onion-check 2.0.2 → 2.1.0

package/dist/generators/operational-docs.js

@@ -0,0 +1,1169 @@
+// ---------------------------------------------------------------------------
+// Layer name map (for dependency descriptions)
+// ---------------------------------------------------------------------------
+const LAYER_NAMES = {
+    1: 'Model',
+    2: 'Context',
+    3: 'Skills',
+    4: 'Tools',
+    5: 'Orchestration',
+    6: 'Security',
+    7: 'Governance',
+    8: 'Evaluation',
+};
+// ---------------------------------------------------------------------------
+// Operational Document Generator
+// ---------------------------------------------------------------------------
+export function generateOperationalDoc(layerNumber, result, context, history) {
+    switch (layerNumber) {
+        case 1: return generateModelOps(result, context, history);
+        case 2: return generateContextOps(result, context, history);
+        case 3: return generateSkillsOps(result, context, history);
+        case 4: return generateToolsOps(result, context, history);
+        case 5: return generateOrchestrationOps(result, context, history);
+        case 6: return generateSecurityOps(result, context, history);
+        case 7: return generateGovernanceOps(result, context, history);
+        case 8: return generateEvaluationOps(result, context, history);
+        default: return '';
+    }
+}
+// ---------------------------------------------------------------------------
+// Shared helpers
+// ---------------------------------------------------------------------------
+function header(layerNumber, name, result, context) {
+    const date = new Date().toISOString().split('T')[0];
+    return [
+        `# Layer ${layerNumber}: ${name} — Operational Guide`,
+        '',
+        `> Project: ${context.typeLabel}`,
+        `> Type: ${context.typeLabel} | Stack: ${context.stackLabel}`,
+        `> Scale: ${context.scaleLabel} | Risk: ${context.riskLabel}`,
+        context.industry ? `> Industry: ${context.industry}` : null,
+        `> Last updated: ${date}`,
+        `> Score: ${result.contentScore}/100`,
+        '',
+    ].filter(l => l !== null).join('\n');
+}
+function currentState(result) {
+    const lines = [
+        '## Current State',
+        '',
+    ];
+    if (result.detected) {
+        lines.push(`This layer is **active** with a quality score of ${result.contentScore}/100.`);
+        lines.push('');
+        if (result.evidence.length > 0) {
+            lines.push('**Evidence found:**');
+            for (const ev of result.evidence) {
+                lines.push(`- ${ev}`);
+            }
+            lines.push('');
+        }
+    }
+    else {
+        lines.push('This layer is **not detected**. No evidence of implementation found.');
+        lines.push('');
+        lines.push(result.layer.gapAnalysis);
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+function changeLog(history, layerNumber) {
+    const lines = [
+        '## Change Log',
+        '',
+    ];
+    if (!history || history.length === 0) {
+        lines.push('No scan history available yet. Run `npx onion-check --status` periodically to build a change log.');
+        lines.push('');
+        return lines.join('\n');
+    }
+    // Show last 10 entries where this layer changed
+    const relevant = [];
+    for (let i = 1; i < history.length && relevant.length < 10; i++) {
+        const prev = history[i - 1];
+        const curr = history[i];
+        const prevLayer = prev.layers.find(l => l.number === layerNumber);
+        const currLayer = curr.layers.find(l => l.number === layerNumber);
+        if (!prevLayer || !currLayer)
+            continue;
+        if (!prevLayer.detected && currLayer.detected) {
+            relevant.push({ date: curr.timestamp.split('T')[0], change: `Layer added (score: ${currLayer.contentScore}/100)` });
+        }
+        else if (prevLayer.detected && !currLayer.detected) {
+            relevant.push({ date: curr.timestamp.split('T')[0], change: 'Layer lost' });
+        }
+        else if (prevLayer.contentScore !== currLayer.contentScore) {
+            const delta = currLayer.contentScore - prevLayer.contentScore;
+            const sign = delta > 0 ? '+' : '';
+            relevant.push({ date: curr.timestamp.split('T')[0], change: `Score: ${prevLayer.contentScore} -> ${currLayer.contentScore} (${sign}${delta})` });
+        }
+    }
+    if (relevant.length === 0) {
+        lines.push('No changes recorded for this layer across scan history.');
+    }
+    else {
+        lines.push('| Date | Change |');
+        lines.push('|------|--------|');
+        for (const entry of relevant) {
+            lines.push(`| ${entry.date} | ${entry.change} |`);
+        }
+    }
+    lines.push('');
+    return lines.join('\n');
+}
+function footer() {
+    return [
+        '---',
+        '*Living document — updated by `npx onion-check`. Do not delete.*',
+        '',
+    ].join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 1: Model
+// ---------------------------------------------------------------------------
+function generateModelOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(1, 'Model', result, ctx));
+    // Purpose
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.type) {
+        case 'saas':
+            lines.push('The model layer is your product\'s AI engine. Every user-facing AI feature depends on this layer being properly configured, cost-efficient, and reliable. For a SaaS product, model reliability directly impacts user retention — if the AI feels slow or inconsistent, users churn.');
+            break;
+        case 'agency':
+            lines.push('The model layer powers every piece of AI-generated client work. For agency operations, model consistency matters more than capability — clients notice when output quality fluctuates between deliverables. One model, configured well, beats three models configured loosely.');
+            break;
+        case 'content':
+            lines.push('The model layer generates your content. For a content platform, model selection directly impacts voice consistency, creative range, and production speed. The wrong model produces technically correct content that reads like every other AI-generated piece on the internet.');
+            break;
+        case 'support':
+            lines.push('The model layer handles customer interactions. For support systems, accuracy and tone are non-negotiable — a wrong answer costs trust, and a robotic tone costs goodwill. The model must be reliable under load and consistent across thousands of conversations.');
+            break;
+        default:
+            lines.push(`The model layer is the foundation of your AI system. For your ${ctx.typeLabel.toLowerCase()}, this is where compute meets capability. Everything above this layer — context, skills, tools — depends on the model being properly configured and accessible.`);
+            break;
+    }
+    lines.push('');
+    // Current State
+    lines.push(currentState(result));
+    // Operating Rules
+    lines.push('## Operating Rules');
+    lines.push('');
+    lines.push('1. All model API calls must go through a centralized client — no direct SDK imports scattered across the codebase.');
+    if (ctx.stack === 'node') {
+        lines.push('2. Use `@anthropic-ai/sdk` or `@ai-sdk/anthropic` for TypeScript. Pick one and standardize.');
+    }
+    else if (ctx.stack === 'python') {
+        lines.push('2. Use the official `anthropic` Python package. Avoid raw HTTP calls.');
+    }
+    else {
+        lines.push('2. Use official SDKs for your stack. Official SDKs handle retries, rate limits, and streaming correctly.');
+    }
+    lines.push('3. API keys must be in `.env`, never in source code. The `.env.example` must document every required key.');
+    lines.push('4. Model fallback: if the primary model is unavailable, degrade gracefully — never expose raw API errors to users.');
+    if (ctx.scale === 'mid' || ctx.scale === 'enterprise') {
+        lines.push('5. Implement model routing: cheap models for simple tasks (classification, extraction), expensive models for complex reasoning.');
+        lines.push('6. Log token usage per request for cost monitoring and optimization.');
+    }
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push(`${ctx.scale === 'mid' || ctx.scale === 'enterprise' ? '7' : '5'}. Rate limiting must be enforced at the application level, not just relied upon from the API provider.`);
+    }
+    lines.push('');
+    // What's Approved
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Based on scan detection:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        lines.push('No model configuration detected yet. After setup, this section will list approved models and SDKs.');
+    }
+    lines.push('');
+    // How to Extend
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Adding a new model provider');
+    if (ctx.stack === 'node') {
+        lines.push('1. Add the SDK to `package.json` (`npm install @anthropic-ai/sdk`)');
+        lines.push('2. Add the API key to `.env` and `.env.example`');
+        lines.push('3. Create a client wrapper in `lib/ai/` or `src/ai/`');
+        lines.push('4. Update model routing config if using multi-model setup');
+    }
+    else if (ctx.stack === 'python') {
+        lines.push('1. Add the SDK to `requirements.txt` or `pyproject.toml`');
+        lines.push('2. Add the API key to `.env` and `.env.example`');
+        lines.push('3. Create a client wrapper in `lib/ai/` or `src/ai/`');
+        lines.push('4. Update model routing config if using multi-model setup');
+    }
+    else {
+        lines.push('1. Add the SDK to your dependency manager');
+        lines.push('2. Add the API key to `.env` and `.env.example`');
+        lines.push('3. Create a client wrapper module');
+        lines.push('4. Update model routing config if using multi-model setup');
+    }
+    lines.push('5. Run `npx onion-check --status` to verify Layer 1 score improved');
+    lines.push('');
+    // Quality Standards
+    lines.push('## Quality Standards');
+    lines.push('');
+    if (ctx.scale === 'solo') {
+        lines.push('- One model, properly configured, with API key in `.env`');
+        lines.push('- `.env.example` documents all required keys');
+        lines.push('- Graceful error handling on API failures');
+    }
+    else {
+        lines.push('- Centralized model client with no direct SDK imports in business logic');
+        lines.push('- `.env.example` documents all required keys with descriptions');
+        lines.push('- Graceful fallback on model unavailability');
+        lines.push('- Response latency monitoring');
+        lines.push('- Token usage tracking for cost visibility');
+    }
+    lines.push('');
+    // Dependencies
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Nothing — this is the foundation layer');
+    lines.push('- **Affects:** Every layer above depends on model availability');
+    lines.push('- **Alert:** If the model config changes, verify all skills and context still produce expected output');
+    lines.push('');
+    // Growth Path
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        lines.push('Configure at least one model with API keys in `.env`. This is step zero.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Centralized client wrapper, `.env.example` with all keys documented, basic error handling.');
+        lines.push('');
+        lines.push('### 90 days');
+        if (ctx.scale === 'solo') {
+            lines.push('Reliable model integration with monitoring and graceful degradation.');
+        }
+        else {
+            lines.push('Multi-model routing by task complexity, cost monitoring dashboard, automatic fallback on failures.');
+        }
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Centralize model access through a single client wrapper. Remove any scattered direct SDK imports.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add `.env.example`, implement graceful error handling, add basic latency logging.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Token usage tracking, cost alerts, and model routing if processing volume warrants it.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Layer is solid. Review for any cost optimization opportunities.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add model performance benchmarks to catch regressions when providers update models.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Full observability: latency percentiles, token costs per feature, quality metrics per model version.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 1));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 2: Context
+// ---------------------------------------------------------------------------
+function generateContextOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(2, 'Context', result, ctx));
+    // Purpose
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.type) {
+        case 'agency':
+            lines.push('The context layer encodes everything a senior account manager knows about each client — their preferences, communication style, pet peeves, and institutional knowledge. Without it, every AI-generated deliverable sounds like it was written by a stranger who read the brief but never met the client.');
+            break;
+        case 'saas':
+            lines.push('The context layer is what makes your AI feel like part of your product instead of a generic chatbot bolted on. It encodes your product domain, user personas, quality standards, and the specific language your users expect. Generic AI output is the number one reason users churn from AI-powered features.');
+            break;
+        case 'content':
+            lines.push('The context layer is your editorial DNA. It encodes voice, tone, audience expectations, and the specific standards that separate your content from everything else. Without it, every piece reads like it could have come from any AI tool — technically competent and completely forgettable.');
+            break;
+        case 'support':
+            lines.push('The context layer gives your support AI the product knowledge and communication standards that a senior support agent carries. Without it, responses are technically accurate but feel robotic — they answer the question but miss the customer\'s actual frustration.');
+            break;
+        default:
+            lines.push(`The context layer turns your AI from a smart generalist into a specialist that understands your ${ctx.typeLabel.toLowerCase()}. It encodes business knowledge, domain expertise, and quality standards that make every output feel like it came from someone who actually knows your operation.`);
+            break;
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    // Operating Rules
+    lines.push('## Operating Rules');
+    lines.push('');
+    lines.push('1. A `CLAUDE.md` or equivalent system prompt must exist at the project root with business-specific instructions.');
+    lines.push('2. Context documents must be reviewed and updated at least bi-weekly — stale context produces stale output.');
+    if (ctx.type === 'agency') {
+        lines.push('3. Each client must have their own context file or section — shared generic context produces generic work.');
+        lines.push('4. Client preferences discovered during work must be documented in context within the same session.');
