mindforge-cc 1.0.0

package/.agent/mindforge/security-scan.md

@@ -0,0 +1,233 @@
+# MindForge — Security Scan Command
+# Usage: /mindforge:security-scan [path] [--deep] [--deps] [--secrets]
+# Standalone security scan. Can be run independently of the phase lifecycle.
+
+## Scan modes
+- Default: OWASP Top 10 review on the changed files or specified path
+- `--deep`: Extended scan including all files, not just changed
+- `--deps`: Dependency audit (CVE scan of package.json / requirements.txt)
+- `--secrets`: Secret detection scan only (fast, suitable for pre-commit hook)
+- Flags composable: `--deps --secrets` runs both dependency audit and secret detection
+
+## Step 1 — Activate Security Reviewer persona
+
+Load `security-reviewer.md` persona immediately and completely.
+This command runs entirely in security mode. Do not switch personas.
+
+## Step 2 — Build scan scope
+
+```bash
+# Default: staged + unstaged changes
+git diff HEAD --name-only
+
+# With path argument
+find [path] -name "*.ts" -o -name "*.js" -o -name "*.py"
+
+# --deep: all source files
+find src/ -type f \( -name "*.ts" -o -name "*.js" -o -name "*.py" \)
+```
+
+## Step 3 — OWASP Top 10 scan (always runs unless --secrets only)
+
+For each file in scope, check all 10 OWASP categories:
+
+### A01 — Broken Access Control
+- Scan for: missing auth middleware, direct object references, path traversal
+- Patterns to flag:
+  ```
+  req.params.userId         # Direct user ID from request — verify ownership check
+  fs.readFile(userInput)    # Path traversal risk
+  WHERE id = ${id}          # Direct injection without parameterisation
+  ```
+
+### A02 — Cryptographic Failures
+- Scan for: weak algorithms, insecure transport, unencrypted sensitive data
+- Patterns to flag:
+  ```
+  md5(, sha1(, sha256(password  # Weak password hashing
+  http://   # Non-HTTPS URLs in API calls
+  Math.random()  # Cryptographically insecure random
+  ```
+
+### A03 — Injection
+- Scan for: SQL, NoSQL, OS, LDAP injection
+- Patterns to flag:
+  ```
+  `SELECT * FROM users WHERE email = '${  # SQL injection
+  exec(, execSync(, child_process         # OS command injection
+  eval(userInput                          # Code injection
+  ```
+
+### A04 — Insecure Design
+- Scan for: missing rate limiting, no input validation, trust boundary issues
+- Patterns to flag: endpoints without validation middleware, no rate limit decorators
+
+### A05 — Security Misconfiguration
+- Scan for: debug mode in production, default credentials, verbose errors
+- Patterns to flag:
+  ```
+  console.error(err)        # Exposes stack traces to clients
+  NODE_ENV !== 'production' # Debug code paths
+  ALLOW_ALL, *, cors({origin: '*'})  # Overly permissive CORS
+  ```
+
+### A06 — Vulnerable Components
+- Run: `npm audit --audit-level=moderate` or `pip-audit`
+- Flag any HIGH or CRITICAL CVEs
+
+### A07 — Authentication Failures
+- Scan for: missing password complexity, no brute force protection, weak sessions
+- Patterns to flag:
+  ```
+  bcrypt.hashSync(pass, 1)  # Cost factor too low
+  jwt.verify(token, '', {   # Empty secret
+  session.destroy(          # Verify redirect after destroy
+  ```
+
+### A08 — Software and Data Integrity Failures
+- Check: no package-lock.json means no integrity guarantee
+- Check: any `curl | sh` or `wget | bash` patterns
+
+### A09 — Security Logging Failures
+- Scan for: no logging on auth failures, admin actions not logged, PII in logs
+- Patterns to flag:
+  ```
+  user.email in any log statement
+  password in any log statement
+  catch(e) {}  # Silent failure = no security log
+  ```
+
+### A10 — SSRF
+- Scan for: server-side requests to user-controlled URLs
+- Patterns to flag:
+  ```
+  fetch(req., axios.get(req., axios.post(req., http.get(req.,
