cclaw-cli 0.6.0 → 0.7.1

package/dist/content/meta-skill.js

@@ -89,14 +89,44 @@ These skills live in \`.cclaw/skills/\` but have no slash commands. They activat
 
 **Activation rule:** When a contextual skill applies, read its SKILL.md and follow it as a supplementary lens alongside the current stage. Do not skip the stage workflow — the contextual skill adds depth, not a detour.
 
+### Opt-in language rule packs
+
+cclaw stays language-agnostic by default. Projects that want language-specific
+review lenses can enable opt-in rule packs in \`.cclaw/config.yaml\`:
+
+\`\`\`yaml
+languageRulePacks:
+  - typescript   # → .cclaw/rules/lang/typescript.md
+  - python       # → .cclaw/rules/lang/python.md
+  - go           # → .cclaw/rules/lang/go.md
+\`\`\`
+
+After editing the list, run \`cclaw sync\` to materialize the enabled packs
+under \`.cclaw/rules/lang/\` (one \`<language>.md\` file per pack, each with
+YAML frontmatter declaring \`stages\` and \`triggers\`). Packs activate during
+\`tdd\` and \`review\` when the diff touches files in their language. They are
+additive lenses — Tier-1 rules block merge, Tier-2 rules require a named
+follow-up. Never silently override them.
+
+\`cclaw sync\` and \`cclaw doctor\` also refuse the legacy v0.7.0 location
+\`.cclaw/skills/language-*/\` — if a project still has those folders,
+\`sync\` removes them on the next run and \`doctor\` surfaces the drift until
+they are gone.
+
 ## Custom Skills (project-owned, sync-safe)
 
 \`.cclaw/custom-skills/\` is a sync-safe directory. \`cclaw sync\` and \`cclaw upgrade\` **never overwrite** files there.
 
 Use it to add **project-specific** skills that complement the managed library:
 
-- Each skill: \`.cclaw/custom-skills/<folder>/SKILL.md\` with the same frontmatter format as managed skills (\`name\` + \`description\` triggering routing).
-- Activate by mentioning the skill name explicitly, or rely on semantic routing from the description.
+- Each skill: \`.cclaw/custom-skills/<folder>/SKILL.md\` following the public-API frontmatter schema documented in \`.cclaw/custom-skills/README.md\`.
+- The frontmatter public API is stable across cclaw releases: \`name\`, \`description\` (required), plus optional \`stages\`, \`triggers\`, \`hardGate\`, \`owners\`, \`version\`.
+- Routing precedence when loading a stage:
+  1. Active stage skill under \`.cclaw/skills/<stage>/\`.
+  2. Managed utility skills whose trigger matches (\`landscape-check\`, \`security-audit\`, \`adversarial-review\`, etc.).
+  3. **Custom skills** whose \`stages\` array includes the active stage (or is missing) AND whose \`description\` / \`triggers\` match the prompt.
+- Custom skills are **never mandatory delegations** — they are opt-in lenses. If you need a mandatory dispatch, promote the skill upstream or add a managed specialist instead.
+- Activate by mentioning the skill name explicitly, or rely on semantic routing from the description + triggers.
 - See \`.cclaw/custom-skills/README.md\` for the full convention and a starter template under \`.cclaw/custom-skills/example/\`.
 
 If a custom skill turns out to generalize (e.g. another project would want the same lens), promote it to a managed skill via a contribution to the cclaw repo — managed skills get versioning and maintenance.
@@ -129,13 +159,27 @@ When a stage requires user input (approval, choice, direction), use this structu
 2. **Present options** as labeled choices (A, B, C...) with:
    - One-line description of each option
    - Trade-off or consequence
+   - **\`Completeness: X/10\`** — how thoroughly does this option cover the dimensions the stage cares about (failure modes, data flow, blast radius, observability, rollback, etc. — pick the dimensions that matter for *this* decision and subtract for each gap). Force a numeric score; vague text scores ≤ 5.
    - Mark one as **(recommended)** with brief why
-3. **Use the harness ask-user tool** when available:
+3. **Pick the highest-scoring option as the recommendation.** If scores tie, prefer the option with the smallest blast radius (review/ship), the lowest risk (design/spec), or the most reversible outcome (ship finalization).
+4. **Use the harness ask-user tool** when available:
    - Claude Code: \`AskUserQuestion\` tool
    - Cursor: \`AskQuestion\` tool with options array
    - Codex/OpenCode: numbered list in message (no native ask tool)
-4. **Wait for response.** Do not proceed until the user picks.
-5. **Commit to the choice.** Once decided, do not re-argue.
+5. **Wait for response.** Do not proceed until the user picks.
+6. **Commit to the choice.** Once decided, do not re-argue.
+
+### Completeness scoring rubric (apply per option)
+
+| Score | Meaning |
+|---|---|
+| 9-10 | Closes the decision with no carry-over risk; covers every dimension stage cares about. |
+| 7-8 | Closes the decision with a small named follow-up; one dimension partially covered. |
+| 5-6 | Plausible but leaves at least one dimension visibly open; needs follow-up before next stage. |
+| 3-4 | Workaround, not a solution; defers the real problem. |
+| 0-2 | Wishful thinking; do not recommend. |
+
+Always show the score next to the option label, e.g. \`(B) [Completeness: 8/10]\`.
 
 ### When to use structured asks vs conversational
 - **Structured (tool):** Architecture choices, scope decisions, approval gates, mode selection, scope boundary issues
@@ -152,10 +196,12 @@ Watch for these anti-patterns:
 
 ## Knowledge Integration
 
-At session start and stage transitions, check \`.cclaw/knowledge.md\` for project-specific knowledge:
-- Review recent entries and apply relevant rules/patterns to the current task
-- If you discover a non-obvious reusable rule or pattern, append a new entry with type \`rule\`, \`pattern\`, or \`lesson\`
+At session start and stage transitions, stream \`.cclaw/knowledge.jsonl\` (the canonical strict-JSONL knowledge store) and apply relevant entries:
+- Each line is one JSON object with fields \`type, trigger, action, confidence, domain, stage, created, project\`.
+- Review recent entries and apply relevant rules/patterns to the current task.
+- If you discover a non-obvious reusable rule or pattern, append one new JSON line via \`/cc-learn add\` with type \`rule\`, \`pattern\`, \`lesson\`, or \`compound\`.
 
-Knowledge capture is append-only and should preserve historical context rather than rewriting prior entries.
+Knowledge capture is append-only and strict-schema. Never rewrite or delete
+historical entries; corrections are new lines whose \`trigger\` supersedes the earlier one.
 `;
 }

package/dist/content/session-hooks.js

@@ -26,7 +26,7 @@ These are prompt-discipline guidelines that complement the real hooks cclaw gene
 When a new session begins in any harness:
 
 1. **Read flow state:** Load \`.cclaw/state/flow-state.json\` to find the current stage and completed stages.
-2. **Load knowledge:** Review recent entries from \`.cclaw/knowledge.md\` and surface the most relevant rules/patterns.
+2. **Load knowledge:** Stream the tail of \`.cclaw/knowledge.jsonl\` (strict JSONL store) and surface the most relevant rules/patterns.
 3. **Check for in-progress work:** If the last stage is incomplete, remind the user and offer to resume.
 4. **Load suggestion memory:** Read \`.cclaw/state/suggestion-memory.json\` and honor \`enabled=false\` opt-out.
 5. **Read AGENTS.md:** The cclaw block contains routing and rules — follow them.
@@ -45,7 +45,7 @@ Before ending a session or when context is full:
 
 1. **Verify no pending changes:** All modified files must be either committed or explicitly reverted.
 2. **Update flow state:** Mark the current stage as its actual status (DONE / DONE_WITH_CONCERNS / BLOCKED).
-3. **Write knowledge:** If any non-obvious reusable insight appears, append to \`.cclaw/knowledge.md\` with type \`rule\`, \`pattern\`, or \`lesson\`.
+3. **Write knowledge:** If any non-obvious reusable insight appears, append one strict-schema JSON line to \`.cclaw/knowledge.jsonl\` with type \`rule\`, \`pattern\`, \`lesson\`, or \`compound\`.
 4. **Create checkpoint:** Write a brief status note to the current artifact or as a comment in flow-state.json.
 
 ### Stop conditions (agent must halt and report)

package/dist/content/skills.js

@@ -81,7 +81,7 @@ Before starting stage execution:
 2. Resolve active artifact root: \`.cclaw/artifacts/\`.
 3. Load upstream artifacts required by this stage:
 ${readLines}
-4. Read \`.cclaw/knowledge.md\` and apply relevant entries before making decisions.
+4. Stream \`.cclaw/knowledge.jsonl\` (strict-JSONL knowledge store) and apply relevant entries before making decisions.
 `;
 }
 function whenNotToUseBlock(stage) {
@@ -236,7 +236,7 @@ function progressiveDisclosureBlock(stage) {
 - Primary stage procedure (this file): \`.cclaw/skills/${schema.skillFolder}/SKILL.md\`
 - Orchestrator contract (gate language and handoff): \`.cclaw/commands/${stage}.md\`
 - Artifact structure baseline: \`.cclaw/templates/${schema.artifactFile}\`
-- Runtime state truth source: \`.cclaw/state/flow-state.json\` + \`.cclaw/artifacts/\` + \`.cclaw/knowledge.md\`
+- Runtime state truth source: \`.cclaw/state/flow-state.json\` + \`.cclaw/artifacts/\` + \`.cclaw/knowledge.jsonl\`
 
