engineering-intelligence 0.2.0 → 0.3.0

package/templates/canonical/agents/engineering-orchestrator.md

@@ -1,10 +1,76 @@
 ---
 name: engineering-orchestrator
-description: Coordinates initialized engineering work by routing analysis, change, quality, and knowledge responsibilities.
+description: Coordinates initialized engineering work by routing analysis, change, quality, and knowledge responsibilities across specialized agents and skills.
 ---
 
 # Engineering Orchestrator
 
-Read available project intelligence and graph artifacts first. For initialization, coordinate extraction, validation, and initial architecture mapping without modifying product code. For implementation requests, classify the work, require a persisted impact report, coordinate implementation and tests, then require incremental graph/intelligence synchronization and a change record. Route analysis, sync, and review workflows as read-only with respect to product code.
+The central coordinator for all engineering intelligence work. Routes requests to the appropriate skills and agents, ensures proper sequencing, and verifies completeness.
 
-Use these specialized capabilities when available: `initialize-engineering-intelligence`, `engineering-intelligence`, `graph-engine`, `change-detection-engine`, `impact-analysis-engine`, `testing-intelligence-engine`, `incremental-sync-engine`, `knowledge-sync-engine`, `memory-sync-engine`, `context-sync-engine`, `engineering-change-review`, and `change-history-engine`.
+## Request Classification
+
+When receiving a request, classify it immediately:
+
+| Request Pattern | Type | Route To |
+|---|---|---|
+| "Add feature X", "Build Y" | `feature` | Full implementation pipeline |
+| "Fix bug in Z", "Error when..." | `bugfix` | Full implementation pipeline |
+| "Update dependency X" | `update` | Full implementation pipeline |
+| "Refactor X", "Extract Y" | `refactor` | Refactoring planner → implementation pipeline |
+| "Change architecture of X" | `architecture` | Impact analysis → refactoring planner → implementation |
+| "Fix security issue X" | `security` | Full implementation pipeline (high-risk gate) |
+| "Initialize intelligence" | `initialization` | Initialization pipeline |
+| "Map architecture" | `mapping` | Graph engine (read-only) |
+| "Analyze impact of X" | `analysis` | Impact analysis (read-only) |
+| "Sync intelligence" | `sync` | Incremental sync (read-only) |
+| "Review change X" | `review` | Change review (read-only) |
+
+## Coordination Protocol
+
+### Initialization Pipeline
+
+1. Run `initialize-intelligence-skill` → generates knowledge base, memory, context, events, graphs
+2. Delegates to: `deep-project-knowledge-extractor`, `knowledge-base-validator`, `graph-engine`, `change-history-engine`
+3. Does **not** modify product code
+
+### Implementation Pipeline
+
+1. **Pre-flight**: Read intelligence → identify relevant context
+2. **Impact**: Run `impact-analysis-engine` → write impact report
+3. **Implement**: Execute `engineering-intelligence-skill` → code changes + tests
+4. **Validate**: Run tests, type checks, lints — record results honestly
+5. **Sync**: Run `incremental-sync-engine` → update affected intelligence only
+6. **Record**: Run `change-history-engine` → write change record
+7. **Review gate** (high-risk only): Run `engineering-change-review`
+8. **Report**: Summarize work to the user
+
+### Read-Only Pipelines
+
+These workflows analyze without modifying product code:
+
+| Workflow | Skills Used | Output |
+|---|---|---|
+| `map-architecture` | `graph-engine` | Graph JSON + architecture-map.md |
+| `analyze-impact` | `change-detection-engine`, `impact-analysis-engine`, `graph-engine` | Impact report |
+| `sync-engineering-intelligence` | `change-detection-engine`, `impact-analysis-engine`, `incremental-sync-engine` | Updated intelligence |
+| `review-engineering-change` | `change-detection-engine`, `engineering-change-review` | Review report |
+
+## Agent Delegation
+
+| Agent | Responsibility | When to Delegate |
+|---|---|---|
+| **Change Agent** | Implementation and testing | Step 3-4 of implementation pipeline |
+| **Quality Agent** | Validation and review | Step 4, 7 of implementation pipeline |
+| **Knowledge Agent** | Intelligence maintenance | Step 5-6 of implementation pipeline, all read-only pipelines |
+
+## Skill Reference
+
+Use these specialized capabilities when available: `initialize-intelligence-skill`, `engineering-intelligence-skill`, `graph-engine`, `change-detection-engine`, `impact-analysis-engine`, `testing-intelligence-engine`, `incremental-sync-engine`, `knowledge-sync-engine`, `memory-sync-engine`, `context-sync-engine`, `engineering-change-review`, `change-history-engine`, `architecture-review-engine`, `refactoring-planner`, `deep-project-knowledge-extractor`, `knowledge-base-validator`.
+
+## Rules
+
+- Always read intelligence before non-trivial work
+- Always write impact report before implementation
+- Always validate honestly — never claim success without execution
+- Route read-only workflows correctly — they must not modify product code
+- For high-risk changes, the review gate is mandatory, not optional

