baldart 4.34.1 → 4.35.0

package/CHANGELOG.md

@@ -5,6 +5,38 @@ All notable changes to BALDART will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.35.0] - 2026-06-13
+
+**Card-baseline standardization — every backlog card, any prefix/origin, conforms to one profile-aware SSOT; `/new` normalizes foreign cards at ingestion.** A real `CHORE-0007` (consumer repo `mayo`) reached `/new` **without `review_profile`** (and without `scope`/`scope_boundaries`/`canonical_docs`): it was hand/ad-hoc authored after a graph-align finding, never by the canonical writer. `/new` and `/new2` consume cards **type-blind** — they scale per-card review depth on `review_profile` and run the same pipeline regardless of prefix — so an off-baseline card silently degrades the pipeline. Root cause: the baseline was scattered across `card-template.yml` + `prd-card-writer`'s Required-Fields + Rule C with **no single SSOT and no validator**; `prd-card-writer` only documented the `/prd` epic+children flow (its standalone single-card mode, used by `new2-resolve`, was undocumented); and three writers diverged — `/prd`/`new2`/`new2-resolve` emit the full baseline, but the `/new` AC-deferral stub (`completeness.md`) and `/issue-review` (`issue-review.md`) wrote partial cards.
+
+The fix is **profile-aware** by design (an adversarial review caught that a flat "every field required, non-empty" rule would wrongly reject valid cards — an epic legitimately has `owner_agent: ""` and `files_likely_touched: []`; a standalone CHORE legitimately omits `scope_boundaries`/`links.prd`). A new SSOT module defines per-profile (epic/child/standalone) field states (REQUIRED / may-be-empty / conditional). Every creation path now delegates to `prd-card-writer` (the canonical writer), and `/new`/`/new2` ingestion **normalizes** a non-conformant card: HALT only on truly non-derivable fields (`scope`/`requirements`/`acceptance_criteria`/`files_likely_touched`), **back-fill + persist** the derivable ones (`review_profile` via Rule C, `owner_agent`→`coder`) to the card on disk in the **main repo** (check-and-skip idempotent; committed with the `merge-cleanup.md` Phase 6b COMMIT_LOCK discipline), WARN on the rest. A shipped validator (profile-aware) + CI gate would have failed `CHORE-0007` at authoring time. **MINOR** (new protocol module + new agent capability + new validator/CI gate; backwards-compatible — conformant cards still validate, back-fill only *adds* fields; `review_profile`/baseline are not `baldart.config.yml` keys ⇒ schema-propagation rule N/A).
+
+### Added
+
+- **`framework/agents/card-schema.md`** — Atomic Card Baseline Schema: the universal, profile-aware (epic/child/standalone) field-state matrix every backlog card satisfies, plus the consumer HALT/BACK-FILL/WARN contract. Cites Rule A (`owner_agent` enum, REGISTRY.md) and Rule C (`review_profile` criteria) — never copies them. This is the missing peer of the `agents/index.md` module manifest ("if you create/mutate a card, read card-schema.md"). 23rd protocol module.
+- **`framework/scripts/validate-card-baseline.js`** — profile-aware validator. Parses the field-state matrix from `card-schema.md` and the enums from `REGISTRY.md` (no embedded copy → no drift), detects the card profile, and asserts each field's state + enum validity. Exit 1 + per-field errors. Module API (`validateCard`/`detectProfile`/`loadSchema`/`loadEnums`) for reuse.
+- **`scripts/check-card-baseline.js`** + new step in **`.github/workflows/check-reference-integrity.yml`** — CI gate: self-tests the validator against fixtures (valid epic/child/standalone + a broken CHORE-0007 shape + invalid enums) and asserts `card-template.yml` ↔ `card-schema.md` do not drift.
+- **`framework/templates/ci/check-card-baseline.yml`** — opt-in consumer CI template: fails a PR when a hand-authored `backlog/*.yml` drifts off the baseline (catches manual cards at PR time, not only at `/new` time).
+
+### Changed
+
+- **`framework/.claude/agents/prd-card-writer.md`** — new § "Standalone Single-Card Mode" (documents the no-epic single-card path used by `/new`/`new2`/`new2-resolve`/`/issue-review`: relaxes epic+children and conditional fields, but still emits the full STANDALONE baseline — *standalone ≠ minimal*). "Required Fields Per Card" now cites `card-schema.md` instead of being the implicit SSOT; `description:` frontmatter acknowledges the standalone invocation.
+- **`framework/.claude/skills/new/references/setup.md`** — pre-flight step 1b restructured into **1b-i** (HALT on non-derivable fields, incl. `scope`; `scope_boundaries` is NOT a HALT field), **1b-ii** (back-fill `review_profile`/`owner_agent`, persist to `$MAIN`, check-and-skip, dedicated `[BACKFILL]` commit), **1b-iii** (run the profile-aware validator).
+- **`framework/.claude/skills/new/SKILL.md`** — QA Profile Selector simplified to a pure read (the compute-from-Rule-C fallback is consolidated into setup.md 1b-ii, which persists the value — no second copy of the criteria).
+- **`framework/.claude/skills/new/references/completeness.md`** — AC-deferral follow-up now delegates to `prd-card-writer` Standalone Mode (full baseline) instead of writing a 3-field stub; minimal stub only on total agent outage (self-heals on first ingestion).
+- **`framework/.claude/commands/issue-review.md`** — backlog-card creation delegates to `prd-card-writer` (standalone for one-off issues, epic+children for new features) instead of hand-filling the template.
+- **`framework/.claude/skills/new2/SKILL.md`** — offline reconciliation cites `card-schema.md` + the standalone mode; notes the crisis stub self-heals via the `/new` back-fill.
+- **`framework/agents/index.md`**, **`framework/.claude/skills/prd/assets/card-template.yml`** — routing rule + template header pointer to `card-schema.md` as the field SSOT.
+
+## [4.34.2] - 2026-06-13
+
+**`/new` workflow-delegation gates hardened to BINARY/imperative — close the "ran inline by judgment" escape hatch.** A real `/new` run (mayo, single-card CHORE-0007, BALDART 4.34.1 with both workflows linked + the `Workflow` tool available) ran **both** review-delegation gates inline instead of delegating: the orchestrator invented escape criteria absent from the gate ("single-card → marginal context-economy benefit", "memory note on workflow degeneration") and mis-cited the `feedback_dynamic_workflows_fit` guidance, which actually names the Final Review fan-out as the canonical workflow fit. The degeneration reports it conflated concern the `new2`/`new2-resolve` whole-batch host — a different workflow. Net effect: the run validated only the inline fallback and gave **zero** signal on the `new-card-review` (v4.34.0) path. Both gates were already worded as `IF tool+script → delegate / ELSE inline`, but the prose left enough softness for the model to insert discretion. **PATCH** (gate-prose hardening; no behavior change to the install layout or the workflows themselves — the delegated path was always the intended one).
+
+### Changed
+
+- **`framework/.claude/skills/new/references/review-cycle.md`** — Phase 2.5x branch reframed as a "MECHANICAL, BINARY decision" with an explicit **no-discretion** rule: the soft factors (N=1, small diff, marginal benefit, "a workflow once degenerated", "inline is safer") are named and declared **NOT inputs to the gate**; the `new2` degeneration conflation is corrected inline; running inline while the conditions held is now defined as a **gate violation** with a mandated telemetry log line.
+- **`framework/.claude/skills/new/references/final-review.md`** — Step F.1.5 branch given the same imperative treatment (MUST-delegate, no-discretion rule, `new2`-conflation correction, gate-violation log line).
+
 ## [4.34.1] - 2026-06-12
 
