Release: dev to main: trustworthy CI and review hardening (#470)

* Archive backlog writeback field split change

* Archived flask support sidecar change

* feat: add backlog-core module — dependency analysis and command suites (#231)

* fix(backlog-core): remove unused module io contract global

* fix: rename LICENSE.md to LICENSE for GitHub license detection (#233)

GitHub's licensee gem only recognizes standard filenames (LICENSE,
LICENSE.txt) — LICENSE.md caused the repo to show "Other" instead
of "Apache License 2.0". Updated all references across pyproject.toml,
README, docs, workflows, and FAQ.

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: restore standard Apache 2.0 license text for GitHub detection (#235)

The LICENSE body had two non-standard edits that pushed it below
GitHub licensee's ~95% similarity threshold, causing "Other" instead
of "Apache License 2.0". Restored the canonical text; only the
copyright line in the appendix is customized (as intended by the
Apache template).

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* Add openspec changes for architecture level enhancement

* feat(ci): attach test and repro log artifacts to PR orchestrator runs (#262)

* feat(ci): attach test and repro log artifacts to PR orchestrator runs

- Tests job: run smart-test-full, upload logs/tests/ as test-logs artifact
- Contract-first-ci: capture repro to logs/repro/, upload repro-logs and repro-reports
- Docs: CI and GitHub Actions section in troubleshooting (artifact names, usage)
- Version 0.31.1, CHANGELOG entry

Implements OpenSpec change ci-01-pr-orchestrator-log-artifacts. Fixes #260.

Co-authored-by: Cursor <cursoragent@cursor.com>

* Fix workflow and test

* ci(pr-orchestrator): add log artifacts for all pipeline jobs

- type-check: capture output to logs/type-check/, upload type-check-logs
- lint: capture to logs/lint/, upload lint-logs
- compat-py311: capture to logs/compat-py311/, upload compat-py311-logs
- quality-gates: capture to logs/quality-gates/, upload quality-gates-logs
- compat-py311: use hatch -e ENV run run (not hatch test) for pytest
- docs: list all CI artifact names and jobs in troubleshooting

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* feat: enhanced module manifest security and integrity (arch-06) (#263)

* feat: enhanced module manifest security and integrity (arch-06)

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix: remove duplicate ModulePackageMetadata import (ruff F811)

* Fix failed tests

* Fix type-check errors

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* feat: Schema Extension System for Modular ProjectBundle Extensions (arch-07) (#265)

* feat: add schema extension system for modular ProjectBundle extensions
  Enables modules to extend Feature and ProjectBundle with namespaced custom
  fields without modifying core models, supporting marketplace-ready
  interoperability.
  - Add extensions dict field to Feature and ProjectBundle models
  - Implement type-safe get/set extension accessors with namespace enforcement
  - Extend module manifest schema with schema_extensions declaration
  - Add ExtensionRegistry for collision detection and introspection
  - Extend module lifecycle registration to load and validate extensions
  OpenSpec Change: arch-07-schema-extension-system
  Resolves #213

* feat: schema extension system (arch-07) and quality gate fixes

- Add extensions field and get_extension/set_extension to Feature and ProjectBundle
- Add SchemaExtension model and schema_extensions to ModulePackageMetadata
- Add ExtensionRegistry with collision detection; integrate in module registration
- Parse schema_extensions in discover_package_metadata
- Docs: extending-projectbundle guide, architecture section, sidebar
- Version 0.32.0, CHANGELOG entry, TDD_EVIDENCE
- Format: E402 (imports at top in project.py), UP042 (StrEnum in backlog-core),
  RUF043/B017 in schema extension tests
- Type-check: pass schema_metadata/project_metadata in BundleManifest test calls

OpenSpec Change: arch-07-schema-extension-system
Resolves #213

Co-authored-by: Cursor <cursoragent@cursor.com>

* Update change progress

* Add docs guides and update changes

* Use v0.32.0 as version and combine arch-06/arch-07

* Update change order plan

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* Fix codeql findings

* feat(workflow): standardize worktree-first development flow (#268)

* feat(workflow): standardize worktree-first development flow

* docs(openspec): mark workflow-01 delivery tasks complete

* Apply review finding

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Fix review finding

* feat: implement policy-engine-01 unified policy framework (#270)

* feat(policy-engine): implement unified policy framework

* docs(openspec): mark policy-engine-01 implemented in change order

* fix(policy-engine): make module io contract compliant

* feat(policy-engine): add policy init templates and docs coverage

* fix: refine grouped policy limit semantics and outputs

* docs: clarify policy engine value for new users

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: harden policy module imports and snapshot path resolution

* Update backlog core change to cover workspace level modules

* feat(init): align init module discovery with registry (backlog-core-01) (#275)

- Use discover_all_package_metadata() in init so list-modules/enable/disable
  use same roots as registry (built-in + workspace modules + SPECFACT_MODULES_ROOTS)
- Extend backlog-core-01 OpenSpec: init-module-discovery-alignment spec,
  tasks 0.5.x, TDD evidence
- Bump version to 0.34.0; CHANGELOG

Fixes #116

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* feat: add thorough codebase validation (validation-01, #163) (#272)

* feat: add thorough codebase validation (validation-01)
  - Add --crosshair-per-path-timeout to specfact repro and ReproChecker
  - Add docs/reference/thorough-codebase-validation.md (quick check, contract-full, sidecar, dogfooding)
  - Unit test and TDD evidence for CrossHair per-path timeout
  - OpenSpec validation-01-deep-validation tasks and TDD_EVIDENCE updated

* fix: reject non-positive CrossHair per-path timeout (review)

* docs: CHANGELOG v0.34.0 and doc updates for thorough codebase validation

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* feat: add patch apply (local + --write with confirmation) [#177] (#273)

* feat(patch-mode): add patch apply (local + --write with confirmation) [#177]

- Add patch_mode module: pipeline (generator, applier, idempotency), patch apply command
- specfact patch apply <file> (local + preflight), patch apply --write --yes (upstream, idempotent)
- OpenSpec patch-mode-01-preview-apply: proposal Source Tracking, tasks, TDD_EVIDENCE
- CHANGELOG [Unreleased] entry for v0.34.0 merge

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(patch-mode): sanitize idempotency keys, derive key from patch content [PR review]

* Fix errors and ensure module compatibility

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* feat: add bundle-mapper module (bundle-mapper-01, #121) (#274)

* feat: add bundle-mapper module with confidence-based spec-to-bundle mapping

- BundleMapping model and BundleMapper engine (explicit label, historical, content similarity)
- Mapping history persistence and MappingRule (save_user_confirmed_mapping, load_bundle_mapping_config)
- Interactive UI (ask_bundle_mapping) with Rich confidence visualization
- Unit tests and TDD_EVIDENCE for bundle-mapper-01 (OpenSpec #121)

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(bundle-mapper): address PR review findings (P1/P2)

- P1 interactive: no default accept for low-confidence; use default only when conf >= 0.5
- P1 history: ignore empty key fields in item_keys_similar (only count non-empty matches)
- P2 engine: add historical weight only when hist_bundle == primary_bundle_id
- Add test_item_keys_similar_empty_fields_not_counted to lock empty-key behavior

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* Archive finished changes

* fix: implement verification-01 wave1 delta closure (#277)

* fix: implement verification-01 delta for bundle mapping, patch apply, and docs parity

* test: fix patch write yes scenario for real diff apply

* fix: keep bundle mapping history out of bundle manifest

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Archive delta validation change and update specs

* Update patch version

* Potential fix for pull request finding 'Empty except'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>

* apply review fixes

* Add cli validation changes

* feat: launch central module marketplace lifecycle (#287)

* feat: launch module marketplace lifecycle and trust-first UX

Deliver the central module marketplace workflow with source-aware discovery, lifecycle management, and trust/publisher visibility so users can safely manage official vs local modules. This also aligns docs and OpenSpec artifacts with the shipped behavior, including command introspection and clearer install/uninstall guidance.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix: respect explicit discovery roots in module tests

Disable implicit legacy/workspace roots when explicit roots are passed to module discovery so isolated test roots are honored and deterministic.

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix: enforce safe module extraction and upgrade reinstall

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* fix: resolve bundle-mapper review defects with TDD evidence (#290)

* feat: add bundle-mapper module with confidence-based spec-to-bundle mapping

- BundleMapping model and BundleMapper engine (explicit label, historical, content similarity)
- Mapping history persistence and MappingRule (save_user_confirmed_mapping, load_bundle_mapping_config)
- Interactive UI (ask_bundle_mapping) with Rich confidence visualization
- Unit tests and TDD_EVIDENCE for bundle-mapper-01 (OpenSpec #121)

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix(bundle-mapper): address PR review findings (P1/P2)

- P1 interactive: no default accept for low-confidence; use default only when conf >= 0.5
- P1 history: ignore empty key fields in item_keys_similar (only count non-empty matches)
- P2 engine: add historical weight only when hist_bundle == primary_bundle_id
- Add test_item_keys_similar_empty_fields_not_counted to lock empty-key behavior

Co-authored-by: Cursor <cursoragent@cursor.com>

* fix: address bundle-mapper review defects with tdd evidence

* test: make specmatic integration tests plugin-agnostic

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Cursor <cursoragent@cursor.com>

* feat:Add architecture review docs and findings to mitigate

* feat(backlog): add backlog add for interactive issue creation (#289)

* feat: add interactive backlog issue creation flow

* feat(backlog): add interactive issue creation and mapping setup

* fix: align backlog protocol test fakes and module manifest versions

* Fix type error

* fix(backlog): persist ado sprint and normalize github create id

* fix(backlog-core): address review findings for add/config/github

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* chore(openspec): archive completed changes and align architecture docs (#292)

* chore(openspec): archive completed changes and align architecture docs

* docs(architecture): refresh discrepancies report after arch-08 remediation

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* docs(change): Archive architecture discrepancy remediation change

* fix(codeql): preserve module contract marker and document fallback excepts

* fix(backlog): restore installed-runtime discovery parity and add backlog prompt (#294)

* fix(backlog): restore installed runtime discovery and add backlog prompt

* Archive bugfix change

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix(version): sync manifests to 0.36.1 and archive backlog-core-04 (#297)

* fix(backlog): restore installed runtime discovery and add backlog prompt

* Archive bugfix change

* fix(version): sync built-in module manifests to 0.36.1

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: harden module lifecycle bootstrap and signing workflows (#299)

* fix: harden module lifecycle bootstrap and signing workflows

* fix: stabilize module signature hashing across environments

* fix: stabilize bundle module signature verification in CI

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* test: simplify monkeypatch callables in module_security tests

* Fix duplicate with statement

* chore(release): bump to v0.37.1 and harden signature gates

* test: fix init command regression assertions

* fix: release v0.37.2 with runtime crypto deps

* fix: address signature-backend warning and module version drift

* fix: use hatch build in PyPI publish workflow script (#304)

* fix: resolve startup module freshness home path dynamically (#306)

* fix: harden module signing workflow and reduce startup log noise

* test: align module migration compatibility with decoupled module versions

* fix: fail fast on invalid base ref in changed-only module signing

* fix: stabilize module precedence and backlog github mapping flow

* fix(module-registry): persist disables and correct bundled availability

* Re-sign module registry and fix / ignore local temp artifacts

* bump module registry version to 0.1.3

* fix(registry): restore protocol reporting logs in debug mode

* fix(backlog): harden refine writeback, prompts, and any-filter semantics (#311)

* fix(backlog): harden refine writeback, prompts, and daily any filters

* fix(github): default story type fallback to feature

* Fix format

* Fix codex review findings

* bump and sign changed modules

* chore(hooks): enforce module signature verification in pre-commit

* chore(hooks): add markdownlint to pre-commit checks

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix(hooks,ado): correct format gate and enforce iteration on direct
  id lookup

* Apply review findings and fix tests

* Pin virtualenv < 21 to avoid incaopatibility failure

* fix: finalize backlog-core-06 ado comment API versioning (#314)

* fix(backlog): harden refine writeback, prompts, and daily any filters

* fix(github): default story type fallback to feature

* Fix format

* Fix codex review findings

* bump and sign changed modules

* chore(hooks): enforce module signature verification in pre-commit

* chore(hooks): add markdownlint to pre-commit checks

* fix: finalize backlog-core-06 ado comment api versioning and ci hatch pins

* fix: address review findings for formatter safety and ado metric patch guards

* docs(openspec): update CHANGE_ORDER status tracking

* fix(ado): apply iteration filter for direct issue_id lookup

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* feat: Advanced marketplace features (marketplace-02) - dependency resolution, aliases, custom registries, publishing (#318)

* feat: advanced marketplace features (marketplace-02) - dependency resolution, aliases, custom registries, namespace enforcement, publishing

- dependency_resolver: resolve_dependencies(), --skip-deps, --force on install
- alias_manager: alias create/list/remove (no top-level alias commands)
- custom_registries: add-registry, list-registries, remove-registry; fetch_all_indexes; search Registry column
- module_installer: namespace/name enforcement, collision detection
- scripts/publish-module.py + .github/workflows/publish-modules.yml (optional signing)
- docs: publishing-modules, custom-registries, dependency-resolution; updated installing-modules, module-marketplace, commands
- version 0.38.0, CHANGELOG

Made-with: Cursor

* docs(openspec): defer 6.2.4 and 6.2.5 (index update/PR, workflow test) to later

Made-with: Cursor

* Add follow-up change proposals for marketplace

* Fix codex review findings

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: complete marketplace publish registry PR flow and bump (#320)

0.38.1

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: update init ide hint and repair publish workflow
  condition

* feat(backlog): normalize daily summarize Markdown output (#323)

* feat(backlog): summarize Markdown normalization and TTY/CI rendering

* chore(openspec): drop implementation snapshot from change

* Update title

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Update version

* Add github skills

* Add new marketplace changes

* feat(cli): category groups and flat shims using real module Typer (#331)

* feat(cli): category groups and flat shims using real module Typer

- Add category groups (code, backlog, project, spec, govern) with flatten same-name member
- Sort commands under backlog/project groups A–Z
- Fix flat shims to expose real module Typer so 'specfact sync bridge' and 'specfact plan update-idea' work
- Add first-run init, module grouping, OpenSpec change for 0.40.x remove-flat-shims
- Bump version to 0.39.0, CHANGELOG and OpenSpec updates

Made-with: Cursor

* Fix signature

* fix: resolve module grouping regressions and stabilize CI
  tests

* fix: keep uncategorized modules flat during grouped registration

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Update docs regarding module migration change

* feat: module-migration-02 bundle extraction (#332)

* docs: add module-migration-02-bundle-extraction to CHANGE_ORDER.md

* feat: implement module-migration-02 bundle extraction

* fix(ci): checkout module bundles repo for test jobs

* Fix test failures

* fix(modules): load local bundle sources in compatibility aliases

* fix: run worktree policy code in tests/CI and silence reexport deprecation

- Prefer src/<name>/main.py over app.py when SPECFACT_REPO_ROOT is set so
  policy init uses worktree templates.py (SPECFACT_POLICY_TEMPLATES_DIR).
- Policy engine module-package.yaml: version 0.1.5 and re-signed checksum.
- conftest: set SPECFACT_REPO_ROOT, SPECFACT_POLICY_TEMPLATES_DIR; add
  bundle package roots when specfact-cli-modules present.
- Policy engine integration tests: rely on conftest env, clear registry
  and re-register before invoke so loader uses worktree.
- test_reexport_shims: filter deprecation warning for legacy analyze import.

Made-with: Cursor

* fix: defer specfact_backlog import in shims so CI can register bridges

- backlog and policy_engine __init__.py: import specfact_backlog only in
  __getattr__ (cached), not at module load. Allows loading .src.adapters.*
  for bridge registration without requiring specfact_backlog installed.
- Re-sign backlog and policy_engine module-package.yaml after init changes.
- openspec: update module-migration-02 tasks.md.

Made-with: Cursor

* fix: defer bundle import in all module shims to fix CI collection errors

- Apply deferred import (only in __getattr__, cached) to analyze, contract,
  drift, enforce, generate, import_cmd, migrate, patch_mode, plan, project,
  repro, sdd, spec, sync, validate. Matches backlog and policy_engine.
- Prevents ImportError when tests import specfact_cli.modules.<name>.src.*
  without specfact_backlog/specfact_govern/specfact_project/specfact_spec
  installed (e.g. CI). Fixes 78 collection errors.
- Re-sign all affected module-package.yaml manifests.

