chore(process): retire forum/ + PLAN/ROADMAP/PROGRESS + per-role STATUS files (#72)

Migrates all status / planning / coordination artifacts from committed
markdown to GitHub primitives, ahead of the repository going public.

What is removed:
- `forum/` (80 files) — all agent claims, role reviews, post-mortems,
  process posts. The two recent process posts already moved to
  Discussions #70 + #71; the rest is historical PR review content
  that the merged PR list now carries.
- `PLAN.md`, `ROADMAP.md`, `PROGRESS.md` — planning + status. The
  Project board (https://github.com/users/MartinCastroAlvarez/projects/3)
  carries the live what; the docs that remain carry the why.
- `docs/agents/changelog.md`, `docs/agents/handoff.md` — running log
  + handoff queue. The merged-PR list is the changelog; Issues + the
  board are the handoff queue.
- Per-role `STATUS.md` and `NEXT_STEPS.md` under
  `docs/agents/{product-manager,security-expert,software-architect}/`
  — status snapshots. The role's `AGENT.md`, `SKILLS.md`,
  `DECISIONS.md`, `OPEN_QUESTIONS.md`, and `REVIEW_CHECKLIST.md`
  stay (durable contracts).
- Two unreferenced historical artifacts:
  `docs/pm-decisions-resolved.md`, `docs/architect-verdict-2026-05-26.md`.

What is updated:
- `CLAUDE.md` — required-reading list now points at the board +
  Issues + Discussions instead of `PLAN.md` / `changelog.md` /
  `forum/`. Multi-agent coordination section rewritten: agents
  claim board cards, reviews happen as PR review comments,
  announcements live in Discussions.
- `CONTRIBUTING.md` — same rewrite for human contributors.
- `SECURITY.md` — secret-leak procedure now opens an
  `incident:secret-leak` Issue (was `forum/INCIDENT-*.md`).
- `docs/agents/pr-workflow.md` — Author / Reviewer / Merger
  workflows rewritten: declare role in PR description, claim issue
  before branching, review on the PR, Merger moves the card on
  merge. **Approvals happen as PR review comments — never as
  committed markdown files.**
- `docs/agents/autonomy-policy.md` — kill switch #4 is now an open
  `incident:*` Issue; audit trail lives on the PR itself.
- `docs/agents/README.md`, `docs/README.md` — folder docs reflect
  the new model (durable contracts here; status on GitHub).
- ~25 other files — broken references to deleted files stripped or
  replaced with project-board / issue / Discussion links.
- `.github/PULL_REQUEST_TEMPLATE.md` — replaces "PLAN.md slot" with
  "Project board card + driving Issue"; drops "I claimed scope in
  forum/" + "I updated changelog.md".
- `.github/ISSUE_TEMPLATE/agent_question.md` — drops `PLAN.md` from
  required-reading list.
- `.pre-commit-config.yaml` — drops `forum/` from the exclude list
  (the folder no longer exists).
- `.gitignore` — drops `forum/_drafts/`; adds `.claude/` (agent
  scratch dirs).

What stays:
- All architectural / security / API contracts (`ARCHITECTURE.md`,
  `SECURITY.md`, `CLAUDE.md`, `CONTRIBUTING.md`, `docs/api-contract.md`,
  `docs/threat-model.md`, `docs/ux/**`, `ACCEPTANCE.md` spec text).
- All durable per-role state (`docs/agents/<role>/AGENT.md`,
  `SKILLS.md`, `DECISIONS.md`, `OPEN_QUESTIONS.md`,
  `REVIEW_CHECKLIST.md`).
- `docs/agents/decisions.md`, `docs/agents/open-questions.md`
  (the durable ADR + question log).
- `docs/consumer/` (consumer-feedback drops as specific
  deliverables).

Co-authored-by: Martin Castro Laminrs <mcastro@laminr.ai>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: 3 people

.github/ISSUE_TEMPLATE/agent_question.md

@@ -16,10 +16,11 @@ assignees: ""
 
 - [ ] `CLAUDE.md`
 - [ ] `ARCHITECTURE.md`
-- [ ] `PLAN.md`
 - [ ] `SECURITY.md`
 - [ ] `docs/agents/decisions.md`
 - [ ] `docs/agents/open-questions.md`
+- [ ] [Project board](https://github.com/users/MartinCastroAlvarez/projects/3)
+      and open Issues
 
 ## Suggested resolution path
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -9,7 +9,8 @@
 
 ## Linked planning artifacts (required)
 
-- `PLAN.md` PR slot: <!-- e.g. PR #3 -->
+- Project board card: <!-- e.g. https://github.com/users/MartinCastroAlvarez/projects/3 — link the card -->
+- Driving issue (closes / refs): <!-- e.g. Closes #54 -->
 - `ARCHITECTURE.md` section(s): <!-- e.g. §4.1 -->
 - `docs/api-contract.md` section(s) touched (or "n/a"):
 - `docs/agents/decisions.md` entry (or "n/a"):
@@ -45,8 +46,10 @@ If you are an AI agent:
 
 - [ ] I have read `CLAUDE.md` and `docs/agents/decisions.md` since my
       last session
-- [ ] I claimed scope in `forum/` if this PR touches non-trivial files
-- [ ] I updated `docs/agents/changelog.md` with a one-liner
+- [ ] I claimed (or opened) the driving Issue / Project board card
+      before starting; this PR is linked to it
+- [ ] My role this session (Author / Reviewer / Merger / Releaser) is
+      stated in this PR description
 
 ## Screenshots / curl examples
 

.gitignore

@@ -61,7 +61,6 @@ Thumbs.db
 
 # --- Local-only Claude / agent state ---
 .claude/local/
-forum/_drafts/
 
 # --- Screenshot capture (one-off DB + symlinked node_modules) ---
 .dar-screenshots.sqlite3
@@ -72,3 +71,4 @@ django_admin_react/static/admin_react/.vite/
 django_admin_react/static/admin_react/assets/
 django_admin_react/static/admin_react/index.html
 
+.claude/

.pre-commit-config.yaml

@@ -84,7 +84,6 @@ repos:
             |\.pre-commit-config\.yaml
             |docs/threat-model\.md
             |docs/agents/security-expert/.*
-            |forum/(REVIEW|SECURITY|AGENT)-.*\.md
             |tests/test_security\.py
             |scripts/README\.md
           )$

ACCEPTANCE.md

@@ -46,7 +46,7 @@ Owner: `claude-pm-ux-opus47` (Product Manager / UX Lead).
 Source: [`PRODUCT_VISION.md`](PRODUCT_VISION.md), [`docs/ux/`](docs/ux/)
 (filled in subsequent PRs).
 
-Statuses use the legend from [`PROGRESS.md`](PROGRESS.md): ✅ done · 🟡
+Statuses: ✅ done · 🟡
 in flight · ⬜ pending · ❌ blocked. Statuses are updated by the role
 owner only.
 
@@ -137,7 +137,7 @@ owner only.
 The PM/UX contract for every row below is in
 [`docs/ux/extensibility.md`](docs/ux/extensibility.md). Rows
 E-6 / E-7 / E-8 / E-9 were promoted from §2.10 to §2.9 by the
-2026-05-26 extensibility directive (`forum/UX-DIRECTIVE-extensibility-contract.md`).
+2026-05-26 extensibility directive ((documented in `docs/ux/extensibility.md`)).
 Architect + Security co-sign before each row turns live (gates
 called out per row).
 
@@ -158,7 +158,7 @@ called out per row).
 | E-8a | Returning a non-empty `get_detail_blocks(request, obj)` from a `ModelAdmin` causes the SPA detail page to render the blocks in their declared `placement` slot. (X-5.) | Add a `stats` block; observe. *Architect signed off (2026-05-26) on the block schema enum.* |
 | E-8b | A block of an unrecognised `type` is silently dropped client-side and logged server-side. (X-5.) | Push a fake `type` in an example; observe console + server log. |
 | E-8c | A block whose server-side computation fails renders an `ErrorState` scoped to that block; sibling blocks keep rendering. (X-5.) | Force a block to raise; observe. |
-| E-9  | A `type: "html"` block runs through the configured server-side sanitiser (`nh3`) before reaching the SPA; `<script>` tags and inline event handlers never survive the round-trip. (X-6.) | Try to slip a `<script>` through; observe stripped output. **Security signed off (2026-05-26) conditional on C-1..C-10 in [`forum/REVIEW-security-pr-ux-extensibility-contract.md`](forum/REVIEW-security-pr-ux-extensibility-contract.md) §3.X-6.2** — the original `allow_unsafe_html=True` boolean was rejected, replaced with the constrained `trusted_html` block-type path (v1.x at earliest; PM/UX recommends no escape hatch in v1). E-9 stays **drafted, not live, until the Security follow-up PRs land** (sanitiser spec + implementation + CSP defaults). v0.1 ships with X-1..X-5 + X-7; X-6 is post-v0.1. |
+| E-9  | A `type: "html"` block runs through the configured server-side sanitiser (`nh3`) before reaching the SPA; `<script>` tags and inline event handlers never survive the round-trip. (X-6.) | Try to slip a `<script>` through; observe stripped output. **Security signed off (2026-05-26) conditional on C-1..C-10 in the Security PR review comments §3.X-6.2** — the original `allow_unsafe_html=True` boolean was rejected, replaced with the constrained `trusted_html` block-type path (v1.x at earliest; PM/UX recommends no escape hatch in v1). E-9 stays **drafted, not live, until the Security follow-up PRs land** (sanitiser spec + implementation + CSP defaults). v0.1 ships with X-1..X-5 + X-7; X-6 is post-v0.1. |
 
 ### 2.10 v1 non-goals
 
@@ -227,7 +227,7 @@ deliverables. The PM/UX role does **not** sign these off alone.
 ## 3. Architecture / Engineering acceptance criteria
 
 Owner: Software Architect / Engineering Lead. Source of truth files:
-[`ARCHITECTURE.md`](ARCHITECTURE.md), [`PLAN.md`](PLAN.md),
+[`ARCHITECTURE.md`](ARCHITECTURE.md),
 [`TESTING.md`](TESTING.md) (to land in a follow-up PR),
 [`API_CONTRACT.md`](API_CONTRACT.md) (or
 [`docs/api-contract.md`](docs/api-contract.md) — top-level pointer to
@@ -338,10 +338,10 @@ Merger runs the pipeline locally before squash-merge.
 
 | # | Criterion | How to verify |
 | - | --------- | ------------- |
-| Doc-A | The required-reading set is present and consistent: [`README.md`](README.md), [`ARCHITECTURE.md`](ARCHITECTURE.md), [`PLAN.md`](PLAN.md), [`PROGRESS.md`](PROGRESS.md), [`SECURITY.md`](SECURITY.md), [`CONTRIBUTING.md`](CONTRIBUTING.md), [`CLAUDE.md`](CLAUDE.md), [`TESTING.md`](TESTING.md), [`API_CONTRACT.md`](API_CONTRACT.md) (or a top-level pointer to `docs/api-contract.md`), [`ACCEPTANCE.md`](ACCEPTANCE.md). | `ls` of repo root. |
+| Doc-A | The required-reading set is present and consistent: [`README.md`](README.md), [`ARCHITECTURE.md`](ARCHITECTURE.md), [`SECURITY.md`(SECURITY.md), [`CONTRIBUTING.md`](CONTRIBUTING.md), [`CLAUDE.md`](CLAUDE.md), [`TESTING.md`](TESTING.md), [`API_CONTRACT.md`](API_CONTRACT.md) (or a top-level pointer to `docs/api-contract.md`), [`ACCEPTANCE.md`](ACCEPTANCE.md). | `ls` of repo root. |
 | Doc-B | Every folder has a `README.md` (per [`CLAUDE.md`](CLAUDE.md) §1). | `find . -type d -not -path './.git*' -not -path './node_modules*' -not -path './.venv*' -not -path './dist*'` followed by per-dir `README.md` check. |
 | Doc-C | Every architectural decision is recorded in [`docs/agents/decisions.md`](docs/agents/decisions.md) within the same PR. | PR diff review. |
-| Doc-D | Every meaningful merge appends a one-liner to [`docs/agents/changelog.md`](docs/agents/changelog.md). | Diff review. |
+| Doc-D | Every meaningful merge is a closed PR with a Closes #N reference; the PR list is the changelog. | Diff review. |
 | Doc-E | All internal markdown links resolve. | `lychee` or `markdown-link-check` is added to `./scripts/lint.sh` no later than `0.1.0` and runs against tracked `*.md` files. |
 
 ### 3.10 Backwards compatibility & semantic versioning
@@ -417,7 +417,7 @@ the threat model (`docs/threat-model.md`, planned).
 > either a test passes or the release is blocked. "Looks secure" is
 > not an acceptance criterion.
 
-Statuses use the legend from [`PROGRESS.md`](PROGRESS.md): ✅ done · 🟡
+Statuses: ✅ done · 🟡
 in flight · ⬜ pending · ❌ blocked. Statuses are updated by the role
 owner only.
 
@@ -500,15 +500,15 @@ owner only.
 | S-38 | `.gitignore` blocks `.env`, `.env.*` (except `.env.example`), `*.pem`, `*.key`, `*.crt`, `secrets/`, `.secrets/`. | `cat .gitignore`; required entries present. |
 | S-39 | A pre-commit hook (`.pre-commit-config.yaml`) runs `gitleaks` + a custom regex grep for `ghp_/gho_/ghs_/aws_secret_access_key/BEGIN.*PRIVATE KEY`. Devs are documented to enable it in `CONTRIBUTING.md` § "Pre-commit". | File exists; `pre-commit run --all-files` passes locally on a clean repo. |
 | S-40 | Issue, PR, and forum templates explicitly warn against pasting secrets. | `.github/PULL_REQUEST_TEMPLATE.md` and `.github/ISSUE_TEMPLATE/*` contain the warning. |
-| S-41 | If a secret leak is discovered (active or historical), a `forum/INCIDENT-*.md` is opened, the secret is rotated **first**, and history rewrite is gated by explicit human approval. | Procedure documented in [`SECURITY.md`](SECURITY.md) §5. |
+| S-41 | If a secret leak is discovered (active or historical), an Issue labelled `incident:secret-leak` is opened, the secret is rotated **first**, and history rewrite is gated by explicit human approval. | Procedure documented in [`SECURITY.md`](SECURITY.md) §5. |
 
 ### 4.9 Dependency security
 
 | # | Criterion | How to verify |
 | - | --------- | ------------- |
 | S-42 | Every new third-party Python dependency in `pyproject.toml` has a corresponding entry in `docs/agents/decisions.md` explaining why it's needed and what alternative was rejected. | Diff review on every PR that touches `[tool.poetry.dependencies]` or dev deps. |
 | S-43 | Every new third-party JS dependency in any `frontend/**/package.json` has a corresponding entry in `docs/agents/decisions.md`. | Same as S-42, on JS side. |
-| S-44 | `poetry run pip-audit` returns 0 findings of severity ≥ HIGH at release time. | Run inside `scripts/audit-deps.sh` (planned); record in `PROGRESS.md` quality-gate table. |
+| S-44 | `poetry run pip-audit` returns 0 findings of severity ≥ HIGH at release time. | Run inside `scripts/audit-deps.sh` (planned); comment on the release PR with the result. |
 | S-45 | `pnpm audit --prod` returns 0 findings of severity ≥ HIGH at release time. | Same as S-44 on JS side. |
 | S-46 | `bandit -r django_admin_react` returns 0 findings of severity ≥ HIGH at release time. | Already wired in `scripts/lint.sh`. |
 | S-47 | The package has **no runtime dependency** on `djangorestframework`, an OAuth/JWT library, or any auth framework other than Django itself. The only runtime dependency is Django 5.x. | `poetry export -f requirements.txt` shows Django + transitive only. |
@@ -543,7 +543,7 @@ owner only.
 | - | --------- | ------------- |
 | S-57 | PyPI publishing requires `POETRY_PYPI_TOKEN_PYPI` in env. `scripts/deploy.sh` refuses to run if the token is missing or empty. | `bash -c 'unset POETRY_PYPI_TOKEN_PYPI; ./scripts/deploy.sh'` exits non-zero with a clear error. |
 | S-58 | The PyPI token is **never** echoed, stored in any file in the repo, or printed to any log. The `scripts/deploy.sh` code does not echo `$POETRY_PYPI_TOKEN_PYPI`. | Manual review of `scripts/deploy.sh`. |
-| S-59 | A release tag is **never** pushed by an agent without explicit human approval. Tier 6 in [`docs/agents/autonomy-policy.md`](docs/agents/autonomy-policy.md). | Confirm by audit-trail: `forum/AGENT-*-pr-*-audit.md` for any release PR shows a human approver. |
+| S-59 | A release tag is **never** pushed by an agent without explicit human approval. Tier 6 in [`docs/agents/autonomy-policy.md`](docs/agents/autonomy-policy.md). | Confirm by audit-trail: the merge close-out comment on the PR for any release PR shows a human approver. |
 | S-60 | `pyproject.toml` version is not `0.0.0` at release time; an SBOM (CycloneDX or equivalent) is produced for each release. | `scripts/build.sh` + a small SBOM step (planned). |
 | S-61 | Released wheels embed the pre-built React SPA, **not** sources. The wheel contains hashed `django_admin_react/static/admin_react/*` and `templates/admin_react/index.html`; it does **not** contain `frontend/`, `node_modules/`, or any source `.ts` / `.tsx`. | `unzip -l dist/*.whl` shows static + templates, not frontend source. |
 
@@ -633,7 +633,7 @@ in §2, §3, and §4 is ✅ for the milestone being released.
 - [ ] §2.9 E-1 through E-5 ✅
 - [ ] §3 ✅ (entire section; Architect role)
 - [ ] §4 ✅ (entire section; Security role)
-- [ ] `PROGRESS.md` quality-gates table all-green
+- [ ] Quality-gates check pass (recorded in the release PR comment)
 - [ ] Repo owner has provided the PyPI token and explicit go-ahead
 
 If any line is not ✅, the release is **not v1**. The next release
@@ -646,8 +646,8 @@ candidate is `0.1.0rcN` or the milestone is renamed.
 - [`PRODUCT_VISION.md`](PRODUCT_VISION.md) — the why.
 - [`ARCHITECTURE.md`](ARCHITECTURE.md) — the system contract.
 - [`SECURITY.md`](SECURITY.md) — non-negotiable security rules.
-- [`PLAN.md`](PLAN.md) — engineering PR sequence.
-- [`PROGRESS.md`](PROGRESS.md) — current status board.
+- [Project board](https://github.com/users/MartinCastroAlvarez/projects/3) — engineering PR sequence.
+
 - [`docs/agents/decisions.md`](docs/agents/decisions.md) — accepted
   decisions (PM-tagged entries are appended here when this file
   changes materially).

ARCHITECTURE.md

@@ -27,8 +27,9 @@ source of truth** for permissions, querysets, forms, and field configuration.
 
 Explicit non-goals for v1: inlines, custom admin actions, bulk actions,
 custom admin widgets, complex filters, autocomplete fields, `raw_id_fields`,
-and a React-side extension API. See [`PLAN.md`](PLAN.md) for the deferred
-list.
+and a React-side extension API. The
+[Project board](https://github.com/users/MartinCastroAlvarez/projects/3)
+tracks each deferred item by Phase.
 
 ---
 
@@ -115,14 +116,11 @@ django-admin-react/
 ├── docs/                        # Long-form documentation
 │   ├── api-contract.md
 │   ├── installation.md
-│   └── docs/agents/
+│   └── agents/
 │       ├── decisions.md
-│       ├── open-questions.md
-│       └── changelog.md
+│       └── open-questions.md
 │
-├── forum/                       # Free-form multi-agent discussion threads
 ├── ARCHITECTURE.md              # ← you are here
-├── PLAN.md
 ├── SECURITY.md
 ├── CONTRIBUTING.md
 ├── CLAUDE.md                    # Required reading for AI agents
@@ -131,6 +129,10 @@ django-admin-react/
 └── pyproject.toml               # Poetry-managed
 ```
 
+Live status / backlog / coordination lives on GitHub (Issues, the
+[Project board](https://github.com/users/MartinCastroAlvarez/projects/3),
+Discussions, PR review comments), not in committed markdown.
+
 Every folder above has its own `README.md` describing its purpose and what
 belongs there. This is enforced in [`CLAUDE.md`](CLAUDE.md).
 
@@ -385,4 +387,6 @@ the gate.
   React extensibility later, we will design the contract carefully rather
   than ad-hoc.
 
-See [`PLAN.md`](PLAN.md) for the sequencing of in-scope work.
+See the
+[Project board](https://github.com/users/MartinCastroAlvarez/projects/3)
+for the sequencing of in-scope work.