Rule Coupling Diagnosis
| Rule | Lines | Role | |---|---:|---| | 00-identity | 78 | Meta (priority + conflict matrix) | | 01-git | 113 | Guardrail | | 02-code | 65
Date: 2026-04-08 Purpose: Identify over-coupled rules in
core/rules/so that a single fix does not cascade into 4~5 files. Trigger: Recent commits (guard-scope,safety-manifest,01-git,04-workflow) showed symptoms of cascade edits. Confidence:[검증됨]grep + line counts /[추론]interpretation
1. Size Distribution [검증됨]
| Rule | Lines | Role |
|---|---|---|
| 00-identity | 78 | Meta (priority + conflict matrix) |
| 01-git | 113 | Guardrail |
| 02-code | 65 | Mixed (guardrail + style) |
| 03-security | 157 | Guardrail |
| 04-workflow | 257 | Hub (gates + modes + protocols) |
| 05-responses | 86 | Prescription (format) |
| 06-session | 113 | Prescription (HANDOFF schema) |
| 07-db | 237 | Guardrail + procedure |
| 08-local-env | 241 | Prescription (setup recipes) |
| 08-ui-first | 71 | Prescription |
| 09-hooks-guide | 257 | Catalog + examples |
| 10-subagent-patterns | 128 | Prescription (roles matrix) |
| Total | 1803 |
Three files (04-workflow, 07-db, 08-local-env, 09-hooks-guide) occupy 55% of the total line count. These are the cascade risk concentration points.
2. Rule → Rule Reference Graph [검증됨]
Arrows point from the referrer to the referenced rule.
00-identity ──┬─→ 01-git (x3)
├─→ 03-security (x2)
├─→ 04-workflow
└─→ 07-db (x2)
01-git ───────┬─→ 04-workflow
└─→ 06-session
02-code ──────→ (none — isolated)
03-security ──→ (none — isolated, correctly)
04-workflow ──┬─→ 01-git
├─→ 07-db
└─→ 02-code
05-responses ─→ 04-workflow
06-session ───→ 08-ui-first
07-db ────────→ 03-security
08-ui-first ──→ (none)
09-hooks-guide ┬─→ 01-git
├─→ 04-workflow
└─→ 05-responses
10-subagent ──┬─→ 02-code
└─→ 03-security
In-degree (how many rules reference this rule)
| Rule | In-degree | Interpretation |
|---|---|---|
| 04-workflow | 4 | Hub — most cited, highest cascade risk |
| 01-git | 3 | Guardrail correctly cited |
| 03-security | 3 | Guardrail correctly cited |
| 07-db | 2 | Guardrail correctly cited |
| 02-code | 2 | Mixed — style rules leak |
| 05-responses | 1 | Unexpected — a format rule shouldn't be cited |
| 06-session | 1 | Self-referenced loop with 04-workflow |
| 08-ui-first | 1 | |
| Others | 0 | Leaves |
3. Shared Artifact Graph (The Real Cascade Source) [검증됨]
Rules do not cascade through cross-references alone — they cascade through shared file artifacts. Changing the location or schema of any artifact below forces edits across N rule files.
| Artifact | Rules that mention it | Cascade fan-out |
|---|---|---|
| SESSION.md | 03-security, 04-workflow (x4), 06-session (x10), 10-subagent (x2) | 4 files |
| INTENT.md | 02-code, 04-workflow (x6), 05-responses (x2), 06-session (x2), 08-ui-first | 5 files |
| WORKLOG/ | 04-workflow (x5), 06-session (x3) | 2 files |
| HANDOFF block | 03-security, 06-session (x5) | 2 files |
| DESIGN.md | 04-workflow (x3) | 1 file |
| FAILURE_LOG.md | 04-workflow (x2), 06-session | 2 files |
| FIXME.md | 04-workflow (x3) | 1 file |
| ACTIVE_WORK.md | 06-session (x2) | 1 file |
Hotspot: INTENT.md [검증됨]
If you change where INTENT.md lives, its schema, or whether it is required, you must edit:
02-code— repo scan allowlist04-workflow— G1 gate, Auto-Pick from Backlog, INTENT→SESSION pattern, Drift Detection, Decision Log05-responses— Repo Scan exception clause06-session— Step 0 bootstrap check, Step 4 read order08-ui-first— context.docs registrationengine/governance/.../safety-manifest.yaml— sensitive paths- Possibly
guard-scope.shif INTENT becomes a protected file
One schema change → 6~7 files. This is the Anthropic-style cascade problem manifest.
Hotspot: SESSION.md HANDOFF block [검증됨]
The HANDOFF block has 10 fields (date / branch / agent / status / done / next / blocked / failures / files_touched / verify_cmd / first_action / handoff_provenance). Each field is referenced by one or more rules:
failures→ 04-workflow Failure Protocolhandoff_provenance→ 06-session Trust Modeldone→ 03-security R2 audit trailnext→ 06-session re-verificationverify_cmd,first_action→ 06-session only
Adding/removing one field forces edits in 2~3 rule files plus the governance manifest.
4. Duplication Between 04-workflow and 06-session [검증됨]
These two rules overlap substantially:
| Topic | In 04-workflow | In 06-session |
|---|---|---|
| SESSION.md snapshot on context limit | L133, L151 | L105~ |
| INTENT.md check at session start | L144~ | L25, L34 |
| WORKLOG update cadence | L153~ | L94~ |
| FAILURE_LOG maintenance | L201~ | L101 |
Same topic described in two places with slightly different wording. The agent has to reconcile them on every read.
5. Mixed Rules (Guardrail + Prescription) [추론]
These files combine "don'ts" (real guardrails) with "how-tos" (style prescriptions). Fixing a style rule feels like editing a guardrail file, which raises the cost of small improvements.
| File | Guardrail portion | Prescription portion (candidate to move out) |
|---|---|---|
| 02-code | Hardcoded secrets, PII in logs, SQL injection | lazy() imports, Tailwind scale, shared Form component, response_model mandatory |
| 04-workflow | Protected branch, R2 confirmation phrase | G1~G4 gate artifacts, WORKLOG format, TodoWrite template |
| 07-db | Destructive command list | Backup script recipes, env-specific command tables |
| 08-local-env | DB name collision | Port auto-discovery scripts for Node/Python |
The guardrail portions should stay in core/. The prescription portions should move to extensions/ (stack-specific) or docs/guide/ (reference handbooks).
6. Coupling Score (Rough) [추론]
A back-of-envelope score: (in-degree) + (shared artifact count) × 2.
| Rule | Score | Interpretation |
|---|---|---|
| 04-workflow | 4 + (SESSION+INTENT+WORKLOG+DESIGN+FAILURE+FIXME)×2 = 16 | Top hub — highest refactor leverage |
| 06-session | 1 + (SESSION+INTENT+WORKLOG+HANDOFF+ACTIVE)×2 = 11 | Second hub, mostly mirrors 04-workflow |
| 02-code | 2 + (INTENT)×2 = 4 | Leaks via INTENT |
| 03-security | 3 + (SESSION+HANDOFF)×2 = 7 | High score but correctly coupled (guardrail) |
| Others | ≤ 4 | Low |
04-workflow and 06-session together account for most of the cascade cost.
7. Root Causes [추론]
- One artifact, many consumers. INTENT.md and SESSION.md are mentioned across half the rule files. They act as global variables.
- Procedural duplication. 04-workflow and 06-session both describe the session lifecycle from different angles.
- Style rules live next to guardrails. 02-code Hard Bans mixes
dangerouslySetInnerHTML(real security) withlazy()imports (style). - Format rules (05-responses) are cited by other rules. Format should be a leaf, never a referent.
- No explicit core/extension boundary. Nothing in core/ marks which clauses projects may override, so projects fork core instead.
8. Refactor Leverage Points (Ordered by ROI)
L1 — Merge 04-workflow + 06-session into one lifecycle rule [high ROI]
Eliminate duplication. Target: single 04-lifecycle.md ≤ 200 lines containing modes, gates (compressed to G1/G3 only), and HANDOFF schema. Drop G2/G4 as separate gates — fold into G1 (plan) and G3 (verify).
Expected effect: removes ~170 lines, cuts SESSION.md/INTENT.md fan-out by half.
L2 — Demote INTENT.md from "required artifact" to "optional anchor" [high ROI]
Make INTENT.md optional. Rules should reference it as "if present, use for scope" instead of "must exist". This alone removes the 6-file cascade.
Expected effect: 02-code, 05-responses, 08-ui-first lose their INTENT.md references entirely.
L3 — Compress HANDOFF block from 10 fields to 3 [medium ROI]
Keep only next, blocked, status. Everything else becomes optional. The trust model re-verification already makes most fields advisory.
Expected effect: 06-session shrinks by ~40 lines, 03-security R2 audit trail can use a simpler log.
L4 — Split 02-code into 02-code-guardrails (core) + stack extensions [medium ROI]
Move React/FastAPI-specific Hard Bans to extensions/react/ and extensions/fastapi/. Keep only stack-neutral guardrails in core.
Expected effect: 02-code drops to ~25 lines. Projects override stack extensions without touching core.
L5 — Mark 05-responses as "leaf-only" [low ROI, easy] [검증됨]
Add a header note: "No other rule may cite this file." Then remove the 04-workflow Minimal Footprint back-reference at L41. Format rules should not participate in the reference graph.
9. What NOT to Touch
These look coupled but the coupling is correct (guardrails should be cited by many places):
03-securityin-degree = 3 → correct, security should be referenced01-gitin-degree = 3 → correct, irreversible ops should be referenced07-dbin-degree = 2 → correct
Do not attempt to "decouple" these. The goal is to decouple prescriptions, not guardrails.
10. Decision Log
- why: User observed that small changes cascade across many rule files, mirroring the Anthropic "over-specified plan → brittle agent" problem. Needed data before refactoring.
- alternatives: (a) refactor blindly based on intuition, (b) write this diagnosis first, (c) ask the user which rules feel heaviest. Chose (b) for evidence-based prioritization.
- rule_applied: 05-responses (reliability labels), HARNESS_ENGINEERING §5 (separation of policy vs. harness)
- reversibility: R0 — pure analysis document, no code changes
- next: Decide with user whether to start with L1 (merge lifecycle rules) or L2 (demote INTENT.md). L2 is lower risk; L1 is higher payoff.