tribunal-kit 2.4.5 → 3.0.0

package/.agent/skills/plan-writing/SKILL.md

@@ -1,188 +1,118 @@
----
-name: plan-writing
-description: Structured task planning with clear breakdowns, dependencies, and verification criteria. Use when implementing features, refactoring, or any multi-step work.
-allowed-tools: Read, Write, Edit, Glob, Grep
-version: 1.0.0
-last-updated: 2026-03-12
-applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
----
-
-# Task Planning Standards
-
-> A plan is not a promise. It is a map.
-> Maps get updated when the terrain doesn't match them.
-
----
-
-## When to Write a Plan
-
-Write a plan before implementation when:
-- The task touches more than 2 files in non-trivial ways
-- The task has dependencies (thing B can't start until thing A is done)
-- The task involves a risky operation (migration, data transformation, breaking change)
-- The team needs to review the approach before time is spent implementing it
-
-Skip the formal plan for: single-function fixes, typo corrections, config tweaks.
-
----
-
-## Plan Structure
-
-```markdown
-# Plan: [Feature or Task Name]
-
-## Goal
-One sentence: what outcome does this achieve?
-
-## Context
-- Why is this being done?
-- What problem does it solve or what requirement does it satisfy?
-- What exists today that this changes?
-
-## Approach
-High-level strategy. Enough detail for someone unfamiliar with the code to understand the direction.
-Not implementation details — those go in the tasks.
-
-## Tasks
-
-### Phase 1 — [Name] (prerequisite for Phase 2)
-- [ ] Task 1.1: Description
-- [ ] Task 1.2: Description (depends on 1.1)
-
-### Phase 2 — [Name] (can run after Phase 1 is complete)
-- [ ] Task 2.1: Description
-- [ ] Task 2.2: Description
-
-## Verification
-How will we know this is done and working?
-- [ ] Specific behavior that can be tested
-- [ ] Metric or log line that confirms success
-- [ ] Edge case that must not regress
-
-## Risks and Open Questions
-- [Risk]: What might go wrong, and what's the mitigation?
-- [Open]: What decision hasn't been made yet that could change this plan?
-
-## Files That Will Change
-- `path/to/file.ts` — what changes
-- `path/to/schema.sql` — what changes
-```
-
----
-
-## Dependency Notation
-
-When tasks have a strict order, mark it:
-
-```
-Task A — (no dependencies, do first)
-Task B — (requires A complete)
-Task C — (can run parallel with B)
-Task D — (requires B and C complete)
-```
-
-This prevents teams from working on D while B is still broken.
-
----
-
-## Task Granularity
-
-Each task should be:
-- Completable in one session by one person
-- Independently reviewable (a PR could represent one task)
-- Testable: there is a concrete way to know if it's done
-
-**Too vague:** "Implement the auth system"
-**Right size:** "Add `POST /api/auth/login` endpoint with JWT issuance and Zod validation"
-
----
-
-## Updating the Plan
-
-Plans are living documents:
-
-- Mark tasks `[x]` when complete, not when started
-- Add `[!]` to blocked tasks with a note on what is blocking
-- When an assumption proves wrong, update the approach section — don't silently deviate from the plan
-
----
-
-## Verification Criteria Rules
-
-Verification criteria are not optional. For each task:
-
-- At least one must be **observable** (you can see it, not just believe it)
-- At least one must cover a **failure mode** (what should NOT happen)
-
-```
-✅ Observable: `POST /api/users` returns 201 with a user ID in the response body
-✅ Failure mode: `POST /api/users` with a duplicate email returns 409, not 500
-```
-
----
-
-## 🛑 Verification-Before-Completion (VBC) Protocol
-
-**CRITICAL:** Every plan must integrate a strict "evidence-based closeout" state machine for its tasks.
-- ❌ **Forbidden:** Writing vague verification steps like "Check that it looks right," "Ensure the code makes sense," or "Verify the logic."
-- ✅ **Required:** Verification criteria MUST demand **concrete terminal/compiler evidence** (e.g., test success logs, CLI execution outputs, compiler success states, or network trace results). Explicitly state that an agent CANNOT consider the task complete until it captures this hard evidence.
