Governance block reference

Eighteen default blocks ship with DevAware OS. Recommended blocks light up after intent analysis; custom blocks persist per project.

• Mandatory inspection — read implicated files first; cite paths.
• Anti-duplication — reuse before adding.
• Root-cause discipline — no masking patches.
• Security guardrails — report changes to CSP, masking, allowlist, secrets.
• Supabase / migration safety — additive migrations only.
• Auth / permissions safety — no self-granted trust.
• UI / design standards — states, hierarchy, AA contrast.
• Token mode · Save / Normal / Spend — three budget postures.
• Validation gates — typecheck, lint, test, build:renderer, smoke.
• Compact final report — what changed, what was validated.
• Large execution wave — wide changes when scope matches.
• Small targeted fix — minimum-edit posture.
• Refactor discipline — preserve behavior, keep suite green.
• Cleanup / deduplication — remove orphaned code.
• Playwright preview — check the live page.
• Runtime smoke test — console-error + DOM probe.
• Do-not-touch unrelated areas — scope guard.

Concept: Governance blocks.