cap-pro 1.0.0

package/hooks/hooks.json

@@ -0,0 +1,55 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/dist/cap-version-check.js",
+            "timeout": 2
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/dist/cap-memory.js",
+            "timeout": 10
+          },
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/dist/cap-learn-review-hook.js",
+            "timeout": 5
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write|MultiEdit|NotebookEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/dist/cap-tag-observer.js"
+          },
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/dist/cap-learning-hook.js"
+          }
+        ]
+      },
+      {
+        "matcher": "Read",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/hooks/dist/cap-learning-hook.js"
+          }
+        ]
+      }
+    ]
+  }
+}

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "cap-pro",
+  "version": "1.0.0",
+  "description": "CAP Pro — Code-First engineering framework for Claude Code, OpenCode, Gemini, Codex, Copilot, Antigravity, Cursor & Windsurf. Build first, plan from code.",
+  "bin": {
+    "cap": "bin/install.js"
+  },
+  "files": [
+    "bin",
+    "commands",
+    "cap",
+    "agents",
+    "hooks/dist",
+    "hooks/hooks.json",
+    ".claude-plugin",
+    "scripts"
+  ],
+  "keywords": [
+    "cap",
+    "cap-pro",
+    "claude",
+    "claude-code",
+    "ai",
+    "code-first",
+    "code-as-plan",
+    "engineering-framework",
+    "prototype-driven",
+    "annotation-driven",
+    "farley"
+  ],
+  "author": "TÂCHES",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/dwall-sys/code-as-plan.git"
+  },
+  "homepage": "https://github.com/dwall-sys/code-as-plan",
+  "bugs": {
+    "url": "https://github.com/dwall-sys/code-as-plan/issues"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  },
+  "devDependencies": {
+    "esbuild": "^0.24.0",
+    "vitepress": "^1.5.0",
+    "vitest": "^4.1.2"
+  },
+  "scripts": {
+    "build:hooks": "node scripts/build-hooks.js",
+    "prepublishOnly": "npm run build:hooks",
+    "test": "node scripts/run-tests.cjs",
+    "test:coverage": "node scripts/run-tests.cjs --coverage",
+    "docs:dev": "vitepress dev docs-site",
+    "docs:build": "vitepress build docs-site",
+    "docs:preview": "vitepress preview docs-site"
+  }
+}

package/scripts/base64-scan.sh

@@ -0,0 +1,262 @@
+#!/usr/bin/env bash
+# base64-scan.sh — Detect base64-obfuscated prompt injection in source files
+#
+# Extracts base64 blobs >= 40 chars, decodes them, and checks decoded content
+# against the same injection patterns used by prompt-injection-scan.sh.
+#
+# Usage:
+#   scripts/base64-scan.sh --diff origin/main   # CI mode: scan changed files
+#   scripts/base64-scan.sh --file path/to/file   # Scan a single file
+#   scripts/base64-scan.sh --dir agents/          # Scan all files in a directory
+#
+# Exit codes:
+#   0 = clean
+#   1 = findings detected
+#   2 = usage error
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+MIN_BLOB_LENGTH=40
+
+# ─── Injection Patterns (decoded content) ────────────────────────────────────
+# Subset of patterns — if someone base64-encoded something, check for the
+# most common injection indicators.
+DECODED_PATTERNS=(
+  'ignore[[:space:]]+(all[[:space:]]+)?previous[[:space:]]+instructions'
+  'you[[:space:]]+are[[:space:]]+now[[:space:]]+'
+  'system[[:space:]]+prompt'
+  '</?system>'
+  '</?assistant>'
+  '\[SYSTEM\]'
+  '\[INST\]'
+  '<<SYS>>'
+  'override[[:space:]]+(system|safety|security)'
+  'pretend[[:space:]]+(you|to)[[:space:]]'
+  'act[[:space:]]+as[[:space:]]+(a|an|if)'
+  'jailbreak'
+  'bypass[[:space:]]+(safety|content|security)'
+  'eval[[:space:]]*\('
+  'exec[[:space:]]*\('
+  'rm[[:space:]]+-rf'
+  'curl[[:space:]].*\|[[:space:]]*sh'
+  'wget[[:space:]].*\|[[:space:]]*sh'
+)
+
+# ─── Ignorelist ──────────────────────────────────────────────────────────────
+
+IGNOREFILE=".base64scanignore"
+IGNORED_PATTERNS=()
+
+load_ignorelist() {
+  if [[ -f "$IGNOREFILE" ]]; then
+    while IFS= read -r line; do
+      # Skip comments and empty lines
+      [[ "$line" =~ ^[[:space:]]*# ]] && continue
+      [[ -z "${line// }" ]] && continue
+      IGNORED_PATTERNS+=("$line")
+    done < "$IGNOREFILE"
+  fi
+}
+
+is_ignored() {
+  local blob="$1"
+  if [[ ${#IGNORED_PATTERNS[@]} -eq 0 ]]; then
+    return 1
+  fi
+  for pattern in "${IGNORED_PATTERNS[@]}"; do
+    if [[ "$blob" == "$pattern" ]]; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+# ─── Skip Rules ──────────────────────────────────────────────────────────────
+
+should_skip_file() {
+  local file="$1"
+  # Skip binary files
+  case "$file" in
+    *.png|*.jpg|*.jpeg|*.gif|*.ico|*.woff|*.woff2|*.ttf|*.eot|*.otf) return 0 ;;
+    *.zip|*.tar|*.gz|*.bz2|*.xz|*.7z) return 0 ;;
+    *.pdf|*.doc|*.docx|*.xls|*.xlsx) return 0 ;;
+  esac
+  # Skip lockfiles and node_modules
+  case "$file" in
+    */node_modules/*) return 0 ;;
+    */package-lock.json) return 0 ;;
+    */yarn.lock) return 0 ;;
+    */pnpm-lock.yaml) return 0 ;;
+  esac
+  # Skip the scan scripts themselves and test files
+  case "$file" in
+    */base64-scan.sh) return 0 ;;
+    */security-scan.test.cjs) return 0 ;;
+  esac
+  return 1
+}
+
+is_data_uri() {
+  local context="$1"
+  # data:image/png;base64,... or data:application/font-woff;base64,...
+  echo "$context" | grep -qE 'data:[a-zA-Z]+/[a-zA-Z0-9.+-]+;base64,' 2>/dev/null
+}
+
+# ─── File Collection ─────────────────────────────────────────────────────────
+
+collect_files() {
+  local mode="$1"
+  shift
+
+  case "$mode" in
+    --diff)
+      local base="${1:-origin/main}"
+      git diff --name-only --diff-filter=ACMR "$base"...HEAD 2>/dev/null \
+        | grep -vE '\.(png|jpg|jpeg|gif|ico|woff|woff2|ttf|eot|otf|zip|tar|gz|pdf)$' || true
+      ;;
+    --file)
+      if [[ -f "$1" ]]; then
+        echo "$1"
+      else
+        echo "Error: file not found: $1" >&2
+        exit 2
+      fi
+      ;;
+    --dir)
+      local dir="$1"
+      if [[ ! -d "$dir" ]]; then
+        echo "Error: directory not found: $dir" >&2
+        exit 2
+      fi
+      find "$dir" -type f ! -path '*/node_modules/*' ! -path '*/.git/*' ! -path '*/dist/*' \
+        ! -name '*.png' ! -name '*.jpg' ! -name '*.gif' ! -name '*.woff*' 2>/dev/null || true
+      ;;
+    --stdin)
+      cat
+      ;;
+    *)
+      echo "Usage: $0 --diff [base] | --file <path> | --dir <path> | --stdin" >&2
+      exit 2
+      ;;
+  esac
+}
+
+# ─── Scanner ─────────────────────────────────────────────────────────────────
+
+extract_and_check_blobs() {
+  local file="$1"
+  local found=0
+  local line_num=0
+
+  while IFS= read -r line; do
+    line_num=$((line_num + 1))
+
+    # Skip data URIs — legitimate base64 usage
+    if is_data_uri "$line"; then
+      continue
+    fi
+