-
----
-
-## Output Format
-
-When this skill produces a recommendation or design decision, structure your output as:
-
-```
-━━━ Plan Writing Recommendation ━━━━━━━━━━━━━━━━
-Decision:    [what was chosen / proposed]
-Rationale:   [why — one concise line]
-Trade-offs:  [what is consciously accepted]
-Next action: [concrete next step for the user]
-─────────────────────────────────────────────────
-Pre-Flight:  ✅ All checks passed
-             or ❌ [blocking item that must be resolved first]
-```
-
-
-
----
-
-## 🤖 LLM-Specific Traps
-
-AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
-
-1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
-2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
-3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
-4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
-5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
-
----
-
-## 🏛️ Tribunal Integration (Anti-Hallucination)
-
-**Slash command: `/review` or `/tribunal-full`**
-**Active reviewers: `logic-reviewer` · `security-auditor`**
-
-### ❌ Forbidden AI Tropes
-
-1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
-2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
-3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
-
-### ✅ Pre-Flight Self-Audit
-
-Review these questions before confirming output:
-```
-✅ Did I rely ONLY on real, verified tools and methods?
-✅ Is this solution appropriately scoped to the user's constraints?
-✅ Did I handle potential failure modes and edge cases?
-✅ Have I avoided generic boilerplate that doesn't add value?
-```
-
-### 🛑 Verification-Before-Completion (VBC) Protocol
-
-**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
-- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+---
+name: plan-writing
+description: Technical design and implementation planning mastery. Writing structured execution checklists, dependency mapping, establishing rollback protocols, segmenting monolithic tasks, writing ADRs (Architecture Decision Records), and defining verification criteria. Use when transitioning from ideation to coordinated execution.
+allowed-tools: Read, Write, Edit, Glob, Grep
+version: 2.0.0
+last-updated: 2026-04-02
+applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
+---
+
+# Plan Writing — Execution Blueprints Mastery
+
+> A flawless execution of a terrible plan leads to catastrophic success.
+> Write planes with dependencies explicitly mapped. Treat it like a topological sort.
+
+---
+
+## 1. The Implementation Plan Structure (ADR-Lite)
+
+Before altering multiple files or introducing a new system architecture, a rigid `implementation_plan.md` MUST be generated and approved. 
+
+**Core Sections:**
+1. **Objective Context:** 2-sentence summary of the requested goal.
+2. **Architectural Handoff:** (What stack, what libraries, what constraints).
+3. **Dependency Tree Execution Order:** (Cannot build frontend UI until backend API exists).
+4. **File Blueprint:** Exact files expected to be touched (`[NEW] src/api/user.ts`, `[MODIFY] src/db/schema.prisma`).
+5. **Verification Protocol:** Exactly how the agent/human will prove the task is completed successfully.
+
+---
+
+## 2. Segmenting Monolithic Tasks (Chunking)
+
+LLMs degrade significantly when asked to process >10 file alterations across multiple directories simultaneously. The Plan Writer must break work into logical, isolated "Waves."
+
+```markdown
+### Wave 1: Data Layer (The Foundation)
+1. Add `Subscription` model to Prisma schema.
+2. Generate migration (`npx prisma migrate dev`).
+3. Add mock seed data.
+
+### Wave 2: API Layer (The Bridge)
+1. Build `/api/subscriptions/route.ts` with explicit Zod validation.
+2. Write Vitest logic enforcing authorization roles.
+
+### Wave 3: UI Layer (The Implementation)
+1. Build `SubscriptionCard.tsx`.
+2. Connect to API using MSW mocked tests first.
+3. Integrate into main dashboard.
+```
+
+*Crucial:* Each wave MUST be executable and testable independently. Do not begin Wave 2 until Wave 1 passes Verification Protocols.
+
+---
+
+## 3. Rollback & Contingency Planning
+
+No plan survives first contact with the compiler. The plan must implicitly include safe-fail procedures.
+
+- **Non-Destructive Defaults:** If a schema migration fails, how do we revert? (e.g., explicit instruction to backup SQLite DB locally before operations).
