docs: consolidate skills with decision matrices and hierarchy

Phase 2 of Skills Repository Improvement Plan:

- Logging: Demote dotnet-logging-serilog to deprecated, add serilog-implementation.md
  to observability-logging-baseline references
- Security: Add decision matrices to security-processes, static-analysis-security,
  and quality-gate-enforcement showing when to use each
- Bootstrapping: Add hierarchy documentation to greenfield-baseline,
  automated-standards-enforcement, and repo-best-practices-bootstrap
- Testing: Add decision tree to testing-strategy-agnostic for skill selection

All skills now have clear "Do NOT use when" guidance and cross-references.

Refs: #381

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: mcj-coder

skills/automated-standards-enforcement/SKILL.md

@@ -1,6 +1,9 @@
 ---
 name: automated-standards-enforcement
 description: Use when creating or modifying any repository to establish automated quality enforcement (linting, spelling, tests, SAST, security). Applies by default unless user explicitly refuses. Ensures clean build policy with minimal developer friction.
+metadata:
+  type: Platform
+  priority: P0
 ---
 
 # Automated Standards Enforcement
@@ -11,6 +14,37 @@ description: Use when creating or modifying any repository to establish automate
 
 **REQUIRED:** superpowers:verification-before-completion, superpowers:test-driven-development
 
+## Bootstrapping Skills Decision Matrix
+
+Use this matrix to select the appropriate bootstrapping skill:
+
+| If You Need To...                                            | Use This Skill                             |
+| ------------------------------------------------------------ | ------------------------------------------ |
+| Start a new project from scratch                             | greenfield-baseline                        |
+| Add/audit quality tooling (linting, tests, SAST)             | **automated-standards-enforcement** (this) |
+| Add/audit repo security (branch protection, secret scanning) | repo-best-practices-bootstrap              |
+
+### Skill Scope Comparison
+
+| Aspect            | greenfield-baseline          | automated-standards-enforcement | repo-best-practices-bootstrap |
+| ----------------- | ---------------------------- | ------------------------------- | ----------------------------- |
+| **Primary Focus** | Project foundation           | Quality tooling                 | Repo security/compliance      |
+| **Project State** | New (no existing code)       | New or existing                 | New or existing               |
+| **Outputs**       | Repo structure, CI/CD, docs  | Linting, tests, SAST config     | Branch rules, secrets config  |
+| **Triggers**      | Entry point for new projects | Auto-triggered or standalone    | Use after structure exists    |
+
+### Invocation Context
+
+- **Greenfield projects**: Auto-triggered by greenfield-baseline
+- **Brownfield projects**: Invoke directly with brownfield approach
+- **Existing repos**: Invoke directly for quality tooling audit/addition
+
+### Do NOT Use This Skill When
+
+- Starting a brand new project (use greenfield-baseline, which triggers this skill)
+- Only need repo security/compliance (use repo-best-practices-bootstrap)
+- Quality tooling already exists and passes (no changes needed)
+
 ## When to Use
 
 - Creating/modifying repository

skills/dotnet-logging-serilog/SKILL.md

@@ -1,8 +1,20 @@
 ---
 name: dotnet-logging-serilog
 description: Standardise logging on ILogger with Serilog as the provider; ensure startup exceptions are logged as Critical.
+metadata:
+  status: deprecated
+  superseded-by: observability-logging-baseline
 ---
 
+> **DEPRECATED**: This skill has been consolidated into `observability-logging-baseline`.
+>
+> - For comprehensive observability guidance (logs, metrics, traces), use
+>   **`observability-logging-baseline`**
+> - For .NET-specific Serilog patterns, see
+>   **`observability-logging-baseline/references/serilog-implementation.md`**
+>
+> This skill remains for backwards compatibility but will not receive updates.
+
 ## Core
 
 ### When to use

skills/greenfield-baseline/SKILL.md

@@ -1,6 +1,9 @@
 ---
 name: greenfield-baseline
 description: Use when starting a new project from scratch to establish proper foundation with quality gates, repository structure, CI/CD, and development standards before any feature work begins.
+metadata:
+  type: Platform
+  priority: P2
 ---
 
 # Greenfield Baseline
@@ -14,6 +17,41 @@ standards that prevent technical debt from day one.
 
 **REQUIRED:** superpowers:verification-before-completion, superpowers:test-driven-development
 
+## Bootstrapping Skills Decision Matrix
+
+Use this matrix to select the appropriate bootstrapping skill:
+
+| If You Need To...                                            | Use This Skill                  |
+| ------------------------------------------------------------ | ------------------------------- |
+| Start a new project from scratch                             | **greenfield-baseline** (this)  |
+| Add/audit quality tooling (linting, tests, SAST)             | automated-standards-enforcement |
+| Add/audit repo security (branch protection, secret scanning) | repo-best-practices-bootstrap   |
+
+### Skill Scope Comparison
+
+| Aspect            | greenfield-baseline          | automated-standards-enforcement  | repo-best-practices-bootstrap |
+| ----------------- | ---------------------------- | -------------------------------- | ----------------------------- |
+| **Primary Focus** | Project foundation           | Quality tooling                  | Repo security/compliance      |
+| **Project State** | New (no existing code)       | New or existing                  | New or existing               |
+| **Outputs**       | Repo structure, CI/CD, docs  | Linting, tests, SAST config      | Branch rules, secrets config  |
+| **Triggers**      | Entry point for new projects | Triggered by greenfield-baseline | Use after structure exists    |
+
+### Invocation Order for New Projects
+
+```text
+1. greenfield-baseline         (establish project structure)
+   ├── automated-standards-enforcement (quality tooling - auto-triggered)
+   └── repo-best-practices-bootstrap   (security config - invoke after)
+2. walking-skeleton-delivery   (E2E validation - invoke after baseline)
+```
+
+### Do NOT Use This Skill When
+
+- Project has existing code or structure (this is brownfield - use automated-standards-enforcement
+  with brownfield strategy)
+- Only need to add quality tooling (use automated-standards-enforcement directly)
+- Only need security/compliance audit (use repo-best-practices-bootstrap directly)
+
 ## When to Use
 
 - Creating a brand new project or repository

skills/observability-logging-baseline/references/README.md

@@ -0,0 +1,10 @@
+# References
+
+Reference materials for observability logging baseline, including platform-specific
+implementation guides.
+
+## Contents
+
+| File                                                   | Description                                                          |
+| ------------------------------------------------------ | -------------------------------------------------------------------- |
+| [serilog-implementation.md](serilog-implementation.md) | .NET-specific Serilog implementation patterns for structured logging |

skills/observability-logging-baseline/references/serilog-implementation.md

@@ -0,0 +1,247 @@
+# Serilog Implementation for .NET
+
+This reference provides .NET-specific guidance for implementing structured logging with Serilog,
+complementing the platform-agnostic guidance in the main observability-logging-baseline skill.
+
+## Overview
+
+Serilog is the recommended logging provider for .NET applications. It provides:
+
+- Structured logging with message templates
+- Rich sink ecosystem for log destinations
+- Enrichers for contextual data
+- Integration with Microsoft.Extensions.Logging
+
+## Core Principles
+
+### ILogger Abstraction
+
+Application code must depend on `Microsoft.Extensions.Logging.ILogger` only:
+
+```csharp
+public sealed class CustomerService
+{
+    private readonly ILogger<CustomerService> _logger;
+
+    public CustomerService(ILogger<CustomerService> logger) => _logger = logger;
+
+    public void DoWork(CustomerId id)
+    {
+        _logger.LogInformation("Processing customer {CustomerId}", id);
+    }
+}
+```
+
+**Review rule**: Reject PRs that inject/use `Serilog.ILogger` directly in application code
+when `Microsoft.Extensions.Logging.ILogger` suffices.
+
+### Startup Exception Logging
+
+Exceptions during host startup must be logged at **Critical** severity:
+
+```csharp
+using Microsoft.Extensions.Hosting;
+using Serilog;
+
+Log.Logger = new LoggerConfiguration()
+    .WriteTo.Console()
+    .CreateBootstrapLogger();
+
+try
+{
+    var builder = Host.CreateApplicationBuilder(args);
+
+    builder.Services.AddSerilog((services, lc) => lc
+        .ReadFrom.Configuration(builder.Configuration)
+        .ReadFrom.Services(services)
+        .Enrich.FromLogContext());
+
+    var app = builder.Build();
+
+    await app.RunAsync();
+}
+catch (Exception ex)
+{
+    Log.Fatal(ex, "Host terminated unexpectedly");
+    throw;
+}
+finally
+{
+    Log.CloseAndFlush();
+}
+```
+
+**Key points:**
+
+- Use a bootstrap logger early to capture exceptions during host building
+- Log startup failures at Critical/Fatal severity
+- Ensure `Log.CloseAndFlush()` is called to flush buffered logs
+
+## Azure Integration
+
+### Application Insights
+
+When running in Azure with Application Insights enabled:
+
+```csharp
+var builder = Host.CreateDefaultBuilder()
+    .ConfigureServices(services =>
+    {
+        services.AddApplicationInsightsTelemetry();
+    })
+    .UseSerilog((context, config) =>
+    {
+        var instrumentationKey = context.Configuration["ApplicationInsights:InstrumentationKey"];
+        config
+            .MinimumLevel.Debug()
+            .WriteTo.ApplicationInsights(
+                new TelemetryClient(new TelemetryConfiguration(instrumentationKey)),
+                TelemetryConverter.Traces);
+    });
+```
+
+**Requirements:**
+
+- Severity levels must map correctly to App Insights telemetry
+- Structured log properties must be preserved
+- Correlation/trace identifiers must be maintained
+
+### OpenTelemetry Integration
+
+When OpenTelemetry is present, configure Serilog to participate in the telemetry pipeline:
+
+- Correlate logs with traces
+- Align operation and trace IDs
+- Support end-to-end diagnostics
+
+## Unhandled Exception Handling
+
+### Web Applications
+
+Register global exception handling middleware early in the pipeline:
+
+```csharp
+app.UseExceptionHandler(errorApp =>
+{
+    errorApp.Run(async context =>
+    {
+        var logger = context.RequestServices.GetRequiredService<ILogger<Program>>();
+        var exceptionHandler = context.Features.Get<IExceptionHandlerFeature>();
+
+        if (exceptionHandler?.Error != null)
+        {
+            logger.LogError(exceptionHandler.Error,
+                "Unhandled exception for {Method} {Path}",
+                context.Request.Method,
+                context.Request.Path);
+        }
+
+        context.Response.StatusCode = 500;
+        await context.Response.WriteAsync("An error occurred");
+    });
+});
+```
+
+### Worker Services
+
+Wrap top-level execution loops:
+
+```csharp
+protected override async Task ExecuteAsync(CancellationToken stoppingToken)
+{
+    while (!stoppingToken.IsCancellationRequested)
+    {
+        try
+        {
+            await DoWorkAsync(stoppingToken);
+        }
+        catch (Exception ex) when (ex is not OperationCanceledException)
+        {
+            _logger.LogError(ex, "Error in worker execution");
+            await Task.Delay(TimeSpan.FromSeconds(30), stoppingToken);
+        }
+    }
+}
+```
+
+## Verification
+
+### Fail-Fast Startup Test
+
+```csharp
+[Fact]
+public async Task Host_StartupWithLoggingError_LogsExceptionAsCritical()
+{
+    // Arrange: Create a host with intentionally broken configuration
+    var logs = new List<LogEvent>();
+
+    var builder = Host.CreateDefaultBuilder()
+        .ConfigureServices(services =>
+        {
+            services.AddSingleton(new BrokenDependency()); // Throws during startup
+        })
+        .UseSerilog((context, config) =>
+        {
+            config
+                .MinimumLevel.Debug()
+                .WriteTo.Sink(new CollectingSink(logs));
+        });
+
+    // Act & Assert: Verify exception is logged as Critical before propagating
+    var ex = await Assert.ThrowsAsync<InvalidOperationException>(
+        () => builder.Build().RunAsync());
+
+    // Verify Critical-level log entry exists
+    var criticalLog = logs.FirstOrDefault(le => le.Level == LogEventLevel.Fatal);
+    Assert.NotNull(criticalLog);
+    Assert.Contains(typeof(InvalidOperationException).Name, criticalLog.MessageTemplate.Text);
+}
+```
+
+### Startup Logging Checklist
+
+- [ ] Bootstrap logger captures exceptions before host configuration completes
+- [ ] Startup exceptions are logged at **Critical** (or **Fatal**) severity
+- [ ] Exception details (stack trace, message) are included in the log
+- [ ] Correlation/trace IDs are present if available
+- [ ] Logs flow to Application Insights (if configured)
+- [ ] No startup exceptions are silently swallowed
+
+## Operational Hygiene
+
+### Enrichment
+
+```csharp
+.Enrich.FromLogContext()
+.Enrich.WithMachineName()
+.Enrich.WithEnvironmentName()
+.Enrich.WithProperty("Application", "MyApp")
+```
+
+### PII Redaction
+
+Enforce PII/secret redaction policies:
+
+```csharp
+.Destructure.ByTransforming<CreditCard>(cc => new
+{
+    Last4 = cc.Number.Substring(cc.Number.Length - 4),
+    cc.ExpiryMonth,
+    cc.ExpiryYear
+})
+```
+
+### Sink Configuration
+
+| Environment | Recommended Sinks                          |
+| ----------- | ------------------------------------------ |
+| Local/Dev   | Console (coloured, structured)             |
+| Staging     | Console + File + Centralized (e.g., Seq)   |
+| Production  | Centralized sink (Seq, App Insights, etc.) |
+
+## Review Rules
+
+- Reject PRs that inject/use `Serilog.ILogger` directly when `ILogger` suffices
+- Reject PRs that swallow startup exceptions without Critical-level logging
+- Ensure logs are structured (properties) rather than string concatenation
+- Verify startup failures are captured by bootstrap logger