Design the public API surface — the contract that consumers will depend on. This is load-bearing work because once published, changing the public surface breaks every consumer. Decisions here set the semver policy and dictate how painful every future release will be.

Elaborator

Decompose the intent into verifiable units. Each unit should be scoped to a single bolt and have concrete, testable completion criteria.

Researcher

Understand the problem this library solves, who consumes it, and what the competitive landscape looks like in this ecosystem. Libraries live or die by adoption — establish who will use it, why they'd pick it over alternatives, and what consumer experience the library needs to deliver.

Review Agents

Api Stability

The agent **MUST** challenge the proposed API surface for long-term stability risk. Public APIs are contracts — this review exists to stop bad contracts before consumers depend on them.

Completeness

The agent **MUST** verify that discovery and API surface documents fully cover what downstream stages need to proceed.

Feasibility

The agent **MUST** challenge whether the proposed library is technically achievable given the target language, runtime, and dependency constraints.

DevelopmentExternal / Ask review

Implement the library against the API contract from inception

Hats

Builder

Implement the library to match the API surface exactly. Write code AND the tests that prove the contract holds. Public behavior is load-bearing — if the implementation doesn't match the documented surface, consumers will break when they upgrade.

Planner

Plan how to implement the library against the API surface defined in inception. Sequence the work so public-facing primitives are built first (they're the hardest to change later) and internal implementation follows.

Reviewer

Review the implementation against the API surface and the completion criteria. The reviewer catches contract drift — places where the code "works" but doesn't match what was promised in inception.

Review Agents

Api Compatibility

The agent **MUST** verify the implementation does not introduce breaking changes to the public API surface relative to what was declared in inception.

Correctness

The agent **MUST** verify the implementation matches the API surface contract and the unit completion criteria.

Test Quality

The agent **MUST** verify tests actually exercise the public API in representative ways.

Requires: discovery from Inception, api-surface from Inception

SecurityExternal / Ask review

Supply chain, dependency audit, and consumer-misuse threat model

Hats

Security Reviewer

Evaluate the library against the threat model and determine whether findings are resolved, mitigated, or accepted with documented justification.

Threat Modeler

Model threats specific to this library: supply chain risks, misuse by consumers, injection surfaces, and the downstream impact of vulnerabilities in library code. Library threat modeling differs from app threat modeling because the library is a *source* of risk for downstream applications, not a direct victim.

Review Agents

Misuse Resistance

The agent **MUST** verify the library's public API is resistant to unsafe use by consumers. Libraries that are easy to misuse are effectively insecure regardless of the internal code quality.

Supply Chain

The agent **MUST** verify the library's dependency tree is audited and free of known-vulnerable dependencies before release.

Requires: discovery from Inception, api-surface from Inception, code from Development

ReleaseAuto review

Publish, changelog, documentation, and deprecation policy

Hats

Doc Writer

Update the library's public documentation to reflect the release: API reference, migration guides for breaking changes, and consumer guidance surfaced from the security review.

Release Engineer

Publish the library to its target registry with a correct semver version, a complete changelog, and operational release metadata (tags, signed artifacts, provenance). Publishing is one-shot — once a version is out, it's out. Get it right before hitting publish.

Review Agents

Changelog Quality

The agent **MUST** verify the changelog entry for this release is complete, accurate, and useful to consumers deciding whether to upgrade.

Semver Correctness

The agent **MUST** verify the release version number correctly reflects the semver impact of changes since the prior release.

Requires: discovery from Inception, api-surface from Inception, code from Development

Library Development

Lifecycle for libraries, SDKs, and CLI tools. Differs from application development: no product or design phases — inception directly covers discovery and API surface (semver policy, public contract, extension points), development builds against that contract, and release publishes rather than deploys.