prizmkit 1.1.72 → 1.1.74

package/bundled/dev-pipeline-windows/templates/bootstrap-tier3.md

@@ -1,20 +1,92 @@
-# PrizmKit Windows Feature Pipeline Prompt (bootstrap-tier3)
+# Dev-Pipeline Session Bootstrap — Tier 3 (Full Team)
 
-You are running in headless non-interactive mode on Windows PowerShell. Use PowerShell-native commands only.
+## Session Context
 
-## Feature
-{{FEATURE_ID}} — {{FEATURE_TITLE}}
+- **Feature ID**: {{FEATURE_ID}} | **Session**: {{SESSION_ID}} | **Run**: {{RUN_ID}}
+- **Complexity**: {{COMPLEXITY}}
+- **Init**: {{INIT_DONE}} | Artifacts: spec={{HAS_SPEC}} plan={{HAS_PLAN}}
+
+## Your Mission
+
+You are the **session orchestrator**. Implement Feature {{FEATURE_ID}}: "{{FEATURE_TITLE}}".
+
+**CRITICAL**: You MUST NOT exit until ALL work is complete and committed. When you spawn subagents, wait for each to finish (run_in_background=false). Do NOT spawn agents in background and exit — that kills the session.
+
+**Tier 3 — Full Team**: For complex features, use the full pipeline (Phase 0–6) with Dev + Reviewer agents spawned via the Agent tool.
+
+**Agent spawn failure policy (all Agent tool calls)**:
+- If spawning Dev, Reviewer, or Critic fails with team/config/lock errors, retry at most once.
+- If the second attempt fails, do not keep spawning variants and do not enter artifact polling for Implementation Log, challenge report, or review report markers.
+- Use the documented inline/recovery fallback for that phase: write the required report yourself where possible, complete remaining Dev work directly in the orchestrator when safe, or write `failure-log.md` with the spawn error and last observable state before stopping for recovery.
+- Apply the same cap to any re-spawn for report repair or resume prompts; do not burn multiple minutes on identical team/config/lock failures.
+
+### Feature Description
 
 {{FEATURE_DESCRIPTION}}
 
-## Required workflow
-1. Read the relevant project context and existing PrizmKit docs.
-2. Create or update the implementation plan in `.prizmkit/specs/{{FEATURE_SLUG}}/plan.md`.
-3. Implement the feature, run targeted validation, and record results in `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md`.
-4. Use browser verification when required by the feature metadata.
-5. Commit the completed feature with the PrizmKit committer workflow.
+{{USER_CONTEXT}}
+
+### Acceptance Criteria
+
+{{ACCEPTANCE_CRITERIA}}
+
+### Project Brief
+
+> Product ideas checklist from planning. Lines marked [x] are already implemented. When your feature touches any [ ] item, ensure alignment. After implementation, mark relevant items [x] and append the key file/directory paths.
+
+{{PROJECT_BRIEF}}
+
+### Dependencies (Already Completed)
+
+{{COMPLETED_DEPENDENCIES}}
+
+### App Global Context
+
+{{GLOBAL_CONTEXT}}
+
+## ⚠️ Context Budget Rules (CRITICAL — read before any phase)
+
+You are running in **headless non-interactive mode** with a FINITE context window. Exceeding it will crash the session and lose all work. Follow these rules strictly:
+
+0. **NON-INTERACTIVE MODE** — There is NO human on the other end. NEVER ask for user confirmation, NEVER wait for user input, NEVER use interactive prompts (e.g. "Would you like me to…"). If a skill has an interactive step (e.g. offer remediation, ask for approval), skip it and proceed autonomously. Make decisions based on the data available and move forward.
+
+1. **context-snapshot.md is your single source of truth** — After Phase 1-2 builds it, ALWAYS read context-snapshot.md instead of re-reading individual source files
+2. **Never re-read your own writes** — After you create/modify a file, do NOT read it back to verify. Trust your write was correct.
+3. **Stay focused** — Do NOT explore code unrelated to this feature. No curiosity-driven reads.
+4. **One task at a time** — In Phase 4 (implement), complete and test one task before starting the next.
+5. **Minimize tool output** — Never load full command output into context. First capture to a temp file (`& { <command> } 2>&1 | Tee-Object (Join-Path $env:TEMP "out.txt") | Select-Object -Last 20`), then scan the first/last lines to identify relevant fields, and use targeted filtering (`Select-String`, regex matching, PowerShell object filtering) to extract only the information needed for the current task. Only read the filtered result — never the raw full output.
+6. **No intermediate commits** — Do NOT run `git add`/`git commit` during Phase 1-5. All changes are committed once at the end in Phase 6 via `/prizmkit-committer`.
+7. **Batch independent operations** — Issue multiple independent `Write`/`Read` calls in a single message turn when they have no dependencies. Combine multiple directory creations into one `New-Item -ItemType Directory -Force` command. Never run `npm test` twice just to apply a different Select-String filter — capture output to `(Join-Path $env:TEMP "test-out.txt")` once and use Select-String on the file.
+
+---
+
+## PrizmKit Directory Convention
+
+```
+.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md  ← orchestrator writes Sections 1-4; Dev appends Implementation Log; Reviewer appends Review Notes
+.prizmkit/specs/{{FEATURE_SLUG}}/spec.md
+.prizmkit/specs/{{FEATURE_SLUG}}/plan.md              ← includes Tasks section
+```
+
+**`context-snapshot.md`** is the shared knowledge base. Orchestrator writes Sections 1-4; Dev appends Implementation Log; Reviewer appends Review Notes. This eliminates redundant I/O across all agents.
+
+---
+
+## Subagent Timeout Recovery
+
+If any agent times out:
+1. `Get-ChildItem -LiteralPath ".prizmkit/specs/{{FEATURE_SLUG}}/" -ErrorAction SilentlyContinue` — check what exists
+2. If `context-snapshot.md` exists: open recovery prompt with `"Read .prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md for project context and any Implementation Log/Review Notes from previous agents. Run git diff HEAD to see actual code changes already made. Do NOT re-read individual source files unless the File Manifest directs you to."` + only remaining steps + `model: "lite"`
+3. Max 2 retries per phase. After 2 failures, orchestrator completes the work directly and appends a Recovery Note to context-snapshot.md.
