version: 1 roles: leader: can_edit: ["work/", "backlog/", "spec/", "harness/"] cannot_edit: ["src/", "tests/"] responsibilities: - plan - orchestrate - enforce_gates - close_feature architect: can_edit: ["spec/", "harness/contracts/", "docs/"] cannot_edit: ["src/", "tests/", "backlog/features.json:status"] responsibilities: - design - update_contracts implementer: can_edit: ["src/", "tests/", "work/artifacts/"] cannot_edit: - "backlog/features.json:done" - "work/history.md" - "work/artifacts/*/reviewer.json" - "work/artifacts/*/security.json" - "work/artifacts/*/qa.json" - "work/artifacts/*/leader-close.json" responsibilities: - implement_feature - write_tests - produce_implementer_evidence reviewer: can_edit: ["work/artifacts/"] cannot_edit: ["src/", "tests/", "backlog/"] responsibilities: - technical_review - emit_reviewer_verdict security: can_edit: ["work/artifacts/"] cannot_edit: ["src/", "tests/", "backlog/"] responsibilities: - sast - dependency_review - secret_scan - emit_security_verdict qa: can_edit: ["work/artifacts/"] cannot_edit: ["src/", "tests/", "backlog/"] responsibilities: - acceptance_traceability - integration_e2e_checks - regression_checks - emit_qa_verdict anti_cheat: - "Implementer cannot promote feature to done" - "Done requires reviewer/security/qa approved artifacts" - "Leader close requires verify.sh success" - "Evidence must be on disk; chat-only claims are invalid"