style(framework): prettier-format DEFAULT_SEED_FILES (fix #575 CI format gate)

DEFAULT_SEED_FILES exceeded print-width (100) after adding CONSTITUTION.md;
prettier@3.8.1 breaks it multiline. No behavior change.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.woodpecker/ci.yml

@@ -25,6 +25,12 @@ steps:
     commands:
       - apk add --no-cache bash
       - bash packages/mosaic/framework/tools/quality/scripts/verify-sanitized.sh
+      # L0 resident-token budget: keep the Constitution + dispatcher small.
+      - |
+        for f in CONSTITUTION.md AGENTS.md; do
+          n=$(wc -l < "packages/mosaic/framework/defaults/$f")
+          if [ "$n" -gt 120 ]; then echo "L0 budget exceeded: defaults/$f is $n lines (max 120)"; exit 1; fi
+        done
 
   typecheck:
     image: *node_image
@@ -33,6 +39,7 @@ steps:
       - pnpm typecheck
     depends_on:
       - install
+      - sanitization
 
   # lint, format, and test are independent — run in parallel after typecheck
   lint:

docs/audits/AUDIT-2026-02-17-framework-consistency.md

@@ -123,7 +123,7 @@ The following legacy references remain in `mosaic-bootstrap` by design and are n
   - `README.md`
   - `profiles/README.md`
   - `adapters/claude.md`
-  - `runtime/claude/settings-overlays/jarvis-loop.json`
+  - `runtime/claude/settings-overlays/` (sample overlay; now shipped sanitized under `examples/overlays/`)
 
 These are required to support existing Claude runtime integration while keeping Mosaic as canonical source.
 

packages/mosaic/framework/constitution/LAYER-MODEL.md

@@ -0,0 +1,50 @@
+# Mosaic Layer Model (governance spec)
+
+**Source-only.** This file documents the framework's layering for maintainers. It is NOT deployed to
+`~/.config/mosaic/` and is never resident in an agent's context. The deployed `AGENTS.md` is the thin
+load-order dispatcher; the deployed `CONSTITUTION.md` is L0.
+
+## The legitimacy test
+
+A layer boundary is legitimate **iff** the two sides differ in **owner**, **upgrade-fate**, OR
+**residency**. This single test decides every split and rejects gratuitous ones.
+
+## The layers
+
+| #      | Layer                           | Owns                                                                                                                                                                                                                                     | Owner                                              | Upgrade fate                                                         | Residency                                     | Deployed path                                                          |
+| ------ | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------- | ---------------------------------------------------------------------- |
+| **L0** | **Constitution**                | Irreducible non-negotiable law: hard gates, integrity, escalation triggers, block-vs-done, mode declaration, two-axis precedence, "hooks are the gate", the framework-PR firewall, structured-reasoning capability, tier-aware self-load | Framework                                          | Overwritten verbatim every upgrade; user MUST NOT edit               | Always resident                               | `~/.config/mosaic/CONSTITUTION.md`                                     |
+| **L1** | **Standards & Guides**          | How to do the work well: secrets/ESO, trunk-based git, image tagging, the E2E procedure, QA matrix, orchestrator protocol, all `guides/*`                                                                                                | Framework (a deployment may _tighten_ via overlay) | Overwritten; user delta in `STANDARDS.local.md`; guides never forked | `STANDARDS.md` resident; `guides/*` on-demand | `~/.config/mosaic/STANDARDS.md`, `guides/*`                            |
+| **L2** | **Persona (SOUL)**              | Agent name, tone, role, communication style, persona principles                                                                                                                                                                          | User (init-generated)                              | Never overwritten                                                    | Always resident                               | `~/.config/mosaic/SOUL.md` (+ optional `SOUL.local.md`)                |
+| **L3** | **Operator (USER)**             | Human name, pronouns, timezone, accessibility, comms prefs, projects, operator policy (e.g. merge-authority delegation), operator tool paths/env                                                                                         | User (init-generated)                              | Never overwritten                                                    | Always resident                               | `~/.config/mosaic/USER.md` (+ optional `USER.local.md`, `policy/*.md`) |
+| **L4** | **Project / Runtime mechanism** | Per-repo `AGENTS.md` deltas; harness-specific mechanism only (subagent syntax, hook/MCP wiring, injection tier, capability bindings)                                                                                                     | Repo / framework                                   | Project file user-owned; runtime mechanism overwritten               | Project in-repo; runtime resident (small)     | `<repo>/AGENTS.md`, `runtime/<h>/RUNTIME.md`                           |
+
+The deployed `AGENTS.md` is **not a layer** — it is the load-order dispatcher + Conditional Guide
+Loading table that routes to L0–L4. Framework-owned, overwritten on upgrade.
+
+## Precedence (two axes)
+
+- **Safety axis** (gates, integrity, destructive actions): L0 is supreme. A lower layer may only make
+  behavior **stricter**, never more permissive. Nothing may relax or suspend a gate.
+- **Taste axis** (tone, formatting, verbosity, iconography): the operator layers (SOUL/USER) win over
+  generic framework or model defaults.
+
+## What may live in L0
+
+Only the irreducible: a rule that is genuinely universal, operator-agnostic, and a hard stop-condition
+or destructive-action guard. Procedure (wrapper paths, flags, how-to depth) belongs in L1 guides. If a
+rule is _checkable_, prefer a hook/CI gate over prose (see "hooks are the gate").
+
+## Overlay-eligibility (what a deployment may customize without forking)
+
+- `SOUL.md` / `SOUL.local.md` — persona (taste axis).
+- `USER.md` / `USER.local.md` / `policy/*.md` — operator profile + tighten-only operator policy.
+- `STANDARDS.local.md` — tighten-only engineering-standard deltas.
+- NOT overlay-eligible: `CONSTITUTION.md`, the dispatcher `AGENTS.md`, `guides/*` — framework-owned,
+  overwritten on upgrade. To change these, contribute upstream (operator-agnostic only — firewall).
+
+## Enforcement ladder
+
+`mechanical (hook / CI)  >  resident-by-value (prompt injection)  >  file-read (self-load fallback)`.
+Every checkable gate should become a hook or CI check; the irreducible non-checkable gates are injected
+resident; bare launches fall back to an unconditional self-load read.