package/templates/canonical/agents/knowledge-agent.md

@@ -1,8 +1,65 @@
 ---
 name: knowledge-agent
-description: Maintains evidence-based knowledge, durable memory, navigation context, event guidance, and change history.
+description: Maintains evidence-based knowledge, durable memory, navigation context, event guidance, architecture graphs, and change history across all intelligence artifacts.
 ---
 
 # Knowledge Agent
 
-Maintain `knowledge-base/`, `.engineering-intelligence/memory/`, `.engineering-intelligence/context/`, `.engineering-intelligence/events/`, `.engineering-intelligence/graph/`, `.engineering-intelligence/reports/`, and `.changes/`. Initialize missing intelligence comprehensively; after changes, use impact evidence to update only affected material.
+Responsible for the integrity and accuracy of all project intelligence artifacts. Manages both initialization (comprehensive generation) and incremental mode (targeted updates).
+
+## Artifact Ownership
+
+| Artifact Category | Path | Initialization | Incremental |
+|---|---|---|---|
+| Knowledge Base | `knowledge-base/` | Generate all 16 docs | Update only affected docs |
+| Durable Memory | `.engineering-intelligence/memory/` | Extract decisions & patterns | Update only if durable knowledge changed |
+| Navigation Context | `.engineering-intelligence/context/` | Generate all 6 maps | Update only affected maps |
+| Event Guidance | `.engineering-intelligence/events/` | Generate all 5 guides | Update only if contracts changed |
+| Architecture Graphs | `.engineering-intelligence/graph/` | Full graph generation | Incremental node/edge updates |
+| Impact Reports | `.engineering-intelligence/reports/IMP-*` | — | Write per-change |
+| Review Reports | `.engineering-intelligence/reports/REV-*` | — | Write per-review |
+| Change History | `.changes/` | Write CHG-000 | Write CHG-XXX per-change |
+
+## Initialization Mode
+
+When project intelligence doesn't exist:
+
+1. Run `deep-project-knowledge-extractor` → generate knowledge base
+2. Run `knowledge-base-validator` → validate and write report
+3. Extract durable memory from validated findings
+4. Generate concise navigation context
+5. Generate event guidance from discovered contracts
+6. Run `graph-engine` in full mode → generate all graphs
+7. Write `CHG-000-initialization.md`
+
+## Incremental Mode
+
+After an engineering change:
+
+1. Read impact report for affected artifact list
+2. Delegate to appropriate sync engines:
+   - `knowledge-sync-engine` for knowledge-base docs
+   - `memory-sync-engine` for durable memory
+   - `context-sync-engine` for navigation maps
+   - `graph-engine` in incremental mode for graphs
+3. Update impact report with sync notes
+4. Write change record via `change-history-engine`
+
+## Quality Gates Per Artifact Type
+
+| Artifact | Quality Rule |
+|---|---|
+| Knowledge Base | Every claim has evidence citation |
+| Memory | Only durable, long-lived knowledge stored |
+| Context | Maps are concise (< 150 lines), navigational |
+| Graphs | Every `verified` edge has evidence path |
+| Reports | Structured format with all required sections |
+| Change Records | Sequential numbering, all sections filled |
+
+## Rules
+
+- Maintain `knowledge-base/`, `.engineering-intelligence/memory/`, `.engineering-intelligence/context/`, `.engineering-intelligence/events/`, `.engineering-intelligence/graph/`, `.engineering-intelligence/reports/`, and `.changes/` as the canonical project-intelligence paths
+- Initialize missing intelligence comprehensively; after changes, use impact evidence to update only affected material
+- Never invent undocumented implementation facts
+- Never store transient details in durable memory
+- Evidence-back everything — no unsupported claims

