thevoidforge-methodology 23.5.2 → 23.5.4

package/.claude/commands/ai.md

@@ -30,7 +30,7 @@ Before agent deployment, run the Herald to select the optimal roster:
 **`--light`** skips the Herald entirely — uses only the command's hardcoded core roster.
 **`--solo`** skips both Herald and all sub-agents — lead agent only.
 
-## Phase 0 — AI Surface Map (`subagent_type: seldon-ai`)
+## Phase 0 — AI Surface Map (`subagent_type: Seldon`)
 
 Reconnaissance — find all AI integration points:
 1. Grep for LLM SDK imports (`anthropic`, `openai`, `@ai-sdk`, `langchain`)
@@ -43,22 +43,22 @@ Reconnaissance — find all AI integration points:
 
 Use the Agent tool to run all four in parallel:
 
-- **Agent 1** `subagent_type: salvor-model-selection` — Model selection: right model per call? Smaller/faster alternative? Latency budget met? Cost tracked?
-- **Agent 2** `subagent_type: gaal-prompt-arch` — Prompt architecture: structured, versioned, testable? System prompt separated? Output format specified? Edge cases? Few-shot?
-- **Agent 3** `subagent_type: hober-tool-schema` — Tool schemas: clear descriptions? Correct parameter types? Required vs optional? No overlapping tools? Return types documented?
-- **Agent 4** `subagent_type: bliss-ai-safety` — AI safety: prompt injection risk? PII in prompts? Output content safety? System prompt extractable? Jailbreak vectors?
+- **Agent 1** `subagent_type: Salvor Hardin` — Model selection: right model per call? Smaller/faster alternative? Latency budget met? Cost tracked?
+- **Agent 2** `subagent_type: Gaal Dornick` — Prompt architecture: structured, versioned, testable? System prompt separated? Output format specified? Edge cases? Few-shot?
+- **Agent 3** `subagent_type: Hober Mallow` — Tool schemas: clear descriptions? Correct parameter types? Required vs optional? No overlapping tools? Return types documented?
+- **Agent 4** `subagent_type: Bliss` — AI safety: prompt injection risk? PII in prompts? Output content safety? System prompt extractable? Jailbreak vectors?
 
 ## Phase 2 — Sequential Audits (7 agents)
 
 Run sequentially — each builds on the previous:
 
-- **Bel Riose** `subagent_type: bel-riose-orchestration` — Orchestration: completion/chain/agent loop/workflow? Reliability appropriate? Loops bounded? State persisted?
-- **The Mule** `subagent_type: mule-adversarial-ai` — Failure modes: hallucination, refusal, timeout, context overflow, API down. Fallback? Circuit breaker? Bounded retries?
-- **Ducem Barr** `subagent_type: ducem-token-economics` — Token economics: usage tracked? Caching? Context window efficient? System prompts deduplicated? Streaming?
-- **Bayta Darell** `subagent_type: bayta-evals` — Evaluation: golden datasets? Automated scoring? Regression suite for prompt changes? Quality degradation detection?
-- **Dors Venabili** `subagent_type: dors-observability` — Observability: trace logging? Inputs/outputs logged (PII-scrubbed)? Latency tracked? Quality scores?
-- **Janov Pelorat** `subagent_type: janov-context-eng` — Context engineering: RAG retrieval relevance? Embedding dimensionality? Chunking strategy?
-- **R. Daneel Olivaw** `subagent_type: daneel-model-migration` — Versioning: behavior change on model updates? Prompts pinned? Migration strategy?
+- **Bel Riose** `subagent_type: Bel Riose` — Orchestration: completion/chain/agent loop/workflow? Reliability appropriate? Loops bounded? State persisted?
+- **The Mule** `subagent_type: The Mule` — Failure modes: hallucination, refusal, timeout, context overflow, API down. Fallback? Circuit breaker? Bounded retries?
+- **Ducem Barr** `subagent_type: Ducem Barr` — Token economics: usage tracked? Caching? Context window efficient? System prompts deduplicated? Streaming?
+- **Bayta Darell** `subagent_type: Bayta Darell` — Evaluation: golden datasets? Automated scoring? Regression suite for prompt changes? Quality degradation detection?
+- **Dors Venabili** `subagent_type: Dors Venabili` — Observability: trace logging? Inputs/outputs logged (PII-scrubbed)? Latency tracked? Quality scores?
+- **Janov Pelorat** `subagent_type: Janov Pelorat` — Context engineering: RAG retrieval relevance? Embedding dimensionality? Chunking strategy?
+- **R. Daneel Olivaw** `subagent_type: R. Daneel Olivaw` — Versioning: behavior change on model updates? Prompts pinned? Migration strategy?
 
 ## Phase 3 — Remediate
 
@@ -66,7 +66,7 @@ Fix all Critical and High findings. Use the standard finding format with confide
 
 ## Phase 4 — Re-Verify
 
-**The Mule** `subagent_type: mule-adversarial-ai` + **Wanda Seldon** `subagent_type: wanda-seldon-validation` re-probe all remediated areas. Wanda validates structured outputs. The Mule attempts adversarial bypass of fixes.
+**The Mule** `subagent_type: The Mule` + **Wanda Seldon** `subagent_type: Wanda Seldon` re-probe all remediated areas. Wanda validates structured outputs. The Mule attempts adversarial bypass of fixes.
 
 ## Arguments
 - `--focus "topic"` → Bias Herald toward topic (natural-language, additive)

package/.claude/commands/architect.md

@@ -8,7 +8,7 @@ Opus scans `git diff --stat` and matches changed files against the `description`
 
 **Dispatch control:** `--light` skips dynamic dispatch (core only). `--solo` runs lead agent only.
 
-**Promoted agent:** **Riker** `subagent_type: riker-review` runs on every ADR written — challenges trade-offs.
+**Promoted agent:** **Riker** `subagent_type: Riker` runs on every ADR written — challenges trade-offs.
 
 ## Herald Pre-Scan (ADR-047)
 
@@ -35,12 +35,12 @@ Before any deep analysis, scan the PRD frontmatter for structural contradictions
 
 ## Agent Deployment Manifest
 
-**Lead:** `subagent_type: picard-architecture`
+**Lead:** `subagent_type: Picard`
 **Full bridge crew:** `spock-schema`, `uhura-integration`, `worf-security-arch`, `tuvok-deep-current`, `scotty-infrastructure`, `kim-api-design`, `janeway-novel-arch`, `torres-site-scanner`, `la-forge-reliability`, `data-tech-debt`, `crusher-diagnostics`, `archer-greenfield`, `pike-bold-decisions`, `riker-review`, `troi-prd-compliance`
 
 ## Step 0 — System Discovery
-- **Crusher** `subagent_type: crusher-diagnostics` — System health baseline: test coverage, build time, dependency age, code complexity.
-- **Archer** `subagent_type: archer-greenfield` — (greenfield only) Initial directory structure, module boundaries, naming conventions.
+- **Crusher** `subagent_type: Crusher` — System health baseline: test coverage, build time, dependency age, code complexity.
+- **Archer** `subagent_type: Archer` — (greenfield only) Initial directory structure, module boundaries, naming conventions.
 
 Produce: system identity, component inventory, data flow diagram (ASCII), dependency graph.
 Write to `/logs/` (phase-00 if during orient, or a dedicated architecture log).
@@ -48,31 +48,31 @@ Write to `/logs/` (phase-00 if during orient, or a dedicated architecture log).
 ## Step 1 — Parallel Analysis
 Use the Agent tool to run these in parallel — they are independent analysis tasks:
 
-- **Agent 1** `subagent_type: spock-schema` — Schema review: normalization, index/query alignment, nullable fields, audit fields, PII isolation, data lifecycle, backup/recovery.
-- **Agent 2** `subagent_type: uhura-integration` — Integration review: service inventory (purpose, failure mode, fallback, cost, lock-in), API version pinning, response validation, abstraction layers.
-- **Agent 3** `subagent_type: worf-security-arch` — Security implications of architectural decisions: PII colocation, unauthenticated internal state access, permissive service boundaries. Audits *design*, not code.
-- **Agent 4** `subagent_type: tuvok-deep-current` — Security architecture: auth flow design, token storage, session architecture, encryption at rest vs in transit. Where Worf flags implications, Tuvok designs solutions.
+- **Agent 1** `subagent_type: Spock` — Schema review: normalization, index/query alignment, nullable fields, audit fields, PII isolation, data lifecycle, backup/recovery.
+- **Agent 2** `subagent_type: Uhura` — Integration review: service inventory (purpose, failure mode, fallback, cost, lock-in), API version pinning, response validation, abstraction layers.
+- **Agent 3** `subagent_type: Worf` — Security implications of architectural decisions: PII colocation, unauthenticated internal state access, permissive service boundaries. Audits *design*, not code.
+- **Agent 4** `subagent_type: Tuvok` — Security architecture: auth flow design, token storage, session architecture, encryption at rest vs in transit. Where Worf flags implications, Tuvok designs solutions.
 
 Synthesize findings from all four agents.
 
 ## Step 2 — Service Architecture + API Design
-- **Scotty** `subagent_type: scotty-infrastructure` — Boundary assessment, monolith vs services, async vs sync decisions.
-- **Kim** `subagent_type: kim-api-design` — API surface review: REST conventions, error shapes, pagination, versioning.
-- **Janeway** `subagent_type: janeway-novel-arch` — (conditional) When standard monolith doesn't fit: event-sourcing, CQRS, serverless, edge computing.
+- **Scotty** `subagent_type: Scotty` — Boundary assessment, monolith vs services, async vs sync decisions.
+- **Kim** `subagent_type: Kim` — API surface review: REST conventions, error shapes, pagination, versioning.
+- **Janeway** `subagent_type: Janeway` — (conditional) When standard monolith doesn't fit: event-sourcing, CQRS, serverless, edge computing.
 - Informed by Spock's schema, Uhura's integrations, and Worf/Tuvok's security findings.
 
 ## Step 3 — Scaling + Performance
-- **Scotty** `subagent_type: scotty-infrastructure` — First bottleneck identification, three-tier scaling plan (current → 10x vertical → 100x horizontal), cost estimates.
-- **Torres** `subagent_type: torres-site-scanner` — Performance architecture: N+1 patterns, missing indexes, connection pool sizing, caching strategy gaps.
+- **Scotty** `subagent_type: Scotty` — First bottleneck identification, three-tier scaling plan (current → 10x vertical → 100x horizontal), cost estimates.
+- **Torres** `subagent_type: Torres` — Performance architecture: N+1 patterns, missing indexes, connection pool sizing, caching strategy gaps.
 
