its-magic 0.1.2-40 → 0.1.2-42

package/README.md

@@ -44,6 +44,10 @@ Pick one method:
 | Chocolatey | `choco install its-magic` (Admin shell) |
 | Homebrew | `brew tap USER/tap && brew install its-magic` |
 
+### Global Linux install: empty `install_include_paths` (CRLF manifest)
+
+If **`its-magic --target <repo> --mode missing`** fails with **`[INSTALL_MANIFEST_ERROR] install_include_paths section is empty`** on Debian/Linux while the packaged manifest still lists paths, the global install likely has **CRLF** line endings in **`installer-owned-paths.manifest`** (visible as **`^M$`** with **`cat -A`**). **Fix in-tree** from **`0.1.2-41`**: **`installer.sh`** strips trailing carriage returns before section matching; **`.gitattributes`** keeps **`*.manifest`** LF; **`prepublishOnly`** runs **`guard_installer_publish`**. **Upgrade**: install a build **≥ `0.1.2-41`** (or reinstall from a fresh **`npm pack`** tarball after pull). Older tarballs such as **`its-magic@0.1.2-40`** may remain broken until republished — see **`docs/engineering/architecture.md`** **`# BUG-0008`**.
+
 ### 2) Apply to a repo
 
 New repo:

package/installer.ps1

@@ -28,7 +28,7 @@ function Get-ManifestSection($ManifestPath, $SectionName) {
   $inSection = $false
   $items = New-Object System.Collections.Generic.List[string]
   foreach ($raw in $lines) {
-    $line = $raw.Trim()
+    $line = $raw.TrimEnd("`r").Trim()
     if ([string]::IsNullOrWhiteSpace($line)) { continue }
     if ($line.StartsWith("#")) { continue }
     if ($line.StartsWith("[") -and $line.EndsWith("]")) {

package/installer.sh

@@ -92,8 +92,13 @@ list_source_files() {
 
 get_manifest_paths() {
   section="$1"
+  # BUG-0008: strip trailing CR so CRLF manifests (Windows-published npm tarballs)
+  # still match [section] headers under POSIX awk on Linux.
   awk -v s="$section" '
     BEGIN { in_section=0 }
+    {
+      sub(/\r$/, "")
+    }
     /^[[:space:]]*#/ { next }
     /^[[:space:]]*$/ { next }
     /^\[/ {
@@ -205,6 +210,7 @@ write_installed_version() {
   printf "%s" "$2" > "$vf"
   legacy="$1/.its-magic-version"
   [ -f "$legacy" ] && rm -f "$legacy"
+  return 0
 }
 
 sync_root_readme_to_its_magic() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "its-magic",
-  "version": "0.1.2-40",
+  "version": "0.1.2-42",
   "description": "its-magic - AI dev team workflow for Cursor.",
   "license": "MIT",
   "bin": {

package/scripts/guard_installer_publish.py

@@ -1,5 +1,8 @@
 #!/usr/bin/env python3
-"""Prepublish / CI guard: installer.sh LF + POSIX-safe startup tokens (US-0084 / AC-2)."""
+"""Prepublish / CI guard: installer.sh LF + POSIX-safe startup tokens (US-0084 / AC-2).
+
+BUG-0008: reject CR bytes in installer-owned-paths.manifest (CRLF breaks POSIX awk section match).
+"""
 
 from __future__ import annotations
 
@@ -10,6 +13,10 @@ from pathlib import Path
 
 ROOT = Path(__file__).resolve().parents[1]
 INSTALLER_SH = ROOT / "installer.sh"
+INSTALLER_MANIFESTS = (
+    ROOT / "docs" / "engineering" / "context" / "installer-owned-paths.manifest",
+    ROOT / "template" / "docs" / "engineering" / "context" / "installer-owned-paths.manifest",
+)
 
 FORBIDDEN_TOKENS = (
     "set -euo",
@@ -32,6 +39,17 @@ def main() -> int:
             file=sys.stderr,
         )
         return 1
+    for man in INSTALLER_MANIFESTS:
+        if not man.is_file():
+            continue
+        mdata = man.read_bytes()
+        if b"\r" in mdata:
+            print(
+                f"guard_installer_publish: CR/LF (\\r) bytes found in {man.relative_to(ROOT)} — "
+                "use LF only (.gitattributes *.manifest; BUG-0008).",
+                file=sys.stderr,
+            )
+            return 1
     text = data.decode("utf-8", errors="replace")
     for token in FORBIDDEN_TOKENS:
         if token in text:

package/template/.cursor/commands/auto.md

@@ -19,6 +19,11 @@ description: "its-magic auto: deterministic continuation orchestrator."
 - Phase context transfer happens only through artifacts and handoff files.
 - Scope is process/workflow orchestration only. Do not claim runtime product
   orchestration changes.
+- **Bug-queue mode** (**`US-0087`**) uses the same **spawn-only** contract: the
+  orchestrator schedules materialization and spawns phase-role subagents per
+  bug segment—it **must not** run **`execute`**, **`qa`**, or other lifecycle
+  phases in the orchestrator turn. Violations → **`AUTO_ORCHESTRATOR_PHASE_EXECUTION`**
+  (**`BUG-0006`**, **`US-0069`**, **`DEC-0051`**).
 
 ## Spawn-boundary integrity (BUG-0006)
 
@@ -33,6 +38,39 @@ description: "its-magic auto: deterministic continuation orchestrator."
   (wrong writer / isolation break) and **`RUNTIME_PROOF_*`** / **`PHASE_ROLE_*`**
   families—do not overload those codes for a missing-spawn violation.
 
+## Continuous multi-phase execution (US-0088)
+
+A single `/auto` orchestrated run advances through **all phases** in the
+**intersected resolved schedule** (reference **Step 5**) until a
+**deterministic stop condition** fires. The orchestrator does **not** stop after
+spawning one phase unless the stop matrix requires it.
+
+**Outer-driver equivalence (AC-1, Option B)**: When a single Cursor `/auto`
+invocation cannot schedule multiple fresh subagent turns (product/runtime
+constraint), a **documented outer driver** (operator script or manual
+re-invocation with `start-from` / refreshed `resume_brief`) is
+**deterministically equivalent** provided: same intersected phase order, same
+isolation + strict-proof attestation per phase (**DEC-0038**), same stop
+reasons, and same `resume_brief` + `state.md` refresh at every boundary.
+Operators must follow the runbook recipe
+(**`docs/engineering/runbook.md`** § Continuous `/auto` + backlog drain).
+
+**Deterministic stop matrix** (see also architecture `# US-0088`):
+
+| Condition | Behavior |
+|-----------|----------|
+| Next phase exists, no hard stop | **Continue** — preflight US-0069, spawn next phase |
+| `decision_gate` | **Stop** (non-suppressible) |
+| `error` / missing critical input | **Stop** (non-suppressible) |
+| `AUTO_PAUSE_REQUEST` / `pause` | **Stop** at safe boundary (non-suppressible) |
+| `AUTO_LOOP_MAX_CYCLES` / `loop_max` | **Stop** (non-suppressible) |
+| `blocked` (sync/scope gate) | **Stop** (non-suppressible) |
+| US lifecycle DONE / sprint segment complete | **Stop** segment; `AUTO_BACKLOG_DRAIN=1` may advance to next OPEN story (recompute phase plan — **reference Step 5**) |
+| `BACKLOG_MAX_STORIES_REACHED` | **Stop** (non-suppressible) |
+
+`stop_reason` vocabulary: `completed`, `decision_gate`, `missing_input`,
+`pause_request`, `loop_max`, `error`, `blocked`.
+
 ## Full specification (US-0080 / DEC-0062)
 
 Long prose, expanded mode semantics, and **Steps 1–13** detail live in
@@ -101,16 +139,37 @@ Selectors and reinstatement: see reference. Phase-plan reason codes include
 `PHASE_POLICY_CONFLICT`, `PHASE_PLAN_UNKNOWN_PHASE`, `START_FROM_PHASE_PLAN_EMPTY_INTERSECTION`.
 
 Phase boundary visibility (**AC-10**): record `resolved_phase_plan` snapshot,
-`skipped_phases`, `phase_boundary`, `next_scheduled_phase` on `state.md`.
+`skipped_phases`, `phase_boundary`, `next_scheduled_phase` on `state.md`. For
+bug-queue segments, also record **`segment_work_item_kind`**, **`active_bug_id`**,
+**`bug_queue_position`**, **`bug_queue_remaining`**, **`backlog_drain_active`**,
+**`bug_queue_active`** per **`docs/engineering/architecture.md`** **`# US-0087`**
+and **`docs/engineering/auto-orchestration-reference.md`**.
 
 ## Inputs
 
 Merged scratchpad (**US-0073** / **DEC-0055**), automation flags (`AUTO_*`, `SECURITY_REVIEW`,
 `TEAM_*`), phase-plan keys `AUTO_PHASE_PLAN`, `AUTO_PHASE_EXCLUDE`, `AUTO_PHASE_INCLUDE`,
 `AUTO_PHASE_PROFILE`, `AUTO_PHASE_HIGH_RISK_ACK`, product/engineering docs,
-optional `start-from=<phase>`, optional `--execute-bulk`, `handoffs/resume_brief.md`,
+optional `start-from=<phase>`, optional **`bug-target=BUG-####`** or
+**`bug-target=all-open`**, optional `--execute-bulk`, `handoffs/resume_brief.md`,
 `docs/engineering/state.md`.
 
+## Automation remote routing contract (US-0086)
+
+- Automation-only gate: `AUTO_REMOTE_AUTOMATION_PROFILE=deterministic_v1` enables
+  target routing; `off` keeps manual/local behavior unchanged.
+- Explicit intent literal is constrained to: `start container <target_id>`.
+- Deterministic precedence when profile is enabled:
+  1. explicit intent target id resolution,
+  2. canonical target validation (`targets[].id` exists and is enabled),
+  3. documented heuristic fallback,
+  4. local default when no remote target is selected.
+- Fail-closed reason codes (do not overload):
+  `REMOTE_AUTOMATION_MODE_OFF`, `REMOTE_TARGET_UNKNOWN`,
+  `REMOTE_TARGET_DISABLED`, `REMOTE_TARGET_UNROUTABLE`.
+- Mode-off guardrail: never silently reroute `TEST_COMMAND` to remote when
+  automation profile is disabled.
+
 ## Canonical status contract (US-0045)
 
 Story status authority: `docs/product/backlog.md` only; do not infer readiness from
@@ -124,14 +183,43 @@ QA loop handoffs when applicable, continuation breadcrumbs including `resolution
 
 ## Stop conditions
 
-Decision gate, missing critical input, `AUTO_PAUSE_REQUEST` at safe boundary,
-`AUTO_LOOP_MAX_CYCLES` with unresolved defects.
+Deterministic stop reasons (see **Stop matrix** in `## Continuous multi-phase
+execution (US-0088)` above): `completed`, `decision_gate`, `missing_input`,
+`pause_request`, `loop_max`, `error`, `blocked`.
 
