# Tasks: Spec 416 - TenantPilot Agent Skill Layer V1 and Router Integration **Input**: Design documents from `/specs/416-tenantpilot-agent-skill-layer-v1/` **Prerequisites**: `spec.md`, `plan.md`, `checklists/requirements.md` **Implementation status**: Corrected spec implemented by the Spec Kit implementation loop. Artifact/router verification completed; see `implementation-report.md`. ## Requirement Coverage Map - **FR-416-001**: covered by T006. - **FR-416-002**: covered by T006. - **FR-416-003**: covered by T007. - **FR-416-004**: covered by T008. - **FR-416-005**: covered by T009. - **FR-416-006**: covered by T010 and T018. - **FR-416-007**: covered by T002, T006-T025, and NT001. - **FR-416-008**: covered by T026-T034, T038-T042, and T049. - **FR-416-009**: covered by T035. - **FR-416-010**: covered by T018 and T037. - **FR-416-011**: covered by T018. - **FR-416-012**: covered by T011. - **FR-416-013**: covered by T012. - **FR-416-014**: covered by T013. - **FR-416-015**: covered by T014. - **FR-416-016**: covered by T015. - **FR-416-017**: covered by T016. - **FR-416-018**: covered by T017. - **FR-416-019**: covered by T020. - **FR-416-020**: covered by T021. - **FR-416-021**: covered by T022. - **FR-416-022**: covered by T023. - **FR-416-023**: covered by T024. - **FR-416-024**: covered by T019, T043, and NT002. - **FR-416-025**: covered by T044, T045, T050, and NT003. - **FR-416-026**: covered by T048-T052. ## Test Governance Checklist - [x] Lane assignment remains N/A for Laravel runtime and uses artifact/router verification only. - [x] No Pest, browser, PostgreSQL, or heavy-governance test family is added unless runtime scope changes, which requires spec amendment. - [x] Planned validation commands cover `.agent/skills/**` and `AGENTS.md` without booting the application. - [x] Browser proof is explicitly `N/A - no rendered UI surface changed`. - [x] Human Product Sanity is explicitly N/A for rendered product UI and limited to workflow sanity. - [x] Implementation report records no runtime files, tests, migrations, config, routes, views, assets, package files, or lock files changed. - [x] Test governance outcome is `keep`: artifact/router checks remain the validation lane unless runtime scope changes by spec amendment. ## Phase 1: Preflight And Repo Truth **Purpose**: Confirm the implementation target before writing skill files. - [x] T001 Capture branch, HEAD, and `git status --short` for the implementation report. - [x] T002 Confirm `.agent/skills/**` is the corrected Spec 416 target and `.codex/skills/**` is not part of the final implementation diff. - [x] T003 Confirm existing dirty/untracked work will not be overwritten or accidentally included outside allowed paths. - [x] T004 Re-read `AGENTS.md`, `.specify/memory/constitution.md`, `docs/ai-coding-rules.md`, relevant `docs/*-guidelines.md`, and `docs/product/standards/product-surface-contract.md` before authoring skill/router content. - [x] T005 Treat Specs 395, 400, 402, 414, and 415 as read-only context and do not modify their files. ## Phase 2: Skill README **Purpose**: Create the progressive-disclosure entry point. - [x] T006 Create `.agent/skills/README.md` with purpose and the statement that the skill layer is not a replacement for active specs, tests, code review, current repo truth, or the constitution. - [x] T007 Add the progressive disclosure rule: do not load all skills by default; activate skills by task trigger. - [x] T008 Add the maturity model L0 through L4 and gate type definitions. - [x] T009 Add a V1 activation table for all Spec 416 skills with maturity, gate type, and trigger summary. - [x] T010 Add the quarantine list, currentness warning, inventory-only hint warning, and temporary-skill expiry/review warning. ## Phase 3: Repo Contract Skills **Purpose**: Create the L4/L3 repo-contract skills with concrete stop conditions. - [x] T011 Create `.agent/skills/repo-contracts/workspace-scope-safety/SKILL.md` as an L4 hard-gate skill. - [x] T012 Create `.agent/skills/repo-contracts/rbac-action-safety/SKILL.md` as an L4 hard-gate skill. - [x] T013 Create `.agent/skills/repo-contracts/operation-run-truth/SKILL.md` as an L4 hard-gate skill. - [x] T014 Create `.agent/skills/repo-contracts/customer-output-gate/SKILL.md` as an L4 hard-gate skill. - [x] T015 Create `.agent/skills/repo-contracts/evidence-anchor-contract/SKILL.md` as an L4 hard-gate skill. - [x] T016 Create `.agent/skills/repo-contracts/provider-freshness-semantics/SKILL.md` as an L4 hard-gate skill. - [x] T017 Create `.agent/skills/repo-contracts/product-surface-gate/SKILL.md` as an L3 checklist skill. - [x] T018 For every generated `SKILL.md`, include all required headings and write `Not applicable.` for non-applicable sections. - [x] T019 Keep each skill repo-specific and bounded to TenantPilot/TenantAtlas evidence; do not create generic SOC2/GDPR/SSDF/enterprise-best-practice skills. ## Phase 4: Workflow Skills **Purpose**: Create workflow skills that guide preparation, Filament/Livewire changes, and read-only browser audits. - [x] T020 Create `.agent/skills/workflows/spec-readiness-gate/SKILL.md` as an L3 checklist skill. - [x] T021 Create `.agent/skills/workflows/filament-livewire-v5-change-loop/SKILL.md` as an L3 checklist skill. - [x] T022 Create `.agent/skills/workflows/browser-readonly-audit/SKILL.md` as an L2/L3 workflow skill. ## Phase 5: Temporary Migration Skill **Purpose**: Keep the TCM / Coverage v2 cutover guard temporary and explicit. - [x] T023 Create `.agent/skills/temporary-migrations/tcm-cutover-guard/SKILL.md` as an L3 temporary migration gate. - [x] T024 Include expiry/review language: expires after Coverage v2 / TCM activation and legacy coverage vocabulary cutover are complete. - [x] T025 Include stop conditions for remote capture requirements, UI activation, legacy adapters, fallback readers, dual truth, `tenant_id` platform ownership, and customer-facing claims depending on inactive TCM kernel. ## Phase 6: AGENTS.md Router Integration **Purpose**: Make the skill layer discoverable before repository work. - [x] T026 Add `## TenantPilot Agent Skill Router` to `AGENTS.md`. - [x] T027 In the router, require agents to inspect `.agent/skills/README.md` before repository work. - [x] T028 In the router, require activating only relevant skills and not loading all skills by default. - [x] T029 In the router, require reporting activated skills and reasons before implementation or review. - [x] T030 In the router, require branch, HEAD, dirty state, and hard-gate stop conditions before file changes. - [x] T031 In the router, state that hard-gate skills are blocking and stop implementation when triggered. - [x] T032 In the router, state that current repo evidence, active specs, tests, and validated contracts beat historical prompts or inventory-only specs. - [x] T033 In the router, state that inventory-only specs are hints, not hard evidence. - [x] T034 In the router, state that temporary migration skills require expiry or review criteria. - [x] T035 Optionally create `docs/agent-workflow.md` only if the router would exceed 12 lines or duplicate skill details inside `AGENTS.md`. ## Phase 7: Verification **Purpose**: Prove the docs/workflow artifact shape without running app tests. - [x] T036 Run `find .agent/skills -name 'SKILL.md' -print | sort` and record the result. - [x] T037 Run heading validation over every `.agent/skills/**/SKILL.md`. - [x] T038 Run `grep -n "TenantPilot Agent Skill Router" AGENTS.md`. - [x] T039 Run `grep -n ".agent/skills/README.md" AGENTS.md`. - [x] T040 Run `grep -n "Do not load all skills by default" AGENTS.md`. - [x] T041 Run `grep -n "Hard-gate skills are blocking" AGENTS.md`. - [x] T042 Run `grep -n "Inventory-only specs are hints" AGENTS.md`. - [x] T043 Run a negative generic-skill path check for `soc2`, `gdpr`, `ssdf`, and `enterprise-best-practice`. - [x] T044 Run a final diff-scope check confirming only `.agent/skills/**`, `AGENTS.md`, optional `docs/agent-workflow.md`, and Spec 416 files changed. - [x] T045 Run a forbidden-path check confirming no `app/**`, `bootstrap/**`, `config/**`, `database/**`, `routes/**`, `resources/**`, `tests/**`, package file, lock file, Vite config, or Tailwind config changed. - [x] T046 Run `git diff --check` after the implementation files are tracked or staged so new files are included in the check. Implementation note: tracked modifications passed `git diff --check`; new `.agent/skills/**` files are untracked and passed the separate trailing-whitespace check recorded in `implementation-report.md`. - [x] T047 Run `git status --short` and record the final dirty state. ## Phase 8: Implementation Report **Purpose**: Close the implementation with precise evidence. - [x] T048 Create or update `specs/416-tenantpilot-agent-skill-layer-v1/implementation-report.md` using sections A through M from `spec.md`. - [x] T049 Record `AGENTS.md Router Added: yes/no`. - [x] T050 Record runtime files changed: no; tests changed: no; migrations changed: no; config changed: no. - [x] T051 Record browser proof as `N/A - no rendered UI surface changed`. - [x] T052 Record no completed historical spec was rewritten or stripped of close-out/validation/task/browser/review history. ## Non-Goals - [x] NT001 Do not target `.codex/skills/**` for the corrected Spec 416 implementation. - [x] NT002 Do not create generic SOC2/GDPR/SSDF/enterprise-best-practice skill files. - [x] NT003 Do not modify application runtime files, tests, migrations, config, routes, resources, services, policies, jobs, assets, package files, lock files, or completed specs. - [x] NT004 Do not require agents to load all skills by default. - [x] NT005 Do not turn Product Surface guidance into runtime code, presenter layers, enum families, or broad UI frameworks. - [x] NT006 Do not split basic router integration into a future Spec 417. ## Suggested Commit Message ```text docs: add TenantPilot agent skill layer and router ```