devrites 1.19.0

package/pack/.claude/skills/rite-build/reference/afk-discipline.md

@@ -0,0 +1,145 @@
+# AFK discipline — running `/rite-build` unattended without burning the trunk
+
+AFK mode is `.devrites/AFK` present. It lets `/rite-build` chain slices without per-slice
+user input. The discipline below is what keeps an AFK loop from drifting into damage.
+
+The core principles are borrowed from established autonomous-coding loops (Ralph Wiggum,
+Claude Code auto mode):
+
+1. **Feedback loops are the trust substrate.** No green tests / types / lint → no
+   "built" status. The loop can't declare victory if the lights are red.
+2. **Always cap iterations.** Stochastic systems + infinite loops = unsafe. `max_slices`
+   is the hard counter.
+3. **Promote pre-action gates, demote post-action gates.** Code that lands without a
+   gate is a finding; gates after the fact are review queues.
+4. **AFK widens what's automatic, never what's irreversible.** Destructive work, auth
+   boundaries, public API breaks always pause regardless of the sentinel.
+
+## The sentinel file
+
+`.devrites/AFK` (presence = AFK). Optional YAML body:
+
+```yaml
+max_slices: 10                       # read-only INITIAL budget; seeds state.md on first AFK build
+notify: "ntfy.sh/my-topic"           # shell command run on awaiting_human transition
+allow_gates: [advisory, validating]  # gate severities AFK may auto-handle
+```
+
+`.devrites/AFK` is **read-only config** — never rewritten in place. `max_slices` is the
+initial budget; the mutable remaining count lives in `state.md` as `AFK slices remaining:
+<n>`, seeded from `max_slices` on the first AFK build and decremented by `tick-afk.sh`
+(see "Iteration cap").
+
+Defaults when keys are omitted:
+- `max_slices`: unlimited (a missing cap is risky — see "Always cap iterations").
+- `notify`: none.
+- `allow_gates`: `[advisory]`.
+
+To disable AFK temporarily, delete the file. The next `/rite-build` boots straight back
+into HITL.
+
+## Iteration cap
+
+`/rite-build`'s **record step** (workflow step 6) decrements `state.md`'s `AFK slices
+remaining` by 1 each time a slice is marked `built`, by running
+`bash .claude/skills/devrites-lib/scripts/tick-afk.sh <state.md path>`. The script reads the
+field, decrements, writes it back, prints the new value, and **exits `3` when it hits 0**.
+The cap is enforced by `tick-afk.sh`, not by prose — when it exits 3:
+
+- `/rite-build` treats exit 3 as a forced HITL stop:
+  ```
+  AFK cap reached. Raise `state.md` `AFK slices remaining` or remove the sentinel to continue.
+  ```
+- The workspace stays consistent — no half-built slice, no pending question.
+
+Step 0 re-derives the remaining budget from `state.md` (seeding it from `.devrites/AFK`
+`max_slices` on the first AFK build); `max_slices` itself is read-only and never rewritten.
+
+The cap is intentional: a missing or large cap **must be a conscious choice**. Ralph's
+rule: 5-10 iterations for small tasks, 30-50 for larger ones. Don't ship "unlimited" as
+the default for a job you haven't observed running once HITL.
+
+## Fail-on-red
+
+The **fail-on-red step** (workflow step 5) refuses to mark a slice `built` if targeted tests /
+types / lint are red. The reasoning:
+
+- A red signal means either the slice's contract is wrong or the failing code is. Neither
+  is something AFK can resolve.
+- Marking it `built` and letting the AFK loop chain to the next slice burns the trunk —
+  the next slice builds on broken state.
+
+The fail-on-red path:
+
+1. Append a question to `questions.md` with `gate: blocking`, the SLA of the slice, and a
+   crisp `question:` field naming what failed.
+2. Set `state.md` `Status: awaiting_human` and the `Awaiting human` block.
+3. Fire the `notify:` hook if defined.
+4. STOP.
+
+The user resolves via `/rite-resolve` after diagnosing or re-planning.
+
+## Irreversible-risk list (always pause)
+
+Regardless of `allow_gates`, AFK invokes the checkpoint protocol when the slice touches
+any of:
+
+- Destructive data migration (drop column, drop table, irreversible backfill).
+- Auth / authz boundary change (new role, changed permission check, new public auth endpoint).
+- Public API break (response shape change, removed endpoint, changed status code semantics).
+- External-service contract change (webhook payload, partner-facing schema).
+- Filesystem destructive operation outside the workspace (`rm -rf` of project paths,
+  rewriting `.gitignore`-listed paths, deleting fixtures).
+- Anything the slice's `Gate: blocking` plus `tasks.md` `Why HITL:` flags as irreversible.
+
+The list is the same one Claude Code auto-mode's transcript classifier protects — adapted
+to DevRites's workspace shape.
+
+## The `notify:` hook contract
+
+The hook is a single shell command run on the `awaiting_human` transition. Environment
+the hook receives:
+
+| Var | Value |
+|---|---|
+| `DEVRITES_QID` | the new qid (e.g. `q-2026-05-28-001`) |
+| `DEVRITES_GATE` | `advisory` / `validating` / `blocking` / `escalating` |
+| `DEVRITES_SLICE` | `<N — name>` |
+| `DEVRITES_SLUG` | active feature slug |
+| `DEVRITES_QUESTION` | the checkpoint text |
+| `DEVRITES_PROPOSED` | the proposed answer |
+
+The hook is best-effort: non-zero exit does **not** roll back the pause. Failures are
+logged to `evidence.md` so the user sees them on return.
+
+Example targets:
+- `curl -d "$DEVRITES_QID: $DEVRITES_QUESTION" ntfy.sh/my-topic`
+- `osascript -e "display notification \"$DEVRITES_QUESTION\" with title \"DevRites: $DEVRITES_GATE\""`
+- `pb push "$DEVRITES_SLUG: $DEVRITES_QUESTION"` (via pushbullet CLI)
+
+DevRites owns no notification logic — the hook is a seam, not a feature.
+
+## When to leave AFK
+
+Drop the sentinel before:
+
+- A novel feature where you have not yet seen `/rite-build` work on this codebase HITL —
+  Ralph's progression: HITL first → refine prompt → AFK once trusted.
+- A risky slice you marked `Mode: HITL` and want to walk through interactively even if
+  the gate is technically `validating`.
+- Any time you'd rather review per-slice than batch-resolve afterwards.
+
+AFK is a **bias toward continuing**, not a vow. Re-enter it whenever the next stretch of
+work is bulk + low-stakes.
+
+## What AFK does NOT do
+
+- It does not bypass `/rite-prove`, `/rite-review`, or `/rite-seal`. Those gates are
+  feature-scoped and always run when their phase runs.
+- It does not skip `/rite-plan repair` on Spec Drift Guard fires.
+- It does not skip `devrites-source-driven` checks. Uncertain framework behavior still
+  triggers the doc lookup.
+- It does not skip `evidence.md` writes. AFK runs that don't record evidence are
+  unproven and get rejected at `/rite-prove` regardless.
+
+The sentinel widens *human pauses*, nothing else.