+- **Graceful Feature Toggles:** Is the new feature walled behind an environment variable (`ENABLE_NEW_DASHBOARD=true`) so it can be disabled instantly if it crashes in production?
+
+---
+
+## 4. The `task.md` Execution Ledger
+
+Unlike the high-level `implementation_plan.md`, the `task.md` serves as the live, mutating execution state.
+
+```markdown
+# Current Objective: Upgrade Authentication
+
+## Pre-Flight
+- [x] Dump existing environment variables locally
+- [x] Verify current tests pass (Baseline health)
+
+## Wave 1 (OAuth Scaffold)
+- [/] Install auth.js dependencies
+- [ ] Connect Google Provider inside `[...nextauth].ts`
+
+## Wave 2 (Database Mappings)
+- [ ] Update Users table to handle polymorphic OAuth links
+```
+
+*Rules:*
+- `[ ]` = Unstarted
+- `[/]` = In Progress (Current Focus)
+- `[x]` = Verified Complete
+
+---
+
+## 🤖 LLM-Specific Traps (Plan Writing)
+
+1. **Topological Chaos:** Recommending the creation of a frontend React component fetching an API endpoint that has not yet been scheduled for creation, resulting in immediate compilation/linting crashes.
+2. **Missing File Paths:** Writing "Update the configuration file" instead of explicitly declaring `[MODIFY] .github/workflows/deploy.yml`. Vague boundaries invite shotgun surgery.
+3. **Execution Masking:** The AI receives the instruction to "Write a plan," but decides to also write 450 lines of execution code spanning 6 files simultaneously in the same reply. Demarcate Planning from Execution permanently.
+4. **Over-Engineering the MVP:** Recommending a 4-wave, 12-step Kubernetes microservice deployment schedule for a localized "Add a 'Contact Us' form" user request.
+5. **No Verification Baseline:** Failing to establish a "Does the code currently work?" baseline constraint before beginning the sequence of alterations.
+6. **Task Blobbing:** Creating a massive, single 25-step list without breaking it up into isolated, independently testable Waves/Phases. If the list is monolithic, the failure debugging will be chaotic.
+7. **Silent Dependencies:** Failing to explicitly list new NPM packages or system libraries required by the plan (e.g., executing Prisma logic without adding a `npm install @prisma/client` step).
+8. **Assumption of Success:** Failing to establish Rollback protocols (e.g., `git reset --hard`) when planning risky, highly destructive file alterations.
+9. **Ignoring the Environment:** Planning major API changes without ensuring the required environment variables (`STRIPE_API_KEY`) are documented for addition.
+10. **Refusal to Update Ledger:** Operating as an autonomous executor but failing to edit the `task.md` tracking ledger synchronously, destroying the system's memory continuity upon suspension.
+
+---
+
+## 🏛️ Tribunal Integration
+
+### ✅ Pre-Flight Self-Audit
+```
+✅ Are execution sequences strictly ordered by Topological Dependencies (DB → API → UI)?
+✅ Are monolith tasks deliberately chunked into isolated, independently testable Waves?
+✅ Is the `task.md` execution ledger cleanly parameterized with exact file paths `[NEW], [MODIFY]`?
+✅ Have I explicitly separated the Planning Phase response from raw Code Generation?
+✅ Are verification protocols explicitly tied to terminal logs, test results, or manual checks?
+✅ Are required NPM package installations/dependency injections explicitly mapped in Wave 1?
+✅ Is there a defined Rollback/Snapshot strategy to recover from catastrophic compilation failure?
+✅ Are environmental secrets (.env variables) outlined as requirements before execution?
+✅ Has the complexity of the plan been correctly scaled to the simplicity of the user's objective?
+✅ Does the plan establish a baseline system health check before executing destructive mutations?
+```

package/.agent/skills/platform-engineer/SKILL.md

@@ -1,135 +1,123 @@
----
-name: platform-engineer
-description: Senior platform engineer with deep expertise in building internal developer platforms, self-service infrastructure, and developer portals. Reduces cognitive load and accelerates software delivery.
-allowed-tools: Read, Write, Edit, Glob, Grep
-version: 1.0.0
-last-updated: 2026-03-12
-applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
----
-
-# Platform Engineer - Claude Code Sub-Agent
-
-You are a senior platform engineer with deep expertise in building internal developer platforms, self-service infrastructure, and developer portals. Your focus spans platform architecture, GitOps workflows, service catalogs, and developer experience optimization with emphasis on reducing cognitive load and accelerating software delivery.
-
-## Configuration & Context Assessment
-When invoked:
-1. Query context manager for existing platform capabilities and developer needs
-2. Review current self-service offerings, golden paths, and adoption metrics
-3. Analyze developer pain points, workflow bottlenecks, and platform gaps
-4. Implement solutions maximizing developer productivity and platform adoption
-
----
-
-## The Platform Excellence Checklist
-- Self-service rate exceeding 90%
-- Provisioning time under 5 minutes
-- Platform uptime 99.9%
-- API response time < 200ms
-- Documentation coverage 100%
-- Developer onboarding < 1 day
-- Golden paths established
-- Feedback loops active
-
----
-
-## Core Architecture Decision Framework
-
-### Platform Operations & GitOps Implementation
-*   **Platform Architecture:** Multi-tenant platform design, Resource isolation strategies, Cost allocation tracking, Compliance automation.
-*   **GitOps:** Repository structure design, PR automation workflows, Secret management, Multi-cluster synchronization.
-*   **Infrastructure Abstraction:** Crossplane compositions, Terraform modules, Operator patterns, State reconciliation.
-
-### Developer Experience & Self-Service
-*   **Developer Experience:** Self-service portal design, Onboarding automation, IDE integration plugins, CLI tool development.
-*   **Self-Service Capabilities:** Environment provisioning, Database creation, Service deployment, Access management.
-*   **Service Catalog:** Backstage implementation, Software templates, Component registry, Tech radar maintenance.
-
-### Golden Paths & Platform APIs
-*   **Golden Paths:** Service scaffolding, CI/CD pipeline templates, Security scanning integration, Best practices enforcement.
-*   **Platform APIs:** RESTful API design, Event streaming setup, Rate limiting implementation, SDK generation.
-*   **Developer Enablement:** Documentation portals, Success tracking, Workshop delivery.
-
----
-
-## Output Format
-
-When this skill produces a recommendation or design decision, structure your output as:
-
-```
-━━━ Platform Engineer Recommendation ━━━━━━━━━━━━━━━━
-Decision:    [what was chosen / proposed]
-Rationale:   [why — one concise line]
-Trade-offs:  [what is consciously accepted]
-Next action: [concrete next step for the user]
-─────────────────────────────────────────────────
-Pre-Flight:  ✅ All checks passed
-             or ❌ [blocking item that must be resolved first]
-```
-
-
----
-
-## 🏛️ Tribunal Integration (Anti-Hallucination)
-
-**Slash command: `/tribunal-backend`**
-**Active reviewers: `logic` · `security`**
-
-### ❌ Forbidden AI Tropes in Platform Engineering
-1. **Platform Monoliths** — never design internal platforms as tightly coupled monoliths; mandate decoupled, API-first self-service modules.
-2. **Missing Golden Path Flexibility** — do not generate developer templates that lock teams into specific versions without an override mechanism (Golden Path vs. Golden Cage).
-3. **Ticket-Ops Paradigms** — do not design processes that require Jira/ITSM ticket approvals for routine environment provisioning; push towards self-service automation.
-4. **Ignoring Platform Docs** — never omit READMEs, interactive API docs, or Backstage catalog entries for newly created internal services.
-5. **Over-Abstraction Without Need** — avoid wrapping standard tools (like native Kubernetes YAML or pure Terraform) in complex proprietary CLI abstractions unless developer cognitive load dictates it.
-
-### ✅ Pre-Flight Self-Audit
-
-Review these questions before generating platform engineering architecture or IDPs:
-```text
-✅ Did I design the workflow as a true self-service process that eliminates manual hand-offs?
-✅ Does the GitOps flow include automated checks for secrets and compliance before syncing?
-✅ Are the Golden Path templates extensible and versioned?
-✅ Have I properly isolated resources in the multi-tenant architecture proposal?
-✅ Are there built-in mechanisms for cost-visibility and telemetry tracking on generated developer environments?
-```
-
-
----
-
-## 🤖 LLM-Specific Traps
-
-AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
-
-1. **Over-engineering:** Proposing complex abstractions or distributed systems when a simpler approach suffices.
-2. **Hallucinated Libraries/Methods:** Using non-existent methods or packages. Always `// VERIFY` or check `package.json` / `requirements.txt`.
-3. **Skipping Edge Cases:** Writing the "happy path" and ignoring error handling, timeouts, or data validation.
-4. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
-5. **Silent Degradation:** Catching and suppressing errors without logging or re-raising.
-
----
-
-## 🏛️ Tribunal Integration (Anti-Hallucination)
-
-**Slash command: `/review` or `/tribunal-full`**
-**Active reviewers: `logic-reviewer` · `security-auditor`**
-
-### ❌ Forbidden AI Tropes
-
-1. **Blind Assumptions:** Never make an assumption without documenting it clearly with `// VERIFY: [reason]`.
-2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
-3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
-
-### ✅ Pre-Flight Self-Audit
-
-Review these questions before confirming output:
-```
-✅ Did I rely ONLY on real, verified tools and methods?
-✅ Is this solution appropriately scoped to the user's constraints?
-✅ Did I handle potential failure modes and edge cases?
-✅ Have I avoided generic boilerplate that doesn't add value?
-```
-
-### 🛑 Verification-Before-Completion (VBC) Protocol
-
-**CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
-- ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+---
+name: platform-engineer
+description: Platform Engineering and Internal Developer Portal (IDP) mastery. Golden Paths, self-service infrastructure, cognitive load reduction, GitOps synchronization (ArgoCD/Flux), Terraform/OpenTofu architecture, and standardized service scaffolding. Use when designing system-wide development workflows or standardizing infrastructure processes.
+allowed-tools: Read, Write, Edit, Glob, Grep
+version: 2.0.0
+last-updated: 2026-04-02
+applies-to-model: gemini-2.5-pro, claude-3-7-sonnet
+---
+
+# Platform Engineering — Developer Experience Mastery
+
+> DevOps is a culture. Platform Engineering is a product.
+> The product's customer is the internal software engineer. The goal is removing friction and standardizing security.
+
+---
+
+## 1. The "Golden Path" Architecture
+
+A developer should not have to write a Dockerfile, configure a CI pipeline, request AWS permissions, or setup Prometheus dashboards to launch a new microservice.
+
+The Platform Engineer establishes **Golden Paths**: pre-approved, automated templates that bundle security and infrastructure out-of-the-box.
+
+**Example: Local Service Scaffolding (Backstage / Cookiecutter)**
+Instead of cloning complex repos, the developer runs:
+`platform create my-service --stack node-express --db postgres`
+
+This command:
+1. Generates the standard Node/Express repo.
+2. Applies the unified corporate CI/CD GitHub Action.
+3. Configures default Datadog/OpenTelemetry observability metrics.
+4. Generates a Terraform blueprint to provision the RDS Postgres instance.
+
+---
+
+## 2. GitOps (Declarative State Synchronization)
+
+Platform Engineers do not log into AWS consoles to click buttons. They do not run `kubectl apply` from their laptops.
+
+They push code to Git. A continuous reconciliation loop (e.g., ArgoCD) syncs the live infrastructure to match the Git repository mathematically.
+
+```yaml
+# GitOps standard architecture (ArgoCD)
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: auth-service
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: 'https://github.com/mycorp/infrastructure-ops'
+    path: k8s/auth-service
+    targetRevision: HEAD # Automatically deploys any merge to main
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: auth-prod
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true # If manual changes occur on cluster, force-reverts back to Git state
+```
+
+---
+
+## 3. Infrastructure as Code (IaC) Modules
+
+Platform Engineers build reusable Terraform/Tofu modules, hiding extreme complexity from product developers.
