yadflow 1.4.0 → 2.0.1

package/skills/{sdlc-hub-bridge → yad-hub-bridge}/SKILL.md

@@ -1,27 +1,27 @@
 ---
-name: sdlc-hub-bridge
-description: 'The templated PR/MR bridge for the front-half review gate. When the product hub has a platform (.sdlc/hub.json), it opens a review PR/MR on the hub for an authored artifact (the optional analysis / epic / architecture+contract / ui-design / stories), sets the required reviewers/labels from the routing rule, and provides the read-only gh/glab recipes that sdlc-review-gate uses to pull platform comments + approvals back into the file ledger. Can also wire event-driven sync on the hub: a CI workflow that runs `sdlc gate ci` whenever a reviewer approves / requests changes / a human merges, committing the ledger to the default branch. Local-user auth only — no stored tokens. The file ledger stays the source of truth; degrades to the file-only gate when there is no platform / no CLI. Use when the user says "open the review PR", "route the review", "wire the gate sync", or it is invoked by sdlc-review-gate open/sync.'
+name: yad-hub-bridge
+description: 'The templated PR/MR bridge for the front-half review gate. When the product hub has a platform (.sdlc/hub.json), it opens a review PR/MR on the hub for an authored artifact (the optional analysis / epic / architecture+contract / ui-design / stories), sets the required reviewers/labels from the routing rule, and provides the read-only gh/glab recipes that yad-review-gate uses to pull platform comments + approvals back into the file ledger. Can also wire event-driven sync on the hub: a CI workflow that runs `yad gate ci` whenever a reviewer approves / requests changes / a human merges, committing the ledger to the default branch. Local-user auth only — no stored tokens. The file ledger stays the source of truth; degrades to the file-only gate when there is no platform / no CLI. Use when the user says "open the review PR", "route the review", "wire the gate sync", or it is invoked by yad-review-gate open/sync.'
 ---
 
 # SDLC — Hub Review Bridge (the templated PR/MR bridge)
 
 **Goal:** Run the front-half review/comment/approval cycle through a **real PR/MR on the product hub**,
 without changing the gate's predicate or making the file ledger optional. The bridge is an **alternate
-input path** into `sdlc-review-gate`: it opens a review PR for an artifact, reviewers approve/comment on
+input path** into `yad-review-gate`: it opens a review PR for an artifact, reviewers approve/comment on
 the platform with **their own** `gh`/`glab` auth, and the gate's `sync` action (which calls this skill's
 read recipes) maps that platform state into `approvals.json` / `comments.json` / `reviews/*.md`, then
 runs the **unchanged** predicate. The file ledger remains the source of truth.
 
-This skill owns the **branch/PR mechanics + the gh/glab recipes** (mirroring how `sdlc-pr-template`
-keeps platform mechanics out of the gate). `sdlc-review-gate` *calls* it; it never advances a step.
+This skill owns the **branch/PR mechanics + the gh/glab recipes** (mirroring how `yad-pr-template`
+keeps platform mechanics out of the gate). `yad-review-gate` *calls* it; it never advances a step.
 
 ## Conventions
 
 - `{project-root}` is the **product hub**. Hub platform + reviewer roster live in `.sdlc/hub.json`
-  (`config.yaml` `hub.config`; schema in `../sdlc-connect-repos/references/hub-config.md`).
+  (`config.yaml` `hub.config`; schema in `../yad-connect-repos/references/hub-config.md`).
 - Per-step review-PR record: `epics/EP-<slug>/.sdlc/hub-prs.json` (`config.yaml` `hub.pr_ledger`) — a
   sibling ledger to `approvals.json`, so `state.json`'s locked step shape is untouched.
-- The review-PR body is the hub template from `sdlc-pr-template` (`templates/hub/<platform>/…`).
+- The review-PR body is the hub template from `yad-pr-template` (`templates/hub/<platform>/…`).
 - Branch per artifact: `review/EP-<slug>/<artifact-base>` (`config.yaml` `hub.artifact_branch`).
 - **Local-user auth only; store no tokens.** Use the user's own `gh`/`glab`. If neither is installed/
   authenticated, STOP this path and tell the gate to fall back to file-only — never embed a credential.
@@ -31,7 +31,7 @@ keeps platform mechanics out of the gate). `sdlc-review-gate` *calls* it; it nev
 - `epic`     — the `EP-<slug>` under review.
 - `artifact` — the artifact file (`analysis.md` | `epic.md` | `architecture.md` | `ui-design.md` | `stories/`).
 - `action`   — `open` | `route` | `wire` (default `route`). (`sync`'s ledger writes live in
-  `sdlc-review-gate`; this skill provides the read recipes `sync` calls — see `references/bridge.md`.)
+  `yad-review-gate`; this skill provides the read recipes `sync` calls — see `references/bridge.md`.)
 
 ## Preconditions (the bridge runs only when all hold)
 
@@ -44,7 +44,7 @@ gate proceeds **file-only** (no error) and stop.
 ### Step 1 — Resolve platform + routing
 Read `.sdlc/hub.json` for the platform and roster, `epics/<epic>/epic.md` for `repos` + `owner`, and the
 matching `review+approve` step's `risk_tags` from `.sdlc/state.json`. Compute the **required reviewers**
-with `route` (below) — the same rule `sdlc-review-gate` enforces: base (owner + 1 reviewer); escalated
+with `route` (below) — the same rule `yad-review-gate` enforces: base (owner + 1 reviewer); escalated
 (`risk_tags` ∩ {contract,auth,payments}, or the stories step) adds a domain-owner per touched repo. Map
 each required domain-owner to a platform `login` via the roster (a roster `name` equal to a repo's
 `domain_owner` in `repos.json` is that repo's domain-owner).
@@ -53,7 +53,7 @@ each required domain-owner to a platform `login` via the roster (a roster `name`
 1. From the hub default branch, create `review/EP-<slug>/<artifact-base>` and ensure the artifact file
    (and, for architecture, `contract.md` + `.sdlc/contract-lock.json`) is committed on it. Push as the
    local user.
-2. Open the PR/MR with `gh`/`glab` using the hub body template (`sdlc-pr-template` `templates/hub/…`),
+2. Open the PR/MR with `gh`/`glab` using the hub body template (`yad-pr-template` `templates/hub/…`),
    filled with the epic, artifact, gate step, owner, `epic.repos`, and the step's risk tags.
 3. **Request the required reviewers** (their logins) and add a `domain:<repo>` label per touched repo so
    per-repo routing is legible on the PR.
@@ -63,7 +63,7 @@ each required domain-owner to a platform `login` via the roster (a roster `name`
      "number": <n>, "url": "<pr/mr url>", "branch": "review/EP-<slug>/<artifact-base>", "lastSyncedAt": null }
    ```
 5. Report the PR/MR URL and the required reviewers. **Do not** record approvals or advance — reviewers
-   act on the platform; `sdlc-review-gate action: sync` pulls it back.
+   act on the platform; `yad-review-gate action: sync` pulls it back.
 
 ### Step 3 — `route` (print required reviewers)
 Compute and print the required reviewers as above. Use `templates/checks/hub-route.sh <body>` to parse a
@@ -72,18 +72,18 @@ PR/MR body's Impact & Risk block when given one; otherwise derive from `epic.rep
 
 ### Step 4 — `wire` (event-driven sync on the hub)
 Install the hub CI that turns platform actions — a review **approval**, a **change request**, a review
-dismissal, or the human **merge** — into an automatic `sdlc gate ci` run that syncs the ledger and
-commits it to the hub's default branch. No more waiting on a manual `sdlc gate sync`; the manual command
+dismissal, or the human **merge** — into an automatic `yad gate ci` run that syncs the ledger and
+commits it to the hub's default branch. No more waiting on a manual `yad gate sync`; the manual command
 remains valid and is the fallback whenever CI cannot push.
 
-1. Run `sdlc check --fix` (the wiring is manifest-driven, like `sdlc-checks`): with a platform +
+1. Run `yad check --fix` (the wiring is manifest-driven, like `yad-checks`): with a platform +
    enabled bridge in `.sdlc/hub.json` it installs
-   - GitHub → `.github/workflows/sdlc-gate-sync.yml` (from `templates/github/sdlc-gate-sync.yml`)
-   - GitLab → `.gitlab/ci/sdlc-gate-sync.yml` (from `templates/gitlab/sdlc-gate-sync.gitlab-ci.yml`)
+   - GitHub → `.github/workflows/yad-gate-sync.yml` (from `templates/github/yad-gate-sync.yml`)
+   - GitLab → `.gitlab/ci/yad-gate-sync.yml` (from `templates/gitlab/yad-gate-sync.gitlab-ci.yml`)
    - plus the hub-side **verified-commits** gate (`checks/verified-commits.sh` + its workflow/fragment,
-     owned by `sdlc-checks`) so review PRs accept only signed commits from roster-known authors
+     owned by `yad-checks`) so review PRs accept only signed commits from roster-known authors
 2. **GitLab only — two one-time steps** (see the fragment's header for the exact recipes):
-   - add `include: - local: '.gitlab/ci/sdlc-gate-sync.yml'` to the root `.gitlab-ci.yml`, or write
+   - add `include: - local: '.gitlab/ci/yad-gate-sync.yml'` to the root `.gitlab-ci.yml`, or write
      `templates/gitlab/gitlab-ci.include-root.yml` as the root when none exists;
    - create the 15-minute pipeline **schedule** (variable `SDLC_GATE_SYNC=true`) and the masked
      `SDLC_GATE_TOKEN` project-access-token variable (`read_api` + `write_repository`). GitLab fires no
@@ -91,17 +91,17 @@ remains valid and is the fallback whenever CI cannot push.
      latency); MR events and the merge are near-immediate.
 3. Commit the workflow to the hub. GitHub needs nothing else — the ephemeral `github.token` reads the
    PR and pushes the ledger. If the default branch is protected, see the workflow header for the
-   bypass / PAT options; until then the run fails visibly and manual `sdlc gate sync` still works.
+   bypass / PAT options; until then the run fails visibly and manual `yad gate sync` still works.
 
 ## Hard rules
 
 - **Local-user auth only; store no tokens.** Reviewers use their own `gh`/`glab`.
 - **The bridge is an input path, never the authority.** It opens PRs and reads state; the **file ledger
-  is the source of truth** and the gate predicate (in `sdlc-review-gate`) is unchanged.
+  is the source of truth** and the gate predicate (in `yad-review-gate`) is unchanged.
 - **The bridge never approves on a reviewer's behalf.** Reviewers approve/merge with their own auth. The
   step advances when a human **merges** the approved, fully-resolved review PR (the merge is that human
-  act) — `sdlc gate sync` records the approvals + resolution + merged state and advances; unresolved
-  comments or a changed artifact hold it `in_review`. The mechanical sync is the `sdlc gate` CLI.
+  act) — `yad gate sync` records the approvals + resolution + merged state and advances; unresolved
+  comments or a changed artifact hold it `in_review`. The mechanical sync is the `yad gate` CLI.
 - **CI never approves and never merges.** The wired workflow only runs `gate ci` — the same sync +
   unchanged predicate — and commits the **ledger files only** to the default branch; the artifact lands
   on the default branch exclusively via the human merge. Front gates stay permanently human.
@@ -115,5 +115,5 @@ remains valid and is the fallback whenever CI cannot push.
 - PR-body→ledger mapping, the read-only gh/glab recipes, idempotent re-sync, contract re-lock handling:
   `references/bridge.md`.
 - Roster schema, login→role resolution, unverified-login fallback, per-repo routing: `references/login-roster.md`.
-- The gate this feeds (open hook + sync action + unchanged predicate): `../sdlc-review-gate/SKILL.md`, `../sdlc-review-gate/references/gating.md`.
-- The hub PR/MR body template + the code-repo routing analogue: `../sdlc-pr-template/`.
+- The gate this feeds (open hook + sync action + unchanged predicate): `../yad-review-gate/SKILL.md`, `../yad-review-gate/references/gating.md`.
+- The hub PR/MR body template + the code-repo routing analogue: `../yad-pr-template/`.

package/skills/{sdlc-hub-bridge → yad-hub-bridge}/references/bridge.md

@@ -1,7 +1,7 @@
 # The bridge — PR/MR ↔ ledger mapping, read recipes, idempotency
 
 The bridge maps platform review state onto the **same file records** the manual gate writes, so the gate
-predicate (`../sdlc-review-gate/references/gating.md`) runs unchanged. The bridge only changes the
+predicate (`../yad-review-gate/references/gating.md`) runs unchanged. The bridge only changes the
 *input path*; it never changes what passing the gate means.
 
 ## State mapping (platform → ledger)
@@ -72,7 +72,7 @@ comments, replies, the reviewer **resolves** their thread, then `sync` runs agai
 
 - **Merge → advance.** When the reviewer rule is satisfied, every thread is resolved, **and the review
   PR/MR is merged**, `sync` marks the step `done` and unblocks the next step. The merge is the human
-  approval act — there is no separate machine advance. (`sdlc gate sync` performs this deterministically.)
+  approval act — there is no separate machine advance. (`yad gate sync` performs this deterministically.)
 - **Revoke on artifact change.** Each bridge approval is stamped with the content hash it was given
   against (the file bytes; the locked contract surface for architecture). On re-sync, an approval whose
   stamped hash ≠ the current hash is **dropped** — the reviewer must re-approve the changed artifact. A
@@ -82,10 +82,10 @@ comments, replies, the reviewer **resolves** their thread, then `sync` runs agai
 ## Event-driven sync (hub CI)
 
 The `wire` action (SKILL.md Step 4) installs a CI workflow on the hub so the platform events drive
-`sdlc gate ci` instead of waiting on a manual `sdlc gate sync`. The CLI entry is self-sufficient: it
+`yad gate ci` instead of waiting on a manual `yad gate sync`. The CLI entry is self-sufficient: it
 derives the epic + artifact from the `review/EP-<slug>/<artifact-base>` head branch and takes the PR/MR
 number from the event payload — it even upserts the `hub-prs.json` entry when the author never committed
-it, so the first CI commit converges the views. `sdlc gate ci` with no `--branch` sweeps every open
+it, so the first CI commit converges the views. `yad gate ci` with no `--branch` sweeps every open
 review PR (the scheduled path).
 
 | Platform event | CI action |
@@ -115,22 +115,22 @@ across epics touch disjoint files).
   push.
 - Protected default branch (GitHub): prefer a ruleset bypass for Actions; else a fine-grained PAT as
   `SDLC_GATE_TOKEN` passed to `actions/checkout`; else leave it — the run fails **visibly** and manual
-  `sdlc gate sync` remains the fallback. Never wire branch protection that couples the merge itself to
+  `yad gate sync` remains the fallback. Never wire branch protection that couples the merge itself to
   the gate.
 
-**Manual sync stays first-class.** `sdlc gate sync <epic> [artifact]` is unchanged and always valid —
+**Manual sync stays first-class.** `yad gate sync <epic> [artifact]` is unchanged and always valid —
 the CI is the same sync on a trigger, and the file ledger is still the source of truth.
 
 ### Manual end-to-end verification (GitHub)
 
-1. On a scratch hub: `sdlc setup` (platform github, roster with a second account) → `sdlc check --fix`
-   installs `.github/workflows/sdlc-gate-sync.yml`; commit + push it.
-2. Author an epic → `sdlc gate open EP-x epic.md` → the review PR opens.
+1. On a scratch hub: `yad setup` (platform github, roster with a second account) → `yad check --fix`
+   installs `.github/workflows/yad-gate-sync.yml`; commit + push it.
+2. Author an epic → `yad gate open EP-x epic.md` → the review PR opens.
 3. Second account **approves** → the Actions run commits `approvals.json` to the default branch.
-4. Second account **requests changes** → the run records the blocking comment; `sdlc gate status EP-x`
+4. Second account **requests changes** → the run records the blocking comment; `yad gate status EP-x`
    (after `git pull`) shows the gate held.
 5. Resolve the thread, approve again, a human **merges** → the closed-event run advances `state.json`
    (`epic-review: done`, `currentStep: architecture`).
-6. `git pull` locally — `sdlc gate status EP-x` matches the platform history.
+6. `git pull` locally — `yad gate status EP-x` matches the platform history.
 
 GitLab variant: same flow on an MR; a bare approval appears after the next schedule tick.

package/skills/{sdlc-hub-bridge → yad-hub-bridge}/references/login-roster.md

@@ -2,7 +2,7 @@
 
 The roster lives in `.sdlc/hub.json` (`roster: [...]`) and is the only thing that turns a platform
 **login** into an SDLC **name + role** for the ledger. Schema and the no-tokens rule are documented once
-in `../../sdlc-connect-repos/references/hub-config.md`; this file covers how the bridge *uses* it.
+in `../../yad-connect-repos/references/hub-config.md`; this file covers how the bridge *uses* it.
 
 ## Entry
 
@@ -38,5 +38,5 @@ review PR the bridge makes this legible and enforceable:
   `repos.json[R].domain_owner == roster[L].name`. So a domain owner's approval is scoped to exactly the
   repos they own, and a repo with no approving owner shows up as still-required in the gate report.
 
