scene-capability-engine 3.2.0 → 3.3.2

package/docs/command-reference.md

@@ -727,6 +727,7 @@ Close-loop controller session maintenance:
 Cross-archive autonomous governance maintenance:
 - `sce auto governance stats [--days <n>] [--status <csv>] [--json]`: aggregate a unified governance snapshot from session/batch-session/controller-session archives plus recovery memory state.
   - JSON output includes `totals`, `throughput`, `health` (`risk_level`, `concerns`, `recommendations`, `release_gate`, `handoff_quality`), `top_master_specs`, `recovery_memory`, and full per-archive stats under `archives`.
+  - `health.release_gate` now carries weekly-ops governance pressure signals from release gate history (`weekly_ops_*`, including block/warning/config-warning totals and authorization/dialogue block-rate maxima) for risk scoring and recommendation routing.
   - When handoff Moqui matrix regressions are positive, `health.recommendations` now include phased anti-429 baseline one-shot remediation commands.
   - `health.handoff_quality` carries Moqui matrix + capability lexicon governance signals:
     - `latest_capability_expected_unknown_count`
@@ -749,6 +750,7 @@ Cross-archive autonomous governance maintenance:
   - `--governance-session-keep` (with optional `--governance-session-older-than-days`) enables post-run governance session retention pruning while protecting the current session snapshot.
   - `--execute-advisory` enables automatic advisory action execution (`recover-latest`, `controller-resume-latest`) when governance assessment detects failed sessions or controller pending goals; sce auto-selects the latest actionable advisory source and reports `skipped` (not `failed`) when no actionable source exists.
   - JSON output includes round-by-round risk/action telemetry (`rounds`, with `risk_before/risk_after` and `release_gate_before/release_gate_after`), advisory telemetry (`execute_advisory`, `advisory_policy`, `advisory_summary`, `rounds[*].advisory_actions`), `stop_detail` + `recommendations` for explicit blocking reasons, plus `initial_assessment`, `final_assessment`, and convergence metadata.
+  - When blocked by weekly release pressure, `stop_detail.weekly_ops` provides structured latest/aggregate/pressure fields so downstream agents and UI assistants do not need to parse reason strings.
   - Release-gate block reasons now include handoff matrix regression reasons when present:
     - `handoff-capability-expected-unknown-positive:<n>`
     - `handoff-capability-provided-unknown-positive:<n>`
@@ -756,8 +758,15 @@ Cross-archive autonomous governance maintenance:
     - `handoff-capability-provided-unknown-positive-rate:<percent>`
     - `handoff-moqui-matrix-regressions-positive:<n>`
     - `handoff-moqui-matrix-regressions-over-gate:<n>/<max>`
+  - Release-gate block reasons also include weekly-ops pressure reasons when present (examples):
+    - `weekly-ops-latest-blocked`
+    - `weekly-ops-blocked-runs-positive:<n>`
+    - `weekly-ops-config-warnings-positive:<n>`
+    - `weekly-ops-auth-tier-block-rate-high:<percent>`
+    - `weekly-ops-dialogue-authorization-block-rate-high:<percent>`
 - `sce auto governance session list [--limit <n>] [--status <csv>] [--resume-only] [--json]`: list persisted governance close-loop sessions (`--resume-only` filters to resumed-chain sessions only).
 - `sce auto governance session stats [--days <n>] [--status <csv>] [--resume-only] [--json]`: aggregate governance close-loop session telemetry (completion/failure/convergence, rounds, risk/stop composition, resumed-chain ratios/source counts, and aggregated `release_gate` round telemetry trends).
+  - `release_gate.weekly_ops_stop` summarizes weekly-ops stop pressure across governance sessions (session counts/rates, high-pressure/config-warning/auth-tier/dialogue pressure rates, and averaged blocked-runs/block-rate/config-warning totals).
 - `sce auto governance session prune [--keep <n>] [--older-than-days <n>] [--dry-run] [--json]`: prune governance close-loop session archive by retention policy.
 
 Close-loop recovery memory maintenance:
@@ -775,6 +784,8 @@ Autonomous KPI trend:
 Unified observability snapshot:
 - `sce auto observability snapshot [--days <n>] [--status <csv>] [--weeks <n>] [--trend-mode <mode>] [--trend-period <period>] [--out <path>] [--json]`: generate one unified observability snapshot that combines close-loop session stats, batch stats, controller stats, governance session stats, governance health, and KPI trend.
 - JSON output includes top-level `highlights` plus detailed archive/trend payloads under `snapshots`.
+  - `highlights` includes governance weekly-ops pressure counters (`governance_weekly_ops_stop_sessions`, high-pressure/config-warning/auth-tier/dialogue pressure counts/rates) plus runtime pressure counters (`governance_weekly_ops_runtime_block_rate_high_sessions`, `governance_weekly_ops_runtime_ui_mode_violation_high_sessions`, `governance_weekly_ops_runtime_ui_mode_violation_total_sum`).
+  - `snapshots.governance_weekly_ops_stop` exposes the full weekly-ops stop aggregate object from governance session stats for direct dashboard consumption.
 