Made-with: Cursor

* fix(ci): include module shims in hatch cache key so CI uses current code

* feat(modules): registry descriptions, --bump-version for publish, tasks and format fixes

- Add description to registry index entries in publish-module.py (module search)
- Add --bump-version patch|minor|major for bundle re-publish in publish-module.py
- Format fixes in validate-modules-repo-sync.py (SIM108, B007)
- Mark completed tasks in module-migration-02-bundle-extraction tasks.md
- Update test for publish_bundle(bump_version=) signature

Made-with: Cursor

* Add missing migration tasks to the open change to completely isolate modules into specfact-cli-modules repo.

* Add gap analysis and update changes

* Update follow-up changes to avoid ambiguities and overlaps

* docs: complete migration-02 section-18 parity and 17.8 gate evidence

* docs: mark migration-02 import-categorization commit checkpoint done

* Update change constraints and blockers for module migration

* docs: add migration-05 issue #334 and complete task 17.10.4

* Update change constraints and blockers for module migration

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Implement blockers to prepare for module-migration-03 change. (#336)

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* feat: module-migration-03 core slimming closeout and registry fixes (#317) (#341)

* Prepare module-migration-03 removal of old built-in modules

* feat(core): delete specfact-project module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-backlog module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-codebase module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-spec module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-govern module source from core (migration-03)

Made-with: Cursor

* chore(tests): skip tests for removed modules when source absent (migration-03)

Add pytest.importorskip() for backlog, plan, sync, enforce, generate,
patch_mode, import_cmd so tests are skipped when module source was
removed from core. Preserves tests for later move to specfact-cli-modules.
Update tasks.md and TDD_EVIDENCE.md for Task 10 completion.

Made-with: Cursor

* feat(bootstrap): remove flat shims and non-core module registrations (migration-03)

- Remove _register_category_groups_and_shims (unconditional category/shim registration).
- Trim CORE_MODULE_ORDER to 4 core: init, auth, module-registry, upgrade.
- Add @beartype to _mount_installed_category_groups.
- Category groups and flat shims only for installed bundles via _mount_installed_category_groups.

Made-with: Cursor

* docs(openspec): mark Task 11.4 done in tasks.md

Made-with: Cursor

* feat(cli): conditional category group mount from installed bundles (migration-03)

- Add _RootCLIGroup (extends ProgressiveDisclosureGroup) with resolve_command
  override: unknown commands in KNOWN_BUNDLE_GROUP_OR_SHIM_NAMES show
  actionable error (not installed + specfact init / specfact module install).
- Root app uses cls=_RootCLIGroup. Main help docstring adds init/module
  install hint for workflow bundles.

Made-with: Cursor

* docs(openspec): mark Task 12.4 done in tasks.md

Made-with: Cursor

* feat(init): enforce mandatory bundle selection and profile presets (migration-03)

* Add module removal core tests

* docs(openspec): record Task 14 module signing gate (migration-03)

* feat: complete module-migration-03 core slimming and
  follow-up alignment (#317)

* Fix format error

* fix: handle detached HEAD registry branch selection and
  stabilize migration-03 CI tests

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Finalize module-migration-02 change

* docs(backlog-auth): update auth docs and OpenSpec task status (#342)

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* chore(openspec): archive completed changes and sync main specs

* docs(openspec): prefix module migration proposal titles with IDs

* Add bug change for ado required fields setting and update change order

* Update change order

* feat(core): finalize migration-03 auth removal and 3-core slim package (#317) (#343)

* Prepare module-migration-03 removal of old built-in modules

* feat(core): delete specfact-project module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-backlog module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-codebase module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-spec module source from core (migration-03)

Made-with: Cursor

* feat(core): delete specfact-govern module source from core (migration-03)

Made-with: Cursor

* chore(tests): skip tests for removed modules when source absent (migration-03)

Add pytest.importorskip() for backlog, plan, sync, enforce, generate,
patch_mode, import_cmd so tests are skipped when module source was
removed from core. Preserves tests for later move to specfact-cli-modules.
Update tasks.md and TDD_EVIDENCE.md for Task 10 completion.

Made-with: Cursor

* feat(bootstrap): remove flat shims and non-core module registrations (migration-03)

- Remove _register_category_groups_and_shims (unconditional category/shim registration).
- Trim CORE_MODULE_ORDER to 4 core: init, auth, module-registry, upgrade.
- Add @beartype to _mount_installed_category_groups.
- Category groups and flat shims only for installed bundles via _mount_installed_category_groups.

Made-with: Cursor

* docs(openspec): mark Task 11.4 done in tasks.md

Made-with: Cursor

* feat(cli): conditional category group mount from installed bundles (migration-03)

- Add _RootCLIGroup (extends ProgressiveDisclosureGroup) with resolve_command
  override: unknown commands in KNOWN_BUNDLE_GROUP_OR_SHIM_NAMES show
  actionable error (not installed + specfact init / specfact module install).
- Root app uses cls=_RootCLIGroup. Main help docstring adds init/module
  install hint for workflow bundles.

Made-with: Cursor

* docs(openspec): mark Task 12.4 done in tasks.md

Made-with: Cursor

* feat(init): enforce mandatory bundle selection and profile presets (migration-03)

* Add module removal core tests

* docs(openspec): record Task 14 module signing gate (migration-03)

* feat: complete module-migration-03 core slimming and
  follow-up alignment (#317)

* Fix format error

* fix: handle detached HEAD registry branch selection and
  stabilize migration-03 CI tests

* Prepare module-migration-03 removal of old built-in modules

* Prepare module-migration-03 removal of old built-in modules

* chore(tests): skip tests for removed modules when source absent (migration-03)

Add pytest.importorskip() for backlog, plan, sync, enforce, generate,
patch_mode, import_cmd so tests are skipped when module source was
removed from core. Preserves tests for later move to specfact-cli-modules.
Update tasks.md and TDD_EVIDENCE.md for Task 10 completion.

Made-with: Cursor

* feat(bootstrap): remove flat shims and non-core module registrations (migration-03)

- Remove _register_category_groups_and_shims (unconditional category/shim registration).
- Trim CORE_MODULE_ORDER to 4 core: init, auth, module-registry, upgrade.
- Add @beartype to _mount_installed_category_groups.
- Category groups and flat shims only for installed bundles via _mount_installed_category_groups.

Made-with: Cursor

* docs(openspec): mark Task 11.4 done in tasks.md

Made-with: Cursor

* feat(cli): conditional category group mount from installed bundles (migration-03)

- Add _RootCLIGroup (extends ProgressiveDisclosureGroup) with resolve_command
  override: unknown commands in KNOWN_BUNDLE_GROUP_OR_SHIM_NAMES show
  actionable error (not installed + specfact init / specfact module install).
- Root app uses cls=_RootCLIGroup. Main help docstring adds init/module
  install hint for workflow bundles.

Made-with: Cursor

* docs(openspec): mark Task 12.4 done in tasks.md

Made-with: Cursor

* feat(init): enforce mandatory bundle selection and profile presets (migration-03)

* Add module removal core tests

* docs(openspec): record Task 14 module signing gate (migration-03)

* feat: complete module-migration-03 core slimming and
  follow-up alignment (#317)

* Fix format error

* fix: handle detached HEAD registry branch selection and
  stabilize migration-03 CI tests

* feat(core): remove auth module from core and route auth via backlog (migration-03)

* docs(openspec): update migration-03 PR status and tracking

* docs(openspec): finalize migration-03 checklist and defer non-blocking gates

* Fix remaining auth findings and dependency in core cli

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Archive module-migration-03 change

* feat: remove flat command shims (category-only CLI) (#344)

* feat: remove flat command shims from grouped registry

* Finalize change module-migration-04 implementation

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Archived module-migration-04 and updated specs

* docs(openspec): finalize module-migration-05 tracking after modules PR merge (#345)

* Implement blockers to prepare for module-migration-03 change.

* Update migration change

* docs(openspec): close migration-05 PR tracking and change order

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Archive module-migration-05 change and update specs

* test(migration-06): move legacy sync tests out of core (#346)

* feat(migration-06): core decoupling cleanup - boundary tests and inventory

- Add test_core_does_not_import_from_bundle_packages boundary regression test
- Update spec with ownership boundary and migration acceptance criteria
- Add CORE_DECOUPLING_INVENTORY.md (keep/move/interface classification)
- Record TDD evidence in TDD_EVIDENCE.md
- Update docs/reference/architecture.md with core vs modules-repo boundary
- Update openspec/CHANGE_ORDER.md status

No move candidates identified; core already decoupled from bundle packages.
Boundary test prevents future core->bundle coupling.

Refs #338

Made-with: Cursor

* chore(migration-06): mark all tasks complete

Made-with: Cursor

* feat(migration-06): extend scope - migrate package-specific artifacts per #338

- Add MIGRATION_REMOVAL_PLAN.md with phased removal of MIGRATE-tier code
- Add test_core_modules_do_not_import_migrate_tier boundary test
- Remove templates.bridge_templates (dead code; only tests used it)
- Remove tests/unit/templates/test_bridge_templates.py
- Update CORE_DECOUPLING_INVENTORY.md with removal status
- Update spec with MIGRATE-tier enforcement and package-specific removal

Phase 1 complete. Further MIGRATE-tier removal documented in plan.
Refs #338

Made-with: Cursor

* test(migration-06): move legacy sync tests out of core

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Archived module-migration-06 change and updated specs

* test: module-migration-07 core test ownership cleanup (#347)

* test: finalize module-migration-07 core test ownership cleanup

* docs: mark module-migration-07 quality and PR tasks complete

* test: fix CI isolation failures for project and persona merge

* test: narrow migrated skips and restore core registry guardrails

* test: stabilize core CI by refining skips and bootstrap checks

* test: fix remaining PR failures via targeted core filtering

* fix: harden module package checks against import-mode class identity

* test: stabilize core slimming integration assertions

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Archived backlog-core-07 change and updated specs

* Update some docs and archive latest finished changes and specs

* Add docs update change

* feat: add agile-01-feature-hierarchy change and update CHANGE_ORDER.md (#376)

- Create openspec/changes/agile-01-feature-hierarchy/ with proposal.md and tasks.md
- Add Epics #256 (Architecture Layer Integration), #257 (AI IDE Integration),
  and #258 (Integration Governance and Dogfooding) to CHANGE_ORDER.md parent issues table
- 25 GitHub Feature issues created (#351-#375), linked to their parent Epics
- Feature label created; issue #185 closed (ceremony-cockpit-01, archived 2026-02-18)

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs: align core docs and sync pending changes (#377)

* docs: align core docs and sync pending changes

* fix: preserve partial staging in markdown autofix hook

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: stabilize release test suite after module migration

* Update module

* Fix module install

* Fix module install

* Fix failed tests

* Fix marketplace client regression

* Fix install regression for specfact-cli (#380)

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Add changes to improve runtime validation and backlog module remaining migration to module

* refactor: remove backlog ownership from core cli (#384)

* refactor: remove backlog ownership from core cli

* fix: align CI marketplace validation paths

* test: stabilize command audit validation and add command-surface change

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Add new command alignment change

* fix: finalize cli runtime validation regressions (#387)

* fix: finalize cli runtime validation regressions

* test: align satisfied dependency logging assertions

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* docs: archive cli-val-07 change

* Archive changes and update specs

* Add code-review change proposals

* test: align command surface regression coverage

* docs: add OpenSpec change for backlog-core commands migration (#390)

* feat: add OpenSpec change for backlog-core commands migration

Change: backlog-02-migrate-core-commands
- Add proposal, design, tasks, specs
- Add TDD_EVIDENCE.md with implementation progress
- GitHub Issue: #389

Rules applied: AGENTS.md Git Worktree Policy, TDD Hard Gate

Made-with: Cursor

* docs: update TDD_EVIDENCE and tasks for quality gate results

Made-with: Cursor

* docs: update TDD_EVIDENCE with test fix results

Made-with: Cursor

* docs: update TDD_EVIDENCE with all test fixes complete

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: use POST instead of PATCH for ADO work item creation (#391)

* fix: use POST instead of PATCH for ADO work item creation

Azure DevOps API requires POST (not PATCH) for creating work items.

Also fixed category grouping to always register group commands.

Made-with: Cursor

* docs: add changelog entry for ADO POST fix

Made-with: Cursor

* chore: bump version to 0.40.4

Made-with: Cursor

* fix: update test mocks from PATCH to POST for ADO create

- Reverted incorrect unconditional _mount_installed_category_groups call

- Updated test_create_issue mocks to use requests.post instead of requests.patch

Made-with: Cursor

* test: skip category group test when bundles not installed

The test_bootstrap_with_category_grouping_disabled_registers_flat_commands test

expects bundles like specfact-codebase to be installed, but in CI they may not be.

Added pytest.skip() when 'code' command is not available.

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* docs: archive backlog-02-migrate-core-commands change

- Archived backlog-02-migrate-core-commands change

- Updated CHANGE_ORDER.md with implementation status

- Updated main specs with backlog-add, backlog-analyze-deps, backlog-delta, backlog-sync, backlog-verify-readiness

Made-with: Cursor

* feat: document code-review module scaffold (#410)

* feat: document code-review module scaffold

* chore: sync 0.41.0 release version artifacts

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Add change for project codebase ownership

* Realign code import ownership surface (#412)

* Realign code import ownership surface

* Harden temp registry command audit test

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Update code review changes

* docs: update reward ledger OpenSpec tracking (#413)

Link the existing change issue, record TDD evidence, and align the OpenSpec artifacts with the bundle-owned DDL and paired worktree implementation flow.

Made-with: Cursor

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Track house-rules skill OpenSpec changes (#414)

Made-with: Cursor

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* docs: Update change-proposal for code-review-07 (#415)

* Track house-rules skill OpenSpec changes

Made-with: Cursor

* Cursor: Apply local changes for cloud agent

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Finalize code-review-07 status

* Finalize code-review-08 status

* feat: apply code-review-09 pre-commit integration

* fix: fall back when cached hatch test env is broken

* fix: avoid hatch env for coverage xml export

* fix: install type-check and lint tools directly in CI

* fix: install pytest fallback deps in test job

* fix: install pytest-cov for test fallback path

* Finalize code-review-09 status

* [Change] Align core docs with modules site ownership (#419)

* Align core docs with modules site ownership

* Close docs portal change PR task

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: harden docs parity URL assertions

* Archive finished changes and update specs

* docs: fix command syntax parity after lean-core/modules split (v0.42.2) (#421)

Replace all stale CLI syntax families in authored docs with current
shipped commands. Adds docs parity tests that guard against regression.

Removed syntax families corrected:
- specfact project plan → project devops-flow / project snapshot / govern enforce sdd
- project import from-bridge → code import from-bridge
- specfact backlog policy → backlog verify-readiness / backlog refine
- specfact spec contract → spec validate / spec generate-tests / spec mock
- specfact spec sdd constitution → govern enforce sdd [BUNDLE]
- spec generate <prompt-subcommands> → AI IDE skills or removed

Updated docs: README.md, docs/index.md, docs/README.md,
docs/reference/commands.md (+4 reference docs),
docs/getting-started/ (4 files), docs/guides/ (21 files),
docs/examples/ (5 files), docs/prompts/ (2 files).

Added 11 new docs parity tests in test_release_docs_parity.py:
- 7 tests asserting removed syntax families stay absent
- 4 tests asserting current command families remain documented

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* Archive finished changes and update specs

- Archive docs-03-command-syntax-parity (2026-03-18)
- Sync delta specs: cli-output + documentation-alignment updated with
  post-split command-surface alignment requirements and scenarios
- Update CHANGE_ORDER.md: mark docs-03 as archived

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Update evidence

* Potential fix for pull request finding 'Unused global variable'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>

* docs: align core docs ownership and parity (#424)

* docs: fix command syntax parity after lean-core/modules split (v0.42.2)

Replace all stale CLI syntax families in authored docs with current
shipped commands. Adds docs parity tests that guard against regression.

Removed syntax families corrected:
- specfact project plan → project devops-flow / project snapshot / govern enforce sdd
- project import from-bridge → code import from-bridge
- specfact backlog policy → backlog verify-readiness / backlog refine
- specfact spec contract → spec validate / spec generate-tests / spec mock
- specfact spec sdd constitution → govern enforce sdd [BUNDLE]
- spec generate <prompt-subcommands> → AI IDE skills or removed

Updated docs: README.md, docs/index.md, docs/README.md,
docs/reference/commands.md (+4 reference docs),
docs/getting-started/ (4 files), docs/guides/ (21 files),
docs/examples/ (5 files), docs/prompts/ (2 files).

Added 11 new docs parity tests in test_release_docs_parity.py:
- 7 tests asserting removed syntax families stay absent
- 4 tests asserting current command families remain documented

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs: align core docs ownership and parity

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs: fix quickstart install guidance

* docs: remove generated project plan docs

* Add code-review change

* fix: preserve native backlog import payloads (#429)

* fix: preserve native backlog import payloads

* fix: preserve imported proposal ids on reimport

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: add docs review workflow and repair docs links (#428)

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: keep imported change ids stable across title changes (#431)

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: remove conflicting pages file copies

* Add docs sync changs

* docs: update openspec clean-code planning

* Update change status

* fix: code-review-zero-findings dogfood remediation (v0.42.3) (#435)

* fix: continue code review remediation and align module signing

* fix: complete code-review-zero-findings dogfood remediation (v0.42.3)

Eliminates full-scope code review findings (types, Radon CC, contracts, lint) and records OpenSpec change code-review-zero-findings with tests and CHANGELOG. Module manifests may need re-signing before merge per project policy.

Made-with: Cursor

* chore: re-sign bundled modules after content changes

* fix: resolve review follow-up regressions

* fix: run ci smart-test directly

* fix: restore ci test progress output

* fix: stabilize command audit ci test

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Add docs refactoring changes

* Add bug change tracking for encoding and resources

* docs: restructure core site IA to 6-section progressive nav (#442)

* docs: restructure core site IA from 5 flat sections to 6 progressive sections

Restructure docs.specfact.io from a flat 5-section sidebar to a 6-section
progressive navigation: Getting Started, Core CLI, Module System, Architecture,
Reference, Migration.

- Create docs/core-cli/, docs/module-system/, docs/migration/ directories
- Move 12 files to correct new sections with jekyll-redirect-from entries
- Write 3 new CLI reference pages: init.md, module.md, upgrade.md
- Replace first-steps.md with focused 5-minute quickstart
- Rewrite index.md as portal landing with core vs modules delineation
- Rewrite getting-started/README.md to link module tutorials to modules site
- Update sidebar navigation in _layouts/default.html
- Delete 6 obsolete files (competitive-analysis, ux-features, common-tasks,
  workflows, testing-terminal-output, guides/README)
- Add documentation-alignment delta spec for core-only focus policy

Implements: #438
OpenSpec: docs-05-core-site-ia-restructure

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: fix broken internal links after IA restructure

Update all relative links across 40 files to point to new file locations:
- ../reference/architecture.md → ../architecture/overview.md
- ../reference/debug-logging.md → ../core-cli/debug-logging.md
- ../reference/modes.md → ../core-cli/modes.md
- guides/ sibling links → ../module-system/ or ../migration/
- module-system/ back-links → ../guides/
- Remove links to deleted files (common-tasks, workflows)
- first-steps.md → quickstart.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: update test path for moved bootstrap-checklist and fix remaining broken links

- Update test_module_bootstrap_checklist_uses_current_bundle_ids to use
  new path docs/module-system/bootstrap-checklist.md
- Fix 2 remaining command-chains.md anchor links in migration-guide.md

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: harden cross-platform runtime and IDE resource discovery (#443)

* fix: harden cross-platform runtime and IDE resource discovery

* fix: bump patch version to 0.42.4

* fix: restore init lifecycle compatibility

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: resolve review type-safety findings

* Improve clarity and scope of ide prompt change

* feat(init): IDE prompt source catalog, --prompts, namespaced exports (#445)

* feat(init): IDE prompt source catalog, --prompts, namespaced exports

Implement init-ide-prompt-source-selection: discover core + module prompts,
default export all sources, interactive multi-select, non-interactive --prompts,
source-namespaced IDE paths. Fix project module roots to use metadata source
project. Extend discovery roots with user/marketplace. Update startup_checks
for nested exports. Bump init module to 0.1.14 with signed manifest.

Made-with: Cursor

* fix(init): scope VS Code prompt recommendations to exported sources

- Pass prompts_by_source into create_vscode_settings from copy_prompts_by_source_to_ide
- Strip prior .github/prompts/* recommendations on selective export to avoid stale paths
- Extract helpers for catalog paths and fallbacks; keep code review clean

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix tests

* release: bump version to 0.42.5 and update CHANGELOG

- Remove [Unreleased] sections; fold historical arch-08 notes under [0.34.0]
- Document init ide catalog, VS Code recommendations, integration test isolation

Made-with: Cursor

* Fix review findings

* feat(init): selective IDE prompt export cleanup and VS Code recommendation strip

- Prune stale exports and unselected catalog segments in copy_prompts_by_source_to_ide
- Strip only specfact*.prompt.md under .github/prompts/ when merging VS Code settings
- Tighten e2e missing-templates assertions to match CLI output
- Add unit tests for prompt path helper and selective export behavior

Made-with: Cursor

* Fix review findings

* Add missing import

* Bump patch version and changelog

* Fix failed tests

* Fix review findings

* docs: core vs modules URL contract and OpenSpec alignment (#448)

* docs: add core vs modules URL contract and OpenSpec alignment

Document cross-site permalink rules in docs/reference, extend documentation-alignment
and module-docs-ownership specs, update docs-07 and openspec config, and note the
dependency on modules URL policy in CHANGE_ORDER.

Made-with: Cursor

* docs: convert core handoff pages to modules canonical links (docs-07)

- Replace 20 duplicate guides/tutorials with thin summaries, prerequisites,
  and links to modules.specfact.io per URL contract
- Add docs/reference/core-to-modules-handoff-urls.md mapping table
- Align OpenSpec documentation-alignment spec delta with ADDED Requirements
- Complete docs-07-core-handoff-conversion tasks checklist

Refs: #439
Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* feat(docs-12): docs command validation and cross-site link checks (#449)

* feat(docs-12): docs command validation and cross-site link checks

- Add check-docs-commands (Typer CliRunner prefix + --help) and exclusions for migration/illustrative pages
- Add check-cross-site-links with robust URL extraction; warn-only in docs-validate and CI while live site may lag
- Extend docs-review: Hatch env, validation steps, pytest tests/unit/docs/
- Opt-in handoff map HTTP test (SPECFACT_RUN_HANDOFF_URL_CHECK=1)
- OpenSpec deltas, TDD_EVIDENCE, tasks complete; CHANGELOG [Unreleased]

Made-with: Cursor

* fix(docs-validate): strip leading global flags before command path

- Parse --mode/--input-format/--output-format + value, then other root flags
- Add test for specfact --mode copilot import from-code …
- Fix showcase docs: hatch run contract-test-exploration (not specfact)

Made-with: Cursor

* fix(docs-12): harden link/command validators and spec wording

- Capitalize Markdown in cross-site link spec requirement
- Cross-site: redirect-only HTTP success, UTF-8 read failures, URL delimiter/trim fixes
- Docs commands: catch Typer exceptions on --help, UTF-8 read failures
- Tests: shared loader for check-cross-site-links module

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix(scripts): CliRunner without mix_stderr for Click 8.3+ compatibility (#451)

Default CliRunner() merges stderr into stdout; read stdout only so
accessing result.stderr does not raise when streams are combined.

Made-with: Cursor

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: review gates (semgrep print, radon CC, icontract, questionary types) (#452)

* fix: satisfy review gates for docs scripts and module_lifecycle typing

- Replace print() with Rich Console in docs validation scripts (semgrep)
- Split HTTP URL checks and doc scans to reduce cyclomatic complexity (radon)
- Add icontract require/ensure on public helpers; use CliRunner() without mix_stderr
- Cast questionary API for basedpyright reportUnknownMemberType

Made-with: Cursor

* fix(scripts): address #452 review (HTTP helpers, icontract, CLI streams)

- _http_success_code: use int directly after None guard
- _response_status: safe getcode via getattr/callable
- check-docs: drop @require preconditions duplicated by beartype
- _cli_invoke_streams_text: merge stdout + stderr for not-installed detection

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Add speckit adapter alignment change and update affected change specs

* feat(adapters): spec-kit v0.4.x adapter alignment (#454)

* feat(adapters): spec-kit v0.4.x adapter alignment — extensions, presets, hooks, version detection, 7-command presets

Update SpecKitAdapter, ToolCapabilities, BridgeConfig presets, and
SpecKitScanner for spec-kit v0.4.3 compatibility:

- ToolCapabilities: 5 new optional fields (extensions, extension_commands,
  presets, hook_events, detected_version_source)
- SpecKitScanner: scan_extensions(), scan_presets(), scan_hook_events()
  with .extensionignore support and defensive JSON parsing
- SpecKitAdapter: 3-tier version detection (CLI → heuristic → None),
  refactored get_capabilities() with reduced cyclomatic complexity
- BridgeConfig: all 3 speckit presets expanded from 2 to 7 command
  mappings (specify, plan, tasks, implement, constitution, clarify, analyze)
- 42 new tests across 4 test files (110 targeted, 2248 full suite pass)
- Docs updated: comparison matrix, journey guide, integrations overview,
  adapter development guide

Closes #453

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address CodeRabbit review findings

- Use get_bridge_logger instead of logging.getLogger in speckit adapter
  and scanner (production command path convention)
- Narrow except Exception to except OSError in _load_extensionignore
- Simplify redundant base_path conditional in get_capabilities
- Use SimpleNamespace instead of dynamic type() in tests
- Add subprocess.TimeoutExpired and OSError exception tests for CLI
  version detection
- Fix duplicate MD heading in bridge-adapter spec
- Add blank lines after markdown headings in proposal (MD022)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* chore: bump version to 0.43.0 for spec-kit v0.4.x alignment (#455)

* chore: bump version to 0.43.0 and add changelog entry

Minor version bump for spec-kit v0.4.x adapter alignment feature.
Syncs version across pyproject.toml, setup.py, and __init__.py.
Adds changelog entry documenting new capabilities.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Sync deps and fix changelog

* Sync deps and fix changelog

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix(packaging): remove workflow prompts from core wheel (packaging-02 #441, v0.43.1) (#456)

* fix(packaging): drop duplicate workflow prompts from core wheel (packaging-02 3.5)

Remove resources/prompts from wheel force-include and repo tree; canonical
copies remain in specfact-cli-modules bundles. Align startup IDE drift
checks and init template resolution with discover_prompt_template_files.
Bump to 0.43.1; re-sign init module 0.1.19. Update CHANGELOG, docs, OpenSpec.

Made-with: Cursor

* fix: address PR review (changelog, TDD evidence, startup checks, tests)

- Changelog 0.43.1 header uses Unreleased until release tag
- TDD_EVIDENCE: pre-fail block for Task 3.5 before passing verification
- TemplateCheckResult.sources_available; skip last_checked_version bump when no
  discoverable prompts; drift missing only when source exists
- Integration _fake_discover respects include_package_fallback
- test_validate_all_prompts uses tmp_path; re-enable file in default test run
- test_print_startup_checks_version_update_no_type uses stale version timestamp

Made-with: Cursor

* fix: address follow-up PR review (startup metadata, tests)

- Use ide_dir directly in TemplateCheckResult when IDE folder exists
- Set last_checked_version only after successful template-source checks
- Integration test: assert discover_prompt_template_files fallback + stable startup patches
- validate_all_prompts test: valid vs invalid specfact.*.md outcomes

Made-with: Cursor

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Potential fix for pull request finding 'Empty except'

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>

* Fix changelog version

* docs: unify core docs portal UX (#459)

* docs: unify core docs portal UX

* Fix docs-13 core review findings

* Address docs-13 PR review feedback

* Address follow-up docs review feedback

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* Harden docs home URL test assertion

* feat: doc frontmatter validation, v0.43.2 review JSON gate, and pre-commit review UX (#463)

* chore(release): v0.43.2 pre-commit review JSON + OpenSpec dogfood rules

- Pre-commit gate writes ReviewReport JSON to .specfact/code-review.json
- openspec/config.yaml: require fresh review JSON and remediate findings
- Docs and unit tests updated

Made-with: Cursor

* fix: CodeRabbit — changelog, openspec TDD_EVIDENCE freshness, review hook timeout

- CHANGELOG 0.43.2: expanded entries, line wrap
- openspec/config.yaml: exclude TDD_EVIDENCE.md from review JSON staleness
- pre_commit_code_review: timeout 300s, TimeoutExpired handling
- tests: exact cwd, timeout assertion and timeout failure test

Made-with: Cursor

* Add code review to pre-commit and frontmatter docs validation

* Improve pre-commit script output

* Improve specfact code review findings output

* Fix review findings

* Improve pre-commit hook output

* Enable dev branch code review

* Update code review hook

* Fix contract review findings

* Fix review findings

* Fix review warnings

* feat: doc frontmatter hardening and code-review gate fixes

- Typer CLI for doc-frontmatter-check; safer owner resolution (split helpers for CC)
- Strict exempt handling; pre-commit hook matches USAGE-FAQ.md; review script JSON typing
- Shared test fixtures/types; integration/unit test updates; OpenSpec tasks and TDD evidence
- Changelog: pre-commit code-review-gate UX note

Made-with: Cursor

* Fix test failures and add docs review to github action runner

* Fix test failure due to UTF8 encoding

* Apply review findings

* Optimize pr orchestrator runtime

* Optimize pr orchestrator runtime

* Fix caching on pr-orchestrator

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* docs: archive doc-frontmatter-schema openspec change

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>

* fix: restore protocol stubs for type checking

* Add frontamtter check

* fix: harden protocol stubs for code quality

* Add PR test hardening change

* fix: remediate review findings and harden review gates

* fix: rebuild review report model for pydantic

* Add story and onboarding change

* Update change tracking

* Improve scope for ci/cd requirements

* docs: sharpen first-contact story and onboarding (#467)

* docs: sharpen first-contact story and onboarding

* docs: address first-contact review feedback

* docs: address onboarding review fixes

* test: accept default-filtered site tokens in docs parity

* docs: record completed onboarding quality gates

* test: improve first-contact assertion failures

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>

* fix: harden review blockers and bump patch version

* test: harden modules docs url assertions

* fix: harden trustworthy green checks (#469)

* fix: harden trustworthy green checks

* fix: restore contract-first ci repro command

* fix: apply CodeRabbit auto-fixes

Fixed 3 file(s) based on 3 unresolved review comments.

Co-authored-by: CodeRabbit <noreply@coderabbit.ai>

* fix: resolve CI failures for trustworthy green checks PR

- Use hatch run contract-test instead of specfact code repro in CI
  (CLI bundle not available in CI environment)
- Allow test_bundle_import.py in migration cleanup legacy-import check
  (_bundle_import is an internal helper, not a removed module package)
- Fix formatting in test_trustworthy_green_checks.py (CodeRabbit commit
  was unformatted)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address CodeRabbit review findings

- Add trailing newline to TDD_EVIDENCE.md (MD047)
- Make _load_hooks() search for repo: local instead of assuming index 0
- Replace fragile multi-line string assertion in actionlint test with
  semantic line-by-line checks

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: address CodeRabbit review findings for ci-02 (#471)

- Widen workflow_changed filter to include scripts/run_actionlint.sh
  and scripts/yaml-tools.sh so Workflow Lint triggers on script changes
- Pin actionlint default to v1.7.11 (matches CI) instead of latest
- Fix run_actionlint.sh conflating "not installed" with "lint failures"
  by separating availability check from execution
- Restore sys.path after test_bundle_import to avoid cross-test leakage
- Normalize CHANGE_ORDER.md status format to semicolon convention

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: propagate docker actionlint exit code instead of masking failures (#472)

Simplify run_actionlint.sh control flow so both local and docker
execution paths propagate actionlint's exit code via `exit $?`. Previously
the docker path used `if run_with_docker; then exit 0; fi` which treated
lint errors as "docker unavailable" and fell through to install guidance.

