code-ai-installer 4.1.0 → 4.3.0

package/README.md

@@ -157,8 +157,10 @@ Depending on `--target`, `code-ai` restructures your project:
 
 ## 🧬 Versions & migration
 
-`code-ai-installer` is on **v4.0.0**.
+`code-ai-installer` is on **v4.3.0**.
 
+- **v4.3.0** — `render_diff` MCP tool (unified diff → a standalone HTML review page); MCP gate-flow + stop-at-user-gate sections added to the content / analytics / product conductors; Auditor trigger — a `/audit` command plus a Release-Gate nudge that surfaces after every 3rd completed run (development pilot).
+- **v4.1.0** — MCP servers now register in your **global (user-scope)** config via a direct, idempotent `~/.claude.json` merge (no dependency on the `claude` CLI); the conductor halts at each user gate — one at a time, no batching, no auto-pass on green.
 - **v4.0.0** — consolidated the previously separate `code-ai-mcp` and types packages into this single package with **two bins** (`code-ai` + `code-ai-mcp`). Installing the CLI now also delivers the MCP server; for Claude it is auto-registered in your global (user-scope) MCP config. Existing 3.x CLI behavior is unchanged.
 - **v3.0.0 (breaking)** — removed the legacy flat root layout (`AGENTS.md` + `agents/` + `.agents/` at package root); the CLI now reads exclusively from `domains/<id>/`. **Migrating from v2.x:** add `--domain <development|content|analytics|product>` to every CLI call. If you used a custom `--project-dir`, restructure it to `domains/<id>/` instead of a flat layout.
 

package/dist/mcp/audit_ledger.d.ts

@@ -10,3 +10,13 @@ export declare function readLedger(): Promise<RunScorecard[]>;
  * break a sign-off (telemetry is never load-bearing for the gate).
  */
 export declare function recordRunScorecard(state: TaskState): Promise<void>;
+/** Number of COMPLETED (RG-signed) runs in the ledger. */
+export declare function countCompletedRuns(): Promise<number>;
+/**
+ * A1 cadence (Variant A1): surface an Auditor nudge on every 3rd completed run
+ * (3, 6, 9, …). Stateless — no last-audit marker — so it re-reminds until the
+ * user runs /audit. Surfacing only; returns undefined when no nudge is due.
+ */
+export declare function auditNudgeFor(completedRuns: number): {
+    runs_total: number;
+} | undefined;

package/dist/mcp/audit_ledger.js

@@ -80,3 +80,18 @@ export async function recordRunScorecard(state) {
     const extras = await readSideCounts(state.task_id);
     await appendScorecard(buildScorecard(state, extras));
 }
+/** Number of COMPLETED (RG-signed) runs in the ledger. */
+export async function countCompletedRuns() {
+    const cards = await readLedger();
+    return cards.filter((c) => c.completed).length;
+}
+/**
+ * A1 cadence (Variant A1): surface an Auditor nudge on every 3rd completed run
+ * (3, 6, 9, …). Stateless — no last-audit marker — so it re-reminds until the
+ * user runs /audit. Surfacing only; returns undefined when no nudge is due.
+ */
+export function auditNudgeFor(completedRuns) {
+    return completedRuns >= 3 && completedRuns % 3 === 0
+        ? { runs_total: completedRuns }
+        : undefined;
+}

package/dist/mcp/cli.js

@@ -56,6 +56,7 @@ const TOOL_DESCRIPTIONS = {
     dependency_supply_chain: "[stub] Check supply chain (npm audit, Socket integration, license check).",
     docker_compose: "[stub] Run docker compose up/down for a target.",
     e2e_playwright: "[stub] Run Playwright end-to-end suite.",
+    render_diff: "Render a unified diff (e.g. `git diff`) into a colored, per-file, line-numbered HTML review page written to the OS temp dir. Returns the path + a file:// URL the user opens in a browser. Use at the REV gate to present code changes for review. Informational only — the file lives in temp (cleared on reboot), never in the project.",
 };
 function buildServer() {
     const dispatch = new CodeAiMcpServer();

package/dist/mcp/tools/render_diff.d.ts

@@ -0,0 +1,25 @@
+import { type RenderDiffInput, type RenderDiffOutput } from "../../shared/index.js";
+type RowKind = "hunk" | "add" | "del" | "ctx";
+interface DiffRow {
+    kind: RowKind;
+    text: string;
+    o: number | "";
+    n: number | "";
+}
+export interface DiffFile {
+    name: string;
+    added: number;
+    removed: number;
+    rows: DiffRow[];
+}
+/** Parse a unified diff into per-file rows with old/new line numbers. Pure. */
+export declare function parseUnifiedDiff(raw: string): DiffFile[];
+/** Render parsed diff files into a self-contained HTML page. Pure. */
+export declare function renderDiffHtml(diff: string, title: string): {
+    html: string;
+    files: number;
+    added: number;
+    removed: number;
+};
+export declare function renderDiff(input: RenderDiffInput): Promise<RenderDiffOutput>;
+export {};

package/dist/mcp/tools/render_diff.js

@@ -0,0 +1,138 @@
+import { writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { pathToFileURL } from "node:url";
+import { createHash } from "node:crypto";
+/**
+ * render_diff — turn a unified diff into a colored, per-file, line-numbered HTML
+ * review page and write it to the OS temp dir.
+ *
+ * Why a tool (not a loose script): code reviews in the pipeline are presented as
+ * an HTML diff the user opens via a file:// link. Shipping it as an MCP tool keeps
+ * it version-controlled, testable, and reachable wherever the server runs.
+ *
+ * The output is INFORMATIONAL only — it lives in the system temp dir (cleared on
+ * reboot), never in the project, so it pollutes nothing and needs no cleanup.
+ * Self-contained: no deps, no network.
+ */
+const esc = (s) => s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+/** Parse a unified diff into per-file rows with old/new line numbers. Pure. */
+export function parseUnifiedDiff(raw) {
+    const blocks = raw.split(/^diff --git /m).filter(Boolean);
+    const files = [];
+    for (const b of blocks) {
+        const lines = ("diff --git " + b).split("\n");
+        const header = lines[0];
+        const m = header.match(/a\/(.+?) b\/(.+)$/);
+        const name = m ? m[2] : header;
+        let added = 0;
+        let removed = 0;
+        const rows = [];
+        let oldLn = 0;
+        let newLn = 0;
+        for (const ln of lines) {
+            if (ln.startsWith("diff --git") ||
+                ln.startsWith("index ") ||
+                ln.startsWith("--- ") ||
+                ln.startsWith("+++ "))
+                continue;
+            const hunk = ln.match(/^@@ -(\d+)(?:,\d+)? \+(\d+)(?:,\d+)? @@/);
+            if (hunk) {
+                oldLn = Number(hunk[1]);
+                newLn = Number(hunk[2]);
+                rows.push({ kind: "hunk", text: ln, o: "", n: "" });
+                continue;
+            }
+            if (ln.startsWith("+")) {
+                added++;
+                rows.push({ kind: "add", text: ln.slice(1), o: "", n: newLn++ });
+            }
+            else if (ln.startsWith("-")) {
+                removed++;
+                rows.push({ kind: "del", text: ln.slice(1), o: oldLn++, n: "" });
+            }
+            else if (ln.startsWith("\\")) {
+                // "" — skip
+            }
+            else {
+                rows.push({ kind: "ctx", text: ln.slice(1), o: oldLn++, n: newLn++ });
+            }
+        }
+        files.push({ name, added, removed, rows });
+    }
+    return files;
+}
+/** Render parsed diff files into a self-contained HTML page. Pure. */
+export function renderDiffHtml(diff, title) {
+    const files = parseUnifiedDiff(diff);
+    const fileSections = files
+        .map((f, i) => {
+        const rowsHtml = f.rows
+            .map((r) => {
+            if (r.kind === "hunk")
+                return `<tr class="hunk"><td class="ln"></td><td class="ln"></td><td class="code">${esc(r.text)}</td></tr>`;
+            const sign = r.kind === "add" ? "+" : r.kind === "del" ? "-" : " ";
+            return `<tr class="${r.kind}"><td class="ln">${r.o}</td><td class="ln">${r.n}</td><td class="code"><span class="sign">${sign}</span>${esc(r.text)}</td></tr>`;
+        })
+            .join("\n");
+        return `<section id="f${i}">
+  <h2>${esc(f.name)} <span class="stat"><span class="plus">+${f.added}</span> <span class="minus">-${f.removed}</span></span></h2>
+  <table>${rowsHtml}</table>
+</section>`;
+    })
+        .join("\n");
+    const added = files.reduce((s, f) => s + f.added, 0);
+    const removed = files.reduce((s, f) => s + f.removed, 0);
+    const nav = files
+        .map((f, i) => `<a href="#f${i}">${esc(f.name.split("/").pop() ?? f.name)}</a>`)
+        .join("");
+    const html = `<!doctype html><html lang="en"><head><meta charset="utf-8">
+<title>${esc(title)}</title>
+<style>
+  :root { color-scheme: light dark; }
+  body { font: 13px/1.5 ui-monospace, "Cascadia Code", Consolas, monospace; margin: 0; background:#0d1117; color:#c9d1d9; }
+  header { padding: 16px 24px; border-bottom: 1px solid #30363d; position: sticky; top:0; background:#0d1117; }
+  header h1 { font: 600 16px system-ui, sans-serif; margin: 0 0 4px; }
+  header .summary { font: 13px system-ui, sans-serif; color:#8b949e; }
+  .plus { color:#3fb950; } .minus { color:#f85149; }
+  section { margin: 20px 24px; border: 1px solid #30363d; border-radius: 8px; overflow:hidden; }
+  section h2 { font: 600 13px ui-monospace, monospace; margin:0; padding:10px 14px; background:#161b22; border-bottom:1px solid #30363d; }
+  .stat { float:right; font-weight:400; }
+  table { border-collapse: collapse; width:100%; }
+  td { padding: 0 6px; white-space: pre-wrap; word-break: break-word; vertical-align: top; }
+  td.ln { width:1%; text-align:right; color:#6e7681; user-select:none; border-right:1px solid #21262d; padding:0 8px; }
+  td.code { width:100%; }
+  .sign { display:inline-block; width:1ch; color:#6e7681; }
+  tr.add { background: rgba(63,185,80,.15); } tr.add .sign { color:#3fb950; }
+  tr.del { background: rgba(248,81,73,.15); } tr.del .sign { color:#f85149; }
+  tr.hunk td { background:#161b22; color:#8b949e; padding:4px 14px; }
+  nav { padding: 0 24px; font: 13px system-ui, sans-serif; }
+  nav a { color:#58a6ff; text-decoration:none; display:inline-block; margin:2px 12px 2px 0; }
+</style></head><body>
+<header>
+  <h1>${esc(title)}</h1>
+  <div class="summary">${files.length} files · <span class="plus">+${added}</span> <span class="minus">-${removed}</span></div>
+</header>
+<nav>${nav}</nav>
+${fileSections}
+</body></html>`;
+    return { html, files: files.length, added, removed };
+}
+/** Slugify a label for use in a temp filename. */
+function slug(s) {
+    return (s
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, "-")
+        .replace(/^-+|-+$/g, "")
+        .slice(0, 40) || "review");
+}
+export async function renderDiff(input) {
+    const title = input.title ?? "Diff review";
+    const { html, files, added, removed } = renderDiffHtml(input.diff, title);
+    // Content-hashed name → same diff reuses one file; lands in the OS temp dir
+    // (cleared on reboot), never in the project.
+    const hash = createHash("sha1").update(input.diff).digest("hex").slice(0, 8);
+    const path = join(tmpdir(), `code-ai-diff-${slug(input.task_id ?? title)}-${hash}.html`);
+    await writeFile(path, html, "utf8");
+    return { path, file_url: pathToFileURL(path).href, files, added, removed };
+}