+  req.body.url, req.params.url, req.query.url, req.headers
+  ```
+
+## Step 4 — Secret detection (--secrets or always as part of default scan)
+
+Pattern-based scan across all files in scope:
+
+```bash
+# High confidence patterns (always flag as CRITICAL)
+grep -rn -E "(sk-[a-zA-Z0-9]{20,}|AKIA[A-Z0-9]{16}|ghp_[a-zA-Z0-9]{36})" .
+
+# Credential assignment patterns (flag as HIGH)
+grep -rn -E "(password|passwd|secret|api_key|apikey|access_token)\s*=\s*['\"][^'\"]{8,}" .
+
+# Azure connection strings
+grep -rn -E "DefaultEndpointsProtocol=https;AccountName=" .
+
+# GCP service account keys
+grep -rn -E "\"type\"\\s*:\\s*\"service_account\"" .
+
+# PEM/Certificate content
+grep -rn "-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----" .
+
+# Database URLs with credentials
+grep -rn -E "postgres://[^:]+:[^@]+@|mysql://[^:]+:[^@]+@" .
+```
+
+Report each finding with:
+- File and line number
+- The matched pattern (redact the actual secret value: show first 4 chars + ***)
+- Severity: CRITICAL if a real credential pattern, HIGH if credential-shaped pattern
+Redaction applies to both console output and the report file.
+
+## Step 5 — Dependency audit (--deps flag)
+
+```bash
+# Node.js projects
+npm audit --json 2>/dev/null | node -e "
+  const data = JSON.parse(require('fs').readFileSync('/dev/stdin', 'utf8'));
+  const vulns = data.vulnerabilities || {};
+  Object.entries(vulns).forEach(([name, v]) => {
+    if (['high','critical'].includes(v.severity)) {
+      console.log(v.severity.toUpperCase() + ': ' + name + ' — ' + v.via[0]?.title);
+    }
+  });
+"
+
+# Python projects
+pip-audit --format json 2>/dev/null
+```
+
+## Step 6 — Write security scan report
+
+`.planning/SECURITY-SCAN-[timestamp].md`:
+
+```markdown
+# Security Scan Report
+**Date:** [ISO-8601]
+**Scope:** [what was scanned]
+**Scanner:** MindForge Security Reviewer
+
+## Executive Summary
+[1-2 sentences: overall security posture, number of findings by severity]
+
+## Critical Findings (fix immediately — block all merges)
+[OWASP category] | [File:Line] | [Description] | [Remediation]
+
+## High Findings (fix before next release)
+...
+
+## Medium Findings (fix in next sprint)
+...
+
+## Low Findings (backlog)
+...
+
+## Dependency Audit
+| Package | Version | Severity | CVE | Fixed in |
+|---|---|---|---|---|
+
+## Secret Detection
+| File | Pattern | Severity | Action |
+|---|---|---|---|
+
+## Verdict
+✅ CLEAN — No critical or high findings
+⚠️  ISSUES — [N] critical, [N] high findings require attention
+```
+
+## Important: scan report visibility
+
+Security scan reports are written to `.planning/SECURITY-SCAN-[timestamp].md`.
+
+**Private repository:** Keep reports committed — they are valuable for audit
+history and team security review.
+
+**Public repository:** Add `.planning/SECURITY-SCAN-*.md` to `.gitignore`
+to avoid exposing vulnerability information to potential attackers.
+
+MindForge does not make this decision for you — configure `.gitignore`
+based on your repository's visibility.
+
+## Step 7 — Write AUDIT entry
+
+```json
+{
+  "event": "security_scan_completed",
+  "scope": "[path or 'staged changes']",
+  "flags": ["--deps", "--secrets"],
+  "critical_findings": [N],
+  "high_findings": [N],
+  "secrets_detected": [N],
+  "vulnerable_deps": [N],
+  "report_path": ".planning/SECURITY-SCAN-[timestamp].md"
+}
+```
+
+## Automatic blocking behaviour
+If CRITICAL findings are detected: print a prominent warning:
+```
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+🔴 CRITICAL SECURITY FINDINGS DETECTED
+
+  [N] critical issues must be fixed before any code is merged.
+  See: .planning/SECURITY-SCAN-[timestamp].md
+
+  Do NOT commit or deploy until these are resolved.
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+```