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* fix: assert hook id stability and cd to repo root for local actionlint (#473)

- Assert hook id == "specfact-smart-checks" to prevent silent renames
- cd to REPO_ROOT before running local actionlint so it finds workflows
  regardless of caller's cwd

Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

---------

Signed-off-by: Dom <39115308+djm81@users.noreply.github.com>
Co-authored-by: Dominikus Nold <djm81@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: CodeRabbit <noreply@coderabbit.ai>

Author: 6 people

.coderabbit.yaml

@@ -43,6 +43,7 @@ reviews:
     # PRs targeting `dev` (not only the GitHub default branch, e.g. `main`) get automatic reviews.
     base_branches:
       - "^dev$"
+      - "^main$"
   path_instructions:
     - path: "src/specfact_cli/**/*.py"
       instructions: |

.github/workflows/pr-orchestrator.yml

@@ -5,16 +5,8 @@ name: PR Orchestrator - SpecFact CLI
 on:
   pull_request:
     branches: [main, dev]
-    paths-ignore:
-      - "**/*.md"
-      - "**/*.mdc"
-      - "docs/**"
   push:
     branches: [main, dev]
-    paths-ignore:
-      - "**/*.md"
-      - "**/*.mdc"
-      - "docs/**"
   workflow_dispatch:
 
 concurrency:
@@ -33,6 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     outputs:
       code_changed: ${{ steps.out.outputs.code_changed }}
+      workflow_changed: ${{ steps.out.outputs.workflow_changed }}
       skip_tests_dev_to_main: ${{ steps.out.outputs.skip_tests_dev_to_main }}
     steps:
       - uses: actions/checkout@v4
@@ -47,22 +40,52 @@ jobs:
               - '!**/*.md'
               - '!**/*.mdc'
               - '!docs/**'
+              - '!.github/workflows/**'
+            workflow:
+              - '.github/workflows/**'
+              - 'scripts/run_actionlint.sh'
+              - 'scripts/yaml-tools.sh'
       - id: out
         env:
           EVENT_NAME: ${{ github.event_name }}
           PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
           PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
+          PR_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
         run: |
+          PR_BASE_REF="${PR_BASE_REF:-}"
+          PR_HEAD_REF="${PR_HEAD_REF:-}"
+          PR_BASE_SHA="${PR_BASE_SHA:-}"
+          PR_HEAD_SHA="${PR_HEAD_SHA:-}"
           if [ "$EVENT_NAME" = "workflow_dispatch" ]; then
             echo "code_changed=true" >> "$GITHUB_OUTPUT"
+            echo "workflow_changed=true" >> "$GITHUB_OUTPUT"
           else
             echo "code_changed=${{ steps.filter.outputs.code }}" >> "$GITHUB_OUTPUT"
+            echo "workflow_changed=${{ steps.filter.outputs.workflow }}" >> "$GITHUB_OUTPUT"
           fi
+          SKIP_TESTS=false
           if [ "$EVENT_NAME" = "pull_request" ] && [ "$PR_BASE_REF" = "main" ] && [ "$PR_HEAD_REF" = "dev" ]; then
-            echo "skip_tests_dev_to_main=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "skip_tests_dev_to_main=false" >> "$GITHUB_OUTPUT"
+            PR_BASE_REV=""
+            PR_HEAD_REV=""
+            MERGE_BASE=""
+            if [ -n "$PR_BASE_SHA" ]; then
+              PR_BASE_REV=$(git rev-parse "${PR_BASE_SHA}^{commit}" 2>/dev/null || true)
+            fi
+            if [ -n "$PR_HEAD_SHA" ]; then
+              PR_HEAD_REV=$(git rev-parse "${PR_HEAD_SHA}^{commit}" 2>/dev/null || true)
+            fi
+            if [ -n "$PR_BASE_REV" ] && [ -n "$PR_HEAD_REV" ]; then
+              MERGE_BASE=$(git merge-base "$PR_BASE_REV" "$PR_HEAD_REV" 2>/dev/null || true)
+            fi
+            if [ -n "$PR_BASE_REV" ] && [ -n "$PR_HEAD_REV" ] && [ "$PR_BASE_REV" = "$PR_HEAD_REV" ] && [ "$MERGE_BASE" = "$PR_HEAD_REV" ]; then
+              SKIP_TESTS=true
+              echo "✅ Proven release parity between dev and main; skipping duplicate validation."
+            else
+              echo "ℹ️ Release parity proof unavailable for dev→main PR; running required validation set."
+            fi
           fi
+          echo "skip_tests_dev_to_main=${SKIP_TESTS}" >> "$GITHUB_OUTPUT"
 
   verify-module-signatures:
     name: Verify Module Signatures
@@ -99,6 +122,49 @@ jobs:
             python scripts/verify-modules-signature.py --require-signature --enforce-version-bump --payload-from-filesystem
           fi
 
+  workflow-lint:
+    name: Workflow Lint
+    needs: [changes]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Skip when no workflow changes are present
+        if: needs.changes.outputs.workflow_changed != 'true' && github.event_name != 'workflow_dispatch'
+        run: |
+          echo "✅ No workflow changes detected; skipping workflow lint."
+
+      - name: Set up Python 3.12
+        if: needs.changes.outputs.workflow_changed == 'true' || github.event_name == 'workflow_dispatch'
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: "pip"
+          cache-dependency-path: |
+            pyproject.toml
+
+      - name: Set up Go for actionlint
+        if: needs.changes.outputs.workflow_changed == 'true' || github.event_name == 'workflow_dispatch'
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.24"
+
+      - name: Install lint dependencies
+        if: needs.changes.outputs.workflow_changed == 'true' || github.event_name == 'workflow_dispatch'
+        run: |
+          python -m pip install --upgrade pip
+          pip install "hatch" "virtualenv<21"
+          go install github.com/rhysd/actionlint/cmd/actionlint@v1.7.11
+          echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"
+
+      - name: Run workflow lint
+        if: needs.changes.outputs.workflow_changed == 'true' || github.event_name == 'workflow_dispatch'
+        run: |
+          echo "🔍 Running actionlint for workflow changes..."
+          hatch run lint-workflows
+
   tests:
     name: Tests (Python 3.12)
     needs: [changes, verify-module-signatures]
@@ -219,7 +285,7 @@ jobs:
     name: Compatibility (Python 3.11)
     runs-on: ubuntu-latest
     needs: [changes, verify-module-signatures]
-    if: needs.changes.outputs.skip_tests_dev_to_main != 'true'
+    if: needs.changes.outputs.code_changed == 'true' && needs.changes.outputs.skip_tests_dev_to_main != 'true'
     permissions:
       contents: read
     steps:
@@ -258,9 +324,10 @@ jobs:
           mkdir -p logs/compat-py311
           COMPAT_LOG="logs/compat-py311/compat_$(date -u +%Y%m%d_%H%M%S).log"
           {
-            hatch -e hatch-test.py3.11 run run -- -r fEw tests/unit tests/integration || echo "⚠️ Some tests failed (advisory)"
+            hatch -e hatch-test.py3.11 run run -- -r fEw tests/unit tests/integration
             hatch -e hatch-test.py3.11 run xml || true
           } 2>&1 | tee "$COMPAT_LOG"
+          exit "${PIPESTATUS[0]:-$?}"
       - name: Upload compat-py311 logs
         if: always()
         uses: actions/upload-artifact@v4
@@ -273,7 +340,7 @@ jobs:
     name: Contract-First CI
     runs-on: ubuntu-latest
     needs: [changes, verify-module-signatures]
-    if: needs.changes.outputs.skip_tests_dev_to_main != 'true'
+    if: needs.changes.outputs.code_changed == 'true' && needs.changes.outputs.skip_tests_dev_to_main != 'true'
     permissions:
       contents: read
     steps:
@@ -313,8 +380,9 @@ jobs:
         run: |
           echo "🔍 Validating runtime contracts..."
           REPRO_LOG="logs/repro/repro_$(date -u +%Y%m%d_%H%M%S).log"
-          echo "Running specfact repro with required CrossHair... (log: $REPRO_LOG)"
-          hatch run specfact repro --verbose --crosshair-required --budget 120 2>&1 | tee "$REPRO_LOG" || echo "SpecFact repro found issues"
+          echo "Running contract-first validation with required CrossHair... (log: $REPRO_LOG)"
+          hatch run contract-test 2>&1 | tee "$REPRO_LOG"
+          exit "${PIPESTATUS[0]:-$?}"
       - name: Upload repro logs
         if: always()
         uses: actions/upload-artifact@v4
@@ -334,7 +402,7 @@ jobs:
     name: CLI Command Validation
     runs-on: ubuntu-latest
     needs: [changes, verify-module-signatures]
-    if: needs.changes.outputs.skip_tests_dev_to_main != 'true'
+    if: needs.changes.outputs.code_changed == 'true' && needs.changes.outputs.skip_tests_dev_to_main != 'true'
     permissions:
       contents: read
     steps:
@@ -353,8 +421,8 @@ jobs:
       - name: Validate CLI commands
         run: |
           echo "🔍 Validating CLI commands..."
-          specfact --help || echo "⚠️ CLI not yet fully implemented"
-          echo "✅ CLI validation complete (advisory)"
+          specfact --help
+          echo "✅ CLI validation complete"
 
