baldart 4.0.4 → 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/CHANGELOG.md +27 -0
  2. package/VERSION +1 -1
  3. package/framework/.claude/agents/REGISTRY.md +5 -5
  4. package/framework/.claude/agents/api-perf-cost-auditor.md +4 -4
  5. package/framework/.claude/agents/code-reviewer.md +2 -2
  6. package/framework/.claude/agents/codebase-architect.md +24 -24
  7. package/framework/.claude/agents/coder.md +6 -6
  8. package/framework/.claude/agents/doc-reviewer.md +16 -16
  9. package/framework/.claude/agents/hybrid-ml-architect.md +1 -1
  10. package/framework/.claude/agents/legal-counsel-gdpr.md +1 -1
  11. package/framework/.claude/agents/motion-expert.md +3 -3
  12. package/framework/.claude/agents/plan-auditor.md +4 -4
  13. package/framework/.claude/agents/prd-card-writer.md +14 -14
  14. package/framework/.claude/agents/prd.md +17 -17
  15. package/framework/.claude/agents/security-reviewer.md +1 -1
  16. package/framework/.claude/agents/senior-researcher.md +1 -1
  17. package/framework/.claude/agents/skill-improver.md +1 -1
  18. package/framework/.claude/agents/visual-designer.md +6 -6
  19. package/framework/.claude/agents/wiki-curator.md +6 -6
  20. package/framework/.claude/commands/check.md +1 -1
  21. package/framework/.claude/commands/codexreview.md +2 -2
  22. package/framework/.claude/commands/qa.md +1 -1
  23. package/framework/.claude/skills/bug/SKILL.md +2 -2
  24. package/framework/.claude/skills/doc-writing-for-rag/references/line-count-targets.md +2 -0
  25. package/framework/.claude/skills/doc-writing-for-rag/references/schemas-and-errors.md +2 -0
  26. package/framework/.claude/skills/new/SKILL.md +4 -4
  27. package/framework/.claude/skills/prd/assets/card-template.yml +3 -3
  28. package/framework/.claude/skills/prd/assets/epic-template.yml +6 -6
  29. package/framework/.claude/skills/prd/assets/prd-template.md +2 -2
  30. package/framework/.claude/skills/prd/references/audit-phase.md +1 -1
  31. package/framework/.claude/skills/prd/references/backlog-phase.md +3 -3
  32. package/framework/.claude/skills/prd/references/prd-writing-phase.md +2 -2
  33. package/framework/.claude/skills/worktree-manager/SKILL.md +2 -2
  34. package/framework/agents/project-context.md +1 -0
  35. package/framework/docs/PROJECT-CONFIGURATION.md +1 -0
  36. package/framework/routines/ds-drift.routine.yml +6 -6
  37. package/framework/routines/wiki-review.routine.yml +4 -4
  38. package/framework/templates/baldart.config.template.yml +1 -0
  39. package/framework/templates/overlays/commands/codexreview.example.md +2 -0
  40. package/package.json +1 -1
  41. package/src/commands/configure.js +2 -0
package/CHANGELOG.md CHANGED
@@ -5,6 +5,33 @@ All notable changes to BALDART will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.1.0] - 2026-06-02
9
+
10
+ **Portability: framework-wide path-literal de-contamination (`docs/…`, `backlog/`, `src/components/…` → `${paths.*}`) + new `paths.docs_dir` config key.** Closes the open follow-up forward-referenced in v4.0.3: a dedicated, per-occurrence judgment pass over the path-literals `contamination.js` flags across `framework/`. The scanner's `autofixable` count drops **219 → 49**; the 49 survivors are legitimate and intentionally kept. The new `paths.docs_dir` config key makes this **MINOR**.
11
+
12
+ > **Why.** A hardcoded path in a shipped agent/skill is a frozen spot — a consumer whose docs live at `documentation/` (not `docs/`) gets a wrong directive. But not every literal is contamination: `${paths.*}` is resolved *at runtime* by the skill/agent that reads it, so a token only belongs where the file is an operative instruction. A literal correctly stays literal when it is a `# e.g.` config-default comment (converting is circular), a clickable markdown link (a token breaks the link), a concrete dated worked-example (`ADR-20260115-…` — the literal *is* the teaching), a negative instruction (`do not assume src/components/shared/`), or an overlay example (overlays are verbatim, never runtime-resolved). The judgment was made per-occurrence by a workflow (one judge per file → an adversarial bidirectional verifier) and applied deterministically through the `contamination.js` rule SSOT scoped to approved lines. The adversarial verifier also surfaced contamination the per-file judges missed — including the identity leak below.
13
+
14
+ ### Added
15
+
16
+ - **`paths.docs_dir`** — umbrella docs-search root, used by the `rg`-fallback in `code-reviewer`, `senior-researcher`, and `worktree-manager` (where bare `docs/` had no config key). Propagated end-to-end per the schema-change rule: `baldart.config.template.yml` + `configure.js` (autodetection + prompt) + `project-context.md` autodetection table + `PROJECT-CONFIGURATION.md` key table. `update.js` detects it automatically via the generic `missingPaths` diff, so existing consumers are offered `configure` on their next update.
17
+
18
+ ### Changed — path-literals → `${paths.*}` across the framework payload (38 files changed, +162/−151)
19
+
20
+ - **Agents** — `REGISTRY.md`, `codebase-architect`, `coder`, `doc-reviewer`, `prd`, `prd-card-writer`, `api-perf-cost-auditor`, `code-reviewer`, `plan-auditor`, `qa-sentinel`, `security-reviewer`, `senior-researcher`, `skill-improver`, `visual-designer`, `motion-expert`, `wiki-curator`, `hybrid-ml-architect`, `legal-counsel-gdpr`: operative read/write/search paths now resolve `${paths.design_system | references_dir | prd_dir | adrs_dir | wiki_dir | backlog_dir | components_* | docs_dir}`.
21
+ - **Skills / commands** — `new`, `prd`, `bug`, `simplify`, `worktree-manager`, `check`, `codexreview`, `qa`, prd reference phases, and the prd asset templates (`card-template.yml`, `epic-template.yml`, `prd-template.md` — resolved by `prd-card-writer` at fill time).
22
+ - **Routines** — `ds-drift`, `wiki-review`.
23
+ - **`bug/SKILL.md`** — Project Context header now declares `paths.wiki_dir` (companion to the converted Phase-0 doc-rag fallback, keeping declared config deps in sync with the body).
24
+
25
+ ### Fixed
26
+
27
+ - **Identity leak** — `prd-template.md` hardcoded `**Owner**: Antonio Baldassarre`, shipped into every consumer's PRD document; now the `{{Owner}}` placeholder.
28
+
29
+ ### Kept literal (intentional)
30
+
31
+ - **`breaking-change-checklist.md`** — a human-read user-edit template (not agent-resolved), where a `${paths.*}` token would be inert text; left literal by design.
32
+ - **Opt-out marker** (`<!-- contamination-scan: skip -->`) added to 3 wall-to-wall pedagogical files so the scanner stops re-flagging intentional teaching literals: `doc-writing-for-rag/references/line-count-targets.md`, `schemas-and-errors.md`, `templates/overlays/commands/codexreview.example.md`.
33
+ - Config-default `# e.g.` comments (`baldart.config.template.yml`), worked examples, clickable links, and documented defaults across `design-system-init`, `prd/SKILL`, `design-review`, and others.
34
+
8
35
  ## [4.0.4] - 2026-06-02
9
36
 
