{ "summary": "Read-only audit of the AI coding harness: find stale rules, redundant directives, excessive global context, over-broad skills, unneeded hooks/MCP, and product-overlap config. Analysis-only, no file mutation.", "agentCount": 7, "logs": [], "result": { "inventory": { "scopeNotes": "Full harness audit inventory for /home/lucas. Scope covers: CLAUDE.md, AGENTS.md, .claude/rules/autopus/ (13 files), .claude/skills/ (45 files: 44 in autopus/ + SKILL.md), .claude/agents/autopus/ (16 files), .claude/hooks/ (8 .sh + 1 README), .mcp.json, .claude/settings.json, .claude/settings.local.json, multi-platform copies in .codex/ and .gemini/. Absent/empty targets: .claude/workflows/ (does not exist), .cursor/rules/ (does not exist). Read-only audit — no files modified. Global context (.claude/projects/.../memory/MEMORY.md, user global rules) are already injected via system-reminder but are NOT part of the harness file system under .claude/; excluded from file counts.", "findings": [ { "path": "CLAUDE.md", "currentPurpose": "Global LLM behavioral guidelines (sections 1-10, hand-written) + auto-generated ADK harness summary injected into every session", "problem": "Mixed provenance: sections 1-10 are hand-written and meaningful; the 'Autopus-ADK Harness' tail section is auto-generated and duplicates what is already in .claude/rules/autopus/. Whole file is Tier A (global, injected every session).", "evidence": "177 lines total. Sections 1-10 span ~130 lines of genuine project-specific behavioral guidelines. The ADK tail replicates language-policy, file-size-limit, and subagent-delegation summaries already present in full in .claude/rules/autopus/.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "mixed", "realFixLocation": "ADK source/template for the auto-generated tail; installed copy is source of truth for sections 1-10", "autoDietEligible": false }, { "path": "AGENTS.md", "currentPurpose": "Global agent behavioral guidelines injected into every session (Tier A)", "problem": "155 lines injected globally every session. Content overlaps with individual agent prompts in .claude/agents/autopus/ — the same agent names, roles, and delegation patterns appear both here and in each agent's own file. Agents are dispatched lazily (Tier B), making the global AGENTS.md summary a partial duplicate at session-start cost.", "evidence": "155 lines. Agent roster (16 agents) is also defined in 16 individual agent files totaling 2845 lines in .claude/agents/autopus/.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — changes to AGENTS.md will be overwritten by /auto sync", "autoDietEligible": false }, { "path": ".claude/rules/autopus/spec-quality.md", "currentPurpose": "SPEC authoring quality checklist (Q-CORR-*, Q-COMP-*, Q-FEAS-*, Q-STYLE-*, Q-SEC-*, Q-COH-*) injected globally every session", "problem": "Largest rule at 197 lines, injected into EVERY session regardless of whether a SPEC is being authored. This is a reference document consumed only during spec/plan/review workflows but burns Tier A context on all sessions.", "evidence": "197 lines. Contains 5 primary dimensions x multiple sub-checks plus an appendix. Relevant only when running /auto plan, /auto spec, or /auto review — not for typical coding sessions.", "recommendation": "MOVE", "moveTarget": ".claude/skills/autopus/spec-review.md (merge or replace as lazy-loaded skill)", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify as skill not rule so it loads lazily", "autoDietEligible": false }, { "path": ".claude/rules/autopus/context7-docs.md", "currentPurpose": "Auto-fetch documentation from Context7 MCP before any library/framework work; defines when, how, token budgets, caching", "problem": "148 lines injected globally. Highly procedural fetch algorithm with tables and code blocks. Most sessions do not trigger a Context7 fetch; the full procedure is only relevant at Phase 1.8 of /auto go or during library-specific debugging.", "evidence": "148 lines. Includes a 4-step fetch algorithm, 5-row token budget table, per-library cap table, error handling protocol — all applicable only when MCP is triggered. .mcp.json confirms context7 is registered but called lazily.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/objective-reasoning.md", "currentPurpose": "Mandates evidence-based reasoning, trade-off disclosure, assumption challenging, calibrated confidence for all responses", "problem": "81 lines globally injected. The domain-adaptive role table and prohibited patterns sections repeat guidance already embedded in Claude's base behavior, adding token cost with marginal delta.", "evidence": "81 lines. Prohibited-patterns list (7 items) and domain-adaptive table overlap substantially with standard LLM instruction-following norms.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/worktree-safety.md", "currentPurpose": "Git worktree safety rules for parallel executor agents: prohibited commands, GC suppression, retry strategy, cleanup", "problem": "74 lines injected globally every session. Rules are only relevant during parallel /auto go --team pipeline execution with worktrees. Typical solo coding sessions never spawn worktrees.", "evidence": "74 lines. GC suppression flag, exponential backoff, max-5-worktrees limit — all dormant outside multi-agent pipeline runs. .claude/skills/autopus/worktree-isolation.md (216 lines) and git-worktrees.md (92 lines) cover the same domain as lazy-loaded skills.", "recommendation": "MOVE", "moveTarget": ".claude/skills/autopus/worktree-isolation.md (merge or reference)", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify as skill not rule", "autoDietEligible": false }, { "path": ".claude/rules/autopus/deferred-tools.md", "currentPurpose": "Explains deferred tool loading (AskUserQuestion, TaskCreate, etc.) and when to call ToolSearch before use", "problem": "70 lines injected globally. Deferred tools are a Claude Code platform mechanism; Codex/Antigravity/OpenCode adapters are told to ignore it. Relevant only at specific /auto subcommand trigger points.", "evidence": "70 lines. .gemini/rules/autopus/ is missing this file (10 rules vs .claude's 13), confirming it is already treated as platform-specific by at least one platform.", "recommendation": "MOVE", "moveTarget": ".claude/skills/auto/SKILL.md inline reference, or a claude-code-specific skill", "changeRisk": "medium", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — should be claude-code-platform-scoped, not global rule", "autoDietEligible": false }, { "path": ".claude/rules/autopus/techstack-freshness.md", "currentPurpose": "Requires explicit technology stack version resolution before greenfield/brownfield work; mandates source refs and checked_at dates", "problem": "65 lines globally injected. Valid for new project or migration tasks; dormant for maintenance, bugfix, or doc work sessions. The required SPEC text table format is only actionable during /auto plan or research.md authoring.", "evidence": "65 lines. Mode classification, evidence source priority order, and required SPEC table are all /auto plan artifacts.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "low", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/branding.md", "currentPurpose": "Tiered branding rules: when to show octopus banner, footer, session-start format, Tier 1-5 display logic", "problem": "64 lines globally injected for aesthetic/UX branding rules. References templates/shared/branding-formats.md.tmpl as canonical source — this template file is outside audit scope.", "evidence": "64 lines. Tier 1 (session start) and Tier 2 (/auto command) are the only frequently triggered tiers.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "low", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/lore-commit.md", "currentPurpose": "Lore commit format enforcement: type, scope, subject, structured trailers, Autopus sign-off — globally injected rule", "problem": "50 lines globally injected. CLAUDE.md section 9 (Semantic Commits) has its own commit guidance creating two commit rules at global scope. Additionally a skill at .claude/skills/autopus/lore-commit.md (99 lines) lazily loads the same content — three-layer lore enforcement when a commit workflow runs.", "evidence": "50 lines rule (global) + 99 lines skill (lazy) + pre-commit-lore.sh hook (54 lines, runtime) = three separate lore-commit artifacts.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — rule and skill are duplicates; one layer should be authoritative", "autoDietEligible": false }, { "path": ".claude/rules/autopus/doc-storage.md", "currentPurpose": "Document storage rules: storage matrix for SPECs/brainstorms/changelogs, module detection, SPEC ID uniqueness, sync commit rules", "problem": "49 lines globally injected. Relevant only when creating SPECs or brainstorms. Most coding sessions never create these artifacts.", "evidence": "49 lines. Storage matrix and ID uniqueness checks are /auto plan / /auto sync workflow artifacts.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "low", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/file-size-limit.md", "currentPurpose": "Hard 300-line file size limit for source code files with exclusions for docs/config", "problem": "38 lines globally injected. Clean and focused. Duplicated in CLAUDE.md auto-generated section (summary only) — minor redundancy.", "evidence": "38 lines. Clear threshold (200 warn / 300 hard), exclusion list, splitting strategies.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/language-policy.md", "currentPurpose": "Per-project language settings: code_comments=en, commit_messages=en, ai_responses=en", "problem": "36 lines globally injected. Duplicated in CLAUDE.md auto-generated Language Policy block which already inlines the active settings for this project.", "evidence": "36 lines. 3-row config table + rules + defaults.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "low", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/subagent-delegation.md", "currentPurpose": "When and how to delegate to subagents: 3-file/200-line/multi-domain thresholds, delegation procedure, anti-patterns", "problem": "29 lines globally injected. Compact. Core thresholds are partially duplicated in CLAUDE.md auto-generated section.", "evidence": "29 lines. The smallest rule file.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/rules/autopus/project-identity.md", "currentPurpose": "Prevents confusing the user's product code with .autopus/ ADK harness config; defines two-layer separation", "problem": "25 lines globally injected. One of the most compact and contextually relevant rules — prevents a real, recurring LLM mistake. No meaningful problem.", "evidence": "25 lines. The two-layer table and 'How to Identify the Product' checklist are directly actionable every session.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/skills/auto/SKILL.md", "currentPurpose": "The /auto command router — defines all /auto subcommands (go, plan, fix, test, review, sync, etc.) with full phase descriptions, gate logic, and routing", "problem": "2813 lines — by far the largest single file in the harness. Loaded lazily (Tier B) only when /auto is invoked, which is appropriate. However 2813 lines is an outlier. Codex splits this same content into 17 separate auto-*.md prompt files.", "evidence": "2813 lines confirmed. .codex/skills/ has 17 additional auto-*.md files (auto-go.md, auto-plan.md, auto-fix.md, etc.) that are the platform-split version of SKILL.md content.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — Codex has this split into 17 separate prompt files; Claude-code consolidates into SKILL.md", "autoDietEligible": false }, { "path": ".claude/skills/autopus/agent-pipeline.md", "currentPurpose": "Full /auto go pipeline definition: phases 1-4, parallel executor coordination, gate logic, merge strategy", "problem": "654 lines — largest autopus skill. Lazy-loaded (Tier B). Overlaps with SKILL.md which also defines /auto go phases. Combined injection when /auto go runs: SKILL.md (2813) + agent-pipeline.md (654) = 3467 lines of pipeline documentation.", "evidence": "654 lines confirmed. Second-largest file in the harness after SKILL.md.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/skills/autopus/lore-commit.md (skill)", "currentPurpose": "Lore commit skill — how to author structured Lore commit messages (lazy-loaded version)", "problem": "99 lines lazy-loaded skill that duplicates .claude/rules/autopus/lore-commit.md (50 lines globally injected). Both are active: rule fires globally, skill fires when /auto or commit workflow is triggered. Same content in two load tiers.", "evidence": "99 lines skill + 50 lines rule + 54 lines pre-commit-lore.sh = 203 lines of lore-commit content across 3 artifacts.", "recommendation": "DELETE", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — either the rule or the skill should be the single source, not both", "autoDietEligible": false }, { "path": ".claude/hooks/autopus/ (7 files) + task-created-validate.sh", "currentPurpose": "Runtime hooks: stop hooks (claude/codex/gemini), pre-commit-arch, pre-commit-lore, react-ci-failure, react-review. Tier C — executed not injected.", "problem": "settings.json fires two hooks on every Bash call (PreToolUse: auto check --arch 30s; PostToolUse: auto react check 60s). Every bash call in every session triggers both hooks regardless of task type.", "evidence": "7 autopus .sh files (575 lines) + task-created-validate.sh (87 lines) + README (109 lines) = 9 hook files / 684 lines total. PreToolUse timeout=30s, PostToolUse timeout=60s, matcher=Bash.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template + autopus.yaml hook config", "autoDietEligible": false }, { "path": ".claude/settings.json (modelOverrides.op = 'claude-opus-4-6')", "currentPurpose": "Sets 'op' (opus) model override alias used by agents requesting opus-tier", "problem": "Model ID 'claude-opus-4-6' appears stale relative to current Opus 4.8 generation. Stale model ID may silently fall back or fail on API validation when an agent requests opus-tier processing.", "evidence": "settings.json modelOverrides: {ha: 'claude-haiku-4-5-20251001', op: 'claude-opus-4-6', so: 'claude-sonnet-4-6'}. Current session model is claude-sonnet-4-6.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "medium", "confidence": "medium", "adkProvenance": "mixed", "realFixLocation": "autopus.yaml or settings.json — verify current Opus model ID and update", "autoDietEligible": false }, { "path": ".claude/workflows/ (absent)", "currentPurpose": "No target — nothing to audit", "problem": "Directory does not exist. No custom workflows are defined.", "evidence": "ls /home/lucas/.claude/workflows/ returned DOES NOT EXIST", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "unknown", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".cursor/rules/ (absent)", "currentPurpose": "No target — nothing to audit", "problem": "Directory does not exist. No Cursor rules are defined.", "evidence": "ls /home/lucas/.cursor/rules/ returned DOES NOT EXIST", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "unknown", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".codex/rules/autopus/ + .gemini/rules/autopus/ (multi-platform copies)", "currentPurpose": "Multi-platform installed copies of the same rules for Codex and Gemini CLI platforms", "problem": "Platform divergence: .codex has 13 rules (identical to .claude), .gemini has only 10 rules (missing deferred-tools.md, project-identity.md, spec-quality.md). This asymmetry is either intentional platform-specific exclusion or a sync gap.", "evidence": ".codex/rules/autopus/: 13 files matching .claude exactly. .gemini/rules/autopus/: 10 files — diff confirms deferred-tools.md, project-identity.md, spec-quality.md absent. .codex/skills/ has 62 files (45 .claude skills + 17 extra auto-*.md prompt files specific to Codex).", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template + platform manifests in .autopus/*-manifest.json — any rule changes must happen there", "autoDietEligible": false } ], "summary": "Verified inventory matches ground truth with one correction: .gemini/rules/autopus/ has 10 rules (not 13) — missing deferred-tools.md, project-identity.md, spec-quality.md vs .claude/.\n\nTIER A (GLOBAL — injected every session): CLAUDE.md (177 lines), AGENTS.md (155 lines), 13 rules files (926 lines total). Combined Tier A load: ~1258 lines per session. Top 3 by size: spec-quality.md (197), context7-docs.md (148), objective-reasoning.md (81).\n\nTIER B (LAZY — loaded on invocation): 44 skills in .claude/skills/autopus/ (7203 lines) + SKILL.md (2813 lines) = 10016 lines across 45 files. 16 agent files (2845 lines). Top 3 skills: agent-pipeline.md (654), idea.md (507), browser-automation.md (340). Top 3 agents: spec-writer.md (326), validator.md (278), tester.md (273).\n\nTIER C (RUNTIME — executed not injected): 8 hook files (575 sh lines + 109 README + 87 task-created-validate.sh = 684 total). settings.json fires two hooks on every Bash call (PreToolUse: auto check --arch 30s; PostToolUse: auto react check 60s). MCP: context7 + sequential-thinking (npx-launched, lazy).\n\nMulti-platform duplication: .codex/ mirrors .claude/ rules (13 files) and adds 17 codex-specific auto-*.md prompt files. .gemini/ has 10/13 rules + 16 agents. All installed copies are overwritten by /auto sync — source of truth is ADK templates.\n\nKey inventory-level flags for deeper audit: (1) spec-quality.md (197 lines) is globally injected but only relevant during SPEC authoring workflows — candidate to move to lazy skill. (2) worktree-safety.md (74 lines) is globally injected but only relevant during parallel multi-agent pipelines — candidate to merge into worktree-isolation skill. (3) lore-commit content exists in three separate layers: rule (global 50 lines) + skill (lazy 99 lines) + pre-commit-lore.sh hook (54 lines runtime). (4) SKILL.md at 2813 lines is a monolith; Codex splits this into 17 separate files. (5) modelOverrides.op = 'claude-opus-4-6' may be a stale model ID." }, "globalTax": { "scopeNotes": "Audited: CLAUDE.md (177 lines), AGENTS.md (155 lines), and all 13 files in .claude/rules/autopus/ (926 lines). Total Tier-A global-injected budget: ~1258 lines loaded into every session. Skills (.claude/skills/autopus/) and agents (.claude/agents/autopus/) were read as evidence sources for duplication and CONVERT move-target justification only — they are not in the change scope. settings.json (model IDs, hooks) was read for orientation but is explicitly out of scope for this deliverable; one observation about stale model IDs noted in scopeNotes only. All 15 audited files are ADK-generated installed copies; the real fix location for any change is the ADK source template or autopus.yaml, not the installed copies, which would be overwritten by the next /auto sync.", "findings": [ { "path": ".claude/rules/autopus/spec-quality.md", "currentPurpose": "Full 5-dimension SPEC quality checklist (Q-CORR-*, Q-COMP-*, Q-FEAS-*, Q-STYLE-*, Q-SEC-*, Q-COH-* with pass/fail criteria and N/A guidance) injected into every session globally.", "problem": "197 lines (~16% of the entire 1258-line Tier-A budget) loaded on every chat turn, including coding sessions that have nothing to do with SPEC authoring. The checklist is an on-demand reference consumed only during /auto plan, /auto spec, or /auto review flows. It is already referenced explicitly by the lazy-loaded spec-review.md skill (line 16: 'treat content/rules/spec-quality.md as the pre-review self-check') and the spec-writer agent (line 320: 'content/rules/spec-quality.md를 기준으로 자체 검증'). The global injection is therefore redundant with those on-demand references — the content is found when needed anyway.", "evidence": "spec-quality.md = 197 lines. spec-review.md (lazy skill) line 16: 'treat content/rules/spec-quality.md as the pre-review self-check that spec-writer should already have applied'. spec-writer agent line 269-277 enumerates the same Q-* check IDs. Lazy-loaded skill already provides the pointer; no session benefit from global load.