npm - scene-capability-engine - Versions diffs - 3.0.8 → 3.2.0 - Mend

scene-capability-engine 3.0.8 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -8,8 +8,63 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Added
+- **Interactive approval role-policy step-up**: `interactive-approval-workflow` now supports optional role-based action authorization (`--role-policy`, `--actor-role`) and loop/flow/scene commands can pass role policy and actor roles (`--approval-role-policy`, `--approval-actor-role`, `--approver-actor-role`) for separation-of-duties governance.
+- **Interactive runtime policy + work-order default pipeline**: Added `interactive-runtime-policy-evaluate` and `interactive-work-order-build`, integrated both into `interactive-customization-loop` and `interactive-flow` (including `sce scene interactive-loop/interactive-flow` passthrough), with default `runtime_mode=ops-fix`, `runtime_environment=staging`, runtime non-allow fail gate option, and auditable work-order artifacts.
+- **Release weekly ops closed-loop summary**: Added `node scripts/release-ops-weekly-summary.js` (npm alias `npm run report:release-ops-weekly`) to aggregate handoff evidence, release-gate history, interactive governance, and matrix signals into one weekly risk/recommendation card (`weekly-ops-summary.json|.md`).
+- **Release workflow weekly ops asset publication**: `release.yml` now exports and publishes `weekly-ops-summary-<tag>.json|.md` alongside governance snapshot and Moqui release evidence assets.
+- **Release weekly ops hard gate**: Added `node scripts/release-weekly-ops-gate.js` (npm alias `npm run gate:release-ops-weekly`) and wired release workflow defaults to block publish when weekly ops summary risk exceeds `medium` (configurable via `KSE_RELEASE_WEEKLY_OPS_*` variables).
+- **Unified weekly+drift remediation bundle**: Added `node scripts/release-risk-remediation-bundle.js` (npm alias `npm run report:release-risk-remediation`) and wired release workflow to publish `release-risk-remediation-<tag>.json|.md|.lines` assets derived from merged gate signals.
+- **Release asset integrity hard gate**: Added `node scripts/release-asset-integrity-check.js` (npm alias `npm run gate:release-asset-integrity`) and wired `release.yml` to block publish on missing/empty core release-evidence assets, while exporting `release-asset-integrity-<tag>.json|.md`.
+- **Interactive dialogue governance baseline**: Added `node scripts/interactive-dialogue-governance.js`, baseline policy `docs/interactive-customization/dialogue-governance-policy-baseline.json`, and loop/flow integration so embedded assistants emit `allow|clarify|deny` dialogue decisions with clarification prompts before planning.
+- **Interactive password authorization gate for apply actions**: `interactive-plan-build` now emits `plan.authorization` defaults, `interactive-approval-workflow` enforces password-protected execute transitions (`--password`, `--password-hash`, `--password-hash-env`), and `interactive-customization-loop` / `interactive-flow` pass through auth options with command redaction for secret-safe artifacts.
+- **Profile intake fixtures and validation tests**: Added `tests/fixtures/handoff-profile-intake/{default,moqui,enterprise}` and `tests/unit/starter-kit/handoff-profile-intake-fixtures.test.js` to keep profile onboarding samples executable and regression-safe.
+- **Release-ready starter kit + security baseline docs**: Added `docs/starter-kit/*` and `docs/security-governance-default-baseline.md`, and wired checklist/index docs so external projects can onboard with default manifest/workflow/safety policy.
 - **Capability lexicon hard gate end-to-end defaultization**: `sce auto handoff run` and `sce auto handoff capability-matrix` now enforce unknown Moqui capability alias blocking by default (expected/provided), emit lexicon gate telemetry into release evidence, and promote those signals into governance risk/concern/recommendation/close-loop block decisions.
 - **Moqui release summary report helper**: Added `node scripts/moqui-release-summary.js` (and npm alias `npm run report:moqui-summary`) to consolidate handoff evidence + baseline + lexicon + capability-matrix into a single release-gate verdict (`passed|failed|incomplete`) with remediation commands.
+- **Moqui release summary interactive-governance signal merge**: `moqui-release-summary` now ingests interactive governance report input by default (`.kiro/reports/interactive-governance-report.json`) and surfaces alert-state remediation hints in release summary output.
+- **Interactive customization baseline contracts + gate**: Added `116-00-interactive-business-customization-platform` spec set, interactive change contract artifacts, and `node scripts/interactive-change-plan-gate.js` (npm alias `npm run gate:interactive-plan`) to enforce secure-by-default plan review (`allow|review-required|deny`) before execution.
+- **Interactive read-only intent bridge**: Added `node scripts/interactive-intent-build.js` (npm alias `npm run report:interactive-intent`) to generate masked page-context explain output, structured `Change_Intent`, and append audit JSONL events for stage-A UI copilot integration.
+- **Interactive plan generation bridge**: Added `node scripts/interactive-plan-build.js` (npm alias `npm run report:interactive-plan`) to convert `Change_Intent` into structured `Change_Plan` with action candidates, risk inference, verification checks, rollback blueprint, and approval defaults before gate evaluation.
+- **Interactive one-command loop orchestrator**: Added `node scripts/interactive-customization-loop.js` (npm alias `npm run run:interactive-loop`) to run `intent -> plan -> gate -> approval` in one command and optionally auto-trigger low-risk apply through the Moqui adapter when gate/risk conditions are satisfied; loop now supports direct feedback capture (`--feedback-score/--feedback-comment/--feedback-tags`) into session-scoped feedback JSONL for governance ingestion.
+- **Interactive loop CLI + governance routing hardening**: Added `sce scene interactive-loop` as first-class CLI entry, updated loop feedback flow to write both session-scoped and global governance streams (`.kiro/reports/interactive-user-feedback.jsonl`), and introduced CI smoke gate (`test:interactive-loop-smoke`) wired into `test.yml`/`release.yml` test jobs.
+- **Interactive context-contract hardening for Moqui workbench UI**: `interactive-intent-build` and `sce scene interactive-loop` now support `--context-contract` and strict validation by default (required fields, payload-size budget, forbidden keys), with upgraded page-context schema/sample for `scene_workspace` + `assistant_panel` payloads matching the Screen Explorer + AI assistant layout.
+- **Moqui provider-to-context bridge command**: Added `scripts/interactive-context-bridge.js` and `sce scene context-bridge` to normalize raw Moqui workbench payloads into standard interactive `page-context` artifacts with default contract validation (`--no-strict-contract` for diagnostics), plus sample payload and unit coverage for provider mapping.
+- **Interactive full-flow one-command entry**: Added `scripts/interactive-flow.js` and `sce scene interactive-flow` to execute `context-bridge -> interactive-loop` in one pipeline, with unified artifact session output and passthrough guardrail/approval/feedback options for Moqui workbench embedding.
+- **Interactive flow smoke gate in CI**: Added `scripts/interactive-flow-smoke.js` (npm alias `test:interactive-flow-smoke`) and wired it into `test.yml` / `release.yml` test jobs alongside interactive-loop smoke.
+- **Interactive matrix signal closed-loop defaultization**: `interactive-flow` now runs a default matrix snapshot stage (`moqui-template-baseline-report`) after loop execution, persists session matrix artifacts, appends `.kiro/reports/interactive-matrix-signals.jsonl`, and exposes matrix controls (`--no-matrix`, thresholds, compare baseline, signal path, fail-on-portfolio/regression/error) in both script and `sce scene interactive-flow`.
+- **Interactive approval workflow state machine**: Added `node scripts/interactive-approval-workflow.js` (status alias `npm run report:interactive-approval-status`) covering `draft/submitted/approved/rejected/executed/verified/archived` transitions, with high-risk execute blocking and append-only approval event audit JSONL.
+- **Interactive Moqui adapter stage-C baseline**: Added `lib/interactive-customization/moqui-interactive-adapter.js` plus `node scripts/interactive-moqui-adapter.js` (alias `npm run report:interactive-adapter-capabilities`) to implement unified adapter contract `capabilities/plan/validate/apply/rollback`, low-risk one-click apply (`low-risk-apply`), policy-aware controlled execution, and append-only execution records with validation snapshot + rollback reference.
