cclaw-cli 3.0.0 → 5.0.0

package/dist/content/stages/review.js

@@ -32,14 +32,15 @@ export const REVIEW = {
     },
     executionModel: {
         checklist: [
+            "**Boundary with TDD (do NOT re-classify slice findings).** `tdd.Per-Slice Review` OWNS severity-classified findings WITHIN a single slice (correctness, edge cases, regression for that slice). `review` OWNS whole-diff Layer 1 (spec compliance) plus Layer 2 (cross-slice integration findings, security sweep, dependency/version audit, observability). When the same finding ID appears in both `06-tdd.md > Per-Slice Review` and `07-review.md` / `07-review-army.json`, the severity/disposition MUST match — the cross-artifact-duplication linter blocks otherwise.",
             "Diff Scope — Run `git diff` against base branch. If no diff, exit early with APPROVED (no changes to review). Scope the review to changed files unless blast-radius analysis requires wider inspection.",
             "Change-Size Check — ~100 lines = normal. ~300 lines = consider splitting. ~1000+ lines = strongly recommend stacked PRs. Flag large diffs to the user.",
             "Risk-Based Second Opinion — compute changed-line count, files-touched count, and trust-boundary movement. Dispatch an adversarial reviewer only when trust boundaries changed, Critical/Important ambiguity remains, or the diff is both large and high-risk; otherwise record `not triggered`.",
-            "Load upstream evidence — read TDD artifact (RED + GREEN + REFACTOR), spec, and the active track's upstream source items.",
+            "Load upstream evidence — read TDD artifact (RED + GREEN + REFACTOR + per-slice reviews), spec, design (architecture lens carry-forward), and the active track's upstream source items.",
             "Confirm spec acceptance criteria and reproduction slices are covered directly in the review artifact evidence.",
             "Layer 1: Spec Compliance — check every acceptance criterion against implementation. Verdict: pass/fail per criterion.",
             "Review Evidence Scope — record base/head, files inspected, changed-file coverage, diagnostics run, dependency/version audit when relevant, and any files intentionally not inspected with explicit reason.",
-            "Layer 2: Integrated findings — one structured pass tagged by category: correctness, security, performance, architecture, external-safety. Every finding uses file:line; if impossible, include an explicit no-line reason.",
+            "**Layer 2: Cross-slice integration findings — only findings that span >1 slice OR are not surfaced by per-slice tdd reviews.** Carry-forward: cite tdd per-slice review IDs already accepted; do not re-classify them. New categories owned by review Layer 2: cross-slice correctness, dependency/version audit, security sweep, observability gaps, external-safety. **Performance and architecture findings come from the design lens (cite `03-design-<slug>.md` Performance Budget / Architecture Decision Record); they are NOT re-derived in review.** Every finding uses file:line; if impossible, include an explicit no-line reason.",
             "Security sweep — mandatory dedicated security-reviewer pass across diff + touched modules. A zero-finding pass must include `NO_CHANGE_ATTESTATION` or `NO_SECURITY_IMPACT` with rationale and inspected surfaces.",
             "Incoming Feedback Intake — when human reviewer comments, bot findings, or CI annotations exist, keep a per-comment disposition queue and mirror outcomes into `07-review.md` + `07-review-army.json` before final verdict.",
             "Structured Review reconciliation — normalize findings into `07-review-army.json`, dedup by fingerprint, and mark multi-specialist confirmations when multiple lenses agree.",
@@ -81,7 +82,8 @@ export const REVIEW = {
             "Acceptance/reproduction coverage evidence recorded in the review artifact (AC and source-item/slice coverage snapshot).",
             "Layer 1 verdict captured with per-criterion pass/fail.",
             "Review Evidence Scope lists files inspected, changed-file coverage, diagnostics run, and omitted files with explicit reason.",
-            "Layer 2 sections completed across correctness, security, performance, architecture, and external-safety findings.",
+            "Layer 2 cross-slice findings recorded for: cross-slice correctness, security sweep, dependency/version audit, observability, external-safety. Performance/architecture come from design lens carry-forward (`03-design-<slug>.md`) — do NOT re-derive them.",
+            "Per-slice tdd review findings cited (not re-classified): each `06-tdd.md > Per-Slice Review` ID accepted in review must keep matching severity/disposition (cross-artifact-duplication linter enforces this).",
             "Every finding cites `file:line`, or an explicit no-line reason is recorded.",
             "No-finding attestation is explicit when no issues are found.",
             "Dependency/version audit is recorded when manifests, lockfiles, generated clients, CI, runtime config, or external APIs are relevant.",
@@ -123,7 +125,7 @@ export const REVIEW = {
             { section: "Review Evidence Scope", required: true, validationRule: "Base/head, files inspected, changed-file coverage, diagnostics run, omitted files with reason, and reviewer/security-reviewer delegation evidence." },
             { section: "Changed-File Coverage", required: true, validationRule: "Each changed file is covered, intentionally omitted with no-impact reason, or linked to a broader inspected module." },
             { section: "Layer 1 Verdict", required: true, validationRule: "Per-criterion pass/fail with references." },
-            { section: "Layer 2 Findings", required: false, validationRule: "Each finding has severity, category, file:line or explicit no-line reason, description, and resolution status across correctness/security/performance/architecture/external-safety. If there are no findings, include a no-finding attestation." },
+            { section: "Layer 2 Findings", required: false, validationRule: "Each finding has severity, category, file:line or explicit no-line reason, description, and resolution status. Wave 23 (v5.0.0): owned categories are cross-slice correctness, security, dependency/version, observability, and external-safety. Performance and architecture findings appear here only as carry-forward citations to `03-design-<slug>.md` (Performance Budget, ADR) — they are NOT re-derived. If there are no findings, include a no-finding attestation." },
             { section: "Lens Coverage", required: true, validationRule: "Reviewer must report inline lens outcomes: Performance/Compatibility/Observability as `NO_IMPACT` or `FOUND_<n>`, plus `Security: routed to security-reviewer`." },
             { section: "Security Sweep Attestation", required: false, validationRule: "Dedicated security-reviewer result: findings or `NO_CHANGE_ATTESTATION` / `NO_SECURITY_IMPACT` with inspected surfaces and rationale." },
             { section: "Dependency & Version Audit", required: false, validationRule: "Required when manifests, lockfiles, generated clients, CI, runtime config, or external APIs changed; otherwise record no-impact rationale." },
@@ -151,12 +153,12 @@ export const REVIEW = {
                 stopGate: true
             },
             {
-                title: "Layer 2: Integrated Correctness / Security / Performance / Architecture / External-Safety",
+                title: "Layer 2: Cross-slice Integration Findings",
                 evaluationPoints: [
-                    "Logic errors and boundary violations",
-                    "Race conditions and concurrency issues",
-                    "Null/undefined handling",
-                    "Error propagation and recovery paths"
+                    "Cross-slice correctness: logic errors and boundary violations that span >1 slice",
+                    "Race conditions and concurrency issues across slice boundaries",
+                    "Null/undefined handling in shared paths",
+                    "Error propagation and recovery across module seams (single-slice findings stay in tdd Per-Slice Review)"
                 ],
                 stopGate: true
             },
@@ -171,24 +173,22 @@ export const REVIEW = {
                 stopGate: true
             },
             {
-                title: "Specialist Lens: Performance",
+                title: "Performance Lens: Carry-forward from Design",
                 evaluationPoints: [
-                    "N+1 query patterns",
-                    "Memory leak potential",
-                    "Missing caching opportunities",
-                    "Hot path complexity analysis"
+                    "Cite `03-design-<slug>.md > Performance Budget` per critical path",
+                    "Surface DRIFT only when implementation diff measurably violates a budgeted threshold; do NOT re-derive performance findings from scratch",
+                    "Hot path / N+1 / caching observations belong here only when they cross slice boundaries and were not flagged by tdd Per-Slice Review"
                 ],
-                stopGate: true
+                stopGate: false
             },
             {
-                title: "Specialist Lens: Architecture Fit",
+                title: "Architecture Lens: Carry-forward from Design",
                 evaluationPoints: [
-                    "Does implementation match the locked design?",
-                    "Coupling and cohesion assessment",
-                    "Interface contract compliance",
-                    "Unintended architectural drift"
+                    "Cite `03-design-<slug>.md > Architecture Decision Record (ADR)` and `Engineering Lock`",
+                    "Surface DRIFT only when the implementation departs from the locked architecture; do NOT re-derive boundary/coupling/interface analysis from scratch",
+                    "Cross-slice architectural drift findings use `file:line` plus the violated ADR ID"
                 ],
-                stopGate: true
+                stopGate: false
             },
             {
                 title: "Specialist Lens: External Safety Checklist",

package/dist/content/stages/schema-types.d.ts

@@ -38,6 +38,15 @@ export interface StageAutoSubagentDispatch {
     when: string;
     purpose: string;
     requiresUserGate: boolean;
+    /**
+     * When this delegation may run relative to the adaptive elicitation Q&A loop.
+     * - `pre-elicitation` — run before any user dialogue (rare; only for trivial info-gathering).
+     * - `post-elicitation` — run only after the Q&A loop converges (default for brainstorm/scope/design
+     *   so subagents do not preempt the user dialogue).
+     * - `any` — no ordering constraint (default for stages that do not run elicitation:
+     *   spec/plan/tdd/review/ship).
+     */
+    runPhase?: "pre-elicitation" | "post-elicitation" | "any";
     /** Role category used by generated routing tables and lifecycle checks. */
     dispatchClass?: StageSubagentDispatchClass;
     /** Strict status/evidence contract the dispatched agent must return. */

package/dist/content/stages/scope.js

@@ -13,7 +13,7 @@ export const SCOPE = {
     philosophy: {
         hardGate: "Do NOT begin architecture, design, or code. This stage produces scope decisions only. Do not silently add or remove scope — every change is an explicit user opt-in.",
         ironLaw: "EVERY SCOPE CHANGE IS AN EXPLICIT USER OPT-IN — NEVER A SILENT ENLARGEMENT OR TRIM.",
-        purpose: "Decide the right scope before technical lock-in using explicit mode selection and rigorous premise challenge.",
+        purpose: "Decide the right scope before technical lock-in using explicit mode selection and the brainstorm premise as carry-forward (not re-authored).",
         whenToUse: [
             "After brainstorm approval",
             "Before architecture/design lock-in",
@@ -28,7 +28,8 @@ export const SCOPE = {
             "Skipping pre-scope audit because the task looks small",
             "Scope silently expanded during discussion",
             "No explicit out-of-scope section",
-            "Premise accepted without challenge",
+            "Re-authoring brainstorm's `## Premise Check` instead of citing it via Upstream Handoff (premise carry-forward only)",
+            "Enumerating Implementation Alternatives in scope (architecture-tier choice belongs to design)",
             "Sycophantic agreement without evidence-based pushback",
             "Hedged recommendations that avoid taking a position",
             "Batching multiple scope issues into one question",
@@ -45,15 +46,16 @@ export const SCOPE = {
     },
     executionModel: {
         checklist: [
-            "**Adaptive elicitation loop (shared skill)** — load `.cclaw/skills/adaptive-elicitation/SKILL.md` and run one decision-changing question per turn via harness-native tools. After each answer, append one row to `## Q&A Log` (`Turn | Question | User answer (1-line) | Decision impact`). Continue until scope clarity is sufficient or user signals to proceed.",
+            "**ADAPTIVE ELICITATION COMES FIRST (no exceptions, no subagent dispatch before).** Load `.cclaw/skills/adaptive-elicitation/SKILL.md`. Walk the scope forcing questions one-at-a-time via the harness-native question tool, append one row to `## Q&A Log` (`Turn | Question | User answer (1-line) | Decision impact`) after each user answer. Continue until forcing-questions converge (all answered/skipped/waived) OR Ralph-Loop convergence detector says no new decision-changing rows in last 2 iterations OR user records an explicit stop-signal row. Only then propose the scope contract draft, recommend a mode, or dispatch any delegations. The linter `qa_log_unconverged` rule will block `stage-complete` if convergence is not reached.",
             "**Scope forcing questions (must be covered or explicitly waived)** — what is definitely in/out, which upstream decisions are locked, and what rollback path protects users if scope assumptions fail.",
             "**Scope contract first** — read brainstorm handoff, name upstream decisions used, explicit drift, confidence, unresolved questions, and next-stage risk hints; draft the in-scope/out-of-scope/deferred/discretion contract before any design choice.",
-            "**Premise and leverage check** — answer in the artifact: *Right problem? Direct path? What if nothing? Where can we leverage existing code? What is the reversibility cost?* Take a position; do not hedge.",
+            "**Premise carry-forward (do NOT re-author)** — brainstorm OWNS the premise check (right problem / direct path / what if nothing). Cite brainstorm's `## Premise Check` section in `## Upstream Handoff > Decisions carried forward`. Add a row to `## Premise Drift` only when the scope-stage Q&A surfaced NEW evidence that materially changes the brainstorm answer (e.g. new constraint, new user signal). Otherwise mark `Premise Drift: None` — do not duplicate the brainstorm premise table.",
             "**Conditional 10-star boundary** — for deep/high-risk/product-strategy work, show what would make the product meaningfully better, then explicitly choose what ships now, what is deferred, and what is excluded without vague `later/for now` placeholders. Skip this for straightforward repair work and record `not needed: compact scope`.",
             "**Pick one operational mode with the user** — HOLD SCOPE preserves focus; SELECTIVE EXPANSION cherry-picks high-leverage reference ideas; SCOPE EXPANSION explores ambitious alternatives; SCOPE REDUCTION cuts to the essential wedge. Recommend one, state why and what signal would change it, then keep elicitation focused until the user either approves or asks to proceed with draft boundaries.",
             "**Run mode-specific analysis only to needed depth** — lite keeps the selected-mode row compact; standard adds requirements/locked decisions/discretion; deep may add Landscape Check, Taste Calibration, Reference Pattern Registry, Reference Pull, Ambitious Alternatives, and Ruthless Minimum Slice evidence when mode/risk warrants it.",
             "**Decision-driver contract** — list weighted decision drivers (value, risk, reversibility, effort, timeline) and score candidate scope moves so the selected mode and boundaries are evidence-backed, not preference-led.",
-            "**Compare implementation alternatives** — include minimum viable, product-grade, and ideal architecture options with effort (S/M/L/XL), risk (Low/Med/High), pros, cons, and reuses. Recommend one and tie it to mode.",
+            "**Architecture handoff (do NOT pick architecture tier here)** — design OWNS architecture choice (minimum-viable / product-grade / ideal). Scope only picks the SCOPE MODE (HOLD/SELECTIVE/EXPAND/REDUCE) and boundary; record in `## Scope Contract > Design handoff` what design must decide (e.g. `architecture-tier`, `framework`, `data-model`). Do NOT enumerate Implementation Alternatives in scope.",
+            "**Constraints (carry-forward from brainstorm/external sources)** — record explicit external/regulatory/system/integration constraints in `## Scope Contract > Constraints`. Spec OWNS testable assumptions (`## Assumptions Before Finalization`); do NOT duplicate constraint material as assumption material.",
             "**Run outside voice before final approval** — for simple/low-risk scope, record one concise adversarial self-check row; for complex/high-risk/configured scope, iterate until threshold. Record the loop summary in `## Scope Outside Voice Loop`, but do not treat it as user approval.",
             "**Run early Ralph loop discipline** — after each producer iteration, append a `Critic Pass` JSONL row to `.cclaw/state/early-loop-log.jsonl`, refresh `.cclaw/state/early-loop.json`, and iterate until open concerns clear or convergence guard escalates.",
             "**Ask only one decision-changing question** — if the user rejects the contract but is unsure, offer 3-4 concrete scope moves instead of open-ended interrogation.",
@@ -63,23 +65,23 @@ export const SCOPE = {
             "\"Strong success criteria let you loop independently. Weak criteria require constant clarification.\"",
             decisionProtocolInstruction("scope mode selection", "present expand/selective/hold/reduce as labeled options with trade-offs and mark one as (recommended)", "recommend the option that best covers the prime-directive failure modes, four data-flow paths, observability, and deferred handling for the in-scope set with the smallest blast radius. Base your recommendation on default heuristics: greenfield -> expand, enhancement -> selective, bugfix/hotfix/refactor -> hold, broad blast radius -> reduce"),
             "Run the shared adaptive elicitation cycle from `.cclaw/skills/adaptive-elicitation/SKILL.md`, including stop-signal handling (RU/EN/UA), smart-skip, conditional grilling triggers, and append-only `## Q&A Log` updates.",
-            "Do not walk the full checklist by default. Lead with a proposed scope contract, selected depth (`lite`/`standard`/`deep`), and the one decision that matters most; label the mode as recommended, not selected, until the user answers.",
+            "**Lead with adaptive elicitation, not with a proposed contract.** First walk scope forcing questions one-at-a-time per `adaptive-elicitation` skill. Only AFTER the Q&A loop converges (forcing-Qs answered/waived OR user stop-signal row recorded) propose the scope contract draft for approval. Lite-tier may compress: ask the smallest forcing-Q set (>= linter floor for `lightweight`/`scope`), then propose contract.",
             "For low-risk concrete asks, keep the proposal compact but still explicit: recommend (do not auto-select) one mode, show exact in/out/deferred boundaries, and request explicit approval before finalizing the artifact or completing the stage.",
-            "Challenge premise first, take a firm position, and name one concrete condition that would change it.",
+            "Cite brainstorm's premise via `## Upstream Handoff` and take a firm position on whether scope-stage Q&A surfaced any premise drift; do NOT re-author the brainstorm Premise Check table.",
             "Push back on weak framing: vague scope needs a specific user/problem, platform vision needs a narrow wedge, social proof needs behavioral evidence.",
             "Resolve one structural scope issue at a time. Only non-critical preference/default assumptions may continue; STOP on uncertainty about scope boundary, architecture commitment, security, data loss, public API, migration, auth/pricing, or required user approval.",
             "If the user says no but cannot name the change, offer concrete moves: keep scope, add one obvious adjacent capability, reduce to wedge, or re-open stack/product direction.",
             "Before final approval, record outside-voice findings and a `## Scope Outside Voice Loop` table per the Scope Outside Voice Loop policy above.",
             "**STOP.** Wait for explicit user approval of the scope mode and scope contract before writing final approval language or advancing.",
-            "**STOP BEFORE ADVANCE.** Mandatory delegation `planner` must be completed or explicitly waived for a real blocker. If the active harness cannot isolate a planner, run a role-switch planner pass instead: announce `## cclaw role-switch: scope/planner (mandatory)`, write the planner output/evidence into the scope artifact, and append a completed delegation row with `fulfillmentMode: \"role-switch\"` plus non-empty `evidenceRefs`. Then close with `node .cclaw/hooks/stage-complete.mjs scope --passed=scope_mode_selected,scope_contract_written,scope_user_approved --evidence-json '{\"scope_mode_selected\":\"<user-approved mode + rationale>\",\"scope_contract_written\":\"<artifact path + sections>\",\"scope_user_approved\":\"<explicit user approval quote or summary>\"}'`. `scope_user_approved` must cite the user's approval; review-loop evidence alone is not approval."
+            "**STOP BEFORE ADVANCE.** Mandatory delegation `planner` runs **AFTER user approval of the scope contract**, not before Q&A. Sequence is: Q&A loop -> propose contract -> user approval -> `planner` delegation -> `stage-complete`. If you delegate `planner` before the Q&A loop converges, you violate the elicitation contract and the linter will block stage-complete via `qa_log_unconverged`. Legal fulfillment modes for `planner`: (a) **harness-native Task tool** — run the delegation, then record the lifecycle row via `node .cclaw/hooks/delegation-record.mjs --stage=scope --agent=planner --mode=mandatory --status=completed --span-id=<uuid> --dispatch-surface=cursor-task --agent-definition-path=<agent-md-path> --evidence-ref=<artifact#section>` (the helper sets `fulfillmentMode: \"generic-dispatch\"` automatically); (b) **role-switch** — announce `## cclaw role-switch: scope/planner (mandatory)`, write the planner output/evidence into the scope artifact, then record the row with `--dispatch-surface=role-switch --agent-definition-path=<artifact-anchor>` (helper sets `fulfillmentMode: \"role-switch\"` automatically); (c) **cclaw subagent helper** if available, with `--dispatch-surface=isolated`. Run `node .cclaw/hooks/stage-complete.mjs scope` from the tool layer (do not paste the command into chat); report only the resulting summary."
         ],
         process: [
-            "Run pre-scope audit before premise challenge.",
-            "Run the scope pass scaled to risk: default to job-to-be-done plus explicit scope contract; add premise challenge, 10-star upside, smallest useful wedge, and change conditions only for deep/high-risk scope.",
-            "Compare minimum viable, product-grade, and ideal architecture scope alternatives with explicit reuse/effort/risk.",
-            "Recommend a scope mode with explicit rationale, then ask for user opt-in before treating it as selected.",
+            "Run pre-scope system audit (git log/diff/stash + debt-marker scan) — scope OWNS the repo audit; design will only diff the blast radius since this scope baseline.",
+            "Cite brainstorm's premise check via Upstream Handoff; record `## Premise Drift` only when the scope-stage Q&A surfaced new evidence that materially changes brainstorm's answer.",
+            "Run the scope pass scaled to risk: default to job-to-be-done plus explicit scope contract; add 10-star upside, smallest useful wedge, and change conditions only for deep/high-risk scope.",
+            "Recommend a scope mode (HOLD/SELECTIVE/EXPAND/REDUCE) with explicit rationale, then ask for user opt-in before treating it as selected. Do NOT enumerate architecture alternatives — design owns architecture choice.",
             "Run outside voice / adversarial self-check before final approval and record a valid `## Scope Outside Voice Loop` table.",
-            "Write explicit scope contract, discretion areas, deferred items, error/rescue registry, and D-XX locked decisions.",
+            "Write explicit scope contract, discretion areas, deferred items, error/rescue registry, constraints (external/regulatory/system), and D-XX locked decisions.",
             "Produce scope summary, completion dashboard, and exact next-stage handoff before asking final approval."
         ],
         requiredGates: [
@@ -97,8 +99,9 @@ export const SCOPE = {
             "Scope Contract captures requirements, locked decisions, discretion areas, accepted/rejected/deferred reference ideas from the Reference Pattern Registry, success definition, and design handoff.",
             "Decision Drivers section records weighted criteria and per-option scores used to choose mode and boundary moves.",
             "Scope Completeness Score is recorded (0.00-1.00) with the explicit blocker list for any remaining uncertainty.",
-            "Locked Decisions section lists stable LD#hash anchors for non-negotiable boundaries.",
-            "Premise challenge findings documented.",
+            "Locked Decisions section lists stable D-XX IDs for non-negotiable boundaries.",
+            "Premise carry-forward recorded: brainstorm `## Premise Check` cited in `## Upstream Handoff > Decisions carried forward`; `## Premise Drift` is `None` unless new scope-stage evidence materially changes brainstorm's answer.",
+            "Constraints (external/regulatory/system/integration) recorded in `## Scope Contract > Constraints` — spec must reference these in `## Constraints and Assumptions`, not restate them.",
             "Outside Voice findings and dispositions are recorded (accept/reject/defer with rationale) before final approval.",
             "Scope outside-voice loop summary includes a table with columns Iteration, Quality Score, Findings, plus Stop reason, Target score, Max iterations, and unresolved concerns. This is outside-voice evidence only; it does not satisfy user approval.",
             "Early-loop status is reflected via `Victory Detector` / `Critic Pass` sections and `.cclaw/state/early-loop.json` when concerns remain.",
@@ -148,10 +151,10 @@ export const SCOPE = {
         },
         artifactValidation: [
             { section: "Upstream Handoff", required: false, validationRule: "Summarizes brainstorm/idea decisions, constraints, open questions, and explicit drift before scope decisions." },
-            { section: "Pre-Scope System Audit", required: true, validationRule: "Must capture git log -30, git diff --stat, git stash list, and debt-marker scan (TODO/FIXME/XXX/HACK) before premise challenge." },
+            { section: "Pre-Scope System Audit", required: true, validationRule: "Must capture git log -30, git diff --stat, git stash list, and debt-marker scan (TODO/FIXME/XXX/HACK). Scope OWNS the repo audit; design will only diff the blast radius since this scope baseline." },
             { section: "Prime Directives", required: false, validationRule: "For each scoped capability: named failure modes, explicit error surface, four data-flow paths, interaction edge cases, observability expectations, and deferred-item handling." },
-            { section: "Premise Challenge", required: false, validationRule: "Must list at least 3 question/answer rows in a markdown table or bullet list (gstack default trio: right problem? direct path? what if we do nothing? — extend with leverage and reversibility for richer scope). The linter enforces structure, not English wording — answers may be in any language." },
-            { section: "Scope Contract", required: true, validationRule: "Canonical contract: selected mode, in scope, out of scope, requirements, locked decisions, discretion areas, deferred ideas, accepted/rejected reference ideas, success definition, and design handoff." },
+            { section: "Premise Drift", required: false, validationRule: "Optional carry-forward marker: brainstorm OWNS the premise check. State `None` unless scope-stage Q&A surfaced new evidence (constraint, user signal, regulatory change) that materially changes brainstorm's `## Premise Check` answer; in that case record one or more drift rows citing the new evidence and the affected brainstorm question." },
+            { section: "Scope Contract", required: true, validationRule: "Canonical contract: selected mode, in scope, out of scope, requirements, locked decisions, discretion areas, deferred ideas, accepted/rejected reference ideas, constraints (external/regulatory/system/integration), success definition, and design handoff. Architecture choice is delegated to design — do NOT enumerate Implementation Alternatives here." },
             { section: "Decision Drivers", required: false, validationRule: "Recommended: weighted decision drivers (value, risk, reversibility, effort, timeline) with scored options and the selected boundary rationale." },
             { section: "Scope Completeness Score", required: false, validationRule: "Recommended: score 0.00-1.00 plus unresolved blockers and the escalation trigger when confidence is low." },
             { section: "Landscape Check", required: false, validationRule: "Optional evidence heading for EXPAND/SELECTIVE/deep modes: include reference insight and impact on scope, or omit for compact HOLD SCOPE." },
@@ -161,8 +164,7 @@ export const SCOPE = {
             { section: "Ambitious Alternatives", required: false, validationRule: "Optional evidence heading for SCOPE EXPANSION/SELECTIVE: list larger alternatives considered and their disposition." },
             { section: "Ruthless Minimum Slice", required: false, validationRule: "Optional evidence heading for SCOPE REDUCTION or high-risk scope: define the smallest useful wedge and what it proves." },
             { section: "Requirements", required: false, validationRule: "Table of stable requirement IDs (R1, R2, R3…) one per row with observable outcome, priority, and source. IDs are assigned once and never renumbered across scope/design/spec/plan/review; dropped requirements stay with Priority `DROPPED`." },
-            { section: "Locked Decisions (LD#hash)", required: false, validationRule: "List of stable locked decisions with unique `LD#<sha8>` anchors. Each anchor is derived from the normalized Decision cell and is referenced downstream for cross-stage traceability." },
-            { section: "Implementation Alternatives", required: false, validationRule: "2-3 options with Name, Summary, Effort, Risk, Pros, Cons, and Reuses. Must include minimal viable and ideal architecture options." },
+            { section: "Locked Decisions", required: false, validationRule: "List of stable locked decisions, each with a unique `D-XX` ID. IDs are stable across edits so downstream stages can reference them; renumbering or duplicating IDs breaks the cross-stage traceability check." },
             { section: "Scope Mode", required: true, validationRule: "Must state selected mode and rationale with default heuristic justification." },
             { section: "Mode-Specific Analysis", required: false, validationRule: "Default path: one selected-mode row with rationale. Deep/complex scope only: document the expanded analysis matching the selected mode." },
             { section: "In Scope / Out of Scope", required: true, validationRule: "Two separate explicit lists. Canonical form is one `## In Scope / Out of Scope` section with `### In Scope` and `### Out of Scope`; legacy split `## In Scope` and `## Out of Scope` headings are accepted. Out-of-scope must not be empty." },

package/dist/content/stages/spec.js

@@ -39,8 +39,8 @@ export const SPEC = {
             "Read upstream — standard track loads design + scope; medium loads brainstorm/spec handoff; quick loads `00-idea.md` plus any reproduction context. Cross-reference only artifacts that exist on the active track.",
             "Define measurable acceptance criteria — each criterion must be observable and falsifiable. No vague adjectives.",
             "Capture edge cases — for each criterion, define at least one boundary condition and one error condition.",
-            "Document constraints and assumptions — regulatory, system, integration, and performance boundaries. Only non-critical preference/default assumptions may continue; STOP on uncertainty about scope, architecture, security, data loss, public API, migration, auth/pricing, or required user approval.",
-            "Surface assumptions before finalization — list each assumption with source/confidence, validation path, and whether it is accepted, rejected, or still open.",
+            "**Constraints carry-forward (do NOT re-author).** Scope OWNS external/regulatory/system/integration constraints in `## Scope Contract > Constraints`. Cite them in `## Constraints and Assumptions > Constraints` (or mark `See scope: <ref>`). Add a constraint here only when spec-stage analysis surfaced a NEW one not present in scope. Spec OWNS testable assumptions (next bullet). Only non-critical preference/default assumptions may continue; STOP on uncertainty about scope, architecture, security, data loss, public API, migration, auth/pricing, or required user approval.",
+            "**Assumptions Before Finalization (spec-only owner).** Spec OWNS testable assumptions: list each with source/confidence, validation path, and accepted/rejected/open disposition in `## Assumptions Before Finalization`. Do NOT duplicate scope's constraints here as assumptions.",
             "Build the Acceptance Mapping contract — for each AC, map upstream design decision, observable evidence, verification method, and likely test level. If any column is unclear, rewrite the criterion.",
             "Run Spec Self-Review — explicitly verify placeholder/consistency/scope/ambiguity checks before approval.",
             "Present acceptance criteria to the user in 3-5-item batches, pausing for explicit ACK between batches (see Interaction Protocol).",
@@ -119,7 +119,7 @@ export const SPEC = {
             { section: "Acceptance Criteria", required: true, validationRule: "Each criterion is observable, measurable, and falsifiable. Standard track should include Requirement Ref and Design Decision Ref columns; quick track may instead link each AC to the reproduction contract or bug slice. AC IDs (AC-1, AC-2…) are stable across revisions — dropped ACs stay with Priority `DROPPED`." },
             { section: "Quick Reproduction Contract", required: false, validationRule: "Quick bug-fix specs own the reproduction contract: symptom, repro steps, expected RED test behavior, and acceptance criterion." },
             { section: "Edge Cases", required: true, validationRule: "At least one boundary and one error condition per criterion." },
-            { section: "Constraints and Assumptions", required: false, validationRule: "All implicit assumptions surfaced. Constraints have sources." },
+            { section: "Constraints and Assumptions", required: false, validationRule: "Constraints are CARRIED FORWARD from scope's `## Scope Contract > Constraints` (cite with `See scope: <ref>` or copy with attribution). New spec-stage constraints (rare) get a citation to the spec-stage Q&A row that surfaced them. Assumptions are owned by `## Assumptions Before Finalization` — do NOT duplicate them here. Section may be `- See scope: 02-scope.md#constraints.` for the common case." },
             { section: "Assumptions Before Finalization", required: true, validationRule: "Each assumption has source/confidence, validation path, and accepted/rejected/open disposition before the Approval section is finalized." },
             { section: "Acceptance Mapping", required: true, validationRule: "Each criterion maps to upstream design decision, observable evidence, verification method, likely test level (unit/integration/e2e/manual), and command or manual steps when known." },
             { section: "Non-Functional Requirements", required: false, validationRule: "If present: performance thresholds, security constraints, scalability limits, reliability targets with measurable values." },

package/dist/content/stages/tdd.js

@@ -52,6 +52,7 @@ export const TDD = {
             "REFACTOR: continue the `test-author` evidence cycle (or a dedicated refactor mode when available) to improve code quality without behavior changes. Set `CCLAW_ACTIVE_AGENT=tdd-refactor` when the harness supports phase labels.",
             "Record evidence — capture test discovery, system-wide impact check, RED failure, GREEN output, and REFACTOR notes in the TDD artifact. When logging a `green` row, attach the closed acceptance-criterion IDs in `acIds` so Ralph Loop status counts them.",
             "Annotate traceability — link to the active track's source: plan task ID + spec criterion on standard/medium, or spec acceptance item / bug reproduction slice on quick.",
+            "**Boundary with review (do NOT escalate single-slice findings to whole-diff review).** `tdd.Per-Slice Review` OWNS severity-classified findings WITHIN one slice (correctness, edge cases, regression). `review` OWNS whole-diff Layer 1 (spec compliance) plus Layer 2 (cross-slice integration, security sweep, dependency/version audit, observability). When a single-slice finding genuinely needs whole-diff escalation, surface it in `06-tdd.md > Per-Slice Review` first; review will cite it (not re-classify) and the cross-artifact-duplication linter requires matching severity/disposition.",
             "Per-Slice Review (conditional) — if the slice meets any trigger (touchCount >= filesChangedThreshold, touchPaths match touchTriggers, or highRisk=true), append a `## Per-Slice Review` entry for this slice before moving on (see the dedicated section below).",
             "Repeat for each slice — return to step 1 for the next plan slice."
         ],

package/dist/content/templates.d.ts

@@ -1,4 +1,11 @@
 export declare const ARTIFACT_TEMPLATES: Record<string, string>;
 export declare const RULEBOOK_MARKDOWN = "# Cclaw Rulebook\n\n## MUST_ALWAYS\n- Follow flow order: brainstorm -> scope -> design -> spec -> plan -> tdd -> review -> ship\n- Require explicit user confirmation after plan before TDD\n- Keep evidence artifacts in `.cclaw/artifacts/`\n- Enforce RED before GREEN in TDD\n- Run two-layer review (spec_compliance and code_quality) before ship\n- Validate all inputs before processing \u2014 never trust external data without sanitization\n- Prefer immutable data patterns and pure functions where the language supports them\n- Follow existing repo conventions, patterns, and directory structure \u2014 match the codebase\n- Verify claims with fresh evidence: \"tests pass\" requires running tests in this message\n- Use conventional commits: `type(scope): description` (feat, fix, refactor, test, docs, chore)\n\n## MUST_NEVER\n- Skip RED phase and jump directly to GREEN in TDD\n- Ship with critical review findings\n- Start implementation during /brainstorm\n- Modify generated cclaw files manually when CLI can regenerate them\n- Commit `.cclaw/` or generated shim files\n- Expose secrets, tokens, API keys, or absolute system paths in agent output\n- Duplicate existing functionality without explicit justification \u2014 search before building\n- Bypass security checks, linting hooks, or type checking to \"move faster\"\n- Claim success (\"Done,\" \"All good,\" \"Tests pass\") without running verification in this message\n- Make changes outside the blast radius of the current task without user consent\n\n## DELEGATION\nWhen a task requires specialist knowledge (security audit, performance profiling, database review),\ndelegate to a specialized agent or skill if the harness supports it. The primary agent should:\n1. Identify the specialist domain\n2. Provide focused context (relevant files, the specific concern)\n3. Evaluate the specialist output before acting on it \u2014 do not blindly apply recommendations\n";
-export declare const CURSOR_WORKFLOW_RULE_MDC = "---\ndescription: cclaw workflow guardrails for Cursor agent sessions\nglobs:\n  - \"**/*\"\nalwaysApply: true\n---\n\n<!-- cclaw-managed-cursor-workflow-rule -->\n\n# Cclaw Workflow Guardrails\n\n## Activation Rule\n\nBefore responding to coding work:\n1. Read `.cclaw/state/flow-state.json`.\n2. Start with `/cc` or continue with `/cc`.\n3. If no software-stage flow applies, respond normally.\n\n## Stage Order\n\n`brainstorm -> scope -> design -> spec -> plan -> tdd -> review -> ship`\n\nTrack-specific skips are allowed only when `flow-state.track` + `skippedStages` explicitly say so.\n\n## Task Classification\n\n| Class | Route |\n|---|---|\n| non-trivial software work | `/cc <idea>` |\n| trivial software fix | `/cc <idea>` (quick track) |\n| bugfix with repro | `/cc <idea>` and enforce RED-first in tdd |\n| pure question / non-software | direct answer (no stage flow) |\n\n## Command Surface\n\n- `/cc` = entry and resume.\n- `/cc` = only progression path.\n- Knowledge capture and recall use the `learnings` skill when requested.\n\n## Verification Discipline\n\n- No completion claim without fresh command evidence in this turn.\n- Do not mark gates passed from memory.\n- Keep evidence in `.cclaw/artifacts/`; archive through closeout via `/cc` or cancel early via `node .cclaw/hooks/cancel-run.mjs`.\n\n## Delegation And Approvals\n\n- Machine-only checks in design/plan/tdd/review/ship should auto-dispatch when tooling supports it.\n- Ask for user input only at explicit approval gates (scope mode, plan approval, challenge resolution, ship finalization).\n- If harness capabilities are partial, record waiver reasons in delegation logs.\n\n## Routing Source Of Truth\n\n- Primary router: `.cclaw/skills/using-cclaw/SKILL.md`.\n- Stage behavior: current stage skill plus `.cclaw/state/flow-state.json`.\n- Preamble budget: keep role/status announcements brief and avoid repeating\n  them unless the stage or role changes.\n";
+/**
+ * Always-on baseline rule materialized at `.cursor/rules/cclaw-guidelines.mdc`.
+ * Independent of skill activation — kicks in even when the agent skips
+ * loading skills. Three hard rules cover the most common Wave 22 regressions
+ * (premature draft, premature subagent dispatch, command-line echo to chat).
+ */
+export declare const CURSOR_GUIDELINES_RULE_MDC = "---\ndescription: cclaw zero-install behavior baseline (always-on)\nglobs:\n  - \"**/*\"\nalwaysApply: true\n---\n\n<!-- cclaw-managed-cursor-guidelines-rule -->\n\n# Cclaw Baseline Guidelines\n\nThese three rules apply to every Cursor agent session in this project,\nregardless of whether stage skills loaded.\n\n## 1. Q&A floor before drafting (brainstorm/scope/design)\n\nBefore drafting any `.cclaw/artifacts/01-brainstorm-*.md`,\n`02-scope-*.md`, or `03-design-*.md`, verify that the artifact's\n`## Q&A Log` table demonstrates Ralph-Loop convergence: forcing-question\ntopics are addressed (see the stage's forcing-questions checklist row),\nthe last 2 turns produce no new decision-changing impact, OR an explicit\nuser stop-signal row is recorded. Walk the stage forcing questions one at\na time via the `AskQuestion` tool. If you find yourself proposing a\ndraft after 1-2 questions while forcing topics remain unaddressed, STOP\nand continue the loop.\n\nThe `qa_log_unconverged` linter rule will block `stage-complete` when\nconvergence has not been reached.\n\n## 2. Mandatory subagents run after Q&A approval\n\nFor brainstorm / scope / design, mandatory subagents (\n`product-discovery`, `critic`, `planner`, `architect`,\n`test-author`) run **only AFTER the user approves the elicitation\noutcome**, never before the Q&A loop converges. Dispatching them early\npreempts the user dialogue and violates the elicitation contract \u2014 the\nlinter will block stage-complete.\n\nSee each stage's \"Run Phase: post-elicitation\" rows in the materialized\nAutomatic Subagent Dispatch table.\n\n## 3. Never echo cclaw command lines to chat\n\nThe user does not run cclaw helpers (`node .cclaw/hooks/...`) manually.\nNEVER paste full command lines, `--evidence-json '{...}'` payloads,\n`--waive-delegation=...`, or shell hash commands (`shasum`,\n`sha256sum`, `Get-FileHash`, `certutil`, etc.) into chat. Run the\nhelper via the tool layer and report only the resulting summary. On\nfailure, report a compact human-readable summary plus the helper JSON in\na single fenced `json` block.\n";
+export declare const CURSOR_WORKFLOW_RULE_MDC = "---\ndescription: cclaw workflow guardrails for Cursor agent sessions\nglobs:\n  - \"**/*\"\nalwaysApply: true\n---\n\n<!-- cclaw-managed-cursor-workflow-rule -->\n\n# Cclaw Workflow Guardrails\n\n## Activation Rule\n\nBefore responding to coding work:\n1. Read `.cclaw/state/flow-state.json`.\n2. Start with `/cc` or continue with `/cc`.\n3. If no software-stage flow applies, respond normally.\n\n## Stage Order\n\n`brainstorm -> scope -> design -> spec -> plan -> tdd -> review -> ship`\n\nTrack-specific skips are allowed only when `flow-state.track` + `skippedStages` explicitly say so.\n\n## Task Classification\n\n| Class | Route |\n|---|---|\n| non-trivial software work | `/cc <idea>` |\n| trivial software fix | `/cc <idea>` (quick track) |\n| bugfix with repro | `/cc <idea>` and enforce RED-first in tdd |\n| pure question / non-software | direct answer (no stage flow) |\n\n## Command Surface\n\n- `/cc` = entry and resume.\n- `/cc` = only progression path.\n- Knowledge capture and recall use the `learnings` skill when requested.\n\n## Verification Discipline\n\n- No completion claim without fresh command evidence in this turn.\n- Do not mark gates passed from memory.\n- Keep evidence in `.cclaw/artifacts/`; archive through closeout via `/cc` or cancel early via `node .cclaw/hooks/cancel-run.mjs`.\n\n## Delegation And Approvals\n\n- Machine-only checks in design/plan/tdd/review/ship should auto-dispatch when tooling supports it.\n- **For brainstorm / scope / design stages**: ask user input continuously via adaptive elicitation (one question per turn through the harness-native question tool \u2014 `AskQuestion` in Cursor). Walk the stage forcing-questions list one-by-one. Do NOT batch and do NOT defer to a single approval gate at the end. The `qa_log_unconverged` linter rule will block `stage-complete` when convergence is not reached (forcing topics unaddressed AND last 2 turns still produce decision-changing rows AND no stop-signal).\n- **For other stages** (spec/plan/tdd/build/review/ship): ask user input only at explicit approval gates (scope mode, plan approval, challenge resolution, ship finalization), not for routine progress updates.\n- If you find yourself proposing a draft after 1-2 questions in brainstorm/scope/design, STOP \u2014 go back to the forcing-questions list and continue.\n- Mandatory subagents in brainstorm/scope/design run only AFTER the user approves the elicitation outcome (see each stage's \"Run Phase: post-elicitation\" rows). Dispatching them before the Q&A loop converges violates the contract.\n- Never echo cclaw command lines (`node .cclaw/hooks/...`, `--evidence-json '{...}'`) to chat \u2014 the user does not run cclaw manually. Run helpers via the tool layer; report only the resulting summary.\n- If harness capabilities are partial, record waiver reasons in delegation logs.\n\n## Routing Source Of Truth\n\n- Primary router: `.cclaw/skills/using-cclaw/SKILL.md`.\n- Stage behavior: current stage skill plus `.cclaw/state/flow-state.json`.\n- Preamble budget: keep role/status announcements brief and avoid repeating\n  them unless the stage or role changes.\n";
 export declare function buildRulesJson(): Record<string, unknown>;

package/dist/content/templates.js

@@ -38,6 +38,13 @@ export const ARTIFACT_TEMPLATES = {
 |---|---|---|---|
 |  |  |  |  |
 
+## Idea Evidence Carry-forward
+> Required only when this brainstorm started from \`/cc-ideate\` (\`flow-state.interactionHints.brainstorm.fromIdeaArtifact\` is set). Skip the section entirely otherwise.
+- Source: \`<.cclaw/ideas/idea-YYYY-MM-DD-slug.md>\`
+- Candidate: \`I-#\`
+- Reused fields: Title, Why-now, Expected impact, Risk, Counter-argument
+- Newly generated: challenger row(s) only — the idea candidate becomes the \`baseline\` row of \`## Approaches\` and the seed of \`## Selected Direction\`; do NOT regenerate divergent + critique + rank work that \`/cc-ideate\` already produced.
+
 ## Problem Decision Record
 - **Depth:** lite | standard | deep
 - **Frame type:** \`<free-form-label>\` (one short token that names how this work is framed; pick whatever fits — examples in commentary only: \`product\`, \`technical-maintenance\`, \`research-spike\`, \`ops-incident\`, \`infrastructure\`, \`library-extraction\`. Do NOT treat the examples as an enum.)
@@ -219,23 +226,14 @@ ${MARKDOWN_CODE_FENCE}
 - Every error has a name:
 - Four paths per data flow:
 
-## Premise Challenge
-| Question | Answer (take a position) | Evidence / leverage |
-|---|---|---|
-| Right problem? |  |  |
-| Direct path? |  |  |
-| What if we do nothing? |  |  |
-| Existing-code leverage? |  |  |
-| Reversibility cost? |  |  |
-
-## Implementation Alternatives
-| Option | Summary | Effort (S/M/L/XL) | Risk (Low/Med/High) | Pros | Cons | Reuses |
-|---|---|---|---|---|---|---|
-| A (minimum viable) |  |  |  |  |  |  |
-| B (ideal architecture) |  |  |  |  |  |  |
-| C (optional) |  |  |  |  |  |  |
+## Premise Drift
+> Optional. Brainstorm OWNS the premise check. Record \`None\` unless scope-stage Q&A surfaced new evidence (constraint, user signal, regulatory change) that materially changes brainstorm's \`## Premise Check\` answer.
 
-RECOMMENDATION: <option letter — one-line rationale tying back to premise challenge and existing-code leverage>
+| Brainstorm question | New evidence (scope-stage) | Drift verdict (no-change / shift / reverse) | Action |
+|---|---|---|---|
+| (cite brainstorm Q) |  |  |  |
+
+- Default: \`Drift: None — brainstorm Premise Check stands.\`
 
 ## Scope Contract
 - **Selected mode:** HOLD SCOPE | SELECTIVE EXPANSION | SCOPE EXPANSION | SCOPE REDUCTION
@@ -247,8 +245,9 @@ RECOMMENDATION: <option letter — one-line rationale tying back to premise chal
 - **Deferred ideas:**
 - **Accepted reference ideas:**
 - **Rejected reference ideas:**
+- **Constraints (external/regulatory/system/integration):** (spec carries these forward — do NOT restate as assumptions)
 - **Success definition:**
-- **Design handoff:**
+- **Design handoff:** (name what design must decide: architecture-tier, framework, data-model, etc. — design OWNS the architecture choice)
 
 ## Decision Drivers
 | Driver | Weight (1-5) | Option A | Option B | Option C | Notes |
@@ -307,14 +306,18 @@ RECOMMENDATION: <option letter — one-line rationale tying back to premise chal
 > is later dropped, keep the row and mark Priority \`DROPPED\`; if a new one is
 > added mid-flow, append with the next free R-number — do NOT reuse numbers.
 
-## Locked Decisions (LD#hash)
-| Decision Anchor | Decision | Why locked now | Downstream impact |
+## Locked Decisions
+| ID | Decision | Why locked now | Downstream impact |
 |---|---|---|---|
-| LD#<sha8> |  |  |  |
+| D-1 |  |  |  |
 
-> Decision Anchor is \`LD#\` + the first 8 lowercase hex chars of SHA-256 over
-> the normalized \`Decision\` cell (trim, collapse whitespace, lowercase). Downstream
-> design/spec/plan/review artifacts reference these anchors verbatim.
+> Decision IDs are stable \`D-XX\` numbers. Assign once and never renumber across
+> scope/design/spec/plan/review/ship; downstream artifacts reference these IDs
+> verbatim. If a decision is later dropped, keep the row and mark it
+> \`(superseded by D-Y)\`; if a new one is added mid-flow, append with the next
+> free D-number. Wave 22 (v4.0.0) removed the legacy LD#<sha8> hash anchor —
+> existing artifacts with LD# anchors remain valid markdown but the linter only
+> tracks D-XX IDs.
 
 ## In Scope / Out of Scope
 
@@ -478,7 +481,7 @@ ${MARKDOWN_CODE_FENCE}
 > Default path: compact inline synthesis here. Deep/high-risk work may also write \`.cclaw/artifacts/02a-research.md\`.
 
 ## Architecture Boundaries
-| Component | Responsibility | Requirement Refs (R#) | Decision Refs (LD#hash) | Owner |
+| Component | Responsibility | Requirement Refs (R#) | Decision Refs (D-XX) | Owner |
 |---|---|---|---|---|
 |  |  |  |  |  |
 
@@ -524,8 +527,12 @@ ${MARKDOWN_CODE_FENCE}
 |---|---|---|---|---|
 |  |  |  | clear/stale |  |
 
-## What Already Exists
-| Sub-problem | Existing code/library | Layer | Reuse decision |
+## Blast-radius Diff
+> Diff since scope artifact baseline. Scope OWNS the full repo audit (\`## Pre-Scope System Audit\`); design only diffs touched paths.
+>
+> Suggested command: \`git diff <scope-artifact-head-sha>..HEAD -- <touched-paths>\`
+
+| File | Change since scope (\`git diff\` summary) | Current responsibility | Reuse candidate / existing pattern |
 |---|---|---|---|
 |  |  |  |  |
 
@@ -540,11 +547,11 @@ ${MARKDOWN_CODE_FENCE}
 ### Interaction Edge Case Matrix
 | Edge case | Handled? | Design response | Deferred item (if not handled) |
 |---|---|---|---|
-| double-click | yes/no |  | None / LD#hash |
-| nav-away-mid-request | yes/no |  | None / LD#hash |
-| 10K-result dataset | yes/no |  | None / LD#hash |
-| background-job abandonment | yes/no |  | None / LD#hash |
-| zombie connection | yes/no |  | None / LD#hash |
+| double-click | yes/no |  | None / D-XX |
+| nav-away-mid-request | yes/no |  | None / D-XX |
+| 10K-result dataset | yes/no |  | None / D-XX |
+| background-job abandonment | yes/no |  | None / D-XX |
+| zombie connection | yes/no |  | None / D-XX |
 
 ## Security & Threat Model
 | Boundary | Threat | Mitigation | Owner |
@@ -620,9 +627,6 @@ ${MARKDOWN_CODE_FENCE}
 - Max iterations: 3
 - Unresolved concerns:
 
-## NOT in scope
-- 
-
 ## Parallelization Strategy
 - Standard/Deep add-on when multi-module; omit for compact sequential work.
 - Parallel lanes:
@@ -699,7 +703,7 @@ ${MARKDOWN_CODE_FENCE}
 - Drift from upstream (or \`None\`):
 
 ## Acceptance Criteria
-| ID | Requirement Ref (R#) | Criterion (observable/measurable/falsifiable) | Design Decision Ref (LD#hash) |
+| ID | Requirement Ref (R#) | Criterion (observable/measurable/falsifiable) | Design Decision Ref (D-XX) |
 |---|---|---|---|
 | AC-1 | R1 |  |  |
 
@@ -718,8 +722,10 @@ ${MARKDOWN_CODE_FENCE}
 | AC-1 |  |  |
 
 ## Constraints and Assumptions
-- Constraints:
-- Assumptions:
+> Constraints are CARRIED FORWARD from scope's \`## Scope Contract > Constraints\`. Cite or copy with attribution; do NOT re-author. Spec OWNS testable assumptions in \`## Assumptions Before Finalization\` below.
+
+- **Constraints (carry-forward):** See scope: \`02-scope-<slug>.md#scope-contract\` (or list new spec-stage constraints with citation to the Q&A row that surfaced them).
+- **Assumptions:** See \`## Assumptions Before Finalization\` (spec-only owner).
 
 ## Assumptions Before Finalization
 | Assumption | Source / confidence | Validation path | Disposition |
@@ -845,9 +851,9 @@ Execution rule: complete and verify each batch before starting the next batch.
 - TDD checkpoint plan: RED commit/checkpoint -> GREEN commit/checkpoint -> REFACTOR commit/checkpoint (or deferred because: )
 
 ## Locked Decision Coverage
-| Decision Ref (LD#hash) | Source section | Plan tasks implementing decision | Status |
+| Decision Ref (D-XX) | Source section | Plan tasks implementing decision | Status |
 |---|---|---|---|
-| LD#<sha8> | 02-scope.md > Locked Decisions | T-1 | covered |
+| D-1 | 02-scope.md > Locked Decisions | T-1 | covered |
 
 ## Risk Assessment
 | Task/Batch | Risk | Likelihood | Impact | Mitigation |
@@ -870,7 +876,7 @@ Execution rule: complete and verify each batch before starting the next batch.
   - Create:
   - Modify:
   - Test:
-- **Approach:** (1-3 sentences; cite design decision DD-# or LD#hash)
+- **Approach:** (1-3 sentences; cite design decision DD-# or scope D-XX)
 - **Patterns to follow:** (link existing files/modules to mirror, or \`- None applicable.\`)
 - **Test scenarios:**
   - Happy:
@@ -908,7 +914,7 @@ Execution rule: complete and verify each batch before starting the next batch.
   - Hits: 0 (required for WAIT_FOR_CONFIRM to resolve).
 - Scope reduction language scan:
   - Scanned phrases: \`v1\`, \`for now\`, \`later\`, \`temporary\`, \`placeholder\`, \`mock for now\`, \`hardcoded for now\`, \`will improve later\`.
-  - Hits: 0 (required when Locked Decisions section is non-empty; use LD#hash anchors).
+  - Hits: 0 (required when Locked Decisions section is non-empty; reference D-XX IDs from scope).
 
 ## WAIT_FOR_CONFIRM
 - Status: pending
@@ -1180,9 +1186,14 @@ Execution rule: complete and verify each batch before starting the next batch.
 | AC-1 | PASS/FAIL |  |
 
 ## Layer 2 Findings
+> Wave 23 (v5.0.0): Layer 2 categories OWNED by review = cross-slice correctness, security, dependency/version, observability, external-safety. Performance + architecture findings are CARRY-FORWARD from \`03-design-<slug>.md\` (Performance Budget, ADR) — cite, do NOT re-derive. Single-slice findings stay in \`06-tdd.md > Per-Slice Review\`; review may cite their IDs (severity/disposition must match — cross-artifact-duplication linter blocks otherwise).
+
 | ID | Severity | Category | File:line / no-line reason | Description | Status |
 |---|---|---|---|---|---|
-| R-1 | Critical/Important/Suggestion | correctness/security/performance/architecture/external-safety | path:line |  | open/resolved |
+| R-1 | Critical/Important/Suggestion | cross-slice-correctness/security/dependency-version/observability/external-safety | path:line |  | open/resolved |
+| R-2 | from-design | performance | cite \`03-design-<slug>.md > Performance Budget\` |  | carry-forward |
+| R-3 | from-design | architecture | cite \`03-design-<slug>.md > ADR\` |  | carry-forward |
+| R-4 | from-tdd | from-tdd | cite \`06-tdd.md > Per-Slice Review > F-<n>\` |  | carry-forward |
 - NO_FINDINGS_ATTESTATION: <required when no findings are reported; cite inspected coverage>
 
 ## Lens Coverage
@@ -1449,6 +1460,63 @@ delegate to a specialized agent or skill if the harness supports it. The primary
 2. Provide focused context (relevant files, the specific concern)
 3. Evaluate the specialist output before acting on it — do not blindly apply recommendations
 `;
+/**
+ * Always-on baseline rule materialized at `.cursor/rules/cclaw-guidelines.mdc`.
+ * Independent of skill activation — kicks in even when the agent skips
+ * loading skills. Three hard rules cover the most common Wave 22 regressions
+ * (premature draft, premature subagent dispatch, command-line echo to chat).
+ */
+export const CURSOR_GUIDELINES_RULE_MDC = `---
+description: cclaw zero-install behavior baseline (always-on)
+globs:
+  - "**/*"
+alwaysApply: true
+---
+
+<!-- cclaw-managed-cursor-guidelines-rule -->
+
+# Cclaw Baseline Guidelines
+
+These three rules apply to every Cursor agent session in this project,
+regardless of whether stage skills loaded.
+
+## 1. Q&A floor before drafting (brainstorm/scope/design)
+
+Before drafting any \`.cclaw/artifacts/01-brainstorm-*.md\`,
+\`02-scope-*.md\`, or \`03-design-*.md\`, verify that the artifact's
+\`## Q&A Log\` table demonstrates Ralph-Loop convergence: forcing-question
+topics are addressed (see the stage's forcing-questions checklist row),
+the last 2 turns produce no new decision-changing impact, OR an explicit
+user stop-signal row is recorded. Walk the stage forcing questions one at
+a time via the \`AskQuestion\` tool. If you find yourself proposing a
+draft after 1-2 questions while forcing topics remain unaddressed, STOP
+and continue the loop.
+
+The \`qa_log_unconverged\` linter rule will block \`stage-complete\` when
+convergence has not been reached.
+
+## 2. Mandatory subagents run after Q&A approval
+
+For brainstorm / scope / design, mandatory subagents (
+\`product-discovery\`, \`critic\`, \`planner\`, \`architect\`,
+\`test-author\`) run **only AFTER the user approves the elicitation
+outcome**, never before the Q&A loop converges. Dispatching them early
+preempts the user dialogue and violates the elicitation contract — the
+linter will block stage-complete.
+
+See each stage's "Run Phase: post-elicitation" rows in the materialized
+Automatic Subagent Dispatch table.
+
+## 3. Never echo cclaw command lines to chat
+
+The user does not run cclaw helpers (\`node .cclaw/hooks/...\`) manually.
+NEVER paste full command lines, \`--evidence-json '{...}'\` payloads,
+\`--waive-delegation=...\`, or shell hash commands (\`shasum\`,
+\`sha256sum\`, \`Get-FileHash\`, \`certutil\`, etc.) into chat. Run the
+helper via the tool layer and report only the resulting summary. On
+failure, report a compact human-readable summary plus the helper JSON in
+a single fenced \`json\` block.
+`;
 export const CURSOR_WORKFLOW_RULE_MDC = `---
 description: cclaw workflow guardrails for Cursor agent sessions
 globs:
@@ -1497,7 +1565,11 @@ Track-specific skips are allowed only when \`flow-state.track\` + \`skippedStage
 ## Delegation And Approvals
 
 - Machine-only checks in design/plan/tdd/review/ship should auto-dispatch when tooling supports it.
-- Ask for user input only at explicit approval gates (scope mode, plan approval, challenge resolution, ship finalization).
+- **For brainstorm / scope / design stages**: ask user input continuously via adaptive elicitation (one question per turn through the harness-native question tool — \`AskQuestion\` in Cursor). Walk the stage forcing-questions list one-by-one. Do NOT batch and do NOT defer to a single approval gate at the end. The \`qa_log_unconverged\` linter rule will block \`stage-complete\` when convergence is not reached (forcing topics unaddressed AND last 2 turns still produce decision-changing rows AND no stop-signal).
+- **For other stages** (spec/plan/tdd/build/review/ship): ask user input only at explicit approval gates (scope mode, plan approval, challenge resolution, ship finalization), not for routine progress updates.
+- If you find yourself proposing a draft after 1-2 questions in brainstorm/scope/design, STOP — go back to the forcing-questions list and continue.
+- Mandatory subagents in brainstorm/scope/design run only AFTER the user approves the elicitation outcome (see each stage's "Run Phase: post-elicitation" rows). Dispatching them before the Q&A loop converges violates the contract.
+- Never echo cclaw command lines (\`node .cclaw/hooks/...\`, \`--evidence-json '{...}'\`) to chat — the user does not run cclaw manually. Run helpers via the tool layer; report only the resulting summary.
 - If harness capabilities are partial, record waiver reasons in delegation logs.
 
 ## Routing Source Of Truth