universal-dev-standards 5.1.0 → 5.2.0

package/bundled/ai/options/push/single-owner-mode.ai.yaml

@@ -0,0 +1,60 @@
+# Push Option: Single Owner Mode - AI Optimized
+# Parent: push-standards (XSPEC-081)
+# Source: options/push/single-owner-mode.md
+
+id: single-owner-mode
+meta:
+  parent: push-standards
+  version: "1.0.0"
+  updated: "2026-04-24"
+  source: options/push/single-owner-mode.md
+  description: Reduced-friction push mode for personal/solo repositories — removes collaboration guardrails while keeping essential safety checks
+
+best_for:
+  - Personal repositories with sole ownership
+  - Solo open source projects with no external contributors
+  - Forked repositories for personal experimentation
+
+configuration:
+  repo_mode: single-owner
+  protected_branches: [main, master, "release/*", "hotfix/*"]
+  push_gates:
+    default: [lint, test]
+  receipt:
+    output: console
+  auto_pr: false
+
+behaviors:
+  protected_branch_detection:
+    enabled: true
+    confirmation_required: false
+    action: warning_only
+    note: Shows branch name and pending commit count; user proceeds without typing confirmation string
+
+  force_push_guardrail:
+    enabled: true
+    confirmation_required: false
+    action: warning_only
+    shows: commits_count_only
+    note: No author breakdown; records force_push=true in receipt
+
+  pre_push_gates:
+    gates: [lint, test]
+    execution: sequential
+    skip_flag: "--skip-gates"
+    skip_records: gates_skipped=true
+
+  pr_automation:
+    enabled: false
+    auto_pr: false
+    note: No PR prompts after push; use 'gh pr create' manually if needed
+
+  push_receipt:
+    output: console
+    fields: [branch, commit_sha, gates_passed, gates_skipped, force_push, timestamp, target_remote]
+
+comparison_with_team_mode:
+  protected_branch_detection: warning_only  # team: full + confirmation required
+  force_push_guardrail: warning_only        # team: confirmation text required
+  pre_push_gates: identical                 # both: lint + test
+  pr_automation: disabled                  # team: enabled

package/bundled/ai/options/push/team-mode.ai.yaml

@@ -0,0 +1,64 @@
+# Push Option: Team Mode - AI Optimized
+# Parent: push-standards (XSPEC-081)
+# Source: options/push/team-mode.md
+
+id: team-mode
+meta:
+  parent: push-standards
+  version: "1.0.0"
+  updated: "2026-04-24"
+  source: options/push/team-mode.md
+  description: Default push mode with full collaboration guardrails for multi-contributor repositories
+
+best_for:
+  - Team projects with 2+ contributors
+  - Open source repositories accepting external contributions
+  - Projects using protected branch policies
+  - Any repository requiring code review before merge
+
+configuration:
+  repo_mode: team
+  protected_branches: [main, master, "release/*", "hotfix/*"]
+  push_gates:
+    default: [lint, test]
+  receipt:
+    output: console
+  auto_pr: true
+
+behaviors:
+  protected_branch_detection:
+    enabled: true
+    confirmation_required: true
+    action: full_guardrail
+    note: Displays warning banner; user must explicitly confirm before proceeding
+
+  force_push_guardrail:
+    enabled: true
+    confirmation_required: true
+    confirmation_text: "yes, force push"
+    shows: [commits_count, authors]
+    note: User must type confirmation string; records force_push=true in receipt
+
+  pre_push_gates:
+    gates: [lint, test]
+    execution: sequential
+    failure_message: includes_suggested_fix
+    skip_flag: "--skip-gates"
+    skip_records: gates_skipped=true
+
+  pr_automation:
+    enabled: true
+    trigger: push_to_non_protected_branch
+    checks_existing_pr: true
+    no_pr_action: prompt_pr_automation_assistant
+    skip_flag: "--no-pr"
+
+  push_receipt:
+    output: console
+    fields: [branch, commit_sha, gates_passed, gates_skipped, force_push, timestamp, target_remote]
+
+comparison_with_single_owner_mode:
+  protected_branch_detection: full_confirmation_required  # single-owner: warning only
+  force_push_guardrail: confirmation_text_required        # single-owner: warning only
+  pre_push_gates: identical                               # both: lint + test
+  pr_automation: enabled                                  # single-owner: disabled