+    }
+    else if (ctx.type === 'saas') {
+        lines.push('3. Product terminology and user personas must be documented — the AI must speak your product\'s language.');
+        lines.push('4. Error messages and edge case handling must be specified in context, not left to model defaults.');
+    }
+    else if (ctx.type === 'content') {
+        lines.push('3. Voice profile must be documented with specific examples, not just adjectives like "professional" or "friendly."');
+        lines.push('4. Platform-specific variations (blog vs. social vs. email) must be encoded separately.');
+    }
+    else {
+        lines.push('3. Domain-specific terminology must be documented — the AI must use your organization\'s language.');
+        lines.push('4. Quality standards must be explicit with examples of good and bad output.');
+    }
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('5. Context must never contain actual credentials, API keys, or PII — only references to where they\'re stored.');
+    }
+    lines.push('');
+    // What's Approved
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected context sources:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        lines.push('No context layer detected. After setup, this section will list all context sources and their refresh schedule.');
+    }
+    lines.push('');
+    // How to Extend
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Adding new business context');
+    lines.push('1. Create or update `CLAUDE.md` at the project root');
+    lines.push('2. Add domain knowledge to a `context/` or `knowledge/` directory');
+    lines.push('3. Include specific examples — "write like this, not like that" is 10x more useful than adjectives');
+    lines.push('4. Add reference documents that the AI should know about');
+    lines.push('5. Run `npx onion-check --status` to verify Layer 2 score improved');
+    lines.push('');
+    if (ctx.type === 'agency') {
+        lines.push('### Adding a new client\'s context');
+        lines.push('1. Create `context/clients/{client-name}/` directory');
+        lines.push('2. Add `preferences.md` with communication style, terminology, and known constraints');
+        lines.push('3. Add `history.md` with project history and lessons learned');
+        lines.push('4. Reference the client context directory in `CLAUDE.md`');
+        lines.push('');
+    }
+    // Quality Standards
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- Context produces output that a domain expert would recognize as informed');
+    lines.push('- New team members can read the context and understand the AI\'s operating environment');
+    lines.push('- Context is specific enough to differentiate output from generic model responses');
+    lines.push('- No stale information older than 30 days without explicit review');
+    lines.push('');
+    // Dependencies
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Layer 1 (Model) — context is useless without a model to consume it');
+    lines.push('- **Affects:** Layer 3 (Skills) — skills operate within the context\'s domain boundaries');
+    lines.push('- **Affects:** Layer 5 (Orchestration) — agents need context to make routing decisions');
+    lines.push('- **Alert:** When context changes, verify that skills still produce expected output quality');
+    lines.push('');
+    // Growth Path
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        lines.push('Create a `CLAUDE.md` at the project root. Start with: what this project does, who it serves, what "good output" looks like, and any terminology that differs from industry standard.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Structured context directory with domain knowledge, quality examples, and reference documents.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Living context system with regular review cycles, version-tracked changes, and measurable impact on output quality.');
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Expand existing context with specific examples and domain terminology. Generic instructions like "be professional" don\'t count.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add structured reference documents covering common scenarios, edge cases, and quality benchmarks.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Context review process integrated into sprint cycles. Every major product change triggers a context update.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Context is strong. Verify it\'s being consumed effectively by downstream skills and agents.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add freshness tracking — flag any context document not reviewed in 30+ days.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Automated context validation: test that context produces measurably different output than a generic prompt.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 2));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 3: Skills
+// ---------------------------------------------------------------------------
+function generateSkillsOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(3, 'Skills', result, ctx));
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.type) {
+        case 'agency':
+            lines.push('Skills are the encoded expertise that let your AI produce client-ready work without hand-holding. For agency operations, each skill should represent a capability you\'d normally assign to a specialist — report generation in a client\'s format, content creation in their voice, communications that match their protocols. The goal is specialization, not generalization.');
+            break;
+        case 'saas':
+            lines.push('Skills are the packaged workflows that power your product\'s AI features. Each skill should handle a complete user task — not just the happy path, but the edge cases that generate support tickets. The first version of a skill is always too generic. The production version handles the 20% of cases that cause 80% of the problems.');
+            break;
+        case 'content':
+            lines.push('Skills encode your editorial workflows into repeatable, quality-controlled processes. SEO optimization, content formatting for different channels, headline generation, editorial review — each skill should produce output that meets your editorial standards without manual intervention.');
+            break;
+        default:
+            lines.push(`Skills turn your AI from a generalist with context into an actual specialist. For your ${ctx.typeLabel.toLowerCase()}, each skill should encode a specific capability that the AI can execute reliably, repeatedly, and with quality that meets your standards.`);
+            break;
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    lines.push('## Operating Rules');
+    lines.push('');
+    lines.push('1. Each skill must have a clear, documented scope — what it does, what it doesn\'t do, and when to use it.');
+    lines.push('2. Skills must handle edge cases explicitly, not fall back to generic model behavior.');
+    lines.push('3. New skills must be tested against real scenarios before deployment, not just synthetic examples.');
+    if (ctx.type === 'agency') {
+        lines.push('4. Client-specific skills must be isolated — one client\'s customizations must never leak into another\'s output.');
+    }
+    else if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('4. Skills that modify data or trigger actions must include validation steps before execution.');
+    }
+    lines.push(`${ctx.type === 'agency' || ctx.risk === 'high' || ctx.risk === 'critical' ? '5' : '4'}. Skills should be versioned. When a skill changes, the old version should remain accessible until the new one is validated.`);