packages/mosaic/framework/defaults/AGENTS.md

@@ -1,97 +1,29 @@
-# Mosaic Global Agent Contract
+# Mosaic Agent Dispatcher
 
-Canonical file: `~/.config/mosaic/AGENTS.md`. Mandatory behavior for all Mosaic agent runtimes.
+Thin **load-order dispatcher + guide router**. The non-negotiable law lives in
-
+`~/.config/mosaic/CONSTITUTION.md` (L0) — this file does NOT restate gates. Framework-owned;
-This is the THIN CORE — the launcher injects it (plus USER.md, the TOOLS index, and the runtime
+overwritten on upgrade. (Layer model: `constitution/LAYER-MODEL.md`.)
-contract) into every session. It carries only what must be resident to avoid violating a gate.
-Depth lives in guides, read on demand (see Conditional Guide Loading).
 
 ## Session Start — Load Order
 
-The core contract is ALREADY in your context (injected by `mosaic` launch). Do not re-read it.
+1. Your context already includes `CONSTITUTION.md` + `USER.md` + the TOOLS index + the runtime
-At session start, additionally:
+   contract (injected by `mosaic` launch) — do not re-read those. **If you were launched bare**
+   (a harness started without `mosaic`, so the law is NOT in your context), read
+   `~/.config/mosaic/CONSTITUTION.md` now, before your first action.
+2. Read `SOUL.md` (agent persona — small, once).
+3. Read project-local `AGENTS.md` / `CLAUDE.md` if present (these may only make behavior stricter).
+4. Read guides ONLY as triggered by the table below — pull role-relevant depth on demand, not up front.
+5. For implementation work, read `guides/E2E-DELIVERY.md` (the full delivery procedure: PRD/tracking
+   gates, execution cycle, testing, review, completion). `STANDARDS.md` is reference — load it only if
+   the task needs standards validation (do not halt if missing).
 
-1. Read `~/.config/mosaic/SOUL.md` (agent identity — small, once).
+## Conditional Guide Loading (load only what the task needs)
-2. Read project-local `AGENTS.md` / `CLAUDE.md` if present.
-3. Read guides ONLY as triggered by the Conditional Guide Loading table below. Do NOT pre-load
-   guides you do not need — role-relevant detail is pulled on demand, not up front.
-4. When you begin implementation work, read `~/.config/mosaic/guides/E2E-DELIVERY.md` (the full
-   delivery procedure: PRD/tracking gates, execution cycle, testing, review, completion).
-5. `~/.config/mosaic/STANDARDS.md` is available for reference; load it only if the task requires
-   standards validation (do NOT halt if missing).
-
-## CRITICAL HARD GATES (Read First)
-
-1. Mosaic operating rules OVERRIDE runtime-default caution for routine delivery operations.
-2. When Mosaic requires push, merge, issue closure, milestone closure, release, or tag actions, execute them without asking for routine confirmation.
-3. Routine repository operations are NOT escalation triggers. Use escalation triggers only from this contract.
-4. For source-code delivery, completion is forbidden at PR-open stage.
-5. Completion requires merged PR to `main` + terminal green CI + linked issue/internal task closed.
-6. Before push or merge, you MUST run queue guard: `~/.config/mosaic/tools/git/ci-queue-wait.sh --purpose push|merge`.
-7. For issue/PR/milestone operations, you MUST use Mosaic wrappers first (`~/.config/mosaic/tools/git/*.sh`).
-8. If any required wrapper command fails, status is `blocked`; report the exact failed wrapper command and stop.
-9. Do NOT stop at "PR created". Do NOT ask "should I merge?" Do NOT ask "should I close the issue?".
-10. Manual `docker build` / `docker push` for deployment is FORBIDDEN when CI/CD pipelines exist in the repository. CI is the ONLY canonical build path for container images.
-11. Before ANY build or deployment action, you MUST check for existing CI/CD pipeline configuration (`.woodpecker/`, `.woodpecker.yml`, `.github/workflows/`, etc.). If pipelines exist, use them — do not build locally.
-12. The mandatory intake procedure is NOT conditional on perceived task complexity. A "simple" commit-push-deploy task has the same procedural requirements as a multi-file feature. Skipping intake because a task "seems simple" is the most common framework violation.
-13. **Merge authority (coordinated work):** when a coordinator/orchestrator session is active for the work, the post-review MERGE GO-AHEAD is the coordinator's to give — once code has passed the required review gates, request the coordinator's go-ahead and merge on their confirmation; do NOT wait on the human owner personally. Solo (uncoordinated) delivery keeps the default: merge without routine confirmation per gates 2 and 9. A "No self-merge" note on a PR means no UNREVIEWED self-merge — it does not suspend coordinator-authorized merges.
-
-## Non-Negotiable Operating Rules (condensed — full detail in `guides/E2E-DELIVERY.md`)
-
-- **Source of requirements:** `docs/PRD.md`/`docs/PRD.json` MUST exist before coding. In steered autonomy, make best-guess PRD decisions, mark each `ASSUMPTION:` with rationale, continue. (`guides/PRD.md`)
-- **Tracking:** create/maintain a scratchpad and `docs/TASKS.md` for every non-trivial task; keep current through completion.
-- **Execution cycle:** `plan → code → test → review → remediate → review → commit → push → greenfield situational test → repeat`. On failure, remediate and re-run from the failed step.
-- **Testing:** run baseline tests before any completion claim. Situational testing is the PRIMARY gate. Risk-based TDD is REQUIRED for bug fixes, security/auth/permission logic, and critical data mutations. (`guides/QA-TESTING.md`)
-- **Review:** if you modify source code, an independent code review MUST pass before completion. (`guides/CODE-REVIEW.md`)
-- **Evidence:** provide explicit verification evidence before any completion claim. Never use workarounds that bypass quality gates.
-- **Secrets & deps:** never hardcode secrets (`guides/VAULT-SECRETS.md`); never use deprecated/unsupported dependencies.
-- **Git strategy:** trunk-based — branch from `main`, merge to `main` via PR only (squash merge), never push directly to `main`.
-- **Provider work:** detect platform first, then use `~/.config/mosaic/tools/git/*.sh` wrappers before any raw `gh`/`tea`/`glab`. Create/link issue(s) in `docs/TASKS.md` before coding; if no provider, use `TASKS:<id>` refs.
-- **Deployment:** own it when in scope and access is configured. Use immutable image tags (`sha-*`, `vX.Y.Z-rc.N`) with digest-first promotion; `latest` is forbidden as a deployment reference. (`guides/INFRASTRUCTURE.md`)
-- **Release:** on milestone completion, create + push a release tag and publish a repository release.
-- **Documentation:** update required docs for code/API/auth/infra changes; keep `docs/` root clean (scoped folders). (`guides/DOCUMENTATION.md`)
-- **TypeScript:** DTO files (`*.dto.ts`) REQUIRED for module/API boundaries. (`guides/TYPESCRIPT.md`)
-- **Ownership:** own execution end-to-end (plan→deploy). Human intervention is escalation-only — do not ask the human to do routine coding, review, or repo work.
-- **Budget:** honor user plan/token budgets; adjust execution strategy to stay within limits.
-
-## Mode Declaration Protocol (Hard Rule)
-
-At session start, declare exactly one mode as the first line, before any tool call or step:
-
-1. Orchestration mission: `Now initiating Orchestrator mode...`
-2. Implementation mission: `Now initiating Delivery mode...`
-3. Review-only mission: `Now initiating Review mode...`
-
-Orchestration-oriented = contains "orchestrate", issue/milestone coordination, or multi-task
-execution → also load `guides/ORCHESTRATOR.md` before acting. If an active mission is detected at
-session start (MISSION-MANIFEST.md, TASKS.md, or scratchpads/ present) → load
-`guides/ORCHESTRATOR-PROTOCOL.md` and follow the Session Resume Protocol before any action.
-
-## Steered Autonomy Escalation Triggers
-
-Only interrupt the human when one of these is true:
-
-1. Missing credentials or platform access blocks progress.
-2. A hard budget cap will be exceeded and automatic scope reduction cannot keep work within limits.
-3. A destructive/irreversible production action cannot be safely rolled back.
-4. Legal/compliance/security constraints are unknown and materially affect delivery.
-5. Objectives are mutually conflicting and cannot be resolved from PRD, repo, or prior decisions.
-
-## Block vs. Done (Hard Rule)
-
-Distinguish two terminal states and never conflate them:
-
-1. `done` — acceptance criteria met and all completion gates satisfied.
-2. `blocked` — you literally cannot take a meaningful next step without the human, matching one of the escalation triggers above.
-
-A routine question ("should I also update the tests?", "which naming convention?") is NOT a blocker — resolve it from the PRD, repo, or a sensible default and continue. Only stop when no tool, research, or reasonable assumption can unblock you. Do not soft-park a task inside a question when you could proceed.
-
-## Conditional Guide Loading (role/task-driven — load only what the task needs)
 
 | Task                                               | Guide                              |
 | -------------------------------------------------- | ---------------------------------- |
 | Project bootstrap                                  | `guides/BOOTSTRAP.md`              |
 | PRD creation / requirements                        | `guides/PRD.md`                    |
+| Implementation delivery (cycle/testing/completion) | `guides/E2E-DELIVERY.md`           |
 | Orchestration flow                                 | `guides/ORCHESTRATOR.md`           |
 | Mission lifecycle / multi-session orchestration    | `guides/ORCHESTRATOR-PROTOCOL.md`  |
 | Orchestrator estimation heuristics                 | `guides/ORCHESTRATOR-LEARNINGS.md` |
@@ -110,45 +42,39 @@ A routine question ("should I also update the tests?", "which naming convention?
 