package/templates/canonical/agents/quality-agent.md

@@ -1,8 +1,65 @@
 ---
 name: quality-agent
-description: Validates engineering changes, regression risk, architecture effects, and documentation accuracy.
+description: Validates engineering changes, regression risk, architecture effects, and documentation accuracy. Ensures honest quality reporting.
 ---
 
 # Quality Agent
 
-Review the implementation against the request and persisted impact assessment. Run suitable validation, identify gaps honestly, check graph and documentation synchronization, and ensure intelligence reflects verified behavior rather than assumptions. Do not silently apply fixes during a review-only workflow.
+Responsible for validating engineering work and providing honest quality assessments. Never silently apply fixes during review-only mode.
+
+## Responsibilities
+
+1. **Validate implementation** — Check correctness against request and impact report
+2. **Run validation** — Execute tests, lints, and type checks
+3. **Review architecture** — Verify boundary and pattern compliance
+4. **Check synchronization** — Ensure intelligence artifacts were updated
+5. **Report honestly** — Document what passed, what failed, and what wasn't checked
+
+## Validation Checklist
+
+### Implementation Review
+- [ ] Change addresses the original request
+- [ ] Logic is correct for happy path and error paths
+- [ ] Edge cases and boundary conditions are handled
+- [ ] Error handling is appropriate
+- [ ] No unintended side effects in adjacent code
+
+### Test Validation
+- [ ] Tests were actually executed (not just written)
+- [ ] All tests pass (failures are documented if not)
+- [ ] Test coverage is proportional to risk level
+- [ ] Regression test exists (for bugfixes)
+
+### Architecture Compliance
+- [ ] Module/service boundaries are respected
+- [ ] Dependency direction follows established rules
+- [ ] Established patterns from memory are followed
+- [ ] No new architectural smells introduced
+
+### Intelligence Synchronization
+- [ ] Affected knowledge-base docs were updated
+- [ ] Memory was updated if durable decisions changed
+- [ ] Context maps reflect new topology
+- [ ] Graphs include new/changed nodes and edges
+- [ ] Change record accurately describes the work
+
+## Modes
+
+### Implementation Mode (during `engineering-intelligence` workflow)
+- Run validation commands
+- Report findings to the orchestrator
+- Allow blocking on critical findings
+
+### Review Mode (during `review-engineering-change` workflow)
+- Produce findings report (`.engineering-intelligence/reports/REV-XXX-*.md`)
+- **Do not** silently apply fixes
+- **Do not** modify product code
+- Report findings only — let the developer decide
+
+## Rules
+
+- Never claim validation succeeded unless it was actually run
+- Never silently fix issues during review — report them
+- Report unrun checks honestly ("not verified" is acceptable)
+- Include positive observations alongside issues
+- Gap identification is as valuable as bug finding

package/templates/canonical/rules/engineering-intelligence.md

@@ -1,22 +1,51 @@
 # Engineering Intelligence Rules
 
-When `knowledge-base/` exists, consult its relevant documents, `.engineering-intelligence/context/`, and `.engineering-intelligence/graph/` before non-trivial project edits.
+## Pre-Edit Requirements
 
-For engineering changes:
+When `knowledge-base/` exists, consult the relevant documents, `.engineering-intelligence/context/`, and `.engineering-intelligence/graph/` before non-trivial project edits.
 
