nurosys-agents 2.0.0 → 2.1.0

package/.agent/templates/UX_PLAN.md

@@ -0,0 +1,228 @@
+# UX_PLAN — `<feature_name>`
+
+_Written by `/ux-architect`. Consumed by `/architect` for technical module decomposition. Approved by user before `/architect` runs._
+
+---
+
+## 1. Feature summary
+
+<One paragraph: who the user is, what they see, what success looks like, accessibility/responsive scope.>
+
+---
+
+## 2. Scope decisions (confirmed with user)
+
+**In scope:**
+- ...
+
+**Out of scope:**
+- ...
+
+**Assumptions:**
+- ...
+
+---
+
+## 3. Reuse from existing app
+
+Existing pages, views, hooks, or components this feature should extend or compose with rather than duplicate. Surface every relevant match — do not silently re-implement.
+
+| Type | Name / path | How this feature uses it |
+|------|------------|---------------------------|
+| Page | `src/.../page.tsx` | Extends the existing list page with a new column / filter / action |
+| View | `<ViewName>` | Composes within the new page's content area |
+| Hook | `useX` | Re-used for data-fetching; no new hook needed |
+| Component | `<ComponentName>` | Re-used in dialog body |
+
+*(none)* — if the feature is genuinely greenfield in this codebase.
+
+---
+
+## 4. Component reuse from design system
+
+From `/vuexy-component-guide` sub-agent's `reuse_candidates`. Every UI element in this plan should appear here unless it has a corresponding entry in §5 "Gaps".
+
+| UI element | Use component(s) | Pattern | Ref | Notes |
+|-----------|------------------|---------|-----|-------|
+| Edit-user dialog | `CustomDialog` + `CustomTextField` + react-hook-form template | Standard form-dialog | `examples.md#form-dialogs` | Validate with valibot; show field-level errors |
+| User list table | `MUI DataGrid` (Vuexy wrapper) | Server-side pagination | `examples.md#data-grid` | Use the project's `useServerPaginatedQuery` hook |
+
+---
+
+## 5. Gaps & new patterns
+
+From `/vuexy-component-guide` sub-agent's `gaps`. Each gap must have a decision attached — do not leave a gap unresolved.
+
+| UI element | Why no reuse | Decision |
+|-----------|--------------|----------|
+| Inline editable cells | No matching wrapper in design system today | **Defer** — show a row-level edit dialog instead (added to §4) |
+| Custom split-pane layout | Not in design system | **Extend design system** — surface to user; if approved, must run `/create-blueprint design-system` before implementation |
+
+*(none)* — if the design system fully covers this feature's UI.
+
+---
+
+## 6. Pages & routes
+
+Every new or modified route in `src/app/` (or the project's pages directory per `repo-map.md`).
+
+| Route | Action | `'use client'`? | Auth | Notes |
+|-------|--------|-----------------|------|-------|
+| `/dashboard/users` | Modify (add filter UI) | server (page) + client (filter component) | private + `users:read` | — |
+| `/dashboard/users/[id]` | New | server (page) + client (edit form) | private + `users:update` | — |
+
+---
+
+## 7. Page-by-page layout
+
+For each page added or significantly modified, an ASCII wireframe + region-by-region composition.
+
+### `/dashboard/users` (modified)
+
+```
+┌──────────────────────────────────────────────────────────────┐
+│ Breadcrumb: Dashboard > Users                                │
+├──────────────────────────────────────────────────────────────┤
+│ Header: "Users"   [Add user button] [Bulk actions menu]      │
+├──────────────────────────────────────────────────────────────┤
+│ Filter bar: [Search input] [Role select] [Status toggle]     │  ← NEW
+├──────────────────────────────────────────────────────────────┤
+│                                                              │
+│           Data grid (existing UserListGrid)                  │
+│           Adds column: "Last active"                         │  ← NEW
+│                                                              │
+└──────────────────────────────────────────────────────────────┘
+```
+
+**Composition:**
+- Header: existing `<PageHeader>` (no change)
+- Filter bar (NEW): composed of `CustomTextField` (search) + `CustomAutocomplete` (role) + `CustomSwitch` (status)
+- Data grid: existing `<UserListGrid>`, extended with a "lastActive" column via the existing `columns` prop API
+
+---
+
+## 8. Dialogs / drawers / modals
+
+| Name | Trigger | Composition | Dismissal |
+|------|---------|-------------|-----------|
+| Edit user dialog | Row → kebab menu → "Edit" | `CustomDialog` (md size) → header + react-hook-form body + footer with Cancel/Save | Cancel → close; Save → validate → submit → toast → close |
+| Bulk-action confirm modal | "Bulk actions" → action → "Apply" | `CustomDialog` (sm size) → confirmation text + Cancel/Confirm | Standard |
+
+---
+
+## 9. Forms
+
