Separation of opt-in question for extensions (Progressive Disclosure) (#111)

* Separation of opt-in question for extensions

* Removed duplication with line 40

Author: raj-jain-aws

README.md

@@ -500,7 +500,7 @@ AI-DLC supports an extension system that lets you layer additional rules on top
 
 Extensions are grouped by category (e.g., `security/`, `scalability/`, `accessibility/`). Each category can contain its own rules and any number of subcategories you define.
 
-Each extension should include an **Applicability Question** — a structured multiple-choice question that AI-DLC automatically presents during the Requirements Analysis phase. This lets the user decide whether to enable or skip that extension for the current project. For example, the built-in security extension includes:
+Each extension should include an **Opt-In Prompt** — a structured multiple-choice question that AI-DLC automatically presents during the Requirements Analysis phase. This lets the user decide whether to enable or skip that extension for the current project. For example, the built-in security extension includes:
 
 ```markdown
 ## Question: Security Extensions
@@ -513,11 +513,11 @@ X) Other (please describe)
 [Answer]:
 ```
 
-When you create your own extensions, include a similar applicability question so users can opt in or out per project.
+When you create your own extensions, include a similar opt-in prompt so users can opt in or out per project.
 
 Here's the general flow once an extension is enabled:
 
-1. During the Inception phase, AI-DLC presents the extension's applicability question.
+1. During the Inception phase, AI-DLC presents the extension's opt-in prompt.
 2. If enabled, the extension's rules are loaded as mandatory, blocking constraints that apply across all AI-DLC phases.
 3. At each stage, the model verifies compliance with all loaded extension rules before allowing the stage to proceed.
 

aidlc-rules/aws-aidlc-rule-details/extensions/security/baseline/security-baseline.md

@@ -22,23 +22,6 @@ Verification items in this document are plain bullet points describing complianc
 
 ---
 
-## Applicability Question
-
-The following question is automatically included in the Requirements Analysis clarifying questions when this extension is loaded:
-
-```markdown
-## Question: Security Extensions
-Should security extension rules be enforced for this project?
-
-A) Yes — enforce all SECURITY rules as blocking constraints (recommended for production-grade applications)
-B) No — skip all SECURITY rules (suitable for PoCs, prototypes, and experimental projects)
-X) Other (please describe after [Answer]: tag below)
-
-[Answer]: 
-```
-
----
-
 ## Rule SECURITY-01: Encryption at Rest and in Transit
 
 **Rule**: Every data persistence store (databases, object storage, file systems, caches, or any equivalent) MUST have:

aidlc-rules/aws-aidlc-rule-details/extensions/security/baseline/security-baseline.opt-in.md

@@ -0,0 +1,18 @@
+# Security Baseline — Opt-In
+
+**Extension**: Security Baseline
+
+## Opt-In Prompt
+
+The following question is automatically included in the Requirements Analysis clarifying questions when this extension is loaded:
+
+```markdown
+## Question: Security Extensions
+Should security extension rules be enforced for this project?
+
+A) Yes — enforce all SECURITY rules as blocking constraints (recommended for production-grade applications)
+B) No — skip all SECURITY rules (suitable for PoCs, prototypes, and experimental projects)
+X) Other (please describe after [Answer]: tag below)
+
+[Answer]: 
+```

aidlc-rules/aws-aidlc-rule-details/inception/requirements-analysis.md

@@ -90,9 +90,12 @@ Analyze whatever the user has provided:
 
 **When in doubt, ask questions** - incomplete requirements lead to poor implementations.
 
-### Step 5.1: Extension Applicability Questions
+### Step 5.1: Extension Opt-In Prompts
 
-**MANDATORY**: Scan all loaded extension files for an `## Applicability Question` section. For each extension that declares one, include that question in the clarifying questions file created in Step 6. After receiving answers, record each extension's enablement status in `aidlc-docs/aidlc-state.md` under `## Extension Configuration`:
+**MANDATORY**: Scan all loaded `*.opt-in.md` files (loaded at workflow start from `extensions/` subdirectories) for an `## Opt-In Prompt` section. For each extension that declares one, include that question in the clarifying questions file created in Step 6.
+
+After receiving answers:
+1. Record each extension's enablement status in `aidlc-docs/aidlc-state.md` under `## Extension Configuration`:
 
 ```markdown
 ## Extension Configuration
@@ -101,6 +104,8 @@ Analyze whatever the user has provided:
 | [Extension Name] | [Yes/No] | Requirements Analysis |
 ```
 
+2. **Deferred Rule Loading**: For each extension the user opted IN, load the full rules file now. The rules file is derived by naming convention: strip `.opt-in.md` from the opt-in filename and append `.md` (e.g., `security-baseline.opt-in.md` → `security-baseline.md`). For extensions the user opted OUT, do NOT load the full rules file.
+
 ### Step 6: Generate Clarifying Questions (PROACTIVE APPROACH)
    - **ALWAYS** create `aidlc-docs/inception/requirements/requirement-verification-questions.md` unless requirements are exceptionally clear and complete
    - Ask questions about ANY missing, unclear, or ambiguous areas

aidlc-rules/aws-aidlc-rules/core-workflow.md

@@ -25,22 +25,28 @@ All subsequent rule detail file references (e.g., `common/process-overview.md`,
 - Load `common/question-format-guide.md` for question formatting rules
 - Reference these throughout the workflow execution
 
-## MANDATORY: Extensions Loading
-**CRITICAL**: At workflow start, scan the `extensions/` directory recursively for all `.md` files. These are extension rule files that apply as cross-cutting constraints across the entire workflow.
+## MANDATORY: Extensions Loading (Context-Optimized)
+**CRITICAL**: At workflow start, scan the `extensions/` directory recursively but load ONLY lightweight opt-in files — NOT full rule files. Full rule files are loaded on-demand after the user opts in.
 
 **Loading process**:
 1. List all subdirectories under `extensions/` (e.g., `extensions/security/`, `extensions/compliance/`)
-2. Load every `.md` file found within those subdirectories
-3. Each extension file defines its own verification criteria and enforcement rules as cross-cutting constraints
+2. In each subdirectory, load ONLY `*.opt-in.md` files — these contain the extension's opt-in prompt. The corresponding rules file is derived by convention: strip the `.opt-in.md` suffix and append `.md` (e.g., `security-baseline.opt-in.md` → `security-baseline.md`)
+3. Do NOT load full rule files (e.g., `security-baseline.md`) at this stage
 
-**Enforcement**:
+**Deferred Rule Loading**:
+- During Requirements Analysis, opt-in prompts from the loaded `*.opt-in.md` files are presented to the user
+- When the user opts IN for an extension, load the corresponding rules file (derived by naming convention) at that point
+- When the user opts OUT, the full rules file is never loaded — saving context
+- Extensions without a matching `*.opt-in.md` file are always enforced — load their rule files immediately at workflow start
+
+**Enforcement** (applies only to loaded/enabled extensions):
 - Extension rules are hard constraints, not optional guidance
 - At each stage, the model intelligently evaluates which extension rules are applicable based on the stage's purpose, the artifacts being produced, and the context of the work — enforce only those rules that are relevant
 - Rules that are not applicable to the current stage should be marked as N/A in the compliance summary (this is not a blocking finding)
 - Non-compliance with any applicable enabled extension rule is a **blocking finding** — do NOT present stage completion until resolved
 - When presenting stage completion, include a summary of extension rule compliance (compliant/non-compliant/N/A per rule, with brief rationale for N/A determinations)
 
-**Conditional Enforcement**: Extensions may be conditionally enabled/disabled. See `inception/requirements-analysis.md` for the collection mechanism. Before enforcing any extension at ANY stage, check its `Enabled` status in `aidlc-docs/aidlc-state.md` under `## Extension Configuration`. Skip disabled extensions and log the skip in audit.md. Default to enforced if no configuration exists. Extensions without an `## Applicability Question` are always enforced.
+**Conditional Enforcement**: Extensions may be conditionally enabled/disabled. See `inception/requirements-analysis.md` for the opt-in mechanism. Before enforcing any extension at ANY stage, check its `Enabled` status in `aidlc-docs/aidlc-state.md` under `## Extension Configuration`. Skip disabled extensions and log the skip in audit.md. Default to enforced if no configuration exists. 
 
 ## MANDATORY: Content Validation
 **CRITICAL**: Before creating ANY file, you MUST validate content according to `common/content-validation.md` rules: