godpowers 1.6.24 → 2.1.0

package/AGENTS.md

@@ -18,7 +18,7 @@ projects from raw idea to hardened production.
 - `routing/` contains command routing metadata and intent recipes
 - `workflows/` contains executable workflow YAML
 - `references/` contains per-tier reference material (antipatterns, examples)
-- `bin/` contains the CLI installer and `god` command
+- `bin/` contains the CLI installer (`npx godpowers`)
 - `lib/` contains executable runtime helpers, sync checks, dogfood, dashboard, and release logic
 - `scripts/` contains validation and testing scripts
 - `templates/` contains artifact templates

package/CHANGELOG.md

@@ -7,6 +7,172 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [2.1.0] - 2026-05-30
+
+### Security
+- Fixed a command-injection vector in `lib/agent-browser-driver.js`: CLI
+  arguments are now passed as an argv array with the shell disabled
+  (`execFileSync`), so URLs, selectors, and eval expressions sourced from
+  project content (`PRD.md`/`DESIGN.md`) or CLI flags can no longer be
+  interpreted as shell syntax.
+- Added prototype-pollution guards to the `intent.yaml`/manifest parser
+  (`lib/intent.js`) and the router state-path reader (`lib/router.js`).
+- Hardened the non-interactive installer: `npx godpowers` with no target in a
+  non-TTY shell now refuses and prints guidance instead of performing a silent
+  global install.
+- Added path-traversal validation to `extension-scaffold` names
+  (`lib/extension-authoring.js`).
+- `installer-files.copyRecursive` now only reproduces symlinks that stay within
+  the source tree.
+
+### Fixed
+- Guarded JSON parsing of `state.json` (`lib/state.js`) and `events.jsonl`
+  (`lib/events.js`) against corrupt or partially-written files: a clear,
+  actionable error or a skipped torn line instead of an uncaught crash on the
+  `status`/`next`/checkpoint paths.
+- Corrected the review registry path to `.godpowers/REVIEW-REQUIRED.md`
+  (`lib/review-required.js`) so the dashboard and automation count review items,
+  and so the off-switch no longer deletes a repo-root file.
+- `agent-cache.clear` no longer deletes unparseable entries during a narrow
+  (by-agent, expiry, or age) clear (`lib/agent-cache.js`).
+- Reconciled documentation drift: JS-module and script counts, the
+  `HAVE-NOTS.md` reference tally (now 156), linkage path naming
+  (`.godpowers/links/`), phantom command/agent references in skill and agent
+  prose, and stale sample output across docs and skills.
+
+### Changed
+- Data-directory and runtime-bundle installs are now a clean replace
+  (`lib/installer-core.js`), so a version upgrade never leaves behind files that
+  no longer ship.
+- Documented the state lock's advisory, single-process semantics
+  (`lib/state-lock.js`).
+- Softened brittle exact-count test assertions (full-arc step/wave counts,
+  core workflow count) to floors so valid workflow edits no longer break the
+  gate for non-bug reasons.
+
+### Added
+- A skill/agent prose reference validator
+  (`lib/agent-refs.findUnresolvedProseRefs`) wired into the agent-ref test gate,
+  catching phantom `/god-*` and agent references in markdown bodies that the
+  workflow `uses:` check cannot see.
+- Wired have-not `A-13` (ADR inflation) into the architecture gate
+  (`routing/god-arch.yaml`).
+
+## [2.0.3] - 2026-05-26
+
+### Added
+- Added async state, intent, and workflow plan APIs as the first supported path
+  away from synchronous-only runtime file I/O.
+- Added executable workflow agent reference validation so `uses:
+  god-agent@range` entries are checked against the current agent contract.
+- Added `lib/skill-surface.js` and source-sync tests so individual skill files
+  are the source of truth for slash-command metadata.
+
+### Changed
+- Migrated test files to the shared test harness and made static checks reject
+  new copied harness boilerplate.
+- Split installer runtime definitions, argument parsing, and install core logic
+  out of `bin/install.js`.
+- Moved long-form `/god-mode` operator templates into
+  `references/orchestration/GOD-MODE-RUNBOOK.md`.
+- Added JSDoc typedef contracts to load-bearing runtime modules.
+
+## [2.0.2] - 2026-05-26
+
+### Added
+- Added `scripts/run-tests.js` as the maintained full-suite runner behind
+  `npm test`.
+- Added `scripts/static-check.js` and `npm run lint` for dependency-free
