bigpowers 1.0.0

package/countable-story-format.md

@@ -0,0 +1,293 @@
+# Countable Story Format
+
+The canonical format for stories and bug-fix specs that need to be **countable** — i.e., readable by automated counters that score scope, sizing, and non-functional coverage. Every spec-producing skill in bigpowers writes output in this format.
+
+This is a structural contract. Counters key off the exact section names and order. Section omissions are not equivalent to "no content here" — they make the spec uncountable. Use `Not applicable` instead.
+
+---
+
+## Hard rules
+
+1. **Every section must be present.** Empty sections are written as `Not applicable` with a one-line reason. Deleting a section caps maturity at 3.
+2. **Section names and order are fixed.** Do not rename, merge, or reorder. Counters do not infer location.
+3. **Sections 14, 15, 16 are tagged `*NFR*`** in their heading. The NFR ratio = (§14 + §15 + §16 content) / total content. The tag must be present even when the section is `Not applicable`.
+4. **Sizing uses Fibonacci only.** XS=1, S=2, M=3, L=5, XL=8. Any other value is invalid.
+5. **Acceptance criteria are Gherkin only** (`Scenario / Given / When / Then`) and live in §17.
+6. **Acceptance criteria must cover the main flow (§5) plus every alternative/exception listed in §6.** One scenario per branch, minimum.
+7. **Multiple occurrences of the same dimension are listed separately**, each with its own one-line rationale. Do not collapse.
+
+## Maturity rubric (self-score in the header)
+
+| Score | Label | Definition |
+|------|-------|------------|
+| 1 | Napkin | Only §1, §2, §17 populated. |
+| 2 | Sketch | §1–§6 populated; data model implicit. |
+| **3** | **Countable** | **§1–§16 populated. Counter runs cleanly. Wording may still be loose.** |
+| 4 | Refined | §1–§20 populated. Gherkin covers every business rule. Open questions tracked but non-blocking. |
+| 5 | Implementation-ready | All sections final. Data model precise enough for codegen. No open questions. References complete. |
+
+**Sprint commitment gate:** maturity ≥ 4 recommended. Anything below 3 is blocked from sprint commit unless risk is explicitly accepted.
+
+---
+
+## Header block (mandatory)
+
+```
+STORY KEY: <PROJECT-NNN>
+TITLE:     <short imperative title>
+TYPE:      Story | Spike | Bug | Enabler
+PARENT:    <epic key or N/A>
+STATUS:    Draft | Ready for refinement | Refined | Counted | In sprint
+AUTHOR:    <name>           DATE: <YYYY-MM-DD>
+MATURITY:  <self-score 1-5>
+SIZE:      XS | S | M | L | XL   (Fibonacci 1/2/3/5/8)
+```
+
+`SIZE` is optional at maturity 3; required at maturity 4+.
+
+---
+
+## The 20 sections
+
+Headings appear verbatim, including the numbers.
+
+### 1. Business narrative
+
+Two to four paragraphs of plain business prose. No solution language. No `As a / I want` phrasing — that belongs in §2. Describe the situation, the friction, and the desired outcome from the business point of view.
+
+### 2. Value statement
+
+A single line:
+```
+As a <actor>, I want <capability>, so that <outcome>.
+```
+Retained for portfolio-level skim. One line, no expansion.
+
+### 3. Actors and permissions
+
+List of actors and what they are allowed to do. Mark each as `internal | external | system`.
+
+### 4. Trigger and preconditions
+
+What event starts this flow. What must be true before it can run.
+
+### 5. Main flow and business logic
+
+Numbered steps describing the happy path. Decision points are explicit. Include the line `Interruption point: <where the flow can be paused/resumed or N/A>`.
+
+### 6. Alternative flows and exceptions
+
+Numbered list of every branch and every error path. Each entry must be referenced by a Gherkin scenario in §17.
+
+### 7. Interface elements
+
+```
+Context: new | existing
+Static elements:  <list>
+Dynamic elements: <list>
+```
+Max five elements per cluster. If more, split into clusters.
+
+### 8. Domain model
+
+Entities touched, entities created, relationships changed. Reference `specs/CONTEXT.md` and `specs/UBIQUITOUS_LANGUAGE.md` where applicable.
+
+### 9. Integrations and boundaries
+
+Each integration tagged `perennial | ethereal` and `direction: in | out | both`.
+
+### 10. Background processes
+
+Each tagged `event | scheduled | manual+scheduled | external`.
+
+### 11. Notifications
+
+One entry per notification: channel, recipient, trigger event.
+
+### 12. Audit and logging
+
+Audited entities and the audit fields captured.
+
+### 13. Solution variabilities
+
+For each parameter: source (`config | tenant | feature flag | role`) and behaviour per value.
+
+### 14. Quality attributes *NFR*
+
+Concrete service-level targets: p95 latency, uptime, scale ceiling, reliability. Numbers only — no adjectives.
+
+### 15. Security and compliance *NFR*
+
+AuthN method, AuthZ model, data classification, applicable regulations, controls in place.
+
+### 16. UX and accessibility *NFR*
+
+WCAG level, i18n scope, supported modalities, branding constraints.
+
+### 17. Acceptance criteria
+
+Gherkin scenarios:
+```
+Scenario: <name>
+  Given <precondition>
+  When  <action>
+  Then  <outcome>
+```
+At least one scenario for the main flow (§5) and one per branch in §6.
+
+### 18. Out of scope
+
