[EPIC-4] Sticky State & IPC Hardening

.bob/commands/epic-run.md

@@ -259,12 +259,41 @@ STOP when /pr-loop outputs [PHS-PERFECT].
 Mark ticket-XX complete in your running status.
 Check EXECUTION_GUIDE.md for the next ticket.
 If tickets remain: return to TICKET LOOP START.
-If all complete: advance to EPIC COMPLETE.
+If all complete: advance to PHASE 6: PR SUBMISSION & PERFECTION.
 
 ### TICKET LOOP END
 
 ---
 
+## PHASE 6: PR SUBMISSION & PERFECTION
+
+**Switch to: Advanced mode**
+
+Hand off this exact task:
+```
+EPIC: $1
+TASK: Submit PR and start /pr-loop
+PROTOCOL:
+  1. git fetch origin main && git rebase origin/main
+  2. gh pr create --title "[$1] EPIC COMPLETE" --body "Automated PR for epic $1 implementation." --label "epic-run"
+  3. Extract the <PR_NUMBER> from the `gh pr create` output.
+  4. Emit: [PR-SUBMITTED] PR #<PR_NUMBER>
+```
+
+When Advanced mode outputs [PR-SUBMITTED] PR #<PR_NUMBER>:
+
+**Switch to: Orchestrator mode**
+
+Hand off this exact task:
+```
+EPIC: $1
+TASK: Run /pr-loop <PR_NUMBER>
+GOAL: Drive the current branch to 100/100 PHS.
+STOP when /pr-loop outputs [PHS-PERFECT].
+```
+
+---
+
 ## EPIC COMPLETE
 
 Output the full summary (you generate this directly, no mode switch):
@@ -283,6 +312,7 @@ DNA Audit
   CYC floor   : ALL targets below 20
 