+  JavaScript syntax and release-gate structure checks.
+- Added dedicated YAML parser coverage for the supported dependency-free YAML
+  subset.
+
+### Changed
+- Hardened `lib/intent.parseSimpleYaml` for quoted colons, quoted hashes,
+  quoted commas in inline arrays, scalar arrays, object arrays, and folded
+  block scalars.
+- Moved installer copy helpers into `lib/installer-files.js` and preserved
+  symlinks during recursive copies.
+- Updated release and repo surface sync detectors to recognize delegated test
+  runners instead of requiring every test filename inside `package.json`.
+- Tightened budget block removal so only the top-level `budgets` block is
+  removed.
+
+### Fixed
+- Rejected router `file:` checks that point outside the project root.
+- Corrected the `/god-build` repository prerequisite auto-complete route from
+  `/god-roadmap` to `/god-repo`.
+- Aligned `SKILL.md` frontmatter version with package version `2.0.2`.
+
+## [2.0.1] - 2026-05-22
+
+Request-trace review guardrails.
+
+### Added
+- Added request-trace discipline to `god-executor`: assumptions, public
+  behavior, expected files, and verification command must be explicit before
+  implementation.
+- Added scope and request-trace review checks to `god-spec-reviewer` so
+  unplanned touched files, speculative flexibility, and unrelated churn block
+  review before quality review begins.
+- Added a simplicity and surgicality dimension to `god-quality-reviewer` so
+  overcomplicated but technically correct code does not pass review.
+- Added `request-trace-review` to runtime feature awareness for upgraded
+  projects.
+
+### Changed
+- `/god-build` and `/god-review` docs now describe the narrow-diff guardrails
+  as part of existing workflows instead of introducing a new command.
+- README, reference docs, roadmap, architecture, quality pillar, release notes,
+  package metadata, and lockfile now align to `2.0.1`.
+
+### Guardrails
+- The public command surface stays frozen; the change strengthens existing
+  executor and reviewer contracts.
+- Reviewers now reject speculative abstraction, unrelated cleanup, and diff
+  churn that cannot be traced to the user request, slice plan, failing test, or
+  implementation-caused cleanup.
+
+## [2.0.0] - 2026-05-16
+
+Executable proof release.
+
+### Added
+- Added `npx godpowers quick-proof --project=.` as a read-only CLI helper that
+  renders a shipped fixture with real `.godpowers/state.json`, computed next
+  action, missing-artifact visibility, and current host guarantees.
+- Added `lib/quick-proof.js` and `fixtures/quick-proof/` so the first-user
+  proof loop is packaged, deterministic, and testable.
+- Added `docs/quick-proof.md`, `docs/proof-transcript.md`, and
+  `docs/adoption-canary.md` so onboarding, proof evidence, and real-world
+  canary work share one connected story.
+- Added `scripts/run-adoption-canary.js` to clone an external repository and
+  capture CLI-verifiable trust signals: quick proof, dashboard status, and next
+  route output.
+- Added `scripts/verify-published-install.js` to verify the published npm
+  artifact after release, including quick proof, dashboard status, Claude
+  install, and Codex metadata install.
+
+### Changed
+- README now leads with executable proof, starter command paths, runtime
+  expectations, and the accountable AI development thesis.
+- Release checklist now includes published install verification through the
+  registry artifact instead of only the local checkout.
+- Package contents checks now require `lib/quick-proof.js` and the shipped
+  quick-proof fixture state.
+- Context and quality pillars now treat quick proof, adoption canary, and
+  published-install verification as durable repository truth.
+
+### Guardrails
+- `npm run test:quick-proof` verifies README links, quick proof docs,
+  transcript evidence, release checklist wiring, adoption canary wiring, local
+  links, and forbidden character rules.
+- `npm run release:check` includes the quick-proof test and package payload
+  verification.
+- The adoption canary harness does not replace host slash-command execution.
+  It captures CLI-verifiable signals and clearly leaves `/god-preflight`,
+  `/god-audit`, and `/god-reconstruct` to the AI coding host.
+
 ## [1.6.24] - 2026-05-16
 
 Strict background release readiness.

