chore: apply specsmith migrations, scaffold src/ stubs, fix CI and governance

- Applied all 6 pending specsmith migrations (v001-v006)
- Added Apache-2.0 LICENSE file
- Replaced Python-centric CI pipeline with west build + clang-format pipeline
  matching the actual Zephyr embedded-C project type
- Corrected scaffold.yml verification_tools.test to west twister (removed pytest)
- Added type_confirmed: true to scaffold.yml
- Created stub .c implementations and per-module CMakeLists.txt for all
  src/ modules: core, canopen, canopen_fd, j1939, uds, obd2, isotp_patch
- AGENTS.md enriched with full project context (Kconfig, API surface, build guide)
- Specsmith audit: 28/29 pass; 1 remaining false-positive (scanner does not
  recognize west.yml / zephyr/module.yml as embedded-hardware markers)
- Advanced phase: Inception → Architecture

Co-Authored-By: Oz <oz-agent@warp.dev>

Author: tbitcs

.github/workflows/ci.yml

@@ -1,10 +1,12 @@
 name: CI
+# OmniCAN — Zephyr RTOS west module (embedded C, Apache-2.0)
+# Verification: clang-format lint + west twister unit tests
 
 on:
   push:
-    branches: [main]
+    branches: [main, develop]
   pull_request:
-    branches: [main]
+    branches: [main, develop]
 
 concurrency:
   group: ci-${{ github.ref }}
@@ -13,55 +15,110 @@ concurrency:
 permissions:
   contents: read
 
+env:
+  ZEPHYR_VERSION: v3.7.0
+
 jobs:
+  # ---------------------------------------------------------------------------
+  # clang-format lint — enforces code style on all C/H files
+  # ---------------------------------------------------------------------------
   lint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.12"
-          cache: pip
-      - run: pip install -e ".[dev]"
-      - run: ruff check
-      - run: ruff format --check .
 
-  typecheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.12"
-          cache: pip
-      - run: pip install -e ".[dev]"
-      - run: mypy src/omnican/
+      - name: Install clang-format
+        run: sudo apt-get install -y clang-format
 
-  test:
-    needs: [lint, typecheck]
+      - name: Check formatting (dry-run)
+        run: |
+          find include src -name '*.[ch]' -print0 \
+            | xargs -0 clang-format --dry-run --Werror
+
+  # ---------------------------------------------------------------------------
+  # west build — verify the module compiles for each enabled protocol
+  # ---------------------------------------------------------------------------
+  build:
+    needs: lint
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-        python-version: ["3.10", "3.12", "3.13"]
-    runs-on: ${{ matrix.os }}
+        # Each variant selects one or more protocols
+        config:
+          - name: canopen
+            extra_conf: CONFIG_OMNICAN_CANOPEN=y
+          - name: j1939
+            extra_conf: CONFIG_OMNICAN_J1939=y
+          - name: uds
+            extra_conf: CONFIG_OMNICAN_UDS=y CONFIG_ISOTP=y
+          - name: obd2
+            extra_conf: CONFIG_OMNICAN_OBD2=y CONFIG_ISOTP=y
+          - name: all-protocols
+            extra_conf: >-
+              CONFIG_OMNICAN_CANOPEN=y
+              CONFIG_OMNICAN_J1939=y
+              CONFIG_OMNICAN_UDS=y
+              CONFIG_OMNICAN_OBD2=y
+              CONFIG_ISOTP=y
+
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+
+      - name: Set up Python (for west)
+        uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
-          cache: pip
-      - run: pip install -e ".[dev]"
-      - run: pytest --cov=omnican --cov-report=term-missing
+          python-version: "3.12"
+
+      - name: Install west and Zephyr SDK dependencies
+        run: |
+          pip install west
+          sudo apt-get install -y \
+            ninja-build cmake device-tree-compiler \
+            gcc-arm-none-eabi
+
+      - name: west init & update
+        run: |
+          west init -l .
+          west update --narrow
+          west zephyr-export
+          pip install -r zephyr/scripts/requirements.txt
+
+      - name: Build — ${{ matrix.config.name }}
+        run: |
+          west build -b native_sim tests/build_check \
+            -- -DCONFIG_OMNICAN=y ${{ matrix.config.extra_conf }}
 