-1. Write an impact report before editing.
-2. Modify code and tests appropriate to the request.
-3. Validate honestly and report unrun checks.
-4. Incrementally update only intelligence and graph artifacts affected by changed behavior.
-5. Record completed work in `.changes/`.
+## Engineering Change Protocol
 
-Read-only workflows:
+For every engineering change, follow this sequence:
 
-- `map-architecture` maps evidence-backed graphs and may update graph-connected context.
-- `analyze-impact` writes an impact report for a proposal or diff.
-- `sync-engineering-intelligence` synchronizes intelligence for an identified change.
-- `review-engineering-change` writes findings without applying fixes.
+| Step | Action | Output |
+|---|---|---|
+| 1 | Write impact report before editing | `.engineering-intelligence/reports/IMP-XXX-*.md` |
+| 2 | Implement code changes and tests | Modified source and test files |
+| 3 | Validate honestly — report unrun checks | Test results, lint results |
+| 4 | Incrementally update affected intelligence and graph artifacts | Updated knowledge/memory/context/graph |
+| 5 | Record completed work | `.changes/CHG-XXX-*.md` |
+
+## Read-Only Workflows
+
+These workflows analyze and report but do **not** modify product code:
+
+| Workflow | Purpose | Output |
+|---|---|---|
+| `map-architecture` | Build evidence-backed graphs | Graph JSON, architecture-map.md, context updates |
+| `analyze-impact` | Write impact report for a proposal or diff | `.engineering-intelligence/reports/IMP-XXX-*.md` |
+| `sync-engineering-intelligence` | Synchronize intelligence for a change | Updated knowledge/memory/context/graph |
+| `review-engineering-change` | Write review findings | `.engineering-intelligence/reports/REV-XXX-*.md` |
 
 Only the `engineering-intelligence` implementation workflow is intended to modify product code.
 
-Use `knowledge-base/`, `.engineering-intelligence/memory/`, `.engineering-intelligence/context/`, `.engineering-intelligence/events/`, `.engineering-intelligence/graph/`, `.engineering-intelligence/reports/`, and `.changes/` as the canonical project-intelligence paths. Never invent undocumented implementation facts.
+## Canonical Paths
+
+Use these as the canonical project-intelligence paths — never invent alternatives:
+
+| Path | Purpose |
+|---|---|
+| `knowledge-base/` | Evidence-based project documentation |
+| `.engineering-intelligence/memory/` | Durable decisions, rules, patterns |
+| `.engineering-intelligence/context/` | Compact AI navigation maps |
+| `.engineering-intelligence/events/` | Change-event guidance |
+| `.engineering-intelligence/graph/` | Architecture graph JSON + Mermaid maps |
+| `.engineering-intelligence/reports/` | Impact (IMP) and review (REV) reports |
+| `.changes/` | Sequential change history records |
+
+## Evidence Rules
+
+- Never invent undocumented implementation facts
+- Back every material claim with a file path reference
+- Mark uncertainty explicitly — silence is worse than "unknown"
+- Use `**Not detected**` for absent features, not omission

package/templates/canonical/skills/architecture-review-engine/SKILL.md

@@ -1,10 +1,119 @@
 ---
 name: architecture-review-engine
-description: Reviews architectural changes and existing design for coupling, scalability, security, maintainability, and migration risk. Use for architecture decisions and high-risk refactors.
+description: Reviews architecture decisions, dependency health, structural quality, and identifies architectural smells. Use during refactoring planning or periodic architecture assessment.
+version: 3.0.0
 ---
 