package/README.md

@@ -2,7 +2,7 @@
 
 [![CI](https://github.com/aihxp/godpowers/actions/workflows/ci.yml/badge.svg)](https://github.com/aihxp/godpowers/actions/workflows/ci.yml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
-[![Version](https://img.shields.io/badge/version-1.6.24-blue)](CHANGELOG.md)
+[![Version](https://img.shields.io/badge/version-2.1.0-blue)](CHANGELOG.md)
 [![npm](https://img.shields.io/npm/v/godpowers.svg)](https://www.npmjs.com/package/godpowers)
 
 **Ship fast. Ship right. Ship everything. Ship accountably.**
@@ -12,12 +12,39 @@ idea to hardened production. It runs as **slash commands inside your AI coding
 tool** (Claude Code, Codex, Cursor, etc.) that orchestrate **specialist agents**
 in fresh contexts to do the work.
 
-Version 1.6.24 makes background release readiness strict and fail-closed.
-Godpowers now requires delegated release checks to cover root docs, docs,
-agents, skills, routing, workflows, schema, templates, references, hooks, lib,
-scripts, tests, fixtures, GitHub workflows, package metadata, npm, GitHub
-release, CI, publish workflow, and local install state before a human-approved
-release executor can run.
+Want the short proof first? Start with [Quick Proof](docs/quick-proof.md) to
+run `npx godpowers quick-proof --project=.`, see transcript excerpts, pick a
+starter command set, and understand runtime expectations before reading the
+full reference.
+
+Godpowers makes AI coding accountable: every serious run should leave disk
+state, artifacts, validation gates, host guarantees, and a next action. Code is
+only one output. The project memory and proof trail matter too.
+
+Version 2.1.0 keeps the proof loop executable. `npx godpowers quick-proof
+--project=.` now renders a shipped fixture with real `.godpowers/state.json`,
+computed next action, missing-artifact visibility, and host guarantees. The
+2.0 line also ships a proof transcript, adoption canary harness, published npm
+install verifier, package checks that require the proof fixture to ship, and
+request-trace review guardrails for narrower implementation diffs. The 2.0.2
+release also hardens the dependency-free YAML subset, route file checks,
+installer file copying, and maintainer release gates.
+
+Maintainer hardening continues on the 2.x line without expanding the public
+command surface. The 2.1.0 patch closes a command-injection vector in the
+agent-browser driver, guards runtime file parsing against corrupt state,
+makes data-directory installs a clean replace, and reconciles documentation
+drift. The 2.0.3 patch range-checks workflow agent references,
+derives command metadata from the individual files in `skills/`, delegates
+installer runtime logic to `lib/`, moves the detailed God Mode runbook into
+`references/`, and exposes async file APIs for incremental migration away from
+synchronous-only internals.
+
+Strict release readiness remains fail-closed. Godpowers requires delegated
+release checks to cover root docs, docs, agents, skills, routing, workflows,
+schema, templates, references, hooks, lib, scripts, tests, fixtures, GitHub
+workflows, package metadata, npm, GitHub release, CI, publish workflow, and
+local install state before a human-approved release executor can run.
 
 The dashboard now starts with an action brief and a host guarantee line: the
 next command, why it is recommended, whether the project is ready, the first
@@ -36,10 +63,22 @@ It fuses four disciplines into one unified workflow:
 - **Execution engine** - fresh-context agents in parallel waves with atomic
   commits. No context rot. No sequential bottlenecks.
 - **Quality immune system** - TDD enforcement, two-stage code review (spec
-  compliance + code quality), verification before completion.
+  compliance + code quality), request-trace discipline, surgical diffs, and
+  verification before completion.
 - **Team intelligence** - scale-adaptive complexity, specialized agent personas
   (PM, Architect, Executor, Reviewer, Harden Auditor, etc.).
 