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/spec-review.md — promote to a referenced skill section or standalone skill so it loads only when /auto spec or /auto review is invoked", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/ so sync does not reinstall it as a global rule", "autoDietEligible": false }, { "path": ".claude/rules/autopus/context7-docs.md", "currentPurpose": "Procedural Context7 MCP fetch algorithm (detection heuristics, 5-step fetch, token budget tables, caching, error handling) injected globally every session.", "problem": "148 lines of detailed pipeline procedure loaded on every chat turn. The fetch procedure is only relevant at Phase 1.8 of /auto go or when debugging library errors. The agent-pipeline.md skill (line 254) already contains an explicit ref: 'Ref: .claude/rules/autopus/context7-docs.md for detection heuristics, token limits, and anti-patterns' — meaning the pipeline already knows to look here when needed. The global load is therefore a per-session token tax that fires on every unrelated request.", "evidence": "context7-docs.md = 148 lines. agent-pipeline.md line 254: 'Ref: .claude/rules/autopus/context7-docs.md for detection heuristics, token limits, and anti-patterns.' The runtime pipeline references the file by name — converting it to a lazy skill preserves discoverability while eliminating the constant injection overhead.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/ as a standalone skill (e.g., context7-fetch.md), referenced by agent-pipeline.md skill at Phase 1.8", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/ so sync does not reinstall as a global rule", "autoDietEligible": false }, { "path": "AGENTS.md", "currentPurpose": "Global agent roster (16 agents with one-line descriptions), Codex/OpenCode execution model notes, file-size/subagent/language-policy summaries, and platform directory paths — all injected into every session.", "problem": "155 lines injected globally for content that has two separate redundancy problems. (1) Agent roster: the 16 agent descriptions are duplicated from the 16 individual agent files in .claude/agents/autopus/ (2845 lines total) which are dispatched lazily on-demand. (2) Platform noise: AGENTS.md lines 12-49 document Codex/OpenCode installation paths and execution model notes (spawn_agent, task(), opencode.json) that are inert in a claude-code session. (3) File-size-limit, subagent-delegation, and language-policy summaries (lines 58-72) are triple-stated: already present in dedicated rules files and in CLAUDE.md ADK tail.", "evidence": "AGENTS.md lines 12-49: Codex/OpenCode-specific platform notes. AGENTS.md lines 58-72: File Size Limit and Subagent Delegation summaries that duplicate .claude/rules/autopus/file-size-limit.md and subagent-delegation.md verbatim. The 16 agent names/roles at lines 83-146 duplicate .claude/agents/autopus/ content. All ADK-generated.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — the platform-specific Codex/OpenCode sections and the duplicated rule summaries should be removed from the AGENTS.md template; the agent roster should be kept as a minimal index (name + one-liner only, not prose descriptions that duplicate agent files)", "autoDietEligible": false }, { "path": ".claude/rules/autopus/worktree-safety.md", "currentPurpose": "Git worktree safety rules for parallel executor agents: GC suppression flag, prohibited commands, lock retry backoff, cleanup procedure, max-5-worktree limit — injected every session.", "problem": "74 lines of operational safety rules that are only relevant when parallel /auto go runs spawn multiple worktrees. Typical solo coding sessions never activate this code path. The companion skill worktree-isolation.md (216 lines, lazy-loaded) already contains the same git -c gc.auto=0 pattern (lines 110, 124, 126, 155), the same 3/6/12s backoff table (lines 170-172), and the same lock list (.git/refs.lock, packed-refs.lock). Loading both on every session is redundant.", "evidence": "worktree-isolation.md line 155: 'Prepend git -c gc.auto=0 to all git commands while parallel executors are running.' Lines 166-172: exponential backoff table (1st=3s, 2nd=6s, 3rd=12s). Lines 159-164: identical shared resource lock list. The rule and skill carry the same safety content; only one needs to be globally visible.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/worktree-isolation.md — merge the rule's safety invariants as a 'Safety Requirements' section so they load with the skill when worktrees are used", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/ so sync does not reinstall as a global rule", "autoDietEligible": false }, { "path": "CLAUDE.md", "currentPurpose": "Hand-written behavioral guidelines (sections 1-10, ~130 lines) plus auto-generated ADK harness summary (lines 135-177: language policy, file-size-limit, subagent-delegation, code review notes).", "problem": "The ADK-generated tail (lines 135-177, 43 lines) restates three constraints already present in full dedicated rule files: language-policy.md (36 lines), file-size-limit.md (38 lines), and subagent-delegation.md (29 lines). These are loaded every session independently. The tail adds no unique content; it creates a triple-statement on every session turn. Sections 1-10 are hand-written and should be kept — they encode real recurring mistakes (over-engineering, skipping tests, guessing at errors).", "evidence": "CLAUDE.md lines 151-157: Language Policy block. CLAUDE.md lines 161-163: Subagent Delegation IMPORTANT. CLAUDE.md lines 165-173: File Size Limit IMPORTANT + Code Review. These are exact summaries of .claude/rules/autopus/language-policy.md, subagent-delegation.md, and file-size-limit.md respectively. All three rule files are injected globally in addition to this tail.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "mixed", "realFixLocation": "ADK source/template — the auto-generated AUTOPUS:BEGIN..END block should be reduced to a short pointer ('See .claude/rules/autopus/ for active constraints') rather than restating rule content", "autoDietEligible": false }, { "path": ".claude/rules/autopus/lore-commit.md", "currentPurpose": "Lore commit format specification (type table, trailer schema, sign-off rules) injected every session to enforce structured commit messages.", "problem": "The same format is defined in two places: .claude/rules/autopus/lore-commit.md (50 lines, globally injected) and .claude/skills/autopus/lore-commit.md (99 lines, lazy-loaded skill). The rule is enforced at commit time by the pre-commit-lore.sh hook and 'auto check --lore', making the global injection add overhead beyond the hook. Additionally, CLAUDE.md section 9 'Semantic Commits' describes commit atomicity without mentioning Lore format, creating a minor presentation inconsistency (not a conflict — both apply, but a reader must infer they layer).", "evidence": "Both .claude/rules/autopus/lore-commit.md (50 lines) and .claude/skills/autopus/lore-commit.md (99 lines) define: commit type table, trailer schema, 🐙 Autopus sign-off. pre-commit-lore.sh enforces format at commit time regardless of whether the rule is globally loaded. CLAUDE.md section 9 lines 107-116 describe commit granularity ('Can I describe this commit in one sentence?') without referencing Lore format.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — the global rule should be reduced to the IMPORTANT constraint line and a pointer to the skill for full format details; hook enforcement means the full trailer spec doesn't need to live in global context", "autoDietEligible": false }, { "path": ".claude/rules/autopus/language-policy.md", "currentPurpose": "Declares per-project language settings (code_comments, commit_messages, ai_responses) and reminds all agents to check project config before producing output.", "problem": "Language policy appears in three Tier-A locations: language-policy.md (36 lines), CLAUDE.md ADK tail (lines 151-157), and AGENTS.md (lines 24-30). This is triple-injection of the same constraint. Additionally, the language-policy.md 'Configuration' table shows commit_messages=ko and ai_responses=ko in the 'Example' column, while autopus.yaml clearly sets all three to en. The column header says 'Example' so it is technically accurate, but the framing is confusing — readers may treat examples as the project's actual config values.", "evidence": "autopus.yaml: 'language: comments: en, commits: en, ai_responses: en'. language-policy.md lines 17-19 Example column: commit_messages=ko, ai_responses=ko. branding.md line 40: 'language-policy — language policy was applied (code comments in en, commits in ko, responses in ko)' — this is an outright stale description, not an example column. Triple injection: language-policy.md + CLAUDE.md:151-157 + AGENTS.md:24-30.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — (1) Example column values should either match the actual project config or be clearly labeled as generic examples, not project-specific; (2) CLAUDE.md and AGENTS.md ADK tails should not re-state the full policy if language-policy.md already does it", "autoDietEligible": false }, { "path": ".claude/rules/autopus/branding.md", "currentPurpose": "Tiered branding rules for when to show the Autopus octopus banner, footer, and milestone emoji across session types.", "problem": "Line 40 contains a stale description of language-policy configuration: 'language-policy — language policy was applied (code comments in en, commits in ko, responses in ko)'. This contradicts autopus.yaml which sets all three to en. Unlike the language-policy.md Example column, this line is written as a factual description of applied policy, making it a real accuracy issue. Additionally, the canonical source file templates/shared/branding-formats.md.tmpl is referenced three times (lines 12, 25, 60-64) but does not exist at /home/lucas/templates/shared/branding-formats.md.tmpl — references point to a missing artifact.", "evidence": "branding.md line 40: '(code comments in en, commits in ko, responses in ko)'. autopus.yaml: 'commits: en, ai_responses: en'. find /home/lucas -name 'branding-formats.md.tmpl' returned no results — the canonical template reference is broken.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — (1) fix the language-policy example in the footer description to match project config or make it generic; (2) ensure templates/shared/branding-formats.md.tmpl is installed alongside the rule, or remove the dead reference", "autoDietEligible": false }, { "path": ".claude/rules/autopus/techstack-freshness.md", "currentPurpose": "Requires technology stack version evidence before naming frameworks in SPEC/PRD text; defines greenfield vs brownfield mode, evidence sources, and required research.md table.", "problem": "65 lines loaded every session. The rule applies only when the user starts a new project or explicitly requests a technology migration. It is dormant for the vast majority of sessions (bug fixes, feature additions to existing projects, conversations). The constraint 'use pkg/techstack.InferMode()' on line 19 references a non-existent package in this repo — the codebase has no pkg/ Go module, making this a stale reference.", "evidence": "techstack-freshness.md line 19: 'Use pkg/techstack.InferMode() as the source contract'. ls /home/lucas/pkg/ returns no such path. The rule also deeply couples to SPEC/PRD workflows (lines 23-57 reference research.md, prd.md tables) that only apply during /auto plan runs. For a developer's typical session editing existing projects, this rule generates zero benefit.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/prd.md or a dedicated techstack-decision skill — loaded when /auto plan or greenfield project creation is detected", "changeRisk": "medium", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/; also fix or remove the pkg/techstack.InferMode() reference if no such package exists", "autoDietEligible": false }, { "path": ".claude/rules/autopus/doc-storage.md", "currentPurpose": "SPEC and brainstorm document storage matrix (root vs module scope), ID uniqueness rules, and /auto sync commit protocol.", "problem": "49 lines injected every session but only relevant when creating a new SPEC or BS, or running /auto sync. Most coding sessions never touch SPEC placement. The storage matrix is referenced by the lazy-loaded planning.md and spec-writer agent when those flows are active. Global injection adds constant context with infrequent payoff.", "evidence": "doc-storage.md = 49 lines. Content (SPEC placement matrix, sync commit phases A and B) is consumed only during /auto plan, spec-writer, or /auto sync invocations. No reference to doc-storage exists in non-SPEC skills, meaning the rule is inert during coding workflows.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/planning.md — merge the storage matrix as a reference section loaded when SPEC creation is triggered", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/", "autoDietEligible": false }, { "path": ".claude/rules/autopus/objective-reasoning.md", "currentPurpose": "Mandates evidence-based reasoning, trade-off disclosure, assumption challenging, calibrated confidence, and disagreement protocol for all responses.", "problem": "81 lines globally injected. The domain-adaptive role table, prohibited-patterns list (7 items), and anti-patterns section overlap substantially with Claude's base instruction-following behavior. The core constraint ('never agree or disagree without stating why') is valuable but could be expressed in 5-10 lines. The current length pays token tax for elaboration (examples of prohibited phrases, domain-adaptive tables) that restates baseline model behavior rather than constraining it.", "evidence": "81 lines. Sections: Core Principle (6 lines), Domain-Adaptive Role table (7 lines), Rules R1-R5 (30 lines), Prohibited Patterns list (7 items), When to Agree (3 lines), Anti-Patterns (4 items). The R1-R5 rules encode real project value; the table and prohibited-phrases examples are verbose for their marginal signal.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — compress to R1-R5 rules plus the prohibited-patterns list; remove the domain-adaptive table and anti-patterns section which add lines without adding project-specific constraints", "autoDietEligible": false }, { "path": ".claude/rules/autopus/deferred-tools.md", "currentPurpose": "Instructs the model to call ToolSearch before using deferred tools (AskUserQuestion, TaskCreate, TeamCreate, etc.) to avoid InputValidationError.", "problem": "70 lines globally injected. The rule is a platform-specific workaround for Claude Code's deferred tool schema loading. It is only relevant when /auto commands invoke interactive tools. For the majority of sessions (direct coding, Q&A, debugging), no deferred tools are invoked and the rule is inert. However, when it IS needed, it prevents a real failure mode (InputValidationError or degraded UI), so the rule has genuine value. The question is whether 70 lines of trigger-point tables and degraded-UI recovery steps justify constant injection versus a short global notice plus a lazy skill.", "evidence": "70 lines. Sections: Detection (list), Rule (code block), Trigger Points table (6 rows), Degraded UI Detection (3-step recovery), Anti-Patterns (4 items). The trigger-point table and recovery steps are operational detail that only applies during /auto pipeline runs. A 3-line global reminder ('call ToolSearch before deferred tools; see skill for details') would preserve the critical reminder while moving detail to a lazy skill.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce global rule to the IMPORTANT notice and a pointer; move the trigger table and recovery steps to a lazy skill or the agent-pipeline.md skill Phase 1.8 section", "autoDietEligible": false }, { "path": ".claude/rules/autopus/project-identity.md", "currentPurpose": "Prevents confusing the user's product source code with the .autopus/ harness config directory; provides a two-layer table and identification heuristics.", "problem": "25 lines globally injected to address a confusion that is situational: it primarily matters when the AI is asked 'what does this project do?' or compares projects. For this specific repo (single user, small project, no multi-module ambiguity present) the rule is low-frequency. That said, it is the smallest rule at 25 lines and the token cost is minimal relative to the clarity it adds when the confusion actually occurs.", "evidence": "25 lines total. No duplication with other rules. The confusion it addresses (mistaking .autopus/ for product features) is a real LLM failure mode when harnesses are installed. At 25 lines it is well below any practical shrink threshold.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "installed copy is source of truth for content; ADK template controls deployment", "autoDietEligible": false }, { "path": ".claude/rules/autopus/file-size-limit.md", "currentPurpose": "Hard 300-line limit for source code files with warning at 200, splitting strategies, and explicit exclusions for docs, configs, and SPEC markdown.", "problem": "38 lines globally injected. This rule is low-overhead and addresses a real recurring mistake (files growing without bound). The triple-statement with CLAUDE.md ADK tail and AGENTS.md is a problem at those files, not here — this is the canonical source. However, the CLAUDE.md ADK tail and AGENTS.md both re-state this rule (see CLAUDE.md:165-173 and AGENTS.md:70-72 findings above), creating redundancy.", "evidence": "file-size-limit.md = 38 lines. CLAUDE.md lines 165-173 restate this rule verbatim in the ADK-generated section. AGENTS.md line 70-72 restates it again. The rule itself is appropriately sized; the redundancy is in the other files.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "installed copy is source of truth for content; fix redundancy at CLAUDE.md and AGENTS.md ADK templates", "autoDietEligible": false }, { "path": ".claude/rules/autopus/subagent-delegation.md", "currentPurpose": "IMPORTANT-flagged rules for when to delegate to subagents (3+ files, multi-domain, 200+ new lines) and anti-patterns.", "problem": "29 lines globally injected. Same triple-statement as file-size-limit: this rule is the canonical source, but its content is repeated in CLAUDE.md ADK tail (lines 161-163) and AGENTS.md (lines 58-64). The rule itself is compact and encodes a real recurring mistake. The redundancy lives at CLAUDE.md and AGENTS.md, not here.", "evidence": "subagent-delegation.md = 29 lines. CLAUDE.md line 161-163: 'IMPORTANT: Use subagents for complex tasks that modify 3+ files...' AGENTS.md lines 58-64: 'IMPORTANT: 3개 이상 파일 수정...' identical intent.