 ## Optional backlog-drain mode (US-0044 / DEC-0022)
 
 Canonical controls: `AUTO_BACKLOG_DRAIN`, `AUTO_BACKLOG_MAX_STORIES`, `AUTO_BACKLOG_ON_BLOCK`,
-`AUTO_STORY_SELECTION`. Reason codes include `BACKLOG_MAX_STORIES_REACHED`. Full semantics:
-reference.
+`AUTO_STORY_SELECTION`. When `AUTO_BACKLOG_DRAIN=1`, each story advances through
+**multiple phases** until its terminal boundary (**reference Step 5**); the
+orchestrator **recomputes** the materialized phase plan at each **story boundary**
+and selects the **next eligible OPEN story** per `AUTO_STORY_SELECTION`.
+Reason codes include `BACKLOG_MAX_STORIES_REACHED`. Full semantics: reference.
+
+## Optional bug-queue mode (US-0087)
+
+Canonical **argv** literals (exact strings; **no aliases** in v1):
+- **`bug-target=BUG-####`** (example: **`bug-target=BUG-0007`**) — single defect from
+  **`docs/product/backlog.md`** **`## Bug issues (canonical)`** with status **OPEN**.
+- **`bug-target=all-open`** — deterministic **OPEN**-only queue, ascending **numeric**
+  **`BUG-####`** sort, optional cap **`AUTO_BUG_MAX_ITEMS`** (see reference).
+
+Scratchpad keys (**default-off**): **`AUTO_BUG_QUEUE`**, **`AUTO_BUG_TARGET`**,
+**`AUTO_BUG_MAX_ITEMS`**, **`AUTO_BUG_ON_BLOCK`** — full semantics: reference +
+**`architecture.md`** **`# US-0087`**.
+
+**Scheduler mutex**: if merged scratchpad has **`AUTO_BACKLOG_DRAIN=1`** **and**
+**`AUTO_BUG_QUEUE=1`** **and** this invocation has **no** explicit **`bug-target=`**
+argv token → fail closed with **`AUTO_SCHEDULER_CONFLICT`** (use
+**`[AUTO_RESUME_ERROR] AUTO_SCHEDULER_CONFLICT: ...`** form per reference). When
+**`bug-target=`** argv is present, it **selects** the bug scheduler for this run;
+**`AUTO_BACKLOG_DRAIN`** must **not** also drive story selection for that same
+materialized run.
+
+Fail-closed codes (orthogonal to existing resume/phase codes; do **not** overload):
+- **`AUTO_BUG_QUEUE_EMPTY`** — **`all-open`** (or equivalent) and zero **OPEN** bugs.
+- **`AUTO_BUG_TARGET_UNKNOWN`** — malformed id, wrong pattern, or id missing from canonical bug section.
+- **`AUTO_BUG_TARGET_NOT_OPEN`** — known id exists but status is not **OPEN** (e.g. **DONE**).
 
 ## Optional bulk execute mode (US-0047 / DEC-0024)
 
@@ -152,12 +240,19 @@ Phase-completion boundary evaluation only. **Guarded auto-push eligibility chain
 
 ## Deterministic resume-source precedence
 
-Resolve start phase in strict order:
+Resolve nominal start phase and scheduler inputs in strict order (**`US-0087`**
+extends scratchpad vs **`resume_brief`** ordering — full matrix: reference):
 
 1. Explicit `/auto start-from=<phase>`
-2. `handoffs/resume_brief.md`
-3. Conservative `docs/engineering/state.md` fallback
-4. Fail fast on ambiguity/conflict/unrecoverable inputs
+2. Explicit **`bug-target=`** argv token when present (parsed **before** merged
+   scratchpad scheduler keys; selects bug scheduler for this run).
+3. Merged scratchpad (**`US-0073`** / **`DEC-0055`**) — including **`AUTO_BACKLOG_DRAIN`**,
+   **`AUTO_BUG_QUEUE`**, **`AUTO_BUG_TARGET`**, etc.
+4. `handoffs/resume_brief.md`
+5. Conservative `docs/engineering/state.md` fallback
+6. Fail fast on ambiguity/conflict/unrecoverable inputs (including
+   **`AUTO_SCHEDULER_CONFLICT`** when both schedulers are enabled in scratchpad
+   without **`bug-target=`** argv resolution).
 