+    lines.push('');
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected skill sources:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+        lines.push('');
+        lines.push('Browse [skillstack.me](https://skillstack.me) for production-ready skills to add to your stack.');
+    }
+    else {
+        lines.push('No skills detected. Browse [skillstack.me](https://skillstack.me) for production-ready skills in your domain.');
+    }
+    lines.push('');
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Adding a new skill');
+    lines.push('1. Create a skill file in `.claude/skills/` or `skills/` directory');
+    lines.push('2. Define the skill\'s scope: what triggers it, what it produces, what it doesn\'t handle');
+    lines.push('3. Include at least 3 examples covering the happy path, an edge case, and a failure scenario');
+    lines.push('4. Test against real project data before marking it production-ready');
+    lines.push('5. Run `npx onion-check --status` to verify Layer 3 score improved');
+    lines.push('');
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- Skills produce output that meets the quality bar without manual intervention');
+    lines.push('- Edge cases are handled explicitly, not defaulted to generic model behavior');
+    lines.push('- Each skill has clear documentation of its scope and limitations');
+    lines.push('- Skills are tested against real scenarios, not just synthetic examples');
+    lines.push('');
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Layer 1 (Model), Layer 2 (Context) — skills operate within the context\'s domain');
+    lines.push('- **Affects:** Layer 5 (Orchestration) — orchestration routes tasks to skills');
+    lines.push('- **Affects:** Layer 8 (Evaluation) — skill output quality should be measured');
+    lines.push('- **Alert:** When skills change, run evaluation benchmarks to verify quality hasn\'t drifted');
+    lines.push('');
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        lines.push('Add 3-5 skills covering your most common workflows. Start with the tasks you repeat most often.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Refine skills based on real usage. Add edge case handling for the scenarios that tripped up the first version.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Full skill library with coverage metrics. Every common workflow has a dedicated skill with documented quality benchmarks.');
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Review existing skills for specificity. If a skill says "write content" without specifying format, voice, and quality criteria, it\'s too generic.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add edge case handling and failure scenarios to each skill. Test against real data.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Skill quality metrics: track which skills produce output that needs manual revision vs. which go straight to production.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Skills are solid. Look for gaps — which tasks still require manual work that could be encoded as skills?');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add skill versioning and A/B testing to measure quality improvements.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Automated skill quality monitoring with alerts when output quality drifts below baseline.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 3));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 4: Tools
+// ---------------------------------------------------------------------------
+function generateToolsOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(4, 'Tools', result, ctx));
+    lines.push('## Purpose');
+    lines.push('');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push(`Tools give the model hands — but for your setup (${ctx.riskLabel.toLowerCase()}), every tool connection is an attack surface. The value is enormous: going from "the AI wrote me a plan" to "the AI executed the plan." The risk is proportional. Every MCP server, every API integration, every database connection needs scoped permissions and audit logging.`);
+    }
+    else if (ctx.type === 'agency') {
+        lines.push('Tools close the automation loop for agency work. The goal is end-to-end: the AI reads a brief, generates the deliverable, and posts it where it needs to go — without you copy-pasting between tools. Each tool connection eliminates a manual step that was eating your margin.');
+    }
+    else {
+        lines.push(`Tools give the model the ability to act, not just advise. For your ${ctx.typeLabel.toLowerCase()}, each tool connection should solve a specific "I wish the AI could just do this" moment. If you find yourself copy-pasting AI output into another tool, that's a missing tool connection.`);
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    lines.push('## Operating Rules');
+    lines.push('');
+    lines.push('1. Every tool connection must be documented in `.mcp.json` or equivalent config — no ad-hoc integrations.');
+    lines.push('2. Each tool must have scoped permissions — minimum necessary access, never wildcard.');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('3. All tool actions must be logged for audit purposes — who triggered what, when, and with what data.');
+        lines.push('4. Write access to production systems requires explicit approval workflow (see Layer 7: Governance).');
+        lines.push('5. New tool connections require security review before activation (see Layer 6: Security).');
+    }
+    else {
+        lines.push('3. Read-only access first, then incrementally add write access with guardrails.');
+        lines.push('4. Log tool usage for debugging and optimization — you need to know which tools are actually used.');
+    }
+    lines.push('');
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected tool configurations:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        lines.push('No tool connections detected. After setup, this section will list all configured MCP servers and integrations.');
+    }
+    lines.push('');
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Adding a new tool/MCP server');
+    lines.push('1. Add the server config to `.mcp.json`');
+    lines.push('2. Scope permissions to minimum necessary (read-only if possible)');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('3. Add the server to security scan checks');
+        lines.push('4. Document what data the server can access in this file');
+        lines.push('5. Get security review approval before enabling in production');
+    }
+    else {
+        lines.push('3. Test the connection with a simple read operation before enabling writes');
+        lines.push('4. Document what the tool does and why it\'s needed');
+    }
+    lines.push(`${ctx.risk === 'high' || ctx.risk === 'critical' ? '6' : '5'}. Run \`npx onion-check --status\` to verify Layer 4 score improved`);
+    lines.push('');
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- Every tool connection has a documented purpose');
+    lines.push('- Permissions are scoped to minimum necessary');
+    lines.push('- Failed tool calls are handled gracefully — the AI doesn\'t crash, it reports the issue');
+    lines.push('- Unused tool connections are removed — dead integrations are security liabilities');
+    lines.push('');
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Layer 1 (Model) — tools need a model to invoke them');
+    lines.push('- **Requires:** Layer 6 (Security) — every tool is an attack surface that must be secured');