+For each form, list fields + validation + submit behavior.
+
+### Edit user form
+
+| Field | Type | Validation | Notes |
+|-------|------|------------|-------|
+| `email` | text | required, email | disabled in edit mode (immutable) |
+| `displayName` | text | required, max 100 | — |
+| `role` | select | required, must be in role enum from `auth-model.md` | — |
+| `isActive` | switch | — | — |
+
+- **Library**: react-hook-form + valibot (per `design-system.md`)
+- **Submit behavior**: optimistic UI + server reconcile; on error → roll back UI and show field-level errors from server response
+- **Error rendering**: inline under field via `helperText`; toast for unexpected server errors
+
+---
+
+## 10. State surface
+
+| State | Where it lives | Shape | Why there |
+|-------|---------------|-------|-----------|
+| Filter values (search, role, status) | Local component state (`useState`) in the filter bar | `{ search: string; role: string \| null; isActive: boolean \| null }` | Page-scoped, no cross-component sync needed |
+| User list data | Server state via existing `useUsersList(filters)` hook | per existing API | — |
+| Edit-dialog open + selected user id | Lifted to page-level state | `{ open: boolean; userId: string \| null }` | Dialog controlled by parent; row triggers via callback |
+
+---
+
+## 11. Empty / loading / error states
+
+**Required for every list and fetch surface — no exceptions.**
+
+| Surface | Empty | Loading | Error |
+|---------|-------|---------|-------|
+| User list | "No users match these filters." + clear-filters button | Existing `<GridSkeleton>` | "Couldn't load users. Retry." button — uses `<ErrorState>` |
+| Edit-user form | n/a | Disable form + show spinner overlay during submit | Field-level errors inline; toast for network errors |
+
+---
+
+## 12. Accessibility
+
+- **Keyboard nav**: filter bar fully tab-navigable; Esc closes dialog and restores focus to the row's kebab menu
+- **ARIA**: filter bar is `role="search"`; dialog gets `aria-labelledby` pointing to its title
+- **Focus management**: on dialog open, focus moves to first invalid (or first non-disabled) field; on close, focus returns to the trigger
+- **Color contrast**: rely on theme defaults (per `design-system.md`); no inline colors
+- **Screen reader**: each filter has a visible label, not just placeholder text
+
+---
+
+## 13. Responsive
+
+| Breakpoint | Behavior |
+|-----------|----------|
+| Mobile (< sm) | Filter bar collapses into a single "Filters" button → opens a drawer; grid switches to card view |
+| Tablet (sm–md) | Filter bar wraps to two rows; grid keeps table view with horizontal scroll |
+| Desktop (≥ md) | Layout as shown in wireframe |
+
+---
+
+## 14. Auth gating
+
+| Surface | Gate (from `auth-model.md`) | Behavior if unauthorized |
+|---------|-----------------------------|--------------------------|
+| Route `/dashboard/users` | Private + permission `users:read` | Existing private-route HOC redirects to `/login` |
+| "Edit" action | Permission `users:update` | Action menu item disabled with tooltip "You don't have permission to edit users" |
+| "Delete" action | Permission `users:delete` | Same as above |
+
+`useAuth()` (or documented equivalent) drives every gate. No duplicate cookie reads.
+
+---
+
+## 15. Design-system fit
+
+Does this feature require any additions to the design system?
+
+- **New tokens?** No / Yes — [list]
+- **New custom wrappers?** No / Yes — [list with proposed names]
+- **Pattern additions to `vuexy-component-guide`?** No / Yes — [describe]
+
+Default expectation: **No**. If any answer is "Yes", surface it as a finding in §17 and recommend running `/create-blueprint design-system` to formalize before implementation.
+
+---
+
+## 16. Open questions for user
+
+Real questions only — decisions you can't make without input.
+
+- [ ] Should the bulk-action confirm modal show the affected user count? (Affects API contract)
+- [ ] Is "Last active" defined as last login or last API request? (Affects backend contract and `/architect`'s technical plan)
+
+*(none)* — if nothing is open.
+
+---
+
+## 17. Findings (design-system / auth-model / architecture)
+
+Anything that requires a decision **before** `/architect` should plan technical modules.
+
+| Finding | Type | Resolution required |
+|---------|------|---------------------|
+| New "filter drawer" pattern for mobile | Design-system gap | Extend design system OR fall back to existing dialog pattern |
+
+*(none)* — if no extensions or deviations needed.
+
+---
+
+## Hand-off
+
+This UX plan is the input to `/architect`. After user approval:
+
+```
+/architect documentation/features/<feature_name>/
+```
+
+`/architect` will read this plan and produce `<feature>_MODULE_WISE_PLAN.md` + per-module prompts that `/module-runner` consumes.

