feat(scaffold): IDD-aware prompt generation in scaffold skill

[sfc-gh-ksampath]

Summary

Update the scaffold skill in devops-coco-agents to generate scan.md and fix.md using Intent-Driven Development (IDD) principles at scaffold time, rather than shipping static prompt files that drift over time.

Background

The current template ships static .cortex/prompts/scan.md and fix.md. These are good starting points but:

• They are not structured around the four IDD dimensions (Goal / Requirements / Constraints / Output)
• Projects that customise their scope or fix behaviour have to manually edit the prompts with no structural guidance
• A static file in the template diverges from best practices as the IDD pattern evolves

The better approach: generate well-structured prompts once during scaffold, capturing the project's specific intent, constraints, and desired output. One act of intent expression → correct IDD-structured prompts as output. This is the IDD principle applied to the tool itself.

Design

IDD prompt structure (reference)

Every generated prompt should have all four blocks:

```
[Goal] — desired outcome / desired state
[Requirements] — intent statements (not procedural steps)
[Constraints] — scope, safety rules, what-not-to-do
[Output] — what success looks like (Glass Box reporting)
```

High ICR target: one intent expression in the prompt should drive many agent operations.

Scaffold conversation changes

Add a "Prompt intent" collection phase to the scaffold skill (after project inputs, before Step 1). Four questions map to the four IDD blocks:

Question	IDD block populated
"What is this agent's primary goal for this repo?"	[Goal]
"What languages, frameworks, or file types should it focus on?"	[Requirements]
"Are there paths, patterns, or severity levels it must never auto-modify?"	[Constraints]
"How should findings be reported — issues only, PR comments, or both?"	[Output]

Answers are stored in the manifest and used to render scan.md / fix.md from templates.

Generated scan.md shape (example output)

```markdown

Scan:

Goal

Find security and correctness bugs in code in .
Surface findings as GitHub issues for human review or automated fix per policy.

Requirements

• Scan files matching:
• Skip:
• Minimum severity to report: <min_severity>
• Score each finding: SEVERITY × COMPLEXITY × CONFIDENCE

Constraints

• Never auto-modify:
• Do not create issues for findings below CONFIDENCE <min_confidence>
• Maximum open issues at any time: <max_open_issues>
• One issue per file+function range; combine if two bugs share a function body

Output

• Create a GitHub issue per finding using the standard coco-agent format
• Label coco:auto-fix when ALL of: severity=low, complexity=low, confidence=high
• Label coco:needs-review otherwise
• Post a scan-complete comment on the triggering commit if <notify_on_complete>
  ```

Re-generation

Add a /coco regenerate-prompts command to the skill that re-runs the intent collection phase and re-renders the prompt files when the project scope changes.

Acceptance Criteria

• Scaffold skill (GitHub path) collects four IDD-dimension inputs during setup
• Inputs stored in manifest.toml under [prompts] section
• scan.md generated from template populated with answers (not copied verbatim from template repo)
• fix.md generated similarly (scope constraints, fix boundaries from manifest)
• Generated prompts contain all four IDD blocks: Goal, Requirements, Constraints, Output
• Static scan.md / fix.md in template repo replaced with template stubs (or kept as fallback defaults)
• /coco regenerate-prompts re-runs intent collection and re-renders

Notes

• This change is entirely in the devops-coco-agents plugin scaffold skill
• The template repo (github-coco-agent) keeps its current prompt files as fallback defaults for manual adoption (non-scaffold path)
• IDD blog series reference: https://blogs.kameshs.dev/intent-driven-development-the-shift-developers-cant-ignore-ef434f94d56c