 If `resume_brief.md` is present but stale or unparseable, fail fast instead
 of silently falling back.
@@ -177,22 +272,42 @@ Required codes:
 - `STATE_PHASE_AMBIGUOUS`
 - `STATE_PHASE_UNRECOVERABLE`
 
+Bug-queue extensions (**`US-0087`**; same **`[AUTO_RESUME_ERROR]`** envelope when
+used for resume/materialization failures):
+
+- `AUTO_SCHEDULER_CONFLICT`
+- `AUTO_BUG_QUEUE_EMPTY`
+- `AUTO_BUG_TARGET_UNKNOWN`
+- `AUTO_BUG_TARGET_NOT_OPEN`
+
 ## Steps (compact; full detail in reference)
 
 1. Read automation flags from merged scratchpad and **materialize the resolved
    phase plan** per **Configurable phase selection policy (US-0070 / DEC-0052)**; append
    plan breadcrumbs to `docs/engineering/state.md` **before** first spawn.
-2. Parse `start-from` / `--execute-bulk`; resolve nominal start phase; intersect with plan.
+2. Parse `start-from` / **`bug-target=`** / `--execute-bulk`; resolve scheduler
+   mutex (**`AUTO_SCHEDULER_CONFLICT`** when applicable); resolve nominal start phase;
+   intersect with plan.
 3. Record continuation metadata (`invocation_mode=auto`, `requested_start_from`,
    `resolved_start_phase`, `resolution_source`, `resolution_status`, `timestamp`).
 4. Spawn fresh subagents per intersected schedule; enforce **US-0069** preflight/post checks.
-5. Implementation loop, pause, stop breadcrumbs (`stop_reason` such as `completed|decision_gate|missing_input|pause_request|loop_max`, `stop_phase`, `timestamp`), `resume_brief` updates — reference.
-6. 11a. Isolation evidence verification at each boundary.
-7. 11b. At each phase boundary, verify strict runtime attestation tuple exists
+5. **Multi-phase continuation** (normative detail: **reference Step 5** in
+   **`docs/engineering/auto-orchestration-reference.md`** `## Steps` item 5):
+   advance through **all remaining phases** in the intersected resolved schedule
+   order until a **deterministic stop condition** fires (see **Stop matrix** in
+   `## Continuous multi-phase execution (US-0088)` above). When
+   `AUTO_BACKLOG_DRAIN=1`, repeat the story lifecycle for the next eligible OPEN
+   story, **reloading** scratchpad and **recomputing** the materialized phase
+   plan at each story boundary. Outer-driver equivalence applies when a single
+   invocation cannot schedule multiple subagent turns (**AC-1 Option B**).
+   `stop_reason`: `completed|decision_gate|missing_input|pause_request|loop_max|error|blocked`.
+6. Isolation evidence verification at each boundary (**reference** step 11a).
+7. At each phase boundary, verify strict runtime attestation tuple exists
    and is valid for the completed phase (`orchestrator_run_id`, `runtime_proof_id`,
-   `phase_id`, `role`, `proof_issued_at`, `proof_ttl_seconds`, `proof_hash`).
-8. Sync verdict recording when eligible — reference.
-9. Backlog-drain / bulk per-item summaries when enabled — reference.
+   `phase_id`, `role`, `proof_issued_at`, `proof_ttl_seconds`, `proof_hash`)
+   (**reference** step 11b).
+8. Sync verdict recording when eligible — reference step 12.
+9. Backlog-drain / bulk per-item summaries when enabled — reference step 13.
 
 ## Backward compatibility
 

package/template/.cursor/rules/coding-standards.mdc

@@ -26,6 +26,13 @@ globs: ["**/*"]
 - Remote config security (DEC-0016): never commit secret literals (tokens,
   passwords, private keys) in `.cursor/remote.json`; use environment-variable
   references only (for example `tokenEnv`, `passwordEnv`, `privateKeyPathEnv`).
+- `.env` exclusion (DEC-0071 / US-0085): do not open, attach, read, search
+  inside, or index `.env` or `.env.*` files. Use environment variable names
+  in prose only. Operators source `.env` outside agent context.
+- Automation remote routing (US-0086): when `AUTO_REMOTE_AUTOMATION_PROFILE=off`,
+  keep local behavior and never silently reroute `TEST_COMMAND` to remote.
+  Explicit NL routing is limited to `start container <target_id>` and unknown or
+  disabled targets must fail closed with documented reason codes.
 - Performance by default: avoid obvious N+1 loops, repeated expensive work, and
   unnecessary I/O in hot paths.
 - Documentation by default: update relevant docs when behavior, setup, or usage