package/README.md

@@ -23,6 +23,8 @@ Serena runs via `uvx`. If you don't have it: https://docs.astral.sh/uv/getting-s
 
 ## The end-to-end journey
 
+### Backend (NestJS / Express / Fastify / Koa)
+
 ```
 1. /create-blueprint all          → bootstrap project-memory/
 2. /brainstorm <problem>          → explore 3-5 approaches
@@ -30,7 +32,17 @@ Serena runs via `uvx`. If you don't have it: https://docs.astral.sh/uv/getting-s
 4. /module-runner <feature-dir>   → autonomous build, review, security, commit per module
 ```
 
-Plus on-demand utilities:
+### Frontend (React / Next.js — adds a UX-planning step)
+
+```
+1. /create-blueprint all          → bootstrap project-memory/ (incl. design-system.md)
+2. /brainstorm <problem>          → explore 3-5 approaches
+3. /ux-architect <feature>        → UX/layout plan with component reuse from /vuexy-component-guide
+4. /architect <feature>           → technical module plan referencing the UX plan (NEVER writes code)
+5. /module-runner <feature-dir>   → autonomous build, lint, test, review, security, commit per module
+```
+
+Plus on-demand utilities (both stacks):
 
 - `/quick-execute <small task>` — fast execution, no plan gate
 - `/code-reviewer` — review the current branch
@@ -55,6 +67,19 @@ Plus on-demand utilities:
 | `/refactor-safely` | Bounded-blast-radius refactors via Serena's symbolic edit tools (`rename_symbol`, `replace_symbol_body`, `safe_delete_symbol`). |
 | `/debug-issue` | Stack-trace-driven debugging with Serena. |
 
+### Frontend-only additions
+
+| Skill | Purpose |
+|---|---|
+| `/ux-architect` | **Pure UX planner.** Reads `project-memory/design-system.md` + `repo-map.md` + `auth-model.md`, consults `/vuexy-component-guide` as a sub-agent to maximize component reuse, surveys existing pages via Serena, writes `<feature>_UX_PLAN.md`. **Never writes code.** Hands off to `/architect` for technical decomposition. |
+| `/vuexy-component-guide` | MUI v7 + Vuexy component reference. Standalone mode = conversational guidance. Sub-agent mode (used by `/ux-architect`) = JSON reuse-candidates + gaps. |
+
+Frontend `/code-reviewer` additionally enforces 23 React-specific rules (Rules of React, rerender optimization, rendering performance, advanced patterns).
+
+Frontend `/security-assessment` covers client-side concerns: XSS, CSP, `NEXT_PUBLIC_` leakage, third-party scripts, cookies/storage.
+
+Frontend `/auth-and-permissions` audits client-side gating (private routes, useAuth, permission keys) — UI correctness, not the security boundary itself (server enforces).
+
 ---
 