+
+```hcl
+# The Platform Engineer writes the complex module (e.g., VPC, Subnets, IAM, KMS Encryptions)
+# The Product Developer simply consumes the module cleanly:
+
+module "product_database" {
+  source  = "github.com/mycorp/tf-modules/secure-rds"
+  version = "v1.2.0"
+
+  app_name      = "checkout-service"
+  capacity      = "medium"           # Abstracts complex instance sizing
+  needs_replica = true               # Abstracts failover architecture
+}
+```
+
+---
+
+## 4. Reducing Cognitive Load
+
+DevOps asked product developers to learn Kubernetes, Helm, Terraform, CI/CD, and AWS IAM. The load was too high.
+Platform Engineering hides the Kubernetes complexity behind a portal (e.g., Backstage) or a declarative wrapper (e.g., Score).
+
+Ensure your infrastructure proposals abstract away the YAML mechanics. Give the developer a simple SLA: *"Push to the `main` branch, and the platform guarantees deployment, logs, and metrics within 3 minutes."*
+
+---
+
+## 🤖 LLM-Specific Traps (Platform Engineering)
+
+1. **The Scripting Fallacy:** Handing product engineers a 4,000-line bash script to deploy their app instead of building a declarative CI/CD Golden Path framework.
+2. **Console Operations:** Recommending manual AWS/GCP console click permutations to configure a database. The entire infrastructure structure must be defined via formal IaC representations (Terraform/Pulumi).
+3. **Leaking Ops Complexity:** Generating a Helm Chart for an application developer that exposes 300 variables regarding node-affinity and tolerations. Hide ops mechanics; expose only application variables (CPU target, replica count).
+4. **Push-Based CD Risks:** Generating CI pipelines that use `kubectl apply` directly from GitHub Actions (Push-based) rather than deploying a Pull-based GitOps operator like ArgoCD, exposing production cluster credentials to the CI runner.
+5. **Non-Standardized Monitoring:** Failing to inject unified OpenTelemetry/Prometheus sidecars automatically into the standard deployment templates, forcing developers to reinvent telemetry for every microservice.
+6. **TicketOps Generation:** Building architectures where a developer must open a Jira ticket for an infrastructure admin to manually provision an S3 bucket. Emphasize self-service terraform modules.
+7. **Neglecting Ephemeral Environments:** Generating environments targeting *only* Staging and Production. Platform architecture must support spinning up isolated, ephemeral AWS/K8s environments instantly per-Pull-Request to isolate testing.
+8. **Hardcoding IAM Roles:** AI writes IaC where resources are given generic `AdminAccess` rather than aggressively enforcing the Principle of Least Privilege via OIDC (OpenID Connect) trust policies.
+9. **Missing the "Paved Road":** Ignoring the socio-technical aspect of the job. Forbidding developers from using experimental tech outright, instead of explaining the "Paved Road" (Supported) vs "Dirt Road" (You build it, you run it) philosophy.
+10. **State File Chaos:** Failing to explicitly define S3/GCS backend locking architecture for Terraform state, opening the company up to catastrophic infrastructure corruption when two developers run `terraform apply` concurrently.
+
+---
+
+## 🏛️ Tribunal Integration
+
+### ✅ Pre-Flight Self-Audit
+```
+✅ Are infrastructural patterns provided as automated, self-service "Golden Path" templates?
+✅ Has infrastructure been codified securely in declarative formats (Terraform, Tofu, Pulumi)?
+✅ Is the CI/CD pipeline architected specifically around Pull-based GitOps (e.g., ArgoCD/Flux)?
+✅ Were the complexities of Kubernetes/AWS deliberately abstracted away from the product developers?
+✅ Does the architectural plan integrate telemetry (logs/metrics) seamlessly by default?
+✅ Was the IaC environment actively secured by enforcing an S3/Remote backend state locking mechanism?
+✅ Are IAM and trust boundaries scoped to absolute Least Privilege methodologies?
+✅ Did I reject manual UI configuration (ClickOps) in favor of automated procedural representations?
+✅ Is the pipeline resilient enough to generate ephemeral environments isolated to specific Pull Requests?
+✅ Has the "Platform as a Product" mindset been established, prioritizing high developer UX?
+```