package/bundled/ai/standards/agent-behavior-discipline.ai.yaml

@@ -0,0 +1,142 @@
+# Agent Behavior Discipline Standards - AI Optimized
+# Source: core/agent-behavior-discipline.md
+# Inspired by: Karpathy X post 2026-01 + andrej-karpathy-skills CLAUDE.md (MIT)
+
+id: agent-behavior-discipline
+meta:
+  version: "1.0.0"
+  updated: "2026-04-24"
+  source: core/agent-behavior-discipline.md
+  description: Four behavioral disciplines for AI agents to elevate from functional to excellent — Ask, Simple, Precision, Test
+  related:
+    - anti-hallucination
+    - anti-sycophancy-prompting
+    - test-driven-development
+    - change-batching-standards
+
+principles:
+  ask:
+    summary: Surface assumptions before executing, not after
+    rule: Before any non-trivial task, explicitly state assumptions and wait for confirmation
+    triggers:
+      - Task has ambiguous requirements or multiple valid interpretations
+      - Confidence score < 0.7 (see epistemic-calibration)
+      - Task involves architecture changes, refactors, or multi-file modifications
+    do:
+      - State all assumptions explicitly before starting
+      - Present multiple interpretations when the prompt is ambiguous
+      - Propose simpler alternatives and challenge requests when appropriate
+      - Name confusion explicitly instead of proceeding with a guess
+      - Push back when a simpler path exists
+    do_not:
+      - Assume silently and proceed
+      - Use "I understand you want..." phrasing to paper over ambiguity
+      - Start executing to demonstrate effort before confirming direction
+    disclosure_format: |
+      My assumptions: [list]
+      Approach considered: [A] vs [B] — choosing A because [reason]
+      If my understanding is incorrect, please redirect before I proceed.
+
+  simple:
+    summary: Minimum code that solves the problem, nothing speculative
+    rule: Solve with the least code required. Never add unrequested functionality.
+    triggers:
+      - Any code generation task
+    do:
+      - Write only what the task requires
+      - Rewrite if the solution could be significantly shorter without loss of clarity
+      - Inline logic that is only used once (no premature abstraction)
+    do_not:
+      - Add features "that might be needed later"
+      - Create single-use abstractions or helper classes
+      - Add speculative flexibility or configuration hooks nobody asked for
+      - Add error handling for scenarios that cannot happen
+    three_strikes_rule: Abstract only when the same logic appears 3+ times (DRY threshold)
+
+  precision:
+    summary: Touch only what the task requires — clean up only your own mess
+    rule: Scope modifications to the minimum set of files and lines required
+    triggers:
+      - Any edit or refactor task
+    do:
+      - Declare scope before editing ("I will modify: X. I will not touch: Y.")
+      - Match the local code style rather than enforcing personal preferences
+      - Flag pre-existing issues found out-of-scope with a verbal note only
+    do_not:
+      - Improve unrelated code, formatting, or comments while on a scoped task
+      - Remove pre-existing dead code outside task scope
+      - Rename symbols not involved in the current change
+      - Remove imports or variables orphaned by someone else's previous change
+    scope_declaration_format: |
+      Modifying: [file list]
+      Not touching: [related but out-of-scope areas]
+      Out-of-scope observation (action deferred): [optional]
+
+  test:
+    summary: Define verifiable success criteria before executing; loop until verified
+    rule: Transform every task into a measurable success criterion before implementation
+    triggers:
+      - Any implementation or bug-fix task
+      - Long-running autonomous agent loops
+    do:
+      - Ask for or define quantifiable success criteria before starting
+      - Write a failing test first (TDD red phase), then implement, then refactor
+      - State multi-step plans with explicit verification checkpoints
+      - Loop autonomously toward the verified goal, recording each iteration's failureSource
+    do_not:
+      - Accept subjective criteria ("make it better", "improve search quality")
+      - Proceed without a stopping condition for autonomous loops
+      - Report completion without demonstrating the success criterion was met
+    vague_criteria_escalation: |
+      If the task uses subjective success language, ask:
+      "What specific metric or observable outcome defines success here?"
+    loop_protocol:
+      max_retries: 5
+      on_stuck: escalate to human with failureSource summary
+      record: failureSource per iteration (see failure-source-taxonomy)
+
+prohibited_behaviors:
+  - id: silent-assumption
+    description: Do NOT make assumptions about ambiguous requirements without stating them
+    correct_action: Use ask.disclosure_format before proceeding
+
+  - id: speculative-feature
+    description: Do NOT implement features that were not explicitly requested
+    correct_action: Implement only the requested scope; mention potential extensions verbally
+
+  - id: scope-creep
+    description: Do NOT modify code outside the declared scope of the task
+    correct_action: Use precision.scope_declaration_format and flag out-of-scope observations verbally
+
+  - id: subjective-success
+    description: Do NOT accept vague success criteria ("better", "improved", "successful")
+    correct_action: Use test.vague_criteria_escalation to obtain a quantifiable criterion
+
+  - id: open-ended-loop
+    description: Do NOT run autonomous correction loops without a defined stopping condition
+    correct_action: Define max_retries and escalation path before starting the loop
+
+agent_application:
+  implementation_tasks:
+    apply: [ask, simple, precision, test]
+    notes: All four principles apply to every non-trivial implementation task
+  refactoring_tasks:
+    apply: [ask, precision, test]
+    notes: Simplicity is a refactor outcome, not a separate check; Precision is critical
+  bug_fix_tasks:
+    apply: [ask, precision, test]
+    notes: Ask to confirm reproduction steps; Precision to avoid scope creep; Test to define "fixed"
+  autonomous_loops:
+    apply: [test]
+    notes: test.loop_protocol is mandatory for any multi-iteration autonomous agent task
+  trivial_tasks:
+    apply: []
+    threshold: confidence >= 0.9 AND task is single-file AND lines_changed < 5
+    notes: Trivial tasks (e.g., adding a comment) may skip ask confirmation
+
+checklist:
+  - Assumptions stated before execution starts
+  - Code solves the problem with minimum required lines
+  - Only declared-scope files were modified
+  - Success criterion is quantifiable and verified
+  - Autonomous loops have max_retries and escalation path defined