 ### See also
 - Meta routing and activation rules: \`.cclaw/skills/using-cclaw/SKILL.md\`

package/dist/content/stage-schema.d.ts

@@ -28,10 +28,25 @@ export interface ArtifactValidation {
 }
 export interface StageAutoSubagentDispatch {
     agent: "planner" | "spec-reviewer" | "code-reviewer" | "security-reviewer" | "test-author" | "doc-updater";
-    mode: "mandatory" | "proactive";
+    /**
+     * - `mandatory` — must be dispatched (or explicitly waived) before stage transition.
+     * - `proactive` — should be dispatched automatically when context matches `when`.
+     * - `conditional` — dispatched only when `condition` evaluates true at runtime; counted as
+     *   mandatory **only when the condition holds**.
+     */
+    mode: "mandatory" | "proactive" | "conditional";
     when: string;
     purpose: string;
     requiresUserGate: boolean;
+    /**
+     * Optional machine-friendly trigger expression for `conditional` rows.
+     * Supported predicates: `diff_lines_gt:<N>`, `files_touched_gt:<N>`,
+     * `trust_boundary_changed`, `release_blast_radius_high`.
+     * Multiple predicates joined by `||` mean ANY trigger satisfies the condition.
+     */
+    condition?: string;
+    /** Optional skill folder the dispatched agent should load as additional context. */
+    skill?: string;
 }
 export interface NamedAntiPattern {
     title: string;
@@ -80,6 +95,8 @@ export declare const QUESTION_FORMAT_SPEC: string;
 export declare const ERROR_BUDGET_SPEC: string;
 /** Transition guard: agents with `mode: "mandatory"` in auto-subagent dispatch for this stage. */
 export declare function mandatoryDelegationsForStage(stage: FlowStage): string[];
+/** Conditional dispatches that become mandatory only when their `condition` predicate evaluates true. */
+export declare function conditionalDispatchesForStage(stage: FlowStage): StageAutoSubagentDispatch[];
 export declare function stageSchema(stage: FlowStage): StageSchema;
 export declare function orderedStageSchemas(): StageSchema[];
 export declare function stageGateIds(stage: FlowStage): string[];

package/dist/content/stage-schema.js

@@ -195,7 +195,7 @@ const SCOPE = {
         "**Error and Rescue Registry** — For each capability: what breaks, how detected, what fallback."
     ],
     interactionProtocol: [
-        "For scope mode selection: use the Decision Protocol — present expand/selective/hold/reduce as labeled options with trade-offs and mark one as (recommended). Base your recommendation on default heuristics: greenfield -> expand, enhancement -> selective, bugfix/hotfix/refactor -> hold, broad blast radius -> reduce. If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
+        "For scope mode selection: use the Decision Protocol — present expand/selective/hold/reduce as labeled options with trade-offs and mark one as (recommended). **Score each option `Completeness: X/10`** (10 = covers every prime-directive failure mode, four data-flow paths, observability, and deferred handling for the in-scope set; subtract for each gap). Recommend the highest-scoring option; if scores tie, pick the lowest blast radius. Base your recommendation on default heuristics: greenfield -> expand, enhancement -> selective, bugfix/hotfix/refactor -> hold, broad blast radius -> reduce. If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
         "Walk through the scope checklist interactively. Each checklist item that surfaces a decision should be presented to the user as a question, not as a monologue. Do not dump all items at once.",
         "Challenge premise and verify the problem framing before anything else.",
         "Take a position on every scope decision. Avoid hedging phrases like 'this could work' or 'there are many ways'; state your recommendation and one concrete condition that would change it.",
@@ -405,7 +405,7 @@ const DESIGN = {
     interactionProtocol: [
         "Review architecture decisions section-by-section.",
         "For EACH issue found in a review section, present it ONE AT A TIME. Do NOT batch multiple issues.",
-        "For each issue: use the Decision Protocol — describe concretely with file/line references, present labeled options (A/B/C) with trade-offs, effort estimate (S/M/L/XL), risk level (Low/Med/High), and mark one as (recommended). If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
+        "For each issue: use the Decision Protocol — describe concretely with file/line references, present labeled options (A/B/C) with trade-offs, effort estimate (S/M/L/XL), risk level (Low/Med/High), **`Completeness: X/10` per option** (10 = fully addresses architecture/data-flow/failure-modes/test+perf review concerns for the issue, subtract for each unaddressed dimension), and mark one as (recommended). Prefer the highest-scoring option; if scores tie, prefer the lower-risk one. If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
         "Only proceed to the next review section after ALL issues in the current section are resolved.",
         "If a section has no issues, say 'No issues found' and move on.",
         "Do not skip failure-mode mapping.",
@@ -1108,10 +1108,11 @@ const REVIEW = {
     checklist: [
         "Diff Scope — Run `git diff` against base branch. If no diff, exit early with APPROVED (no changes to review). Scope the review to changed files unless blast-radius analysis requires wider inspection.",
         "Change-Size Check — ~100 lines = normal. ~300 lines = consider splitting. ~1000+ lines = strongly recommend stacked PRs. Flag large diffs to the user.",
+        "Adversarial Trigger Check — compute changed-line count (`git diff --shortstat <base>..HEAD`), files-touched count, and whether trust boundaries changed (auth/secrets/external inputs/permissions). If `lines > 100` OR `files > 10` OR `trust boundary changed`, **dispatch a SECOND code-reviewer agent with the `adversarial-review` skill loaded** and reconcile its findings into the review army (treat the conditional dispatch as mandatory whenever the trigger holds; record the trigger that fired in the dashboard).",
         "Load upstream evidence — read TDD artifact (RED + GREEN + REFACTOR), spec, and plan. Verify evidence chain is unbroken.",
         "Layer 1: Spec Compliance — check every acceptance criterion against implementation. Verdict: pass/fail per criterion.",
         "Layer 2a: Correctness — logic errors, race conditions, boundary violations, null handling.",
-        "Layer 2b: Security — input validation, auth boundaries, secrets exposure, injection vectors.",
+        "Layer 2b: Security — input validation, auth boundaries, secrets exposure, injection vectors. **Mandatory:** also load and execute the `.cclaw/skills/security-audit/SKILL.md` utility skill (proactive pattern sweep across diff + touched modules, not just the diff itself) and merge findings into the review army. The Layer 2 security pass is not complete until the audit sweep records a finding count (0 acceptable) with file:line evidence for every Critical.",
         "Layer 2c: Performance — N+1 queries, memory leaks, missing caching, hot paths.",
         "Layer 2d: Architecture Fit — does the implementation match the locked design? Coupling, cohesion, interface contracts.",
         "Layer 2e: External Safety — SQL safety, concurrency, secrets in logs, enum completeness (grep outside diff), LLM trust boundaries.",
@@ -1124,7 +1125,7 @@ const REVIEW = {
         "Run Layer 1 (spec compliance) completely before starting Layer 2.",
         "In each review section, present findings ONE AT A TIME. Do NOT batch.",
         "Classify every finding as Critical, Important, or Suggestion.",
-        "For each Critical finding: use the Decision Protocol — present resolution options (A/B/C) with trade-offs and mark one as (recommended). If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
+        "For each Critical finding: use the Decision Protocol — present resolution options (A/B/C) with trade-offs, **score each option `Completeness: X/10`** (10 = fully closes the finding with no carry-over risk; subtract for partial fixes, deferred follow-ups, or new risk introduced), and mark one as (recommended). Prefer the highest-scoring option; if scores tie, prefer the option with the smallest blast radius. If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
         "Resolve all critical blockers before ship.",
         "For final verdict: use AskQuestion/AskUserQuestion only if runtime schema is confirmed; otherwise collect verdict with a plain-text single-choice prompt (APPROVED / APPROVED_WITH_CONCERNS / BLOCKED).",
         "**STOP.** Do NOT proceed to ship until the user provides an explicit verdict."
@@ -1148,7 +1149,8 @@ const REVIEW = {
         { id: "review_severity_classified", description: "All findings are severity-tagged." },
         { id: "review_criticals_resolved", description: "No unresolved critical blockers remain." },
         { id: "review_army_json_valid", description: "07-review-army.json passes schema validation (validateReviewArmy)." },
-        { id: "review_completeness_scored", description: "Completeness score is computed and recorded (AC coverage, task coverage, slice coverage, adversarial pass)." }
+        { id: "review_completeness_scored", description: "Completeness score is computed and recorded (AC coverage, task coverage, slice coverage, adversarial pass)." },
+        { id: "review_security_audit_swept", description: "The security-audit utility skill was run against the diff scope and the modules it touches. Finding count (0 if clean) recorded in the review army with file:line evidence for every Critical." }
     ],
     requiredEvidence: [
         "Artifact written to `.cclaw/artifacts/07-review.md`.",
@@ -1289,7 +1291,7 @@ const REVIEW = {
         { section: "Layer 1 Verdict", required: true, validationRule: "Per-criterion pass/fail with references." },
         { section: "Layer 2 Findings", required: true, validationRule: "Each finding has severity, description, and resolution status." },
         { section: "Review Army Contract", required: true, validationRule: "Structured findings include id/severity/confidence/fingerprint/reportedBy/status with dedup reconciliation summary." },
-        { section: "Review Readiness Dashboard", required: true, validationRule: "At least 4 readiness checklist lines including blocker and recommendation status." },
+        { section: "Review Readiness Dashboard", required: true, validationRule: "Includes a per-pass table (Layer 1 / Layer 2 / Adversarial / Schema) with a 'Completed at' column, a Delegation log snapshot block (path .cclaw/state/delegation-log.json with required/completed/waived/pending), a Staleness signal block (commit at last review pass and current commit), and a Headline with open critical blockers + ship recommendation. At minimum, the section text must contain the substrings 'Completed at', 'delegation-log.json', 'commit at last review pass', and 'Ship recommendation'." },
         { section: "Completeness Score", required: true, validationRule: "Records AC coverage, task coverage, test-slice coverage, and adversarial-review pass status as numeric or boolean values. At minimum, a line like 'AC coverage: N/M' or 'AC coverage: 100%'." },
         { section: "Severity Summary", required: true, validationRule: "Per-severity count lines for critical, important, and suggestion buckets." },
         { section: "Final Verdict", required: true, validationRule: "Exactly one of: APPROVED, APPROVED_WITH_CONCERNS, BLOCKED." }
@@ -1334,7 +1336,7 @@ const SHIP = {
     interactionProtocol: [
         "Run preflight checks before any release action.",
         "Document release notes and rollback plan explicitly.",
-        "For finalization mode: use the Decision Protocol — present modes as labeled options (A/B/C/D) with consequences and mark one as (recommended). If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
+        "For finalization mode: use the Decision Protocol — present modes as labeled options (A/B/C/D) with consequences, **score each option `Completeness: X/10`** (10 = fully addresses release blast-radius, rollback readiness, observability, and stakeholder communication), and mark one as (recommended). Prefer the highest-scoring option; if scores tie, prefer the most reversible one. If AskQuestion/AskUserQuestion is available, send exactly ONE question per call, validate fields against runtime schema, and on schema error immediately fall back to plain-text question instead of retrying guessed payloads.",
         "Do not proceed if critical blockers remain from review.",
         "**STOP.** Present finalization options and wait for user selection before executing any finalization action."
     ],
@@ -1453,7 +1455,7 @@ const SHIP = {
         { section: "Monitoring", required: false, validationRule: "If applicable: what metrics/logs to watch post-deploy. Risk note if no monitoring." },
         { section: "Finalization", required: true, validationRule: "Exactly one finalization enum token selected. Execution result documented. Worktree cleaned if applicable." },
         { section: "Completion Status", required: false, validationRule: "If present: exactly one of SHIPPED, SHIPPED_WITH_EXCEPTIONS, BLOCKED. Exceptions documented when applicable." },
-        { section: "Compound Step", required: false, validationRule: "Optional retrospective: at least one bullet of the form 'Insight: ... | Action: append [compound] entry to .cclaw/knowledge.md', or an explicit 'No compound insight this run.' line." }
+        { section: "Compound Step", required: false, validationRule: "Optional retrospective: at least one bullet of the form 'Insight: ... | Action: append [compound] entry to .cclaw/knowledge.jsonl', or an explicit 'No compound insight this run.' line." }
     ],
     namedAntiPattern: {
         title: "Green CI Means Safe to Merge",
@@ -1568,8 +1570,18 @@ const STAGE_AUTO_SUBAGENT_DISPATCH = {
             agent: "security-reviewer",
             mode: "mandatory",
             when: "Always in review stage. Even when no trust boundaries changed, produce an explicit 'no-change' security attestation.",
-            purpose: "Guarantee a dedicated security pass on every diff: auth, input validation, secrets, injection, privilege, and blast-radius review are never opt-in.",
-            requiresUserGate: false
+            purpose: "Guarantee a dedicated security pass on every diff: auth, input validation, secrets, injection, privilege, and blast-radius review are never opt-in. MUST load the `security-audit` skill and run a pattern-based sweep across the diff scope and touched modules in addition to the per-diff Layer 2 security checklist.",
+            requiresUserGate: false,
+            skill: "security-audit"
+        },
+        {
+            agent: "code-reviewer",
+            mode: "conditional",
+            condition: "diff_lines_gt:100||files_touched_gt:10||trust_boundary_changed",
+            when: "When the diff exceeds 100 changed lines, touches more than 10 files, or modifies trust boundaries — dispatch a SECOND, independent code-reviewer with the adversarial-review skill loaded so the review army has at least two voices on a high-blast-radius change.",
+            purpose: "Adversarial second-opinion review on large or trust-sensitive diffs. The second reviewer treats the implementation as hostile and tries to break it (hostile-user, future-maintainer, competitor lenses) instead of sympathetically explaining it.",
+            requiresUserGate: false,
+            skill: "adversarial-review"
         }
     ],
     ship: [
@@ -1595,6 +1607,10 @@ export function mandatoryDelegationsForStage(stage) {
         .filter((d) => d.mode === "mandatory")
         .map((d) => d.agent);
 }
+/** Conditional dispatches that become mandatory only when their `condition` predicate evaluates true. */
+export function conditionalDispatchesForStage(stage) {
+    return STAGE_AUTO_SUBAGENT_DISPATCH[stage].filter((d) => d.mode === "conditional");
+}
 export function stageSchema(stage) {
     const base = STAGE_SCHEMA_MAP[stage];
     return {

package/dist/content/start-command.js

@@ -33,10 +33,22 @@ This is the **recommended way to start** working with cclaw. Use \`/cc-next\` fo
 
 1. Read \`${flowPath}\`.
 2. If flow already has completed stages beyond brainstorm, warn the user that starting a new brainstorm will reset progress. Ask for confirmation before proceeding.
-3. Write the prompt to \`.cclaw/artifacts/00-idea.md\` as the raw idea capture.
-4. Set \`currentStage: "brainstorm"\` in flow state (reset if needed).
-5. Load \`.cclaw/skills/brainstorming/SKILL.md\` and \`.cclaw/commands/brainstorm.md\`.
-6. Execute brainstorm with the prompt as initial context.
+3. **Track heuristic** — classify the idea text and **recommend** a track (the user can override before any state mutation):
+   - **quick** (\`spec → tdd → review → ship\`) — single-purpose work where the spec is essentially already known.
+     Triggers (case-insensitive substring or close variant): \`bug\`, \`bugfix\`, \`fix\`, \`hotfix\`, \`patch\`, \`typo\`, \`regression\`, \`copy change\`, \`rename\`, \`bump\`, \`upgrade dep\`, \`config tweak\`, \`docs only\`, \`comment\`, \`lint\`, \`format\`, \`small\`, \`tiny\`, \`one-liner\`, \`revert\`.
+   - **standard** (full 8 stages — default) — anything that introduces a new capability, touches multiple modules, or has unclear scope.
+     Triggers: \`new feature\`, \`add\`, \`build\`, \`design\`, \`refactor\`, \`migration\`, \`platform\`, \`architecture\`, \`endpoint\`, \`schema\`, \`api\`, \`integrate\`, \`workflow\`, \`onboarding\`, or any prompt that does not match quick triggers.
+   - When triggers conflict (e.g. "small refactor that touches 5 modules") prefer **standard** — quick is opt-in and only safe when scope is genuinely tiny.
+4. Present the recommendation as a single decision with explicit options:
+   > \`Recommended track: <quick|standard>\` because \`<one-line reason citing matched triggers>\`.
+   > Override? (A) keep \`<recommended>\`  (B) switch to \`<other>\`  (C) cancel.
+   If \`AskQuestion\`/\`AskUserQuestion\` is available, send exactly ONE question; on schema error, fall back to plain text.
+5. Persist the chosen track to \`${flowPath}\` (\`track\` field). Compute \`skippedStages\` from the track and write that too. Use the **first stage of the chosen track** as \`currentStage\` (quick → \`spec\`, standard → \`brainstorm\`).
+6. Write the prompt to \`.cclaw/artifacts/00-idea.md\` as the raw idea capture, and append a \`Track:\` line referencing the chosen track and the matched heuristic.
+7. Load the **first-stage skill for the chosen track** and its command file:
+   - quick → \`.cclaw/skills/specification-authoring/SKILL.md\` + \`.cclaw/commands/spec.md\`
+   - standard → \`.cclaw/skills/brainstorming/SKILL.md\` + \`.cclaw/commands/brainstorm.md\`
+8. Execute that stage with the prompt as initial context.
 
 ### Without prompt (\`/cc\`)
 
@@ -81,9 +93,20 @@ Do **not** silently discard an existing flow when the user provides a prompt. If
    - Inform: "You have an active flow at stage **{currentStage}** with {N} completed stages. Starting a new brainstorm will reset progress."
    - Ask: "Continue with reset? (A) Yes, start fresh (B) No, resume current flow"
    - If (B) → switch to Path B behavior.
-3. Write \`${RUNTIME_ROOT}/artifacts/00-idea.md\` with the user's prompt.
-4. Update \`${flowPath}\`: set \`currentStage: "brainstorm"\`, clear \`completedStages\`, reset gate catalog.
-5. Load and execute: \`${RUNTIME_ROOT}/skills/brainstorming/SKILL.md\` + \`${RUNTIME_ROOT}/commands/brainstorm.md\`.
+3. **Classify the idea** using the heuristic below and present a single track recommendation. Wait for explicit confirmation or override before mutating any state.
+
+   **Track heuristic** (lowercase substring match against the user prompt):
+
+   | Track | Triggers | Use when |
+   |---|---|---|
+   | \`quick\` | \`bug\`, \`bugfix\`, \`fix\`, \`hotfix\`, \`patch\`, \`typo\`, \`regression\`, \`rename\`, \`bump\`, \`upgrade dep\`, \`docs only\`, \`comment\`, \`lint\`, \`format\`, \`small\`, \`tiny\`, \`one-liner\`, \`revert\`, \`copy change\` | Single-purpose, spec is essentially known, low blast radius |
+   | \`standard\` | \`new feature\`, \`add\`, \`build\`, \`design\`, \`refactor\`, \`migration\`, \`platform\`, \`architecture\`, \`endpoint\`, \`schema\`, \`api\`, \`integrate\`, \`workflow\`, \`onboarding\` (or no quick trigger matched) | Anything new, multi-module, or unclear scope |
+
+   - On conflict, prefer \`standard\` (quick is opt-in for genuinely tiny work).
+   - Always state the recommendation as a one-line reason citing the matched trigger.
+4. Persist the chosen track in \`${flowPath}\` (\`track\` + \`skippedStages\`). Set \`currentStage\` to the first stage of the chosen track (\`quick\` → \`spec\`, \`standard\` → \`brainstorm\`). Reset gate catalog.
+5. Write \`${RUNTIME_ROOT}/artifacts/00-idea.md\` with the user's prompt and an explicit \`Track:\` line capturing the heuristic decision.
+6. Load and execute the **first stage skill of the chosen track** (\`brainstorming\` for standard, \`specification-authoring\` for quick) plus its matching command file.
 
 ### Path B: \`/cc\` (no arguments)
 

package/dist/content/status-command.js

@@ -8,7 +8,16 @@ function delegationLogPath() {
     return `${RUNTIME_ROOT}/state/delegation-log.json`;
 }
 function knowledgePath() {
-    return `${RUNTIME_ROOT}/knowledge.md`;
+    return `${RUNTIME_ROOT}/knowledge.jsonl`;
+}
+function contextModePath() {
+    return `${RUNTIME_ROOT}/state/context-mode.json`;
+}
+function checkpointPath() {
+    return `${RUNTIME_ROOT}/state/checkpoint.json`;
+}
+function stageActivityPath() {
+    return `${RUNTIME_ROOT}/state/stage-activity.jsonl`;
 }
 /**
  * Command contract for /cc-status — a read-only snapshot command.
@@ -39,9 +48,15 @@ time to answer "where are we?" without advancing the flow.
    \`skippedStages\`, and per-stage gate catalog.
 2. Read **\`${delegationPath}\`** — count delegated / completed / waived / pending entries
    for the current stage's \`mandatoryDelegations\`.
-3. Read the top of **\`${knowledgePath}\`** — surface up to 3 most recent entries
+3. Read **\`${contextModePath()}\`** — surface \`activeMode\` (default if missing).
+4. Compute **time in current stage** from the most recent stage-entry signal:
+   - Prefer \`${checkpointPath()}\`'s \`timestamp\` when its \`stage\` matches \`currentStage\`.
+   - Otherwise scan \`${stageActivityPath()}\` from the end for the first entry whose \`stage\` matches \`currentStage\` and use its \`ts\`.
+   - Compute the duration as \`now - signalTimestamp\` and render compactly: \`<X>m\`, \`<X>h<Y>m\`, or \`<X>d<Y>h\`.
+   - If no signal exists, render \`(unknown)\`.
+5. Read the top of **\`${knowledgePath}\`** — surface up to 3 most recent entries
    (by trailing timestamp or source marker).
-4. Emit the status block described below. Do **not** load any stage skill.
+6. Emit the status block described below. Do **not** load any stage skill.
 
 ## Status Block Format
 
@@ -49,6 +64,8 @@ time to answer "where are we?" without advancing the flow.
 cclaw status
   track:            <quick|standard>
   current stage:    <stage>     (<N>/<total> in track)
+  time in stage:    <Xd Yh | Yh Zm | Zm | unknown>
+  context mode:     <activeMode>     (default | execution | review | incident | …)
   completed stages: <list or "none">
   skipped stages:   <list or "none">
 
@@ -109,11 +126,16 @@ a read-only command.
 
 1. Read \`${flowPath}\`. If missing → report **BLOCKED: flow state absent** and suggest \`cclaw init\`.
 2. Read \`${delegationPath}\`. Missing → treat all mandatory delegations as pending.
-3. Read \`${RUNTIME_ROOT}/knowledge.md\`. If missing or empty → knowledge highlights are \`(none recorded)\`.
-4. For each gate in \`stageGateCatalog[currentStage].required\`:
+3. Read \`${contextModePath()}\` for \`activeMode\`. Missing → render \`activeMode = default\`.
+4. Compute **time in stage**:
+   - Prefer \`${checkpointPath()}\` when \`stage === currentStage\` and \`timestamp\` parses as ISO 8601.
+   - Else scan \`${stageActivityPath()}\` from tail for the most recent entry whose \`stage === currentStage\`; use its \`ts\`.
+   - Render \`<X>d<Y>h\`, \`<X>h<Y>m\`, \`<X>m\`, or \`(unknown)\`.
+5. Read \`${RUNTIME_ROOT}/knowledge.jsonl\`. If missing or empty → knowledge highlights are \`(none recorded)\`. Parse each line as JSON and surface its \`trigger\`/\`action\`.
+6. For each gate in \`stageGateCatalog[currentStage].required\`:
    - Satisfied if present in \`passed\` and absent from \`blocked\`.
-5. Build and print the status block (see command contract for layout).
-6. Suggest the next action:
+7. Build and print the status block (see command contract for layout).
+8. Suggest the next action:
    - If current stage has unmet gates → \`/cc-next\` to resume.
    - If current stage is complete → \`/cc-next\` to advance (or report "Flow complete" if terminal).
 

package/dist/content/templates.js

@@ -345,12 +345,34 @@ Execution rule: complete and verify each wave before starting the next wave.
 - Reconciliation summary:
 
 ## Review Readiness Dashboard
-- Layer 1 complete:
-- Layer 2 complete:
-- Review army schema valid:
-- Open critical blockers:
-- Adversarial review pass:
-- Ship recommendation:
+
+| Pass | Status | Completed at (UTC) | Reviewer / source | Commit at review | Drift vs HEAD |
+|---|---|---|---|---|---|
+| Layer 1 — spec compliance | pass / fail / pending | <ISO 8601> | spec-reviewer | <short sha> | <files changed since> |
+| Layer 2 — correctness | pass / fail / pending | <ISO 8601> | code-reviewer | <short sha> | <files changed since> |
+| Layer 2 — security | pass / fail / pending | <ISO 8601> | security-reviewer | <short sha> | <files changed since> |
+| Layer 2 — performance | pass / fail / pending | <ISO 8601> | code-reviewer | <short sha> | <files changed since> |
+| Layer 2 — architecture | pass / fail / pending | <ISO 8601> | code-reviewer | <short sha> | <files changed since> |
+| Adversarial review | pass / fail / n/a | <ISO 8601 or —> | adversarial-review skill | <short sha or —> | <drift or —> |
+| Review army schema valid | pass / fail | <ISO 8601> | jsonschema | <short sha> | n/a |
+
+### Delegation log snapshot (current run, current stage)
+- Path: \`.cclaw/state/delegation-log.json\`
+- Required: <list of mandatory specialists>
+- Completed: <list with timestamps>
+- Waived (with reason): <list or "none">
+- Pending: <list or "none">
+
+### Staleness signal
+- Worktree commit at last review pass: \`<short sha>\`
+- Worktree commit now: \`<short sha>\`
+- Files changed since last review pass: \`<count>\` (run \`git diff --stat <sha>..HEAD\` to inspect)
+- If drift > 0 lines, mark Layer 1 / Layer 2 results as **STALE — re-run before ship**.
+
+### Headline
+- Open critical blockers: <count>
+- Adversarial review pass: pass / fail / n/a
+- Ship recommendation: APPROVED | APPROVED_WITH_CONCERNS | BLOCKED
 
 ## Completeness Score
 - AC coverage: <N>/<M> (<percent>%)
@@ -424,7 +446,7 @@ Execution rule: complete and verify each wave before starting the next wave.
 _Optional retrospective. The goal is to make the **next** feature faster, not to evaluate this one._
 _If you have nothing to add, write the explicit line: \`No compound insight this run.\`_
 - Insight: <one short line about what should accelerate the next run>
-- Action: append \`[compound]\` entry to \`.cclaw/knowledge.md\` capturing the insight
+- Action: append one strict-schema JSON line with \`"type":"compound"\` to \`.cclaw/knowledge.jsonl\` capturing the insight (fields: type, trigger, action, confidence, domain, stage, created, project)
 `
 };
 export const RULEBOOK_MARKDOWN = `# Cclaw Rulebook

package/dist/content/utility-skills.d.ts

@@ -16,5 +16,32 @@ export declare function landscapeCheckSkill(): string;
 export declare function knowledgeCurationSkill(): string;
 export declare function securityAuditSkill(): string;
 export declare function adversarialReviewSkill(): string;
-export declare const UTILITY_SKILL_FOLDERS: readonly ["security", "debugging", "performance", "ci-cd", "docs", "executing-plans", "context-engineering", "source-driven-development", "frontend-accessibility", "landscape-check", "adversarial-review", "security-audit", "knowledge-curation"];
+export declare function retrospectiveSkill(): string;
+export declare function languageTypescriptSkill(): string;
+export declare function languagePythonSkill(): string;
+export declare function languageGoSkill(): string;
+/**
+ * Language rule packs live under `.cclaw/rules/lang/<pack>.md`. They are NOT
+ * skills (no folder, no `SKILL.md`) — they are opt-in **rule files** that the
+ * meta-skill router and stage hooks consult when the corresponding language
+ * appears in a diff. The pack id doubles as the on-disk filename stem.
+ */
+export declare const LANGUAGE_RULE_PACK_FILES: {
+    readonly typescript: "typescript.md";
+    readonly python: "python.md";
+    readonly go: "go.md";
+};
+/**
+ * Folder (relative to runtime root) that holds every enabled language rule
+ * pack. A single folder keeps discovery trivial for hooks and for `doctor`.
+ */
+export declare const LANGUAGE_RULE_PACK_DIR: readonly ["rules", "lang"];
+export declare const LANGUAGE_RULE_PACK_GENERATORS: Record<string, () => string>;
+/**
+ * Legacy per-language folders under `.cclaw/skills/` used in v0.7.0. Listed
+ * here so `cclaw sync` and `doctor` can surface drift and the installer can
+ * clean them up after the move to `.cclaw/rules/lang/`.
+ */
+export declare const LEGACY_LANGUAGE_RULE_PACK_FOLDERS: readonly ["language-typescript", "language-python", "language-go"];
+export declare const UTILITY_SKILL_FOLDERS: readonly ["security", "debugging", "performance", "ci-cd", "docs", "executing-plans", "context-engineering", "source-driven-development", "frontend-accessibility", "landscape-check", "adversarial-review", "security-audit", "knowledge-curation", "retrospective"];
 export declare const UTILITY_SKILL_MAP: Record<string, () => string>;