package/.agent/mindforge/ship.md

@@ -0,0 +1,100 @@
+Create a release PR for a verified phase. Usage: /mindforge:ship [N]
+
+## Pre-check
+Read UAT.md for phase N. If status is not "All passed ✅": stop.
+Tell the user: "Phase [N] has not been fully verified. Run /mindforge:verify-phase [N] first."
+
+## Step 1 — Generate changelog entry
+Read all SUMMARY files for phase N.
+Read REQUIREMENTS.md for phase N items.
+Generate a CHANGELOG.md entry following Keep a Changelog format:
+
+```markdown
+## [Unreleased] — Phase [N]: [Phase description]
+
+### Added
+- [New feature from this phase]
+
+### Changed
+- [Changed behaviour]
+
+### Fixed
+- [Bug fixes]
+
+### Security
+- [Security improvements]
+```
+
+Prepend this to CHANGELOG.md.
+
+## Step 2 — Run final quality gates
+Run all of the following and report results:
+```bash
+# Type checking
+npx tsc --noEmit
+
+# Linting
+npx eslint . --ext .ts,.tsx --max-warnings 0
+
+# Tests
+npm test
+
+# Security scan (if npm project)
+npm audit --audit-level=high
+```
+
+If any gate fails: stop. Report the failures. Do not proceed to PR creation.
+
+## Step 3 — Create PR description
+Generate a complete PR description:
+
+```markdown
+## MindForge Phase [N] — [Phase description]
+
+### Summary
+[2-3 sentences describing what this phase delivered]
+
+### Changes
+[Bullet list of major changes from SUMMARY files]
+
+### Requirements delivered
+| FR ID | Description                  | Verified |
+|-------|------------------------------|----------|
+| FR-01 | ...                          | ✅       |
+
+### Testing
+- Unit tests: [pass/fail + coverage %]
+- Integration tests: [pass/fail]
+- UAT: Completed and signed off (see UAT.md)
+
+### Security
+- [ ] Security review completed (see SECURITY-REVIEW-N.md)
+- [ ] No hardcoded secrets in diff
+- [ ] All dependencies scanned for CVEs
+
+### Checklist
+- [x] CHANGELOG.md updated
+- [x] All tests pass
+- [x] No linter errors
+- [x] UAT signed off
+- [ ] Reviewed by: [assign]
+```
+
+## Step 4 — Commit and tag
+```bash
+git add CHANGELOG.md
+git commit -m "docs(changelog): add Phase [N] release notes"
+git push origin feat/mindforge-core-scaffold
+```
+
+Tell the user the PR description and instruct them to open the PR manually
+(or provide the `gh pr create` command if GitHub CLI is available).
+
+Tell the user:
+"✅ Phase [N] ready to ship.
+ PR description generated above.
+ Open your PR, assign reviewers, and merge when approved."
+
+## Step 5 — Update state
+Update STATE.md to mark Phase [N] as shipped.
+Update HANDOFF.json with next phase number.

package/.agent/mindforge/skills.md

@@ -0,0 +1,141 @@
+# MindForge — Skills Command
+# Usage: /mindforge:skills [subcommand] [args]
+# Subcommands: list | add | update | validate | info | search
+
+## Subcommand: list
+`/mindforge:skills list`
+
+Read MANIFEST.md. Display all registered skills in a formatted table
+(include path for each skill):
+
+```
+MindForge Skills Registry
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  Tier 1 — Core Skills (10 installed)
+  ────────────────────────────────────────────────────────────
+  ✅  security-review     v1.0.0   stable   .mindforge/skills/security-review/SKILL.md
+  ✅  code-quality        v1.0.0   stable   .mindforge/skills/code-quality/SKILL.md
+  ✅  api-design          v1.0.0   stable   .mindforge/skills/api-design/SKILL.md
+  ✅  testing-standards   v1.0.0   stable   .mindforge/skills/testing-standards/SKILL.md
+  ✅  documentation       v1.0.0   stable   .mindforge/skills/documentation/SKILL.md
+  ✅  performance         v1.0.0   stable   .mindforge/skills/performance/SKILL.md
+  ✅  accessibility       v1.0.0   stable   .mindforge/skills/accessibility/SKILL.md
+  ✅  data-privacy        v1.0.0   stable   .mindforge/skills/data-privacy/SKILL.md
+  ✅  incident-response   v1.0.0   stable   .mindforge/skills/incident-response/SKILL.md
+  ✅  database-patterns   v1.0.0   stable   .mindforge/skills/database-patterns/SKILL.md
+
+  Tier 2 — Org Skills (0 installed)
+  ────────────────────────────────────────────────────────────
+  (none — run /mindforge:skills add to add org skills)
+
+  Tier 3 — Project Skills (0 installed)
+  ────────────────────────────────────────────────────────────
+  (none)
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  Total: 10 skills   |   Run /mindforge:skills validate to check health
+```
+
+## Subcommand: info
+`/mindforge:skills info [skill-name]`
+
+Display detailed information about a specific skill:
+
+```
+Skill: security-review
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  Version      : 1.0.0
+  Status       : stable
+  Tier         : 1 (Core)
+  Min MindForge: 0.1.0
+  Path         : .mindforge/skills/security-review/SKILL.md
+
+  Triggers (25):
+  auth, authentication, authorisation, authorization, login,
+  logout, password, token, JWT, session, cookie, OAuth,
+  payment, billing, stripe, PII, GDPR, personal data,
+  upload, file upload, credentials, API key, secret, env,
+  environment variable, encryption, hashing, bcrypt, argon2
+
+  Changelog:
+  1.0.0 — Initial stable release
+```
+
+## Subcommand: search
+`/mindforge:skills search [keyword]`
+
+Find which skills would activate for a given keyword:
+
+```
+/mindforge:skills search "database query"
+
+  Matching skills for "database query":
+  ────────────────────────────────────────────────────────────
+  database-patterns  v1.0.0  [tier 1]  trigger: "database", "query"
+  performance        v1.0.0  [tier 1]  trigger: "query time"
+
+  These 2 skills would be automatically loaded for a task
+  containing "database query" in its description.
+```
+
+## Subcommand: validate
+`/mindforge:skills validate`
+
+Run a health check on all installed skills:
+
+```
+Validating skills...
+
+  ✅  security-review     — frontmatter valid, file readable, triggers: 29
+  ✅  code-quality        — frontmatter valid, file readable, triggers: 14
+  ✅  performance         — frontmatter valid, file readable, triggers: 31
+  ⚠️  [org-skill-name]   — frontmatter valid but missing 'version' field
+  ❌  [missing-skill]    — listed in MANIFEST.md but file not found
+
+  Issues found: 2
+  Run /mindforge:skills add to fix missing skills.
+  Fix frontmatter issues manually in the SKILL.md file.
+```
+
+Validation checks:
+1. Every manifest entry has a corresponding SKILL.md file
+2. Every SKILL.md has: `name`, `version`, `status`, `triggers` in frontmatter
+3. Every SKILL.md has a self-check or checklist section
+4. All versions are valid semver strings
+5. No two skills at the same tier share the same trigger keyword (flag as ⚠️)
+6. Every skill file is readable (not empty, not corrupted)
+
+## Subcommand: add
+`/mindforge:skills add [path-to-skill-dir]`
+
+Register a new skill in the manifest:
+
+1. Read the SKILL.md in the provided path
+2. Validate the frontmatter (all required fields present)
+3. Check for trigger keyword conflicts with existing skills
+4. Ask the user: "Which tier should this skill be registered as? (2=Org / 3=Project)"
+5. Show the exact MANIFEST.md entry that will be written and ask for confirmation
+6. Add the entry to MANIFEST.md in the correct section
+7. Run `/mindforge:skills validate` to confirm registration is clean
+8. Commit: `feat(skills): register [skill-name] v[version] as tier [N] skill`
+
+## Subcommand: update
+`/mindforge:skills update [skill-name]`
+
+Update a skill to a newer version:
+
+1. Read current version from MANIFEST.md
+2. Check the skill's changelog in SKILL.md for available updates
+3. If MAJOR version change: show breaking changes, require confirmation
+4. If MINOR or PATCH: update automatically
+5. Update MANIFEST.md version entry
+6. Run `/mindforge:skills validate` after update
+7. Run `node tests/skills-platform.test.js` after update
+8. Commit: `chore(skills): update [name] v[old] → v[new]`
+
+## Error handling
+- If MANIFEST.md does not exist: offer to create it with current skills
+- If a skill name is not found: suggest similar names (fuzzy match)
+- If validation finds critical errors: block any phase execution until fixed
+  (A skills validation failure is a BLOCKING issue)

package/.agent/mindforge/status.md

@@ -0,0 +1,104 @@
+# MindForge — Status Command
+# Usage: /mindforge:status
+
+Display a rich dashboard of the current project state.
+Pull data from STATE.md, AUDIT.jsonl, REQUIREMENTS.md, and the phases directory.
+
+## Dashboard sections
+
+### Section 1 — Project header
+```
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+⚡ MindForge Status — [Project Name]
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  Last updated : [STATE.md last updated timestamp]
+  Current phase: Phase [N] — [phase description]
+  Status       : [status from STATE.md]
+```
+
+### Section 2 — Phase progress
+```
+Phase Progress
+───────────────────────────────────────────────────────
+  Phase 1  [████████████████████] 100% — Complete ✅
+  Phase 2  [████████░░░░░░░░░░░░]  40% — In progress
+  Phase 3  [░░░░░░░░░░░░░░░░░░░░]   0% — Not started
+  Phase 4  [░░░░░░░░░░░░░░░░░░░░]   0% — Not started
+```
+Calculate percentage from: tasks with SUMMARY files / total tasks in phase.
+Count ONLY SUMMARY files that contain `Status: Completed ✅` (or `Status` + `Completed`).
+Do not count failed tasks as progress.
+If VERIFICATION.md is missing for a phase: label it "In progress" not "0% verified".
+
+### Section 3 — Requirements coverage
+Read REQUIREMENTS.md and count:
+- Total v1 requirements
+- Requirements with a passing test (from VERIFICATION.md files)
+- Requirements implemented but untested
+- Requirements not yet started
+
+```
+Requirements (v1)
+───────────────────────────────────────────────────────
+  Total        : [N]
+  ✅ Done + tested  : [N]
+  ⚠️  Done, no test : [N]
+  🔴 Not started   : [N]
+```
+
+### Section 4 — Recent activity (from AUDIT.jsonl)
+Read the last 10 entries from AUDIT.jsonl and display:
+```
+Recent Activity
+───────────────────────────────────────────────────────
+  [timestamp]  task_completed  Plan 03: User API endpoints ✅
+  [timestamp]  task_completed  Plan 02: Product model ✅
+  [timestamp]  task_started    Plan 03: User API endpoints
+  [timestamp]  task_completed  Plan 01: User model ✅
+  [timestamp]  context_compaction  Phase 2, Plan 03 (72% context)
+```
+If AUDIT.jsonl is empty or missing, display:
+```
+Recent Activity
+───────────────────────────────────────────────────────
+  No activity logged yet. Activity will appear here
+  after running /mindforge:execute-phase.
+```
+
+### Section 5 — Open issues
+Check for:
+- Any open SECURITY-REVIEW files with CRITICAL or HIGH findings
+- Any BUGS.md files with open issues
+- Any failed tasks in WAVE-REPORT files
+- Any blockers in STATE.md
+
+```
+Open Issues
+───────────────────────────────────────────────────────
+  🔴 CRITICAL: [if any — from SECURITY-REVIEW]
+  🟠 HIGH:     [if any]
+  ✅ No open issues
+```
+
+### Section 6 — Next action
+```
+Next Action
+───────────────────────────────────────────────────────
+  [What STATE.md says the next action is]
+  Run: /mindforge:next
+     to auto-execute the next step.
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+```
+
+## Data sources (in priority order)
+1. STATE.md — authoritative for current status
+2. AUDIT.jsonl — authoritative for history
+3. REQUIREMENTS.md — authoritative for scope
+4. VERIFICATION.md files — authoritative for test coverage
+5. WAVE-REPORT files — authoritative for execution history
+6. HANDOFF.json — authoritative for session state
+
+## Performance notes
+- For recent activity, read only the last 500 bytes of AUDIT.jsonl:
+  `tail -c 500 .planning/AUDIT.jsonl | [parse last complete JSON objects]`
+- For requirement counts, count lines starting with `| FR-` instead of parsing the whole file.

package/.agent/mindforge/sync-confluence.md

@@ -0,0 +1,11 @@
+Publish approved planning artifacts to Confluence. Usage:
+`/mindforge:sync-confluence [--architecture] [--phase N] [--milestone name]`
+
+## Behaviour
+- verify Confluence availability through `connection-manager.md`
+- publish idempotently by existing page title or page ID
+- never publish secrets, raw approval notes, or raw audit logs
+- log success, skip, or failure to AUDIT
+
+Publishing failures are non-fatal and create a pending manual action in
+ `STATE.md`.

package/.agent/mindforge/sync-jira.md

@@ -0,0 +1,12 @@
+Synchronise MindForge phase and plan metadata to Jira. Usage:
+`/mindforge:sync-jira [--phase N] [--plan M]`
+
+## Behaviour
+- verify Jira availability through `connection-manager.md`
+- create or update Epic and Story mappings in `.planning/jira-sync.json`
+- use dynamic transition lookup, never hardcoded IDs
+- preserve manual Jira edits
+- log all actions to AUDIT
+
+Integration failures are non-fatal and should be written to `STATE.md` for
+ manual retry.

package/.agent/mindforge/tokens.md

@@ -0,0 +1,8 @@
+# MindForge — Token Usage Command
+# Usage: /mindforge:tokens [--phase N] [--session ID] [--window short|medium|long] [--optimise]
+
+## Purpose
+Display token consumption profile and efficiency analysis.
+Helps identify where tokens are being spent and how to reduce waste.
+
+## Default output (no flags — last 5 sessions)

package/.agent/mindforge/update.md

@@ -0,0 +1,42 @@
+# MindForge — Update Command
+# Usage: /mindforge:update [--apply] [--force] [--check] [--skip-changelog]
+
+## Purpose
+Check for and apply MindForge framework updates in a safe, scope-preserving way.
+
+## Execution flow
+
+### 1. Version check
+Execute `bin/updater/self-update.js` `checkAndUpdate()`.
+Always show: current version, latest version, update type (major/minor/patch).
+
+### 2. Changelog display (unless --skip-changelog)
+Fetch and display the relevant CHANGELOG.md section.
+For major updates: prefix with ⚠️ BREAKING CHANGES notice.
+Limit display to 3,000 characters — link to full CHANGELOG for the rest.
+
+### 3. Confirmation gate (unless --apply)
+Without --apply: show update info, stop. Do not modify any files.
+Message: "To apply this update: /mindforge:update --apply"
+
+### 4. Apply (with --apply)
+a. Detect original install scope (local vs global, claude vs antigravity)
+b. Read schema_version from HANDOFF.json (captures current version BEFORE update)
+c. Run `npx mindforge-cc@[latest] --[runtime] --[scope]`
+d. Run migration: `node bin/migrations/migrate.js` with captured schema_version
+e. Run /mindforge:health to verify update succeeded
+
+### 5. Post-update health check
+If health errors: surface them immediately with specific fix instructions.
+Common post-update issue: CLAUDE.md and .agent/CLAUDE.md drifted → auto-repair.
+
+## Error scenarios and recovery
+
+| Error | Recovery |
+|---|---|
+| npm registry unreachable | Message: "Check internet. Manual: npm info mindforge-cc version" |
+| Update download fails | Retry once, then suggest manual: `npx mindforge-cc@latest` |
+| Migration fails | Restored from backup automatically. Run /mindforge:migrate manually. |
+| Install scope detection fails | Prompt user: "Is your install global or local?" |
+
+## AUDIT entry