10
37
  **Portability fix (visual identity): genericize the last fidelity-app visual-identity flavor in doc-RAG worked examples.** Confirms the graphic dimension is clean: `Neo-Brutalism` (plus the `Press Start 2P` font and `amber accents`) appeared as bare styling labels in the `doc-writing-for-rag` before/after examples — now generalized to "the project's design system (per `identity.design_philosophy`)". No behaviour change → **PATCH**.
package/VERSION CHANGED
@@ -1 +1 @@
1
- 4.0.4
1
+ 4.1.0
@@ -13,7 +13,7 @@ Quick-reference for all custom agents. Use this to route tasks to the right spec
13
13
  | **codebase-architect** | Architecture | **MANDATORY** before planning/implementing changes | Platform analysis, system design, canonical-source resolution via Linking Protocol v1, LSP symbol resolution (when `features.has_lsp_layer: true`) | No | Code navigation, pattern tracing, LSP find-references / go-to-definition |
14
14
  | **plan-auditor** | Architecture | Review implementation plans before coding begins | Risk assessment, gap detection | Yes | Multi-persona review (eng/security/SRE) |
15
15
  | **doc-reviewer** | Architecture | Audit/write docs after feature implementation | Macro feature identification, SSOT sync, linking-protocol resolution, doc debt tracking, gap analysis | Yes | Doc writing, TaskCreate (doc debt), token optimization |
16
- | **wiki-curator** | Documentation | Maintain the derived LLM wiki overlay under `docs/wiki/` (concept pages, syntheses, dashboards, reading guides) without creating new canonicals. See `agents/llm-wiki-methodology.md`. | Synthesis pages, provenance hygiene, freshness, derived-link checks, auto-learning loop | Yes | `docs/wiki/`, wiki lint, reindex follow-up |
16
+ | **wiki-curator** | Documentation | Maintain the derived LLM wiki overlay under `${paths.wiki_dir}/` (concept pages, syntheses, dashboards, reading guides) without creating new canonicals. See `agents/llm-wiki-methodology.md`. | Synthesis pages, provenance hygiene, freshness, derived-link checks, auto-learning loop | Yes | `${paths.wiki_dir}/`, wiki lint, reindex follow-up |
17
17
  | **coder** | Code | Write, modify, or refactor production code | Features, bugs, optimizations | Yes | Build tools, testing, Playwright |
18
18
  | **code-reviewer** | Code | Review code post-implementation for bugs/quality | Security analysis, code quality, registry-first UI compliance (when `features.has_design_system: true`) — flags re-implemented primitives and bypassed tokens as HIGH per `framework/agents/design-system-protocol.md`. NOT a visual-design evaluator (that is `ui-expert` / `visual-fidelity-verifier`). | No (review-only role — emits findings; fixes are applied by `coder`. The `bypassPermissions` tool-mode all agents run under is execution access, not an implementer role) | Static analysis, security audit |
19
19
  | **security-reviewer** | Code | Review security-sensitive code, configs, auth, secrets, and infra changes | AppSec audit, threat modeling, hardening guidance | No | Security review, trust-boundary analysis |
@@ -226,7 +226,7 @@ Maps domains to their canonical SSOT docs and the agents that own maintenance, u
226
226
 
227
227
  | Domain | Canonical SSOT Docs | Owner Agents |
228
228
  | -------------- | -------------------------------------------------- | --------------------------------------------------------- |
229
- | design-system | `docs/design-system/INDEX.md` (entry point) | `ui-expert`, `visual-designer`, `motion-expert`, `doc-reviewer` |
230
- | | `docs/design-system/tokens/semantic.tokens.json` | |
231
- | | `docs/design-system/components/*.md` | |
232
- | | `docs/references/ui-guidelines.md` (brand) | |
229
+ | design-system | `${paths.design_system}/INDEX.md` (entry point) | `ui-expert`, `visual-designer`, `motion-expert`, `doc-reviewer` |
230
+ | | `${paths.design_system}/tokens/semantic.tokens.json` | |
231
+ | | `${paths.design_system}/components/*.md` | |
232
+ | | `${paths.references_dir}/ui-guidelines.md` (brand) | |
@@ -98,13 +98,13 @@ Your audit scope is STRICTLY limited to **changed files only** unless the orches
98
98
 
99
99
  ## First Read
100
100
 
101
- Use `search_docs` MCP with `mode: "hybrid"` to locate API and data-model references before reading files directly. The active retrieval contract is Obsidian-first LightRAG with repo-first verification for implementation and stateful claims. If MCP is unavailable, fall back to targeted canonical docs plus `rg` over `docs/references/`, `docs/decisions/`, and `backlog/`.
101
+ Use `search_docs` MCP with `mode: "hybrid"` to locate API and data-model references before reading files directly. The active retrieval contract is Obsidian-first LightRAG with repo-first verification for implementation and stateful claims. If MCP is unavailable, fall back to targeted canonical docs plus `rg` over `${paths.references_dir}/`, `${paths.adrs_dir}/`, and `${paths.backlog_dir}/`.
102
102
 
103
103
  Read when relevant:
104
104
  - `AGENTS.md` (NFR Performance section)
105
105
  - `agents/index.md`
106
- - `docs/references/api/index.md`
107
- - `docs/references/data-model.md`
106
+ - `${paths.references_dir}/api/index.md`
107
+ - `${paths.references_dir}/data-model.md`
108
108
  - `agents/architecture.md`
109
109
  - `agents/performance.md`
110
110
  - The project's index manifest for any new composite/multi-attribute query —
@@ -124,7 +124,7 @@ Every finding MUST include a confidence level:
124
124
 
125
125
  Before reporting any HIGH finding:
126
126
  1. Grep for the same pattern in the codebase — if used elsewhere consistently, may be a convention.
127
- 2. Check ADRs in `docs/decisions/` that justify the pattern.
127
+ 2. Check ADRs in `${paths.adrs_dir}/` that justify the pattern.
128
128
  3. If <80% certain, classify as MEDIUM.
129
129
 
130
130
  **Never demote** (override conventions): unbounded/unindexed reads, offset pagination, N+1 read loops (e.g. `getDoc()` in a loop), missing required indexes, transaction hotspots on shared records, route handlers >50 reads. These remain HIGH regardless.
@@ -114,7 +114,7 @@ Every finding MUST include a confidence level:
114
114
 
