docs: close Feature 082 - update all documentation

Product: PRD INDEX + PRD 082 status Delivered, OKRs Feature Delivery Log (PM)
Architecture: README ADR-023 entry, Tech Stack tachi-<threat-agent> skill directories, 03_patterns Example 5 detection variant (Architect)
DevOps: no-op — content-only refactor (DevOps)
KB: KB-030 added — cite primary sources in first draft
Delivery: specs/082-threat-agent-skill/delivery.md retrospective (68 tasks, 18 waves, ~5.4h actual vs 32h estimate)
Cleanup: stale 082-threat-agent-skill-references branch deleted
Backlog: regenerated via .aod/scripts/bash/backlog-regenerate.sh

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: davidmatousek

docs/INSTITUTIONAL_KNOWLEDGE.md

@@ -617,6 +617,29 @@ Captured during structured delivery retrospective. Smooth sailing — everything
 
 ---
 
+### KB-030: Cite Primary Sources In The First Draft — Rebuild Cycles Are Avoidable
+
+**Date**: 2026-04-11
+**Category**: Enrichment / Sourcing Discipline
+**Source**: Feature 082 delivery retrospective
+**Severity**: Medium (downstream credibility, not correctness)
+
+**Problem**: Feature 082 (threat-agent-skill) added +30 new pattern categories across 11 detection skill reference files during Phase 4+5 rollout (Waves 9-11). Phase 7 security review (T048, Wave 13) flagged **5 of the new categories** for primary-source realignment — the first-draft citations referenced secondary summaries, blog posts, or paraphrased framework language rather than the authoritative originals (OWASP LLM v2025 section IDs, MITRE ATLAS technique IDs, NIST AI 600-1 subsections). Every flagged category was substantively correct; the issue was sourcing provenance, not content accuracy. T048a (Wave 13.5) rebuilt all 5 byte-verbatim preserving substance — the cost was an entire unscheduled wave (~3 tasks, a sub-phase signoff, and the overhead of re-attribution across multiple commits) for what was fundamentally a citation pass.
+
+**Root Cause**: During high-velocity enrichment waves, the natural writing flow was (a) open the primary framework, (b) internalize the category, (c) write the detection pattern in the agent's voice, (d) defer the citation to "later" when doing a sourcing sweep. Step (d) never happened inline — the authors moved to the next category as soon as the content was coherent. The T048 security review was the first full pass that checked every new category against its supposed primary, and it caught the 5 that had drifted to secondary attributions. The root cause is a *sequencing* bug, not a *knowledge* bug: the authors knew the primaries but didn't cite them in the same commit as the content.
+
+**Solution**: Cite the primary source (OWASP LLM v2025 section ID, MITRE ATLAS technique ID, NIST AI 600-1 subsection, CWE ID, OWASP Top 10 category) in the *same commit* as the detection pattern content. Do not defer attribution to a later "citation pass" or a downstream security review. When adding a new pattern category to any `.claude/skills/tachi-*/references/detection-patterns.md` file, the commit MUST include the primary-source URL or identifier in the pattern's header or footer. If the primary is not immediately at hand when drafting, write the pattern in a local scratch file and don't commit until the source is verified — one commit per category with the primary attribution inline, not one commit per wave with attribution debt to clean up later.
+
+**Result**: T048a rebuilds preserved 100% of substance while fixing all 5 primary-source attributions byte-verbatim. Phase 7 enrichment tally (T049, Wave 14) passed at 30 / 22 floor with +8 margin. The rebuild cycle added ~3 extra tasks and a sub-phase gate but did not delay delivery — Phase 7 completed in its planned wave. Zero de-scopes entered Phase 8. The Feature 082 pattern has now been codified as a first-class rule for all future enrichment waves on tachi detection references (and by extension, any detection-variant lean agent refactor).
+
+**When to Apply**: Any time a new detection pattern, finding category, threat technique, or compensating control reference is added to a skill reference file that cites an external framework (OWASP, MITRE ATT&CK, MITRE ATLAS, NIST, CWE, CIS). The inline-citation rule is now the tachi convention for enrichment commits. The broader principle applies to any content-authoring workflow where attribution is deferred: the cost of cleaning up a citation pass is always higher than the cost of citing inline, because every deferred citation becomes an unknown at review time. This lesson also generalizes to ADR-writing, architectural pattern documentation, and any other content where sourcing provenance matters for downstream credibility.
+
+**Tags**: #enrichment #sourcing #citations #primary-sources #owasp #mitre #nist #review-cycle #feature-082
+
+**Quality Score**: 8/10
+
+---
+
 ## Bug Fixes
 
 *No entries yet. Use `/kb-create` to add the first bug fix.*

docs/architecture/00_Tech_Stack/README.md

@@ -1,6 +1,6 @@
 # Technology Stack - tachi
 
-**Last Updated**: 2026-04-09
+**Last Updated**: 2026-04-11
 **Owner**: Architect
 
 ---
@@ -146,7 +146,8 @@ These are tools used by the AOD Kit itself (not the adopter's application stack)
 | `.claude/skills/tachi-report-assembly/` | report-assembler | `brand-asset-guidelines.md`, `typst-artifacts.md`, `typst-template-contract.md` (Feature 078) | Brand asset location and fallback rules, Typst artifact detection patterns with tier selection, Typst data variable contract with type specifications and image path resolution |
 | `.claude/skills/tachi-threat-reporting/` | threat-report | `narrative-templates.md`, `attack-tree-construction.md`, `attack-tree-examples.md` (Feature 078) | Executive summary structure, per-category narrative templates, attack tree construction rules with Mermaid syntax, reference attack tree examples |
 | `.claude/skills/tachi-infographics/` | threat-infographic | `infographic-specifications.md`, `template-specific-formats.md`, `gemini-prompt-construction.md`, `visual-design-system.md` (Feature 078) | Infographic specification formats, template-specific section layouts (Baseball Card, System Architecture, Risk Funnel, MAESTRO Stack, MAESTRO Heatmap -- Feature 091), Gemini API prompt construction rules, visual design system tokens |
-| `.claude/skills/tachi-shared/` | orchestrator, risk-scorer, control-analyzer, threat-report, all threat agents | `severity-bands-shared.md`, `stride-categories-shared.md`, `finding-format-shared.md` (Feature 078), `maestro-layers-shared.md` (Feature 084, corrected Feature 136) | Canonical severity band definitions (thresholds, SLA, disposition), STRIDE+AI category definitions (8 categories with DFD element applicability), finding IR format specification, CSA MAESTRO seven-layer taxonomy with keyword-to-layer mappings for component classification -- single-source-of-truth consumed by multiple agents to prevent cross-agent drift. Feature 136 corrected L5/L6/L7 layer names to canonical CSA names (L5 Evaluation and Observability, L6 Security and Compliance, L7 Agent Ecosystem), corrected the MAESTRO acronym expansion, reassigned keyword tables accordingly, and established the enum-value-only minor-bump rule for schema versioning (see ADR-020 Revision History) |
+| `.claude/skills/tachi-shared/` | orchestrator, risk-scorer, control-analyzer, threat-report, all threat agents | `severity-bands-shared.md`, `stride-categories-shared.md`, `finding-format-shared.md` (Feature 078, producer section added Feature 082), `maestro-layers-shared.md` (Feature 084, corrected Feature 136) | Canonical severity band definitions (thresholds, SLA, disposition), STRIDE+AI category definitions (8 categories with DFD element applicability), finding IR format specification with both consumer (risk-scorer, control-analyzer, threat-report) and producer (11 threat agents) audience sections (producer section added Feature 082 as additive-only extension), CSA MAESTRO seven-layer taxonomy with keyword-to-layer mappings for component classification -- single-source-of-truth consumed by multiple agents to prevent cross-agent drift. Feature 136 corrected L5/L6/L7 layer names to canonical CSA names (L5 Evaluation and Observability, L6 Security and Compliance, L7 Agent Ecosystem), corrected the MAESTRO acronym expansion, reassigned keyword tables accordingly, and established the enum-value-only minor-bump rule for schema versioning (see ADR-020 Revision History) |
+| `.claude/skills/tachi-<threat-agent>/` (11 directories) | 11 threat agents (6 STRIDE + 5 AI) | `detection-patterns.md` (Feature 082) | Per-agent detection pattern catalogs — externalized from the agent files as part of the Feature 082 detection tier lean refactor. Each companion skill directory (`tachi-spoofing`, `tachi-tampering`, `tachi-repudiation`, `tachi-info-disclosure`, `tachi-denial-of-service`, `tachi-privilege-escalation`, `tachi-prompt-injection`, `tachi-data-poisoning`, `tachi-model-theft`, `tachi-tool-abuse`, `tachi-agent-autonomy`) hosts a single `detection-patterns.md` reference file byte-preserved from the pre-refactor agent content plus +30 aggregate new categories sourced from OWASP Top 10 2021, OWASP LLM Top 10 2025, OWASP AI Exchange, MITRE ATT&CK v15+, MITRE ATLAS v5.1+ (incl. October 2025 agent techniques AML.T0058-T0062), CWE Top 25 2024, and NIST AI 600-1. Loaded via single `**MANDATORY**: Read` directive at detection start per the **detection variant** of the lean pattern — no phase-gated loads. See [ADR-023](../02_ADRs/ADR-023-threat-agent-skill-references-pattern.md). |
 
 **Infographic templates** (Feature 029, extended Feature 091): Template files for multi-template infographic generation, co-located with the portable agent set.
 

docs/architecture/03_patterns/README.md

@@ -1,6 +1,6 @@
 # Design Patterns - tachi
 
-**Last Updated**: 2026-04-02
+**Last Updated**: 2026-04-11
 **Owner**: Architect
 
 ---
@@ -257,8 +257,8 @@ aod_state_get_governance_cache() {
 
 ### Pattern: On-Demand Reference File Segmentation
 
-**Added**: Feature 030 (Context Efficiency of /aod.run), extended to agent prompts in Feature 029 (Agent Refactoring -- Right-Size), extended to agent-to-skill domain extraction in Feature 075 (Tachi Agent Best Practices), extended to shared cross-agent definitions and full-pipeline agent restructuring in Feature 078 (Agent Context Optimization)
-**ADR**: [ADR-002](../02_ADRs/ADR-002-prompt-segmentation.md)
+**Added**: Feature 030 (Context Efficiency of /aod.run), extended to agent prompts in Feature 029 (Agent Refactoring -- Right-Size), extended to agent-to-skill domain extraction in Feature 075 (Tachi Agent Best Practices), extended to shared cross-agent definitions and full-pipeline agent restructuring in Feature 078 (Agent Context Optimization), extended to the detection-tier lean refactor (11 threat agents) via the **detection variant** in Feature 082 (Threat Agent Skill References)
+**ADR**: [ADR-002](../02_ADRs/ADR-002-prompt-segmentation.md), extended by [ADR-023](../02_ADRs/ADR-023-threat-agent-skill-references-pattern.md) — introduces the detection variant as a sibling to the methodology variant, completing the lean-agent architecture migration for all 17 tachi agents
 
 #### Problem
 A monolithic skill or agent prompt file loads its entire content into the agent's context window at invocation, even when large sections are only needed conditionally (e.g., governance rules at stage boundaries, error recovery on failure, SARIF generation templates, attack tree formatting). This wastes context tokens that could be used for implementation work.
@@ -377,6 +377,34 @@ when entering the SARIF generation step in Phase 4.
 
 **Key difference from agent-to-skill**: Shared definitions introduce a cross-cutting concern -- content that multiple independent agents need but that must remain consistent across all consumers. The `tachi-shared` skill acts as a single-source-of-truth hub, preventing drift that occurred when severity bands, category definitions, and finding formats were duplicated across agent prompts. Additionally, Feature 078 applied the agent-to-skill extraction to the remaining 3 report agents (report-assembler, threat-report, threat-infographic), achieving full-pipeline coverage. Combined with model field governance (`model: sonnet` in all 17 agent YAML frontmatter), this yielded 40-60% prompt size reduction across all 6 restructured agents.
 
+#### Example 5: Detection Variant — Single-Point Load for Threat Agents (Feature 082)
+```
+# Directory structure — 11 threat agents, each paired with a single-reference companion skill
+.claude/agents/tachi/
+  spoofing.md                    # Core prompt (51 lines, down from 113)
+  tampering.md                   # Core prompt (≤120 lines)
+  prompt-injection.md            # Core prompt (95 lines, down from 167)
+  ... (8 more lean threat agents)
+.claude/skills/tachi-spoofing/
+  references/detection-patterns.md     # Detection pattern catalog + enriched categories
+.claude/skills/tachi-prompt-injection/
+  references/detection-patterns.md     # LLM-specific patterns + enriched categories
+... (9 more companion skill directories)
+
+# In threat agent file — single-point load at detection start
+## Detection Workflow
+**MANDATORY**: You MUST use the Read tool to load `.claude/skills/tachi-spoofing/references/detection-patterns.md`
+before proceeding with detection. Do NOT rely on memory of prior pattern content.
+**MANDATORY**: You MUST use the Read tool to load `.claude/skills/tachi-shared/references/finding-format-shared.md`
+for finding construction guidance. Read the "For Threat Agents (Producers)" section.
+
+1. For each dispatched component, match against the detection patterns.
+2. Construct findings using the shared finding format.
+3. Emit finding list.
+```
+
+**Key difference from methodology variant**: Detection agents are **single-pass** — they match dispatched components against pattern catalogs and emit findings once per invocation. There is no multi-phase control flow, so the companion reference file is loaded once at the start of `## Detection Workflow` rather than phase-gated like control-analyzer's 6-phase methodology pipeline (Example 3's `.claude/skills/tachi-control-analysis/` shape). ADR-023 records this as the **detection variant** — a sibling to the methodology variant — and mandates the `## Detection Workflow` section name as the contributor-visible signal that the agent is single-pass rather than multi-phase. This yielded line-count reductions of STRIDE 113-141 → 50-54 lines and AI 167-201 → 78-114 lines across all 11 threat agents (aggregate ~1,680 → ~1,100 lines), every agent within its tier cap (STRIDE ≤120, AI ≤150, hard ceiling ≤180). A secondary structural change: `finding-format-shared.md` gained a "For Threat Agents (Producers)" section via additive-only edit, making the file dual-audience (existing consumer sections for risk-scorer/control-analyzer/threat-report remain byte-identical). **After Feature 082, all 17 tachi agents are on the lean + skill references pattern** — no remaining self-contained inline-pattern agents.
+
 #### When to Use
 - Skill files exceeding ~500 lines where content divides into always-needed vs. conditionally-needed
 - Agent prompts exceeding ~500 lines with pipeline-phase-specific content (templates, checklists, error handling)

docs/architecture/README.md

@@ -45,6 +45,7 @@ Significant technical decisions with context and trade-offs
 - `ADR-020-maestro-layer-classification.md` - CSA MAESTRO seven-layer taxonomy for agentic AI component classification (Feature 084; Revision History adds canonical layer rename rule for enum-value-only minor schema bumps in Feature 136)
 - `ADR-021-source-date-epoch-for-deterministic-pdf-comparison.md` - SOURCE_DATE_EPOCH reproducible-builds convention for byte-deterministic PDF baseline comparison (Feature 128)
 - `ADR-022-mmdc-hard-prerequisite.md` - `mmdc` (Mermaid CLI) as hard prerequisite gated on attack-tree detection; establishes fail-loud-on-missing-CLI posture with defense-in-depth preflight gates — first ADR governing CLI-prerequisite posture (Feature 130)
+- `ADR-023-threat-agent-skill-references-pattern.md` - Detection variant of the lean + skill references pattern as a sibling to the methodology variant; single-point `**MANDATORY**: Read` at detection start for all 11 threat agents (6 STRIDE + 5 AI); MAESTRO classification remains orchestrator-owned; shared reference edits are additive-only; `finding-format-shared.md` gains "For Threat Agents" producer section. Completes the lean-agent architecture migration for all 17 tachi agents (Feature 082)
 - `ADR-NNN-decision-title.md` - Individual ADRs
 
 ### 03_patterns/

docs/product/02_PRD/082-threat-agent-skill-references-2026-04-11.md

@@ -3,7 +3,8 @@ prd:
   number: "082"
   topic: threat-agent-skill-references
   created: 2026-04-11
-  status: Approved
+  status: Delivered
+  delivered: 2026-04-11
   type: feature
 triad:
   pm_signoff: { agent: product-manager, date: 2026-04-11, status: APPROVED, notes: "PRD grounded in research phase (spoofing extraction analysis, PRD 029/075/078 predecessor data). Scope disciplined via prototype-first gate + de-scopable enrichment floor. Proceeding to /aod.plan." }
@@ -16,8 +17,9 @@ source:
 
 # Threat Agent Skill References: Externalize Detection Knowledge for All 11 Threat Agents
 
-**Status**: Approved
+**Status**: Delivered
 **Created**: 2026-04-11
+**Delivered**: 2026-04-11 (PR #151, merge commit 6f9a40d)
 **Author**: product-manager
 **Reviewers**: architect, team-lead
 **Priority**: P1 (High Impact, High Confidence)

docs/product/02_PRD/INDEX.md

@@ -6,7 +6,7 @@
 
 | # | Feature | PM | Architect | Team-Lead | Status | Date |
 |---|---------|----|-----------|-----------| -------|------|
-| 082 | [Threat Agent Skill References](082-threat-agent-skill-references-2026-04-11.md) | ✓ | ⚠ | ⚠ | Approved | 2026-04-11 |
+| 082 | [Threat Agent Skill References](082-threat-agent-skill-references-2026-04-11.md) | ✓ | ⚠ | ⚠ | Delivered | 2026-04-11 |
 | 130 | [Fix Attack Path Mermaid Rendering](130-fix-attack-path-mermaid-rendering-2026-04-11.md) | ✓ | ✓ | ✓ | Delivered | 2026-04-11 |
 | 136 | [MAESTRO Canonical Layer Correctness Fix](136-maestro-canonical-layer-correctness-fix-2026-04-10.md) | ✓ | ⚠ | ⚠ | Delivered | 2026-04-10 |
 | 128 | [Executive Threat Architecture Infographic](128-executive-threat-architecture-2026-04-09.md) | ✓ | ⚠ | ⚠ | Delivered | 2026-04-10 |