## Summary

<!-- What does this PR do? One paragraph max. -->

## Type of Change

- [ ] `feat` — New feature (agent, skill, MCP server, workflow)
- [ ] `fix` — Bug fix
- [ ] `security` — Security patch or hardening
- [ ] `docs` — Documentation update
- [ ] `refactor` — Code refactor (no behavior change)
- [ ] `ci` — CI/CD or GitHub config change
- [ ] `chore` — Maintenance task

## Scope

<!-- Which area(s) does this touch? -->
- [ ] agents/
- [ ] skills/
- [ ] hooks/
- [ ] rules/
- [ ] a2a/ (constitution/governance)
- [ ] settings.json (MCP/permissions)
- [ ] .github/ (CI/templates/instructions)
- [ ] scripts/
- [ ] Other: <!-- specify -->

## Security Checklist

<!-- Required for ALL PRs. Check every box or explain why N/A. -->

- [ ] No secrets, tokens, API keys, or credentials in this PR
- [ ] No new `unsafe` code (or justified + Aegis-audited if Rust)
- [ ] No modifications to permission deny lists that reduce security
- [ ] No force-push, --no-verify, or chmod 777 patterns introduced
- [ ] Dependencies audited (cargo deny / pip audit / npm audit)
- [ ] Hook changes tested against full deny list patterns
- [ ] Settings.json changes validated against schema

## Constitutional Alignment

<!-- For agent/governance changes only. Delete if N/A. -->

- [ ] Agent shadow integration documented (not suppressed)
- [ ] Permission boundaries explicit and non-escalating
- [ ] Alignment axis assessed: Busytown / Neutral / Rapture-leaning
- [ ] Changes consistent with constitutional non-negotiables

## Testing

<!-- How was this tested? -->

- [ ] Manual testing on <node> node
- [ ] Hook pattern validation
- [ ] Agent config schema check
- [ ] CI pipeline passes
- [ ] N/A (docs-only change)

## Notes

<!-- Any additional context, screenshots, or concerns. -->