+
+---
+
+## Execution
+
+### PowerShell Python Helper
+
+Define this helper once in the active PowerShell session before running PrizmKit Python scripts:
 
-## PowerShell checkpoint update
 ```powershell
 function Invoke-PrizmPython {
   param([Parameter(ValueFromRemainingArguments = $true)][string[]]$Arguments)
@@ -36,8 +108,663 @@ function Invoke-PrizmPython {
   }
   throw "Python 3 is required. Install Python and ensure python or py is in PATH."
 }
-Invoke-PrizmPython {{PIPELINE_DIR}}\scripts\update-checkpoint.py --checkpoint-path {{CHECKPOINT_PATH}} --step prizmkit-implement --status completed
 ```
 
-## Failure capture
-If a phase fails, write the failed phase, reason, files touched, and next recommended action to `.prizmkit/specs/{{FEATURE_SLUG}}/failure-log.md`.
+
+{{IF_INIT_NEEDED}}
+### Phase 0: Project Bootstrap
+- Run `/prizmkit-init` (invoke the prizmkit-init skill)
+- Run `Invoke-PrizmPython {{INIT_SCRIPT_PATH}} --project-root {{PROJECT_ROOT}} --feature-id {{FEATURE_ID}} --feature-slug {{FEATURE_SLUG}}`
+- **CP-0**: Verify `.prizmkit/prizm-docs/root.prizm`, `.prizmkit/config.json` exist
+{{END_IF_INIT_NEEDED}}
+{{IF_INIT_DONE}}
+### Phase 0: Record Test Baseline & Detect Test Commands
+
+**Step 1 — Detect test commands**: You know this project's tech stack. Identify ALL test commands that apply (e.g., `go test ./...`, `npm test`, `cargo test`, `pytest`, `make test`, etc.). Record them as `TEST_CMDS`.
+
+**Step 2 — Record pre-existing failure baseline**:
+```powershell
+& { {{TEST_CMD}} } 2>&1 | Tee-Object (Join-Path $env:TEMP "test-baseline.txt") | Select-Object -Last 20
+```
+Save the list of **pre-existing failing tests** (if any) as `BASELINE_FAILURES`. These are known failures that existed before this session — Dev must NOT be blamed for them, but must list them in COMPLETION_SIGNAL.
+
+> **⚠️ Test Output Rule**: Always capture test output to a temp file (`Tee-Object (Join-Path $env:TEMP "test-out.txt")`). Then use Select-String on the file instead of re-running the suite.
+{{END_IF_INIT_DONE}}
+
+### Step 1: Initialize
+
+1. Run init script:
+   `Invoke-PrizmPython {{INIT_SCRIPT_PATH}} --project-root {{PROJECT_ROOT}} --feature-id {{FEATURE_ID}} --feature-slug {{FEATURE_SLUG}}`
+
+2. Check for existing artifacts:
+   `Get-ChildItem -LiteralPath ".prizmkit/specs/{{FEATURE_SLUG}}/" -ErrorAction SilentlyContinue`
+
+{{IF_FRESH_START}}
+```powershell
+Invoke-PrizmPython {{INIT_SCRIPT_PATH}} --project-root {{PROJECT_ROOT}} --feature-id {{FEATURE_ID}} --feature-slug {{FEATURE_SLUG}}
+```
+{{END_IF_FRESH_START}}
+
+### Phase 1-2: Specify + Plan — Orchestrator (you)
+
+Check existing artifacts first:
+```powershell
+Get-ChildItem -LiteralPath ".prizmkit/specs/{{FEATURE_SLUG}}/" -ErrorAction SilentlyContinue
+```
+
+- Both (spec.md, plan.md) exist → **SKIP to CP-1**
+- `context-snapshot.md` exists → use it directly, skip Phase 1
+- Some missing → generate only missing files
+
+Before planning, check whether feature code already exists in the project (search in source directories identified from `root.prizm` or the project tree scan):
+```powershell
+Get-ChildItem -Path . -Recurse -File -Include *.js,*.ts,*.py,*.go,*.java,*.rb,*.rs -ErrorAction SilentlyContinue |
+  Where-Object { $_.FullName -notmatch '\\(node_modules|\.git|dist|build|vendor|\.prizmkit)\\' } |
+  Select-String -Pattern "{{FEATURE_SLUG}}" -List |
+  Select-Object -First 20 -ExpandProperty Path
+```
+
+Record result as `EXISTING_CODE` (list of files, or empty).
+
+If `EXISTING_CODE` is non-empty: your spec/plan/tasks must reflect this existing implementation — document what exists, identify gaps, do NOT re-implement what is already done.
+
+**Step A — Build Context Snapshot** (skip if `context-snapshot.md` already exists):
+
+1. Read `.prizmkit/prizm-docs/root.prizm` and relevant L1/L2 prizm docs
+2. Detect source code directories: read KEY_FILES and STRUCTURE sections from `root.prizm` to identify where source code lives (e.g. `src/`, `app/`, `lib/`, `cmd/`, `packages/`, or project root). If `root.prizm` is missing, scan the project tree:
+   ```powershell
+Get-ChildItem -Path . -Recurse -File -Depth 2 -Include *.js,*.ts,*.py,*.go,*.java,*.rb,*.rs -ErrorAction SilentlyContinue |
+  Where-Object { $_.FullName -notmatch '\\(node_modules|\.git|dist|build|vendor)\\' } |
+  Select-Object -First 30 -ExpandProperty FullName
+```
+   Identify the top-level source directories from the results.
+3. Scan the detected source directories for files related to this feature; read each one
+4. Write `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md`:
+   - **Section 1 — Feature Brief**: feature description (2-3 lines) + acceptance criteria (copy from above)
+   - **Section 2 — Verification Gates**: copy the gate checklist from the Task Contract above
+   - **Section 3 — Key TRAPS & RULES**: extract only relevant TRAPS/RULES from prizm-docs that apply to files in this scope. Do NOT copy full L0/L1/L2 content.