+    lines.push('- **Affects:** Layer 5 (Orchestration) — agents use tools to execute tasks');
+    lines.push('- **Affects:** Layer 7 (Governance) — tool actions may require approval workflows');
+    lines.push('- **Alert:** When adding a new tool, verify Layer 6 (Security) covers the new attack surface');
+    lines.push('');
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        lines.push('Set up `.mcp.json` with your first tool connection — filesystem access is the easiest starting point.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add connections to your primary systems: project management, communication, data sources.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Full integration surface: every "copy-paste from AI" moment has been replaced with a direct tool connection.');
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Audit existing tool connections for permission scoping. Remove any wildcard access.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add usage logging and identify which tools are underutilized or misconfigured.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Comprehensive tool suite with scoped permissions, usage monitoring, and documented purpose for each connection.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Tool layer is solid. Look for automation gaps — which manual steps remain?');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add tool usage analytics to identify optimization opportunities.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Self-healing tool connections: automatic retry, fallback, and alerting on failures.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 4));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 5: Orchestration
+// ---------------------------------------------------------------------------
+function generateOrchestrationOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(5, 'Orchestration', result, ctx));
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.scale) {
+        case 'solo':
+            lines.push('Orchestration coordinates multiple agents — but at your scale, it\'s optional. One well-configured agent with strong context and skills often outperforms three poorly-coordinated agents. If you do orchestrate, start minimal: one agent generates, another reviews. That\'s the minimum viable orchestration that actually improves quality.');
+            break;
+        case 'small':
+            lines.push('Orchestration is what turns "I have an AI tool" into "I have a system." For a small team, you want 2-5 specialized agents with clear boundaries and documented handoff protocols. The key mistake: agents with overlapping responsibilities. When two agents can handle the same task, they will, and they\'ll do it differently.');
+            break;
+        case 'mid':
+        case 'enterprise':
+            lines.push(`At your scale (${ctx.scaleLabel.toLowerCase()}), orchestration is the nervous system. Without it, you have isolated islands of automation that duplicate work and produce inconsistent results. You need routing logic that assigns tasks by complexity and domain, workflow definitions for multi-step processes, and monitoring that shows you the full pipeline.`);
+            break;
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    lines.push('## Operating Rules');
+    lines.push('');
+    if (ctx.scale === 'solo') {
+        lines.push('1. If using multiple agents, each must have a clear, non-overlapping role.');
+        lines.push('2. Document agent roles in `AGENTS.md` — who does what, and what they don\'t do.');
+        lines.push('3. Don\'t add agents for complexity\'s sake. Every agent must justify its existence with a specific capability gap.');
+    }
+    else {
+        lines.push('1. Every agent must have a clear, documented role in `AGENTS.md` — no overlapping responsibilities.');
+        lines.push('2. Handoff protocols between agents must be explicit — what data is passed, what format, what\'s expected back.');
+        lines.push('3. Routing logic must be deterministic — the same input should always route to the same agent.');
+        lines.push('4. Agent failures must be handled gracefully — if one agent fails, the system doesn\'t collapse.');
+        if (ctx.scale === 'mid' || ctx.scale === 'enterprise') {
+            lines.push('5. Agent performance must be monitored individually — which agents are bottlenecks, which are underutilized?');
+        }
+    }
+    lines.push('');
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected orchestration components:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        if (ctx.scale === 'solo') {
+            lines.push('No orchestration detected — and that\'s fine at your scale. Add it when a single agent can\'t handle the workload.');
+        }
+        else {
+            lines.push('No orchestration detected. For a team of your size, this becomes important as soon as you have 2+ agents.');
+        }
+    }
+    lines.push('');
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Adding a new agent');
+    lines.push('1. Define the agent\'s role, scope, and boundaries');
+    lines.push('2. Create the agent configuration in `agents/` directory');
+    lines.push('3. Document the agent in `AGENTS.md` with clear responsibility boundaries');
+    lines.push('4. Define handoff protocols with existing agents');
+    lines.push('5. Test the routing: does the right work reach the right agent?');
+    lines.push('6. Run `npx onion-check --status` to verify Layer 5 score improved');
+    lines.push('');
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- `AGENTS.md` exists and accurately describes the current agent topology');
+    lines.push('- No two agents have overlapping responsibilities');
+    lines.push('- Routing decisions are traceable — you can explain why a task went to agent X');
+    lines.push('- The system degrades gracefully when an agent fails');
+    lines.push('');
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Layer 1 (Model), Layer 2 (Context), Layer 3 (Skills) — agents need all three to function');
+    lines.push('- **Affects:** Layer 6 (Security) — each agent is an additional attack surface');
+    lines.push('- **Affects:** Layer 8 (Evaluation) — multi-agent output quality needs compound drift monitoring');
+    lines.push('- **Alert:** Adding a new agent without evaluation means quality drift is invisible and compounds faster');
+    lines.push('');
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        if (ctx.scale === 'solo') {
+            lines.push('Skip this layer unless you have a specific need for multi-agent coordination. Focus on Layers 1-4 first.');
+        }
+        else {
+            lines.push('Create `AGENTS.md` documenting your current agent setup, even if it\'s just one. This is the foundation.');
+        }
+        lines.push('');
+        lines.push('### 30 days');
+        if (ctx.scale === 'solo') {
+            lines.push('If needed, add a review agent to check the primary agent\'s output. That\'s your minimum viable orchestration.');
+        }
+        else {
+            lines.push('Formalize routing logic: which tasks go to which agent, based on what criteria.');
+        }
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Monitored orchestration with performance tracking per agent and workflow.');
