its-magic 0.1.2-40 → 0.1.2-43

package/README.md

@@ -44,6 +44,10 @@ Pick one method:
 | Chocolatey | `choco install its-magic` (Admin shell) |
 | Homebrew | `brew tap USER/tap && brew install its-magic` |
 
+### Global Linux install: empty `install_include_paths` (CRLF manifest)
+
+If **`its-magic --target <repo> --mode missing`** fails with **`[INSTALL_MANIFEST_ERROR] install_include_paths section is empty`** on Debian/Linux while the packaged manifest still lists paths, the global install likely has **CRLF** line endings in **`installer-owned-paths.manifest`** (visible as **`^M$`** with **`cat -A`**). **Fix in-tree** from **`0.1.2-41`**: **`installer.sh`** strips trailing carriage returns before section matching; **`.gitattributes`** keeps **`*.manifest`** LF; **`prepublishOnly`** runs **`guard_installer_publish`**. **Upgrade**: install a build **≥ `0.1.2-41`** (or reinstall from a fresh **`npm pack`** tarball after pull). Older tarballs such as **`its-magic@0.1.2-40`** may remain broken until republished — see **`docs/engineering/architecture.md`** **`# BUG-0008`**.
+
 ### 2) Apply to a repo
 
 New repo:

package/installer.ps1

@@ -28,7 +28,7 @@ function Get-ManifestSection($ManifestPath, $SectionName) {
   $inSection = $false
   $items = New-Object System.Collections.Generic.List[string]
   foreach ($raw in $lines) {
-    $line = $raw.Trim()
+    $line = $raw.TrimEnd("`r").Trim()
     if ([string]::IsNullOrWhiteSpace($line)) { continue }
     if ($line.StartsWith("#")) { continue }
     if ($line.StartsWith("[") -and $line.EndsWith("]")) {

package/installer.sh

@@ -92,8 +92,13 @@ list_source_files() {
 
 get_manifest_paths() {
   section="$1"
+  # BUG-0008: strip trailing CR so CRLF manifests (Windows-published npm tarballs)
+  # still match [section] headers under POSIX awk on Linux.
   awk -v s="$section" '
     BEGIN { in_section=0 }
+    {
+      sub(/\r$/, "")
+    }
     /^[[:space:]]*#/ { next }
     /^[[:space:]]*$/ { next }
     /^\[/ {
@@ -205,6 +210,7 @@ write_installed_version() {
   printf "%s" "$2" > "$vf"
   legacy="$1/.its-magic-version"
   [ -f "$legacy" ] && rm -f "$legacy"
+  return 0
 }
 
 sync_root_readme_to_its_magic() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "its-magic",
-  "version": "0.1.2-40",
+  "version": "0.1.2-43",
   "description": "its-magic - AI dev team workflow for Cursor.",
   "license": "MIT",
   "bin": {

package/scripts/check_intake_template_parity.py

@@ -1,5 +1,11 @@
 #!/usr/bin/env python3
-"""Verify active vs template/scripts/ bytes match for DEC-0063 intake gate modules (BUG-0001)."""
+"""Verify active vs template/scripts/ bytes match for DEC-0063 intake gate modules (BUG-0001).
+
+Scoped modes (DEC-0073 §10 / US-0090):
+  --scope=intake          (default) DEC-0063 intake pair table.
+  --scope=caveman-compress DEC-0073 caveman input-compression pair table.
+  --scope=all              union of both tables.
+"""
 
 from __future__ import annotations
 
@@ -7,7 +13,6 @@ import argparse
 import sys
 from pathlib import Path
 
-# Normative pairs: repo scripts/ (canonical dev) → template/scripts/ (packaged ship path).
 INTAKE_TEMPLATE_PAIRS: tuple[tuple[str, str], ...] = (
     ("scripts/intake_evidence_validate.py", "template/scripts/intake_evidence_validate.py"),
     ("scripts/intake_evidence_lib.py", "template/scripts/intake_evidence_lib.py"),
@@ -16,6 +21,24 @@ INTAKE_TEMPLATE_PAIRS: tuple[tuple[str, str], ...] = (
     ("scripts/check_intake_template_parity.py", "template/scripts/check_intake_template_parity.py"),
 )
 
+# DEC-0073 §10 / US-0090 — Caveman input-compression surface pairs. Contents
+# must be byte-identical between active and template paths; installer delivers
+# template copies (BUG-0003 / DEC-0066).
+CAVEMAN_COMPRESS_PAIRS: tuple[tuple[str, str], ...] = (
+    ("scripts/caveman_compress_input.py", "template/scripts/caveman_compress_input.py"),
+    ("docs/engineering/context/installer-owned-paths.manifest",
+     "template/docs/engineering/context/installer-owned-paths.manifest"),
+    ("docs/engineering/runbook.md", "template/docs/engineering/runbook.md"),
+    ("docs/engineering/auto-orchestration-reference.md",
+     "template/docs/engineering/auto-orchestration-reference.md"),
+)
+
+SCOPES: dict[str, tuple[tuple[str, str], ...]] = {
+    "intake": INTAKE_TEMPLATE_PAIRS,
+    "caveman-compress": CAVEMAN_COMPRESS_PAIRS,
+    "all": INTAKE_TEMPLATE_PAIRS + CAVEMAN_COMPRESS_PAIRS,
+}
+
 
 def main() -> int:
     p = argparse.ArgumentParser(description=__doc__)
@@ -25,10 +48,17 @@ def main() -> int:
         default=Path(__file__).resolve().parent.parent,
         help="Repository root",
     )
+    p.add_argument(
+        "--scope",
+        choices=sorted(SCOPES.keys()),
+        default="intake",
+        help="Parity pair table to verify.",
+    )
     args = p.parse_args()
     root: Path = args.repo
+    pairs = SCOPES[args.scope]
     failed = False
-    for rel_active, rel_tpl in INTAKE_TEMPLATE_PAIRS:
+    for rel_active, rel_tpl in pairs:
         a = root / rel_active
         t = root / rel_tpl
         if not a.is_file() or not t.is_file():
@@ -45,7 +75,7 @@ def main() -> int:
             failed = True
     if failed:
         return 2
-    print("[INTAKE_TEMPLATE_PARITY_OK]")
+    print(f"[INTAKE_TEMPLATE_PARITY_OK] scope={args.scope}")
     return 0
 
 

package/template/.cursor/commands/auto.md

@@ -19,6 +19,11 @@ description: "its-magic auto: deterministic continuation orchestrator."
 - Phase context transfer happens only through artifacts and handoff files.
 - Scope is process/workflow orchestration only. Do not claim runtime product
   orchestration changes.
+- **Bug-queue mode** (**`US-0087`**) uses the same **spawn-only** contract: the
+  orchestrator schedules materialization and spawns phase-role subagents per
+  bug segment—it **must not** run **`execute`**, **`qa`**, or other lifecycle
+  phases in the orchestrator turn. Violations → **`AUTO_ORCHESTRATOR_PHASE_EXECUTION`**
+  (**`BUG-0006`**, **`US-0069`**, **`DEC-0051`**).
 
 ## Spawn-boundary integrity (BUG-0006)
 
@@ -33,6 +38,39 @@ description: "its-magic auto: deterministic continuation orchestrator."
   (wrong writer / isolation break) and **`RUNTIME_PROOF_*`** / **`PHASE_ROLE_*`**
   families—do not overload those codes for a missing-spawn violation.
 
+## Continuous multi-phase execution (US-0088)
+
+A single `/auto` orchestrated run advances through **all phases** in the
+**intersected resolved schedule** (reference **Step 5**) until a
+**deterministic stop condition** fires. The orchestrator does **not** stop after
+spawning one phase unless the stop matrix requires it.
+
+**Outer-driver equivalence (AC-1, Option B)**: When a single Cursor `/auto`
+invocation cannot schedule multiple fresh subagent turns (product/runtime
+constraint), a **documented outer driver** (operator script or manual
+re-invocation with `start-from` / refreshed `resume_brief`) is
+**deterministically equivalent** provided: same intersected phase order, same
+isolation + strict-proof attestation per phase (**DEC-0038**), same stop
+reasons, and same `resume_brief` + `state.md` refresh at every boundary.
+Operators must follow the runbook recipe
+(**`docs/engineering/runbook.md`** § Continuous `/auto` + backlog drain).
+
+**Deterministic stop matrix** (see also architecture `# US-0088`):
+
+| Condition | Behavior |
+|-----------|----------|
+| Next phase exists, no hard stop | **Continue** — preflight US-0069, spawn next phase |
+| `decision_gate` | **Stop** (non-suppressible) |
+| `error` / missing critical input | **Stop** (non-suppressible) |
+| `AUTO_PAUSE_REQUEST` / `pause` | **Stop** at safe boundary (non-suppressible) |
+| `AUTO_LOOP_MAX_CYCLES` / `loop_max` | **Stop** (non-suppressible) |
+| `blocked` (sync/scope gate) | **Stop** (non-suppressible) |
+| US lifecycle DONE / sprint segment complete | **Stop** segment; `AUTO_BACKLOG_DRAIN=1` may advance to next OPEN story (recompute phase plan — **reference Step 5**) |
+| `BACKLOG_MAX_STORIES_REACHED` | **Stop** (non-suppressible) |
+
+`stop_reason` vocabulary: `completed`, `decision_gate`, `missing_input`,
+`pause_request`, `loop_max`, `error`, `blocked`.
+
 ## Full specification (US-0080 / DEC-0062)
 
