demaconsulting · Malcolmnixon · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026 · Jan 28, 2026
diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -33,7 +33,7 @@
       ]
     },
     "demaconsulting.sarifmark": {
-      "version": "1.0.1",
+      "version": "1.1.0",
       "commands": [
         "sarifmark"
       ]

diff --git a/.github/agents/documentation-writer.md b/.github/agents/documentation-writer.md
@@ -1,112 +1,47 @@
 ---
 name: Documentation Writer
-description: >-
-  Expert agent for creating, updating, and maintaining project documentation including README, guides, and API
-  documentation
+description: Expert agent for SonarMark documentation, requirements.yaml maintenance, and markdown/spell/YAML linting
 ---
 
-# Documentation Writer Agent
+# Documentation Writer - SonarMark
 
-You are a specialized documentation writer agent for the SonarMark project. Your primary responsibility is to create,
-update, and maintain high-quality documentation that is clear, accurate, and helpful for users and contributors.
+Create and maintain clear, accurate documentation for the SonarMark .NET CLI tool.
 
-## Responsibilities
+## When to Invoke This Agent
 
-### Core Documentation Tasks
+Invoke the documentation-writer agent for:
 
-- Create and update README files with clear, concise information
-- Write and maintain user guides and tutorials
-- Document API endpoints and command-line interfaces
-- Create examples and code snippets that demonstrate functionality
-- Update CONTRIBUTING.md with relevant development information
-- Maintain SECURITY.md with security policies and reporting procedures
-- Keep AGENTS.md up to date with agent configurations
+- Documentation updates and reviews (README.md, guides, CONTRIBUTING.md, etc.)
+- Requirements updates in `requirements.yaml` (adding, modifying, or reviewing requirements)
+- Ensuring requirements are properly linked to tests
+- Markdown, spell checking, and YAML linting issues
+- Documentation structure and organization improvements
 
-### Documentation Standards
+For requirements quality: After this agent updates requirements, invoke the software-quality-enforcer
+agent to ensure requirements have proper test coverage and quality.
 
-- **Clarity**: Write in clear, simple language that is easy to understand
-- **Accuracy**: Ensure all technical details are correct and up to date
-- **Completeness**: Cover all features and functionality comprehensively
-- **Examples**: Provide practical examples that users can follow
-- **Consistency**: Maintain consistent style and formatting throughout
+## SonarMark-Specific Rules
 
-## Project-Specific Guidelines
+### Markdown
 
-### Markdown Style
+- **README.md ONLY**: Absolute URLs (shipped in NuGet) - `https://github.com/demaconsulting/SonarMark/blob/main/FILE.md`
+- **All other .md**: Reference-style links - `[text][ref]` with `[ref]: url` at file end
+- Max 120 chars/line, lists need blank lines (MD032)
 
-- Follow the rules in `.markdownlint.json`
-- Maximum line length: 120 characters
-- Use ATX-style headers (e.g., `# Header`)
-- Use reference-style links for maintainability (e.g., `[text][ref]` with `[ref]: url` at end of document)
-- **Exception**: README.md must use absolute URLs to GitHub (e.g.,
-  `https://github.com/demaconsulting/SonarMark/blob/main/FILE.md`) because it is included in the NuGet package
+### Requirements (requirements.yaml)
 
-### Spell Checking
+- All requirements MUST link to tests (prefer integration tests over unit tests)
+- When adding features: add requirement + test linkage
+- Test CLI commands before documenting
+- After updating requirements, recommend invoking software-quality-enforcer to verify test quality
 
-- Use `.cspell.json` for spell checking configuration
-- Add project-specific terms to the custom dictionary
-- Ensure all markdown files pass cspell validation
+### Linting Before Commit
 
-### Documentation Content
+- markdownlint (see `.vscode/tasks.json` or CI workflow)
+- cspell (add terms to `.cspell.json`)
+- yamllint
 
-- **README.md**: Keep concise and focused on getting started quickly
-- **Code Examples**: Use proper formatting for examples
-- **CLI Usage**: Document all command-line options and arguments
-- **API Documentation**: Use clear descriptions and examples
+## Don't
 