+## What Godpowers Proves
+
+Godpowers is designed to prove more than "the model wrote files." A useful run
+should prove:
+
+- The current state is on disk, not trapped in chat memory.
+- The next action is derived from repository state.
+- Planning artifacts, code changes, reviews, and launch checks can be inspected.
+- Host guarantees are explicit, including degraded or simulated agent behavior.
+- Release confidence covers tests, package contents, install surfaces, and docs.
+
 ## Install
 
 ```bash
@@ -64,6 +103,18 @@ mechanism against the installed `agents/god-*.md` files. If a host cannot
 provide a true fresh-context spawn, Godpowers must report that limitation
 instead of pretending a background agent ran.
 
+### Runtime Expectations
+
+| Runtime class | What to expect |
+|---|---|
+| Claude Code | Strong reference path when native agent spawning is available. |
+| Codex | Strong installed support through `agents/*.toml` metadata backed by the same Markdown agent contracts. |
+| Other install targets | Skills and agent contracts install, while host-native spawning depends on the tool. |
+| Degraded hosts | Godpowers must report local-only or simulated agent behavior instead of hiding the limitation. |
+
+See [Host capabilities](docs/host-capabilities.md) for the detailed guarantee
+model.
+
 ## Usage
 
 Open your AI coding tool in any project directory and type:
@@ -116,6 +167,21 @@ This reads `.godpowers/PROGRESS.md`, scans disk, reconciles any drift, and
 suggests the next logical command with a compact action brief. The SessionStart
 hook does the same thing when you open a new session in a Godpowers project.
 
+### Start With A Path
+
+If the full command surface feels large, begin with one of these paths and only
+learn the next command when Godpowers recommends it.
+
+| Goal | Starter path |
+|---|---|
+| Start a product | `/god-init`, `/god-prd`, `/god-design`, `/god-arch`, `/god-roadmap`, `/god-stack`, `/god-build` |
+| Add a feature | `/god-feature`, `/god-reconcile`, `/god-build`, `/god-review`, `/god-sync` |
+| Fix production | `/god-hotfix`, `/god-debug`, `/god-harden`, `/god-postmortem` |
+| Audit an existing repo | `/god-preflight`, `/god-audit`, `/god-archaeology`, `/god-tech-debt` |
+| Ship a release | `/god-status`, `/god-harden`, `/god-launch`, `npm run release:check` |
+| Maintain project health | `/god-hygiene`, `/god-update-deps`, `/god-docs`, `/god-check-todos` |
+| Extend Godpowers | `/god-extension-add`, `/god-extension-list`, `npx godpowers extension-scaffold --name=@godpowers/my-pack --output=.` |
+
 The same status engine is available from the installer CLI for humans, CI,
 Codex, Claude, Cursor, Gemini, OpenCode, Windsurf, Antigravity, and any host
 runtime that can execute Node:
@@ -125,10 +191,31 @@ npx godpowers status --project=.
 npx godpowers next --project=.
 npx godpowers status --project=. --brief
 npx godpowers status --project=. --json
+npx godpowers quick-proof --project=.
 npx godpowers dogfood
 npx godpowers extension-scaffold --name=@godpowers/my-pack --output=.
 ```
 
+### Maintainer Validation
+
+Godpowers keeps the public release gate behind one command:
+
+```bash
+npm run release:check
+```
+
+That command runs the maintained full-suite runner, audit checks, and package
+contents verification. `npm test` delegates to `scripts/run-tests.js`, so the
+test order is maintained as a readable list instead of a long package script.
+`npm run lint` runs dependency-free static checks through
+`scripts/static-check.js`, including shared test harness adoption, installer
+decomposition, async runtime APIs, agent reference validation coverage, and God
+Mode runbook delegation.
+
+The runtime remains dependency-free. YAML parsing is intentionally limited to
+the documented Godpowers subset used by intent, routing, workflow, and
+extension files, with parser coverage in `scripts/test-yaml-parser.js`.
+
 ### Slash Commands
 
 | Command | What it does | Spawns agent |
@@ -196,6 +283,11 @@ going through build, verification, repair, launch, and final sync. Red tests,
 typecheck, lint, build, or check output enter the repair loop instead of being
 reported as the final result.
 
+Build execution also keeps diffs narrow. Executors state assumptions, expected
+files, changed public behavior, and verification before editing. Reviewers
+block speculative flexibility, unrelated cleanup, and any touched file that
+does not trace back to the request or slice plan.
+
 If `.godpowers` state already exists, `/god-mode --yolo` resumes from disk
 instead of asking for the project description again.
 