package/pack/.claude/skills/rite-build/reference/anti-patterns.md

@@ -0,0 +1,25 @@
+# rite-build — anti-patterns
+
+Load this when standing a non-trivial implementation decision, or when the
+agent feels reluctance toward stopping after one slice, applying TDD, or
+calling `devrites-doubt`.
+
+Pack-wide rationalizations + red flags (incl. tests-later, defensive checks,
+generic AI naming, drive-by refactors): see
+[rules/anti-patterns.md](../../../rules/anti-patterns.md).
+
+## Phase-specific rationalizations
+
+| Excuse | Rebuttal |
+|---|---|
+| "Slices 1 and 2 are related; let me do both." | One slice, then stop. Full stop. The user asks for the next. |
+| "It's faster to skip `devrites-doubt` for this small change." | Doubt is cheapest *before* the decision is standing. After is debugging. |
+
+## Red Flags
+
+- About to start slice N+1 without the user asking.
+- Skipping `devrites-doubt` on a branching, boundary, data-model, auth, public-API, or migration decision.
+- Adding a dependency or a second design system without recording rationale in `decisions.md`.
+- Writing a `try/catch` block wider than what you actually handle.
+- A comment that restates what the next line does.
+- Touching files that aren't in `touched-files.md` for "tidiness".