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "installed copy is source of truth; fix redundancy at CLAUDE.md and AGENTS.md ADK templates", "autoDietEligible": false } ], "summary": "The 1258-line Tier-A global context budget has four high-signal problems. First, spec-quality.md (197 lines, 16% of budget) and context7-docs.md (148 lines, 12%) are deep procedural references that fire only during SPEC authoring or /auto go pipeline runs, yet load on every session — both are already referenced by lazy-loaded skills/agents when needed, making the global injection pure token tax (CONVERT). Second, worktree-safety.md (74 lines) duplicates gc.auto=0 flag, 3/6/12s backoff, and lock list that already exist in the lazy worktree-isolation.md skill (CONVERT). Third, CLAUDE.md ADK tail and AGENTS.md each re-state language-policy, file-size-limit, and subagent-delegation that are already present as dedicated rule files — a triple-injection on every turn (SHRINK the tails). Fourth, branding.md contains a factually stale language-policy description ('commits in ko, responses in ko') that contradicts autopus.yaml which sets all three language settings to en, and references a template file (templates/shared/branding-formats.md.tmpl) that does not exist on disk (SHRINK to fix). All 15 files are ADK-generated installed copies; no finding recommends direct file editing — every real fix must happen at the ADK source template or autopus.yaml so changes survive the next /auto sync. autoDietEligible is false for all findings for the same reason." }, "skillQuality": { "scopeNotes": "Full audit of .claude/skills/ covering 45 skill files: 44 in .claude/skills/autopus/ and 1 in .claude/skills/auto/ (SKILL.md). All skill frontmatter (name, description, triggers) was read; full bodies read for all significant overlap and size candidates. Plugin skill names from the enabled superpowers plugin (5.1.0, 17 skills) were cross-checked against autopus skill names and descriptions. Platform multi-copy audit (codex, gemini) is out of scope for this task. The 8 installed plugins confirmed in settings.json were noted for overlap analysis. Findings are grouped by problem type: trigger collisions (same token fires two skills), name-identical duplicates (superpowers vs autopus), size/split candidates, description-breadth (over-trigger risk), and skills whose content is already fully covered by an always-loaded rule. Clean skills (precise scope, unique triggers, reasonable size, no rule duplication) are recorded in scopeNotes rather than as individual KEEP findings: api-design, ci-cd, competitive-analysis, context-search, database, ddd, docker, entropy-scan, experiment, hash-anchored-edit, korean-writing-refiner, metrics, migration, monitor-patterns, performance, prd, product-discovery, security-audit, using-autopus, ax-annotation, adaptive-quality, agent-presets, frontend-skill, agent-teams, writing-skills (autopus version).", "findings": [ { "path": ".claude/skills/auto/SKILL.md", "currentPurpose": "Main /auto command router: triage, subcommand routing, SPEC path resolution, context load, global flag definitions — 2813 lines, loaded on every /auto invocation", "problem": "Single file is 2813 lines — nearly 10x the target size for a skill. Not a 300-line source-code violation (Markdown is exempt), but the entire routing table, triage algorithm, all subcommand procedures, and internal templates live in one file. Makes the router harder to maintain and adds load cost to every /auto session even for subcommands that use only 5% of the content.", "evidence": "2813 lines confirmed by wc -l. Frontmatter has no triggers field — it is a command router, not a lazy-loaded skill. Sections include: Context Load, SPEC Path Resolution, Triage Process (full algorithm with tables), Routing Rules, plus all subcommand bodies. Only the routing header and global flags are needed at load time; subcommand bodies could be lazy references.", "recommendation": "SPLIT", "moveTarget": ".claude/skills/auto/SKILL.md (lean router ~200 lines) + subcommand reference files e.g. .claude/skills/auto/subcommands/*.md loaded by @-include or skill references", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — the split must happen in the ADK template that generates this file; editing the installed copy is overwritten by /auto sync", "autoDietEligible": false }, { "path": ".claude/skills/autopus/agent-pipeline.md", "currentPurpose": "5-Phase multi-agent pipeline orchestration — the default mode for /auto go. 654 lines covering phase definitions, permission detection, preflight, prompt layer discipline, worktree inclusion via @-reference.", "problem": "654 lines in a single skill file. The file also embeds full worktree isolation logic by @-including worktree-isolation.md, meaning two files cover overlapping content. Core pipeline phases, permission detection, and preflight authenticity are stable; CC21 effort mapping and platform-specific notes are volatile and could be extracted.", "evidence": "654 lines. Sections: Permission Mode Detection (table+code), Workflow Authenticity Preflight (long spec), Prompt Layer Discipline, Pipeline Overview, Phase 1–5 full procedures, Gate definitions, Sync Readiness Gate, Learning System, multi-platform notes. worktree-isolation.md is @-included (line 30).", "recommendation": "SPLIT", "moveTarget": ".claude/skills/autopus/agent-pipeline.md (lean phase overview ~200 lines) + .claude/skills/autopus/agent-pipeline-reference.md (preflight spec, platform notes, learning system)", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — split must be done in ADK templates; installed copy is overwritten by /auto sync", "autoDietEligible": false }, { "path": ".claude/skills/autopus/idea.md", "currentPurpose": "Multi-provider idea discussion and brainstorm via orchestra engine. 507 lines covering /auto idea CLI, clarification ledger, BS file creation, 5-step pipeline, SCAMPER/HMW/ICE scoring, orchestra Round 2 wait.", "problem": "507 lines. The Clarification Ledger Contract section (detailed table schema and weight scoring) and the BS file format template are stable reference content that could be extracted, keeping the skill lean. Also has a name-level trigger collision with brainstorming.md on 'brainstorm idea' and '아이디어 발산'.", "evidence": "507 lines. Triggers include 'brainstorm idea' and '아이디어 발산' — same tokens appear in brainstorming.md triggers ('brainstorm', 'brainstorming', '아이디어', '발산'). Both skills would fire on 'brainstorm 아이디어'. The Clarification Ledger alone is ~40 lines of table schema.", "recommendation": "SPLIT", "moveTarget": ".claude/skills/autopus/idea.md (lean: usage, flags, storage rules, pipeline steps ~200 lines) + .claude/skills/autopus/idea-reference.md (clarification ledger schema, BS format, full orchestra patterns)", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/skills/autopus/brainstorming.md", "currentPurpose": "Free-form creative idea generation using SCAMPER, HMW, Crazy 8s, ICE scoring. 70 lines. Generic brainstorming methodology not tied to the /auto pipeline.", "problem": "Trigger collision with idea.md and with the enabled superpowers plugin skill also named 'brainstorming'. Superpowers brainstorming description says 'You MUST use this before any creative work' — a very broad trigger that already fires on the same tokens. The autopus brainstorming skill adds no /auto-pipeline-specific behavior not already covered by idea.md (which calls SCAMPER and ICE internally) or the superpowers skill.", "evidence": "brainstorming.md triggers: 'brainstorm', 'brainstorming', '아이디어', '발산', '창의'. Superpowers plugin skill name is also 'brainstorming' (identical name). idea.md covers SCAMPER and ICE in its pipeline. Three-way collision: autopus brainstorming + superpowers brainstorming + autopus idea all fire on 'brainstorm'.", "recommendation": "DELETE", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove from ADK template so /auto sync does not reinstall it; or suppress via autopus.yaml skill exclusion if that config surface exists", "autoDietEligible": false }, { "path": ".claude/skills/autopus/refactoring.md", "currentPurpose": "Safe refactoring patterns (Extract Function/Interface, Strangler Fig, dead code removal, checklist). 117 lines.", "problem": "Trigger collision with ast-refactoring.md on 'refactor', 'refactoring', '리팩토링'. Both skills fire on the same tokens. ast-refactoring.md is a subset (Go AST tooling) while refactoring.md is the general strategy. Redundant pattern content: both contain Extract Function and Extract Interface Go examples with near-identical code snippets.", "evidence": "Both files list triggers: 'refactor', 'refactoring', '리팩토링'. Both contain Extract Function Go example (processOrder pattern — near-identical). refactoring.md 117 lines; ast-refactoring.md 93 lines. Distinct content: refactoring.md has Strangler Fig + Branch by Abstraction + dead code removal; ast-refactoring.md has gorename/gofmt -r/gomv tooling unique to Go AST.", "recommendation": "CONVERT", "moveTarget": "Merge ast-refactoring.md unique content (AST tooling section) into refactoring.md as a 'Go AST Tools' subsection; delete ast-refactoring.md as a standalone skill. Triggers in the merged file stay as-is.", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — merge must happen in ADK templates", "autoDietEligible": false }, { "path": ".claude/skills/autopus/ast-refactoring.md", "currentPurpose": "AST-based safe code refactoring using Go tools (gorename, gofmt -r, gomv). 93 lines.", "problem": "Same trigger tokens as refactoring.md causing both to fire simultaneously. The Go AST tooling content is the only distinct value; all other content (Extract Function, checklist, principles) duplicates refactoring.md.", "evidence": "Triggers identical to refactoring.md: 'refactor', 'refactoring', '리팩토링'. Extract Function example is near-identical to refactoring.md version. Unique value: gorename, gofmt -r, gomv tool commands (~15 lines).", "recommendation": "DELETE", "moveTarget": "Unique AST tooling content (gorename/gofmt -r/gomv section) should be absorbed into refactoring.md before deletion", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template", "autoDietEligible": false }, { "path": ".claude/skills/autopus/tdd.md", "currentPurpose": "TDD methodology: RED-GREEN-REFACTOR cycle, Go test patterns, table-driven tests, 85% coverage goal. 105 lines.", "problem": "Near-duplicate of the enabled superpowers plugin skill 'test-driven-development'. Superpowers version has broader description ('Use when implementing any feature or bugfix, before writing implementation code') and is platform-official. autopus tdd.md adds Go-specific table-driven test pattern and 85% coverage threshold, but these are minor additions that could live in a project-level tech.md rather than a parallel skill.", "evidence": "superpowers 'test-driven-development' SKILL.md confirmed enabled. autopus triggers: 'tdd', 'test-driven', '테스트 주도', 'red green refactor'. Superpowers description triggers on any 'implementing any feature or bugfix'. Functional overlap: both define RED-GREEN-REFACTOR. Unique in autopus: Go table-driven pattern, `go test -race` command, 85% coverage number.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce to Go-specific additions only (~30 lines), removing content that duplicates the superpowers TDD skill", "autoDietEligible": false }, { "path": ".claude/skills/autopus/verification.md", "currentPurpose": "Post-implementation quality gate: functional verification, automated gate commands, LSP check, acceptance criteria confirmation, regression check. 101 lines.", "problem": "Trigger collision with frontend-verify.md on 'verify'. Also closely mirrors the enabled superpowers 'verification-before-completion' skill. The autopus version adds Go-specific gate commands (go test -race, golangci-lint) but the overall flow duplicates the superpowers skill. Additionally, the 'verify' trigger also fires for frontend-verify.md.", "evidence": "verification.md triggers: 'verify', 'verification', '검증', 'quality gate', '품질 게이트'. frontend-verify.md triggers: 'verify', 'frontend-verify', 'ux-verify', '프론트엔드 검증'. Both fire on bare 'verify'. superpowers 'verification-before-completion' description: 'Use when about to claim work is complete...requires running verification commands'. Functional overlap is substantial.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — rename trigger from 'verify' to 'quality gate' or 'acceptance verification' to avoid collision with frontend-verify.md; slim body to Go gate commands only", "autoDietEligible": false }, { "path": ".claude/skills/autopus/frontend-verify.md", "currentPurpose": "5-phase frontend UX verification pipeline using Claude Vision and Playwright. 180 lines.", "problem": "Trigger collision with verification.md on 'verify'. The trigger 'verify' is too generic — it will fire for any verification request, not just frontend UX verification. The skill itself is well-scoped and valuable; the problem is the broad trigger.", "evidence": "frontend-verify.md triggers: 'verify', 'frontend-verify', 'ux-verify', '프론트엔드 검증', '비주얼 검증', 'UX 검증'. verification.md also triggers on 'verify'. Bare 'verify' is ambiguous between backend quality gate and frontend UX check.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove bare 'verify' from triggers; keep 'frontend-verify', 'ux-verify', '프론트엔드 검증', '비주얼 검증' which are precise", "autoDietEligible": false }, { "path": ".claude/skills/autopus/worktree-isolation.md", "currentPurpose": "Pipeline-context worktree isolation for parallel executor agents: isolation: worktree in Agent() calls, merge strategy, conflict resolution. 216 lines.", "problem": "Trigger collision with git-worktrees.md on 'worktree' and '워크트리'. git-worktrees.md is a manual git command reference; worktree-isolation.md is an automated pipeline skill. Both fire on bare 'worktree'. Additionally, the rule .claude/rules/autopus/worktree-safety.md (74 lines, globally injected) covers GC suppression, retry strategy, and cleanup — content that partially overlaps worktree-isolation.md's safety section.", "evidence": "worktree-isolation.md triggers: 'worktree', 'isolation', '워크트리', '격리', 'parallel agent'. git-worktrees.md triggers: 'worktree', 'git worktree', '워크트리', '병렬 브랜치'. Both fire on 'worktree'. worktree-safety rule (globally loaded) covers gc.auto=0, retry backoff, cleanup — same domain as worktree-isolation.md safety rules.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove bare 'worktree' and '워크트리' triggers, keeping 'isolation', '격리', 'parallel agent' which are specific to the pipeline context. Also remove content that duplicates worktree-safety.md rule", "autoDietEligible": false }, { "path": ".claude/skills/autopus/git-worktrees.md", "currentPurpose": "Manual git worktree CLI reference: create, list, remove, agent isolation patterns, cleanup scripts. 92 lines.", "problem": "Trigger collision with worktree-isolation.md on 'worktree', '워크트리'. Also partially duplicated by the enabled superpowers plugin skill 'using-git-worktrees'. Superpowers version description: 'Use when starting feature work that needs isolation... via native tools or git worktree fallback'. git-worktrees.md content (basic git commands, agent isolation bash) is largely covered by the superpowers skill.", "evidence": "git-worktrees.md triggers: 'worktree', 'git worktree', '워크트리', '병렬 브랜치'. superpowers 'using-git-worktrees' confirmed enabled. git-worktrees.md has a cleanup script and Korean-specific context not in superpowers. Agent isolation pattern (agent/backend-$(date +%s) worktrees) is autopus-pipeline-specific value.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove content duplicating superpowers using-git-worktrees; retain only the agent-isolation bash pattern and cleanup script that are autopus-specific", "autoDietEligible": false }, { "path": ".claude/skills/autopus/debugging.md", "currentPurpose": "Systematic debugging: reproduce-first principle, 5-step process (reproduce, isolate, hypothesize, fix, verify). 98 lines.", "problem": "Near-duplicate of enabled superpowers plugin skill 'systematic-debugging' ('Use when encountering any bug, test failure, or unexpected behavior'). Both define a reproduce-first systematic process. Triggers 'debug', 'bug', 'error', '버그', '에러' are extremely broad.", "evidence": "debugging.md triggers include 'bug', 'error', '에러' — any error mention would trigger this. superpowers 'systematic-debugging' confirmed enabled with description covering same domain. Functional overlap: both emphasize reproduce-first, root cause analysis, minimal fix. Unique in autopus: Korean language, concise 98 lines.", "recommendation": "DELETE", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — the superpowers systematic-debugging plugin covers this domain; retain only if autopus-specific debugging patterns (e.g. auto fix pipeline integration) are needed", "autoDietEligible": false }, { "path": ".claude/skills/autopus/subagent-dev.md", "currentPurpose": "Subagent design, agent definition YAML frontmatter, orchestration patterns, parallel execution. 131 lines.", "problem": "Significant overlap with enabled superpowers skills: 'subagent-driven-development' and 'dispatching-parallel-agents'. Superpowers subagent-driven-development covers plan execution with fresh subagents and two-stage review; dispatching-parallel-agents covers independent parallel tasks. autopus subagent-dev.md adds agent frontmatter field documentation (name, description, tools, model) which is implementation reference, not a workflow guide.", "evidence": "subagent-dev.md triggers: 'subagent', '서브에이전트', 'agent development', '에이전트 개발', 'orchestration'. superpowers 'dispatching-parallel-agents' description: 'Use when facing 2+ independent tasks that can be worked on without shared state'. superpowers 'subagent-driven-development': 'Use when executing implementation plans with independent tasks'. Unique in autopus: agent .md frontmatter field table with types and defaults.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce to Claude Code agent frontmatter reference only (~30 lines); remove orchestration workflow content duplicated by superpowers skills", "autoDietEligible": false }, { "path": ".claude/skills/autopus/lore-commit.md", "currentPurpose": "Lore commit message format guide, trailer tags, auto check integration. 99 lines.", "problem": "Content is a near-exact subset of .claude/rules/autopus/lore-commit.md (50 lines globally injected every session). The rule already defines the format, trailer tags, types, and the 'auto check --lore' validation. The skill adds one worked example and a note that Why/Decision/Alternatives are legacy — minor additions that could be folded into the rule or eliminated.", "evidence": "lore-commit.md rule (50 lines, globally loaded): defines format, types table, all trailer fields, sign-off rule, NEVER Co-Authored-By. lore-commit skill (99 lines): same format, same trailer fields, same types table, same auto check command. Unique in skill: worked example commit, note that Why/Decision/Alternatives are legacy. Duplicate: entire structure section.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce skill to the worked example only (~25 lines) or delete it entirely since the rule is globally loaded; alternatively move legacy note into the rule", "autoDietEligible": false }, { "path": ".claude/skills/autopus/writing-skills.md", "currentPurpose": "Technical documentation and Claude Code skill/agent authoring guide. 154 lines.", "problem": "Name and purpose collision with the enabled superpowers plugin skill also named 'writing-skills' ('Use when creating new skills, editing existing skills, or verifying skills work before deployment'). Two skills with the same name 'writing-skills' exist simultaneously — the skill selection system will face ambiguity.", "evidence": "autopus writing-skills.md name: 'writing-skills'. superpowers writing-skills SKILL.md name: 'writing-skills'. Both confirmed. superpowers description covers skill creation/editing/verification. autopus version adds Korean authoring conventions and API docs/README guidance beyond skill authoring. Name collision is direct.", "recommendation": "CONVERT", "moveTarget": "Rename to 'tech-docs' or 'doc-authoring' to avoid name collision; retain the Korean convention and README/API documentation content that superpowers writing-skills does not cover", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — rename in template so /auto sync does not re-introduce the collision", "autoDietEligible": false }, { "path": ".claude/skills/autopus/testing-strategy.md", "currentPurpose": "Integration/E2E/contract test strategy and test pyramid. 146 lines.", "problem": "Trigger token 'testing strategy' and 'integration test' are reasonably precise, but the file contains a QAMESH source guidance section (lines ~76-86) that references auto qa init, auto qa plan, auto qa run, auto qa release — commands that are part of a QA subsystem distinct from the test strategy methodology. This embedded operational guidance is out of place and will trigger the skill even for non-QA contexts.", "evidence": "Lines 76-86 contain 9 bullet points referencing 'auto qa init', 'auto qa plan', 'auto qa run', 'auto qa explore', 'auto qa release', 'auto qa evidence', 'auto qa feedback', 'auto canary' — an entire QAMESH operational reference embedded in what is otherwise a test pyramid methodology skill. This section belongs in a QA operations reference, not a testing strategy skill.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — extract QAMESH operational guidance section to a dedicated qa-operations.md reference skill or to the auto SKILL.md qa subcommand section", "autoDietEligible": false }, { "path": ".claude/skills/autopus/browser-automation.md", "currentPurpose": "Terminal-environment-aware browser automation via cmux browser or agent-browser. 340 lines.", "problem": "340 lines — over the warning threshold. The file contains two parallel command reference tables (cmux and agent-browser) for every single action, which doubles the content. The operational reference sections (navigation, interaction, state check, viewport, cookies) are highly repetitive. The enabled playwright plugin and playwright-cli.md skill cover a different but overlapping use case (E2E testing). Trigger 'browser' is broad and may fire for web fetch requests unrelated to browser automation.", "evidence": "340 lines. Lines 50-245 are dual command tables covering the same 8 action categories twice (cmux vs agent-browser). playwright plugin is enabled and playwright-cli.md exists (206 lines). Trigger 'browser' and 'browse' are generic. Unique value: auto terminal detect auto-selection logic and cmux surface management.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — extract dual command tables to a compact lookup table format; move lengthy 'patterns' section to a reference appendix; remove 'browser' and 'browse' bare triggers in favor of 'browser automation', 'cmux browser', 'agent-browser'", "autoDietEligible": false }, { "path": ".claude/skills/autopus/playwright-cli.md", "currentPurpose": "playwright-cli tool usage: form input, screenshot, test generation, session management. 206 lines.", "problem": "Overlaps with browser-automation.md (both cover browser interactions) and with the enabled playwright plugin. Trigger 'playwright' likely fires on the playwright MCP plugin too. The playwright-cli skill is specific to the playwright-cli npm tool — this is distinct enough to justify a separate skill, but the overlap with browser-automation.md on '웹 자동화' trigger is a problem.", "evidence": "playwright-cli.md triggers: 'playwright', 'playwright-cli', '폼 입력', '스크린샷', '웹 자동화'. browser-automation.md triggers: '웹 테스트', 'UI 확인'. playwright MCP plugin enabled. Both playwright-cli and browser-automation describe browser interaction workflows. '웹 자동화' is shared domain.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove '웹 자동화' trigger from playwright-cli.md to reduce overlap with browser-automation.md; otherwise keep as distinct playwright-cli command reference", "autoDietEligible": false }, { "path": ".claude/skills/autopus/planning.md", "currentPurpose": "Feature planning and requirements analysis skill: What/Why/Who/When, visual description, EARS format, plan.md structure. 130 lines.", "problem": "Trigger 'plan', 'planning', 'feature' are very broad — they overlap with the /auto SKILL.md 'plan' subcommand routing and with the enabled superpowers 'writing-plans' skill ('Use when you have a spec or requirements for a multi-step task'). The autopus planning skill covers the SPEC/EARS planning workflow; superpowers writing-plans covers the broader planning artifact. Both fire on 'plan'.", "evidence": "planning.md triggers: 'plan', 'planning', '기획', '요구사항', 'feature'. superpowers 'writing-plans' confirmed enabled with description triggering on spec/requirements/multi-step tasks. /auto SKILL.md routes 'plan' as a subcommand. Triple collision on 'plan' token.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — narrow triggers to EARS-specific terms: 'ears requirements', 'spec planning', 'requirements analysis', '요구사항 분석'; remove generic 'plan', 'planning', 'feature'", "autoDietEligible": false }, { "path": ".claude/skills/autopus/review.md", "currentPurpose": "Code review skill using TRUST 5 criteria: checklist, automated gates, UI design context, output format. 117 lines.", "problem": "Trigger 'review' and '리뷰' are extremely broad. The enabled 'code-review' plugin and superpowers 'requesting-code-review'/'receiving-code-review' skills also handle review flows. The autopus review.md is the most comprehensive (TRUST 5 checklist + @AX compliance + UI Design Context gate) and is the correct skill for the reviewer agent, but the bare 'review' trigger will compete with plugin skills.", "evidence": "review.md triggers: 'review', 'code review', '리뷰', '코드 검토', 'PR 검토'. 'code-review' plugin enabled (in settings.json). superpowers 'requesting-code-review' and 'receiving-code-review' confirmed enabled. Bare 'review' fires on all three. autopus review.md has unique TRUST 5 + @AX + UI Design Context content not present in superpowers versions.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove bare '리뷰' trigger; keep 'code review', 'TRUST 5', '코드 검토', 'PR 검토' which are precise. Content is unique and should be kept.", "autoDietEligible": false } ], "summary": "Skills audit found 19 findings across 45 skill files. No new rules are recommended — this is a shrink/consolidate audit only. Key problem clusters: (1) Trigger token collisions — 8 skill pairs share ambiguous trigger tokens that cause both skills to activate on the same user input: verify (verification + frontend-verify), refactor/refactoring (refactoring + ast-refactoring), worktree (worktree-isolation + git-worktrees), pipeline (agent-pipeline + ci-cd), brainstorm/아이디어 (idea + brainstorming), plan (planning + SKILL.md /auto subcommand + superpowers writing-plans). (2) Enabled superpowers plugin duplicates — 6 autopus skills have substantial overlap with the installed superpowers plugin (5.1.0): brainstorming (identical name collision), tdd vs test-driven-development, debugging vs systematic-debugging, verification vs verification-before-completion, git-worktrees vs using-git-worktrees, subagent-dev vs subagent-driven-development/dispatching-parallel-agents; plus writing-skills has an identical name collision with superpowers writing-skills. (3) Size/split candidates — 3 files exceed maintainable size as single skills: auto/SKILL.md (2813 lines), agent-pipeline.md (654 lines), idea.md (507 lines). (4) Rule duplication — lore-commit.md skill duplicates content from the globally-loaded lore-commit.md rule; the skill should be reduced to a worked example only. (5) QAMESH operational guidance is misplaced in testing-strategy.md. All findings are ADK-generated with realFixLocation pointing to ADK source/template — editing installed copies will be overwritten by /auto sync." }, "productOverlap": { "scopeNotes": "Product overlap audit for /home/lucas. Scope: harness skills/rules/agents vs. native Claude Code capabilities and enabled plugins (superpowers 5.1.0, code-review, frontend-design, playwright MCP, skill-creator, context7 MCP plugin). Files read: all 13 .claude/rules/autopus/*.md, representative skills from both .claude/skills/autopus/ and .claude/plugins/cache/claude-plugins-official/superpowers/5.1.0/skills/, code-review command, frontend-design skill, playwright MCP config, skill-creator skill. Wiring checked via grep on SKILL.md and agent frontmatter skills: fields. Multi-platform duplication (.codex/, .gemini/) confirmed but files not individually read — same content assumed per ADK provenance. Absent scope targets: .claude/workflows/ (does not exist), .cursor/rules/ (does not exist). Read-only audit — no files modified.", "findings": [ { "path": ".claude/skills/autopus/git-worktrees.md", "currentPurpose": "Generic git worktree command reference and agent isolation pattern guide (92 lines, Korean)", "problem": "Fully duplicated by superpowers:using-git-worktrees (216-line skill with native EnterWorktree/ExitWorktree tool awareness, submodule guard, .gitignore safety check, baseline test verification). Autopus version adds no pipeline-specific logic. Not @-included in SKILL.md. Not declared in any agent skills: field. Orphan. Also triplicated across .codex/ and .gemini/.", "evidence": "superpowers using-git-worktrees covers: native tool detection (EnterWorktree), submodule guard, directory priority, .gitignore verification, sandbox fallback, baseline test run. autopus git-worktrees.md covers: basic git worktree commands, agent isolation pattern, cleanup script. The autopus content is a subset of the superpowers skill with no unique delta. Grep of SKILL.md and agent files found zero @-include or skills: references to git-worktrees.", "recommendation": "DELETE", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove from template so next /auto sync does not recreate it. Also remove from .codex/ and .gemini/ copies.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/tdd.md", "currentPurpose": "RED-GREEN-REFACTOR TDD methodology guide with Go table-driven test examples (106 lines). Injected into executor, tester, debugger, deep-worker agents via skills: field. @-included in SKILL.md /auto go pipeline.", "problem": "superpowers:test-driven-development is a more robust, rationalization-hardened version of the same skill (372 lines, includes Iron Law, Red Flags table, rationalization table, Common Mistakes, real examples, multiple language patterns). The autopus version adds only: Go-specific test function template, Korean trigger keywords, and a 85%-coverage hard threshold. The superpowers skill auto-triggers on 'implementing any feature or bugfix' descriptions. Both coexist, causing ambiguity about which skill governs TDD behavior.", "evidence": "superpowers TDD has: Iron Law block, Verify RED/GREEN mandatory steps, rationalization table (10+ entries), Red Flags list, bug fix example in TypeScript, integration with verification-before-completion. autopus tdd.md has: 3-phase outline, Go table-driven test template, 4-item checklist, 85% coverage target. The Go template and coverage threshold are the unique delta. Both skills are active simultaneously — executor agent loads autopus tdd.md via skills: field, while superpowers:tdd auto-triggers separately.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — shrink to a Go-specific extension doc that defers to superpowers:test-driven-development for core TDD discipline and adds only the Go test template + 85% coverage threshold. Remove the procedural narrative that duplicates the superpowers skill.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/debugging.md", "currentPurpose": "Systematic debugging process with Go toolchain examples (98 lines). @-included in SKILL.md /auto fix pipeline. Declared in executor, debugger, deep-worker agent skills: fields.", "problem": "superpowers:systematic-debugging (299 lines) covers the same 4-phase process (reproduce, pattern, hypothesis, implementation) with significantly more depth: multi-component evidence gathering, 3-fix architectural escalation, rationalization table (8 entries), Red Flags list, and integration with TDD and verification-before-completion. The autopus version adds only Go-specific toolchain commands (go test -race, pprof) and Korean triggers.", "evidence": "superpowers systematic-debugging: 4 phases, Iron Law, multi-layer diagnostic instrumentation example, Phase 4 architectural escalation after 3 failed fixes, rationalization table, Red Flags list, supporting technique references. autopus debugging.md: 4 steps, same structure but abbreviated (98 lines vs 299), Go-specific commands (go test -race, go test -cpuprofile), 6-item checklist. The Go commands are the unique delta.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce to a Go-specific extension that defers to superpowers:systematic-debugging for core discipline, retaining only the Go toolchain commands (race detector, pprof) as project-specific tooling context.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/verification.md", "currentPurpose": "Post-implementation quality gate verification with Go/multi-stack commands (101 lines). Declared in reviewer, tester, validator, debugger, deep-worker, ux-validator agent skills: fields.", "problem": "superpowers:verification-before-completion (140 lines) addresses the same discipline: run verification commands before claiming completion. The superpowers skill focuses on the behavioral discipline (Iron Law, rationalization prevention, Red Flags). The autopus version focuses on the toolchain commands and output format. Partial overlap — different emphasis but trigger conditions are nearly identical ('about to claim work is complete').", "evidence": "superpowers verification-before-completion: Iron Law, Gate Function 5-step process, Common Failures table (7 entries), Red Flags list, rationalization table (6 entries), coverage of agent delegation verification. autopus verification.md: 5-step process, Go quality gate bash script (go test -race, golangci-lint, coverage), multi-stack table (Go/Python/TS/Rust), verification report template. The stack-specific commands and structured report format are genuine unique delta not covered by superpowers.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "medium", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — the behavioral discipline sections (steps 1-3 of current content) duplicate superpowers; shrink to toolchain commands table and report format only, with explicit deference to superpowers:verification-before-completion for the Iron Law.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/brainstorming.md", "currentPurpose": "Idea generation using SCAMPER, HMW, ICE scoring — 70 lines. Declared in planner agent skills: field.", "problem": "superpowers:brainstorming (165 lines) is a full design-before-coding workflow with a HARD-GATE (no implementation until design is presented and approved), 9-step checklist, visual companion offer, spec self-review, and explicit chain to writing-plans skill. The autopus version is a diverge/converge framework for idea generation only — it lacks the design gate and implementation hand-off protocol that the superpowers skill enforces. The two skills have different purposes: autopus is creative ideation; superpowers is design discipline. However, the planner agent's use of the autopus version means it misses the design gate enforcement.", "evidence": "superpowers brainstorming: HARD-GATE block, 9-step ordered checklist (context → visual → questions → approaches → design → write doc → self-review → user review → invoke writing-plans), graphviz flowchart, mandatory design doc commit to docs/superpowers/specs/. autopus brainstorming.md: SCAMPER technique, HMW, Crazy 8s, ICE scoring, Dot Voting, output format template. No design gate, no mandatory doc write, no hand-off protocol. planner agent uses autopus brainstorming.md via skills: field.", "recommendation": "CONVERT", "moveTarget": "Retain as ideation-techniques reference; add explicit deference to superpowers:brainstorming for the design gate workflow when the planner agent is driving feature design.", "changeRisk": "medium", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — either replace planner skills: brainstorming reference with superpowers:brainstorming, or convert autopus brainstorming.md into an ideation-techniques appendix that the superpowers skill can reference for creative methods.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/writing-skills.md", "currentPurpose": "Guide for writing Claude Code skills and technical documentation — SKILL.md frontmatter fields, templates for README/API docs/design docs (154 lines).", "problem": "superpowers:writing-skills (656 lines) is a comprehensive TDD-based skill authoring methodology with: Iron Law, RED-GREEN-REFACTOR cycle for documentation, CSO (Claude Search Optimization) with detailed description guidance, rationalization tables, Red Flags, testing methodology for different skill types, anti-patterns. skill-creator plugin (also enabled) adds benchmark/eval tooling. The autopus version covers the same SKILL.md frontmatter fields but with less depth and no testing methodology. Not @-included in SKILL.md. Not in any agent skills: field. Orphan. Additionally, the two skills share the exact same name ('writing-skills'), causing direct namespace collision.", "evidence": "superpowers writing-skills: 656 lines, TDD mapping table for skills, CSO section (critical description-vs-workflow distinction that affects skill loading behavior), 5 skill type testing methodologies, Iron Law, rationalization table (8 entries), deployment checklist. autopus writing-skills.md: 154 lines, frontmatter field table, README/API/design-doc templates, writing principles. Name collision confirmed: both have name: writing-skills in frontmatter. Grep confirmed no @-include or agent skills: reference to autopus writing-skills.", "recommendation": "DELETE", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove from template. The skill-creator plugin and superpowers:writing-skills together cover this scope. The name collision alone is a bug.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/review.md", "currentPurpose": "TRUST 5 code review criteria with automated gate commands (117 lines). @-included in SKILL.md /auto review pipeline. Declared in reviewer agent skills: field.", "problem": "code-review plugin provides a PR-level review command that dispatches 5 parallel Sonnet agents + confidence-scored filtering. autopus review.md contains the TRUST 5 rubric (@AX compliance, file size limits, UI Design Context gate) that are autopus-specific and not covered by the generic code-review plugin. The overlap exists only in the general 'check for bugs' scope; the TRUST 5 + @AX + pipeline gate semantics are unique to autopus. The code-review plugin is a /command (triggered explicitly); autopus review.md is an @-included skill in the /auto review pipeline. These are complementary, not duplicates.", "evidence": "code-review plugin command: 5 parallel agents checking CLAUDE.md compliance, bugs, git history, prior PR comments, code comments; score threshold 80; no TRUST 5 rubric. autopus review.md: TRUST 5 table (Tested/Readable/Unified/Secured/Trackable), @AX compliance check, file size gate, UI Design Context gate, APPROVE/REQUEST_CHANGES/REJECT verdicts. @-include confirmed at SKILL.md line 2262. Reviewer agent loads it via skills: field.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".claude/skills/autopus/frontend-skill.md", "currentPurpose": "Art direction and visual design guidelines for landing pages, apps, prototypes — visual thesis, UX Intelligence Pass, layout anti-patterns (239 lines).", "problem": "frontend-design plugin provides a similar creative design guide (42 lines) focused on bold aesthetic direction. The autopus version is substantially deeper (239 vs 42 lines) and includes a UX Intelligence Pass with Design Discovery Matrix, palette roles, responsive breakpoints, component guardrails — content the plugin lacks. However, frontend-skill is not @-included in SKILL.md and not declared in any agent skills: field. Orphan. It duplicates frontend-design plugin intent at a higher level of detail but is not wired into any active pipeline path.", "evidence": "frontend-design plugin: design thinking section, aesthetic guidelines (typography, motion, backgrounds), 42 lines — activation on 'build web components, pages, or applications'. autopus frontend-skill.md: Visual thesis + content plan + interaction thesis framework, UX Intelligence Pass (Design Discovery Matrix table, palette roles, typography hierarchy, 14 component guardrails, responsive breakpoints), 239 lines. Not found in any @-include or agent skills: via grep. Orphaned skill competing with the active plugin.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — either wire into frontend-specialist agent skills: field to make it active, or reduce to just the UX Intelligence Pass checklist (the unique delta over the plugin) and convert into a reference appendix rather than a standalone skill competing for the same trigger conditions.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/playwright-cli.md", "currentPurpose": "playwright-cli CLI command reference for browser automation (206 lines). Not @-included in SKILL.md. Not in any agent skills: field.", "problem": "The playwright plugin (enabled) wires @playwright/mcp as an MCP server — providing native browser_* tools (browser_navigate, browser_click, browser_type, browser_snapshot etc.) through the MCP protocol rather than a CLI binary. The two target different backends: playwright-cli covers the playwright-cli npm binary; the plugin covers the playwright MCP server. They are not interchangeable. However, playwright-cli.md is an orphan (not wired in any pipeline path). The browser-automation.md skill (which IS @-included in SKILL.md) references Playwright as one of three backends but defers to auto terminal detect.", "evidence": "playwright plugin .mcp.json: {playwright: {command: npx, args: [@playwright/mcp@latest]}} — MCP server mode. playwright-cli.md: playwright-cli open/goto/click/type/screenshot CLI commands, snapshot refs (e3, e15), session management. browser-automation.md (the active skill at SKILL.md line 1848) handles tool selection via auto terminal detect and references Playwright only for E2E suites. Grep confirmed playwright-cli.md has no @-include or agent skills: reference.", "recommendation": "CONVERT", "moveTarget": "Merge playwright-cli command reference into browser-automation.md as a 'Playwright MCP vs playwright-cli' comparison section, since browser-automation.md is the active skill and currently lacks playwright-cli-specific command reference.", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — merge playwright-cli command table into browser-automation.md template; remove standalone playwright-cli.md.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/subagent-dev.md", "currentPurpose": "Subagent definition authoring guide — frontmatter fields, permission modes, orchestration patterns, Agent Teams mode (131 lines). Declared in architect agent skills: field.", "problem": "superpowers:dispatching-parallel-agents covers the dispatch decision (when to use, how to craft agent prompts, integration). subagent-dev.md covers agent definition authoring (how to write .claude/agents/*.md files with correct frontmatter). The superpowers skill does not cover the Claude Code 2.0+ agent definition format. These are complementary, not duplicates — dispatching-parallel-agents is a runtime dispatch guide; subagent-dev.md is an authoring guide for agent definition files.", "evidence": "superpowers dispatching-parallel-agents: when/don't-use decision flow, prompt structure template, fan-out/fan-in pattern, review-and-integrate step, real example (6 test failures across 3 files). autopus subagent-dev.md: frontmatter field table (name, description, tools, model, permissionMode, maxTurns, skills, isolation, background, memory), permission mode table, orchestration patterns (Fan-Out/Fan-In, Pipeline, Supervisor), Agent Teams mode with TeamCreate/SendMessage. These address different layers. Unique to autopus: the permissionMode table (acceptEdits, plan, dontAsk, bypassPermissions) and isolation: worktree field documentation.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".claude/skills/autopus/worktree-isolation.md", "currentPurpose": "Pipeline-specific worktree isolation: file ownership conflict algorithm, Phase 2.1 batch merge, slot cap (5), GC suppression, branch naming convention (216 lines). @-included in SKILL.md (go pipeline line 877). Referenced in SKILL.md line 1174 for --team mode.", "problem": "superpowers:using-git-worktrees covers generic worktree setup and native EnterWorktree tool detection. worktree-isolation.md covers autopus pipeline-specific logic: isolation: worktree Agent() call parameter, file ownership conflict detection algorithm (prefix containment + glob intersection), Phase 2.1 merge ordering, slot cap enforcement, branch naming convention worktree/{SPEC-ID}/{task-id}. These are different in scope and not duplicates.", "evidence": "superpowers using-git-worktrees: Step 0 detection, native tool preference (EnterWorktree), git worktree add fallback, directory selection priority, .gitignore safety. autopus worktree-isolation.md: R1 isolation: worktree parameter, R2 conflict detection algorithm with 4-row example table, R3 lifecycle (agent return values, Phase 2.1 merge sequence), R4 merge conflict abort, R5 GC suppression + shared resource lock retry table, R7 branch naming. @-include confirmed at SKILL.md lines 877 and 1174.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".claude/rules/autopus/worktree-safety.md", "currentPurpose": "Global rule (injected every session) for git worktree safety: prohibited commands during parallel execution, GC suppression flag, retry strategy, cleanup protocol, 5-worktree concurrent limit (74 lines).", "problem": "Content overlaps significantly with worktree-isolation.md (the lazy-loaded skill) and superpowers:using-git-worktrees. The GC suppression, retry backoff table, failure cleanup, and 5-worktree cap are all already in worktree-isolation.md which is @-included when needed. Injecting this as a global rule means every solo coding session carries 74 lines of multi-agent pipeline rules that are never triggered. Also triplicated in .codex/ and .gemini/.", "evidence": "worktree-safety.md lines 14-18: prohibited commands (git gc, prune, repack); lines 22-26: gc.auto=0 suppression; lines 30-48: retry backoff (3s/6s/12s); lines 50-56: cleanup on exhaustion; lines 58-66: failure cleanup; lines 68-72: 5-worktree limit. All of this is restated in worktree-isolation.md R5 (lines 154-184). Injected globally vs. loaded on demand.", "recommendation": "MOVE", "moveTarget": ".claude/skills/autopus/worktree-isolation.md (content already there; rule can be deleted and relied on via the skill @-include)", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove worktree-safety.md from rules/ template (it is superseded by worktree-isolation.md which is @-included in the pipeline). The unique safety rules can be preserved in worktree-isolation.md.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/context7-docs.md", "currentPurpose": "Global rule (148 lines, injected every session) mandating Context7 MCP doc fetch before library work: when to fetch, 4-step procedure, token budget table, caching protocol, error handling, anti-patterns.", "problem": "The context7 MCP plugin is registered in .mcp.json and enabled as a plugin, and its system-reminder instructions already tell Claude to 'fetch current documentation whenever the user asks about a library.' The generic fetch procedure and token budget tables in the rule are covered by the MCP system prompt. The unique residual value is the subagent-injection contract: 'subagents cannot call MCP tools — the main session MUST fetch and inject docs into subagent prompts.' This is not covered by the MCP system-reminder and is load-bearing for the /auto go pipeline. However, 120+ of the 148 lines are procedural fetch algorithm content duplicated by the MCP.", "evidence": "MCP system-reminder (observed in this session): 'Use this server to fetch current documentation whenever the user asks about a library... Use even when you think you know the answer.' context7-docs.md lines 1-30: when to fetch (covered by MCP). Lines 31-90: 4-step fetch procedure (covered by MCP). Lines 91-110: token budget table (not covered but generic). Lines 111-130: caching rules (not covered but low-value). Lines 131-148: subagent-injection format + SPEC metadata requirement (unique and load-bearing). Lines 149-165: error handling (partially covered by MCP 'Do not block the pipeline on Context7 failures').", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — shrink to ~30 lines retaining only: (1) subagent-injection contract, (2) Phase 1.8 reference, (3) SPEC Technology Stack Decision metadata requirement, (4) anti-pattern list. Remove the fetch procedure (covered by MCP), token budget table (generic), and caching algorithm.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/deferred-tools.md", "currentPurpose": "Global rule (70 lines, injected every session) for loading deferred tool schemas via ToolSearch before use, with trigger point table and anti-patterns.", "problem": "Claude Code's own session management now handles deferred tool schema loading natively via a system-reminder mechanism. The rule exists to work around the degraded UI symptom (AskUserQuestion renders as plain text). This is a runtime platform behavior that the rule cannot fully substitute — if the platform degrades, reading the rule doesn't fix the schema loading. The degraded UI detection and recovery section (lines 56-65) remains genuinely useful as a behavioral instruction. The trigger points table provides load-bearing /auto pipeline-specific context (which tool to preload at which gate). Partially load-bearing.", "evidence": "deferred-tools.md: lines 1-25 (detection and rule) partially overlap with system-reminder behavior. Lines 27-50 (trigger points table: AskUserQuestion for triage/gate1, TeamCreate+SendMessage for --team, TaskCreate for long-running, WebSearch for phase 1.8 fallback) are pipeline-specific and not covered by the platform. Lines 51-65 (degraded UI detection and recovery) are unique behavioral instructions. Full removal would leave the pipeline without explicit trigger-point guidance. The platform applies deferred loading on its own but does not instruct Claude which tool to preload at which pipeline gate.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — shrink to trigger points table + degraded UI recovery section (~25 lines). Remove the Detection/Rule boilerplate that restates platform behavior.", "autoDietEligible": false }, { "path": ".claude/skills/autopus/agent-pipeline.md", "currentPurpose": "5-Phase multi-agent pipeline orchestration skill (654 lines) — the default /auto go execution engine with phase definitions, permission mode detection, worktree isolation, agent spawning protocol.", "problem": "superpowers:dispatching-parallel-agents covers the parallel dispatch pattern conceptually. However, agent-pipeline.md is the concrete autopus pipeline definition (5 phases, gates, permission mode detection, delegation depth cap, prompt layer discipline) — none of which is covered by the superpowers skill. The superpowers skill is a general technique guide; agent-pipeline.md is the implementation specification. No meaningful overlap. The @-include in SKILL.md line 876 confirms it is load-bearing.", "evidence": "superpowers dispatching-parallel-agents: 183 lines, generic 'one agent per problem domain' pattern, prompt structure template. agent-pipeline.md: 654 lines, Phase 0.7/1/1.5/1.8/2/2.1/2.5/3/3.5/4 definitions, permission mode detect flow, delegation_depth_cap enforcement, subagent_dispatch_count tracking, degraded_mode fallback, prompt layer manifest contract. @-include confirmed at SKILL.md line 876.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".claude/skills/autopus/agent-teams.md", "currentPurpose": "Role-based Agent Teams mode skill (247 lines) — Lead/Builder/Guardian composition, Claude Code experimental API prerequisites, failure modes, team cleanup protocol.", "problem": "No superpowers skill covers Agent Teams (TeamCreate/SendMessage/TeamDelete). This is autopus-specific pipeline mode documentation for an experimental Claude Code feature. No overlap with any plugin.", "evidence": "agent-teams.md: CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 env var requirement, v2.1.32+ version check, nested TeamCreate prohibition, Lead/Builder/Guardian role definitions, SendMessage protocol, partial validation request format. No superpowers or plugin covers this API. Not a duplicate of dispatching-parallel-agents (that skill uses Agent() subagents, not TeamCreate peers).", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".claude/skills/autopus/agent-presets.md", "currentPurpose": "Domain-specific agent activation presets (backend-go, fullstack, cli-tool) configured via autopus.yaml (100 lines).", "problem": "No superpowers or native Claude Code feature covers preset-based agent activation for the autopus pipeline. This is configuration-layer documentation unique to the autopus harness. No overlap.", "evidence": "agent-presets.md: 3 presets (backend-go, fullstack, cli-tool) with agent lists, autopus.yaml config key agent_preset, skip-logging for inactive phases, custom preset syntax. Nothing comparable in superpowers 5.1.0 skills or any plugin. Not a duplicate.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false }, { "path": ".claude/skills/autopus/browser-automation.md", "currentPurpose": "Terminal-environment auto-detecting browser automation skill (340 lines). @-included in SKILL.md /auto browse pipeline. Selects cmux browser (cmux terminal) or agent-browser (tmux/plain) via auto terminal detect.", "problem": "playwright plugin wires @playwright/mcp as an MCP server (browser_navigate, browser_click etc. native tools). browser-automation.md targets different backends (cmux browser binary, agent-browser CLI) that are separate from the playwright MCP server. The skill explicitly positions Playwright as one of three options for E2E test suites, not for the primary interactive automation path. Functional intent overlaps (both automate browsers) but toolchain is different. Partially complementary. The skill is load-bearing (@-include confirmed).", "evidence": "playwright plugin .mcp.json: npx @playwright/mcp@latest — MCP server providing structured browser_* tool calls. browser-automation.md line 27-29: cmux browser (primary), agent-browser (fallback), Playwright (E2E suites, CI). auto terminal detect drives backend selection. SKILL.md line 1848: @.claude/skills/autopus/browser-automation.md. The playwright MCP server approach is different from the CLI-based agent-browser workflow described in this skill.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "Consider merging playwright-cli.md command reference into this skill as an appendix (see playwright-cli.md finding).", "autoDietEligible": false }, { "path": ".claude/skills/autopus/spec-review.md", "currentPurpose": "Multi-provider SPEC review gate skill (85 lines) with Orchestra engine integration, self-verify trace checking, verdict protocol. @-included in SKILL.md pipeline.", "problem": "code-review plugin provides PR-level review. spec-review.md covers SPEC document quality review (spec.md, plan.md, acceptance.md, research.md) using an orchestra engine with multiple providers — entirely different review target. No overlap.", "evidence": "code-review plugin: reviews git diffs/PRs via gh, checks CLAUDE.md compliance, bug scanning. spec-review.md: validates .autopus/specs/SPEC-{ID}/*.md document quality, collects code context, runs multi-provider orchestra review, PASS/REVISE/REJECT verdict on SPEC status. Different artifacts, different purpose. @-include confirmed at SKILL.md line 2307.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "-", "autoDietEligible": false } ], "summary": "A structural class of thin, Go/Korean-flavored autopus skills now shadows more robust, auto-triggering superpowers skills. The pattern: autopus installs a skill that covers the same methodology (TDD, debugging, verification, brainstorming) with narrower scope and less rationalization-hardening, while a superpowers equivalent auto-triggers on the same user intent. Both coexist in agent context simultaneously, creating ambiguous authority. The remediation is not wholesale deletion — the Go-specific toolchain commands and Korean trigger keywords have genuine value — but shrinkage to thin extension docs that defer to the superpowers skill for behavioral discipline. Three specific items are clean deletes (git-worktrees: full duplicate; writing-skills: orphan with name collision; worktree-safety rule: fully absorbed by worktree-isolation skill). Two global rules (context7-docs, deferred-tools) carry pipeline-specific residual value (subagent-injection contract; trigger-point table) that the MCP/platform does not replace — shrink rather than delete. All findings target ADK-generated installed copies; real fixes must happen at the ADK source/template so /auto sync does not regenerate the oversized versions. autoDietEligible is false for all findings because the files are sync-regenerated. Counts: DELETE: 2, SHRINK: 5 (3 skills + 2 rules), MOVE: 1, CONVERT: 2, KEEP: 9." }, "safety": { "scopeNotes": "Security/permission posture audit for /home/lucas. Read-only. Files read: .claude/settings.json, .claude/settings.local.json, .mcp.json, all hook scripts under .claude/hooks/ and .claude/hooks/autopus/. Also verified .autopus/claude-code-manifest.json to establish provenance. Scope: 5 task areas — (1) defaultMode+skipPrompt flags, (2) permissions.allow breadth, (3) per-Bash-call hooks cost/trust, (4) MCP unpinned-npx supply chain, (5) modelOverrides staleness. settings.json and settings.local.json are NOT listed in the ADK manifest — they are hand-written/user-owned; installed copy is source of truth. .mcp.json IS listed in the manifest — ADK-generated; real fix is at ADK source/autopus.yaml.", "findings": [ { "path": ".claude/settings.json (permissions.allow: Bash(npm *), Bash(npx *), Bash(node *), Bash(pnpm *), Bash(yarn *))", "currentPurpose": "Auto-approves all npm/npx/node/pnpm/yarn subcommands without a user prompt, enabling the /auto pipeline to install packages, run scripts, and invoke CLI tools without interruption", "problem": "Highest-severity surface in this harness. `npx ` fetches and executes remote code; `node -e '...'` is a full scripting shell; `npm install` and `yarn add` run arbitrary postinstall lifecycle scripts. Combined with `defaultMode:auto` and `skipAutoPermissionPrompt:true`, every one of these executes without a confirmation prompt. An agent or malicious prompt injection that produces a plausible-looking `npx ` command gets auto-approved and runs with the user's OS credentials.", "evidence": "settings.json lines 71-75: `Bash(npm *)`, `Bash(npx *)`, `Bash(node *)`, `Bash(pnpm *)`, `Bash(yarn *)` all listed in permissions.allow. Line 79: `skipAutoPermissionPrompt:true`. Line 80: `skipDangerousModePermissionPrompt:true`. Line 77: `defaultMode:auto`. These four settings combine to mean: any agent-produced command matching these patterns executes immediately with zero user confirmation.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "medium", "confidence": "high", "adkProvenance": "hand-written", "realFixLocation": "Installed copy is source of truth. Narrowing options: (a) add `permissions.deny` entries for specific dangerous sub-patterns (e.g. `Bash(npx * --eval *)`) in settings.local.json — deny overrides allow additively; (b) replace `Bash(npx *)` with an explicit allow-list of known package names used by the pipeline; (c) remove `skipAutoPermissionPrompt` for `npx` invocations by splitting them to a separate tool tier. Cannot narrow by adding more `allow` entries — allow entries are additive.", "autoDietEligible": false }, { "path": ".claude/settings.json (defaultMode:auto + skipAutoPermissionPrompt:true + skipDangerousModePermissionPrompt:true)", "currentPurpose": "Enables fully unattended /auto pipeline execution — the harness was designed for pipeline automation where every tool call is expected to run without user confirmation gates", "problem": "The combined effect of all three flags is that Claude Code operates in its most permissive mode with every permission prompt suppressed. The precise semantic of `defaultMode:auto` is not publicly documented and cannot be verified from the files alone (medium confidence), but the observable effect is that the full `permissions.allow` list executes without any prompt regardless of sensitivity. This is intentional for the pipeline use case but creates a large silent-approval surface for interactive sessions and for any prompt-injection scenario where an agent produces a matching command.", "evidence": "settings.json line 77 (`defaultMode:auto`), line 79 (`skipAutoPermissionPrompt:true`), line 80 (`skipDangerousModePermissionPrompt:true`). The allow list at lines 47-75 covers 20+ Bash patterns plus Agent, TeamCreate, SendMessage, TaskCreate — all auto-approved. settings.local.json adds `Bash(claude account:*)` on top of this.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "high", "confidence": "medium", "adkProvenance": "hand-written", "realFixLocation": "Installed copy is source of truth. If interactive sessions are a concern, consider using a separate settings profile or profile-scoped override for pipeline vs. interactive use. No ADK-template fix path since settings.json is user-owned.", "autoDietEligible": false }, { "path": ".claude/settings.json (permissions.allow: Bash(git *), Bash(gh *), Bash(make:*))", "currentPurpose": "Auto-approves all git, GitHub CLI, and make subcommands to allow the /auto pipeline to commit, push, create PRs, and run build targets without prompts", "problem": "`Bash(git *)` includes `git push --force`, `git reset --hard`, `git clean -fdx`, `git config --global`, and git aliases/hooks — all auto-approved. `Bash(gh *)` covers `gh repo delete`, `gh secret set`, `gh workflow run`, and arbitrary GitHub API calls. `Bash(make:*)` runs arbitrary Makefile targets. All three have non-trivial exec escape hatches. These are less severe than the npm cluster but are broader than a read-only git allow-list would be.", "evidence": "settings.json lines 51-52 (`Bash(git *)`, `Bash(git:*)`), lines 61 (`Bash(gh:*)`), lines 53 (`Bash(make:*)`). All wildcard patterns with no sub-command restriction. git hooks under the repo also execute on `git commit`/`git push` — and pre-commit-arch.sh calls `auto check --arch` which in turn runs the 22MB `auto` binary.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "medium", "confidence": "high", "adkProvenance": "hand-written", "realFixLocation": "Installed copy is source of truth. Safer alternatives: use `permissions.deny` in settings.local.json to block the highest-risk subcommands (e.g. `Bash(git push --force*)`, `Bash(git reset --hard*)`, `Bash(gh repo delete*)`) while keeping the broad `allow`. Cannot narrow the allow entry itself without re-listing permitted subcommands explicitly.", "autoDietEligible": false }, { "path": ".claude/settings.json (hooks.PreToolUse: `auto check --arch --quiet --warn-only` 30s + hooks.PostToolUse: `auto react check --quiet` 60s)", "currentPurpose": "PreToolUse hook runs architecture validation before every Bash call; PostToolUse hook triggers a CI-react check after every Bash call. Together they enforce arch rules and pipeline feedback in real time.", "problem": "Two concerns: (1) Performance tax — every single Bash invocation, including trivial `ls`, `grep`, `echo`, shells out to the 22MB `auto` Go binary twice (30s + 60s timeout budget = 90s per Bash call in the worst case). For a session with 50+ Bash calls this is 50+ synchronous subprocess launches per hook, even for read-only commands. (2) Implicit trust — every Bash call implicitly trusts that the `auto` binary at `/usr/local/bin/auto` (owned root, installed May 21) behaves correctly and does not have a vulnerability. If the binary is ever compromised or updated with a breaking change, it runs on every single agent operation with no gating.", "evidence": "settings.json lines 16-38. `matcher: Bash` with no command filter — fires on ALL Bash tool calls. `/usr/local/bin/auto` is a 22552738-byte statically linked Go ELF, owned root:root, installed May 21 2025. Both `auto check --arch --quiet --warn-only` (pre) and `auto react check --quiet` (post) run on every Bash invocation.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template and autopus.yaml — the hooks block in settings.json is generated by the harness install. To scope hooks to relevant commands only (e.g. only fire on `git commit`, `git push`, `auto *` commands), the filter must be changed at the ADK template level. The installed copy of settings.json is NOT in the manifest, so changes here survive sync, but the hooks block would be regenerated on the next `auto update`.", "autoDietEligible": false }, { "path": ".mcp.json (context7: `npx -y @upstash/context7-mcp@latest`)", "currentPurpose": "Launches the Context7 documentation MCP server on every session start to provide up-to-date library documentation via MCP tools", "problem": "`@latest` is an unpinned version tag. Every session start executes `npx -y @upstash/context7-mcp@latest` which fetches and runs whatever is currently published under that tag on npm. This is a supply-chain attack surface: if the `@upstash/context7-mcp` package (or its dependency tree) is compromised on npm, the malicious version runs automatically at session start — before any agent code executes, entirely outside the `permissions.allow` gate (MCP server launch is not a Bash tool call).", "evidence": ".mcp.json lines 8-9: `\"exec npx -y @upstash/context7-mcp@latest\"`. `-y` flag auto-confirms the install. The `@latest` tag resolves at runtime to whatever version is currently published. .mcp.json is listed in the ADK manifest (verified via claude-code-manifest.json), confirming it is ADK-generated and will be overwritten on sync.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template and autopus.yaml — replace `@latest` with a pinned semver (e.g. `@upstash/context7-mcp@1.x.x`) in the template. The installed .mcp.json will be overwritten on `auto sync` or `auto update`, so pinning must happen upstream. As a local interim workaround: edit .mcp.json to replace `@latest` with a specific version, but this will be overwritten on next sync.", "autoDietEligible": false }, { "path": ".mcp.json (sequential-thinking: `npx -y @modelcontextprotocol/server-sequential-thinking`)", "currentPurpose": "Provides a step-by-step reasoning MCP server as an alternative to native extended thinking for complex problems", "problem": "Two independent issues: (1) Supply-chain risk — launched via `npx -y` with NO version pin at all (not even `@latest`). This resolves to whatever is current at run time, with no version lock. (2) Functional redundancy — Claude's native extended thinking (--think flag, or the model's built-in chain-of-thought) covers the same use case. The `sequential-thinking` MCP permission is in the settings.json allow-list (`mcp__sequential-thinking__sequentialthinking`) but the extra server launch adds an unpinned-npm dependency to every session startup with marginal incremental value.", "evidence": ".mcp.json lines 16-17: `\"exec npx -y @modelcontextprotocol/server-sequential-thinking\"` — no version specifier. Compare with context7 which at least has `@latest`. This server is also registered in .mcp.json which is ADK-managed (in the manifest). The `mcp__sequential-thinking__sequentialthinking` entry appears in settings.json permissions.allow (line 62).", "recommendation": "DELETE", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template and autopus.yaml — remove the sequential-thinking MCP server entry from the template, and remove the corresponding `mcp__sequential-thinking__sequentialthinking` allow entry from settings.json template. Because .mcp.json is ADK-managed, local deletion is overwritten on next sync.", "autoDietEligible": false }, { "path": ".claude/settings.json (modelOverrides.op = `claude-opus-4-6`)", "currentPurpose": "Overrides the model used for orchestration/heavy operations to a specific Opus version", "problem": "The value `claude-opus-4-6` is a stale model identifier. The current model is `claude-opus-4-5` or `claude-opus-4` (check Anthropic's current model ID list). Using a non-existent or deprecated model ID may silently fall back to a default model or raise API errors, causing unexpected pipeline behavior. By contrast, `ha: claude-haiku-4-5-20251001` and `so: claude-sonnet-4-6` both carry current-looking version strings.", "evidence": "settings.json line 43: `\"op\": \"claude-opus-4-6\"`. Haiku override uses a full datestamped version `claude-haiku-4-5-20251001`; Sonnet override uses `claude-sonnet-4-6` which matches the current running model. Only `op` lacks a datestamp and uses what appears to be a non-current version string.", "recommendation": "CONVERT", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "hand-written", "realFixLocation": "Installed copy is source of truth — settings.json is not in the ADK manifest. Fix directly in .claude/settings.json by updating the `op` value to the current Opus model ID (verify against Anthropic's model availability API or docs before changing).", "autoDietEligible": false }, { "path": ".claude/settings.json (permissions.allow: Bash(find:*))", "currentPurpose": "Auto-approves all `find` invocations for file discovery, which the harness uses extensively for locating source files, SPECs, and manifests", "problem": "`find` with `*` allows `find . -exec {} +` — an arbitrary command execution escape hatch. While `find` itself looks safe (read-only file discovery), the `-exec`, `-execdir`, `-ok`, and `-delete` flags turn it into an execution primitive. Under the current allow list, `find / -exec rm -rf {} +` would be auto-approved. This is lower severity than npx/node but worth noting since the pattern appears in a 'safe read-only tools' group alongside `ls`, `grep`, `wc`.", "evidence": "settings.json line 54: `Bash(find:*)`. Listed alongside genuinely read-only tools: `Bash(ls:*)`, `Bash(cat:*)`, `Bash(grep:*)`, `Bash(wc:*)`, `Bash(sort:*)`, `Bash(mkdir:*)`, `Bash(echo:*)`. The `find -exec` escape is distinct from these.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "hand-written", "realFixLocation": "Installed copy is source of truth. This risk is acceptable in practice because the agent models already have strong safety training against destructive commands; flagging as informational. If hardening is desired, add a `permissions.deny` for `Bash(find * -exec *)` and `Bash(find * -delete *)` in settings.local.json.", "autoDietEligible": false } ], "summary": "The most significant permission surface is the auto-approved npm/npx/node/pnpm/yarn cluster combined with skipAutoPermissionPrompt and skipDangerousModePermissionPrompt. This creates a path where any agent-produced `npx ` command runs with the user's OS credentials and zero confirmation. The MCP servers compound this: both context7 and sequential-thinking launch via unpinned `npx -y` at every session start — outside the permissions.allow gate entirely. Sequential-thinking is redundant with native extended thinking and should be removed (low risk). Context7 should be pinned to a specific version at the ADK template level. The per-Bash-call hooks (auto check --arch + auto react check) add a 90-second worst-case latency budget and implicit binary trust on every Bash invocation — worth scoping to relevant commands only at the ADK template level. The modelOverrides.op stale ID (claude-opus-4-6) is a low-risk correctness issue; fix directly in settings.json. All ADK-generated files (.mcp.json, hooks) require upstream template fixes to survive sync; settings.json and settings.local.json are user-owned and can be edited directly." }, "plan": { "scopeNotes": "Audited: CLAUDE.md (177 lines), AGENTS.md (155 lines), and all 13 files in .claude/rules/autopus/ (926 lines total). Total Tier-A global-injected budget: 1258 lines loaded into every session. Skills (.claude/skills/autopus/, 44 files) and agents (.claude/agents/autopus/, 16 files) were read as evidence sources for duplication and CONVERT move-target justification — they are not the change scope. autopus.yaml was read to confirm actual language config (all three: en). settings.json and hooks were read for orientation only (hooks/MCP/permissions are outside this deliverable per task scope). templates/shared/branding-formats.md.tmpl confirmed absent from filesystem. pkg/ directory confirmed absent. All 15 audited files are ADK-generated or ADK-managed installed copies; real fix location for every SHRINK/CONVERT/DELETE is the ADK source/template or autopus.yaml, not the installed copies (which /auto sync would overwrite). Input source: only ONE agent block was present in the supplied findings array (global-context-tax). The other three agents named in the task (skill-quality, product-overlap, safety-permission) supplied no findings. This consolidation therefore covers global-context-tax scope only. Entries for the three missing agents have NOT been fabricated. autoDietEligible=false for all entries: every file is an ADK-overwrite-prone installed copy, so /harness-diet cannot safely apply any of these changes unattended without ADK source changes.", "findings": [ { "path": ".claude/rules/autopus/spec-quality.md", "currentPurpose": "Full 5-dimension SPEC quality checklist (Q-CORR-*, Q-COMP-*, Q-FEAS-*, Q-STYLE-*, Q-SEC-*, Q-COH-* with pass/fail criteria and N/A guidance) injected into every session globally.", "problem": "197 lines (~16% of the entire 1258-line Tier-A budget) loaded on every session turn, including coding sessions unrelated to SPEC authoring. The checklist is on-demand reference consumed only during /auto plan, /auto spec, or /auto review flows. spec-review.md skill (lazy-loaded, line 16) already references 'content/rules/spec-quality.md as the pre-review self-check'. spec-writer agent (lines 269-277, lazy-loaded) enumerates the same Q-* IDs. Global injection is redundant with those on-demand references.", "evidence": "spec-quality.md = 197 lines. spec-review.md line 16: 'treat content/rules/spec-quality.md as the pre-review self-check that spec-writer should already have applied'. spec-writer.md lines 269-277 list same Q-CORR/Q-COMP/Q-FEAS/Q-STYLE/Q-SEC checks by ID. Lazy-loaded skill already provides a pointer; no session benefit from global load. Confirmed via grep on spec-review.md and spec-writer.md.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/spec-review.md — promote to a standalone skill section or dedicated skill so it loads only when /auto spec or /auto review is invoked", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/ so /auto sync does not reinstall as a global rule. Change must happen in ADK template, not installed copy.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/context7-docs.md", "currentPurpose": "Procedural Context7 MCP fetch algorithm (detection heuristics, 5-step fetch, token budget tables, caching, error handling, 15 anti-patterns) injected globally every session.", "problem": "148 lines of pipeline procedure loaded on every session turn. Fetch procedure is only relevant at Phase 1.8 of /auto go or when debugging library errors. agent-pipeline.md skill line 254 already contains the explicit ref: 'Ref: .claude/rules/autopus/context7-docs.md for detection heuristics, token limits, and anti-patterns' — the runtime pipeline already knows where to find this when needed. Global load is a constant per-session token tax that fires on every unrelated request.", "evidence": "context7-docs.md = 148 lines. agent-pipeline.md line 254 confirmed via grep: 'Ref: .claude/rules/autopus/context7-docs.md for detection heuristics, token limits, and anti-patterns. Ref: .claude/rules/autopus/techstack-freshness.md for greenfield version evidence.' Pipeline already has the pointer; converting to lazy skill preserves discoverability while removing constant injection overhead.