+    # Extract base64-like blobs (alphanumeric + / + = padding, >= MIN_BLOB_LENGTH)
+    local blobs
+    blobs=$(echo "$line" | grep -oE '[A-Za-z0-9+/]{'"$MIN_BLOB_LENGTH"',}={0,3}' 2>/dev/null || true)
+
+    if [[ -z "$blobs" ]]; then
+      continue
+    fi
+
+    while IFS= read -r blob; do
+      [[ -z "$blob" ]] && continue
+
+      # Check ignorelist
+      if [[ ${#IGNORED_PATTERNS[@]} -gt 0 ]] && is_ignored "$blob"; then
+        continue
+      fi
+
+      # Try to decode — if it fails, not valid base64
+      local decoded
+      decoded=$(echo "$blob" | base64 -d 2>/dev/null || echo "")
+
+      if [[ -z "$decoded" ]]; then
+        continue
+      fi
+
+      # Check if decoded content is mostly printable text (not random binary)
+      local printable_ratio
+      local total_chars=${#decoded}
+      if [[ $total_chars -eq 0 ]]; then
+        continue
+      fi
+
+      # Count printable ASCII characters
+      local printable_count
+      printable_count=$(echo -n "$decoded" | tr -cd '[:print:]' | wc -c | tr -d ' ')
+      # Skip if less than 70% printable (likely binary data, not obfuscated text)
+      if [[ $((printable_count * 100 / total_chars)) -lt 70 ]]; then
+        continue
+      fi
+
+      # Scan decoded content against injection patterns
+      for pattern in "${DECODED_PATTERNS[@]}"; do
+        if echo "$decoded" | grep -iqE "$pattern" 2>/dev/null; then
+          if [[ $found -eq 0 ]]; then
+            echo "FAIL: $file"
+            found=1
+          fi
+          echo "  line $line_num: base64 blob decodes to suspicious content"
+          echo "    blob: ${blob:0:60}..."
+          echo "    decoded: ${decoded:0:120}"
+          echo "    matched: $pattern"
+          break
+        fi
+      done
+    done <<< "$blobs"
+  done < "$file"
+
+  return $found
+}
+
+# ─── Main ────────────────────────────────────────────────────────────────────
+
+main() {
+  if [[ $# -eq 0 ]]; then
+    echo "Usage: $0 --diff [base] | --file <path> | --dir <path>" >&2
+    exit 2
+  fi
+
+  load_ignorelist
+
+  local mode="$1"
+  shift
+
+  local files
+  files=$(collect_files "$mode" "$@")
+
+  if [[ -z "$files" ]]; then
+    echo "base64-scan: no files to scan"
+    exit 0
+  fi
+
+  local total=0
+  local failed=0
+
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    if should_skip_file "$file"; then
+      continue
+    fi
+    total=$((total + 1))
+    if ! extract_and_check_blobs "$file"; then
+      failed=$((failed + 1))
+    fi
+  done <<< "$files"
+
+  echo ""
+  echo "base64-scan: scanned $total files, $failed with findings"
+
+  if [[ $failed -gt 0 ]]; then
+    exit 1
+  fi
+  exit 0
+}
+
+main "$@"

package/scripts/build-hooks.js

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+// @cap-feature(feature:F-009) Hooks System — build script (syntax validation + dist copy)
+// @cap-history(sessions:3, edits:4, since:2026-04-01, learned:2026-04-03) Frequently modified — 3 sessions, 4 edits
+/**
+ * Copy CAP hooks to dist for installation.
+ * Validates JavaScript syntax before copying to prevent shipping broken hooks.
+ * See #1107, #1109, #1125, #1161 — a duplicate const declaration shipped
+ * in dist and caused PostToolUse hook errors for all users.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const vm = require('vm');
+
+const HOOKS_DIR = path.join(__dirname, '..', 'hooks');
+const DIST_DIR = path.join(HOOKS_DIR, 'dist');
+
+// Hooks to copy (pure Node.js, no bundling needed)
+// @cap-decision(F-084/iter1) Stage-2 #1 fix: SessionStart hook registered in plugin manifest + dist build + manifest-test.
