baldart 4.34.2 → 4.36.0

package/CHANGELOG.md

@@ -5,6 +5,48 @@ All notable changes to BALDART will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.36.0] - 2026-06-13
+
+**`/new` security-domain fixes are now applied by `security-reviewer`, not `coder` — the v4.26.1 canonical writer map, finally propagated from `new2` to `/new`.** Auditing the `new2` lessons for guards/logic missing on `/new` surfaced one real gap (the others — args-string guard, JS router clamp, no-self-judge + specialist-owned lane, relevance-gated fan-out — were already present on `/new`). `new2-resolve.js` routes security fixes to `security-reviewer` (`fixerAgent = {doc:'doc-reviewer', ui:'ui-expert', security:'security-reviewer'}[domain] || 'coder'`), but the canonical writer map was never propagated to `/new`'s SSOT: the `Domain-Override Domains` table (SKILL.md) and every fix-routing site still sent `security` → `coder`. A coder applying a one-line RLS/permission/auth fix lacks the security-invariant contract that lives in `security-reviewer`'s system prompt — the same class of error as "wrong agent for the card", and a direct violation of the user's standing strict-specialization principle. **MINOR** (changes which agent applies security fixes across `/new`; backwards-compatible — `migration` stays `coder`, no install/layout change, no `baldart.config.yml` key ⇒ schema-propagation rule N/A).
+
+### Changed
+
+- **`framework/.claude/skills/new/SKILL.md`** — `Domain-Override Domains` table: `security` owning agent `coder` → **`security-reviewer`** (write mode), plus a new "Why `security` is owned by `security-reviewer`" rationale mirroring the `doc` one. The sequential-mode overview line aligned too.
+- **`framework/.claude/skills/new/references/review-cycle.md`**, **`final-review.md`**, **`team-mode.md`**, **`codex-gate.md`** — every security-fix routing site (Phase 2.55 Domain-Override delegation, the delegated-workflow residual routing, the Final FULL merge-blocking partition, the Phase 3.7 codex fix sub-loop, and the doc-drift→bug security path) now routes `security` → `security-reviewer` and runs it before the `coder` pass. `migration` stays `coder`.
+- **`framework/.claude/workflows/new-card-review.js`** — the Fix phase no longer folds security into the single coder pass. It partitions `VERIFIED` findings into a `security-reviewer` pass (domain `security`) and a `coder` pass (`code`/`perf`/`migration`/`test`/`simplify`), run sequentially (security first) over the disjoint-by-ownership editable set so shared-file edits never conflict; a FAIL in either pass fails the wave. `new-final-review.js` needed no change (it is read-only — the calling skill applies fixes — and its `domainVerifier` already routes security verification to `security-reviewer`).
+- **`framework/.claude/agents/security-reviewer.md`** — new "Dual mode — review vs. apply" Behavior Rule: by default it audits and proposes (read-only), but when invoked as the security domain writer (by `/new`/`new2`/the codex fix loop) it APPLIES the remediation directly via Edit/Write and re-verifies — security fixes are owned by it, never deferred to a coder.
+
+## [4.35.1] - 2026-06-13
+
+**`/new` workflow delegation no longer degrades to a silent no-op when `args` arrives as a JSON string.** A live `/new FEAT-0027 -full` team-mode run delegated its per-wave review cluster to the `new-card-review` workflow and got back a degenerate result (`cards:0`, 0 agents, ~24ms) — the orchestrator correctly fell back to the inline cluster, but the delegation (the single biggest context-economy win in team mode) was wasted on every wave. Root cause: the `Workflow` tool sometimes serializes a structured `args` object to a JSON **string**; `new-card-review.js` and `new-final-review.js` read `args.cards` / `args.reviewScopeFiles` directly, so a string `args` left those `undefined` → empty scope → the early-return guard fired. The `new2` family (`new2.js`, `new2-resolve.js`) had already been hardened against exactly this (`F-001/F-004` parse-or-default guard), but the fix was **never propagated** to the two `/new` workflows — a parallel-location miss. **PATCH** (bugfix to shipped workflow payload, no behaviour change to install, no config key ⇒ schema-propagation rule N/A).
+
+### Fixed
+
+- **`framework/.claude/workflows/new-card-review.js`**, **`framework/.claude/workflows/new-final-review.js`** — added the same defensive `if (typeof a === 'string') { try { a = JSON.parse(a) } catch (_) { a = {} } }` guard already present in `new2.js`/`new2-resolve.js`. All four workflows now tolerate `args` delivered as a JSON string, so `/new`'s delegated review cluster and Final Review fan-out run as intended instead of no-op'ing into the inline fallback.
+
+## [4.35.0] - 2026-06-13
+
+**Card-baseline standardization — every backlog card, any prefix/origin, conforms to one profile-aware SSOT; `/new` normalizes foreign cards at ingestion.** A real `CHORE-0007` (consumer repo `mayo`) reached `/new` **without `review_profile`** (and without `scope`/`scope_boundaries`/`canonical_docs`): it was hand/ad-hoc authored after a graph-align finding, never by the canonical writer. `/new` and `/new2` consume cards **type-blind** — they scale per-card review depth on `review_profile` and run the same pipeline regardless of prefix — so an off-baseline card silently degrades the pipeline. Root cause: the baseline was scattered across `card-template.yml` + `prd-card-writer`'s Required-Fields + Rule C with **no single SSOT and no validator**; `prd-card-writer` only documented the `/prd` epic+children flow (its standalone single-card mode, used by `new2-resolve`, was undocumented); and three writers diverged — `/prd`/`new2`/`new2-resolve` emit the full baseline, but the `/new` AC-deferral stub (`completeness.md`) and `/issue-review` (`issue-review.md`) wrote partial cards.
+
+The fix is **profile-aware** by design (an adversarial review caught that a flat "every field required, non-empty" rule would wrongly reject valid cards — an epic legitimately has `owner_agent: ""` and `files_likely_touched: []`; a standalone CHORE legitimately omits `scope_boundaries`/`links.prd`). A new SSOT module defines per-profile (epic/child/standalone) field states (REQUIRED / may-be-empty / conditional). Every creation path now delegates to `prd-card-writer` (the canonical writer), and `/new`/`/new2` ingestion **normalizes** a non-conformant card: HALT only on truly non-derivable fields (`scope`/`requirements`/`acceptance_criteria`/`files_likely_touched`), **back-fill + persist** the derivable ones (`review_profile` via Rule C, `owner_agent`→`coder`) to the card on disk in the **main repo** (check-and-skip idempotent; committed with the `merge-cleanup.md` Phase 6b COMMIT_LOCK discipline), WARN on the rest. A shipped validator (profile-aware) + CI gate would have failed `CHORE-0007` at authoring time. **MINOR** (new protocol module + new agent capability + new validator/CI gate; backwards-compatible — conformant cards still validate, back-fill only *adds* fields; `review_profile`/baseline are not `baldart.config.yml` keys ⇒ schema-propagation rule N/A).
+
+### Added
+
+- **`framework/agents/card-schema.md`** — Atomic Card Baseline Schema: the universal, profile-aware (epic/child/standalone) field-state matrix every backlog card satisfies, plus the consumer HALT/BACK-FILL/WARN contract. Cites Rule A (`owner_agent` enum, REGISTRY.md) and Rule C (`review_profile` criteria) — never copies them. This is the missing peer of the `agents/index.md` module manifest ("if you create/mutate a card, read card-schema.md"). 23rd protocol module.
+- **`framework/scripts/validate-card-baseline.js`** — profile-aware validator. Parses the field-state matrix from `card-schema.md` and the enums from `REGISTRY.md` (no embedded copy → no drift), detects the card profile, and asserts each field's state + enum validity. Exit 1 + per-field errors. Module API (`validateCard`/`detectProfile`/`loadSchema`/`loadEnums`) for reuse.
+- **`scripts/check-card-baseline.js`** + new step in **`.github/workflows/check-reference-integrity.yml`** — CI gate: self-tests the validator against fixtures (valid epic/child/standalone + a broken CHORE-0007 shape + invalid enums) and asserts `card-template.yml` ↔ `card-schema.md` do not drift.
+- **`framework/templates/ci/check-card-baseline.yml`** — opt-in consumer CI template: fails a PR when a hand-authored `backlog/*.yml` drifts off the baseline (catches manual cards at PR time, not only at `/new` time).
+
+### Changed
+
+- **`framework/.claude/agents/prd-card-writer.md`** — new § "Standalone Single-Card Mode" (documents the no-epic single-card path used by `/new`/`new2`/`new2-resolve`/`/issue-review`: relaxes epic+children and conditional fields, but still emits the full STANDALONE baseline — *standalone ≠ minimal*). "Required Fields Per Card" now cites `card-schema.md` instead of being the implicit SSOT; `description:` frontmatter acknowledges the standalone invocation.
+- **`framework/.claude/skills/new/references/setup.md`** — pre-flight step 1b restructured into **1b-i** (HALT on non-derivable fields, incl. `scope`; `scope_boundaries` is NOT a HALT field), **1b-ii** (back-fill `review_profile`/`owner_agent`, persist to `$MAIN`, check-and-skip, dedicated `[BACKFILL]` commit), **1b-iii** (run the profile-aware validator).
+- **`framework/.claude/skills/new/SKILL.md`** — QA Profile Selector simplified to a pure read (the compute-from-Rule-C fallback is consolidated into setup.md 1b-ii, which persists the value — no second copy of the criteria).
+- **`framework/.claude/skills/new/references/completeness.md`** — AC-deferral follow-up now delegates to `prd-card-writer` Standalone Mode (full baseline) instead of writing a 3-field stub; minimal stub only on total agent outage (self-heals on first ingestion).
+- **`framework/.claude/commands/issue-review.md`** — backlog-card creation delegates to `prd-card-writer` (standalone for one-off issues, epic+children for new features) instead of hand-filling the template.
+- **`framework/.claude/skills/new2/SKILL.md`** — offline reconciliation cites `card-schema.md` + the standalone mode; notes the crisis stub self-heals via the `/new` back-fill.
+- **`framework/agents/index.md`**, **`framework/.claude/skills/prd/assets/card-template.yml`** — routing rule + template header pointer to `card-schema.md` as the field SSOT.
+
 ## [4.34.2] - 2026-06-13
 
 **`/new` workflow-delegation gates hardened to BINARY/imperative — close the "ran inline by judgment" escape hatch.** A real `/new` run (mayo, single-card CHORE-0007, BALDART 4.34.1 with both workflows linked + the `Workflow` tool available) ran **both** review-delegation gates inline instead of delegating: the orchestrator invented escape criteria absent from the gate ("single-card → marginal context-economy benefit", "memory note on workflow degeneration") and mis-cited the `feedback_dynamic_workflows_fit` guidance, which actually names the Final Review fan-out as the canonical workflow fit. The degeneration reports it conflated concern the `new2`/`new2-resolve` whole-batch host — a different workflow. Net effect: the run validated only the inline fallback and gave **zero** signal on the `new-card-review` (v4.34.0) path. Both gates were already worded as `IF tool+script → delegate / ELSE inline`, but the prose left enough softness for the model to insert discretion. **PATCH** (gate-prose hardening; no behavior change to the install layout or the workflows themselves — the delegated path was always the intended one).