 Commits: [list of hashes with BUILD_TAGs]
+PHS     : 100/100 (PERFECT)
 ============================================================
-Branch ready for PR. Suggest: /review to generate PR description.
+Branch ready for merge.
 ```

.bob/commands/pr-loop.md

@@ -30,9 +30,10 @@ Hand off:
 ```
 TASK: Verify PR Hygiene
 PROTOCOL:
-  1. Run `powershell -File .\scripts\verify_pr_hygiene.ps1`.
-  2. If FAIL: HALT and report the violation (e.g. "Diff > 10k" or "Branch is dirty").
-  3. If PASS: Advance to Step 1.
+  1. Run `git fetch origin main && git rebase origin/main`.
+  2. Run `powershell -File .\scripts\verify_pr_hygiene.ps1`.
+  3. If FAIL: HALT and report the violation (e.g. "Diff > 10k" or "Branch is dirty").
+  4. If PASS: Advance to Step 1.
 ```
 
 ### Step 1: Local Integrity (Goal: 15/15)

.bob/rules/00-pr-hygiene.md

@@ -0,0 +1,11 @@
+# PR Hygiene Mandate
+
+## Mandatory Protocol
+All agents MUST adhere to the following PR hygiene rules before every push:
+
+1. **Rebase Mandate**: Your branch MUST be rebased onto the latest `origin/main`.
+2. **Hygiene Script**: You MUST run `powershell -File .\scripts\verify_pr_hygiene.ps1` before every push.
+3. **PHS Loop**: You MUST run `/pr-loop <PR_NUMBER>` after every PR submission and commit to drive the Project Health Score to 100/100.
+4. **No Dirty Branches**: If a branch is behind `main`, you MUST fix it immediately using `git fetch origin main && git rebase origin/main`.
+
+Failure to follow this protocol is a V12 PR Hygiene violation.

.github/instructions/codacy.instructions.md

@@ -0,0 +1,72 @@
+---
+    description: Configuration for AI behavior when interacting with Codacy's MCP Server
+    applyTo: '**'
+---
+---
+# Codacy Rules
+Configuration for AI behavior when interacting with Codacy's MCP Server
+
+## CRITICAL: After ANY successful `edit_file` or `reapply` operation
+- YOU MUST IMMEDIATELY run the `codacy_cli_analyze` tool from Codacy's MCP Server for each file that was edited, with:
+ - `rootPath`: set to the workspace path
+ - `file`: set to the path of the edited file
+ - `tool`: leave empty or unset
+- If any issues are found in the new edits, propose and apply fixes for them.
+- > NOTE: Failure to follow this rule is considered a critical error.
+
+## When you tried to run the `codacy_cli_analyze` tool and the Codacy CLI is not installed
+- Ask the user 'Codacy CLI is not installed. Would you like me to install it now?'
+- If the user responds with "yes", run the `codacy_cli_install` tool and then continue with the original task
+- If the user responds with "no", instruct the user that they can disable automatic analysis in the extension settings
+- Wait for the user to respond before proceeding with any other actions
+
+## After every response
+- If you made any file edits in this conversation, verify you ran `codacy_cli_analyze` tool from Codacy's MCP Server 
+
+## When there are no Codacy MCP Server tools available, or the MCP Server is not reachable
+- Suggest the user the following troubleshooting steps:
+ - Try to reset the MCP on the extension
+ - If the user is using VSCode, suggest them to review their Copilot > MCP settings in Github, under their organization or personal account. Refer them to Settings > Copilot > Enable MCP servers in Copilot. Suggested URL (https://github.com/settings/copilot/features) or https://github.com/organizations/{organization-name}/settings/copilot/features (This can only be done by their organization admins / owners)
+- If none of the above steps work, suggest the user to contact Codacy support
+
+## Trying to call a tool that needs a rootPath as a parameter
+- Always use the standard, non-URL-encoded file system path
+
+## CRITICAL: Dependencies and Security Checks
+- IMMEDIATELY after ANY of these actions:
+ - Running npm/yarn/pnpm install
+ - Adding dependencies to package.json
+ - Adding requirements to requirements.txt
+ - Adding dependencies to pom.xml
+ - Adding dependencies to build.gradle
+ - Any other package manager operations
+- You MUST run the `codacy_cli_analyze` tool with:
+ - `rootPath`: set to the workspace path
+ - `tool`: set to "trivy"
+ - `file`: leave empty or unset
+- If any vulnerabilities are found because of the newly added packages:
+ - Stop all other operations
+ - Propose and apply fixes for the security issues
+ - Only continue with the original task after security issues are resolved
+- EXAMPLE:
+ - After: npm install react-markdown
+ - Do: Run codacy_cli_analyze with trivy
+ - Before: Continuing with any other tasks
+
+## General
+- Repeat the relevant steps for each modified file.
+- "Propose fixes" means to both suggest and, if possible, automatically apply the fixes.
+- You MUST NOT wait for the user to ask for analysis or remind you to run the tool.
+- Do not run `codacy_cli_analyze` looking for changes in duplicated code or code complexity metrics.
+- Complexity metrics are different from complexity issues. When trying to fix complexity in a repository or file, focus on solving the complexity issues and ignore the complexity metric.
+- Do not run `codacy_cli_analyze` looking for changes in code coverage.
+- Do not try to manually install Codacy CLI using either brew, npm, npx, or any other package manager.
+- If the Codacy CLI is not installed, just run the `codacy_cli_analyze` tool from Codacy's MCP Server.
+- When calling `codacy_cli_analyze`, only send provider, organization and repository if the project is a git repository.
+
+## Whenever a call to a Codacy tool that uses `repository` or `organization` as a parameter returns a 404 error
+- Offer to run the `codacy_setup_repository` tool to add the repository to Codacy
+- If the user accepts, run the `codacy_setup_repository` tool
+- Do not ever try to run the `codacy_setup_repository` tool on your own
+- After setup, immediately retry the action that failed (only retry once)
+---

.gitignore

@@ -35,6 +35,8 @@ testsprite_tests/
 .env
 auth.json
 *.key
+firebase-credentials.json
+*firebase-adminsdk*.json
 
 # Audit & PR artifacts (never commit these)
 audit_report.md
@@ -61,4 +63,7 @@ graphify-out/
 infrastructure/
 experts/
 docs/brain/run2-stickystate/
-agy_log.txt
+agy_log.txt
+
+#Ignore vscode AI rules
+.github\instructions\codacy.instructions.md

conductor/tracks/pr_workflow_hardening_20260522/plan.md

@@ -0,0 +1,31 @@
+# Implementation Plan: Hardening PR Hygiene & Epic Workflow Automation
+
+## Objective
+Fix the "Dirty Branch" violation that stops the PR Perfection Loop and ensure the Orchestrator (Bob) automatically initiates `/pr-loop` at the end of every Epic.
+
+## Key Files & Context
+- `scripts/verify_pr_hygiene.ps1`: The gatekeeper script for PR cleanliness.
+- `.bob/commands/pr-loop.md`: The definition of the PR Perfection Loop.
+- `.bob/commands/epic-run.md`: The high-level orchestration for Epics.
+- `.bob/rules/00-pr-hygiene.md`: New general rules for PR hygiene.
+
+## Proposed Changes
+
+### 1. Automation & Script Hardening
+- **`scripts/verify_pr_hygiene.ps1`**: Improve error messaging for "Dirty Branch" to provide actionable `git` commands.
+- **`.bob/commands/pr-loop.md`**: Update "Step 0: Pre-Flight Hygiene" to automatically perform `git fetch origin main` and `git rebase origin/main` before verification.
+
+### 2. Workflow Orchestration
+- **`.bob/commands/epic-run.md`**:
+    - Insert a mandatory **Phase 6: PR Submission & Perfection** before the final completion report.
+    - Automate PR creation using the GitHub CLI (`gh pr create`).
+    - Mandate the execution of `/pr-loop <PR_NUMBER>` until 100/100 PHS is achieved.
+    - Move the `[EPIC-COMPLETE]` summary block to only trigger after the final PHS 100/100 is confirmed.
+
+### 3. Behavioral Rules
+- **`.bob/rules/00-pr-hygiene.md`** (New File): Establish a project-wide mandate for rebased branches and continuous hygiene.
+
+## Verification & Testing
+1. **Script Validation**: Run `powershell -File .\scripts\verify_pr_hygiene.ps1` on a branch that is behind `main` and verify the new error message is clear.
+2. **Workflow Dry Run**: Review the updated `.bob/commands/` files to ensure logical flow from Epic Completion to PR Perfection.
+3. **PHS Check**: Verify that `/pr-loop` logic correctly handles the rebase step without human intervention.