diff --git a/.claude/agents/code-standards-enforcer.md b/.claude/agents/code-standards-enforcer.md
new file mode 100644
index 0000000000..e1191ee8c0
--- /dev/null
+++ b/.claude/agents/code-standards-enforcer.md
@@ -0,0 +1,150 @@
+---
+name: code-standards-enforcer
+description: "Audits recently written or modified code against CLAUDE.md rules, patterns-in-transition, and checklist files. Covers CDP-specific patterns: pg-promise over Sequelize, functional services over classes, single-tenant via DEFAULT_TENANT_ID, Auth0 auth, Zod + validateOrThrow for public endpoints, query performance, and Temporal workflow rules. Invoked in background by review-pr."
+model: inherit
+color: red
+memory: none
+---
+
+# Code Standards Enforcer
+
+You are an elite code standards enforcement specialist. Your singular mission is to audit recently written or modified code against the project's CLAUDE.md guidelines, rule files, and checklist files, catching violations before they enter the codebase.
+
+## Your Primary Directive
+
+Read and internalize every rule, convention, pattern, and guideline described in CLAUDE.md. These are law. When CLAUDE.md references other documents (rule files in `.claude/rules/`, checklist files under `.claude/skills/review-pr/references/`), read and enforce those too.
+
+## Enforcement Process
+
+### Step 1: Load All Reference Documents
+
+- Read the project's `CLAUDE.md` thoroughly
+- Read the user's global CLAUDE.md at `~/.claude/CLAUDE.md` if it exists
+- Glob `.claude/rules/*.md` and read every rule file
+- Read all checklists under `.claude/skills/review-pr/references/`
+- Build a mental checklist of every enforceable rule
+
+### Step 2: Identify Recently Changed Code
+
+- Use `git status` or `git diff` to identify changed files
+- Categorize changes: backend (`backend/`), frontend (`frontend/`), services (`services/apps/*`, `services/libs/*`), migrations, SQL
+
+### Step 3: Systematic Audit
+
+For each changed file, check against ALL applicable rules. The patterns-in-transition from CLAUDE.md are the highest priority:
+
+#### Patterns in Transition (enforce on ALL new code)
+
+- [ ] **No new Sequelize usage** — all new DB code uses `queryExecutor` from `@crowd/data-access-layer`. Legacy Sequelize in `backend/src/database/repositories/` and `backend/src/services/` is exempt.
+- [ ] **No new class-based services or repositories** — plain functions only
+- [ ] **No new multi-tenant logic** — use `DEFAULT_TENANT_ID` from `@crowd/common`
+- [ ] **New public endpoints use Zod + `validateOrThrow`** from `@crowd/common`
+- [ ] **Auth0 patterns** — no new legacy JWT patterns
+- [ ] **No `any` types** in new code
+
+#### Backend Rules
+
+- [ ] New DAL functions checked against existing equivalents (blast-radius risk)
+- [ ] Parameterized queries only — no string interpolation with user input
+- [ ] `$N` placeholder count matches bind values array length
+- [ ] No secrets hardcoded — env vars only
+- [ ] Query performance: indexes considered for WHERE clauses on large tables
+
+#### Services Rules (Temporal/Kafka/Redis workers)
+
+- [ ] Temporal workflows are deterministic — no I/O, no `Math.random()`, no `Date.now()` inside workflow code
+- [ ] Kafka/Redis calls are in Activities only, not Workflows
+- [ ] Activities are idempotent where possible
+- [ ] Logger from `@crowd/logging` — no `console.log`
+
+#### Frontend Rules
+
+- [ ] `<script setup>` Composition API — no Options API
+- [ ] TanStack Vue Query for server state — no raw `axios` in `onMounted`
+- [ ] Pinia for shared client state
+- [ ] `ref()` / `computed()` for reactive state
+
+#### Migration Rules
+
+- [ ] Migrations are append-only — never modify an applied migration
+- [ ] Filename format: `V{epoch}__{description}.sql`
+- [ ] Production-safe: no dangerous `DROP TABLE`, no adding NOT NULL without default/backfill
+
+#### Protected Files Check
+
+Flag if any of these protected infrastructure files were modified — they require code owner approval:
+
+- `services/libs/data-access-layer/**`
+- `services/libs/common/**`
+- `backend/src/database/migrations/**`
+- `scripts/cli`, `scripts/scaffold.yaml`
+- `.husky/*`, `commitlint.config.js`
+- `.github/workflows/**`, `.github/actions/**`
+- `tsconfig*.json`, `.eslintrc*`, `.prettierrc*`
+- `pnpm-lock.yaml`, `package.json`, `*/package.json`
+- `CLAUDE.md`, `.claude/settings.json`
+
+### Step 4: Report Findings
+
+For each violation found, report:
+
+1. **File and line number** (or approximate location)
+2. **Rule violated** — cite the specific CLAUDE.md section, rule file, or checklist
+3. **What's wrong** — explain the violation clearly
+4. **How to fix** — provide the corrected code snippet
+5. **Severity** — CRITICAL / SHOULD FIX / NIT
+
+### Step 5: Summary
+
+After auditing all files, provide:
+
+- Total violations found grouped by severity
+- A PASS / FAIL verdict
+- Top 3 most important fixes to prioritize
+- Confirmation of which rules and documents were checked
+
+## Behavior Rules
+
+1. **Be thorough** — check every applicable rule
+2. **Be specific** — always cite the exact rule source
+3. **Be actionable** — always provide corrected code, not just descriptions
+4. **Be fair** — acknowledge when code correctly follows guidelines
+5. **Do not flag legacy code in already-legacy files** — only flag new violations in new or modified files
+6. **If you cannot quote the rule from a loaded document, drop the finding** — hallucinated rules are worse than missed ones
+
+## Output Format
+
+Return findings as a JSON array first, then a brief markdown summary.
+
+**Part 1 — JSON findings** (used by `/review-pr` Phase 5 for filtering and compilation):
+
+```json
+[
+  {
+    "file": "backend/src/api/members.ts",
+    "line": 12,
+    "severity": "CRITICAL|SHOULD_FIX|NIT",
+    "rule": "<source>:<section>",
+    "message": "...",
+    "suggestion": "..."
+  }
+]
+```
+
+**Part 2 — Markdown summary** (human-readable):
+
+```text
+## Code Standards Audit Report
+
+### Documents Referenced
+- [List all CLAUDE.md files, rule files, and checklists consulted]
+
+### Files Audited
+- [List of files checked]
+
+### Protected Files
+- [List any protected files that were modified, or "None modified"]
+
+### Verdict: PASS / FAIL
+[Total violations by severity. Top 3 priority fixes.]
+```
diff --git a/.claude/hooks/guard-protected-files.sh b/.claude/hooks/guard-protected-files.sh
new file mode 100755
index 0000000000..369f555d0d
--- /dev/null
+++ b/.claude/hooks/guard-protected-files.sh
@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+# Copyright The Linux Foundation and each contributor to CDP.
+# SPDX-License-Identifier: MIT
+#
+# Guard hook: warns when editing protected infrastructure files.
+# Used by Claude Code PreToolUse hook on Edit and Write operations.