+Explicit non-goals. Phrased as full sentences, not single words.
+
+### 19. Open questions
+
+```
+- <question> — owner: <name>, needed by: <YYYY-MM-DD>
+```
+A non-empty §19 caps maturity at 3.
+
+### 20. References
+
+Links to design docs, RFCs, ADRs, prior stories, datasets, prototypes.
+
+---
+
+## Bug-fix specs (DIAGNOSIS.md)
+
+Bug fixes use the same header block and the same 20 sections. The minimum required for "Countable" on a bug fix:
+
+- §1 — describe actual vs. expected behavior and reproduction.
+- §5 — the verified root-cause flow (output of the 4-phase RCA).
+- §6 — alternative hypotheses ruled out.
+- §17 — Gherkin: at least one regression scenario that fails before the fix and passes after.
+- §18 — what this fix deliberately does not change.
+- §19 — anything still unverified.
+
+Sections 2–4, 7–16, 20 are marked `Not applicable — <reason>` if the fix is purely behavioral.
+
+---
+
+## Refactors and spikes
+
+Refactors and spikes are not user stories and do **not** use this format. They keep their existing lightweight templates (`specs/REFACTOR.md`, `specs/SPIKE-<name>.md`). They are not counted.
+
+---
+
+## Worked example (minimal countable story)
+
+```
+STORY KEY: ACME-101
+TITLE:     Self-serve password reset
+TYPE:      Story
+PARENT:    ACME-EPIC-7
+STATUS:    Draft
+AUTHOR:    dvm           DATE: 2026-05-23
+MATURITY:  3
+SIZE:      M
+
+### 1. Business narrative
+Customer-support handles ~120 password reset tickets per week. Each ticket
+costs an average of 8 minutes of agent time. Customers wait 4 hours on
+average for a reply. Both numbers are unacceptable for our SLA tier.
+
+### 2. Value statement
+As a signed-out customer, I want to reset my own password, so that I can
+get back into my account without contacting support.
+
+### 3. Actors and permissions
+- Customer (external) — initiate reset, set new password.
+- Auth service (system) — issue and verify reset tokens.
+
+### 4. Trigger and preconditions
+Trigger: customer clicks "Forgot password" on the sign-in screen.
+Precondition: an account with the supplied email exists and is not locked.
+
+### 5. Main flow and business logic
+1. Customer submits email.
+2. System creates single-use reset token (TTL 30 min).
+3. System emails token link to the registered address.
+4. Customer opens link and submits new password.
+5. System verifies token, updates password hash, invalidates token.
+6. System redirects to sign-in.
+Interruption point: between steps 3 and 4 (link sent, not yet clicked).
+
+### 6. Alternative flows and exceptions
+6a. Email not registered — respond identically to success path (do not leak).
+6b. Token expired — display generic "request a new link" message.
+6c. Account locked — redirect to support contact page; do not issue token.
+
+### 7. Interface elements
+Context: existing.
+Static elements: page title, email input, submit button.
+Dynamic elements: validation message, throttle banner.
+
+### 8. Domain model
+Entities touched: User, AuthCredential. New entity: PasswordResetToken
+(user_id, token_hash, expires_at, used_at).
+
+### 9. Integrations and boundaries
+- Email provider (perennial, direction: out).
+
+### 10. Background processes
+- Token sweeper (scheduled, hourly) — purges expired tokens.
+
+### 11. Notifications
+- Email — recipient: registered user — trigger: token issued.
+
+### 12. Audit and logging
+Audited entity: PasswordResetToken. Fields: issued_at, used_at, ip.
+
+### 13. Solution variabilities
+- TTL (config) — default 30 min, override per tenant.
+
+### 14. Quality attributes *NFR*
+- p95 reset-flow end-to-end < 60 s including email delivery.
+- 99.9% monthly uptime on the reset endpoint.
+
+### 15. Security and compliance *NFR*
+- AuthN: anonymous on request, token-based on completion.
+- AuthZ: token bound to user_id; single use.
+- Data class: PII (email).
+- Controls: rate-limit 5/hour/IP; token-hash at rest.
+
+### 16. UX and accessibility *NFR*
+- WCAG 2.1 AA.
+- i18n: en, pt-BR at launch.
+
+### 17. Acceptance criteria
+Scenario: Happy path
+  Given a registered customer at the sign-in screen
+  When  the customer requests a password reset for their email
+  Then  an email with a single-use link is sent within 60 seconds
+
+Scenario: Unknown email (6a)
+  Given an email that is not registered
+  When  the customer requests a password reset
+  Then  the UI shows the same confirmation as the happy path
+  And   no email is sent
+
+Scenario: Expired token (6b)
+  Given a reset token older than 30 minutes
+  When  the customer opens the link
+  Then  the UI shows "request a new link"
+
+Scenario: Locked account (6c)
+  Given an account marked locked
+  When  the customer requests a password reset
+  Then  no token is issued
+  And   the UI redirects to the support contact page
+
+### 18. Out of scope
+- Passwordless / magic-link sign-in.
+- Forced password rotation policy.
+- Admin-initiated resets.
+
+### 19. Open questions
+- Confirm rate-limit threshold with SecOps — owner: dvm, needed by: 2026-05-30.
+
+### 20. References
+- ADR-0014 (token strategy).
+- specs/CONTEXT.md (User aggregate).
+```
+
+This example scores 3 (Countable). To reach 4, resolve §19 and add NFR coverage for §16 i18n test plan.

package/craft-skill/REFERENCE.md

@@ -0,0 +1,88 @@
+# Craft Skill — Reference
+
+## Naming Rules (full)
+
+Every skill name must be a **two-word verb-noun pair**:
+- First word: a verb (survey, model, define, develop, audit…)
+- Second word: a noun from PMBOK 6 / Agile vocabulary (context, domain, language, tdd, code…)
+- Pronounceable in any language, searchable, no noise words, no encodings
+- Exception precedent: `grill-me` — kept for recognizability
+
+Good: `survey-context`, `audit-code`, `validate-fix`
+Bad: `context-surveyor`, `code-auditing-skill`, `fix-validator`
+
+Any new naming exception requires an entry in CONVENTIONS.md before the skill is published.
+
+## Skill Structure
+
+```
+skill-name/
+├── SKILL.md           # Main instructions (required)
+├── REFERENCE.md       # Detailed docs (if needed)
+├── EXAMPLES.md        # Usage examples (if needed)
+└── scripts/           # Utility scripts (if needed)
+    └── helper.sh
+```
+
+## SKILL.md Template
+
+```md
+---
+name: skill-name
+description: Brief description of capability. Use when [specific triggers].
+---
+
+# Skill Name
+
+## Quick start
+
+[Minimal working example]
+
+## Workflows
+
+[Step-by-step processes with checklists for complex tasks]
+
+## Advanced features
+
+[Link to separate files: See [REFERENCE.md](REFERENCE.md)]
+```
+
+## Description Requirements
+
+The description is **the only thing your agent sees** when deciding which skill to load.
+
+**Format**:
+- Max 1024 chars
+- Write in third person
+- First sentence: what it does
+- Second sentence: "Use when [specific triggers]"
+
+**Good example**:
+```
+Investigate a bug by exploring the codebase to find root cause, then write a TDD-based fix plan to specs/DIAGNOSIS.md. Use when user reports a bug, wants to investigate a problem, or mentions "triage".
+```
+
+## When to Add Scripts
+
+Add utility scripts when:
+- Operation is deterministic (validation, formatting)
+- Same code would be generated repeatedly
+- Errors need explicit handling
+
+## When to Split Files
+
+Split into separate files when:
+- SKILL.md exceeds 100 lines
+- Content has distinct domains
+- Advanced features are rarely needed
+
+## sync-skills.sh Propagation
+
+After adding a new skill directory with SKILL.md, run `scripts/sync-skills.sh` from the bigpowers repo root. This automatically generates:
+- `.cursor/rules/<name>.mdc` — for Cursor
+- `.gemini/extensions/bigpowers/skills/<name>/SKILL.md` — Agent Skill
+- `.gemini/extensions/bigpowers/commands/<name>.toml` — Slash Command
+- `.gemini/extensions/bigpowers/commands/prompts/<name>.md` — Command Prompt
+- Updated `gemini-extension.json`
+
+verify: `bash scripts/sync-skills.sh 2>&1 | grep "skills synced"`