package/dist/mcp/tools/sign_off.js

@@ -1,6 +1,6 @@
 import { getGateConfig, loadPipeline } from "../pipeline.js";
 import { readTaskState, writeTaskState } from "../task_state.js";
-import { recordRunScorecard } from "../audit_ledger.js";
+import { recordRunScorecard, countCompletedRuns, auditNudgeFor } from "../audit_ledger.js";
 import { resolveActiveDomain } from "../config.js";
 /**
  * Records a sign-off event for the task's current gate. Validates that:
@@ -27,7 +27,9 @@ export async function signOff(input) {
     switch (gateCfg.sign_off_policy) {
         case "user":
             if (input.signer !== "user") {
-                throw new Error(`sign_off: gate ${input.gate} requires signer 'user' (policy=user), got '${input.signer}'`);
+                throw new Error(`sign_off: gate ${input.gate} requires signer 'user' (policy=user), got '${input.signer}'. ` +
+                    `This is a USER gate — HALT: present the ${input.gate} artifact and request the user's sign_off(signer='user') for THIS gate. ` +
+                    `Do not auto-pass it, do not batch it with other gates, and do not begin any downstream-gate work until it is signed.`);
             }
             break;
         case "mcp_auto_pass":
@@ -56,15 +58,18 @@ export async function signOff(input) {
     });
     await writeTaskState(state);
     // Auditor telemetry: when the terminal gate is signed, the run is complete —
-    // append a scorecard to the local ledger. Best-effort: a ledger failure must
-    // NEVER break a sign-off (telemetry is not load-bearing for the gate).
+    // append a scorecard to the local ledger, then compute the /audit nudge.
+    // Best-effort: a ledger failure (or nudge failure) must NEVER break a
+    // sign-off (telemetry is not load-bearing for the gate).
+    let audit_nudge;
     if (input.gate === "RG") {
         try {
             await recordRunScorecard(state);
+            audit_nudge = auditNudgeFor(await countCompletedRuns());
         }
         catch {
             /* swallow — see contract in audit_ledger.recordRunScorecard */
         }
     }
-    return { signed: true, signer: input.signer, timestamp };
+    return { signed: true, signer: input.signer, timestamp, ...(audit_nudge ? { audit_nudge } : {}) };
 }

package/dist/mcp/tools/stubs.js

@@ -31,6 +31,7 @@ import { reviewProposal } from "./review_proposal.js";
 import { e2ePlaywright } from "./e2e_playwright.js";
 import { dockerCompose } from "./docker_compose.js";
 import { dependencySupplyChain } from "./dependency_supply_chain.js";
+import { renderDiff } from "./render_diff.js";
 /** Thrown by every stub until the real implementation lands. */
 export class NotImplementedError extends Error {
     constructor(tool) {
@@ -83,4 +84,5 @@ export const DEFAULT_HANDLERS = {
     dependency_supply_chain: dependencySupplyChain,
     docker_compose: dockerCompose,
     e2e_playwright: e2ePlaywright,
+    render_diff: renderDiff,
 };

package/dist/shared/tools.d.ts

@@ -687,6 +687,10 @@ export declare const SignOffInput: z.ZodObject<{
     }>;
     evidence: z.ZodOptional<z.ZodUnknown>;
 }, z.core.$strip>;
+/** Surfacing-only Auditor reminder, emitted when completed runs hit the A1 cadence (every 3rd). */
+export declare const AuditNudge: z.ZodObject<{
+    runs_total: z.ZodNumber;
+}, z.core.$strip>;
 export declare const SignOffOutput: z.ZodObject<{
     signed: z.ZodLiteral<true>;
     signer: z.ZodEnum<{
@@ -695,6 +699,9 @@ export declare const SignOffOutput: z.ZodObject<{
         system: "system";
     }>;
     timestamp: z.ZodString;
+    audit_nudge: z.ZodOptional<z.ZodObject<{
+        runs_total: z.ZodNumber;
+    }, z.core.$strip>>;
 }, z.core.$strip>;
 export type SignOffInput = z.infer<typeof SignOffInput>;
 export type SignOffOutput = z.infer<typeof SignOffOutput>;
@@ -1578,6 +1585,20 @@ export declare const E2EPlaywrightOutput: z.ZodObject<{
 }, z.core.$strip>;
 export type E2EPlaywrightInput = z.infer<typeof E2EPlaywrightInput>;
 export type E2EPlaywrightOutput = z.infer<typeof E2EPlaywrightOutput>;
+export declare const RenderDiffInput: z.ZodObject<{
+    diff: z.ZodString;
+    title: z.ZodOptional<z.ZodString>;
+    task_id: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const RenderDiffOutput: z.ZodObject<{
+    path: z.ZodString;
+    file_url: z.ZodString;
+    files: z.ZodNumber;
+    added: z.ZodNumber;
+    removed: z.ZodNumber;
+}, z.core.$strip>;
+export type RenderDiffInput = z.infer<typeof RenderDiffInput>;
+export type RenderDiffOutput = z.infer<typeof RenderDiffOutput>;
 export declare const TOOL_REGISTRY: {
     readonly load_role: {
         readonly input: z.ZodObject<{
@@ -2245,6 +2266,9 @@ export declare const TOOL_REGISTRY: {
                 system: "system";
             }>;
             timestamp: z.ZodString;
+            audit_nudge: z.ZodOptional<z.ZodObject<{
+                runs_total: z.ZodNumber;
+            }, z.core.$strip>>;
         }, z.core.$strip>;
     };
     readonly submit_artifact: {
@@ -3017,5 +3041,19 @@ export declare const TOOL_REGISTRY: {
             }, z.core.$strip>>>;
         }, z.core.$strip>;
     };
+    readonly render_diff: {
+        readonly input: z.ZodObject<{
+            diff: z.ZodString;
+            title: z.ZodOptional<z.ZodString>;
+            task_id: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+        readonly output: z.ZodObject<{
+            path: z.ZodString;
+            file_url: z.ZodString;
+            files: z.ZodNumber;
+            added: z.ZodNumber;
+            removed: z.ZodNumber;
+        }, z.core.$strip>;
+    };
 };
 export type ToolName = keyof typeof TOOL_REGISTRY;