 Long prose, expanded mode semantics, and **Steps 1–13** detail live in
@@ -101,16 +139,37 @@ Selectors and reinstatement: see reference. Phase-plan reason codes include
 `PHASE_POLICY_CONFLICT`, `PHASE_PLAN_UNKNOWN_PHASE`, `START_FROM_PHASE_PLAN_EMPTY_INTERSECTION`.
 
 Phase boundary visibility (**AC-10**): record `resolved_phase_plan` snapshot,
-`skipped_phases`, `phase_boundary`, `next_scheduled_phase` on `state.md`.
+`skipped_phases`, `phase_boundary`, `next_scheduled_phase` on `state.md`. For
+bug-queue segments, also record **`segment_work_item_kind`**, **`active_bug_id`**,
+**`bug_queue_position`**, **`bug_queue_remaining`**, **`backlog_drain_active`**,
+**`bug_queue_active`** per **`docs/engineering/architecture.md`** **`# US-0087`**
+and **`docs/engineering/auto-orchestration-reference.md`**.
 
 ## Inputs
 
 Merged scratchpad (**US-0073** / **DEC-0055**), automation flags (`AUTO_*`, `SECURITY_REVIEW`,
 `TEAM_*`), phase-plan keys `AUTO_PHASE_PLAN`, `AUTO_PHASE_EXCLUDE`, `AUTO_PHASE_INCLUDE`,
 `AUTO_PHASE_PROFILE`, `AUTO_PHASE_HIGH_RISK_ACK`, product/engineering docs,
-optional `start-from=<phase>`, optional `--execute-bulk`, `handoffs/resume_brief.md`,
+optional `start-from=<phase>`, optional **`bug-target=BUG-####`** or
+**`bug-target=all-open`**, optional `--execute-bulk`, `handoffs/resume_brief.md`,
 `docs/engineering/state.md`.
 
+## Automation remote routing contract (US-0086)
+
+- Automation-only gate: `AUTO_REMOTE_AUTOMATION_PROFILE=deterministic_v1` enables
+  target routing; `off` keeps manual/local behavior unchanged.
+- Explicit intent literal is constrained to: `start container <target_id>`.
+- Deterministic precedence when profile is enabled:
+  1. explicit intent target id resolution,
+  2. canonical target validation (`targets[].id` exists and is enabled),
+  3. documented heuristic fallback,
+  4. local default when no remote target is selected.
+- Fail-closed reason codes (do not overload):
+  `REMOTE_AUTOMATION_MODE_OFF`, `REMOTE_TARGET_UNKNOWN`,
+  `REMOTE_TARGET_DISABLED`, `REMOTE_TARGET_UNROUTABLE`.
+- Mode-off guardrail: never silently reroute `TEST_COMMAND` to remote when
+  automation profile is disabled.
+
 ## Canonical status contract (US-0045)
 
 Story status authority: `docs/product/backlog.md` only; do not infer readiness from
@@ -124,14 +183,43 @@ QA loop handoffs when applicable, continuation breadcrumbs including `resolution
 
 ## Stop conditions
 
-Decision gate, missing critical input, `AUTO_PAUSE_REQUEST` at safe boundary,
-`AUTO_LOOP_MAX_CYCLES` with unresolved defects.
+Deterministic stop reasons (see **Stop matrix** in `## Continuous multi-phase
+execution (US-0088)` above): `completed`, `decision_gate`, `missing_input`,
+`pause_request`, `loop_max`, `error`, `blocked`.
 
 ## Optional backlog-drain mode (US-0044 / DEC-0022)
 
 Canonical controls: `AUTO_BACKLOG_DRAIN`, `AUTO_BACKLOG_MAX_STORIES`, `AUTO_BACKLOG_ON_BLOCK`,
-`AUTO_STORY_SELECTION`. Reason codes include `BACKLOG_MAX_STORIES_REACHED`. Full semantics:
-reference.
+`AUTO_STORY_SELECTION`. When `AUTO_BACKLOG_DRAIN=1`, each story advances through
+**multiple phases** until its terminal boundary (**reference Step 5**); the
+orchestrator **recomputes** the materialized phase plan at each **story boundary**
+and selects the **next eligible OPEN story** per `AUTO_STORY_SELECTION`.
+Reason codes include `BACKLOG_MAX_STORIES_REACHED`. Full semantics: reference.
+
+## Optional bug-queue mode (US-0087)
+
+Canonical **argv** literals (exact strings; **no aliases** in v1):
+- **`bug-target=BUG-####`** (example: **`bug-target=BUG-0007`**) — single defect from
+  **`docs/product/backlog.md`** **`## Bug issues (canonical)`** with status **OPEN**.
+- **`bug-target=all-open`** — deterministic **OPEN**-only queue, ascending **numeric**
+  **`BUG-####`** sort, optional cap **`AUTO_BUG_MAX_ITEMS`** (see reference).
+
+Scratchpad keys (**default-off**): **`AUTO_BUG_QUEUE`**, **`AUTO_BUG_TARGET`**,
+**`AUTO_BUG_MAX_ITEMS`**, **`AUTO_BUG_ON_BLOCK`** — full semantics: reference +
+**`architecture.md`** **`# US-0087`**.
+
+**Scheduler mutex**: if merged scratchpad has **`AUTO_BACKLOG_DRAIN=1`** **and**
+**`AUTO_BUG_QUEUE=1`** **and** this invocation has **no** explicit **`bug-target=`**
+argv token → fail closed with **`AUTO_SCHEDULER_CONFLICT`** (use
+**`[AUTO_RESUME_ERROR] AUTO_SCHEDULER_CONFLICT: ...`** form per reference). When
+**`bug-target=`** argv is present, it **selects** the bug scheduler for this run;
+**`AUTO_BACKLOG_DRAIN`** must **not** also drive story selection for that same
+materialized run.
+
+Fail-closed codes (orthogonal to existing resume/phase codes; do **not** overload):
+- **`AUTO_BUG_QUEUE_EMPTY`** — **`all-open`** (or equivalent) and zero **OPEN** bugs.
+- **`AUTO_BUG_TARGET_UNKNOWN`** — malformed id, wrong pattern, or id missing from canonical bug section.
+- **`AUTO_BUG_TARGET_NOT_OPEN`** — known id exists but status is not **OPEN** (e.g. **DONE**).
 
 ## Optional bulk execute mode (US-0047 / DEC-0024)
 
@@ -152,12 +240,19 @@ Phase-completion boundary evaluation only. **Guarded auto-push eligibility chain
 
 ## Deterministic resume-source precedence
 
-Resolve start phase in strict order:
+Resolve nominal start phase and scheduler inputs in strict order (**`US-0087`**
+extends scratchpad vs **`resume_brief`** ordering — full matrix: reference):
 
 1. Explicit `/auto start-from=<phase>`
-2. `handoffs/resume_brief.md`
-3. Conservative `docs/engineering/state.md` fallback
-4. Fail fast on ambiguity/conflict/unrecoverable inputs
+2. Explicit **`bug-target=`** argv token when present (parsed **before** merged
+   scratchpad scheduler keys; selects bug scheduler for this run).
+3. Merged scratchpad (**`US-0073`** / **`DEC-0055`**) — including **`AUTO_BACKLOG_DRAIN`**,
+   **`AUTO_BUG_QUEUE`**, **`AUTO_BUG_TARGET`**, etc.
+4. `handoffs/resume_brief.md`
+5. Conservative `docs/engineering/state.md` fallback
+6. Fail fast on ambiguity/conflict/unrecoverable inputs (including
+   **`AUTO_SCHEDULER_CONFLICT`** when both schedulers are enabled in scratchpad
+   without **`bug-target=`** argv resolution).
 