@@ -335,6 +427,7 @@ Every artifact passes these mechanical checks before it is treated as complete:
 | Artifact-on-disk | Phantom resume (agent claims done, file does not exist) |
 | Critical-finding gate | Shipping with known security holes |
 | TDD enforcement | Code without tests |
+| Request-trace review | Scope creep, unrelated cleanup, speculative abstraction |
 | Two-stage review | Code that passes tests but violates spec or quality |
 
 These checks are guardrails, not proof that the product is right. A PRD can
@@ -379,9 +472,11 @@ Pi. T3 Code inherits from the underlying agent (Codex / Claude / OpenCode).
 ## Full reference
 
 - [Getting Started](docs/getting-started.md)
+- [Quick Proof](docs/quick-proof.md)
 - [Concepts](docs/concepts.md)
 - [Command reference (all 110 skills + 40 agents)](docs/reference.md)
 - [Feature awareness](docs/feature-awareness.md)
+- [Adoption Canary](docs/adoption-canary.md)
 - [Repository documentation sync](docs/repo-doc-sync.md)
 - [Repository surface sync](docs/repo-surface-sync.md)
 - [Roadmap](docs/ROADMAP.md)

package/RELEASE.md

@@ -1,12 +1,11 @@
-# Godpowers 1.6.24 Release
+# Godpowers 2.1.0 Release
 
-Date: 2026-05-16
+Date: 2026-05-30
 
-Godpowers 1.6.24 turns release readiness automation into a strict,
-fail-closed background check. It packages the lesson from the 1.6.23 release:
-release readiness cannot be inferred from README, package metadata, and
-changelog alone. Every owned repo surface must be checked or the release is
-blocked.
+Godpowers 2.1.0 is the security and drift hardening release. It keeps the 2.0
+proof, request-trace, and command surfaces stable while closing a
+command-injection vector, hardening runtime file handling and the installer,
+and reconciling documentation drift across the repository.
 
 ## What is stable
 
@@ -20,18 +19,13 @@ blocked.
 - Shared runtime bundle at `<runtime>/godpowers-runtime`
 - Native Pillars project context through `AGENTS.md` and `agents/*.md`
 - `.godpowers/` workflow state and artifact layout
-- Safe-sync routing before deploy, observe, harden, launch, or god-mode work
-- Critical harden finding gate before launch
-- Planning-system migration for GSD, BMAD, and Superpowers
-- Managed sync-back companion files for imported source systems
-- Feature awareness for existing Godpowers projects
-- Repository documentation sync checks
-- Repository surface sync checks
-- Route quality, recipe coverage, and release surface sync checks
 - Dashboard action briefs for next-step compression
 - Dashboard host guarantees for full, degraded, and unknown runtime capability
-- Agent-spawn trace event guardrails
-- Mode D suite readiness checks
+- `godpowers status --project .` and `godpowers next --project .`
+- `godpowers quick-proof --project .`
+- Planning-system migration for GSD, BMAD, and Superpowers
+- Repository documentation, repository surface, route quality, recipe coverage,
+  and release surface sync checks
 - Messy-repo dogfood scenarios
 - Extension authoring scaffold helper
 - Mode D suite release dry-run planner
@@ -39,47 +33,51 @@ blocked.
 
 ## What is new
 
-- Added `strict-release-readiness` to the safe automation templates.
-- Added a strict release-surface manifest that covers root docs, docs, agents,
-  skills, routing, workflows, schema, templates, references, hooks, lib,
-  scripts, tests, fixtures, GitHub workflows, package metadata, npm latest, git
-  tag state, GitHub release state, CI status, publish workflow status, and
-  local install state.
-- Updated `/god-automation-setup` so background release checks use the strict
-  template by default.
-- Updated the release maintenance recipe so background release setup goes
-  through `/god-automation-setup` and keeps publishing behind explicit human
-  approval.
-- Updated auto-invoke visibility docs so strict release readiness is a Level 2
-  read-only local automation candidate.
+- Closed a command-injection vector in `lib/agent-browser-driver.js`. CLI
+  arguments now flow through an argv array with the shell disabled, so URLs,
+  selectors, and eval expressions sourced from project content or CLI flags
+  cannot be interpreted as shell syntax.
+- Guarded runtime JSON parsing of `state.json` and `events.jsonl` against
+  corrupt or partially-written files, replacing uncaught crashes with clear
+  errors or skipped torn lines.
+- Corrected the review registry path to `.godpowers/REVIEW-REQUIRED.md` so the
+  dashboard and automation see review items and the off-switch no longer
+  deletes a repo-root file.
+- Made data-directory and runtime-bundle installs a clean replace so version
+  upgrades never leave behind files that no longer ship.
+- Narrowed `agent-cache` deletion scope, added extension-scaffold name
+  validation, added prototype-pollution guards to the YAML/manifest parser and
+  router, and limited installer symlink reproduction to the source tree.
+- Added a skill/agent prose reference validator wired into the agent-ref test
+  gate, wired have-not `A-13` into the architecture gate, and softened brittle
+  exact-count tests to floors.
+- Reconciled documentation drift across README, ARCHITECTURE, ARCHITECTURE-MAP,
+  docs, references, and skills (counts, linkage paths, HAVE-NOTS tally, stale
+  sample output).
 