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/ as a standalone skill (e.g., context7-fetch.md), referenced by agent-pipeline.md at Phase 1.8", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/ so /auto sync does not reinstall as a global rule. The agent-pipeline.md Ref pointer already provides runtime discoverability.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/worktree-safety.md", "currentPurpose": "Git worktree safety rules for parallel executor agents: GC suppression flag, prohibited commands, lock retry backoff, cleanup procedure, max-5-worktree limit.", "problem": "74 lines loaded on every session. Worktree rules are only relevant when /auto go spawns parallel worktrees — inert for solo coding sessions. The companion lazy-loaded skill worktree-isolation.md (216 lines) already contains the identical safety content: 'git -c gc.auto=0' pattern (lines 110, 124, 126, 155), same 3/6/12s backoff table (lines 166-172), same shared lock list (.git/refs.lock, packed-refs.lock, lines 161-162). Loading both globally is redundant.", "evidence": "worktree-isolation.md line 155 confirmed: 'Prepend git -c gc.auto=0 to all git commands'. Lines 166-172: exponential backoff table (3s/6s/12s). Lines 161-162: same lock file list. Rule and skill carry identical safety invariants; only the skill needs to carry them (lazy-loaded when worktrees are used).", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/worktree-isolation.md — merge rule's unique safety invariants (if any differ) as a 'Safety Requirements' section; the skill already contains equivalent content", "changeRisk": "medium", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/ so /auto sync does not reinstall as a global rule.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/techstack-freshness.md", "currentPurpose": "Requires technology stack version evidence before naming frameworks in SPEC/PRD text; defines greenfield vs brownfield mode, evidence sources, required research.md table.", "problem": "65 lines loaded every session; rule is dormant for typical bug-fix and feature-extension sessions in existing projects. Also contains a stale reference: line 19 cites 'pkg/techstack.InferMode()' as the source contract — this package does not exist in this repo (no /home/lucas/pkg/ directory). The rule tightly couples to /auto plan SPEC workflows (lines 23-57 reference research.md, prd.md tables) which are loaded lazily by the prd.md and planning.md skills. agent-pipeline.md line 254 already has a Ref pointer to this file, making global injection redundant.", "evidence": "techstack-freshness.md line 19: 'Use pkg/techstack.InferMode() as the source contract'. ls /home/lucas/pkg/ returns 'no /home/lucas/pkg dir'. agent-pipeline.md line 254 confirmed: 'Ref: .claude/rules/autopus/techstack-freshness.md for greenfield version evidence.' All SPEC-workflow consumers already have the pointer; global injection is a constant tax on brownfield sessions.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/prd.md or a dedicated techstack-decision skill — loaded when /auto plan or greenfield project creation is invoked", "changeRisk": "medium", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/; also remove or fix the pkg/techstack.InferMode() stale reference if no such package exists.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/doc-storage.md", "currentPurpose": "SPEC and brainstorm document storage matrix (root vs module scope), ID uniqueness rules, and /auto sync commit protocol — injected every session.", "problem": "49 lines loaded every session but only consumed when creating a new SPEC/BS or running /auto sync. For typical coding sessions this rule is inert. The storage matrix and sync protocol are consumed by planning.md skill and spec-writer agent when those flows are active. Global injection provides no benefit during non-SPEC sessions.", "evidence": "doc-storage.md = 49 lines. Content (SPEC placement matrix, sync commit Phases A and B) consumed only during /auto plan, spec-writer, or /auto sync invocations. No reference to doc-storage content found in non-SPEC lazy skills, confirming the rule is inert during standard coding workflows.", "recommendation": "CONVERT", "moveTarget": ".claude/skills/autopus/planning.md — add as a 'Document Storage' reference section loaded when SPEC creation is triggered", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reclassify from rules/ to skills/.", "autoDietEligible": false }, { "path": "AGENTS.md", "currentPurpose": "Global agent roster (16 agents with one-line descriptions), Codex/OpenCode execution model notes, file-size/subagent/language-policy summaries, and platform directory paths — injected into every session.", "problem": "155 lines with three separate redundancy problems. (1) Platform noise: lines 12-49 document Codex/OpenCode spawn_agent/task() execution model and platform paths — entirely inert in a claude-code session and unknown to the local environment. (2) Duplicated rule summaries: lines 58-72 restate Subagent Delegation, Worker Contracts, File Size Limit — all already present in dedicated rule files and repeated again in CLAUDE.md's ADK tail. (3) Agent roster (lines 83-155): 16 agent descriptions duplicate the lazy-loaded agent files in .claude/agents/autopus/ — those are dispatched on demand and do not need to be in global context.", "evidence": "AGENTS.md lines 12-49: Codex/OpenCode platform specifics (spawn_agent, task(), opencode.json). AGENTS.md lines 58-72: File Size Limit IMPORTANT at line 72 and Subagent Delegation IMPORTANT at line 60 — confirmed duplicated in .claude/rules/autopus/file-size-limit.md and subagent-delegation.md which are globally injected separately. CLAUDE.md lines 161-174 also restate the same two constraints. Agent roster lines 83-155 duplicate content already in .claude/agents/autopus/ (loaded lazily). Three-way injection confirmed via grep.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — remove the platform-specific Codex/OpenCode sections and duplicated rule summaries from the AGENTS.md template; keep only a minimal agent index (name + one-liner) and the supervisor/phase-gate notes (lines 52-56) which are unique content not found elsewhere.", "autoDietEligible": false }, { "path": "CLAUDE.md", "currentPurpose": "Hand-written behavioral guidelines (sections 1-10, lines 1-133, ~130 lines) encoding real recurring LLM mistakes, plus auto-generated ADK harness summary (lines 135-177, ~43 lines) restating language policy, file-size, subagent-delegation, and code review notes.", "problem": "The ADK-generated tail (lines 135-177) restates three constraints already present in dedicated rule files loaded globally every session: language-policy.md (36 lines), file-size-limit.md (38 lines), subagent-delegation.md (29 lines). This is a third injection of the same content (language policy also appears in AGENTS.md). The hand-written sections 1-10 are unique, encode real recurring LLM failure modes (over-engineering, skipping tests, guessing at errors), and must be kept.", "evidence": "CLAUDE.md lines 151-157: Language Policy block. Lines 161-163: Subagent Delegation IMPORTANT. Lines 165-173: File Size Limit IMPORTANT + Code Review. Confirmed via grep these are exact summaries of .claude/rules/autopus/language-policy.md, subagent-delegation.md, and file-size-limit.md respectively. All three rule files are injected globally in addition to this tail.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "mixed", "realFixLocation": "ADK source/template — the auto-generated AUTOPUS:BEGIN..END block should be reduced to a short pointer (e.g., 'Active constraints: see .claude/rules/autopus/') rather than restating rule content. Sections 1-10 are hand-written and are the installed copy's source of truth — do not modify them.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/language-policy.md", "currentPurpose": "Declares per-project language settings (code_comments, commit_messages, ai_responses) and reminds all agents to check project config before producing output.", "problem": "Three separate accuracy and redundancy problems. (1) Triple-injection: language-policy.md (36 lines) + CLAUDE.md ADK tail (lines 151-157) + AGENTS.md (lines 24-30) all state the same IMPORTANT constraint in every session. (2) Stale example values: the 'Example' column in the Configuration table (lines 17-19) shows commit_messages=ko and ai_responses=ko, while autopus.yaml explicitly sets all three to 'en'. The column header says 'Example' but the framing is confusing — readers may treat the example as the project's actual config. (3) branding.md line 40 compounds the confusion by describing the policy as 'commits in ko, responses in ko' as a factual statement (not an example), contradicting autopus.yaml.", "evidence": "autopus.yaml confirmed: 'language: comments: en, commits: en, ai_responses: en'. language-policy.md lines 17-19 Example column: commit_messages=ko, ai_responses=ko. branding.md line 40: 'language-policy — language policy was applied (code comments in en, commits in ko, responses in ko)' — factual description contradicts autopus.yaml. Triple-injection confirmed in CLAUDE.md lines 151-157 and AGENTS.md lines 24-30.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — (1) update Example column to either match actual project config or use unambiguous placeholder values like 'en/ko (configurable)'; (2) remove redundant language policy blocks from CLAUDE.md and AGENTS.md ADK tails; (3) fix branding.md line 40 stale description (see separate branding.md entry).", "autoDietEligible": false }, { "path": ".claude/rules/autopus/branding.md", "currentPurpose": "Tiered branding rules for when to show the Autopus octopus banner, footer, and milestone emoji across session types.", "problem": "Two accuracy problems. (1) Line 40 states as fact: 'language-policy — language policy was applied (code comments in en, commits in ko, responses in ko)'. autopus.yaml confirms all three are 'en' — this is a real stale factual error, not an example-column framing issue. (2) The canonical source template templates/shared/branding-formats.md.tmpl is referenced on lines 12, 25, 60, 62, 63, 64 — six references to a file confirmed absent from the filesystem (find returned no results). Rules R7-R9 mandate pointing to this file rather than duplicating content, but the file does not exist, making R7-R9 self-contradictory enforcement targets.", "evidence": "branding.md line 40 confirmed: 'commits in ko, responses in ko'. autopus.yaml confirmed: 'commits: en, ai_responses: en'. find /home/lucas -name 'branding-formats.md.tmpl' returned exit 1 (no file found). Six references to templates/shared/branding-formats.md.tmpl in branding.md all point to a missing artifact. Both issues are factual errors, not style issues.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — (1) fix line 40 footer description to match actual autopus.yaml language config ('commits in en, responses in en'); (2) either install templates/shared/branding-formats.md.tmpl alongside the rule or inline the minimal branding formats and remove the dead external references; R7-R9 are unenforceable until the template file exists.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/lore-commit.md", "currentPurpose": "Lore commit format specification (type table, trailer schema, sign-off rules) injected every session to enforce structured commit messages.", "problem": "50-line global rule that duplicates the 99-line lazy-loaded skill (.claude/skills/autopus/lore-commit.md). Both define the commit type table, trailer schema, and Autopus sign-off. Format enforcement is already handled at commit time by pre-commit-lore.sh hook and 'auto check --lore' — making the global rule a token overhead beyond the hook. CLAUDE.md section 9 describes commit granularity ('Semantic Commits') without mentioning Lore format, creating a minor layering gap (both apply but the reader must infer this).", "evidence": "lore-commit.md rule = 50 lines. lore-commit.md skill = 99 lines. Both define: commit type table, trailer schema with Constraint/Confidence/Scope-risk/Reversibility trailers, Autopus sign-off. pre-commit-lore.sh hook enforces format at commit time independently of global context load. The global rule is redundant with the skill for all /auto pipeline consumers, and with the hook for enforcement.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce the global rule to the IMPORTANT constraint line and a pointer to the skill ('see .claude/skills/autopus/lore-commit.md for full format'); the hook provides enforcement; the skill provides detail on-demand.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/objective-reasoning.md", "currentPurpose": "Mandates evidence-based reasoning, trade-off disclosure, assumption challenging, calibrated confidence, and disagreement protocol for all responses.", "problem": "81 lines globally injected. The core value is in R1-R5 rules and the prohibited-patterns list (real project-specific constraints against sycophancy and empty hedging). However, the Domain-Adaptive Role table (7 lines), the 'When to Agree' section (3 lines), and the Anti-Patterns section (4 items) restate baseline model behavior rather than project-specific constraints. They add lines without adding constraints that differ from the base model. The signal-to-noise ratio is lower than it could be for a globally-injected file.", "evidence": "81 lines total. R1-R5 rules (30 lines) and Prohibited Patterns list (7 items) carry genuine project-specific value — they encode real failure modes to suppress. Domain-Adaptive Role table (lines 8-14, 7 lines) describes generic evaluation criteria that apply regardless of this rule. Anti-Patterns section (lines 74-80, 4 items) largely restates the prohibited-patterns list. 'When to Agree' (3 lines) is redundant with R1.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — compress to R1-R5 rules plus the Prohibited Patterns list (~40 lines); remove or merge Domain-Adaptive Role table, When to Agree, and Anti-Patterns sections which do not add project-specific constraints.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/deferred-tools.md", "currentPurpose": "Instructs the model to call ToolSearch before using deferred tools (AskUserQuestion, TaskCreate, TeamCreate, etc.) to avoid InputValidationError or degraded UI.", "problem": "70 lines globally injected. The IMPORTANT rule itself (call ToolSearch before deferred tools) has genuine value when /auto commands invoke interactive tools, preventing real failure modes. However, the Trigger Points table (6 rows), Degraded UI Detection recovery steps (3-step recovery), and Anti-Patterns section are operational detail that only applies during /auto pipeline runs. A 3-5 line global reminder would preserve the critical warning while moving the procedural detail to a lazy skill.", "evidence": "70 lines. Sections: Detection list (10 lines), IMPORTANT Rule + code block (8 lines), Trigger Points table (8 lines), Degraded UI Detection (8 lines), Anti-Patterns (5 lines). The IMPORTANT rule and Detection list are the minimal necessary global content. The Trigger Points table and Degraded UI Detection steps are operational procedures consumed only during /auto pipeline runs.", "recommendation": "SHRINK", "moveTarget": "-", "changeRisk": "low", "confidence": "medium", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — reduce global rule to the IMPORTANT notice + deferred tool list; move Trigger Points table and Degraded UI recovery steps to agent-pipeline.md skill or a standalone deferred-tools skill.", "autoDietEligible": false }, { "path": ".claude/rules/autopus/project-identity.md", "currentPurpose": "Prevents confusing the user's product source code with the .autopus/ harness config directory. Provides a two-layer table and identification heuristics.", "problem": "No significant problem found. The confusion it addresses (mistaking .autopus/ for product features) is a real and recurring LLM failure mode when harnesses are installed. At 25 lines it is the smallest global rule with no duplication in other files and no stale content. Token cost is minimal relative to the clarity benefit when the confusion does occur.", "evidence": "25 lines total. No duplication with any other globally-injected file. No stale references found. Content is unique to this file. The two-layer table and 'How to Identify the Product' heuristics are not present in any skill or agent file.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "installed copy is source of truth for KEEP decision — no change required", "autoDietEligible": false }, { "path": ".claude/rules/autopus/file-size-limit.md", "currentPurpose": "Declares the 300-line hard limit and 200-line warning threshold for source code files, with splitting strategies and exclusion list.", "problem": "Content is triple-stated: file-size-limit.md (38 lines, global) + CLAUDE.md ADK tail lines 165-174 + AGENTS.md lines 70-72. The redundancy is in the CLAUDE.md and AGENTS.md tails, not in file-size-limit.md itself. The rule file is the correct canonical location; the tails are the waste. The rule itself at 38 lines is justified as a global constant-enforcement rule (applies to every coding session).", "evidence": "CLAUDE.md lines 165-167 and 172-174 restate file-size-limit content verbatim. AGENTS.md line 72 restates the SPEC exemption. Three-way injection confirmed. The rule file is the authoritative source; the duplicates are in the ADK-generated tails of CLAUDE.md and AGENTS.md.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — keep file-size-limit.md as-is; reduce CLAUDE.md and AGENTS.md ADK tails to remove the redundant restatements (addressed under those entries)", "autoDietEligible": false }, { "path": ".claude/rules/autopus/subagent-delegation.md", "currentPurpose": "Declares when to delegate to subagents (3+ files, multi-domain, 200+ lines), how to delegate, and anti-patterns.", "problem": "Content is triple-stated: subagent-delegation.md (29 lines, global) + CLAUDE.md ADK tail lines 161-163 + AGENTS.md lines 58-60. Same redundancy pattern as file-size-limit.md. The rule file is the correct canonical location at 29 lines; the tails are the waste.", "evidence": "CLAUDE.md line 163: 'IMPORTANT: Use subagents for complex tasks that modify 3+ files, span multiple domains, or exceed 200 lines of new code.' AGENTS.md line 60 mirrors the same IMPORTANT. subagent-delegation.md is the authoritative source; tails duplicate it.", "recommendation": "KEEP", "moveTarget": "-", "changeRisk": "low", "confidence": "high", "adkProvenance": "adk-generated", "realFixLocation": "ADK source/template — keep subagent-delegation.md as-is; reduce CLAUDE.md and AGENTS.md ADK tails to remove the redundant restatements (addressed under those entries)", "autoDietEligible": false } ], "summary": "15 items audited across the 1258-line Tier-A global-injected budget. Classification counts: KEEP 3, SHRINK 6, CONVERT 5, DELETE 0. The three missing agent inputs (skill-quality, product-overlap, safety-permission) were not present in the supplied findings array and have not been fabricated. All autoDietEligible=false: every file is an ADK-generated or ADK-managed installed copy that /auto sync would overwrite; all real fixes must happen at the ADK source/template or autopus.yaml. The single highest-value change is CONVERT spec-quality.md from a global rule to a lazy skill: at 197 lines it consumes ~16% of the entire Tier-A budget in every session while serving only /auto spec and /auto review flows — the spec-review.md skill and spec-writer.md agent already have reference pointers to it, so converting eliminates the global overhead with zero functional regression. The second-highest combined value is shrinking the ADK-generated tails in CLAUDE.md (43 lines) and AGENTS.md (155 lines), which triple-state language-policy, file-size-limit, and subagent-delegation constraints already injected by their dedicated rule files. Two factual accuracy bugs were found: branding.md line 40 describes language policy as 'commits in ko, responses in ko' while autopus.yaml sets all three to 'en'; and six references in branding.md point to templates/shared/branding-formats.md.tmpl which does not exist on the filesystem — R7-R9 are currently unenforceable. The pkg/techstack.InferMode() reference in techstack-freshness.md line 19 is a stale phantom (no /home/lucas/pkg/ directory exists). No KEEP items had problems requiring action; project-identity.md (25 lines, unique content, no duplication), file-size-limit.md (38 lines, constant-enforcement justified), and subagent-delegation.md (29 lines, constant-enforcement justified) all pass cleanly — the redundancy for the latter two is in the CLAUDE.md/AGENTS.md tails, not in the rule files themselves." }, "adversarial": { "challenges": [ { "path": ".claude/rules/autopus/context7-docs.md", "plannerRecommendation": "CONVERT", "challenge": "This rule contains two constraints that must hold outside the /auto pipeline and would silently lapse as a lazy skill. First: 'Subagents cannot call MCP tools — the main session MUST fetch and inject docs into subagent prompts.' This is an architectural constraint on the main session's behaviour during ad-hoc library work, not just during /auto go. A lazy skill only loads when its trigger keywords ('context7', 'doc fetch', 'MCP') appear — a session that opens with 'scaffold me a React app' or 'fix this axios error' has no pipeline and no skill trigger, so the constraint that the main session must inject would silently not apply. Second: the greenfield version-evidence chain — the rule mandates that fetched version/source_ref/checked_at metadata be copied into the Technology Stack Decision table. That cross-rule linkage to techstack-freshness must fire before the PRD names a framework, i.e., before any spec/pipeline trigger. The agent-pipeline.md Ref pointer on line 254 points to this rule as an already-installed-path reference, not as a resolvable runtime path — it is documentation of where to look, not an active load. The MCP server instructions in the session reminder provide generic 'fetch docs for library work' guidance but do NOT contain the subagent-injection contract or the version-to-stack-decision chain — those are unique to this rule.", "whyRiskyToReduce": "Without global injection, the main session will not know it must act as the MCP intermediary for subagents, nor that fetched version metadata must flow into the Technology Stack Decision table. Both are recurring mistakes the rule was written to prevent: subagents calling MCP directly (silent failure), and greenfield stacks named without version evidence (stale training data used).", "recommendedOverride": "REQUIRE_HUMAN_APPROVAL", "severity": "high", "confidence": "high" }, { "path": ".claude/rules/autopus/techstack-freshness.md", "plannerRecommendation": "CONVERT", "challenge": "The rule must apply during ad-hoc greenfield requests — 'create a new Express API', 'start a new Python project' — where no /auto plan pipeline runs and no lazy skill trigger fires. The risk the rule prevents (selecting React 18 or Next.js 13 from training memory when current stable is different) is not gated on any pipeline phase; it fires the moment the user names a framework in a plain chat request. The agent-pipeline.md Ref on line 254 is a documentation pointer: it says 'see the rule for details' but does not load the rule. Skills trigger on keyword matching; 'greenfield' or 'techstack' are unlikely keywords in a plain user request like 'scaffold a Flask API'. Additionally, the planner's own evidence notes that the rule cites 'pkg/techstack.InferMode()' — a non-existent package — as its source contract. This is a content bug that needs fixing at the ADK source, not a reason to demote the rule to lazy. Converting to a lazy skill does not fix the stale reference; it only removes the active enforcement context.", "whyRiskyToReduce": "Greenfield version selection from training memory is a documented recurring LLM mistake. The rule exists because context7-docs alone is not sufficient — the version must be written into the SPEC table. Without global injection, a plain 'create a project' request bypasses both the check and the evidence-documentation requirement.", "recommendedOverride": "REQUIRE_HUMAN_APPROVAL", "severity": "high", "confidence": "high" }, { "path": ".claude/rules/autopus/worktree-safety.md", "plannerRecommendation": "CONVERT", "challenge": "The rule contains a 'Prohibited Commands' section (git gc, git prune, git repack) that does NOT appear in worktree-isolation.md's R5 safety section. A grep of worktree-isolation.md confirms R5 covers GC suppression flag, shared lock retry, and failure cleanup — but the explicit prohibition list for gc/prune/repack is absent. The planner acknowledged this uncertainty with the hedge 'merge rule's unique safety invariants (if any differ).' They do differ. Beyond that content gap, the argument for CONVERT is otherwise sound: the rule's constraints only matter when parallel worktrees are active, and worktree-isolation.md loads in exactly that scenario. If the prohibited-commands section were first merged into worktree-isolation.md at the ADK source, the CONVERT would be clean.", "whyRiskyToReduce": "The explicit prohibition list for git gc/prune/repack is not present in the skill. Removing the rule before that content is merged creates a real gap: a main session running outside a pipeline could run git gc while worktrees are active without being told it is prohibited.", "recommendedOverride": "DOWNGRADE_TO_KEEP", "severity": "medium", "confidence": "high" }, { "path": ".claude/rules/autopus/spec-quality.md", "plannerRecommendation": "CONVERT", "challenge": "The planner's discoverability claim — that spec-review.md and spec-writer.md already provide a pointer to spec-quality so the global load is redundant — is undercut by a confirmed dead reference. Both spec-review.md (lines 16, 22) and spec-writer.md (lines 269, 320) reference 'content/rules/spec-quality.md'. This path does not exist: 'content/rules/' directory is absent from the filesystem. The installed file is at '.claude/rules/autopus/spec-quality.md'. The lazy skill's pointer resolves to a missing path, not the installed rule. If the global rule is converted to a skill and the skill itself only references the non-existent content/ path, the agent would fail to load the checklist at the exact moment it is needed. The argument for CONVERT is otherwise reasonable — SPEC authoring is the only scenario that needs this content — but the discoverability chain is currently broken at the ADK source.", "whyRiskyToReduce": "The lazy-load discoverability path is broken: 'content/rules/spec-quality.md' does not exist. Removing global injection before the spec-writer and spec-review pointers are corrected to '.claude/rules/autopus/spec-quality.md' (or the skill is made self-contained) means the checklist will not be loaded during SPEC authoring.", "recommendedOverride": "DOWNGRADE_TO_KEEP", "severity": "medium", "confidence": "high" }, { "path": "AGENTS.md", "plannerRecommendation": "SHRINK", "challenge": "The planner recommends keeping only 'agent index + supervisor notes (lines 52-56)' and removing platform sections and duplicated rule summaries. Lines 62-68 contain two guardrails that exist nowhere else in the globally-injected files: 'Worker Contracts' (mandatory return fields: owned_paths, changed_files, verification, blockers, next_required_step) and 'Review Convergence' (discovery vs. verification split; re-retries must only check open findings, not rediscover). A grep confirms these are absent from subagent-delegation.md, file-size-limit.md, language-policy.md, and CLAUDE.md. The planner's SHRINK scope does not mention preserving these two sections. If they are dropped in the shrink, the session loses two active behavioural constraints on how subagent prompts are constructed and how review loops are run. The Codex/OpenCode platform sections (lines 12-49) are genuinely inert in Claude Code sessions and the agent roster is duplicated — those are defensible reductions. But lines 62-68 are unique and load-bearing.", "whyRiskyToReduce": "Worker Contracts and Review Convergence are the only globally-injected source of the minimum return-field contract and the re-retry scope restriction. Removing them silently removes guardrails on worker prompt construction and infinite review loops.", "recommendedOverride": "DOWNGRADE_TO_SHRINK", "severity": "medium", "confidence": "high" }, { "path": "CLAUDE.md", "plannerRecommendation": "SHRINK", "challenge": "The ADK-generated tail (lines 135-177) includes a File Size Limit block (line 167) that lists generated-file exclusions — '*_generated.go', '*.pb.go' — that are NOT present in the standalone .claude/rules/autopus/file-size-limit.md rule. If the tail is reduced to a pointer, those exclusion patterns are removed from global context. A reviewer acting on file-size-limit.md alone would not know generated files are exempt and could incorrectly flag them. The planner's finding correctly identifies triple-injection redundancy for language policy, subagent delegation, and base file-size guidance — those reductions are sound. But the generated-file exclusions are a non-redundant content addition in the CLAUDE.md tail specifically. The fix is to first add those exclusion patterns to file-size-limit.md at the ADK source, then shrink the tail.", "whyRiskyToReduce": "The generated-file exclusion list (*_generated.go, *.pb.go) is present in CLAUDE.md's ADK tail but absent from the canonical file-size-limit.md rule. Shrinking the tail to a pointer removes the only source of that exclusion, creating false-positive review findings on generated files.", "recommendedOverride": "DOWNGRADE_TO_SHRINK", "severity": "low", "confidence": "high" }, { "path": ".claude/rules/autopus/language-policy.md", "plannerRecommendation": "SHRINK", "challenge": "The planner's three problems are all confirmed factual (triple-injection, stale Example column with ko/ko while autopus.yaml sets all en, and branding.md line 40 echoing the stale description). However, all three are content bugs, not footprint problems. The file should remain globally injected — language policy is an unconditional constraint that must apply in every session including ad-hoc ones outside any pipeline. Shrinking does not fix the stale Example column; the Example column must be corrected at the ADK source to reflect actual configured values or use clearly labelled placeholders. The triple-injection problem is best addressed by removing the duplicate blocks from CLAUDE.md and AGENTS.md tails, not by demoting the canonical rule file. The rule itself is the right vehicle; the redundancy is in the tails.", "whyRiskyToReduce": "Language policy is an unconditional constraint. Without global injection, it would only apply when a pipeline or skill happens to load it. A plain user request ('write a commit') processed outside any /auto command would not trigger any skill load, and the language policy would silently not apply.", "recommendedOverride": "DOWNGRADE_TO_KEEP", "severity": "medium", "confidence": "high" }, { "path": ".claude/rules/autopus/branding.md", "plannerRecommendation": "SHRINK", "challenge": "The two confirmed bugs — line 40 states 'commits in ko, responses in ko' while autopus.yaml sets all to en; and six references to templates/shared/branding-formats.md.tmpl which does not exist on the filesystem — are content bugs, not size problems. Shrinking the file does not fix either error. The references to the missing template file make R7-R9 unenforceable regardless of file size. The correct resolution is to fix the stale language description and either install the template file or inline the minimal formats — both are ADK source changes. The file should remain globally injected because branding behaviour (when to show the octopus banner, what footer to append) must apply in every session response, not only when a skill trigger fires.", "whyRiskyToReduce": "Branding behaviour is an always-on presentation constraint. Without global injection, agents would not know when to show or suppress the banner. The dead template references and stale language description are content bugs that need correction at the ADK source independent of any size reduction.", "recommendedOverride": "DOWNGRADE_TO_KEEP", "severity": "low", "confidence": "medium" }, { "path": ".claude/rules/autopus/lore-commit.md", "plannerRecommendation": "SHRINK", "challenge": "The rule must apply every time a commit is produced, including in ad-hoc sessions outside the /auto pipeline. The lazy-loaded skill loads when trigger keywords like 'lore', 'commit message', or '커밋 메시지' appear — but an executor agent implementing a feature and calling git commit within its task produces a commit without those keywords in context. The pre-commit-lore.sh hook provides after-the-fact enforcement (rejecting a malformed message), but the global rule provides before-the-fact guidance so the agent formats the message correctly on first attempt rather than having the hook reject it and requiring a retry. The planner's point that the skill duplicates the content is accurate — but the duplication is intentional: the skill provides detail for authoring, the rule ensures the constraint is present in every session context so commits don't require correction.", "whyRiskyToReduce": "Without global injection, executor agents operating in pipeline subagent contexts (where skill triggers don't fire) would produce plain commit messages, rely solely on the hook rejection, and require retry. The hook enforces correctness but the rule prevents the wasted attempt.", "recommendedOverride": "DOWNGRADE_TO_KEEP", "severity": "medium", "confidence": "medium" }, { "path": ".claude/rules/autopus/doc-storage.md", "plannerRecommendation": "CONVERT", "challenge": "The rule's constraints — where to place SPEC files, global ID uniqueness scan, and /auto sync commit phases — are only relevant during SPEC creation or sync. The planning.md and spec-writer agent both load in those scenarios. The CONVERT argument here is the planner's most scenario-bound case: there is no ad-hoc request type outside SPEC/BS creation that triggers these constraints. Unlike context7 or techstack rules, there is no silent lapse risk: if someone is creating a SPEC, the spec-writer agent and planning skill are active. The CONVERT is defensible here. The only caveat is the ADK-overwrite note: any change must happen at the ADK source, not the installed copy.", "whyRiskyToReduce": "Low risk. The rule's constraints fire only in SPEC authoring flows which already load the relevant skills and agents. The main risk is the discoverability path — planning.md must be updated to embed or reference this content explicitly so it is not lost when the rule file is reclassified.", "recommendedOverride": "UPHOLD", "severity": "low", "confidence": "medium" } ], "verdict": "Of the ten planner recommendations reviewed, two CONVERTs survive adversarial scrutiny (doc-storage is genuinely scenario-bound), five face concrete challenges that require human approval or downgrade, and three have confirmed content bugs that are ADK-source fixes independent of the size question.\n\nUPHOLD (reduction is sound, proceed with ADK source change):\n- doc-storage.md CONVERT: constraints only fire in SPEC authoring flows; skill load covers it.\n\nREQUIRE_HUMAN_APPROVAL (reduction is risky without confirmed fix):\n- context7-docs.md CONVERT: unique subagent-injection contract and version-to-stack chain have no other global injection point; ad-hoc library work outside pipelines is the unguarded gap.\n- techstack-freshness.md CONVERT: greenfield version selection from training memory is an ad-hoc risk not gated on any pipeline trigger; converting to a lazy skill silently removes the check from plain user requests.\n\nDOWNGRADE_TO_KEEP (reduction requires prerequisite content migration before it is safe):\n- worktree-safety.md CONVERT: the Prohibited Commands section (git gc/prune/repack) is confirmed absent from worktree-isolation.md R5; must be merged into the skill before the rule is reclassified.\n- spec-quality.md CONVERT: spec-review.md and spec-writer.md both reference 'content/rules/spec-quality.md' — a path confirmed absent from the filesystem — not the installed rule; the discoverability chain is broken.\n- language-policy.md SHRINK: language policy is an unconditional constraint; the stale Example column is a content bug to fix at ADK source; the triple-injection problem is best solved by removing duplicates from tails, not demoting the canonical rule.\n- lore-commit.md SHRINK: executor agents produce commits in pipeline contexts without skill trigger keywords; the rule provides before-the-fact guidance that the hook cannot substitute.\n\nDOWNGRADE_TO_SHRINK (partial reduction is safe but scope must be narrowed):\n- AGENTS.md SHRINK: Worker Contracts (mandatory return fields) and Review Convergence (discovery/verification split) on lines 62-68 are unique content absent from all other globally-injected files; the planner's stated keep scope must explicitly preserve these two sections.\n- CLAUDE.md SHRINK: the ADK tail's generated-file exclusion list (*_generated.go, *.pb.go) is absent from the canonical file-size-limit.md rule; that exclusion must be added to the rule at ADK source before the tail is reduced to a pointer.\n\nCross-cutting note: branding.md's stale language description (line 40: ko/ko vs autopus.yaml en/en) and the six dead references to templates/shared/branding-formats.md.tmpl are content bugs requiring ADK source correction, not a footprint reduction target; branding must remain globally injected.\n\nThe product-overlap and safety-permission scopes supplied no planner targets; no adversarial findings are generated for those absent inputs." } } }