115
115
  Before reporting any HIGH finding:
116
116
  1. **Grep the codebase** for the same pattern — if used elsewhere, it's likely intentional.
117
- 2. **Check ADRs** in `docs/decisions/` that justify the pattern.
117
+ 2. **Check ADRs** in `${paths.adrs_dir}/` that justify the pattern.
118
118
  3. If <80% certain, classify as MEDIUM, not HIGH.
119
119
 
120
120
  **Never demote** (typical project-level invariants — adapt the list to your project's MEMORY.md / conventions): deprecated permission patterns, hardcoded design tokens, missing themed text/background pairing, unbounded database reads, missing auth guard on non-public routes, hardcoded status colors that should come from a registry, `getDoc()`-equivalent calls in loops, missing composite indexes for new queries, PII / stack traces leaked in error responses. These remain HIGH regardless.
@@ -213,7 +213,7 @@ If you spot a missing doc invariant, emit it as a `category: docs` finding for t
213
213
 
214
214
  When documentation is part of your evidence set, review with the retrieval layer:
215
215
 
216
- 1. Run `search_docs` via MCP with `mode: "hybrid"` for doc-heavy questions. Active contract: Obsidian-first LightRAG with repo-first verification. If MCP unavailable, fall back to `rg` over `docs/`, `backlog/`, `.claude/`.
216
+ 1. Run `search_docs` via MCP with `mode: "hybrid"` for doc-heavy questions. Active contract: Obsidian-first LightRAG with repo-first verification. If MCP unavailable, fall back to `rg` over `${paths.docs_dir}/`, `${paths.backlog_dir}/`, `.claude/`.
217
217
  2. Start from domain routers / canonical reference docs before large PRDs/specs.
218
218
  3. If a root canonical declares `max_safe_read_scope: root-summary-only`, treat it as router-first and descend into the linked child doc.
219
219
  4. Prefer canonical references over product-intent docs unless the question is about requirements.
@@ -27,14 +27,14 @@ Per the project's AGENTS.md MUST rules, all agents must invoke you (codebase-arc
27
27
  **Project-Specific Context:**
28
28
 
29
29
  This codebase follows strict protocols defined in AGENTS.md. Key architectural references you should consult:
30
- - `/docs/references/data-model.md` - Database schema and entity relationships
31
- - `/docs/references/ssot-registry.md` - Macro feature to canonical-doc routing
32
- - `/docs/wiki/` - Derived wiki overlay for synthesized navigation and summaries
33
- - `/docs/references/product-scope.md` - Product intent and scope boundaries
34
- - `/docs/references/api/` - API contracts and endpoints
35
- - `/docs/references/ui/index.md` - Frontend routing and page structure
36
- - `/docs/decisions/ADR-*.md` - Architectural Decision Records explaining why choices were made
37
- - `/docs/references/project-status.md` - Current system state and active work
30
+ - `/${paths.references_dir}/data-model.md` - Database schema and entity relationships
31
+ - `/${paths.references_dir}/ssot-registry.md` - Macro feature to canonical-doc routing
32
+ - `/${paths.wiki_dir}/` - Derived wiki overlay for synthesized navigation and summaries
33
+ - `/${paths.references_dir}/product-scope.md` - Product intent and scope boundaries
34
+ - `/${paths.references_dir}/api/` - API contracts and endpoints
35
+ - `/${paths.references_dir}/ui/index.md` - Frontend routing and page structure
36
+ - `/${paths.adrs_dir}/ADR-*.md` - Architectural Decision Records explaining why choices were made
37
+ - `/${paths.references_dir}/project-status.md` - Current system state and active work
38
38
  - `agents/coding-standards.md` - Terminology and coding conventions
39
39
 
40
40
  ## MCP dependencies
@@ -42,7 +42,7 @@ This codebase follows strict protocols defined in AGENTS.md. Key architectural r
42
42
  See [framework/docs/MCP-INTEGRATION.md](../../docs/MCP-INTEGRATION.md) for the BALDART MCP integration contract and the rationale behind this section.
43
43
 
44
44
  **Required** (this agent's primary investigation protocol assumes them; degraded operation only):
45
- - `mcp__doc-rag__search_docs` — semantic + knowledge-graph search across project docs. This is the **first** call in the Investigation Protocol; without it the agent falls back to broad `rg` sweeps that blow the token budget and miss canonical sources. If the MCP is unavailable the agent must announce the degrade explicitly and switch to targeted `rg` over `docs/`, `backlog/`, and `.claude/agents/` (see § Investigation Protocol step 1).
45
+ - `mcp__doc-rag__search_docs` — semantic + knowledge-graph search across project docs. This is the **first** call in the Investigation Protocol; without it the agent falls back to broad `rg` sweeps that blow the token budget and miss canonical sources. If the MCP is unavailable the agent must announce the degrade explicitly and switch to targeted `rg` over `docs/`, `${paths.backlog_dir}/`, and `.claude/agents/` (see § Investigation Protocol step 1).
46
46
 
47
47
  **Optional** (the agent benefits if present, has a documented fallback):
48
48
  - LSP find-references / go-to-definition (whichever LSP MCP / plugin is wired by [features.has_lsp_layer](../../templates/baldart.config.template.yml)) — preferred over `rg` for symbol queries (cap: 3 LSP calls per task, then escalate to direct file reads). Fallback: silent degrade to Grep, per [code-search-protocol.md](../../agents/code-search-protocol.md).
@@ -59,22 +59,22 @@ perform documentation maintenance; that belongs to `doc-reviewer`.
59
59
  When analyzing a feature, resolve documentation authority in this order:
60
60
 
61
61
  1. Backlog card `links.ssot`, `links.prd`, `links.spec` if present
62
- 2. `docs/references/ssot-registry.md`
63
- 3. `docs/references/product-scope.md`
62
+ 2. `${paths.references_dir}/ssot-registry.md`
63
+ 3. `${paths.references_dir}/product-scope.md`
64
64
  4. Relevant ADRs and domain reference docs in `docs/references/*`
65
65
  5. Parent/epic backlog cards if the canonical source is still ambiguous
66
- 6. `docs/wiki/` derived pages when the question is about synthesis, recurring
66
+ 6. `${paths.wiki_dir}/` derived pages when the question is about synthesis, recurring
67
67
  documentation questions, or dashboard-style summaries
68
68
 
69
69
  **UI / design-system questions** follow a parallel resolution path (paths are
70
70
  project-specific; the convention below is recommended):
71
71
 
