TenantAtlas/specs/416-tenantpilot-agent-skill-layer-v1/tasks.md

# Tasks: Spec 416 - TenantPilot Agent Skill Layer V1 and Router Integration

**Input**: Design documents from `/specs/416-tenantpilot-agent-skill-layer-v1/`
**Prerequisites**: `spec.md`, `plan.md`, `checklists/requirements.md`
**Implementation status**: Corrected spec implemented by the Spec Kit implementation loop. Artifact/router verification completed; see `implementation-report.md`.

## Requirement Coverage Map

- **FR-416-001**: covered by T006.
- **FR-416-002**: covered by T006.
- **FR-416-003**: covered by T007.
- **FR-416-004**: covered by T008.
- **FR-416-005**: covered by T009.
- **FR-416-006**: covered by T010 and T018.
- **FR-416-007**: covered by T002, T006-T025, and NT001.
- **FR-416-008**: covered by T026-T034, T038-T042, and T049.
- **FR-416-009**: covered by T035.
- **FR-416-010**: covered by T018 and T037.
- **FR-416-011**: covered by T018.
- **FR-416-012**: covered by T011.
- **FR-416-013**: covered by T012.
- **FR-416-014**: covered by T013.
- **FR-416-015**: covered by T014.
- **FR-416-016**: covered by T015.
- **FR-416-017**: covered by T016.
- **FR-416-018**: covered by T017.
- **FR-416-019**: covered by T020.
- **FR-416-020**: covered by T021.
- **FR-416-021**: covered by T022.
- **FR-416-022**: covered by T023.
- **FR-416-023**: covered by T024.
- **FR-416-024**: covered by T019, T043, and NT002.
- **FR-416-025**: covered by T044, T045, T050, and NT003.
- **FR-416-026**: covered by T048-T052.

## Test Governance Checklist

- [x] Lane assignment remains N/A for Laravel runtime and uses artifact/router verification only.
- [x] No Pest, browser, PostgreSQL, or heavy-governance test family is added unless runtime scope changes, which requires spec amendment.
- [x] Planned validation commands cover `.agent/skills/**` and `AGENTS.md` without booting the application.
- [x] Browser proof is explicitly `N/A - no rendered UI surface changed`.
- [x] Human Product Sanity is explicitly N/A for rendered product UI and limited to workflow sanity.
- [x] Implementation report records no runtime files, tests, migrations, config, routes, views, assets, package files, or lock files changed.
- [x] Test governance outcome is `keep`: artifact/router checks remain the validation lane unless runtime scope changes by spec amendment.

## Phase 1: Preflight And Repo Truth

**Purpose**: Confirm the implementation target before writing skill files.

- [x] T001 Capture branch, HEAD, and `git status --short` for the implementation report.
- [x] T002 Confirm `.agent/skills/**` is the corrected Spec 416 target and `.codex/skills/**` is not part of the final implementation diff.
- [x] T003 Confirm existing dirty/untracked work will not be overwritten or accidentally included outside allowed paths.
- [x] T004 Re-read `AGENTS.md`, `.specify/memory/constitution.md`, `docs/ai-coding-rules.md`, relevant `docs/*-guidelines.md`, and `docs/product/standards/product-surface-contract.md` before authoring skill/router content.
- [x] T005 Treat Specs 395, 400, 402, 414, and 415 as read-only context and do not modify their files.

## Phase 2: Skill README

**Purpose**: Create the progressive-disclosure entry point.

- [x] T006 Create `.agent/skills/README.md` with purpose and the statement that the skill layer is not a replacement for active specs, tests, code review, current repo truth, or the constitution.
- [x] T007 Add the progressive disclosure rule: do not load all skills by default; activate skills by task trigger.
- [x] T008 Add the maturity model L0 through L4 and gate type definitions.
- [x] T009 Add a V1 activation table for all Spec 416 skills with maturity, gate type, and trigger summary.
- [x] T010 Add the quarantine list, currentness warning, inventory-only hint warning, and temporary-skill expiry/review warning.

## Phase 3: Repo Contract Skills

**Purpose**: Create the L4/L3 repo-contract skills with concrete stop conditions.

- [x] T011 Create `.agent/skills/repo-contracts/workspace-scope-safety/SKILL.md` as an L4 hard-gate skill.
- [x] T012 Create `.agent/skills/repo-contracts/rbac-action-safety/SKILL.md` as an L4 hard-gate skill.
- [x] T013 Create `.agent/skills/repo-contracts/operation-run-truth/SKILL.md` as an L4 hard-gate skill.
- [x] T014 Create `.agent/skills/repo-contracts/customer-output-gate/SKILL.md` as an L4 hard-gate skill.
- [x] T015 Create `.agent/skills/repo-contracts/evidence-anchor-contract/SKILL.md` as an L4 hard-gate skill.
- [x] T016 Create `.agent/skills/repo-contracts/provider-freshness-semantics/SKILL.md` as an L4 hard-gate skill.
- [x] T017 Create `.agent/skills/repo-contracts/product-surface-gate/SKILL.md` as an L3 checklist skill.
- [x] T018 For every generated `SKILL.md`, include all required headings and write `Not applicable.` for non-applicable sections.
- [x] T019 Keep each skill repo-specific and bounded to TenantPilot/TenantAtlas evidence; do not create generic SOC2/GDPR/SSDF/enterprise-best-practice skills.

## Phase 4: Workflow Skills

**Purpose**: Create workflow skills that guide preparation, Filament/Livewire changes, and read-only browser audits.

- [x] T020 Create `.agent/skills/workflows/spec-readiness-gate/SKILL.md` as an L3 checklist skill.
- [x] T021 Create `.agent/skills/workflows/filament-livewire-v5-change-loop/SKILL.md` as an L3 checklist skill.
- [x] T022 Create `.agent/skills/workflows/browser-readonly-audit/SKILL.md` as an L2/L3 workflow skill.

## Phase 5: Temporary Migration Skill

**Purpose**: Keep the TCM / Coverage v2 cutover guard temporary and explicit.

- [x] T023 Create `.agent/skills/temporary-migrations/tcm-cutover-guard/SKILL.md` as an L3 temporary migration gate.
- [x] T024 Include expiry/review language: expires after Coverage v2 / TCM activation and legacy coverage vocabulary cutover are complete.
- [x] T025 Include stop conditions for remote capture requirements, UI activation, legacy adapters, fallback readers, dual truth, `tenant_id` platform ownership, and customer-facing claims depending on inactive TCM kernel.

## Phase 6: AGENTS.md Router Integration

**Purpose**: Make the skill layer discoverable before repository work.

- [x] T026 Add `## TenantPilot Agent Skill Router` to `AGENTS.md`.
- [x] T027 In the router, require agents to inspect `.agent/skills/README.md` before repository work.
- [x] T028 In the router, require activating only relevant skills and not loading all skills by default.
- [x] T029 In the router, require reporting activated skills and reasons before implementation or review.
- [x] T030 In the router, require branch, HEAD, dirty state, and hard-gate stop conditions before file changes.
- [x] T031 In the router, state that hard-gate skills are blocking and stop implementation when triggered.
- [x] T032 In the router, state that current repo evidence, active specs, tests, and validated contracts beat historical prompts or inventory-only specs.
- [x] T033 In the router, state that inventory-only specs are hints, not hard evidence.
- [x] T034 In the router, state that temporary migration skills require expiry or review criteria.
- [x] T035 Optionally create `docs/agent-workflow.md` only if the router would exceed 12 lines or duplicate skill details inside `AGENTS.md`.

## Phase 7: Verification

**Purpose**: Prove the docs/workflow artifact shape without running app tests.

- [x] T036 Run `find .agent/skills -name 'SKILL.md' -print | sort` and record the result.
- [x] T037 Run heading validation over every `.agent/skills/**/SKILL.md`.
- [x] T038 Run `grep -n "TenantPilot Agent Skill Router" AGENTS.md`.
- [x] T039 Run `grep -n ".agent/skills/README.md" AGENTS.md`.
- [x] T040 Run `grep -n "Do not load all skills by default" AGENTS.md`.
- [x] T041 Run `grep -n "Hard-gate skills are blocking" AGENTS.md`.
- [x] T042 Run `grep -n "Inventory-only specs are hints" AGENTS.md`.
- [x] T043 Run a negative generic-skill path check for `soc2`, `gdpr`, `ssdf`, and `enterprise-best-practice`.
- [x] T044 Run a final diff-scope check confirming only `.agent/skills/**`, `AGENTS.md`, optional `docs/agent-workflow.md`, and Spec 416 files changed.
- [x] T045 Run a forbidden-path check confirming no `app/**`, `bootstrap/**`, `config/**`, `database/**`, `routes/**`, `resources/**`, `tests/**`, package file, lock file, Vite config, or Tailwind config changed.
- [x] T046 Run `git diff --check` after the implementation files are tracked or staged so new files are included in the check. Implementation note: tracked modifications passed `git diff --check`; new `.agent/skills/**` files are untracked and passed the separate trailing-whitespace check recorded in `implementation-report.md`.
- [x] T047 Run `git status --short` and record the final dirty state.

## Phase 8: Implementation Report

**Purpose**: Close the implementation with precise evidence.

- [x] T048 Create or update `specs/416-tenantpilot-agent-skill-layer-v1/implementation-report.md` using sections A through M from `spec.md`.
- [x] T049 Record `AGENTS.md Router Added: yes/no`.
- [x] T050 Record runtime files changed: no; tests changed: no; migrations changed: no; config changed: no.
- [x] T051 Record browser proof as `N/A - no rendered UI surface changed`.
- [x] T052 Record no completed historical spec was rewritten or stripped of close-out/validation/task/browser/review history.

## Non-Goals

- [x] NT001 Do not target `.codex/skills/**` for the corrected Spec 416 implementation.
- [x] NT002 Do not create generic SOC2/GDPR/SSDF/enterprise-best-practice skill files.
- [x] NT003 Do not modify application runtime files, tests, migrations, config, routes, resources, services, policies, jobs, assets, package files, lock files, or completed specs.
- [x] NT004 Do not require agents to load all skills by default.
- [x] NT005 Do not turn Product Surface guidance into runtime code, presenter layers, enum families, or broad UI frameworks.
- [x] NT006 Do not split basic router integration into a future Spec 417.

## Suggested Commit Message

```text
docs: add TenantPilot agent skill layer and router
```