 If `resume_brief.md` is present but stale or unparseable, fail fast instead
 of silently falling back.
@@ -177,22 +272,42 @@ Required codes:
 - `STATE_PHASE_AMBIGUOUS`
 - `STATE_PHASE_UNRECOVERABLE`
 
+Bug-queue extensions (**`US-0087`**; same **`[AUTO_RESUME_ERROR]`** envelope when
+used for resume/materialization failures):
+
+- `AUTO_SCHEDULER_CONFLICT`
+- `AUTO_BUG_QUEUE_EMPTY`
+- `AUTO_BUG_TARGET_UNKNOWN`
+- `AUTO_BUG_TARGET_NOT_OPEN`
+
 ## Steps (compact; full detail in reference)
 
 1. Read automation flags from merged scratchpad and **materialize the resolved
    phase plan** per **Configurable phase selection policy (US-0070 / DEC-0052)**; append
    plan breadcrumbs to `docs/engineering/state.md` **before** first spawn.
-2. Parse `start-from` / `--execute-bulk`; resolve nominal start phase; intersect with plan.
+2. Parse `start-from` / **`bug-target=`** / `--execute-bulk`; resolve scheduler
+   mutex (**`AUTO_SCHEDULER_CONFLICT`** when applicable); resolve nominal start phase;
+   intersect with plan.
 3. Record continuation metadata (`invocation_mode=auto`, `requested_start_from`,
    `resolved_start_phase`, `resolution_source`, `resolution_status`, `timestamp`).
 4. Spawn fresh subagents per intersected schedule; enforce **US-0069** preflight/post checks.
-5. Implementation loop, pause, stop breadcrumbs (`stop_reason` such as `completed|decision_gate|missing_input|pause_request|loop_max`, `stop_phase`, `timestamp`), `resume_brief` updates — reference.
-6. 11a. Isolation evidence verification at each boundary.
-7. 11b. At each phase boundary, verify strict runtime attestation tuple exists
+5. **Multi-phase continuation** (normative detail: **reference Step 5** in
+   **`docs/engineering/auto-orchestration-reference.md`** `## Steps` item 5):
+   advance through **all remaining phases** in the intersected resolved schedule
+   order until a **deterministic stop condition** fires (see **Stop matrix** in
+   `## Continuous multi-phase execution (US-0088)` above). When
+   `AUTO_BACKLOG_DRAIN=1`, repeat the story lifecycle for the next eligible OPEN
+   story, **reloading** scratchpad and **recomputing** the materialized phase
+   plan at each story boundary. Outer-driver equivalence applies when a single
+   invocation cannot schedule multiple subagent turns (**AC-1 Option B**).
+   `stop_reason`: `completed|decision_gate|missing_input|pause_request|loop_max|error|blocked`.
+6. Isolation evidence verification at each boundary (**reference** step 11a).
+7. At each phase boundary, verify strict runtime attestation tuple exists
    and is valid for the completed phase (`orchestrator_run_id`, `runtime_proof_id`,
-   `phase_id`, `role`, `proof_issued_at`, `proof_ttl_seconds`, `proof_hash`).
-8. Sync verdict recording when eligible — reference.
-9. Backlog-drain / bulk per-item summaries when enabled — reference.
+   `phase_id`, `role`, `proof_issued_at`, `proof_ttl_seconds`, `proof_hash`)
+   (**reference** step 11b).
+8. Sync verdict recording when eligible — reference step 12.
+9. Backlog-drain / bulk per-item summaries when enabled — reference step 13.
 