 **`reference-integrity` CI gate: recognize the plumbing carve-out.** v4.33.2 introduced a legitimate `subagent_type: general-purpose` dispatch for the mechanical file-revert agent (the REGISTRY.md plumbing carve-out — mechanical git/file ops, never code authoring), but the CI `reference-integrity` gate's R11 anti-fallback rule banned `general-purpose` **unconditionally**, so `main` went red on the v4.33.2 / v4.34.0 tags (the npm publish workflow is independent and succeeded — both versions are live). The gate now allows `subagent_type: general-purpose` **only** on a dispatch line explicitly marked `plumbing carve-out`; every other `general-purpose` dispatch stays banned (R11 intact, intentionally narrow so it can't be abused as a generic fallback). **PATCH** (CI gate fix; no behavior change to `/new`).

package/README.md

@@ -82,7 +82,7 @@ No additional activation steps needed — once installed, Claude Code (and Codex
 ### Core Protocol
 
 - **AGENTS.md**: Mandatory coordination rules (MUST/SHOULD/OPTIONAL)
-- **agents/**: 17 domain modules (architecture, workflows, testing, security, etc.)
+- **agents/**: 23 domain modules (architecture, workflows, testing, security, card-schema, etc.)
 - **Routing**: If you touch X, read Y - minimize context loading
 
 ### AI Agents (28 specialized agents)

package/VERSION

@@ -1 +1 @@
-4.34.1
+4.35.0

package/framework/.claude/agents/prd-card-writer.md

@@ -1,6 +1,6 @@
 ---
 name: prd-card-writer
-description: "Generates atomic backlog cards from an approved PRD. Handles card YAML writing, dependency graph computation, parallel group assignment, and traceability matrices (FR/NFR, ISA, UI). Invoked by the /prd skill at Step 5 to offload the heaviest mechanical phase from the main context."
+description: "Generates atomic backlog cards from an approved PRD. Handles card YAML writing, dependency graph computation, parallel group assignment, and traceability matrices (FR/NFR, ISA, UI). Invoked by the /prd skill at Step 5 to offload the heaviest mechanical phase from the main context. Also runs in Standalone Single-Card Mode to author ONE baseline-conformant follow-up/CHORE/BUG/issue card (no epic+children) — invoked by /new (AC-deferral), new2/new2-resolve, and /issue-review. The canonical card writer: every card-creation path delegates here rather than hand-writing a partial stub."
 model: opus
 effort: high
 color: amber
@@ -364,6 +364,38 @@ error-prone.
 
 Mirror their structure when generating new epic+child sets.
 
+## Standalone Single-Card Mode (since v4.35.0)
+
+The epic+children structure above is the **PRD-batch** contract. You are ALSO the canonical
+writer for a **single** card with no PRD/epic lineage — a deferred AC, a graph-align finding, a
+CHORE/BUG follow-up, a GitHub-issue card. Callers that invoke you this way: `/new` AC-deferral
+(`new/references/completeness.md`), `new2-resolve` / `new2` offline reconciliation, and
+`/issue-review`. This mode exists so those cards are **first-class**, not minimal stubs.
+
+**Trigger:** the caller passes a single-card brief (a residual / AC / finding / issue) instead of
+a PRD path + state file, typically with `MODE: standalone`. When there is no PRD/epic context in
+the prompt, you are in standalone mode.
+
+**RELAXED in standalone mode:**
+- The "1 epic + N children" mandate and all epic-only Tier-2 fields (`execution_strategy`,
+  `parallel_group` roll-up, AC-EPIC, the `-00` epic file). A standalone card has **no epic**;
+  set `group.parent` to a tracking slug or the originating card id and omit `group.sequence`.
+- `scope_boundaries` — omit when the card has no siblings (the usual standalone case).
+- `canonical_docs` / `links.prd` — when the card has no originating PRD, emit them best-effort or
+  omit with a one-line `[NO-PRD]` note in your response; do NOT fabricate a PRD path.
+
+**STILL MANDATORY in standalone mode (zero tolerance) — the STANDALONE column of
+`framework/agents/card-schema.md`:** `owner_agent` (Rule A enum, routed to the card's domain),
+`review_profile` (Rule C), `scope`, `requirements`, `acceptance_criteria`,
+`definition_of_done`, `files_likely_touched` (≥1), `data_sources` (≥`[]`), plus the
+identity/meta fields. **Standalone ≠ minimal** — a one-off CHORE carries the same baseline as a
+PRD child. The card MUST pass the `/new` pre-flight field check and the
+`validate-card-baseline.js` validator.
+
+**Filename:** `<PREFIX>-NNNN-<slug>.yml` or `<parent-id>-followup-<gate>.yml`. Reserve the id
+with the same prefix-parametric allocator (`allocate-id.sh reserve <PREFIX> <slug>`). Return the
+created card id.
+
 ## Pre-Generation Checklist (MANDATORY — execute BEFORE writing any card)
 
 Before writing the first YAML file, confirm and report to the caller:
@@ -385,6 +417,12 @@ children): HALT and report the issue. Do NOT generate flat cards as fallback.
 
 ## Required Fields Per Card
 
+The **universal, profile-aware baseline** (which field is required / may-be-empty / conditional
+for EPIC vs CHILD vs STANDALONE) is the field-state matrix in
+[`framework/agents/card-schema.md`](../../agents/card-schema.md) — the SSOT. The list below is
+the CHILD-profile expansion with the concrete population rules; consult card-schema.md for the
+epic/standalone deltas and never let the two disagree.
+
 Every card MUST include ALL fields from the template:
 
 - `id`, `title`, `status` (TODO), `priority`, `owner_agent`, `execution_mode`

package/framework/.claude/commands/issue-review.md

@@ -14,7 +14,7 @@ If the user mentions `/issue-review` without a number, prompt for the GitHub iss
 
 ## Phase 2 — Plan
 
-4. Create or update a backlog card from `templates/feature-card.template.yml`. Populate `execution_mode`, `git_strategy`, and `claimed_paths` fields.
+4. Create or update the backlog card by **delegating to the `prd-card-writer` agent** (do NOT hand-write a partial card from the template). For a one-off issue use **Standalone Single-Card Mode** (`MODE: standalone`); when the issue is a new feature that goes through the `prd` agent (Phase 3), let `prd-card-writer` produce the epic+children as usual. Pass the triage findings, `execution_mode`, `git_strategy`, and `claimed_paths` as INPUT to the writer — it returns a card carrying the full baseline of `framework/agents/card-schema.md` (incl. `owner_agent` via Rule A and `review_profile` via Rule C), not just those three fields.
 5. Ask the user which git strategy to use (main vs feature branch) per AGENTS.md and record it in `git_strategy`.
 6. Route to specialist agents based on issue type:
    - UI/UX issues → invoke `ui-expert` agent.

package/framework/.claude/skills/new/SKILL.md

@@ -377,13 +377,14 @@ They are deliberately NOT reproduced here. If the card has a `review_profile`
 `light`, `balanced`, `deep`}, **use it verbatim** — do NOT recompute. Log `profile=<x> (from card)`
 in the tracker.
 
-**Fallback path (legacy cards only — no `review_profile` field):** cards authored before v3.38.0
-(or manually) lack the field. Only then, compute the profile by reading the decision criteria
-from the SSOT: **`review_profile` is computed by prd-card-writer (Rule C); see
-`framework/.claude/agents/prd-card-writer.md` for the criteria.** Apply those criteria here,
-then log `profile=<x> (computed — review_profile absent)`. There is no second copy of the
-criteria in this file — keeping one authority avoids the drift that previously let the two tables
-disagree.
+**By this point `review_profile` is always present.** Pre-flight step 1b-ii (`setup.md`) already
+**normalized** every ingested card — a legacy/manual/foreign card that lacked the field had it
+back-filled via `prd-card-writer.md § Rule C` and **persisted to disk** (with a `[BACKFILL]` log),
+so this selector is a pure read. The compute-from-Rule-C logic lives ONLY at 1b-ii — there is no
+second copy of the criteria here, which avoids the drift that previously let the two tables
+disagree. Defensive one-liner only: if a card somehow still lacks the field (validator skipped in
+this install), compute it via Rule C and log `profile=<x> (computed — review_profile absent)` —
+but the canonical write happened at 1b-ii.
 
 > Note: the qa-sentinel agent keeps its OWN, different mapping (`profile → SCOPED/FULL` test tier),
 > which is legitimately qa-sentinel's; that is not the same thing as this profile-selection criteria.

package/framework/.claude/skills/new/references/completeness.md

@@ -251,7 +251,7 @@ This gate enforces `framework/agents/workflows.md § Scope Closure Discipline` a
    - Options (max 4):
      1. **"Implementa adesso"** — spawn a targeted fix `coder` agent scoped to this card's MAY EDIT files (from `## File Ownership Map`) with the instruction "Implement ONLY AC-<N>: '<AC text>'. Do not refactor or expand scope." Re-run Phase 2.5 verification on the resulting diff — **including the mandatory sub-steps 5b (API contract), 5c (alias-mutation), 5d (caller-pattern test)** if the fix touched a route, an exported helper, or a call site (a single-AC fix can still introduce these). **Hard cap: 2 attempts on the same AC.** On the 2nd failure, do NOT re-offer "Implementa adesso" — re-invoke `AskUserQuestion` with only options 2/3/4 (approve deferral / follow-up card / stop), so the loop cannot recur unbounded.
      2. **"Approva il deferral"** — record `[USER-APPROVED DEFERRAL] <today>: <user-supplied reason>` on its own line in the card's `implementation_notes`. Mark the row `User-approved? yes`.
-     3. **"Sposta su follow-up card"** — create a backlog stub at `${paths.backlog_dir}/<CARD-ID>-followup-AC<N>.yml` with `status: TODO` AND the minimum fields the Pre-flight gate (step 1b) requires, so a future `/new` run can pick it up without halting: a non-empty `requirements` (≥1, derived from the AC), a non-empty `acceptance_criteria` (≥1, the verbatim AC text), and a non-empty `files_likely_touched` (≥1, carried from the parent card's ownership map for this AC). Mark the row `User-approved? yes (follow-up: <new-card-id>)`. Do NOT proceed to Phase 2.55 until the follow-up file exists on disk and passes the step-1b field check.
+     3. **"Sposta su follow-up card"** — create the follow-up card by **delegating to the `prd-card-writer` agent in Standalone Single-Card Mode** (NOT a hand-written stub — backlog cards are owned by `prd-card-writer`, same discipline as `new2`/`new2-resolve`). Brief it: `MODE: standalone`, write `${paths.backlog_dir}/<CARD-ID>-followup-AC<N>.yml` with `status: TODO`, derived from the deferred AC — a non-empty `requirements` (≥1, derived from the AC), `acceptance_criteria` = the verbatim AC text (≥1), `files_likely_touched` (≥1, carried from the parent card's ownership map for this AC), `owner_agent` routed to the AC's domain, and `review_profile` per Rule C — i.e. the full STANDALONE baseline of `framework/agents/card-schema.md`. If `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub carrying at least the step-1b HALT fields (`requirements`/`acceptance_criteria`/`files_likely_touched`/`scope`); the consumer back-fill (step 1b-ii) then fills `review_profile`/`owner_agent` on first ingestion. Mark the row `User-approved? yes (follow-up: <new-card-id>)`. Do NOT proceed to Phase 2.55 until the follow-up file exists on disk and passes the step-1b field check.
      4. **"Ferma il batch"** — halt the orchestrator, leave the worktree intact, log the reason in `## Issues & Flags`. Do NOT commit.
 
    Do NOT batch the question across multiple ACs — one `AskUserQuestion` per AC, so the user sees each AC's text in isolation. Issue the questions sequentially.

package/framework/.claude/skills/new/references/final-review.md

@@ -54,11 +54,22 @@ diff and emits findings, it touches no git state and asks the user nothing. That
 makes it a clean fit for a **dynamic workflow**, which runs the fan-out as a
 deterministic script outside this orchestrator's context window.
 
-**Branch (decide once, here):**
+**Branch (decide once, here).** This is a **MECHANICAL, BINARY decision** — check the two
+conditions and act on the result. You have **NO discretion**: if both hold you **MUST** delegate.
+A single-card (N=1) batch, a small diff, "the context-economy benefit is marginal here", "a workflow
+once degenerated on this project", or "inline is safer / I want full control" are **NOT inputs to this
+gate** and **MUST NOT** override it. (Any workflow-degeneration reports concern the `new2`/`new2-resolve`
+whole-batch host — a *different* workflow; the canonical guidance is that this read-only F.2–F.4 fan-out
+is **exactly** where a workflow fits.) Delegating IS the SSOT-sanctioned path — the workflow mirrors this
+prose; the inline branch below exists **only** for installs where the `Workflow` tool is genuinely
+absent, never as a judgment-call alternative. If you run inline while the delegation conditions were met,
+that is a **gate violation**: log it as
+`f.final: GATE VIOLATION — ran inline despite Workflow available + new-final-review.js linked`.
 
 - **IF** the `Workflow` tool is available to you **AND** the script
   `.claude/workflows/new-final-review.js` is present (linked by the framework on
-  Claude-enabled installs) → **delegate F.2–F.4** to it:
+  Claude-enabled installs) → you **MUST delegate F.2–F.4** to it (not optional — see the
+  no-discretion rule above):
 
   ```
   Workflow({ name: 'new-final-review', args: {

package/framework/.claude/skills/new/references/review-cycle.md

@@ -12,13 +12,26 @@ state outside the worktree and asks the user nothing on the happy path. That mak
 biggest source of prefix growth on long epics). E2E (Phase 2.6, human-gated + nests a skill) and the
 doc-review (Phase 3, write-mode, must see the FINAL code) stay in the skill.
 
-**Branch (decide once, here — at the top of the review cluster, AFTER Phase 2.5b AC-Closure):**
+**Branch (decide once, here — at the top of the review cluster, AFTER Phase 2.5b AC-Closure).**
+This is a **MECHANICAL, BINARY decision** — evaluate the three conditions below and act on the result.
+You have **NO discretion**: if the delegation conditions hold you **MUST** delegate. The factors that
+feel like reasons to "just run it inline" — a single-card batch, a small/well-scoped diff, "the
+context-economy benefit is marginal here", "a workflow once degenerated on this project", "inline is
+safer / I have full control" — are **NOT inputs to this gate** and **MUST NOT** override it. (Those
+degeneration reports concern the `new2`/`new2-resolve` whole-batch host, a *different* workflow; the
+canonical guidance is that this read-then-fix fan-out is exactly where a workflow fits.) Delegating IS
+the SSOT-sanctioned path: the workflow mirrors this prose, and the inline fallback exists **only** for
+installs where the `Workflow` tool is genuinely absent — not as a judgment-call alternative. If you ever
+run inline while the delegation conditions were met, that is a **gate violation**: log it explicitly as
+`review-cluster: GATE VIOLATION — ran inline despite Workflow available + new-card-review.js linked + non-trivial`
+so it surfaces in telemetry.
 
 - **IF `IS_TRIVIAL`** (§ "Trivial-card fast-lane", re-confirmed on the committed diff) → do NOT delegate.
   Follow the trivial fast-lane in Phase 2.55 below (inline mechanical gates → Phase 3 doc → commit).
 
 - **ELSE IF** the `Workflow` tool is available **AND** `.claude/workflows/new-card-review.js` is present
-  (linked by the framework on Claude-enabled installs) → **delegate the cluster** to it. First build the
+  (linked by the framework on Claude-enabled installs) → you **MUST delegate the cluster** to it (this
+  branch is not optional — see the no-discretion rule above). First build the
   inputs (reusing the existing deterministic logic — do NOT re-implement it):
   - `qaTier` ← the **Phase 3.5 profile selection** (step 19-21b below: `review_profile` floor →
     `skip`/`light` ⇒ `qaTier:"light"` (qa-sentinel deferred to Final), `deep` **or any Phase 3.7 Step-A

package/framework/.claude/skills/new/references/setup.md

@@ -127,12 +127,23 @@
 ## Pre-flight (once)
 
 1. Read each backlog card from `${paths.backlog_dir}/*.yml` to understand scope and dependencies. Also read the project's canonical-docs registry — typically `${paths.references_dir}/ssot-registry.md` plus any linking-protocol guide — to understand which canonical docs exist for the feature area being implemented. Exact filenames are listed in `.baldart/overlays/new.md`; skip when absent.
-1b. **Validate card fields (pre-flight gate)** — for each card, verify it has the minimum required fields before queuing it:
-   - `requirements` — must be a non-empty list (>=1 item)
-   - `acceptance_criteria` — must be a non-empty list (>=1 item)
-   - `files_likely_touched` — must be a non-empty list (>=1 file)
+1b. **Normalize & validate card baseline (pre-flight gate)** — `/new` is **type-blind**: it runs the same pipeline on `FEAT`/`CHORE`/`BUG`/`DOC`/`PERF`. The universal, profile-aware baseline is the SSOT in [`framework/agents/card-schema.md`](../../../agents/card-schema.md). Detect each card's profile (epic / child / standalone) per that module, then run three stages. (Epic-parent cards are excluded from the per-card loop — skip 1b-i/ii for them; the validator at 1b-iii still checks their EPIC column.)
+
+   **1b-i — HALT on non-derivable fields (ask the user).** Verify the fields that cannot be safely synthesized are present and non-empty:
+   - `requirements` (>=1), `acceptance_criteria` (>=1), `files_likely_touched` (>=1 file), and `scope`.
+   - `scope_boundaries` is **NOT** in this set (it is conditional — legitimately omitted for standalone cards with no siblings; see card-schema.md).
    If any card fails: log the specific missing fields in `## Issues & Flags`, ask the user to fill them in before proceeding with that card, and continue pre-flight for any remaining valid cards.
 
+   **1b-ii — Back-fill deterministically-computable fields (compute → persist → log).** For each non-epic card missing a derivable field, compute it and **write it back to the card on disk in `$MAIN/${paths.backlog_dir}`** (the main repo path resolved at Phase 0 step 1 — NOT the worktree copy; same F-040 discipline `new2` uses for follow-ups):
+   - `review_profile` absent → compute via `prd-card-writer.md § Rule C` (the SSOT), write it.
+   - `owner_agent` absent/empty/`claude` → default `coder`, write it. (Never back-fill an epic's `""`.)
+   - **Check-and-skip (idempotent):** write ONLY when the field is genuinely absent. A card that already has the field is untouched — so a pre-flight re-entry after compaction never double-writes.
+   - Log each write on its own line in `## Issues & Flags`: `[BACKFILL] <CARD-ID>: <field>=<value> (Rule C / coder-default)`.
+   - **Commit discipline:** after all cards are processed, if ANY back-fill was written, commit them together in `$MAIN` with the COMMIT_LOCK + doc-freshness precautions of `merge-cleanup.md` Phase 6b (clear stale `COMMIT_LOCK`; `git add` only the back-filled card YAMLs; if the doc-freshness hook blocks, stage `ssot-registry.md`; ≤2 retries): `git commit -m "chore(backlog): normalise card baseline [BACKFILL]"`. Do NOT leave `$MAIN` dirty for the batch duration — an uncommitted backlog edit would surface as noise in the Phase 3/4 git-diff gates.
+   - `canonical_docs` / `links.prd` absent on a standalone/non-PRD card → **WARN** only (log, do not block, do not back-fill).
+
+   **1b-iii — Conformance validation.** Run the framework validator `node .framework/framework/scripts/validate-card-baseline.js <card-yaml-path>` (or the path resolved for your install) against each card. It is profile-aware (epic/child/standalone) and catches what 1b-i/1b-ii could not — invalid enum values (`review_profile` ∉ `{skip,light,balanced,deep}`, `owner_agent` ∉ Rule A enum), or a REQUIRED field still missing. Exit 1 → display the per-field errors in `## Issues & Flags` and HALT that card (continue others). If the validator is not reachable in this install, skip with a one-line note (the 1b-i/1b-ii gates still applied).
+
 1c. **Field Registry Validation (pre-flight gate)** — for each card with a `data_fields` block, run the project's field-validation tool if available (path listed in `.baldart/overlays/new.md`; typically `python3 tools/validate-card-fields.py <card-yaml-path>`).
    - If exit 1: display the field errors in `## Issues & Flags` and HALT — ask the user to fix the card before proceeding. Do not start implementation until the card passes validation.
    - If the card has DB-index signals (`db_indexes` — or legacy `firestore_indexes` — or `data.collections`/`data.tables`) but NO `data_fields` block: log WARNING in `## Issues & Flags` — "Card `<ID>` touches the persistence layer but has no `data_fields` block. Field/column names are unvalidated."

package/framework/.claude/skills/new2/SKILL.md

@@ -186,12 +186,15 @@ returns when the batch is done. It returns:
    "the workflow attempted a write", never proof on disk. So for **every** `residuals[]` entry
    (regardless of the `materialized` flag), check whether a matching follow-up card actually exists
    on disk under `${paths.backlog_dir}` in the **MAIN repo** (`<card>-followup-*.yml`). If it is
-   absent, create it by **delegating to the `prd-card-writer` agent** — the same owner the workflow
-   uses (card-template, Rule C `review_profile`, `owner_agent` routed to the residual's domain,
-   traceability) — derived from the residual (≥1 requirement; `acceptance_criteria` = the verbatim
-   residual; `files_likely_touched` from the card's ownership). Do NOT hand-write a minimal stub —
-   the offline path must match agent-path quality (F-039); it MUST pass the `/new` pre-flight field
-   check. If `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub. This
+   absent, create it by **delegating to the `prd-card-writer` agent in Standalone Single-Card Mode**
+   — the same owner the workflow uses (full STANDALONE baseline of `framework/agents/card-schema.md`:
+   Rule C `review_profile`, `owner_agent` routed to the residual's domain, `scope`, traceability) —
+   derived from the residual (≥1 requirement; `acceptance_criteria` = the verbatim residual;
+   `files_likely_touched` from the card's ownership). Do NOT hand-write a minimal stub — the offline
+   path must match agent-path quality (F-039); it MUST pass the `/new` pre-flight field check. If
+   `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub carrying the
+   step-1b HALT fields — the `/new` pre-flight back-fill (step 1b-ii) then normalizes its
+   `review_profile`/`owner_agent` on first ingestion, so even the crisis stub self-heals. This
    main-repo, **disk-verified** write is the SSOT — nothing is dropped even on a non-merged batch.
 2. **Mark deferred cards DONE — only after their follow-up exists AND every deferral class allows
    it (F-040/H + A3).** Some committed cards were intentionally left **NON-DONE** because they carry

package/framework/.claude/skills/prd/assets/card-template.yml

@@ -1,6 +1,11 @@
 # =============================================================================
 # {{FEAT-ID}} — {{Short title}}
 # =============================================================================
+# Field SSOT: framework/agents/card-schema.md — the universal, profile-aware
+# (epic/child/standalone) baseline every card satisfies. This template is the
+# CHILD profile; consult card-schema.md for the epic/standalone deltas. The
+# review_profile criteria live in prd-card-writer.md § Rule C; the owner_agent
+# enum in REGISTRY.md — never re-listed here.
 
 id: {{FEAT-ID}}
 title: "{{Full descriptive title}}"

package/framework/agents/card-schema.md

@@ -0,0 +1,112 @@
+# Atomic Card Baseline Schema
+
+## Purpose
+
+Define the **universal baseline** every backlog card MUST satisfy — for ANY prefix
+(`FEAT`/`CHORE`/`BUG`/`DOC`/`PERF`/`UI`) and ANY origin (a `/prd` run, a follow-up, a
+GitHub-issue triage, a manual edit). `/new` and `/new2` consume cards **type-blind**: they
+scale per-card review depth on `review_profile` and run the same pipeline regardless of prefix.
+A card that drifts off this baseline (e.g. a `CHORE` with no `review_profile` or no `scope`)
+silently degrades that pipeline. This module is the **single source of truth** for *which
+fields a card needs* and *in what state*; every writer and every consumer cites it.
+
+## Scope
+
+**In**: the per-profile field-state matrix, the profile-detection rule, and the
+consumer contract (HALT / BACK-FILL / WARN) that `/new` ingestion enforces.
+**Out**: the *value* decisions — `owner_agent` routing lives in `prd-card-writer.md § Rule A`
+(enum SSOT: `.claude/agents/REGISTRY.md`); `review_profile` criteria live in
+`prd-card-writer.md § Rule C`. This module says a card MUST carry those fields and in what
+state; it **never copies** the Rule A enum or the Rule C decision table (doing so would
+re-introduce the drift those SSOTs exist to prevent).
+
+## The three card profiles
+
+Baseline requirements are **profile-aware** — a flat "every field required and non-empty"
+rule would wrongly reject valid cards (an epic legitimately has `owner_agent: ""` and
+`files_likely_touched: []`; a standalone CHORE legitimately has no `scope_boundaries` or
+`links.prd`). Detect the profile first, then apply its column:
+
+- **EPIC** — filename matches `*-epic.yml`, OR `group.sequence == 0`, OR `review_profile: skip`
+  with `owner_agent: ""`. A tracker, never implemented. `/new` excludes it from the per-card
+  loop.
+- **STANDALONE** — a single card with no PRD/epic lineage: no `group.parent` pointing at a
+  `-00` epic AND no `links.prd`. Typical: a follow-up (`<id>-followup-<gate>.yml`), a
+  graph-align CHORE, an ad-hoc BUG.
+- **CHILD** — a card produced under a PRD epic (`group.parent` → a `-00` epic id). The default
+  for `/prd`-generated work.
+
+## Field-state matrix
+
+Legend: **R** = required, present **and non-empty** · **E** = required key, value MAY be empty
+(`[]` / `""`) · **C** = conditional, omittable per a documented carve-out (never a HALT) ·
+**—** = not applicable for this profile.
+
+| Field | EPIC | CHILD | STANDALONE | Notes |
+|---|---|---|---|---|
+| `id` | R | R | R | |
+| `title` | R | R | R | |
+| `status` | R | R | R | enum `TODO`/`IN_PROGRESS`/`DONE` |
+| `priority` | R | R | R | enum `HIGH`/`MEDIUM`/`LOW` |
+| `owner_agent` | E (`""`) | R | R | CHILD/STANDALONE ∈ Rule A enum; EPIC is `""` (tracker) |
+| `execution_mode` | R | R | R | |
+| `group` | R (`sequence: 0`) | R (`parent`+`sequence`) | C | STANDALONE may set `group.parent` to a tracking slug / originating id; `sequence` omittable |
+| `git_strategy` | R | R | R | branch/base/target |
+| `context` | R | R | R | |
+| `scope` | R | R | R | **never omittable** — encodes intent |
+| `scope_boundaries` | R | C | C | "Omit for standalone cards with no siblings" (`prd-card-writer.md`) |
+| `requirements` | C | R | R | EPIC tracks via AC-EPIC, not `requirements` |
+| `acceptance_criteria` | R (AC-EPIC) | R | R | |
+| `definition_of_done` | R | R | R | |
+| `depends_on` / `blocks` | E (`[]`) | E | E | |
+| `estimated_complexity` | C | R | R | |
+| `review_profile` | R (`skip`) | R | R | ∈ `{skip,light,balanced,deep}`; CHILD/STANDALONE via Rule C |
+| `parallel_group` | R (`0`) | R | C | |
+| `files_likely_touched` | E (`[]`, never code) | R | R | EPIC tracks docs only |
+| `links.prd` | C | R | C | STANDALONE/non-PRD cards legitimately lack a PRD |
+| `links.design` | C | C | C | required when the card has UI scope |
+| `canonical_docs` | R | R | C (WARN) | "REQUIRED for all cards generated from a PRD"; a manual CHORE may lack it |
+| `data_sources` | E (`[]`) | E (`[]` if no data) | E | key always present, value may be `[]` |
+| `documentation_impact` | R | C | C | |
+| `execution_strategy` | R | — | — | epic-only orchestration block |
+| `data_fields` | — | C | C | only if it reads/writes persistence |
+| `db_indexes` | — | C | C | only if it adds a compound query |
+| `test_plan` · `integration_points` · `existing_patterns` · `anti_patterns` · `reuse_analysis` · `input_output_examples` · `error_handling` | C | C | C | populate when applicable (see `prd-card-writer.md` Required Fields) |
+| `assumptions` · `unknowns` · `notes` | C | C | C | |
+
+## Consumer contract — HALT / BACK-FILL / WARN
+
+`/new` and `/new2` ingestion (pre-flight) enforce this matrix against the detected profile.
+The three classes are deliberately distinct so a thin card is fixed where it can be and only
+blocks where intent is genuinely missing:
+
+- **HALT (non-derivable — ask the user):** a **R** field that cannot be safely synthesized.