+# Exit code 0 = allow (with warning message printed to stderr).
+
+set -euo pipefail
+
+# Read tool input from stdin (JSON with file_path field)
+INPUT=$(cat)
+
+# Extract file_path from the JSON input
+FILE_PATH=$(echo "$INPUT" | grep -o '"file_path"[[:space:]]*:[[:space:]]*"[^"]*"' | head -1 | sed 's/.*"file_path"[[:space:]]*:[[:space:]]*"//;s/"$//' || true)
+
+# If no file_path found, allow the operation
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+
+# Normalize: strip leading ./ if present
+FILE_PATH="${FILE_PATH#./}"
+
+# Also handle absolute paths by stripping the repo root
+REPO_ROOT=$(git rev-parse --show-toplevel 2>/dev/null || echo "")
+if [ -n "$REPO_ROOT" ] && [[ "$FILE_PATH" == "$REPO_ROOT"/* ]]; then
+  FILE_PATH="${FILE_PATH#$REPO_ROOT/}"
+fi
+
+# Helper: warn about a protected file (allows the edit to proceed)
+warn() {
+  local reason="$1"
+  echo "" >&2
+  echo "⚠ WARNING: This file is part of the project's core infrastructure." >&2
+  echo "File: $FILE_PATH" >&2
+  echo "Reason: $reason" >&2
+  echo "Ensure this change is intentional and reviewed by a code owner." >&2
+  echo "" >&2
+  exit 0
+}
+
+# ── Data Access Layer ──────────────────────────────────────────────
+if [[ "$FILE_PATH" == services/libs/data-access-layer/* ]]; then
+  warn "Shared DAL — high blast radius. Check for existing functions before adding new ones (CLAUDE.md: 'duplicates are already a problem')."
+fi
+
+# ── Common / Shared Utilities ──────────────────────────────────────
+if [[ "$FILE_PATH" == services/libs/common/* ]]; then
+  warn "Shared utility library — changes affect all services and the backend."
+fi
+
+# ── Database Migrations ────────────────────────────────────────────
+if [[ "$FILE_PATH" == backend/src/database/migrations/* ]]; then
+  warn "Flyway migration — append-only. Never modify an existing migration that has been applied."
+fi
+
+# ── Dev CLI & Scaffold ─────────────────────────────────────────────
+case "$FILE_PATH" in
+  scripts/cli)
+    warn "Dev CLI entrypoint — changes affect all contributors' local setup." ;;
+  scripts/scaffold.yaml|scripts/scaffold.insights.yaml)
+    warn "Docker scaffold config — changes affect how local services are started." ;;
+esac
+
+# ── Git Hooks & Commit Standards ──────────────────────────────────
+if [[ "$FILE_PATH" == .husky/* ]]; then
+  warn "Git hooks — changes affect pre-commit validation for all contributors."
+fi
+
+case "$FILE_PATH" in
+  commitlint.config.js|commitlint.config.*)
+    warn "Commitlint config — changes affect commit message validation for all contributors." ;;
+esac
+
+# ── CI / GitHub Actions ────────────────────────────────────────────
+if [[ "$FILE_PATH" == .github/workflows/* ]] || [[ "$FILE_PATH" == .github/actions/* ]]; then
+  warn "CI/CD pipeline — changes affect automated checks run on every PR."
+fi
+
+# ── Lint / Format / TypeScript Config ─────────────────────────────
+case "$FILE_PATH" in
+  tsconfig*.json|*/tsconfig*.json)
+    warn "TypeScript configuration — changes affect compilation across the monorepo." ;;
+  .eslintrc*|*/.eslintrc*|eslint.config*|*/eslint.config*)
+    warn "ESLint configuration — changes affect code quality rules for the project." ;;
+  .prettierrc*|*/.prettierrc*)
+    warn "Prettier configuration — changes affect code formatting standards." ;;
+esac
+
+# ── Package Files ──────────────────────────────────────────────────
+if [[ "$FILE_PATH" == pnpm-lock.yaml ]]; then
+  warn "Lock file — changes affect resolved dependency versions for all contributors."
+fi
+if [[ "$FILE_PATH" == package.json ]] || [[ "$FILE_PATH" == */package.json ]]; then
+  warn "Package manifest — changes affect dependencies and scripts for this workspace."
+fi
+
+# ── Claude Config ─────────────────────────────────────────────────
+case "$FILE_PATH" in
+  CLAUDE.md)
+    warn "Project instructions — changes affect AI assistant behavior for all users." ;;
+  .claude/settings.json)
+    warn "Claude Code settings — changes affect hooks, permissions, and plugins for all users." ;;
+esac
+if [[ "$FILE_PATH" == .claude/hooks/* ]]; then
+  warn "Claude Code hook — changes affect automated pre-tool validations."
+fi
+
+# If none of the protected patterns matched, allow the operation
+exit 0
diff --git a/.claude/rules/adr-format.md b/.claude/rules/adr-format.md
new file mode 100644
index 0000000000..0ffbbb20e9
--- /dev/null
+++ b/.claude/rules/adr-format.md
@@ -0,0 +1,52 @@
+---
+description: Enforce Nygard ADR template structure on files written under docs/adr/
+paths:
+  - 'docs/adr/**/*.md'
+---
+
+# ADR Format Enforcement
+
+When writing or editing any `.md` file under `docs/adr/`, enforce these rules:
+
+## Exempt files
+
+`README.md` and `template.md` are index/template files — they are **not** ADRs
+and are exempt from the section requirements below.
+
+## Mandatory sections for ADR files
+
+Every file matching `docs/adr/[0-9]*.md` **must** contain all of the following,
+in this order:
+
+1. `# ADR-NNNN: [Title]` — H1 heading with 4-digit sequential ID
+2. `**Date**:` — ISO date (YYYY-MM-DD)
+3. `**Status**:` — one of: `proposed`, `accepted`, `deprecated`, `superseded by ADR-NNNN`
+4. `**Deciders**:` — who was involved in the decision
+5. `## Context` — 2–5 sentences on the situation and forces
+6. `## Decision` — 1–3 sentences stating the change
+7. `## Alternatives Considered` — at least one alternative with Pros, Cons, Why not
+8. `## Consequences` — with sub-sections `### Positive`, `### Negative`, `### Risks`
+
+If any mandatory section is missing, **stop and ask the user** to provide the
+missing information before writing the file. Do not write a partial ADR.
+
+## Numbering
+
+- IDs are zero-padded to 4 digits: `0001`, `0002`, `0003`, …
+- Assign the next sequential number by scanning existing files with `Glob docs/adr/[0-9]*.md`.
+- Never reuse a number, even if a previous ADR is deprecated.
+
+## File naming
+
+`docs/adr/NNNN-kebab-case-title.md` — all lowercase, words separated by hyphens.
