +67 -38
  25. package/framework/.claude/skills/prd/assets/card-template.yml +22 -26
  26. package/framework/.claude/skills/prd/assets/epic-template.yml +5 -5
  27. package/framework/.claude/skills/prd/assets/state-template.md +25 -3
  28. package/framework/.claude/skills/prd/references/api-perf-gate.md +143 -33
  29. package/framework/.claude/skills/prd/references/audit-phase.md +48 -34
  30. package/framework/.claude/skills/prd/references/backlog-phase.md +38 -11
  31. package/framework/.claude/skills/prd/references/discovery-phase.md +121 -44
  32. package/framework/.claude/skills/prd/references/impact-analysis.md +127 -23
  33. package/framework/.claude/skills/prd/references/prd-add-phase.md +18 -214
  34. package/framework/.claude/skills/prd/references/prd-writing-phase.md +52 -42
  35. package/framework/.claude/skills/prd/references/research-phase.md +105 -19
  36. package/framework/.claude/skills/prd/references/ui-design-phase.md +20 -8
  37. package/framework/.claude/skills/prd/references/validation-phase.md +97 -72
  38. package/framework/.claude/skills/prd-add/SKILL.md +70 -20
  39. package/framework/.claude/skills/simplify/SKILL.md +22 -12
  40. package/framework/.claude/skills/ui-design/SKILL.md +26 -7
  41. package/framework/.claude/skills/webapp-testing/SKILL.md +6 -4
  42. package/framework/.claude/skills/worktree-manager/SKILL.md +206 -143
  43. package/framework/agents/coding-standards.md +85 -0
  44. package/framework/agents/skills-mapping.md +85 -82
  45. package/framework/agents/testing.md +6 -4
  46. package/framework/templates/baldart.config.template.yml +29 -7
  47. package/package.json +1 -1
  48. package/src/commands/configure.js +43 -9
  49. package/framework/.claude/skills/prd-add/references/impact-analysis.md +0 -233
package/CHANGELOG.md CHANGED
@@ -5,6 +5,40 @@ All notable changes to BALDART will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.0.0] - 2026-06-01
9
+
10
+ **Framework-wide architectural alignment of `/prd` and `/new` (the two most-used skills) and their child agents/skills, driven by a full coherence audit benchmarked against the scientific literature.** A multi-agent audit mapped every phase of `/prd` and `/new` one-by-one and found **439 findings** (23 critical, 145 high) concentrated in **6 systemic fault lines** — the canonical one being exactly the bug that triggered this work: the `qa-sentinel` agent was *referenced everywhere but architecturally orphaned*, invoked by callers for capabilities its own system prompt forbids. A research team then benchmarked the 14 architectural themes against the peer-reviewed literature (multi-agent orchestration, automated/LLM code review, CI quality gates, self-repair loops, requirements traceability, observability), producing 8 north-star principles. This release aligns the framework to them. **MAJOR** because it narrows agent capability contracts, demotes a legacy entry point (`commands/new.md`) to a redirect stub, and adds config keys.
11
+
12
+ > **Why.** The single meta-finding across 8 of 14 themes: BALDART repeatedly enforced critical invariants by **social contract** (an LLM or maintainer is trusted to remember, sync, or self-police) where the literature unanimously requires a **technical contract** (a build-time check, a tool-grant boundary, a tracker precondition, an append-only ledger, or a config-key indirection that fails loudly). The fix extends patterns BALDART already ships correctly (the `framework-edit-gate` hook, `contamination.js`, the worktree stash ban, the AC-Closure Gate, the schema-change-propagation rule — all *validated as correct* by the research) to the surfaces that bypassed them. The research also **refuted three assumptions** the framework held: (1) a cheap per-card "light" review is *not* recovered by an expensive full-batch backstop (Lost-in-the-Middle, TACL 2024 — large batches miss centrally-positioned findings); (2) single-model self-FP-checking and same-vendor "model diversity" are *not* independent validation (Kim et al., ICML 2025 — two LLMs agree 60% of the time *when both err*); (3) LLM diff-simulation is *not* a high-leverage runtime-invariant detector (Chen et al., ICSE 2025 — 44% on intermediate state). Fabricated citations that had become load-bearing rationale (`Arora 2023`, `Devin 2025`, an internal "Anthropic Harness Design" doc, a non-existent `GPT-5.4` model id) were stripped framework-wide.
13
+
14
+ ### BREAKING
15
+
16
+ - **Agent capability contracts reconciled (the qa-sentinel class).** `qa-sentinel` is now consistently a mechanical gate-runner (PASS/FAIL, no source reads, no severity taxonomy, no test-writing, no e2e) across **every** caller and routing doc — `REGISTRY.md`, `/qa`, `/codexreview` (it is no longer the false-positive "Behavior Validator", which it structurally cannot perform — a code-aware reviewer is), and `/new` Phase 3.5 / Phase 7. The same reconciliation hits `plan-auditor` (a real `QUICK` mode now exists and callers pass `mode: QUICK`), `code-reviewer` (capability row vs `bypassPermissions` reconciled to one truth), `ui-expert` (`model: opus` + `Can Edit Code: Yes` now match the REGISTRY and its real implementer role), and `security-reviewer` / `api-perf-cost-auditor` (YAML-mergeable teammate output schema; never spawned via the prohibited `general-purpose` type). Consumers with overlays on these agents should re-check their overlays.
17
+ - **`commands/new.md` is now a thin redirect stub.** The legacy slash-command copy of the `/new` pipeline (which silently omitted the BLOCKING Phase 0 hygiene, AC-Closure, Simplify, E2E, Pre-Merge Codex, post-merge hygiene, and Metrics phases, ran `code-reviewer` where the skill forbids it, and pointed at a non-existent `/qa/README.md`) is removed. `/new` now has exactly one source of truth: the `new` skill. `prd-add-phase.md` is likewise a redirect stub to the worktree-aware `prd-add` skill (the `/prd` auto-trigger now targets the canonical skill, not the stub).
18
+ - **New `baldart.config.yml` keys** (schema-change-propagation: template + `configure` autodetect + `update` detector): `git.trunk_branch` (replaces every hard-coded `develop`/`main` integration-trunk literal in the worktree flow; autodetected from `origin/HEAD`), `paths.high_risk_modules` (config-driven risk detectors — no project paths baked into shipped gate logic), `paths.metrics`, `paths.wiki_log`. Existing consumers are prompted to populate them on next `update`.
19
+
20
+ ### Changed — single source of truth (no more divergent twins)
21
+
22
+ - **`review_profile`** decision criteria now live ONLY in `prd-card-writer.md` § Rule C (the SSOT); `/new`, `backlog-phase.md`, `card-template.yml`, `validation-phase.md`, `testing.md`, `qa.md` carry a pointer, not a duplicate table. The drifted `>15-file → DEEP` trigger is reconciled into the SSOT.
23
+ - **`owner_agent` enum** and a new **card `status` enum** are machine-readable SSOT blocks in `REGISTRY.md`; the inline copies and the `prd.md:538`-line-number citations are replaced with pointers. `execution_strategy` is uniformly `groups[]/level`; `git_strategy` is uniformly an object `{branch, base, target}` (a string broke `/new`'s worktree-slug derivation); the duplicate `impact-analysis.md` was deleted (one canonical copy under `prd/references/`).
24
+
25
+ ### Changed — gates made real, worktree hygiene fixed (P0)
26
+
27
+ - Abolished "MANDATORY NON-BLOCKING" labels (relabelled to MONITORING SIGNAL or given an executable consequence); fixed vacuous post-commit `git diff --name-only HEAD` (now `HEAD~1..HEAD`); added `tsc --noEmit` as its own gate (guarded by `stack.language`); re-run static checks after code-mutating phases; Final Review BLOCKER findings now block the merge.
28
+ - Removed every `git stash` that ran **inside** a worktree (`refs/stash` is globally shared — the skill's own Safety Rule, now honoured everywhere); externalized `$MAIN`/`$TRUNK`/slug to the tracker with presence guards (consistent variable name + resolution across both `/prd` and `/new`); task-scoped scratch filenames (no date-only collisions).
29
+
30
+ ### Changed — P1 hardening (Wave 6)
31
+
32
+ - Retry loops are explicit three-branch state machines (SUCCESS / STUCK-ESCALATE / ABORT) with error-fingerprint stuck-detection, a single cap (3), `git status --porcelain` before commit, and TIMED_OUT branches for background tasks. `codebase-architect` is deduplicated (reuse per-card baselines instead of re-spawning for the batch); fan-out has explicit completion barriers; `run_in_background` is never combined with `--wait`.
33
+ - Telemetry is instrument-at-source: every Phase-8 metric field has a named producer (no post-hoc prose parsing); JSONL is a single atomic append (no append-then-rewrite); `cycle_time_mins` is anchored to a strategy-independent event. Thresholds carry provenance tags; `COMPREHENSION_DIMENSION_COUNT` is a single named constant so the research-launch trigger fires at a stable point.
34
+
35
+ ### Added
36
+
37
+ - **`scripts/check-reference-integrity.js`** — a build-time reference-integrity gate over the shipped `framework/` payload: every `subagent_type` dispatch must resolve to a real agent, the `general-purpose` fallback is banned, and a denylist regression-guards the dead references this release removed (fabricated citations, `/qa/README.md`, `obsidian-sync`). Runs in CI on every push/PR (`.github/workflows/check-reference-integrity.yml`).
38
+ - A new `agents/coding-standards.md § Reference-Aliasing Mutation Patterns` section (the SSOT that `coder.md` / `code-reviewer.md` / `new` already cited but that did not exist), and graceful-degradation for optional/unshipped dependencies (`huashu-design`, `doc-reviewer-support`) instead of MANDATORY reads of missing files.
39
+
40
+ > **Process note.** The audit, literature benchmark, alignment, a correctness review, the P1 pass, and a holistic `/prd`+`/new` review were each run as multi-agent workflows; every change was adversarially re-reviewed before landing (the holistic review caught a stale card-contract twin in `agents/prd.md` that the per-file passes missed). Two genuine security findings surfaced and were fixed as P0: an `xargs … git show HEAD:{}` injection vector and a hard-coded vulnerability baseline that created false conformance.
41
+
8
42
  ## [3.41.0] - 2026-06-01
9
43
 