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Document existing agents in `AGENTS.md` with clear boundaries. Identify any overlapping responsibilities.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Formalize handoff protocols and add routing tests.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Per-agent performance monitoring and workflow optimization.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Orchestration is solid. Review for bottlenecks and underutilized agents.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add agent performance dashboards and routing analytics.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Self-optimizing routing: the system adjusts task assignment based on agent performance history.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 5));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 6: Security
+// ---------------------------------------------------------------------------
+function generateSecurityOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(6, 'Security', result, ctx));
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.risk) {
+        case 'critical':
+            lines.push('Security is the non-negotiable foundation for your mission-critical system. Every document your agent processes is a potential prompt injection vector. Every tool action is unprotected until you explicitly protect it. This layer must be locked down before you add features, not after. A single security incident at your risk level can be existential.');
+            break;
+        case 'high':
+            lines.push('You\'re handling money or PII with AI agents. This layer is the single biggest liability in your setup if it\'s not locked down. Every input is a potential injection vector. Every tool connection is an attack surface. Stop adding features until this layer is in place — the cost of a breach at your risk level makes every other priority irrelevant.');
+            break;
+        case 'medium':
+            lines.push('Client-facing AI output carries reputational risk. Your security layer must prevent prompt injection that could produce harmful content, unauthorized data access, and any action that could embarrass your organization in front of clients. The bar isn\'t "never been breached" — it\'s "can withstand a determined attempt."');
+            break;
+        case 'low':
+            lines.push('Even internal-only systems need baseline security. Prompt injection can exfiltrate internal data, credentials, and business logic. The attack surface is smaller than client-facing systems, but the protection must still exist. "Internal only" is not a security strategy.');
+            break;
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    lines.push('## Operating Rules');
+    lines.push('');
+    lines.push('1. Every MCP server connection must have scoped permissions — no wildcard access, no "admin" mode.');
+    lines.push('2. `.env` files must be in `.gitignore` — verified by pre-commit hook, not just policy.');
+    lines.push('3. All external input (user messages, uploaded files, API responses) must be treated as potentially hostile.');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('4. Sensitive data must never appear in logs, error messages, or AI context.');
+        lines.push('5. All agent actions on production systems must be logged for audit trail.');
+        lines.push('6. Security scan must pass before any deployment — CI/CD pipeline must enforce this.');
+        lines.push('7. Third-party MCP servers must be reviewed for data handling practices before integration.');
+    }
+    else if (ctx.type === 'agency') {
+        lines.push('4. Client data must never appear in logs or error messages.');
+        lines.push('5. Each client\'s data must be isolated — one client\'s information must never leak to another.');
+    }
+    else {
+        lines.push('4. Credentials must never be hardcoded or logged.');
+        lines.push('5. Security scan should run on every commit via pre-commit hook.');
+    }
+    lines.push('');
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected security infrastructure:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        lines.push('**ACTION REQUIRED:** No security layer detected.');
+        if (ctx.risk === 'high' || ctx.risk === 'critical') {
+            lines.push('');
+            lines.push('This is a blocker for your risk profile. Do not add new features or tool connections until basic security is in place.');
+        }
+    }
+    lines.push('');
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Setting up baseline security');
+    lines.push('1. Add `.env` to `.gitignore` (verify it\'s not already committed)');
+    lines.push('2. Install pre-commit hooks: `npx onion-check --guard`');
+    lines.push('3. Create a `security-scan.sh` that checks for hardcoded credentials, exposed API keys, and permissive tool configs');
+    lines.push('4. Add security rules documentation to `security-rules.md`');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('5. Set up CI/CD security pipeline that blocks deployment on scan failure');
+        lines.push('6. Configure audit logging for all agent actions on production systems');
+    }
+    lines.push(`${ctx.risk === 'high' || ctx.risk === 'critical' ? '7' : '5'}. Run \`npx onion-check --status\` to verify Layer 6 score improved`);
+    lines.push('');
+    lines.push('### Adding a new tool/MCP server securely');
+    lines.push('1. Scope permissions to minimum necessary (read-only if possible)');
+    lines.push('2. Add the server to security scan checks');
+    lines.push('3. Document what data the server can access in this file');
+    if (ctx.type === 'agency') {
+        lines.push('4. If the server accesses client data, add it to the client data audit list');
+    }
+    lines.push('');
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- Zero hardcoded credentials in the codebase');
+    lines.push('- Pre-commit hooks are installed and enforced');
+    lines.push('- Every tool connection has documented, scoped permissions');
+    lines.push('- Security scan runs automatically (pre-commit or CI/CD)');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('- Audit trail exists for all production actions');
+        lines.push('- Input validation covers prompt injection patterns');
+        lines.push('- Incident response plan documented and tested');
+    }
+    lines.push('');
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Nothing — security should exist before anything else');
+    lines.push('- **Affects:** Layer 4 (Tools) — every tool connection must be secured');
+    lines.push('- **Affects:** Layer 5 (Orchestration) — each agent is an additional attack surface');
+    lines.push('- **Affects:** Layer 7 (Governance) — security violations should trigger governance workflows');
+    lines.push('- **Alert:** When any new tool or agent is added, this layer must be updated to cover the new surface');
+    lines.push('');
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        if (ctx.risk === 'high' || ctx.risk === 'critical') {
+            lines.push('**STOP adding features.** Set up `.gitignore` for `.env`, install pre-commit hooks (`npx onion-check --guard`), create `security-scan.sh`. This is your top priority.');
+        }
+        else {
+            lines.push('Add `.env` to `.gitignore`, install pre-commit hooks (`npx onion-check --guard`), create basic security rules documentation.');
+        }
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Security scan in CI/CD pipeline, permission auditing for all tool connections, input validation for external data.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Comprehensive security layer: automated scanning, audit logging, incident response plan, regular penetration testing against prompt injection.');