+
+## Index maintenance
+
+After writing or changing the status of an ADR, update the index table in
+`docs/adr/README.md`:
+
+```markdown
+| [ADR-NNNN](./NNNN-kebab-title.md) | Title | accepted | YYYY-MM-DD |
+```
+
+Remove the `_none yet_` placeholder row once the first real ADR is added.
diff --git a/.claude/rules/commit-workflow.md b/.claude/rules/commit-workflow.md
new file mode 100644
index 0000000000..60b9ee410c
--- /dev/null
+++ b/.claude/rules/commit-workflow.md
@@ -0,0 +1,69 @@
+---
+description: Commit conventions, branch naming, PR format, PR size guidelines, sign-off + GPG signing, and JIRA tracking workflow
+paths:
+  - '*'
+---
+
+# Commit & PR Workflow
+
+## Commit Conventions
+
+- Follow the [Conventional Commits](https://www.conventionalcommits.org/) format: `type: description`
+- A scope is **optional** — most commits in this repo do not use one
+- Valid types: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
+- Use present tense, imperative mood: "add feature" not "added feature"
+- Include the JIRA ticket **inline at the end** of the description, in parentheses
+- Examples:
+  - `feat: add github discussions integration (CM-1164)`
+  - `fix: improve member merge suggestions (CM-1137)`
+  - `chore: update stale dependency versions`
+
+## Commit Signing
+
+All commits must be both DCO-signed and GPG-signed:
+
+- **DCO sign-off (`--signoff`)** — required by LF governance; validated by the Probot DCO check in CI. The `Signed-off-by: Name <email>` trailer is appended automatically when you pass `--signoff` (or `-s`).
+- **GPG signature (`-S`)** — required by repo policy. Configure a signing key once:
+
+  ```bash
+  git config --global user.signingkey <KEY_ID>
+  git config --global commit.gpgsign true
+  ```
+
+Standard commit command:
+
+```bash
+git commit --signoff -S -m "type: description (CM-XXX)"
+```
+
+If signing fails, fix the underlying issue — do not push unsigned commits. To verify signature status on a branch's commits:
+
+```bash
+git log --format='%G? %h %s' origin/main..HEAD
+```
+
+Acceptable `%G?` codes: `G` (good signature) or `U` (good signature, key not in local trust db). Codes `N`, `B`, or `E` need investigation.
+
+## Branch Naming
+
+- Format: `type/CM-<number>-short-description` (e.g. `feat/CM-1164-github-discussions`)
+- The JIRA key in the branch name lets `/commit` include it automatically in the message
+
+## PR Titles
+
+- PR titles must contain a JIRA key — validated by CI (`.github/workflows/pr-title-jira-key-lint.yml`)
+- Format: `type: description (CM-XXX)` — Conventional Commits format with the JIRA key in parens at the end
+- Example: `feat: add github discussions source (CM-1164)`
+
+## PR Size & Focus
+
+- **Target under 1000 lines of diff** — one feature, one bug fix, or one refactor per PR
+- **Don't bundle unrelated changes** — keeps reviews focused and rollbacks clean
+
+## JIRA Tracking
+
+Before starting any work:
+
+1. Check if there is a JIRA ticket in the `CM` project
+2. Create one if untracked work
+3. Include `CM-XXX` in commit messages and PR title
diff --git a/.claude/rules/skill-guidance.md b/.claude/rules/skill-guidance.md
new file mode 100644
index 0000000000..509cc031f3
--- /dev/null
+++ b/.claude/rules/skill-guidance.md
@@ -0,0 +1,47 @@
+---
+description: Guides Claude to suggest the right skill based on user intent
+paths:
+  - '*'
+---
+
+# Available Skills
+
+This project has guided skills for common workflows. **Proactively suggest the relevant skill** when a user's request matches one of these:
+
+| Skill         | When to Suggest                                                                                     |
+| ------------- | --------------------------------------------------------------------------------------------------- |
+| `/commit`     | Commit staged changes, generate a commit message, "commit this", "make a commit"                   |
+| `/preflight`  | Before submitting a PR, check if code is ready, validate changes, verify a branch, run all checks  |
+| `/dco`        | PR failing DCO check, missing Signed-off-by, sign-off forgotten on a commit                        |
+| `/review-pr`  | Review a PR, audit code changes, check PR quality, validate a PR against standards                  |
+| `/adr`        | Record an architecture decision, choose between frameworks/libraries/patterns, query past decisions  |
+| `/scaffold-snowflake-connector` | Add a new Snowflake-connector data source or integration                          |
+
+## Trigger Phrases
+
+**`/preflight`** — match any of these intents:
+- "Ready for PR", "Check my code", "Validate changes", "Before I submit"
+- "Is my branch ready?", "Run checks", "Lint and build", "Pre-PR validation"
+- Any indication that development work is finished
+
+**`/dco`** — match any of these intents:
+- "DCO check failing", "Missing sign-off", "Signed-off-by"
+- "DCO bot blocked my PR", "forgot --signoff"
+- Any mention of the DCO Probot check
+
+**`/review-pr`** — match any of these intents:
+- "Review this PR", "Check PR quality", "Audit code changes"
+- "Review #123", "Is this PR ready to merge?"
+- Any mention of reviewing or auditing a pull request
+
+**`/adr`** — match any of these intents:
+- "Record this decision", "Let's write an ADR", "ADR for…"
+- "Why did we choose X?", "What was the reason for…"
+- "Should we use X or Y?" when the choice is architectural (framework, database, pattern, API style)
+- "Document this trade-off", "Capture this as an ADR"
+- Any moment where a significant technical alternative was considered and rejected
+- Discussions about the patterns in transition (Sequelize → pg-promise, classes → functions, etc.)
+
+**`/scaffold-snowflake-connector`** — match any of these intents:
+- "Add a new Snowflake connector", "New integration for [platform]"
+- "Scaffold a new data source", anything about adding a platform to `snowflake_connectors`
diff --git a/.claude/settings.json b/.claude/settings.json
index fa7f612a80..a143ddc6de 100644
--- a/.claude/settings.json
+++ b/.claude/settings.json
@@ -2,5 +2,49 @@
   "enabledPlugins": {
     "typescript-lsp@claude-plugins-official": true,
     "pyright-lsp@claude-plugins-official": true
+  },
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Edit|Write|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": ".claude/hooks/guard-protected-files.sh"
+          }
+        ]
+      }
+    ]
+  },
+  "permissions": {
+    "allow": [
+      "Bash(git status)",
+      "Bash(git log*)",
+      "Bash(git diff*)",
+      "Bash(git show*)",
+      "Bash(git branch*)",
+      "Bash(git remote*)",
+      "Bash(git fetch*)",
+      "Bash(git merge-base*)",
+      "Bash(gh pr view*)",
+      "Bash(gh pr list*)",
+      "Bash(gh pr diff*)",
+      "Bash(gh repo view*)",
+      "Bash(gh api repos*)",
+      "Bash(pnpm lint*)",
+      "Bash(pnpm format-check*)",
+      "Bash(pnpm tsc-check*)",
+      "Bash(pnpm format*)",
+      "Bash(pnpm test*)",
+      "Bash(npm run lint*)",
+      "Bash(git commit*)",
+      "Bash(git rebase*)",
+      "Bash(git cherry-pick*)",
+      "Bash(git push*)"
+    ],
+    "deny": [
+      "Bash(git reset --hard*)",
+      "Bash(rm -rf*)"
+    ]
   }
 }
diff --git a/.claude/skills/adr/SKILL.md b/.claude/skills/adr/SKILL.md
new file mode 100644
index 0000000000..8381e41164
--- /dev/null
+++ b/.claude/skills/adr/SKILL.md
@@ -0,0 +1,86 @@
+---
+name: adr
+description: >
+  Record an architecture decision as an ADR in docs/adr/. Use when choosing
+  between frameworks, libraries, databases, or architectural patterns; stating
+  a decision with reasoning ("we decided X instead of Y because..."); or
+  querying past decisions ("why did we choose X?").
+allowed-tools: Read, Write, Edit, Glob, Grep, AskUserQuestion
+---
+
+# Architecture Decision Records
+
+You are recording or retrieving an Architecture Decision Record (ADR) for this
+project. ADRs live in `docs/adr/` at the repo root.
+
+## When to record
+
+**Record these decisions:**
+- Technology selections (frameworks, libraries, databases, cloud providers)
+- Architectural patterns (state management, caching strategy, API design)
+- Data modeling choices (schema design, indexing, query approach)
+- Infrastructure and deployment models
+- Security, authentication, or testing strategy changes
+- Patterns in transition: any documented migration (e.g. Sequelize → pg-promise, classes → functions, multi-tenant → single tenant) is a textbook ADR candidate
+
+**Skip:** trivial choices (variable naming, formatting, minor refactors).
+
+## ADR template
+
+Every ADR file must include all of these sections:
+
+```markdown
+# ADR-NNNN: [Decision Title]
+
+**Date**: YYYY-MM-DD
+**Status**: proposed | accepted | deprecated | superseded by ADR-NNNN
+**Deciders**: [who was involved]
+
+## Context
+[2–5 sentences describing the situation, constraints, and forces at play]
+
+## Decision
+[1–3 sentences stating the change clearly and unambiguously]
+
+## Alternatives Considered
+
+### Alternative 1: [Name]
+- **Pros**: [benefits]
+- **Cons**: [drawbacks]
+- **Why not**: [specific rejection reason]
+
+## Consequences
+
+### Positive
+- [benefit 1]
+
+### Negative
+- [trade-off 1]
+
+### Risks
+- [risk and mitigation]
+```
+
+## Workflow — recording a new ADR
+
+1. **Scan existing ADRs** — `Glob docs/adr/[0-9]*.md` to find the highest existing number.
+2. **Assign next ID** — next sequential 4-digit number (e.g., `0003`).
+3. **Gather context** — ask the user for any missing details: who the deciders were, what alternatives were seriously considered, and what the consequences are.
+4. **Draft the ADR** — populate all mandatory sections from the template above.
+5. **Present the draft** — show it to the user for review before writing any file.
+6. **Write the file** — `docs/adr/NNNN-kebab-title.md` (kebab-case title, all lowercase).
+7. **Update the index** — append a new row to the `| ADR | Title | Status | Date |` table in `docs/adr/README.md`.
+
+## Workflow — reading / querying ADRs
+
+1. Check if `docs/adr/README.md` exists. If not, offer to start the ADR directory.
+2. Read the README index table and find entries relevant to the user's question.
+3. Read the matching ADR file and summarise the **Context** and **Decision** sections.
+4. If no ADR matches, suggest recording one now.
+
+## Quality standards
+
+- Each ADR should be readable in under 2 minutes.
+- Every rejected alternative must include a **Why not** reason.
+- When a decision is superseded, update the old ADR's **Status** field to `superseded by ADR-NNNN` and create the new ADR with a back-reference in its Context.
+- Keep one decision per ADR.
diff --git a/.claude/skills/commit/SKILL.md b/.claude/skills/commit/SKILL.md
new file mode 100644
index 0000000000..d782c7092f
--- /dev/null
+++ b/.claude/skills/commit/SKILL.md
@@ -0,0 +1,15 @@
+---
+name: commit
+description: Generate a commit message and commit staged changes using git commit -s -S.
+allowed-tools: Bash, AskUserQuestion
+---
+
+Commit the current staged changes.
+
+1. Run `git diff --staged`. If empty, tell the user there is nothing staged and stop.
+2. Run `git log --oneline -5` to understand this repo's commit message style.
+3. Run `git branch --show-current` to get the branch name. If it contains a `CM-XXX` ticket number, include it at the end of the subject in parentheses (e.g. `feat: add token refresh (CM-1234)`).
+4. Generate a single commit message following Conventional Commits format: `type: description`. Subject max 72 characters. No scope required unless meaningful. No body, no extra trailers, no Co-Authored-By. (The `Signed-off-by` trailer is added automatically by `-s`.)
+   - Valid types: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
+5. Run `git commit -s -S -m "<message>"` using exactly the generated message.
+6. Output only the commit hash and subject line from the result.
diff --git a/.claude/skills/dco/SKILL.md b/.claude/skills/dco/SKILL.md
new file mode 100644
index 0000000000..0acdf89f1f
--- /dev/null
+++ b/.claude/skills/dco/SKILL.md
@@ -0,0 +1,82 @@
+---
+name: dco
+description: >
+  Recover from missing DCO sign-off on commits. Handles the single-commit
+  amend, older-commit recovery via interactive rebase or cherry-pick,
+  and explains the Probot DCO check that blocks PRs without sign-off.
+  Use when a PR fails the DCO check, when a commit needs a Signed-off-by
+  trailer added retroactively, or when sign-off was forgotten during
+  rebase / cherry-pick / amend.
+allowed-tools: Bash, Read, Edit
+---
+
+# DCO Sign-off Recovery
+
+All commits in this repo must carry a `Signed-off-by:` trailer (Developer Certificate of Origin). The Probot DCO check on PRs blocks merge until every commit is signed.
+
+The standard way to add it is with `--signoff` at commit time. This skill handles the cases where that was missed.
+
+## Case 1: Last commit only
+
+```bash
+git commit --amend --signoff -S --no-edit
+git push --force-with-lease
+```
+
+`--force-with-lease` is preferred over plain `--force` — it refuses if someone else has pushed to the branch since you last fetched.
+
+## Case 2: Older commit on the same branch
+
+Find the commit hash of the oldest unsigned commit:
+
+```bash
+git log --pretty='%h %s %(trailers:key=Signed-off-by,valueonly)' origin/main..HEAD
+# Any line with an empty trailing field is unsigned
+```
+
+Then interactively rebase from one commit _before_ that:
+
+```bash
+git rebase -i <parent-of-unsigned-commit>
+# In the editor, change `pick` to `edit` for each unsigned commit
+# Save and exit; the rebase stops at each `edit` line so you can amend
+```
+
+For each commit in the rebase, replace it with a signed version:
+
+```bash
+git commit --amend --signoff -S --no-edit
+git rebase --continue
+```
+
+When done, force-push:
+
+```bash
+git push --force-with-lease
+```
+
+## Case 3: Cherry-pick / merge brought in unsigned commits
+
+Cherry-pick with sign-off baked in:
+
+```bash
+git cherry-pick --signoff <sha>
+```
+
+If you already cherry-picked without it, fall back to Case 1 or Case 2 above.
+
+## Verifying the whole branch
+
+Before pushing, verify every commit ahead of origin/main has both DCO and GPG:
+
+```bash
+git log --format='%G? %(trailers:key=Signed-off-by,valueonly,separator=%x20) %h %s' origin/main..HEAD
+```
+
+Each line must start with `G` or `U` (good GPG signature) AND carry a non-empty `Signed-off-by` value before the SHA. Codes `N` / `B` / `E` need investigation. See `.claude/rules/commit-workflow.md` for the canonical signing policy.
+
+## What the Probot DCO check looks for
+
+The check passes when every commit message includes a `Signed-off-by: Name <email>` trailer matching the commit author's email. The `--signoff` (or `-s`) flag adds this trailer automatically using your `user.name` and `user.email` git config.
+
+A failing DCO check on a PR will show a "Details" link explaining which commits are missing sign-off.
diff --git a/.claude/skills/preflight/SKILL.md b/.claude/skills/preflight/SKILL.md
new file mode 100644
index 0000000000..57d22c2551
--- /dev/null
+++ b/.claude/skills/preflight/SKILL.md
@@ -0,0 +1,175 @@
+---
+name: preflight
+description: >
+  Pre-PR validation — working tree status, format, lint, TypeScript check, and
+  protected file check. Workspace-aware: detects which of backend/, frontend/,
+  services/apps/*, services/libs/* were changed and runs only the relevant
+  scripts. Use before submitting any PR, to check if code is ready, or to
+  validate a branch before review.
+allowed-tools: Bash, Read, Glob, Grep, AskUserQuestion
+---
+
+# Pre-Submission Preflight Check
+
+Run each check in order. Report results clearly and help fix any issues found.
+
+---
+
+## Check 0: Working Tree Status
+
+```bash
+git status
+git diff --stat origin/main...HEAD
+git log --format="%h %s%n%b" origin/main...HEAD
+```
+
+**Evaluate:**
+
+- **Uncommitted changes?** — Ask the contributor: commit now or stash?
+- **No commits ahead of main?** — The branch has nothing to validate. Ask if they're on the right branch.
+- **Commit messages missing JIRA key?** — Flag commits that don't include a `CM-XXX` reference.
+- **Commits missing `--signoff`?** — Flag any commits without `Signed-off-by:` lines.
+
+Resolve any issues before proceeding.
+
+---
+
+## Check 1: Detect Changed Workspaces
+
+```bash
+git diff --name-only origin/main...HEAD
+```
+
+Group changed files into workspaces:
+
+| Workspace | Path prefix | Lint | Format check | Type check | Test |
+|---|---|---|---|---|---|
+| Backend | `backend/` | `cd backend && pnpm lint` | `cd backend && pnpm format-check` | `cd backend && pnpm tsc-check` | `cd backend && pnpm test` (needs Docker) |
+| Frontend | `frontend/` | `cd frontend && npm run lint` | — | — | — |
+| Each service | `services/apps/<name>/` | `cd services/apps/<name> && pnpm lint` | `cd services/apps/<name> && pnpm format-check` | `cd services/apps/<name> && pnpm tsc-check` | `cd services/apps/<name> && pnpm test` if vitest present |
+| Each lib | `services/libs/<name>/` | `cd services/libs/<name> && pnpm lint` | `cd services/libs/<name> && pnpm format-check` | `cd services/libs/<name> && pnpm tsc-check` | `cd services/libs/<name> && pnpm test` if vitest present |
+
+Run checks only for the workspaces that have changed files.
+
+---
+
+## Check 2: Lint
+
+For each changed workspace, run its lint command. Fix any errors before proceeding. Common issues:
+
+- Unused imports or variables
+- Missing type annotations
+- Rule violations
+
+---
+
+## Check 3: Format Check
+
+For each changed workspace that has a `format-check` script (backend, services), run it.
+
+If there are format violations:
+```bash
+# Fix them
+pnpm format
+# Then stage the fixes
+git add -p
+```
+
+Frontend does not have a format-check script — skip for `frontend/`.
+
+---
+
+## Check 4: TypeScript Check
+
+For each changed workspace that has `tsc-check` (backend, services), run it. Fix all type errors before proceeding.
+
+Frontend does not have a `tsc-check` script — skip for `frontend/`.
+
+---
+
+## Check 5: Protected Files Check
+
+```bash
+git diff --name-only origin/main...HEAD
+```
+
+Flag any changes to these protected files — they should NOT be modified without code owner approval:
+
+- `services/libs/data-access-layer/**` — shared DAL, high blast radius
+- `services/libs/common/**` — shared utilities, affects all services
+- `backend/src/database/migrations/**` — append-only Flyway migrations
+- `scripts/cli`, `scripts/scaffold.yaml`, `scripts/scaffold.insights.yaml`
+- `.husky/*`, `commitlint.config.js`
+- `.github/workflows/**`, `.github/actions/**`
+- `tsconfig*.json`, `.eslintrc*`, `.prettierrc*`
+- `pnpm-lock.yaml`, `package.json`, `*/package.json`
+- `CLAUDE.md`, `.claude/settings.json`
+
+If protected files appear in the diff, warn the contributor and ask them to revert or get code owner approval.
+
+---
+
+## Check 6: Commit Verification
+
+```bash
+git log --format="%h %s%n%b" origin/main...HEAD
+```
+
+- **All changes committed?** — If not, remind them to commit.
+- **Commit messages follow conventions?** — `type: description (CM-XXX)` format per `commit-workflow.md`.
+- **`--signoff` on all commits?** — Every commit must have `Signed-off-by:`.
+- **JIRA key referenced?** — PR title must contain a JIRA key (validated by CI at `.github/workflows/pr-title-jira-key-lint.yml`).
+
+---
+
+## Check 7: Change Summary
+
+```bash
+git diff --stat origin/main...HEAD
+```
+
+List:
+1. **New files created** — with their purpose
+2. **Modified files** — with what changed
+3. **API changes** — any new or modified routes in `backend/src/api/`
+4. **Migration changes** — any new Flyway migrations
+
+---
+
+## Results Report
+
+Present a clear report:
+
+```text
+PREFLIGHT RESULTS
+─────────────────────────────────────────────────
+✓ Working tree        — Clean, N commits ahead of main
+✓ Lint                — backend: OK | frontend: OK | services/...: OK
+✓ Format check        — backend: OK
+✓ TypeScript          — backend: OK
+✓ Protected files     — None modified
+✓ Commits             — Conventions followed, signed off, CM-XXX present
+─────────────────────────────────────────────────
+READY FOR PR
+```
+
+Or if there are issues:
+
+```text
+PREFLIGHT RESULTS
+─────────────────────────────────────────────────
+✓ Working tree        — Clean, N commits ahead of main
+✗ Lint                — backend: 3 errors (see above)
+✓ Format check        — backend: OK
+✗ TypeScript          — backend: 1 error (see above)
+✓ Protected files     — None modified
+✗ Commits             — Missing Signed-off-by on 2 commits (run /dco)
+─────────────────────────────────────────────────
+ISSUES FOUND — Fix before submitting
+```
+
+### If All Checks Pass
+
+Suggest creating the PR:
+
+> "All preflight checks passed! Ready to create a PR. Would you like me to create it with `gh pr create`?"
diff --git a/.claude/skills/review-pr/SKILL.md b/.claude/skills/review-pr/SKILL.md
new file mode 100644
index 0000000000..c42dd0d8a9
--- /dev/null
+++ b/.claude/skills/review-pr/SKILL.md
@@ -0,0 +1,258 @@
+---
+name: review-pr
+description: >
+  Review a pull request against CDP architecture standards — fetches PR diff,
+  verifies previous comments are addressed, validates PR metadata (title,
+  branch, JIRA key, size), runs a code-standards enforcer against every file
+  in `.claude/rules/` and `.claude/hooks/guard-protected-files.sh`, and drafts
+  inline review comments with suggested fixes. NEVER auto-posts comments or
+  submits reviews — always presents a draft in the terminal for user approval
+  before any comment lands on the PR. Use when reviewing PRs, checking PR
+  quality, validating code changes, or when the user says "review", "check this
+  PR", or "audit code".
+allowed-tools: Bash, Read, Glob, Grep, Agent, AskUserQuestion, Skill
+---
+
+# CDP PR Review
+
+You are reviewing a pull request against the CDP (Community Data Platform) architecture standards and project conventions. Walk through each phase in order.
+
+The review is backed by these living sources of truth — always pull current contents rather than relying on memory:
+
+- `.claude/rules/*.md` — all project rules
+- `.claude/hooks/guard-protected-files.sh` — the authoritative protected-files list
+- `CLAUDE.md` — project conventions, patterns in transition
+
+---
+
+## Phase 1: Input & Context Gathering
+
+### Parse arguments
+
+The args string follows this format: `<PR number> [extra instructions]`.
+
+- First token is the PR number if numeric.
+- Everything after it is extra instructions (e.g. "focus on backend", "check that previous comments were addressed").
+- If no PR number is provided, use **AskUserQuestion** to ask for one.
+
+### Determine repository
+
+```bash
+gh repo view --json nameWithOwner --jq '.nameWithOwner'
+```
+
+### Fetch PR metadata (parallel)
+
+Run all of the following in a single turn:
+
+```bash
+# PR details
+gh pr view <N> --json title,body,headRefName,baseRefName,author,files,additions,deletions,state,number
+
+# Full diff
+gh pr diff <N>
+
+# Previous inline review comments
+gh api repos/{owner}/{repo}/pulls/{N}/comments --paginate
+
+# Previous review summaries
+gh api repos/{owner}/{repo}/pulls/{N}/reviews --paginate
+
+# Commit messages
+gh api repos/{owner}/{repo}/pulls/{N}/commits --paginate --jq '.[].commit.message'
+
+# Fetch both branches for merge-base check
+git fetch origin <baseRefName> <headRefName>
+```
+
+If the diff is too large, save it to `/tmp/pr-<N>.diff` and read only changed `.ts`, `.vue`, `.sql`, `.md` files with `Read`.
+
+### Load all project rules (dynamic — do not hardcode)
+
+Glob `.claude/rules/*.md` and read every rule file. New rules added in the future must be picked up automatically; never maintain a hand-kept list here. At time of writing this includes:
+
+- `commit-workflow.md` — PR title format, branch naming, JIRA key, signing
+- `adr-format.md` — ADR template enforcement (scoped to docs/adr/)
+- `skill-guidance.md` — skill routing table
+
+### Load the protected-files hook
+
+Read `.claude/hooks/guard-protected-files.sh`. Parse its `case` statements and `if` conditions to build the authoritative protected-files list. Never maintain it by hand — parse the hook so it stays in sync.
+
+---
+
+## Phase 2: Launch Code Enforcer (background)
+
+Spawn a background **Agent** subagent (`code-standards-enforcer`) with `run_in_background: true`. Proceed to Phase 3 immediately while it runs in parallel.
+
+Prompt for the agent:
+
+> You are a code-standards enforcer for the CDP (Community Data Platform) codebase. Your job is to read every changed file on the PR branch and flag violations of project conventions.
+>
+> **Branch:** `origin/<headRefName>`
+> **Changed files:** (include the full list from Phase 1)
+>
+> For each file, read it with `git show origin/<headRefName>:<path>` and check against:
+>
+> 1. `.claude/rules/*.md` — glob and read all rule files
+> 2. `CLAUDE.md` — project conventions and patterns-in-transition
+> 3. Domain checklists:
+>    - Backend files (`backend/**`) → `.claude/skills/review-pr/references/backend-checklist.md`
+>    - Frontend files (`frontend/**`) → `.claude/skills/review-pr/references/frontend-checklist.md`
+>    - Service files (`services/apps/**`, `services/libs/**`) → `.claude/skills/review-pr/references/services-checklist.md`
+>    - SQL / migrations (`backend/src/database/migrations/**`, any `.sql`) → `.claude/skills/review-pr/references/sql-checklist.md`
+>
+> Also read `.claude/hooks/guard-protected-files.sh` and parse its `case`/`if` patterns. For every changed file matching a protected pattern, emit a NIT finding with the hook's warning reason.
+>
+> **Severity calibration:**
+> - **CRITICAL** — runtime bugs, security issues, new Sequelize usage in non-legacy files, new public endpoint without `validateOrThrow`/Zod schema, multi-tenant logic beyond `DEFAULT_TENANT_ID`, secrets hardcoded
+> - **SHOULD_FIX** — documented style/structure violations (new class-based service/repo, `any` types in new code, DAL function added without checking for existing equivalents, missing license headers)
+> - **NIT** — minor improvements, naming, protected-file awareness
+>
+> Return findings as JSON:
+> `[{ "file": "...", "line": N, "severity": "CRITICAL|SHOULD_FIX|NIT", "rule": "<source>:<section>", "message": "...", "suggestion": "..." }]`
+>
+> **If you cannot quote the rule from a loaded rule file, checklist, or CLAUDE.md, drop the finding. Hallucinated rules are worse than missed ones.**
+
+---
+
+## Phase 3: Verify Previous Review Comments
+
+Check whether previously raised review comments were actually addressed in code. **Do NOT trust "resolved" status — read the actual code.**
+
+1. Gather all inline comments and review bodies from Phase 1.
+2. Skip trivial comments: nits, "+1", bot auto-comments, purely informational remarks.
+3. For every **CRITICAL** or **SHOULD FIX** comment:
+   1. Read the file on the PR branch: `git show origin/<headRefName>:<file>`
+   2. Compare current code against what the comment requested.
+   3. Classify: **FIXED** / **NOT FIXED** / **PARTIALLY FIXED** / **N/A**
+4. Build a markdown table:
+
+```markdown
+| #   | Comment Summary                    | File                                     | Status    | Evidence                              |
+| --- | ---------------------------------- | ---------------------------------------- | --------- | ------------------------------------- |
+| 1   | Use queryExecutor not Sequelize    | services/libs/data-access-layer/foo.ts   | FIXED     | Line 12 now uses queryExecutor        |
+| 2   | Missing validateOrThrow on endpoint | backend/src/api/members.ts              | NOT FIXED | Route still has no Zod schema         |
+```
+
+If no previous review comments, note "No previous review comments found" and move on.