 ## Step 4 — Parallel Analysis
 Use the Agent tool to run these in parallel — they are independent analysis tasks:
 
-- **Agent 1** `subagent_type: la-forge-reliability` — Failure analysis: for each component, answer "What happens when this fails?" (DB down, cache down, API down, worker crash).
-- **Agent 2** `subagent_type: data-tech-debt` — Tech debt catalog: wrong/missing abstraction, premature optimization, deferred decisions, dependency debt, documentation debt. Severity table with impact/risk/effort/urgency.
+- **Agent 1** `subagent_type: La Forge` — Failure analysis: for each component, answer "What happens when this fails?" (DB down, cache down, API down, worker crash).
+- **Agent 2** `subagent_type: Data` — Tech debt catalog: wrong/missing abstraction, premature optimization, deferred decisions, dependency debt, documentation debt. Severity table with impact/risk/effort/urgency.
 
 ## Step 5 — ADRs + Decision Review
-Write Architecture Decision Records to `/docs/adrs/` for every non-obvious choice. After writing, **Riker** `subagent_type: riker-review` reviews: challenges trade-offs, verifies alternatives were truly considered, checks for second-order effects.
+Write Architecture Decision Records to `/docs/adrs/` for every non-obvious choice. After writing, **Riker** `subagent_type: Riker` reviews: challenges trade-offs, verifies alternatives were truly considered, checks for second-order effects.
 ```
 # ADR-001: [Title]
 ## Status: Accepted

package/.claude/commands/assemble.md

@@ -147,10 +147,10 @@ Run the full `/test` protocol. Write missing unit tests, integration tests, and
 
 Use the Agent tool to run these in parallel — all are adversarial, read-only analysis:
 
-- `subagent_type: maul-red-team` — attacks code that passed /review. Looks for exploits in "clean" code.
-- `subagent_type: deathstroke-adversarial` — probes endpoints that /security hardened. Tests if remediations can be bypassed.
-- `subagent_type: loki-chaos` — chaos-tests features that /qa cleared. Finds what breaks under unexpected conditions.
-- `subagent_type: constantine-cursed-code` — hunts cursed code in FIXED areas specifically. Code that works by accident.
+- `subagent_type: Maul` — attacks code that passed /review. Looks for exploits in "clean" code.
+- `subagent_type: Deathstroke` — probes endpoints that /security hardened. Tests if remediations can be bypassed.
+- `subagent_type: Loki` — chaos-tests features that /qa cleared. Finds what breaks under unexpected conditions.
+- `subagent_type: Constantine` — hunts cursed code in FIXED areas specifically. Code that works by accident.
 
 Synthesize findings. **Conflict detection:** If any two agents produce conflicting findings on the same code (one says "fix," another says "by design" or "not exploitable"), trigger the debate protocol instead of listing both. See SUB_AGENTS.md "Agent Debate Protocol": Agent A states finding → Agent B responds → Agent A rebuts → Arbiter (Picard or user) decides. 3 exchanges max. Log the debate transcript as an ADR. Fix all Must Fix items. If any fixes were applied, re-run the four agents on the fixed areas only.
 
@@ -161,11 +161,11 @@ Synthesize findings. **Conflict detection:** If any two agents produce conflicti
 
 Use the Agent tool to run these in parallel:
 
-- `subagent_type: spock-schema` — Did any security/QA/UX fix break code patterns or quality?
-- `subagent_type: ahsoka-access-control` — Did any review/QA fix introduce access control gaps?
-- `subagent_type: nightwing-regression` — Did any fix cause a regression? Run the full test suite.
-- `subagent_type: samwise-accessibility` — Did any fix break accessibility?
-- `subagent_type: troi-prd-compliance` — PRD compliance: read the PRD prose section-by-section, verify every claim against the implementation. Not just "does the route exist?" but "does the component render what the PRD describes?" Check numeric claims, visual treatments, copy accuracy. Flag asset gaps as BLOCKED. (Troi runs on the final Council iteration, or always when `--skip-build` is used for campaign victory gates.)
+- `subagent_type: Spock` — Did any security/QA/UX fix break code patterns or quality?
+- `subagent_type: Ahsoka` — Did any review/QA fix introduce access control gaps?
+- `subagent_type: Nightwing` — Did any fix cause a regression? Run the full test suite.
+- `subagent_type: Samwise` — Did any fix break accessibility?
+- `subagent_type: Troi` — PRD compliance: read the PRD prose section-by-section, verify every claim against the implementation. Not just "does the route exist?" but "does the component render what the PRD describes?" Check numeric claims, visual treatments, copy accuracy. Flag asset gaps as BLOCKED. (Troi runs on the final Council iteration, or always when `--skip-build` is used for campaign victory gates.)
 
 **Conflict detection:** If Council members disagree (e.g., Spock says a fix broke patterns but Ahsoka says it's necessary for access control), trigger the debate protocol. Do not list both opinions — resolve via debate. Arbiter: Picard for code/architecture conflicts, Troi for PRD compliance conflicts.
 

package/.claude/commands/assess.md

@@ -40,8 +40,8 @@ Run `/gauntlet --assess` — Rounds 1-2 only (Discovery + First Strike). No fix
 
 ### Step 3 — PRD Gap Analysis
 If a PRD exists:
-1. **Dax** `subagent_type: dax-legacy-wisdom` diffs PRD requirements against implemented features (structural + semantic)
-2. **Troi** `subagent_type: troi-prd-compliance` reads PRD prose section-by-section and verifies claims against reality
+1. **Dax** `subagent_type: Dax` diffs PRD requirements against implemented features (structural + semantic)
+2. **Troi** `subagent_type: Troi` reads PRD prose section-by-section and verifies claims against reality
 3. Check for YAML frontmatter — if missing, flag it (see CAMPAIGN.md Step 1)
 
 If no PRD exists:

package/.claude/commands/build.md

@@ -7,8 +7,8 @@ Opus scans `git diff --stat` and matches changed files against the `description`
 **Dispatch control:** `--light` skips dynamic dispatch (core only). `--solo` runs lead agent only.
 
 **Promoted agents:**
-- **Troi** `subagent_type: troi-prd-compliance` runs after every build mission completion — catches PRD drift before it compounds.
-- **Riker** `subagent_type: riker-review` runs whenever an ADR is written during the build — prevents rubber-stamped decisions.
+- **Troi** `subagent_type: Troi` runs after every build mission completion — catches PRD drift before it compounds.
+- **Riker** `subagent_type: Riker` runs whenever an ADR is written during the build — prevents rubber-stamped decisions.
 
 ## Herald Pre-Scan (ADR-047)
 
@@ -36,7 +36,7 @@ Before agent deployment, run the Herald to select the optimal roster:
 4. Extract from PRD: tech stack, database schema, API routes, page routes, integrations, env vars
 5. Read `/docs/LESSONS.md` — check for relevant lessons from previous projects. If any lessons match this project's tech stack (framework, database, auth, integrations), note them: "Lessons from prior builds: [list relevant ones]." These inform later phases — e.g., if a lesson says "React useEffect render loops escape review," trace render cycles proactively in Phase 4+.
 6. Flag any gaps or ambiguities — list them explicitly, don't guess
-7. **Troi** `subagent_type: troi-prd-compliance` confirms PRD extraction: reads the PRD prose and verifies the extraction matches — catches misinterpretations before 8+ build phases propagate them.
+7. **Troi** `subagent_type: Troi` confirms PRD extraction: reads the PRD prose and verifies the extraction matches — catches misinterpretations before 8+ build phases propagate them.
 8. **Save PRD snapshot:** Copy `/docs/PRD.md` to `/docs/PRD-snapshot-phase0.md`. This is the baseline for drift detection — the Living PRD feature compares the evolving PRD against this snapshot at phase gates and at Victory.
 9. Write initial ADRs to `/docs/adrs/`
 10. Create `/logs/build-state.md` and `/logs/phase-00-orient.md` with extraction results + relevant lessons
@@ -125,6 +125,9 @@ Before agent deployment, run the Herald to select the optimal roster:
 ## Phase 12.5 — Wong's Pattern Usage Log
 After build and before launch, log which patterns were used: pattern name, framework adaptation, custom mods. Store in `docs/pattern-usage.json`. Feeds Wong's promotion analysis in `/debrief`.
 
+## Phase 12.75 — Distribution Verification Gate
+If this build introduces a new shared file category (e.g., `.claude/agents/`, new patterns subdirectory), verify ALL 6 consumption paths include it: prepack.sh, copy-assets.sh, project-init.ts, updater.ts, FORGE_KEEPER.md, void.md. Missing one path = users silently miss the feature. (Field report #297.)
+
 ## Phase 13 — Launch (All agents)
 1. Full checklist: SSL, email, payments, analytics, monitoring, backups, security headers, legal, performance, mobile, accessibility, all tests passing
 2. Log final status to `/logs/phase-13-launch.md`

package/.claude/commands/campaign.md

@@ -33,12 +33,12 @@ If `$ARGUMENTS` contains `--plan`, skip execution and update the plan instead:
 
 1. Read the current PRD (`/PRD-VOIDFORGE.md` or `/docs/PRD.md`) and `ROADMAP.md` (if it exists)
 2. Parse what the user wants to add from `$ARGUMENTS` (everything after `--plan`)
-3. **Dax** (`subagent_type: dax-legacy-wisdom`) **analyzes** where it fits:
+3. **Dax** (`subagent_type: Dax`) **analyzes** where it fits:
    - Is it a new feature? → Add to the PRD under the right section (Core Features, Integrations, etc.)
    - Is it a bug fix or improvement? → Add to ROADMAP.md under the appropriate version
    - Is it a new version-worth of work? → Create a new version section in ROADMAP.md
    - Does it change priorities? → Reorder the roadmap accordingly
-4. **Odo** (`subagent_type: odo-structural-anomaly`) **checks** dependencies: does this new item depend on something not yet built? Flag it.
+4. **Odo** (`subagent_type: Odo`) **checks** dependencies: does this new item depend on something not yet built? Flag it.
 5. Present the proposed changes to the user for review before writing
 6. On confirmation, write the updates to the PRD and/or ROADMAP.md
 7. Do NOT start building — planning mode only updates the plan
@@ -70,7 +70,7 @@ Before agent deployment, run the Herald to select the optimal roster:
 
 ## Execution Mode (default)
 
-## Step 0 — Kira's Operational Reconnaissance (`subagent_type: kira-pragmatic`)
+## Step 0 — Kira's Operational Reconnaissance (`subagent_type: Kira`)
 
 Check for unfinished business:
 
@@ -100,9 +100,9 @@ If vault exists and `.env` is sparse (missing keys that the vault has):
 1. Run `voidforge deploy --env-only` to write vault credentials to `.env`
 2. In `--blitz` mode: auto-run without confirmation
 3. In normal mode: show what will be written, ask for confirmation
-4. This runs BEFORE Dax's (`subagent_type: dax-legacy-wisdom`) full analysis so the populated `.env` is visible
+4. This runs BEFORE Dax's (`subagent_type: Dax`) full analysis so the populated `.env` is visible
 
-## Step 1 — Dax's Strategic Analysis (`subagent_type: dax-legacy-wisdom`)
+## Step 1 — Dax's Strategic Analysis (`subagent_type: Dax`)
 
 Read the PRD and diff against the codebase:
 
@@ -113,7 +113,7 @@ Read the PRD and diff against the codebase:
 5. **Classify every requirement by type:** Code (buildable), Asset (needs external generation — images, illustrations, OG cards), Copy (text accuracy), Infrastructure (DNS, env vars, dashboards)
 6. Diff: what the PRD describes vs. what's implemented — **structural AND semantic** (not just "does the route exist?" but "does the component render what the PRD describes?")
 7. Produce the ordered mission list — each mission is 1-3 PRD sections, scoped to be buildable in one `/assemble` run
-8. **Pike** (`subagent_type: pike-bold-decisions`) **challenges the ordering:** "Should we attempt a harder mission first while context is fresh?" Bold counterbalance to Dax's dependency-based ordering. If Pike's argument is stronger, reorder.
+8. **Pike** (`subagent_type: Pike`) **challenges the ordering:** "Should we attempt a harder mission first while context is fresh?" Bold counterbalance to Dax's dependency-based ordering. If Pike's argument is stronger, reorder.
 9. **Separately list BLOCKED items** — asset/infrastructure requirements that code can't satisfy
 
 **Priority cascade:**
@@ -124,7 +124,7 @@ Read the PRD and diff against the codebase:
 5. Skip sections flagged as no/none in frontmatter
 6. Asset/infrastructure requirements → flag as BLOCKED, don't include in code missions
 
-## Step 2 — Odo's Prerequisite Check (`subagent_type: odo-structural-anomaly`)
+## Step 2 — Odo's Prerequisite Check (`subagent_type: Odo`)
 
 For the next mission on the list:
 - Are dependencies met? (e.g., Payments needs Auth)
@@ -160,7 +160,7 @@ On confirmation (or immediately in `--blitz` mode):
 2. If `$ARGUMENTS` includes `--fast`, pass `--fast` to assemble (skip Crossfire + Council). Note: `--blitz` does NOT imply `--fast`.
 3. Monitor for context pressure symptoms (re-reading files, forgetting decisions). If noticed, ask user to run `/context` — only checkpoint if usage exceeds 70%.
 
-## Step 4.5 — Gauntlet Checkpoint (`subagent_type: thanos-gauntlet`)
+## Step 4.5 — Gauntlet Checkpoint (`subagent_type: Thanos`)
 
 After every 4th mission (missions 4, 8, 12, etc.), run a Gauntlet checkpoint before continuing:
 
@@ -192,13 +192,13 @@ After `/assemble` completes:
 
 **Context pressure check:** Do NOT checkpoint based on mission count. Check actual context usage via `/context`. Only checkpoint when usage exceeds 70% (~700k tokens). Never pause a blitz based on mission count alone.
 
-## Step 6 — Victory Condition (Gauntlet + Troi's Compliance Check) (`subagent_type: troi-prd-compliance`)
+## Step 6 — Victory Condition (Gauntlet + Troi's Compliance Check) (`subagent_type: Troi`)
 
 All PRD requirements are COMPLETE or explicitly BLOCKED:
 
 1. **Run `/gauntlet` (full 5 rounds)** — mandatory final Gauntlet on the complete codebase. This is non-negotiable, even with `--fast`. The Gauntlet tests the combined system across all domains: architecture, code review, UX, security, QA, DevOps, adversarial crossfire, and council convergence. Individual `/assemble` runs review one mission at a time; the Gauntlet reviews everything together.
 2. **Fix all Critical and High findings** from the Gauntlet.
-3. **Troi** (`subagent_type: troi-prd-compliance`) **reads the PRD section-by-section** (runs as part of the Gauntlet Council round) — verifies every prose claim against the implementation. Not just "does the route exist?" but "does the component render what the PRD describes?" Checks numeric claims, visual treatments, copy accuracy, asset gaps.
+3. **Troi** (`subagent_type: Troi`) **reads the PRD section-by-section** (runs as part of the Gauntlet Council round) — verifies every prose claim against the implementation. Not just "does the route exist?" but "does the component render what the PRD describes?" Checks numeric claims, visual treatments, copy accuracy, asset gaps.
 4. Fix code discrepancies. Flag asset requirements as BLOCKED.
 5. Report: COMPLETE items, BLOCKED items (with reasons), deviations from PRD
 6. Victory only if: Gauntlet Council signs off AND user acknowledges all BLOCKED items

package/.claude/commands/debrief.md

@@ -7,7 +7,7 @@ Bashir examines the patient. Time to diagnose.
 
 ## Step 0 — Reconstruct the Timeline
 
-**Ezri** `subagent_type: ezri-session-analyst` reads the session's history and reconstructs what happened:
+**Ezri** `subagent_type: Ezri` reads the session's history and reconstructs what happened:
 
 1. Read all `/logs/` files — build state, assemble state, campaign state, phase logs
 2. Read `git log` — all commits from this session/campaign
@@ -20,7 +20,7 @@ Default: auto-detect scope from available logs.
 
 ## Step 1 — Investigate Root Causes
 
-**O'Brien** `subagent_type: obrien-root-cause` investigates. For each failure, difficulty, or retry identified by Ezri:
+**O'Brien** `subagent_type: O'Brien` investigates. For each failure, difficulty, or retry identified by Ezri:
 
 Classify the root cause:
 - **Methodology gap** — missing step, wrong order, blind spot in the protocol
@@ -34,7 +34,7 @@ Map each root cause to the VoidForge component responsible (which command, which
 
 ## Step 2 — Propose Solutions
 
-**Nog** `subagent_type: nog-solutions` proposes a fix for each root cause that works within VoidForge's existing framework:
+**Nog** `subagent_type: Nog` proposes a fix for each root cause that works within VoidForge's existing framework:
 
 - New agent? → name it from the correct universe, define the role
 - New step in existing command? → specify where it goes in the sequence
@@ -56,7 +56,7 @@ Approved entries written to `docs/LEARNINGS.md` (created on first use). Hard cap
 
 ## Step 2.5b — Promotion Analysis
 
-After extraction, **Wong** `subagent_type: wong-documentation` checks `docs/LESSONS.md` for lesson clusters AND checks `docs/LEARNINGS.md` for promotable entries (appeared in 2+ projects):
+After extraction, **Wong** `subagent_type: Wong` checks `docs/LESSONS.md` for lesson clusters AND checks `docs/LEARNINGS.md` for promotable entries (appeared in 2+ projects):
 - If 3+ lessons share the same category AND target the same method doc → Wong drafts a specific method doc update
 - Present for user approval: "Wong recommends promoting these lessons into [method doc] [section]: [proposed text]. Approve?"
 - If approved: apply the change, mark lessons as "Promoted to: [doc]" in LESSONS.md
@@ -64,7 +64,7 @@ After extraction, **Wong** `subagent_type: wong-documentation` checks `docs/LESS
 
 ## Step 3 — Write the Report
 
-**Jake** `subagent_type: jake-reporter` produces a structured post-mortem:
+**Jake** `subagent_type: Jake` produces a structured post-mortem:
 
 ```markdown
 # Field Report — [Project Name]

package/.claude/commands/devops.md

@@ -28,27 +28,27 @@ Before agent deployment, run the Herald to select the optimal roster:
 
 ## Agent Deployment Manifest
 
-**Lead:** Kusanagi (`subagent_type: kusanagi-devops`)
+**Lead:** Kusanagi (`subagent_type: Kusanagi`)
 
 **Core team (always deployed):**
-- **Senku** (`subagent_type: senku-provisioning`) — provisioning: server setup, dependencies, runtime, idempotent scripts
-- **Levi** (`subagent_type: levi-deploy`) — deployment: process management, zero-downtime, rollback scripts
-- **Spike** (`subagent_type: spike-routing`) — networking: reverse proxy, DNS, TLS, firewall, CORS headers
+- **Senku** (`subagent_type: Senku`) — provisioning: server setup, dependencies, runtime, idempotent scripts
+- **Levi** (`subagent_type: Levi`) — deployment: process management, zero-downtime, rollback scripts
+- **Spike** (`subagent_type: Spike`) — networking: reverse proxy, DNS, TLS, firewall, CORS headers
 - **L** — monitoring: health checks, uptime, alerting, log aggregation (honorary — no agent definition)
-- **Bulma** (`subagent_type: bulma-engineering`) — backup: database dumps, file backup, retention, restore testing
+- **Bulma** (`subagent_type: Bulma`) — backup: database dumps, file backup, retention, restore testing
 - **Holo** — cost: resource sizing, instance selection, cost estimation, optimization (honorary — no agent definition)
 
 **Extended team (deployed on full infra reviews):**
-- **Valkyrie** (`subagent_type: valkyrie-recovery`) — disaster recovery: failover, data center redundancy, RTO/RPO
-- **Vegeta** (`subagent_type: vegeta-monitoring`) — scaling: horizontal scaling, load balancing, auto-scaling policies
-- **Trunks** (`subagent_type: trunks-rollback`) — migration: database migration strategy, zero-downtime schema changes
-- **Mikasa** (`subagent_type: mikasa-protection`) — security hardening: SSH config, fail2ban, unattended upgrades
-- **Erwin** (`subagent_type: erwin-strategy`) — strategy: multi-environment management, staging/production parity
-- **Mustang** (`subagent_type: mustang-cleanup`) — orchestration: Docker Compose, container networking, service discovery
-- **Olivier** (`subagent_type: olivier-hardening`) — cold region: CDN configuration, edge caching, geographic distribution
-- **Hughes** (`subagent_type: hughes-observability`) — documentation: runbook writing, infrastructure diagrams, onboarding docs
-- **Calcifer** (`subagent_type: calcifer-daemon`) — energy: resource efficiency, idle scaling, sleep/wake optimization
-- **Duo** (`subagent_type: duo-teardown`) — CI/CD: GitHub Actions, pipeline design, automated testing in deploy
+- **Valkyrie** (`subagent_type: Valkyrie`) — disaster recovery: failover, data center redundancy, RTO/RPO
+- **Vegeta** (`subagent_type: Vegeta`) — scaling: horizontal scaling, load balancing, auto-scaling policies
+- **Trunks** (`subagent_type: Trunks`) — migration: database migration strategy, zero-downtime schema changes
+- **Mikasa** (`subagent_type: Mikasa`) — security hardening: SSH config, fail2ban, unattended upgrades
+- **Erwin** (`subagent_type: Erwin`) — strategy: multi-environment management, staging/production parity
+- **Mustang** (`subagent_type: Mustang`) — orchestration: Docker Compose, container networking, service discovery
+- **Olivier** (`subagent_type: Olivier`) — cold region: CDN configuration, edge caching, geographic distribution
+- **Hughes** (`subagent_type: Hughes`) — documentation: runbook writing, infrastructure diagrams, onboarding docs
+- **Calcifer** (`subagent_type: Calcifer`) — energy: resource efficiency, idle scaling, sleep/wake optimization
+- **Duo** (`subagent_type: Duo`) — CI/CD: GitHub Actions, pipeline design, automated testing in deploy
 
 ## Deploy Target Branching
 

package/.claude/commands/gauntlet.md

@@ -36,11 +36,11 @@ Before agent deployment, run the Herald to select the optimal roster:
 
 Use the Agent tool to run all five in parallel — these are read-only analysis:
 
-- **Agent 1** `subagent_type: picard-architecture` — Schema review, service boundaries, dependency graph, scaling assessment. Read the full `/architect` protocol but produce findings only (no ADRs — this is review, not design).
-- **Agent 2** `subagent_type: stark-backend` — Pattern compliance, logic errors, type safety, cross-module data flow tracing. Read `/review` protocol. One pass across all source files.
-- **Agent 3** `subagent_type: galadriel-frontend` — Product surface map, usability walkthrough (Step 1.5), Éowyn's enchantment scan (Step 1.75). No fixes yet — discovery only.
-- **Agent 4** `subagent_type: kenobi-security` — List all endpoints, WebSocket handlers, file I/O, credential access points, user input parsing. Classify each by risk tier. No deep audit yet — just the map.
-- **Agent 5** `subagent_type: kusanagi-devops` — Scan deploy scripts, generated configs, provisioning scripts, CI/CD templates. Classify each by risk: hardcoded credentials, open ports, missing auth on generated services. No deep audit yet — just the map.
+- **Agent 1** `subagent_type: Picard` — Schema review, service boundaries, dependency graph, scaling assessment. Read the full `/architect` protocol but produce findings only (no ADRs — this is review, not design).
+- **Agent 2** `subagent_type: Stark` — Pattern compliance, logic errors, type safety, cross-module data flow tracing. Read `/review` protocol. One pass across all source files.
+- **Agent 3** `subagent_type: Galadriel` — Product surface map, usability walkthrough (Step 1.5), Éowyn's enchantment scan (Step 1.75). No fixes yet — discovery only.
+- **Agent 4** `subagent_type: Kenobi` — List all endpoints, WebSocket handlers, file I/O, credential access points, user input parsing. Classify each by risk tier. No deep audit yet — just the map.
+- **Agent 5** `subagent_type: Kusanagi` — Scan deploy scripts, generated configs, provisioning scripts, CI/CD templates. Classify each by risk: hardcoded credentials, open ports, missing auth on generated services. No deep audit yet — just the map.
 
 Synthesize all five into a unified findings list. Log to `/logs/gauntlet-round-1.md`.
 
@@ -50,10 +50,10 @@ Synthesize all five into a unified findings list. Log to `/logs/gauntlet-round-1
 
 Use the Agent tool to run all four in parallel — full domain audits:
 
-- **Agent 1** `subagent_type: batman-qa` — Run the complete `/qa` protocol. Oracle + Red Hood + Alfred + Deathstroke + Constantine + Nightwing + Lucius. Every edge case, every error state, every boundary.
-- **Agent 2** `subagent_type: galadriel-frontend` — Run the complete `/ux` protocol. Elrond + Arwen + Samwise + Bilbo + Legolas + Gimli + Radagast + Éowyn. Usability, visual, a11y, copy, performance, edge cases, enchantment.
-- **Agent 3** `subagent_type: kenobi-security` — Run the complete `/security` protocol. Leia + Chewie + Rex + Maul parallel scans, then Yoda → Windu → Ahsoka → Padmé sequential audits.
-- **Agent 4** `subagent_type: stark-backend` — For every API endpoint, trace the full data path: client request → validation → service → database → response. For every file upload, trace: upload → storage → retrieval → display. For every credential, trace: entry → vault → usage → cleanup.
+- **Agent 1** `subagent_type: Batman` — Run the complete `/qa` protocol. Oracle + Red Hood + Alfred + Deathstroke + Constantine + Nightwing + Lucius. Every edge case, every error state, every boundary.
+- **Agent 2** `subagent_type: Galadriel` — Run the complete `/ux` protocol. Elrond + Arwen + Samwise + Bilbo + Legolas + Gimli + Radagast + Éowyn. Usability, visual, a11y, copy, performance, edge cases, enchantment.
+- **Agent 3** `subagent_type: Kenobi` — Run the complete `/security` protocol. Leia + Chewie + Rex + Maul parallel scans, then Yoda → Windu → Ahsoka → Padmé sequential audits.
+- **Agent 4** `subagent_type: Stark` — For every API endpoint, trace the full data path: client request → validation → service → database → response. For every file upload, trace: upload → storage → retrieval → display. For every credential, trace: entry → vault → usage → cleanup.
 
 Merge all findings. Deduplicate across domains.
 
@@ -76,10 +76,10 @@ This catches runtime bugs invisible to static analysis: IPv6 binding, native mod
 
 Use the Agent tool to run all four in parallel — targeted re-verification:
 
-- **Agent 1** `subagent_type: batman-qa` — Nightwing re-runs the test suite. Red Hood re-probes fixed areas. Deathstroke tests new boundaries created by the fixes. Focus on regressions.
-- **Agent 2** `subagent_type: galadriel-frontend` — Samwise re-audits a11y on all modified components. Radagast re-checks edge cases on fixed flows. Bilbo re-checks microcopy on any changed UI.
-- **Agent 3** `subagent_type: kenobi-security` — Maul re-probes all remediated vulnerabilities. Ahsoka verifies access control across every role boundary. Padmé verifies the primary user flow still works (critical path smoke test).
-- **Agent 4** `subagent_type: kusanagi-devops` — Run the complete `/devops` protocol with full team: Senku (provisioning), Levi (deploy), Spike (networking), L (monitoring), Bulma (backup), Holo (cost), Valkyrie (disaster recovery). Deploy scripts, monitoring, backups, health checks, page weight gate, security headers.
+- **Agent 1** `subagent_type: Batman` — Nightwing re-runs the test suite. Red Hood re-probes fixed areas. Deathstroke tests new boundaries created by the fixes. Focus on regressions.
+- **Agent 2** `subagent_type: Galadriel` — Samwise re-audits a11y on all modified components. Radagast re-checks edge cases on fixed flows. Bilbo re-checks microcopy on any changed UI.
+- **Agent 3** `subagent_type: Kenobi` — Maul re-probes all remediated vulnerabilities. Ahsoka verifies access control across every role boundary. Padmé verifies the primary user flow still works (critical path smoke test).
+- **Agent 4** `subagent_type: Kusanagi` — Run the complete `/devops` protocol with full team: Senku (provisioning), Levi (deploy), Spike (networking), L (monitoring), Bulma (backup), Holo (cost), Valkyrie (disaster recovery). Deploy scripts, monitoring, backups, health checks, page weight gate, security headers.
 
 **→ FIX BATCH 2:** Fix remaining findings.
 
@@ -89,11 +89,11 @@ Use the Agent tool to run all four in parallel — targeted re-verification:
 
 Use the Agent tool to run all five in parallel — pure adversarial:
 
-- `subagent_type: maul-red-team` — Attacks code that passed /review. Looks for exploits in "clean" code.
-- `subagent_type: deathstroke-adversarial` — Probes endpoints that /security hardened. Tests if remediations can be bypassed.
-- `subagent_type: loki-chaos` — Chaos-tests features that /qa cleared. What breaks under unexpected conditions?
-- `subagent_type: constantine-cursed-code` — Hunts cursed code in FIXED areas specifically. Code that only works by accident.
-- `subagent_type: eowyn-delight` — Final enchantment pass on the polished, hardened product. Where can delight still be added without compromising security or stability?
+- `subagent_type: Maul` — Attacks code that passed /review. Looks for exploits in "clean" code.
+- `subagent_type: Deathstroke` — Probes endpoints that /security hardened. Tests if remediations can be bypassed.
+- `subagent_type: Loki` — Chaos-tests features that /qa cleared. What breaks under unexpected conditions?
+- `subagent_type: Constantine` — Hunts cursed code in FIXED areas specifically. Code that only works by accident.
+- `subagent_type: Eowyn` — Final enchantment pass on the polished, hardened product. Where can delight still be added without compromising security or stability?
 
 **→ FIX BATCH 3:** Fix all adversarial findings. If any fix is applied, re-run the affected adversarial agent on the fixed area only.
 
@@ -103,12 +103,12 @@ Use the Agent tool to run all five in parallel — pure adversarial:
 
 Use the Agent tool to run all six in parallel:
 
-- `subagent_type: spock-schema` — Did any QA/security/UX fix break code patterns or quality?
-- `subagent_type: ahsoka-access-control` — Did any fix introduce access control gaps?
-- `subagent_type: nightwing-regression` — Full regression: run the entire test suite. Any failures?
-- `subagent_type: samwise-accessibility` — Final accessibility audit on all modified components.
-- `subagent_type: padme-data-protection` — Critical path functional verification. Open the app, complete the main task, verify output.
-- `subagent_type: troi-prd-compliance` — PRD compliance: read the PRD prose section-by-section, verify every claim against the implementation. Numeric claims, visual treatments, copy accuracy.
+- `subagent_type: Spock` — Did any QA/security/UX fix break code patterns or quality?
+- `subagent_type: Ahsoka` — Did any fix introduce access control gaps?
+- `subagent_type: Nightwing` — Full regression: run the entire test suite. Any failures?
+- `subagent_type: Samwise` — Final accessibility audit on all modified components.
+- `subagent_type: Padme` — Critical path functional verification. Open the app, complete the main task, verify output.
+- `subagent_type: Troi` — PRD compliance: read the PRD prose section-by-section, verify every claim against the implementation. Numeric claims, visual treatments, copy accuracy.
 
 If the Council finds issues:
 1. Fix code discrepancies. Flag asset requirements as BLOCKED.

package/.claude/commands/qa.md

@@ -8,7 +8,7 @@ Opus scans `git diff --stat` and matches changed files against the `description`
 
 **Dispatch control:** `--light` skips dynamic dispatch (core only). `--solo` runs lead agent only.
 
-**Promoted agent:** **Constantine** `subagent_type: constantine-cursed-code` runs on every `/qa` final pass — finds code that works by accident.
+**Promoted agent:** **Constantine** `subagent_type: Constantine` runs on every `/qa` final pass — finds code that works by accident.
 
 ## Herald Pre-Scan (ADR-047)
 
@@ -36,22 +36,26 @@ Before agent deployment, run the Herald to select the optimal roster:
 2. Create `/logs/phase-09-qa-audit.md` (or appropriate phase log)
 
 ## Step 1 — Attack Plan
-**Green Lantern** `subagent_type: green-lantern-scenarios` generates the test matrix first — what inputs x what states x what conditions should be tested. Then assign targets:
-- **Oracle** `subagent_type: oracle-static-analysis` — Static: critical flows, missing awaits, null checks, type mismatches, race conditions.
-- **Red Hood** `subagent_type: red-hood-aggressive` — Dynamic: empty/huge/unicode inputs, network failures, malformed JSON, rapid clicking.
-- **Alfred** `subagent_type: alfred-dependencies` — Dependencies: `npm audit`, outdated libs, deprecated APIs, version conflicts.
-- **Lucius** `subagent_type: lucius-config` — Config: .env completeness, secrets not in git, prod vs dev mismatches.
-- **Deathstroke** `subagent_type: deathstroke-adversarial` — Adversarial: bypass validations, chain interactions, exploit business logic.
-- **Constantine** `subagent_type: constantine-cursed-code` — Cursed code: unreachable branches, dead state, impossible conditions, accidental correctness.
-- **Cyborg** `subagent_type: cyborg-system-integration` — Integration: trace full data path across 3+ module boundaries, inconsistent response shapes.
-- **Raven** `subagent_type: raven-deep-analysis` — Deep analysis: bugs hidden beneath 3 layers of abstraction, logic correct per function but wrong in composition.
-- **Wonder Woman** `subagent_type: wonder-woman-truth` — Truth: code that says one thing and does another, misleading names, stale docs.
+**Green Lantern** `subagent_type: Green Lantern` generates the test matrix first — what inputs x what states x what conditions should be tested. Then assign targets:
+- **Oracle** `subagent_type: Oracle` — Static: critical flows, missing awaits, null checks, type mismatches, race conditions.
+- **Red Hood** `subagent_type: Red Hood` — Dynamic: empty/huge/unicode inputs, network failures, malformed JSON, rapid clicking.
+- **Alfred** `subagent_type: Alfred` — Dependencies: `npm audit`, outdated libs, deprecated APIs, version conflicts.
+- **Lucius** `subagent_type: Lucius` — Config: .env completeness, secrets not in git, prod vs dev mismatches.
+- **Deathstroke** `subagent_type: Deathstroke` — Adversarial: bypass validations, chain interactions, exploit business logic.
+- **Constantine** `subagent_type: Constantine` — Cursed code: unreachable branches, dead state, impossible conditions, accidental correctness.
+- **Cyborg** `subagent_type: Cyborg` — Integration: trace full data path across 3+ module boundaries, inconsistent response shapes.
+- **Raven** `subagent_type: Raven` — Deep analysis: bugs hidden beneath 3 layers of abstraction, logic correct per function but wrong in composition.
+- **Wonder Woman** `subagent_type: Wonder Woman` — Truth: code that says one thing and does another, misleading names, stale docs.
 
 ## Step 2 — Baseline
 Get the project running. Verify manually: app starts, primary flow works, auth works (if applicable), data persists, error states display.
 
+**Dynamic count check:** Grep for hardcoded numeric claims ("263 agents", "37 patterns", etc.) across all pages and data files. Every count that can change between releases must be computed from the source, not hardcoded. (Field report #298.)
+
+**Cross-array uniqueness audit:** If the codebase uses multiple data arrays for entity categories (e.g., leadAgents + subAgents), verify no entity appears in more than one array. Duplicates inflate totals. (Field report #298.)
+
 ## Step 2.5 — Smoke Tests
-After build + restart, **Flash** `subagent_type: flash-rapid-test` parallelizes curl commands against the running server for each new or modified feature:
+After build + restart, **Flash** `subagent_type: Flash` parallelizes curl commands against the running server for each new or modified feature:
 - **Primary user flow:** Execute via curl/fetch against localhost — verify the end-to-end path works
 - **File uploads:** Upload a file, then fetch the returned URL and verify HTTP 200 + correct content-type
 - **Form submissions:** Submit valid data (verify 200), then submit invalid/duplicate data (verify error message is specific, not generic)
@@ -62,20 +66,20 @@ This catches integration failures that static code review misses. If the server
 
 ## Step 3 — Pass 1: Find Bugs (parallel analysis)
 Use the Agent tool to run these in parallel — these are read-only analysis tasks:
-- **Agent 1** `subagent_type: oracle-static-analysis` — Scan /src/lib/ and /src/app/ for logic flaws, missing awaits, unsafe assumptions.
-- **Agent 2** `subagent_type: red-hood-aggressive` — Test all API endpoints with malformed inputs, empty bodies, missing auth.
-- **Agent 3** `subagent_type: alfred-dependencies` — Run `npm audit`, check package.json for deprecated/vulnerable packages.
-- **Agent 4** `subagent_type: deathstroke-adversarial` — Adversarial probing: bypass validations, chain unexpected interactions, test authorization boundaries.
-- **Agent 5** `subagent_type: constantine-cursed-code` — Hunt cursed code: dead branches, impossible conditions, accidental correctness, shadowed variables.
-- **Agent 6** `subagent_type: batgirl-detail` — Deep per-module audit: every edge of every form, every boundary of every validation, every regex. Not broad -- *thorough*.
-- **Agent 7** `subagent_type: aquaman-deep-dive` — Deep dive on the hardest/largest module (500+ lines or 10+ functions). Exhaustive testing of one complex area.
+- **Agent 1** `subagent_type: Oracle` — Scan /src/lib/ and /src/app/ for logic flaws, missing awaits, unsafe assumptions.
+- **Agent 2** `subagent_type: Red Hood` — Test all API endpoints with malformed inputs, empty bodies, missing auth.
+- **Agent 3** `subagent_type: Alfred` — Run `npm audit`, check package.json for deprecated/vulnerable packages.
+- **Agent 4** `subagent_type: Deathstroke` — Adversarial probing: bypass validations, chain unexpected interactions, test authorization boundaries.
+- **Agent 5** `subagent_type: Constantine` — Hunt cursed code: dead branches, impossible conditions, accidental correctness, shadowed variables.
+- **Agent 6** `subagent_type: Batgirl` — Deep per-module audit: every edge of every form, every boundary of every validation, every regex. Not broad -- *thorough*.
+- **Agent 7** `subagent_type: Aquaman` — Deep dive on the hardest/largest module (500+ lines or 10+ functions). Exhaustive testing of one complex area.
 
 Synthesize findings from all agents into a unified list.
 
-**Lucius** `subagent_type: lucius-config` reviews config separately (reads .env files -- sensitive, don't delegate to sub-agent).
+**Lucius** `subagent_type: Lucius` reviews config separately (reads .env files -- sensitive, don't delegate to sub-agent).
 
 ## Step 3.5 — Automated Tests
-Run `npm test`. Analyze failures. Cross-reference with findings from Step 3. **Huntress** `subagent_type: huntress-flaky-bugs` identifies flaky/non-deterministic tests — race conditions, timing dependencies, order-dependent assertions. For every bug found, ask: "Can this be caught by an automated test?" If yes, write the test.
+Run `npm test`. Analyze failures. Cross-reference with findings from Step 3. **Huntress** `subagent_type: Huntress` identifies flaky/non-deterministic tests — race conditions, timing dependencies, order-dependent assertions. For every bug found, ask: "Can this be caught by an automated test?" If yes, write the test.
 
 ## Step 4 — Bug Tracker
 Log all findings in this format in the phase log:
@@ -88,25 +92,25 @@ Severity: Critical (security/data loss) > High (broken flow) > Medium (degraded)
 **Confidence scoring is mandatory.** Every finding includes a confidence score (0-100). If confidence is below 60, launch a second agent from a different universe (e.g., if Oracle found it, escalate to Spock or Kenobi) to verify before including. If the second agent disagrees, drop the finding. High-confidence findings (90+) skip re-verification in Step 6.5.
 
 ## Step 5 — Fix (small batches)
-One batch = fixes for one area or severity level. **Green Arrow** `subagent_type: green-arrow-precision` narrows vague findings to exact lines and conditions. After each batch:
+One batch = fixes for one area or severity level. **Green Arrow** `subagent_type: Green Arrow` narrows vague findings to exact lines and conditions. After each batch:
 1. Re-run `npm test`
 2. Re-verify affected manual flows
 3. Update bug tracker in phase log
 4. Add new test for each fix where applicable
 
 ## Step 6 — Harden
-Normalize error handling (reference `/docs/patterns/error-handling.ts`). Add guardrails. Improve structured logging. **Superman** `subagent_type: superman-strength-test` verifies the codebase meets its own stated standards — linting clean, type-safe, naming conventions consistent, no unresolved TODOs.
+Normalize error handling (reference `/docs/patterns/error-handling.ts`). Add guardrails. Improve structured logging. **Superman** `subagent_type: Superman` verifies the codebase meets its own stated standards — linting clean, type-safe, naming conventions consistent, no unresolved TODOs.
 