 Agent-facing spec interfaces:
 - `sce auto spec status <spec-name> [--json]`: structured status for one spec (`docs`, `task_progress`, `collaboration`, `health`).
@@ -792,6 +803,9 @@ Dual-track handoff integration:
 - `sce auto handoff capability-matrix --manifest <path> [--profile <default|moqui|enterprise>] [--strict] [--strict-warnings] [--min-capability-coverage <n>] [--min-capability-semantic <n>] [--no-require-capability-semantic] [--format <json|markdown>] [--out <path>] [--remediation-queue-out <path>] [--fail-on-gap] [--json]`: generate a fast Moqui capability matrix (`template-diff + baseline + capability coverage + semantic completeness`) and optionally fail fast on gaps.
 - When matrix regressions are detected in baseline compare, recommendations prioritize capability-cluster phased execution first (`npm run run:matrix-remediation-clusters-phased -- --json`), then baseline phased one-shot (`node scripts/moqui-matrix-remediation-phased-runner.js --baseline ... --json`).
 - When `manifest.capabilities` is empty, sce auto-infers canonical expected capabilities from `manifest.templates` using the Moqui lexicon before deciding whether capability coverage should be skipped.
+- `sce auto handoff preflight-check [--profile <default|moqui|enterprise>] [--history-file <path>] [--require-release-gate-preflight|--no-require-release-gate-preflight] [--release-evidence-window <n>] [--require-pass] [--json]`: inspect release-gate history preflight readiness and return machine-readable `pass|warning|blocked` status with reasons, runtime weekly-ops pressure signals, and executable remediation commands.
+  - `--require-pass` exits non-zero when status is not `pass` (recommended for CI/release hard gates).
+  - Default policy follows profile defaults and enforces release-gate preflight hard requirement (`default`/`moqui`/`enterprise` all require preflight by default).
 - `sce auto handoff run --manifest <path> [--profile <default|moqui|enterprise>] [--out <path>] [--queue-out <path>] [--append] [--no-include-known-gaps] [--continue-from <session|latest|file>] [--continue-strategy <auto|pending|failed-only>] [--dry-run] [--strict] [--strict-warnings] [--no-dependency-batching] [--min-spec-success-rate <n>] [--max-risk-level <level>] [--max-moqui-matrix-regressions <n>] [--no-require-ontology-validation] [--no-require-moqui-baseline] [--min-capability-coverage <n>] [--no-require-capability-coverage] [--require-release-gate-preflight] [--release-evidence-window <n>] [--json]`: execute handoff end-to-end (`plan -> queue -> close-loop-batch -> observability`) with automatic report archive to `.kiro/reports/handoff-runs/<session>.json`.
   - Default mode is dependency-aware: spec integration goals are grouped into dependency batches and executed in topological order.
   - `--continue-from` resumes pending goals from an existing handoff run report (`latest`, session id, or JSON file path). For safety, sce enforces manifest-path consistency between the previous report and current run.
@@ -804,11 +818,13 @@ Dual-track handoff integration:
   - Run output includes `moqui_capability_coverage` snapshot by default (when manifest `capabilities` is declared), with artifacts at `.kiro/reports/release-evidence/moqui-capability-coverage.json` and `.kiro/reports/release-evidence/moqui-capability-coverage.md`.
   - When `manifest.capabilities` is not declared, sce attempts lexicon-based capability inference from `manifest.templates` first; only fully non-mappable manifests keep capability coverage in skipped mode.
   - Run output includes `release_gate_preflight` (latest release gate history signal snapshot + blocked reasons) and carries this context into `warnings`.
-  - `release_gate_preflight` is advisory by default; use `--require-release-gate-preflight` to hard-fail when preflight is unavailable/blocked.
+  - `release_gate_preflight` now also carries runtime weekly-ops pressure metrics (`latest_weekly_ops_runtime_block_rate_percent`, `latest_weekly_ops_runtime_ui_mode_violation_total`, `latest_weekly_ops_runtime_ui_mode_violation_rate_percent`) for UI-mode policy diagnostics.
+  - `release_gate_preflight` is hard-gated by default; use `--no-require-release-gate-preflight` only for emergency bypass or isolated diagnostics.
+  - `phases[*].details` for `observability` now includes weekly-ops stop pressure counters (`weekly_ops_stop_sessions`, `weekly_ops_high_pressure_sessions`, config-warning/auth-tier/dialogue pressure session counts) and runtime pressure counters (`weekly_ops_runtime_block_rate_high_sessions`, `weekly_ops_runtime_ui_mode_violation_high_sessions`, `weekly_ops_runtime_ui_mode_violation_total_sum`) sourced from the unified observability snapshot.
   - `--profile` applies preset gate policy defaults before explicit option overrides:
-    - `default`: current baseline gate policy.
-    - `moqui`: explicit Moqui-intake baseline (same strict defaults as `default`).
-    - `enterprise`: stricter release control baseline (`max-risk-level=medium`, `require-release-gate-preflight=true`, `release-evidence-window=10`).
+    - `default`: default takeover policy (release-gate preflight hard requirement enabled).
+    - `moqui`: explicit Moqui-intake baseline (same hard-gate defaults as `default`).
+    - `enterprise`: stricter release control baseline (`max-risk-level=medium`, `release-evidence-window=10`, preflight hard requirement enabled).
   - When Moqui baseline/capability gates fail, sce auto-generates remediation queue lines at `.kiro/auto/moqui-remediation.lines`.
   - Run result includes `failure_summary` (failed phase/gate/release-gate preflight highlights) and `recommendations` with executable follow-up commands (for example, auto-generated `--continue-from <session>` on failed/incomplete batches).
   - When matrix regressions are detected, recommendations now prioritize capability-cluster phased execution (`npm run run:matrix-remediation-clusters-phased -- --json`) and include capability-cluster batch fallback plus baseline phased one-shot remediation (`node scripts/moqui-matrix-remediation-phased-runner.js --baseline ... --json`).
@@ -827,6 +843,7 @@ Dual-track handoff integration:
   - `--window` (1-50, default `5`) controls how many recent sessions are aggregated in review.
   - JSON output includes `current_overview` (with `release_gate_preflight`, `failure_summary`, and preflight policy flags), `aggregates.status_counts`, `aggregates.gate_pass_rate_percent`, and `risk_layers`.
   - Markdown output includes `Current Gate`, `Current Release Gate Preflight`, `Current Failure Summary`, `Current Ontology`, `Current Regression`, `Current Moqui Baseline`, `Current Capability Coverage`, `Trend Series`, and `Risk Layer View`.
+  - `Current Release Gate Preflight` includes runtime pressure lines (runtime block-rate and ui-mode violation totals/rates) when signals exist in release-gate history.
   - Add `--release-draft <path>` to auto-generate a release notes draft and evidence review markdown in one run.
   - `--release-version` sets draft version tag (defaults to `v<package.json version>`), and `--release-date` accepts `YYYY-MM-DD` (default: current UTC date).
   - Use `--review-out <path>` to override the generated evidence review markdown path (default `.kiro/reports/release-evidence/handoff-evidence-review.md`).
@@ -834,7 +851,7 @@ Dual-track handoff integration:
   - Default scan dir is `.kiro/reports/release-evidence`, default output file is `.kiro/reports/release-evidence/release-gate-history.json`.
   - `--history-file` merges an existing index (for example, previous release asset) before dedup/refresh.
   - `--keep` retains latest N entries (`1-5000`, default `200`).
-  - Aggregates include scene package batch, capability unknown trend, drift, and release-preflight/hard-gate signals (`scene_package_batch_*`, `capability_expected_unknown_*`, `capability_provided_unknown_*`, `drift_alert_*`, `drift_block_*`, `release_gate_preflight_*`) when present in gate reports.
+  - Aggregates include scene package batch, capability unknown trend, drift, weekly ops pressure (including runtime ui-mode/runtime block-rate telemetry), config warning pressure, and release-preflight/hard-gate signals (`scene_package_batch_*`, `capability_expected_unknown_*`, `capability_provided_unknown_*`, `drift_alert_*`, `drift_block_*`, `weekly_ops_*`, `config_warnings_total`, `release_gate_preflight_*`) when present in gate reports.
   - `--markdown-out <path>` writes a human-readable trend card markdown for PR/Issue handoff.
 
 Moqui template library lexicon audit (script-level governance helper):
@@ -888,12 +905,18 @@ Release weekly ops gate helper (release hard-gate):
     - `RELEASE_WEEKLY_OPS_MAX_RISK_LEVEL=medium`
   - optional thresholds:
     - `RELEASE_WEEKLY_OPS_MAX_GOVERNANCE_BREACHES=<n>`
+    - `RELEASE_WEEKLY_OPS_MAX_AUTHORIZATION_TIER_BLOCK_RATE_PERCENT=<n>` (default `40`)
+    - `RELEASE_WEEKLY_OPS_MAX_DIALOGUE_AUTHORIZATION_BLOCK_RATE_PERCENT=<n>` (default `40`)
+    - `RELEASE_WEEKLY_OPS_MAX_RUNTIME_UI_MODE_VIOLATION_TOTAL=<n>` (default `0`)
+    - `RELEASE_WEEKLY_OPS_MAX_RUNTIME_UI_MODE_VIOLATION_RATE_PERCENT=<n>`
     - `RELEASE_WEEKLY_OPS_MAX_MATRIX_REGRESSION_RATE_PERCENT=<n>`
+  - invalid numeric threshold values emit `config_warnings` and fall back to defaults.
   - merges result into `RELEASE_GATE_REPORT_FILE` when provided.
 - npm alias: `npm run gate:release-ops-weekly`
 
 Release risk remediation bundle helper (weekly + drift unified command pack):
 - `node scripts/release-risk-remediation-bundle.js [--gate-report <path>] [--out <path>] [--markdown-out <path>] [--lines-out <path>] [--json]`: derive deduplicated remediation commands from `release-gate` report signals (`weekly_ops`, `drift`) and export JSON/Markdown/lines artifacts.
+  - when weekly gate includes `dialogue-authorization`/`authorization-tier` block-rate pressure, plan includes policy-specific diagnostics (`interactive-dialogue-governance`, `interactive-authorization-tier-evaluate`).
   - Default input: `.kiro/reports/release-evidence/release-gate.json`
   - Default outputs:
     - `.kiro/reports/release-evidence/release-risk-remediation-bundle.json`
@@ -987,11 +1010,15 @@ Interactive context bridge helper (script-level provider normalization):
   - npm alias: `npm run report:interactive-context-bridge`
 
 Interactive full flow helper (script-level one-command entry):
-- `node scripts/interactive-flow.js --input <path> (--goal <text> | --goal-file <path>) [--provider <moqui|generic>] [--execution-mode <suggestion|apply>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--runtime-policy <path>] [--policy <path>] [--catalog <path>] [--dialogue-policy <path>] [--context-contract <path>] [--approval-role-policy <path>] [--approval-actor-role <name>] [--approver-actor-role <name>] [--auto-execute-low-risk] [--auth-password-hash <sha256>] [--auth-password <text>] [--feedback-score <0..5>] [--work-order-out <path>] [--work-order-markdown-out <path>] [--fail-on-runtime-non-allow] [--no-matrix] [--matrix-min-score <0..100>] [--matrix-min-valid-rate <0..100>] [--matrix-compare-with <path>] [--matrix-signals <path>] [--matrix-fail-on-portfolio-fail] [--matrix-fail-on-regression] [--json]`: run `context-bridge -> interactive-loop -> matrix-baseline-snapshot` in one command for Moqui workbench integration.
+- `node scripts/interactive-flow.js --input <path> (--goal <text> | --goal-file <path>) [--provider <moqui|generic>] [--execution-mode <suggestion|apply>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--runtime-policy <path>] [--authorization-tier-policy <path>] [--authorization-tier-out <path>] [--policy <path>] [--catalog <path>] [--dialogue-policy <path>] [--dialogue-profile <business-user|system-maintainer>] [--ui-mode <user-app|ops-console>] [--context-contract <path>] [--approval-role-policy <path>] [--approval-actor-role <name>] [--approver-actor-role <name>] [--auto-execute-low-risk] [--auth-password-hash <sha256>] [--auth-password <text>] [--feedback-score <0..5>] [--work-order-out <path>] [--work-order-markdown-out <path>] [--fail-on-runtime-non-allow] [--no-matrix] [--matrix-min-score <0..100>] [--matrix-min-valid-rate <0..100>] [--matrix-compare-with <path>] [--matrix-signals <path>] [--matrix-fail-on-portfolio-fail] [--matrix-fail-on-regression] [--json]`: run `context-bridge -> interactive-loop -> matrix-baseline-snapshot` in one command for Moqui workbench integration.
   - Default flow artifact root: `.kiro/reports/interactive-flow/<session-id>/`
   - Default flow summary output: `.kiro/reports/interactive-flow/<session-id>/interactive-flow.summary.json`
   - Default dialogue report output: `.kiro/reports/interactive-flow/<session-id>/interactive-dialogue-governance.json`
+  - Default dialogue-authorization signal stream:
+    - `.kiro/reports/interactive-flow/<session-id>/interactive-dialogue-authorization-signals.jsonl` (session)
+    - `.kiro/reports/interactive-dialogue-authorization-signals.jsonl` (global append-only stream)
   - Default runtime report output: `.kiro/reports/interactive-flow/<session-id>/interactive-runtime-policy.json`
+  - Default authorization tier report output: `.kiro/reports/interactive-flow/<session-id>/interactive-authorization-tier.json`
   - Default work-order outputs:
     - `.kiro/reports/interactive-flow/<session-id>/interactive-work-order.json`
     - `.kiro/reports/interactive-flow/<session-id>/interactive-work-order.md`
@@ -1014,9 +1041,13 @@ Interactive read-only intent helper (script-level stage-A copilot bridge):
   - This helper never executes write actions; it only produces suggestion-stage artifacts.
 
 Interactive dialogue governance helper (script-level communication-rule gate):
-- `node scripts/interactive-dialogue-governance.js (--goal <text> | --goal-file <path>) [--context <path>] [--policy <path>] [--out <path>] [--fail-on-deny] [--json]`: evaluate user request text against embedded-assistant communication policy, output `allow|clarify|deny`, and produce clarification questions for non-technical users.
+- `node scripts/interactive-dialogue-governance.js (--goal <text> | --goal-file <path>) [--context <path>] [--policy <path>] [--profile <business-user|system-maintainer>] [--ui-mode <user-app|ops-console>] [--execution-mode <suggestion|apply>] [--runtime-environment <dev|staging|prod>] [--authorization-dialogue-policy <path>] [--out <path>] [--fail-on-deny] [--json]`: evaluate user request text against embedded-assistant communication policy, output `allow|clarify|deny`, and produce machine-readable authorization dialogue requirements (`authorization_dialogue`) for non-technical users.
+  - Embedded assistant authorization dialogue baseline: `docs/interactive-customization/embedded-assistant-authorization-dialogue-rules.md`
+  - Dual-surface integration guide: `docs/interactive-customization/dual-ui-mode-integration-guide.md`
   - Default output: `.kiro/reports/interactive-dialogue-governance.json`
   - Default policy: `docs/interactive-customization/dialogue-governance-policy-baseline.json` (fallback builtin policy when missing)
+  - Default authorization dialogue policy: `docs/interactive-customization/authorization-dialogue-policy-baseline.json`
+  - Default profile: `business-user` (use `system-maintainer` for maintenance/operator conversations)
   - `--fail-on-deny` exits with code `2` to block unsafe requests in CI/automation.
 
 Interactive change-plan generator helper (script-level stage-B planning bridge):
@@ -1027,13 +1058,23 @@ Interactive change-plan generator helper (script-level stage-B planning bridge):
   - Generated plans can be evaluated directly by `interactive-change-plan-gate`.
 
 Interactive one-click loop helper (script-level orchestration entry):
-- `node scripts/interactive-customization-loop.js --context <path> (--goal <text> | --goal-file <path>) [--execution-mode <suggestion|apply>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--runtime-policy <path>] [--policy <path>] [--catalog <path>] [--dialogue-policy <path>] [--context-contract <path>] [--approval-role-policy <path>] [--approval-actor-role <name>] [--approver-actor-role <name>] [--no-strict-contract] [--auto-approve-low-risk] [--auto-execute-low-risk] [--auth-password-hash <sha256>] [--auth-password <text>] [--feedback-score <0..5>] [--feedback-comment <text>] [--feedback-tags <csv>] [--allow-suggestion-apply] [--work-order-out <path>] [--work-order-markdown-out <path>] [--fail-on-dialogue-deny] [--fail-on-gate-non-allow] [--fail-on-runtime-non-allow] [--json]`: run dialogue->intent->plan->gate->runtime->approval pipeline in one command and optionally trigger low-risk one-click apply via Moqui adapter.
+- `node scripts/interactive-customization-loop.js --context <path> (--goal <text> | --goal-file <path>) [--execution-mode <suggestion|apply>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--runtime-policy <path>] [--authorization-tier-policy <path>] [--authorization-tier-out <path>] [--policy <path>] [--catalog <path>] [--dialogue-policy <path>] [--dialogue-profile <business-user|system-maintainer>] [--ui-mode <user-app|ops-console>] [--context-contract <path>] [--approval-role-policy <path>] [--approval-actor-role <name>] [--approver-actor-role <name>] [--no-strict-contract] [--auto-approve-low-risk] [--auto-execute-low-risk] [--auth-password-hash <sha256>] [--auth-password <text>] [--feedback-score <0..5>] [--feedback-comment <text>] [--feedback-tags <csv>] [--allow-suggestion-apply] [--work-order-out <path>] [--work-order-markdown-out <path>] [--fail-on-dialogue-deny] [--fail-on-gate-non-allow] [--fail-on-runtime-non-allow] [--json]`: run dialogue->intent->plan->gate->runtime->authorization-tier->approval pipeline in one command and optionally trigger low-risk one-click apply via Moqui adapter.
   - CLI equivalent: `sce scene interactive-loop --context <path> --goal "<goal>" --context-contract docs/interactive-customization/moqui-copilot-context-contract.json --execution-mode apply --auto-execute-low-risk --auth-password "<password>" --feedback-score 5 --json`
   - Default loop artifact root: `.kiro/reports/interactive-loop/<session-id>/`
   - Default summary output: `.kiro/reports/interactive-loop/<session-id>/interactive-customization-loop.summary.json`
 - `--auto-execute-low-risk` executes `interactive-moqui-adapter --action low-risk-apply` only when `risk_level=low`, dialogue decision != `deny`, and gate decision=`allow`.
 - `--runtime-mode` and `--runtime-environment` default to `ops-fix@staging`; runtime decision must be `allow` before low-risk auto execute.
+- Authorization tier defaults:
+  - `business-user` profile is suggestion-only (`apply` denied by default)
+  - `system-maintainer` profile can apply, but environment step-up requirements still apply (password/role separation/manual review)
 - Default runtime report: `.kiro/reports/interactive-loop/<session-id>/interactive-runtime-policy.json`
+- Default authorization tier report: `.kiro/reports/interactive-loop/<session-id>/interactive-authorization-tier.json`
+- Default authorization tier signal stream:
+  - Session: `.kiro/reports/interactive-loop/<session-id>/interactive-authorization-tier-signals.jsonl`
+  - Global: `.kiro/reports/interactive-authorization-tier-signals.jsonl`
+- Default dialogue-authorization signal stream:
+  - Session: `.kiro/reports/interactive-loop/<session-id>/interactive-dialogue-authorization-signals.jsonl`
+  - Global: `.kiro/reports/interactive-dialogue-authorization-signals.jsonl`
 - Default work-order outputs:
   - `.kiro/reports/interactive-loop/<session-id>/interactive-work-order.json`
   - `.kiro/reports/interactive-loop/<session-id>/interactive-work-order.md`
@@ -1042,13 +1083,20 @@ Interactive one-click loop helper (script-level orchestration entry):
 - npm alias: `npm run run:interactive-loop -- --context docs/interactive-customization/page-context.sample.json --goal "Improve order entry clarity" --json`
 
 Interactive runtime policy helper (script-level mode/environment gate):
-- `node scripts/interactive-runtime-policy-evaluate.js --plan <path> [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--policy <path>] [--fail-on-non-allow] [--json]`: evaluate plan execution safety by runtime role and environment constraints.
+- `node scripts/interactive-runtime-policy-evaluate.js --plan <path> [--ui-mode <user-app|ops-console>] [--runtime-mode <user-assist|ops-fix|feature-dev>] [--runtime-environment <dev|staging|prod>] [--policy <path>] [--fail-on-non-allow] [--json]`: evaluate plan execution safety by runtime role, UI surface, and environment constraints.
   - Default policy: `docs/interactive-customization/runtime-mode-policy-baseline.json`
+  - `policy.ui_modes` (when configured) enforces UI-surface contract, such as `user-app` suggestion-only and apply routed to `ops-console`.
   - Default output: `.kiro/reports/interactive-runtime-policy.json`
   - `--fail-on-non-allow` exits with code `2` on `deny` or `review-required`.
 
+Interactive authorization-tier helper (script-level profile/environment step-up gate):
+- `node scripts/interactive-authorization-tier-evaluate.js [--execution-mode <suggestion|apply>] [--dialogue-profile <business-user|system-maintainer>] [--runtime-mode <name>] [--runtime-environment <dev|staging|prod>] [--auto-execute-low-risk] [--live-apply] [--policy <path>] [--out <path>] [--fail-on-non-allow] [--json]`: evaluate whether execution intent is permitted under dialogue profile and runtime environment authorization tier.
+  - Default policy: `docs/interactive-customization/authorization-tier-policy-baseline.json`
+  - Default output: `.kiro/reports/interactive-authorization-tier.json`
+  - `--fail-on-non-allow` exits with code `2` on `deny` or `review-required`.
+
 Interactive work-order helper (script-level usage/maintenance/dev closure):
-- `node scripts/interactive-work-order-build.js --plan <path> [--dialogue <path>] [--intent <path>] [--gate <path>] [--runtime <path>] [--approval-state <path>] [--execution-attempted] [--execution-result <value>] [--execution-id <id>] [--out <path>] [--markdown-out <path>] [--json]`: build auditable work-order record from dialogue/plan/gate/runtime/approval/execution signals.
+- `node scripts/interactive-work-order-build.js --plan <path> [--dialogue <path>] [--intent <path>] [--gate <path>] [--runtime <path>] [--authorization-tier <path>] [--approval-state <path>] [--execution-attempted] [--execution-result <value>] [--execution-id <id>] [--out <path>] [--markdown-out <path>] [--json]`: build auditable work-order record from dialogue/plan/gate/runtime/authorization-tier/approval/execution signals.
   - Default outputs:
     - `.kiro/reports/interactive-work-order.json`
     - `.kiro/reports/interactive-work-order.md`
@@ -1078,11 +1126,14 @@ Interactive user feedback helper (script-level stage-D feedback ingestion):
 - npm alias: `npm run log:interactive-feedback -- --score 5 --comment "clear and safe"`
 
 Interactive governance report helper (script-level stage-D/6 observability + alerting):
-- `node scripts/interactive-governance-report.js [--intent-audit <path>] [--approval-audit <path>] [--execution-ledger <path>] [--feedback-file <path>] [--matrix-signals <path>] [--thresholds <path>] [--period <weekly|monthly|all|custom>] [--from <iso>] [--to <iso>] [--out <path>] [--markdown-out <path>] [--fail-on-alert] [--json]`: compute interactive governance KPIs (adoption/success/rollback/security-intercept/satisfaction + matrix pass/regression/stage-error), evaluate threshold breaches, and emit machine/human-readable governance report.
+- `node scripts/interactive-governance-report.js [--intent-audit <path>] [--approval-audit <path>] [--execution-ledger <path>] [--feedback-file <path>] [--matrix-signals <path>] [--dialogue-authorization-signals <path>] [--runtime-signals <path>] [--authorization-tier-signals <path>] [--thresholds <path>] [--period <weekly|monthly|all|custom>] [--from <iso>] [--to <iso>] [--out <path>] [--markdown-out <path>] [--fail-on-alert] [--json]`: compute interactive governance KPIs (adoption/success/rollback/security-intercept/satisfaction + matrix pass/regression/stage-error + dialogue/runtime/authorization-tier pressure), evaluate threshold breaches, and emit machine/human-readable governance report.
   - Default thresholds: `docs/interactive-customization/governance-threshold-baseline.json`
   - Default minimum intent sample threshold: `min_intent_samples=5` (below this becomes warning, not breach)
   - Default feedback input: `.kiro/reports/interactive-user-feedback.jsonl`
   - Default matrix input: `.kiro/reports/interactive-matrix-signals.jsonl`
+  - Default dialogue authorization signal input: `.kiro/reports/interactive-dialogue-authorization-signals.jsonl`
+  - Default runtime policy signal input: `.kiro/reports/interactive-runtime-signals.jsonl`
+  - Default authorization tier signal input: `.kiro/reports/interactive-authorization-tier-signals.jsonl`
   - Default outputs:
     - `.kiro/reports/interactive-governance-report.json`
     - `.kiro/reports/interactive-governance-report.md`

package/docs/interactive-customization/README.md

@@ -10,7 +10,9 @@ This directory contains baseline contracts and safety policy artifacts for the i
 - `page-context.schema.json`: schema for page-level read-only context payloads.
 - `guardrail-policy-baseline.json`: default secure-by-default guardrail policy.
 - `dialogue-governance-policy-baseline.json`: baseline communication rules for embedded assistant dialogue.
-- `runtime-mode-policy-baseline.json`: baseline runtime mode/environment policy (`user-assist|ops-fix|feature-dev` x `dev|staging|prod`).
+- `authorization-dialogue-policy-baseline.json`: machine-readable authorization dialogue policy (profile/env confirmation + step-up prompts).
+- `authorization-tier-policy-baseline.json`: baseline authorization tier policy for profile/environment step-up requirements.
+- `runtime-mode-policy-baseline.json`: baseline runtime mode/environment policy (`user-assist|ops-fix|feature-dev` x `dev|staging|prod`) with optional `ui_modes` surface contract (`user-app|ops-console`).
 - `approval-role-policy-baseline.json`: optional approval role policy baseline (`submit/approve/execute/verify/archive` role requirements).
 - `high-risk-action-catalog.json`: baseline high-risk action classification for deny/review decisions.
 - `change-plan.sample.json`: runnable sample plan for gate checks.
@@ -27,6 +29,8 @@ This directory contains baseline contracts and safety policy artifacts for the i
 - `governance-threshold-baseline.json`: governance KPI threshold baseline for alerting.
 - `governance-report-template.md`: periodic governance report template.
 - `governance-alert-playbook.md`: threshold breach response workflow.
+- `embedded-assistant-authorization-dialogue-rules.md`: required user/maintainer conversation + authorization behavior for embedded AI assistants.
+- `dual-ui-mode-integration-guide.md`: integration pattern for user-app and ops-console dual-surface deployments.
 - `phase-acceptance-evidence.md`: stage A/B/C/D acceptance evidence checklist.
 - `non-technical-usability-report.md`: business-user usability assessment and improvement backlog.
 - `cross-industry-replication-guide.md`: replication boundary and rollout sequence beyond Moqui.
@@ -71,10 +75,12 @@ Run one-command full flow (bridge -> loop):
 node scripts/interactive-flow.js \
   --input docs/interactive-customization/moqui-context-provider.sample.json \
   --goal "Adjust order screen field layout for clearer input flow" \
+  --dialogue-profile system-maintainer \
   --runtime-mode ops-fix \
   --runtime-environment staging \
   --context-contract docs/interactive-customization/moqui-copilot-context-contract.json \
   --dialogue-policy docs/interactive-customization/dialogue-governance-policy-baseline.json \
+  --authorization-tier-policy docs/interactive-customization/authorization-tier-policy-baseline.json \
   --runtime-policy docs/interactive-customization/runtime-mode-policy-baseline.json \
   --execution-mode apply \
   --auto-execute-low-risk \
@@ -105,9 +111,21 @@ Flow output defaults:
 - Bridge context: `.kiro/reports/interactive-flow/<session-id>/interactive-page-context.normalized.json`
 - Loop summary: `.kiro/reports/interactive-flow/<session-id>/interactive-customization-loop.summary.json`
 - Dialogue governance report: `.kiro/reports/interactive-flow/<session-id>/interactive-dialogue-governance.json`
+- Dialogue authorization signal stream:
+  - Session: `.kiro/reports/interactive-flow/<session-id>/interactive-dialogue-authorization-signals.jsonl`
+  - Global: `.kiro/reports/interactive-dialogue-authorization-signals.jsonl`
+- Authorization tier report: `.kiro/reports/interactive-flow/<session-id>/interactive-authorization-tier.json`
+- Authorization tier signal stream:
+  - Session: `.kiro/reports/interactive-flow/<session-id>/interactive-authorization-tier-signals.jsonl`
+  - Global: `.kiro/reports/interactive-authorization-tier-signals.jsonl`
 - Matrix summary JSON: `.kiro/reports/interactive-flow/<session-id>/moqui-template-baseline.json`
 - Matrix summary Markdown: `.kiro/reports/interactive-flow/<session-id>/moqui-template-baseline.md`
 - Matrix signal stream: `.kiro/reports/interactive-matrix-signals.jsonl`
+- Loop/flow summaries now include execution block diagnostics:
+  - `summary.dialogue_authorization_decision` (`allow|review-required|deny`)
+  - `summary.execution_block_reason_category` (`password-authorization|role-policy|authorization-tier|runtime-policy|approval-policy|unknown`)
+  - `summary.execution_block_remediation_hint` (human-readable fix hint)
+  - `summary.authorization_execute_roles` (flow-level execute role requirements when role policy is enabled)
 
 Build read-only change intent from page context:
 
@@ -134,8 +152,13 @@ Run dialogue governance (communication-rule check only):
 ```bash
 node scripts/interactive-dialogue-governance.js \
   --goal "Improve order entry speed without changing payment policy" \
+  --execution-mode suggestion \
+  --runtime-environment staging \
+  --profile business-user \
+  --ui-mode user-app \
   --context docs/interactive-customization/page-context.sample.json \
   --policy docs/interactive-customization/dialogue-governance-policy-baseline.json \
+  --authorization-dialogue-policy docs/interactive-customization/authorization-dialogue-policy-baseline.json \
   --json
 ```
 
@@ -147,6 +170,8 @@ node scripts/interactive-customization-loop.js \
   --context docs/interactive-customization/page-context.sample.json \
   --context-contract docs/interactive-customization/moqui-copilot-context-contract.json \
   --goal "Improve order entry clarity for business users" \
+  --dialogue-profile business-user \
+  --ui-mode user-app \
   --json
 
 # low-risk one-click apply loop
@@ -154,8 +179,11 @@ node scripts/interactive-customization-loop.js \
   --context docs/interactive-customization/page-context.sample.json \
   --context-contract docs/interactive-customization/moqui-copilot-context-contract.json \
   --goal "Adjust order screen field layout for clearer input flow" \
+  --dialogue-profile system-maintainer \
+  --ui-mode ops-console \
   --runtime-mode ops-fix \
   --runtime-environment staging \
+  --authorization-tier-policy docs/interactive-customization/authorization-tier-policy-baseline.json \
   --runtime-policy docs/interactive-customization/runtime-mode-policy-baseline.json \
   --approval-role-policy docs/interactive-customization/approval-role-policy-baseline.json \
   --approval-actor-role product-owner \
@@ -174,6 +202,7 @@ sce scene interactive-loop \
   --context docs/interactive-customization/page-context.sample.json \
   --context-contract docs/interactive-customization/moqui-copilot-context-contract.json \
   --goal "Adjust order screen field layout for clearer input flow" \
+  --dialogue-profile system-maintainer \
   --execution-mode apply \
   --auto-execute-low-risk \
   --auth-password-hash "<sha256-of-demo-pass>" \
@@ -185,21 +214,38 @@ sce scene interactive-loop \
 `--feedback-score` writes feedback into both:
 - Session artifact: `.kiro/reports/interactive-loop/<session-id>/interactive-user-feedback.jsonl`
 - Governance global stream: `.kiro/reports/interactive-user-feedback.jsonl`
+- `--dialogue-profile` defaults to `business-user`; use `system-maintainer` for operations/maintenance sessions that must surface ticket + rollback requirements before execution.
+- `--ui-mode user-app|ops-console` binds interaction surface semantics (user app vs management console) and participates in authorization dialogue decisioning.
+- In default authorization tier, `business-user` only allows `suggestion` mode; apply path requires `system-maintainer` profile plus environment-specific step-up requirements.
 - Context contract validation is strict by default (required fields, payload size, forbidden keys). Use `--no-strict-contract` only for temporary diagnostics.
 - `--execution-mode apply` with mutating actions requires password authorization by default (`plan.authorization.password_required=true`).
 - Runtime policy defaults to `ops-fix@staging`; low-risk auto execute requires runtime decision `allow`.
+- Runtime policy can enforce UI-surface contract via `ui_modes` (default baseline: `user-app` suggestion-only, `ops-console` supports apply).
 
 Run runtime mode/environment policy evaluation directly:
 
 ```bash
 node scripts/interactive-runtime-policy-evaluate.js \
   --plan .kiro/reports/interactive-change-plan.generated.json \
+  --ui-mode ops-console \
   --runtime-mode ops-fix \
   --runtime-environment staging \
   --policy docs/interactive-customization/runtime-mode-policy-baseline.json \
   --json
 ```
 
+Run authorization tier profile/environment evaluation directly:
+
+```bash
+node scripts/interactive-authorization-tier-evaluate.js \
+  --execution-mode apply \
+  --dialogue-profile system-maintainer \
+  --runtime-environment staging \
+  --auto-execute-low-risk \
+  --policy docs/interactive-customization/authorization-tier-policy-baseline.json \
+  --json
+```
+
 Build interactive work-order artifacts directly:
 
 ```bash
@@ -208,6 +254,7 @@ node scripts/interactive-work-order-build.js \
   --dialogue .kiro/reports/interactive-dialogue-governance.json \
   --gate .kiro/reports/interactive-change-plan-gate.json \
   --runtime .kiro/reports/interactive-runtime-policy.json \
+  --authorization-tier .kiro/reports/interactive-authorization-tier.json \
   --approval-state .kiro/reports/interactive-approval-state.json \
   --execution-attempted \
   --execution-result success \
@@ -309,6 +356,9 @@ node scripts/interactive-governance-report.js \
 
 The governance report consumes feedback events from `.kiro/reports/interactive-user-feedback.jsonl` by default.
 The governance report also consumes matrix signals from `.kiro/reports/interactive-matrix-signals.jsonl` by default.
+The governance report consumes dialogue-authorization signals from `.kiro/reports/interactive-dialogue-authorization-signals.jsonl` by default.
+The governance report consumes runtime policy signals from `.kiro/reports/interactive-runtime-signals.jsonl` by default.
+The governance report consumes authorization-tier signals from `.kiro/reports/interactive-authorization-tier-signals.jsonl` by default.
 When `intent_total` is below `min_intent_samples` (default `5`), adoption emits a low-severity sample warning instead of a breach.
 
 Export matrix regression remediation queue lines (for close-loop-batch):

package/docs/interactive-customization/authorization-dialogue-policy-baseline.json

@@ -0,0 +1,47 @@
+{
+  "version": "1.0.0",
+  "default_profile": "business-user",
+  "prompt_templates": {
+    "scope_confirmation": "Confirm target module/page and business boundary before execution.",
+    "impact_confirmation": "Confirm expected business impact and out-of-scope boundaries.",
+    "rollback_confirmation": "Confirm rollback reference is prepared before apply.",
+    "ticket_reference": "Provide approved change ticket id.",
+    "password_step_up": "Complete one-time password authorization before apply.",
+    "role_policy": "Provide actor role and approver role according to role policy.",
+    "role_separation": "Confirm operator role and approver role are different.",
+    "manual_review_ack": "Acknowledge manual review is required before production apply."
+  },
+  "profiles": {
+    "business-user": {
+      "allow_execution_modes": ["suggestion"],
+      "base_required_steps": ["scope_confirmation"]
+    },
+    "system-maintainer": {
+      "allow_execution_modes": ["suggestion", "apply"],
+      "base_required_steps": ["scope_confirmation", "impact_confirmation", "rollback_confirmation"]
+    }
+  },
+  "environments": {
+    "dev": {
+      "require_ticket": false,
+      "require_password_for_apply": false,
+      "require_role_policy": false,
+      "require_distinct_actor_roles": false,
+      "require_manual_review_ack": false
+    },
+    "staging": {
+      "require_ticket": true,
+      "require_password_for_apply": true,
+      "require_role_policy": false,
+      "require_distinct_actor_roles": false,
+      "require_manual_review_ack": false
+    },
+    "prod": {
+      "require_ticket": true,
+      "require_password_for_apply": true,
+      "require_role_policy": true,
+      "require_distinct_actor_roles": true,
+      "require_manual_review_ack": true
+    }
+  }
+}

package/docs/interactive-customization/authorization-tier-policy-baseline.json

@@ -0,0 +1,46 @@
+{
+  "version": "1.0.0",
+  "defaults": {
+    "profile": "business-user"
+  },
+  "profiles": {
+    "business-user": {
+      "allow_execution_modes": [
+        "suggestion"
+      ],
+      "auto_execute_allowed": false,
+      "allow_live_apply": false
+    },
+    "system-maintainer": {
+      "allow_execution_modes": [
+        "suggestion",
+        "apply"
+      ],
+      "auto_execute_allowed": true,
+      "allow_live_apply": true
+    }
+  },
+  "environments": {
+    "dev": {
+      "require_secondary_authorization": false,
+      "require_password_for_apply": false,
+      "require_role_policy": false,
+      "require_distinct_actor_roles": false,
+      "manual_review_required_for_apply": false
+    },
+    "staging": {
+      "require_secondary_authorization": true,
+      "require_password_for_apply": true,
+      "require_role_policy": false,
+      "require_distinct_actor_roles": false,
+      "manual_review_required_for_apply": false
+    },
+    "prod": {
+      "require_secondary_authorization": true,
+      "require_password_for_apply": true,
+      "require_role_policy": true,
+      "require_distinct_actor_roles": true,
+      "manual_review_required_for_apply": true
+    }
+  }
+}

package/docs/interactive-customization/dialogue-governance-policy-baseline.json

@@ -1,6 +1,7 @@
 {
   "version": "1.0.0",
   "mode": "business-safe-assistant",
+  "default_profile": "business-user",
   "length_policy": {
     "min_chars": 12,
     "max_chars": 1200,
@@ -45,5 +46,41 @@
   "clarification_templates": [
     "What business metric should improve first (speed, accuracy, cost, compliance)?",
     "Which module/page should be changed first, and what must remain unchanged?"
-  ]
+  ],
+  "profiles": {
+    "business-user": {
+      "mode": "business-safe-assistant",
+      "response_rules": [
+        "Prefer business outcomes and measurable impact language over implementation details."
+      ]
+    },
+    "system-maintainer": {
+      "mode": "maintenance-safe-assistant",
+      "length_policy": {
+        "min_chars": 8,
+        "max_chars": 1600,
+        "min_significant_tokens": 3
+      },
+      "deny_patterns": [
+        {
+          "id": "prod-change-without-ticket",
+          "pattern": "\\b(prod|production)\\b[^.\\n]{0,120}\\b(without ticket|no ticket|skip ticket)\\b",
+          "reason": "production maintenance request is missing approved change ticket"
+        },
+        {
+          "id": "maintenance-no-rollback",
+          "pattern": "\\b(hotfix|patch|change|deploy)\\b[^.\\n]{0,120}\\b(without rollback|no rollback)\\b",
+          "reason": "maintenance request lacks rollback safeguard"
+        }
+      ],
+      "response_rules": [
+        "For maintenance requests, require change ticket, rollback plan, and approval role before execution.",
+        "If request targets production, require staged validation evidence first."
+      ],
+      "clarification_templates": [
+        "What is the approved change ticket id and rollback plan reference?",
+        "Which environment should run first (dev/staging/prod), and who is the approver role?"
+      ]
+    }
+  }
 }

package/docs/interactive-customization/dual-ui-mode-integration-guide.md

@@ -0,0 +1,92 @@
+# Dual UI Mode Integration Guide
+
+This guide maps two UI surfaces to SCE interactive governance behavior.
+
+## 1. Target Surfaces
+
+- `user-app`: end-user business operation UI.
+- `ops-console`: maintenance and new-requirement management UI.
+
+## 2. Default Governance Mapping
+
+- `user-app`
+  - Recommended dialogue profile: `business-user`
+  - Recommended execution mode: `suggestion`
+  - Apply intent is denied by authorization dialogue policy by default.
+- `ops-console`
+  - Recommended dialogue profile: `system-maintainer`
+  - Execution mode: `suggestion|apply` (subject to runtime/authorization-tier/approval gates)
+
+## 3. Runtime Integration Pattern
+
+Use the same backend flow and switch only mode/profile by surface:
+
+```bash
+# user-facing application UI
+sce scene interactive-flow \
+  --input <provider-payload.json> \
+  --goal "<business-goal>" \
+  --ui-mode user-app \
+  --dialogue-profile business-user \
+  --execution-mode suggestion \
+  --json
+
+# operations / maintenance console
+sce scene interactive-flow \
+  --input <provider-payload.json> \
+  --goal "<maintenance-goal>" \
+  --ui-mode ops-console \
+  --dialogue-profile system-maintainer \
+  --execution-mode apply \
+  --runtime-environment staging \
+  --auto-execute-low-risk \
+  --json
+```
+
+## 4. UI Rendering Contract
+
+Read these fields from loop/flow output:
+
+- `summary.ui_mode`
+- `summary.dialogue_authorization_decision`
+- `summary.authorization_tier_decision`
+- `summary.execution_block_reason_category`
+- `summary.execution_block_remediation_hint`
+
+Recommended rendering:
+
+- `dialogue_authorization_decision=deny`: block execute button and show guided fallback.
+- `dialogue_authorization_decision=review-required`: show review handoff panel.
+- `authorization_tier_decision=allow` and runtime/gate allow: enable guarded apply action.
+
+## 5. Runtime UI-Mode Contract (Default)
+
+`runtime-mode-policy-baseline.json` now includes `ui_modes` policy:
+
+- `user-app`
+  - `allow_execution_modes=["suggestion"]`
+  - `deny_execution_modes=["apply"]`
+  - Apply intents should switch to `ops-console`.
+- `ops-console`
+  - `allow_execution_modes=["suggestion","apply"]`
+  - Supports maintenance/apply flows with approval and authorization-tier gates.
+
+When evaluating runtime policy directly, pass `--ui-mode`:
+
+```bash
+node scripts/interactive-runtime-policy-evaluate.js \
+  --plan .kiro/reports/interactive-change-plan.generated.json \
+  --ui-mode user-app \
+  --runtime-mode ops-fix \
+  --runtime-environment staging \
+  --json
+```
+
+## 6. Audit and Compliance
+
+For both modes, persist:
+
+- work-order (`interactive-work-order.json|.md`)
+- approval events (`interactive-approval-events.jsonl`)
+- execution ledger (`interactive-execution-ledger.jsonl`)
+- authorization-tier signals (`interactive-authorization-tier-signals.jsonl`)