engineering-intelligence 1.4.0 → 1.6.0

package/templates/canonical/skills/security-audit-engine/SKILL.md

@@ -95,6 +95,14 @@ Identify security risks through systematic, evidence-backed analysis of dependen
 
 6. **Generate Assessment** — Write findings to `knowledge-base/20-security-assessment.md`.
 
+7. **Targeted Dependency-Risk Output** — During implementation runs triggered by new or upgraded packages, write a lighter unit artifact instead of conflating the result with a full audit:
+
+   ```text
+   .engineering-intelligence/aidlc/construction/<unit>/dependency-risk-summary.md
+   ```
+
+   This summary must include CVE, license, maintenance, and bundle impact findings for changed dependencies. Critical CVEs block completion.
+
 ## Output Format
 
 Write `knowledge-base/20-security-assessment.md`:
@@ -143,6 +151,18 @@ Write `knowledge-base/20-security-assessment.md`:
 *This security assessment did not modify product code.*
 ```
 
+### Targeted Dependency Risk Summary
+
+```markdown
+# Dependency Risk Summary: <unit>
+
+| Package | Change | CVE Risk | License | Maintenance | Bundle Impact | Decision |
+|---|---|---|---|---|---|---|
+
+## Blocking Findings
+- <critical CVE or policy violation>
+```
+
 ## Rules
 
 - Never assume a vulnerability exists without evidence — cite file paths and line numbers

package/templates/canonical/skills/testing-intelligence-engine/SKILL.md

@@ -86,7 +86,7 @@ Determine the minimum sufficient test coverage for a change based on risk assess
 
 6. **Verify Acceptance Criteria** — Produce an Acceptance Criteria Verification Matrix mapping every criterion to automated tests, manual verification, or an unavailable check. Missing mappings block Definition of Done.
 
-7. **Record Regression Patterns** — For bugfixes, compare against `.engineering-intelligence/memory/regression-patterns.md`. Reuse matching templates or add a new durable pattern when a bug category is likely to recur.
+7. **Propose Regression Patterns** — For bugfixes, compare against `.engineering-intelligence/memory/regression-patterns.md`. Reuse matching templates. If a new recurring bug category is found, propose a durable pattern to `memory-sync-engine`; Memory Sync owns durable persistence.
 
 ## Output
 

package/templates/canonical/workflows/engineering-intelligence.md

@@ -14,7 +14,7 @@ Use the `engineering-intelligence-skill` capability for the user's accompanying
 4. **Plan Agile + AI-DLC Work** — Update backlog, acceptance criteria, Definition of Ready, `.engineering-intelligence/aidlc/execution-plan.md`, and `aidlc-state.md`
 5. **Implement** — Make the requested code changes following established patterns
 6. **Test** — Add/update tests proportional to risk; execute and record results
-7. **Safety Gates** — Run freshness, type safety, API compatibility, migration safety, convention, acceptance-mapping, dependency-risk, and rollback gates when applicable
+7. **Safety Gates** — Run freshness, type safety, API compatibility, API snapshot replay, migration safety, convention, acceptance-mapping, dependency-risk, env-var, ADR compliance, LLM prompt-injection, and rollback gates when applicable
 8. **Validate** — Run available linters, type checks, test suites, scans, and architecture checks as environmental backpressure
 9. **Sync Intelligence** — Incrementally update only affected knowledge, memory, context, event, graph artifacts, and AI-DLC artifacts
 10. **Record Change** — Write `.changes/CHG-XXX-<summary>.md` referencing related reports and acceptance verification
@@ -29,6 +29,6 @@ Finish with:
 - Synchronized intelligence artifacts
 - Related reports (IMP-XXX, REV-XXX)
 - Agile artifacts updated (backlog, stories, acceptance criteria, Definition of Done)
-- Safety gates run (freshness, type, API, migration, acceptance mapping)
+- Safety gates run (freshness, type, API, snapshots, migration, dependency, env, ADR, LLM, acceptance mapping, rollback)
 - Unresolved risks or follow-ups
 - AI-DLC breadcrumb (`AI-DLC: <phase> -> <stage> -> <status>`)