+
+---
+
+## Phase 4: PR Metadata Validation
+
+Validates PR metadata against `commit-workflow.md`.
+
+### Checks
+
+1. **PR title format** — must follow Conventional Commits format: `type: description (CM-XXX)`. The JIRA key goes in parentheses at the end. CI validates the presence of any JIRA key pattern (`/\b[A-Z]+-\d+\b/`).
+   - Valid types: `feat`, `fix`, `docs`, `style`, `refactor`, `perf`, `test`, `build`, `ci`, `chore`, `revert`
+
+2. **JIRA key present** — PR title must contain a JIRA key (checked by CI at `.github/workflows/pr-title-jira-key-lint.yml`). Extract with `grep -oE '[A-Z]+-[0-9]+'`. If none, flag CRITICAL.
+
+3. **Branch name format** — should match `type/CM-<number>` (e.g. `feat/CM-1164-github-discussions`). Flag as NIT if non-conforming but otherwise well-formed.
+
+4. **Branch rebased on main**:
+   ```bash
+   git merge-base --is-ancestor origin/main origin/<headRefName>
+   ```
+   If non-zero exit code, flag SHOULD FIX: branch needs a rebase.
+
+5. **PR size** — if `additions > 1000`, note per `commit-workflow.md`'s 1000-line target.
+
+6. **Commit signing** — at least one commit should have `Signed-off-by:` trailer (DCO).
+
+Build a findings table:
+
+```markdown
+| Check           | Status | Detail                                          |
+| --------------- | ------ | ----------------------------------------------- |
+| PR title format | PASS   | `feat: add github discussions source (CM-1164)` |
+| JIRA key        | PASS   | Found CM-1164                                   |
+| Branch name     | PASS   | `feat/CM-1164-github-discussions`               |
+| Branch rebased  | PASS   | origin/main is an ancestor                      |
+| PR size         | PASS   | 342 additions                                   |
+| DCO sign-off    | PASS   | All commits signed                              |
+```
+
+---
+
+## Phase 5: Compile Context
+
+Wait for the Phase 2 enforcer Agent to complete. Then compile all findings.
+
+### Apply false-positive filter
+
+Before surfacing any finding, drop it if:
+- The `rule` field cannot be matched by string search in the loaded rule files, checklists, or CLAUDE.md
+- It relates to patterns from other codebases (Angular, Nuxt, Go-specific rules, etc.)
+- It flags legacy Sequelize/class usage in files that are clearly already legacy (`backend/src/database/repositories/`, `backend/src/services/`) — only flag NEW usage
+
+### Assemble the context block
+
+1. **Previous comment verification** — Phase 3 table (or "No previous review comments found")
+2. **PR metadata validation** — Phase 4 table
+3. **Protected files touched** — list any matching `.claude/hooks/guard-protected-files.sh`, with the hook's warning reason
+4. **Code enforcer findings** — filtered JSON results from Phase 2
+5. **Domain checklists applied** — note which checklists were used
+6. **Extra user instructions** — any additional instructions from the args
+
+---
+
+## Phase 6: Present Draft Review for Approval (NEVER auto-post)
+
+**You MUST NOT post inline comments, submit a review, or request changes without the user's explicit approval. Always present the draft first and wait for a clear go-ahead.** This applies every time, with no exceptions.
+
+### Step 1 — Show the draft
+
+Print the compiled context as a draft review summary:
+
+1. **PR summary** — number, title, author, size, branch
+2. **Phase 3 table** — previous comments and whether they were addressed
+3. **Phase 4 table** — PR metadata validation
+4. **Protected files touched** — list with hook reasons
+5. **Proposed inline comments** — one block per finding: file:line, severity, rule citation, message, suggested fix. Number them so the user can reference individual items.
+6. **Proposed review body** — summary text for the top of the review
+7. **Proposed review verdict** — COMMENT / APPROVE / REQUEST_CHANGES, with reasoning
+
+### Step 2 — Ask for approval
+
+Use **AskUserQuestion** with options:
+
+- "Post all comments as drafted"
+- "Post with changes — I'll tell you which comments to drop or edit"
+- "Don't post — just keep the summary here"
+
+Do NOT proceed until the user explicitly picks an option. Treat silence or ambiguous replies as "don't post".
+
+### Step 3 — Only after approval: invoke `/review`
+
+Once the user approves (with or without edits), apply their edits and use the **Skill** tool to invoke `review` with the PR number and compiled context:
+
+```text
+<PR number> -- <compiled context from Phase 5, with user's edits applied>
+```
+
+If the user said "don't post", stop here — do not invoke `/review` or any PR-mutating `gh` command.
+
+---
+
+## Additional Rules
+
+### PR size check
+
+If `additions > 1000`, include in the review body:
+
+> **Note:** This PR has {additions} additions, which exceeds the recommended 1000-line target per `commit-workflow.md`. Consider splitting into smaller, independently reviewable PRs.
+
+### New contributor awareness
+
+```bash
+gh pr list --author <author> --state merged --limit 5 --json number | jq 'length'
+```
+
+If the author has fewer than 5 merged PRs to this repo, be more educational in inline comments — explain the **why** behind each rule, not just the **what**.
+
+### Extra instructions
+
+If the user passed extra instructions after the PR number, prioritize those areas but still execute the full review pipeline.
diff --git a/.claude/skills/review-pr/references/backend-checklist.md b/.claude/skills/review-pr/references/backend-checklist.md
new file mode 100644
index 0000000000..bd1599a097
--- /dev/null
+++ b/.claude/skills/review-pr/references/backend-checklist.md
@@ -0,0 +1,109 @@
+# Backend Review Checklist
+
+Express.js / pg-promise API review standards for the CDP repo (`backend/`).
+
+---
+
+## 1. New Sequelize usage (CRITICAL)
+
+All new database code must use `queryExecutor` from `@crowd/data-access-layer`, not Sequelize. Sequelize is legacy and limited to existing usage in `backend/src/database/repositories/` and `backend/src/services/`.
+
+**Violation:**
+```ts
+import { Sequelize } from 'sequelize'
+const result = await Model.findAll({ where: { id } })
+```
+
+**Fix:**
+```ts
+// Use an existing DAL function from services/libs/data-access-layer/src/
+// or add a new one using queryExecutor
+```
+
+Do **not** flag existing Sequelize in `backend/src/database/repositories/` or `backend/src/services/` — those are legacy files being migrated incrementally.
+
+---
+
+## 2. New public endpoints missing Zod + validateOrThrow (CRITICAL)
+
+All new public API endpoints must validate input with a Zod schema using `validateOrThrow`.
+
+**Violation:**
+```ts
+router.post('/members', async (req, res) => {
+  const { name, email } = req.body // no validation
+})
+```
+
+**Fix:**
+```ts
+import { z } from 'zod'
+import { validateOrThrow } from '@crowd/common'
+
+const schema = z.object({ name: z.string(), email: z.string().email() })
+
+router.post('/members', async (req, res) => {
+  const body = validateOrThrow(schema, req.body)
+})
+```
+
+---
+
+## 3. New multi-tenant logic (CRITICAL)
+
+Multi-tenancy is being phased out. New code must use `DEFAULT_TENANT_ID` from `@crowd/common` rather than introducing new multi-tenant logic.