 ## Guardrails
 
-- Strict release readiness fails closed when any required surface is unchecked,
-  stale, missing, untested, or inconsistent with the intended version.
-- Strict release readiness reports blockers and exact next commands only.
-- Strict release readiness must not modify files, stage, commit, tag, push,
-  create a GitHub release, publish to npm, delete files, clear caches, or
-  change runtime installs.
-- Behavioral tests verify that the strict template is fail-closed, read-only,
-  and names every required release surface.
+- The public slash-command surface remains frozen.
+- The runtime remains dependency-free.
+- `bin/install.js` stays a thin CLI entry point and delegates install behavior
+  to `lib/installer-core.js`.
+- Every `child_process` call site uses an argv array with the shell disabled.
+- `scripts/static-check.js` continues to verify async APIs, JSDoc typedefs,
+  agent-ref test coverage, shared harness adoption, skill metadata source
+  parsing, and God Mode runbook delegation.
 
 ## Validation
 
 Release validation includes:
 
-- `node scripts/test-automation-providers.js`
-- `node scripts/test-automation-surface-sync.js`
-- `node scripts/test-recipes.js`
-- source scan for forbidden dash characters in edited files
+- `npm test`
+- `npm run test:audit`
+- `npm run pack:check`
 - `npm run release:check`
 - `npm pack --json`
-- npm cache clear before local install
-- local uninstall and reinstall from the generated tarball
-- tag-triggered npm publish workflow with provenance
-- npm registry verification after publish
-- local uninstall and reinstall from `godpowers@1.6.24`
-- all-runtime `godpowers --all` refresh after published install
+- local install smoke tests across supported runtime shapes
+- npm publish when registry credentials are available
+- GitHub release creation for `v2.1.0`
 
-The `v1.6.24` tag should point to the release commit that matches the npm
-`godpowers@1.6.24` package.
+The `v2.1.0` tag should point to the release commit that matches the npm
+`godpowers@2.1.0` package.

package/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: godpowers
-version: 0.1.0
+version: 2.1.0
 description: |
   AI-powered development system that takes a project from raw idea to hardened
   production. Fuses artifact discipline, execution engine, quality enforcement,
@@ -21,6 +21,14 @@ hardened production. You enforce mechanical quality at every step. You never
 produce AI-slop. You never skip a gate. You never claim done without an artifact
 on disk.
 
+## Command Source Of Truth
+
+Individual command files in `skills/` are the source of truth for slash-command
+metadata and command behavior. `SKILL.md` carries the global operating contract
+only. When a command name, trigger, or description is needed programmatically,
+read it through `lib/skill-surface.js` instead of duplicating a hand-maintained
+command table here.
+
 ## Core Principles
 
 ### 1. The Three-Label Rule

package/agents/god-design-reviewer.md

@@ -4,10 +4,10 @@ description: |
   Two-stage review gate for DESIGN.md and PRODUCT.md changes. Mirrors
   the existing god-spec-reviewer + god-quality-reviewer pattern from
   code review, combined into one agent because design intent and design
-  quality are tightly coupled. Spawned by god-design-updater BEFORE
+  quality are tightly coupled. Spawned by /god-design BEFORE
   impact analysis runs.
 
-  Spawned by: god-design-updater, god-orchestrator (mid-arc DESIGN/PRODUCT changes)
+  Spawned by: /god-design, god-orchestrator (mid-arc DESIGN/PRODUCT changes)
 tools: Read, Bash, Grep, Glob
 ---
 
@@ -112,10 +112,10 @@ Emit event:
 
 ## Handoff
 
-- **PASS**: return verdict to god-design-updater; impact analysis can run
+- **PASS**: return verdict to god-designer; impact analysis can run
 - **WARN**: return verdict + warnings; impact analysis runs; warnings
   flow to REVIEW-REQUIRED.md alongside affected files
-- **BLOCK**: return verdict + REJECTED.md path; god-design-updater aborts
+- **BLOCK**: return verdict + REJECTED.md path; god-designer aborts
   propagation; god-orchestrator pauses (default + --yolo) per the
   critical-finding gate
 