+   - **Section 4 — File Manifest**: For each file relevant to this feature, list: file path, why it's needed (modify/reference/test), key interface signatures (function names + params + return types). Do NOT include full file content — agents read files on-demand. Format:
+     ### Files to Modify
+     | File | Why Needed | Key Interfaces |
+     |------|-----------|----------------|
+     | `<source-dir>/config.js` | Add runtime config layer | `config` (Zod object), `configSchema` |
+
+     ### Files for Reference
+     | File | Why Needed | Key Interfaces |
+     |------|-----------|----------------|
+     | `<source-dir>/security/permission-guard.js` | Permission check integration | `checkCommandPermission(userId, cmd)` |
+
+     ### Known TRAPS (from .prizmkit/prizm-docs/)
+     - <trap entries extracted from L1/L2 docs>
+4. Confirm: `Test-Path -LiteralPath ".prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md"`
+
+**After Step A**: Use context-snapshot.md Section 4 File Manifest to guide targeted file reads. Do NOT scan directories or read unrelated files.
+
+**Step B — Planning Artifacts** (generate only missing files):
+
+```powershell
+@(".prizmkit/specs/{{FEATURE_SLUG}}/spec.md", ".prizmkit/specs/{{FEATURE_SLUG}}/plan.md") | ForEach-Object { if (Test-Path -LiteralPath $_) { $_ } }
+```
+
+- spec.md missing: Run `/prizmkit-plan` → generate spec.md. Resolve any `[NEEDS CLARIFICATION]` markers using the feature description — do NOT pause for interactive input.
+- plan.md missing: Run `/prizmkit-plan` → generate plan.md (architecture, components, interface design, data model, testing strategy, risk assessment, and Tasks section with `[ ]` checkboxes)
+
+> All files go under `.prizmkit/specs/{{FEATURE_SLUG}}/`. Confirm each with `Test-Path` after writing.
+
+**Database Design Gate** (if feature involves data persistence — new tables, schema changes, new entities):
+Before proceeding past CP-1, verify:
+1. Plan.md Data Model section references existing schema/model files (scan for `*.prisma`, `*.sql`, `migrations/`, `models/`, `*.entity.*` files; read them if not already in context-snapshot)
+2. All new tables/fields follow existing naming conventions, ID strategy, timestamp patterns, and constraint style
+3. No `[NEEDS CLARIFICATION]` remains in Data Model section — resolve by reading existing code and making a conservative choice that matches existing patterns. Document the resolution in plan.md.
+4. If a DB design decision genuinely cannot be resolved from existing code alone, document the assumption made and flag it in the Implementation Log for user review.
+
+**CP-1**: Both spec.md and plan.md exist.
+
+### Phase 3: Analyze — Reviewer Agent
+
+Spawn Reviewer agent (Agent tool, subagent_type="prizm-dev-team-reviewer", mode="plan", run_in_background=false).
+
+Spawn failure cap: for team/config/lock errors, retry at most once for this Reviewer spawn. If the second attempt fails, do not poll for report artifacts; fix/check the plan inline or write `failure-log.md` before stopping for recovery.
+
+Prompt:
+> "Read {{REVIEWER_SUBAGENT_PATH}}. For feature {{FEATURE_ID}} (slug: {{FEATURE_SLUG}}):
+> 1. Read `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` FIRST — Section 3 has TRAPS/RULES, Section 4 has file manifest.
+> 2. Cross-check `spec.md` and `plan.md` (including Tasks section) for consistency.
+> 3. Before flagging CRITICAL or HIGH issues, read the relevant source files listed in the File Manifest to verify.
+> Report: CRITICAL, HIGH, MEDIUM issues found (or 'No issues found')."
+
+Wait for Reviewer to return.
+- If CRITICAL issues found: fix them yourself — read `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` for full project context. Fix ONLY the listed CRITICAL issues in spec.md/plan.md. Then re-run analyze (max 1 round).
+
+**CP-2**: No CRITICAL issues.
+
+{{IF_CRITIC_ENABLED}}
+### Phase 3.5: Plan Challenge — Critic Agent(s)
+
+**Guard**: Verify critic agent file exists before spawning:
+```powershell
+if (Test-Path -LiteralPath "{{CRITIC_SUBAGENT_PATH}}") { "CRITIC:READY" } else { "CRITIC:MISSING" }
+```
+If CRITIC:MISSING — skip Phase 3.5 entirely and proceed to Phase 4. Log: "Critic agent not installed — skipping Plan Challenge."
+
+**Choose ONE path based on `{{CRITIC_COUNT}}`:**
+
+**If {{CRITIC_COUNT}} = 1 → Single Critic** (skip to CP-2.5 after this):
+
+Spawn Critic agent (Agent tool, subagent_type="prizm-dev-team-critic", mode="plan", run_in_background=false).
+
+Spawn failure cap: for team/config/lock errors, retry at most once for this Critic spawn. If the second attempt fails, do not poll for challenge reports; perform the plan challenge inline and record the fallback.
+
+Prompt:
+> "Read {{CRITIC_SUBAGENT_PATH}}. For feature {{FEATURE_ID}} (slug: {{FEATURE_SLUG}}):
+> **MODE: Plan Challenge**
+> 1. Read `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` FIRST — Section 3 has TRAPS/RULES, Section 4 has file manifest.
+> 2. Read `.prizmkit/prizm-docs/root.prizm` and relevant L1/L2 docs for affected modules.
+> 3. Read existing source files in the modules this plan touches.
+> 4. Challenge plan.md against the project's existing architecture, patterns, and style.
+> Write `.prizmkit/specs/{{FEATURE_SLUG}}/challenge-report.md` with findings (or 'No significant challenges')."
+
+**If {{CRITIC_COUNT}} = 3 → Multi-Critic Voting** (skip Single Critic above):
+
+Spawn 3 Critic agents sequentially (each with mode="plan", run_in_background=false), each with a different focus lens:
+
+Critic-A prompt (append to base prompt above):
+> "**Focus Lens: Architecture & Scalability.** Prioritize: architectural pattern fit, scalability implications, over-engineering risks, component boundary design.
+> Write `.prizmkit/specs/{{FEATURE_SLUG}}/challenge-report-A.md`."
+
+Critic-B prompt (append to base prompt above):
+> "**Focus Lens: Data Model & Edge Cases.** Prioritize: data model design fit, entity relationships, edge cases in business logic, missing boundary conditions.
+> Write `.prizmkit/specs/{{FEATURE_SLUG}}/challenge-report-B.md`."
+
+Critic-C prompt (append to base prompt above):
+> "**Focus Lens: Security & Performance.** Prioritize: security attack surface, authentication/authorization gaps, performance bottlenecks, resource leaks.
+> Write `.prizmkit/specs/{{FEATURE_SLUG}}/challenge-report-C.md`."
+
+After all critics return, read all 3 reports:
+- Challenge raised by **2/3 or more** critics → **must respond** (adjust plan or justify why not)
+- Challenge raised by **1/3 only** → logged in context-snapshot but not blocking
+- Max 1 plan revision round.
+
+**CP-2.5**: Plan challenges reviewed and resolved.
+{{END_IF_CRITIC_ENABLED}}
+
+### Phase 4: Implement — Dev Agent
+
+**Build artifacts rule** (passed to Dev): After any build/compile command (`go build`, `npm run build`, `tsc`, etc.), ensure the output binary or build directory is in `.gitignore`. Never commit compiled binaries, build output, or generated artifacts.
+
+Before spawning Dev, check plan.md Tasks section:
+```powershell
+if (Test-Path -LiteralPath ".prizmkit/specs/{{FEATURE_SLUG}}/plan.md") {
+  (Select-String -Path ".prizmkit/specs/{{FEATURE_SLUG}}/plan.md" -Pattern '^- \[ \]' -ErrorAction SilentlyContinue).Count
+} else {
+  0
+}
+```
+- If result is `0` (all tasks already `[x]`) → **SKIP Phase 4**, go directly to Phase 5. Do NOT spawn Dev.
+- If result is non-zero → spawn Dev agent below.
+
+Spawn Dev agent (Agent tool, subagent_type="prizm-dev-team-dev", run_in_background=false).
+
+Spawn failure cap: for team/config/lock errors, retry at most once for this Dev spawn. If the second attempt fails, do not poll for `## Implementation Log`; write `failure-log.md` and either implement remaining tasks directly in the orchestrator or stop for recovery.
+
+Prompt:
+> "Read {{DEV_SUBAGENT_PATH}}. Implement feature {{FEATURE_ID}} (slug: {{FEATURE_SLUG}}).
+> **IMPORTANT**: Read `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` FIRST — Section 3 has TRAPS/RULES, Section 4 has File Manifest with paths and interfaces.
+> ⚠️ DO NOT re-read source files already listed in Section 4 File Manifest unless you need implementation detail beyond the interface summary.
+> 1. Read `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` for full context.
+> 2. Run `/prizmkit-implement` to execute the tasks in plan.md. Run tests with: `{{TEST_CMD}}`. Known baseline failures (pre-existing, not your fault): `{{BASELINE_FAILURES}}`.
+> 3. If plan.md has more than 5 tasks: run `/compact` after completing every 3 tasks to manage context budget. If `/compact` is unavailable, continue without it.
+> 4. After implement completes, verify the '## Implementation Log' section was written to context-snapshot.md.
+> 5. Do NOT execute any git commands (no git add/commit/reset/push).
+> Do NOT exit until all tasks are [x] and the '## Implementation Log' section is written in context-snapshot.md."
+
+**Gate Check — Implementation Log**:
+After Dev agent returns, verify the Implementation Log was written:
+```powershell
+if (Select-String -Path ".prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md" -Pattern "## Implementation Log" -Quiet -ErrorAction SilentlyContinue) { "GATE:PASS" } else { "GATE:MISSING" }
+```
+If GATE:MISSING — send message to Dev (re-spawn if needed): "Write the '## Implementation Log' section to context-snapshot.md before I can proceed to review. Include: files changed/created, key decisions, deviations from plan, notable discoveries."
+
+Wait for Dev to return. **If Dev times out before all tasks are `[x]`**:
+1. Check progress: `(Select-String -Path ".prizmkit/specs/{{FEATURE_SLUG}}/plan.md" -Pattern '^- \[ \]' -ErrorAction SilentlyContinue).Count`
+2. If any tasks remain: re-spawn Dev with this recovery prompt:
+   > "Read {{DEV_SUBAGENT_PATH}}. You are resuming implementation of feature {{FEATURE_ID}} (slug: {{FEATURE_SLUG}}).
+   > 1. Read `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` — Section 4 has File Manifest, 'Implementation Log' (if present) shows what was already done.
+   > 2. Run `git diff HEAD` to see actual code changes already made.
+   > 3. Run `/prizmkit-implement` to complete the remaining `[ ]` tasks. Run tests with: `{{TEST_CMD}}`.
+   > 4. Do NOT execute any git commands."
+3. Max 2 recovery retries. After 2 failures, orchestrator implements remaining tasks directly.
+
+All tasks `[x]`, tests pass.
+
+### Phase 5: Review + Test — Reviewer Agent
+
+Spawn Reviewer agent (Agent tool, subagent_type="prizm-dev-team-reviewer", run_in_background=false).
+
+Spawn failure cap: for team/config/lock errors, retry at most once for this Reviewer spawn. If the second attempt fails, do not poll for `review-report.md`; write `failure-log.md` with the spawn error and last observable state before stopping or performing an inline fallback.
+
+Prompt:
+> "Read {{REVIEWER_SUBAGENT_PATH}}. For feature {{FEATURE_ID}} (slug: {{FEATURE_SLUG}}):
+> 1. Read `.prizmkit/specs/{{FEATURE_SLUG}}/spec.md` for goals and acceptance criteria
+> 2. Read `.prizmkit/specs/{{FEATURE_SLUG}}/plan.md` for architecture decisions and completed tasks
+> 3. Run /prizmkit-code-review with artifact_dir=.prizmkit/specs/{{FEATURE_SLUG}}/. The skill runs an internal review-fix loop (Reviewer → filter → Dev fix, max 3 rounds) and writes review-report.md.
+> 4. Run the full test suite using `{{TEST_CMD}}`. When running tests: `& { {{TEST_CMD}} } 2>&1 | Tee-Object (Join-Path $env:TEMP "review-test-out.txt") | Select-Object -Last 20`, then Select-String `(Join-Path $env:TEMP "review-test-out.txt")` for details — do NOT re-run the suite multiple times.
+> 5. review-report.md will be written to .prizmkit/specs/{{FEATURE_SLUG}}/ by prizmkit-code-review.
+> Report: verdict (PASS/NEEDS_FIXES), number of rounds, findings fixed/rejected."
+
+Wait for Reviewer to return.
+
+**Gate Check — Review Report**:
+After Reviewer agent returns, verify the review report was written:
+```powershell
+if (Select-String -Path ".prizmkit/specs/{{FEATURE_SLUG}}/review-report.md" -Pattern "## Verdict" -Quiet -ErrorAction SilentlyContinue) { "GATE:PASS" } else { "GATE:MISSING" }
+```
+If GATE:MISSING:
+- Do not re-spawn Reviewer or re-run `/prizmkit-code-review` in an unbounded report-repair loop.
+- Perform one bounded status check; retry at most once: inspect Reviewer output, code-review skill output, `review-report.md` path, and any Reviewer/Dev spawn messages.
+- If the missing report is caused by team/config/lock errors from Reviewer or the internal code-review loop, write `failure-log.md` with the spawn/skill error and last observable state.
+- If the report is still missing after that single check/retry, either perform a safe inline fallback review and write `review-report.md` with `## Verdict`, or stop with a clear recovery failure.
+
+Read `review-report.md` and check the Verdict:
+- `PASS` → proceed to next phase
+- `NEEDS_FIXES` → the skill exhausted its max rounds; log the remaining findings and proceed
+
+**CP-3**: Integration tests pass, review complete.
+
+{{IF_BROWSER_INTERACTION}}
+### Phase 5.5: Browser Verification — MANDATORY
+
+You MUST execute this phase. Do NOT skip it.
+
+**Browser Tool**: {{BROWSER_TOOL}}
+
+{{IF_BROWSER_TOOL_PLAYWRIGHT}}
+**Using: playwright-cli**
+
+**CRITICAL CONSTRAINT — playwright-cli ONLY, NO Playwright MCP**:
+- You MUST use `playwright-cli` (the CLI tool) for ALL browser interactions in this phase
+- **NEVER** use Playwright MCP server, Playwright MCP tools, or any MCP-based browser automation
+- If you have Playwright MCP configured, IGNORE it entirely — use the CLI command `playwright-cli` exclusively
+- All browser actions go through `playwright-cli <command>` in the PowerShell tool, not through any MCP tool call
+
+**Step 0 — Playwright CLI Readiness Check (BLOCKING — must pass before any browser action)**:
+
+0a. Check if `playwright-cli` is installed:
+```powershell
+$playwright = Get-Command playwright-cli -ErrorAction SilentlyContinue
+if ($playwright) { playwright-cli --version } else { "NOT_INSTALLED" }
+```
+If output is `NOT_INSTALLED`, install it:
+```powershell
+npm install -g @playwright/cli@latest
+```
+Then verify installation succeeded:
+```powershell
+playwright-cli --version
+```
+If installation fails, log the error in context-snapshot.md under `## Browser Verification: SKIPPED — playwright-cli installation failed` and proceed to the next phase. Do NOT attempt browser verification without playwright-cli.
+
+0b. Learn playwright-cli usage (run once per session to understand available commands):
+```powershell
+playwright-cli --help
+```
+Use this output to determine the correct commands for your verification steps. Do NOT guess command syntax — refer to the help output.
+
+0c. Check if playwright-cli skill is installed for the current AI platform:
+```powershell
+$currentPlatform = "unknown"
+$skillDir = $null
+if (Get-Command claude -ErrorAction SilentlyContinue) {
+  $currentPlatform = "claude"
+  $skillDir = Join-Path $HOME ".claude\skills"
+} elseif (Get-Command cbc -ErrorAction SilentlyContinue) {
+  $currentPlatform = "codebuddy"
+  $skillDir = Join-Path $HOME ".cbc\skills"
+}
+
+$skillExists = $false
+if ($skillDir) {
+  $directSkill = Join-Path $skillDir "playwright-cli"
+  $matchingSkills = Get-ChildItem -Path $skillDir -Filter "playwright*" -ErrorAction SilentlyContinue
+  $skillExists = (Test-Path -LiteralPath $directSkill) -or [bool]$matchingSkills
+}
+if ($skillExists) { "SKILL_EXISTS" } else { "SKILL_MISSING" }
+```
+If `SKILL_MISSING`:
+```powershell
+playwright-cli install --skills
+```
+If the current platform is NOT claude, move the installed skill files to the correct location:
+```powershell
+$claudeSkillDir = Join-Path $HOME ".claude\skills"
+$sourceSkill = Join-Path $claudeSkillDir "playwright-cli"
+if ($currentPlatform -ne "claude" -and $currentPlatform -ne "unknown" -and $skillDir -and (Test-Path -LiteralPath $sourceSkill)) {
+  New-Item -ItemType Directory -Force -Path $skillDir | Out-Null
+  Copy-Item -Recurse -Force -Path $sourceSkill -Destination $skillDir
+  "Moved playwright-cli skill from claude to $currentPlatform"
+}
+```
+
+0d. Read the installed playwright-cli skill for workflow guidance:
+After skill installation, read the skill's SKILL.md to understand recommended workflows and patterns. Use these patterns to construct your verification flow — do NOT invent your own patterns if the skill provides them.
+
+**Step 1 — Start Dev Server**:
+
+You know this project's tech stack. Detect and start the dev server yourself:
+
+1. Identify the dev server start command from project config (`package.json` scripts, `Makefile`, `docker-compose.yml`, etc.)
+2. **Detect the dev server port** — use the pre-detected port from pipeline if available, otherwise extract from project config. Do NOT hardcode or guess the port:
+   ```powershell
+   $DEV_PORT = "{{DEV_PORT}}"
+   if ($DEV_PORT -eq "{{DEV_PORT}}" -or [string]::IsNullOrWhiteSpace($DEV_PORT)) {
+     $detectedPort = ""
+     if (Test-Path -LiteralPath "package.json") {
+       $detectedPort = node -e "const p=require('./package.json'); const s=(p.scripts?.dev) || ''; const m=s.match(/-p\s+(\d+)/); console.log(m?m[1]:'')"
+     }
+     if (-not $detectedPort -and $env:NEXT_PUBLIC_SITE_URL -match ':([0-9]+)') {
+       $detectedPort = $Matches[1]
+     }
+     if ($detectedPort) { $DEV_PORT = $detectedPort } else { $DEV_PORT = "3000" }
+   }
+   "Detected DEV_PORT=$DEV_PORT"
+   ```
+3. Verify the port is available and start the dev server in the background, capturing its process id:
+   ```powershell
+   $portBusy = Get-NetTCPConnection -LocalPort ([int]$DEV_PORT) -ErrorAction SilentlyContinue
+   if ($portBusy) { "PORT_IN_USE" } else { "PORT_FREE" }
+   $devServerCommand = "<start-command>"
+   $server = Start-Process -FilePath "powershell" -ArgumentList @("-NoProfile", "-Command", $devServerCommand) -PassThru
+   $DEV_SERVER_PID = $server.Id
+   ```
+
+   Wait for server to be ready: poll `http://localhost:$DEV_PORT` until it returns 200 or 302 (max 30 seconds, 2s interval):
+   ```powershell
+   $ready = $false
+   for ($i = 0; $i -lt 15; $i++) {
+     try {
+       $response = Invoke-WebRequest -Uri "http://localhost:$DEV_PORT" -UseBasicParsing -TimeoutSec 2
+       if ($response.StatusCode -in @(200, 302)) { $ready = $true; break }
+     } catch {
+       Start-Sleep -Seconds 2
+     }
+   }
+   if (-not $ready) { "DEV_SERVER_NOT_READY" }
+   ```
+4. Open the app in playwright-cli: `playwright-cli open "http://localhost:$DEV_PORT"`
+5. If the page requires authentication, use playwright-cli to register a test user and log in first
+
+**Step 2 — Verification**:
+
+Use `playwright-cli snapshot` on the running app to discover actual element refs, then verify these goals:
+{{BROWSER_VERIFY_STEPS}}
+
+Construct your verification workflow based on:
+1. The playwright-cli skill documentation (read in Step 0d)
+2. The `playwright-cli --help` output (captured in Step 0b)
+3. The current task's Verification Gates and implemented features
+
+Decide the concrete playwright-cli actions (click, fill, snapshot, screenshot, etc.) yourself based on the snapshot output and your knowledge of the implemented code. The goals above describe WHAT to verify — you determine HOW using playwright-cli commands.
+
+Take a final screenshot for evidence: `playwright-cli screenshot`
+
+**Step 3 — Cleanup (REQUIRED — you started it, you stop it)**:
+
+1. Close the playwright-cli browser: `playwright-cli close`
+2. Stop the dev server process and any remaining process bound to the dev server port:
+   ```powershell
+   if ($DEV_SERVER_PID) { Stop-Process -Id $DEV_SERVER_PID -Force -ErrorAction SilentlyContinue }
+   Get-NetTCPConnection -LocalPort ([int]$DEV_PORT) -ErrorAction SilentlyContinue |
+     Select-Object -ExpandProperty OwningProcess -Unique |
+     ForEach-Object { Stop-Process -Id $_ -Force -ErrorAction SilentlyContinue }
+   ```
+
+{{END_IF_BROWSER_TOOL_PLAYWRIGHT}}
+{{IF_BROWSER_TOOL_OPENCLI}}
+**Using: opencli** (reuses Chrome logged-in sessions)
+
+**CRITICAL CONSTRAINT — opencli browser ONLY**:
+- You MUST use `opencli browser` for ALL browser interactions in this phase
+- All browser actions go through `opencli browser <command>` in the PowerShell tool
+
+**Step 0 — OpenCLI Readiness Check (BLOCKING)**:
+
+0a. Check if `opencli` is installed:
+```powershell
+$opencli = Get-Command opencli -ErrorAction SilentlyContinue
+if ($opencli) { opencli --version } else { "NOT_INSTALLED" }
+```
+If `NOT_INSTALLED`: `npm install -g @jackwener/opencli@latest`. If installation fails, log `## Browser Verification: SKIPPED — opencli installation failed` and proceed.
+
+0b. Verify Browser Bridge: `opencli doctor`. If fails, log skip and proceed.