+- **Interactive template matrix stage-D baseline**: Added `kse.scene--moqui-interactive-customization-loop--0.1.0` scene package assets (scene-package/scene manifest/template manifest), plus template sedimentation playbook, adapter extension contract schema/sample, and Domain_Pack extension flow docs for cross-stack replication.
+- **Interactive governance observability + alerting**: Added `node scripts/interactive-governance-report.js` (alias `npm run report:interactive-governance`) to compute adoption/success/rollback/security-intercept/satisfaction KPIs, apply threshold alerts, and emit JSON/Markdown governance reports with `--fail-on-alert` gate behavior.
+- **Interactive governance matrix telemetry integration**: `interactive-governance-report` now consumes matrix signals by default, computes matrix pass/regression/stage-error metrics, and enforces threshold alerts for matrix trend degradation.
+- **Matrix regression gate + remediation queue automation**: Added `scripts/matrix-regression-gate.js` and `scripts/moqui-matrix-remediation-queue.js` with npm aliases (`gate:matrix-regression`, `report:matrix-remediation-queue`) so CI/release can enforce configurable regression limits and export close-loop remediation lines from matrix regressions.
+- **Matrix remediation template/capability targeting**: `moqui-matrix-remediation-queue` now maps each regression metric to affected template candidates (top-N) and capability focus signals, reducing manual decomposition before close-loop execution.
+- **Matrix remediation executable package output**: `moqui-matrix-remediation-queue` now also writes batch goals JSON + command-template markdown so teams can trigger close-loop remediation directly without hand-assembling commands.
+- **Matrix remediation anti-429 phased execution defaults**: `moqui-matrix-remediation-queue` now emits high/medium split queue/goals artifacts plus recommended low-burst parallel/agent-budget/cooldown policy so release and ops can avoid request spikes instead of stalling on `429 Too Many Requests`.
+- **Matrix remediation one-shot phased runner**: Added `scripts/moqui-matrix-remediation-phased-runner.js` (npm alias `run:matrix-remediation-phased`) to execute high/medium remediation phases directly with cooldown, retry policy, and lines fallback, reducing manual multi-command orchestration during regression recovery.
+- **Release evidence phased plan publication**: `release.yml` now exports `matrix-remediation-phased-plan-<tag>.json` (dry-run phased execution plan) and publishes it as a release asset alongside matrix remediation queue artifacts.
+- **Phased runner baseline auto-prepare mode**: `moqui-matrix-remediation-phased-runner` now supports `--baseline` to auto-generate remediation queue artifacts (`queue + goals + commands`) before phased execution, enabling true one-command `prepare + run` flow.
+- **Phased runner adaptive process-level recovery defaults**: `moqui-matrix-remediation-phased-runner` now retries failed phases by default (`--phase-recovery-attempts 2`) with cooldown (`--phase-recovery-cooldown-seconds 30`) and automatic parallel/agent-budget halving on each retry to reduce 429-induced stalls.
+- **Matrix remediation default burst policy tightened**: queue/phased defaults now use `medium parallel=1`, `medium agent-budget=2`, and `cooldown=30s` to minimize `429 Too Many Requests` pressure under multi-agent load.
+- **Matrix remediation template/capability prioritization matrix**: `moqui-matrix-remediation-queue` now outputs `template_priority_matrix` and `capability_clusters` to surface cross-regression repair order (which templates first, which capabilities to close first) for Moqui template hardening.
+- **Release summary prioritization awareness**: `moqui-release-summary` now reads `matrix-remediation-plan` by default and injects template/capability priority order into recommendations and markdown summary when matrix regressions block release.
+- **Capability-cluster executable remediation goals**: `moqui-matrix-remediation-queue` now emits `.kiro/auto/matrix-remediation.capability-clusters.json` and release summary recommends cluster-prioritized batch execution by default.
+- **Capability-cluster default recommendation wiring**: `auto handoff regression/run/governance` and release-summary remediation hints now include cluster-prioritized execution commands plus npm alias `run:matrix-remediation-clusters`.
+- **Capability-cluster phased one-shot runner mode**: `moqui-matrix-remediation-phased-runner` now supports `--cluster-goals` to derive high/medium phase goals from cluster payloads and execute anti-429 phased remediation in one flow (`run:matrix-remediation-clusters-phased`).
+- **Cluster-first recommendation ordering**: Moqui regression recovery recommendations now prioritize `run:matrix-remediation-clusters-phased` before baseline phased remediation to reduce manual sequencing decisions under pressure.
+- **Labeled dual-command recovery blocks across Moqui entrypoints**: `sce auto handoff run`, governance-related auto recommendations, and `moqui-release-summary` now emit explicit `Step 1 (Cluster phased)` and `Step 2 (Baseline phased)` commands to remove execution ambiguity.
+- **Auto handoff regression recommendations upgrade**: `sce auto handoff run` recommendations now include baseline-driven phased remediation one-shot commands when Moqui matrix regressions are detected, reducing manual command stitching during recovery.
+- **Capability matrix recommendations upgrade**: `sce auto handoff capability-matrix` now also recommends baseline-driven phased one-shot remediation commands when Moqui matrix regressions appear in baseline trend comparison.
+- **Handoff profile policy abstraction (`default|moqui|enterprise`)**: `sce auto handoff run` and `sce auto handoff capability-matrix` now support `--profile` preset policies with explicit option override precedence, plus external integration contract guidance in `docs/handoff-profile-integration-guide.md`.
+- **Regression/governance recommendation unification**: `sce auto handoff regression`, `sce auto governance stats`, and governance close-loop release-gate blockers now include baseline-driven phased one-shot remediation guidance for Moqui matrix regressions.
+- **Release workflow matrix evidence hardening**: `test.yml` and `release.yml` now archive matrix/governance artifacts by default and support configurable matrix regression hard-gate controls via `KSE_MATRIX_REGRESSION_GATE_ENFORCE` + `KSE_MATRIX_REGRESSION_GATE_MAX`.
+- **Release workflow Moqui summary alignment**: `release.yml` now explicitly generates and publishes `moqui-release-summary.{json,md}` from baseline + interactive governance + evidence inputs, with optional hard-gate flag `KSE_MOQUI_RELEASE_SUMMARY_ENFORCE`.
+- **Release governance snapshot standalone assets**: Added `scripts/release-governance-snapshot-export.js` and wired `release.yml` to publish `governance-snapshot-<tag>.json|.md` as independent governance audit artifacts (with unavailable placeholders when evidence summary is missing).
+- **331-poc integration checklist baseline**: Added `docs/interactive-customization/331-poc-sce-integration-checklist.md` to define minimal runtime contract, default commands, gate defaults, and pass criteria for Moqui + SCE deployment.
+- **Interactive feedback ingestion helper**: Added `node scripts/interactive-feedback-log.js` (alias `npm run log:interactive-feedback`) to append structured business-user feedback events into `.kiro/reports/interactive-user-feedback.jsonl` for governance sample coverage and trend stability.
+- **Interactive governance gate defaultization in CI/release**: `test.yml`, `release.yml`, and `prepublishOnly` now execute `interactive-governance-report --period weekly --fail-on-alert` so publish and release flows enforce medium/high governance breaches by default, with `min_intent_samples` low-sample warning behavior to avoid false-positive hard blocks.
+- **Interactive acceptance and replication handoff pack**: Added phase acceptance evidence (`phase-acceptance-evidence.md`), non-technical usability report, and cross-industry replication guide to close stage-A/B/C/D verification and provide domain expansion boundaries.
+- **Moqui page-level copilot integration contract**: Added stage-A integration contract and guide for context injection and masking boundaries (`moqui-copilot-context-contract.json`, `moqui-copilot-integration-guide.md`) to support safe UI embedding of the read-only Business Copilot.