   quality-gates:
     name: Quality Gates (Advisory)
@@ -412,7 +480,7 @@ jobs:
     name: Type Checking (basedpyright)
     runs-on: ubuntu-latest
     needs: [changes, verify-module-signatures]
-    if: needs.changes.outputs.skip_tests_dev_to_main != 'true'
+    if: needs.changes.outputs.code_changed == 'true' && needs.changes.outputs.skip_tests_dev_to_main != 'true'
     permissions:
       contents: read
     steps:
@@ -447,7 +515,7 @@ jobs:
     name: Linting (ruff, pylint)
     runs-on: ubuntu-latest
     needs: [changes, verify-module-signatures]
-    if: needs.changes.outputs.skip_tests_dev_to_main != 'true'
+    if: needs.changes.outputs.code_changed == 'true' && needs.changes.outputs.skip_tests_dev_to_main != 'true'
     permissions:
       contents: read
     steps:
@@ -477,7 +545,8 @@ jobs:
             python -m basedpyright --pythonpath "$(python -c 'import sys; print(sys.executable)')"
             ruff check .
             pylint src tests tools
-          } 2>&1 | tee "$LINT_LOG" || echo "⚠️ Linting incomplete"
+          } 2>&1 | tee "$LINT_LOG"
+          exit "${PIPESTATUS[0]:-$?}"
       - name: Upload lint logs
         if: always()
         uses: actions/upload-artifact@v4

.github/workflows/sign-modules.yml

@@ -25,7 +25,7 @@ on:
 
 jobs:
   verify:
-    name: Verify module signatures
+    name: Verify Module Signatures
     runs-on: ubuntu-latest
     permissions:
       contents: read

.pre-commit-config.yaml

@@ -1,10 +1,10 @@
 repos:
   - repo: local
     hooks:
-      - id: verify-module-signatures
-        name: Verify module signatures and version bumps
-        entry: hatch run ./scripts/verify-modules-signature.py --require-signature --enforce-version-bump
-        language: system
+      - id: specfact-smart-checks
+        name: SpecFact smart pre-commit checks
+        entry: scripts/pre-commit-smart-checks.sh
+        language: script
         pass_filenames: false
         always_run: true
       - id: check-doc-frontmatter
@@ -14,10 +14,3 @@ repos:
         files: ^(docs/.*\.md|docs/\.doc-frontmatter-enforced|USAGE-FAQ\.md)$
         pass_filenames: false
         always_run: false
-      - id: specfact-code-review-gate
-        name: Run code review gate on staged Python files
-        entry: hatch run python scripts/pre_commit_code_review.py
-        language: system
-        files: \.pyi?$
-        # Show summary + copy-paste lines on success; pre-commit hides hook output otherwise.
-        verbose: true

CHANGELOG.md

@@ -1,3 +1,4 @@
+<!-- markdownlint-configure-file { "MD024": { "siblings_only": true } } -->
 # Changelog
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
@@ -508,7 +509,6 @@ All notable changes to this project will be documented in this file.
 - Bundle ID candidate derivation no longer falls back to the manifest filename stem (`bundle.yaml` -> `bundle`), preventing false rejection of valid explicit `bundle:<id>` tags.
 - OpenSpec change order/archive tracking was synchronized for Wave 1 closure (`verification-01-wave1-delta-closure`) and related archived status markers.
 
----
 ## [0.34.0] - 2026-02-18
 
 ### Added

CONTRIBUTING.md

@@ -96,9 +96,19 @@ hatch run lint
 hatch run contract-test-full
 ```
 
-The repo-owned pre-commit flow now also runs `specfact code review run` on
-staged Python files and blocks commits only when the review verdict is
-blocking.
+The supported local hook path is the repo-owned smart-check wrapper installed by the commands
+above. It keeps local semantics aligned with CI:
+
+- Merge-blocking local gates: module signature verification, formatter safety, Markdown/YAML checks,
+  workflow lint for staged workflow changes, and contract-test fast feedback when code changes.
+- Review gate behavior: `specfact code review run` reviews staged Python files and blocks the
+  commit only on `FAIL`. `PASS_WITH_ADVISORY` remains green but still prints the JSON report path for
+  remediation in Copilot/Cursor.
+- Advisory review surfaces: CodeRabbit and other PR review comments remain advisory unless a branch
+  protection rule explicitly promotes a check to required.
+- Workflow linting requires `actionlint` on `PATH` or a Docker-enabled environment. CI installs a
+  pinned `actionlint` release explicitly; local contributors should install it globally, for example
+  with `go install github.com/rhysd/actionlint/cmd/actionlint@v1.7.11`.
 
 ## Contributor License Agreement (CLA)
 
@@ -199,13 +209,15 @@ The repository README, `docs/index.md`, and other first-contact surfaces must pr
 first-contact story.
 
 When editing those surfaces, make sure a new visitor can quickly answer:
+
 - **What is SpecFact?**
 - **Why does it exist?**
 - **Why should I use it?**
 - **What do I get?**
 - **How do I get started?**
 
 Keep the hierarchy in this order:
+
 1. Product identity
 2. Why it exists
 3. User value

docs/contributing/docs-sync.md

@@ -15,7 +15,7 @@ exempt: false
 exempt_reason: ""
 ---
 
-# Documentation ownership and frontmatter
+## Documentation ownership and frontmatter
 
 Core documentation uses **YAML frontmatter** for Jekyll (layout, title, permalink) and for **ownership** fields that drive the `scripts/check_doc_frontmatter.py` checker.
 
@@ -46,6 +46,10 @@ The enforced-path file accepts glob patterns matched against repo-relative Markd
 `docs/` and root docs such as `USAGE-FAQ.md`; blank lines and lines starting with `#` are ignored by
 the checker.
 
+Docs-only PRs rely on the dedicated `Docs Review` workflow as the required documentation gate. Its
+cross-site link check remains advisory because the published site can lag deployment, while
+frontmatter validation and docs test suites remain merge-blocking for docs-owned changes.
+
 ## Troubleshooting
 
 - **Missing `doc_owner`**: add the field and a sensible `tracks` list for the code or specs this page describes.

docs/modules/code-review.md

@@ -5,7 +5,7 @@ description: Install and use the official specfact-code-review module scaffold.
 permalink: /modules/code-review/
 ---
 
-# Code Review Module
+## Code Review Module
 
 The `nold-ai/specfact-code-review` module extends `specfact code` with a governed `review` subgroup for structured review execution, scoring, and reporting.
 
@@ -102,25 +102,27 @@ The scaffolded `ReviewReport` envelope carries these fields:
 
 ## Pre-Commit Review Gate
 
-This repository wires `specfact code review run` into pre-commit before a
-commit is considered green.
+This repository wires `specfact code review run` into the smart pre-commit wrapper before a commit
+is considered green.
 
-The local hook entry lives in `.pre-commit-config.yaml`:
+The supported local hook entry lives in `.pre-commit-config.yaml`:
 
 ```yaml
 repos:
   - repo: local
     hooks:
-      - id: specfact-code-review-gate
-        name: Run code review gate on staged Python files
-        entry: hatch run python scripts/pre_commit_code_review.py
-        language: system
-        files: \.pyi?$
-        # Needed so you still see hook output when the gate passes (pre-commit hides it otherwise).
-        verbose: true
+      - id: specfact-smart-checks
+        name: SpecFact smart pre-commit checks
+        entry: scripts/pre-commit-smart-checks.sh
+        language: script
+        pass_filenames: false
+        always_run: true
 ```
 
-The helper script scopes the gate to staged Python files only and then runs:
+The wrapper calls `scripts/pre_commit_code_review.py` only when staged Python files are present,
+alongside the repo's other local required gates (module signatures, formatter safety, Markdown/YAML
+checks, workflow lint when relevant, and contract-test fast feedback). The review helper itself
+then runs:
 
 ```bash
 specfact code review run --json --out .specfact/code-review.json <staged-python-files>
@@ -158,6 +160,12 @@ Commit behavior:
 - `PASS_WITH_ADVISORY` keeps the commit green
 - `FAIL` blocks the commit
 
+Repository gate taxonomy:
+
+- Local smart-check wrapper: merge-blocking for its enforced local checks.
+- `specfact code review run`: advisory unless it returns `FAIL`; `PASS_WITH_ADVISORY` stays commit-green.
+- CodeRabbit review comments/status: advisory review assistance, not a merge-blocking branch-protection gate by themselves.
+
 To install the repo-owned hook flow:
 
 ```bash