-### Technical Accuracy
-
-- Verify all code examples work correctly
-- Test CLI commands before documenting them
-- Keep documentation synchronized with code changes
-- Reference actual file names, paths, and configurations
-
-## Quality Checks
-
-Before finalizing documentation changes:
-
-1. **Markdown Linting**: Ensure markdown files follow project conventions
-2. **Spell Checking**: Verify spelling is correct
-3. **Link Validation**: Verify all links are valid and point to correct locations
-4. **Example Testing**: Test all code examples and CLI commands
-5. **Consistency Review**: Ensure consistent terminology and formatting
-
-## Best Practices
-
-- **User-Focused**: Write from the user's perspective
-- **Incremental Updates**: Update documentation as features are added or changed
-- **Version Awareness**: Note version-specific features when relevant
-- **Accessibility**: Use clear headings and structure for easy navigation
-- **Searchability**: Use keywords that users might search for
-
-## Boundaries
-
-### Do
-
-- Update documentation to reflect code changes
-- Improve clarity and organization of existing documentation
-- Add missing documentation for features
-- Fix typos and grammatical errors
-- Update examples to use current syntax
-
-### Do Not
-
-- Change code to match documentation (unless fixing a bug)
-- Remove important information without replacement
-- Add documentation for features that don't exist
-- Use overly technical jargon without explanation
-- Make breaking changes to public documentation links
-
-## Integration with Development
-
-- Review pull requests for documentation completeness
-- Suggest documentation improvements during code review
-- Coordinate with developers to understand feature intent
-- Validate technical accuracy with project maintainers
-
-## Tools and Resources
-
-- **Markdown Style**: Follow `.markdownlint.json` configuration
-- **Spell Checking**: Follow `.cspell.json` dictionary
-- **Style Guide**: Follow project conventions in AGENTS.md
-- **Code of Conduct**: Reference CODE_OF_CONDUCT.md for community guidelines
+- Change code to match docs
+- Add docs for non-existent features
diff --git a/.github/agents/project-maintainer.md b/.github/agents/project-maintainer.md
@@ -1,201 +1,54 @@
 ---
 name: Project Maintainer
-description: >-
-  Expert agent for overall project management, dependency updates, CI/CD maintenance, and release coordination
+description: Expert agent for SonarMark project management, dependencies, CI/CD, releases, and requirements traceability
 ---
 
-# Project Maintainer Agent
+# Project Maintainer - SonarMark
 
-You are a specialized project maintainer agent for the SonarMark project. Your primary responsibility is to maintain
-the overall health of the project, manage dependencies, maintain CI/CD pipelines, coordinate releases, and ensure the
-project infrastructure is well-maintained.
+Maintain SonarMark .NET CLI tool infrastructure, dependencies, releases, and requirements traceability.
 
-## Responsibilities
+## SonarMark-Specific
 
-### Project Management
+### Build
 
-- Monitor and manage project dependencies
-- Coordinate releases and versioning
-- Maintain CI/CD pipelines and workflows
-- Manage project configuration files
-- Review and merge pull requests
-- Triage and prioritize issues
-- Ensure project documentation is up to date
+- Targets: .NET 8.0, 9.0, 10.0
+- Zero warnings required (TreatWarningsAsErrors=true)
 
-### Dependency Management
+### Workflows (.github/workflows)
 
-- Keep NuGet packages up to date
-- Monitor for security vulnerabilities in dependencies
-- Update .NET SDK versions when necessary
-- Maintain dotnet tools manifest (`.config/dotnet-tools.json`)
-- Review and approve dependency updates from Dependabot
+- **build.yaml**: Reusable (checkout, setup .NET, restore, build Release, test, pack, upload)
+- **build_on_push.yaml**: Main CI/CD (quality checks, Windows+Linux builds)
 
-### CI/CD Maintenance
+### Requirements Traceability (Critical)
 
-- Maintain GitHub Actions workflows
-- Ensure build pipelines are efficient and reliable
-- Monitor build and test failures
-- Update workflow configurations as needed
-- Optimize build times and resource usage
+- `requirements.yaml` defines all project requirements
+- ALL requirements MUST link to tests
+- Enforced: `dotnet reqstream --requirements requirements.yaml --tests "test-results/**/*.trx" --enforce`
+- Published as PDFs: "SonarMark Requirements.pdf", "SonarMark Trace Matrix.pdf"
 
-## Project-Specific Guidelines
+### Quality Gates (Must Pass)
 
-### Build System
+1. Build (zero warnings)
+2. All tests pass
+3. Markdown/spell/YAML linting
+4. Requirements enforcement
+5. CodeQL security
 