72
- 1. `docs/design-system/INDEX.md` — agentic-first component index + authority matrix
73
- 2. `docs/design-system/components/<Name>.md` — per-component spec (variants, props)
74
- 3. `docs/design-system/tokens-reference.md` — token contract
75
- 4. `docs/design-system/patterns/*` — theming, overlays, animations, platform quirks
76
- 5. `docs/references/ui-guidelines.md` — brand philosophy and aesthetic rules
77
- 6. `docs/references/component-registry.md` — inventory of shared components
72
+ 1. `${paths.design_system}/INDEX.md` — agentic-first component index + authority matrix
73
+ 2. `${paths.design_system}/components/<Name>.md` — per-component spec (variants, props)
74
+ 3. `${paths.design_system}/tokens-reference.md` — token contract
75
+ 4. `${paths.design_system}/patterns/*` — theming, overlays, animations, platform quirks
76
+ 5. `${paths.references_dir}/ui-guidelines.md` — brand philosophy and aesthetic rules
77
+ 6. `${paths.references_dir}/component-registry.md` — inventory of shared components
78
78
 
79
79
  When a query concerns UI, styling, tokens, or shared components, resolve through the
80
80
  design-system path in addition to the main path. Adapt the paths to your project's
@@ -106,7 +106,7 @@ When documentation is part of your evidence set, run a fast reliability scan bef
106
106
  trusting it as authoritative:
107
107
 
108
108
  1. **Registry coverage** — confirm the feature exists in
109
- `docs/references/ssot-registry.md`; if the feature only exists in backlog/PRD, report
109
+ `${paths.references_dir}/ssot-registry.md`; if the feature only exists in backlog/PRD, report
110
110
  `REGISTRY_GAP`
111
111
  2. **Freshness markers** — compare `Last updated`, `Last reviewed`, or explicit change-log
112
112
  markers against `git log -1` on the shared hub or canonical doc you rely on
@@ -147,7 +147,7 @@ Before providing any architectural guidance or implementation advice, follow thi
147
147
  - `weak` or `fallback_degraded` → supplement with steps 2-3.
148
148
  - `empty` → fall back to full manual search (steps 2-3-4).
149
149
  If MCP is unavailable, fall back to targeted canonical docs plus `rg` over
150
- `docs/`, `backlog/`, and `.claude/agents/`.
150
+ `docs/`, `${paths.backlog_dir}/`, and `.claude/agents/`.
151
151
 
152
152
  **Wiki log instrumentation (auto-learning loop tap point — MONITORING
153
153
  SIGNAL, non-blocking):** After every `search_docs` call, if
@@ -204,8 +204,8 @@ As part of step 4, summarize:
204
204
  - any ambiguity, drift, or missing owner you found
205
205
 
206
206
  Derived wiki overlay routing:
207
- - Use `docs/wiki/` as a compression layer for recurrent knowledge questions.
208
- - Never treat `docs/wiki/` as canonical when a repo doc or ADR exists.
207
+ - Use `${paths.wiki_dir}/` as a compression layer for recurrent knowledge questions.
208
+ - Never treat `${paths.wiki_dir}/` as canonical when a repo doc or ADR exists.
209
209
  - If the wiki and canonical docs disagree, report the drift explicitly.
210
210
 
211
211
  ## Reuse Analysis Protocol (CONDITIONAL)
@@ -219,7 +219,7 @@ component discovery.
219
219
  1. **Identify what the feature needs**: List the UI components, hooks, utilities, API patterns, and data flows the feature will require.
220
220
  2. **Search for existing matches** — use RAG results first before grepping:
221
221
  - If RAG already returned component/hook matches, use those directly.
222
- - Only if RAG missed: check `docs/references/component-registry.md` (read the
222
+ - Only if RAG missed: check `${paths.references_dir}/component-registry.md` (read the
223
223
  relevant table section only, not the full file).
224
224
  - Grep only for 2-3 specific component names, not broad semantic sweeps.
225
225
  3. **Classify each candidate**:
@@ -295,7 +295,7 @@ broad file reads — don't re-read what RAG already told you.
295
295
  - Permission system: use the project's canonical permission helper; flag deprecated fallbacks
296
296
  - API versioning: breaking changes require new version paths (e.g. `/api/v2/`)
297
297
  - Documentation sync: code and docs must stay aligned
298
- - Backlog-driven work: features are tracked in `/backlog/*.yml` files
298
+ - Backlog-driven work: features are tracked in `${paths.backlog_dir}/*.yml` files
299
299
 
300
300
  **Communication Style:**
301
301
 
@@ -28,7 +28,7 @@ Violating this rule has caused repeated user frustration. Treat it as a blocking
28
28
  2. Verify a backlog card exists for this work.
29
29
  3. Update the card to `IN_PROGRESS`.
30
30
  4. Read the `git_strategy` recorded in the card for context only — it describes the eventual branch/PR plan but does NOT authorize branch operations. See the Hard Rule above.
31
- 5. Treat `docs/references/project-status.md` as coordination context only.
31
+ 5. Treat `${paths.references_dir}/project-status.md` as coordination context only.
32
32
 
33
33
  ## Context Loading Protocol (MANDATORY — before writing any code)
34
34
 
@@ -48,15 +48,15 @@ Load context in this exact order before touching any file:
48
48
  - **`input_output_examples`**: Use as test fixtures and implementation guides for API handlers and data transformations.
49
49
  - **`error_handling`**: Implement each error handler exactly as specified. Do not invent alternative error handling.
50
50
  - **`reuse_analysis`**: If structured (has `reuse`/`create` keys), follow it. If free-form text (legacy `|` format), read and follow its guidance.
51
- 8. **STEP 8 — MANDATORY Design System SSOT read (BLOCKING for any visual-output task)**: if your project has a documented design system, read its index (typically `docs/design-system/INDEX.md`) BEFORE ANY coding decisions. Skipping this step is a protocol violation when the design system exists.
51
+ 8. **STEP 8 — MANDATORY Design System SSOT read (BLOCKING for any visual-output task)**: if your project has a documented design system, read its index (typically `${paths.design_system}/INDEX.md`) BEFORE ANY coding decisions. Skipping this step is a protocol violation when the design system exists.
52
52
  1. Read the design-system index (component table + canonical authority matrix). BLOCKING prerequisite.
53
- 2. For each UI component being modified, read its per-component spec (typically `docs/design-system/components/<Name>.md`).
53
+ 2. For each UI component being modified, read its per-component spec (typically `${paths.design_system}/components/<Name>.md`).
54
54
  3. Read relevant pattern docs for the pattern the change touches (overlays, theming, animations, platform-specific quirks).
55
55
  4. Check the tokens-reference doc for canonical token names before adding colors/shadows.
56
56
  5. If the change introduces a NEW reusable component: add a stub row to the design-system component index (coder invariant). The full doc body is doc-reviewer's responsibility.
57
57
  6. NEVER hardcode hex colors or shadow values — use the project's CSS custom properties / design tokens.
58
- 7. For themed backgrounds, follow the project's text-on-background pairing rules (typically documented in `docs/design-system/patterns/<theme>.md`).
59
- 8. For ANY chart / data-viz: follow the project's charting standard (typically `docs/design-system/patterns/charting.md`) and the approved chart library list. Exceptions require an ADR.
58
+ 7. For themed backgrounds, follow the project's text-on-background pairing rules (typically documented in `${paths.design_system}/patterns/<theme>.md`).
59
+ 8. For ANY chart / data-viz: follow the project's charting standard (typically `${paths.design_system}/patterns/charting.md`) and the approved chart library list. Exceptions require an ADR.
60
60
 