package/craft-skill/SKILL.md

@@ -0,0 +1,55 @@
+---
+name: craft-skill
+description: Create new bigpowers skills with proper structure, progressive disclosure, and bundled resources. Use when user wants to create, write, or build a new skill for the bigpowers lifecycle.
+---
+
+# Craft Skill
+
+> **HARD GATE** — Do NOT name a skill without a two-word verb-noun pair. Do NOT merge a new skill without running `sync-skills.sh` — the generated `.cursor/rules/` and `.gemini/` artifacts must match the source SKILL.md.
+
+## Process
+
+1. **Gather requirements** — ask user about:
+   - What task/domain does the skill cover?
+   - What specific use cases should it handle?
+   - Does it need executable scripts or just instructions?
+   - Any reference materials to include?
+   - What specs/ output does it produce (if any)?
+
+2. **Verify Principles** — Ensure the skill aligns with [PRINCIPLES.md](../docs/PRINCIPLES.md):
+   - Is it atomic (verb-noun)?
+   - Is it "deep" (simple interface, complex internal logic)?
+   - Does it include Hard Gates?
+   - Is it verifiable with a `.feature` file?
+
+3. **Draft the skill** — create:
+   - SKILL.md with concise instructions (see [REFERENCE.md](REFERENCE.md) for template)
+   - Additional reference files if content exceeds 100 lines
+   - Utility scripts if deterministic operations needed
+
+> **STREAM CONTINUITY** — When writing file content, output in continuous chunks of ~200 lines. Do not pause. Continue immediately until complete. If you need time, emit a placeholder comment rather than going silent.
+
+4. **Review with user** — present draft and ask:
+   - Does this cover your use cases?
+   - Anything missing or unclear?
+   - Should any section be more/less detailed?
+
+## Naming Rules
+
+Every skill name must be a **two-word verb-noun pair**. See [REFERENCE.md](REFERENCE.md) for full rules, examples, and documented exceptions.
+
+## specs/ Output
+
+If the skill produces written output, it goes in `specs/` at the project root. Document the output file path in the skill body and in CONVENTIONS.md's output files table.
+
+## Review Checklist
+
+After drafting, verify:
+
+- [ ] Name is a two-word verb-noun pair (or follows grill-me exception)
+- [ ] Description includes triggers ("Use when...")
+- [ ] SKILL.md under 100 lines
+- [ ] No time-sensitive info
+- [ ] Consistent terminology with CONVENTIONS.md
+- [ ] specs/ output documented if applicable
+- [ ] `sync-skills.sh` run to propagate to Cursor/Gemini

package/deepen-architecture/DEEPENING.md

@@ -0,0 +1,37 @@
+# Deepening
+
+How to deepen a cluster of shallow modules safely, given its dependencies. Assumes the vocabulary in [LANGUAGE.md](LANGUAGE.md) — **module**, **interface**, **seam**, **adapter**.
+
+## Dependency categories
+
+When assessing a candidate for deepening, classify its dependencies. The category determines how the deepened module is tested across its seam.
+
+### 1. In-process
+
+Pure computation, in-memory state, no I/O. Always deepenable — merge the modules and test through the new interface directly. No adapter needed.
+
+### 2. Local-substitutable
+
+Dependencies that have local test stand-ins (PGLite for Postgres, in-memory filesystem). Deepenable if the stand-in exists. The deepened module is tested with the stand-in running in the test suite. The seam is internal; no port at the module's external interface.
+
+### 3. Remote but owned (Ports & Adapters)
+
+Your own services across a network boundary (microservices, internal APIs). Define a **port** (interface) at the seam. The deep module owns the logic; the transport is injected as an **adapter**. Tests use an in-memory adapter. Production uses an HTTP/gRPC/queue adapter.
+
+Recommendation shape: *"Define a port at the seam, implement an HTTP adapter for production and an in-memory adapter for testing, so the logic sits in one deep module even though it's deployed across a network."*
+
+### 4. True external (Mock)
+
+Third-party services (Stripe, Twilio, etc.) you don't control. The deepened module takes the external dependency as an injected port; tests provide a mock adapter.
+
+## Seam discipline
+
+- **One adapter means a hypothetical seam. Two adapters means a real one.** Don't introduce a port unless at least two adapters are justified (typically production + test). A single-adapter seam is just indirection.
+- **Internal seams vs external seams.** A deep module can have internal seams (private to its implementation, used by its own tests) as well as the external seam at its interface. Don't expose internal seams through the interface just because tests use them.
+
+## Testing strategy: replace, don't layer
+
+- Old unit tests on shallow modules become waste once tests at the deepened module's interface exist — delete them.
+- Write new tests at the deepened module's interface. The **interface is the test surface**.
+- Tests assert on observable outcomes through the interface, not internal state.
+- Tests should survive internal refactors — they describe behaviour, not implementation. If a test has to change when the implementation changes, it's testing past the interface.

package/deepen-architecture/INTERFACE-DESIGN.md

@@ -0,0 +1,44 @@
+# Interface Design
+
+When the user wants to explore alternative interfaces for a chosen deepening candidate, use this parallel sub-agent pattern. Based on "Design It Twice" (Ousterhout) — your first idea is unlikely to be the best.
+
+Uses the vocabulary in [LANGUAGE.md](LANGUAGE.md) — **module**, **interface**, **seam**, **adapter**, **leverage**.
+
+## Process
+
+### 1. Frame the problem space
+
+Before spawning sub-agents, write a user-facing explanation of the problem space for the chosen candidate:
+
+- The constraints any new interface would need to satisfy
+- The dependencies it would rely on, and which category they fall into (see [DEEPENING.md](DEEPENING.md))
+- A rough illustrative code sketch to ground the constraints — not a proposal, just a way to make the constraints concrete
+
+Show this to the user, then immediately proceed to Step 2. The user reads and thinks while the sub-agents work in parallel.
+
+### 2. Spawn sub-agents
+
+Spawn 3+ sub-agents in parallel using the Agent tool. Each must produce a **radically different** interface for the deepened module.
+
+Prompt each sub-agent with a separate technical brief (file paths, coupling details, dependency category from [DEEPENING.md](DEEPENING.md), what sits behind the seam). The brief is independent of the user-facing problem-space explanation in Step 1. Give each agent a different design constraint:
+
+- Agent 1: "Minimize the interface — aim for 1–3 entry points max. Maximise leverage per entry point."
+- Agent 2: "Maximise flexibility — support many use cases and extension."
+- Agent 3: "Optimise for the most common caller — make the default case trivial."
+- Agent 4 (if applicable): "Design around ports & adapters for cross-seam dependencies."
+
+Include both [LANGUAGE.md](LANGUAGE.md) vocabulary and CONTEXT.md vocabulary in the brief so each sub-agent names things consistently with the architecture language and the project's domain language.
+
+Each sub-agent outputs:
+
+1. Interface (types, methods, params — plus invariants, ordering, error modes)
+2. Usage example showing how callers use it
+3. What the implementation hides behind the seam
+4. Dependency strategy and adapters (see [DEEPENING.md](DEEPENING.md))
+5. Trade-offs — where leverage is high, where it's thin
+
+### 3. Present and compare
+
+Present designs sequentially so the user can absorb each one, then compare them in prose. Contrast by **depth** (leverage at the interface), **locality** (where change concentrates), and **seam placement**.
+
+After comparing, give your own recommendation: which design you think is strongest and why. If elements from different designs would combine well, propose a hybrid. Be opinionated — the user wants a strong read, not a menu.

package/deepen-architecture/LANGUAGE.md

@@ -0,0 +1,53 @@
+# Language
+
+Shared vocabulary for every suggestion this skill makes. Use these terms exactly — don't substitute "component," "service," "API," or "boundary." Consistent language is the whole point.
+
+## Terms
+
+**Module**
+Anything with an interface and an implementation. Deliberately scale-agnostic — applies equally to a function, class, package, or tier-spanning slice.
+_Avoid_: unit, component, service.
+
+**Interface**
+Everything a caller must know to use the module correctly. Includes the type signature, but also invariants, ordering constraints, error modes, required configuration, and performance characteristics.
+_Avoid_: API, signature (too narrow — those refer only to the type-level surface).
+
+**Implementation**
+What's inside a module — its body of code. Distinct from **Adapter**: a thing can be a small adapter with a large implementation (a Postgres repo) or a large adapter with a small implementation (an in-memory fake). Reach for "adapter" when the seam is the topic; "implementation" otherwise.
+
+**Depth**
+Leverage at the interface — the amount of behaviour a caller (or test) can exercise per unit of interface they have to learn. A module is **deep** when a large amount of behaviour sits behind a small interface. A module is **shallow** when the interface is nearly as complex as the implementation.
+
+**Seam** _(from Michael Feathers)_
+A place where you can alter behaviour without editing in that place. The *location* at which a module's interface lives. Choosing where to put the seam is its own design decision, distinct from what goes behind it.
+_Avoid_: boundary (overloaded with DDD's bounded context).
+
+**Adapter**
+A concrete thing that satisfies an interface at a seam. Describes *role* (what slot it fills), not substance (what's inside).
+
+**Leverage**
+What callers get from depth. More capability per unit of interface they have to learn. One implementation pays back across N call sites and M tests.
+
+**Locality**
+What maintainers get from depth. Change, bugs, knowledge, and verification concentrate at one place rather than spreading across callers. Fix once, fixed everywhere.
+
+## Principles
+
+- **Depth is a property of the interface, not the implementation.** A deep module can be internally composed of small, mockable, swappable parts — they just aren't part of the interface. A module can have **internal seams** (private to its implementation, used by its own tests) as well as the **external seam** at its interface.
+- **The deletion test.** Imagine deleting the module. If complexity vanishes, the module wasn't hiding anything (it was a pass-through). If complexity reappears across N callers, the module was earning its keep.
+- **The interface is the test surface.** Callers and tests cross the same seam. If you want to test *past* the interface, the module is probably the wrong shape.
+- **One adapter means a hypothetical seam. Two adapters means a real one.** Don't introduce a seam unless something actually varies across it.
+
+## Relationships
+
+- A **Module** has exactly one **Interface** (the surface it presents to callers and tests).
+- **Depth** is a property of a **Module**, measured against its **Interface**.
+- A **Seam** is where a **Module**'s **Interface** lives.
+- An **Adapter** sits at a **Seam** and satisfies the **Interface**.
+- **Depth** produces **Leverage** for callers and **Locality** for maintainers.
+
+## Rejected framings
+
+- **Depth as ratio of implementation-lines to interface-lines** (Ousterhout): rewards padding the implementation. We use depth-as-leverage instead.
+- **"Interface" as the TypeScript `interface` keyword or a class's public methods**: too narrow — interface here includes every fact a caller must know.
+- **"Boundary"**: overloaded with DDD's bounded context. Say **seam** or **interface**.