+//   `cap-version-check.js` MUST be in this list so the dist build copies it; otherwise
+//   hooks/hooks.json points at a missing file for npx-installed users (lesson-13: any
+//   feature shipping a hook MUST register it in BOTH hooks.json AND HOOKS_TO_COPY).
+const HOOKS_TO_COPY = [
+  'cap-check-update.js',
+  'cap-context-monitor.js',
+  'cap-learn-review-hook.js',
+  'cap-learning-hook.js',
+  'cap-memory.js',
+  'cap-prompt-guard.js',
+  'cap-statusline.js',
+  'cap-tag-observer.js',
+  'cap-version-check.js',
+  'cap-workflow-guard.js'
+];
+
+/**
+ * Validate JavaScript syntax without executing the file.
+ * Catches SyntaxError (duplicate const, missing brackets, etc.)
+ * before the hook gets shipped to users.
+ */
+function validateSyntax(filePath) {
+  const content = fs.readFileSync(filePath, 'utf8');
+  try {
+    // Use vm.compileFunction to check syntax without executing
+    new vm.Script(content, { filename: path.basename(filePath) });
+    return null; // No error
+  } catch (e) {
+    if (e instanceof SyntaxError) {
+      return e.message;
+    }
+    throw e;
+  }
+}
+
+function build() {
+  // Ensure dist directory exists
+  if (!fs.existsSync(DIST_DIR)) {
+    fs.mkdirSync(DIST_DIR, { recursive: true });
+  }
+
+  let hasErrors = false;
+
+  // Copy hooks to dist with syntax validation
+  for (const hook of HOOKS_TO_COPY) {
+    const src = path.join(HOOKS_DIR, hook);
+    const dest = path.join(DIST_DIR, hook);
+
+    if (!fs.existsSync(src)) {
+      console.warn(`Warning: ${hook} not found, skipping`);
+      continue;
+    }
+
+    // Validate syntax before copying
+    const syntaxError = validateSyntax(src);
+    if (syntaxError) {
+      console.error(`\x1b[31m✗ ${hook}: SyntaxError — ${syntaxError}\x1b[0m`);
+      hasErrors = true;
+      continue;
+    }
+
+    console.log(`\x1b[32m✓\x1b[0m Copying ${hook}...`);
+    fs.copyFileSync(src, dest);
+  }
+
+  if (hasErrors) {
+    console.error('\n\x1b[31mBuild failed: fix syntax errors above before publishing.\x1b[0m');
+    process.exit(1);
+  }
+
+  console.log('\nBuild complete.');
+}
+
+build();

package/scripts/cap-removal-checklist.md

@@ -0,0 +1,202 @@
+# CAP v2.0 -- GSD Removal Checklist
+
+<!-- @cap-context This document defines the COMPLETE removal plan for transitioning from GSD to CAP. It is NOT executed during prototyping -- it documents what gets removed when the clean break is made. -->
+<!-- @cap-decision Removal is documented as a checklist, not executed during prototype. This allows the current GSD infrastructure to keep working during development while clearly defining the target end state. -->
+
+<!-- @cap-todo(ref:AC-71) All /gsd:* commands shall be removed from the codebase -->
+<!-- @cap-todo(ref:AC-72) All gsd-* agent files shall be removed from the agents/ directory -->
+<!-- @cap-todo(ref:AC-73) Explicitly killed agents: gsd-discuss, gsd-planner, gsd-milestone-*, gsd-executor, gsd-annotator, and all discuss/plan phase agents -->
+<!-- @cap-todo(ref:AC-74) Artifacts no longer created or referenced: ROADMAP.md, REQUIREMENTS.md, STATE.md, MILESTONES.md, VERIFICATION.md, PLAN.md -->