 ## Backward compatibility
 

package/template/.cursor/rules/caveman.mdc

@@ -0,0 +1,141 @@
+---
+description: "Caveman mode (US-0089) — optional response-side terse voice, default off"
+globs: ["**/*"]
+---
+
+# Caveman mode (US-0089)
+
+This rule composes an optional **response-side** terse / imperative assistant
+voice. It is **default off**. When `CAVEMAN_MODE` is unset or `0`, this rule
+adds **zero** behavioral change and the assistant responds exactly as it did
+pre-US-0089.
+
+Inspired by JuliusBrussee/caveman (MIT). External reference only; not vendored.
+
+## Scratchpad gate (authoritative across subagent spawns)
+
+Read the merged scratchpad (`.cursor/scratchpad.md`, then optional
+`.cursor/scratchpad.local.md` overrides per **DEC-0055**) for these keys:
+
+- `CAVEMAN_MODE=0|1` — default `0`. Absence is equivalent to `0`.
+- `CAVEMAN_LEVEL=lite|full|ultra` — default empty.
+  - With `CAVEMAN_MODE=0`: inert regardless of value.
+  - With `CAVEMAN_MODE=1` and `CAVEMAN_LEVEL` empty: treat as `full`
+    (mid-tier default, matching upstream reference).
+  - With `CAVEMAN_MODE=1` and a listed level: apply that level.
+  - With `CAVEMAN_MODE=1` and any other non-empty value: fail closed with
+    deterministic reason code `CAVEMAN_LEVEL_UNKNOWN` and fall back to
+    pre-US-0089 voice (no terseness applied) while continuing the turn.
+- `CAVEMAN_COMPRESS_INPUT=0|1` — **reserved for US-0090**; inert in US-0089;
+  no behavior until the compression story ships.
+- `CAVEMAN_FILE_SCOPE=` — **reserved for US-0090**; inert in US-0089; no
+  behavior until the compression story ships.
+
+Scratchpad values are **authoritative across subagent spawns**. Session
+toggle phrases (see below) are overlays for the current conversation only
+and do NOT persist across a fresh subagent context.
+
+## Literal-region invariant (9-zone hard MUST)
+
+When `CAVEMAN_MODE=1`, the following output regions remain **byte-literal**
+(no abbreviation, no rewording, no casing change). This rule is phrased as
+**MUST**, not SHOULD:
+
+1. **Fenced code blocks** — both plain triple-backtick blocks and CODE
+   REFERENCE blocks of the form `startLine:endLine:filepath`. Content, line
+   numbers, filepath, language tags, and whitespace preserved.
+2. **File / path strings** — anything matching
+   `` `[\w./-]+\.(md|py|ps1|sh|json|mdc|ts|tsx|js|jsx|yml|yaml|toml|ini|env|example|manifest)` ``
+   or enclosed in backticks that points to a repo path. Preserve extension
+   and case.
+3. **AC checklist items** — bullets of form `- [ ]` or `- [x]` and their
+   entire text (AC-1..AC-N).
+4. **Reason codes** — `ALL_CAPS_WITH_UNDERSCORES` tokens such as
+   `PHASE_CONTEXT_ISOLATION_VIOLATION`, `RUNTIME_PROOF_MISSING`,
+   `AUTO_RESUME_ERROR`, `AUTO_SCHEDULER_CONFLICT`, `REMOTE_TARGET_UNKNOWN`,
+   `CAVEMAN_LEVEL_UNKNOWN`, `INTAKE_PERSISTENCE_BLOCKED`.
+5. **IDs** — `US-xxxx`, `DEC-xxxx`, `R-xxxx`, `BUG-####`, `S0xxx`, `T-xxx`.
+6. **Contract markers** — `[BUG_VALIDATION_OK]`,
+   `[INTAKE_EVIDENCE_VALIDATION_OK]`, `[SCRATCHPAD_PAIR_OK]`,
+   `[ARTIFACT_ORDERING_ANCHOR_AMBIGUOUS]`, `[CODEBASE_MAP_OK]`, and siblings.
+7. **Strict-proof tuple fields** — `orchestrator_run_id`, `runtime_proof_id`,
+   `proof_hash`, `proof_issued_at`, `proof_ttl_seconds`, `phase_id`, `role`
+   (DEC-0038).
+8. **Isolation evidence fields** — `fresh_context_marker`, `evidence_ref`,
+   `timestamp` (DEC-0029).
+9. **Commit / git refs** — quoted `git commit` messages, branch names, SHAs,
+   `HEAD`, tag names.
+
+Forbidden "garbling" examples (never permitted even under `ultra`): dropping
+the `US-` prefix from an ID, lowercasing a reason code, collapsing a fenced
+code block into a bullet, truncating a path mid-filename, abbreviating a
+proof hash.
+
+## Non-suppressible gate vocabulary (inherited from US-0088)
+
+Caveman voice MUST NOT remove or abbreviate the following gate tokens — they
+render byte-literal even under `CAVEMAN_LEVEL=ultra`:
+
+- `decision_gate`
+- `error`
+- `pause`
+- `loop_max`
+- `blocked`
+- `missing input`
+- `[BUG_VALIDATION_OK]`
+- `[INTAKE_EVIDENCE_VALIDATION_OK]`
+- `[SCRATCHPAD_PAIR_OK]`
+
+## Operator toggle phrases (canonical set)
+
+| Phrase | Effect |
+|--------|--------|
+| `caveman on` | Enable Caveman voice for the session (overlay). Effective from the next assistant turn. |
+| `caveman off` | Disable Caveman voice for the session (overlay). Effective from the next assistant turn. |
+| `stop caveman` | Alias for `caveman off`. |
+| `normal mode` | Alias for `caveman off`. |
+| `caveman: lite|full|ultra` | Set level for the session (implies `caveman on`). Effective from the next assistant turn. Accepts the three literal tokens `caveman: lite`, `caveman: full`, `caveman: ultra`. |
+
+Determinism rules:
+
+- Scratchpad `CAVEMAN_MODE` / `CAVEMAN_LEVEL` are **authoritative across
+  subagent spawns**; session toggles are overlays for the current
+  conversation only and do NOT persist across a fresh subagent context.
+- Within a session, the **last explicit toggle wins**.
+- A mid-turn toggle applies **from the next turn onward**; current-turn
+  machine-verifiable artifacts (gate messages, reason codes, strict-proof
+  tuples, isolation-evidence fields) remain literal regardless of the
+  toggle.
+- Ambiguous phrases (`be caveman-lite`, `quiet caveman`, `cave man off`,
+  etc.) are **not recognized** — only the exact literal matches above fire.
+
+## Composition (non-substitution) with TOKEN_PROFILE
+
+`TOKEN_PROFILE` controls context breadth. `CAVEMAN_MODE` controls reply
+voice. Neither substitutes for the other; setting one does not change the
+other. Combine freely.
+
+## Default-off invariant
+
+With `CAVEMAN_MODE=0` or absent, this rule adds zero behavioral change:
+existing command strings, gate ordering, spawn-only phrasing (BUG-0006),
+contract-test token lists, `AUTO_QUIET` non-suppressible vocabulary
+(US-0088), user-visible ID metadata (US-0071), strict-proof tuples
+(DEC-0038), and isolation evidence fields (DEC-0029) all remain unchanged.
+
+## Non-goals (US-0089)
+
+- No input-side file compression. `CAVEMAN_COMPRESS_INPUT` and
+  `CAVEMAN_FILE_SCOPE` are documented no-ops here; US-0090 owns that
+  vertical.
+- No change to `TOKEN_PROFILE` (DEC-0035 / US-0080), context packs, archive
+  policy, or phase-context slimming.
+- No rewrite of canonical artifacts (`docs/product/backlog.md`,
+  `docs/product/acceptance.md`, `docs/engineering/state.md` schema,
+  `docs/engineering/decisions.md`, DEC files).
+- No new npm / Python dependencies. No `package.json` edit.
+- No vendor plugin install. No package-manager install recipe is surfaced;
+  the JuliusBrussee/caveman reference is documentation-only.
+- No change to spawn-only orchestration (US-0048 / DEC-0029 / BUG-0006),
+  strict runtime proof (DEC-0038), `AUTO_QUIET` non-suppressible list
+  (US-0088), or US-0071 visible-metadata rules.

package/template/.cursor/rules/coding-standards.mdc

@@ -26,6 +26,13 @@ globs: ["**/*"]
 - Remote config security (DEC-0016): never commit secret literals (tokens,
   passwords, private keys) in `.cursor/remote.json`; use environment-variable
   references only (for example `tokenEnv`, `passwordEnv`, `privateKeyPathEnv`).
+- `.env` exclusion (DEC-0071 / US-0085): do not open, attach, read, search
+  inside, or index `.env` or `.env.*` files. Use environment variable names
+  in prose only. Operators source `.env` outside agent context.
+- Automation remote routing (US-0086): when `AUTO_REMOTE_AUTOMATION_PROFILE=off`,
+  keep local behavior and never silently reroute `TEST_COMMAND` to remote.
+  Explicit NL routing is limited to `start container <target_id>` and unknown or
+  disabled targets must fail closed with documented reason codes.
 - Performance by default: avoid obvious N+1 loops, repeated expensive work, and
   unnecessary I/O in hot paths.
 - Documentation by default: update relevant docs when behavior, setup, or usage