@@ -131,7 +131,7 @@ You fail (and the BLOCK becomes a critical-finding gate trigger) if:
 
 ## What you do NOT do
 
-- Apply the change yourself (god-design-updater applies after PASS/WARN)
-- Compute downstream impact (god-impact-analyzer runs after PASS/WARN)
+- Apply the change yourself (god-designer applies after PASS/WARN)
+- Compute downstream impact (/god-design-impact runs after PASS/WARN)
 - Touch PRODUCT.md (god-designer owns it)
 - Run reverse-sync (god-updater)

package/agents/god-designer.md

@@ -176,5 +176,5 @@ implementing files.
 
 - Reimplement impeccable's typography / color / motion design intelligence
 - Run reverse-sync (that's god-updater)
-- Compute change impact (that's god-impact-analyzer)
+- Compute change impact (that's /god-design-impact)
 - Review your own changes (that's god-design-reviewer)

package/agents/god-executor.md

@@ -51,6 +51,24 @@ For every behavior in this slice:
 - **"I'll add tests after"**: VIOLATION. Stop. Write the test now.
 - **Skipping refactor**: allowed only if the GREEN code is already clean.
 - **Multiple slices in one commit**: VIOLATION. One slice = one commit.
+- **Speculative flexibility**: VIOLATION. Do not add configuration,
+  extension points, generalized helpers, or future-proof branches unless the
+  slice plan requires them.
+- **Unrelated cleanup**: VIOLATION. Do not reformat, rename, refactor, or
+  delete adjacent code that is not required for this slice. Mention it as a
+  follow-up instead.
+
+## Request Trace Discipline
+
+Before editing, convert the slice into a short execution contract:
+- Assumptions you are making
+- The public behavior that will change
+- The smallest files you expect to touch
+- The verification command that proves success
+
+Every changed line must trace back to that contract, the failing test, or a
+cleanup created by your own change. If you cannot explain the trace, revert
+that line before returning control to the orchestrator.
 
 ## After All Behaviors Complete
 
@@ -63,6 +81,7 @@ For every behavior in this slice:
    - Test results
    - Typecheck/check results
    - Files changed
+   - Any unrelated improvement you noticed but intentionally left untouched
    - Ready for two-stage review
 
 DO NOT commit yet. The orchestrator will spawn god-spec-reviewer and
@@ -79,6 +98,10 @@ happen.
 - Test suite failing (any test, not just yours)
 - Typecheck/check command failing
 - Stub/placeholder code in the implementation
+- Speculative abstraction, unused configurability, or generalized plumbing not
+  demanded by the slice
+- Drive-by formatting, renaming, refactoring, or dead-code deletion unrelated
+  to the slice
 
 ## Repair Mode
 

package/agents/god-quality-reviewer.md

@@ -47,6 +47,16 @@ Your job: would you ship this code in production?
 - No premature abstraction either
 - Comments explain WHY, not WHAT (the code shows what)
 
+### 6. Simplicity and Surgicality
+- The solution is the minimum code that satisfies the verified behavior
+- No single-use abstraction replaces clearer direct code
+- No options, settings, adapters, or extension points exist for hypothetical
+  future needs
+- No adjacent cleanup, formatting churn, renames, or dead-code deletion appears
+  unless it was required by the request
+- Any follow-up cleanup is reported separately instead of being smuggled into
+  the diff
+
 ## Output
 
 Return verdict to orchestrator:
@@ -60,6 +70,7 @@ Return verdict to orchestrator:
 - [PASS/FAIL] Error handling: [evidence]
 - [PASS/FAIL] Performance: [evidence]
 - [PASS/FAIL] Maintainability: [evidence]
+- [PASS/FAIL] Simplicity and surgicality: [evidence]
 
 ### Verdict: PASS / FAIL
 
@@ -68,7 +79,7 @@ Return verdict to orchestrator:
 
 ## Pass Criteria
 
-ALL five dimensions must PASS. Any FAIL blocks the commit.
+ALL six dimensions must PASS. Any FAIL blocks the commit.
 
 If FAIL: orchestrator returns the slice to god-executor.
 If PASS: orchestrator commits the slice atomically.