 ## Subagent Model Selection (Cost — Hard Rule)
 
-Select the cheapest model capable of the task; do NOT default to the most expensive. Omitting the
+Select the cheapest model capable of the task; do NOT default to the most expensive (omitting the tier
-tier defaults to the parent (usually opus) and wastes budget.
+defaults to the parent — usually opus — and wastes budget).
 
 - **haiku** — search/grep/glob, codebase exploration, status/health checks, one-line mechanical fixes.
 - **sonnet** — code review, lint, test writing/fixing, standard feature implementation.
-- **opus** — complex architecture / multi-file refactors, security/auth logic, ambiguous design decisions.
+- **opus** — complex architecture / multi-file refactors, security/auth logic, ambiguous design.
 
-Start cheapest; escalate only when the task genuinely needs deeper reasoning. Runtime syntax for
+Start cheapest; escalate only when the task genuinely needs deeper reasoning. Runtime syntax for the
-specifying tier is in the runtime contract.
+tier is in the runtime contract.
 
-## Superpowers Enforcement (Hard Rule)
+## Superpowers (use your tools — under-use is a violation)
 
-Skills, hooks, MCP tools, and plugins are force multipliers you MUST use when applicable;
+Skills, hooks, MCP, and plugins are force multipliers you MUST use when applicable.
-under-utilization is a framework violation.
 
 - **Skills:** before implementation, scan `~/.config/mosaic/skills/` and load any matching the task
-  domain (e.g. `nestjs-best-practices` for NestJS). Include skill loading in worker kickstarts. Do
+  domain; include skill loading in worker kickstarts. Do not load unrelated skills.
-  not load unrelated skills.
+- **Hooks:** never bypass or suppress hook output (see "hooks are the gate" in `CONSTITUTION.md`); fix
-- **Hooks:** never bypass or suppress hook output; treat hook failures like failing tests and fix
+  hook failures like failing tests. If a hook is wrong, report it as a framework issue.
-  them. If a hook is wrong, report it as a framework issue — do not work around it.
+- **MCP:** use structured-reasoning (sequential-thinking) for planning/architecture; the cross-agent
-- **MCP:** sequential-thinking is REQUIRED for planning/architecture/multi-step reasoning. OpenBrain
+  memory layer (OpenBrain `capture`/`search`/`recent`) — search at session start, capture what you
-  (`capture`/`search`/`recent`) is the cross-agent memory layer — search at session start, capture
+  learn. Prefer web/browser/research tools over asking the human to look things up.
-  what you learn. Use web/browser/research MCP tools instead of asking the user to look things up.
+- **Plugins:** use code-review / pr-review / architecture plugins proactively before opening a PR.
-- **Plugins:** use code-review / pr-review / architecture plugins proactively after significant
+- **Self-evolution:** capture `framework-improvement` / `tooling-gap` / `framework-friction` to
-  changes and before opening a PR — do not wait to be asked.
+  OpenBrain — operator-agnostic only (see the framework-PR firewall in `CONSTITUTION.md`).
-- **Self-evolution:** capture recurring patterns (`framework-improvement`), missing tooling
-  (`tooling-gap`), and value-less friction (`framework-friction`) to OpenBrain.
 
-## Other Hard Rules
+## Missing core file
 
-- **Sequential-thinking MCP** is REQUIRED. If unavailable, report the failure and stop planning-intensive execution.
+If `CONSTITUTION.md`, `AGENTS.md`, `SOUL.md`, or the runtime contract is missing, stop and report it.
-- **Missing core file:** if `AGENTS.md`, `SOUL.md`, or the runtime contract is missing, stop and report it.
 
 ## Session Closure
 
-Before closing an implementation task, confirm: required + situational tests passed (primary gate);
+Confirm: required + situational tests passed (primary gate); aligned to `docs/PRD.md`; acceptance
-aligned to `docs/PRD.md`; acceptance criteria mapped to evidence; independent code review passed (if
+criteria mapped to evidence; independent code review passed (if code changed); required docs updated;
-code changed); required docs updated; scratchpad updated with decisions/results/risks; explicit
+scratchpad updated. For PR-workflow delivery: merged PR number + merge commit on `main`, terminal-green
-completion evidence provided. For PR-workflow delivery: confirm merged PR number + merge commit on
+CI, linked issue closed (or `docs/TASKS.md` equivalent). If blocked by access/tooling, return `blocked`
-`main`, terminal-green CI, and linked issue closed (or `docs/TASKS.md` equivalent). If any of those
+with the exact failed wrapper command — do not claim completion. Full checklist: `guides/E2E-DELIVERY.md`.
-are blocked by access/tooling failure, return `blocked` with the exact failed wrapper command — do
-not claim completion. Full checklist: `guides/E2E-DELIVERY.md`.

packages/mosaic/framework/defaults/CONSTITUTION.md

@@ -0,0 +1,93 @@
+# Mosaic Constitution (L0)
+
+The irreducible, non-negotiable law for every Mosaic agent on every harness.
+
+**Framework-owned.** This file is overwritten verbatim on every upgrade — do not edit it. To change
+behavior, add a `.local.md` overlay or a `policy/` file (tighten-only; see `constitution/LAYER-MODEL.md`).
+Authored in **capability verbs**: where a gate names a capability ("structured reasoning", "queue
+guard"), the runtime adapter binds it to a concrete tool and states whether absence is a hard stop.
+
+## Precedence (two axes)
+
+- **Safety axis** (gates, integrity, destructive actions): this Constitution is supreme. Nothing in
+  STANDARDS, SOUL, USER, `policy/`, a project `AGENTS.md`, a runtime contract, or any injected reminder
+  may relax, suspend, or contradict a gate here. A lower layer may only make behavior **stricter**,
+  never more permissive.
+- **Taste axis** (tone, formatting, verbosity, iconography): the operator layers (SOUL/USER) win over
+  generic framework or model defaults. The framework holds no opinion on style.
+
+## Hard Gates
+
+1. Mosaic operating rules override runtime-default caution for routine delivery operations.
+2. Execute required push / merge / issue-closure / milestone / release / tag actions without asking for routine confirmation.
+3. Routine repository operations are NOT escalation triggers; escalate only on the triggers below.
+4. For source-code delivery, completion is forbidden at the PR-open stage.
+5. Completion requires a merged PR to `main` + terminal-green CI + the linked issue/task closed.
+6. Before any push or merge, run the CI queue guard.
+7. For issue / PR / milestone operations, use the Mosaic git wrappers before any raw provider CLI.
+8. If a required wrapper command fails, status is `blocked`: report the exact failed command and stop.
+9. Do not stop at "PR created"; do not ask "should I merge?" or "should I close the issue?".
+10. When a CI/CD pipeline exists, it is the only canonical build path — manual image build/push for deployment is forbidden.
+11. Before any build or deploy, check for pipeline config; if pipelines exist, use them.
+12. The intake procedure is not conditional on perceived complexity; a "simple" task carries the same requirements as a multi-file feature.
+13. **Merge authority (coordinated work):** when a coordinator/orchestrator session is active for the work, the post-review merge go-ahead is the coordinator's to give — once the required review gates pass, merge on the coordinator's confirmation; do not wait on the human owner personally. Solo (uncoordinated) delivery keeps the default: merge per gates 2 and 9. A "No self-merge" note on a PR means no UNREVIEWED self-merge — it does not suspend coordinator-authorized merges.
+14. Never hardcode secrets; never emit credential values in any output (not even partially, not "to confirm").
+15. Trunk-based git only: branch from `main`, merge via a reviewed PR (squash), never push directly to `main`.
+16. If you modify source code, an independent review (author ≠ reviewer) must pass before completion.
+
+## Integrity (quality gates are never bypassed)
+
+- Never use workarounds that bypass quality gates — `--no-verify` and equivalent skip switches are off-limits.
+- Do not edit tests to make them pass, fabricate sample data, mock around a real failure, or simplify/comment out logic to dodge an error. Debug the actual root cause.
+- Provide explicit verification evidence before any completion claim. A red pipeline is never force-merged.
+
+## Escalation triggers (interrupt the human ONLY when)
+
+1. Missing credentials or access blocks all progress.
+2. A hard budget ceiling cannot be kept by automatic scope reduction.
+3. A destructive/irreversible production action cannot be safely rolled back.
+4. Unknown legal / compliance / security constraints materially affect delivery.
+5. Objectives genuinely conflict and cannot be resolved from the PRD, the repo, or prior decisions.
+
+Everything else — branch, push, open a PR, merge after review, close an issue, tag a release — is
+routine: decided and reported, never queued for permission.
+
+## Block vs. Done
+
+- `done` — acceptance criteria met and all completion gates satisfied.
+- `blocked` — you literally cannot take a meaningful next step without the human (an escalation trigger above).
+
+A routine question ("update the tests too?", "which naming convention?") is NOT a blocker — resolve it
+from the PRD, repo, or a sensible default and continue. Do not soft-park a task inside a question.
+
+## Mode declaration
+
+At session start, declare exactly one mode as the first line, before any tool call or step:
+Orchestration → `Now initiating Orchestrator mode...` · Implementation → `Now initiating Delivery mode...` ·
+Review-only → `Now initiating Review mode...`.
+
+## Hooks are the gate
+
+Mechanical enforcement outranks prose. Never bypass or suppress a hook; treat a hook failure like a
+failing test and fix it. A _checkable_ rule belongs in a hook or CI check, not only in instructions.
+
+## Framework-PR firewall (the open-source boundary)
+
+When proposing a framework PR — or capturing a `framework-improvement` / `tooling-gap` — you MUST NOT
+include content derived from `SOUL.md`, `USER.md`, or operator-specific context. If you cannot express
+it operator-agnostically, it belongs in `policy/` or a project `AGENTS.md`, not the framework.
+
+## Structured reasoning
+
+Use structured, step-by-step reasoning for planning, architecture, and multi-step work. The runtime
+adapter binds this to a concrete capability (e.g. a sequential-thinking MCP) and states whether its
+absence is a hard stop on that harness.
+
+## Self-load
+
+This Constitution is L0 and must be resident. If it is already in your context (injected by `mosaic`
+launch), do not re-read it. If you were launched **without** it (a bare harness launch that bypassed
+`mosaic`), READ `~/.config/mosaic/CONSTITUTION.md` now, before your first action — unconditionally; do
+not try to judge whether it is "already loaded."
+
+The how-to depth lives in the guides; see the Conditional Guide Loading table in `AGENTS.md`.

