codifide
diff --git a/‎.kiro/specs/v2-language/tasks.md‎
Lines changed: 5 additions & 5 deletions b/‎.kiro/specs/v2-language/tasks.md‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.kiro/steering/00-welcome.md‎
Lines changed: 74 additions & 0 deletions b/‎.kiro/steering/00-welcome.md‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎.kiro/steering/01-governance-gates.md‎
Lines changed: 159 additions & 0 deletions b/‎.kiro/steering/01-governance-gates.md‎
Lines changed: 159 additions & 0 deletions
@@ -2,11 +2,11 @@
 
 ## REQ-V2-1: RPC API (P1)
 
-- [ ] **V2-1-1** Write `docs/RPC_API.md` — spec for the HTTP/gRPC interface
-- [ ] **V2-1-2** Design dispatch: endpoint shape, auth model, error responses
-- [ ] **V2-1-3** Implement POST `/symbols` — accept canonical CBOR, store, return hash
-- [ ] **V2-1-4** Implement GET `/symbols/<hash>` — return canonical CBOR by hash
-- [ ] **V2-1-5** Implement GET `/symbols/<hash>/imports` — resolve import graph
+- [x] **V2-1-1** Write `docs/RPC_API.md` — spec for the HTTP/gRPC interface
+- [x] **V2-1-2** Design dispatch: endpoint shape, auth model, error responses
+- [x] **V2-1-3** Implement POST `/symbols` — accept canonical CBOR, store, return hash
+- [x] **V2-1-4** Implement GET `/symbols/<hash>` — return canonical CBOR by hash
+- [x] **V2-1-5** Implement GET `/symbols/<hash>/imports` — resolve import graph
 - [ ] **V2-1-6** Test: agent completes Program 5 via HTTP only
 - [ ] **V2-1-7** File Quill/Glyph dispatch for RPC API completion
 - [ ] **V2-1-8** Sable audit of RPC API surface
 
@@ -0,0 +1,74 @@
+---
+inclusion: auto
+---
+
+# Codifide — Stage-Gate Governance
+
+This project uses a Stage-Gate governance model adapted for AI-assisted programming language development. The AI builds. Humans decide what ships.
+
+---
+
+## How This Works
+
+You have an AI development partner (that's me). I write code, specs, tests, and documentation. But nothing ships without passing through gates — structured decision points where evidence is reviewed and a human makes the go/kill/hold call.
+
+**Your role:** Make decisions, provide context, approve gates.
+**My role:** Produce evidence, build code, run reviews, flag risks.
+
+---
+
+## Quick Start: Where Are You?
+
+### 🆕 Starting a New Feature
+
+Say: **"Let's start a new initiative"** or **"I want to build [X]"**
+
+I'll walk you through:
+1. **G0 — Problem Definition** → Is this worth doing?
+2. **G1 — Requirements** → What exactly are we building?
+3. **G2/G3 — Design** → How do we build it safely?
+4. **G4 — Build & Verify** → Does it work? Prove it.
+5. **G5 — Release** → Is it safe to ship?
+6. **G6 — Learn** → What happened after release?
+
+### 🔧 Continuing Existing Work
+
+Say: **"Load up the current state"** or **"What gate are we at?"**
+
+I'll check the session state, open specs, and dispatch state.
+
+---
+
+## The Gates at a Glance
+
+| Gate | Question | You Provide | I Produce |
+|------|----------|-------------|-----------|
+| **G0** | Worth doing? | Problem description | Risk classification, scope doc |
+| **G1** | Requirements solid? | Business context, constraints | Testable requirements, acceptance criteria, NFRs |
+| **G2/G3** | Design safe? | Preferences, constraints | Architecture, ADRs, threat model, tickets |
+| **G4** | Code works? | Acceptance criteria approval | Working code, tests, security review |
+| **G5** | Safe to ship? | Release approval | Release notes, rollback plan, dispatch pair |
+| **G6** | What did we learn? | Post-release observations | Retrospective, findings, roadmap input |
+
+---
+
+## Key Principles
+
+1. **Evidence, not confidence.** Every gate requires artifacts, not opinions.
+2. **Adversarial review at every gate.** A separate AI (B-Team) attacks the work.
+3. **100% test coverage on new code.** No exceptions without an approved exception ticket.
+4. **Security is every-gate.** Not a phase. Not an afterthought.
+5. **Kill early, kill cheap.** A failed G0 costs minutes. A failed G5 costs months.
+6. **AI builds. Humans decide.** The gate decision is never automated.
+7. **Dispatch discipline.** Every gate files a Quill readout + Glyph YAML pair. `dispatch-check` must exit 0.
+
+---
+
+## Personas (Who's Who)
+
+See `01-governance-gates.md` for gate details.
+See `02-personas.md` for the full A-Team and B-Team roster.
+
+---
+
+*Template adapted from agentic-stage-gate-governance — May 2026*
@@ -0,0 +1,159 @@
+---
+inclusion: auto
+---
+
+# Governance Gates
+
+Every initiative passes through seven gates. No gate passes on confidence — only on evidence.
+
+## The Gates
+
+| Gate | Question | Who Decides |
+|------|----------|-------------|
+| **G0** | Is this worth exploring? | Harper + Aegis |
+| **G1** | Are the requirements and evidence strong enough? | Aegis + B-Team |
+| **G2/G3** | Is the design/architecture ready? | Winston + Sentinel + Aegis |
+| **G4** | Build and verify. | Tessa + Sentinel + Aegis |
+| **G5** | Release readiness. | Full team |
+| **G6** | Post-release review. | Aegis + Sable + Quill |
+
+---
+
+## G0 — Is This Worth Exploring?
+
+**Purpose:** Confirm the work is real, bounded, and worth doing.
+
+**Must include:**
+- Problem statement (what breaks or is missing without this?)
+- Adoption evidence (which agent sessions, audit findings, or user reports justify it?)
+- Risk classification (does it touch the interpreter, the store, the canonical form, or the public API?)
+- Scope boundaries (what's in, what's out)
+- Stakeholders identified
+
+**Passes when:** The problem is worth solving, the scope is honest, and the evidence is real.
+
+**Template:** Create `.kiro/specs/{ID}/G0_PROBLEM_STATEMENT.md`
+
+---
+
+## G1 — Are the Requirements and Evidence Strong Enough?
+
+**Purpose:** Ensure we're building from evidence, not assumptions.
+
+**Must include:**
+- Evidence-backed requirements with acceptance criteria
+- NFRs (Non-Functional Requirements) with measurable targets
+- Open assumptions documented
+- B-Team adversarial review completed
+- Sable threat model (if the change touches the interpreter, store, or canonical form)
+
+**Passes when:** Requirements are testable, traceable, and survived adversarial review.
+
+**Template:** Create `.kiro/specs/{ID}/G1_REQUIREMENTS.md`
+
+---
+
+## G2/G3 — Is the Design/Architecture Ready?
+
+**Purpose:** Prevent unsafe or unworkable design from reaching implementation.
+
+**Must include:**
+- Architecture overview with module boundaries
+- ADRs for significant decisions (with alternatives considered)
+- Threat model (if surface area changes)
+- Test strategy
+- Decomposed tasks with acceptance criteria
+- B-Team review of architecture
+
+**Passes when:** The design is implementable, secure, testable, and the team knows what to build.
+
+**Template:** Create `.kiro/specs/{ID}/design.md`
+
+---
+
+## G4 — Build and Verify
+
+**Purpose:** Prove the implementation is correct before discussing release.
+
+**Must include:**
+- Code complete against task acceptance criteria
+- **100% test coverage on all new code** (no exceptions without Aegis-approved exception ticket)
+- All existing tests still pass (no regressions)
+- Security review passed (Sentinel sign-off)
+- Conformance verified (Python and Rust runtimes agree on all new behavior)
+- `dispatch-check` exits 0
+
+**Passes when:** The code works, is proven to work, and the proof is documented.
+
+**Template:** Create `.kiro/specs/{ID}/G4_VERIFICATION.md`
+
+---
+
+## G5 — Release Readiness
+
+**Purpose:** Prove the change can be shipped safely.
+
+**Must include:**
+- Release notes (Quill readout)
+- Rollback plan (what breaks if we revert, how to revert)
+- Capability manifest updated if the public surface changed
+- publicsite updated if agent-facing docs changed
+- Sable post-audit completed
+- Glyph dispatch filed
+- `dispatch-check` exits 0
+
+**Passes when:** The change is safe to put in front of agents and users.
+
+**Template:** Create `.kiro/specs/{ID}/G5_RELEASE_READINESS.md`
+
+---
+
+## G6 — Post-Release Review
+
+**Purpose:** Close the loop. Learn from reality.
+
+**Must include:**
+- Adoption observations (did agents use it? did it reduce friction?)
+- Any new failure modes discovered
+- Follow-up actions identified
+- Roadmap input (does this change the v2.0 or v3.0 priorities?)
+
+**Passes when:** We've learned from the release and captured it for the next one.
+
+**Template:** Create `.kiro/specs/{ID}/G6_RETROSPECTIVE.md`
+
+---
+
+## Principles
+
+1. **Adoption evidence outranks intuition.** If no agent session produced evidence for it, it doesn't ship.
+2. **Evidence, not confidence.** "We think it's fine" is not a gate pass.
+3. **B-Team reviews every gate.** Different AI, different perspectives, different blind spots.
+4. **No single persona self-approves.** Separation of duties is non-negotiable.
+5. **Conformance is mandatory.** Python and Rust runtimes must agree. Divergence is a P0.
+6. **Dispatch discipline.** Every gate files a paired Quill + Glyph dispatch. No gaps.
+7. **Kill early, kill cheap.** The answer to a bad idea is G0 rejection, not G5 failure.
+
+---
+
+## Fast-Track Rules
+
+Small changes (< 1 day effort, no new language surface, no interpreter changes) may be fast-tracked:
+- Combined G0/G1 document
+- Skip standalone G2/G3 if architecture is already established
+- Still requires G4 evidence (tests pass, no regressions)
+- Aegis must explicitly approve fast-track
+
+---
+
+## Codifide-Specific Risk Classification
+
+| Change type | Risk | Required reviews |
+|-------------|------|-----------------|
+| Interpreter semantics | HIGH | Sable audit + B-Team + conformance tests |
+| Parser changes | HIGH | Sable audit + B-Team + fuzz regression |
+| Canonical form / CBOR | HIGH | Sable audit + byte-level conformance |
+| Symbol store | MEDIUM | Sable audit + GC regression |
+| CLI / surface commands | MEDIUM | B-Team |
+| Docs / capability manifest | LOW | Quill + Glyph dispatch |
+| Steering / governance files | LOW | Aegis sign-off |