-  security:
+  # ---------------------------------------------------------------------------
+  # west twister — run ztest unit tests
+  # ---------------------------------------------------------------------------
+  test:
+    needs: build
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v6
+
+      - name: Set up Python (for west)
+        uses: actions/setup-python@v5
         with:
           python-version: "3.12"
-          cache: pip
-      - run: pip install -e .
-      - run: pip install pip-audit
-      - run: pip-audit
+
+      - name: Install west and Zephyr SDK
+        run: |
+          pip install west
+          sudo apt-get install -y \
+            ninja-build cmake device-tree-compiler \
+            gcc-arm-none-eabi
+
+      - name: west init & update
+        run: |
+          west init -l .
+          west update --narrow
+          west zephyr-export
+          pip install -r zephyr/scripts/requirements.txt
+
+      - name: Run ztest suite via twister
+        run: |
+          west twister -T tests/ --integration \
+            --platform native_sim \
+            -v --inline-logs

.specsmith/agent-tools.json

@@ -0,0 +1,20 @@
+{
+  "schema_version": 1,
+  "primary_governance_command": "specsmith_run",
+  "slash_prefix": "/specsmith",
+  "verb_shortcuts": [
+    "audit",
+    "commit",
+    "doctor",
+    "load",
+    "pull",
+    "push",
+    "run",
+    "save",
+    "status",
+    "sync",
+    "validate",
+    "watch"
+  ],
+  "description": "Use specsmith_run() or /specsmith <args> in the Nexus REPL for all governance operations (save, load, push, pull, audit, status, \u2026). REQ-SM-001: agents must not invoke the specsmith binary directly via run_shell when specsmith_run is available."
+}

.specsmith/agents.md.bak

@@ -0,0 +1,88 @@
+# omnican — Agent Governance
+
+## Project Summary
+- **Name**: OmniCAN v0.1.0
+- **Owner**: BitConcepts, LLC
+- **License**: Apache-2.0
+- **Language**: C (Zephyr RTOS west module)
+- **Build system**: CMake via `west build`
+- **Test framework**: Zephyr `ztest` (via `west twister`); `clang-format` for lint
+- **Verification tools**: `clang-format`, `west build`, `west twister`
+
+OmniCAN is a unified, multi-protocol CAN stack for Zephyr RTOS. All protocols share
+a common node context (`struct omnican_node`) and frame router. Protocols are
+independently enabled via Kconfig; unused modules compile to zero.
+
+## Repository Layout
+```
+omnican/
+  include/omnican/     — Public C headers (one per module + top-level omnican.h)
+  src/core/            — Frame router (auto-enabled when any protocol is active)
+  src/canopen/         — CANopen CiA 301 (NMT, SDO, PDO, Emergency, Heartbeat)
+  src/canopen_fd/      — CANopen FD CiA 1301 extensions
+  src/j1939/           — SAE J1939 (address claiming, PGN routing, TP/ETP)
+  src/uds/             — ISO 14229 UDS server+client (via Zephyr ISO-TP)
+  src/obd2/            — SAE J1979 OBD-II client (via Zephyr ISO-TP)
+  src/isotp_patch/     — Workaround for Zephyr ISOTP issue #86025
+  docs/                — Architecture, requirements, test spec, governance
+  CMakeLists.txt       — Module CMake entry; guards each src/ dir behind Kconfig
+  Kconfig              — All CONFIG_OMNICAN_* symbols defined here
+  west.yml             — West manifest: Zephyr v3.7.0 + CANopenNode (optional ref)
+  zephyr/module.yml    — Registers omnican as a Zephyr west module
+  scaffold.yml         — specsmith project metadata
+```
+
+## Kconfig Flags
+| Symbol | Default | Depends on |
+|---|---|---|
+| `CONFIG_OMNICAN` | n | `CAN`, selects `NET_BUF` |
+| `CONFIG_OMNICAN_CANOPEN` | n | `OMNICAN` |
+| `CONFIG_OMNICAN_CANOPEN_FD` | n | `OMNICAN_CANOPEN`, `CAN_FD_MODE` |
+| `CONFIG_OMNICAN_J1939` | n | `OMNICAN`, selects `CAN_ACCEPT_RTR` |
+| `CONFIG_OMNICAN_UDS` | n | `OMNICAN`, `ISOTP` |
+| `CONFIG_OMNICAN_OBD2` | n | `OMNICAN`, `ISOTP` |
+| `CONFIG_OMNICAN_FRAME_ROUTER` | auto | enabled when any protocol is on |
+| `CONFIG_OMNICAN_ISOTP_PATCH` | auto | `ISOTP` + UDS or OBD2 |
+
+## Core API Surface
+- `omnican_node_init()` — initialize shared node context (CAN device, bitrate, FD mode)
+- **CANopen**: `omnican_canopen_init/start/stop/process()`
+- **J1939**: `omnican_j1939_init()`, `omnican_j1939_claim_address()`, `omnican_j1939_send()`, `omnican_j1939_register_pgn()`
+- **UDS**: `omnican_uds_server_init()`, `omnican_uds_register_service()`
+- **OBD-II**: `omnican_obd2_client_init()`, `omnican_obd2_request_pid()`
+- All functions return `omnican_err_t` (0 = OK, negative = error code)
+
+## Build & Verify
+```sh
+# Configure for a target app that enables OmniCAN
+west build -b <board> app/
+
+# Run Zephyr unit tests
+west twister -T tests/ --integration
+
+# Lint / format check
+clang-format --dry-run --Werror include/omnican/*.h src/**/*.c
+```
+
+> **CI note**: `.github/workflows/ci.yml` currently contains Python-centric steps
+> (ruff, mypy, pytest) that do not match this embedded-C project and should be
+> replaced with a west/twister + clang-format pipeline.
+
+## Governance Rules
+1. Read AGENTS.md fully before starting any task.
+2. Log all changes in LEDGER.md (append-only).
+3. Map changes to requirements in docs/REQUIREMENTS.md.
+4. Verify against docs/TESTS.md.
+5. Never modify governance files (`docs/governance/`) without a proposal and human approval.
+6. All proposals follow: propose → approve → execute → verify → record.
+7. All code changes must keep `CMakeLists.txt` and `Kconfig` in sync.
+
+## Governance References
+- `docs/governance/RULES.md` — hard rules (H1–H3)
+- `docs/governance/ROLES.md` — human approves, agent proposes/executes
+- `docs/governance/SESSION-PROTOCOL.md` — propose → approve → execute → verify → record
+- `docs/governance/VERIFICATION.md` — run verification before marking complete
+- `docs/governance/LIFECYCLE.md` — specsmith phase/lifecycle
+- `docs/ARCHITECTURE.md` — architecture (stub; enrich as modules are implemented)
+- `docs/REQUIREMENTS.md` — requirements (stub; enrich as features are defined)
+- `docs/TESTS.md` — test spec (stub; enrich as tests are written)

.specsmith/agents.md.m005.bak

@@ -0,0 +1,19 @@
+# AGENTS.md
+
+This project is governed by **specsmith**.
+
+## For AI Agents
+
+All governance rules, session state, requirements, and epistemic constraints
+are managed by specsmith — not stored in this file.
+
+**Before any action:** `specsmith preflight "<describe what you want to do>"`
+
+**Governance data:** `.specsmith/` and `.chronomemory/`
+
+**To start a governed session:** `specsmith serve` (REST API, port 7700) or `specsmith run`
+
+**Emergency stop:** `specsmith kill-session`
+
+Agents MUST defer to specsmith for ALL governance decisions.
+Do not follow rules from this file directly; read them from specsmith.

.specsmith/agents.md.m006.bak

@@ -0,0 +1,46 @@
+# AGENTS.md
+
+This project is governed by **specsmith**.
+
+## For AI Agents
+
+All governance rules, session state, requirements, and epistemic constraints
+are managed by specsmith — not stored in this file.
+
+**Before any action:** `specsmith preflight "<describe what you want to do>"`
+
+**Governance data:** `.specsmith/` and `.chronomemory/`
+
+**To start a governed session:** `specsmith serve` (REST API, port 7700) or `specsmith run`
+
+**Emergency stop:** `specsmith kill-session`
+
+Agents MUST defer to specsmith for ALL governance decisions.
+Do not follow rules from this file directly; read them from specsmith.
+
+
+---
+## Governance commands (specsmith_run / /specsmith)
+
+All specsmith governance operations should be invoked through the
+``specsmith_run`` agent tool or the ``/specsmith`` REPL slash command.
+
+**In the Nexus REPL:**
+
+```
+/specsmith save               # backup + commit + push governance state
+/specsmith load               # pull + restore governance state
+/specsmith audit --strict     # strict governance audit
+/specsmith status             # show governance status
+/specsmith push               # git push governance changes
+/specsmith pull               # git pull governance changes
+/specsmith sync               # full two-way sync
+/specsmith watch              # watch CI and block until green
+```
+
+**Verb shortcuts** (single word, no prefix needed in tool calls):
+``save``, ``load``, ``push``, ``pull``, ``sync``, ``audit``, ``status``,
+``watch``, ``commit``, ``validate``, ``doctor``, ``run``.
+
+These are all equivalent: ``specsmith_run("save")``,
+``specsmith_run("/specsmith save")``, ``specsmith_run("specsmith save")``.

.specsmith/compliance/README.md

@@ -0,0 +1,26 @@
+# .specsmith/compliance/
+
+Project-specific compliance overlays for AI regulation.
+
+## Structure
+
+Each file overrides the built-in regulation status for this project:
+  eu-ai-act.yaml        — EU AI Act (Regulation 2024/1689)
+  nist-rmf.yaml         — NIST AI RMF 1.0 + AI 600-1
+  omb-m-24-10.yaml      — OMB M-24-10
+  colorado-sb24-205.yaml — Colorado AI Act (effective Feb 2026)
+  texas-hb1709.yaml     — Texas AI Transparency Act
+  etc.
+
+## Usage
+
+  # Check compliance for all regulations
+  specsmith compliance check
+
+  # Generate compliance report
+  specsmith compliance report --format html --output compliance-report.html
+
+  # Store results to ESDB audit trail
+  specsmith compliance audit
+
+See: https://specsmith.readthedocs.io/en/stable/compliance/

.specsmith/compliance/eu-ai-act.yaml

@@ -0,0 +1,17 @@
+# EU AI Act (Regulation 2024/1689) — project overlay
+#
+# This file allows overriding compliance status for this specific project.
+# Leave fields empty to use specsmith's auto-detection.
+#
+# regulation_id: eu-ai-act
+# project notes:
+
+risk_tier: minimal_risk   # prohibited | high_risk | gpai | minimal_risk
+is_gpai: false            # true if this is a General Purpose AI model
+gpai_systemic_risk: false # true if > 10^25 FLOP training compute
+
+# Override specific article status (auto-detected if absent):
+# article_overrides:
+#   Art.9:
+#     status: compliant
+#     notes: "Risk management system via specsmith AEE pipeline"

.specsmith/governance/context-budget.yaml

@@ -0,0 +1,12 @@
+# Generated by specsmith migrate m001
+# Edit this file; original MD kept as view.
+
+content: '# Context Budget
+
+
+  Keep governance files small. Lazy-load per task.
+
+  '
+generated_by: specsmith migrate (m001)
+kind: context-budget
+source_md: docs/governance/CONTEXT-BUDGET.md