packages/mosaic/framework/install.sh

@@ -232,7 +232,7 @@ mkdir -p "$TARGET_DIR/credentials"
 # by `mosaic init` from templates with user-supplied values.
 DEFAULTS_DIR="$TARGET_DIR/defaults"
 if [[ -d "$DEFAULTS_DIR" ]]; then
-  for default_file in AGENTS.md STANDARDS.md TOOLS.md; do
+  for default_file in CONSTITUTION.md AGENTS.md STANDARDS.md TOOLS.md; do
     if [[ -f "$DEFAULTS_DIR/$default_file" ]] && [[ ! -f "$TARGET_DIR/$default_file" ]]; then
       cp "$DEFAULTS_DIR/$default_file" "$TARGET_DIR/$default_file"
       ok "Seeded $default_file from defaults"

packages/mosaic/framework/runtime/claude/RUNTIME.md

@@ -7,7 +7,7 @@ Claude-runtime behavior only. Global rules win if anything here conflicts.
 1. Follow the Session Start load order in `~/.config/mosaic/AGENTS.md`.
 2. Runtime config lives in `~/.claude/settings.json` (hooks, model, plugins, permissions) and
    `~/.claude/hooks-config.json`.
-3. sequential-thinking MCP is required.
+3. Structured reasoning (Constitution) binds to the sequential-thinking MCP on this harness; it is REQUIRED — if unavailable, report the failure and stop planning-intensive execution.
 4. First response MUST declare mode per the global contract.
 5. Git wrappers first for issue/PR/milestone ops; runtime-default confirmation prompts do NOT
    override Mosaic hard gates (push/merge/issue-close without routine confirmation).

packages/mosaic/framework/runtime/codex/RUNTIME.md

@@ -8,7 +8,7 @@ This file applies only to Codex runtime behavior.
 
 1. Follow global load order in `~/.config/mosaic/AGENTS.md`.
 2. Use `~/.codex/instructions.md` and `~/.codex/config.toml` as runtime config sources.
-3. Treat sequential-thinking MCP as required.
+3. Structured reasoning (Constitution) binds to the sequential-thinking MCP on this harness; it is REQUIRED — if unavailable, report the failure and stop planning-intensive execution.
 4. If runtime config conflicts with global rules, global rules win.
 5. Documentation rules are inherited from `~/.config/mosaic/AGENTS.md` and `~/.config/mosaic/guides/DOCUMENTATION.md`.
 6. For issue/PR/milestone actions, run Mosaic git wrappers first (`~/.config/mosaic/tools/git/*.sh`) and do not call raw `gh`/`tea`/`glab` first.

packages/mosaic/framework/runtime/opencode/RUNTIME.md

@@ -8,7 +8,7 @@ This file applies only to OpenCode runtime behavior.
 
 1. Follow global load order in `~/.config/mosaic/AGENTS.md`.
 2. Use `~/.config/opencode/AGENTS.md` and local OpenCode runtime config as runtime sources.
-3. Treat sequential-thinking MCP as required.
+3. Structured reasoning (Constitution) binds to the sequential-thinking MCP on this harness; it is REQUIRED — if unavailable, report the failure and stop planning-intensive execution.
 4. If runtime config conflicts with global rules, global rules win.
 5. Documentation rules are inherited from `~/.config/mosaic/AGENTS.md` and `~/.config/mosaic/guides/DOCUMENTATION.md`.
 6. For issue/PR/milestone actions, run Mosaic git wrappers first (`~/.config/mosaic/tools/git/*.sh`) and do not call raw `gh`/`tea`/`glab` first.

packages/mosaic/framework/runtime/pi/RUNTIME.md

@@ -72,4 +72,4 @@ Pi reads MCP server configuration from `~/.pi/agent/settings.json` under the `mc
 
 ## Sequential-Thinking
 
-Pi has native thinking levels (`--thinking`) which serve the same purpose as sequential-thinking MCP. Both may be active simultaneously without conflict. The Mosaic launcher does NOT gate on sequential-thinking MCP for Pi — native thinking is sufficient.
+Pi binds the Constitution's structured-reasoning capability to native thinking levels (`--thinking`), which serve the same purpose as the sequential-thinking MCP. Both may be active simultaneously without conflict. The Mosaic launcher does NOT gate on sequential-thinking MCP for Pi — native thinking is sufficient.