 - **SCE naming consolidation + compatibility bridge**: Rebranded product naming to `Scene Capability Engine`, moved package to `scene-capability-engine`, promoted `sce` as the primary CLI command, and preserved `sco` / `sce` / `scene-capability-engine` aliases for migration continuity.
 - **Official template library v1.5.0 alignment**: Synced with `scene-capability-engine-templates` `v1.5.0`, adding scene orchestration template coverage for canvas visualization, interaction hardening, execution playbook, dependency drilldown, decision cockpit, runbook export, action queue orchestration, action pack export, and unified scene governance closure.
 - **Branding consistency release guard**: Added `test:brand-consistency` to block publish when legacy repository/package/product naming reappears in tracked source files.

package/docs/331-poc-adaptation-roadmap.md CHANGED Viewed

@@ -149,8 +149,27 @@
 3. release evidence 与治理视图合并：
    - `sce auto handoff evidence` 报告新增 `governance_snapshot`（risk/concerns/recommendations + release/handoff health）。
    - evidence markdown 与 release draft 同步输出 `Governance Snapshot` 区块，形成可发布的一体化治理审阅材料。
+4. release workflow 独立治理快照资产化：
+   - 新增 `scripts/release-governance-snapshot-export.js`，从 release evidence summary 提取 `governance_snapshot` 并导出独立 JSON/Markdown 资产。
+   - `release.yml` 发布流程新增治理快照导出步骤，统一上传 `governance-snapshot-<tag>.json|.md` 供外部审计直接消费（无 summary 时也会生成占位资产，避免资产缺口）。
+5. handoff 模板 profile 化与外部接入规范：
+   - `sce auto handoff run` / `sce auto handoff capability-matrix` 新增 `--profile <default|moqui|enterprise>`，将策略默认值抽象为稳定 profile 契约，并允许显式参数覆盖。
+   - 新增 `docs/handoff-profile-integration-guide.md`，对外发布 profile 默认策略、覆盖规则、manifest/evidence 要求及分阶段上线建议。
 ## 下一阶段（新）
-1. 在 release workflow 中将 `governance_snapshot` 抽出为独立 release asset（JSON/Markdown），便于外部审计直接消费。
-2. 将 handoff 模板适配抽象为 profile（moqui/default/enterprise），对外发布通用外部项目接入规范。
+主线增强项已收口（本轮完成）：
+1. profile 化外部接入样例收敛：
+   - 新增 `docs/starter-kit/handoff-profile-ci.sample.yml`。
+   - 新增 profile 最小验收样本（manifest + evidence fixture）：
+     - `tests/fixtures/handoff-profile-intake/default/*`
+     - `tests/fixtures/handoff-profile-intake/moqui/*`
+     - `tests/fixtures/handoff-profile-intake/enterprise/*`
+   - 新增样本自动化校验：
+     - `tests/unit/starter-kit/handoff-profile-intake-fixtures.test.js`
+2. 发布资产审计一致性：
+   - 新增 `scripts/release-asset-integrity-check.js`，默认阻断缺失/空资产。
+   - `release.yml` 已接入资产完整性审计并发布 `release-asset-integrity-<tag>.json|.md`。
+当前剩余增强任务：`0`

package/docs/331-poc-dual-track-integration-guide.md CHANGED Viewed

@@ -89,12 +89,16 @@ npx sce auto observability snapshot --json
 2. 不出现高风险未处置项。
 3. observability 快照可追踪到本轮变更。
-## 3. sce 侧当前需持续适配的点
-1. 对接自动化：把 331 handoff manifest 解析为可执行批次计划。
-2. ontology 深化：将“业务规则/决策逻辑”映射为可量化 gate 指标。
-3. 多 spec 主从调度：按依赖图自动分批并控制并行度。
-4. 发布治理：把 handoff 批次结果写入统一 release evidence。
+## 3. sce 侧当前持续增强点（主线收口后）
+1. profile 维度外部接入样本补齐：
+   - default/moqui/enterprise 的最小 manifest + evidence 示例与 CI 验收样例保持同步。
+2. 周报与漂移协同门禁：
+   - weekly ops gate 与 drift gate 在阻断场景输出统一 remediation 指令包。
+3. 发布资产完整性审计：
+   - 对治理快照、weekly ops summary、release-gate-history 进行发布前自动完整性校验。
+4. ontology 语义矩阵持续加深：
+   - 对“业务规则/决策策略/实体关系”闭环指标保持 100% 合规，持续吸收 Moqui 新增能力模板。
 ## 4. 角色划分

package/docs/331-poc-weekly-delivery-checklist.md CHANGED Viewed

@@ -23,6 +23,7 @@ Use this checklist before each integration batch.
 - `ontology_validation` exists and is recent.
 - Dependency relations (`depends_on`) are present for multi-spec batches.
 - High-risk gaps have mitigation notes.
+- Security-governance baseline is enforced (`docs/security-governance-default-baseline.md`).
 - Moqui baseline matrix has no hard-gate regressions:
   - `compare.coverage_matrix_regressions.length == 0`
   - `summary.coverage_matrix.baseline_passed.rate_percent == 100`
@@ -44,6 +45,10 @@ npx sce auto handoff capability-matrix --manifest ../331-poc/docs/handoffs/hando
 npx sce scene moqui-baseline --compare-with .kiro/reports/release-evidence/moqui-template-baseline-prev.json --fail-on-portfolio-fail --json
 node scripts/moqui-lexicon-audit.js --manifest ../331-poc/docs/handoffs/handoff-manifest.json --fail-on-gap --json
 node scripts/moqui-release-summary.js --fail-on-gate-fail --json
+node scripts/release-ops-weekly-summary.js --json
+node scripts/release-weekly-ops-gate.js
+node scripts/release-risk-remediation-bundle.js --gate-report .kiro/reports/release-evidence/release-gate.json --json
+node scripts/release-asset-integrity-check.js
 ```
 ## Scene Package Gate Commands

package/docs/README.md CHANGED Viewed

@@ -94,6 +94,7 @@ Detailed technical documentation:
 - **[Moqui Template Core Library Playbook](moqui-template-core-library-playbook.md)** - Default-gated intake flow for absorbing Moqui capabilities into sce templates
 - **[331-poc Dual-Track Integration Guide](331-poc-dual-track-integration-guide.md)** - Handoff contract and integration playbook between 331-poc and sce
 - **[331-poc Adaptation Roadmap](331-poc-adaptation-roadmap.md)** - Ongoing sce-side adaptation backlog and rollout phases
+- **[Handoff Profile Integration Guide](handoff-profile-integration-guide.md)** - External project intake contract for `default|moqui|enterprise` handoff profiles
 - **[Multi-Agent Coordination Guide](multi-agent-coordination-guide.md)** - Multi-agent parallel coordination for concurrent development
 - **[Troubleshooting](troubleshooting.md)** - Solutions to common problems
 - **[FAQ](faq.md)** - Answers to frequently asked questions
@@ -105,6 +106,8 @@ Detailed technical documentation:
 - **[Adoption Guide](adoption-guide.md)** - Adopting sce in existing projects
 - **[Upgrade Guide](upgrade-guide.md)** - Upgrading sce to newer versions
 - **[Release Checklist](release-checklist.md)** - Repeatable pre-release verification flow
+- **[Security Governance Default Baseline](security-governance-default-baseline.md)** - Default safety, approval, and audit controls for SCE delivery
+- **[Release-Ready Starter Kit](starter-kit/README.md)** - Starter manifest + workflow sample for external project onboarding
 - **[Release Archive](releases/README.md)** - Index of release notes and validation reports
 - **[Release Notes v1.46.2](releases/v1.46.2.md)** - Summary of value observability and onboarding improvements
 - **[Validation Report v1.46.2](releases/v1.46.2-validation.md)** - Test and package verification evidence
@@ -191,6 +194,9 @@ Detailed technical documentation:
 - [Moqui Template Core Library Playbook](moqui-template-core-library-playbook.md)
 - [331-poc Dual-Track Integration Guide](331-poc-dual-track-integration-guide.md)
 - [331-poc Adaptation Roadmap](331-poc-adaptation-roadmap.md)
+- [Handoff Profile Integration Guide](handoff-profile-integration-guide.md)
+- [Release-Ready Starter Kit](starter-kit/README.md)
+- [Security Governance Default Baseline](security-governance-default-baseline.md)
 - [Scene Template Engine](command-reference.md#scene-template-engine)
 - [Scene Quality Pipeline](command-reference.md#scene-template-quality-pipeline)
 - [Scene Ontology](command-reference.md#scene-ontology-enhancement)

package/docs/command-reference.md CHANGED Viewed

@@ -523,8 +523,10 @@ sce auto handoff plan --manifest docs/handoffs/handoff-manifest.json --strict --
 sce auto handoff queue --manifest docs/handoffs/handoff-manifest.json --out .kiro/auto/handoff-goals.lines --json
 sce auto handoff template-diff --manifest docs/handoffs/handoff-manifest.json --json
 sce auto handoff capability-matrix --manifest docs/handoffs/handoff-manifest.json --json
+sce auto handoff capability-matrix --manifest docs/handoffs/handoff-manifest.json --profile moqui --json
 sce auto handoff capability-matrix --manifest docs/handoffs/handoff-manifest.json --format markdown --out .kiro/reports/handoff-capability-matrix.md --fail-on-gap --json
 sce auto handoff run --manifest docs/handoffs/handoff-manifest.json --json
+sce auto handoff run --manifest docs/handoffs/handoff-manifest.json --profile enterprise --json
 sce auto handoff run --manifest docs/handoffs/handoff-manifest.json --min-spec-success-rate 95 --max-risk-level medium --json
 sce auto handoff run --manifest docs/handoffs/handoff-manifest.json --continue-from latest --continue-strategy auto --json
 sce auto handoff regression --session-id latest --json
@@ -725,6 +727,7 @@ Close-loop controller session maintenance:
 Cross-archive autonomous governance maintenance:
 - `sce auto governance stats [--days <n>] [--status <csv>] [--json]`: aggregate a unified governance snapshot from session/batch-session/controller-session archives plus recovery memory state.
   - JSON output includes `totals`, `throughput`, `health` (`risk_level`, `concerns`, `recommendations`, `release_gate`, `handoff_quality`), `top_master_specs`, `recovery_memory`, and full per-archive stats under `archives`.
+  - When handoff Moqui matrix regressions are positive, `health.recommendations` now include phased anti-429 baseline one-shot remediation commands.
   - `health.handoff_quality` carries Moqui matrix + capability lexicon governance signals:
     - `latest_capability_expected_unknown_count`
     - `latest_capability_provided_unknown_count`
@@ -786,9 +789,10 @@ Dual-track handoff integration:
 - `sce auto handoff plan --manifest <path> [--out <path>] [--strict] [--strict-warnings] [--json]`: parse handoff manifest (source project, specs, templates, known gaps) and generate an executable sce integration phase plan.
 - `sce auto handoff queue --manifest <path> [--out <path>] [--append] [--no-include-known-gaps] [--dry-run] [--json]`: generate close-loop batch goal queue from handoff manifest and optionally persist line-based queue file (default `.kiro/auto/handoff-goals.lines`).
 - `sce auto handoff template-diff --manifest <path> [--json]`: compare manifest templates against local template exports/registry and report `missing_in_local` and `extra_in_local`.
-- `sce auto handoff capability-matrix --manifest <path> [--strict] [--strict-warnings] [--min-capability-coverage <n>] [--min-capability-semantic <n>] [--no-require-capability-semantic] [--format <json|markdown>] [--out <path>] [--remediation-queue-out <path>] [--fail-on-gap] [--json]`: generate a fast Moqui capability matrix (`template-diff + baseline + capability coverage + semantic completeness`) and optionally fail fast on gaps.
+- `sce auto handoff capability-matrix --manifest <path> [--profile <default|moqui|enterprise>] [--strict] [--strict-warnings] [--min-capability-coverage <n>] [--min-capability-semantic <n>] [--no-require-capability-semantic] [--format <json|markdown>] [--out <path>] [--remediation-queue-out <path>] [--fail-on-gap] [--json]`: generate a fast Moqui capability matrix (`template-diff + baseline + capability coverage + semantic completeness`) and optionally fail fast on gaps.
+- When matrix regressions are detected in baseline compare, recommendations prioritize capability-cluster phased execution first (`npm run run:matrix-remediation-clusters-phased -- --json`), then baseline phased one-shot (`node scripts/moqui-matrix-remediation-phased-runner.js --baseline ... --json`).
 - When `manifest.capabilities` is empty, sce auto-infers canonical expected capabilities from `manifest.templates` using the Moqui lexicon before deciding whether capability coverage should be skipped.
-- `sce auto handoff run --manifest <path> [--out <path>] [--queue-out <path>] [--append] [--no-include-known-gaps] [--continue-from <session|latest|file>] [--continue-strategy <auto|pending|failed-only>] [--dry-run] [--strict] [--strict-warnings] [--no-dependency-batching] [--min-spec-success-rate <n>] [--max-risk-level <level>] [--max-moqui-matrix-regressions <n>] [--no-require-ontology-validation] [--no-require-moqui-baseline] [--min-capability-coverage <n>] [--no-require-capability-coverage] [--require-release-gate-preflight] [--release-evidence-window <n>] [--json]`: execute handoff end-to-end (`plan -> queue -> close-loop-batch -> observability`) with automatic report archive to `.kiro/reports/handoff-runs/<session>.json`.
+- `sce auto handoff run --manifest <path> [--profile <default|moqui|enterprise>] [--out <path>] [--queue-out <path>] [--append] [--no-include-known-gaps] [--continue-from <session|latest|file>] [--continue-strategy <auto|pending|failed-only>] [--dry-run] [--strict] [--strict-warnings] [--no-dependency-batching] [--min-spec-success-rate <n>] [--max-risk-level <level>] [--max-moqui-matrix-regressions <n>] [--no-require-ontology-validation] [--no-require-moqui-baseline] [--min-capability-coverage <n>] [--no-require-capability-coverage] [--require-release-gate-preflight] [--release-evidence-window <n>] [--json]`: execute handoff end-to-end (`plan -> queue -> close-loop-batch -> observability`) with automatic report archive to `.kiro/reports/handoff-runs/<session>.json`.
   - Default mode is dependency-aware: spec integration goals are grouped into dependency batches and executed in topological order.
   - `--continue-from` resumes pending goals from an existing handoff run report (`latest`, session id, or JSON file path). For safety, sce enforces manifest-path consistency between the previous report and current run.
   - `--continue-strategy auto|pending|failed-only` controls resumed scope. `auto` (default) derives the best strategy from prior run state (`pending` when unprocessed/planned goals exist, otherwise `failed-only` for pure failure replay).
@@ -801,8 +805,14 @@ Dual-track handoff integration:
   - When `manifest.capabilities` is not declared, sce attempts lexicon-based capability inference from `manifest.templates` first; only fully non-mappable manifests keep capability coverage in skipped mode.
   - Run output includes `release_gate_preflight` (latest release gate history signal snapshot + blocked reasons) and carries this context into `warnings`.
   - `release_gate_preflight` is advisory by default; use `--require-release-gate-preflight` to hard-fail when preflight is unavailable/blocked.
+  - `--profile` applies preset gate policy defaults before explicit option overrides:
+    - `default`: current baseline gate policy.
+    - `moqui`: explicit Moqui-intake baseline (same strict defaults as `default`).
+    - `enterprise`: stricter release control baseline (`max-risk-level=medium`, `require-release-gate-preflight=true`, `release-evidence-window=10`).
   - When Moqui baseline/capability gates fail, sce auto-generates remediation queue lines at `.kiro/auto/moqui-remediation.lines`.
   - Run result includes `failure_summary` (failed phase/gate/release-gate preflight highlights) and `recommendations` with executable follow-up commands (for example, auto-generated `--continue-from <session>` on failed/incomplete batches).
+  - When matrix regressions are detected, recommendations now prioritize capability-cluster phased execution (`npm run run:matrix-remediation-clusters-phased -- --json`) and include capability-cluster batch fallback plus baseline phased one-shot remediation (`node scripts/moqui-matrix-remediation-phased-runner.js --baseline ... --json`).
+  - Moqui regression recovery recommendations now include an explicit labeled sequence block: `Step 1 (Cluster phased)` then `Step 2 (Baseline phased)`.
   - Gate defaults: `--min-spec-success-rate` defaults to `100`, `--max-risk-level` defaults to `high`, `--max-moqui-matrix-regressions` defaults to `0`, ontology validation requirement is enabled by default, Moqui baseline requirement is enabled by default, and capability coverage minimum defaults to `100` when manifest `capabilities` is declared.
   - Use `--no-require-ontology-validation`, `--no-require-moqui-baseline`, or `--no-require-capability-coverage` only for emergency bypass.
 - `sce auto handoff regression [--session-id <id|latest>] [--window <n>] [--format <json|markdown>] [--out <path>] [--json]`: compare one handoff run report with its previous run and output trend deltas (success-rate/risk/failed-goals/elapsed time).
@@ -811,7 +821,7 @@ Dual-track handoff integration:
   - `--format` supports `json` (default) and `markdown` for human-readable report rendering.
   - Markdown report includes `Trend Series` (ASCII success/ontology bars per session) and `Risk Layer View`.
   - `--out` writes the generated regression report using the selected format.
-  - Output includes `recommendations` to guide next action when trend degrades or risk escalates.
+  - Output includes `recommendations` to guide next action when trend degrades or risk escalates, including phased anti-429 baseline one-shot remediation when Moqui matrix regressions are detected.
 - `sce auto handoff evidence [--file <path>] [--session-id <id|latest>] [--window <n>] [--format <json|markdown>] [--out <path>] [--json]`: quick-review merged release evidence and render current-batch gate/ontology/regression/moqui-baseline/capability-coverage/risk-layer overview.
   - Default evidence file is `.kiro/reports/release-evidence/handoff-runs.json`.
   - `--window` (1-50, default `5`) controls how many recent sessions are aggregated in review.
@@ -834,7 +844,9 @@ Moqui template library lexicon audit (script-level governance helper):
   - Template scope matching normalizes `sce.scene--*` / `kse.scene--*` prefixes, so renamed template namespaces still map correctly.
 Moqui release summary helper (script-level consolidated gate view):
-- `node scripts/moqui-release-summary.js [--evidence <path>] [--baseline <path>] [--lexicon <path>] [--capability-matrix <path>] [--out <path>] [--markdown-out <path>] [--fail-on-gate-fail] [--json]`: merge handoff release-evidence + baseline + lexicon + capability-matrix into one Moqui release gate summary (`passed | failed | incomplete`) with executable remediation recommendations.
+- `node scripts/moqui-release-summary.js [--evidence <path>] [--baseline <path>] [--lexicon <path>] [--capability-matrix <path>] [--interactive-governance <path>] [--matrix-remediation-plan <path>] [--out <path>] [--markdown-out <path>] [--fail-on-gate-fail] [--json]`: merge handoff release-evidence + baseline + lexicon + capability-matrix + interactive-governance into one Moqui release gate summary (`passed | failed | incomplete`) with executable remediation recommendations.
+  - When matrix regressions exist and remediation plan is available, recommendations include concrete template/capability priority order from `template_priority_matrix` and `capability_clusters`.
+  - Matrix-regression recovery recommendations now use explicit labeled sequence steps: `Step 1 (Cluster phased)` then `Step 2 (Baseline phased)`.
   - Default inputs:
     - `.kiro/reports/release-evidence/handoff-runs.json`
     - `.kiro/reports/release-evidence/moqui-template-baseline.json`
@@ -845,6 +857,238 @@ Moqui release summary helper (script-level consolidated gate view):
     - `.kiro/reports/release-evidence/moqui-release-summary.md`
   - `--fail-on-gate-fail` exits with code `2` when summary gate is `failed`.
+Release governance snapshot export helper (release-asset extraction):
+- `node scripts/release-governance-snapshot-export.js`:
+  - reads release evidence summary from `RELEASE_EVIDENCE_SUMMARY_FILE`
+  - extracts `governance_snapshot` into independent audit assets
+  - writes:
+    - `RELEASE_GOVERNANCE_SNAPSHOT_JSON` (default `.kiro/reports/release-evidence/governance-snapshot.json`)
+    - `RELEASE_GOVERNANCE_SNAPSHOT_MD` (default `.kiro/reports/release-evidence/governance-snapshot.md`)
+  - never hard-fails release flow when summary is missing; writes unavailable placeholder with warning instead.
+Release weekly ops summary helper (ops closed-loop evidence):
+- `node scripts/release-ops-weekly-summary.js [--evidence <path>] [--gate-history <path>] [--interactive-governance <path>] [--matrix-signals <path>] [--from <iso>] [--to <iso>] [--window-days <n>] [--out <path>] [--markdown-out <path>] [--json]`: aggregate weekly handoff/gate/governance/matrix telemetry into one operational risk card.
+  - Default inputs:
+    - `.kiro/reports/release-evidence/handoff-runs.json`
+    - `.kiro/reports/release-evidence/release-gate-history.json`
+    - `.kiro/reports/interactive-governance-report.json`
+    - `.kiro/reports/interactive-matrix-signals.jsonl`
+  - Default outputs:
+    - `.kiro/reports/release-evidence/weekly-ops-summary.json`
+    - `.kiro/reports/release-evidence/weekly-ops-summary.md`
+  - Missing inputs are reported as warnings and reflected in `health.risk`/recommendations.
+- npm alias: `npm run report:release-ops-weekly`
+Release weekly ops gate helper (release hard-gate):
+- `node scripts/release-weekly-ops-gate.js`:
+  - reads weekly summary from `RELEASE_WEEKLY_OPS_SUMMARY_FILE`
+  - default policy:
+    - `RELEASE_WEEKLY_OPS_ENFORCE=true`
+    - `RELEASE_WEEKLY_OPS_REQUIRE_SUMMARY=true`
+    - `RELEASE_WEEKLY_OPS_MAX_RISK_LEVEL=medium`
+  - optional thresholds:
+    - `RELEASE_WEEKLY_OPS_MAX_GOVERNANCE_BREACHES=<n>`
+    - `RELEASE_WEEKLY_OPS_MAX_MATRIX_REGRESSION_RATE_PERCENT=<n>`
+  - merges result into `RELEASE_GATE_REPORT_FILE` when provided.
+- npm alias: `npm run gate:release-ops-weekly`
+Release risk remediation bundle helper (weekly + drift unified command pack):
+- `node scripts/release-risk-remediation-bundle.js [--gate-report <path>] [--out <path>] [--markdown-out <path>] [--lines-out <path>] [--json]`: derive deduplicated remediation commands from `release-gate` report signals (`weekly_ops`, `drift`) and export JSON/Markdown/lines artifacts.
+  - Default input: `.kiro/reports/release-evidence/release-gate.json`
+  - Default outputs:
+    - `.kiro/reports/release-evidence/release-risk-remediation-bundle.json`
+    - `.kiro/reports/release-evidence/release-risk-remediation-bundle.md`
+    - `.kiro/reports/release-evidence/release-risk-remediation.commands.lines`
+- npm alias: `npm run report:release-risk-remediation`
+Release asset integrity check helper (release artifact completeness gate):
+- `node scripts/release-asset-integrity-check.js`:
+  - validates required release evidence assets in `RELEASE_ASSET_INTEGRITY_DIR` (default `.kiro/reports/release-evidence`).
+  - default required files:
+    - `release-gate-{tag}.json`
+    - `release-gate-history-{tag}.json|.md`
+    - `governance-snapshot-{tag}.json|.md`
+    - `weekly-ops-summary-{tag}.json|.md`
+    - `release-risk-remediation-{tag}.json|.md|.lines`
+  - default behavior: enforce blocking when any required asset is missing (`RELEASE_ASSET_INTEGRITY_ENFORCE=true`).