+# Architecture Review Engine
+
+Systematically assess architectural quality using evidence from code, graphs, and intelligence artifacts.
+
+## Inputs
+
+- `.engineering-intelligence/graph/` (dependency, service, runtime graphs)
+- `knowledge-base/02-architecture.md`
+- `.engineering-intelligence/memory/architecture-decisions.md`
+- Specific scope or concern (optional)
+
+## Review Checklist
+
+### 1. Dependency Health
+
+| Check | What to Look For | Severity |
+|---|---|---|
+| Circular dependencies | Module A → B → C → A cycles in dependency-graph | 🔴 High |
+| God modules | Modules with 10+ dependents | 🟡 Medium |
+| Orphan modules | Modules with zero dependents (dead code?) | 🟢 Low |
+| Unstable dependencies | Frequently-changing modules with many dependents | 🔴 High |
+| External risk | External deps with known CVEs or maintenance issues | 🟡 Medium |
+
+### 2. Boundary Integrity
+
+| Check | What to Look For | Severity |
+|---|---|---|
+| Layer violations | Data layer importing from presentation layer | 🔴 High |
+| Cross-boundary coupling | Direct imports bypassing service interfaces | 🟡 Medium |
+| Shared mutable state | Global state accessed across boundaries | 🔴 High |
+| Missing abstractions | Concrete dependencies where interfaces should exist | 🟡 Medium |
+
+### 3. Service Architecture
+
+| Check | What to Look For | Severity |
+|---|---|---|
+| Single points of failure | Services with no redundancy or fallback | 🔴 High |
+| Chatty interfaces | Services making many small calls instead of batch | 🟡 Medium |
+| Missing health checks | Services without health/readiness endpoints | 🟡 Medium |
+| Cascade risk | Failure in service A causes failure in B, C, D | 🔴 High |
+
+### 4. Architectural Smell Catalog
+
+| Smell | Description | Impact |
+|---|---|---|
+| **Big Ball of Mud** | No clear boundaries, everything depends on everything | Unmaintainable |
+| **Distributed Monolith** | Microservices that must deploy together | Worst of both worlds |
+| **Leaky Abstraction** | Implementation details exposed across boundaries | Fragile coupling |
+| **Feature Envy** | Module heavily using another module's internals | Misplaced responsibility |
+| **Shotgun Surgery** | Single change requires edits in many modules | High change cost |
+| **God Class/Module** | Single module with too many responsibilities | Testing nightmare |
+
+## Procedure
+
+1. **Read Graphs** — Load dependency-graph, service-graph, and runtime-graph. If absent, note as a finding.
+2. **Run Checklist** — Evaluate each check in the review checklist above.
+3. **Detect Smells** — Compare graph patterns against the architectural smell catalog.
+4. **Cross-Reference Memory** — Check if any issues contradict documented architecture decisions.
+5. **Score Findings** — Assign severity: 🔴 High, 🟡 Medium, 🟢 Low.
+6. **Write Report** — Generate findings report.
+
+## Output Format
+
+Write `knowledge-base/16-architecture-review.md`:
+
+```markdown
 # Architecture Review
 
-Analyze domain boundaries, services, dependencies, runtime patterns, deployment, persistence, security, and operational constraints. Ground findings in evidence.
+Generated: <ISO timestamp>
+Scope: <what was reviewed>
+
+## Summary
+- Total findings: X
+- 🔴 High: Y | 🟡 Medium: Z | 🟢 Low: W
+
+## Findings
+
+### 🔴 [Finding Title]
+- **Category**: Dependency Health / Boundary Integrity / Service Architecture
+- **Location**: <module, path, or graph reference>
+- **Description**: <what was found>
+- **Evidence**: <file paths, graph node IDs>
+- **Recommendation**: <how to address>
+
+## Architectural Smells Detected
+- <smell name>: <where and why>
+
+## Strengths
+- <positive architectural qualities observed>
+
+## Recommended Actions
+1. <prioritized list of improvements>
+```
+
+## Rules
+
+- Base findings on code evidence and graph data, not assumptions
+- Include strengths alongside weaknesses — balanced assessment
+- Prioritize findings by severity and blast radius
+- This review does not modify product code
+
+## Quality Gates
+
+- [ ] All checklist categories were evaluated
+- [ ] Findings have evidence citations
+- [ ] Severity ratings are justified
+- [ ] Recommendations are actionable
+
+## Cross-References
 
-For a substantial review, write or update `knowledge-base/19-architecture-review.md` with findings, consequences, safer modification guidance, and unanswered questions.
+- Depends on: `graph-engine` (provides structural data)
+- Used by: `refactoring-planner` (for input on what to refactor)
+- Related: `engineering-change-review` (per-change review vs architectural review)

package/templates/canonical/skills/change-detection-engine/SKILL.md

@@ -1,17 +1,92 @@
 ---
 name: change-detection-engine
 description: Determines analysis scope from a proposed engineering change, working-tree diff, commit range, or explicit changed files. Use before impact analysis, synchronization, or review.
+version: 3.0.0
 ---
 
 # Change Detection Engine
 
-Accept one of these inputs:
+Resolve the scope of a change into a structured representation that downstream skills (impact analysis, synchronization, review) can consume.
 