package/dist/shared/tools.js

@@ -159,10 +159,16 @@ export const SignOffInput = z.object({
     /** Evidence — for mcp signer this is the auto_check tool output; for user it's free-form. */
     evidence: z.unknown().optional(),
 });
+/** Surfacing-only Auditor reminder, emitted when completed runs hit the A1 cadence (every 3rd). */
+export const AuditNudge = z.object({
+    runs_total: z.number().int().nonnegative(),
+});
 export const SignOffOutput = z.object({
     signed: z.literal(true),
     signer: Signer,
     timestamp: z.string(),
+    /** Present only when RG is signed AND the run count hits the cadence. Best-effort; never load-bearing. */
+    audit_nudge: AuditNudge.optional(),
 });
 // ─── submit_artifact ─────────────────────────────────────────────────────────
 export const SubmitArtifactInput = z.object({
@@ -598,6 +604,23 @@ export const E2EPlaywrightOutput = z.object({
     failed: z.number().int().nonnegative(),
     failures: z.array(ExceptionItem).default([]),
 });
+export const RenderDiffInput = z.object({
+    /** A unified diff (e.g. the output of `git diff`). */
+    diff: z.string().min(1),
+    /** Heading shown at the top of the review page. */
+    title: z.string().optional(),
+    /** Optional task id — only used to label the output filename. */
+    task_id: TaskId.optional(),
+});
+export const RenderDiffOutput = z.object({
+    /** Absolute path of the written HTML file (in the OS temp dir). */
+    path: z.string(),
+    /** file:// URL the user can open in a browser. */
+    file_url: z.string(),
+    files: z.number().int().nonnegative(),
+    added: z.number().int().nonnegative(),
+    removed: z.number().int().nonnegative(),
+});
 // ════════════════════════════════════════════════════════════════════════════
 // TOOL REGISTRY — name → { input, output } for runtime dispatch
 // ════════════════════════════════════════════════════════════════════════════
@@ -639,4 +662,5 @@ export const TOOL_REGISTRY = {
     },
     docker_compose: { input: DockerComposeInput, output: DockerComposeOutput },
     e2e_playwright: { input: E2EPlaywrightInput, output: E2EPlaywrightOutput },
+    render_diff: { input: RenderDiffInput, output: RenderDiffOutput },
 };

package/domains/analytics/agents/conductor.md

@@ -5,7 +5,7 @@ domain: analytics
 signs_off_at:
   - RELEASE_GATE
 tool_allowlist: role:conductor
-budget_lines: 459
+budget_lines: 473
 schema_version: 1
 ---
 
@@ -360,6 +360,20 @@ $handoff → RES-02 (Researcher Beta).
 
 ---
 
+## MCP-интеграция и операционные гарантии
+
+Дирижёр оркестрирует весь поток гейтов через машину состояний `code-ai` MCP — общий поток см. в `analytics-pipeline-rules.md` § «Машина гейтов (code-ai MCP)». Conductor-specific операционные гарантии:
+
+- **Оркестрация гейтов** — Дирижёр ведёт последовательность гейтов выбранного режима через MCP: `classify_gate` (на какой гейт ложится задача), `current_gate` (где сейчас), `advance_gate` (переход к следующему гейту только после deliverable + Handoff Envelope). Переход без полного Handoff Envelope → `advance_gate` блокирует.
+- **`sign_off` — все гейты `user`, Дирижёр не подписывает за пользователя** — в аналитике каждый гейт закрывает ПОЛЬЗОВАТЕЛЬ. Дирижёр ОСТАНАВЛИВАЕТСЯ, показывает артефакт гейта и запрашивает `sign_off(signer="user")` — по одному гейту, без батчинга нескольких подтверждений, и не начинает работу следующего гейта, пока текущий не подписан. Авто-пас на зелёном не применяется (домен суждения, детерминированных авто-чеков нет).
+- **RELEASE_GATE** фиксируется как `sign_off(gate="RELEASE_GATE", signer="user", decision=..., evidence=<RG checklist>)` — не «прозой».
+- **`request_decision` для эскалаций** — конфликты между агентами и waiver'ы обязательных пунктов: `request_decision(...)` → решает пользователь → `record_decision`. См. § Conflict Resolution Protocol.
+- **`record_decision` для ADR-достойных решений** — зафиксированные конфликты и отклонения от брифа, согласованные с пользователем: `record_decision(signer="user", domain="analytics", task_id, decision_text)`.
+- **Circuit breaker отключён** — в аналитике нет полосы откатов в стиле development (DEV/REV/OPS/TEST); возвраты идут через reverse `$handoff` (см. Reverse Handoff).
+- **Degraded mode** — если MCP-поток недоступен: Дирижёр ведёт Master Checklist (`$board`) и статусы Handoff Envelope вручную, sign-off фиксируется явным "Approved" пользователя, эскалации — вручную.
+
+---
+
 ## Формат ответа агента
 
 ### Full Pipeline

package/domains/analytics/locales/en/agents/conductor.md

@@ -5,7 +5,7 @@ domain: analytics
 signs_off_at:
   - RELEASE_GATE
 tool_allowlist: role:conductor
-budget_lines: 457
+budget_lines: 471
 schema_version: 1
 ---
 
@@ -358,6 +358,20 @@ If an agent's submission encounters `$gates` failure:
 
 ---
 
+## MCP integration & operational guardrails
+
+The Conductor orchestrates the whole gate-flow through the `code-ai` MCP state machine — for the general flow see `analytics-pipeline-rules.md` § "Gate machine (code-ai MCP)". Conductor-specific operational guardrails:
+
+- **Gate-flow orchestration** — the Conductor drives the active mode's gate sequence through MCP: `classify_gate` (which gate the task lands on), `current_gate` (where we are now), `advance_gate` (move to the next gate only after the deliverable + Handoff Envelope). A transition without a complete Handoff Envelope → `advance_gate` blocks.
+- **`sign_off` — all gates are `user`; the Conductor does not sign for the user** — in analytics every gate is closed by the USER. The Conductor STOPS, presents the gate artifact, and requests `sign_off(signer="user")` — one gate at a time, with no batching of approvals, and does NOT start next-gate work until the current one is signed. No auto-pass on green (a judgment domain, no deterministic auto-checks).
+- **RELEASE_GATE** is recorded as `sign_off(gate="RELEASE_GATE", signer="user", decision=..., evidence=<RG checklist>)` — not prose approval.
+- **`request_decision` for escalations** — conflicts between agents and waivers of mandatory items: `request_decision(...)` → the user decides → `record_decision`. See § Conflict Resolution Protocol.
+- **`record_decision` for ADR-worthy outcomes** — recorded conflicts and brief deviations approved by the user: `record_decision(signer="user", domain="analytics", task_id, decision_text)`.
+- **Circuit breaker disabled** — analytics has no development-style rollback lane (DEV/REV/OPS/TEST); returns go through reverse `$handoff` (see Reverse Handoff).
+- **Degraded mode** — if the MCP flow is unavailable: the Conductor keeps the Master Checklist (`$board`) and Handoff Envelope statuses by hand, sign-off is recorded by the user's explicit "Approved", and escalations are manual.
+
+---
+
 ## Agent Response Template Format
 
 ### Full Pipeline Sequence

package/domains/content/agents/conductor.md

@@ -5,7 +5,7 @@ domain: content
 signs_off_at:
   - RELEASE_GATE
 tool_allowlist: role:conductor
-budget_lines: 393
+budget_lines: 407
 schema_version: 1
 ---
 
@@ -267,6 +267,20 @@ Conductor отслеживает соответствие контента ис
 
 ---
 
+## MCP-интеграция и операционные гарантии
+
+Дирижёр оркестрирует весь поток гейтов через машину состояний `code-ai` MCP — общий поток см. в `content-pipeline-rules.md` § «Машина гейтов (code-ai MCP)». Conductor-specific операционные гарантии:
+
+- **Оркестрация гейтов** — Дирижёр ведёт последовательность гейтов выбранного режима через MCP: `classify_gate` (на какой гейт ложится задача), `current_gate` (где сейчас), `advance_gate` (переход к следующему гейту только после deliverable + Handoff Envelope). Переход без полного Handoff Envelope → `advance_gate` блокирует.
+- **`sign_off` — все гейты `user`, Дирижёр не подписывает за пользователя** — в контенте каждый гейт закрывает ПОЛЬЗОВАТЕЛЬ. Дирижёр ОСТАНАВЛИВАЕТСЯ, показывает артефакт гейта и запрашивает `sign_off(signer="user")` — по одному гейту, без батчинга нескольких подтверждений, и не начинает работу следующего гейта, пока текущий не подписан. Авто-пас на зелёном не применяется (домен суждения, детерминированных авто-чеков нет).
+- **RELEASE_GATE** фиксируется как `sign_off(gate="RELEASE_GATE", signer="user", decision=..., evidence=<RG checklist>)` — не «прозой».
+- **`request_decision` для эскалаций** — конфликты между агентами и waiver'ы обязательных пунктов: `request_decision(...)` → решает пользователь → `record_decision`. См. § Conflict Resolution Protocol.
+- **`record_decision` для ADR-достойных решений** — зафиксированные конфликты и отклонения от брифа, согласованные с пользователем: `record_decision(signer="user", domain="content", task_id, decision_text)`.
+- **Circuit breaker отключён** — в контенте нет полосы откатов в стиле development (DEV/REV/OPS/TEST); возвраты идут через reverse `$handoff` (см. Reverse Handoff).
+- **Degraded mode** — если MCP-поток недоступен: Дирижёр ведёт Master Checklist (`$board`) и статусы Handoff Envelope вручную, sign-off фиксируется явным "Approved" пользователя, эскалации — вручную.
+
+---
+
 ## Формат ответа Conductor (строго)
 
 ### Инициализация

package/domains/content/locales/en/agents/conductor.md

@@ -5,7 +5,7 @@ domain: content
 signs_off_at:
   - RELEASE_GATE
 tool_allowlist: role:conductor
-budget_lines: 393
+budget_lines: 407
 schema_version: 1
 ---
 
@@ -267,6 +267,20 @@ If two agents disagree (Reviewer vs Copywriter on edits, Strategist vs Copywrite
 
 ---
 
+## MCP integration & operational guardrails
+
+The Conductor orchestrates the whole gate-flow through the `code-ai` MCP state machine — for the general flow see `content-pipeline-rules.md` § "Gate machine (code-ai MCP)". Conductor-specific operational guardrails:
+
+- **Gate-flow orchestration** — the Conductor drives the active mode's gate sequence through MCP: `classify_gate` (which gate the task lands on), `current_gate` (where we are now), `advance_gate` (move to the next gate only after the deliverable + Handoff Envelope). A transition without a complete Handoff Envelope → `advance_gate` blocks.
+- **`sign_off` — all gates are `user`; the Conductor does not sign for the user** — in content every gate is closed by the USER. The Conductor STOPS, presents the gate artifact, and requests `sign_off(signer="user")` — one gate at a time, with no batching of approvals, and does NOT start next-gate work until the current one is signed. No auto-pass on green (a judgment domain, no deterministic auto-checks).
+- **RELEASE_GATE** is recorded as `sign_off(gate="RELEASE_GATE", signer="user", decision=..., evidence=<RG checklist>)` — not prose approval.
+- **`request_decision` for escalations** — conflicts between agents and waivers of mandatory items: `request_decision(...)` → the user decides → `record_decision`. See § Conflict Resolution Protocol.
+- **`record_decision` for ADR-worthy outcomes** — recorded conflicts and brief deviations approved by the user: `record_decision(signer="user", domain="content", task_id, decision_text)`.
+- **Circuit breaker disabled** — content has no development-style rollback lane (DEV/REV/OPS/TEST); returns go through reverse `$handoff` (see Reverse Handoff).
+- **Degraded mode** — if the MCP flow is unavailable: the Conductor keeps the Master Checklist (`$board`) and Handoff Envelope statuses by hand, sign-off is recorded by the user's explicit "Approved", and escalations are manual.
+
+---
+
 ## Conductor Response Format (Strict)
 
 ### Initialization

package/domains/development/.agents/skills/mcp-integration/SKILL.md

@@ -97,7 +97,7 @@ license: MIT
 
 **`advance_gate`** — продвинуть задачу в следующий gate. **Только после** того как все artefacts текущего gate submitted и sign_off проставлен.
 
-**`sign_off`** — подпись текущего gate. Sign_off без предыдущего `submit_artifact` — anti-pattern (см. §8). Сначала результат, потом подпись.
+**`sign_off`** — подпись текущего gate. Sign_off без предыдущего `submit_artifact` — anti-pattern (см. §8). Сначала результат, потом подпись. **Кто подписывает — по `sign_off_policy` гейта:** user-гейты (PM/UX/ARCH/RG) требуют `signer="user"` — ОСТАНОВИСЬ и запроси подпись у пользователя, по одному гейту, без батчинга, и не начинай следующий gate пока текущий не подписан; исполнительские (DEV/REV/OPS/TEST, policy=either) можно подписать как `signer="mcp"` при выполненном DoD. Машина отвергнет `mcp`-подпись user-гейта.
 
 **Канонический ритуал gate:** `current_gate` (понять где ты) → `classify_gate` → если fork: `request_decision` → ждёшь → `record_decision` → продолжаешь → `submit_artifact` → `verify_claim` (где применимо) → `sign_off` → `advance_gate`.
 
@@ -139,6 +139,8 @@ license: MIT
 
 **`review_proposal`** — авторизовать переход статуса предложения (approve/reject для pending; пометить approved как applied) + обязательный отчёт. Применяет матрицу автономии + тумблер из `.code-ai/config.json`: `decided_by='auditor_auto'` может одобрить только low/additive и только при ВЫКЛЮЧЕННОМ гейте; destructive (high) и включённый гейт — всегда через user. Авто-добавление нового скила проходит дедуп-проверку: при пересечении с существующим скилом уходит к user, а не добавляется само. Только авторизация — сама запись в ассет это отдельный шаг submit_artifact/edit (см. next_step).
 
+**`render_diff`** — отрендерить unified-diff (например вывод `git diff`) в цветную HTML-страницу ревью (по файлам, с номерами строк) в системный TEMP. Возвращает путь + `file://` URL для открытия в браузере. Зови на REV-гейте, чтобы показать изменения кода на ревью. Только информационный вывод — файл в TEMP (стирается при перезагрузке), проект не засоряет.
+
 ---
 
 ## 6. Группа 4 — Запись решений (6 инструментов + 1 служебный)

package/domains/development/.agents/workflows/audit.md

@@ -0,0 +1,25 @@
+---
+description: Прогон Аудитора — оценка агентов/скилов по накопленным прогонам и черновики улучшений. Вне пайплайна, код задачи не трогает.
+---
+
+# /audit — проход Аудитора (мета / сопровождение)
+
+Аудитор стоит СБОКУ от пайплайна: гейты не подписывает, задачу и код пользователя не трогает. Он оценивает, как сработали агенты / скилы / воркфлоу на реальных прогонах, и предлагает улучшения (или добавление новых). Полный контракт — в роли `auditor`.
+
+## Когда запускать
+- Вручную этой командой в любой момент — или по подсказке `audit_nudge`, которую `sign_off` возвращает после закрытия RG.
+- Нужно **≥3 завершённых прогона** в леджере (`.code-ai/state/audit/runs.jsonl`). Меньше — данных мало, Аудитор молчит (малая выборка).
+
+## Поток
+1. `load_role auditor` — загрузить роль и её принципы (гипотезы, не вердикты; surfacing, не принуждение).
+2. `aggregate_run_metrics` — сухие числа по агентам / воркфлоу / скилам. **Обязательно прочитать `notes`** — там честные ограничения данных.
+3. Если `met_threshold=false` (прогонов <3) — остановиться, сообщить «данных мало», ничего не предлагать.
+4. Сформировать находки-гипотезы. На каждое предложение — `propose_change` (`change_kind`: `edit_minor` / `add_asset` / `destructive`). Оно попадает в стор как `pending` и **ничего не меняет**.
+5. Показать пользователю отчёт + `list_proposals` (что в очереди, с уровнем риска по матрице).
+6. Применение — только через `review_proposal` (approve) + запись в ассет (`submit_artifact` / правка). Гейт одобрения по умолчанию включён: без явного решения человека ничего не применяется. `destructive` — всегда через человека.
+
+## Принципы (из роли auditor)
+- Гипотезы, не вердикты. Атрибуция со смирением (числа — корреляция, не причинность).
+- Не оптимизировать метрику ради метрики (Goodhart); человек — бэкстоп. Никогда не действовать на n=1 (порог ≥3).
+- Перед `add_asset` — дедуп-проверка пересечений; отчёт перечисляет добавления для последующей чистки.
+- Пилот — домен `development`. Раскатка на другие домены — позже и совместно.

package/domains/development/.agents/workflows/pipeline-rules.md

@@ -53,6 +53,7 @@ DEV (фикс+тест) → RG
 
 - К пользователю попадает только: гейты-суждения (PM/UX/ARCH/RG) и явная эскалация через `request_decision` (классификация `fork`).
 - Рутинные проходы пользователь не подтверждает.
+- После закрытия RG `sign_off` может вернуть `audit_nudge` (накопилось ≥3 завершённых прогона, кратно 3) — показать одну строку: «📊 N прогонов — пора `/audit`» (Аудитор оценит агентов/скилы и предложит улучшения). Подсказка, не блокер.
 
 ## 🔁 Красный, Fix Cycle и Circuit Breaker
 

package/domains/development/AGENTS.md

@@ -195,6 +195,7 @@ CONDUCTOR → DEV+TEST(Fix + self-check + GO/NO-GO)
 
 > **Выбор режима:** Conductor определяет по Decision Tree (см. `agents/conductor.md`).
 > Approved обязателен на **каждом** гейте, в любом режиме.
+> **Ревью кода:** на REV-гейте diff показывается как HTML через MCP `render_diff` (file:// ссылка; файл в системном TEMP, не в проекте).
 
 ---
 

package/domains/development/agents/architect.md

@@ -199,7 +199,7 @@ schema_version: 1
 
 ARCH gate ritual через MCP — общий flow см. в `$mcp-integration`. Architect-specific operational guardrails:
 
-- **`sign_off` для ARCH gate** — после финализации Architecture Doc + всех ADR + System Design Checklist: `sign_off(gate="ARCH", signer="architect", evidence=<architecture_doc_path + ADR_IDs>)`. Без подписи `advance_gate` не пропустит задачу в DEV.
+- **`sign_off` для ARCH gate** — после финализации Architecture Doc + всех ADR + System Design Checklist: `sign_off(gate="ARCH", signer="user", evidence=<architecture_doc_path + ADR_IDs>)`. Без подписи `advance_gate` не пропустит задачу в DEV.
 - **`request_decision` для архитектурного выбора** — когда есть 2+ валидных решения с trade-offs (монолит vs микросервисы, ORM выбор, sync vs async pipeline): `request_decision(question, options=[plan_a, plan_b, plan_c], tradeoffs)`. Решение принимает пользователь, затем `record_decision` фиксирует ADR.
 - **`record_decision` для каждого ADR** — каждое архитектурное решение = ADR через `$adr-log`. `record_decision(signer="user", domain="development", task_id, decision_text)` после approve. Архитектурные ADR — основной аудит-trail архитектуры.
 - **Circuit Breaker (DEV-054) — destination, не source** — architect это **получатель** auto-route'а от MCP, не источник rollback'а. 2 consecutive DEV-rollback на REV/TEST → MCP блокирует return-to-DEV и роутит задачу в ARCH deep audit. Architect выполняет: current-state-analysis + system-design-checklist + design-patterns-reference review, выдаёт корректирующий ADR.

package/domains/development/agents/auditor.md

@@ -22,6 +22,7 @@ schema_version: 1
 - НЕ на каждом гейте и НЕ в фоне. Один проход, когда накопилось **≥3 завершённых прогона** (порог настраивается).
 - Ниже порога — молчит. На n=1 выводов не делает (малая выборка).
 - Per-gate телеметрию уже пишет стейт-машина; Аудитор делает один проход по накопленным данным.
+- Запуск прохода: команда `/audit` (вручную) или подсказка `audit_nudge`, которую `sign_off` возвращает после RG.
 
 ---
 
@@ -49,20 +50,20 @@ schema_version: 1
 
 ---
 
-## Модель автономии (ОПИСАНИЕ поведения; механизм — отдельный ADR)
+## Модель автономии (поведение; механизм — `propose_change` / `review_proposal`)
 - **По умолчанию: предлагает → человек одобряет.** Человек может отключить гейт одобрения.
 - **Когда автономия включена** (матрица):
   - **Сам, без спроса:** мелкие правки существующего (триггеры, `budget_lines`, `gates`, формулировки) + **ДОБАВЛЕНИЕ** новых агентов / скилов.
   - **Через человека даже в автономии:** разрушительное по существующему (удаление, крупная переписка, снятие возможностей).
   - **Всегда:** обязательный отчёт после любого автономного действия. Ничего невидимого.
   - **Дедуп при добавлении:** перед авто-добавлением скила — проверка пересечения (`related` + контролируемый словарь); отчёт перечисляет добавления для последующей чистки.
-- Сам механизм предложение→одобрение и тумблер автономии — СЛЕДУЮЩИЙ шаг. Здесь зафиксирован только поведенческий контракт.
+- Механизм предложение→одобрение и тумблер автономии уже реализованы (`propose_change` → `review_proposal`: матрица рисков + дедуп). Проход запускается командой `/audit` или подсказкой после RG.
 
 ---
 
 ## MCP integration
 - **Читает:** `aggregate_run_metrics` (числа по агентам / воркфлоу / скилам) + его `notes`.
-- **Черновики правок** оформляет как артефакты через `submit_artifact` — когда механизм предложений появится (item 4).
+- **Черновики правок** оформляет через `propose_change` (стор `pending`, ничего не меняет); человек смотрит `list_proposals`, одобряет через `review_proposal`; запись в ассет — отдельным `submit_artifact` / правкой.
 - **НЕ зовёт** gate-инструменты (`classify_gate` / `sign_off` / `advance_gate`) — Аудитор вне стейт-машины.
 - Пилот — домен `development`. Раскатка на другие домены — позже и совместно (граница доменов).
 

package/domains/development/agents/conductor.md

@@ -297,7 +297,10 @@ Tester report + Handoff Envelope → Conductor. Check: DEMO-xx validated + UX-PA
 Conductor оркестрирует весь gate-flow через MCP — общий flow см. в `$mcp-integration`. Conductor-specific operational guardrails:
 
 - **Gate-flow orchestration** — Conductor ведёт пайплайн `PM → UX → ARCH → DEV → REV → OPS → TEST → RG` через MCP: `classify_gate` (на какой гейт ложится задача), `current_gate` (где сейчас), `advance_gate` (переход к следующей фазе только после артефактов + Handoff Envelope). Phase transition без полного Handoff Envelope → `advance_gate` блокирует.
-- **`sign_off` на всех 8 гейтах** — Conductor подписывает PM/UX/ARCH/DEV/REV/OPS/TEST/RG. RG-решение фиксируется через MCP `sign_off` (NOT prose approval): `sign_off(gate="RG", signer="conductor", decision=GO|NO-GO|GO-with-conditions, evidence=<RG checklist + REV-xx + QA-xx>)`. Детали → `$release-gate` § Decision Recording.
+- **`sign_off` — по политике гейта, НЕ «сам подписываю всё»** — гейты двух классов:
+  - **User-гейты (PM/UX/ARCH/RG, policy=user)** — подписывает ПОЛЬЗОВАТЕЛЬ. Conductor ОСТАНАВЛИВАЕТСЯ, показывает артефакт гейта и запрашивает `sign_off(signer="user")` — по одному гейту, без батчинга нескольких подтверждений, и не начинает работу следующего гейта, пока текущий не подписан. Неприменимый гейт (UX для backend/тест-задачи) — тоже явный sign-off пользователя: показать как N/A и спросить, не авто-проходить как `mcp`.
+  - **Исполнительские гейты (DEV/REV/OPS/TEST, policy=either)** — Conductor может подписать сам: `sign_off(signer="mcp")` при выполненном DoD.
+  - **RG** фиксируется как `sign_off(gate="RG", signer="user", decision=GO|NO-GO|GO-with-conditions, evidence=<RG checklist + REV-xx + QA-xx>)` (NOT prose approval). Детали → `$release-gate` § Decision Recording.
 - **Circuit Breaker (DEV-054), MCP-enforced** — 2 последовательных DEV-rollback на REV/TEST → MCP блокирует return-to-DEV и auto-route в ARCH deep audit. Conductor НЕ обходит circuit breaker вручную. Полная логика → `$gates` § Circuit Breaker.
 - **`request_decision` для маршрутизации эскалаций** — конфликты между агентами (DEV vs ARCH, REV vs DEV, UX vs PM) и waiver'ы mandatory-пунктов: `request_decision(conflict_summary, options, tradeoffs)` → решает пользователь → `record_decision`. См. § Conflict Resolution Protocol.
 - **`record_decision` для ADR-достойных решений** — архитектурный дрейф, разрешённые конфликты, mandatory waiver'ы = ADR через `$adr-log`. `record_decision(signer="user", domain="development", task_id, decision_text)`.

package/domains/development/agents/devops.md

@@ -213,7 +213,7 @@ lint → typecheck → unit tests → integration tests → build → deploy (st
 
 OPS gate ritual через MCP — общий flow см. в `$mcp-integration`. DevOps-specific operational guardrails:
 
-- **`sign_off` для OPS gate** — OPS-подпись это обязательное звено финальной RG-цепочки `DEV → REV → QA → OPS → RG` (см. `$release-gate`): `sign_off(gate="OPS", signer="devops", evidence=<RG confirmation checklist ниже>)`. Подпись **блокирует RG**, если хотя бы один пункт failed. Доказательство OPS-подписи:
+- **`sign_off` для OPS gate** — OPS-подпись это обязательное звено финальной RG-цепочки `DEV → REV → QA → OPS → RG` (см. `$release-gate`): `sign_off(gate="OPS", signer="mcp", evidence=<RG confirmation checklist ниже>)`. Подпись **блокирует RG**, если хотя бы один пункт failed. Доказательство OPS-подписи:
   - HTTPS valid во всех prod-средах (cert expiry ≥ 30d)
   - Secrets rotation актуален (последняя rotation ≤ 90d для критичных ключей)
   - Rollback procedure протестирован за ≤ 30d

package/domains/development/agents/reviewer.md

@@ -198,7 +198,8 @@ Reviewer обязан выдать отчёт, который может исп
 
 REV gate ritual через MCP — общий flow см. в `$mcp-integration`. Reviewer-specific operational guardrails:
 
-- **`sign_off` для REV gate** — после завершения ревью один MCP-вызов: `sign_off(gate="REV", signer="reviewer", evidence=<REV-xx_report_path или audit_trail link>)`. Без подписи `advance_gate` не пропустит задачу в OPS/TEST.
+- **`render_diff` перед подписью REV** — покажи ревьюируемый diff как HTML-страницу: `render_diff(diff=<git diff>, title="REV-xx review")` → отдай пользователю `file://` URL. Только информационно (файл в системном TEMP), затем подпись.
+- **`sign_off` для REV gate** — после завершения ревью один MCP-вызов: `sign_off(gate="REV", signer="mcp", evidence=<REV-xx_report_path или audit_trail link>)`. Без подписи `advance_gate` не пропустит задачу в OPS/TEST.
 - **`request_decision` для P0 unresolved** — если P0 BLOCKER не решается технически (waiver-кандидат, конфликт с архитектурой): `request_decision(blocker_summary, options=[block, waive_with_compensating_control, escalate_to_architect], tradeoffs)`. Решение принимает пользователь, затем `record_decision` фиксирует ADR.
 - **`record_decision` для P0 waiver** — каждый waiver = ADR через `$adr-log` (persona-base principle 3: рисковые решения видимы). `record_decision(signer="user", domain="development", task_id, decision_text)` после approve.
 - **Circuit Breaker (DEV-054)** — 2 consecutive DEV-rollback на REV/TEST → MCP блокирует return-to-DEV, автоматически роутит задачу в ARCH deep audit (см. `$gates`). Reviewer не обходит circuit breaker manually.

package/domains/development/agents/senior_full_stack.md

@@ -200,7 +200,7 @@ REV проверяет это через `$tests-quality-review §2.G`. Без c
 
 DEV gate ritual через MCP — общий flow см. в `$mcp-integration`. SFS-specific operational guardrails:
 
-- **`sign_off` для DEV gate** — после завершения среза один MCP-вызов: `sign_off(gate="DEV", signer="senior_full_stack", evidence=<DEMO-xx envelope + green CI link; для tier 1-2 — RED_COMMIT_HASH + GREEN_COMMIT_HASH>)`. Содержание доказательства — это Test Integrity Discipline выше (Boundary Mocking + RED/GREEN hashes), здесь не пересказывается. Без подписи `advance_gate` не пропустит задачу в REV.
+- **`sign_off` для DEV gate** — после завершения среза один MCP-вызов: `sign_off(gate="DEV", signer="mcp", evidence=<DEMO-xx envelope + green CI link; для tier 1-2 — RED_COMMIT_HASH + GREEN_COMMIT_HASH>)`. Содержание доказательства — это Test Integrity Discipline выше (Boundary Mocking + RED/GREEN hashes), здесь не пересказывается. Без подписи `advance_gate` не пропустит задачу в REV.
 - **`request_decision` для заблокированного P0** — если P0 не решается технически (файл > 500 строк не декомпозируется, guardrails не заданы архитектором, упрощение ломает acceptance): `request_decision(blocker_summary, options=[block, simplify_with_tech_debt, escalate_to_architect], tradeoffs)`. Решение принимает пользователь, затем `record_decision`.
 - **`record_decision` для tech-debt waiver** — каждое намеренное упрощение (`// TODO`) с риском = ADR через `$adr-log` (persona-base principle 3: рисковые решения видимы). `record_decision(signer="user", domain="development", task_id, decision_text)` после approve.
 - **Circuit Breaker (DEV-054)** — sfs — **источник** отката: 2 consecutive DEV-rollback на REV/TEST → MCP блокирует возврат в DEV и автоматически роутит задачу в ARCH deep audit (см. `$gates`). sfs не обходит circuit breaker и не переоткрывает задачу вручную — ждёт корректирующий ADR от архитектора.

package/domains/development/agents/tester.md

@@ -219,7 +219,7 @@ Tester не обязан писать всю автоматизацию сам,
 
 TEST gate ritual через MCP — общий flow см. в `$mcp-integration`. Tester-specific operational guardrails:
 
-- **`sign_off` для TEST gate** — TEST-подпись это звено финальной RG-цепочки `DEV → REV → QA → OPS → RG` (см. `$release-gate`): `sign_off(gate="TEST", signer="tester", evidence=<QA-xx report + TID status>)`. Доказательство — tier-based GO logic из секции «Tier-based Release Recommendation logic» выше (mutation score ≥ 80%/60% для tier 1/2, flake rate < 1%, integrity audit clean, RED/GREEN hashes для tier 1-2), здесь не пересказывается. Без подписи `advance_gate` не пропустит релиз в RG.
+- **`sign_off` для TEST gate** — TEST-подпись это звено финальной RG-цепочки `DEV → REV → QA → OPS → RG` (см. `$release-gate`): `sign_off(gate="TEST", signer="mcp", evidence=<QA-xx report + TID status>)`. Доказательство — tier-based GO logic из секции «Tier-based Release Recommendation logic» выше (mutation score ≥ 80%/60% для tier 1/2, flake rate < 1%, integrity audit clean, RED/GREEN hashes для tier 1-2), здесь не пересказывается. Без подписи `advance_gate` не пропустит релиз в RG.
 - **Action tools, которые Tester гоняет через MCP** — `e2e_playwright` для автоматизированных E2E spec-файлов (`$qa-e2e-playwright`); `run_tests` / `docker_compose` для regression-прогона после подтверждённого container reload (evidence от DevOps обязателен).
 - **`record_decision` для test-integrity finding** — block-merge на mutation regression или P0 integrity finding = ADR через `$adr-log`. `record_decision(signer="user", domain="development", task_id, decision_text)` после approve.
 - **`request_decision` для спорного NO-GO / waiver** — если NO-GO оспаривается или нужен waiver на регрессию mutation score с компенсацией: `request_decision(blocker_summary, options=[block_release, waive_with_compensating_control, escalate_to_architect], tradeoffs)`. Решение принимает пользователь, затем `record_decision`.

package/domains/development/locales/en/.agents/skills/mcp-integration/SKILL.md

@@ -97,7 +97,7 @@ This is the gate-passage ritual. **Every gate** must follow these steps in order
 
 **`advance_gate`** — push the task into the next gate. **Only after** all artifacts of the current gate are submitted and sign_off is in place.
 
-**`sign_off`** — sign the current gate. Sign_off without a prior `submit_artifact` is an anti-pattern (see §8). Result first, signature second.
+**`sign_off`** — sign the current gate. Sign_off without a prior `submit_artifact` is an anti-pattern (see §8). Result first, signature second. **Who signs depends on the gate's `sign_off_policy`:** user gates (PM/UX/ARCH/RG) require `signer="user"` — STOP and request the user's sign-off, one gate at a time, no batching, and do not start the next gate until the current one is signed; execution gates (DEV/REV/OPS/TEST, policy=either) may be signed as `signer="mcp"` once DoD is met. The machine rejects an `mcp` sign-off of a user gate.
 
 **Canonical gate ritual:** `current_gate` (understand where you are) → `classify_gate` → if fork: `request_decision` → wait → `record_decision` → continue → `submit_artifact` → `verify_claim` (where applicable) → `sign_off` → `advance_gate`.
 
@@ -139,6 +139,8 @@ Tools that **do** something in the project. Each answers one DoD question.
 
 **`review_proposal`** — authorize a proposal status transition (approve/reject a pending one; mark an approved one applied) plus a mandatory report. Applies the autonomy matrix + the `.code-ai/config.json` toggle: `decided_by='auditor_auto'` may approve only low/additive AND only when the gate is OFF; destructive (high) and gate-ON always require user. Auto-adding a new skill also runs an additive-dedup guard — on overlap with an existing skill it routes to user instead of auto-adding. Authorization only — the byte write into the asset is a separate submit_artifact/edit step (see next_step).
 
+**`render_diff`** — render a unified diff (e.g. `git diff` output) into a colored, per-file, line-numbered HTML review page in the system temp dir. Returns the path + a `file://` URL to open in a browser. Call it at the REV gate to present code changes for review. Informational only — the file lives in temp (cleared on reboot), never in the project.
+
 ---
 
 ## 6. Group 4 — Recording decisions (6 tools + 1 utility)

package/domains/development/locales/en/.agents/workflows/audit.md

@@ -0,0 +1,25 @@
+---
+description: Auditor pass — evaluate agents/skills over accumulated runs and draft improvements. Beside the pipeline; does not touch the task's code.
+---
+
+# /audit — Auditor pass (meta / maintenance)
+
+The Auditor stands BESIDE the pipeline: it signs no gates and does not touch the user's task or code. It evaluates how agents / skills / workflows performed on real runs and proposes improvements (or new additions). Full contract — in the `auditor` role.
+
+## When to run
+- Manually with this command at any time — or on the `audit_nudge` that `sign_off` returns after RG is closed.
+- Needs **≥3 completed runs** in the ledger (`.code-ai/state/audit/runs.jsonl`). Fewer — too little data, the Auditor stays silent (small sample).
+
+## Flow
+1. `load_role auditor` — load the role and its principles (hypotheses not verdicts; surfacing, not enforcing).
+2. `aggregate_run_metrics` — dry numbers per agent / workflow / skill. **Read its `notes`** — the honest data limits live there.
+3. If `met_threshold=false` (fewer than 3 runs) — stop, say "too little data", propose nothing.
+4. Form hypotheses. For each proposal — `propose_change` (`change_kind`: `edit_minor` / `add_asset` / `destructive`). It lands in the store as `pending` and **changes nothing**.
+5. Show the user a report + `list_proposals` (what is queued, with the matrix risk tier).
+6. Apply only via `review_proposal` (approve) + the asset write (`submit_artifact` / edit). The approval gate is ON by default: nothing is applied without an explicit human decision. `destructive` — always via the human.
+
+## Principles (from the auditor role)
+- Hypotheses, not verdicts. Attribution with humility (numbers are correlation, not causation).
+- Do not optimize a metric for its own sake (Goodhart); the human is the backstop. Never act on n=1 (threshold ≥3).
+- Before `add_asset` — an overlap dedup check; the report lists additions for later pruning.
+- Pilot — the `development` domain. Roll-out to other domains is later and joint.

package/domains/development/locales/en/.agents/workflows/pipeline-rules.md

@@ -53,6 +53,7 @@ The machine flows silently; the user is pulled in only for judgment decisions.
 
 - The user sees only: judgment gates (PM/UX/ARCH/RG) and an explicit escalation via `request_decision` (a `fork` classification).
 - Routine passes are not confirmed by the user.
+- After RG is closed `sign_off` may return `audit_nudge` (≥3 completed runs, a multiple of 3) — surface one line: «📊 N runs — time for `/audit`» (the Auditor evaluates agents/skills and proposes improvements). A hint, not a blocker.
 
 ## 🔁 Red, Fix Cycle and Circuit Breaker
 

package/domains/development/locales/en/AGENTS.md

@@ -162,6 +162,8 @@ Use skills (folders with `SKILL.md`). Full list:
 ## Gates (Pipeline)
 PM(PRD) -> UX(UX Spec) -> ARCH(Architecture/ADR/Contracts) -> DEV(TDD) -> REV(Security/Best) -> OPS(Infrastructure/CI-CD) -> TEST(Test plan/report) -> RG(Release Gate)
 
+> **Code review:** at the REV gate the diff is presented as HTML via the MCP `render_diff` tool (file:// link; the file lives in the system temp dir, not the project).
+
 ---
 
 ## Mandatory function documentation rule

package/domains/development/locales/en/agents/architect.md

@@ -199,7 +199,7 @@ Canonical ADR format (Context / Decision / Consequences / Alternatives / Status
 
 ARCH gate ritual via MCP — general flow in `$mcp-integration`. Architect-specific operational guardrails:
 
-- **`sign_off` for ARCH gate** — after finalizing the Architecture Doc + all ADRs + System Design Checklist: `sign_off(gate="ARCH", signer="architect", evidence=<architecture_doc_path + ADR_IDs>)`. Without the signature `advance_gate` will not pass the task to DEV.
+- **`sign_off` for ARCH gate** — after finalizing the Architecture Doc + all ADRs + System Design Checklist: `sign_off(gate="ARCH", signer="user", evidence=<architecture_doc_path + ADR_IDs>)`. Without the signature `advance_gate` will not pass the task to DEV.
 - **`request_decision` for architectural choice** — when 2+ valid options exist with trade-offs (monolith vs microservices, ORM choice, sync vs async pipeline): `request_decision(question, options=[plan_a, plan_b, plan_c], tradeoffs)`. the user decides, then `record_decision` writes the ADR.
 - **`record_decision` for every ADR** — every architectural decision = ADR via `$adr-log`. `record_decision(signer="user", domain="development", task_id, decision_text)` after approval. Architectural ADRs are the primary audit trail of the architecture.
 - **Circuit Breaker (DEV-054) — destination, not source** — architect is the **recipient** of an MCP auto-route, not the source of a rollback. 2 consecutive DEV-rollback on REV/TEST → MCP blocks return-to-DEV and routes the task to ARCH deep audit. Architect performs: current-state-analysis + system-design-checklist + design-patterns-reference review and produces a corrective ADR.

package/domains/development/locales/en/agents/auditor.md

@@ -22,6 +22,7 @@ Close the self-improvement loop: build → run → measure → improve. Once rea
 - NOT at every gate and NOT in the background. One pass, once **≥3 completed runs** have accumulated (threshold configurable).
 - Below the threshold — silent. It draws no conclusions from n=1 (small sample).
 - Per-gate telemetry is already persisted by the state machine; the Auditor makes one pass over the accumulated data.
+- Triggering a pass: the `/audit` command (manual) or the `audit_nudge` that `sign_off` returns after RG.
 
 ---
 
@@ -49,20 +50,20 @@ Close the self-improvement loop: build → run → measure → improve. Once rea
 
 ---
 
-## Autonomy model (DESCRIPTION of behavior; mechanism is a separate ADR)
+## Autonomy model (behavior; mechanism — `propose_change` / `review_proposal`)
 - **By default: proposes → the human approves.** The human may disable the approval gate.
 - **When autonomy is enabled** (matrix):
   - **Auto, no ask:** low-risk edits to existing assets (triggers, `budget_lines`, `gates`, wording) + **ADDING** new agents / skills.
   - **Human-gated even under autonomy:** destructive changes to existing assets (delete, major rewrite, capability removal).
   - **Always:** a mandatory report after any autonomous action. Nothing invisible.
   - **Additive dedup:** before auto-adding a skill — an overlap check (`related` + controlled vocab); the report lists additions for later pruning.
-- The propose→approve mechanism and the autonomy toggle are the NEXT step. Only the behavioral contract is fixed here.
+- The propose→approve mechanism and the autonomy toggle already exist (`propose_change` → `review_proposal`: risk matrix + dedup). A pass is triggered by `/audit` or the post-RG nudge.
 
 ---
 
 ## MCP integration
 - **Reads:** `aggregate_run_metrics` (numbers per agent / workflow / skill) + its `notes`.
-- **Draft changes** are written as artifacts via `submit_artifact` — once the proposal mechanism lands (item 4).
+- **Draft changes** go through `propose_change` (pending in the store, changing nothing); the human reviews via `list_proposals` and approves via `review_proposal`; the asset write is a separate `submit_artifact` / edit.
 - **Does NOT call** gate tools (`classify_gate` / `sign_off` / `advance_gate`) — the Auditor is outside the state machine.
 - Pilot — the `development` domain. Roll-out to other domains is later and joint (domain boundary).
 

package/domains/development/locales/en/agents/conductor.md

@@ -297,7 +297,10 @@ If two agents disagree (DEV vs ARCH on an ADR, REV vs DEV on a P0, UX vs PM on s
 The Conductor orchestrates the entire gate flow via MCP — see the general flow in `$mcp-integration`. Conductor-specific operational guardrails:
 
 - **Gate-flow orchestration** — the Conductor drives the pipeline `PM → UX → ARCH → DEV → REV → OPS → TEST → RG` via MCP: `classify_gate` (which gate a task lands on), `current_gate` (where it is now), `advance_gate` (move to the next phase only after artifacts + Handoff Envelope). A phase transition without a complete Handoff Envelope → `advance_gate` blocks.
-- **`sign_off` across all 8 gates** — the Conductor signs PM/UX/ARCH/DEV/REV/OPS/TEST/RG. The RG decision is recorded via MCP `sign_off` (NOT prose approval): `sign_off(gate="RG", signer="conductor", decision=GO|NO-GO|GO-with-conditions, evidence=<RG checklist + REV-xx + QA-xx>)`. Details → `$release-gate` § Decision Recording.
+- **`sign_off` — by gate policy, NOT "I sign everything"** — gates fall into two classes:
+  - **User gates (PM/UX/ARCH/RG, policy=user)** — the USER signs. The Conductor STOPS, presents the gate artifact, and requests `sign_off(signer="user")` — one gate at a time, no batching of approvals, and does NOT start next-gate work until the current one is signed. An inapplicable gate (UX for a backend/test-only task) still needs an explicit user sign-off: present it as N/A and ask — do not auto-pass it as `mcp`.
+  - **Execution gates (DEV/REV/OPS/TEST, policy=either)** — the Conductor may sign itself: `sign_off(signer="mcp")` once DoD is met.
+  - **RG** is recorded as `sign_off(gate="RG", signer="user", decision=GO|NO-GO|GO-with-conditions, evidence=<RG checklist + REV-xx + QA-xx>)` (NOT prose approval). Details → `$release-gate` § Decision Recording.
 - **Circuit Breaker (DEV-054), MCP-enforced** — 2 consecutive DEV-rollbacks at REV/TEST → MCP blocks return-to-DEV and auto-routes to ARCH deep audit. The Conductor does NOT bypass the circuit breaker manually. Full logic → `$gates` § Circuit Breaker.
 - **`request_decision` for escalation routing** — conflicts between agents (DEV vs ARCH, REV vs DEV, UX vs PM) and waivers of mandatory items: `request_decision(conflict_summary, options, tradeoffs)` → the user decides → `record_decision`. See § Conflict Resolution Protocol.
 - **`record_decision` for ADR-worthy outcomes** — architectural drift, resolved conflicts, mandatory waivers = an ADR via `$adr-log`. `record_decision(signer="user", domain="development", task_id, decision_text)`.

package/domains/development/locales/en/agents/devops.md

@@ -213,7 +213,7 @@ In case of a production incident:
 
 OPS gate ritual via MCP — see the general flow in `$mcp-integration`. DevOps-specific operational guardrails:
 
-- **`sign_off` for the OPS gate** — the OPS sign-off is a mandatory link in the final RG chain `DEV → REV → QA → OPS → RG` (see `$release-gate`): `sign_off(gate="OPS", signer="devops", evidence=<RG confirmation checklist below>)`. The sign-off **blocks RG** if any item failed. Evidence for the OPS sign-off:
+- **`sign_off` for the OPS gate** — the OPS sign-off is a mandatory link in the final RG chain `DEV → REV → QA → OPS → RG` (see `$release-gate`): `sign_off(gate="OPS", signer="mcp", evidence=<RG confirmation checklist below>)`. The sign-off **blocks RG** if any item failed. Evidence for the OPS sign-off:
   - HTTPS valid in all prod environments (cert expiry ≥ 30d)
   - Secrets rotation up to date (last rotation ≤ 90d for critical keys)
   - Rollback procedure tested within ≤ 30d

package/domains/development/locales/en/agents/reviewer.md

@@ -198,7 +198,8 @@ The Reviewer must produce a report usable by the conductor in the Release Gate:
 
 REV gate ritual via MCP — general flow in `$mcp-integration`. Reviewer-specific operational guardrails:
 
-- **`sign_off` for REV gate** — after review completion one MCP call: `sign_off(gate="REV", signer="reviewer", evidence=<REV-xx_report_path or audit_trail link>)`. Without the signature `advance_gate` will not pass the task to OPS/TEST.
+- **`render_diff` before the REV sign-off** — present the reviewed diff as an HTML page: `render_diff(diff=<git diff>, title="REV-xx review")` → hand the user the `file://` URL. Informational only (file in the system temp dir), then sign off.
+- **`sign_off` for REV gate** — after review completion one MCP call: `sign_off(gate="REV", signer="mcp", evidence=<REV-xx_report_path or audit_trail link>)`. Without the signature `advance_gate` will not pass the task to OPS/TEST.
 - **`request_decision` for P0 unresolved** — if a P0 BLOCKER is not resolvable technically (waiver candidate, architectural conflict): `request_decision(blocker_summary, options=[block, waive_with_compensating_control, escalate_to_architect], tradeoffs)`. the user decides, then `record_decision` writes the ADR.
 - **`record_decision` for P0 waiver** — every waiver = ADR via `$adr-log` (persona-base principle 3: risk decisions are visible). `record_decision(signer="user", domain="development", task_id, decision_text)` after approval.
 - **Circuit Breaker (DEV-054)** — 2 consecutive DEV-rollback on REV/TEST → MCP blocks return-to-DEV and auto-routes the task to ARCH deep audit (see `$gates`). Reviewer does not bypass the circuit breaker manually.

package/domains/development/locales/en/agents/senior_full_stack.md

@@ -200,7 +200,7 @@ Each stack workflow below has a companion `-reference` for deep lookup — the `
 
 DEV gate ritual via MCP — see the general flow in `$mcp-integration`. SFS-specific operational guardrails:
 
-- **`sign_off` for the DEV gate** — after finishing a slice, one MCP call: `sign_off(gate="DEV", signer="senior_full_stack", evidence=<DEMO-xx envelope + green CI link; for tier 1-2 — RED_COMMIT_HASH + GREEN_COMMIT_HASH>)`. The evidence content is the Test Integrity Discipline above (Boundary Mocking + RED/GREEN hashes), not restated here. Without the sign-off, `advance_gate` will not move the task to REV.
+- **`sign_off` for the DEV gate** — after finishing a slice, one MCP call: `sign_off(gate="DEV", signer="mcp", evidence=<DEMO-xx envelope + green CI link; for tier 1-2 — RED_COMMIT_HASH + GREEN_COMMIT_HASH>)`. The evidence content is the Test Integrity Discipline above (Boundary Mocking + RED/GREEN hashes), not restated here. Without the sign-off, `advance_gate` will not move the task to REV.
 - **`request_decision` for a blocked P0** — when a P0 cannot be resolved technically (a >500-line file cannot be decomposed, guardrails not provided by the architect, a simplification breaks acceptance): `request_decision(blocker_summary, options=[block, simplify_with_tech_debt, escalate_to_architect], tradeoffs)`. the user decides, then `record_decision`.
 - **`record_decision` for a tech-debt waiver** — every intentional simplification (`// TODO`) carrying risk = an ADR via `$adr-log` (persona-base principle 3: risky decisions are visible). `record_decision(signer="user", domain="development", task_id, decision_text)` after approval.
 - **Circuit Breaker (DEV-054)** — sfs is the **origin** of rollback: 2 consecutive DEV-rollbacks on REV/TEST → MCP blocks the return to DEV and automatically routes the task to an ARCH deep audit (see `$gates`). sfs does not bypass the circuit breaker or re-open the task manually — it waits for a corrective ADR from the architect.

package/domains/development/locales/en/agents/tester.md

@@ -219,7 +219,7 @@ For testing applications inside closed ecosystems (Wix Dashboard, Shopify Admin,
 
 TEST gate ritual via MCP — see the general flow in `$mcp-integration`. Tester-specific operational guardrails:
 
-- **`sign_off` for the TEST gate** — the TEST sign-off is a link in the final RG chain `DEV → REV → QA → OPS → RG` (see `$release-gate`): `sign_off(gate="TEST", signer="tester", evidence=<QA-xx report + TID status>)`. The evidence is the tier-based GO logic from the "Tier-based Release Recommendation logic" section above (mutation score ≥ 80%/60% for tier 1/2, flake rate < 1%, integrity audit clean, RED/GREEN hashes for tier 1-2), not restated here. Without the sign-off, `advance_gate` will not move the release to RG.
+- **`sign_off` for the TEST gate** — the TEST sign-off is a link in the final RG chain `DEV → REV → QA → OPS → RG` (see `$release-gate`): `sign_off(gate="TEST", signer="mcp", evidence=<QA-xx report + TID status>)`. The evidence is the tier-based GO logic from the "Tier-based Release Recommendation logic" section above (mutation score ≥ 80%/60% for tier 1/2, flake rate < 1%, integrity audit clean, RED/GREEN hashes for tier 1-2), not restated here. Without the sign-off, `advance_gate` will not move the release to RG.
 - **Action tools Tester drives via MCP** — `e2e_playwright` for automated E2E spec files (`$qa-e2e-playwright`); `run_tests` / `docker_compose` for the regression run after a confirmed container reload (evidence from DevOps required).
 - **`record_decision` for a test-integrity finding** — a block-merge on mutation regression or a P0 integrity finding = an ADR via `$adr-log`. `record_decision(signer="user", domain="development", task_id, decision_text)` after approval.
 - **`request_decision` for a contested NO-GO / waiver** — when a NO-GO is contested or a waiver on a mutation-score regression with compensation is needed: `request_decision(blocker_summary, options=[block_release, waive_with_compensating_control, escalate_to_architect], tradeoffs)`. the user decides, then `record_decision`.

package/domains/product/agents/conductor.md

@@ -5,7 +5,7 @@ domain: product
 signs_off_at:
   - RELEASE_GATE
 tool_allowlist: role:conductor
-budget_lines: 529
+budget_lines: 543
 schema_version: 1
 ---
 
@@ -396,6 +396,20 @@ $handoff → MED-01 (Unified Strategy Synthesis).
 
 ---
 
+## MCP-интеграция и операционные гарантии
+
+Дирижёр оркестрирует весь поток гейтов через машину состояний `code-ai` MCP — общий поток см. в `product-pipeline-rules.md` § «Машина гейтов (code-ai MCP)». Conductor-specific операционные гарантии:
+
+- **Оркестрация гейтов** — Дирижёр ведёт последовательность гейтов выбранного режима через MCP: `classify_gate` (на какой гейт ложится задача), `current_gate` (где сейчас), `advance_gate` (переход к следующему гейту только после deliverable + Handoff Envelope). Переход без полного Handoff Envelope → `advance_gate` блокирует.
+- **`sign_off` — все гейты `user`, Дирижёр не подписывает за пользователя** — в продукте каждый гейт закрывает ПОЛЬЗОВАТЕЛЬ. Дирижёр ОСТАНАВЛИВАЕТСЯ, показывает артефакт гейта и запрашивает `sign_off(signer="user")` — по одному гейту, без батчинга нескольких подтверждений, и не начинает работу следующего гейта, пока текущий не подписан. Авто-пас на зелёном не применяется (домен суждения, детерминированных авто-чеков нет).
+- **RELEASE_GATE** фиксируется как `sign_off(gate="RELEASE_GATE", signer="user", decision=..., evidence=<RG checklist>)` — не «прозой».
+- **`request_decision` для эскалаций** — конфликты между агентами и waiver'ы обязательных пунктов: `request_decision(...)` → решает пользователь → `record_decision`. См. § Conflict Resolution Protocol.
+- **`record_decision` для ADR-достойных решений** — зафиксированные конфликты и отклонения от брифа, согласованные с пользователем: `record_decision(signer="user", domain="product", task_id, decision_text)`.
+- **Circuit breaker отключён** — в продукте нет полосы откатов в стиле development (DEV/REV/OPS/TEST); возвраты идут через reverse `$handoff` (см. Reverse Handoff).
+- **Degraded mode** — если MCP-поток недоступен: Дирижёр ведёт Master Checklist (`$board`) и статусы Handoff Envelope вручную, sign-off фиксируется явным "Approved" пользователя, эскалации — вручную.
+
+---
+
 ## Формат ответа агента
 
 ### Full Pipeline (A / B)

package/domains/product/locales/en/agents/conductor.md

@@ -5,7 +5,7 @@ domain: product
 signs_off_at:
   - RELEASE_GATE
 tool_allowlist: role:conductor
-budget_lines: 529
+budget_lines: 543
 schema_version: 1
 ---
 
@@ -396,6 +396,20 @@ If an agent's deliverable does not pass `$gates`:
 
 ---
 
+## MCP integration & operational guardrails
+
+The Conductor orchestrates the whole gate-flow through the `code-ai` MCP state machine — for the general flow see `product-pipeline-rules.md` § "Gate machine (code-ai MCP)". Conductor-specific operational guardrails:
+
+- **Gate-flow orchestration** — the Conductor drives the active mode's gate sequence through MCP: `classify_gate` (which gate the task lands on), `current_gate` (where we are now), `advance_gate` (move to the next gate only after the deliverable + Handoff Envelope). A transition without a complete Handoff Envelope → `advance_gate` blocks.
+- **`sign_off` — all gates are `user`; the Conductor does not sign for the user** — in product every gate is closed by the USER. The Conductor STOPS, presents the gate artifact, and requests `sign_off(signer="user")` — one gate at a time, with no batching of approvals, and does NOT start next-gate work until the current one is signed. No auto-pass on green (a judgment domain, no deterministic auto-checks).
+- **RELEASE_GATE** is recorded as `sign_off(gate="RELEASE_GATE", signer="user", decision=..., evidence=<RG checklist>)` — not prose approval.
+- **`request_decision` for escalations** — conflicts between agents and waivers of mandatory items: `request_decision(...)` → the user decides → `record_decision`. See § Conflict Resolution Protocol.
+- **`record_decision` for ADR-worthy outcomes** — recorded conflicts and brief deviations approved by the user: `record_decision(signer="user", domain="product", task_id, decision_text)`.
+- **Circuit breaker disabled** — product has no development-style rollback lane (DEV/REV/OPS/TEST); returns go through reverse `$handoff` (see Reverse Handoff).
+- **Degraded mode** — if the MCP flow is unavailable: the Conductor keeps the Master Checklist (`$board`) and Handoff Envelope statuses by hand, sign-off is recorded by the user's explicit "Approved", and escalations are manual.
+
+---
+
 ## Agent response format
 
 ### Full Pipeline (A / B)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "code-ai-installer",
-  "version": "4.1.0",
+  "version": "4.3.0",
   "description": "Production-ready CLI to install code-ai agents and skills for multiple AI coding assistants. Bundles the code-ai-mcp MCP server for Claude Code.",
   "license": "MIT",
   "author": "Denish1209",