package/pack/.claude/skills/rite-build/reference/checkpoint-protocol.md

@@ -0,0 +1,149 @@
+# Checkpoint protocol — what `/rite-build` does when a slice is HITL
+
+When `/rite-build` reaches a slice with `Mode: HITL`, it does **not** start writing code. It
+surfaces the checkpoint as a ranked **option set** and resolves it **before** any code lands:
+
+- **Human present (interactive)** — ask inline via `AskUserQuestion` (the option set below).
+  The human picks; record the pick to `questions.md` (`answered`) + `decisions.md`, clear the
+  gate, and **continue building in place** — no STOP, no `/rite-resolve` round-trip.
+- **Human absent / AFK-pausing / notify-only** — persist the checkpoint (`questions.md` open +
+  `state.md` `Awaiting human`), fire the `notify:` hook, and **stop**. Resume later via
+  `/rite-resolve` (or `--batch`).
+
+Either way the pause is **pre-action**, not post-action: code never lands before the gate.
+
+## Render contract
+
+The checkpoint must be rendered in user-facing output **and** persisted to the workspace.
+Both are required — the output is for the human in the room (or the notification target),
+the persisted form is for the next session or the AFK observer.
+
+### User-facing render — the option set
+
+Present the checkpoint as an `AskUserQuestion` with a ranked **option set**
+(`afk-hitl.md` → "Option set"): 2–4 options, **recommended first** + labelled `(Recommended)`,
+each option's description carrying the dimension-tagged rationale + the trade-off it accepts,
+plus the escape hatch. The header names the slice + gate:
+
+```
+Slice <N — name> — HITL (<gate>, SLA <SLA>). <Checkpoint text from tasks.md>
+
+▸ 1. <recommended>  (Recommended)
+     logic: … · infra: … · business: … · architecture: …   (+ security/UX/risk if in scope)
+  2. <alternative> — <rationale + the trade-off it accepts>
+  3. <alternative> — <rationale>
+  4. Something else — I'll describe it
+```
+
+The recommended option (#1) is **required** — a checkpoint without a recommendation is a worse
+interrupt than one with shape; the human reacts to a ranked draft faster than to a blank prompt
+(the "give the human something to approve" rule). The recommendation reflects *this* project
+(its conventions, stack, scale), not a generic default. On an interactive pick, resolve in
+place; when persisting a pause instead, the same set is written to `questions.md` `options:`
+and the resume line is `/rite-resolve <qid> "<answer>"` (or `--drop <qid> "<reason>"`).
+
+### Workspace mutations
+
+In one atomic write (one `state.md` rewrite + one `questions.md` append):
+
+1. **`questions.md` append:**
+
+   ```markdown
+   ## q-<YYYY-MM-DD>-<NNN>
+   status: open
+   slice: <N — name>
+   gate: <gate from tasks.md>
+   question: <Checkpoint text from tasks.md>
+   options: |                        # the ranked set, recommended first (matches the render)
+     1. <recommended> (Recommended) — logic: … · infra: … · business: … · architecture: …
+     2. <alternative> — <rationale>
+   proposed: <the recommended option restated; matches option 1>
+   raised_at: <iso>
+   ```
+
+2. **`state.md` updates:**
+
+   ```markdown
+   - Status: awaiting_human
+   - Active slice: <N — name>
+   - Slice mode: HITL
+   - Next step: /rite-resolve <qid> "<answer>"
+
+   ## Awaiting human
+   - qid: <q-...-NNN>
+   - gate: <gate>
+   - question: <Checkpoint text>
+   - proposed: <one-paragraph best-guess>
+   - raised_at: <iso>
+   - blocking_slices: [<list, from `Blocked by` lookups>]
+   ```
+
+3. **`notify:` hook (if `.devrites/AFK` defines one):** export all six env vars from the
+   canonical contract in [`afk-discipline.md`](afk-discipline.md) (the `notify:` hook