package/deepen-architecture/SKILL.md

@@ -0,0 +1,76 @@
+---
+name: deepen-architecture
+description: Find deepening opportunities in a codebase, informed by the domain language in specs/CONTEXT.md and the decisions in specs/adr/. Use when the user wants to improve architecture, find refactoring opportunities, consolidate tightly-coupled modules, or make a codebase more testable and AI-navigable.
+---
+
+# Deepen Architecture
+
+Surface architectural friction and propose **deepening opportunities** — refactors that turn shallow modules into deep ones. The aim is testability and AI-navigability.
+
+## Glossary
+
+Use these terms exactly in every suggestion. Consistent language is the point — don't drift into "component," "service," "API," or "boundary." Full definitions in [LANGUAGE.md](LANGUAGE.md).
+
+- **Module** — anything with an interface and an implementation (function, class, package, slice).
+- **Interface** — everything a caller must know to use the module: types, invariants, error modes, ordering, config. Not just the type signature.
+- **Implementation** — the code inside.
+- **Depth** — leverage at the interface: a lot of behaviour behind a small interface. **Deep** = high leverage. **Shallow** = interface nearly as complex as the implementation.
+- **Seam** — where an interface lives; a place behaviour can be altered without editing in place. (Use this, not "boundary.")
+- **Adapter** — a concrete thing satisfying an interface at a seam.
+- **Leverage** — what callers get from depth.
+- **Locality** — what maintainers get from depth: change, bugs, knowledge concentrated in one place.
+
+Key principles (see [LANGUAGE.md](LANGUAGE.md) for the full list):
+
+- **Deletion test**: imagine deleting the module. If complexity vanishes, it was a pass-through. If complexity reappears across N callers, it was earning its keep.
+- **The interface is the test surface.**
+- **One adapter = hypothetical seam. Two adapters = real seam.**
+
+This skill is _informed_ by the project's domain model — `specs/CONTEXT.md` and any `specs/adr/`. The domain language gives names to good seams; ADRs record decisions the skill should not re-litigate. See [CONTEXT-FORMAT.md](../model-domain/CONTEXT-FORMAT.md) and [ADR-FORMAT.md](../model-domain/ADR-FORMAT.md).
+
+## Process
+
+### 1. Explore
+
+Read existing documentation first:
+
+- `specs/CONTEXT.md` (or `specs/CONTEXT-MAP.md` + each `specs/CONTEXT.md` in a multi-context repo)
+- Relevant ADRs in `specs/adr/`
+
+If any of these files don't exist, proceed silently — don't flag their absence or suggest creating them upfront.
+
+Then use the Agent tool with `subagent_type=Explore` to walk the codebase. Don't follow rigid heuristics — explore organically and note where you experience friction:
+
+- Where does understanding one concept require bouncing between many small modules?
+- Where are modules **shallow** — interface nearly as complex as the implementation?
+- Where have pure functions been extracted just for testability, but the real bugs hide in how they're called?
+- Where do tightly-coupled modules leak across their seams?
+- Which parts of the codebase are untested, or hard to test through their current interface?
+
+Apply the **deletion test** to anything you suspect is shallow.
+
+### 2. Present candidates
+
+Present a numbered list of deepening opportunities. For each candidate:
+
+- **Files** — which files/modules are involved
+- **Problem** — why the current architecture is causing friction
+- **Solution** — plain English description of what would change
+- **Benefits** — explained in terms of locality and leverage, and how tests would improve
+
+**Use `specs/CONTEXT.md` vocabulary for the domain, and [LANGUAGE.md](LANGUAGE.md) vocabulary for the architecture.**
+
+**ADR conflicts**: if a candidate contradicts an existing ADR, only surface it when the friction is real enough to warrant revisiting the ADR. Mark it clearly. Don't list every theoretical refactor an ADR forbids.
+
+Do NOT propose interfaces yet. Ask the user: "Which of these would you like to explore?"
+
+### 3. Grilling loop
+
+Once the user picks a candidate, drop into a grilling conversation. Walk the design tree with them — constraints, dependencies, the shape of the deepened module, what sits behind the seam, what tests survive.
+
+Side effects happen inline as decisions crystallize:
+
+- **Naming a deepened module after a concept not in `specs/CONTEXT.md`?** Add the term to `specs/CONTEXT.md` — same discipline as `model-domain` (see [CONTEXT-FORMAT.md](../model-domain/CONTEXT-FORMAT.md)). Create the file lazily if it doesn't exist.
+- **Sharpening a fuzzy term during the conversation?** Update `specs/CONTEXT.md` right there.
+- **User rejects the candidate with a load-bearing reason?** Offer an ADR, framed as: _"Want me to record this as an ADR so future architecture reviews don't re-suggest it?"_ Only offer when the reason would actually be needed by a future explorer. See [ADR-FORMAT.md](../model-domain/ADR-FORMAT.md).
+- **Want to explore alternative interfaces for the deepened module?** See [INTERFACE-DESIGN.md](INTERFACE-DESIGN.md).