 ## Step 6.5 — Pass 2: Re-Verify Fixes
 After all fixes are applied, run a verification pass:
-- **Nightwing** `subagent_type: nightwing-regression` re-runs full test suite, reports any new failures
-- **Red Hood** `subagent_type: red-hood-aggressive` re-probes fixed areas — verify fixes hold under adversarial input
-- **Deathstroke** `subagent_type: deathstroke-adversarial` re-tests authorization boundaries and business logic exploits that were remediated
+- **Nightwing** `subagent_type: Nightwing` re-runs full test suite, reports any new failures
+- **Red Hood** `subagent_type: Red Hood` re-probes fixed areas — verify fixes hold under adversarial input
+- **Deathstroke** `subagent_type: Deathstroke` re-tests authorization boundaries and business logic exploits that were remediated
 
 If Pass 2 finds new issues, fix and re-verify until clean.
 
 ## Step 7 — Regression Checklist
-**Nightwing** `subagent_type: nightwing-regression` builds the checklist. Template:
+**Nightwing** `subagent_type: Nightwing` builds the checklist. Template:
 
 | # | Flow | Steps | Expected | Status |
 |---|------|-------|----------|--------|

package/.claude/commands/review.md

@@ -38,38 +38,38 @@ List all files in scope and their types (API route, service, component, middlewa
 
 ## Agent Deployment Manifest
 
-**Lead:** `subagent_type: picard-architecture` — architecture lens, final arbiter
+**Lead:** `subagent_type: Picard` — architecture lens, final arbiter
 **Core team (always deployed):**
-- `subagent_type: spock-schema` — pattern compliance + integration tracing
-- `subagent_type: seven-optimization` — code quality, dead code, complexity
-- `subagent_type: data-tech-debt` — maintainability, error paths, state flow
+- `subagent_type: Spock` — pattern compliance + integration tracing
+- `subagent_type: Seven` — code quality, dead code, complexity
+- `subagent_type: Data` — maintainability, error paths, state flow
 
 **Stark's Marvel team (deployed on backend-heavy reviews):**
-- `subagent_type: rogers-api-design` — API design: HTTP semantics, response shapes, REST conventions
-- `subagent_type: banner-database` — database: query patterns, N+1, missing indexes
-- `subagent_type: strange-service-arch` — service architecture: separation of concerns, logic placement
-- `subagent_type: barton-smoke-test` — error handling: try/catch completeness, error propagation
-- `subagent_type: romanoff-integrations` — security implications (lightweight — flags for Kenobi)
-- `subagent_type: thor-queues` — performance: re-renders, expensive computations, memoization
-- `subagent_type: wanda-state` — state management: store design, prop drilling, context boundaries
-- `subagent_type: tchalla-quality` — API integration: external service calls, retry logic, fallback
+- `subagent_type: Rogers` — API design: HTTP semantics, response shapes, REST conventions
+- `subagent_type: Banner` — database: query patterns, N+1, missing indexes
+- `subagent_type: Strange` — service architecture: separation of concerns, logic placement
+- `subagent_type: Barton` — error handling: try/catch completeness, error propagation
+- `subagent_type: Romanoff` — security implications (lightweight — flags for Kenobi)
+- `subagent_type: Thor` — performance: re-renders, expensive computations, memoization
+- `subagent_type: Wanda` — state management: store design, prop drilling, context boundaries
+- `subagent_type: T'Challa` — API integration: external service calls, retry logic, fallback
 
 **Cross-domain agents (deployed based on content):**
-- `subagent_type: nightwing-regression` — auth flow end-to-end: signup→verify→login→protected→logout
-- `subagent_type: bilbo-microcopy` — copy audit: error messages, UI text, API descriptions
-- `subagent_type: troi-prd-compliance` — PRD compliance: does the code match what the PRD describes?
-- `subagent_type: constantine-cursed-code` — cursed code: accidental correctness, tautological checks, shadowed vars
-- `subagent_type: samwise-accessibility` — a11y spot-check: keyboard nav and ARIA
+- `subagent_type: Nightwing` — auth flow end-to-end: signup→verify→login→protected→logout
+- `subagent_type: Bilbo` — copy audit: error messages, UI text, API descriptions
+- `subagent_type: Troi` — PRD compliance: does the code match what the PRD describes?
+- `subagent_type: Constantine` — cursed code: accidental correctness, tautological checks, shadowed vars
+- `subagent_type: Samwise` — a11y spot-check: keyboard nav and ARIA
 
 ## Step 1 — Parallel Analysis
 Use the Agent tool to run these in parallel — all are read-only analysis:
 
-- **Agent 1** `subagent_type: spock-schema` — Pattern compliance: check each file against its matching pattern in `/docs/patterns/` (api-route, service, component, middleware, error-handling, job-queue, multi-tenant). **INTEGRATION TRACING (mandatory):** When reviewed code generates URLs, references endpoints, constructs storage keys, or produces data consumed by other modules — read the consuming code to verify compatibility.
-- **Agent 2** `subagent_type: seven-optimization` — Code quality: unnecessary complexity, dead code, unused imports, duplicated logic, inconsistent naming, missing types/`any` usage, SRP violations.
-- **Agent 3** `subagent_type: data-tech-debt` — Maintainability + error paths + state flow: wrong abstractions, module coupling, missing boundary error handling, hardcoded values, misleading comments.
-- **Agent 4** `subagent_type: rogers-api-design` + `banner-database` + `strange-service-arch` — Backend review (if backend code in scope): REST conventions, response shapes, N+1 queries, indexes, separation of concerns.
-- **Agent 5** `subagent_type: nightwing-regression` + `constantine-cursed-code` — Cross-domain (if auth or complex logic in scope): auth flow tracing, accidental correctness detection.
-- **Agent 6** `subagent_type: bilbo-microcopy` + `troi-prd-compliance` — Copy + PRD (if UI or user-facing code in scope): clear error messages, PRD compliance verification.
+- **Agent 1** `subagent_type: Spock` — Pattern compliance: check each file against its matching pattern in `/docs/patterns/` (api-route, service, component, middleware, error-handling, job-queue, multi-tenant). **INTEGRATION TRACING (mandatory):** When reviewed code generates URLs, references endpoints, constructs storage keys, or produces data consumed by other modules — read the consuming code to verify compatibility.
+- **Agent 2** `subagent_type: Seven` — Code quality: unnecessary complexity, dead code, unused imports, duplicated logic, inconsistent naming, missing types/`any` usage, SRP violations.
+- **Agent 3** `subagent_type: Data` — Maintainability + error paths + state flow: wrong abstractions, module coupling, missing boundary error handling, hardcoded values, misleading comments.
+- **Agent 4** `subagent_type: Rogers` + `banner-database` + `strange-service-arch` — Backend review (if backend code in scope): REST conventions, response shapes, N+1 queries, indexes, separation of concerns.
+- **Agent 5** `subagent_type: Nightwing` + `constantine-cursed-code` — Cross-domain (if auth or complex logic in scope): auth flow tracing, accidental correctness detection.
+- **Agent 6** `subagent_type: Bilbo` + `troi-prd-compliance` — Copy + PRD (if UI or user-facing code in scope): clear error messages, PRD compliance verification.
 
 **ROUTE COLLISION CHECK (mandatory for web apps):** When a new router/route file is added, list ALL registered routes (method + path) across ALL routers. Check for duplicate method+path combinations. Frameworks like FastAPI silently shadow duplicate routes — the first registered wins.
 
@@ -116,8 +116,8 @@ Fix "Must Fix" and "Should Fix" items. After each batch:
 
 ## Step 3.5 — Re-Verify Fixes
 After fixes are applied:
-- **Spock** `subagent_type: spock-schema` re-checks pattern compliance on modified files
-- **Seven** `subagent_type: seven-optimization` confirms no new complexity or dead code introduced by fixes
+- **Spock** `subagent_type: Spock` re-checks pattern compliance on modified files
+- **Seven** `subagent_type: Seven` confirms no new complexity or dead code introduced by fixes
 
 If new issues found, fix and re-verify.
 

package/.claude/commands/security.md

@@ -32,26 +32,26 @@ Before agent deployment, run the Herald to select the optimal roster:
 
 ### Phase 0.5 — First Strike
 Before the deep audits, two agents do fast recon:
-- **Han** `subagent_type: han-vuln-hunter` — Quick OWASP top 10 scan: finds the obvious vulnerabilities that shouldn't require deep analysis. Shoots first.
-- **Cassian** `subagent_type: cassian-recon` — Threat modeling and attack surface mapping: all endpoints, high-value targets, threat model that guides the rest of the audit.
+- **Han** `subagent_type: Han` — Quick OWASP top 10 scan: finds the obvious vulnerabilities that shouldn't require deep analysis. Shoots first.
+- **Cassian** `subagent_type: Cassian` — Threat modeling and attack surface mapping: all endpoints, high-value targets, threat model that guides the rest of the audit.
 
 ### Phase 1 — Independent audits (parallel analysis)
 Use the Agent tool to run these simultaneously — all are read-only analysis:
-- **Agent 1** `subagent_type: leia-secrets` — Secrets: scan for hardcoded secrets, verify .env gitignored, check git history for leaked keys, verify different secrets dev/prod.
-- **Agent 2** `subagent_type: chewie-dependency-audit` — Dependencies: `npm audit`, critical/high vulns, lock file committed, deprecated packages.
-- **Agent 3** `subagent_type: rex-infrastructure` + `bo-katan-perimeter` — Infrastructure + perimeter: security headers (HSTS, CSP, X-Frame-Options, CORS), TLS config, exposed ports/debug endpoints, firewall rules, CORS enforcement.
-- **Agent 4** `subagent_type: maul-red-team` — Red team: exploit each endpoint/flow, chain vulnerabilities, test trust boundaries, attempt privilege escalation. **RUNTIME EXPLOITATION (mandatory):** Execute actual attack requests via curl/fetch -- not just theorize.
+- **Agent 1** `subagent_type: Leia` — Secrets: scan for hardcoded secrets, verify .env gitignored, check git history for leaked keys, verify different secrets dev/prod.
+- **Agent 2** `subagent_type: Chewie` — Dependencies: `npm audit`, critical/high vulns, lock file committed, deprecated packages.
+- **Agent 3** `subagent_type: Rex` + `bo-katan-perimeter` — Infrastructure + perimeter: security headers (HSTS, CSP, X-Frame-Options, CORS), TLS config, exposed ports/debug endpoints, firewall rules, CORS enforcement.
+- **Agent 4** `subagent_type: Maul` — Red team: exploit each endpoint/flow, chain vulnerabilities, test trust boundaries, attempt privilege escalation. **RUNTIME EXPLOITATION (mandatory):** Execute actual attack requests via curl/fetch -- not just theorize.
 
 ### Phase 2 — Sequential audits (depend on understanding the codebase)
 These require full codebase context — run sequentially:
 
-- **Yoda** `subagent_type: yoda-auth` — Auth: password hashing (bcrypt >= 12 rounds), session management (httpOnly/secure/sameSite), OAuth (state param, redirect whitelist), reset tokens (single-use, expiring, rate limited). Reference `/docs/patterns/middleware.ts`.
-- **Windu** `subagent_type: windu-input-validation` — Input: SQL injection (parameterized queries), XSS (escaped output, CSP), SSRF (URL allowlist), command injection, path traversal.
-- **Ahsoka** `subagent_type: ahsoka-access-control` — Access control: IDOR checks, UUIDs not sequential IDs, server-side admin/tier verification, rate limiting. **AUTH CHAIN TRACING (mandatory):** Trace the full chain from middleware registration through service to DB query. Reference `/docs/patterns/multi-tenant.ts`.
-- **Padme** `subagent_type: padme-data-protection` — Data protection: PII catalog, PII not in logs/errors/URLs, GDPR deletion, encrypted backups.
-- **Qui-Gon** `subagent_type: qui-gon-subtle-vulns` — Subtle vulnerabilities: timing attacks, race conditions in auth flows, logic errors that pass standard checks.
-- **Sabine** `subagent_type: sabine-unconventional` — (conditional) Unconventional: supply chain attacks, dependency confusion, prototype pollution, CSP bypass via CDN.
-- **Bail Organa** `subagent_type: bail-organa-governance` — (conditional) Governance: GDPR data handling, SOC2 controls, HIPAA mapping.
+- **Yoda** `subagent_type: Yoda` — Auth: password hashing (bcrypt >= 12 rounds), session management (httpOnly/secure/sameSite), OAuth (state param, redirect whitelist), reset tokens (single-use, expiring, rate limited). Reference `/docs/patterns/middleware.ts`.
+- **Windu** `subagent_type: Windu` — Input: SQL injection (parameterized queries), XSS (escaped output, CSP), SSRF (URL allowlist), command injection, path traversal.
+- **Ahsoka** `subagent_type: Ahsoka` — Access control: IDOR checks, UUIDs not sequential IDs, server-side admin/tier verification, rate limiting. **AUTH CHAIN TRACING (mandatory):** Trace the full chain from middleware registration through service to DB query. Reference `/docs/patterns/multi-tenant.ts`.
+- **Padme** `subagent_type: Padme` — Data protection: PII catalog, PII not in logs/errors/URLs, GDPR deletion, encrypted backups.
+- **Qui-Gon** `subagent_type: Qui-Gon` — Subtle vulnerabilities: timing attacks, race conditions in auth flows, logic errors that pass standard checks.
+- **Sabine** `subagent_type: Sabine` — (conditional) Unconventional: supply chain attacks, dependency confusion, prototype pollution, CSP bypass via CDN.
+- **Bail Organa** `subagent_type: Bail Organa` — (conditional) Governance: GDPR data handling, SOC2 controls, HIPAA mapping.
 
 ### Phase 3 — Remediate
 Write all findings to `/logs/phase-11-security-audit.md` (or appropriate phase log):
@@ -71,9 +71,9 @@ Fix critical and high findings immediately. Medium findings get tracked. For eac
 
 ### Phase 4 — Re-Verification
 After remediations are applied:
-- **Maul** `subagent_type: maul-red-team` re-probes all remediated vulnerabilities — verify fixes hold under adversarial conditions. Execute actual HTTP requests against the running server.
-- **Anakin** `subagent_type: anakin-dark-side` attempts to bypass remediations using dark-side techniques — JWT algorithm confusion, auth library edge cases, prototype pollution, framework misuse.
-- **Din Djarin** `subagent_type: din-djarin-bounty` bounty-hunts for anything Maul and Anakin missed — post-remediation sweep.
+- **Maul** `subagent_type: Maul` re-probes all remediated vulnerabilities — verify fixes hold under adversarial conditions. Execute actual HTTP requests against the running server.
+- **Anakin** `subagent_type: Anakin` attempts to bypass remediations using dark-side techniques — JWT algorithm confusion, auth library edge cases, prototype pollution, framework misuse.
+- **Din Djarin** `subagent_type: Din Djarin` bounty-hunts for anything Maul and Anakin missed — post-remediation sweep.
 
 If any agent finds new issues, fix and re-verify until clean.
 

package/.claude/commands/test.md

@@ -29,15 +29,15 @@ Before agent deployment, run the Herald to select the optimal roster:
 **`--solo`** skips both Herald and all sub-agents — lead agent only.
 
 ## Step 0 — Orient
-**Oracle** `subagent_type: oracle-static-analysis` orients:
+**Oracle** `subagent_type: Oracle` orients:
 1. Detect: test framework, test runner, test directory structure, existing coverage
 2. Run `npm test` to establish baseline — how many tests, how many pass, how many fail
 3. Document in phase log: framework, runner, config, current state
 
 ## Step 1 — Coverage Analysis (parallel)
 Use the Agent tool to run these in parallel:
-- **Agent 1** `subagent_type: oracle-static-analysis` — Gap analysis: scan all source files, check for corresponding test files, identify tested vs missing paths.
-- **Agent 2** `subagent_type: alfred-dependencies` — Test infrastructure: review test config, fixtures, factories, mocks, test utilities, test database, shared helpers.
+- **Agent 1** `subagent_type: Oracle` — Gap analysis: scan all source files, check for corresponding test files, identify tested vs missing paths.
+- **Agent 2** `subagent_type: Alfred` — Test infrastructure: review test config, fixtures, factories, mocks, test utilities, test database, shared helpers.
 
 Synthesize into a coverage map:
 
@@ -47,7 +47,7 @@ Synthesize into a coverage map:
 Priority: Critical path > User-facing > Internal > Utility
 
 ## Step 2 — Test Architecture
-**Nightwing** `subagent_type: nightwing-regression` reviews existing tests for quality:
+**Nightwing** `subagent_type: Nightwing` reviews existing tests for quality:
 - Are tests testing behavior or implementation details?
 - Are tests isolated (no test-order dependency)?
 - Are assertions specific (not just "doesn't throw")?
@@ -60,7 +60,7 @@ Flag anti-patterns:
 - Excessive mocking that hides real bugs
 - Tests coupled to implementation details
 
-## Step 3 — Write Missing Tests (`subagent_type: batman-qa` leads)
+## Step 3 — Write Missing Tests (`subagent_type: Batman` leads)
 Write tests in priority order from Step 1. For each module:
 
 1. **Unit tests** for pure business logic (services, utils, validators)
@@ -79,7 +79,7 @@ Write tests in priority order from Step 1. For each module:
 
 Work in small batches — write tests for one module, run `npm test`, verify they pass, then move to the next.
 
-## Step 3.5 — Integration Tests (`subagent_type: oracle-static-analysis`)
+## Step 3.5 — Integration Tests (`subagent_type: Oracle`)
 For each new feature, write at least one test that exercises the full cross-module path:
 - **File handling:** upload file → verify returned URL → fetch URL → verify 200 + correct content-type
 - **Form save with conflict:** submit with duplicate/conflicting value → verify response includes specific error message (not generic)
@@ -90,7 +90,7 @@ For each new feature, write at least one test that exercises the full cross-modu
 These can use mocked databases but MUST cross module boundaries — the test should touch at least two modules that would be reviewed by different agents.
 
 ## Step 4 — Hardening
-**Red Hood** `subagent_type: red-hood-aggressive` writes adversarial tests:
+**Red Hood** `subagent_type: Red Hood` writes adversarial tests:
 - Boundary values (0, -1, MAX_INT, empty string, null, undefined)
 - Unicode and special characters in all string inputs
 - Concurrent operations (race conditions, double-submit)

package/.claude/commands/treasury.md

@@ -7,13 +7,13 @@ Read `/docs/methods/HEARTBEAT.md` for daemon architecture.
 
 ## Agent Deployment Manifest
 
-**Lead:** Dockson (`subagent_type: dockson-treasury`)
+**Lead:** Dockson (`subagent_type: Dockson`)
 **Core team:**
-- **Steris** (`subagent_type: steris-budget`) — budget allocation, forecasting, contingency plans
-- **Vin** (`subagent_type: vin-analytics`) — revenue analytics, attribution, pattern detection
-- **Szeth** (`subagent_type: szeth-compliance`) — financial compliance, tax records, platform ToS
-- **Breeze** (`subagent_type: breeze-platform-relations`) — platform relations, API credentials, OAuth management
-- **Wax** (`subagent_type: wax-paid-ads`) — spend execution, campaign budget management
+- **Steris** (`subagent_type: Steris`) — budget allocation, forecasting, contingency plans
+- **Vin** (`subagent_type: Vin`) — revenue analytics, attribution, pattern detection
+- **Szeth** (`subagent_type: Szeth`) — financial compliance, tax records, platform ToS
+- **Breeze** (`subagent_type: Breeze`) — platform relations, API credentials, OAuth management
+- **Wax** (`subagent_type: Wax`) — spend execution, campaign budget management
 
 ## Prerequisites
 

package/.claude/commands/ux.md

@@ -32,11 +32,13 @@ Before agent deployment, run the Herald to select the optimal roster:
 Detect: framework, styling system, component library, routing, state management.
 Document in phase log: "How to run", key routes, where components/styles/copy live.
 
+**Screenshot mandate (MANDATORY):** If the app is runnable, start the server, take screenshots of EVERY page via Playwright or browser, and READ them via the Read tool. Without screenshots, the review is code-reading — not visual verification. Take at desktop (1440x900), plus 375px and 768px for responsive proof-of-life.
+
 ## Step 1 — Product Surface Map
 List every screen/route, primary user journeys, key shared components, and the state taxonomy (loading/empty/error/success/partial/unauthorized). Write to phase log.
 
 ## Step 1.75 — Enchantment Review
-Before the auditors begin, **Eowyn** `subagent_type: eowyn-delight` dreams. Read the PRD's brand personality section. Walk through each primary flow and ask:
+Before the auditors begin, **Eowyn** `subagent_type: Eowyn` dreams. Read the PRD's brand personality section. Walk through each primary flow and ask:
 - Where could this surprise and delight?
 - Where does functionality need warmth?
 - Do transitions breathe or just appear? (200ms ease-out minimum for panels, modals, state changes)
@@ -53,24 +55,24 @@ See `PRODUCT_DESIGN_FRONTEND.md` Step 1.75 for full Éowyn protocol.
 
 ## Step 2 — Parallel Analysis
 Use the Agent tool to run these simultaneously — all are read-only analysis:
-- **Agent 1** `subagent_type: elrond-ux-strategy` — UX: information architecture, navigation, task flows, friction points, discoverability, flow intuitiveness.
-- **Agent 2** `subagent_type: arwen-ui-polish` — Visual: spacing, typography, color usage, button hierarchy, visual consistency.
-- **Agent 3** `subagent_type: samwise-accessibility` — A11y: keyboard navigation, focus management, ARIA labels, color contrast, reduced motion. Keyboard-only testing.
-- **Agent 4** `subagent_type: celeborn-design-system` — Design system: spacing token consistency, typography scale, palette adherence, component naming conventions.
+- **Agent 1** `subagent_type: Elrond` — UX: information architecture, navigation, task flows, friction points, discoverability, flow intuitiveness.
+- **Agent 2** `subagent_type: Arwen` — Visual: spacing, typography, color usage, button hierarchy, visual consistency.
+- **Agent 3** `subagent_type: Samwise` — A11y: keyboard navigation, focus management, ARIA labels, color contrast, reduced motion. Keyboard-only testing.
+- **Agent 4** `subagent_type: Celeborn` — Design system: spacing token consistency, typography scale, palette adherence, component naming conventions.
 
-**Aragorn** `subagent_type: aragorn-orchestration` orchestrates when multiple findings conflict — prioritizes which matter most for users.
+**Aragorn** `subagent_type: Aragorn` orchestrates when multiple findings conflict — prioritizes which matter most for users.
 
 Synthesize findings from all agents.
 
 ## Step 3 — Sequential Reviews
 These require interactive testing:
 
-- **Bilbo** `subagent_type: bilbo-microcopy` — Copy: all microcopy (labels, buttons, error messages, empty states, confirmations, destructive warnings). Clear and consistent?
-- **Pippin** `subagent_type: pippin-discovery` — Edge cases: resize to 320px, paste emoji in search, click back mid-flow, two tabs, light/dark toggle mid-animation.
-- **Frodo** `subagent_type: frodo-critical-path` — (conditional) Hardest flow: dedicated attention on the single most critical + complex flow. Skip if no single flow dominates.
-- **Legolas** `subagent_type: legolas-precision` — Code: component architecture, semantic HTML, CSS organization, state management. Reference `/docs/patterns/component.tsx`.
-- **Gimli** `subagent_type: gimli-performance` — Performance: loading states, skeleton screens, layout shift, optimistic UI, mobile responsiveness, touch targets (min 44px).
-- **Radagast** `subagent_type: radagast-edge-cases` — Edge cases + error states: empty/huge/unicode inputs, broken states, dangerous actions without confirmation, validation gaps.
+- **Bilbo** `subagent_type: Bilbo` — Copy: all microcopy (labels, buttons, error messages, empty states, confirmations, destructive warnings). Clear and consistent?
+- **Pippin** `subagent_type: Pippin` — Edge cases: resize to 320px, paste emoji in search, click back mid-flow, two tabs, light/dark toggle mid-animation.
+- **Frodo** `subagent_type: Frodo` — (conditional) Hardest flow: dedicated attention on the single most critical + complex flow. Skip if no single flow dominates.
+- **Legolas** `subagent_type: Legolas` — Code: component architecture, semantic HTML, CSS organization, state management. Reference `/docs/patterns/component.tsx`.
+- **Gimli** `subagent_type: Gimli` — Performance: loading states, skeleton screens, layout shift, optimistic UI, mobile responsiveness, touch targets (min 44px).
+- **Radagast** `subagent_type: Radagast` — Edge cases + error states: empty/huge/unicode inputs, broken states, dangerous actions without confirmation, validation gaps.
 
 **ERROR STATE TESTING (mandatory):** For every form/action in the UI:
 - Submit with intentionally invalid data (duplicate name, wrong format, missing required field)
@@ -90,10 +92,10 @@ Categories: UX, Visual, A11y, Copy, Performance, Edge Case
 **Confidence scoring is mandatory.** Every finding includes a confidence score (0-100). If confidence is below 60, escalate to a second agent from a different universe (e.g., if Samwise found it, escalate to Padmé or Nightwing) to verify before including. If the second agent disagrees, drop the finding. High-confidence findings (90+) skip re-verification in Step 7.5.
 
 ## Step 5 — Enhancement Specs (before coding)
-For each fix: problem statement, proposed solution, acceptance criteria, a11y requirements (**Samwise** `subagent_type: samwise-accessibility` signs off), copy (**Bilbo** `subagent_type: bilbo-microcopy` signs off). **Faramir** `subagent_type: faramir-judgment` checks whether polish effort targets the right screens — high-traffic core flows, not low-traffic edge pages.
+For each fix: problem statement, proposed solution, acceptance criteria, a11y requirements (**Samwise** `subagent_type: Samwise` signs off), copy (**Bilbo** `subagent_type: Bilbo` signs off). **Faramir** `subagent_type: Faramir` checks whether polish effort targets the right screens — high-traffic core flows, not low-traffic edge pages.
 
 ## Step 6 — Implement (small batches)
-One batch = one flow or component cluster (max ~200 lines changed). **Boromir** `subagent_type: boromir-hubris` checks: is the polish overengineered? Too many animations? Does complexity hurt performance? **Glorfindel** `subagent_type: glorfindel-rendering` handles the hardest rendering (canvas, WebGL, SVG -- conditional, only if the project has visual complexity). After each batch:
+One batch = one flow or component cluster (max ~200 lines changed). **Boromir** `subagent_type: Boromir` checks: is the polish overengineered? Too many animations? Does complexity hurt performance? **Glorfindel** `subagent_type: Glorfindel` handles the hardest rendering (canvas, WebGL, SVG -- conditional, only if the project has visual complexity). After each batch:
 1. Re-run the app
 2. Re-walk the affected flow
 3. Test keyboard navigation
@@ -101,7 +103,7 @@ One batch = one flow or component cluster (max ~200 lines changed). **Boromir**
 5. Run `npm test` to catch regressions
 
 ## Step 7 — Harden Design System
-**Arwen** `subagent_type: arwen-ui-polish` leads. **Haldir** `subagent_type: haldir-boundaries` checks transitions between pages, states, and components — loading->success, error->retry, navigate->return. Are they smooth or jarring? Audit shared components (buttons, inputs, cards, modals, toasts) for:
+**Arwen** `subagent_type: Arwen` leads. **Haldir** `subagent_type: Haldir` checks transitions between pages, states, and components — loading->success, error->retry, navigate->return. Are they smooth or jarring? Audit shared components (buttons, inputs, cards, modals, toasts) for:
 - Consistent variants (primary, secondary, danger, ghost)
 - Responsive behavior
 - Keyboard focus styles
@@ -109,9 +111,9 @@ One batch = one flow or component cluster (max ~200 lines changed). **Boromir**
 
 ## Step 7.5 — Pass 2: Re-Verify Fixes
 After all fixes are applied, run a verification pass:
-- **Samwise** `subagent_type: samwise-accessibility` re-audits accessibility on all modified components — verify a11y fixes didn't break other a11y properties
-- **Radagast** `subagent_type: radagast-edge-cases` re-checks edge cases on fixed flows — verify fixes hold under adversarial input
-- **Merry** `subagent_type: merry-pair-review` pair-verifies Pippin's edge case resolutions — one found it, the other confirms the fix
+- **Samwise** `subagent_type: Samwise` re-audits accessibility on all modified components — verify a11y fixes didn't break other a11y properties
+- **Radagast** `subagent_type: Radagast` re-checks edge cases on fixed flows — verify fixes hold under adversarial input
+- **Merry** `subagent_type: Merry` pair-verifies Pippin's edge case resolutions — one found it, the other confirms the fix
 
 If Pass 2 finds new issues, fix and re-verify until Samwise, Radagast, and Merry sign off.
 

package/CHANGELOG.md

@@ -6,6 +6,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/), and this
 
 ---
 
+## [23.5.4] - 2026-04-12
+
+### Fixed
+- **3 command-doc sync gaps** — build.md now includes Phase 12.75 (distribution verification gate), ux.md now includes screenshot mandate, qa.md now includes dynamic count check + cross-array uniqueness audit
+- **ROADMAP.md version** — updated from v23.5.0 to v23.5.3
+
+---
+
+## [23.5.3] - 2026-04-12
+
+### Fixed
+- **All 201 `subagent_type` references used wrong format** — commands referenced agents by filename ID (`picard-architecture`) but Claude Code expects the YAML name field (`Picard`). Every agent reference in every command was broken. Fixed across 15 command files.
+- **"What's Next" recommended `/build` instead of `/campaign`** — new projects should start with `/campaign` (reads PRD, sequences missions, deploys full agent teams) not `/build` (manual single-batch mode). Updated wizard UI and CLAUDE.md.
+
+---
+
 ## [23.5.2] - 2026-04-12
 
 ### Fixed

package/CLAUDE.md

@@ -255,4 +255,4 @@ The agents, characters, and personality are VoidForge's identity — they ship i
 
 ## How to Build
 
-Read the PRD. Run `/build`. Or see `/docs/methods/BUILD_PROTOCOL.md`.
+Read the PRD. Run `/campaign` to build the entire PRD mission by mission. For a single feature, use `/assemble`. For manual batch control, use `/build`.

package/VERSION.md

@@ -1,6 +1,6 @@
 # Version
 
-**Current:** 23.5.2
+**Current:** 23.5.4
 
 ## Versioning Scheme
 
@@ -14,6 +14,8 @@ This project uses [Semantic Versioning](https://semver.org/):
 
 | Version | Date | Summary |
 |---------|------|---------|
+| 23.5.4 | 2026-04-12 | Command-doc sync: build.md Phase 12.75, ux.md screenshots, qa.md dynamic counts |
+| 23.5.3 | 2026-04-12 | Fix 201 broken subagent_type refs (filename→YAML name) + /campaign as default start command |
 | 23.5.2 | 2026-04-12 | /void auto-cleanup ~/.claude/ duplicates + git init stack trace fix |
 | 23.5.1 | 2026-04-12 | Fix CLI self-upgrade: wrong package name (voidforge → thevoidforge) + stale npx cache on re-exec |
 | 23.5.0 | 2026-04-12 | The Herald — intelligent agent dispatch: Haiku pre-scan, agent registry, 40 tags, --focus flag, 14 commands wired. ADR-047. Campaign 37. |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thevoidforge-methodology",
-  "version": "23.5.2",
+  "version": "23.5.4",
   "description": "VoidForge methodology — agents, commands, methods, patterns.",
   "license": "MIT",
   "files": [