 ## What gets created in your project
@@ -119,8 +144,8 @@ The major changes in v2:
 | Stack | Status |
 |---|---|
 | Backend (NestJS / Express / Fastify / Koa) | ✅ First-class (v2.0) |
-| Frontend (React / Next / Vue / Vite) | ⏳ Carried over from v1; not yet refreshed for v2 architecture |
-| Monolith | ⏳ Same as frontend |
+| Frontend (React / Next.js) | ✅ First-class (v2.1) — same architecture as backend plus `/ux-architect` + `/vuexy-component-guide` |
+| Monolith | ⏳ Carried over from v1; not yet refreshed for v2 architecture |
 
 Backend is the focus of v2.0. Frontend and monolith updates will follow.
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "nurosys-agents",
-  "version": "2.0.0",
-  "description": "Portable backend agent skills (architect, code-reviewer, security-assessment, auth-and-permissions, brainstorm, quick-execute, create-blueprint) plus a multi-IDE module-runner. Built on Serena for symbolic code analysis. Works with Claude Code, Cursor, and Codex.",
+  "version": "2.1.0",
+  "description": "Portable agent skills for backend (NestJS/Express/Fastify/Koa) and frontend (React/Next.js). Skills: architect, code-reviewer, security-assessment, auth-and-permissions, brainstorm, quick-execute, create-blueprint — plus frontend-only ux-architect + vuexy-component-guide — plus a multi-IDE module-runner. Built on Serena for symbolic code analysis. Works with Claude Code, Cursor, and Codex.",
   "repository": {
     "type": "git",
     "url": "https://gitlab.com/nurosys/nurosys-agents.git"

package/scripts/setup-rules.js

@@ -48,16 +48,25 @@ const RULE_MAP = [
     source:            'auth-model.md',
     cursorTarget:      'auth-model.mdc',
     antigravityTarget: 'auth-model.md',
-    description:       'Auth model, JWT flow, guard chain, RBAC, and tenant scoping',
-    globs:             ['src/auth/**', 'src/core/auth/**'],
+    description:       'Auth model — backend guards/RBAC/tenant scoping OR client-side context/useAuth/route gating, depending on stack',
+    // Globs match both backend and frontend auth surfaces — only the present paths actually trigger
+    globs:             ['src/auth/**', 'src/core/auth/**', 'src/contexts/**Auth**', 'src/utils/auth*', 'src/configs/auth*', 'src/app/**/(private)/**'],
     alwaysApply:       false,
   },
   {
     source:            'models.md',
     cursorTarget:      'models.mdc',
     antigravityTarget: 'models.md',
-    description:       'Domain model inventory and entity definitions',
-    globs:             ['src/**/*.model.ts', 'src/**/*.entity.ts'],
+    description:       'Domain model inventory — backend entities OR frontend shared TypeScript types/schemas',
+    globs:             ['src/**/*.model.ts', 'src/**/*.entity.ts', 'src/types/**', 'src/schemas/**'],
+    alwaysApply:       false,
+  },
+  {
+    source:            'design-system.md',
+    cursorTarget:      'design-system.mdc',
+    antigravityTarget: 'design-system.md',
+    description:       'Design system — design tokens, custom-wrapper inventory, form patterns, theming (frontend-only artifact)',
+    globs:             ['src/components/**', 'src/views/**', 'src/@core/**', 'src/themes/**'],
     alwaysApply:       false,
   },
   {

package/.agent/frontend/skills/feature-workflow/SKILL.md

@@ -1,61 +0,0 @@
----
-name: feature-workflow
-description: Enforce requirement clarification, study, detailed planning, implementation, quality review, and testing for every feature/refactor.
-when_to_use:
-  - Any new feature in `src/app`, `src/components`, `src/services`, or `src/views`
-  - Any refactor that changes behavior
-references:
-  - project-memory/constitution.md
-  - project-memory/repo-map.md
-  - project-memory/quality-playbook.md
-  - project-memory/core-memory.md
-  - .agent/skills/react-quality-review/SKILL.md
-  - .agent/templates/FEATURE_PLAN.md
-  - .agent/templates/REVIEW_REPORT.md
-  - .agent/templates/TEST_PLAN.md
----
-
-# Feature Workflow Skill
-
-## Required sequence (no skipping)
-
-0. **Foundation read (mandatory)**
-   - Read `project-memory/constitution.md`, `project-memory/repo-map.md`, `project-memory/auth-model.md`, and `project-memory/core-memory.md`.
-1. **Requirement clarification**
-   - Ask clarifying questions where needed.
-   - Capture hard constraints (auth, permissions, performance, data contracts, deadlines).
-2. **Codebase study**
-   - List relevant existing files/modules found before planning implementation.
-3. **Detailed plan**
-   - Define new/changed functions and hooks.
-   - Define shared derivations/selectors and where computed values should live.
-   - List all files to be touched.
-4. **Implementation**
-   - Execute the plan in dependency order.
-5. **Quality review + refactor**
-   - Run `.agent/skills/react-quality-review/SKILL.md`.
-   - Produce `Documentation/reports/REVIEW_REPORT.md`.
-   - Apply required refactors from findings.
-6. **Testing**
-   - Add/run unit tests for pure transforms/selectors.
-   - Add/run integration tests for pages/components where applicable.
-7. **Update memory**
-   - Append the completed module/feature summary to `project-memory/core-memory.md`.
-   - Record key decisions, files changed, tests run, and any carry-forward notes.
-
-## Mandatory artifacts
-
-- Feature plan: `Documentation/features/<feature_name>/FEATURE_PLAN.md` or `Documentation/plans/FEATURE_PLAN.md` (from `.agent/templates/FEATURE_PLAN.md`)
-- Review report: `Documentation/reports/REVIEW_REPORT.md` (from `.agent/templates/REVIEW_REPORT.md`, filled after implementation)
-- Test plan: `Documentation/features/<feature_name>/TEST_PLAN.md` or `Documentation/plans/TEST_PLAN.md` (from `.agent/templates/TEST_PLAN.md`, filled and executed)
-- `project-memory/core-memory.md` (updated after implementation)
-
-## PR gate checklist
-
-- [ ] Clarification questions + constraints documented.
-- [ ] Codebase study lists relevant files reviewed.
-- [ ] Detailed plan lists functions/hooks, shared derivations, computed-value ownership, file touch list.
-- [ ] React quality review executed, `Documentation/reports/REVIEW_REPORT.md` produced, and refactors applied.
-- [ ] Unit tests added for pure transforms/selectors.
-- [ ] Integration tests added/updated for pages/components where applicable.
-- [ ] `project-memory/core-memory.md` updated with implementation outcomes and next-step notes.