package/bundled/ai/standards/checkin-standards.ai.yaml

@@ -147,6 +147,24 @@ standard:
       instruction: AI must NOT auto-execute git add/commit/push, wait for explicit user approval
       priority: required
 
+    - id: project-file-sync
+      trigger: adding a new source file to disk
+      instruction: >
+        For legacy project formats (e.g. .NET Framework .csproj, MSBuild), every
+        source file on disk must also be registered in the project manifest file.
+        Unregistered files are silently excluded from compilation without any error
+        or warning. Run a pre-build or pre-commit check comparing files on disk
+        against project manifest entries; fail fast on any unregistered file.
+      priority: required
+      applicability: legacy_project_formats
+      examples:
+        - ".NET Framework .csproj (ItemGroup/Compile Include)"
+        - "legacy MSBuild project files"
+      evidence: >
+        Real incident (2026-04): ADAccountManagerV2.aspx.cs added to disk but not
+        registered in MSPlatform.csproj — silently excluded from build, causing
+        production crash with "Cannot load type" error.
+
 physical_spec:
   type: custom_script
   validator:

package/bundled/ai/standards/test-governance.ai.yaml

@@ -146,3 +146,15 @@ standard:
         System tests should stub external dependencies but use real internal services.
         Use SIT environment for system-level validation.
       priority: recommended
+
+    - id: test-execution-continuity
+      trigger: adding or completing a test case
+      instruction: >
+        A test case must be wired to an automated execution trigger (CI gate, build
+        hook, or scheduled run). A test that exists but is never run provides false
+        confidence and is worse than no test at all. Verify that execution history
+        exists before marking test coverage as complete.
+      priority: required
+      evidence: >
+        BUG-A08 post-mortem (2026-04-20): 22 tests existed in UDS but were never
+        executed by any CI gate, passing silently and masking real failures.

package/bundled/ai/standards/testing.ai.yaml

@@ -113,6 +113,20 @@ standard:
       instruction: Use test doubles sparingly; prefer real implementations when fast enough
       priority: recommended
 
+    - id: e2e-precondition-scope
+      trigger: writing E2E globalSetup or environment pre-checks
+      instruction: >
+        E2E environment pre-checks must verify the health of ALL pages and endpoints
+        under test, not just the authentication entry point. A smoke check that only
+        validates the login page will silently pass even when feature pages return
+        HTTP 500. Maintain an explicit list of pages covered by the suite and verify
+        each returns a non-5xx response before running tests.
+      priority: recommended
+      evidence: >
+        Real incident (2026-04): E2E globalSetup only checked Login.aspx health;
+        feature page returned 500 silently — full E2E suite passed with false
+        confidence, masking a production crash.
+
 physical_spec:
   type: custom_script
   validator:

package/bundled/core/agent-behavior-discipline.md

@@ -0,0 +1,178 @@
+# Agent Behavior Discipline
+
+> **Language**: English | [繁體中文](../locales/zh-TW/core/agent-behavior-discipline.md)
+
+**Version**: 1.0.0
+**Last Updated**: 2026-04-24
+**Applicability**: All AI agent implementations using UDS-compliant harnesses
+**Scope**: universal
+**Industry Standards**: Informed by Karpathy 2026-01 observations + andrej-karpathy-skills (MIT)
+
+---
+
+## Purpose
+
+This standard defines four behavioral disciplines for AI agents that elevate performance from "functional" to "excellent". These disciplines address the most common failure modes observed in production LLM coding agents:
+
+1. **Executing on wrong assumptions** — agent proceeds without confirming direction
+2. **Over-engineering** — agent writes 200 lines when 50 would suffice
+3. **Scope creep** — agent "helpfully" modifies unrelated code
+4. **Goalless loops** — agent iterates without a defined stopping condition
+
+The disciplines are designed to be stackable with existing UDS standards (`anti-hallucination`, `anti-sycophancy-prompting`, `test-driven-development`) and enforceable at the harness level (DevAP `DisciplineConfig`).
+
+---
+
+## Principle 1: Ask — Surface Assumptions Before Executing
+
+### Rule
+
+Before any non-trivial task, explicitly state all assumptions and wait for confirmation.
+
+### When to Apply
+
+| Condition | Action |
+|-----------|--------|
+| Ambiguous requirements or multiple valid interpretations | Use Disclosure Format (below) |
+| Confidence score < 0.7 | Pause and ask |
+| Architecture changes or multi-file modifications | Always disclose |
+| Single-file trivial change (confidence ≥ 0.9, < 5 lines) | May skip confirmation |
+
+### Disclosure Format
+
+```
+My assumptions: [explicit list]
+Approach considered: [A] vs [B] — choosing A because [reason]
+If my understanding is incorrect, please redirect before I proceed.
+```
+
+### Why This Matters
+
+Karpathy observed: *"Models make wrong assumptions, don't seek clarification, and are a little too sycophantic."* A wrong direction costs more tokens to undo than the upfront 3-second check would have taken.
+
+---
+
+## Principle 2: Simple — Minimum Code, Nothing Speculative
+
+### Rule
+
+Solve with the least code required. Never add unrequested functionality.
+
+### Three Strikes Rule (DRY Threshold)
+
+Abstract only when identical logic appears **3 or more times**. A single-use helper is always a premature abstraction.
+
+### DO / DO NOT
+
+| DO | DO NOT |
+|----|--------|
+| ✅ Write only what the task requires | ❌ Add features "that might be needed later" |
+| ✅ Rewrite when a significantly shorter solution exists | ❌ Create single-use abstractions |
+| ✅ Inline logic used only once | ❌ Add speculative configuration hooks |
+| ✅ Skip error handling for impossible scenarios | ❌ Add defensive code for internal invariants |
+
+### Why This Matters
+
+Karpathy observed: *"It will implement 1000 lines of bloated code, and when challenged, immediately cuts it to 100."* If it can be 50 lines, it should be 50 lines from the start.
+
+---
+
+## Principle 3: Precision — Touch Only What the Task Requires
+
+### Rule
+
+Scope modifications to the declared minimum set of files and lines. Clean up only your own mess.
+
+### Scope Declaration Format
+
+Before any edit, output:
+```
+Modifying: [file list]
+Not touching: [related but out-of-scope areas]
+Out-of-scope observation (action deferred): [optional — verbal only, no edit]
+```
+
+### DO / DO NOT
+
+| DO | DO NOT |
+|----|--------|
+| ✅ Match existing local code style | ❌ Improve unrelated code "while I'm here" |
+| ✅ Flag pre-existing issues verbally | ❌ Remove dead code you didn't create |
+| ✅ Remove only imports orphaned by YOUR change | ❌ Rename symbols not in your task scope |
+| ✅ Declare scope before starting | ❌ Format unrelated code to match your preferences |
+
+### Why This Matters
+
+Karpathy observed agents that *"alter code it doesn't understand, and then things break"*. Precision prevents untraceable side effects and keeps diffs reviewable.
+
+---
+
+## Principle 4: Test — Define Success Criteria, Loop Until Verified
+
+### Rule
+
+Transform every task into a measurable, verifiable success criterion before implementation.
+
+### TDD Flow
+
+```
+Define success criterion → Write failing test (Red) → Implement (Green) → Refactor → Verify
+```
+
+### Vague Criteria Escalation
+
+If the task uses subjective language ("make it better", "improve search quality"):
+> "What specific metric or observable outcome defines success here?"
+
+Never proceed with a subjective stopping condition.
+
+### Autonomous Loop Protocol
+
+| Parameter | Value |
+|-----------|-------|
+| max_retries | 5 (default; configurable via DisciplineConfig) |
+| Per-iteration logging | Record `failureSource` (see failure-source-taxonomy) |
+| On stuck (same error fingerprint) | Escalate to human with failureSource summary |
+
+### Why This Matters
+
+Karpathy's strongest principle: *"LLMs excel at looping toward specific goals — provide success criteria rather than directives."* Without a verifiable goal, an autonomous agent loop has no natural stopping point.
+
+---
+
+## Integration with Other UDS Standards
+
+| Standard | Relationship |
+|----------|-------------|
+| `anti-hallucination` | Ask principle: disclose when uncertain rather than guessing |
+| `anti-sycophancy-prompting` | Ask principle: don't assume, push back when warranted |
+| `test-driven-development` | Test principle: TDD is the operational implementation |
+| `change-batching-standards` | Precision principle: scope limits reinforce batching logic |
+| `failure-source-taxonomy` | Test principle: loop protocol uses failureSource taxonomy |
+| `recovery-recipe-registry` | Test principle: max_retries maps to recovery recipe escalation |
+
+---
+
+## Enforcement at Harness Level (DevAP)
+
+`DisciplineConfig` in DevAP `src/types.ts`:
+
+```typescript
+interface DisciplineConfig {
+  ask_threshold: number;           // Confidence below this triggers Ask disclosure (default: 0.6)
+  max_loop_retries: number;        // Autonomous loop ceiling (default: 5)
+  precision_scope: 'strict' | 'relaxed'; // strict = always declare scope
+}
+```
+
+The `assumptionCheckGate()` in `src/orchestrator.ts` evaluates task complexity against `ask_threshold` before dispatching to the agent.
+
+---
+
+## Checklist
+
+- [ ] Assumptions stated before execution starts
+- [ ] Code solves the problem with minimum required lines
+- [ ] Only declared-scope files were modified
+- [ ] Success criterion is quantifiable and verified
+- [ ] Autonomous loops have `max_retries` and escalation path defined