package/README.md

@@ -82,7 +82,7 @@ No additional activation steps needed — once installed, Claude Code (and Codex
 ### Core Protocol
 
 - **AGENTS.md**: Mandatory coordination rules (MUST/SHOULD/OPTIONAL)
-- **agents/**: 17 domain modules (architecture, workflows, testing, security, etc.)
+- **agents/**: 23 domain modules (architecture, workflows, testing, security, card-schema, etc.)
 - **Routing**: If you touch X, read Y - minimize context loading
 
 ### AI Agents (28 specialized agents)

package/VERSION

@@ -1 +1 @@
-4.34.2
+4.36.0

package/framework/.claude/agents/prd-card-writer.md

@@ -1,6 +1,6 @@
 ---
 name: prd-card-writer
-description: "Generates atomic backlog cards from an approved PRD. Handles card YAML writing, dependency graph computation, parallel group assignment, and traceability matrices (FR/NFR, ISA, UI). Invoked by the /prd skill at Step 5 to offload the heaviest mechanical phase from the main context."
+description: "Generates atomic backlog cards from an approved PRD. Handles card YAML writing, dependency graph computation, parallel group assignment, and traceability matrices (FR/NFR, ISA, UI). Invoked by the /prd skill at Step 5 to offload the heaviest mechanical phase from the main context. Also runs in Standalone Single-Card Mode to author ONE baseline-conformant follow-up/CHORE/BUG/issue card (no epic+children) — invoked by /new (AC-deferral), new2/new2-resolve, and /issue-review. The canonical card writer: every card-creation path delegates here rather than hand-writing a partial stub."
 model: opus
 effort: high
 color: amber
@@ -364,6 +364,38 @@ error-prone.
 
 Mirror their structure when generating new epic+child sets.
 
+## Standalone Single-Card Mode (since v4.35.0)
+
+The epic+children structure above is the **PRD-batch** contract. You are ALSO the canonical
+writer for a **single** card with no PRD/epic lineage — a deferred AC, a graph-align finding, a
+CHORE/BUG follow-up, a GitHub-issue card. Callers that invoke you this way: `/new` AC-deferral
+(`new/references/completeness.md`), `new2-resolve` / `new2` offline reconciliation, and
+`/issue-review`. This mode exists so those cards are **first-class**, not minimal stubs.
+
+**Trigger:** the caller passes a single-card brief (a residual / AC / finding / issue) instead of
+a PRD path + state file, typically with `MODE: standalone`. When there is no PRD/epic context in
+the prompt, you are in standalone mode.
+
+**RELAXED in standalone mode:**
+- The "1 epic + N children" mandate and all epic-only Tier-2 fields (`execution_strategy`,
+  `parallel_group` roll-up, AC-EPIC, the `-00` epic file). A standalone card has **no epic**;
+  set `group.parent` to a tracking slug or the originating card id and omit `group.sequence`.
+- `scope_boundaries` — omit when the card has no siblings (the usual standalone case).
+- `canonical_docs` / `links.prd` — when the card has no originating PRD, emit them best-effort or
+  omit with a one-line `[NO-PRD]` note in your response; do NOT fabricate a PRD path.
+
+**STILL MANDATORY in standalone mode (zero tolerance) — the STANDALONE column of
+`framework/agents/card-schema.md`:** `owner_agent` (Rule A enum, routed to the card's domain),
+`review_profile` (Rule C), `scope`, `requirements`, `acceptance_criteria`,
+`definition_of_done`, `files_likely_touched` (≥1), `data_sources` (≥`[]`), plus the
+identity/meta fields. **Standalone ≠ minimal** — a one-off CHORE carries the same baseline as a
+PRD child. The card MUST pass the `/new` pre-flight field check and the
+`validate-card-baseline.js` validator.
+
+**Filename:** `<PREFIX>-NNNN-<slug>.yml` or `<parent-id>-followup-<gate>.yml`. Reserve the id
+with the same prefix-parametric allocator (`allocate-id.sh reserve <PREFIX> <slug>`). Return the
+created card id.
+
 ## Pre-Generation Checklist (MANDATORY — execute BEFORE writing any card)
 
 Before writing the first YAML file, confirm and report to the caller:
@@ -385,6 +417,12 @@ children): HALT and report the issue. Do NOT generate flat cards as fallback.
 
 ## Required Fields Per Card
 
+The **universal, profile-aware baseline** (which field is required / may-be-empty / conditional
+for EPIC vs CHILD vs STANDALONE) is the field-state matrix in
+[`framework/agents/card-schema.md`](../../agents/card-schema.md) — the SSOT. The list below is
+the CHILD-profile expansion with the concrete population rules; consult card-schema.md for the
+epic/standalone deltas and never let the two disagree.
+
 Every card MUST include ALL fields from the template:
 
 - `id`, `title`, `status` (TODO), `priority`, `owner_agent`, `execution_mode`

package/framework/.claude/agents/security-reviewer.md

@@ -50,6 +50,7 @@ Before reviewing:
 
 ## Behavior Rules
 
+- **Dual mode — review vs. apply.** By default you AUDIT and *propose* remediations (read-only). But when invoked as the **security domain writer** (e.g. by `/new` / `new2` / the Phase 3.7 codex fix loop, whose brief tells you to "apply the verified security findings" in write mode), you ARE the fixer: APPLY the minimal remediation directly with the Edit/Write tools, then re-verify (lint/tsc/build as instructed). Security fixes are owned by you — never deferred to a coder — because the auth/permission/RLS/multi-tenant-isolation invariants live in YOUR system prompt, not the coder's. Stay within the files the brief's ownership map allows; if a fix needs a file outside that scope, report it as residual rather than expanding scope.
 - Be extremely critical, thorough, and skeptical. Optimize for correctness and security, not politeness.
 - Do NOT assume the developer did things safely unless proven by code evidence.
 - Treat ALL external input as hostile.

package/framework/.claude/commands/issue-review.md

@@ -14,7 +14,7 @@ If the user mentions `/issue-review` without a number, prompt for the GitHub iss
 
 ## Phase 2 — Plan
 
-4. Create or update a backlog card from `templates/feature-card.template.yml`. Populate `execution_mode`, `git_strategy`, and `claimed_paths` fields.
+4. Create or update the backlog card by **delegating to the `prd-card-writer` agent** (do NOT hand-write a partial card from the template). For a one-off issue use **Standalone Single-Card Mode** (`MODE: standalone`); when the issue is a new feature that goes through the `prd` agent (Phase 3), let `prd-card-writer` produce the epic+children as usual. Pass the triage findings, `execution_mode`, `git_strategy`, and `claimed_paths` as INPUT to the writer — it returns a card carrying the full baseline of `framework/agents/card-schema.md` (incl. `owner_agent` via Rule A and `review_profile` via Rule C), not just those three fields.
 5. Ask the user which git strategy to use (main vs feature branch) per AGENTS.md and record it in `git_strategy`.
 6. Route to specialist agents based on issue type:
    - UI/UX issues → invoke `ui-expert` agent.

package/framework/.claude/skills/new/SKILL.md

@@ -291,7 +291,7 @@ per-card nei sub-step D.x (mai aggregate). Caricalo quando Pre-flight seleziona
 ### Sequential mode (default for small batches)
 
 - Cards execute one at a time through the full per-card pipeline (Phases 1-5).
-- Code review and doc review for the same card run as **parallel read-only audits**, then fixes are applied by domain owner: **doc findings → `doc-reviewer` (write mode)**, code/security/migration findings → `coder`. (Sequential Phase 3 is even simpler — doc-reviewer runs alone, so it audits AND applies in one invocation.)
+- Code review and doc review for the same card run as **parallel read-only audits**, then fixes are applied by domain owner (see § "Domain-Override Domains"): **doc findings → `doc-reviewer` (write mode)**, **security findings → `security-reviewer` (write mode)**, code/perf/migration findings → `coder`. (Sequential Phase 3 is even simpler — doc-reviewer runs alone, so it audits AND applies in one invocation.)
 - This mode is unchanged from the original behavior.
 
 ### Team mode (for complex batches)
@@ -377,13 +377,14 @@ They are deliberately NOT reproduced here. If the card has a `review_profile`
 `light`, `balanced`, `deep`}, **use it verbatim** — do NOT recompute. Log `profile=<x> (from card)`
 in the tracker.
 
-**Fallback path (legacy cards only — no `review_profile` field):** cards authored before v3.38.0
-(or manually) lack the field. Only then, compute the profile by reading the decision criteria
-from the SSOT: **`review_profile` is computed by prd-card-writer (Rule C); see
-`framework/.claude/agents/prd-card-writer.md` for the criteria.** Apply those criteria here,
-then log `profile=<x> (computed — review_profile absent)`. There is no second copy of the
-criteria in this file — keeping one authority avoids the drift that previously let the two tables
-disagree.
+**By this point `review_profile` is always present.** Pre-flight step 1b-ii (`setup.md`) already
+**normalized** every ingested card — a legacy/manual/foreign card that lacked the field had it
+back-filled via `prd-card-writer.md § Rule C` and **persisted to disk** (with a `[BACKFILL]` log),
+so this selector is a pure read. The compute-from-Rule-C logic lives ONLY at 1b-ii — there is no
+second copy of the criteria here, which avoids the drift that previously let the two tables
+disagree. Defensive one-liner only: if a card somehow still lacks the field (validator skipped in
+this install), compute it via Rule C and log `profile=<x> (computed — review_profile absent)` —
+but the canonical write happened at 1b-ii.
 
 > Note: the qa-sentinel agent keeps its OWN, different mapping (`profile → SCOPED/FULL` test tier),
 > which is legitimately qa-sentinel's; that is not the same thing as this profile-selection criteria.
@@ -540,11 +541,13 @@ Enumerated exhaustively:
 | Domain | Owning agent | Match rule |
 |---|---|---|
 | `doc` | **`doc-reviewer`** (write mode) | File path matching `*.md` under `${paths.references_dir}`, `${paths.prd_dir}`, project root `CHANGELOG.md`, or any `ssot-registry.md`. |
-| `security` | `coder` | File path matching any entry in `paths.high_risk_modules` (`baldart.config.yml`) — the same auth/permission/payment-class paths the Phase 3.7 Step A detector reads. Also any SQL migration whose content matches `CREATE POLICY|ALTER POLICY|DROP POLICY` (RLS policy mutations). If `paths.high_risk_modules` is absent, the security match rule emits a one-line diagnostic and matches nothing (no hardcoded default). |
+| `security` | **`security-reviewer`** (write mode) | File path matching any entry in `paths.high_risk_modules` (`baldart.config.yml`) — the same auth/permission/payment-class paths the Phase 3.7 Step A detector reads. Also any SQL migration whose content matches `CREATE POLICY|ALTER POLICY|DROP POLICY` (RLS policy mutations). If `paths.high_risk_modules` is absent, the security match rule emits a one-line diagnostic and matches nothing (no hardcoded default). |
 | `migration` | `coder` | File path matching `${paths.migrations_dir}/*.sql` if `paths.migrations_dir` is defined in `baldart.config.yml`; otherwise the project's migrations dir per convention (`migrations/`, `db/migrate/`, `supabase/migrations/`, `prisma/migrations/`). |
 
 **Why `doc` is owned by `doc-reviewer`, not `coder` (since v3.40.0)** — the doc invariants the orchestrator must not break (freshness markers, linking protocol, frontmatter standard, tabular formatting, SSOT/registry coverage, dependency-topological order, SCIP/code refs) are encoded in the **`doc-reviewer`** system prompt, NOT the coder's. The coder is a code-oriented agent that lacks the doc-invariant contract — routing doc fixes to it is the wrong agent doing work the auditing agent already has full context for. The agent that *audits* the docs is also the agent that *fixes* them (`doc-reviewer.md` § Constraints: "WRITE missing docs directly. You are fully responsible — do not defer to other agents"). NEVER route a `doc`-domain fix to `coder`.
 
