Generalize tracker references, restructure refactor skill, and strengthen coding rules

- Replace all Jira-specific references with generic tracker/work-item
  terminology (TRACKER-ID, work item epics); delete project-management.mdc
  and mcp.json.example
- Restructure refactor skill: extract 8 phases (00–07) and templates into
  separate files; add guided mode for pre-built change lists
- Add Step 3 "Code Testability Revision" to existing-code workflow
  (renumber steps 3–12 → 3–13)
- Simplify autopilot state file to minimal current-step pointer
- Strengthen coding rules: AAA test comments per language, test failures as
  blocking gates, dependency install policy
- Add Docker Suitability Assessment to test-spec and test-run skills
  (local vs Docker execution)
- Narrow human-attention sound rule to human-input-needed only
- Add AskQuestion fallback to plain text across skills
- Rename FINAL_implementation_report to implementation_report_*
- Simplify cursor-meta (remove _docs numbering table, quality thresholds)
- Make techstackrule alwaysApply, add alwaysApply:false to openapi

.cursor/README.md

@@ -1,13 +1,9 @@
-## Assumptions
-
-- **Single project per workspace**: this system assumes one project per Cursor workspace. All `_docs/` paths are relative to the workspace root. For monorepos, open each service in its own Cursor workspace window.
-
 ## How to Use
 
 Type `/autopilot` to start or continue the full workflow. The orchestrator detects where your project is and picks up from there.
 
 ```
-/autopilot (or /auto)   — start a new project or continue where you left off
+/autopilot              — start a new project or continue where you left off
 ```
 
 If you want to run a specific skill directly (without the orchestrator), use the individual commands:
@@ -71,11 +67,11 @@ Interactive interview that builds `_docs/00_problem/`. Asks probing questions ac
 
 ### plan
 
-6-step planning workflow. Produces integration test specs, architecture, system flows, data model, deployment plan, component specs with interfaces, risk assessment, test specifications, and Jira epics. Heavy interaction at BLOCKING gates.
+6-step planning workflow. Produces integration test specs, architecture, system flows, data model, deployment plan, component specs with interfaces, risk assessment, test specifications, and work item epics. Heavy interaction at BLOCKING gates.
 
 ### decompose
 
-4-step task decomposition. Produces a bootstrap structure plan, atomic task specs per component, integration test tasks, and a cross-task dependency table. Each task gets a Jira ticket and is capped at 5 complexity points.
+4-step task decomposition. Produces a bootstrap structure plan, atomic task specs per component, integration test tasks, and a cross-task dependency table. Each task gets a work item ticket and is capped at 8 complexity points.
 
 ### implement
 
@@ -95,7 +91,7 @@ Multi-phase code review against task specs. Produces structured findings with ve
 
 ### security
 
-5-phase OWASP-based security audit: dependency scan, static analysis, OWASP Top 10 review, infrastructure review, consolidated report with severity-ranked findings. Integrated into autopilot as an optional step before deploy.
+OWASP-based security testing and audit.
 
 ### retrospective
 
@@ -120,7 +116,7 @@ Bottom-up codebase documentation. Analyzes existing code from modules through co
 1. /research                                     — solution drafts → _docs/01_solution/
    Run multiple times: Mode A → draft, Mode B → assess & revise
 
-2. /plan                                         — architecture, data model, deployment, components, risks, tests, Jira epics → _docs/02_document/
+2. /plan                                         — architecture, data model, deployment, components, risks, tests, epics → _docs/02_document/
 
 3. /decompose                                    — atomic task specs + dependency table → _docs/02_tasks/todo/
 
@@ -150,12 +146,15 @@ Or just use `/autopilot` to run steps 0-5 automatically.
 | **problem** | "problem", "define problem", "new project" | `_docs/00_problem/` |
 | **research** | "research", "investigate" | `_docs/01_solution/` |
 | **plan** | "plan", "decompose solution" | `_docs/02_document/` |
+| **test-spec** | "test spec", "blackbox tests", "test scenarios" | `_docs/02_document/tests/` + `scripts/` |
 | **decompose** | "decompose", "task decomposition" | `_docs/02_tasks/todo/` |
 | **implement** | "implement", "start implementation" | `_docs/03_implementation/` |
+| **test-run** | "run tests", "test suite", "verify tests" | Test results + verdict |
 | **code-review** | "code review", "review code" | Verdict: PASS / FAIL / PASS_WITH_WARNINGS |
-| **refactor** | "refactor", "improve code" | `_docs/04_refactoring/` |
-| **security** | "security audit", "OWASP", "vulnerability scan" | `_docs/05_security/` |
+| **new-task** | "new task", "add feature", "new functionality" | `_docs/02_tasks/todo/` |
 | **ui-design** | "design a UI", "mockup", "design system" | `_docs/02_document/ui_mockups/` |
+| **refactor** | "refactor", "improve code" | `_docs/04_refactoring/` |
+| **security** | "security audit", "OWASP" | `_docs/05_security/` |
 | **document** | "document", "document codebase", "reverse-engineer docs" | `_docs/02_document/` + `_docs/00_problem/` + `_docs/01_solution/` |
 | **deploy** | "deploy", "CI/CD", "observability" | `_docs/04_deploy/` |
 | **retrospective** | "retrospective", "retro" | `_docs/06_metrics/` |
@@ -169,6 +168,7 @@ Or just use `/autopilot` to run steps 0-5 automatically.
 ## Project Folder Structure
 
 ```
+_project.md                              — project-specific config (tracker type, project key, etc.)
 _docs/
 ├── _autopilot_state.md                  — autopilot orchestrator state (progress, decisions, session context)
 ├── 00_problem/                          — problem definition, restrictions, AC, input data
@@ -181,19 +181,22 @@ _docs/
 │   ├── risk_mitigations.md
 │   ├── components/[##]_[name]/          — description.md + tests.md per component
 │   ├── common-helpers/
-│   ├── integration_tests/               — environment, test data, functional, non-functional, traceability
+│   ├── tests/                           — environment, test data, blackbox, performance, resilience, security, traceability
 │   ├── deployment/                      — containerization, CI/CD, environments, observability, procedures
+│   ├── ui_mockups/                      — HTML+CSS mockups, DESIGN.md (ui-design skill)
 │   ├── diagrams/
 │   └── FINAL_report.md
-├── 02_tasks/                            — task workflow folders + _dependencies_table.md
-│   ├── _dependencies_table.md           — cross-task dependency graph (root level)
-│   ├── backlog/                         — parked tasks (not scheduled for implementation)
+├── 02_tasks/                            — task lifecycle folders + _dependencies_table.md
+│   ├── _dependencies_table.md
 │   ├── todo/                            — tasks ready for implementation
-│   └── done/                            — completed tasks (moved here by /implement)
-├── 03_implementation/                   — batch reports, FINAL report
+│   ├── backlog/                         — parked tasks (not scheduled yet)
+│   └── done/                            — completed/archived tasks
+├── 02_task_plans/                       — per-task research artifacts (new-task skill)
+├── 03_implementation/                   — batch reports, implementation_report_*.md
+│   └── reviews/                         — code review reports per batch
 ├── 04_deploy/                           — containerization, CI/CD, environments, observability, procedures, scripts
 ├── 04_refactoring/                      — baseline, discovery, analysis, execution, hardening
-├── 05_security/                         — dependency scan, static analysis, OWASP review, infrastructure, report
+├── 05_security/                         — dependency scan, SAST, OWASP review, security report
 └── 06_metrics/                          — retro_[YYYY-MM-DD].md
 ```