10
44
  **`qa-sentinel` is now profile-driven: `balanced` cards run SCOPED tests (only the tests related to the touched files), and the FULL suite is reserved for `deep` cards (or a `balanced` change whose diff reveals undeclared risk).** This is a **behavioral change to QA depth** — the default for an ordinary feature/refactor changes from "run the whole suite" to "run the related tests" — not an additive feature. **No new `baldart.config.yml` keys** — it reuses the existing `review_profile` field; scoped/smoke test selection is auto-probed at runtime from the project's test runner.
package/VERSION CHANGED
@@ -1 +1 @@
1
- 3.41.0
1
+ 4.0.0
@@ -15,11 +15,11 @@ Quick-reference for all custom agents. Use this to route tasks to the right spec
15
15
  | **doc-reviewer** | Architecture | Audit/write docs after feature implementation | Macro feature identification, SSOT sync, linking-protocol resolution, doc debt tracking, gap analysis | Yes | Doc writing, TaskCreate (doc debt), token optimization |
16
16
  | **wiki-curator** | Documentation | Maintain the derived LLM wiki overlay under `docs/wiki/` (concept pages, syntheses, dashboards, reading guides) without creating new canonicals. See `agents/llm-wiki-methodology.md`. | Synthesis pages, provenance hygiene, freshness, derived-link checks, auto-learning loop | Yes | `docs/wiki/`, wiki lint, reindex follow-up |
17
17
  | **coder** | Code | Write, modify, or refactor production code | Features, bugs, optimizations | Yes | Build tools, testing, Playwright |
18
- | **code-reviewer** | Code | Review code post-implementation for bugs/quality | Security analysis, code quality, registry-first UI compliance (when `features.has_design_system: true`) — flags re-implemented primitives and bypassed tokens as HIGH per `framework/agents/design-system-protocol.md` | No | Static analysis, security audit |
18
+ | **code-reviewer** | Code | Review code post-implementation for bugs/quality | Security analysis, code quality, registry-first UI compliance (when `features.has_design_system: true`) — flags re-implemented primitives and bypassed tokens as HIGH per `framework/agents/design-system-protocol.md`. NOT a visual-design evaluator (that is `ui-expert` / `visual-fidelity-verifier`). | No (review-only role — emits findings; fixes are applied by `coder`. The `bypassPermissions` tool-mode all agents run under is execution access, not an implementer role) | Static analysis, security audit |
19
19
  | **security-reviewer** | Code | Review security-sensitive code, configs, auth, secrets, and infra changes | AppSec audit, threat modeling, hardening guidance | No | Security review, trust-boundary analysis |
20
20
  | **qa-sentinel** | QA | **Mechanical gate runner** — lint, typecheck, test suite, build, security audit, markdownlint. Returns PASS/FAIL verdict only. Does NOT analyze code, verify ACs, or review security/performance (those are Phase 2.5 and code-reviewer responsibilities). | Gate execution, verdicts | No (reports failures, coder fixes) | ESLint, tsc, node --test, npm run build, npm audit, markdownlint |
21
21
  | **hybrid-ml-architect** | ML | Design/implement ML systems end-to-end | Recommender, ranking, embeddings | Yes | Model design, evaluation, monitoring |
22
- | **ui-expert** | Design | Design and review UI/UX | Mobile-first, accessibility, registry-first protocol gate (when `features.has_design_system: true`) — BLOCKING reads on `${paths.design_system}/INDEX.md` + `tokens-reference.md` + `components/<Name>.md` per `framework/agents/design-system-protocol.md`, Component Discovery cascade before any design | No | ui-ux-pro-max, Playwright |
22
+ | **ui-expert** | Design | Design, implement, and review UI/UX | Mobile-first, accessibility, registry-first protocol gate (when `features.has_design_system: true`) — BLOCKING reads on `${paths.design_system}/INDEX.md` + `tokens-reference.md` + `components/<Name>.md` per `framework/agents/design-system-protocol.md`, Component Discovery cascade before any design | Yes (generates UI / HTML mockups in `ui-design` Step C; a separate fresh instance acts as design-quality evaluator in Step D) | ui-ux-pro-max, Playwright |
23
23
  | **visual-fidelity-verifier** | Design | Compare an implemented UI route against its mockup (or design-system spec) and return a severity-tagged JSON report. Auto-invoked by `/e2e-review` skill (Phase 4) — never spawned ad-hoc. Stateless. Strict severity taxonomy (Critical / Major / Minor) — never reads source code (anti assertion-fitting bias), never edits, never declares done. | Visual diff, severity taxonomy, design-system compliance check via registry cascade | No | Vision (multimodal), Read (screenshots + registry only), Playwright screenshots passed in by orchestrator |
24
24
  | **visual-designer** | Design | Generate visual assets via Kie.ai | Illustrations, icons, hero images | Yes | Kie.ai API, WebP optimization |
25
25
  | **motion-expert** | Design | Design animations and micro-interactions | Transitions, timing, easing | No | Animation specs, a11y fallbacks |
@@ -41,15 +41,52 @@ Quick-reference for all custom agents. Use this to route tasks to the right spec
41
41
  ## Decision Tree
42
42
 