+<!-- @cap-todo(ref:AC-75) CODE-INVENTORY.md evolved into enriched FEATURE-MAP.md -- standalone file removed -->
+<!-- @cap-todo(ref:AC-76) bin/install.js updated to reference CAP branding and commands -->
+<!-- @cap-todo(ref:AC-77) package.json name updated to cap (or code-as-plan fallback) -->
+
+---
+
+## 1. Agent Files to Remove (AC-72, AC-73)
+
+The following agent files in `agents/` shall be deleted:
+
+### Explicitly Killed Agents (AC-73)
+
+These agents represent the discuss/plan workflow that CAP eliminates:
+
+- [ ] `agents/gsd-planner.md` -- replaced by Feature Map + cap-prototyper
+- [ ] `agents/gsd-executor.md` -- replaced by cap-prototyper (prototype/iterate modes)
+- [ ] `agents/gsd-annotator.md` -- replaced by cap-prototyper (annotate mode)
+- [ ] `agents/gsd-brainstormer.md` -- replaced by cap-brainstormer
+- [ ] `agents/gsd-roadmapper.md` -- ROADMAP.md no longer exists
+- [ ] `agents/gsd-plan-checker.md` -- no plan phase to check
+- [ ] `agents/gsd-reviewer.md` -- replaced by cap-reviewer
+- [ ] `agents/gsd-tester.md` -- replaced by cap-tester
+- [ ] `agents/gsd-debugger.md` -- replaced by cap-debugger
+
+### Supporting Agents to Remove
+
+- [ ] `agents/gsd-advisor-researcher.md`
+- [ ] `agents/gsd-arc-executor.md`
+- [ ] `agents/gsd-arc-planner.md`
+- [ ] `agents/gsd-assumptions-analyzer.md`
+- [ ] `agents/gsd-code-planner.md`
+- [ ] `agents/gsd-codebase-mapper.md`
+- [ ] `agents/gsd-integration-checker.md`
+- [ ] `agents/gsd-nyquist-auditor.md`
+- [ ] `agents/gsd-phase-researcher.md`
+- [ ] `agents/gsd-project-researcher.md`
+- [ ] `agents/gsd-prototyper.md`
+- [ ] `agents/gsd-research-synthesizer.md`
+- [ ] `agents/gsd-ui-auditor.md`
+- [ ] `agents/gsd-ui-checker.md`
+- [ ] `agents/gsd-ui-researcher.md`
+- [ ] `agents/gsd-user-profiler.md`
+- [ ] `agents/gsd-verifier.md`
+
+**Agents to KEEP (CAP v2.0 agent set per AC-67):**
+- `agents/cap-brainstormer.md`
+- `agents/cap-prototyper.md`
+- `agents/cap-tester.md`
+- `agents/cap-reviewer.md`
+- `agents/cap-debugger.md`
+
+---
+
+## 2. Command Files to Remove (AC-71)
+
+All files in `commands/gsd/` shall be deleted. Current GSD commands:
+
+- [ ] `commands/gsd/add-backlog.md`
+- [ ] `commands/gsd/add-phase.md`
+- [ ] `commands/gsd/add-tests.md`
+- [ ] `commands/gsd/add-todo.md`
+- [ ] `commands/gsd/annotate.md`
+- [ ] `commands/gsd/audit-milestone.md`
+- [ ] `commands/gsd/audit-uat.md`
+- [ ] `commands/gsd/autonomous.md`
+- [ ] `commands/gsd/brainstorm.md`
+- [ ] `commands/gsd/check-todos.md`
+- [ ] `commands/gsd/cleanup.md`
+- [ ] `commands/gsd/complete-milestone.md`
+- [ ] `commands/gsd/debug.md`
+- [ ] `commands/gsd/deep-plan.md`
+- [ ] `commands/gsd/discuss-phase.md`
+- [ ] `commands/gsd/do.md`
+- [ ] `commands/gsd/execute-phase.md`
+- [ ] `commands/gsd/extract-plan.md`
+- [ ] `commands/gsd/fast.md`
+- [ ] `commands/gsd/forensics.md`
+- [ ] All remaining `commands/gsd/*.md` files
+
+**Commands to KEEP (CAP v2.0 command set):**
+- `commands/cap/init.md`
+- `commands/cap/brainstorm.md`
+- `commands/cap/prototype.md`
+- `commands/cap/iterate.md`
+- `commands/cap/annotate.md`
+- `commands/cap/scan.md`
+- `commands/cap/test.md`
+- `commands/cap/review.md`
+- `commands/cap/debug.md`