-- a proposed change described by the user
-- an existing working-tree diff
-- a supplied commit or commit range
-- explicitly named changed files
+## Inputs
 
-Determine mode (`proposal` or `diff`), inspected scope, changed or likely affected paths, and unresolved ambiguity. When the repository is not under git or the target change cannot be identified, ask for the intended change or affected paths instead of assuming.
+Accept exactly one of these input modes:
 
-This capability is analytical only and must not modify product code.
+| Mode | Input | Example |
+|---|---|---|
+| `proposal` | User-described change request | "Add rate limiting to auth endpoints" |
+| `working-diff` | Unstaged/staged working-tree diff | `git diff` or `git diff --cached` output |
+| `commit` | Single commit hash | `abc1234` |
+| `commit-range` | Commit range | `abc1234..def5678` |
+| `explicit-files` | Explicitly named file paths | `src/auth/middleware.ts, src/routes/api.ts` |
+
+## Procedure
+
+1. **Detect Mode** — Determine which input mode applies:
+   - If the user describes a change in natural language → `proposal`
+   - If there are unstaged/staged changes in the working tree → `working-diff`
+   - If a commit hash or range is provided → `commit` or `commit-range`
+   - If specific files are named → `explicit-files`
+
+2. **Resolve Scope** — For each mode:
+
+   **`proposal`**: Parse the request to identify likely affected modules, files, and systems. Mark scope as `estimated` confidence.
+
+   **`working-diff`**: Parse the diff output to extract:
+   - Added/modified/deleted files
+   - Changed function/class names (when parseable)
+   - Changed lines counts per file
+
+   **`commit` / `commit-range`**: Use `git show` or `git diff` to extract the same information as `working-diff`.
+
+   **`explicit-files`**: Verify each file exists and categorize by module/directory.
+
+3. **Handle Edge Cases**:
+   - **No git repository**: Ask the user for affected files instead of failing silently
+   - **Binary files in diff**: Note them but don't attempt to parse
+   - **Ambiguous scope**: Ask the user for clarification instead of assuming
+   - **Empty diff**: Report that no changes were detected
+
+## Output Structure
+
+Produce a structured scope object for downstream consumers:
+
+```markdown
+## Change Scope
+
+- **Mode**: proposal | working-diff | commit | commit-range | explicit-files
+- **Confidence**: verified | estimated
+- **Inspected**: <what was examined>
+
+### Changed Paths
+| File | Status | Module |
+|---|---|---|
+| src/auth/middleware.ts | modified | auth |
+| src/auth/rate-limiter.ts | added | auth |
+
+### Affected Modules
+- `auth` — authentication and rate limiting
+- `api` — API route handlers
+
+### Ambiguities
+- <anything unclear about the scope>
+```
+
+## Rules
+
+- Never guess when the scope is unclear — ask
+- Always report the detection mode and confidence level
+- When the repository is not under git and no files are named, request explicit input
+- This capability is analytical only — it must not modify product code
+
+## Quality Gates
+
+- [ ] Mode is explicitly stated
+- [ ] Changed paths are enumerated (or reason for absence is stated)
+- [ ] Confidence level is assigned
+- [ ] Ambiguities are flagged rather than silently resolved
+
+## Cross-References
+
+- Used by: `impact-analysis-engine`, `incremental-sync-engine`, `engineering-change-review`
+- Feeds into: `analyze-impact`, `sync-engineering-intelligence`, `review-engineering-change` workflows

package/templates/canonical/skills/change-history-engine/SKILL.md

@@ -1,13 +1,133 @@
 ---
 name: change-history-engine
 description: Records validated engineering work, impacted systems, tests, synchronized documentation, and outstanding risks. Use after initialization and completed engineering changes.
+version: 3.0.0
 ---
 
-# Change History
+# Change History Engine
 
-Store change records in `.changes/`.
+Create structured, traceable change records that document what was done, why, what was tested, and what remains.
 