package/.agent/frontend/skills/react-quality-review/SKILL.md

@@ -1,126 +0,0 @@
----
-name: react-quality-review
-description: >
-  Post-implementation quality gate for React/Next.js. Covers Rules of React,
-  re-render optimization, rendering performance, and advanced patterns (23 rules in 4
-  categories). Use after features/refactors and when reviewing React PRs.
-when_to_use:
-  - After any feature implementation
-  - After any refactor (UI, hooks, services, routes)
-  - When writing or reviewing React components, hooks, or state management
-  - When optimizing re-render or rendering performance
-references:
-  - project-memory/quality-playbook.md
-  - project-memory/repo-map.md
-  - project-memory/auth-model.md
-  - src/contexts/authContext.tsx
-  - src/utils/auth.ts
-  - src/services/
-  - .agent/skills/react-quality-review/rules/
----
-
-# React Quality Review Skill
-
-Run this skill immediately after coding, before merge. It combines the project's playbook checks with detailed React review rules (same taxonomy as the legacy `review-react` skill).
-
-## References
-
-- `project-memory/quality-playbook.md` — definitions and repo anchors
-- `.agent/templates/REVIEW_REPORT.md` — report structure
-- `.agent/skills/react-quality-review/rules/` — one file per rule (explanation, bad/good examples, links)
-- `.agent/skills/react-quality-review/examples.md` — concrete examples
-
-## Rule categories by priority
-
-Performance and correctness are grouped into four categories (23 rules), ordered by typical impact:
-
-| Priority | Category | Impact | Prefix | Rules |
-|----------|----------|--------|--------|-------|
-| 1 | Rules of React | CRITICAL | `react-rules-` | 3 |
-| 2 | Re-render optimization | MEDIUM | `rerender-` | 13 |
-| 3 | Rendering performance | MEDIUM | `rendering-` | 5 |
-| 4 | Advanced patterns | LOW | `advanced-` | 2 |
-
-### 1. Rules of React (CRITICAL)
-
-- `react-rules-purity` — Components and hooks must be pure; no side effects during render
-- `react-rules-hooks` — Only call hooks at the top level and from React functions
-- `react-rules-calling` — Never call components as functions or pass hooks as values
-
-### 2. Re-render optimization (MEDIUM)
-
-- `rerender-no-inline-components` — Never define components inside other components
-- `rerender-derived-state-no-effect` — Derive state during render, not in effects
-- `rerender-memo` — Extract memoized child components to avoid re-renders
-- `rerender-memo-with-default-value` — Hoist default non-primitive props outside memo
-- `rerender-simple-expression-in-memo` — Don’t useMemo for simple primitive expressions
-- `rerender-defer-reads` — Don’t subscribe to state only used in callbacks
-- `rerender-dependencies` — Use primitive values in effect dependencies
-- `rerender-derived-state` — Subscribe to derived booleans, not raw objects
-- `rerender-functional-setstate` — Use functional setState for stable callbacks
-- `rerender-lazy-state-init` — Pass an initializer to useState for expensive values
-- `rerender-move-effect-to-event` — Move interaction logic from effects to event handlers
-- `rerender-transitions` — Use startTransition for non-urgent state updates
-- `rerender-use-ref-transient-values` — Use refs for frequently changing transient values
-
-### 3. Rendering performance (MEDIUM)
-
-- `rendering-hoist-jsx` — Hoist static JSX outside component functions
-- `rendering-conditional-render` — Prefer ternary over `&&` for conditional rendering
-- `rendering-usetransition-loading` — Prefer useTransition over manual loading state
-- `rendering-content-visibility` — Use CSS `content-visibility: auto` for long lists
-- `rendering-activity` — Use Activity for preserving hidden UI state
-
-### 4. Advanced patterns (LOW)
-
-- `advanced-event-handler-refs` — Store latest event handlers in refs for stable callbacks
-- `advanced-init-once` — Initialize app-level singletons once, not per mount
-
-## How to use the rule files
-
-For any finding, open the matching file under `.agent/skills/react-quality-review/rules/`. Each file includes why it matters, incorrect vs correct examples, and reference links.
-
-Examples:
-
-- `.agent/skills/react-quality-review/rules/react-rules-purity.md`
-- `.agent/skills/react-quality-review/rules/rerender-no-inline-components.md`
-
-See `rules/_template.md` and `rules/_sections.md` for structure across rules.
-
-## Required checks (cross-check with playbook)
-
-Use `project-memory/quality-playbook.md` for definitions and repo anchors. Verify at least:
-
-- Derived state and effects (`rerender-derived-state-no-effect`, `rerender-derived-state`, playbook)
-- Effect misuse / event vs effect boundaries (`rerender-move-effect-to-event`, playbook)
-- Memoization boundaries (`rerender-memo`, `rerender-simple-expression-in-memo`, playbook)
-- Duplicate computations and repeated transforms (playbook + relevant `rerender-*` rules)
-- Next.js App Router server/client boundaries (playbook)
-- Dead code or duplicate logic residue (playbook)
-
-## Steps
-
-1. Read `project-memory/quality-playbook.md` and scan changed files against it and the rule list above; drill into specific `rules/*.md` files when something is unclear.
-2. Write `Documentation/reports/REVIEW_REPORT.md` using `.agent/templates/REVIEW_REPORT.md`; include findings and exact file/line pointers. Map severe issues to `react-rules-*` where applicable.
-3. For each finding, propose the smallest refactor that moves code toward playbook anchors and the relevant rule file.
-4. Confirm auth boundaries stay centralized (`src/contexts/authContext.tsx`, `src/utils/auth.ts`, `src/configs/authConfig.ts`).
-5. Attach the completed review report to PR notes.
-
-## Review report template (fill this)
-
-```md
-## Findings
-- [severity] <issue> — <file/path> — <playbook check and/or rule id, e.g. rerender-memo>
-
-## Proposed refactors
-- <refactor action> -> <target file(s)> -> <playbook anchor and/or rule file>
-
-## Files to change
-- <path>
-- <path>
-
-## Tests to add
-- <test name> — <what regression it prevents> — <unit/integration/manual>
-```
-
-For concrete examples, see `.agent/skills/react-quality-review/examples.md`.

package/.agent/frontend/workflows/build-feature-react.workflow.md

@@ -1,82 +0,0 @@
----
-name: build-feature
-description: Strict end-to-end feature workflow with mandatory plan approval, implementation, quality review, and testing.
-strict_mode: true
-owner: agent
-references:
-  - project-memory/constitution.md
-  - project-memory/repo-map.md
-  - project-memory/auth-model.md
-  - project-memory/quality-playbook.md
-  - project-memory/core-memory.md
-  - .agent/skills/feature-workflow/SKILL.md
-  - .agent/skills/auth-and-permissions/SKILL.md
-  - .agent/skills/react-quality-review/SKILL.md
-  - .agent/templates/FEATURE_PLAN.md
-  - .agent/templates/REVIEW_REPORT.md
-  - .agent/templates/TEST_PLAN.md
-outputs:
-  - Documentation/plans/FEATURE_PLAN.md (or Documentation/features/<feature_name>/ when running a named feature)
-  - Documentation/reports/REVIEW_REPORT.md
-  - Documentation/plans/TEST_PLAN.md (or Documentation/features/<feature_name>/ when running a named feature)
----
-
-# Build Feature Workflow (Strict)
-
-## Non-negotiable gate
-
-- Always load and follow `project-memory/constitution.md`.
-- Always read `project-memory/quality-playbook.md`.
-- Always read and maintain `project-memory/core-memory.md`.
-- **No coding before plan approval.**
-- Required artifacts:
-  - Feature plan: `Documentation/features/<feature_name>/FEATURE_PLAN.md` or `Documentation/plans/FEATURE_PLAN.md`
-  - Review report: `Documentation/reports/REVIEW_REPORT.md`
-  - Test plan: `Documentation/features/<feature_name>/TEST_PLAN.md` or `Documentation/plans/TEST_PLAN.md`
-
-## Steps
-
-1. **Load foundation docs**
-   - Read `project-memory/constitution.md`, `project-memory/repo-map.md`, and `project-memory/auth-model.md`.
-   - Confirm constraints relevant to the request.
-
-2. **Run feature workflow skill and create plan**
-   - Use `.agent/skills/feature-workflow/SKILL.md`.
-   - Generate the feature plan in `Documentation/features/<feature_name>/FEATURE_PLAN.md` or `Documentation/plans/FEATURE_PLAN.md` from `.agent/templates/FEATURE_PLAN.md`.
-
-3. **Approval checkpoint (hard stop)**
-   - Present plan and stop for explicit approval.
-   - Do not modify implementation files before approval.
-
-4. **Implement after approval**
-   - Execute the approved file touch list in order.
-   - Keep pages thin and move logic into `src/views/**`, hooks, and services.
-
-5. **Conditional auth-and-permissions pass**
-   - Run `.agent/skills/auth-and-permissions/SKILL.md` when touching:
-     - `src/contexts/authContext.tsx`
-     - `src/utils/auth.ts`
-     - `src/configs/authConfig.ts`
-     - `src/types/auth.ts`
-     - protected pages under `src/app/[lang]/(dashboard)/(private)/**`
-     - auth-sensitive API routes under `src/app/api/**`
-
-6. **Run quality review and produce report**
-   - Run `.agent/skills/react-quality-review/SKILL.md`.
-   - Create `Documentation/reports/REVIEW_REPORT.md` from `.agent/templates/REVIEW_REPORT.md`.
-   - Apply required refactors from findings.
-
-7. **Generate and execute test plan**
-   - Create the test plan in `Documentation/features/<feature_name>/TEST_PLAN.md` or `Documentation/plans/TEST_PLAN.md` from `.agent/templates/TEST_PLAN.md`.
-   - Add/update relevant tests (unit/integration/manual).
-
-8. **Run test commands**
-   - Run available scripts (`npm run test`, `npm run lint`, feature-specific tests).
-   - Record command outcomes in the test plan file (Documentation/plans or Documentation/features/<feature_name>/).
-
-9. **Update core memory**
-   - Append the completed module or feature summary to `project-memory/core-memory.md`.
-   - Include files changed, decisions made, tests run, and follow-up notes for future work.
-
-10. **Final output**
-   - Return summary of files changed, verification steps, and test results.