+  The canonical HALT set is `requirements`, `acceptance_criteria`, `files_likely_touched`,
+  and `scope` (CHILD/STANDALONE). `scope_boundaries` is **NOT** in the HALT set — it is **C**.
+- **BACK-FILL (deterministically computable — compute, persist, log):** `review_profile`
+  (compute via `prd-card-writer.md § Rule C`) and `owner_agent` (default `coder` for a
+  non-epic; **never** back-fill an epic's `""`). Write the value to the card on disk in the
+  **main repo** with a `[BACKFILL] <id>: <field>=<value>` log. **Check-and-skip**: only write
+  when the field is genuinely absent (idempotent across pre-flight re-entry).
+- **WARN (expected but tolerable absent):** `canonical_docs` / `links.prd` on a STANDALONE /
+  non-PRD card. Log, do not block.
+
+A back-fill never rescues a card missing a HALT field: a card without `scope` blocks regardless
+of how many derivable fields were filled.
+
+## Writer contract
+
+The canonical writer is the `prd-card-writer` agent. It emits the full baseline for the
+relevant profile — including its **Standalone Single-Card Mode** for follow-up / CHORE / BUG /
+issue cards (see `prd-card-writer.md`). **Every** card-creation path delegates to it rather
+than hand-writing a partial stub; the only exception is a documented crisis fallback on total
+agent outage, and even that stub is normalized by the consumer contract above on first
+ingestion. New writers MUST cite this module, not re-list fields.
+
+## Validator
+
+`framework/scripts/validate-card-baseline.js` (and the CI sibling
+`scripts/check-card-baseline.js`) parse this matrix, detect the card's profile, and assert
+each field's state (R present+non-empty, E key present, C ignored, enums valid). They read the
+field list from THIS file — never an embedded copy — so the schema and the validator cannot
+drift.

package/framework/agents/index.md

@@ -23,6 +23,7 @@ Route agents to the right module with minimal reading.
 - If touching design-review workflows or UI guidelines -> read `agents/design-review.md` and project-specific UI guidelines.
 - If touching architecture, auth, or tech stack -> read `agents/architecture.md`.
 - If touching workflow/process/commits/backlog -> read `agents/workflows.md`.
+- If CREATING or MUTATING a backlog card (any prefix — `FEAT`/`CHORE`/`BUG`/`DOC`/`PERF`/`UI`), or consuming one type-blind (`/new`, `/new2`) -> read `agents/card-schema.md` (the universal, profile-aware baseline) before writing/validating fields.
 - If touching testing or QA issues -> read `agents/testing.md` (also documents the scope-aware,
   profile-driven test-selection strategy consumed by `qa-sentinel`).
 - If touching GitHub issues or issue workflow -> read `agents/github-issue-subagent.md`.
@@ -65,6 +66,7 @@ When adding or updating agents, update REGISTRY.md — not this file.
 - `agents/code-search-protocol.md` — Retrieval hierarchy for code search: LSP → Grep → Git (since v3.10.0, gated on `features.has_lsp_layer`)
 - `agents/code-graph-protocol.md` — Structural/relational retrieval via the Graphify code knowledge graph (since v4.21.0, gated on `features.has_code_graph`)
 - `agents/design-system-protocol.md` — Registry-first discipline for UI work: BLOCKING cascade on `INDEX.md` + `tokens-reference.md` + `components/<Name>.md` (since v3.11.0, gated on `features.has_design_system`)
+- `agents/card-schema.md` — Atomic Card Baseline Schema: the universal, profile-aware (epic/child/standalone) field contract every backlog card satisfies, plus the consumer HALT/BACK-FILL/WARN contract (since v4.35.0)
 
 ## Where to Document (Decision Tree)
 

package/framework/scripts/validate-card-baseline.js

@@ -0,0 +1,263 @@
+#!/usr/bin/env node
+/**
+ * validate-card-baseline.js — profile-aware validator for backlog cards.
+ *
+ * Why this exists (v4.35.0): `/new` and `/new2` consume cards type-blind and scale
+ * per-card review depth on `review_profile`. A card that drifts off the universal
+ * baseline (e.g. a CHORE with no `review_profile` or no `scope`) silently degrades
+ * that pipeline. This validator is the machine-checkable enforcement of the SSOT
+ * field-state matrix in `framework/agents/card-schema.md`.
+ *
+ * It is PROFILE-AWARE — a flat "every field required, non-empty" rule would wrongly
+ * reject valid cards (an epic has `owner_agent: ""` and `files_likely_touched: []`;
+ * a standalone CHORE has no `scope_boundaries`/`links.prd`). It detects epic / child /
+ * standalone and applies that profile's column.
+ *
+ * SSOT, never embedded: the field-state matrix is PARSED from card-schema.md and the
+ * `owner_agent`/`status` enums from REGISTRY.md, so the validator cannot drift from
+ * the docs it enforces.
+ *
+ * Usage:
+ *   node framework/scripts/validate-card-baseline.js <card.yml> [<card2.yml> ...]
+ * Exit 0 = all valid; exit 1 = at least one card has errors (printed per-field).
+ *
+ * Module API (for CI self-tests in scripts/check-card-baseline.js):
+ *   const { validateCard, detectProfile, loadSchema, loadEnums } = require(...)
+ */
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+
+const SCRIPT_DIR = __dirname;
+const SCHEMA_MD = path.join(SCRIPT_DIR, '..', 'agents', 'card-schema.md');
+const REGISTRY_MD = path.join(SCRIPT_DIR, '..', '.claude', 'agents', 'REGISTRY.md');
+
+const STATIC_ENUMS = {
+  priority: ['HIGH', 'MEDIUM', 'LOW'],
+  execution_mode: ['local', 'cloud'],
+  review_profile: ['skip', 'light', 'balanced', 'deep'],
+};
+
+// --- SSOT parsers -----------------------------------------------------------
+
+/**
+ * Parse the field-state matrix from card-schema.md.
+ * Returns { field: { EPIC, CHILD, STANDALONE } } where each value is R|E|C|NA.
+ */
+function loadSchema(schemaPath = SCHEMA_MD) {
+  const text = fs.readFileSync(schemaPath, 'utf8');
+  const lines = text.split('\n');
+  const matrix = {};
+  let inTable = false;
+  let cols = null; // index map after the header
+  for (const raw of lines) {
+    const line = raw.trim();
+    const isRow = line.startsWith('|') && line.endsWith('|');
+    if (!inTable) {
+      if (isRow && /\|\s*Field\s*\|/i.test(line) && /EPIC/i.test(line) && /CHILD/i.test(line)) {
+        // header row found — map column order
+        const headers = splitRow(line).map((h) => h.toUpperCase());
+        cols = {
+          EPIC: headers.indexOf('EPIC'),
+          CHILD: headers.indexOf('CHILD'),
+          STANDALONE: headers.indexOf('STANDALONE'),
+        };
+        inTable = true;
+      }
+      continue;
+    }
+    if (!isRow) break; // table ended
+    const cells = splitRow(line);
+    // skip the markdown separator row (|---|---|)
+    if (cells.every((c) => /^:?-+:?$/.test(c))) continue;
+    const fields = extractBackticked(cells[0]);
+    if (!fields.length) continue;
+    const state = (cell) => parseState(cells[cell]);
+    const entry = { EPIC: state(cols.EPIC), CHILD: state(cols.CHILD), STANDALONE: state(cols.STANDALONE) };
+    for (const f of fields) matrix[f] = entry;
+  }
+  if (!Object.keys(matrix).length) {
+    throw new Error(`validate-card-baseline: could not parse field-state matrix from ${schemaPath}`);
+  }
+  return matrix;
+}
+
+function splitRow(line) {
+  // drop leading/trailing pipe, split on |, trim
+  return line.replace(/^\|/, '').replace(/\|$/, '').split('|').map((c) => c.trim());
+}
+
+function extractBackticked(cell) {
+  const out = [];
+  const re = /`([^`]+)`/g;
+  let m;
+  while ((m = re.exec(cell)) !== null) {
+    // keep dotted paths (links.prd) and plain identifiers; drop anything with spaces/values
+    const tok = m[1].trim();
+    if (/^[A-Za-z_][A-Za-z0-9_.]*$/.test(tok)) out.push(tok);
+  }
+  return out;
+}
+
+function parseState(cell) {
+  if (cell == null) return 'NA';
+  const c = cell.trim();
+  if (c === '' || c.startsWith('—') || c.startsWith('-')) return 'NA';
+  const ch = c[0].toUpperCase();
+  if (ch === 'R') return 'R';
+  if (ch === 'E') return 'E';
+  if (ch === 'C') return 'C';
+  return 'NA';
+}
+
+/** Parse the owner_agent + status enums from REGISTRY.md (fenced `- value` lists). */
+function loadEnums(registryPath = REGISTRY_MD) {
+  const fallback = {
+    owner_agent: ['coder', 'ui-expert', 'plan', 'visual-designer', 'motion-expert'],
+    status: ['TODO', 'READY', 'IN_PROGRESS', 'BLOCKED', 'DONE'],
+  };
+  let text;
+  try { text = fs.readFileSync(registryPath, 'utf8'); } catch { return fallback; }
+  return {
+    owner_agent: parseEnumBlock(text, 'owner_agent enum') || fallback.owner_agent,
+    status: parseEnumBlock(text, 'status enum') || fallback.status,
+  };
+}
+
+function parseEnumBlock(text, header) {
+  const idx = text.indexOf(`${header}:`);
+  if (idx === -1) return null;
+  const rest = text.slice(idx);
+  const vals = [];
+  const lines = rest.split('\n').slice(1); // after the `<header>:` line
+  for (const line of lines) {
+    const m = line.match(/^\s*-\s*([A-Za-z0-9_-]+)/);
+    if (m) { vals.push(m[1]); continue; }
+    if (line.trim().startsWith('```')) break; // end of fenced block
+    if (line.trim() === '' && vals.length) break;
+  }
+  return vals.length ? vals : null;
+}
+
+// --- profile detection + validation ----------------------------------------
+
+function detectProfile(card, filename = '') {
+  const isEpic =
+    /-epic\.ya?ml$/i.test(filename) ||
+    card.group?.sequence === 0 ||
+    (card.review_profile === 'skip' && card.owner_agent === '');
+  if (isEpic) return 'EPIC';
+  const hasPrd = !!(card.links && card.links.prd);
+  const parent = card.group && card.group.parent;
+  const parentIsEpic = typeof parent === 'string' && /-0*0$/.test(parent.trim());
+  const isStandalone = !hasPrd && !parentIsEpic;
+  return isStandalone ? 'STANDALONE' : 'CHILD';
+}
+
+function getPath(obj, dotted) {
+  return dotted.split('.').reduce((o, k) => (o == null ? undefined : o[k]), obj);
+}
+
+function present(v) {
+  return v !== undefined && v !== null;
+}
+
+function nonEmpty(v) {
+  if (!present(v)) return false;
+  if (typeof v === 'string') return v.trim() !== '';
+  if (Array.isArray(v)) return v.length > 0;
+  if (typeof v === 'object') return Object.keys(v).length > 0;
+  return true; // numbers, booleans
+}
+
+/**
+ * Validate a parsed card object against the schema matrix + enums.
+ * Returns { profile, errors: string[] }.
+ */
+function validateCard(card, { matrix, enums, filename = '' } = {}) {
+  matrix = matrix || loadSchema();
+  enums = enums || loadEnums();
+  const profile = detectProfile(card, filename);
+  const errors = [];
+
+  for (const [field, states] of Object.entries(matrix)) {
+    const state = states[profile];
+    if (state === 'NA' || state === 'C') continue;
+    const val = field.includes('.') ? getPath(card, field) : card[field];
+    if (state === 'R' && !nonEmpty(val)) {
+      errors.push(`REQUIRED field '${field}' is missing or empty (profile ${profile})`);
+    } else if (state === 'E' && !present(field.includes('.') ? getPath(card, field) : card[field]) && !(field in card)) {
+      errors.push(`field '${field}' must be present as a key (value may be empty) (profile ${profile})`);
+    }
+  }
+
+  // Enum checks (only when the value is present and non-empty).
+  const enumChecks = [
+    ['status', enums.status],
+    ['priority', STATIC_ENUMS.priority],
+    ['execution_mode', STATIC_ENUMS.execution_mode],
+    ['review_profile', STATIC_ENUMS.review_profile],
+  ];
+  for (const [field, allowed] of enumChecks) {
+    const v = card[field];
+    if (nonEmpty(v) && !allowed.includes(String(v))) {
+      errors.push(`'${field}' = '${v}' is not in enum {${allowed.join(', ')}}`);
+    }
+  }
+  // owner_agent: '' is legal ONLY for epics; otherwise must be in the Rule A enum.
+  const oa = card.owner_agent;
+  if (profile === 'EPIC') {
+    if (oa !== '' && oa != null && !enums.owner_agent.includes(String(oa))) {
+      errors.push(`epic 'owner_agent' must be '' or in {${enums.owner_agent.join(', ')}} (got '${oa}')`);
+    }
+  } else if (nonEmpty(oa) && !enums.owner_agent.includes(String(oa))) {
+    errors.push(`'owner_agent' = '${oa}' is not in enum {${enums.owner_agent.join(', ')}}`);
+  }
+
+  return { profile, errors };
+}
+
+// --- CLI --------------------------------------------------------------------
+
+function main(argv) {
+  const files = argv.slice(2);
+  if (!files.length) {
+    process.stderr.write('Usage: validate-card-baseline.js <card.yml> [<card2.yml> ...]\n');
+    return 2;
+  }
+  const matrix = loadSchema();
+  const enums = loadEnums();
+  let failed = 0;
+  for (const file of files) {
+    let card;
+    try {
+      card = yaml.load(fs.readFileSync(file, 'utf8'));
+    } catch (e) {
+      process.stdout.write(`✖ ${file}: YAML parse error — ${e.message}\n`);
+      failed++;
+      continue;
+    }
+    if (!card || typeof card !== 'object') {
+      process.stdout.write(`✖ ${file}: not a YAML mapping\n`);
+      failed++;
+      continue;
+    }
+    const { profile, errors } = validateCard(card, { matrix, enums, filename: path.basename(file) });
+    if (errors.length) {
+      failed++;
+      process.stdout.write(`✖ ${file} [${profile}] — ${errors.length} issue(s):\n`);
+      for (const e of errors) process.stdout.write(`    - ${e}\n`);
+    } else {
+      process.stdout.write(`✓ ${file} [${profile}]\n`);
+    }
+  }
+  return failed ? 1 : 0;
+}
+
+if (require.main === module) {
+  process.exit(main(process.argv));
+}
+
+module.exports = { validateCard, detectProfile, loadSchema, loadEnums, nonEmpty };

package/framework/templates/ci/check-card-baseline.yml

@@ -0,0 +1,48 @@
+# Backlog card-baseline gate (BALDART v4.35.0) — OPT-IN consumer template.
+#
+# Copy this file to .github/workflows/ in your repo to fail a PR when a backlog
+# card drifts off the universal, profile-aware baseline (the SSOT field-state
+# matrix in .framework/framework/agents/card-schema.md). This catches a manually
+# or ad-hoc authored card (e.g. a CHORE with no review_profile or no scope) at
+# PR time — not only when /new ingests it.
+#
+# The validator is profile-aware (epic / child / standalone) and ships with the
+# framework subtree; if it is absent the gate no-ops (run `baldart update`).
+
+name: Backlog card baseline
+
+on:
+  pull_request:
+    paths:
+      - 'backlog/**'
+
+jobs:
+  card-baseline:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install js-yaml (validator dependency)
+        run: npm i js-yaml --no-save
+
+      - name: Validate backlog card baseline
+        run: |
+          VALIDATOR=.framework/framework/scripts/validate-card-baseline.js
+          if [ ! -f "$VALIDATOR" ]; then
+            echo "card-baseline validator not found at $VALIDATOR — run 'baldart update'. Skipping."
+            exit 0
+          fi
+          # Adjust the glob if your cards live elsewhere (baldart.config.yml paths.backlog_dir).
+          shopt -s nullglob
+          CARDS=(backlog/*.yml backlog/*.yaml)
+          if [ ${#CARDS[@]} -eq 0 ]; then
+            echo "No backlog cards to validate."
+            exit 0
+          fi
+          node "$VALIDATOR" "${CARDS[@]}"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "baldart",
-  "version": "4.34.1",
+  "version": "4.35.0",
   "description": "Claude Agent Framework - Reusable framework for coordinating AI agents and humans in software projects",
   "bin": {
     "baldart": "./bin/baldart.js"