+**Why `security` is owned by `security-reviewer`, not `coder` (since v4.36.0)** — the same logic as `doc`, applied to the security domain (canonical writer map v4.26.1; user principle "il codice lo scrive solo coder, la security solo security-reviewer"). The auth/permission/RLS/multi-tenant-isolation invariants live in the **`security-reviewer`** system prompt, not the coder's; a coder applying a one-line RLS or permission fix without that contract is the same class of error as the "wrong agent for the card". `security-reviewer` is the writer for security-domain fixes — it audits AND applies. `migration` stays `coder` (SQL authoring is the coder's lane; a migration's security-policy content matching the RLS rule above is classified `security`, not `migration`). NEVER route a `security`-domain fix to `coder`.
+
 **Edge case explicit** — a mechanical append-a-row update to `CHANGELOG.md` or `ssot-registry.md` is still classified `doc` and still goes through `doc-reviewer`, never inline and never `coder`. The uniformity of the rule matters more than the cost of the individual spawn.
 
 Domains NOT listed here remain governed by the per-phase rules of the corresponding phase (e.g. `simplify-*` follows Phase 2.55 inline rule).

package/framework/.claude/skills/new/references/codex-gate.md

@@ -128,9 +128,9 @@ For EVERY card (no conditional skip — the gate ALWAYS runs; only its DEPTH var
 
 4. **Apply fix sub-loop** (mirror of Phase 3.5 retry pattern):
    - If 0 BLOCKER and 0 HIGH → log `verdict: PASS — proceeding to Phase 4` in tracker. Done. (MEDIUM/LOW findings are advisory at this per-card gate; they are not silently lost — the post-batch **Final-review FULL gate** applies every VERIFIED finding ≥ MEDIUM. Log the MEDIUM count in the tracker so it is visible.)
-   - If 1+ BLOCKER OR 1+ HIGH → spawn `coder` agent with the report path + list of VERIFIED bugs. **At `full` profile** the report contains Codex-suggested inline patches: pass them and have the coder **apply the suggested patches** with the right system prompt (project conventions, naming, testing patterns) — it does NOT re-do the analysis or re-grep (since v3.28.3), BUT it MUST first confirm each patch still applies against the current file state (prior fix-loop iterations may have shifted line offsets); if a patch no longer applies cleanly, the coder re-locates the target by content and applies the equivalent edit rather than a stale-offset verbatim paste. **At `light` profile** (since v4.18.0) the findings come from **Codex** (the sole finder) — the report carries Codex's `minimal_fix_direction`; brief the coder to apply it (treat it like the `full`-profile Codex fix direction). **On the Codex-unavailable fallback** the `light` findings come from `code-reviewer` instead — brief the coder to apply the `code-reviewer` fix direction (no Codex patches to paste). After coder fixes, **re-write the lean contract `/tmp/codexreview-lean-<CARD-ID>.json` (it is consumed-once and deleted by `/codexreview`)** and re-invoke `/codexreview` via the Skill tool with `args: <CARD-ID>` (NOT a bare prose mention — the card ID MUST be passed so the retry reviews THIS card, not an inferred one). Repeat **max 2 times**.
+   - If 1+ BLOCKER OR 1+ HIGH → spawn the **domain writer** with the report path + list of VERIFIED bugs (canonical writer map v4.26.1 — see SKILL.md § "Domain-Override Domains"): **`security`-domain findings** (touching `paths.high_risk_modules` or RLS-policy SQL — the same `security` match rule) → **`security-reviewer`** in write mode (it owns the security-invariant contract a coder lacks; never route a security fix to `coder`); **all other findings** (`correctness`/code/perf/`other`) → **`coder`**. Run security-reviewer first, then coder (skip either if its partition is empty). **At `full` profile** the report contains Codex-suggested inline patches: pass them and have the coder **apply the suggested patches** with the right system prompt (project conventions, naming, testing patterns) — it does NOT re-do the analysis or re-grep (since v3.28.3), BUT it MUST first confirm each patch still applies against the current file state (prior fix-loop iterations may have shifted line offsets); if a patch no longer applies cleanly, the coder re-locates the target by content and applies the equivalent edit rather than a stale-offset verbatim paste. **At `light` profile** (since v4.18.0) the findings come from **Codex** (the sole finder) — the report carries Codex's `minimal_fix_direction`; brief the coder to apply it (treat it like the `full`-profile Codex fix direction). **On the Codex-unavailable fallback** the `light` findings come from `code-reviewer` instead — brief the coder to apply the `code-reviewer` fix direction (no Codex patches to paste). After coder fixes, **re-write the lean contract `/tmp/codexreview-lean-<CARD-ID>.json` (it is consumed-once and deleted by `/codexreview`)** and re-invoke `/codexreview` via the Skill tool with `args: <CARD-ID>` (NOT a bare prose mention — the card ID MUST be passed so the retry reviews THIS card, not an inferred one). Repeat **max 2 times**.
    - If still BLOCKER/HIGH after 2 retries → log in `## Issues & Flags` and **ask the user** whether to proceed, escalate, or stop. The Phase 4 commit MUST NOT happen until the Pre-Merge Codex Review verdict is PASS or user explicitly overrides.
-   - **Telemetry** — for EVERY codex finding processed (verified BLOCKER, verified HIGH, or false-positive-filtered), append one row to `## Fix Application Log`: `3.7 | codex-<security|correctness|other> | est_lines=<n> | decision=<coder|skipped> | applied_by=<coder|-> | severity=<BLOCKER|HIGH|FALSE-POSITIVE> | retry=<n>`. Classify domain: `security` for findings touching RLS / auth / permissions / payments; `correctness` for logic / data integrity / race conditions; `other` for everything else.
+   - **Telemetry** — for EVERY codex finding processed (verified BLOCKER, verified HIGH, or false-positive-filtered), append one row to `## Fix Application Log`: `3.7 | codex-<security|correctness|other> | est_lines=<n> | decision=<security-reviewer|coder|skipped> | applied_by=<security-reviewer|coder|-> | severity=<BLOCKER|HIGH|FALSE-POSITIVE> | retry=<n>`. (`security`-domain fixes are applied by `security-reviewer`, all others by `coder`.) Classify domain: `security` for findings touching RLS / auth / permissions / payments; `correctness` for logic / data integrity / race conditions; `other` for everything else.
 
 5. **Update tracker**: phase = `3.7-codexgate DONE` (the gate runs unconditionally for every card — the legacy `3.7-highrisk` name implied it only fired on high-risk cards, which is no longer true), log final verdict, retry count, list of fixed findings, and the report path.
 

package/framework/.claude/skills/new/references/completeness.md

@@ -251,7 +251,7 @@ This gate enforces `framework/agents/workflows.md § Scope Closure Discipline` a
    - Options (max 4):
      1. **"Implementa adesso"** — spawn a targeted fix `coder` agent scoped to this card's MAY EDIT files (from `## File Ownership Map`) with the instruction "Implement ONLY AC-<N>: '<AC text>'. Do not refactor or expand scope." Re-run Phase 2.5 verification on the resulting diff — **including the mandatory sub-steps 5b (API contract), 5c (alias-mutation), 5d (caller-pattern test)** if the fix touched a route, an exported helper, or a call site (a single-AC fix can still introduce these). **Hard cap: 2 attempts on the same AC.** On the 2nd failure, do NOT re-offer "Implementa adesso" — re-invoke `AskUserQuestion` with only options 2/3/4 (approve deferral / follow-up card / stop), so the loop cannot recur unbounded.
      2. **"Approva il deferral"** — record `[USER-APPROVED DEFERRAL] <today>: <user-supplied reason>` on its own line in the card's `implementation_notes`. Mark the row `User-approved? yes`.
-     3. **"Sposta su follow-up card"** — create a backlog stub at `${paths.backlog_dir}/<CARD-ID>-followup-AC<N>.yml` with `status: TODO` AND the minimum fields the Pre-flight gate (step 1b) requires, so a future `/new` run can pick it up without halting: a non-empty `requirements` (≥1, derived from the AC), a non-empty `acceptance_criteria` (≥1, the verbatim AC text), and a non-empty `files_likely_touched` (≥1, carried from the parent card's ownership map for this AC). Mark the row `User-approved? yes (follow-up: <new-card-id>)`. Do NOT proceed to Phase 2.55 until the follow-up file exists on disk and passes the step-1b field check.
+     3. **"Sposta su follow-up card"** — create the follow-up card by **delegating to the `prd-card-writer` agent in Standalone Single-Card Mode** (NOT a hand-written stub — backlog cards are owned by `prd-card-writer`, same discipline as `new2`/`new2-resolve`). Brief it: `MODE: standalone`, write `${paths.backlog_dir}/<CARD-ID>-followup-AC<N>.yml` with `status: TODO`, derived from the deferred AC — a non-empty `requirements` (≥1, derived from the AC), `acceptance_criteria` = the verbatim AC text (≥1), `files_likely_touched` (≥1, carried from the parent card's ownership map for this AC), `owner_agent` routed to the AC's domain, and `review_profile` per Rule C — i.e. the full STANDALONE baseline of `framework/agents/card-schema.md`. If `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub carrying at least the step-1b HALT fields (`requirements`/`acceptance_criteria`/`files_likely_touched`/`scope`); the consumer back-fill (step 1b-ii) then fills `review_profile`/`owner_agent` on first ingestion. Mark the row `User-approved? yes (follow-up: <new-card-id>)`. Do NOT proceed to Phase 2.55 until the follow-up file exists on disk and passes the step-1b field check.
      4. **"Ferma il batch"** — halt the orchestrator, leave the worktree intact, log the reason in `## Issues & Flags`. Do NOT commit.
 