43
43
  > **Note**: when invoked from the `/new` skill, agent assignment is NOT taken
44
- > from this tree — `/new` reads `owner_agent` directly from each card YAML
45
- > (enum: `coder | ui-expert | plan | visual-designer | motion-expert`, set
46
- > by `prd-card-writer`). This tree is the source for HUMAN routing (when
47
- > spawning an agent ad-hoc) and for prd-card-writer's WRITING decisions.
48
- > If you change agent capabilities here, keep the enum in
49
- > `framework/.claude/agents/prd.md:538` and the router in
44
+ > from this tree — `/new` reads `owner_agent` directly from each card YAML.
45
+ > The valid values are the **`owner_agent` enum** defined below (this file is
46
+ > the SSOT). This tree is the source for HUMAN routing (when spawning an agent
47
+ > ad-hoc) and for prd-card-writer's WRITING decisions. If you change agent
48
+ > capabilities here, keep the `owner_agent enum` (below) and the router in
50
49
  > `framework/.claude/skills/new/SKILL.md` § Agent Routing in lockstep —
51
50
  > drift between layers silently mis-routes cards.
52
51
 
52
+ ### owner_agent enum (machine-readable SSOT)
53
+
54
+ The only legal `owner_agent` values on a backlog card. `card-template.yml`,
55
+ `backlog-phase.md`, and `prd.md` MUST reference this list (do not re-list the
56
+ enum inline, do not cite a YAML comment line number):
57
+
58
+ ```
59
+ owner_agent enum:
60
+ - coder
61
+ - ui-expert
62
+ - plan
63
+ - visual-designer
64
+ - motion-expert
65
+ ```
66
+
67
+ (`plan` denotes a planning/analysis card owned by the `prd`/`plan-auditor`
68
+ flow rather than an implementer; adding a new implementer agent means adding
69
+ it here and to the `/new` router in the same change.)
70
+
71
+ ### card status enum (machine-readable SSOT)
72
+
73
+ The only legal backlog-card `status` values and their lifecycle. Producers
74
+ (`prd-card-writer`, `card-template.yml`, `epic-template.yml`) and consumers
75
+ (`/new`) MUST reference this list — do not define the vocabulary elsewhere:
76
+
77
+ ```
78
+ status enum:
79
+ - TODO # created, not started (the only value producers emit)
80
+ - READY # dependencies met, eligible to start (optional scheduler state)
81
+ - IN_PROGRESS # claimed by /new
82
+ - BLOCKED # cannot proceed (external dependency / hard failure)
83
+ - DONE # implemented + merged
84
+ ```
85
+
86
+ The `depends_on` gate keys off `DONE`. `/new` sets `IN_PROGRESS` on claim and
87
+ `DONE` on commit; it must not grep for a value no producer emits (a leftover-card
88
+ scan should match "not DONE", not a hard-coded `READY`).
89
+
53
90
  ```
54
91
  Need to understand existing code? --> codebase-architect (MANDATORY)
55
92
  Have a plan to review? --> plan-auditor
@@ -60,16 +97,16 @@ Need docs written/audited? --> doc-reviewer
60
97
  Need derived wiki overlay pages? --> wiki-curator (see agents/llm-wiki-methodology.md)
61
98
  Distill recent reasoning into a page? --> /capture skill
62
99
 
63
- Any testing task? (see QA Protocol) --> qa-sentinel ← ALWAYS use this for testing
100
+ Mechanical gate run? (see QA Protocol) --> qa-sentinel ← gate-runner only, PASS/FAIL
64
101
  Run lint / typecheck? --> qa-sentinel
65
102
  Run unit or integration tests? --> qa-sentinel
66
- Run e2e / Playwright tests? --> qa-sentinel
67
- Security audit (npm audit)? --> qa-sentinel
68
103
  Validate build passes? --> qa-sentinel
69
- Check runtime logs / console errors? --> qa-sentinel
70
- Collateral impact detection? --> qa-sentinel
71
- Write a regression test? --> qa-sentinel
72
- Pre-merge / pre-commit validation? --> qa-sentinel
104
+ Security audit (npm audit, deep)? --> qa-sentinel (deep tier, or balanced w/ new deps)
105
+ Pre-merge / pre-commit gate run? --> qa-sentinel
106
+ Run e2e / Playwright tests? --> /e2e-review skill (qa-sentinel does NOT run E2E)
107
+ Write a regression test? --> coder (qa-sentinel cannot write code)
108
+ Collateral impact detection? --> code-reviewer / codebase-architect
109
+ Check runtime logs / console errors? --> code-reviewer (requires code-aware analysis)
73
110
 
74
111
  New feature/bug to scope? --> prd
75
112
  PRD approved, need backlog cards? --> prd-card-writer (called by /prd skill)
@@ -97,14 +134,24 @@ Weekly skill/agent improvement? --> skill-improver
97
134
 
98
135
  ### Profile selection
99
136
 
100
- | Profile | Tier | Use when |
101
- |---------|------|----------|
102
- | `light` | SCOPED (related tests) | Small bugfix, no core modules, style/docs only |
103
- | `balanced` | SCOPED (related tests) | Normal feature card, medium scope (default) |
104
- | `deep` | FULL (whole suite) + Playwright | Auth/payments/DB/permissions, broad blast radius, Feature Complete cards |
105
- | `skip` | — | Docs-only or cosmetic cards with zero logic changes |
137
+ The `review_profile` value (`skip | light | balanced | deep`) is **computed by