+
+0c. Learn usage:
+```powershell
+opencli browser --help 2>$null
+if ($LASTEXITCODE -ne 0) { opencli --help }
+```
+
+**Step 1 — Start Dev Server**: use the same port detection and server lifecycle pattern as the playwright-cli path:
+```powershell
+$DEV_PORT = "{{DEV_PORT}}"
+if ($DEV_PORT -eq "{{DEV_PORT}}" -or [string]::IsNullOrWhiteSpace($DEV_PORT)) {
+  $detectedPort = ""
+  if (Test-Path -LiteralPath "package.json") {
+    $detectedPort = node -e "const p=require('./package.json'); const s=(p.scripts?.dev) || ''; const m=s.match(/-p\s+(\d+)/); console.log(m?m[1]:'')"
+  }
+  if (-not $detectedPort -and $env:NEXT_PUBLIC_SITE_URL -match ':([0-9]+)') {
+    $detectedPort = $Matches[1]
+  }
+  if ($detectedPort) { $DEV_PORT = $detectedPort } else { $DEV_PORT = "3000" }
+}
+"Detected DEV_PORT=$DEV_PORT"
+```
+```powershell
+$portBusy = Get-NetTCPConnection -LocalPort ([int]$DEV_PORT) -ErrorAction SilentlyContinue
+if ($portBusy) { "PORT_IN_USE" } else { "PORT_FREE" }
+$devServerCommand = "<start-command>"
+$server = Start-Process -FilePath "powershell" -ArgumentList @("-NoProfile", "-Command", $devServerCommand) -PassThru
+$DEV_SERVER_PID = $server.Id
+```
+
+Wait for server to be ready: poll `http://localhost:$DEV_PORT` until it returns 200 or 302 (max 30 seconds, 2s interval):
+```powershell
+$ready = $false
+for ($i = 0; $i -lt 15; $i++) {
+  try {
+    $response = Invoke-WebRequest -Uri "http://localhost:$DEV_PORT" -UseBasicParsing -TimeoutSec 2
+    if ($response.StatusCode -in @(200, 302)) { $ready = $true; break }
+  } catch {
+    Start-Sleep -Seconds 2
+  }
+}
+if (-not $ready) { "DEV_SERVER_NOT_READY" }
+```
+
+Start server, wait for ready, then:
+```powershell
+opencli browser open "http://localhost:$DEV_PORT"
+if ($LASTEXITCODE -eq 0) { opencli browser state }
+```
+
+**Step 2 — Verification**:
+
+Use `opencli browser state` to discover elements with `[N]` indices, then verify:
+{{BROWSER_VERIFY_STEPS}}
+
+Chain commands in PowerShell with semicolons and inspect each result, for example: `opencli browser click <N>; opencli browser wait time 1; opencli browser state`
+
+**Step 3 — Cleanup**:
+1. `opencli browser close`
+2. Stop the dev server process and any remaining process bound to the dev server port:
+   ```powershell
+   if ($DEV_SERVER_PID) { Stop-Process -Id $DEV_SERVER_PID -Force -ErrorAction SilentlyContinue }
+   Get-NetTCPConnection -LocalPort ([int]$DEV_PORT) -ErrorAction SilentlyContinue |
+     Select-Object -ExpandProperty OwningProcess -Unique |
+     ForEach-Object { Stop-Process -Id $_ -Force -ErrorAction SilentlyContinue }
+   ```
+
+{{END_IF_BROWSER_TOOL_OPENCLI}}
+{{IF_BROWSER_TOOL_AUTO}}
+**Tool Selection**: Choose the best browser tool at runtime.
+
+**Step 0 — Detect available tools**:
+```powershell
+"=== playwright-cli ==="
+$playwright = Get-Command playwright-cli -ErrorAction SilentlyContinue
+if ($playwright) { playwright-cli --version } else { "NOT_INSTALLED" }
+"=== opencli ==="
+$opencli = Get-Command opencli -ErrorAction SilentlyContinue
+if ($opencli) { opencli --version } else { "NOT_INSTALLED" }
+if ($opencli) {
+  opencli doctor 2>$null
+  if ($LASTEXITCODE -ne 0) { "OPENCLI_BRIDGE_FAILED" }
+}
+```
+
+**Decision table**:
+| Condition | Tool |
+|-----------|------|
+| Only playwright-cli available | playwright-cli |
+| Only opencli available (doctor passes) | opencli |
+| Both — local dev server, forms, components | playwright-cli |
+| Both — needs real login state (OAuth/SSO) | opencli |
+| Both — third-party integration verification | opencli |
+| Neither available | Install playwright-cli as default |
+
+Then follow the corresponding tool's workflow above (Steps 1-3).
+
+{{END_IF_BROWSER_TOOL_AUTO}}
+
+**Step 4 — Reporting**:
+
+Append results to `context-snapshot.md`:
+```
+## Browser Verification
+Tool: <playwright-cli or opencli>
+URL: http://localhost:$DEV_PORT
+Dev Server Command: <actual command used>
+Tool version: <version>
+Steps executed: [list of commands used]
+Screenshot: [path]
+Result: PASS / FAIL (reason)
+Server cleanup: confirmed
+Browser cleanup: confirmed
+```
+
+If verification fails, log the failure details but continue to commit. Failures do NOT block the commit, but you MUST attempt verification and MUST clean up the dev server.
+{{END_IF_BROWSER_INTERACTION}}
+
+### Phase 6: Retrospective & Commit (SINGLE COMMIT) — DO NOT SKIP
+
+**Bug Fix Documentation Policy**:
+- DEFAULT: Run `/prizmkit-retrospective` with structural sync only (update file counts, interfaces, dependencies). Skip knowledge injection.
+- UPDATE DOCS (run full retrospective — Job 1 + Job 2) when bug fix causes: interface signature changes, dependency additions/removals, observable behavior changes to existing features, or newly discovered TRAPs.
+- Simple bugs: No new spec.md/plan.md needed. Use fast path.
+- Complex bugs (multi-module, cascading): Use `/prizmkit-plan` with `artifact_dir=.prizmkit/bugfix/<BUG_ID>/`.
+- Commit prefix: `fix(<scope>):` (not `feat:`).
+
+**6a.** Check if feature already committed:
+```powershell
+git log --oneline | Select-String -Pattern "{{FEATURE_ID}}" | Select-Object -First 3
+```
+- If a commit for `{{FEATURE_ID}}` already exists → **skip 6d** (do NOT run /prizmkit-committer, do NOT run git reset, do NOT stage or unstage anything). Proceed directly to 6e Final verification.
+- If no existing commit → proceed normally with 6b–6d.
+
+**6b.** Run `/prizmkit-retrospective` (**before commit**, maintains `.prizmkit/prizm-docs/` architecture index):
+- **Structural sync**: update KEY_FILES/INTERFACES/DEPENDENCIES/file counts for changed modules
+- **Architecture knowledge** (feature sessions only): extract TRAPS, RULES, DECISIONS from completed work into `.prizmkit/prizm-docs/`
+- **L2 coverage check**: For any module/sub-module with source files created or significantly modified in this session but no L2 `.prizm` doc — evaluate whether L2 is warranted and create if so. The current session has the best context for accurate KEY_FILES, TRAPS, and DECISIONS.
+- Stage doc changes: `git add .prizmkit/prizm-docs/`
+⚠️ Do NOT commit here. Only stage.
+- **For bug-fix sessions**: structural sync (Job 1) by default. Run knowledge injection (Job 2) when the fix causes interface signature changes, dependency additions/removals, observable behavior changes, or reveals new TRAPs
+
+**6c.** Stage all feature code explicitly (NEVER use `git add -A` or `git add .`):
+```powershell
+git add <specific-files-created-or-modified>
+git add .prizmkit/prizm-docs/
+```
+
+**6d.** Run `/prizmkit-committer` → THE ONLY commit for this feature:
+`feat({{FEATURE_ID}}): {{FEATURE_TITLE}}`
+This single commit includes: feature code + tests + .prizmkit/prizm-docs/ updates. Do NOT push.
+- MANDATORY: commit must be done via `/prizmkit-committer` skill. Do NOT run manual `git add`/`git commit` as a substitute.
+- Do NOT run `update-feature-status.py` here — the pipeline runner handles feature-list.json updates automatically after session exit.
+
+**6e.** Final verification:
+```powershell
+git status --short
+```
+Working tree MUST be clean after this step. If any feature-related files remain, stage them into the SAME commit via `git add <file>; if ($LASTEXITCODE -eq 0) { git commit --amend --no-edit }`, do NOT create a separate commit.
+
+**Exception**: `session-summary.md` in the artifact directory is a local cross-session artifact generated by `/prizmkit-committer` — it is NOT committed to git. Ignore it in the clean-tree check.
+
+**6f.** Write completion summary for downstream dependency context:
+
+Write `.prizmkit/specs/{{FEATURE_SLUG}}/completion-summary.json` with the key changes from this session. This file is NOT committed to git — the pipeline runner reads it to propagate context to dependent features.
+
+```json
+{
+  "completion_notes": [
+    "<each item: one key change, API, model, or integration point that downstream features may need>",
+    "Example: Added User model (id, email, password_hash, display_name) in prisma/schema.prisma",
+    "Example: POST /api/auth/register and POST /api/auth/login endpoints in src/api/auth.ts",
+    "Example: Auth middleware in src/middleware/auth.ts — validates JWT on protected routes"
+  ]
+}
+```
+
+Rules for writing completion notes:
+- Focus on **what downstream features need to know**: new APIs, models, exported functions, key file paths
+- Each note should be self-contained and concise (one line, under 120 characters preferred)
+- Include 3-8 notes covering the most important changes
+- Do NOT include test files, config changes, or internal implementation details unless they affect other features
+- If this feature has no downstream dependents, still write the summary (it serves as documentation)
+
+## Critical Paths
+
+| Resource | Path |
+|----------|------|
+| Feature Artifacts Dir | `.prizmkit/specs/{{FEATURE_SLUG}}/` |
+| Context Snapshot | `.prizmkit/specs/{{FEATURE_SLUG}}/context-snapshot.md` |
+| Team Config | `{{TEAM_CONFIG_PATH}}` |
+| Dev Agent Def | {{DEV_SUBAGENT_PATH}} |
+| Reviewer Agent Def | {{REVIEWER_SUBAGENT_PATH}} |
+{{IF_CRITIC_ENABLED}}
+| Critic Agent Def | {{CRITIC_SUBAGENT_PATH}} |
+{{END_IF_CRITIC_ENABLED}}
+| Project Root | {{PROJECT_ROOT}} |
+| Feature List Path | {{FEATURE_LIST_PATH}} |
+
+## Failure Capture Protocol
+
+If you encounter an unrecoverable error, context overflow, or are about to exit without completing all phases:
+
+1. Write `.prizmkit/specs/{{FEATURE_SLUG}}/failure-log.md` BEFORE exiting:
+   ```
+   FAILURE_TYPE: timeout | test_failure | review_rejected | context_overflow | unknown
+   PHASE: <Get-Command phase failed>
+   ROOT_CAUSE: <1-2 sentence explanation>
+   ATTEMPTED: <approaches already tried>
+   SUGGESTION: <what the next session should try differently>
+   DISCOVERED_TRAPS:
+   - [CRITICAL|HIGH|LOW] <gotcha discovered during this failed session> | FIX: <approach>
+   ```
+
+2. This file is intentionally lightweight — write it BEFORE context runs out.
+
+**Lifecycle**: failure-log.md is a temporary cross-session artifact. Do NOT commit it to git. After a successful session (all phases complete + commit done), delete it:
+```powershell
+Remove-Item -Force -ErrorAction SilentlyContinue .prizmkit/specs/{{FEATURE_SLUG}}/failure-log.md
+```
+
+## Reminders
+
+- Tier 3: full team — Dev (implementation) → Reviewer (review + test) — spawn agents directly via Agent tool
+- context-snapshot.md is append-only: orchestrator writes Sections 1-4, Dev appends Implementation Log, Reviewer appends Review Notes
+- Gate checks enforce Implementation Log and Review Notes are written before proceeding
+- Do NOT use `run_in_background=true` when spawning agents
+- Commit phase must use `/prizmkit-committer`; do NOT replace with manual git commit commands
+- Do NOT run `git add`/`git commit` during Phase 1-5 — all changes are committed once in Phase 6
+- If any files remain after the commit, amend the existing commit — do NOT create a follow-up commit
+- When staging files, always use explicit file names — NEVER use `git add -A` or `git add .`
+- On timeout: check snapshot → model:lite → remaining steps only → max 2 retries → orchestrator fallback