package/bundled/core/checkin-standards.md

@@ -2,8 +2,8 @@
 
 > **Language**: English | [繁體中文](../locales/zh-TW/core/checkin-standards.md)
 
-**Version**: 1.5.0
-**Last Updated**: 2026-03-18
+**Version**: 1.6.0
+**Last Updated**: 2026-04-20
 **Applicability**: All software projects using version control
 **Scope**: partial
 **Industry Standards**: SWEBOK v4.0 Chapter 6
@@ -906,6 +906,25 @@ obj/
 node_modules/
 ```
 
+### Legacy Project File Sync (project-file-sync)
+
+> **Applicability**: .NET Framework, MSBuild `.csproj`, and any legacy format that requires explicit file registration.
+
+Legacy project formats (e.g. `.NET Framework .csproj`) do **not** auto-include source files on disk — every file must be explicitly listed in the project manifest. Unregistered files are **silently excluded from compilation** with no error or warning.
+
+**Risk**: You add a new `.cs`/`.aspx.cs` file, rebuild the DLL — the file is excluded. Tests pass (they're testing the old DLL). Production crashes with "Cannot load type".
+
+**Pre-commit check**:
+
+```bash
+# Find .cs files on disk not registered in .csproj
+comm -23 \
+  <(find . -name "*.cs" | sort) \
+  <(grep -oP '(?<=Include=")[^"]+\.cs' MyProject.csproj | sort)
+```
+
+**Rule**: If your project uses a legacy format, run a disk-vs-manifest comparison before every commit. Fail fast on any unregistered file.
+
 ---
 
 ## Common Violations and Solutions

package/bundled/core/test-governance.md

@@ -2,6 +2,8 @@
 
 > **Language**: English | [繁體中文](../locales/zh-TW/core/test-governance.md)
 
+**Version**: 1.1.0
+**Last Updated**: 2026-04-20
 **Applicability**: All software projects
 **Scope**: universal
 
@@ -121,6 +123,7 @@ Release completion criteria (checked before release):
 | enforce-completion-criteria | Completing a task or feature | Verify all required completion criteria are met before marking task/feature as done | Required |
 | pyramid-compliance | Planning test strategy | Follow the 70/20/7/3 pyramid ratio as a guideline. Deviation is acceptable with documented justification | Required |
 | sit-isolation | Running system tests | System tests should stub external dependencies but use real internal services. Use SIT environment for system-level validation | Recommended |
+| test-execution-continuity | Adding or completing a test case | A test case must be wired to an automated execution trigger (CI gate, build hook, or scheduled run). A test that exists but is never run provides false confidence and is worse than no test at all. Verify that execution history exists before marking test coverage as complete. | Required |
 
 ---
 

package/bundled/core/testing-standards.md

@@ -2,8 +2,8 @@
 
 > **Language**: English | [繁體中文](../locales/zh-TW/core/testing-standards.md)
 
-**Version**: 3.1.0
-**Last Updated**: 2026-03-24
+**Version**: 3.2.0
+**Last Updated**: 2026-04-20
 **Applicability**: All software projects
 **Scope**: universal
 **Industry Standards**: ISTQB CTFL v4.0, ISO/IEC/IEEE 29119
@@ -231,6 +231,29 @@ This standard defines actionable testing rules and conventions for AI agents and
 e2e/[feature]/[scenario].[ext]
 ```
 
+#### E2E Precondition Scope (e2e-precondition-scope)
+
+E2E environment pre-checks (`globalSetup`, `beforeAll`) must verify the health of **all pages and endpoints under test**, not just the authentication entry point.
+
+**Anti-pattern** — login-only health check:
+```ts
+// ❌ Passes even when feature pages return 500
+await page.goto('/login');
+expect(response.status()).toBe(200);
+```
+
+**Required pattern** — explicit coverage list:
+```ts
+// ✅ Verify all pages covered by the suite
+const PAGES_UNDER_TEST = ['/login', '/dashboard', '/feature-x'];
+for (const path of PAGES_UNDER_TEST) {
+  const res = await fetch(`${BASE_URL}${path}`);
+  expect(res.status).toBeLessThan(500); // fail fast on 5xx
+}
+```
+
+> **Evidence**: Real incident — E2E `globalSetup` only checked `Login.aspx`; a feature page returned HTTP 500 silently. The full E2E suite passed with false confidence, masking a production crash.
+
 ---
 
 ## Test Doubles

package/bundled/core/versioning.md

@@ -237,7 +237,7 @@ Directories excluded from version control will not be committed, so they should
 | Category | Common Directories/Files | Reason |
 |----------|-------------------------|--------|
 | AI Collaboration Tools | `.claude/`, `.cursor/`, `.ai/` | Local development aids, not in version control |
-| Development Standards | `.standards/`, `docs/internal/` | Local standard docs, not in version control |
+| Development Standards | `.standards/` | Local standard docs, not in version control |
 | Build Outputs | `dist/`, `build/`, `out/` | Build artifacts, not in version control |
 | Large Data | `data/`, `datasets/` | Data files, not in version control |
 

package/bundled/locales/zh-CN/CHANGELOG.md

@@ -1,8 +1,8 @@
 ---
 source: ../../CHANGELOG.md
-source_version: 5.1.0
-translation_version: 5.1.0
-last_synced: 2026-04-20
+source_version: 5.2.0
+translation_version: 5.2.0
+last_synced: 2026-04-24
 status: current
 ---
 
@@ -17,6 +17,44 @@ status: current
 
 ## [Unreleased]
 
+## [5.2.0] - 2026-04-24
+
+> **次版本发布**：三项新标准/技能（XSPEC-080/081/082）—— `/release package` 子命令、`/push` 质量守门 Skill、以及 `agent-behavior-discipline` 标准（Karpathy 四大原则：问/减/准/测）。Bundle 一致性加固。文档集中至 dev-platform。标准总数：74。
+
+### 新增
+- **`agent-behavior-discipline.ai.yaml`**（Trial 试验期至 2026-10-24，XSPEC-082 / DEC-048）：新治理标准，系统化整合 Andrej Karpathy 提炼的四大 AI Agent 行为纪律——问（执行前揭露假设）、减（最小充分代码）、准（精准修改边界）、测（定义可验证成功标准 + 自我修正循环）。已加入 `uds-manifest.json`（第 74 个标准）及 `cli/standards-registry.json`。
+- **`/push` Skill**（`skills/push/`，XSPEC-081）：Git Push 质量守门与跨人协作护栏——受保护分支检测、force-push 护栏、pre-push gate 验证、push 审计日志、PR 集成入口。包含两个配置选项：`options/push/single-owner-mode.ai.yaml`（单人仓库简化护栏）和 `options/push/team-mode.ai.yaml`（团队全护栏，需确认）。
+- **`/release package` 子命令**（`skills/release/`，XSPEC-080）：10 种目标格式的打包指引——npm/Node.js、Python/PyPI、Go 二进制、Electron App、Homebrew（Wave 1）+ Rust/Cargo、Tauri 桌面、Docker 镜像、VS Code Extension、GitHub Release 资产（Wave 2）。检测优先设计：自动检测项目类型再套用打包步骤。
+
+### 修正
+- **Bundle 一致性**（XSPEC-072 Phase 2）：解决 `ai/standards/` 与 `bundle/` 之间的差异——74 个标准现在全部纳入 bundle。CI 硬性失败（exit 1）于任何差异，防止静默的 bundle 落差。
+- **i18n NO META frontmatter**（BUG-A06）：补齐 36 个翻译文件缺少的 YAML frontmatter，修复翻译同步验证误报。
+
+### 变更
+- **文档集中化（DEC-047 Batch 2）**：UDS 规划/治理文档已迁移至 AsiaOstrich dev-platform 规划中心，不再随 UDS 发布：
+  - `docs/AI-AGENT-ROADMAP.md`、`docs/OPERATION-WORKFLOW.md`、`docs/internal/` 下四份文档已移除
+  - `locales/zh-TW/docs/`、`locales/zh-CN/docs/` 副本亦已移除
+
+[5.2.0]: https://github.com/AsiaOstrich/universal-dev-standards/compare/v5.1.1...v5.2.0
+
+## [5.1.1] - 2026-04-20
+
+> **补丁版本**：Windows CI 修正、53 个 SKILL.md 补 `name` 字段、三份 `.md` 源文件依 BUG-A08 事后分析新增规则、zh-TW/zh-CN 翻译同步。
+
+### 修正
+- **`cli/src/utils/directory-mapper.js`**：以 `path.basename(dir)` 取代 `dir.split('/').pop()`，修正 Windows CI 路径分隔符兼容性问题（修复 Windows CI runner 上 `directory-mapper.test.js` 测试失败）。
+
+### 新增
+- **`name` 字段** 补齐至 9 个源目录 `skills/*/SKILL.md` 及 44 个 `locales/zh-TW/skills/*/SKILL.md`，符合 Skill 验证工具需求。
+
+### 变更
+- **`core/test-governance.md`** 1.0.0 → 1.1.0：新增 `test-execution-continuity` 规则（BUG-A08 事后分析 — 22 个测试存在但未连接任何 CI 执行触发器）。
+- **`core/checkin-standards.md`** 1.5.0 → 1.6.0：新增旧版项目文件同步（`project-file-sync`）章节 — 磁盘上的每个源文件必须注册于旧版项目 manifest 中。
+- **`core/testing-standards.md`** 3.1.0 → 3.2.0：新增 E2E 前置条件范围（`e2e-precondition-scope`）章节 — E2E 前置检查必须验证所有受测页面/端点，而非仅验证认证入口。
+- **zh-TW 与 zh-CN 翻译** 已同步 `test-governance.md`、`checkin-standards.md`、`testing-standards.md` 三份文件。
+
+[5.1.1]: https://github.com/AsiaOstrich/universal-dev-standards/compare/v5.1.0...v5.1.1
+
 ## [5.1.0] - 2026-04-20
 
 > **正式版**：BUG-A06 i18n 完整性 — 新增 32 份缺失翻译、Semver 感知翻译闸门、新增 `translation-lifecycle-standards` UDS 标准。BUG-A07 Shell 测试覆盖 — 20+ 脚本的 bats smoke tests。BUG-A08 假通过测试审计 — 修正 22 个测试。Pre-release Batch 0：6 个标准从 Trial 升至 Adopt（DEC-021/025/031/035/038/040）。标准总数：106 个。