-This is the same touched-domains computation the gate uses (`../sdlc-review-gate/references/gating.md`):
+This is the same touched-domains computation the gate uses (`../yad-review-gate/references/gating.md`):
 architecture+contract → `epic.repos`; stories → union of story `repos`.

package/skills/{sdlc-hub-bridge → yad-hub-bridge}/templates/checks/hub-route.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
-# Hub review routing — the front-half analogue of sdlc-pr-template's risk-route.sh. Reads a hub review
+# Hub review routing — the front-half analogue of yad-pr-template's risk-route.sh. Reads a hub review
 # PR/MR description's "Impact & Risk (front-half)" block and prints the required reviewers, reusing
-# sdlc-review-gate's rule: base = owner + 1 reviewer; if a risk tag (contract|auth|payments) is set OR
+# yad-review-gate's rule: base = owner + 1 reviewer; if a risk tag (contract|auth|payments) is set OR
 # the artifact is the stories set, ALSO a domain-owner per touched repo. Advisory: it ROUTES the human
 # review; it does not approve or merge.
 set -euo pipefail
@@ -35,7 +35,7 @@ case "$artifact" in *stories*) escalate=yes; why="${why:+$why, }stories per-repo
 
 if [ "$escalate" = "yes" ]; then
   echo "ROUTE: ESCALATED (${why}) -> owner + 1 reviewer PLUS one domain-owner approval per touched repo"
-  echo "       (same escalation as sdlc-review-gate; map each repo to its domain_owner in repos.json)."
+  echo "       (same escalation as yad-review-gate; map each repo to its domain_owner in repos.json)."
   case "$repos" in
     ""|*"<"*|*"…"*|*"|"*)
       echo "  (Repos line not filled in — list each touched repo to route the domain owners.)" ;;

package/skills/{sdlc-hub-bridge/templates/github/sdlc-gate-sync.yml → yad-hub-bridge/templates/github/yad-gate-sync.yml}

@@ -1,20 +1,20 @@
-# sdlc-managed: sdlc-hub-bridge
+# yad-managed: yad-hub-bridge
 # Event-driven gate sync for the PRODUCT HUB. When a reviewer approves, requests changes, or a
-# human merges a review/EP-* PR, this workflow runs `sdlc gate ci`, which maps the platform state
+# human merges a review/EP-* PR, this workflow runs `yad gate ci`, which maps the platform state
 # into the file ledger (epics/<epic>/.sdlc/*.json + reviews/*.md) and commits ONLY those ledger
 # files to the default branch. It never approves and never merges — the merge click remains the
-# human approval act; the gate predicate is the same one `sdlc gate sync` runs locally.
+# human approval act; the gate predicate is the same one `yad gate sync` runs locally.
 #
 # Loop prevention: neither `pull_request_review` nor `pull_request` fires on a push to the default
 # branch, and the ledger commit carries [skip ci] to guard every other workflow.
 #
 # Protected default branch? The github.token push will fail (visibly — the run goes red and manual
-# `sdlc gate sync` still works). Options, in order of preference:
+# `yad gate sync` still works). Options, in order of preference:
 #   a) add a ruleset bypass so GitHub Actions may push to the default branch, or
 #   b) store a fine-grained PAT as the SDLC_GATE_TOKEN secret and pass it to actions/checkout via
 #      `with: { token: ${{ secrets.SDLC_GATE_TOKEN }} }` — the one exception to the bridge's
-#      no-stored-tokens rule; see skills/sdlc-hub-bridge/references/bridge.md.
-name: sdlc-gate-sync
+#      no-stored-tokens rule; see skills/yad-hub-bridge/references/bridge.md.
+name: yad-gate-sync
 on:
   pull_request_review:
     types: [submitted, dismissed]
@@ -28,7 +28,7 @@ permissions:
 # Serialize runs repo-wide so ledger pushes never race; sync reads the FULL platform state each
 # time, so a queued superseded run loses nothing.
 concurrency:
-  group: sdlc-gate-sync
+  group: yad-gate-sync
   cancel-in-progress: false
 
 jobs:
@@ -56,8 +56,8 @@ jobs:
           node-version: "20"
       - name: Sync the gate ledger
         run: |
-          git config user.name  "sdlc-gate-sync[bot]"
-          git config user.email "sdlc-gate-sync[bot]@users.noreply.github.com"
-          npx -y -p yadflow@1 sdlc gate ci \
+          git config user.name  "yad-gate-sync[bot]"
+          git config user.email "yad-gate-sync[bot]@users.noreply.github.com"
+          npx -y -p yadflow@2 yad gate ci \
             --branch "${{ github.event.pull_request.head.ref }}" \
             --pr "${{ github.event.pull_request.number }}"

package/skills/{sdlc-hub-bridge → yad-hub-bridge}/templates/gitlab/gitlab-ci.include-root.yml

@@ -1,7 +1,7 @@
 # SDLC gate sync — minimal root pipeline for the PRODUCT HUB.
-# Written by the sdlc-hub-bridge `wire` action ONLY when the hub has no existing root
+# Written by the yad-hub-bridge `wire` action ONLY when the hub has no existing root
 # `.gitlab-ci.yml`. The job itself lives in the included fragment so the same single source is
 # reused whether or not a root pipeline already exists. If a root later grows real jobs, they
-# coexist with the included sdlc-* job (which carries `needs: []` and no `stage:`).
+# coexist with the included yad-* job (which carries `needs: []` and no `stage:`).
 include:
-  - local: '.gitlab/ci/sdlc-gate-sync.yml'
+  - local: '.gitlab/ci/yad-gate-sync.yml'

package/skills/{sdlc-hub-bridge/templates/gitlab/sdlc-gate-sync.gitlab-ci.yml → yad-hub-bridge/templates/gitlab/yad-gate-sync.gitlab-ci.yml}

@@ -1,12 +1,12 @@
-# sdlc-managed-include: sdlc-hub-bridge
+# yad-managed-include: yad-hub-bridge
 # Event-driven gate sync for the PRODUCT HUB, as an INCLUDABLE fragment. Pulled into the hub's
 # root .gitlab-ci.yml via:
 #   include:
-#     - local: '.gitlab/ci/sdlc-gate-sync.yml'
+#     - local: '.gitlab/ci/yad-gate-sync.yml'
 # so wiring never edits the foreign root pipeline beyond that one include line. The job carries
-# `needs: []` and no `stage:` (same merge-safety as the sdlc-checks fragment).
+# `needs: []` and no `stage:` (same merge-safety as the yad-checks fragment).
 #
-# What it does: run `sdlc gate ci`, which maps MR approvals / change-request discussions / the
+# What it does: run `yad gate ci`, which maps MR approvals / change-request discussions / the
 # merge into the file ledger (epics/<epic>/.sdlc/*.json + reviews/*.md) and commits ONLY those
 # ledger files to the default branch. It never approves and never merges — the merge click remains
 # the human approval act.
@@ -17,7 +17,7 @@
 #     be committed as code): cron `*/15 * * * *` with variable SDLC_GATE_SYNC=true — so an approval
 #     can take up to ~15 minutes to reach the ledger. UI: CI/CD > Schedules, or:
 #       glab api projects/:id/pipeline_schedules -X POST \
-#         -f description='sdlc gate sync' -f ref=main -f cron='*/15 * * * *'
+#         -f description='yad gate sync' -f ref=main -f cron='*/15 * * * *'
 #       glab api "projects/:id/pipeline_schedules/<id>/variables" -X POST \
 #         -f key=SDLC_GATE_SYNC -f value=true
 #
@@ -25,11 +25,11 @@
 # read the approvals API nor push to a protected branch. Create a PROJECT ACCESS TOKEN with
 # `read_api` + `write_repository` (role Developer+, allowed to push to the default branch) and
 # store it as a masked CI/CD variable SDLC_GATE_TOKEN. Without it the job fails visibly and
-# manual `sdlc gate sync` remains the fallback.
+# manual `yad gate sync` remains the fallback.
 variables:
   GIT_DEPTH: "0" # full history: gate ci fetches the review branch and pushes the ledger
 
-sdlc-gate-sync:
+yad-gate-sync:
   needs: []
   image: node:20
   rules:
@@ -47,7 +47,7 @@ sdlc-gate-sync:
     # The ledger lives on the default branch; gate ci overlays the artifact from the review branch itself.
     - git fetch origin "$CI_DEFAULT_BRANCH"
     - git checkout -B "$CI_DEFAULT_BRANCH" "origin/$CI_DEFAULT_BRANCH"
-    - git config user.name "sdlc-gate-sync" && git config user.email "sdlc-gate-sync@noreply.${CI_SERVER_HOST}"
+    - git config user.name "yad-gate-sync" && git config user.email "yad-gate-sync@noreply.${CI_SERVER_HOST}"
     - git remote set-url origin "https://oauth2:${SDLC_GATE_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git"
     - export GITLAB_TOKEN="$SDLC_GATE_TOKEN" GITLAB_HOST="$CI_SERVER_URL"
     - |
@@ -56,9 +56,9 @@ sdlc-gate-sync:
       # catch-all (squash/FF merges whose message omits the branch land there).
       REVIEW_BRANCH="$(printf '%s' "$CI_COMMIT_MESSAGE" | grep -oE 'review/EP-[A-Za-z0-9._/-]+' | head -n1 || true)"
       if [ -n "$CI_MERGE_REQUEST_IID" ]; then
-        npx -y -p yadflow@1 sdlc gate ci --branch "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" --pr "$CI_MERGE_REQUEST_IID"
+        npx -y -p yadflow@2 yad gate ci --branch "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" --pr "$CI_MERGE_REQUEST_IID"
       elif [ -n "$REVIEW_BRANCH" ]; then
-        npx -y -p yadflow@1 sdlc gate ci --branch "$REVIEW_BRANCH"
+        npx -y -p yadflow@2 yad gate ci --branch "$REVIEW_BRANCH"
       else
-        npx -y -p yadflow@1 sdlc gate ci
+        npx -y -p yadflow@2 yad gate ci
       fi

package/skills/{sdlc-implement → yad-implement}/SKILL.md

@@ -1,17 +1,17 @@
 ---
-name: sdlc-implement
-description: 'Build-half Step B of the gated SDLC. With the dev lens, implement ONE atomic task from a story''s Spec Kit tasks.md as a small diff (≤3 files) on its own branch in the code repo. The diff stays inside the files the task declared — flag and STOP if it would grow beyond them. Commit per convention, ending with the task ID; add Contract-Change: yes only if the diff touches the locked contract surface (which routes back to the architecture gate). The step never advances itself; it produces a committed branch and hands off to the check gates, which the orchestrator (sdlc-run) may auto-run once `implement` is earned to machine_advance (Phase 4b Step D) — the merge still needs the gates and the engineer review. Use when the user says "implement task <id>" or after a story is spec''d.'
+name: yad-implement
+description: 'Build-half Step B of the gated SDLC. With the dev lens, implement ONE atomic task from a story''s Spec Kit tasks.md as a small diff (≤3 files) on its own branch in the code repo. The diff stays inside the files the task declared — flag and STOP if it would grow beyond them. Commit per convention, ending with the task ID; add Contract-Change: yes only if the diff touches the locked contract surface (which routes back to the architecture gate). The step never advances itself; it produces a committed branch and hands off to the check gates, which the orchestrator (yad-run) may auto-run once `implement` is earned to machine_advance (Phase 4b Step D) — the merge still needs the gates and the engineer review. Use when the user says "implement task <id>" or after a story is spec''d.'
 ---
 
 # SDLC — Implement Task (build-half Step B)
 
-**Goal:** Turn ONE atomic task from a story's `tasks.md` (produced by Step A `sdlc-spec`) into a small,
+**Goal:** Turn ONE atomic task from a story's `tasks.md` (produced by Step A `yad-spec`) into a small,
 reviewable diff on its own branch in the code repo. **One atomic task = one branch = one PR/MR**
 (build plan §B). This is the **light per-task loop**: it runs once per task; the heavy spec ceremony
 already ran once for the story.
 
 This step **never auto-advances**. When the task is implemented and committed, control passes to the
-**check gates** (Step C — `sdlc-checks`: spec-link, contract-check, build/test/lint) and then human/AI
+**check gates** (Step C — `yad-checks`: spec-link, contract-check, build/test/lint) and then human/AI
 review (Steps D–E, not built yet). Implementation here produces a branch + commit and stops.
 
 The implementing lens is **`dev`** (`bmad-agent-dev`, Amelia). The dev writes only what the task
@@ -45,7 +45,7 @@ declares; it does not redesign, does not widen the contract, and does not pick u
 Read `demo-repos/<repo>/specs/<story>/tasks.md`. Find the block for `<task>` (`## <task> — …`). Read
 its one-line goal and its **Files:** list (the declared file boundary) and the acceptance criterion it
 satisfies. If the task ID is not in `tasks.md`, STOP. Confirm the spec exists (Step A ran); if not,
-STOP and point at `sdlc-spec`.
+STOP and point at `yad-spec`.
 
 ### Step 2 — Resolve the code repo and branch
 Confirm `demo-repos/<repo>/` is its own git repo (`.git` present). From its default branch, create the
@@ -72,11 +72,11 @@ demonstrably met (record the result in the Step 7 report).
 
 **File-boundary rule (hard):** if the implementation genuinely needs a file **not** in the declared
 list, **flag and STOP** — do not silently widen the diff. Report the extra file(s) needed so the
-task's spec can be corrected (re-run `sdlc-spec` / re-scope the task) before implementing. A task whose
+task's spec can be corrected (re-run `yad-spec` / re-scope the task) before implementing. A task whose
 declared files are wrong is a spec bug, not an implementation decision.
 
 This stop is a **scope overrun** — a halt condition that pulls in a human regardless of any automation
-dial. When this step is driven by the orchestrator (`sdlc-run`, Phase 4), the stop must be legible to
+dial. When this step is driven by the orchestrator (`yad-run`, Phase 4), the stop must be legible to
 it: mark the `implement` step `status: blocked` in `build-state/<story>.json` and surface
 `scope_overrun: true` so the run records a `rejected` trust entry and halts (it never advances past a
 boundary breach). The same applies to the Step 5 contract-surface stop (`contract_touch: true`).
@@ -102,12 +102,12 @@ trailers in one contiguous block. Do not commit sibling tasks' work.
 
 ### Step 7 — Report; the advance decision belongs to the dial (Phase 4)
 Report: the branch name, the files changed, how the change satisfies the task's acceptance criterion,
-the result of any test/smoke run, and the next action — the **check gates** (Step C — `sdlc-checks`)
+the result of any test/smoke run, and the next action — the **check gates** (Step C — `yad-checks`)
 then the PR and review (Steps D–E). Do **not** open a PR, merge, or hand-edit the epic's front-half
 `state.json`. Step B ends at a committed task branch.
 
 - **Run standalone:** stop here; a human triggers the gates.
-- **Run by the orchestrator** (`sdlc-run`): this skill still just produces the committed branch and
+- **Run by the orchestrator** (`yad-run`): this skill still just produces the committed branch and
   signals success (or a scope/contract halt). The orchestrator records the `implement` step's status
   and trust entry and, when `implement` is earned to `machine_advance` (Step D, Phase 4b), **auto-runs
   the check gates** instead of waiting for a manual nudge. The diff still cannot merge without the
@@ -115,16 +115,16 @@ then the PR and review (Steps D–E). Do **not** open a PR, merge, or hand-edit
 
 ### Step 8 — Record the `tasks` trust signal on first consume (Phase 4b)
 Resolving a task from `tasks.md` (Step 1) is the moment the generated task list "survives contact" —
-the evidence that could later earn the `tasks` step a `machine_advance`. When driven by `sdlc-run`,
+the evidence that could later earn the `tasks` step a `machine_advance`. When driven by `yad-run`,
 finalize a `tasks` trust entry, anchored to what the human/dev actually did with the list:
 - the task is implemented with its declared `Files:`/scope **as generated** → `approved-unchanged`;
 - the task is **re-scoped** first (its `Files:`/boundary edited) → `approved-with-edits`
   (signal `task_rescoped: true`);
 - the task list is discarded / regenerated → `rejected`.
 Append the entry to `epics/<epic>/.sdlc/trust-log.json` (schema:
-`../sdlc-author-epic/references/state-schema.md`). `tasks` stays `human_approve` until its slice clears
+`../yad-epic/references/state-schema.md`). `tasks` stays `human_approve` until its slice clears
 the threshold — this only *gathers* evidence. (The `implement` step's own verdict is finalized later,
-at the engineer review in `sdlc-ship`: merged as authored → `approved-unchanged`; edited first →
+at the engineer review in `yad-ship`: merged as authored → `approved-unchanged`; edited first →
 `approved-with-edits`; scope/contract/checks halt → `rejected`.)
 
 ## Hard rules (build plan §B, Cross-cutting)
@@ -139,5 +139,5 @@ at the engineer review in `sdlc-ship`: merged as authored → `approved-unchange
 
 ## Reference
 - Branch/commit conventions, the file-boundary rule, the Contract-Change rule: `references/implement-conventions.md`.
-- The task list this step consumes: Step A's `references/spec-handoff.md` (`../sdlc-spec/...`).
-- Contract surface + hash recipe: `../sdlc-author-architecture/references/contract-format.md`.
+- The task list this step consumes: Step A's `references/spec-handoff.md` (`../yad-spec/...`).
+- Contract surface + hash recipe: `../yad-architecture/references/contract-format.md`.

package/skills/{sdlc-implement → yad-implement}/references/implement-conventions.md

@@ -1,6 +1,6 @@
 # Implement conventions — branch, commit, file boundary, contract change
 
-Step B (`sdlc-implement`) turns ONE atomic task into ONE branch and ONE commit in the code repo. These
+Step B (`yad-implement`) turns ONE atomic task into ONE branch and ONE commit in the code repo. These
 conventions are what the later steps (check gates §C, PR template §D, review §E) rely on to trace a
 diff back to its task, story, and contract.
 
@@ -59,10 +59,10 @@ Co-Authored-By: CodeRabbit <noreply@coderabbit.ai>
 
 - Choose the entry whose `id` matches the tool that actually helped author the diff; add more than one
   line if several did. CodeRabbit is a co-author only when it **contributed code**, not when it merely
-  reviewed (that is `ai_review` in `sdlc-ship`).
+  reviewed (that is `ai_review` in `yad-ship`).
 - For a fully human-authored commit, pick `id: none` — i.e. **omit** the trailer. `ai_coauthor.required`
   is `false`, so a missing trailer is valid and no gate fails on it.
-- `sdlc-implement` installs the `.gitmessage` template (`templates/.gitmessage`) and sets
+- `yad-implement` installs the `.gitmessage` template (`templates/.gitmessage`) and sets
   `git config commit.template .gitmessage` in the repo, so these lines are pre-scaffolded (commented) for
   the owner to uncomment.
 
@@ -74,7 +74,7 @@ Each task in `tasks.md` declares a `Files:` list (≤3 where possible). The impl
 1. **Stop.** Do not widen the diff silently.
 2. Report the extra file(s) needed.
 3. Treat it as a **spec bug**: the task's declared files were wrong. Correct the task (re-run
-   `sdlc-spec` / re-scope) so the boundary is right, then implement.
+   `yad-spec` / re-scope) so the boundary is right, then implement.
 
 A diff that quietly spreads beyond the declared files is the single easiest way to smuggle unreviewed
 scope past the gates — hence the hard stop.

package/skills/{sdlc-pr-template → yad-pr-template}/SKILL.md

@@ -1,6 +1,6 @@
 ---
-name: sdlc-pr-template
-description: 'Build-half Step D of the gated SDLC. Detect a code repo''s platform and commit the matching PR/MR template — .github/pull_request_template.md (GitHub) or .gitlab/merge_request_templates/Default.md (GitLab). The template carries an Impact & Risk block; a high risk level (or a touched contract/auth/payments surface) routes the review to domain owners, reusing sdlc-review-gate''s escalation. Includes risk-route.sh to print the required reviewers from a PR body. Never auto-advances. Use when the user says "add the PR template" or "set up the MR template" for a repo.'
+name: yad-pr-template
+description: 'Build-half Step D of the gated SDLC. Detect a code repo''s platform and commit the matching PR/MR template — .github/pull_request_template.md (GitHub) or .gitlab/merge_request_templates/Default.md (GitLab). The template carries an Impact & Risk block; a high risk level (or a touched contract/auth/payments surface) routes the review to domain owners, reusing yad-review-gate''s escalation. Includes risk-route.sh to print the required reviewers from a PR body. Never auto-advances. Use when the user says "add the PR template" or "set up the MR template" for a repo.'
 ---
 
 # SDLC — PR/MR Template (build-half Step D)
@@ -8,7 +8,7 @@ description: 'Build-half Step D of the gated SDLC. Detect a code repo''s platfor
 **Goal:** Commit the platform-correct PR/MR template into a code repo so every PR/MR carries an
 **Impact & Risk** block and a checklist tied to the check gates. A **high** risk level (or a touched
 contract/auth/payments surface) **routes the review to domain owners** — the same escalation
-`sdlc-review-gate` applies on the front-half gates (owner + 1 reviewer, plus one domain-owner per
+`yad-review-gate` applies on the front-half gates (owner + 1 reviewer, plus one domain-owner per
 touched domain). This step **never auto-advances**; it sets up the template and the routing helper.
 
 ## Conventions
@@ -25,10 +25,10 @@ touched domain). This step **never auto-advances**; it sets up the template and
     `templates/hub/github/pull_request_template.md` → `{project-root}/.github/pull_request_template.md`;
     `templates/hub/gitlab/merge_request_templates/Default.md` →
     `{project-root}/.gitlab/merge_request_templates/Default.md`. The hub body carries no `Task:` trailer
-    (hub PRs change artifacts, not code); its routing helper is `sdlc-hub-bridge`'s `hub-route.sh`.
+    (hub PRs change artifacts, not code); its routing helper is `yad-hub-bridge`'s `hub-route.sh`.
 - The Impact & Risk block reuses the conventions of earlier steps: the `Task: <story>-<task>` trailer
-  (`sdlc-implement`), the contract surface (`sdlc-author-architecture` / contract-check), and the
-  domain-owner escalation (`sdlc-review-gate`).
+  (`yad-implement`), the contract surface (`yad-architecture` / contract-check), and the
+  domain-owner escalation (`yad-review-gate`).
 - **PR/MR title.** One atomic task = one branch = one PR/MR, so the title **defaults to that task's
   commit subject** and follows the same Conventional Commits style — `<type>: <lowercase imperative
   description, no trailing period>`, proper nouns/acronyms keep their case (`config.yaml`
@@ -56,7 +56,7 @@ Copy from this skill's `templates/`:
 - GitLab → `templates/gitlab/merge_request_templates/Default.md` to
   `<repo>/.gitlab/merge_request_templates/Default.md`.
 - **`repo: hub`** → use the `templates/hub/<platform>/…` variants, installed into `{project-root}`'s own
-  `.github/`/`.gitlab/`. The hub's routing helper (`hub-route.sh`) is installed by `sdlc-hub-bridge`.
+  `.github/`/`.gitlab/`. The hub's routing helper (`hub-route.sh`) is installed by `yad-hub-bridge`.
 Drop **only the matching** template (drop both only if the repo genuinely uses both). For code repos also
 install `templates/checks/risk-route.sh` to `<repo>/checks/` (`chmod +x`). If the target already has a
 non-SDLC PR/MR template, do not clobber it — back it up / ask. Commit the template on the repo's default
@@ -67,8 +67,8 @@ Run `bash checks/risk-route.sh <body>` to parse the PR description's Impact & Ri
 required reviewers:
 - **low | medium** risk → base rule: owner + 1 reviewer.
 - **high** risk (or a contract/auth/payments surface touched) → base rule **plus** one domain-owner
-  approval per touched domain — identical to `sdlc-review-gate`'s escalation. The actual approvals are
-  recorded by the engineer review (Step E), via `sdlc-review-gate`.
+  approval per touched domain — identical to `yad-review-gate`'s escalation. The actual approvals are
+  recorded by the engineer review (Step E), via `yad-review-gate`.
 
 ### Step 4 — Stop (no auto-advance)
 Report what was committed (or the routing result). The template and routing are advisory inputs to the
@@ -82,5 +82,5 @@ human review (Step E); they do not approve or merge. Do not touch the epic's `.s
 
 ## Reference
 - The Impact & Risk block, the risk levels, and the routing rule: `references/risk-routing.md`.
-- The escalation this reuses: `../sdlc-review-gate/SKILL.md` and its `references/gating.md`.
-- The check gates the checklist references: `../sdlc-checks/references/check-gates.md`.
+- The escalation this reuses: `../yad-review-gate/SKILL.md` and its `references/gating.md`.
+- The check gates the checklist references: `../yad-checks/references/check-gates.md`.

package/skills/{sdlc-pr-template → yad-pr-template}/references/risk-routing.md

@@ -2,7 +2,7 @@
 
 The PR/MR template (Phase 3 build plan §D) carries an **Impact & Risk** block so every change states
 its blast radius before review, and so high-risk changes pull in the right reviewers automatically —
-reusing the escalation `sdlc-review-gate` already applies on the front-half gates.
+reusing the escalation `yad-review-gate` already applies on the front-half gates.
 
 ## The Impact & Risk block
 
@@ -18,7 +18,7 @@ reusing the escalation `sdlc-review-gate` already applies on the front-half gate
   when the change escalates.
 - **Contract surface touched** — `yes` means the diff changes the shared contract surface. That path is
   governed by `contract-check` (needs `Contract-Change: yes` + a re-locked contract) AND it escalates
-  the review (contract is a `sdlc-review-gate` risk tag).
+  the review (contract is a `yad-review-gate` risk tag).
 - **Risk level** — `low | medium | high`. The author's assessment of blast radius.
 - **Rollback plan** — how to revert safely.
 
@@ -29,10 +29,10 @@ reusing the escalation `sdlc-review-gate` already applies on the front-half gate
 | `low` / `medium`, no sensitive surface | **base rule:** owner + 1 reviewer |
 | `high`, OR a touched contract/auth/payments surface | base rule **plus one domain-owner approval per touched domain** |
 
-This is exactly `sdlc-review-gate`'s rule (`references/gating.md`): the base rule is owner + 1
+This is exactly `yad-review-gate`'s rule (`references/gating.md`): the base rule is owner + 1
 reviewer; escalation adds a domain-owner per touched domain. The PR template applies the same logic at
 the code-review boundary so a risky PR cannot be approved by just any two people. The **approvals are
-recorded by the engineer review (Step E) through `sdlc-review-gate`** — the template and `risk-route.sh`
+recorded by the engineer review (Step E) through `yad-review-gate`** — the template and `risk-route.sh`
 only *route* (advisory); they never approve or merge.
 
 ## risk-route.sh
@@ -45,7 +45,7 @@ Risk level: high
 Contract surface touched: no
 Domains touched: backend, mobile
 ROUTE: ESCALATED (risk: high) -> owner + 1 reviewer PLUS one domain-owner approval per touched domain
-       (same escalation as sdlc-review-gate). Required domain owners:
+       (same escalation as yad-review-gate). Required domain owners:
   - domain-owner: backend
   - domain-owner: mobile
 ```

package/skills/{sdlc-pr-template → yad-pr-template}/templates/checks/risk-route.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # Risk routing (Phase 3 build plan §D). Reads a PR/MR description's Impact & Risk block and prints the
-# required reviewers, reusing sdlc-review-gate's escalation: a `high` risk level — or a touched
+# required reviewers, reusing yad-review-gate's escalation: a `high` risk level — or a touched
 # contract/auth/payments surface — requires a domain-owner approval per touched domain, on top of the
 # base rule (owner + 1 reviewer). Advisory: it ROUTES the human review; it does not approve or merge.
 set -euo pipefail
@@ -29,7 +29,7 @@ if [ "$risk" = "high" ] || [ "$contract" = "yes" ]; then
   [ "$risk" = "high" ] && why="risk: high"
   [ "$contract" = "yes" ] && why="${why:+$why, }contract surface touched"
   echo "ROUTE: ESCALATED (${why}) -> owner + 1 reviewer PLUS one domain-owner approval per touched domain"
-  echo "       (same escalation as sdlc-review-gate). Required domain owners:"
+  echo "       (same escalation as yad-review-gate). Required domain owners:"
   case "$domains" in
     ""|*"<"*|*"…"*|*"|"*)
       echo "  (Domains line not filled in — list each touched domain to route the owners.)" ;;

package/skills/{sdlc-pr-template → yad-pr-template}/templates/github/pull_request_template.md

@@ -17,7 +17,7 @@
 
 > **Routing:** `low`/`medium` → base rule (owner + 1 reviewer). `high` (or a touched
 > contract/auth/payments surface) → **plus one domain-owner approval per touched domain**, the same
-> escalation `sdlc-review-gate` applies. Run `bash checks/risk-route.sh <this-description>` to list them.
+> escalation `yad-review-gate` applies. Run `bash checks/risk-route.sh <this-description>` to list them.
 
 ## Testing
 <!-- How the acceptance criteria were exercised. Tests must exercise behavior, not just pass. -->

package/skills/{sdlc-pr-template → yad-pr-template}/templates/gitlab/merge_request_templates/Default.md

@@ -17,7 +17,7 @@
 
 > **Routing:** `low`/`medium` → base rule (owner + 1 reviewer). `high` (or a touched
 > contract/auth/payments surface) → **plus one domain-owner approval per touched domain**, the same
-> escalation `sdlc-review-gate` applies. Run `bash checks/risk-route.sh <this-description>` to list them.
+> escalation `yad-review-gate` applies. Run `bash checks/risk-route.sh <this-description>` to list them.
 
 ## Testing
 <!-- How the acceptance criteria were exercised. Tests must exercise behavior, not just pass. -->