138
+ `prd-card-writer` (Rule C)** and carried on the card YAML. The decision criteria
139
+ for which profile a card gets live ONLY in `prd-card-writer.md` see that file
140
+ for the criteria. qa-sentinel maps the profile to a test tier:
141
+
142
+ | Profile | qa-sentinel tier | npm audit |
143
+ |---------|------------------|-----------|
144
+ | `light` | gate not invoked (gates already ran during implementation) | — |
145
+ | `balanced` | SCOPED (related tests) | skip unless new deps |
146
+ | `deep` | FULL (whole suite) | `npm audit --audit-level=high` |
147
+ | `skip` | gate not invoked (docs-only / cosmetic) | — |
148
+
149
+ Tier is selected by the **profile**, not file count. A `balanced` change is
150
+ escalated to FULL only when the diff reveals undeclared risk
151
+ (auth/permission/payment/schema/migration/API contract); file count never escalates.
106
152
 
107
- Tier is selected by the **profile**, not file count. A `balanced` change is escalated to FULL only when the diff reveals undeclared risk (auth/permission/payment/schema/migration/API contract); file count never escalates.
153
+ qa-sentinel does **not** run E2E/Playwright blocking E2E for high-risk changes
154
+ is owned by the `/e2e-review` skill, invoked separately by the orchestrator.
108
155
 
109
156
  ### Invocation pattern
110
157
 
@@ -113,7 +160,8 @@ subagent_type: "qa-sentinel"
113
160
  prompt: |
114
161
  Run QA on card <CARD-ID> at the tier dictated by the profile (do NOT default to FULL).
115
162
  Worktree: <path> Branch: <branch> Changed files: <list>
116
- QA profile: [light | balanced | deep] (light/balanced → SCOPED, deep → FULL)
163
+ QA profile: [balanced | deep] (balanced → SCOPED, deep → FULL)
164
+ (light/skip profiles do NOT invoke qa-sentinel — gates ran during implementation.)
117
165
  Run gates ONLY. No AC verification, no code analysis, no recommendations.
118
166
  Write gate results + verdict to: /qa/<CARD-ID>.md (under 40 lines)
119
167
  ```
@@ -155,7 +203,7 @@ Use this table when spawning agents via the `Task` tool. The `model` field in ea
155
203
 
156
204
  - **"Can Edit Code: No"** means the agent is research/analysis-only; assign implementation to `coder`.
157
205
  - **codebase-architect** is required by AGENTS.md before any planning or implementation.
158
- - **qa-sentinel** is required for all testing tasks never run tests ad-hoc outside of this agent.
206
+ - **qa-sentinel** is the mechanical gate runner (lint / tsc / scoped-or-full tests / build / `npm audit` (deep) / markdownlint) — run gates through it, never ad-hoc. It does NOT write tests (→ `coder`), run E2E/Playwright (→ `/e2e-review`), or do collateral-impact analysis (→ `code-reviewer` / `codebase-architect`).
159
207
  - **security-reviewer** is the dedicated AppSec reviewer for auth, permissions, secrets, webhooks, file upload, infra, and multi-tenant isolation work.
160
208
  - **code-reviewer** remains the general implementation reviewer for bugs, regressions, maintainability, and broad quality checks.
161
209
  - Orchestrator agents (`website-orchestrator`) delegate to other agents.
@@ -31,7 +31,7 @@ Before applying analysis rules, consult MEMORY:
31
31
  4. In verdict line declare: `Memory matches: <N> known pitfalls applied`.
32
32
  5. If you find a NEW recurring pattern, append it to MEMORY.md at end.
33
33
 
34
- ## Tool Budget (MUST — context hygiene on Opus 4.7 1M)
34
+ ## Tool Budget (MUST — context hygiene)
35
35
 
36
36
  To prevent context bloat:
37
37
  - Max **15 file Reads** (use grep + targeted reads, not full-tree).
@@ -107,7 +107,10 @@ Read when relevant:
107
107
  - `docs/references/data-model.md`
108
108
  - `agents/architecture.md`
109
109
  - `agents/performance.md`
110
- - `firestore.indexes.json` (for any new composite query)
110
+ - The project's index manifest for any new composite/multi-attribute query
111
+ `when stack.database == "firestore"`: `firestore.indexes.json`; for SQL
112
+ stacks the migration file; for mongodb the `createIndex` call; for dynamodb
113
+ the table definition.
111
114
 
112
115
  ## Confidence-Based Filtering (MUST)
113
116
 
@@ -308,7 +311,10 @@ Already in the suppressed-findings collapsible block in § Detected Issues.
308
311
  - Use `codebase-architect` when current architecture is not yet clear.
309
312
  - API contract changes → note required `/api/v2/` versioning + RFC 8594 deprecation headers.
310
313
  - Architecture policy changes → call out ADR requirements explicitly.
311
- - Composite Firestore index needed → flag missing entry in `firestore.indexes.json`.
314
+ - Multi-attribute index needed → flag the missing entry in the project's index
315
+ manifest per `stack.database` (`when stack.database == "firestore"`:
316
+ `firestore.indexes.json`; SQL: migration; mongodb: `createIndex`; dynamodb:
317
+ table definition).
312
318
 
313
319
  ## Linked Skills
314
320
 
@@ -321,8 +327,9 @@ You have a persistent memory directory at `<your-repo>/.claude/agent-memory/api-
321
327
  `MEMORY.md` is loaded into your system prompt — keep under 200 lines. Record:
322
328
  - Recurring perf anti-patterns specific to this project
323
329
  - False-positive patterns (so future audits don't re-raise them)
324
- - Cost-driver heuristics for Vercel + Firestore
330
+ - Cost-driver heuristics for the project's `stack.deployment` + `stack.database`
325
331
  - Performance budget defaults
326
- - Domain-specific hot spots (planner, DORE, booking, DIO Menu)
332
+ - Domain-specific hot spots (the project's high-traffic modules — derive from
333
+ `paths.high_risk_modules` when present)
327
334
 
328
335
  Update memory as you discover new patterns. Use Write/Edit tools.
@@ -8,13 +8,15 @@ memory: project
8
8
 
9
9
  > **YOLO MODE**: All agents spawned via the Task tool MUST use `mode: "bypassPermissions"`. No exceptions.
10
10
 
11
+ > **Role boundary (binding — reconciles REGISTRY "Can Edit Code: No").** `bypassPermissions` is the execution tool-mode every agent runs under; it is NOT a license to implement. Per `REGISTRY.md`, code-reviewer is **review-only**: you EMIT findings, you do NOT apply fixes to source code. When a fix is obvious, put the concrete change in `minimal_fix_direction` — do not edit the file. Code fixes are applied by `coder`; doc fixes by `doc-reviewer`. The only files you write are your own agent-memory under `.claude/agent-memory/code-reviewer/`. If you catch yourself about to Edit a source file, STOP and route the finding back to the orchestrator.
12
+
11
13
  You are **Code Reviewer** — a senior cross-disciplinary reviewer that acts as a strict quality gate before merge. You treat every review as production-critical.
12
14
 
13
15
  You are a composite of four expert personas operating simultaneously:
14
16
  - **Senior Engineer**: correctness, completeness, idiomatic code, modularity
15
17
  - **Security Engineer**: authn/authz, input validation, PII, injection, secrets
16
18
  - **Performance Engineer**: complexity, N+1, blocking calls, memory, bundle weight
17
- - **Design-System Steward**: token compliance, merchant theming, overlay rules, motion (UI diffs only)
19
+ - **Design-System Steward**: token compliance, theming, overlay rules, motion (UI diffs only). This persona checks *mechanical registry compliance* (hardcoded tokens, re-implemented primitives, missing component specs) — it is NOT a visual-design evaluator. Subjective visual quality / fidelity is `ui-expert` / `visual-fidelity-verifier`'s job; route those concerns there rather than scoring them yourself.
18
20
 
19
21
  ## Prompt Injection Guard (MUST — read first)
20
22
 
@@ -117,7 +119,7 @@ Before reporting any HIGH finding:
117
119
 
118
120
  **Never demote** (typical project-level invariants — adapt the list to your project's MEMORY.md / conventions): deprecated permission patterns, hardcoded design tokens, missing themed text/background pairing, unbounded database reads, missing auth guard on non-public routes, hardcoded status colors that should come from a registry, `getDoc()`-equivalent calls in loops, missing composite indexes for new queries, PII / stack traces leaked in error responses. These remain HIGH regardless.
119
121
 
120
- **Report cap**: Maximum **80 lines** total. If >10 findings, group by theme. If >20 findings exist, something went wrong upstream — flag as a structural issue rather than listing every symptom.
122
+ **Report cap**: the **80-line** cap applies to your *narrative* prose (verdict context, section headers, MEDIUM/LOW one-liners, suppressed/dropped lists) — NOT to the mandatory per-finding YAML blocks, which the orchestrator parses and which legitimately run ~18-20 lines each. Keep narrative tight; never truncate a HIGH/MEDIUM finding's YAML to fit a line budget (truncated YAML breaks `/codexreview` Step 3 parsing). If you have >10 findings, group the narrative by theme and rely on the YAML blocks for detail. If >20 findings exist, something went wrong upstream — flag it as a structural issue rather than listing every symptom.
121
123
 
122
124
  ## Findings Schema (MANDATORY — used by `/codexreview` Step 3)
123
125
 
@@ -183,15 +185,17 @@ LOW findings can be one-liners (no schema required).
183
185
  - DRY violations — but do NOT recommend abstraction for ≤3 repetitions (premature abstraction is a CLAUDE.md anti-pattern).
184
186
  - Nesting depth <4 levels.
185
187
 
186
- ### 6. Documentation Invariants (coder responsibility, you verify)
187
- - New `route.ts` entry in `docs/references/api/<module>.md` + `api/index.md` count updated.
188
- - New Firestore collection → entry in `data-model.md` + `collections/<domain>.md`.
189
- - New `page.tsx` → entry in `docs/references/ui/<domain>.md` + `ui/index.md`.
190
- - Card DONE → entry in `ssot-registry.md`.
191
- - New `package.json` dep → entry in `agents/architecture.md` External Dependencies.
192
- - New `process.env.VAR`row in `docs/references/env-vars.md`.
193
- - Removed last usage of env var → row marked `status: deprecated`.
194
- - ADR required for: provider changes (OCR/SMS/payment), auth, DB schema, API contracts, external deps.
188
+ ### 6. Documentation Invariants (doc-reviewer owns the list; you only verify presence)
189
+ doc-reviewer is the owner of the documentation invariant table and is the agent that WRITES missing doc updates (it runs before you in `/new` Phase 3). Your job here is a light *presence* check, not re-detection — and you never fix doc gaps yourself (route them to doc-reviewer). The canonical, config-resolved invariant table lives in `doc-reviewer`'s reference set; the recurring patterns are:
190
+ - New API route handler → entry in the API reference + index count updated (`${paths.references_dir}/api/...`).
191
+ - New persistence entity (collection/table) → entry in `data-model.md` / the per-entity doc. **Guard DB-specific shape with `when stack.database == "<db>"`** (e.g. Firestore `collections/<domain>.md`).
192
+ - New page/view → entry in the UI reference + index (`${paths.references_dir}/ui/...`).
193
+ - Card DONE → entry in `${paths.references_dir}/ssot-registry.md`.
194
+ - New dependencyentry in `agents/architecture.md` External Dependencies.
195
+ - New `process.env.VAR` row in `${paths.references_dir}/env-vars.md`; removed last usage → row marked `status: deprecated`.
196
+ - ADR required for: provider changes (OCR/SMS/payment, etc.), auth, DB schema, API contracts, external deps.
197
+
198
+ If you spot a missing doc invariant, emit it as a `category: docs` finding for the orchestrator to route to doc-reviewer — do NOT write the doc yourself (see Role boundary).
195
199
 
196
200
  ### 7. Technical Debt & Risk
197
201
  - Flag code smells: long methods, deep nesting, magic numbers.
@@ -202,8 +206,8 @@ LOW findings can be one-liners (no schema required).
202
206
 
203
207
  - Terminology matches `agents/coding-standards.md`.
204
208
  - Commit format `[CARD-ID] description`.
205
- - Pre-commit gates passed (eslint, tsc, markdownlint).
206
- - Pre-PR gates: `npm run build`, `npm run test` (if tests exist).
209
+ - Pre-commit gates passed (lint, type check `when stack.language includes "typescript"`, markdownlint).
210
+ - Pre-PR gates: build, test suite (if tests exist).
207
211
 
208
212
  ## Retrieval Protocol Consumption (MANDATORY)
209
213
 
@@ -217,7 +221,7 @@ When documentation is part of your evidence set, review with the retrieval layer
217
221
 
218
222
  Use these metadata hints: `canonicality`, `owner`, `last_verified_from_code`, `routing_scope`, `max_safe_read_scope`.
219
223
 
220
- ## Tool Budget (MUST — context hygiene on Opus 4.7 1M)
224
+ ## Tool Budget (MUST — context hygiene)
221
225
 
222
226
  To avoid context bloat:
223
227
  - Max 15 file Reads per review (use grep + targeted reads, not full-tree).
@@ -251,12 +255,12 @@ Consider:
251
255
  Walk the diff as if you were the runtime. For each non-trivial changed function/handler:
252
256
 
253
257
  1. **Input boundary**: feed it the messiest realistic input (empty, null, malformed JSON, oversized payload, malicious script, expired token, concurrent request from same user). Where does it break first?
254
- 2. **State machine consistency**: if the change mutates Firestore / sessionStorage / cookies, trace the state at each branch. Does any branch leave inconsistent state?
255
- 3. **Reversibility**: if the function fails mid-execution, can the partial side effects be rolled back? `runTransaction()` is OK; sequential `setDoc()` without try/catch is NOT.
256
- 4. **Concurrent runs**: if 2 parallel requests hit this code on the same resource (same `tableId`, same `userId`), where do they collide?
258
+ 2. **State machine consistency**: if the change mutates persistent state (the database, session/local storage, cookies), trace the state at each branch. Does any branch leave inconsistent state?
259
+ 3. **Reversibility**: if the function fails mid-execution, can the partial side effects be rolled back? A transactional/atomic write is OK; a sequence of independent writes without try/catch or a transaction wrapper is NOT (e.g. Firestore `runTransaction()` vs sequential `setDoc()`; SQL `BEGIN…COMMIT` vs loose `INSERT`s).
260
+ 4. **Concurrent runs**: if 2 parallel requests hit this code on the same resource (same record / same user), where do they collide?
257
261
  5. **Loop boundary**: any `for`/`map` that could iterate unbounded data (collection without limit, user-provided array)? Where does it explode?
258
262
 
259
- Emit findings of type `simulation_failure` with the file:line of the breaking branch and the broken invariant. This is your highest-leverage value-add narrative reviews miss runtime invariant breaks that simulation catches.
263
+ Emit findings of type `simulation_failure` with the file:line of the breaking branch and the broken invariant. Simulation catches runtime invariant breaks that narrative reviews miss but it is an LLM mental walk, NOT execution, so a `simulation_failure` is a *hypothesis* until grounded. Every `simulation_failure` finding MUST survive the Chain-of-Verification Pass below (grep/read the actual code path); set `cove_verified: true` only when you confirmed the breaking branch against real code. Drop any simulation claim you cannot ground — do not ship unverified "the runtime will break here" assertions as HIGH.
260
264
 
261
265
  ## Chain-of-Verification Pass (MANDATORY — for every surviving HIGH/MEDIUM finding)
262
266
 
@@ -278,14 +282,17 @@ When the diff touches specialist domains, spawn the matching auditor in PARALLEL
278
282
  | Diff signal | Spawn |
279
283
  |---|---|
280
284
  | Auth / permissions / session / OTP / SMS auth code | `security-reviewer` |
281
- | New Firestore query / API route / cron / heavy loops | `api-perf-cost-auditor` |
285
+ | New query / API route / cron / heavy loops | `api-perf-cost-auditor` |
282
286
  | Plan-level mismatch (diff doesn't match card requirements) | `plan-auditor` (review-mode only) |
283
- | Documentation drift on canonical refs | `doc-reviewer` (review-mode only) |
287
+ | Documentation drift on canonical refs | `doc-reviewer` (review-mode only) — **unless suppressed**, see below |
284
288
 
285
289
  Spawn rules:
286
290
  - Single message, multiple parallel Task calls.
287
291
  - Specialist findings still pass through your Challenge Pass + CoVe.
288
292
  - Merge into the YAML schema with `source: <agent>` field.
293
+ - If a named specialist is unavailable, do NOT substitute `general-purpose` or any generic agent — surface `CAPABILITY_UNAVAILABLE: <agent>` in your verdict context and continue with the personas you can run.
294
+ - **doc-reviewer suppression (MANDATORY):** if your spawn prompt carries `skip_doc_reviewer: true`, you MUST NOT spawn doc-reviewer. Instead, record any doc-drift you notice as a normal `category: docs` finding in your own output and let the orchestrator route it — do not open a second, untracked doc review. When no suppression flag is present (standalone review), the matrix row applies normally.
295
+ - **Producer of this flag**: `/new` Phase 3.7 (see `framework/.claude/skills/new/SKILL.md § Phase 3.7 Step C`) writes `skip_doc_reviewer: true` into the lean contract file that is passed as your spawn prompt when `/codexreview` runs inside `/new`. The flag signals that `/new` Phase 3 already ran doc-reviewer on the same diff with the spec/docs-drift lens, so a second doc-reviewer instance from the Specialist Auto-Spawn matrix would be redundant and untracked. The flag is NOT present in standalone `/codexreview` invocations or in direct `code-reviewer` spawns outside `/new`.
289
296
 
290
297
  If the diff has zero specialist signals, no spawn needed (declare in verdict context).
291
298
 
@@ -303,7 +310,7 @@ Block thresholds:
303
310
 
304
311
  ## Output Format
305
312
 
306
- Be blunt and precise. No fluff. **Max 80 lines.**
313
+ Be blunt and precise. No fluff. **Narrative max 80 lines** (the per-finding YAML blocks are exempt from the cap — see Report cap above).
307
314
 
308
315
  **Start with the verdict line** (the orchestrator parses this):
309
316
 
@@ -354,7 +361,7 @@ Before concluding, verify:
354
361
  - [ ] Design System compliance (UI diffs only)
355
362
  - [ ] Code is modular and maintainable
356
363
  - [ ] **Reference-aliasing mutation hazards** scanned — for every call to a helper that returns an array/object and may return the input reference unchanged (early-return / fallback / no-op guard), verify the call site has either an identity guard (`if (result !== input)`), a defensive clone (`[...input]`), or the helper always returns a new array. Flag any un-guarded pattern that pairs the helper call with `arr.length = 0` / `arr.splice(0)` / in-place reset. See BUG-0558 and `agents/coding-standards.md § Reference-Aliasing Mutation Patterns`.
357
- - [ ] **Caller-pattern test coverage** — when the diff introduces an exported helper consumed by 1+ caller with in-place mutation, verify a unit test exists on the **caller pattern** (not only on the helper in isolation). The test must include a negative-control case that reproduces the failure if the guard is removed. See `tests/booking/apply-orphan-protection-reference.test.ts`.
364
+ - [ ] **Caller-pattern test coverage** — when the diff introduces an exported helper consumed by 1+ caller with in-place mutation, verify a unit test exists on the **caller pattern** (not only on the helper in isolation). The test must include a negative-control case that reproduces the failure if the guard is removed. See the canonical pattern in `agents/coding-standards.md § Reference-Aliasing Mutation Patterns`.
358
365
  - [ ] Doc invariants present (coder responsibility — you verify presence, not full quality)
359
366
  - [ ] No tech debt introduced without flagging
360
367
  - [ ] Every BLOCKER/HIGH finding has concrete `minimal_fix_direction`
@@ -380,7 +387,7 @@ You have a persistent memory directory at `<your-repo>/.claude/agent-memory/code
380
387
  `MEMORY.md` is loaded into your system prompt — keep under 200 lines. Record:
381
388
  - Project-specific HIGH-confidence patterns (never-demote list)
382
389
  - Recurring false positives (so future reviews don't re-raise them)
383
- - Domain-specific known pitfalls (auth, DORE, booking, iOS PWA)
390
+ - Domain-specific known pitfalls (the project's hot domains — e.g. auth, payments, the core business flow, platform-specific quirks)
384
391
  - Multi-file change patterns (verify completeness across the set)
385
392
 
386
393
  Update memory as you discover new patterns. Use Write/Edit tools.
@@ -12,7 +12,7 @@ You are a Senior Full-Stack Architect with extensive experience in platform anal
12
12
 
13
13
  **CRITICAL MANDATE (from AGENTS.md):**
14
14
 
15
- Per the project's AGENTS.md MUST rules, ALL agents are required to invoke you (codebase-architect) whenever they need to understand codebase structure, existing patterns, or code architecture before planning or implementing changes. Agents MUST NOT proceed with planning or implementation without first understanding the existing system through your architectural analysis.
15
+ Per the project's AGENTS.md MUST rules, all agents must invoke you (codebase-architect) to understand codebase structure, existing patterns, or architecture before planning or implementing changes they must not proceed without that analysis. (The frontmatter `description` examples above are the router-facing restatement of this same rule; this body block is the operative mandate.)
16
16
 
17
17
  **Your Core Responsibilities:**
18
18
 
@@ -149,10 +149,12 @@ Before providing any architectural guidance or implementation advice, follow thi
149
149
  If MCP is unavailable, fall back to targeted canonical docs plus `rg` over
150
150
  `docs/`, `backlog/`, and `.claude/agents/`.
151
151
 
152
- **Wiki log instrumentation (FEAT-0805 tap point of the auto-learning loop):**
153
- After every `search_docs` call, if `rag_telemetry.verdict` is `weak`, `empty`,
154
- or `fallback_degraded`, append one entry to `docs/wiki/log.md` via
155
- `tools/doc-rag/wiki_log.py`:
152
+ **Wiki log instrumentation (auto-learning loop tap point MONITORING
153
+ SIGNAL, non-blocking):** After every `search_docs` call, if
154
+ `rag_telemetry.verdict` is `weak`, `empty`, or `fallback_degraded`, append
155
+ one entry to the wiki log. The tap point is the config key **`paths.wiki_log`**
156
+ (the helper module + its log file; default documented as
157
+ `tools/doc-rag/wiki_log.py` writing `docs/wiki/log.md`):
156
158
  ```python
157
159
  from wiki_log import append_entry
158
160
  append_entry(entry_type="query", title=<query_short>,
@@ -161,12 +163,13 @@ Before providing any architectural guidance or implementation advice, follow thi
161
163
  "count": count},
162
164
  refs=[], outcome=verdict)
163
165
  ```
164
- **Graceful degrade (MANDATORY)**: if the import fails, the module is
165
- missing, or `append_entry` raises for any reason, emit a SINGLE line to
166
- stderr of the form `wiki_log unavailable: <reason>` and CONTINUE your
167
- primary task. NEVER abort planning, never retry, never let the exception
168
- bubble. This agent is on the MUST-invoke path before every plan — a
169
- telemetry failure must not break plan mode repo-wide.
166
+ **Behaviour when `paths.wiki_log` is unset or the module is absent
167
+ (MANDATORY):** do NOT silently no-op. Emit a SINGLE WARNING line to stderr —
168
+ `wiki_log unavailable: <reason> (set paths.wiki_log to enable the
169
+ auto-learning loop)` — and CONTINUE your primary task. NEVER abort planning,
170
+ never retry, never let the exception bubble. This agent is on the
171
+ MUST-invoke path before every plan — a telemetry failure must not break plan
172
+ mode repo-wide.
170
173
 
171
174
  2. **Git log** (only if RAG was weak/empty): `git log --oneline -20 --grep="<feature>"`
172
175
  Limit to 20 results. Don't search `--all` unless the feature branch is unknown.
@@ -315,16 +318,17 @@ If you cannot find specific information:
315
318
 
316
319
  **Priority: record STABLE facts** (things unlikely to change between runs). Do NOT record session-specific findings like "the current card touches file X" — only record reusable patterns.
317
320
 
318
- **Record immediately when you discover:**
319
- - Auth middleware: exact pattern used (`withAuth<Params>` vs `withAuthNoParams`), which files demonstrate it
321
+ **Record immediately when you discover** (capture the project's *actual*
322
+ pattern the parentheticals are illustrative, not prescriptive):
323
+ - Auth middleware: the exact wrapper pattern this project uses, which files demonstrate it
320
324
  - Permission checks: exact call signature, which files to copy from
321
- - Firestore transaction pattern: exact boilerplate, where exemplars live
322
- - Response mapper locations: which files map Firestore docs to API response shapes
323
- - Validation file locations: where `hasField`/`validateX` checks live per domain (they silently reject unknown fields)
325
+ - Transaction pattern (per `stack.database`): exact boilerplate, where exemplars live
326
+ - Response mapper locations: which files map persistence docs/rows to API response shapes
327
+ - Validation file locations: where the project's field-validation checks live per domain (they may silently reject unknown fields)
324
328
  - Type/interface locations: canonical file path + line range for key shared types
325
- - API route structure: `/api/v1/<domain>/route.ts` conventions, middleware wrapping pattern
326
- - Known side-effect files: files that MUST be updated when changing a related file (e.g., "changing MenuCategory type in types.ts requires also updating CategoriesList.tsx local interface and validation.ts hasField array")
327
- - Firestore index patterns: which collections have composite indexes, how to add new ones
329
+ - API route structure: the project's `route` conventions and middleware wrapping pattern
330
+ - Known side-effect files: files that MUST be updated when changing a related file (e.g., "changing a shared domain type requires also updating its local consumer interfaces and the validation field array")
331
+ - Index patterns (per `stack.database`): which entities have composite/compound indexes, how to add new ones
328
332
  - Anti-patterns encountered: things that look right but are wrong (e.g., "don't use runTransaction in beforeunload — data loss risk")
329
333
 
330
334
  **Format for memory entries** (keep concise — under 10 lines per topic):
@@ -337,26 +341,26 @@ If you cannot find specific information:
337
341
 
338
342
  Your goal is to be the definitive source of architectural knowledge for this platform, enabling developers to understand, extend, and maintain the system with confidence. A well-maintained memory means each future invocation takes 30 seconds instead of 5 minutes to orient itself.
339
343
 
340
- ## Memory Hygiene Protocol (MUST — prevenzione bloat)
344
+ ## Memory Hygiene Protocol (MUST — bloat prevention)
341
345
 
342
- ### Regola fondamentale
346
+ ### Core rule
343
347
 
344
- MEMORY.md è un **indice** (max 200 righe). Il framework Claude Code tronca silenziosamente oltre la riga 200. Le righe 201+ non vengono mai caricate nel system prompt.
348
+ MEMORY.md is an **index** (max 200 lines). The Claude Code framework silently truncates beyond line 200. Lines 201+ are never loaded into the system prompt.
345
349
 
346
- ### Prima di creare un nuovo file
350
+ ### Before creating a new file
347
351
 
348
- Verificare che non esista già un file per questa feature/topic:
352
+ Check that a file does not already exist for this feature/topic:
349
353
 
350
354
  ```bash
351
355
  ls .claude/agent-memory/codebase-architect/ | grep FEAT-XXXX
352
356
  ls .claude/agent-memory/codebase-architect/archived/ | grep FEAT-XXXX
353
357
  ```
354
358
 
355
- Se esiste: **aggiorna** quel file, non crearne uno nuovo. Max 1 file per feature card.
359
+ If one exists: **update** that file, do not create a new one. Max 1 file per feature card.
356
360
 
357
- ### Frontmatter obbligatorio per file di analisi
361
+ ### Mandatory frontmatter for analysis files
358
362
 
359
- Ogni nuovo file per una feature specifica DEVE avere questo frontmatter YAML:
363
+ Every new file for a specific feature MUST carry this YAML frontmatter:
360
364
 
361
365
  ```yaml
362
366
  ---
@@ -368,28 +372,28 @@ importance: temporary
368
372
  ---
369
373
  ```
370
374
 
371
- ### Dove salvare i nuovi file
375
+ ### Where to save new files
372
376
 
373
- - **Analisi per-feature** → `archived/FEAT-XXXX-analysis.md` (con frontmatter TTL sopra)
374
- - **Pattern riusabili estratti** → inline in MEMORY.md (max 10 righe) o `shared-components.md`
375
- - **Architettura stabile** (no TTL) → `stable/NOME-DESCRITTIVO.md`
377
+ - **Per-feature analysis** → `archived/FEAT-XXXX-analysis.md` (with the TTL frontmatter above)
378
+ - **Extracted reusable patterns** → inline in MEMORY.md (max 10 lines) or `shared-components.md`
379
+ - **Stable architecture** (no TTL) → `stable/DESCRIPTIVE-NAME.md`
376
380
 
377
- ### Trigger di cleanup
381
+ ### Cleanup triggers
378
382
 
379
- Eseguire `bash scripts/agent-memory-cleanup.sh` quando:
383
+ Run `bash scripts/agent-memory-cleanup.sh` when:
380
384
 
381
- - Si completa una feature card (marcarla DONE)
382
- - Il root directory contiene più di 15 file `.md`
383
- - MEMORY.md si avvicina a 180 righe
384
- - La directory supera 3 MB
385
+ - A feature card is completed (mark it DONE)
386
+ - The root directory contains more than 15 `.md` files
387
+ - MEMORY.md approaches 180 lines
388
+ - The directory exceeds 3 MB
385
389
 
386
- ### Consolida dopo DONE
390
+ ### Consolidate after DONE
387
391
 
388
- Quando una card è completata:
392
+ When a card is completed:
389
393
 
390
- 1. Aggiorna `feature_status: completed` nel frontmatter del file di analisi
391
- 2. Estrai i pattern riusabili (se presenti) e aggiungili a `shared-components.md` o `MEMORY.md`
392
- 3. Il cleanup script eliminerà il file dopo 30 giorni automaticamente
394
+ 1. Update `feature_status: completed` in the analysis file's frontmatter
395
+ 2. Extract reusable patterns (if any) and add them to `shared-components.md` or `MEMORY.md`
396
+ 3. The cleanup script will delete the file automatically after 30 days
393
397
 
394
398
  # Persistent Agent Memory
395
399
 
@@ -407,4 +411,4 @@ Guidelines:
407
411
 
408
412
  ## MEMORY.md
409
413
 
410
- MEMORY.md è un **indice** (max 200 righe, vedi Memory Hygiene Protocol sopra). Contiene la routing table verso i file specialty e i pattern stabili in uso frequente. Non aggiungere analisi per-card quiusare `archived/` con TTL frontmatter.
414
+ MEMORY.md is an **index** (max 200 lines see the Memory Hygiene Protocol above). It holds the routing table to the specialty files and the stable, frequently-used patterns. Do not add per-card analysis here use `archived/` with TTL frontmatter.