package/template/.cursor/scratchpad.local.example.md

@@ -41,6 +41,17 @@ MAGIC_BENCH_SESSION=
 # - AUTO_EXECUTE_ON_BLOCK: stop|skip (behavior when a planned item blocks)
 # - AUTO_EXECUTE_SELECTION: planned_then_priority
 # - AUTO_TEAM_SCOPE_ENFORCE: 0|1 (when TEAM_MODE=1, enforce TEAM_MEMBER + ACTIVE_TASK_IDS)
+# Optional bug-queue mode (US-0087) — default-off when absent/unset after merge
+# - AUTO_BUG_QUEUE: 0|1 (1 = enable bug-targeted /auto; mutex vs AUTO_BACKLOG_DRAIN without bug-target argv)
+# - AUTO_BUG_TARGET: all-open|BUG-#### (required when AUTO_BUG_QUEUE=1 unless bug-target= argv supplies target)
+# - AUTO_BUG_MAX_ITEMS: non-negative integer (0 or unset = no cap for all-open queue per run)
+# - AUTO_BUG_ON_BLOCK: stop|skip (bug segment pause/stop boundary)
+# Quiet mode (US-0088) — suppress routine per-phase success chatter only
+# - AUTO_QUIET: 0|1 (default 0; 1 = quiet routine notifications)
+#   Non-suppressible: decision_gate, errors, pause, loop_max, blocked, missing inputs.
+#   Orthogonal to TOKEN_PROFILE (DEC-0035 / US-0080) — TOKEN_PROFILE controls
+#   context breadth / token cost, not notification policy.
+AUTO_QUIET=0
 AUTO_FLOW_MODE=auto_until_decision
 PHASE_MODE=interactive
 PERMISSION_MODE=interactive
@@ -55,6 +66,10 @@ AUTO_EXECUTE_MAX_ITEMS=1
 AUTO_EXECUTE_ON_BLOCK=stop
 AUTO_EXECUTE_SELECTION=planned_then_priority
 AUTO_TEAM_SCOPE_ENFORCE=1
+AUTO_BUG_QUEUE=0
+AUTO_BUG_TARGET=
+AUTO_BUG_MAX_ITEMS=0
+AUTO_BUG_ON_BLOCK=stop
 #
 # `/auto` phase role policy (US-0069 / DEC-0051)
 # - AUTO_ROLE_RESEARCH: po|tech-lead (empty -> default tech-lead)
@@ -101,11 +116,15 @@ SPRINT_BULK_MAX_STORIES=5
 SPRINT_BULK_MAX_SPRINTS=3
 SPRINT_BULK_SELECTION=priority_then_backlog_order
 #
-# Remote execution
+# Remote execution (US-0086 / US-0084 / US-0064)
 # - REMOTE_EXECUTION: 0|1
 # - REMOTE_CONFIG: path to remote config
+# - AUTO_REMOTE_AUTOMATION_PROFILE: off|deterministic_v1 (default off/manual-safe)
+# - AUTO_REMOTE_ENVIRONMENT_LABEL: local|docker|ssh (names-only evidence label)
 REMOTE_EXECUTION=0
 REMOTE_CONFIG=.cursor/remote.json
+AUTO_REMOTE_AUTOMATION_PROFILE=off
+AUTO_REMOTE_ENVIRONMENT_LABEL=local
 #
 # Sync policy
 # - SYNC_POLICY_MODE: disabled|manual|by_phase|by_milestone|custom_phase_list

