BrianCLong · BrianCLong · Jan 30, 2026 · Jan 31, 2026 · Jan 31, 2026 · Jan 31, 2026
@@ -0,0 +1,15 @@
+# Capability Matrix: [Target Name]
+
+| Capability | Target Implementation | Summit Current | Gap | Opportunity | Risk | Evidence ID |
+|------------|-----------------------|----------------|-----|-------------|------|-------------|
+| Agent Orchestration | | | | | | |
+| KG Schema | | | | | | |
+| Ingestion | | | | | | |
+| Entity Resolution | | | | | | |
+| Graph Queries | | | | | | |
+| Vector/Hybrid Search | | | | | | |
+| UI | | | | | | |
+| Connectors | | | | | | |
+| RBAC/Audit | | | | | | |
+| Evals | | | | | | |
+| Ops | | | | | | |
@@ -0,0 +1,15 @@
+# Eval Plan: [Target Name]
+
+## Metrics
+| Metric | Definition | Threshold | Evidence ID |
+|--------|------------|-----------|-------------|
+| Latency | | | |
+| Accuracy | | | |
+| Cost | | | |
+
+## Scenarios
+1. [Scenario 1]
+2. [Scenario 2]
+
+## Datasets
+- [Dataset 1]
@@ -0,0 +1,28 @@
+# Integration Plan: [Target Name]
+
+## Summit Module Impacts
+### Agent Spine
+- [Impacts]
+
+### Connector Framework
+- [Impacts]
+
+### Knowledge Graph
+- [Schema Diffs]
+- [Migrations]
+
+### Retrieval
+- [GraphRAG Updates]
+
+## Minimal Implementation Slice (MVP)
+- **Feature Flag:** `FEATURE_FLAG_NAME`
+- **API Shape:**
+  ```typescript
+  // Type definitions
+  ```
+- **Data Model:**
+  ```graphql
+  // Schema changes
+  ```
+- **Tests & Evals:**
+  - [Test Plan]
@@ -0,0 +1,23 @@
+# PR Stack Plan: [Target Name]
+
+## PR 1: Docs & Evidence
+- **Scope:** Add evidence artifacts and initial docs.
+- **Files:** `docs/ci/[target]/*`, `evidence/ci/[target]/*`
+- **Risk:** Low
+
+## PR 2: Schema Updates
+- **Scope:** Apply KG schema changes.
+- **Files:** `schemas/`
+- **Risk:** Medium
+- **Migration:** [Migration Plan]
+
+## PR 3: MVP Implementation
+- **Scope:** Implement MVP slice behind feature flag.
+- **Files:** `packages/`, `services/`
+- **Risk:** Medium
+- **Feature Flag:** `FEATURE_FLAG_NAME`
+
+## PR 4: Evals & Gates
+- **Scope:** Add CI gates and evaluation logic.
+- **Files:** `ci/`, `tests/`
+- **Risk:** Low
@@ -0,0 +1,17 @@
+# CISEv4 Report: [Target Name]
+
+**Date:** [YYYY-MM-DD]
+**Analyst:** [Agent Name]
+**Scope:** [Scope]
+
+## Executive Summary
+[Brief summary of findings, key threats, and opportunities.]
+
+## Key Findings
+- **Capability 1:** [Description]
+- **Threat 1:** [Description]
+- **Opportunity 1:** [Description]
+
+## Recommendations
+1. [Recommendation 1]
+2. [Recommendation 2]
@@ -0,0 +1,14 @@
+{
+  "target": {
+    "name": "",
+    "type": "repo",
+    "slug": ""
+  },
+  "run": {
+    "date": "YYYY-MM-DD",
+    "analyst": "agentic",
+    "scope": []
+  },
+  "sources": [],
+  "claims": []
+}
@@ -0,0 +1,22 @@
+# Threat Model: [Target Name]
+
+## Attack Surface
+- **Authn/Authz:** [Notes]
+- **Ingestion:** [Notes]
+- **Connectors:** [Notes]
+- **Prompts/Tools:** [Notes]
+- **KG Mutations:** [Notes]
+- **Multitenancy:** [Notes]
+- **Audit Integrity:** [Notes]
+
+## Abuse Cases
+| ID | Abuse Case | Impact | Mitigation (Target) | Mitigation (Summit) |
+|----|------------|--------|---------------------|---------------------|
+| AC1 | Data Poisoning | | | |
+| AC2 | Prompt Injection | | | |
+| AC3 | Credential Theft | | | |
+
+## Controls
+| Control | Observed in Target | Missing in Target | Proposed for Summit |
+|---------|--------------------|-------------------|---------------------|
+| | | | |
diff --git a/evidence/schemas/ci_cise_v4.schema.json b/evidence/schemas/ci_cise_v4.schema.json
@@ -0,0 +1,61 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "CISEv4 Evidence Schema",
+  "type": "object",
+  "properties": {
+    "target": {
+      "type": "object",
+      "properties": {
+        "name": { "type": "string" },
+        "type": { "type": "string", "enum": ["repo", "product", "paper", "platform"] },
+        "slug": { "type": "string" }
+      },
+      "required": ["name", "type", "slug"]
+    },
+    "run": {
+      "type": "object",
+      "properties": {
+        "date": { "type": "string", "pattern": "^\\d{4}-\\d{2}-\\d{2}$" },
+        "analyst": { "type": "string" },
+        "scope": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      },
+      "required": ["date", "analyst", "scope"]
+    },
+    "sources": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "id": { "type": "string" },
+          "title": { "type": "string" },
+          "url": { "type": "string" },
+          "license_hint": { "type": "string" },
+          "excerpt_sha256": { "type": "string" },
+          "notes": { "type": "string" }
+        },
+        "required": ["id", "title", "url"]
+      }
+    },
+    "claims": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "id": { "type": "string" },
+          "claim": { "type": "string" },
+          "evidence": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
+          "type": { "type": "string", "enum": ["fact", "inference", "proposal"] }
+        },
+        "required": ["id", "claim", "evidence", "confidence", "type"]
+      }
+    }
+  },
+  "required": ["target", "run", "sources", "claims"]
+}
diff --git a/prompts/ci/CISEv4_MASTER.md b/prompts/ci/CISEv4_MASTER.md
@@ -0,0 +1,94 @@
+# SUMMIT — Competitive Intelligence Subsumption Engine v4 (CISEv4)
+
+Target: [COMPETITOR / PLATFORM / REPO / PRODUCT]
+Scope: [DOCS | OSS REPO | BLOGS | TALKS | PAPERS | APIS | ALL PUBLIC]
+Date: [YYYY-MM-DD]
+Summit branch: [branch-name]
+Non-negotiables: Determinism, evidence-first, minimal blast radius, zero proprietary copying.
+
+## PRIME DIRECTIVE
+Convert public competitive signals into a mergeable PR stack for Summit:
+1) Harvest (capabilities + patterns + threats + benchmarks)
+2) Subsume (native modules/APIs/data model/workflows/ops/governance)
+3) Surpass (novel capabilities + architectural leverage)
+4) Moat & gate (defensible differentiators enforced by controls)
+
+## LEGAL / ETHICAL / IP GUARDRAILS (HARD)
+- Use only public information present in sources captured in this run.
+- No proprietary code, no paywalled copying, no reverse engineering of closed binaries.
+- For OSS: respect licenses; do not copy code. Re-implement concepts independently.
+- Every claim must map to a captured source (URL + excerpt hash) OR be explicitly marked as inference.
+- Anything not source-backed is labeled: (INFERENCE) or (PROPOSAL).
+
+## REQUIRED OUTPUTS (STRICT)
+A) docs/ci/[target_slug]/REPORT.md
+B) docs/ci/[target_slug]/SOURCES.json (deterministic, sorted)
+C) docs/ci/[target_slug]/CAPABILITY_MATRIX.md
+D) docs/ci/[target_slug]/THREAT_MODEL.md
+E) docs/ci/[target_slug]/INTEGRATION_PLAN.md
+F) docs/ci/[target_slug]/EVAL_PLAN.md
+G) PR_STACK_PLAN.md (stacked PRs with gates + acceptance tests)
+H) If any code is proposed: implement at least one “MVP slice” behind a feature flag with tests.
+
+## PHASE 0 — INPUT NORMALIZATION
+1. Identify the “target surface”:
+   - Product claims, architecture diagrams, API docs, user workflows, deployment model.
+2. Capture sources:
+   - Build SOURCES.json with fields:
+     - id (stable), title, url, retrieved_at (date only), content_hash (sha256 of excerpt), license_hint, notes
+   - Deterministic sorting: by url asc, then id asc.
+
+## PHASE 1 — HARVEST (FACTS ONLY)
+Produce CAPABILITY_MATRIX.md:
+- Rows: capabilities (agent orchestration, KG schema, ingestion, ER, graph queries, vector/hybrid search, UI, connectors, RBAC/audit, evals, ops)
+- Columns: {Target, Summit-now, Gap, Opportunity, Risk, Evidence(source_id)}
+No “marketing” language; use testable statements.
+
+Produce THREAT_MODEL.md:
+- Attack surface: authn/authz, ingestion, connectors, prompts/tools, KG mutations, multitenancy, audit integrity
+- Abuse cases: data poisoning, prompt injection, connector credential exfiltration, graph inference leakage
+- Controls observed in target (source-backed), controls missing, controls Summit should add
+
+## PHASE 2 — SUBSUME (SUMMIT FIT)
+Produce INTEGRATION_PLAN.md with:
+- Mapping to Summit modules:
+  - agent spine impacts (registry/contracts/routing)
+  - connector framework impacts (auth, rate limiting, provenance)
+  - knowledge graph impacts (schema diff, migrations, constraints)
+  - retrieval impacts (GraphRAG, hybrid search, caching)
+- A minimal implementation slice:
+  - feature flag name
+  - public API shape (types)
+  - data model additions (migrations)
+  - tests and eval hooks
+
+## PHASE 3 — SURPASS (NEW ADVANTAGE)
+Produce 3 “surpass moves” that are:
+- Measurable (latency, cost, accuracy, analyst time-to-insight)
+- Enforceable (CI checks / policy gates)
+- Hard to replicate (network effects, governance automation, eval harness)
+
+Each surpass move must include:
+- hypothesis
+- design sketch
+- eval metric
+- failure mode & rollback plan
+
+## PHASE 4 — MOAT & GATE (CONTROL POINTS)
+Define moat gates as repository-enforced controls:
+- Example categories:
+  - provenance: source-cited transformations
+  - integrity: append-only audit, tamper evidence
+  - safety: prompt/tool sandboxing, connector least privilege
+  - quality: eval thresholds, regression budgets
+Write each as: Gate Name → What it prevents → How enforced → Evidence artifact
+
+## PHASE 5 — PR STACK (MERGEABLE)
+Write PR_STACK_PLAN.md with 3–7 PRs:
+- PR title, scope, files changed, risk level, rollout strategy, acceptance tests
+- Each PR must be independently mergeable and pass CI
+- Deterministic artifacts only (stable sorting, no timestamps except stamp.json)
+
+## STOP CONDITIONS
+- If sources are insufficient, ship “docs-only” PR stack: SOURCES + matrices + plans + eval harness scaffolding.
+- Do not fabricate. Mark unknowns explicitly.
diff --git a/prompts/ci/agents/AGENT_A_HARVESTER.md b/prompts/ci/agents/AGENT_A_HARVESTER.md
@@ -0,0 +1,11 @@
+You are Agent A (Evidence Harvester).
+Goal: Produce SOURCES.json and a source-cited bullet digest.
+
+Rules:
+- Capture only public sources.
+- For each source: url, title, license hint if obvious, excerpt (<=500 words), sha256 hash of excerpt.
+- No commentary except minimal notes for relevance.
+- Deterministic ordering and stable IDs.
+Deliverables:
+- docs/ci/[target]/SOURCES.json
+- docs/ci/[target]/SOURCE_DIGEST.md (each claim references source_id)
diff --git a/prompts/ci/agents/AGENT_B_ARCHITECT.md b/prompts/ci/agents/AGENT_B_ARCHITECT.md
@@ -0,0 +1,10 @@
+You are Agent B (Architecture Mapper).
+Goal: Build a source-backed conceptual system map (no proprietary RE).
+
+Output:
+- docs/ci/[target]/ARCHITECTURE.md
+Includes:
+- components, data flows, trust boundaries, failure modes
+- API conventions and error handling patterns (as observed)
+- scalability posture (stateless/stateful split, caching, queues)
+All statements must cite sources or be labeled INFERENCE.
diff --git a/prompts/ci/agents/AGENT_C_GRAPH.md b/prompts/ci/agents/AGENT_C_GRAPH.md
@@ -0,0 +1,9 @@
+You are Agent C (KG + Retrieval Analyst).
+Goal:
+- Extract graph schema patterns, ER/dedup approach, ingestion transformations, vector/hybrid retrieval.
+
+Deliverables:
+- docs/ci/[target]/KG_MODEL.md (entities/edges/properties + constraints)
+- docs/ci/[target]/RETRIEVAL.md (indexing, query patterns, caching)
+- A Summit schema diff proposal (what to add, what not to add)
+Cite sources; otherwise mark INFERENCE/PROPOSAL.
diff --git a/prompts/ci/agents/AGENT_D_SECURITY.md b/prompts/ci/agents/AGENT_D_SECURITY.md
@@ -0,0 +1,11 @@
+You are Agent D (Security + Controls).
+Goal:
+- Threat model the target; propose Summit gates.
+
+Deliverables:
+- docs/ci/[target]/THREAT_MODEL.md
+- docs/ci/[target]/GOVERNANCE_GATES.md
+Include:
+- abuse cases (poisoning, injection, credential theft)
+- controls observed vs missing
+- CI-enforceable gates (lint/check scripts + evidence artifacts)
diff --git a/prompts/ci/agents/AGENT_E_PR_STACK.md b/prompts/ci/agents/AGENT_E_PR_STACK.md
@@ -0,0 +1,11 @@
+You are Agent E (PR Stack Engineer).
+Goal:
+- Convert plans into a minimal, mergeable PR stack.
+
+Deliverables:
+- PR_STACK_PLAN.md
+- Implement 1 MVP slice behind a feature flag with tests + eval hook.
+Constraints:
+- minimal blast radius
+- deterministic outputs
+- no breaking changes without migration