+  - supports override via `RELEASE_ASSET_INTEGRITY_REQUIRED_FILES` (comma-separated, `{tag}` placeholder supported).
+  - writes optional reports:
+    - `RELEASE_ASSET_INTEGRITY_REPORT_JSON`
+    - `RELEASE_ASSET_INTEGRITY_REPORT_MD`
+  - merges result into `RELEASE_GATE_REPORT_FILE` when provided.
+- npm alias: `npm run gate:release-asset-integrity`
+Matrix regression gate helper (script-level configurable hard gate):
+- `node scripts/matrix-regression-gate.js [--baseline <path>] [--max-regressions <n>] [--enforce] [--out <path>] [--json]`: evaluate matrix regression count from baseline compare payload (`coverage_matrix_regressions` preferred, fallback `regressions`) and enforce hard gate when enabled.
+  - Default baseline input: `.kiro/reports/release-evidence/moqui-template-baseline.json`
+  - Default output: `.kiro/reports/release-evidence/matrix-regression-gate.json`
+  - `--enforce` exits with code `2` when regressions exceed `--max-regressions`.
+- npm alias: `npm run gate:matrix-regression`
+Moqui matrix remediation queue helper (script-level automatic queue export):
+- `node scripts/moqui-matrix-remediation-queue.js [--baseline <path>] [--out <path>] [--lines-out <path>] [--markdown-out <path>] [--batch-json-out <path>] [--capability-cluster-goals-out <path>] [--commands-out <path>] [--phase-high-lines-out <path>] [--phase-medium-lines-out <path>] [--phase-high-goals-out <path>] [--phase-medium-goals-out <path>] [--phase-high-parallel <n>] [--phase-high-agent-budget <n>] [--phase-medium-parallel <n>] [--phase-medium-agent-budget <n>] [--phase-cooldown-seconds <n>] [--no-phase-split] [--min-delta-abs <n>] [--top-templates <n>] [--json]`: convert matrix regressions into remediation goals consumable by `sce auto close-loop-batch`, with per-metric template candidates/capability focus, phase-split anti-429 outputs (`high` then `medium`), capability-cluster executable goals, and direct command templates.
+  - JSON output includes `template_priority_matrix` (cross-regression template priority ranking) and `capability_clusters` (capability-level remediation clusters with suggested templates).
+  - JSON output includes `capability_cluster_goal_count` and writes `mode=moqui-matrix-capability-cluster-goals` payload with cluster-level `goals` for direct batch execution.
+  - Default inputs/outputs:
+    - Baseline: `.kiro/reports/release-evidence/moqui-template-baseline.json`
+    - Plan JSON: `.kiro/reports/release-evidence/matrix-remediation-plan.json`
+    - Queue lines: `.kiro/auto/matrix-remediation.lines`
+    - Plan Markdown: `.kiro/reports/release-evidence/matrix-remediation-plan.md`
+    - Batch goals JSON: `.kiro/auto/matrix-remediation.goals.json`
+    - Capability-cluster goals JSON: `.kiro/auto/matrix-remediation.capability-clusters.json`
+    - Commands Markdown: `.kiro/reports/release-evidence/matrix-remediation-commands.md`
+    - High queue lines: `.kiro/auto/matrix-remediation.high.lines`
+    - Medium queue lines: `.kiro/auto/matrix-remediation.medium.lines`
+    - High goals JSON: `.kiro/auto/matrix-remediation.goals.high.json`
+    - Medium goals JSON: `.kiro/auto/matrix-remediation.goals.medium.json`
+  - Default phased execution policy:
+    - High phase: `--batch-parallel 1 --batch-agent-budget 2`
+    - Medium phase: `--batch-parallel 1 --batch-agent-budget 2`
+    - Cooldown: `sleep 30` seconds between phases
+- npm alias: `npm run report:matrix-remediation-queue`
+Moqui matrix remediation phased runner helper (script-level one-shot execution):
+- `node scripts/moqui-matrix-remediation-phased-runner.js [--baseline <path>] [--queue-out <path>] [--queue-lines-out <path>] [--queue-markdown-out <path>] [--queue-batch-json-out <path>] [--queue-commands-out <path>] [--cluster-goals <path>] [--cluster-high-goals-out <path>] [--cluster-medium-goals-out <path>] [--min-delta-abs <n>] [--top-templates <n>] [--high-goals <path>] [--medium-goals <path>] [--high-lines <path>] [--medium-lines <path>] [--phase-high-parallel <n>] [--phase-high-agent-budget <n>] [--phase-medium-parallel <n>] [--phase-medium-agent-budget <n>] [--phase-cooldown-seconds <n>] [--high-retry-max-rounds <n>] [--medium-retry-max-rounds <n>] [--phase-recovery-attempts <n>] [--phase-recovery-cooldown-seconds <n>] [--no-fallback-lines] [--continue-on-error] [--dry-run] [--json]`: execute matrix remediation in anti-429 phased order (`high -> cooldown -> medium`) using `sce auto close-loop-batch`; when `--baseline` is provided, it auto-generates the queue package first (`prepare + run` in one command), and when `--cluster-goals` is provided it derives phase goals from capability clusters before execution.
+  - Default inputs:
+    - High goals JSON: `.kiro/auto/matrix-remediation.goals.high.json`
+    - Medium goals JSON: `.kiro/auto/matrix-remediation.goals.medium.json`
+    - High lines fallback: `.kiro/auto/matrix-remediation.high.lines`
+    - Medium lines fallback: `.kiro/auto/matrix-remediation.medium.lines`
+  - Default execution policy:
+    - High: `--batch-parallel 1 --batch-agent-budget 2 --batch-retry-max-rounds 3`
+    - Medium: `--batch-parallel 1 --batch-agent-budget 2 --batch-retry-max-rounds 2`
+    - Cooldown: `30` seconds
+    - Phase process recovery: `--phase-recovery-attempts 2` with `--phase-recovery-cooldown-seconds 30`; on retry, phase parallel/agent-budget are halved (floor, min=1)
+  - Zero-prep mode:
+    - `node scripts/moqui-matrix-remediation-phased-runner.js --baseline .kiro/reports/release-evidence/moqui-template-baseline.json --json`
+- npm alias: `npm run run:matrix-remediation-phased`
+- npm alias (baseline zero-prep): `npm run run:matrix-remediation-from-baseline -- --json`
+- npm alias (capability clusters): `npm run run:matrix-remediation-clusters`
+- npm alias (capability clusters phased): `npm run run:matrix-remediation-clusters-phased -- --json`
+Interactive customization plan gate helper (script-level secure-by-default check):
+- `node scripts/interactive-change-plan-gate.js --plan <path> [--policy <path>] [--catalog <path>] [--out <path>] [--markdown-out <path>] [--fail-on-block] [--fail-on-non-allow] [--json]`: evaluate interactive change plans against default guardrails (approval, sensitive-data masking, secrets, irreversible backup, high-risk action catalog) and output `allow | review-required | deny`.
+  - Default policy: `docs/interactive-customization/guardrail-policy-baseline.json`
+  - Default catalog: `docs/interactive-customization/high-risk-action-catalog.json` (or `policy.catalog_policy.catalog_file`)
+  - Default outputs:
+    - `.kiro/reports/interactive-change-plan-gate.json`
+    - `.kiro/reports/interactive-change-plan-gate.md`
+  - `--fail-on-block` exits with code `2` on `deny`
+  - `--fail-on-non-allow` exits with code `2` on `deny` or `review-required`
+Interactive context bridge helper (script-level provider normalization):
+- `node scripts/interactive-context-bridge.js --input <path> [--provider <moqui|generic>] [--out-context <path>] [--out-report <path>] [--context-contract <path>] [--no-strict-contract] [--json]`: normalize raw UI/provider payload into standard interactive `page-context` and validate against context contract before intent generation.
+  - Default input sample: `docs/interactive-customization/moqui-context-provider.sample.json`
+  - Default outputs:
+    - `.kiro/reports/interactive-page-context.normalized.json`
+    - `.kiro/reports/interactive-context-bridge.json`
+  - Strict contract validation is enabled by default; `--no-strict-contract` keeps report generation for diagnostics.
+  - CLI equivalent: `sce scene context-bridge --input <path> --json`
+  - npm alias: `npm run report:interactive-context-bridge`
+Interactive full flow helper (script-level one-command entry):
+- `node scripts/interactive-flow.js --input <path> (--goal <text> | --goal-file <path>) [--provider <moqui|generic>] [--execution-mode <suggestion|apply>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--runtime-policy <path>] [--policy <path>] [--catalog <path>] [--dialogue-policy <path>] [--context-contract <path>] [--approval-role-policy <path>] [--approval-actor-role <name>] [--approver-actor-role <name>] [--auto-execute-low-risk] [--auth-password-hash <sha256>] [--auth-password <text>] [--feedback-score <0..5>] [--work-order-out <path>] [--work-order-markdown-out <path>] [--fail-on-runtime-non-allow] [--no-matrix] [--matrix-min-score <0..100>] [--matrix-min-valid-rate <0..100>] [--matrix-compare-with <path>] [--matrix-signals <path>] [--matrix-fail-on-portfolio-fail] [--matrix-fail-on-regression] [--json]`: run `context-bridge -> interactive-loop -> matrix-baseline-snapshot` in one command for Moqui workbench integration.
+  - Default flow artifact root: `.kiro/reports/interactive-flow/<session-id>/`
+  - Default flow summary output: `.kiro/reports/interactive-flow/<session-id>/interactive-flow.summary.json`
+  - Default dialogue report output: `.kiro/reports/interactive-flow/<session-id>/interactive-dialogue-governance.json`
+  - Default runtime report output: `.kiro/reports/interactive-flow/<session-id>/interactive-runtime-policy.json`
+  - Default work-order outputs:
+    - `.kiro/reports/interactive-flow/<session-id>/interactive-work-order.json`
+    - `.kiro/reports/interactive-flow/<session-id>/interactive-work-order.md`
+  - Default matrix outputs:
+    - `.kiro/reports/interactive-flow/<session-id>/moqui-template-baseline.json`
+    - `.kiro/reports/interactive-flow/<session-id>/moqui-template-baseline.md`
+    - `.kiro/reports/interactive-matrix-signals.jsonl` (append-only signal stream)
+  - Matrix stage is enabled by default; use `--no-matrix` only for diagnostics.
+  - CLI equivalent: `sce scene interactive-flow --input <path> --goal "<goal>" --json`
+  - npm alias: `npm run run:interactive-flow -- --input docs/interactive-customization/moqui-context-provider.sample.json --goal "Adjust order screen field layout for clearer input flow" --json`
+Interactive read-only intent helper (script-level stage-A copilot bridge):
+- `node scripts/interactive-intent-build.js --context <path> (--goal <text> | --goal-file <path>) [--user-id <id>] [--session-id <id>] [--out-intent <path>] [--out-explain <path>] [--audit-file <path>] [--context-contract <path>] [--no-strict-contract] [--mask-keys <csv>] [--json]`: build a read-only `Change_Intent` from page context + business goal, emit masked context preview, append audit event JSONL, and generate explain markdown.
+  - Default outputs:
+    - `.kiro/reports/interactive-change-intent.json`
+    - `.kiro/reports/interactive-page-explain.md`
+    - `.kiro/reports/interactive-copilot-audit.jsonl`
+  - Default context contract: `docs/interactive-customization/moqui-copilot-context-contract.json` (fallback built-in baseline when file is absent)
+  - Contract validation is strict by default (required fields, payload size, forbidden keys).
+  - This helper never executes write actions; it only produces suggestion-stage artifacts.
+Interactive dialogue governance helper (script-level communication-rule gate):
+- `node scripts/interactive-dialogue-governance.js (--goal <text> | --goal-file <path>) [--context <path>] [--policy <path>] [--out <path>] [--fail-on-deny] [--json]`: evaluate user request text against embedded-assistant communication policy, output `allow|clarify|deny`, and produce clarification questions for non-technical users.
+  - Default output: `.kiro/reports/interactive-dialogue-governance.json`
+  - Default policy: `docs/interactive-customization/dialogue-governance-policy-baseline.json` (fallback builtin policy when missing)
+  - `--fail-on-deny` exits with code `2` to block unsafe requests in CI/automation.
+Interactive change-plan generator helper (script-level stage-B planning bridge):
+- `node scripts/interactive-plan-build.js --intent <path> [--context <path>] [--execution-mode <suggestion|apply>] [--out-plan <path>] [--out-markdown <path>] [--json]`: generate structured `Change_Plan` from `Change_Intent`, including action candidates, risk level, verification checks, rollback plan, approval status, and gate hint command.
+  - Default outputs:
+    - `.kiro/reports/interactive-change-plan.generated.json`
+    - `.kiro/reports/interactive-change-plan.generated.md`
+  - Generated plans can be evaluated directly by `interactive-change-plan-gate`.
+Interactive one-click loop helper (script-level orchestration entry):
+- `node scripts/interactive-customization-loop.js --context <path> (--goal <text> | --goal-file <path>) [--execution-mode <suggestion|apply>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--runtime-policy <path>] [--policy <path>] [--catalog <path>] [--dialogue-policy <path>] [--context-contract <path>] [--approval-role-policy <path>] [--approval-actor-role <name>] [--approver-actor-role <name>] [--no-strict-contract] [--auto-approve-low-risk] [--auto-execute-low-risk] [--auth-password-hash <sha256>] [--auth-password <text>] [--feedback-score <0..5>] [--feedback-comment <text>] [--feedback-tags <csv>] [--allow-suggestion-apply] [--work-order-out <path>] [--work-order-markdown-out <path>] [--fail-on-dialogue-deny] [--fail-on-gate-non-allow] [--fail-on-runtime-non-allow] [--json]`: run dialogue->intent->plan->gate->runtime->approval pipeline in one command and optionally trigger low-risk one-click apply via Moqui adapter.
+  - CLI equivalent: `sce scene interactive-loop --context <path> --goal "<goal>" --context-contract docs/interactive-customization/moqui-copilot-context-contract.json --execution-mode apply --auto-execute-low-risk --auth-password "<password>" --feedback-score 5 --json`
+  - Default loop artifact root: `.kiro/reports/interactive-loop/<session-id>/`
+  - Default summary output: `.kiro/reports/interactive-loop/<session-id>/interactive-customization-loop.summary.json`
+- `--auto-execute-low-risk` executes `interactive-moqui-adapter --action low-risk-apply` only when `risk_level=low`, dialogue decision != `deny`, and gate decision=`allow`.
+- `--runtime-mode` and `--runtime-environment` default to `ops-fix@staging`; runtime decision must be `allow` before low-risk auto execute.
+- Default runtime report: `.kiro/reports/interactive-loop/<session-id>/interactive-runtime-policy.json`
+- Default work-order outputs:
+  - `.kiro/reports/interactive-loop/<session-id>/interactive-work-order.json`
+  - `.kiro/reports/interactive-loop/<session-id>/interactive-work-order.md`
+- Apply-mode mutating plans require password authorization by default (`plan.authorization.password_required=true`).
+- `--feedback-score` logs feedback to both session artifact and global governance file (`.kiro/reports/interactive-user-feedback.jsonl`).
+- npm alias: `npm run run:interactive-loop -- --context docs/interactive-customization/page-context.sample.json --goal "Improve order entry clarity" --json`
+Interactive runtime policy helper (script-level mode/environment gate):
+- `node scripts/interactive-runtime-policy-evaluate.js --plan <path> [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--policy <path>] [--fail-on-non-allow] [--json]`: evaluate plan execution safety by runtime role and environment constraints.