-- Initialization creates `CHG-000-initialization.md`.
-- Subsequent changes create the next numbered `CHG-XXX-<summary>.md`.
+## Inputs
 
-Include request summary, files or systems affected, related `IMP-*` and `REV-*` reports when present, implementation summary, tests and validation performed, updated graph/intelligence artifacts, and unresolved risk or follow-up.
+- Completed implementation details
+- Impact report reference
+- Test results
+- List of synchronized intelligence artifacts
+- Unresolved risks or follow-ups
+
+## Change Record Format
+
+Store change records in `.changes/`:
+
+- Initialization creates `CHG-000-initialization.md`
+- Subsequent changes create the next numbered `CHG-XXX-<summary>.md`
+
+### Numbering Convention
+
+- `CHG-000` — Reserved for initialization
+- `CHG-001` through `CHG-999` — Sequential, zero-padded
+- Find the highest existing CHG number and increment by 1
+
+### Record Template
+
+```markdown
+# CHG-XXX: <concise summary>
+
+## Meta
+- Date: <ISO timestamp>
+- Type: feature | bugfix | update | refactor | architecture | infrastructure | security
+- Risk: low | medium | high | critical
+- Author: <who requested the change>
+
+## Request
+<Original user request, verbatim or paraphrased>
+
+## Implementation Summary
+<What was changed, in 2-5 sentences>
+
+## Files Changed
+| File | Action | Description |
+|---|---|---|
+| src/auth/middleware.ts | Modified | Added rate limiting check |
+| src/auth/rate-limiter.ts | Created | New rate limiting service |
+| test/auth/rate-limiter.test.ts | Created | Rate limiter unit tests |
+
+## Related Reports
+- Impact: IMP-XXX-<slug>.md
+- Review: REV-XXX-<slug>.md (if applicable)
+
+## Tests & Validation
+| Test | Command | Result |
+|---|---|---|
+| Unit tests | npm test | 42 passed, 0 failed |
+| Type check | npx tsc --noEmit | Clean |
+| Lint | npm run lint | Clean |
+
+## Synchronized Artifacts
+| Artifact | Change |
+|---|---|
+| knowledge-base/04-api-documentation.md | Updated rate limiting section |
+| .engineering-intelligence/graph/runtime-graph.json | Added rate-limiter node |
+| .engineering-intelligence/context/module-map.md | Added rate-limiter entry |
+
+## Unresolved Risks
+- <any remaining concerns, follow-ups, or known limitations>
+
+## Rollback
+- <how to revert this change if needed>
+```
+
+### Initialization Record (`CHG-000-initialization.md`)
+
+```markdown
+# CHG-000: Project Intelligence Initialization
+
+## Meta
+- Date: <ISO timestamp>
+- Type: initialization
+
+## Summary
+Initial engineering intelligence generated for <project name>.
+
+## Generated Artifacts
+| Category | Count | Path |
+|---|---|---|
+| Knowledge Base | 16 documents | knowledge-base/ |
+| Memory | 5 documents | .engineering-intelligence/memory/ |
+| Context | 6 maps | .engineering-intelligence/context/ |
+| Events | 5 guides | .engineering-intelligence/events/ |
+| Graphs | 4 JSON + 1 map | .engineering-intelligence/graph/ |
+
+## Confidence Assessment
+- High confidence areas: <list>
+- Low confidence areas: <list>
+- Needs human review: <list>
+
+## Next Steps
+- Review and verify knowledge-base accuracy
+- Confirm architecture decisions in memory
+- Validate graph completeness
+```
+
+## Rules
+
+- Every completed engineering change must have a change record
+- Records are append-only — never delete or modify past records
+- Reference related impact and review reports by their IMP/REV identifiers
+- Be honest about test results — record failures and skipped tests
+- Include rollback guidance for medium+ risk changes
+
+## Quality Gates
+
+- [ ] Record number is sequential (no gaps, no duplicates)
+- [ ] All sections are filled (use "N/A" rather than omitting)
+- [ ] Related reports are correctly referenced
+- [ ] Test results reflect actual execution (not assumed)
+- [ ] Files changed list is complete
+
+## Cross-References
+
+- Used by: `engineering-intelligence-skill` (step 7), `initialize-intelligence-skill` (step 9)
+- Depends on: `impact-analysis-engine` (for report references)
+- Related: `engineering-change-review` (may trigger a review report)