+   contract table is the source of truth):
+
+   ```bash
+   DEVRITES_QID="$qid" \
+   DEVRITES_GATE="$gate" \
+   DEVRITES_SLICE="$slice_id" \
+   DEVRITES_SLUG="$slug" \
+   DEVRITES_QUESTION="$question" \
+   DEVRITES_PROPOSED="$proposed" \
+   sh -c "$notify_cmd"
+   ```
+
+   The hook fires after the workspace write so the notification target sees a workspace
+   that already records the pause. Failures in the hook **do not** roll back the pause —
+   the gate is authoritative; the notification is best-effort.
+
+## qid generation
+
+Format: `q-YYYY-MM-DD-NNN`, where `NNN` is the next sequential integer for that date in
+`questions.md`. For the write side, call
+`bash .claude/skills/devrites-lib/scripts/resolve.sh next-qid <questions.md path>` — it
+counts existing `## q-YYYY-MM-DD-` headers for today, prints the next zero-padded id, and
+refuses to print an id whose header already exists. Use that id verbatim so each qid is
+unique within the date.
+
+## When AFK is active
+
+If `.devrites/AFK` exists and the slice's `Gate` is in `allow_gates`, `/rite-build` does
+**not** invoke the checkpoint protocol. Instead:
+
+- For `advisory`: log a `gate: advisory` entry to `questions.md`, record the trade-off in
+  `decisions.md`, and **dispatch the wright** to build the slice (workflow step 3).
+- For `validating` (only when `allow_gates` includes it): **dispatch the wright** (step 3); on
+  return, write a `gate: validating` entry to `questions.md`, mark the slice
+  `built (pending review)` in `state.md`, and continue. A slice's only states are `pending` and `built` —
+  acceptance is proven at the **feature** level by `/rite-prove` (recorded in
+  `evidence.md`), not per slice. The `built (pending review)` slice is not done until the
+  open `validating` gate resolves via `/rite-resolve`; an open `validating` gate is a
+  NO-GO at seal.
+
+For gates in `allow_gates`, AFK **auto-picks the recommended option** (option 1 of the set)
+instead of pausing, recording it as above. For `blocking` and `escalating` (and every
+irreversible-risk item), AFK **always** invokes the checkpoint protocol — the sentinel does
+not unlock these gates — **unless `allow_irreversible: true`** is set, which makes AFK
+auto-pick the recommendation on *every* gate, irreversible included (maximal autonomy, opt-in;
+see `afk-hitl.md`). See `afk-discipline.md` for the irreversible-risk list.
+
+## Multi-question pauses
+
+The current protocol is **one question per pause**. If a slice has multiple HITL
+checkpoints, split it into sub-slices via `/rite-plan reslice` so each pause is
+single-question. Multi-question pauses are reserved future shape; `Awaiting human` is
+written as a single block.
+
+## What NOT to do
+
+- **Don't write code first and pause after.** The pre-action rule is the whole point.
+- **Don't render the checkpoint without persisting.** Output without `state.md` + `questions.md`
+  updates means the workspace lies on `/clear`.
+- **Don't self-answer a question that *paused* for a human.** When a gate stopped the session
+  (an AFK queue, or a HITL pause the human walked away from), `/rite-resolve` requires an
+  explicit answer — the agent doesn't confirm its own `proposed:` on resume. This is distinct
+  from the two legitimate auto-resolutions: an interactive `AskUserQuestion` pick the human
+  just made, and an AFK auto-pick of the recommended option on a gate `allow_gates` permits.
+- **Don't bundle the `notify:` hook output into chat.** Fire-and-forget; the chat already
+  has the user-facing render.
+- **Don't fire `notify:` on `advisory`-downgraded entries.** It's reserved for true pauses.

package/pack/.claude/skills/rite-build/reference/evidence-standard.md

@@ -0,0 +1,32 @@
+# Evidence standard
+
+Evidence beats confidence. A slice isn't built until there's a record that proves it.
+
+## What counts as evidence
+- A **command + its output**: `npm test src/export.test.ts` → `3 passing`.
+- A **build/typecheck/lint** result for touched code.
+- **Runtime observation**: a request/response, a log line, a CLI output.
+- **Browser evidence** for UI (see `devrites-browser-proof`): route, viewport,
+  screenshot path (opened and described), console state, interaction path.
+
+## What does NOT count
+- "It should work" / "this looks right" / "I'm confident".
+- A green test you never saw fail (for new behavior).
+- "No type errors" as proof that a *feature* works (it proves types, not behavior).
+- A screenshot path you didn't open.
+
+## Record format (`evidence.md`, append-only)
+```markdown
+## Slice <N> — <name>  (<date>)
+- cmd: <command>
+  result: <pass/fail + key output line>
+- observation: <what you saw at runtime>
+- browser: see browser-evidence.md (if UI)
+- gaps: <what remains unproven, if anything>
+```
+
+## Honesty rules
+- If a test fails, record the failure and the output — don't hide it.
+- If a step was skipped (no browser available, command not found), say so and record
+  the manual verification steps instead.
+- Unproven acceptance criteria stay unchecked. The seal will catch them.

package/pack/.claude/skills/rite-build/reference/frontend-trigger.md

@@ -0,0 +1,39 @@
+# Frontend trigger
+
+A slice is **frontend/UI** if it touches or plans to touch any of:
+
+- React / TSX / JSX; Vue, Svelte, Astro, Angular;
+- Rails Slim / Haml / ERB views; any server-rendered template;
+- CSS, SCSS, Tailwind, design tokens, theme files;
+- components, forms, layout, navigation, dashboard, landing/marketing page;
+- UI copy, empty states, error states, onboarding, settings;
+- screenshots, mockups, visual direction;
+- browser behavior, responsive behavior, accessibility, frontend performance.
+
+## When triggered
+- `/rite-spec` applies **`devrites-ux-shape`** (spec step 3a) to write the feature-level
+  **`design-brief.md`** before any code — design direction, key states, interaction model,
+  optional Figma/image visual-direction probe.
+- `/rite-build` applies **`devrites-frontend-craft`**, building **to** that `design-brief.md`
+  (register detection, refine the brief per slice, existing design system, all states,
+  anti-AI-slop) before/while implementing.
+- `/rite-prove` applies **`devrites-browser-proof`** (proof ladder + evidence schema).
+- `/rite-polish` runs the full **normalize + polish** workflow.
+- `/rite-review` and `/rite-seal` include frontend UX / a11y / responsive / design-
+  system checks.
+
+## Fullstack (UI slice that also needs backend)
+If the slice spans both layers, it's both a frontend **and** a backend slice. Define the
+**API/data contract first** (`devrites-api-interface`), build it as one **vertical slice**
+(DB → service → API → UI), apply the engineering rules to the backend and
+`devrites-frontend-craft` to the UI, map each contract error to a real UI state, and
+**prove both layers** (contract tests + browser proof). See
+`devrites-frontend-craft/reference/fullstack.md`.
+
+## When NOT triggered
+Pure backend/data/CLI/infra slices skip craft and browser proof — but still get tests
+and evidence. If unsure whether a slice is "UI enough", treat copy/empty/error states
+and any rendered output as UI.
+
+Mark `Frontend craft required: yes/no` and `Browser proof required: yes/no` on the
+slice in `tasks.md` so the trigger is explicit, not rediscovered each cycle.

package/pack/.claude/skills/rite-build/reference/one-slice-cycle.md

@@ -0,0 +1,38 @@
+# One-slice cycle
+
+The discipline that makes large features manageable: build one thin slice, leave it
+working and proven, stop. Never implement the whole feature in one pass.
+
+## The cycle
+The orchestrator (`/rite-build`) gates and records; the **wright** writes. See
+[`wright-dispatch.md`](wright-dispatch.md).
+```
+SELECT    → orchestrator: restate slice goal + acceptance + scope boundary; HITL gate (pause pre-code)
+(SHAPE)   → orchestrator: if UI and no design-brief.md, shape it (devrites-ux-shape) before dispatch
+DISPATCH  → hand the slice contract to devrites-slice-wright (fresh context). Inside the wright:
+   ORIENT    → load only the files this slice touches; learn the project's idiom; reuse-first
+   (RED)     → if behavior change: write the failing test first
+   IMPLEMENT → smallest complete version; match conventions; devrites-frontend-craft for UI
+   VERIFY    → targeted tests (+ types/lint/build); fail-on-red; return artifact — code + tests only
+(DOUBT)   → orchestrator, on return: devrites-doubt each non-trivial decision the wright stood up
+PROVE     → orchestrator: fail-on-red check on the wright's gates; browser proof for UI
+RECORD    → orchestrator: state.md, evidence.md, touched-files.md (the canonical writer)
+STOP      → report + recommend next; do not start slice N+1
+```
+
+## Why stop after one slice
+- Keeps the diff reviewable (~one capability, roughly ≤100 lines of meaningful change).
+- Surfaces integration/drift problems while they're cheap.
+- Gives the user a decision point — they may reprioritize, reslice, or polish now.
+- Prevents the "90% done" pile-up where nothing is actually proven.
+
+## Restate the scope boundary
+Before coding, write what this slice will and will **not** touch. This is the contract
+you check yourself against — anything outside it is scope creep or a drift event.
+
+## When the slice can't be completed cleanly
+- Discovered the plan is wrong → **Spec Drift Guard** (stop, record, classify, maybe
+  ask, `/rite-plan` repair).
+- Slice is bigger than one cycle → stop and `/rite-plan reslice`.
+- Blocked on a failing dependency → record in `state.md`, `/rite-plan unblock`.
+Never power through by guessing.

package/pack/.claude/skills/rite-build/reference/spec-drift-guard.md

@@ -0,0 +1,43 @@
+# Spec Drift Guard (build phase)
+
+Active throughout `/rite-build`. The spec is living, not sacred — but you may not
+silently code against a plan you know is wrong. This is the canonical Spec Drift Guard;
+other phases reference it here.
+
+## Drift has occurred when
+- the spec says X but the code makes X impossible/wrong;
+- the plan assumes a file/API/component/route/model/command that doesn't exist;
+- tests show the acceptance criteria are incomplete or wrong;
+- browser evidence shows the intended UX doesn't work as described;
+- an official doc contradicts the planned approach;
+- the design system / existing UX pattern contradicts the planned UI;
+- a missing user decision that affects product behavior surfaces.
+
+## Workflow
+```
+1. STOP coding.
+2. Record in drift.md (assumed vs observed, when).
+3. Classify: requirement ambiguity | implementation-plan error | codebase reality
+   mismatch | design-system mismatch | test/evidence mismatch | external-doc mismatch
+   | user-decision required.
+4. Local repair that preserves behavior/scope/architecture/data/UX/security/migration?
+     YES → log in drift.md + decisions.md, /rite-plan repair, resume.
+     NO  → ask the user (format below). Don't continue on the old plan.
+5. Run /rite-plan repair before resuming.
+```
+
+## User question format
+```
+I hit spec drift:
+- Spec/plan assumed: ...
+- Code/evidence shows: ...
+- Why it matters: ...
+
+Which direction should DevRites take?
+1. Keep the requirement, change architecture by ...
+2. Adjust the requirement to match existing behavior ...
+3. Split into a follow-up feature ...
+4. Custom: describe the intended behavior
+```
+
+Never continue coding on a known-wrong plan. Always re-plan before resuming.

package/pack/.claude/skills/rite-build/reference/tdd.md

@@ -0,0 +1,26 @@
+# TDD / Prove-It pattern
+
+When a slice changes behavior, prove the change with a test that fails first — so you
+know the test can fail, and that your code is what makes it pass.
+
+## Red → Green → Refactor
+1. **Red** — write the smallest test that expresses the new behavior. Run it; watch it
+   fail for the *expected* reason (not a typo/import error).
+2. **Green** — write the minimum code to pass. Resist gold-plating.
+3. **Refactor** — clean up with the test as a safety net. Re-run; stay green.
+
+## Prove-It (when strict TDD doesn't fit)
+For code where a test-first flow is awkward (exploratory glue, config, some UI), still
+produce evidence:
+- Capture the current (wrong/absent) behavior — a failing assertion, a screenshot, a
+  log line.
+- Make the change.
+- Capture the new behavior the same way. The before/after pair *is* the proof.
+
+## Rules
+- Use the project's existing test framework and commands (discovered in `spec.md` →
+  "Commands discovered"). Don't introduce a new test runner to prove a slice.
+- One behavior per test; name it for the behavior, not the function.
+- A green test you never saw fail proves nothing — always see red first.
+- Don't delete or weaken a failing test to "pass". If it's wrong, that may be drift.
+- Record the test command + result in `evidence.md`.

package/pack/.claude/skills/rite-build/reference/wright-dispatch.md

@@ -0,0 +1,115 @@
+# Slice-wright dispatch
+
+How `/rite-build` hands the **build core** of one slice to `devrites-slice-wright` — the
+fresh-context, **write-capable** executor under `.claude/agents/`. Loaded on demand by
+`/rite-build`; not a skill itself. Sibling of
+[`../../rite-seal/reference/parallel-dispatch.md`](../../rite-seal/reference/parallel-dispatch.md)
+(the read-only reviewer fan-out) — same isolation principle, opposite direction: this one
+**writes**.
+
+Pattern: the orchestrator owns the **gates and the workspace**; the wright owns the **writing**.
+Brief it precisely, in a clean context, with only the slice contract — then doubt, record, and
+gate its return.
+
+## Why a fresh context writes the slice
+The orchestrator's window is full of spec investigation, planning, prior slices, and tool
+output — the exact "lost-in-the-middle" load that degrades instruction-following and pulls the
+model toward generic code. The wright starts clean and sees only the contract, so it holds the
+slice boundary strictly and writes to the *project's* idiom instead of drifting. Single-threaded
+by design: **one** wright per slice, never a parallel fan-out of writers — concurrent writers
+make conflicting implicit decisions and produce incoherent code.
+
+## The contract `/rite-build` sends
+One `Task` call to `devrites-slice-wright` carrying everything the writer needs and nothing it
+doesn't:
+
+```
+Build one slice of the active DevRites feature. You have a clean context — this contract is
+the whole job.
+
+Workspace: .devrites/work/<slug>/
+Slice: <id — name>
+Goal: <one or two sentences>
+Acceptance criteria: <the slice's criteria, verbatim>
+Scope boundary: <what it WILL and will NOT touch>
+Mode: <HITL | AFK>   (+ AFK budget note if a cap is set)
+
+Targets (stay inside these — from touched-files.md): <paths>
+Interfaces / signatures to match: <if any>
+Read yourself: spec.md, plan.md, decisions.md, assumptions.md, rite-polish/reference/anti-ai-slop.md<, design-brief.md if UI>
+Rules in scope (.claude/rules/): coding-style, error-handling, testing, patterns<, security if input/auth/data><, performance if hot path / query / large payload>
+Test completeness: write ≥1 asserting test for EVERY interactive element + user flow in this
+  slice's test-plan.md interaction inventory, each at the right level (fields/elements →
+  unit/component; critical journeys → one E2E; never one-per-field). No element ships
+  unverified — testing.md "Completeness". If the slice has no test-plan inventory, derive the
+  element/flow list from the slice's own UI surface and cover it the same way.
+
+Apply your documented discipline (orient → RED → implement smallest complete → verify →
+return). Frontend slice → build to design-brief.md with devrites-frontend-craft. Uncertain
+framework fact → verify at the source. Code + tests only — do NOT write the workspace
+bookkeeping files; return that data. Return your structured artifact, not your transcript.
+```
+
+Rules:
+- **One `Task` call, one wright.** Never dispatch two writers on the same slice.
+- **No author reasoning beyond the contract.** Give the slice spec, not your analysis of *how*
+  to code it — a clean, undirected read is the point.
+- **Name the boundary explicitly.** The scope boundary is the single most load-bearing field; an
+  underspecified one is the main cause of drift.
+
+## On return — the orchestrator's job (don't delegate these)
+**You never edit source here.** The wright is the only writer of code + tests; you write only
+`.devrites/` bookkeeping. Every remedy below is **continue the same wright once** or **stop +
+escalate** — never an inline patch. You snapshotted the tree before dispatch (`reconcile.sh
+snapshot`); the reconcile check in step 4 proves no source changed outside the wright's claimed
+set.
+
+1. **Doubt the surfaced decisions.** For each entry in the wright's `Decisions stood`, apply
+   `devrites-doubt` (→ `devrites-doubt-reviewer`) before accepting — the writer must not grade
+   its own decisions. The wright's return is the not-yet-load-bearing moment (slice not `built`,
+   not merged), so this post-return doubt is still pre-commit. Irreversible-risk items always
+   pause — and an irreversible item that the wright filed under `Decisions stood` instead of
+   `Escalation` is a protocol violation: pause and re-dispatch with it flagged out-of-bounds,
+   don't doubt-and-accept.
+2. **Honor escalations.** A non-empty `Escalation` → do **not** mark the slice built. Write the
+   `questions.md` entry + `state.md` `Awaiting human` (blocking gate), or route a scope change
+   through `/rite-plan repair` (Spec Drift Guard). You are the canonical writer of these files.
+3. **Fail-on-red.** If `Gates` show red (or the wright couldn't verify), the slice is **not
+   built** — and you do **not** fix the code. First remedy: **continue the same wright once**
+   (`SendMessage`, carrying the failing gate + real output) so it fixes in its own context —
+   objective failures only (red gate / type / lint / missing coverage / UI browser-proof fail),
+   never a contested decision. Still red after that one retry → blocking question (AFK) or
+   blocking gate (HITL); `Next: /rite-plan unblock`.
+   An interactive element or user flow in the slice's test-plan interaction inventory left with
+   **no asserting test** has the same standing as red: an unverified-element gap blocks the
+   slice (don't mark it built). Continue the same wright to cover it, or record a blocker.
+4. **Reconcile, then record.** First prove A1 held: write the wright's `Files changed` paths
+   (one per line) to `.devrites/work/<slug>/.reconcile-claimed` and run `reconcile.sh check`.
+   **Exit 5 → STOP** — a source file changed outside the wright's claimed set (A1 breach); revert
+   it and re-dispatch, don't mark the slice built. Then persist the wright's artifact to
+   `state.md`, `evidence.md`, `touched-files.md` (and `browser-evidence.md` for UI) per
+   [`evidence-standard.md`](evidence-standard.md). Evidence is the wright's real command output,
+   not its say-so. Then tick AFK if `.devrites/AFK` is present (`tick-afk.sh`; exit 3 → STOP).
+
+## Fallback
+If the `Task` tool / sub-agent dispatch is unavailable, `/rite-build` runs the wright's
+discipline **inline** in its own context and flags it as a fallback (no clean-context benefit).
+The slice still gets the full one-slice cycle — orient → RED → implement → verify — under the
+same anti-slop charter; it just doesn't get the isolation. In this path the orchestrator is
+legitimately the writer, so write `.devrites/work/<slug>/.reconcile-inline` before editing — the
+reconcile gate (step 4) skips when that sentinel is present. Mirrors the reviewer-dispatch
+fallback in
+[`../../rite-seal/reference/parallel-dispatch.md`](../../rite-seal/reference/parallel-dispatch.md).
+
+## Optional pre-block hook (defense in depth)
+`reconcile.sh` is the **post-hoc** gate — it always runs and catches an A1 breach at record time.
+A companion **pre-block** hook, `.claude/hooks/devrites-a1-guard.sh` (a `PreToolUse` matcher on
+`Edit|Write|MultiEdit`), stops the breach *before* the write lands. It is armed only inside the
+mid-build window (between `reconcile.sh snapshot` and a clean `check`, keyed on `.reconcile-base`),
+allows the wright (subagent calls carry `agent_id`), the inline fallback (`.reconcile-inline`),
+and any `.devrites/` write — so it never touches `/rite-polish`, `/rite-quick`, or ordinary
+manual edits. It ships **observe-only** (logs would-be blocks to `.a1-guard.log`, never blocks);
+flip to enforce with `DEVRITES_A1_HOOK=enforce` or a `.devrites/work/<slug>/.a1-enforce` file once
+the log confirms it never flags the wright's own edits (older Claude Code builds may not populate
+`agent_id` — the log is the proof before you enforce). The post-hoc gate stands on its own; the
+hook is belt-and-suspenders.