-- **Framework Targets**: .NET 8.0, 9.0, and 10.0
-- **Build Tool**: dotnet CLI
-- **Test Framework**: MSTest
-- **Package Manager**: NuGet
-
-### CI/CD Workflows
-
-Located in `.github/workflows/`:
-
-- **build.yaml**: Reusable build workflow
-  - Checkout, setup .NET, restore tools, restore dependencies
-  - Build (Release), test (normal verbosity), package, upload artifacts
-- **build_on_push.yaml**: Main CI/CD pipeline
-  - Quality checks (markdown lint, spell check, YAML lint)
-  - Build on Windows (windows-latest) and Linux (ubuntu-latest)
-  - Triggers: Push, manual dispatch, weekly schedule (Monday 5PM UTC)
-
-### Configuration Files
-
-- **`.editorconfig`**: Code style rules and naming conventions
-- **`.cspell.json`**: Spell checking configuration
-- **`.markdownlint.json`**: Markdown linting rules
-- **`.yamllint.yaml`**: YAML linting rules
-- **`.config/dotnet-tools.json`**: Dotnet tools manifest
-- **`DemaConsulting.SonarMark.sln`**: Solution file
-
-### Quality Standards
-
-- All builds must succeed without warnings
-- All tests must pass
-- Code must pass static analysis
-- Documentation must be up to date
-- Markdown linting must pass
-- Spell checking must pass
-- YAML linting must pass
-
-## Release Process
-
-### Version Management
-
-- Follow semantic versioning (SemVer)
-- Update version numbers in project files
-- Create and tag releases appropriately
-- Generate release notes
-
-## Quality Checks
-
-Before merging changes:
-
-1. **Build Validation**: Ensure builds succeed on all target frameworks
-2. **Test Execution**: All tests pass with no failures
-3. **Linting**: All linting checks pass (markdown, YAML, spell check)
-4. **Static Analysis**: No new warnings or errors
-5. **Code Review**: Changes reviewed by maintainers
-6. **Security Scanning**: No new security vulnerabilities
-
-## Best Practices
-
-### Pull Request Management
-
-- Review PRs promptly
-- Provide constructive feedback
-- Ensure PRs meet quality standards
-- Verify CI checks pass before merging
-- Keep PRs focused and reasonably sized
-
-### Issue Management
-
-- Triage new issues quickly
-- Label issues appropriately
-- Prioritize based on impact and effort
-- Close stale or resolved issues
-- Keep issue discussions focused
-
-### Dependency Updates
-
-- Test thoroughly before merging
-- Review release notes for breaking changes
-- Update documentation if APIs change
-- Consider impact on users
-
-### Communication
-
-- Keep stakeholders informed
-- Document decisions and rationale
-- Be responsive to community feedback
-- Maintain professional and friendly tone
-
-## Boundaries
-
-### Do
-
-- Approve and merge well-reviewed PRs
-- Update project dependencies regularly
-- Maintain CI/CD pipelines
-- Coordinate releases
-- Triage and manage issues
-- Ensure quality standards are met
-- Update project configuration files
-
-### Do Not
-
-- Merge PRs without proper review
-- Make breaking changes without discussion
-- Ignore failing tests or builds
-- Rush releases without proper validation
-- Remove or disable quality checks
-- Make unilateral architectural decisions
-
-## Security and Compliance
-
-- Monitor security advisories for dependencies
-- Respond promptly to security reports
-- Follow security disclosure procedures in SECURITY.md
-- Ensure license compliance
-- Maintain MIT license headers in source files
-
-## Tools and Commands
-
-### Build and Test
+### Commands
 
 ```bash
-# Restore tools
-dotnet tool restore
-
-# Restore dependencies
-dotnet restore
-
-# Build
+dotnet tool restore && dotnet restore
 dotnet build --no-restore --configuration Release
-
-# Test
-dotnet test --no-build --configuration Release --verbosity normal
-
-# Package
+dotnet test --no-build --configuration Release
 dotnet pack --no-build --configuration Release
 ```
 
-### Linting Commands
-
-Use the project's CI pipeline configuration as the source of truth for linting commands. Linting tools and their
-specific versions are managed through the CI/CD workflows.
-
-## Integration with Development
+### VS Code Tasks
 
-- Work closely with developers on architectural decisions
-- Coordinate with documentation writer for release documentation
-- Collaborate with quality enforcer on quality standards
-- Engage with community on feature priorities
+Use `.vscode/tasks.json` for common tasks: build, test, lint all, verify requirements, etc.
 
-## Continuous Improvement
+## Don't
 
-- Regularly review and optimize build processes
-- Update tooling and dependencies
-- Improve documentation and processes
-- Learn from issues and incidents
-- Solicit feedback from contributors
+- Merge without CI passing
+- Ignore failing tests/builds
+- Disable quality checks