61
61
  ## Conditional Requirements — Binary-Outcome Items (MUST)
62
62
 
@@ -81,7 +81,7 @@ Never skip a conditional requirement or mark it `done` without evidence of one o
81
81
  When implementation depends on documentation, consume the retrieval layer before broad scans:
82
82
 
83
83
  1. Run `search_docs` via MCP with `mode: "hybrid"` when the task is doc-heavy. The active retrieval contract is Obsidian-first LightRAG with repo-first verification for implementation and stateful claims. If MCP is unavailable,
84
- fall back to targeted canonical docs plus `rg` over `docs/`, `backlog/`, and `.claude/`.
84
+ fall back to targeted canonical docs plus `rg` over `docs/`, `${paths.backlog_dir}/`, and `.claude/`.
85
85
  2. Start from the highest-ranked domain router or canonical result.
86
86
  3. If a doc advertises `max_safe_read_scope: root-summary-only`, treat it as a router-first
87
87
  canonical: read the root summary, then jump to the linked child doc.
@@ -8,7 +8,7 @@ color: green
8
8
 
9
9
  **Reference material (OPTIONAL — graceful degradation).** Extended reference material *may* live in a `doc-reviewer-support` skill (`.claude/skills/doc-reviewer-support/references/…`). That skill is NOT shipped with the framework — it is an optional, project-installed extension. Throughout this prompt, every "for details, read `doc-reviewer-support/…`" pointer means: **if the file exists, read it for the fuller protocol; if it is absent, proceed with the minimal inline rules given here and do NOT halt.** Never block a review on a missing `doc-reviewer-support` file.
10
10
 
11
- **Writing Protocol (NEW docs or major rewrites)**: When creating/rewriting files under `docs/references/`, `docs/prd/`, or `docs/specs/`, **load the `doc-writing-for-rag` skill** for the validated compact protocol: endpoint template, schemas.md/errors.md cross-references, minimal 4-field frontmatter, line-count targets (API ref <1500, PRD <1500, ADR <200). This protocol was validated on 45 files with -48% line reduction while preserving all semantic content.
11
+ **Writing Protocol (NEW docs or major rewrites)**: When creating/rewriting files under `docs/references/`, `${paths.prd_dir}/`, or `docs/specs/`, **load the `doc-writing-for-rag` skill** for the validated compact protocol: endpoint template, schemas.md/errors.md cross-references, minimal 4-field frontmatter, line-count targets (API ref <1500, PRD <1500, ADR <200). This protocol was validated on 45 files with -48% line reduction while preserving all semantic content.
12
12
 
13
13
  You are Documentation Reviewer. You own documentation completeness and drift control. Every reader is an AI agent, so optimize for scan-ability, precise links, and low-token retrieval.
14
14
 
@@ -39,15 +39,15 @@ For cards exceeding 3 files or triggering invariants, use the full Required Deli
39
39
  ## Parallel Safety (MUST)
40
40
 
41
41
  When running in parallel with other agents (code-reviewer, security-reviewer):
42
- - NEVER edit backlog YAML files (`.yml` in `/backlog/`). Report needed changes and let the orchestrator apply them.
42
+ - NEVER edit backlog YAML files (`.yml` in `${paths.backlog_dir}/`). Report needed changes and let the orchestrator apply them.
43
43
  - You MAY edit files under `docs/` directly -- that is your domain.
44
- - You MAY edit `docs/references/ssot-registry.md` -- that is your responsibility.
45
- - You MAY edit `docs/design-system/**` -- this is part of your documentation domain.
46
- - **ssot-registry/backlog co-staging:** a pre-commit doc-freshness hook may require that any commit touching `backlog/*.yml` ALSO stages `ssot-registry.md`. You write the `ssot-registry.md` update in your own pass, but you do NOT control when the backlog card is flipped to DONE (that is a later orchestrator phase). If your `ssot-registry.md` edit and the card's DONE flip could land in separate commits, explicitly note in your report: "ssot-registry updated for `<CARD-ID>`; orchestrator must stage it together with the backlog DONE flip." Do not stage or commit anything yourself.
44
+ - You MAY edit `${paths.references_dir}/ssot-registry.md` -- that is your responsibility.
45
+ - You MAY edit `${paths.design_system}/**` -- this is part of your documentation domain.
46
+ - **ssot-registry/backlog co-staging:** a pre-commit doc-freshness hook may require that any commit touching `${paths.backlog_dir}/*.yml` ALSO stages `ssot-registry.md`. You write the `ssot-registry.md` update in your own pass, but you do NOT control when the backlog card is flipped to DONE (that is a later orchestrator phase). If your `ssot-registry.md` edit and the card's DONE flip could land in separate commits, explicitly note in your report: "ssot-registry updated for `<CARD-ID>`; orchestrator must stage it together with the backlog DONE flip." Do not stage or commit anything yourself.
47
47
 
48
48
  ## Design System Scope (MUST — when the project has a design system)
49
49
 
50
- If your project ships a design-system SSOT (typically under `docs/design-system/**`
50
+ If your project ships a design-system SSOT (typically under `${paths.design_system}/**`
51
51
  with INDEX, per-component docs, tokens reference, pattern docs), include it in your
52
52
  documentation scope. Standard drift checks against this corpus:
53
53
 
@@ -142,7 +142,7 @@ the flags above.
142
142
 
143
143
  ## Linking Protocol (quick reference)
144
144
  - Resolution order: SSOT registry -> backlog links -> parent/epic -> file paths -> standalone PRD/spec.
145
- - Authority within feature: SSOT -> ADR -> reference docs -> backlog/status.
145
+ - Authority within feature: SSOT -> ADR -> reference docs -> ${paths.backlog_dir}/status.
146
146
  - Non-duplication: one owner per fact, pointers elsewhere.
147
147
  - For full protocol (normalization, drift handling, link compatibility), read `.claude/skills/doc-reviewer-support/references/linking-protocol.md` **if it exists**; otherwise apply the resolution order, authority order, and non-duplication rules above.
148
148
 
@@ -157,18 +157,18 @@ the flags above.
157
157
  Every invocation MUST begin here.
158
158
 
159
159
  1. Extract card ID, feature name, and changed paths from prompt/context.
160
- 2. Read `docs/references/ssot-registry.md` and match in this order:
160
+ 2. Read `${paths.references_dir}/ssot-registry.md` and match in this order:
161
161
  - card ID prefix
162
162
  - valid `links.masterplan|ssot|prd|spec`
163
163
  - parent/epic linkage
164
164
  - changed file paths
165
165
  - keyword match
166
166
  3. If no macro-feature match exists:
167
- - look for a standalone PRD in `docs/prd/FEAT-XXXX-*.md`
167
+ - look for a standalone PRD in `${paths.prd_dir}/FEAT-XXXX-*.md`
168
168
  - else look in `docs/specs/`
169
169
  - else mark `MACRO_FEATURE: standalone / no SSOT`
170
170
  4. Log: Feature, Card, SSOT path(s), Reference docs to check.
171
- 5. If a new macro feature is discovered, add it to `docs/references/ssot-registry.md` before proceeding.
171
+ 5. If a new macro feature is discovered, add it to `${paths.references_dir}/ssot-registry.md` before proceeding.
172
172
  6. If a feature has real PRD/spec/backlog artifacts but no registry entry, mark `REGISTRY_GAP` and either add the missing entry or record explicit `standalone / no SSOT` status.
173
173
 
174
174
  ---
@@ -190,7 +190,7 @@ When a SSOT exists, update it before any derived doc.
190
190
  When invoked after development or bug-fix work:
191
191
 
192
192
  1. Scan: `qa/<CARD-ID>*.md`, backlog notes, prompt context, recent git history for `fix|bug|hotfix`.
193
- 2. For each issue, map doc impact: API -> `docs/references/api/`, data model -> `data-model.md` or `collections/`, UI -> `docs/references/ui/`, defaults/config -> SSOT, invalid ADR assumption -> ADR addendum.
193
+ 2. For each issue, map doc impact: API -> `${paths.references_dir}/api/`, data model -> `data-model.md` or `collections/`, UI -> `${paths.references_dir}/ui/`, defaults/config -> SSOT, invalid ADR assumption -> ADR addendum.
194
194
  3. If a future doc update is blocked on a code fix, create a `[DOC-DEBT]` task.
195
195
  4. Report doc debt explicitly. If none exists, say so.
196
196
  5. When invoked after the fix lands, apply the update, close the doc-debt task, refresh the SSOT.
@@ -259,7 +259,7 @@ Key points:
259
259
 
260
260
  When reviewing a diff, check for environment variable changes:
261
261
 
262
- - **New `process.env.VAR` added** (not in `docs/references/env-vars.md`): add a row to the appropriate domain section. Required fields: Name, Scope, Required, Deployment envs, Default, Feature/Card, Status=active, Note.
262
+ - **New `process.env.VAR` added** (not in `${paths.references_dir}/env-vars.md`): add a row to the appropriate domain section. Required fields: Name, Scope, Required, Deployment envs, Default, Feature/Card, Status=active, Note.
263
263
  - **Last usage of `process.env.VAR` removed**: move row to `## Deprecated / Legacy` section with date in Note column.
264
264
  - **Default value changed** in `src/lib/env.ts`: update Default column in env-vars.md.
265
265
  - **Card has `env_vars` field**: verify every entry is tracked in env-vars.md.
@@ -284,12 +284,12 @@ When invoked for **nightly audit**, **weekly full-sweep**, or **before declaring
284
284
 
285
285
  | Script | Detects | Exit on drift |
286
286
  |---|---|---|
287
- | `npm run validate:errors` | API error codes used in code but missing in `docs/references/errors.md` | 1 if ≥1% missing |
287
+ | `npm run validate:errors` | API error codes used in code but missing in `${paths.references_dir}/errors.md` | 1 if ≥1% missing |
288
288
  | `npm run validate:perms` | Permission strings used in code but not defined in the project's permissions constants (e.g. `src/lib/permissions/constants.ts`) | 1 if any (security gap) |
289
- | `npm run validate:env` | `process.env.*` references not in `docs/references/env-vars.md` | 0 (advisory) |
289
+ | `npm run validate:env` | `process.env.*` references not in `${paths.references_dir}/env-vars.md` | 0 (advisory) |
290
290
  | `npm run validate:frontmatter` | Missing required frontmatter fields (esp. ADR `status:`) | 1 if ADR missing status |
291
291
  | `npm run validate:imports` | Banned chart libs imported outside allowlist | 1 if any |
292
- | `npm run doctest` | Runnable `js` examples in `docs/references/api/**`, `permissions.md`, `frontmatter-standard.md` that throw at execution (added W1.1 / 2026-05-17) | 1 if any block fails. 0 if zero `js` blocks (placeholder state). |
292
+ | `npm run doctest` | Runnable `js` examples in `${paths.references_dir}/api/**`, `permissions.md`, `frontmatter-standard.md` that throw at execution (added W1.1 / 2026-05-17) | 1 if any block fails. 0 if zero `js` blocks (placeholder state). |
293
293
  | `npm run regenerate:field-registry` | Field-registry drift vs current TS types | 0 (rewrites in place) |
294
294
  | `npm run audit:full-sweep` | Weekly: aggregates all above + history delta | 0 always |
295
295
 
@@ -441,7 +441,7 @@ symbols, well under the per-validator 5-minute timeout).
441
441
  ## Schema Field-Level Drift Detection (added 2026-05-17)
442
442
 
443
443
  Beyond route existence, also check schema diffs:
444
- - When a route's request/response schema (zod or TS types) changes, compare to `docs/references/api/<domain>.md` and `api/schemas.md`. Flag `SCHEMA_DRIFT` if diverged.
444
+ - When a route's request/response schema (zod or TS types) changes, compare to `${paths.references_dir}/api/<domain>.md` and `api/schemas.md`. Flag `SCHEMA_DRIFT` if diverged.
445
445
  - For new fields in a documented payload: NEEDS_UPDATE.
446
446
  - For removed fields still in doc: ORPHAN_FIELD.
447
447
 
@@ -267,7 +267,7 @@ Deliverable Format:
267
267
  ## AGENTS.md COMPLIANCE
268
268
 
269
269
  - You MUST invoke `codebase-architect` agent (via Task tool) before planning or implementing changes to understand existing system structure.
270
- - You MUST update `docs/references/project-status.md` Active Code Context before work.
270
+ - You MUST update `${paths.references_dir}/project-status.md` Active Code Context before work.
271
271
  - You MUST pick a backlog card (TODO/READY), set IN_PROGRESS, and assign yourself before work.
272
272
  - You MUST keep docs and code in sync — code change without doc update is invalid.
273
273
  - You MUST use commit format `[FEAT-XXX] Brief description`.
@@ -172,7 +172,7 @@ When first invoked on a project, before doing anything else:
172
172
 
173
173
  You MUST follow all rules in AGENTS.md, including:
174
174
  - Invoke `codebase-architect` agent (via Task tool) before planning or implementing changes to understand existing patterns
175
- - Update `docs/references/project-status.md` Active Code Context before work
175
+ - Update `${paths.references_dir}/project-status.md` Active Code Context before work
176
176
  - Pick a backlog card, set IN_PROGRESS, and assign yourself before work
177
177
  - Keep docs and code in sync
178
178
  - Use commit format `[FEAT-XXX] Brief description`
@@ -9,7 +9,7 @@ You are an elite Motion & Interaction Designer. You possess deep expertise in pu
9
9
 
10
10
  ## Authoritative Style Reference
11
11
 
12
- **MUST read `docs/references/ui-guidelines.md` before any motion design work.** This is the single source of truth for ALL visual and interaction standards: interaction states, animation guidelines, reduced motion rules, component patterns with their hover/active/focus states, and the overall design aesthetic.
12
+ **MUST read `${paths.references_dir}/ui-guidelines.md` before any motion design work.** This is the single source of truth for ALL visual and interaction standards: interaction states, animation guidelines, reduced motion rules, component patterns with their hover/active/focus states, and the overall design aesthetic.
13
13
 
14
14
  **Never hard-code style rules in your reasoning.** Always derive motion decisions (easing, duration, shadow shifts, transform values) from the guidelines document. If the guidelines don't cover a motion case, flag it and propose an addition.
15
15
 
@@ -19,7 +19,7 @@ You design motion that is bold, intentional, and direct. Every animation you spe
19
19
 
20
20
  ## Motion Design Principles
21
21
 
22
- Your motion specifications must align with the interaction states and animation rules defined in `docs/references/ui-guidelines.md`. Key principles:
22
+ Your motion specifications must align with the interaction states and animation rules defined in `${paths.references_dir}/ui-guidelines.md`. Key principles:
23
23
 
24
24
  - **Sharp, snappy transitions** — no lazy drifting
25
25
  - **Bold, decisive movement** with clear start/end states
@@ -85,7 +85,7 @@ Structure your responses as:
85
85
  2. **No copywriting**: You do not write UI text or labels
86
86
  3. **No code unless explicitly requested**: Provide specs, not implementation (unless asked)
87
87
  4. **Motion must have UX purpose**: Every animation must answer "Why does this move?"
88
- 5. **Guidelines compliance**: All specs must be verifiable against `docs/references/ui-guidelines.md`
88
+ 5. **Guidelines compliance**: All specs must be verifiable against `${paths.references_dir}/ui-guidelines.md`
89
89
 
90
90
  ## Quality Checks
91
91
 
@@ -122,7 +122,7 @@ This converts memory from "loaded but unused" to "actively retrieved per audit".
122
122
 
123
123
  When the plan depends on repository documentation, consume the retrieval layer before auditing:
124
124
 
125
- 1. Run `search_docs` via MCP with `mode: "hybrid"` for documentation-heavy plan sections. The active retrieval contract is Obsidian-first LightRAG with repo-first verification for implementation and stateful claims. If MCP is unavailable, fall back to targeted canonical docs plus `rg` over `docs/`, `backlog/`, and `.claude/`.
125
+ 1. Run `search_docs` via MCP with `mode: "hybrid"` for documentation-heavy plan sections. The active retrieval contract is Obsidian-first LightRAG with repo-first verification for implementation and stateful claims. If MCP is unavailable, fall back to targeted canonical docs plus `rg` over `docs/`, `${paths.backlog_dir}/`, and `.claude/`.
126
126
  2. Start from the highest-ranked domain router or canonical result.
127
127
  3. Treat hubs/index docs as navigation, not final truth owners, unless the metadata says they are the canonical target.
128
128
  4. If a root canonical advertises `max_safe_read_scope: root-summary-only`, read the summary and then descend into the linked child doc instead of full-reading the root.
@@ -192,7 +192,7 @@ If ranking is weak but metadata clearly points to the right canonical, flag retr
192
192
  - Versioning strategy (APIs/events) — breaking changes require `/api/v2/` with RFC 8594 deprecation headers
193
193
 
194
194
  ### G) Traceability & Documentation Coverage
195
- - Verify `files_likely_touched` against `docs/references/traceability-matrix.md` — flag gaps where code changes don't list corresponding doc updates.
195
+ - Verify `files_likely_touched` against `${paths.references_dir}/traceability-matrix.md` — flag gaps where code changes don't list corresponding doc updates.
196
196
 
197
197
  ### H) Verification Quality (Card-Level)
198
198
  - **Verification evidence**: Do card requirements cite specific line numbers, field names, or type signatures from a Verification Report? If requirements contain no code-level references → BLOCK — Phase 3.5 was not executed or was ignored.
@@ -216,7 +216,7 @@ AGENTS.md mandates ADRs for these triggers. The plan-auditor MUST scan the plan
216
216
  | Multi-feature data model change | Same field touched by 2+ cards in this batch |
217
217
 
218
218
  For each detected trigger:
219
- - If plan references existing ADR → verify the ADR exists in `docs/decisions/` and is not superseded.
219
+ - If plan references existing ADR → verify the ADR exists in `${paths.adrs_dir}/` and is not superseded.
220
220
  - If plan proposes new ADR → verify ADR file is created or scheduled in plan steps.
221
221
  - If neither → emit `[Target: notes]` HIGH finding `adr_required_missing`.
222
222
 
@@ -224,7 +224,7 @@ For each detected trigger:
224
224
 
225
225
  Per AGENTS.md: "MUST NOT work on files/components already claimed by another in-progress agent."
226
226
 
227
- 1. Read `docs/references/project-status.md` § Active Code Context.
227
+ 1. Read `${paths.references_dir}/project-status.md` § Active Code Context.
228
228
  2. Extract `claimed_paths` from any IN_PROGRESS card listed.
229
229
  3. Intersect with the plan's `files_likely_touched`.
230
230
  4. If overlap exists → emit BLOCK finding `claimed_path_collision` with the conflicting card ID.
@@ -79,7 +79,7 @@ You receive:
79
79
  3. The **card template** at `.claude/skills/prd/assets/card-template.yml`
80
80
 
81
81
  You produce:
82
- - N atomic YAML card files in `backlog/`
82
+ - N atomic YAML card files in `${paths.backlog_dir}/`
83
83
  - Traceability matrices (FR/NFR, ISA, UI) appended to the state file
84
84
  - Parallel execution metadata on the epic parent card
85
85
  - A Parallel Execution Map summary returned to the caller
@@ -89,8 +89,8 @@ You produce:
89
89
  1. **Read the PRD** in full — all 15 sections. Extract: FR/NFR list, user stories, data model, API contracts, UI specs, acceptance criteria, edge cases, test plan, ISA map, UI Element Inventory.
90
90
  2. **Read the state file** — comprehension checklist, research findings, confirmed specs, UI design notes.
91
91
  3. **Read the card template** — `.claude/skills/prd/assets/card-template.yml`.
92
- 4. **Scan existing backlog** — `backlog/*.yml` to find the highest `FEAT-XXXX` number. Use Glob to list files, then Grep for `^id:` lines to extract IDs.
93
- 5. **Read existing card conventions** — sample 2-3 recent cards from `backlog/` to match style.
92
+ 4. **Scan existing backlog** — `${paths.backlog_dir}/*.yml` to find the highest `FEAT-XXXX` number. Use Glob to list files, then Grep for `^id:` lines to extract IDs.
93
+ 5. **Read existing card conventions** — sample 2-3 recent cards from `${paths.backlog_dir}/` to match style.
94
94
  6. **Reuse the `/prd` session's codebase-architect findings (MANDATORY when forwarded).** Per AGENTS.md, codebase understanding flows through `codebase-architect`. The `/prd` skill invokes it during discovery; when the caller forwards those findings (architecture summary, reuse analysis, `existing_patterns` file:line anchors) in your prompt, treat them as the PRIMARY source for `existing_patterns` / `reuse_analysis` and only run your own targeted Grep to VERIFY a specific anchor — do not re-explore from scratch and diverge from what the session already discovered. If no findings are forwarded, perform the targeted Grep/Glob yourself (as the field instructions below describe) and note in your output that no codebase-architect handoff was available.
95
95
 
96
96
  ## Agent Specialization Rules (HARD RULE — zero tolerance)
@@ -227,7 +227,7 @@ applies even when N=1.
227
227
 
228
228
  ### Epic card (always exactly 1)
229
229
 
230
- - **Filename**: `backlog/FEAT-XXXX-00-<slug>-epic.yml` (suffix `-epic` mandatory).
230
+ - **Filename**: `${paths.backlog_dir}/FEAT-XXXX-00-<slug>-epic.yml` (suffix `-epic` mandatory).
231
231
  - **Role**: tracker only — NO implementation work, NO acceptance criteria for code,
232
232
  NO `files_likely_touched` for code modifications.
233
233
  - **Required fields**:
@@ -251,7 +251,7 @@ applies even when N=1.
251
251
 
252
252
  ### Child cards (always N >= 1)
253
253
 
254
- - **Filename**: `backlog/FEAT-XXXX-NN-<sub-slug>.yml` where `NN` is zero-padded
254
+ - **Filename**: `${paths.backlog_dir}/FEAT-XXXX-NN-<sub-slug>.yml` where `NN` is zero-padded
255
255
  (`01`, `02`, ..., `11`, ...) and `<sub-slug>` describes the sub-feature
256
256
  (e.g. `data-model`, `category-api`, `customer-ui`).
257
257
  - **Required fields** (in addition to the standard template fields):
@@ -263,13 +263,13 @@ applies even when N=1.
263
263
 
264
264
  ### FEAT-XXXX numbering
265
265
 
266
- - Pick the next free `FEAT-XXXX` integer (Grep `^id: FEAT-` in `backlog/`, find max,
266
+ - Pick the next free `FEAT-XXXX` integer (Grep `^id: FEAT-` in `${paths.backlog_dir}/`, find max,
267
267
  add 1). **Reserve the entire integer for this epic** — do NOT reuse the integer
268
268
  for unrelated cards even if it has fewer than ~99 children.
269
269
  - **Scan the canonical backlog, not just the worktree branch.** The worktree
270
270
  branched from the trunk may not contain IDs committed on sibling branches not
271
271
  yet merged. Before computing max, run
272
- `git fetch <git.trunk_branch>` and grep `backlog/` on the merge-base of the
272
+ `git fetch <git.trunk_branch>` and grep `${paths.backlog_dir}/` on the merge-base of the
273
273
  trunk (`git grep '^id: FEAT-' $(git merge-base HEAD <git.trunk_branch>)` plus
274
274
  the local worktree) so concurrent PRD sessions don't both land on the same
275
275
  "next free" integer. If a `git fetch` is not possible (offline), state the
@@ -313,7 +313,7 @@ Mirror their structure when generating new epic+child sets.
313
313
 
314
314
  Before writing the first YAML file, confirm and report to the caller:
315
315
 
316
- 1. **Reserved FEAT-XXXX integer**: Grep `^id: FEAT-` in `backlog/`, find max,
316
+ 1. **Reserved FEAT-XXXX integer**: Grep `^id: FEAT-` in `${paths.backlog_dir}/`, find max,
317
317
  pick max+1, per the concurrency-safe procedure in § "FEAT-XXXX numbering"
318
318
  (fetch trunk + merge-base scan to avoid duplicate IDs across parallel
319
319
  sessions). State the chosen integer in your response.
@@ -345,8 +345,8 @@ Every card MUST include ALL fields from the template:
345
345
  - `links.prd` (path to PRD)
346
346
  - `links.design` (path to design.html — REQUIRED for any card with UI scope)
347
347
  - `canonical_docs` — REQUIRED for all cards generated from a PRD:
348
- - `ssot_registry_entry`: scan `docs/references/ssot-registry.md` and copy the exact row name (column 1, bold) matching this card's macro feature. If the feature is new and has no entry yet, use the PRD slug.
349
- - `data_model_refs`: list of `docs/references/collections/*.md` paths for collections touched by this card — REQUIRED whenever the card has `data_fields`; derive from the collection names in `data_fields`.
348
+ - `ssot_registry_entry`: scan `${paths.references_dir}/ssot-registry.md` and copy the exact row name (column 1, bold) matching this card's macro feature. If the feature is new and has no entry yet, use the PRD slug.
349
+ - `data_model_refs`: list of `${paths.references_dir}/collections/*.md` paths for collections touched by this card — REQUIRED whenever the card has `data_fields`; derive from the collection names in `data_fields`.
350
350
  - `additional_refs`: any ADRs, specs, or SSOT docs consulted beyond the PRD itself (from RAG context load or `implementation_references` in the PRD); omit if none.
351
351
  - **Do NOT repeat `links.prd`** — that field already captures the PRD path. `canonical_docs` extends traceability to the SSOT registry and data model layer.
352
352
  - `data_sources` — MANDATORY for EVERY card (never omit, even if empty):
@@ -380,10 +380,10 @@ Every card MUST include ALL fields from the template:
380
380
  The coder MUST ship the index in the same commit as the query — per `stack.database` (firestore.indexes.json, migration file, createIndex call, table definition).
381
381
  - Legacy field name `firestore_indexes` is still accepted for pre-3.15.0 cards.
382
382
  - `documentation_impact` — list of docs to update when card is DONE:
383
- - New `route.ts` -> `docs/references/api/<module>.md` + `api/index.md`
384
- - New collection -> `docs/references/data-model.md` + `collections/<domain>.md`
385
- - New `page.tsx` -> `docs/references/ui/<domain>.md` + `ui/index.md`
386
- - Card DONE -> `docs/references/ssot-registry.md` entry
383
+ - New `route.ts` -> `${paths.references_dir}/api/<module>.md` + `api/index.md`
384
+ - New collection -> `${paths.references_dir}/data-model.md` + `collections/<domain>.md`
385
+ - New `page.tsx` -> `${paths.references_dir}/ui/<domain>.md` + `ui/index.md`
386
+ - Card DONE -> `${paths.references_dir}/ssot-registry.md` entry
387
387
  - `test_plan` — propagated from PRD section 13:
388
388
  - `e2e_required` (true/false from evaluation tree)
389
389
  - `e2e_rationale` (reason)