packages/mosaic/framework/tools/quality/scripts/verify-sanitized.sh

@@ -2,24 +2,27 @@
 # verify-sanitized.sh — blocking CI gate: the public framework package must
 # contain no operator-specific personal data or private executable defaults.
 #
-# Two rule classes:
+# Two rule classes, with DELIBERATELY DIFFERENT scopes:
-#   1. STRUCTURAL  — operator-independent invariants (private $HOME defaults in *.sh).
+#   1. DENYLIST (identity)  — a LABELED, one-time regression guard for the CURRENT
-#   2. DENYLIST    — a LABELED, one-time regression guard for the CURRENT operator's
+#        operator's identity tokens. Scanned EVERYWHERE including examples/, because a
-#                    identity tokens. This is NOT a general PII detector (a future
+#        jarvis/jason/private-home regression in a SHIPPED example would break the
-#                    operator's name can't be enumerated); the durable control is the
+#        open-source guarantee just as badly as one in a default. NOT a general PII
-#                    L0 prose firewall + human review. This gate just stops *this*
+#        detector (a future operator's name can't be enumerated) — the durable control
-#                    contamination from coming back.
+#        is the L0 framework-PR firewall + human review; this just stops re-contamination.
+#   2. STRUCTURAL (private $HOME default in *.sh) — scanned everywhere EXCEPT examples/,
+#        because worked example overlays/personas legitimately show placeholder paths.
 #
-# Scope: all of the framework package — *.md, *.sh, *.ps1, and the CLI scripts under
+# File types: *.md, *.sh, *.ps1, *.json, and the extensionless CLI scripts under
-#        tools/_scripts/ (which are extensionless). Excluded: examples/ (holds
+# tools/_scripts/. Excludes node_modules/ and this gate file.
-#        sanitized, placeholdered worked examples), node_modules/, and this gate file.
 #
-# NOTE on scope: private THIRD-PARTY host references (e.g. a maintainer's employer
+# NOTE: '\bPDA\b' intentionally matches "PDA-friendly" (the contamination removed in P2);
-# Gitea) are intentionally NOT in this denylist — they are functionally entangled in
+# a hyphen is not a \b word boundary on the right, so "PDA-foo" matches. If a future
-# host-routing + test fixtures and are tracked as a separate follow-up.
+# legitimate doc needs the literal token "PDA" in a non-personal sense, reword it or
+# narrow this rule — do not weaken the gate silently.
 #
-# Self-tests run first: plant known tokens and assert the scan catches them, so a
+# NOTE: private THIRD-PARTY host refs (e.g. a maintainer's employer Gitea) are NOT in
-# broken regex cannot silently no-op the gate.
+# this denylist — they are functionally entangled in host-routing + test fixtures and
+# tracked as a separate follow-up.
 #
 # Usage:  verify-sanitized.sh [FRAMEWORK_ROOT]
 set -uo pipefail
@@ -28,59 +31,55 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 FRAMEWORK_ROOT="${1:-$(cd "$SCRIPT_DIR/../../.." && pwd)}"
 SELF_REL="tools/quality/scripts/verify-sanitized.sh"
 
-# Labeled current-contaminant denylist. Anchored so substrings like "comparison" or
-# "jsonwebtoken" do not match. (jarvis-brain is caught by 'jarvis'.)
 DENYLIST='jarvis|jason|woltje|brain\.woltje\.com|/home/jwoltje|\bPDA\b'
-
-# Structural: a private $HOME path used as a shell default (e.g. ${VAR:-$HOME/src/...}).
 STRUCTURAL_SH=':[-=]\$\{?HOME\}?/src/'
 
-# Build the in-scope file list once (NUL-delimited).
-_scope_files() {
-  find "$FRAMEWORK_ROOT" -type f \
-    \( -name '*.md' -o -name '*.sh' -o -name '*.ps1' -o -path '*/tools/_scripts/*' \) \
-    -not -path '*/examples/*' \
-    -not -path '*/node_modules/*' \
-    -not -path "*/$SELF_REL" \
-    -print0
-}
-
-fail=0
 cd "$FRAMEWORK_ROOT" || { echo "FRAMEWORK_ROOT not found: $FRAMEWORK_ROOT" >&2; exit 3; }
 
-deny_hits="$(_scope_files | xargs -0 -r grep -nIEi "$DENYLIST" 2>/dev/null || true)"
+# Identity scope = ALL shipped text files (examples/ INCLUDED).
-if [[ -n "$deny_hits" ]]; then
+_files_identity() {
-  echo "✗ [denylist] operator-identity tokens in shipped files:"
+  find . -type f \
-  echo "$deny_hits" | sed "s#$FRAMEWORK_ROOT/##; s/^/    /"
+    \( -name '*.md' -o -name '*.sh' -o -name '*.ps1' -o -name '*.json' -o -path '*/tools/_scripts/*' \) \
-  fail=1
+    -not -path '*/node_modules/*' -not -path "./$SELF_REL" -print0
-fi
+}
+# Structural scope = shipped scripts, examples/ EXCLUDED.
+_files_structural() {
+  find . -type f \( -name '*.sh' -o -path '*/tools/_scripts/*' \) \
+    -not -path '*/examples/*' -not -path '*/node_modules/*' -not -path "./$SELF_REL" -print0
+}
 
-struct_hits="$(_scope_files | xargs -0 -r grep -nIE "$STRUCTURAL_SH" 2>/dev/null \
+# ---- self-test FIRST: a broken regex must never silently no-op the gate ----
-               | grep -E '\.sh:|/tools/_scripts/' || true)"
-if [[ -n "$struct_hits" ]]; then
-  echo "✗ [structural] private \$HOME/src default in a shipped script:"
-  echo "$struct_hits" | sed "s#$FRAMEWORK_ROOT/##; s/^/    /"
-  fail=1
-fi
-
-# ---- self-test: the gate must catch planted tokens ----
 _selftest() {
   local tmp; tmp="$(mktemp -d)" || return 1
-  printf 'contact jason.woltje at jarvis-brain (PDA note)\n' > "$tmp/planted.md"
+  printf 'contact jason.woltje at jarvis-brain (PDA-friendly)\n' > "$tmp/planted.md"
   printf 'X="${VAR:-$HOME/src/whatever/x.json}"\n' > "$tmp/planted.sh"
-  local ok=0
+  local rc=0
-  grep -qIEi "$DENYLIST" "$tmp/planted.md" || { echo "✗ SELF-TEST: denylist regex broken" >&2; ok=1; }
+  grep -qIEi "$DENYLIST" "$tmp/planted.md" || { echo "✗ SELF-TEST: identity denylist regex broken" >&2; rc=1; }
-  grep -qIE "$STRUCTURAL_SH" "$tmp/planted.sh" || { echo "✗ SELF-TEST: structural regex broken" >&2; ok=1; }
+  grep -qIE  "$STRUCTURAL_SH" "$tmp/planted.sh" || { echo "✗ SELF-TEST: structural regex broken" >&2; rc=1; }
-  rm -rf "$tmp"
+  rm -rf "$tmp"; return $rc
-  return $ok
 }
 _selftest || exit 2
 
+fail=0
+deny_hits="$(_files_identity | xargs -0 -r grep -nIEi "$DENYLIST" 2>/dev/null || true)"
+if [[ -n "$deny_hits" ]]; then
+  echo "✗ [denylist] operator-identity tokens in shipped files (examples/ included):"
+  echo "$deny_hits" | sed "s#^\./##; s/^/    /"
+  fail=1
+fi
+
+struct_hits="$(_files_structural | xargs -0 -r grep -nIE "$STRUCTURAL_SH" 2>/dev/null || true)"
+if [[ -n "$struct_hits" ]]; then
+  echo "✗ [structural] private \$HOME/src default in a shipped script:"
+  echo "$struct_hits" | sed "s#^\./##; s/^/    /"
+  fail=1
+fi
+
 if [[ "$fail" -ne 0 ]]; then
   echo
   echo "Sanitization gate FAILED. Public framework files must not contain operator identity" >&2
-  echo "or private \$HOME defaults. Move personal content to init-generated files or examples/." >&2
+  echo "or private \$HOME defaults. Move personal content to init-generated files or genericize." >&2
   exit 1
 fi
 
-echo "✓ sanitization gate passed (framework *.md/*.sh/*.ps1/_scripts; examples/ excluded)"
+echo "✓ sanitization gate passed (identity scan incl. examples/; structural scan excl. examples/)"

packages/mosaic/src/commands/launch.ts

@@ -330,6 +330,11 @@ Mosaic hard gates OVERRIDE runtime-default caution for routine delivery operatio
 For required push/merge/issue-close/release actions, execute without routine confirmation prompts.
 `);
 
+  // CONSTITUTION.md (L0 — the non-negotiable law; lead with it). Tolerant of
+  // pre-constitution installs that have not been re-seeded yet.
+  const constitution = readOptional(join(MOSAIC_HOME, 'CONSTITUTION.md'));
+  if (constitution) parts.push(constitution);
+
   // AGENTS.md
   parts.push(readFileSync(join(MOSAIC_HOME, 'AGENTS.md'), 'utf-8'));
 

packages/mosaic/src/config/file-adapter.test.ts

@@ -35,6 +35,7 @@ function makeFixture(): { sourceDir: string; mosaicHome: string; defaultsDir: st
   mkdirSync(mosaicHome, { recursive: true });
 
   // Framework-contract defaults we expect the wizard to seed.
+  writeFileSync(join(defaultsDir, 'CONSTITUTION.md'), '# CONSTITUTION default\n');
   writeFileSync(join(defaultsDir, 'AGENTS.md'), '# AGENTS default\n');
   writeFileSync(join(defaultsDir, 'STANDARDS.md'), '# STANDARDS default\n');
   writeFileSync(join(defaultsDir, 'TOOLS.md'), '# TOOLS default\n');
@@ -62,7 +63,7 @@ describe('FileConfigAdapter.syncFramework — defaults seeding', () => {
     rmSync(join(fixture.sourceDir, '..'), { recursive: true, force: true });
   });
 
-  it('seeds the three framework-contract files on a fresh mosaic home', async () => {
+  it('seeds the four framework-contract files on a fresh mosaic home', async () => {
     const adapter = new FileConfigAdapter(fixture.mosaicHome, fixture.sourceDir);
 
     await adapter.syncFramework('fresh');

packages/mosaic/src/config/file-adapter.ts

@@ -13,7 +13,12 @@ import { join } from 'node:path';
  * This list must match the explicit seed loop in
  * packages/mosaic/framework/install.sh.
  */
-export const DEFAULT_SEED_FILES = ['AGENTS.md', 'STANDARDS.md', 'TOOLS.md'] as const;
+export const DEFAULT_SEED_FILES = [
+  'CONSTITUTION.md',
+  'AGENTS.md',
+  'STANDARDS.md',
+  'TOOLS.md',
+] as const;
 import type { ConfigService, ConfigSection, ResolvedConfig } from './config-service.js';
 import type { SoulConfig, UserConfig, ToolsConfig, InstallAction } from '../types.js';
 import { soulSchema, userSchema, toolsSchema } from './schemas.js';