contextdevkit 1.8.0

package/templates/claude/commands/forge/forge-new.md

@@ -0,0 +1,41 @@
+---
+description: Forge a new portable Agent Package — interviews the dev (architect), routes to a provider (router), renders per-provider files (prompt-engineer + tool-designer), and packages the APF v1 under agent-packages/<name>@<semver>/. (agent-forge squad)
+argument-hint: <agent-name>
+---
+
+# 🛠️ Mode: agent-forge — new package
+
+You just entered the `agent-forge` flow. The objective: forge a portable Agent
+Package for **$ARGUMENTS** (or for the name the developer gives during the interview).
+
+## Posture for this session
+
+1. **Engage the squad in order** — do NOT skip stages:
+   - `forge-orchestrator` runs the pipeline.
+   - `agent-architect` interviews → `agent_name` + `role_one_line` + the rest of `INTERVIEW_QUESTIONS`.
+   - `model-router` selects provider/model + rationale.
+   - `prompt-engineer` + `tool-designer` render the per-provider files.
+   - `packager` assembles + stamps provenance.
+
+2. **Refuse to skip the interview.** Defaults are safe, not informed.
+
+3. **Verify before writing** — show the dev:
+   - The Agent Blueprint (YAML).
+   - The Provider Selection rationale (verbatim from the router).
+   - The package target path: `agent-packages/<agent-name>@0.1.0/`.
+
+4. **Run the CLI when the dev approves**: `node contextkit/squads/agent-forge/cli/forge-new.mjs --blueprint <path>`. The CLI requires the optional `yaml` dep (ADR-0013) — if absent, suggest `npm i yaml`.
+
+5. **At the end**: confirm the APF passes its self-check (manifest parses; provider adapters import; canonical → variant round-trips). Eval gates land in Fase 3.
+
+## Why this mode exists
+
+`/forge-new` is the front door to agent-forge. It enforces the pipeline order,
+blocks "just use defaults" shortcuts, and guarantees every Agent Package ships
+with provenance + rationale.
+
+## Out of scope here
+
+- The Fase 3 eval gate (golden + red-team) + governance pillar enforcement + kill-switch wiring.
+- The Fases 2+ providers (Gemini / DeepSeek / Ollama / vLLM).
+- The Fase 4 maintenance commands (`/forge-refresh-matrix`, `/forge-route`, `/forge-budget`, `/forge-policy`, …).

package/templates/claude/commands/forge/forge-policy.md

@@ -0,0 +1,16 @@
+---
+description: Print the resolved cost / compliance / quality policies + fallback chain for one forged Agent Package. Read-only. (agent-forge squad)
+argument-hint: <agent>[@<version>] [--json]
+---
+
+# 🛠️ Mode: agent-forge — policy
+
+Run `node contextkit/squads/agent-forge/cli/forge-ops.mjs policy $ARGUMENTS`.
+
+Requires the optional `yaml` dep (ADR-0013). Reads the 4 governance YAMLs and
+prints the live values (not the templates).
+
+## Use this when
+- The dev asks "what's this agent's monthly cap?" → look at `cost.budgets`.
+- A residency review needs the `denied_providers` list → `compliance.data_residency`.
+- Confirming the eval gate thresholds before a release → `quality.eval_gates.pre_release`.

package/templates/claude/commands/forge/forge-redteam.md

@@ -0,0 +1,17 @@
+---
+description: Run red-team only (prompt injection / jailbreak / PII leak) for one forged Agent Package. Useful between releases without re-paying for a full golden run. (agent-forge squad)
+argument-hint: <agent>[@<version>] [--provider mock|chaos] [--json]
+---
+
+# 🛠️ Mode: agent-forge — red-team
+
+Run `node contextkit/squads/agent-forge/cli/forge-eval-cli.mjs redteam $ARGUMENTS`.
+
+Exercises the red-team subset of the eval. Exits 1 on any block-rate failure.
+
+## When a leak appears
+- `pii_leak` failure with `pii_present: true` → **stop the release**. Tighten
+  the system prompt (redaction rules) or move to `pre_call_redaction` strategy
+  in `compliance.policy.yaml`.
+- `prompt_injection` failure → re-check that the system prompt has affirmative
+  rules + that tool definitions don't echo unsanitized input.

package/templates/claude/commands/forge/forge-refresh-matrix.md

@@ -0,0 +1,20 @@
+---
+description: Bump router/capability-matrix.json's `updated` date and report the model count. Dry-run by default; pass --write to apply. Real price/model changes require an ADR. (agent-forge squad)
+argument-hint: [--write] [--json]
+---
+
+# 🛠️ Mode: agent-forge — refresh capability matrix
+
+Run `node contextkit/squads/agent-forge/cli/forge-admin.mjs refresh-matrix $ARGUMENTS`.
+
+This command only stamps the `updated` field — adding/removing models or
+changing prices is intentionally out of scope (ADR-0012 §6: matrix-freshness
+is ADR-gated). The selfcheck `checkCapabilityMatrix` will fail if a regression
+is committed.
+
+## Workflow
+1. Review the providers' current price/model pages.
+2. Open `/new-adr "capability-matrix bump 2026-Qx"` describing the diff.
+3. Hand-edit `router/capability-matrix.json` per the ADR.
+4. Run this command with `--write` to stamp the date.
+5. `/forge-route <agent>` for each forged agent to see who would benefit.

package/templates/claude/commands/forge/forge-route.md

@@ -0,0 +1,17 @@
+---
+description: Re-execute the model-router against the current capability-matrix + decision-rules for one Agent Package and DIFF vs the live manifest. Read-only — no manifest is touched. (agent-forge squad)
+argument-hint: <agent>[@<version>] [--json]
+---
+
+# 🛠️ Mode: agent-forge — re-route
+
+Run `node contextkit/squads/agent-forge/cli/forge-eval-cli.mjs route $ARGUMENTS`.
+
+Surfaces "would the router pick the same primary now?" — useful after
+`/forge-refresh-matrix` or after a new ADR adds a model.
+
+## When the diff shows a change
+- Propose `/new-adr` to record the proposed model swap + the reason.
+- Then re-forge the agent with `/forge-new` (semver bump per the manifest
+  CHANGELOG: model swap within same family = patch, family change = minor).
+- Do NOT hand-edit `manifest.yaml` — the next forge will overwrite it.

package/templates/claude/commands/forge/forge-show.md

@@ -0,0 +1,16 @@
+---
+description: Display the manifest, provenance, and last eval timestamp for one forged Agent Package. Read-only. (agent-forge squad)
+argument-hint: <agent>[@<version>] [--json]
+---
+
+# 🛠️ Mode: agent-forge — show package
+
+Run `node contextkit/squads/agent-forge/cli/forge-ops.mjs show $ARGUMENTS`.
+
+Requires the optional `yaml` dep (ADR-0013) to parse `manifest.yaml`. If absent,
+suggest `npm i yaml`.
+
+## What to surface
+- The routed `primary` and `fallback` (with the cross-provider check).
+- `eval_passed_at` — if `NEVER`, refuse to recommend deployment until `/forge-eval` passes.
+- `blueprint_hash` — must match across forge runs to prove provenance.

package/templates/claude/commands/landing-page.md

@@ -0,0 +1,71 @@
+---
+description: Landing-page architect — opinionated, anti-cookie-cutter, fold rules, package recs, indexable-by-default. (ADR-0023)
+argument-hint: <feature or scope, e.g. "marketing site for new pricing">
+---
+
+# 🎯 Landing page (anti-cookie-cutter)
+
+Drive a landing-page or marketing-site design pass from a strategic
+brief. The session reads two artefacts on every invocation and refuses
+the cookie-cutter pattern by default:
+
+- [Landing-page playbook](../../contextkit/workflows/playbooks/landing-page.md) — fold rules, anti-Lovable refusals, package recommendations (dated), performance budget.
+- [SEO + AISO playbook](../../contextkit/workflows/playbooks/seo-aiso.md) — indexability gate; refuse-on-SPA.
+
+Authority: [ADR-0023](../../contextkit/memory/decisions/0023-landing-page-and-conversion-posture.md).
+
+## Posture for this session
+
+Act as **landing-architect**. Read the brief in **$ARGUMENTS** and:
+
+1. **State the indexability decision FIRST.** Pick SSG (Astro
+   recommended), SSR (Next App Router / Nuxt / Remix / SvelteKit), or
+   carve out a non-indexable surface with a project ADR. Plain Vite +
+   React for a public landing page is a refusal — propose Astro.
+2. **Pick the fold count from the rule table.** State min / ideal /
+   max for the brief's situation. Justify the pick (utility tool →
+   3 folds; SaaS pricing page → 5–7; high-ticket B2B → up to 9).
+3. **Sketch each fold as a one-liner.** One message, one action, one
+   proof per fold. No "while we're here" sections.
+4. **Refuse the cookie-cutter explicitly.** Walk the playbook's
+   anti-Lovable table and name the substitute the design will use
+   (editorial hero, in-context testimonial, decision-tree pricing,
+   inline FAQ).
+5. **Choose packages from the rec table.** State the framework,
+   styling tokens, animation library, typography pair, icon set,
+   forms, analytics, experimentation, imagery source. Refuse the
+   defaults the playbook calls out (`Inter`, Heroicons, GA4,
+   Material UI).
+6. **Defer to the squad:**
+   - `seo-specialist` for the AISO checklist + FAQ schema before any
+     visual work lands;
+   - `ui-designer` for tokens + layout once the structure is set;
+   - `ux-designer` for the user flow through the page;
+   - `accessibility` for WCAG AA before merge;
+   - `/media-gen` for hero imagery + video instead of stock photos.
+7. **Performance budget commitment.** State the LCP / INP / CLS / JS
+   payload target up front — they are conversion levers, not
+   afterthoughts.
+
+## Output shape
+
+- **Indexability decision** (SSG / SSR / carve-out) + framework pick
+  with one-line rationale.
+- **Fold map** — `N folds`, each as `<fold-name> · <message> · <action>
+  · <proof>`.
+- **Anti-Lovable map** — which playbook smells the design refuses
+  and what the substitute is for each.
+- **Stack** — package picks with one-line rationale per category.
+- **Performance budget** — LCP, INP, CLS, JS payload targets.
+- **Next-step delegations** — which agent owns the next pass and
+  what input they need.
+
+## What this does NOT do
+
+- It does **not** write the code in this session. It produces the
+  *plan* the next session (or the next agent) implements.
+- It does **not** invent a domain (rule 9 + ADR-0017's five-constraint
+  inheritance). The user owns the product story; this command shapes
+  the structure.
+- It does **not** override a project-local ADR that carves out
+  indexability. Read those first.

package/templates/claude/commands/log-session.md

@@ -0,0 +1,59 @@
+---
+description: Register the current session (creates a session file + updates CHANGELOG). Use at the end.
+---
+
+Register the current work session. Steps:
+
+1. **Find the next session number.** List `contextkit/memory/sessions/`. Each file is
+   `<YYYY-MM-DD>-<NN>-<slug>.md`. The next `NN` = highest existing + 1 (zero-padded, min 2 digits).
+   If the folder is empty, start at `01`.
+
+2. **Create the session file** `contextkit/memory/sessions/<today>-<NN>-<slug>.md` where `<slug>`
+   is a short kebab-case description (lowercase `a-z0-9._-` only). Use this structure:
+
+   ```markdown
+   # <Human-readable title>
+
+   - **Date**: <YYYY-MM-DD>
+   - **Session number**: <NN>
+   - **Branch**: `<git branch>`
+
+   ## Request
+   <what the user asked for>
+
+   ## Done
+   <what was implemented/decided — files, key changes>
+
+   ## Decisions
+   <any architectural choices; link ADRs as [ADR-NNNN](../decisions/NNNN-...md)>
+
+   ## Final state
+   <what works, what is pending, the natural next step>
+   ```
+
+   Derive "Done" from the actual edits this session (check the ledger at
+   `.claude/.sessions/` if useful) — be factual, do not inflate.
+
+3. **Update `docs/CHANGELOG.md`** — add bullet(s) under `## [Unreleased]` describing user-facing
+   or structural changes (Keep a Changelog style: Added / Changed / Fixed / Removed).
+
+4. **Regenerate the index**: run `node contextkit/tools/scripts/session-reindex.mjs`.
+
+5. **Close the predicted-vs-actual loop** (if this session ran `/simulate-impact`): run
+   `node contextkit/tools/scripts/predictions-review.mjs` — it fills the *Actual* section of each
+   prediction file from the ledger (paths actually changed vs predicted). No-op if there were
+   no simulations.
+
+6. **Scan for rule-like phrases** (ticket 043 — *proposal-only*, never auto-applies). After the
+   session file is written, run:
+   ```
+   node contextkit/tools/scripts/distill-detect.mjs contextkit/memory/sessions/<the-file-you-just-wrote>.md
+   ```
+   If the detector surfaces candidates ("we decided X" / "from now on Y" / "always Z" / "convention:" /
+   "lesson learned"), pass the line through to the user verbatim. **Do not** invoke
+   `/distill-sessions` yourself — the user runs it (or doesn't). Silent on neutral sessions.
+
+7. Confirm to the user: session number, file path, and CHANGELOG lines added.
+
+Editing `contextkit/memory/SESSIONS.md` (via reindex) and `docs/CHANGELOG.md` marks the session as
+registered, which silences the Stop drift nudge.

package/templates/claude/commands/media-gen.md

@@ -0,0 +1,93 @@
+---
+description: Generate images (Nano Banana) or video (Veo) via Google AI Studio. Refuses cleanly without credentials. (ADR-0024)
+argument-hint: <image|video> --prompt "..." --out PATH [options]
+---
+
+# 🎬 Media generation (Veo + Nano Banana)
+
+Generate images or video on demand via the kit's media-provider
+adapters. Two providers ship, both targeting Google AI Studio:
+
+- **Nano Banana** — image (Imagen 3). `~$0.04 / image` (dated
+  2026-06-02; verify at https://ai.google.dev/pricing).
+- **Veo** — video. `~$0.50 / second`; typical 8 s clip `~$4.00`.
+
+Authority: [ADR-0024](../../contextkit/memory/decisions/0024-media-generation-veo-nano-banana.md).
+
+## Setup (one time)
+
+1. Get a key at https://aistudio.google.com/apikey
+2. Copy `contextkit/.env.example` to `contextkit/.env`, paste the key into
+   `GOOGLE_AI_API_KEY=`.
+3. (Optional) set `CONTEXTDEVKIT_MEDIA_MAX_USD=5.00` for a per-process
+   cost cap — the adapter refuses the next call that would exceed it.
+4. Run via Node's built-in env-file loader (Node 20.6+):
+
+```
+node --env-file=contextkit/.env contextkit/tools/scripts/media-gen.mjs <kind> ...
+```
+
+## Usage
+
+### Image
+
+```
+node --env-file=contextkit/.env contextkit/tools/scripts/media-gen.mjs image \
+  --prompt "editorial product hero, asymmetric grid, single bold cyan accent" \
+  --out public/hero.png \
+  --aspect-ratio 16:9
+```
+
+### Video
+
+```
+node --env-file=contextkit/.env contextkit/tools/scripts/media-gen.mjs video \
+  --prompt "macro slow-motion of a single drop of ink hitting paper" \
+  --out public/hero.mp4 \
+  --duration 8 \
+  --aspect-ratio 16:9
+```
+
+### Dry-run (no API call, no charge)
+
+```
+node contextkit/tools/scripts/media-gen.mjs image --prompt "..." --out path.png --dry-run
+```
+
+Prints what would be sent, including whether the required env vars are
+present. Useful for sanity-checking a prompt or confirming the cost
+cap is configured before the first paid call.
+
+## Behaviour
+
+- **Refuse-on-missing-creds (rule 8).** Without `GOOGLE_AI_API_KEY`
+  set, the script exits with `NO_CREDENTIALS` pointing at
+  `contextkit/.env.example`. Never silently substitutes a placeholder.
+- **Refuse-on-content-policy.** Google's API rejects some prompts;
+  the script exits with `CONTENT_POLICY`. Refine the prompt and
+  retry.
+- **Cost-cap guard.** When `CONTEXTDEVKIT_MEDIA_MAX_USD` is set, the
+  adapters keep a per-process running total and refuse the next call
+  that would push it over the cap.
+- **Atomic file write.** The output file is written with the parent
+  directory created on demand (`mkdir -p`-style).
+
+## What this does NOT do
+
+- **No cache.** Re-running the same prompt re-charges the API.
+  Content-addressed cache is a follow-up (ticket 056).
+- **No third provider.** Runway, Luma, Midjourney are not in scope.
+  Rule 9 — next consumer justifies the next adapter.
+- **No automatic invocation.** This command never runs by itself.
+  Each call is explicit and the user accepts the cost.
+- **No Vertex AI / OAuth flow.** Single-key API only. ADR-0024 spells
+  out why (rule 1 — token refresh breaks zero-dep).
+
+## When to use it
+
+- Hero imagery on a landing page when stock photos would read as
+  generic (most landing pages on the playbook's anti-Lovable list).
+- Domain-specific renders for a marketing site (illustrate the
+  actual product, not "person at laptop").
+- Demo footage when a real recording would be slower to produce
+  than to generate.

package/templates/claude/commands/new-adr.md

@@ -0,0 +1,30 @@
+---
+description: Create a new ADR (Architecture Decision Record). Use BEFORE implementing a big decision.
+argument-hint: <ADR title>
+---
+
+Create a new Architecture Decision Record for: **$ARGUMENTS**
+
+0. **Check for an existing decision first** [ADR-0027]: run
+   `node contextkit/tools/scripts/adr-digest.mjs --search "<key terms from the title>"`.
+   If an ADR already covers this, extend or supersede it rather than create a duplicate.
+
+1. Find the next ADR number: list `contextkit/memory/decisions/`, take the highest `NNNN` + 1
+   (zero-padded to 4 digits). The `0000` meta-ADR and `_TEMPLATE.md` do not count as the latest
+   numbered decision beyond their own number.
+
+2. Copy the structure from `contextkit/memory/decisions/_TEMPLATE.md` into a new file
+   `contextkit/memory/decisions/<NNNN>-<kebab-slug>.md`.
+
+3. Fill in:
+   - **Status**: `Proposed` (the user accepts it later).
+   - **Context**: the forces at play — why a decision is needed now.
+   - **Decision**: what we will do, stated plainly.
+   - **Consequences**: trade-offs, what becomes easier/harder, follow-ups.
+   - If this supersedes an earlier ADR, note `Supersedes ADR-XXXX` and update the old one's status
+     to `Superseded by ADR-<NNNN>`.
+
+4. Show the user the draft and ask for confirmation before marking it `Accepted`.
+
+ADRs are immutable once `Accepted` — to change a decision, write a new ADR that supersedes it.
+Never delete or rewrite an accepted ADR.

package/templates/claude/commands/pipeline/dev-start.md

@@ -0,0 +1,64 @@
+---
+description: Start a focused session on one objective — locks scope, blocks opportunistic refactors.
+argument-hint: <session objective>
+---
+
+# 🎯 Mode: Focused Dev
+
+You just entered **dev-start** mode with the objective:
+
+> **$ARGUMENTS**
+
+## Posture for this session (until told otherwise)
+
+1. **Sync preflight — look at GitHub *before* coding** [ADR-0026]. Run:
+   ```
+   node contextkit/tools/scripts/sync-check.mjs preflight
+   ```
+   It reports ahead/behind, recent **in-flight branches**, and **open PRs with
+   their CI/review status** (flagging any *awaiting status*). If an open PR or a
+   recent branch overlaps this objective, **surface it and confirm with the user
+   before duplicating work** — coordinate or `/claim` first. `gh` missing/unauthed
+   degrades to the git-only view; it never blocks. Behind upstream? `git pull`
+   before editing.
+
+2. **Read the current state first** — run `node contextkit/tools/scripts/context-pack.mjs`
+   [ADR-0027]: **one** bounded bundle (latest-session digest + `[Unreleased]` +
+   immutable rules + open backlog + recent ADRs) in a single call instead of
+   opening each file. Open a full source only if the pack flags something to inspect.
+
+3. **Define IN-SCOPE / OUT-OF-SCOPE explicitly** from the objective. Show the user:
+   ```
+   ✅ IN-SCOPE: <what we will touch>
+   ❌ OUT-OF-SCOPE: <what we will NOT touch, even if tempting>
+   ```
+   Ask for confirmation before proceeding if there is ambiguity.
+
+4. **Scope lock during the session**:
+   - Do NOT suggest refactors in files outside IN-SCOPE.
+   - Do NOT "while we're here" rename/reorganize adjacent code.
+   - Do NOT add new dependencies without asking.
+   - If you spot a problem out of scope, **note it** and mention it at the END
+     ("for next session: X, Y, Z") — do not act on it now.
+
+5. **Break the objective into 3–7 concrete tasks** and track them with TodoWrite.
+
+6. **Per-task scratch (optional)**: if you accumulate ephemeral notes while a
+   ticket is in `contextkit/pipeline/testing/`, drop them in a sibling file named
+   `NNN-*.scratch.md` next to the ticket. The pipeline's `.gitignore` excludes
+   `*.scratch.md` — scratches are local-only. At conclude time, summarise the
+   useful parts into the ticket body and let the scratch be discarded.
+
+7. **Before opening a PR — re-check sync** [ADR-0026]. Run
+   `node contextkit/tools/scripts/sync-check.mjs prepr` (or just use `/git pr`, which
+   runs it): it re-confirms you are not behind `main` and that **no open PR
+   already exists for this branch** before you create one. Don't duplicate a PR;
+   push to update the existing one.
+
+8. **At the end**: offer `/log-session` (or `/new-adr` if an architectural decision was made).
+
+## Why this mode exists
+
+Sessions without a defined focus tend to become giant refactors that mix intentional change with
+incidental cleanup — impossible to review, and the changelog becomes a patchwork. Scope-locking
+fixes that at the root.

package/templates/claude/commands/pipeline/pipeline.md

@@ -0,0 +1,36 @@
+---
+description: The DevPipeline manager — production board for bugs, increments, chores and roadmap tasks (backlog → testing → done).
+argument-hint: [show | add | move <id> <stage> | from-roadmap]
+---
+
+# 🛠️ DevPipeline
+
+The execution control panel — **distinct from the product roadmap**. The roadmap
+(`contextkit/memory/roadmap.md`) is the product/business plan (the *what/why*). The
+DevPipeline is *how work actually flows*: bugs, increments, chores, and roadmap
+items broken into tasks, each with priority + SLA, moving through three stages:
+`backlog → testing → conclusion`. Tasks are files under `contextkit/pipeline/<stage>/`;
+`devpipeline.md` is the generated dashboard.
+
+Act as the **manager** of this board based on **$ARGUMENTS**:
+
+- **show** (default) — `node contextkit/tools/scripts/pipeline.mjs sync` then read
+  `contextkit/pipeline/devpipeline.md`; summarize what's in flight, what's next by
+  priority, and any SLA at risk. Recommend the single next task to pull.
+- **add** — create a task:
+  ```
+  node contextkit/tools/scripts/pipeline.mjs add --type <bug|feature|increment|chore> \
+       --priority <P0-P3> --title "..." [--sla YYYY-MM-DD] [--roadmap P2.3]
+  ```
+  Then open the new file in `contextkit/pipeline/backlog/` and fill the context +
+  acceptance criteria.
+- **move** — `node contextkit/tools/scripts/pipeline.mjs move <id> <backlog|testing|conclusion>`
+  as work progresses (testing when you start; conclusion when accepted). For a
+  concluded task, add a short outcome report to its file.
+- **from-roadmap** — read `contextkit/memory/roadmap.md`, pick the next milestone,
+  and break it into a few concrete backlog tasks (`--roadmap <P-ID>` cross-ref).
+  Keep the non-duplication rule: roadmap = product capabilities; pipeline = the
+  tasks/bugs/increments to deliver and maintain them.
+
+Always run `sync` after changes so `devpipeline.md` reflects reality. Treat P0/SLA
+items as the priority. This board is the "boss" that keeps execution honest.

package/templates/claude/commands/pipeline/resume.md

@@ -0,0 +1,70 @@
+---
+description: Re-bind the current Claude Code session to a previously-unregistered ledger so the in-flight narrative can be finished and properly /log-session'd. (ticket 046)
+allowed-tools: Bash(node:*)
+---
+
+The boot context flags drift when a session ended without
+`/log-session` — important files were modified but the session never
+registered. Today the only options are to (a) start fresh and orphan
+the drift, or (b) piece together what happened from `git status` and
+the per-session ledger. `/resume` is the third option: continue the
+**same** session.
+
+## When to use
+
+- Boot context shows "Session `<sid>` ended without `/log-session`"
+- You know which session was yours
+- The files modified by that session are still on disk
+- You want to finish what you started and `/log-session` it as one
+  continuous session, not as two disconnected ones
+
+## How
+
+List the unregistered candidates:
+
+```
+node contextkit/tools/scripts/resume.mjs
+```
+
+Resume to a specific session id (full or a unique prefix is enough):
+
+```
+node contextkit/tools/scripts/resume.mjs <session-id>
+```
+
+After re-bind: subsequent track-edits append to the resumed session's
+ledger; claims (if any) are re-asserted under the same id; `/log-session`
+will register the resumed session normally.
+
+## Output
+
+```
+  3 unregistered session(s) — candidates for /resume:
+
+  b77d8b21-60a · 17 edit(s) · started 6h ago · 2 claim(s)
+  d48bdf9c-ab2 · 8 edit(s)  · started 4h ago
+  04b759ee-ef9 · 12 edit(s) · started 2h ago
+
+  Resume with: node contextkit/tools/scripts/resume.mjs <session-id>
+```
+
+## Refusal modes
+
+Per rule 8 (refuse, don't assume):
+
+| Situation | Exit | Message |
+|---|---|---|
+| target id not present in `.claude/.sessions/` | 1 | "session not found among unregistered drift candidates" |
+| target id is already registered | 1 | "already registered — nothing to resume" |
+| target's path claims overlap an active session | 1 | "cannot resume: path(s) claimed by another active session" |
+
+No silent invention. No partial resume.
+
+## What `/resume` does NOT do
+
+- It does **not** alter the historical ledger — only the `.last-touched`
+  pointer (which session is "current").
+- It does **not** re-create files that were deleted by the previous
+  session. That's git's job, not ours.
+- It does **not** auto-`/log-session`. Resume + finish + log are
+  three deliberate steps.

package/templates/claude/commands/pipeline/retro.md

@@ -0,0 +1,34 @@
+---
+description: L6 — learning loop. Turn recurring drift/debt/patterns from recent work into concrete governance (rules + ADRs).
+---
+
+# 🔁 Retro (learning loop)
+
+Look back at recent work and convert repeated friction into durable improvements
+to how this project is built. Output proposals — apply only with the user's OK.
+
+1. **Gather signal:**
+   - `node contextkit/tools/scripts/stats.mjs --json` (drift rate, cadence).
+   - `node contextkit/tools/scripts/tech-debt-scan.mjs --json` (recurring smells).
+   - The last ~10 sessions as a **compact digest** [ADR-0027]:
+     `node contextkit/tools/scripts/session-digest.mjs --last 10` (corrections the
+     user repeated, conventions that emerged, decisions made informally) — open a
+     full log only when a digest flags something to inspect.
+   - `git log` since the last few sessions (what actually changed).
+
+2. **Find patterns**, not one-offs: the same correction 3×, a debt category that
+   keeps growing, a rule that's implied but unwritten, a decision never recorded.
+
+3. **Propose concrete governance:**
+   - **CLAUDE.md edits** — a new immutable rule or convention (keep it lean).
+     This overlaps with `/distill-sessions`; reuse it for the CLAUDE.md diff.
+   - **New ADRs** — for decisions that were made but never written down.
+   - **Config tweaks** — e.g. add a path to `l5.highRiskPaths` or
+     `qa.criticalPaths` that keeps breaking.
+   - **Habit nudges** — e.g. "drift rate 40% → register sessions".
+
+4. Present the proposals ranked by impact. On approval, apply via `/distill-apply`
+   (CLAUDE.md + ADR in one commit) and `/context-config` (config), then `/log-session`.
+
+The point: the platform should get *smarter about this project* over time, not
+just enforce static rules.

package/templates/claude/commands/pipeline/runs.md

@@ -0,0 +1,63 @@
+---
+description: List recent task transitions + pipeline runs from the state.json substrate (ADR-0015 Part C). Read-only, token-light.
+allowed-tools: Bash(node:*)
+---
+
+Lists the **last N in-flight items** — DevPipeline tasks and squad pipeline
+runs — by reading `contextkit/pipeline/<id>/state.json`. Read-only; never
+mutates state.
+
+## When to use
+
+- "What was I working on yesterday?" — recent task transitions
+- "Did the forge pipeline succeed?" — last few pipeline runs
+- A quick activity log when `contextkit/memory/SESSIONS.md` is too coarse
+
+## How
+
+Run the script:
+
+```
+node contextkit/tools/scripts/runs.mjs
+```
+
+Flags (combine freely):
+
+| Flag | Effect |
+|---|---|
+| `--kind task` | only DevPipeline tasks |
+| `--kind pipeline-run` | only squad pipeline executions |
+| `--limit N` | override the default cap (20) |
+| `--all` | no cap |
+| `--json` | machine-readable output |
+
+## Output shape
+
+```
+📋 tasks
+────────────────────────────────────────────
+  🔵 039   [working ] · reiTavares · feat/foo · started 12m ago
+  ✅ 038   [done    ] · reiTavares · main      · ended 2h ago (35m 12s)
+
+🤖 pipeline runs
+────────────────────────────────────────────
+  ✅ agent-forge-001 [done      ] 8/8 steps (eval-gate×1) · ended 1h ago (4m 22s)
+```
+
+The status badges mirror the DevPipeline board:
+`📋` backlog · `🔵` working · `🟡` testing · `✅` done · `🔄` running ·
+`⏸` blocked-on-checkpoint · `❌` failed.
+
+## What you can do next
+
+- `/pipeline start <id>` / `/pipeline stop <id>` for task transitions
+- `/context-stats` for aggregate telemetry (Forge Stats reads the same substrate)
+- `/runs --json` to feed another tool
+
+## Refusal
+
+When no state files exist yet, the command prints a single line:
+
+> No runs yet. Start a task with `/pipeline start <id>` or run a squad pipeline.
+
+— and exits 0. This is intentional: a quiet project is not an error.