+  - Default policy: `docs/interactive-customization/runtime-mode-policy-baseline.json`
+  - Default output: `.kiro/reports/interactive-runtime-policy.json`
+  - `--fail-on-non-allow` exits with code `2` on `deny` or `review-required`.
+Interactive work-order helper (script-level usage/maintenance/dev closure):
+- `node scripts/interactive-work-order-build.js --plan <path> [--dialogue <path>] [--intent <path>] [--gate <path>] [--runtime <path>] [--approval-state <path>] [--execution-attempted] [--execution-result <value>] [--execution-id <id>] [--out <path>] [--markdown-out <path>] [--json]`: build auditable work-order record from dialogue/plan/gate/runtime/approval/execution signals.
+  - Default outputs:
+    - `.kiro/reports/interactive-work-order.json`
+    - `.kiro/reports/interactive-work-order.md`
+Interactive approval workflow helper (script-level stage-B approval state machine):
+- `node scripts/interactive-approval-workflow.js --action <init|submit|approve|reject|execute|verify|archive|status> [--plan <path>] [--state-file <path>] [--audit-file <path>] [--actor <id>] [--actor-role <name>] [--role-policy <path>] [--comment <text>] [--password <text>] [--password-hash <sha256>] [--password-hash-env <name>] [--password-required] [--password-scope <csv>] [--json]`: maintain approval lifecycle state for interactive change plans and append approval events to JSONL audit logs.
+  - Default state file: `.kiro/reports/interactive-approval-state.json`
+  - Default audit file: `.kiro/reports/interactive-approval-events.jsonl`
+  - `init` requires `--plan`; high-risk plans are marked as `approval_required=true`.
+  - Password authorization can be required per plan (`plan.authorization.password_required=true`) or overridden in `init`.
+  - `execute` is blocked (exit code `2`) when approval is required but current status is not `approved`.
+Interactive Moqui adapter helper (script-level stage-C controlled execution contract):
+- `node scripts/interactive-moqui-adapter.js --action <capabilities|plan|validate|apply|low-risk-apply|rollback> [--intent <path>] [--context <path>] [--plan <path>] [--execution-id <id>] [--execution-mode <suggestion|apply>] [--policy <path>] [--catalog <path>] [--moqui-config <path>] [--live-apply] [--no-dry-run] [--allow-suggestion-apply] [--json]`: run unified Moqui adapter interface (`capabilities/plan/validate/apply/low-risk-apply/rollback`) for interactive customization stage-C.
+  - Default plan output (`--action plan`): `.kiro/reports/interactive-change-plan.adapter.json`
+  - Default command output: `.kiro/reports/interactive-moqui-adapter.json`
+  - Default execution record (for `apply`/`rollback`): `.kiro/reports/interactive-execution-record.latest.json`
+  - Default append-only execution ledger: `.kiro/reports/interactive-execution-ledger.jsonl`
+  - `low-risk-apply` is one-click mode: only `risk_level=low` and gate decision `allow` can execute.
+  - `apply` exits with code `2` when result is non-success (`failed` or `skipped`), ensuring CI-safe gating.
+- npm alias: `npm run report:interactive-adapter-capabilities`
+Interactive user feedback helper (script-level stage-D feedback ingestion):
+- `node scripts/interactive-feedback-log.js --score <0..5> [--comment <text>] [--user-id <id>] [--session-id <id>] [--intent-id <id>] [--plan-id <id>] [--execution-id <id>] [--channel <ui|cli|api|other>] [--tags <csv>] [--product <name>] [--module <name>] [--page <name>] [--scene-id <name>] [--feedback-file <path>] [--json]`: append structured business-user feedback records into the interactive feedback JSONL stream for governance metrics.
+  - Default feedback file: `.kiro/reports/interactive-user-feedback.jsonl`
+  - Score range: `0..5`
+- npm alias: `npm run log:interactive-feedback -- --score 5 --comment "clear and safe"`
+Interactive governance report helper (script-level stage-D/6 observability + alerting):
+- `node scripts/interactive-governance-report.js [--intent-audit <path>] [--approval-audit <path>] [--execution-ledger <path>] [--feedback-file <path>] [--matrix-signals <path>] [--thresholds <path>] [--period <weekly|monthly|all|custom>] [--from <iso>] [--to <iso>] [--out <path>] [--markdown-out <path>] [--fail-on-alert] [--json]`: compute interactive governance KPIs (adoption/success/rollback/security-intercept/satisfaction + matrix pass/regression/stage-error), evaluate threshold breaches, and emit machine/human-readable governance report.
+  - Default thresholds: `docs/interactive-customization/governance-threshold-baseline.json`
+  - Default minimum intent sample threshold: `min_intent_samples=5` (below this becomes warning, not breach)
+  - Default feedback input: `.kiro/reports/interactive-user-feedback.jsonl`
+  - Default matrix input: `.kiro/reports/interactive-matrix-signals.jsonl`
+  - Default outputs:
+    - `.kiro/reports/interactive-governance-report.json`
+    - `.kiro/reports/interactive-governance-report.md`
+  - `--fail-on-alert` exits with code `2` when medium/high breaches exist.
+- npm alias: `npm run report:interactive-governance`
 Moqui standard rebuild helper (script-level recovery bootstrap):
 - `node scripts/moqui-standard-rebuild.js [--metadata <path>] [--out <path>] [--markdown-out <path>] [--bundle-out <path>] [--json]`: build a standard Moqui recovery bundle from metadata, including recommended SCE template matrix, recovery spec plan, handoff manifest seed, ontology seed, and page-copilot context contract.
   - Output now includes `recovery.readiness_matrix`, `recovery.readiness_summary`, and `recovery.prioritized_gaps` for template capability matrix scoring and remediation planning.
@@ -991,8 +1235,22 @@ sce scene moqui-baseline \
 ```
 Release workflow default:
+- Runs interactive loop smoke (`npm run test:interactive-loop-smoke`) in test/release test jobs.
+- Runs interactive flow smoke (`npm run test:interactive-flow-smoke`) in test/release test jobs.
+- Runs interactive governance gate by default (`interactive-governance-report --period weekly --fail-on-alert`) in test and release pipelines.
+- Evaluates matrix regression gate in CI/release with configurable policy:
+  - `KSE_MATRIX_REGRESSION_GATE_ENFORCE` (`true|false`, default advisory/disabled)
+  - `KSE_MATRIX_REGRESSION_GATE_MAX` (default `0`)
+- Optional release summary hard-gate:
+  - `KSE_MOQUI_RELEASE_SUMMARY_ENFORCE` (`true|false`, default advisory/disabled)
 - Publishes `moqui-template-baseline.json` + `moqui-template-baseline.md` as release assets.
 - Publishes `moqui-release-summary.json` + `moqui-release-summary.md` as release review assets.
+- Publishes `interactive-governance-<tag>.json` + `interactive-governance-<tag>.md` as release evidence assets.
+- Publishes `interactive-matrix-signals-<tag>.jsonl`, `matrix-regression-gate-<tag>.json`, and `matrix-remediation-plan-<tag>.{json,md}` + `matrix-remediation-<tag>.lines` + `matrix-remediation-goals-<tag>.json` + `matrix-remediation-commands-<tag>.md` + `matrix-remediation-{high,medium}-<tag>.lines` + `matrix-remediation-goals-{high,medium}-<tag>.json` + `matrix-remediation-phased-plan-<tag>.json` as release evidence assets.
+- Publishes `weekly-ops-summary-<tag>.json` + `weekly-ops-summary-<tag>.md` as release operational closed-loop assets.
+- Evaluates weekly ops risk gate by default (`release-weekly-ops-gate`; default block when `risk > medium` or summary missing).
+- Publishes `release-risk-remediation-<tag>.json|.md|.lines` derived from unified weekly+drift gate signals.
+- Evaluates and publishes release asset integrity audit (`release-asset-integrity-<tag>.json|.md`) before `npm publish`.
 - Enforces baseline portfolio gate by default (`KSE_MOQUI_BASELINE_ENFORCE` defaults to `true` when unset).
 ### Moqui ERP Integration