package/template/.cursor/scratchpad.md

@@ -15,7 +15,7 @@
 # - DONE: 0|1 (stop hook loops)
 MAGIC_CONTEXT_STRICT=1
 LOOP_UNTIL_GREEN=1
-RUN_TESTS_ON_EDIT=0
+RUN_TESTS_ON_EDIT=1
 AUTO_IMPLEMENTATION_LOOP=1
 AUTO_LOOP_MAX_CYCLES=5
 AUTO_PAUSE_REQUEST=0
@@ -41,13 +41,24 @@ MAGIC_BENCH_SESSION=
 # - AUTO_EXECUTE_ON_BLOCK: stop|skip (behavior when a planned item blocks)
 # - AUTO_EXECUTE_SELECTION: planned_then_priority
 # - AUTO_TEAM_SCOPE_ENFORCE: 0|1 (when TEAM_MODE=1, enforce TEAM_MEMBER + ACTIVE_TASK_IDS)
+# Optional bug-queue mode (US-0087) — default-off when absent/unset after merge
+# - AUTO_BUG_QUEUE: 0|1 (1 = enable bug-targeted /auto; mutex vs AUTO_BACKLOG_DRAIN without bug-target argv)
+# - AUTO_BUG_TARGET: all-open|BUG-#### (required when AUTO_BUG_QUEUE=1 unless bug-target= argv supplies target)
+# - AUTO_BUG_MAX_ITEMS: non-negative integer (0 or unset = no cap for all-open queue per run)
+# - AUTO_BUG_ON_BLOCK: stop|skip (bug segment pause/stop boundary)
+# Quiet mode (US-0088) — suppress routine per-phase success chatter only
+# - AUTO_QUIET: 0|1 (default 0; 1 = quiet routine notifications)
+#   Non-suppressible: decision_gate, errors, pause, loop_max, blocked, missing inputs.
+#   Orthogonal to TOKEN_PROFILE (DEC-0035 / US-0080) — TOKEN_PROFILE controls
+#   context breadth / token cost, not notification policy.
+AUTO_QUIET=0
 AUTO_FLOW_MODE=auto_until_decision
 PHASE_MODE=auto
 PERMISSION_MODE=auto
 AUTO_INSTALL_DEPS=1
 AUTO_RELEASE_NOTES=1
-AUTO_BACKLOG_DRAIN=0
-AUTO_BACKLOG_MAX_STORIES=1
+AUTO_BACKLOG_DRAIN=1
+AUTO_BACKLOG_MAX_STORIES=10
 AUTO_BACKLOG_ON_BLOCK=stop
 AUTO_STORY_SELECTION=priority_then_backlog_order
 AUTO_EXECUTE_BULK=0
@@ -55,6 +66,10 @@ AUTO_EXECUTE_MAX_ITEMS=1
 AUTO_EXECUTE_ON_BLOCK=stop
 AUTO_EXECUTE_SELECTION=planned_then_priority
 AUTO_TEAM_SCOPE_ENFORCE=1
+AUTO_BUG_QUEUE=0
+AUTO_BUG_TARGET=
+AUTO_BUG_MAX_ITEMS=0
+AUTO_BUG_ON_BLOCK=stop
 #
 # `/auto` phase role policy (US-0069 / DEC-0051)
 # - AUTO_ROLE_RESEARCH: po|tech-lead (empty -> default tech-lead)
@@ -101,15 +116,21 @@ SPRINT_BULK_MAX_STORIES=5
 SPRINT_BULK_MAX_SPRINTS=3
 SPRINT_BULK_SELECTION=priority_then_backlog_order
 #
-# Remote execution (US-0084 / US-0064)
+# Remote execution (US-0086 / US-0084 / US-0064)
 # - REMOTE_EXECUTION: 0|1 — 0 skips remote.json validation (zero overhead; DEC-0070).
 # - REMOTE_CONFIG: path to dev/Cursor remote JSON (default .cursor/remote.json).
+# - AUTO_REMOTE_AUTOMATION_PROFILE: off|deterministic_v1 (default off; manual
+#   mode remains unchanged unless explicitly enabled for automation workflows).
+# - AUTO_REMOTE_ENVIRONMENT_LABEL: local|docker|ssh (names-only evidence label
+#   for execute/qa/release handoffs when automation routing is used).
 #   Release/QA SSH/Docker connectivity fields live in docs/engineering/release-targets.json
 #   (ssh-server, dockerOverSsh); map WSL vs SSH vs Docker-over-SSH in
 #   docs/engineering/runtime-connectivity.md and docs/engineering/us-0084-remote-e2e.md.
 # - Summary helper (names-only stdout): python scripts/remote_config_summary.py
-REMOTE_EXECUTION=0
+REMOTE_EXECUTION=1
 REMOTE_CONFIG=.cursor/remote.json
+AUTO_REMOTE_AUTOMATION_PROFILE=off
+AUTO_REMOTE_ENVIRONMENT_LABEL=local
 #
 # Sync policy
 # - SYNC_POLICY_MODE: disabled|manual|by_phase|by_milestone|custom_phase_list
@@ -118,10 +139,10 @@ REMOTE_CONFIG=.cursor/remote.json
 # - ALLOW_AUTO_PUSH: 0|1 (default off; explicit opt-in required)
 # - AUTO_PUSH_BRANCH_ALLOWLIST: comma-separated branches/patterns eligible for
 #   auto-push. Protected/default branches are denied unless allowlisted.
-SYNC_POLICY_MODE=manual
+SYNC_POLICY_MODE=by_phase
 SYNC_CUSTOM_PHASES=
-ALLOW_AUTO_PUSH=0
-AUTO_PUSH_BRANCH_ALLOWLIST=
+ALLOW_AUTO_PUSH=1
+AUTO_PUSH_BRANCH_ALLOWLIST=main
 #
 # Knowledge curation
 # - EARLY_RESEARCH: 0|1 (PO/TL search web during intake/architecture)

package/template/.cursorignore

@@ -0,0 +1,5 @@
+# Agent exclusion — secrets must not be ingested by AI tools (US-0085 / DEC-0071)
+.env
+.env.local
+.env.*
+!.env.example

package/template/.env.example

@@ -0,0 +1,28 @@
+# .env.example — operator-local secret values (US-0085 / DEC-0071)
+# Copy to .env, fill in values, source before remote/SSH/release ops.
+# .env is gitignored and must NEVER be committed.
+# This file lists names only — no secret values.
+
+# ── From template/.cursor/remote.json (Cursor dev/remote targets) ──
+REMOTE_DOCKER_TOKEN=
+REMOTE_SSH_USER=
+REMOTE_SSH_KEY_PATH=
+
+# ── From docs/engineering/release-targets.json (release/QA targets) ──
+PUBLIC_DOMAIN=
+CHOCO_API_KEY=
+GITHUB_TOKEN=
+DOCKER_TOKEN=
+DOCKER_RUNTIME_HOST=
+AWS_PROFILE=
+APP_DOMAIN=
+APP_IP=
+CUSTOM_DOMAIN=
+CUSTOM_IP=
+SSH_HOST=
+SSH_USER=
+SSH_PRIVATE_KEY=
+RUNTIME_DOMAIN=
+RUNTIME_IP=
+DOCKER_HOST=
+DOCKER_CONTEXT=

package/template/README.md

@@ -44,6 +44,10 @@ Pick one method:
 | Chocolatey | `choco install its-magic` (Admin shell) |
 | Homebrew | `brew tap USER/tap && brew install its-magic` |
 
+### Global Linux install: empty `install_include_paths` (CRLF manifest)
+
+If **`its-magic --target <repo> --mode missing`** fails with **`[INSTALL_MANIFEST_ERROR] install_include_paths section is empty`** on Debian/Linux while the packaged manifest still lists paths, the global install likely has **CRLF** line endings in **`installer-owned-paths.manifest`** (visible as **`^M$`** with **`cat -A`**). **Fix in-tree** from **`0.1.2-41`**: **`installer.sh`** strips trailing carriage returns before section matching; **`.gitattributes`** keeps **`*.manifest`** LF; **`prepublishOnly`** runs **`guard_installer_publish`**. **Upgrade**: install a build **≥ `0.1.2-41`** (or reinstall from a fresh **`npm pack`** tarball after pull). Older tarballs such as **`its-magic@0.1.2-40`** may remain broken until republished — see **`docs/engineering/architecture.md`** **`# BUG-0008`**.
+
 ### 2) Apply to a repo
 
 New repo: