feat: apply specsmith to itself + community sections + bootstrap docs

- Run specsmith upgrade --full on specsmith repo (dogfooding)
- Generate all modular governance files (SESSION-PROTOCOL.md, LIFECYCLE.md, etc.)
- Strengthen community support section (tell friends, report bugs, suggest features, write about us)
- Add 'The specsmith Bootstrap' section explaining self-governance
- Reset scaffold.yml to v0.3.6

Co-Authored-By: Oz <oz-agent@warp.dev>

Author: tbitcs

.editorconfig

@@ -0,0 +1,29 @@
+# EditorConfig — https://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 4
+
+[*.py]
+indent_size = 4
+max_line_length = 100
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[Makefile]
+indent_style = tab
+
+[*.{cmd,bat}]
+end_of_line = crlf
+
+[*.{ps1,psm1}]
+end_of_line = crlf

.github/workflows/ci.yml

@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [main, develop]
+    branches: [main]
   pull_request:
-    branches: [main, develop]
+    branches: [main]
 
 concurrency:
   group: ci-${{ github.ref }}
@@ -22,9 +22,9 @@ jobs:
         with:
           python-version: "3.12"
           cache: pip
-      - run: pip install ruff
-      - run: ruff check src/ tests/
-      - run: ruff format --check src/ tests/
+      - run: pip install -e ".[dev]"
+      - run: ruff check
+      - run: ruff format --check .
 
   typecheck:
     runs-on: ubuntu-latest
@@ -62,6 +62,6 @@ jobs:
         with:
           python-version: "3.12"
           cache: pip
-      - run: pip install pip-audit
       - run: pip install -e .
+      - run: pip install pip-audit
       - run: pip-audit

.github/workflows/dev-release.yml

@@ -9,29 +9,8 @@ permissions:
   contents: read
 
 jobs:
-  test:
+  dev-build:
     runs-on: ubuntu-latest
-    # Only run from the develop branch — blocks accidental workflow_dispatch from main.
-    if: github.ref == 'refs/heads/develop'
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.12"
-          cache: pip
-      - run: pip install -e ".[dev]"
-      - run: ruff check src/ tests/
-      - run: ruff format --check src/ tests/
-      - run: mypy src/specsmith --ignore-missing-imports
-      - run: pytest tests/ -x -q
-
-  build-and-publish:
-    needs: test
-    runs-on: ubuntu-latest
-    environment: pypi
-    permissions:
-      contents: read
-      id-token: write
     steps:
       - uses: actions/checkout@v6
         with:
@@ -47,84 +26,37 @@ jobs:
 
       - name: Set dev version
         run: |
-          # Use pyproject.toml version as the base (no patch bump).
-          # pyproject.toml should always hold the NEXT release version (e.g. 0.3.0).
-          # Dev builds publish as 0.3.0.devN — PEP 440 pre-release of the upcoming release.
-          # N = total commit count (monotonically increasing, unique per push).
-          BASE_VERSION=$(grep 'version = ' pyproject.toml | head -1 | sed 's/version = "\(.*\)"/\1/')
-          COMMIT_COUNT=$(git rev-list --count HEAD)
-          DEV_VERSION="${BASE_VERSION}.dev${COMMIT_COUNT}"
-          echo "DEV_VERSION=${DEV_VERSION}" >> $GITHUB_ENV
-
-          # Patch pyproject.toml with dev version
-          sed -i "s/version = \"${BASE_VERSION}\"/version = \"${DEV_VERSION}\"/" pyproject.toml
-          echo "Building version: ${DEV_VERSION}"
+          BASE=$(grep 'version = ' pyproject.toml | head -1 | sed 's/version = "\(.*\)"/
/')
+          MAJOR=$(echo $BASE | cut -d. -f1)
+          MINOR=$(echo $BASE | cut -d. -f2)
+          PATCH=$(echo $BASE | cut -d. -f3)
+          NP=$((PATCH + 1))
+          TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo HEAD~100)
+          NC=$(git rev-list --count HEAD ^$TAG 2>/dev/null || echo 0)
+          DV="${MAJOR}.${MINOR}.${NP}.dev${NC}"
+          echo "DEV_VERSION=${DV}" >> $GITHUB_ENV
+          sed -i "s/version = "${BASE}"/version = "${DV}"/" pyproject.toml
+          echo "Building version: ${DV}"
 
       - run: python -m build
 
-      - name: Publish dev release to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        continue-on-error: true  # version already exists on PyPI is not a failure
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v7
+        with:
+          name: dev-dist
+          path: dist/
 
-  docs-build:
-    needs: build-and-publish
+  pypi-dev-publish:
+    needs: dev-build
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
     continue-on-error: true
     steps:
-      - name: Trigger ReadTheDocs builds (develop + latest)
-        env:
-          RTD_TOKEN: ${{ secrets.RTD_TOKEN }}
-        run: |
-          if [ -z "$RTD_TOKEN" ]; then
-            echo "WARNING: RTD_TOKEN secret is not set. Skipping RTD build trigger."
-            echo "To fix: go to GitHub repo Settings → Secrets → Actions and add RTD_TOKEN."
-            echo "Get the token from: https://readthedocs.org/accounts/tokens/"
-            exit 0
-          fi
-
-          # Trigger the 'develop' RTD version build (accessible at /en/develop/)
-          echo "Triggering RTD build for 'develop' version..."
-          STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
-            -H "Authorization: Token $RTD_TOKEN" \
-            "https://readthedocs.org/api/v3/projects/specsmith/versions/develop/builds/")
-          echo "RTD develop build trigger: HTTP $STATUS"
-          if [ "$STATUS" != "202" ]; then
-            echo "WARNING: RTD develop build trigger returned HTTP $STATUS (expected 202)."
-            echo "Common causes:"
-            echo "  - 401: RTD_TOKEN is invalid or expired"
-            echo "  - 404: 'develop' version not activated in RTD dashboard"
-            echo "  Fix: https://readthedocs.org/projects/specsmith/versions/ → activate 'develop'"
-          fi
-
-          # Step 1: Set RTD project default_branch to 'develop'
-          echo "[1/3] Setting RTD project default_branch to 'develop'..."
-          PATCH_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X PATCH \
-            -H "Authorization: Token $RTD_TOKEN" \
-            -H "Content-Type: application/json" \
-            -d '{"default_branch": "develop"}' \
-            "https://readthedocs.org/api/v3/projects/specsmith/")
-          echo "RTD project PATCH: HTTP $PATCH_STATUS"
-
-          # Step 2: Set the 'latest' VERSION object's identifier to 'develop'
-          # This is the key step — the version object has its own branch setting
-          # separate from the project-level default_branch.
-          echo "[2/3] Setting RTD 'latest' version identifier to 'develop'..."
-          VER_PATCH=$(curl -s -o /tmp/ver_patch.txt -w "%{http_code}" -X PATCH \
-            -H "Authorization: Token $RTD_TOKEN" \
-            -H "Content-Type: application/json" \
-            -d '{"identifier": "develop", "active": true}' \
-            "https://readthedocs.org/api/v3/projects/specsmith/versions/latest/")
-          echo "RTD 'latest' version PATCH: HTTP $VER_PATCH"
-          cat /tmp/ver_patch.txt | head -c 200 || true
-
-          # Step 3: Trigger a fresh /en/latest/ build (now tracks develop)
-          echo "[3/3] Triggering RTD 'latest' build from develop..."
-          LATEST_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
-            -H "Authorization: Token $RTD_TOKEN" \
-            "https://readthedocs.org/api/v3/projects/specsmith/versions/latest/builds/")
-          echo "RTD latest build trigger: HTTP $LATEST_STATUS"
-          if [ "$LATEST_STATUS" != "202" ]; then
-            echo "WARNING: RTD latest trigger returned HTTP $LATEST_STATUS"
-            echo "If 404: 'latest' version may not be active in RTD dashboard."
-            echo "Fix: https://readthedocs.org/projects/specsmith/versions/ -> activate 'latest'"
-          fi
+      - uses: actions/download-artifact@v8
+        with:
+          name: dev-dist
+          path: dist/
+      - name: Publish dev release to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

.specsmith/credit-budget.json

@@ -0,0 +1,12 @@
+{
+  "monthly_cap_usd": 0.0,
+  "alert_threshold_pct": 80,
+  "alert_watermarks_usd": [
+    5.0,
+    10.0,
+    25.0,
+    50.0
+  ],
+  "enabled": true,
+  "enforcement_mode": "soft"
+}

.specsmith/ledger-chain.txt

@@ -1,2 +1,3 @@
 5a6995207163ba49b823fda0bfbcf4cd29e1e2184a07064db193fdf634617d64
 30255640fa4f54c2946a841ad9612a1f69a9092f368728ecde0e01fa1ac92c09
+45890fddd2d612334ab9bfff9da620278331b0d6994abddaea605ee0c4309560

.warp/skills/SKILL.md

@@ -0,0 +1,55 @@
+# specsmith — Governed Project Skill
+
+## Context
+This project follows the Agentic AI Development Workflow Specification (v0.3.7.dev2).
+Project type: CLI tool (Python) (Section 17.3).
+Description: Applied Epistemic Engineering toolkit for AI-assisted development..
+
+## Session Start
+1. Read `AGENTS.md` — the governance hub
+2. Read `LEDGER.md` — check last session state and open TODOs
+3. Read `docs/governance/RULES.md` — hard rules and stop conditions
+
+## Workflow
+All changes follow: **propose → check → execute → verify → record**.
+- Every code change requires a proposal in the ledger
+- Every proposal needs verification before marking complete
+- Never skip the ledger entry
+
+## Key Files
+- `AGENTS.md` — governance hub (read first)
+- `LEDGER.md` — session ledger (read second)
+- `docs/governance/` — modular governance docs (load on demand)
+- `docs/REQUIREMENTS.md` — formal requirements
+- `docs/TEST_SPEC.md` — test specifications
+- `docs/ARCHITECTURE.md` — system architecture
+
+## Session Start
+Before any work, run: `specsmith update --check --project-dir .`
+If outdated, run: `specsmith update --yes`
+
+## Commands
+When user says `commit`: run `specsmith commit --project-dir .`
+When user says `push`: run `specsmith push --project-dir .`
+When user says `sync`: run `specsmith sync --project-dir .`
+When user says `pr`: run `specsmith pr --project-dir .`
+When user says `audit`: run `specsmith audit --project-dir .`
+When user says `session-end`: run `specsmith session-end --project-dir .`
+
+## Verification
+Before marking any task complete, run: ruff check, pytest, mypy
+
+## Credit Tracking
+After completing tasks, record token usage:
+```
+specsmith credits record --model <model> --provider <provider>   --tokens-in <N> --tokens-out <N> --task "<desc>"
+```
+Check budget: `specsmith credits summary`
+
+## Rules
+- Proposals before changes (no exceptions)
+- Verify before recording completion
+- Use execution shims (`scripts/exec.cmd` / `scripts/exec.sh`) for external commands
+- Keep AGENTS.md under 200 lines
+- Record every session in the ledger
+- Record credit usage at session end

CLAUDE.md

@@ -0,0 +1,43 @@
+# CLAUDE.md
+
+This project follows the Agentic AI Development Workflow Specification (v0.3.7.dev2).
+Project type: CLI tool (Python). Description: Applied Epistemic Engineering toolkit for AI-assisted development..
+
+## Start here
+1. Read `AGENTS.md` for project identity, governance hub, and file registry
+2. Read `LEDGER.md` for session state and open TODOs
+3. Read `docs/governance/RULES.md` for hard rules
+
+## Workflow
+All changes follow: propose → check → execute → verify → record.
+Never modify code without a proposal in the ledger first.
+
+## Project type
+CLI tool (Python) (Spec Section 17.3)
+
+## Key constraints
+- AGENTS.md is the governance hub — keep it under 200 lines
+- Modular governance docs live in `docs/governance/`
+- All agent-invoked commands must have timeouts
+- Use `scripts/exec.cmd` or `scripts/exec.sh` for bounded execution
+- Record every session in LEDGER.md
+
+## Verification
+Before marking any task complete, run: ruff check, pytest, mypy
+
+## Session Start
+Before any work, run: `specsmith update --check --project-dir .`
+If outdated, run: `specsmith update --yes`
+
+## Commands
+When user says `commit`: run `specsmith commit --project-dir .`
+When user says `push`: run `specsmith push --project-dir .`
+When user says `sync`: run `specsmith sync --project-dir .`
+When user says `pr`: run `specsmith pr --project-dir .`
+When user says `audit`: run `specsmith audit --project-dir .`
+When user says `session-end`: run `specsmith session-end --project-dir .`
+
+## Credit Tracking
+At session end, record token usage:
+`specsmith credits record --model <model> --provider anthropic   --tokens-in <N> --tokens-out <N> --task "<desc>"`
+Check budget: `specsmith credits summary`

CODE_OF_CONDUCT.md

@@ -0,0 +1,30 @@
+# Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1.

LEDGER.md

@@ -197,3 +197,9 @@ Begin glossa-lab integration — AEESession for Indus hypothesis tracking. Separ
 ### Open TODOs
 - [ ] Add action button in VS Code session chat when agent finds a fixable issue
 - [ ] Add VCS status live refresh (currently only at session start)
+
+## 2026-04-09T08:43 — specsmith migration: 0.3.0 → 0.3.6.dev178
+- **Author**: specsmith
+- **Type**: migration
+- **Status**: complete
+- **Chain hash**: `45890fddd2d61233...`

README.md

@@ -159,12 +159,15 @@ The **specsmith AEE Workbench** VS Code extension is the flagship client:
 
 ## Supporting specsmith
 
-If specsmith is saving you time or helping your team ship better software, please consider:
+specsmith is open source and built by a small team. Every bit of support helps:
 
-- **[Sponsoring BitConcepts](https://github.com/sponsors/BitConcepts)** — directly funds development
-- **Starring** [specsmith](https://github.com/BitConcepts/specsmith) and [specsmith-vscode](https://github.com/BitConcepts/specsmith-vscode) on GitHub
-- **Reporting bugs** and **requesting features** via [GitHub Issues](https://github.com/BitConcepts/specsmith/issues)
-- **Contributing** — see [CONTRIBUTING.md](CONTRIBUTING.md)
+- ⭐ **Star** [specsmith](https://github.com/BitConcepts/specsmith) and [specsmith-vscode](https://github.com/BitConcepts/specsmith-vscode) on GitHub
+- 📣 **Tell your friends and colleagues** — word of mouth is our best marketing
+- 🐛 **Report bugs** via [GitHub Issues](https://github.com/BitConcepts/specsmith/issues) — even small ones help
+- 💡 **Suggest features** via [GitHub Discussions](https://github.com/BitConcepts/specsmith/discussions) — we read every suggestion
+- 🔧 **Fix bugs and contribute** — see [CONTRIBUTING.md](CONTRIBUTING.md); PRs welcome
+- 📝 **Write about specsmith** — blog posts, tutorials, and talks help the community grow
+- ❤️ **[Sponsor BitConcepts](https://github.com/sponsors/BitConcepts)** — directly funds development
 
 ---
 
@@ -279,6 +282,13 @@ Use cases: linguistics research, compliance pipelines, AI alignment, patent pros
 
 ---
 
+## The specsmith Bootstrap
+
+specsmith governs itself — the specsmith repo is a specsmith-managed project. Run `specsmith audit`
+in this repo to check its governance health. This means every feature we add to specsmith is
+immediately dogfooded on specsmith itself. The [VS Code extension](https://github.com/BitConcepts/specsmith-vscode)
+is developed alongside it as the flagship client.
+
 ## Documentation
 
 **[specsmith.readthedocs.io](https://specsmith.readthedocs.io)** — Full manual: AEE primer,