+- `commands/cap/status.md`
+- `commands/cap/start.md`
+- `commands/cap/refresh-docs.md`
+
+---
+
+## 3. Artifact References to Remove (AC-74)
+
+These planning artifacts shall no longer be created or referenced anywhere in the codebase:
+
+- [ ] `ROADMAP.md` -- eliminated; features are in FEATURE-MAP.md
+- [ ] `REQUIREMENTS.md` -- eliminated; ACs are in FEATURE-MAP.md
+- [ ] `STATE.md` -- eliminated; state is in SESSION.json
+- [ ] `MILESTONES.md` -- eliminated; no milestone concept in CAP
+- [ ] `VERIFICATION.md` -- eliminated; review output goes to .cap/REVIEW.md
+- [ ] `PLAN.md` -- eliminated; code is the plan
+- [ ] `CODE-INVENTORY.md` -- evolved into FEATURE-MAP.md (AC-75)
+
+### Files to grep and update:
+- [ ] `CLAUDE.md` -- remove all references to gsd:* commands and GSD workflow
+- [ ] `cap/references/arc-standard.md` -- update @gsd-* references to @cap-* or archive
+- [ ] Any README or documentation referencing GSD commands
+
+---
+
+## 4. Package Configuration Changes (AC-76, AC-77)
+
+### package.json updates (AC-77)
+
+```json
+{
+  "name": "cap",
+  "description": "CAP (Code As Plan) -- AI-native development where code IS the plan",
+  "bin": {
+    "cap": "bin/install.js"
+  },
+  "keywords": [
+    "cap",
+    "code-as-plan",
+    "claude",
+    "claude-code",
+    "ai",
+    "development-workflow"
+  ]
+}
+```
+
+Fallback name if `cap` is taken on npm: `code-as-plan`
+
+### bin/install.js updates (AC-76)
+
+- [ ] Update branding strings from "GSD" / "Get Shit Done" to "CAP" / "Code As Plan"
+- [ ] Update command references from `/gsd:*` to `/cap:*`
+- [ ] Update binary name from `cap-cc` to `cap`
+- [ ] Update repository URLs if repo is renamed
+
+### npm files array update (AC-99)
+
+```json
+{
+  "files": [
+    "bin",
+    "commands/cap",
+    "cap",
+    "agents",
+    "hooks/dist",
+    "scripts"
+  ]
+}
+```
+
+Note: `commands/cap` instead of `commands` to exclude `commands/gsd/` from distribution.
+
+---
+
+## 5. Distribution Changes (AC-97, AC-98, AC-99)
+
+- [ ] Package installable via `npx cap@latest` (AC-97)
+- [ ] Build uses esbuild following `scripts/build-hooks.js` pattern (AC-98)
+- [ ] npm `files` array includes: bin, commands/cap, agents, hooks/dist, scripts (AC-99)
+
+---
+
+## 6. Post-Removal Verification
+
+After executing the removal:
+
+1. [ ] `ls agents/` shows only 5 cap-* files
+2. [ ] `ls commands/` shows only `commands/cap/` directory
+3. [ ] `grep -r "gsd:" commands/ agents/` returns no results
+4. [ ] `grep -r "ROADMAP\|REQUIREMENTS\|STATE\.md\|MILESTONES\|VERIFICATION\|PLAN\.md" commands/ agents/` returns no results
+5. [ ] `npm test` passes
+6. [ ] `npx cap@latest` installs and runs
+7. [ ] `/cap:init` creates correct structure
+8. [ ] `/cap:scan` detects tags correctly
+
+---
+
+## Execution Notes
+
+- This removal should be executed as a SINGLE atomic operation (one commit)
+- All tests must be updated to reference CAP instead of GSD before removal
+- The `.planning/` directory contents are NOT part of the distributed package and can remain as historical reference
+- The `cap/` directory name is a legacy artifact that may be renamed in a future pass (low priority)