Build 956: Audit Remediation

.agent/standards_manifesto.md

@@ -24,12 +24,9 @@ This document provides the immutable technical standards for all AI agents (Anth
 
 - **Advisor (Antigravity):** The **"General Manager."** Handles high-level brainstorming, diagnosing market issues, and engineering the core "Mission Prompt."
 - **Desk Supervisor & Lab (Gemini CLI):** The **"Quant & Compliance."** Uses **Conductor/ODIN** to turn Antigravity prompts into rigid technical plans. Uses the **Sandbox** to test math/logic in Python before implementation. Runs local security/lint audits.
-- **Lead Engineer (Claude/Sonnet):** The **"Execution Specialist."** Use **Sonnet** (latest) for all implementation. Sonnet is faster and optimized for code generation. Reserve Opus for architectural deep-dives only (complex broker-native design, multi-phase FSM design).
-- **Forensic Auditor (Codex):** The **"Deep Logic Inspector."** Performs a 360-degree forensic scan for logic traps/leaks. Code trace only — never ask Codex for patches.
-- **Secondary Auditor (Cursor AI):** The **"Peer Reviewer."** Performed by the Cursor agent to provide a cross-verification audit from a different model perspective.
-- **Maintenance Inspector (Human):** The **"Final Sign-off."** Used by the Fund Manager in Cursor to perform visual review and manual polish.
-- **Context Layer (OneContext):** The **"Order Book."** Maintains a shared trajectory of all agent thoughts and actions.
-- **The Bridge:** Handoffs are managed via `implementation_plan.md`, `session_handoff.md`, and **OneContext snapshots**.
+- **Lead Engineer (Claude/Sonnet):** The **"Execution Specialist."** Use **Sonnet** (latest) for all implementation. Sonnet is functionally autonomous: it creates its own branches, executes repairs, and **calls for automated audits** by opening PRs.
+- **The Loop:** Repair Mission -> Sonnet Handoff -> Branch/Code/Push -> PR Re-Audit Matrix (Opus/Gemini) -> Merge.
+- **The Bridge:** Handoffs are managed via `implementation_plan.md`, `session_handoff.md`, and **Mission Brief** artifacts.
 
 ## 5. Multi-Agent Parity & Sync Protocol
 
@@ -168,7 +165,12 @@ OnLineInfo ... status=open <- live untracked GTC order at broker
 - **The "Do Not Interrupt" Protocol:** Agents operating in standard execution mode should complete their logical batches and commit _autonomously_. Do not pause mid-task to ask for user check-ins unless explicitly blocked by a missing file or a hard compilation failure.
 - **.NET 4.8 Hardening Hook:** Target framework is .NET 4.8. Do NOT use C# features unavailable in .NET 4.8 (e.g., range operators `[..]`, `Index`/`Range` types, default interface implementations). Always use `CultureInfo.InvariantCulture` for numeric parsing. This must be checked before every commit.
 - **The "Missing Brief" Failsafe:** Before any phase starts, the Agent MUST verify that the referenced `implementation_plan.md` or `$MISSION` artifact exists on disk. If it does not, the Agent MUST halt and ask the user for the brief, rather than attempting to guess or reverse-engineer the plan via codebase searches.
-- **Autonomy Rule (Default to Action):** Agents are empowered and EXPECTED to execute the full end-to-end lifecycle of a task autonomously. This includes branch creation, surgical implementation, local verification (compile/ASCII), git committing, pushing, and opening/updating PRs. Do not wait for manual approval to move from "Code Change" to "Git Push" if local verification (`deploy-sync.ps1`) passes.
+- **Autonomy Rule (Default to Action):** Agents are empowered and EXPECTED to execute the full end-to-end lifecycle of a task autonomously. This includes:
+  1. **Branch Creation**: Create a semantic branch (e.g., `fix/sima-dispatch-gate`).
+  2. **Surgical Implementation**: Apply changes per the Mission Brief.
+  3. **Verification**: Run local tests/ASCII checks (`deploy-sync.ps1`).
+  4. **PR Trigger**: Push and open a PR to trigger the **3-Agent Multi-Model Audit (Opus, Sonnet, Gemini)**.
+  5. **Merge**: Merge once bot-approvals and human sign-off are received.
 
 ---
 

.claude.json

@@ -0,0 +1,3 @@
+{
+  "customInstructions": "CRITICAL: You must read, ingest, and strictly adhere to the permanent project standards defined in the `.agent/standards_manifesto.md` file before making any code suggestions or architectural decisions. Do not deviate from those rules. The manifesto is the absolute single source of truth for architecture, locking, repo hygiene, and multi-agent parity."
+}

.cursorrules

@@ -1,39 +1,6 @@
-# Cursor Rules: Universal OR Strategy V12 (Full Mirror)
+# Cursor Rules: Universal OR Strategy V12
 
-Follow these rules for ALL code modifications. Reference **[.agent/standards_manifesto.md](file:///.agent/standards_manifesto.md)** for permanent safety standards.
+**CRITICAL INSTRUCTION FOR CURSOR AI:**
+You must read, ingest, and strictly adhere to the permanent project standards defined in the `c:\WSGTA\universal-or-strategy\.agent\standards_manifesto.md` file before making any code suggestions or architectural decisions.
 
-- **Language**: C# 8.0 / .NET Framework 4.8 (NinjaTrader 8).
-- **Concurrency**: All state mutations (activePositions, expectedPositions) MUST be guarded by lock(stateLock).
-- **Lifecycle**: Semaphores (_simaToggleSem) MUST be released in finally blocks.
-- **Refactoring**: Prefer explicit FirstOrDefault logic for instrument lookups (Reaper parity).
-- **Style**: Use PascalCase for methods, camelCase for local variables. Avoid dense one-liners; prioritize "Metabolic Elegance."
-
-## 🛡️ Protocol Hardening (V12.Phase7)
-
-### 1. Scope Control
-- **Surgical Edits**: AI agents MUST restrict code modifications to the specific files requested in the Mission Brief. NEVER refactor unrelated files without explicit Director authorization.
-- **Zero-Trust Planning**: Always generate an `implementation_plan.md` before applying code changes to local files.
-
-### 2. WPF/UI Guardrails
-- **Escalation**: If a UI layout or positioning task enters a loop (more than 2 failed attempts), the agent MUST halt and escalate to the Director for manual layout review.
-- **Headless Mode**: Prefer headless execution for batch logic updates; do not attempt complex UI re-styling without a visual brief.
-
-### 3. Path & Deployment Management
-- **Source Truth**: All primary NinjaScript logic resides in `src/`.
-- **Deployment**: Local builds MUST be synced to `C:\Users\Mohammed Khalid\Documents\NinjaTrader 8\bin\Custom\Strategies\` using the `/deploy` skill.
-
-## 🕹️ Director Commands ($)
-
-- **$PLAN_AUDIT**: Use `read_terminal` on the active Claude/Antigravity PID to ingest Sonnet's implementation plan. Perform a forensic logic audit before recommending approval to the Director.
-- **$MISSION**: Initialize a new project phase via a Mission Brief artifact.
-- **$AUDIT**: Trigger the `/audit` skill to scan the `src/` directory.
-
-## Agent Synchronization
-AI Agents (Anthropic, Codex, Antigravity, Cursor, Gemini) MUST follow the **[.agent/standards_manifesto.md](file:///.agent/standards_manifesto.md)** as the primary source of truth for architectural standards and safety protocols.
-
-
-## CRITICAL: ASCII-Only in All C# String Literals
-- NEVER use emoji, curly quotes, em-dashes, Unicode arrows, or box-drawing in Print() or any string literal.
-- Non-ASCII inside C# strings breaks the NinjaTrader compiler with 300+ cascading errors (Build 936 incident).
-- Allowed substitutions: (!) not emoji, -- not em-dash, -> not arrow, straight " not curly " "
-- See .agent/standards_manifesto.md Section 7 for the full rule table and emergency fix sequence.
+Do not deviate from those rules. The manifesto is the absolute absolute single source of truth for architecture, locking, repo hygiene, and multi-agent parity.

.github/copilot-instructions.md

@@ -1,49 +1,6 @@
-# Copilot Code Review Instructions — Universal OR Strategy V12
+# GitHub Copilot / Codex Rules: Universal OR Strategy V12
 
-You are reviewing a **high-integrity institutional futures trading strategy** for NinjaTrader 8 (C#).
-Lives and capital are on the line. Apply Zero-Trust protocols to every review.
+**CRITICAL INSTRUCTION FOR COPILOT/CODEX:**
+You must read, ingest, and strictly adhere to the permanent project standards defined in the `.agent/standards_manifesto.md` file before making any code suggestions or architectural decisions.
 
-## Primary Review Focus
-
-### 1. Zero-Trust IPC (CRITICAL)
-- All TCP commands must arrive via loopback (127.0.0.1) only — reject any external binding
-- Every command must pass the `AllowedIpcActions` allowlist before execution
-- UTF-8 decoding must use a **stateful per-client decoder** — never `Encoding.GetString()` on a raw buffer (split-packet risk)
-- Queue depth must be bounded (`IpcMaxQueueDepth`) to prevent memory exhaustion
-- No command longer than `IpcMaxCommandLength` should be processed
-
-### 2. SIMA Fleet Dispatch (CRITICAL)
-- `expectedPositions` mutations MUST be serialized under `stateLock`
-- `_dispatchSyncPendingExpKeys` barriers must be set before and cleared after every fleet submit
-- Reserved quantities must be rolled back (`AddExpectedPositionDeltaLocked(key, -delta)`) on any Submit exception
-- Fleet registration (activePositions, entryOrders, stopOrders) must happen BEFORE `expectedPositions` is incremented
-
-### 3. REAPER Safety (CRITICAL)
-- Fill-grace must be **per-account** (`_accountFillGraceTicks[expKey]`), never a single global timestamp
-- Repair orders must be gated by `min(ATR bound, RepairTickFence)` distance from current price
-- REAPER must never fire on the Master account (uses `SubmitOrderUnmanaged`, not follower path)
-- `_repairInFlight` guard must be set before and cleared after every repair submit
-
-### 4. Order Callbacks (HIGH)
-- Callback fills must use **signed delta rollback**, never blanket zeroing of `expectedPositions`
-- Ghost/zombie cleanup: only clear the specific `expKey` that was filled, not the entire account state
-- Bracket orders must not be submitted until the master entry is confirmed filled
-
-### 5. Threading (HIGH)
-- `Account.Flatten()` and `acct.Submit()` must NEVER be called from a background thread — always via `TriggerCustomEvent`
-- No UI Updates (Draw*, Chart*) from background threads
-- All `ConcurrentDictionary` reads are safe from background threads; `HashSet` reads MUST use `lock(stateLock)`
-
-## Naming Conventions (BMad Protocol)
-- Entry signals: `Fleet_{AccountName}_{TradeType}_{index}`
-- Stop signals: `Stop_{entryName}` (max 40 chars via `SymmetryTrim`)
-- Target signals: `T{N}_{entryName}` (max 40 chars)
-- Repair signals: must reuse the original `repairEntryName` key (NOT prefixed with "Repair_")
-
-## Auto-Reject Conditions
-Do NOT approve any PR that contains:
-- `Account.Flatten()` called directly on a background/Reaper thread
-- `expectedPositions[key] = 0` without `stateLock` (blanket zeroing)
-- `IsReaperFillGraceActive()` without an account key argument (global grace bug)
-- `Encoding.UTF8.GetString(buffer, ...)` in the IPC receive loop (stateless decoder)
-- Any IPC command processed without passing through `AllowedIpcActions` check
+Do not deviate from those rules. The manifesto is the absolute absolute single source of truth for architecture, locking, repo hygiene, and multi-agent parity.

GEMINI.md

@@ -29,6 +29,7 @@
 - **Atomic Merging**: Merge and delete feature branches immediately after successful F5 compilation and initial testing.
 - **Binary Guard**: DO NOT commit `.exe`, `.log`, or `.bak` files. Use stashing or `.gitignore`.
 - **Clean Dashboard**: All agents (Claude, Gemini, Antigravity, Rovo Dev) MUST ensure the repo is clean before starting new missions.
+- **Autonomous Repair Loop**: Every fix mission should checkout a fresh branch, implement, and open a PR to trigger the **Phase 3 Omni-Audit Matrix** (Opus, Sonnet, Gemini 2.5).
 
 ### 5. MOVE-SYNC / Follower Order Replace Pattern (Build 947+)