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Audit existing security for gaps. Check: are all tool permissions scoped? Are credentials in `.env`? Are pre-commit hooks running?');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add CI/CD security pipeline. Add input validation for all external data sources.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Automated security monitoring, regular audits, and prompt injection testing.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Security is solid. Schedule a quarterly security review to verify nothing has drifted.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add automated prompt injection testing to CI/CD pipeline.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Bug bounty or red team exercise to stress-test the security layer.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 6));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 7: Governance
+// ---------------------------------------------------------------------------
+function generateGovernanceOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(7, 'Governance', result, ctx));
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.risk) {
+        case 'critical':
+        case 'high':
+            lines.push(`Governance is accountability. When an AI agent makes a decision that costs money (${ctx.riskLabel.toLowerCase()}), someone needs to be responsible, and there needs to be a paper trail. Approval workflows, escalation paths, and compliance frameworks aren't bureaucracy — they're the difference between "we caught it" and "we're in a lawsuit."`);
+            break;
+        default:
+            if (ctx.scale === 'solo') {
+                lines.push('For a solo builder, governance is lightweight — but it still matters. Even if you\'re the only one approving decisions, having a defined escalation path for high-stakes actions (sending money, deleting data, communicating externally) prevents the AI from doing something you\'d never approve while you\'re not looking.');
+            }
+            else {
+                lines.push(`Governance defines who can approve what, when human oversight is required, and what happens when the AI encounters something outside its authority. For your ${ctx.scaleLabel.toLowerCase()} team, this is the difference between controlled autonomy and chaos.`);
+            }
+            break;
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    lines.push('## Operating Rules');
+    lines.push('');
+    if (ctx.scale === 'solo' && ctx.risk !== 'high' && ctx.risk !== 'critical') {
+        lines.push('1. Define a list of actions that always require your explicit approval (sending money, deleting data, external communications).');
+        lines.push('2. The AI must never take an irreversible action without approval.');
+        lines.push('3. Maintain a simple decision log — what the AI decided, when, and with what context.');
+    }
+    else {
+        lines.push('1. High-stakes actions must require human approval before execution.');
+        lines.push('2. Escalation paths must be defined — what happens when the AI encounters something outside its authority?');
+        lines.push('3. Decision audit trail: every autonomous decision must be logged with rationale.');
+        lines.push('4. Approval authority must be role-based — not everyone can approve the same actions.');
+        if (ctx.risk === 'high' || ctx.risk === 'critical') {
+            lines.push('5. Compliance framework must map to industry regulations (SOC 2, GDPR, PCI DSS, etc.).');
+            lines.push('6. Regular governance audits to verify the framework is being followed, not just documented.');
+        }
+    }
+    lines.push('');
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected governance infrastructure:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        if (ctx.scale === 'solo' && ctx.risk !== 'high' && ctx.risk !== 'critical') {
+            lines.push('No governance layer detected. At your scale this is lower priority, but define at minimum which actions require your approval.');
+        }
+        else {
+            lines.push('No governance layer detected. Add approval workflows before scaling autonomous agent actions.');
+        }
+    }
+    lines.push('');
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Setting up governance');
+    if (ctx.scale === 'solo' && ctx.risk !== 'high' && ctx.risk !== 'critical') {
+        lines.push('1. Create a `governance/approval-rules.md` listing actions that require your explicit approval');
+        lines.push('2. Add a decision log template at `governance/decision-log.md`');
+        lines.push('3. Define what "escalation" means — even for a solo builder, some decisions should wait for your review');
+    }
+    else {
+        lines.push('1. Create a `governance/` directory');
+        lines.push('2. Define approval workflows in `governance/approval-rules.md`');
+        lines.push('3. Set up escalation paths in `governance/escalation-policy.md`');
+        lines.push('4. Create role-based authorization matrix');
+        if (ctx.risk === 'high' || ctx.risk === 'critical') {
+            lines.push('5. Map compliance requirements to specific governance controls');
+            lines.push('6. Set up automated compliance monitoring');
+        }
+    }
+    lines.push(`${ctx.scale === 'solo' && ctx.risk !== 'high' && ctx.risk !== 'critical' ? '4' : ctx.risk === 'high' || ctx.risk === 'critical' ? '7' : '5'}. Run \`npx onion-check --status\` to verify Layer 7 score improved`);
+    lines.push('');
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- Every high-stakes action has a defined approval workflow');
+    lines.push('- Autonomous decisions are logged with rationale');
+    lines.push('- Escalation paths are tested — not just documented, actually followed');
+    if (ctx.risk === 'high' || ctx.risk === 'critical') {
+        lines.push('- Compliance framework maps to specific regulatory requirements');
+        lines.push('- Governance audits run quarterly at minimum');
+    }
+    lines.push('');
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Layer 6 (Security) — governance assumes security controls exist');
+    lines.push('- **Affects:** Layer 4 (Tools) — tool actions may require approval before execution');
+    lines.push('- **Affects:** Layer 5 (Orchestration) — agents must respect governance boundaries');
+    lines.push('- **Alert:** When new autonomous capabilities are added, governance rules must be updated');
+    lines.push('');
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        if (ctx.scale === 'solo' && ctx.risk !== 'high' && ctx.risk !== 'critical') {
+            lines.push('Create a simple approval list: which actions need your "yes" before the AI proceeds? Start there.');
+        }
+        else if (ctx.risk === 'high' || ctx.risk === 'critical') {
+            lines.push('This is urgent. Create `governance/` with approval workflows, escalation policies, and compliance mapping. Do this before adding more autonomous capabilities.');
+        }
+        else {
+            lines.push('Create `governance/approval-rules.md` listing actions that require human approval.');
+        }
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Decision logging implemented. Escalation paths tested with real scenarios.');
+        lines.push('');
+        lines.push('### 90 days');
+        if (ctx.risk === 'high' || ctx.risk === 'critical') {
+            lines.push('Full compliance framework with automated monitoring, regular audits, and incident response integration.');
+        }
+        else {
+            lines.push('Mature governance with decision logging, tested escalation paths, and regular review cycles.');
+        }
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Audit existing governance for gaps. Are all high-stakes actions covered? Is the escalation path actually followed?');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add decision logging and compliance mapping.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Automated governance monitoring with alerts on policy violations.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Governance is solid. Schedule quarterly reviews to keep it aligned with current capabilities.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Automate governance reporting and compliance dashboards.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Predictive governance: identify potential violations before they happen based on pattern analysis.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 7));
+    lines.push(footer());
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// Layer 8: Evaluation
+// ---------------------------------------------------------------------------
+function generateEvaluationOps(result, ctx, history) {
+    const lines = [];
+    lines.push(header(8, 'Evaluation', result, ctx));
+    lines.push('## Purpose');
+    lines.push('');
+    switch (ctx.type) {
+        case 'agency':
+            lines.push('Evaluation catches quality drift before your clients do. For agency work, output quality is your reputation. Without evaluation, the AI keeps producing work that looks fine on the surface while slowly drifting from client expectations. By the time someone notices, you\'ve shipped weeks of subpar deliverables.');
+            break;
+        case 'saas':
+            lines.push('Evaluation is your product quality monitoring. For a SaaS product, AI output quality directly correlates with user satisfaction and retention. Without evaluation, quality erodes silently — your NPS drops, support tickets increase, and you don\'t know why because the AI is still "working."');
+            break;
+        case 'content':
+            lines.push('Evaluation is editorial quality control at scale. For a content platform, consistency and quality are the product. Without evaluation, the AI produces content that passes a cursory review but fails to meet the standards that your audience expects. Drift is invisible until your engagement metrics start sliding.');
+            break;
+        default:
+            lines.push(`Evaluation catches quality drift before it compounds. For your ${ctx.typeLabel.toLowerCase()}, this is the difference between "the AI is working" and "the AI is working well." Without evaluation, you're flying blind — the system keeps running while output quality erodes invisibly.`);
+            break;
+    }
+    lines.push('');
+    lines.push(currentState(result));
+    lines.push('## Operating Rules');
+    lines.push('');
+    lines.push('1. Define measurable quality benchmarks — not "output should be good" but specific, testable criteria.');
+    lines.push('2. Run evaluations regularly, not just when something seems wrong. Drift is invisible until it\'s severe.');
+    lines.push('3. Evaluation results must trigger action — a failing benchmark that nobody responds to is worse than no benchmark.');
+    if (ctx.type === 'agency') {
+        lines.push('4. Each client must have client-specific quality benchmarks, not just global standards.');
+        lines.push('5. Client feedback must feed back into evaluation criteria — their complaints define your quality gaps.');
+    }
+    else if (ctx.type === 'saas') {
+        lines.push('4. User feedback signals (thumbs up/down, support tickets, feature usage drop) must feed into evaluation.');
+        lines.push('5. A/B testing framework for skill and prompt changes — don\'t ship changes without measuring impact.');
+    }
+    if (ctx.scale !== 'solo') {
+        lines.push(`${(ctx.type === 'agency' || ctx.type === 'saas') ? '6' : '4'}. Evaluation results must be visible to the whole team, not siloed in one person's dashboard.`);
+    }
+    lines.push('');
+    lines.push('## What\'s Approved');
+    lines.push('');
+    if (result.detected && result.evidence.length > 0) {
+        lines.push('Detected evaluation infrastructure:');
+        for (const ev of result.evidence) {
+            lines.push(`- ${ev}`);
+        }
+    }
+    else {
+        lines.push('No evaluation layer detected. Quality drift is currently invisible.');
+    }
+    lines.push('');
+    lines.push('## How to Extend');
+    lines.push('');
+    lines.push('### Setting up evaluation');
+    lines.push('1. Create an `evaluation/` directory');
+    lines.push('2. Define quality benchmarks in `evaluation/benchmarks.md` with specific, measurable criteria');
+    lines.push('3. Create a quality rubric in `evaluation/quality-rubric.md` — what does "good" look like?');
+    lines.push('4. Set up a feedback collection mechanism (even a simple log file)');
+    lines.push('5. Schedule regular evaluation runs (weekly minimum, daily if high-volume)');
+    lines.push('6. Run `npx onion-check --status` to verify Layer 8 score improved');
+    lines.push('');
+    lines.push('## Quality Standards');
+    lines.push('');
+    lines.push('- Benchmarks are specific and measurable, not subjective');
+    lines.push('- Evaluation runs on a regular schedule, not just ad-hoc');
+    lines.push('- Failing benchmarks trigger a defined response process');
+    lines.push('- Feedback loops exist between evaluation results and upstream layers (context, skills)');
+    lines.push('');
+    lines.push('## Dependencies');
+    lines.push('');
+    lines.push('- **Requires:** Layer 3 (Skills) — evaluation measures skill output quality');
+    lines.push('- **Affects:** Layer 2 (Context) — evaluation results should inform context updates');
+    lines.push('- **Affects:** Layer 3 (Skills) — failing evaluations trigger skill improvements');
+    lines.push('- **Alert:** When skills or context change, re-run evaluation benchmarks immediately');
+    lines.push('');
+    lines.push('## Growth Path');
+    lines.push('');
+    if (!result.detected) {
+        lines.push('### Now (immediate)');
+        lines.push('Create `evaluation/quality-rubric.md` defining what "good output" looks like for your top 3 use cases. Be specific — include examples.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Automated evaluation pipeline: benchmark suite that runs weekly and alerts on quality drift.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Full evaluation loop: benchmarks catch drift, results trigger skill/context updates, improvements are verified by re-evaluation.');
+    }
+    else if (result.contentScore < 50) {
+        lines.push('### Now (immediate)');
+        lines.push('Review existing benchmarks for specificity. If they say "output should be high quality," they\'re not benchmarks — they\'re wishes.');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add feedback loops: evaluation results must trigger specific actions on upstream layers.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Automated drift detection with historical trend analysis.');
+    }
+    else {
+        lines.push('### Now (immediate)');
+        lines.push('Evaluation is solid. Look for blind spots — which use cases aren\'t covered by current benchmarks?');
+        lines.push('');
+        lines.push('### 30 days');
+        lines.push('Add comparative evaluation: test new skill/context versions against baselines before deployment.');
+        lines.push('');
+        lines.push('### 90 days');
+        lines.push('Predictive quality monitoring: detect drift trends before they cross quality thresholds.');
+    }
+    lines.push('');
+    lines.push(changeLog(history, 8));
+    lines.push(footer());
+    return lines.join('\n');
+}
+//# sourceMappingURL=operational-docs.js.map