    Do NOT batch the question across multiple ACs — one `AskUserQuestion` per AC, so the user sees each AC's text in isolation. Issue the questions sequentially.

package/framework/.claude/skills/new/references/final-review.md

@@ -220,9 +220,9 @@ that is a **gate violation**: log it as
 10. **Persist verified findings** to `/tmp/batch-final-review-<FIRST-CARD-ID>.md`.
 11. **Merge-blocking gate (mirrors the per-card Phase 3.7 gate this final pass backstops):** if any VERIFIED **BLOCKER or HIGH** finding exists, it MUST be resolved before Phase 6 merge. Apply fixes by **domain owner** (since v3.40.0 — same Domain-Override routing as the per-card phases), then re-verify; if a BLOCKER/HIGH cannot be resolved in a single apply + one retry, log it in `## Issues & Flags` and invoke `AskUserQuestion` (override with reason / escalate to a follow-up card / halt) — do NOT proceed to Phase 6 with an unresolved BLOCKER or HIGH. VERIFIED findings of severity MEDIUM are also applied (advisory below that). Partition the verified findings by the **Domain-Override match rules** ("Domain-Override Domains"):
     - **`doc`-domain findings** (file path matching the `doc` match rule — `*.md` under `${paths.references_dir}`/`${paths.prd_dir}`, `CHANGELOG.md`, `ssot-registry.md`) → invoke the **doc-reviewer** agent once in write mode to apply them. NEVER route doc fixes to coder.
-    - **`security`-domain findings** (path in `paths.high_risk_modules`, or RLS-policy SQL) and **`migration`-domain findings** (SQL under the migrations dir) → route to **coder**, but apply the Sub-agent failure protocol's STOP-on-crash rule for these domains (never inline-fallback on a security/migration fix). These are NOT collapsed into a generic "everything else" bucket.
+    - **`security`-domain findings** (path in `paths.high_risk_modules`, or RLS-policy SQL) → route to **security-reviewer** in write mode (canonical writer map v4.26.1 — it owns the security-invariant contract a coder lacks; NEVER route security fixes to coder). **`migration`-domain findings** (SQL under the migrations dir) → route to **coder**. For both, apply the Sub-agent failure protocol's STOP-on-crash rule (never inline-fallback on a security/migration fix). These are NOT collapsed into a generic "everything else" bucket.
     - **All remaining findings** (other code, perf, test) → invoke the **coder** agent once to apply them in a single pass.
-    Run in the order doc-reviewer → coder (or skip either if its partition is empty). Pass only the verified findings, not false positives.
+    Run in the order doc-reviewer → security-reviewer → coder (skip any whose partition is empty). Pass only the verified findings, not false positives.
 12. Run final build: `npm run lint && npx tsc --noEmit && npm run build` (redirect each to `/tmp/final-<gate>.txt` per § "Context economy"; surface only exit code + bounded extract on failure).
     If any check fails, apply self-healing retry loop (up to 3 times).
 13. **Update tracker** with final review results:

package/framework/.claude/skills/new/references/review-cycle.md

@@ -51,8 +51,10 @@ so it surfaces in telemetry.
   ```
 
   The workflow runs Simplify + Codex (agent-launched, code-reviewer fallback) + qa-sentinel + security,
-  FP-checks each specialist's own findings, then **one coder applies all VERIFIED
-  code/perf/security/simplify findings in a single pass** and re-verifies lint/tsc/build. It returns
+  FP-checks each specialist's own findings, then the **domain writer applies its VERIFIED findings**
+  (canonical writer map v4.26.1: `security` → `security-reviewer`; `code`/`perf`/`migration`/`test`/
+  `simplify` → `coder`) — security-reviewer pass first, then the coder pass — and re-verifies
+  lint/tsc/build. It returns
   `{ codexEngine, perCard: { <CARD-ID>: { fixesApplied, residual } }, gateTable, summary }`.
   **Skip the inline Phase 2.55 + Phase 3.5 below AND the Phase 3.7 gate in `codex-gate.md`** (all three
   are now done), then handle the workflow output HERE in the skill. **Process each `residual` finding by
@@ -61,7 +63,9 @@ so it surfaces in telemetry.
   - `classification == NEEDS_MANUAL_CONFIRMATION` (any domain) → `AskUserQuestion` — the human gate the
     workflow cannot run. (`summary.needsManual` counts these, doc included.)
   - else `domain == doc` residual → carry into **Phase 3** (the doc-reviewer runs there, post-E2E, on final code).
-  - else `code`/`perf`/`security`/`migration` residual (a fix the coder could not converge in its 2 retries)
+  - else `security` residual (a fix not converged in 2 retries) → spawn a targeted `security-reviewer`
+    now over this card's `editableFiles` (it owns the security-invariant contract — never a coder).
+  - else `code`/`perf`/`migration` residual (a fix the coder could not converge in its 2 retries)
     → spawn a targeted `coder` now over this card's `editableFiles`.
   - **QA gate (BLOCKING — mirror of inline Phase 3.5 step 24)**: if `gateTable` has any `status:"FAIL"`
     **OR** `summary.checksFailed` is true, the merge gate is NOT satisfied. Spawn a `coder` on the
@@ -107,7 +111,7 @@ After completeness is verified, clean up the implementation before it reaches re
    - **Efficiency agent** — flag unnecessary work (redundant computations, duplicate API calls, N+1), missed concurrency, hot-path bloat, recurring no-op updates without change-detection guards, TOCTOU existence checks, memory issues (unbounded structures, missing cleanup), overly broad operations.
 
 4. Aggregate findings from all three agents. For each finding:
-   - **Valid AND in a Domain-Override domain** (the finding's target file matches the `doc`, `security`, or `migration` match rule in "Domain-Override Domains") → do NOT apply inline. Delegate to the domain owner: `doc` → `doc-reviewer` (write mode), `security`/`migration` → `coder`. Even a one-line efficiency fix in `paths.high_risk_modules` or a migration file goes to the owning agent — the orchestrator lacks that domain's invariant contract.
+   - **Valid AND in a Domain-Override domain** (the finding's target file matches the `doc`, `security`, or `migration` match rule in "Domain-Override Domains") → do NOT apply inline. Delegate to the domain **writer** (canonical writer map v4.26.1): `doc` → `doc-reviewer` (write mode), `security` → `security-reviewer` (write mode — it owns the security-invariant contract a coder lacks), `migration` → `coder`. Even a one-line efficiency fix in `paths.high_risk_modules` (security) or a migration file goes to the owning agent — the orchestrator lacks that domain's invariant contract.
    - **Valid AND not in a Domain-Override domain** → fix directly (apply edits inline).
    - **False positive / not worth addressing** → skip, BUT record it (see telemetry). If the skip rests on a "covered by X" / "redundant" / "not needed" rationalization (the same family the AC-Closure Gate guards against), do NOT discard silently — verify the rationale by reading `X`, and if it does not hold, treat the finding as valid.
 
@@ -279,9 +283,9 @@ skill's Phase 1 falls back to deriving Gherkin scenarios from
       per-card Phase 3.7 gate now skips that duplicate (lean mode), so THIS pass MUST carry it.
       A doc-drift→bug finding whose root cause is in CODE (not the doc) is the ONE thing
       doc-reviewer does NOT fix itself — report it with the conflicting code location + the doc
-      it violates, and the orchestrator routes it to the `security`/code fix path as appropriate.
+      it violates, and the orchestrator routes it to the `security` (→ security-reviewer) / code (→ coder) fix path as appropriate.
     ```
-    Doc-reviewer applies all doc-domain fixes itself. The orchestrator does NOT spawn a coder for doc fixes (since v3.40.0 — `doc` is owned by `doc-reviewer`, see "Domain-Override Domains"). The only doc-reviewer output that leaves this phase unfixed is a **doc-drift→bug finding rooted in CODE** (the implementation contradicts a documented contract). Route it explicitly: if the conflicting code file matches the `security` Domain-Override match rule (`paths.high_risk_modules`) → spawn `coder` with the finding now, in this phase (a security-class code fix is not deferrable to a `light` Phase 3.7); otherwise carry the finding into the Phase 3.7 `/codexreview` input as a known code-drift bug and let the Phase 3.7 fix sub-loop apply it. Either way, append a Fix Application Log row with `domain=codex-correctness` (NOT `doc`) so telemetry attributes it as a code fix. Do NOT leave it accumulating in the tracker with no fix owner.
+    Doc-reviewer applies all doc-domain fixes itself. The orchestrator does NOT spawn a coder for doc fixes (since v3.40.0 — `doc` is owned by `doc-reviewer`, see "Domain-Override Domains"). The only doc-reviewer output that leaves this phase unfixed is a **doc-drift→bug finding rooted in CODE** (the implementation contradicts a documented contract). Route it explicitly: if the conflicting code file matches the `security` Domain-Override match rule (`paths.high_risk_modules`) → spawn `security-reviewer` with the finding now, in this phase (a security-class code fix is not deferrable to a `light` Phase 3.7, and security is owned by `security-reviewer` — never a coder); otherwise carry the finding into the Phase 3.7 `/codexreview` input as a known code-drift bug and let the Phase 3.7 fix sub-loop apply it. Either way, append a Fix Application Log row with `domain=codex-correctness` (NOT `doc`) so telemetry attributes it as a code fix. Do NOT leave it accumulating in the tracker with no fix owner.
 14. **Knowledge-corpus sync (OPTIONAL — only if the project ships a corpus-sync agent)**: There is NO shipped `obsidian-sync` agent — do NOT dispatch one (a hard dispatch to a non-existent subagent fails silently). Only when the project provides its own knowledge-corpus sync agent (declared in `.baldart/overlays/new.md`) AND doc-reviewer's findings indicate a corpus impact, invoke that agent with the listed paths after the doc fixes are applied. Otherwise skip with a one-line notice (`knowledge-corpus sync: skipped (no corpus-sync agent configured)`). Non-blocking either way.
 15. **Telemetry** — after doc-reviewer returns, append one row per doc finding to `## Fix Application Log`: `3 | doc | est_lines=<n> | decision=doc-reviewer | applied_by=doc-reviewer | finding=<1-line>`. If 0 findings, append one row: `3 | doc | est_lines=0 | decision=skipped | applied_by=- | reason=no-findings`. **Phase-8 producer (named counter)** — ALSO record the per-card doc-gap counts as a structured line in `## Current Card` (carried into `## Completed Cards` at Phase 5): `doc_gaps: found=<N> fixed=<M>` where `N` = total doc findings doc-reviewer raised and `M` = those it applied. This is the single named producer for Phase 8's `doc_gaps_found` / `doc_gaps_fixed` fields — without it those fields have no upstream write and Phase 8 would hard-code zeros. (D.4a is the team-mode producer of the same counter — see Phase 7 § D.4a.)
 16. Run `npm run lint` and `npx tsc --noEmit` (when `stack.language` includes typescript) to verify nothing broke (redirect to disk per § "Context economy"). If doc-reviewer touched any source-adjacent file (a `.ts`/`.tsx` helper, a co-located doc export), also run `npm run build`. If any check fails, apply the self-healing retry loop (up to 3 times, no user prompt). **If still failing after 3 retries**: do NOT fall through silently to Phase 3.5 — log `[DOC-PHASE-REGRESSION]` in `## Issues & Flags` and invoke `AskUserQuestion` (revert the doc-phase edits that broke the build / keep and fix manually / stop the card).

package/framework/.claude/skills/new/references/setup.md

@@ -127,12 +127,23 @@
 ## Pre-flight (once)
 
 1. Read each backlog card from `${paths.backlog_dir}/*.yml` to understand scope and dependencies. Also read the project's canonical-docs registry — typically `${paths.references_dir}/ssot-registry.md` plus any linking-protocol guide — to understand which canonical docs exist for the feature area being implemented. Exact filenames are listed in `.baldart/overlays/new.md`; skip when absent.
-1b. **Validate card fields (pre-flight gate)** — for each card, verify it has the minimum required fields before queuing it:
-   - `requirements` — must be a non-empty list (>=1 item)
-   - `acceptance_criteria` — must be a non-empty list (>=1 item)
-   - `files_likely_touched` — must be a non-empty list (>=1 file)
+1b. **Normalize & validate card baseline (pre-flight gate)** — `/new` is **type-blind**: it runs the same pipeline on `FEAT`/`CHORE`/`BUG`/`DOC`/`PERF`. The universal, profile-aware baseline is the SSOT in [`framework/agents/card-schema.md`](../../../agents/card-schema.md). Detect each card's profile (epic / child / standalone) per that module, then run three stages. (Epic-parent cards are excluded from the per-card loop — skip 1b-i/ii for them; the validator at 1b-iii still checks their EPIC column.)
+
+   **1b-i — HALT on non-derivable fields (ask the user).** Verify the fields that cannot be safely synthesized are present and non-empty:
+   - `requirements` (>=1), `acceptance_criteria` (>=1), `files_likely_touched` (>=1 file), and `scope`.
+   - `scope_boundaries` is **NOT** in this set (it is conditional — legitimately omitted for standalone cards with no siblings; see card-schema.md).
    If any card fails: log the specific missing fields in `## Issues & Flags`, ask the user to fill them in before proceeding with that card, and continue pre-flight for any remaining valid cards.
 
+   **1b-ii — Back-fill deterministically-computable fields (compute → persist → log).** For each non-epic card missing a derivable field, compute it and **write it back to the card on disk in `$MAIN/${paths.backlog_dir}`** (the main repo path resolved at Phase 0 step 1 — NOT the worktree copy; same F-040 discipline `new2` uses for follow-ups):
+   - `review_profile` absent → compute via `prd-card-writer.md § Rule C` (the SSOT), write it.
+   - `owner_agent` absent/empty/`claude` → default `coder`, write it. (Never back-fill an epic's `""`.)
+   - **Check-and-skip (idempotent):** write ONLY when the field is genuinely absent. A card that already has the field is untouched — so a pre-flight re-entry after compaction never double-writes.
+   - Log each write on its own line in `## Issues & Flags`: `[BACKFILL] <CARD-ID>: <field>=<value> (Rule C / coder-default)`.
+   - **Commit discipline:** after all cards are processed, if ANY back-fill was written, commit them together in `$MAIN` with the COMMIT_LOCK + doc-freshness precautions of `merge-cleanup.md` Phase 6b (clear stale `COMMIT_LOCK`; `git add` only the back-filled card YAMLs; if the doc-freshness hook blocks, stage `ssot-registry.md`; ≤2 retries): `git commit -m "chore(backlog): normalise card baseline [BACKFILL]"`. Do NOT leave `$MAIN` dirty for the batch duration — an uncommitted backlog edit would surface as noise in the Phase 3/4 git-diff gates.
+   - `canonical_docs` / `links.prd` absent on a standalone/non-PRD card → **WARN** only (log, do not block, do not back-fill).
+
+   **1b-iii — Conformance validation.** Run the framework validator `node .framework/framework/scripts/validate-card-baseline.js <card-yaml-path>` (or the path resolved for your install) against each card. It is profile-aware (epic/child/standalone) and catches what 1b-i/1b-ii could not — invalid enum values (`review_profile` ∉ `{skip,light,balanced,deep}`, `owner_agent` ∉ Rule A enum), or a REQUIRED field still missing. Exit 1 → display the per-field errors in `## Issues & Flags` and HALT that card (continue others). If the validator is not reachable in this install, skip with a one-line note (the 1b-i/1b-ii gates still applied).
+
 1c. **Field Registry Validation (pre-flight gate)** — for each card with a `data_fields` block, run the project's field-validation tool if available (path listed in `.baldart/overlays/new.md`; typically `python3 tools/validate-card-fields.py <card-yaml-path>`).
    - If exit 1: display the field errors in `## Issues & Flags` and HALT — ask the user to fix the card before proceeding. Do not start implementation until the card passes validation.
    - If the card has DB-index signals (`db_indexes` — or legacy `firestore_indexes` — or `data.collections`/`data.tables`) but NO `data_fields` block: log WARNING in `## Issues & Flags` — "Card `<ID>` touches the persistence layer but has no `data_fields` block. Field/column names are unvalidated."

package/framework/.claude/skills/new/references/team-mode.md

@@ -184,13 +184,15 @@ After ALL agents in the group complete successfully:
      }})
      ```
      The workflow fans out the finders per card, runs ONE Codex pass + ONE qa-sentinel (group max tier)
-     over the union, and **one coder applies all VERIFIED code/perf/security/simplify fixes for the
-     whole group in a single pass** (files disjoint by ownership → no conflict, same as D.3). It returns
-     `{ codexEngine, perCard, gateTable, summary }`. **Skip the inline D.2 (code portion), D.3, D.3b,
+     over the union, and the **domain writer applies all VERIFIED fixes for the whole group** (canonical
+     writer map v4.26.1: `security` → `security-reviewer`, then `code`/`perf`/`migration`/`test`/`simplify`
+     → `coder`; the two passes run sequentially over disjoint-by-ownership files → no conflict, same as D.3).
+     It returns `{ codexEngine, perCard, gateTable, summary }`. **Skip the inline D.2 (code portion), D.3, D.3b,
      D.4, D.4b** below. Then per card handle `perCard[<id>].residual` exactly as the sequential gate does
      (`references/review-cycle.md` § Phase 2.5x — **by classification first**: `NEEDS_MANUAL_CONFIRMATION`
-     any-domain → `AskUserQuestion`; else doc residual → the post-E2E doc step; else unconverged
-     code/perf/security residual → targeted `coder`). Apply the **same BLOCKING QA-gate consumption**:
+     any-domain → `AskUserQuestion`; else doc residual → the post-E2E doc step; else unconverged `security`
+     residual → targeted `security-reviewer`; else unconverged code/perf residual → targeted `coder`).
+     Apply the **same BLOCKING QA-gate consumption**:
      `gateTable` with any `status:"FAIL"` OR `summary.checksFailed` → coder fix (≤2 retries) then
      `AskUserQuestion`; **D.5 commit MUST NOT happen until `gateTable` is PASS/SKIP and `checksFailed` is
      false** (a delegated QA FAIL blocks exactly as inline D.4 / Phase 3.5 would — `gateTable` is

package/framework/.claude/skills/new2/SKILL.md

@@ -186,12 +186,15 @@ returns when the batch is done. It returns:
    "the workflow attempted a write", never proof on disk. So for **every** `residuals[]` entry
    (regardless of the `materialized` flag), check whether a matching follow-up card actually exists
    on disk under `${paths.backlog_dir}` in the **MAIN repo** (`<card>-followup-*.yml`). If it is
-   absent, create it by **delegating to the `prd-card-writer` agent** — the same owner the workflow
-   uses (card-template, Rule C `review_profile`, `owner_agent` routed to the residual's domain,
-   traceability) — derived from the residual (≥1 requirement; `acceptance_criteria` = the verbatim
-   residual; `files_likely_touched` from the card's ownership). Do NOT hand-write a minimal stub —
-   the offline path must match agent-path quality (F-039); it MUST pass the `/new` pre-flight field
-   check. If `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub. This
+   absent, create it by **delegating to the `prd-card-writer` agent in Standalone Single-Card Mode**
+   — the same owner the workflow uses (full STANDALONE baseline of `framework/agents/card-schema.md`:
+   Rule C `review_profile`, `owner_agent` routed to the residual's domain, `scope`, traceability) —
+   derived from the residual (≥1 requirement; `acceptance_criteria` = the verbatim residual;
+   `files_likely_touched` from the card's ownership). Do NOT hand-write a minimal stub — the offline
+   path must match agent-path quality (F-039); it MUST pass the `/new` pre-flight field check. If
+   `prd-card-writer` is unavailable (total outage), fall back to a minimal valid stub carrying the
+   step-1b HALT fields — the `/new` pre-flight back-fill (step 1b-ii) then normalizes its
+   `review_profile`/`owner_agent` on first ingestion, so even the crisis stub self-heals. This
    main-repo, **disk-verified** write is the SSOT — nothing is dropped even on a non-merged batch.
 2. **Mark deferred cards DONE — only after their follow-up exists AND every deferral class allows
    it (F-040/H + A3).** Some committed cards were intentionally left **NON-DONE** because they carry

package/framework/.claude/skills/prd/assets/card-template.yml

@@ -1,6 +1,11 @@
 # =============================================================================
 # {{FEAT-ID}} — {{Short title}}
 # =============================================================================
+# Field SSOT: framework/agents/card-schema.md — the universal, profile-aware
+# (epic/child/standalone) baseline every card satisfies. This template is the
+# CHILD profile; consult card-schema.md for the epic/standalone deltas. The
+# review_profile criteria live in prd-card-writer.md § Rule C; the owner_agent
+# enum in REGISTRY.md — never re-listed here.
 
 id: {{FEAT-ID}}
 title: "{{Full descriptive title}}"

package/framework/.claude/workflows/new-card-review.js

@@ -28,7 +28,11 @@ export const meta = {
 //     gateTable, summary }
 // ───────────────────────────────────────────────────────────────────────────
 
-const a = args || {}
+// Tolerate args delivered as a JSON string (parse-or-default) — the Workflow tool
+// sometimes serializes a structured `args` object to a string; without this guard
+// `a.cards` is undefined → empty `cards` → degenerate no-op return (cards:0, 0 agents).
+let a = args || {}
+if (typeof a === 'string') { try { a = JSON.parse(a) } catch (_) { a = {} } }
 const cards = (Array.isArray(a.cards) ? a.cards : []).filter((c) => c && c.cardId)
 const cfg = a.config || {}
 const highRisk = (cfg.paths && cfg.paths.high_risk_modules) || [] // security-domain hint
@@ -298,59 +302,83 @@ const surviving = classified
   .map((f) => ({ ...f, card: attributeCard(f, fileToCard, cards) }))
 
 // ───────────────────────────────────────────────────────────────────────────
-// Phase Fix — ONE coder applies all VERIFIED code/perf/security/simplify findings.
-//   doc findings → residual (the skill runs doc-reviewer post-E2E on final code).
-//   NEEDS_MANUAL_CONFIRMATION → residual (human gate, owned by the skill).
+// Phase Fix — the DOMAIN WRITER applies its verified findings (canonical writer
+//   map v4.26.1): security → security-reviewer (owns the security-invariant
+//   contract — never folded into the coder pass); code/perf/migration/test/simplify
+//   → coder. doc findings → residual (the skill runs doc-reviewer post-E2E on final
+//   code). NEEDS_MANUAL_CONFIRMATION → residual (human gate, owned by the skill).
 // ───────────────────────────────────────────────────────────────────────────
 phase('Fix')
 const isDoc = (f) => /doc|wiki|ssot|readme/.test(String(f.domain).toLowerCase())
+// 'security' domain → security-reviewer. migration STAYS coder (canonical writer map: code/perf/
+// migration/test → coder), so match the exact 'security' domain, not the broader verifier regex.
+const isSecurity = (f) => String(f.domain).toLowerCase() === 'security'
 const isManual = (f) => f.classification === 'NEEDS_MANUAL_CONFIRMATION'
 // Partition `surviving` (= VERIFIED + NEEDS_MANUAL; FALSE_POSITIVE already dropped) with NO overlap:
-//   actionable    = VERIFIED non-doc  → the coder fixes these.
+//   securityFix   = VERIFIED security → security-reviewer applies (it owns the security invariants).
+//   actionable    = VERIFIED non-doc non-security → the coder fixes these.
 //   docResidual   = VERIFIED doc      → the skill runs doc-reviewer post-E2E on final code.
 //   manualResidual= NEEDS_MANUAL any  → human gate, owned by the skill (a doc-manual must NOT be
 //                   silently auto-re-reviewed: it carries its needs-manual classification out).
-const actionable = surviving.filter((f) => f.classification === 'VERIFIED' && !isDoc(f))
+const securityFix = surviving.filter((f) => f.classification === 'VERIFIED' && !isDoc(f) && isSecurity(f))
+const actionable = surviving.filter((f) => f.classification === 'VERIFIED' && !isDoc(f) && !isSecurity(f))
 const docResidual = surviving.filter((f) => f.classification === 'VERIFIED' && isDoc(f))
 const manualResidual = surviving.filter(isManual)
 
 const SKIP_CHECKS = { lint: 'SKIP', tsc: 'SKIP', build: 'SKIP' }
-let fixResult = { applied: [], unresolved: [], checks: { ...SKIP_CHECKS } }
-if (actionable.length && unionEditable.length) {
+
+// One fix pass: the domain WRITER applies its verified findings to the worktree, then re-verifies.
+// Passes run SEQUENTIALLY (security-reviewer before coder) so edits on shared files never conflict
+// without having to partition the ownership map; the last pass to run carries the build it verified.
+async function applyFixPass(findings, writer, label, role) {
+  if (!findings.length) return { applied: [], unresolved: [], checks: { ...SKIP_CHECKS }, ran: false }
+  if (!unionEditable.length) {
+    log(`Fix: ${findings.length} ${label} finding(s) but no editable files in scope — returned as residual (${writer} skipped).`)
+    return { applied: [], unresolved: findings.map((f) => f.finding_id), checks: { ...SKIP_CHECKS }, ran: false }
+  }
   const fixBrief =
-    `Apply ALL of the verified review findings below to the worktree, then verify the build. You are the SINGLE fix pass for this wave.\n\n` +
+    `Apply ALL of the verified ${role} review findings below to the worktree, then verify the build. You are the ${writer} fix pass for this wave.\n\n` +
     `Worktree: ${a.worktreePath || '(cwd)'} — cd into it.\n` +
     `You MAY edit ONLY these files (ownership map — touching anything else is a violation):\n${unionEditable.join('\n')}\n\n` +
-    `Findings to fix (grouped — fix the code, not the tests unless a test itself is wrong; do NOT expand scope beyond the finding):\n` +
-    actionable.map((f) => `- [${f.finding_id}] (${f.card || '?'} / ${f.domain} / ${f.severity}) ${f.title}\n    evidence: ${f.evidence}\n    direction: ${f.minimal_fix_direction}`).join('\n') +
+    `Findings to fix (fix the code, not the tests unless a test itself is wrong; do NOT expand scope beyond the finding):\n` +
+    findings.map((f) => `- [${f.finding_id}] (${f.card || '?'} / ${f.domain} / ${f.severity}) ${f.title}\n    evidence: ${f.evidence}\n    direction: ${f.minimal_fix_direction}`).join('\n') +
     `\n\nAfter applying: run \`npm run lint\` and (when the project uses typescript) \`npx tsc --noEmit\` and \`npm run build\` in the worktree. If a check fails because of an edit you made, fix the regression — at most 2 retries — staying within the allowed files. ` +
     `Do NOT commit. Do NOT git stash (refs/stash is shared across worktrees). ` +
     `Return: applied (finding_ids you fixed), unresolved (finding_ids you could NOT fix within the allowed files / 2 retries), and checks (PASS/FAIL/SKIP for lint, tsc, build).`
-  const r = await agent(fixBrief, { label: 'fix-coder', phase: 'Fix', agentType: 'coder', schema: FIX_SCHEMA })
-  // Normalize: the coder may die (null) or return a truthy object missing fields.
-  fixResult = (r && typeof r === 'object') ? r : { applied: [], unresolved: actionable.map((f) => f.finding_id), checks: { ...SKIP_CHECKS } }
-  if (!Array.isArray(fixResult.applied)) fixResult.applied = []
-  if (!Array.isArray(fixResult.unresolved)) fixResult.unresolved = []
-  if (!fixResult.checks || typeof fixResult.checks !== 'object') fixResult.checks = { ...SKIP_CHECKS }
-  log(`Fix: coder applied ${fixResult.applied.length}/${actionable.length} finding(s); checks lint=${fixResult.checks.lint} tsc=${fixResult.checks.tsc} build=${fixResult.checks.build}.`)
-} else if (actionable.length) {
-  // Actionable findings exist but NO editable files are mapped → cannot fix; return all as residual
-  // (no wasted coder spawn — the skill will route them to a targeted coder with a proper ownership scope).
-  fixResult = { applied: [], unresolved: actionable.map((f) => f.finding_id), checks: { ...SKIP_CHECKS } }
-  log(`Fix: ${actionable.length} actionable finding(s) but no editable files in scope — returned as residual (coder skipped).`)
-} else {
-  log('Fix: no actionable code/perf/security/simplify findings — coder skipped.')
+  const r = await agent(fixBrief, { label, phase: 'Fix', agentType: writer, schema: FIX_SCHEMA })
+  // Normalize: the agent may die (null) or return a truthy object missing fields.
+  const res = (r && typeof r === 'object') ? r : { applied: [], unresolved: findings.map((f) => f.finding_id), checks: { ...SKIP_CHECKS } }
+  if (!Array.isArray(res.applied)) res.applied = []
+  if (!Array.isArray(res.unresolved)) res.unresolved = []
+  if (!res.checks || typeof res.checks !== 'object') res.checks = { ...SKIP_CHECKS }
+  res.ran = true
+  log(`Fix: ${writer} applied ${res.applied.length}/${findings.length} ${label} finding(s); checks lint=${res.checks.lint} tsc=${res.checks.tsc} build=${res.checks.build}.`)
+  return res
 }
 
+// Security writer FIRST (owns the security-invariant contract), then the coder. Sequential → no
+// edit conflict on shared files; the coder pass (when it runs) carries the authoritative build.
+const secResult = await applyFixPass(securityFix, 'security-reviewer', 'fix-security', 'security')
+const codeFixResult = await applyFixPass(actionable, 'coder', 'fix-coder', 'code/perf/simplify')
+if (!securityFix.length && !actionable.length) log('Fix: no actionable code/perf/security/simplify findings — fixers skipped.')
+
+// Merge the two passes. A FAIL in EITHER pass fails the wave; PASS only when a pass actually ran it.
+const fixPasses = [secResult, codeFixResult]
+const allActionable = [...securityFix, ...actionable]
+const appliedIds = new Set(fixPasses.flatMap((p) => (p.applied || []).map((x) => x.finding_id)))
+const unresolvedIds = new Set(fixPasses.flatMap((p) => p.unresolved || []))
+const ranChecks = fixPasses.filter((p) => p.ran).map((p) => p.checks)
+const mergedChecks = ['lint', 'tsc', 'build'].reduce((acc, k) => {
+  acc[k] = ranChecks.some((c) => c[k] === 'FAIL') ? 'FAIL' : (ranChecks.some((c) => c[k] === 'PASS') ? 'PASS' : 'SKIP')
+  return acc
+}, {})
 // Unfixed actionable findings become residual (human/coder follow-up owned by the skill).
-const appliedIds = new Set((fixResult.applied || []).map((x) => x.finding_id))
-const unresolvedIds = new Set(fixResult.unresolved || [])
-const codeResidual = actionable.filter((f) => !appliedIds.has(f.finding_id) || unresolvedIds.has(f.finding_id))
-const checksFailed = ['lint', 'tsc', 'build'].some((k) => fixResult.checks && fixResult.checks[k] === 'FAIL')
+const codeResidual = allActionable.filter((f) => !appliedIds.has(f.finding_id) || unresolvedIds.has(f.finding_id))
+const checksFailed = ['lint', 'tsc', 'build'].some((k) => mergedChecks[k] === 'FAIL')
 
 // ---- Assemble per-card result ----------------------------------------------
 function bucket(cardId) { return perCard[cardId] || (perCard[cardId] = { fixesApplied: [], residual: [] }) }
-for (const f of actionable) {
+for (const f of allActionable) {
   if (appliedIds.has(f.finding_id) && !unresolvedIds.has(f.finding_id)) {
     bucket(f.card || cards[0].cardId).fixesApplied.push(`[${f.finding_id}] ${f.title}`)
   }

package/framework/.claude/workflows/new-final-review.js

@@ -24,7 +24,11 @@ export const meta = {
 //   { codexEngine, findings:[…classified, FALSE_POSITIVE dropped], gateTable, summary }
 // ───────────────────────────────────────────────────────────────────────────
 
-const a = args || {}
+// Tolerate args delivered as a JSON string (parse-or-default) — the Workflow tool
+// sometimes serializes a structured `args` object to a string; without this guard
+// `a.reviewScopeFiles`/`a.cardPaths` are undefined → empty scope → degenerate no-op return.
+let a = args || {}
+if (typeof a === 'string') { try { a = JSON.parse(a) } catch (_) { a = {} } }
 const scope = Array.isArray(a.reviewScopeFiles) ? a.reviewScopeFiles : []
 const cards = Array.isArray(a.cardPaths) ? a.cardPaths : []
 const cfg = a.config || {}

package/framework/agents/card-schema.md

@@ -0,0 +1,112 @@
+# Atomic Card Baseline Schema
+
+## Purpose
+
+Define the **universal baseline** every backlog card MUST satisfy — for ANY prefix
+(`FEAT`/`CHORE`/`BUG`/`DOC`/`PERF`/`UI`) and ANY origin (a `/prd` run, a follow-up, a
+GitHub-issue triage, a manual edit). `/new` and `/new2` consume cards **type-blind**: they
+scale per-card review depth on `review_profile` and run the same pipeline regardless of prefix.
+A card that drifts off this baseline (e.g. a `CHORE` with no `review_profile` or no `scope`)
+silently degrades that pipeline. This module is the **single source of truth** for *which
+fields a card needs* and *in what state*; every writer and every consumer cites it.
+
+## Scope
+
+**In**: the per-profile field-state matrix, the profile-detection rule, and the
+consumer contract (HALT / BACK-FILL / WARN) that `/new` ingestion enforces.
+**Out**: the *value* decisions — `owner_agent` routing lives in `prd-card-writer.md § Rule A`
+(enum SSOT: `.claude/agents/REGISTRY.md`); `review_profile` criteria live in
+`prd-card-writer.md § Rule C`. This module says a card MUST carry those fields and in what
+state; it **never copies** the Rule A enum or the Rule C decision table (doing so would
+re-introduce the drift those SSOTs exist to prevent).
+
+## The three card profiles
+
+Baseline requirements are **profile-aware** — a flat "every field required and non-empty"
+rule would wrongly reject valid cards (an epic legitimately has `owner_agent: ""` and
+`files_likely_touched: []`; a standalone CHORE legitimately has no `scope_boundaries` or
+`links.prd`). Detect the profile first, then apply its column:
+
+- **EPIC** — filename matches `*-epic.yml`, OR `group.sequence == 0`, OR `review_profile: skip`
+  with `owner_agent: ""`. A tracker, never implemented. `/new` excludes it from the per-card
+  loop.
+- **STANDALONE** — a single card with no PRD/epic lineage: no `group.parent` pointing at a
+  `-00` epic AND no `links.prd`. Typical: a follow-up (`<id>-followup-<gate>.yml`), a
+  graph-align CHORE, an ad-hoc BUG.
+- **CHILD** — a card produced under a PRD epic (`group.parent` → a `-00` epic id). The default
+  for `/prd`-generated work.
+
+## Field-state matrix
+
+Legend: **R** = required, present **and non-empty** · **E** = required key, value MAY be empty
+(`[]` / `""`) · **C** = conditional, omittable per a documented carve-out (never a HALT) ·
+**—** = not applicable for this profile.
+
+| Field | EPIC | CHILD | STANDALONE | Notes |
+|---|---|---|---|---|
+| `id` | R | R | R | |
+| `title` | R | R | R | |
+| `status` | R | R | R | enum `TODO`/`IN_PROGRESS`/`DONE` |
+| `priority` | R | R | R | enum `HIGH`/`MEDIUM`/`LOW` |
+| `owner_agent` | E (`""`) | R | R | CHILD/STANDALONE ∈ Rule A enum; EPIC is `""` (tracker) |
+| `execution_mode` | R | R | R | |
+| `group` | R (`sequence: 0`) | R (`parent`+`sequence`) | C | STANDALONE may set `group.parent` to a tracking slug / originating id; `sequence` omittable |
+| `git_strategy` | R | R | R | branch/base/target |
+| `context` | R | R | R | |
+| `scope` | R | R | R | **never omittable** — encodes intent |
+| `scope_boundaries` | R | C | C | "Omit for standalone cards with no siblings" (`prd-card-writer.md`) |
+| `requirements` | C | R | R | EPIC tracks via AC-EPIC, not `requirements` |
+| `acceptance_criteria` | R (AC-EPIC) | R | R | |
+| `definition_of_done` | R | R | R | |
+| `depends_on` / `blocks` | E (`[]`) | E | E | |
+| `estimated_complexity` | C | R | R | |
+| `review_profile` | R (`skip`) | R | R | ∈ `{skip,light,balanced,deep}`; CHILD/STANDALONE via Rule C |
+| `parallel_group` | R (`0`) | R | C | |
+| `files_likely_touched` | E (`[]`, never code) | R | R | EPIC tracks docs only |
+| `links.prd` | C | R | C | STANDALONE/non-PRD cards legitimately lack a PRD |
+| `links.design` | C | C | C | required when the card has UI scope |
+| `canonical_docs` | R | R | C (WARN) | "REQUIRED for all cards generated from a PRD"; a manual CHORE may lack it |
+| `data_sources` | E (`[]`) | E (`[]` if no data) | E | key always present, value may be `[]` |
+| `documentation_impact` | R | C | C | |
+| `execution_strategy` | R | — | — | epic-only orchestration block |
+| `data_fields` | — | C | C | only if it reads/writes persistence |
+| `db_indexes` | — | C | C | only if it adds a compound query |
+| `test_plan` · `integration_points` · `existing_patterns` · `anti_patterns` · `reuse_analysis` · `input_output_examples` · `error_handling` | C | C | C | populate when applicable (see `prd-card-writer.md` Required Fields) |
+| `assumptions` · `unknowns` · `notes` | C | C | C | |
+
+## Consumer contract — HALT / BACK-FILL / WARN
+
+`/new` and `/new2` ingestion (pre-flight) enforce this matrix against the detected profile.
+The three classes are deliberately distinct so a thin card is fixed where it can be and only
+blocks where intent is genuinely missing:
+
+- **HALT (non-derivable — ask the user):** a **R** field that cannot be safely synthesized.
+  The canonical HALT set is `requirements`, `acceptance_criteria`, `files_likely_touched`,
+  and `scope` (CHILD/STANDALONE). `scope_boundaries` is **NOT** in the HALT set — it is **C**.
+- **BACK-FILL (deterministically computable — compute, persist, log):** `review_profile`
+  (compute via `prd-card-writer.md § Rule C`) and `owner_agent` (default `coder` for a
+  non-epic; **never** back-fill an epic's `""`). Write the value to the card on disk in the
+  **main repo** with a `[BACKFILL] <id>: <field>=<value>` log. **Check-and-skip**: only write
+  when the field is genuinely absent (idempotent across pre-flight re-entry).
+- **WARN (expected but tolerable absent):** `canonical_docs` / `links.prd` on a STANDALONE /
+  non-PRD card. Log, do not block.
+
+A back-fill never rescues a card missing a HALT field: a card without `scope` blocks regardless
+of how many derivable fields were filled.
+
+## Writer contract
+
+The canonical writer is the `prd-card-writer` agent. It emits the full baseline for the
+relevant profile — including its **Standalone Single-Card Mode** for follow-up / CHORE / BUG /
+issue cards (see `prd-card-writer.md`). **Every** card-creation path delegates to it rather
+than hand-writing a partial stub; the only exception is a documented crisis fallback on total
+agent outage, and even that stub is normalized by the consumer contract above on first
+ingestion. New writers MUST cite this module, not re-list fields.
+
+## Validator
+
+`framework/scripts/validate-card-baseline.js` (and the CI sibling
+`scripts/check-card-baseline.js`) parse this matrix, detect the card's profile, and assert
+each field's state (R present+non-empty, E key present, C ignored, enums valid). They read the
+field list from THIS file — never an embedded copy — so the schema and the validator cannot
+drift.

package/framework/agents/index.md

@@ -23,6 +23,7 @@ Route agents to the right module with minimal reading.
 - If touching design-review workflows or UI guidelines -> read `agents/design-review.md` and project-specific UI guidelines.
 - If touching architecture, auth, or tech stack -> read `agents/architecture.md`.
 - If touching workflow/process/commits/backlog -> read `agents/workflows.md`.
+- If CREATING or MUTATING a backlog card (any prefix — `FEAT`/`CHORE`/`BUG`/`DOC`/`PERF`/`UI`), or consuming one type-blind (`/new`, `/new2`) -> read `agents/card-schema.md` (the universal, profile-aware baseline) before writing/validating fields.
 - If touching testing or QA issues -> read `agents/testing.md` (also documents the scope-aware,
   profile-driven test-selection strategy consumed by `qa-sentinel`).
 - If touching GitHub issues or issue workflow -> read `agents/github-issue-subagent.md`.
@@ -65,6 +66,7 @@ When adding or updating agents, update REGISTRY.md — not this file.
 - `agents/code-search-protocol.md` — Retrieval hierarchy for code search: LSP → Grep → Git (since v3.10.0, gated on `features.has_lsp_layer`)
 - `agents/code-graph-protocol.md` — Structural/relational retrieval via the Graphify code knowledge graph (since v4.21.0, gated on `features.has_code_graph`)
 - `agents/design-system-protocol.md` — Registry-first discipline for UI work: BLOCKING cascade on `INDEX.md` + `tokens-reference.md` + `components/<Name>.md` (since v3.11.0, gated on `features.has_design_system`)
+- `agents/card-schema.md` — Atomic Card Baseline Schema: the universal, profile-aware (epic/child/standalone) field contract every backlog card satisfies, plus the consumer HALT/BACK-FILL/WARN contract (since v4.35.0)
 
 ## Where to Document (Decision Tree)
 

package/framework/scripts/validate-card-baseline.js

@@ -0,0 +1,263 @@
+#!/usr/bin/env node
+/**
+ * validate-card-baseline.js — profile-aware validator for backlog cards.
+ *
+ * Why this exists (v4.35.0): `/new` and `/new2` consume cards type-blind and scale
+ * per-card review depth on `review_profile`. A card that drifts off the universal
+ * baseline (e.g. a CHORE with no `review_profile` or no `scope`) silently degrades
+ * that pipeline. This validator is the machine-checkable enforcement of the SSOT
+ * field-state matrix in `framework/agents/card-schema.md`.
+ *
+ * It is PROFILE-AWARE — a flat "every field required, non-empty" rule would wrongly
+ * reject valid cards (an epic has `owner_agent: ""` and `files_likely_touched: []`;
+ * a standalone CHORE has no `scope_boundaries`/`links.prd`). It detects epic / child /
+ * standalone and applies that profile's column.
+ *
+ * SSOT, never embedded: the field-state matrix is PARSED from card-schema.md and the
+ * `owner_agent`/`status` enums from REGISTRY.md, so the validator cannot drift from
+ * the docs it enforces.
+ *
+ * Usage:
+ *   node framework/scripts/validate-card-baseline.js <card.yml> [<card2.yml> ...]
+ * Exit 0 = all valid; exit 1 = at least one card has errors (printed per-field).
+ *
+ * Module API (for CI self-tests in scripts/check-card-baseline.js):
+ *   const { validateCard, detectProfile, loadSchema, loadEnums } = require(...)
+ */
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const yaml = require('js-yaml');
+
+const SCRIPT_DIR = __dirname;
+const SCHEMA_MD = path.join(SCRIPT_DIR, '..', 'agents', 'card-schema.md');
+const REGISTRY_MD = path.join(SCRIPT_DIR, '..', '.claude', 'agents', 'REGISTRY.md');
+
+const STATIC_ENUMS = {
+  priority: ['HIGH', 'MEDIUM', 'LOW'],
+  execution_mode: ['local', 'cloud'],
+  review_profile: ['skip', 'light', 'balanced', 'deep'],
+};
+
+// --- SSOT parsers -----------------------------------------------------------
+
+/**
+ * Parse the field-state matrix from card-schema.md.
+ * Returns { field: { EPIC, CHILD, STANDALONE } } where each value is R|E|C|NA.
+ */
+function loadSchema(schemaPath = SCHEMA_MD) {
+  const text = fs.readFileSync(schemaPath, 'utf8');
+  const lines = text.split('\n');
+  const matrix = {};
+  let inTable = false;
+  let cols = null; // index map after the header
+  for (const raw of lines) {
+    const line = raw.trim();
+    const isRow = line.startsWith('|') && line.endsWith('|');
+    if (!inTable) {
+      if (isRow && /\|\s*Field\s*\|/i.test(line) && /EPIC/i.test(line) && /CHILD/i.test(line)) {
+        // header row found — map column order
+        const headers = splitRow(line).map((h) => h.toUpperCase());
+        cols = {
+          EPIC: headers.indexOf('EPIC'),
+          CHILD: headers.indexOf('CHILD'),
+          STANDALONE: headers.indexOf('STANDALONE'),
+        };
+        inTable = true;
+      }
+      continue;
+    }
+    if (!isRow) break; // table ended
+    const cells = splitRow(line);
+    // skip the markdown separator row (|---|---|)
+    if (cells.every((c) => /^:?-+:?$/.test(c))) continue;
+    const fields = extractBackticked(cells[0]);
+    if (!fields.length) continue;
+    const state = (cell) => parseState(cells[cell]);
+    const entry = { EPIC: state(cols.EPIC), CHILD: state(cols.CHILD), STANDALONE: state(cols.STANDALONE) };
+    for (const f of fields) matrix[f] = entry;
+  }
+  if (!Object.keys(matrix).length) {
+    throw new Error(`validate-card-baseline: could not parse field-state matrix from ${schemaPath}`);
+  }
+  return matrix;
+}
+
+function splitRow(line) {
+  // drop leading/trailing pipe, split on |, trim
+  return line.replace(/^\|/, '').replace(/\|$/, '').split('|').map((c) => c.trim());
+}
+
+function extractBackticked(cell) {
+  const out = [];
+  const re = /`([^`]+)`/g;
+  let m;
+  while ((m = re.exec(cell)) !== null) {
+    // keep dotted paths (links.prd) and plain identifiers; drop anything with spaces/values
+    const tok = m[1].trim();
+    if (/^[A-Za-z_][A-Za-z0-9_.]*$/.test(tok)) out.push(tok);
+  }
+  return out;
+}
+
+function parseState(cell) {
+  if (cell == null) return 'NA';
+  const c = cell.trim();
+  if (c === '' || c.startsWith('—') || c.startsWith('-')) return 'NA';
+  const ch = c[0].toUpperCase();
+  if (ch === 'R') return 'R';
+  if (ch === 'E') return 'E';
+  if (ch === 'C') return 'C';
+  return 'NA';
+}
+
+/** Parse the owner_agent + status enums from REGISTRY.md (fenced `- value` lists). */
+function loadEnums(registryPath = REGISTRY_MD) {
+  const fallback = {
+    owner_agent: ['coder', 'ui-expert', 'plan', 'visual-designer', 'motion-expert'],
+    status: ['TODO', 'READY', 'IN_PROGRESS', 'BLOCKED', 'DONE'],
+  };
+  let text;
+  try { text = fs.readFileSync(registryPath, 'utf8'); } catch { return fallback; }
+  return {
+    owner_agent: parseEnumBlock(text, 'owner_agent enum') || fallback.owner_agent,
+    status: parseEnumBlock(text, 'status enum') || fallback.status,
+  };
+}
+
+function parseEnumBlock(text, header) {
+  const idx = text.indexOf(`${header}:`);
+  if (idx === -1) return null;
+  const rest = text.slice(idx);
+  const vals = [];
+  const lines = rest.split('\n').slice(1); // after the `<header>:` line
+  for (const line of lines) {
+    const m = line.match(/^\s*-\s*([A-Za-z0-9_-]+)/);
+    if (m) { vals.push(m[1]); continue; }
+    if (line.trim().startsWith('```')) break; // end of fenced block
+    if (line.trim() === '' && vals.length) break;
+  }
+  return vals.length ? vals : null;
+}
+
+// --- profile detection + validation ----------------------------------------
+
+function detectProfile(card, filename = '') {
+  const isEpic =
+    /-epic\.ya?ml$/i.test(filename) ||
+    card.group?.sequence === 0 ||
+    (card.review_profile === 'skip' && card.owner_agent === '');
+  if (isEpic) return 'EPIC';
+  const hasPrd = !!(card.links && card.links.prd);
+  const parent = card.group && card.group.parent;
+  const parentIsEpic = typeof parent === 'string' && /-0*0$/.test(parent.trim());
+  const isStandalone = !hasPrd && !parentIsEpic;
+  return isStandalone ? 'STANDALONE' : 'CHILD';
+}
+
+function getPath(obj, dotted) {
+  return dotted.split('.').reduce((o, k) => (o == null ? undefined : o[k]), obj);
+}
+
+function present(v) {
+  return v !== undefined && v !== null;
+}
+
+function nonEmpty(v) {
+  if (!present(v)) return false;
+  if (typeof v === 'string') return v.trim() !== '';
+  if (Array.isArray(v)) return v.length > 0;
+  if (typeof v === 'object') return Object.keys(v).length > 0;
+  return true; // numbers, booleans
+}
+
+/**
+ * Validate a parsed card object against the schema matrix + enums.
+ * Returns { profile, errors: string[] }.
+ */
+function validateCard(card, { matrix, enums, filename = '' } = {}) {
+  matrix = matrix || loadSchema();
+  enums = enums || loadEnums();
+  const profile = detectProfile(card, filename);
+  const errors = [];
+
+  for (const [field, states] of Object.entries(matrix)) {
+    const state = states[profile];
+    if (state === 'NA' || state === 'C') continue;
+    const val = field.includes('.') ? getPath(card, field) : card[field];
+    if (state === 'R' && !nonEmpty(val)) {
+      errors.push(`REQUIRED field '${field}' is missing or empty (profile ${profile})`);
+    } else if (state === 'E' && !present(field.includes('.') ? getPath(card, field) : card[field]) && !(field in card)) {
+      errors.push(`field '${field}' must be present as a key (value may be empty) (profile ${profile})`);
+    }
+  }
+
+  // Enum checks (only when the value is present and non-empty).
+  const enumChecks = [
+    ['status', enums.status],
+    ['priority', STATIC_ENUMS.priority],
+    ['execution_mode', STATIC_ENUMS.execution_mode],
+    ['review_profile', STATIC_ENUMS.review_profile],
+  ];
+  for (const [field, allowed] of enumChecks) {
+    const v = card[field];
+    if (nonEmpty(v) && !allowed.includes(String(v))) {
+      errors.push(`'${field}' = '${v}' is not in enum {${allowed.join(', ')}}`);
+    }
+  }
+  // owner_agent: '' is legal ONLY for epics; otherwise must be in the Rule A enum.
+  const oa = card.owner_agent;
+  if (profile === 'EPIC') {
+    if (oa !== '' && oa != null && !enums.owner_agent.includes(String(oa))) {
+      errors.push(`epic 'owner_agent' must be '' or in {${enums.owner_agent.join(', ')}} (got '${oa}')`);
+    }
+  } else if (nonEmpty(oa) && !enums.owner_agent.includes(String(oa))) {
+    errors.push(`'owner_agent' = '${oa}' is not in enum {${enums.owner_agent.join(', ')}}`);
+  }
+
+  return { profile, errors };
+}
+
+// --- CLI --------------------------------------------------------------------
+
+function main(argv) {
+  const files = argv.slice(2);
+  if (!files.length) {
+    process.stderr.write('Usage: validate-card-baseline.js <card.yml> [<card2.yml> ...]\n');
+    return 2;
+  }
+  const matrix = loadSchema();
+  const enums = loadEnums();
+  let failed = 0;
+  for (const file of files) {
+    let card;
+    try {
+      card = yaml.load(fs.readFileSync(file, 'utf8'));
+    } catch (e) {
+      process.stdout.write(`✖ ${file}: YAML parse error — ${e.message}\n`);
+      failed++;
+      continue;
+    }
+    if (!card || typeof card !== 'object') {
+      process.stdout.write(`✖ ${file}: not a YAML mapping\n`);
+      failed++;
+      continue;
+    }
+    const { profile, errors } = validateCard(card, { matrix, enums, filename: path.basename(file) });
+    if (errors.length) {
+      failed++;
+      process.stdout.write(`✖ ${file} [${profile}] — ${errors.length} issue(s):\n`);
+      for (const e of errors) process.stdout.write(`    - ${e}\n`);
+    } else {
+      process.stdout.write(`✓ ${file} [${profile}]\n`);
+    }
+  }
+  return failed ? 1 : 0;
+}
+
+if (require.main === module) {
+  process.exit(main(process.argv));
+}
+
+module.exports = { validateCard, detectProfile, loadSchema, loadEnums, nonEmpty };

package/framework/templates/ci/check-card-baseline.yml

@@ -0,0 +1,48 @@
+# Backlog card-baseline gate (BALDART v4.35.0) — OPT-IN consumer template.
+#
+# Copy this file to .github/workflows/ in your repo to fail a PR when a backlog
+# card drifts off the universal, profile-aware baseline (the SSOT field-state
+# matrix in .framework/framework/agents/card-schema.md). This catches a manually
+# or ad-hoc authored card (e.g. a CHORE with no review_profile or no scope) at
+# PR time — not only when /new ingests it.
+#
+# The validator is profile-aware (epic / child / standalone) and ships with the
+# framework subtree; if it is absent the gate no-ops (run `baldart update`).
+
+name: Backlog card baseline
+
+on:
+  pull_request:
+    paths:
+      - 'backlog/**'
+
+jobs:
+  card-baseline:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install js-yaml (validator dependency)
+        run: npm i js-yaml --no-save
+
+      - name: Validate backlog card baseline
+        run: |
+          VALIDATOR=.framework/framework/scripts/validate-card-baseline.js
+          if [ ! -f "$VALIDATOR" ]; then
+            echo "card-baseline validator not found at $VALIDATOR — run 'baldart update'. Skipping."
+            exit 0
+          fi
+          # Adjust the glob if your cards live elsewhere (baldart.config.yml paths.backlog_dir).
+          shopt -s nullglob
+          CARDS=(backlog/*.yml backlog/*.yaml)
+          if [ ${#CARDS[@]} -eq 0 ]; then
+            echo "No backlog cards to validate."
+            exit 0
+          fi
+          node "$VALIDATOR" "${CARDS[@]}"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "baldart",
-  "version": "4.34.2",
+  "version": "4.36.0",
   "description": "Claude Agent Framework - Reusable framework for coordinating AI agents and humans in software projects",
   "bin": {
     "baldart": "./bin/baldart.js"