+
+**Fix:**
+```ts
+import { DEFAULT_TENANT_ID } from '@crowd/common'
+```
+
+---
+
+## 4. New class-based services or repositories (SHOULD FIX)
+
+New code should use plain functions, not class-based patterns.
+
+**Violation:**
+```ts
+export class MemberService {
+  async findById(id: string) { ... }
+}
+```
+
+**Fix:**
+```ts
+export async function findMemberById(id: string) { ... }
+```
+
+---
+
+## 5. DAL function added without checking for existing equivalents (SHOULD FIX)
+
+Before adding a new function to `services/libs/data-access-layer/src/`, verify no equivalent already exists. Flag any new DAL function that appears to duplicate an existing one.
+
+---
+
+## 6. `any` types in new code (SHOULD FIX)
+
+Avoid `any`. Use proper types, `unknown` with narrowing, or generics.
+
+---
+
+## 7. No secrets hardcoded (CRITICAL)
+
+API keys, tokens, and credentials must come from environment variables, never hardcoded.
+
+---
+
+## 8. Auth0 vs legacy JWT (SHOULD FIX)
+
+New auth code must use Auth0 patterns. Do not introduce new legacy JWT patterns.
+
+---
+
+## Known false positives — do NOT flag
+
+- Sequelize usage in `backend/src/database/repositories/` or `backend/src/services/` — legacy files
+- `DEFAULT_TENANT_ID` usage — this is the correct pattern
+- Zod usage outside `validateOrThrow` (e.g. internal validation) — not a violation
diff --git a/.claude/skills/review-pr/references/frontend-checklist.md b/.claude/skills/review-pr/references/frontend-checklist.md
new file mode 100644
index 0000000000..fb656088e1
--- /dev/null
+++ b/.claude/skills/review-pr/references/frontend-checklist.md
@@ -0,0 +1,89 @@
+# Frontend Review Checklist
+
+Vue 3 / Vite frontend review standards for the CDP repo (`frontend/`).
+
+---
+
+## 1. Composition API with `<script setup>` (SHOULD FIX)
+
+Use `<script setup>` with Composition API. No Options API components.
+
+**Violation:**
+```vue
+<script>
+export default {
+  data() { return { count: 0 } }
+}
+</script>
+```
+
+**Fix:**
+```vue
+<script setup lang="ts">
+const count = ref(0)
+</script>
+```
+
+---
+
+## 2. TanStack Vue Query for server state (SHOULD FIX)
+
+Use `useQuery` / `useMutation` from TanStack Vue Query for data fetching. Do not use raw `axios` directly in `onMounted` for data that should be cached.
+
+**Violation:**
+```ts
+const data = ref(null)
+onMounted(async () => {
+  data.value = await axios.get('/api/members')
+})
+```
+
+**Fix:**
+```ts
+import { useQuery } from '@tanstack/vue-query'
+const { data } = useQuery({
+  queryKey: ['members'],
+  queryFn: () => axios.get('/api/members').then(r => r.data),
+})
+```
+
+---
+
+## 3. Pinia for shared client state (SHOULD FIX)
+
+Use Pinia stores for shared client-side state. Do not pass deeply nested props for state that should be in a store.
+
+---
+
+## 4. TypeScript — no `any` (SHOULD FIX)
+
+Avoid `any`. Use proper types, `unknown` with narrowing, or generics.
+
+---
+
+## 5. Tailwind CSS conventions (SHOULD FIX)
+
+- **Prefer `gap-*` over `space-y-*`** for vertical stacking
+- No hard-coded hex color values in templates — use Tailwind color tokens
+
+---
+
+## 6. Reactive refs over non-reactive values (SHOULD FIX)
+
+State that should trigger re-renders must use `ref()` or `computed()`.
+
+**Violation:**
+```ts
+let isLoading = false // won't trigger re-render
+```
+
+**Fix:**
+```ts
+const isLoading = ref(false)
+```
+
+---
+
+## 7. Element Plus usage patterns (NIT)
+
+The project uses Element Plus (`el-*`). Follow existing component usage patterns — check how similar components are used elsewhere before introducing a new pattern.
diff --git a/.claude/skills/review-pr/references/services-checklist.md b/.claude/skills/review-pr/references/services-checklist.md
new file mode 100644
index 0000000000..570719b064
--- /dev/null
+++ b/.claude/skills/review-pr/references/services-checklist.md
@@ -0,0 +1,51 @@
+# Services Review Checklist
+
+Review standards for microservices under `services/apps/` and shared libraries under `services/libs/`.
+
+---
+
+## Temporal Worker patterns (`services/apps/*/`)
+
+### 1. Workflows must be deterministic (CRITICAL)
+
+Temporal workflows must be fully deterministic. No direct I/O, no `Math.random()`, no `Date.now()`, no non-deterministic APIs inside workflow code. Move all I/O into Activities.
+
+### 2. Activities should be idempotent (SHOULD FIX)
+
+Temporal may retry activities on failure. Activities should be safe to run multiple times without unintended side effects.
+
+### 3. No direct Kafka/Redis calls inside Temporal workflows (CRITICAL)
+
+Kafka producers and Redis clients must only be called from Activities, not from Workflow code.
+
+---
+
+## Shared Libraries (`services/libs/*/`)
+
+### 4. New DAL functions — check for existing equivalents first (SHOULD FIX)
+
+Before adding a new function to `services/libs/data-access-layer/src/`, verify no equivalent exists.
+
+### 5. `queryExecutor` from `@crowd/data-access-layer` (CRITICAL)
+
+All new database queries must use `queryExecutor`. Do not add Sequelize or raw `pg` queries to service libraries.
+
+### 6. Query performance awareness (SHOULD FIX)
+
+Flag queries that clearly scan large tables without an appropriate WHERE clause using an indexed column.
+
+### 7. Bunyan logger usage (SHOULD FIX)
+
+Use the logger from `@crowd/logging`, not `console.log/error/warn`.
+
+### 8. New class-based code (SHOULD FIX)
+
+New service/worker code should use plain functions, not class-based patterns. Classes are legacy.
+
+---
+
+## Known false positives — do NOT flag
+
+- Existing class-based workers that have not been refactored — only flag **new** classes
+- `queryExecutor` usage in `services/libs/data-access-layer/` — correct pattern
+- `DEFAULT_TENANT_ID` from `@crowd/common` — correct pattern
diff --git a/.claude/skills/review-pr/references/sql-checklist.md b/.claude/skills/review-pr/references/sql-checklist.md
new file mode 100644
index 0000000000..892a524743
--- /dev/null
+++ b/.claude/skills/review-pr/references/sql-checklist.md
@@ -0,0 +1,75 @@
+# SQL & Migration Review Checklist
+
+Review standards for database queries in `services/libs/data-access-layer/` and migrations in `backend/src/database/migrations/`.
+
+---
+
+## Flyway Migrations
+
+### 1. Migrations are append-only (CRITICAL)
+
+Never modify an existing migration file that has been applied. Create a new migration to alter or fix a previous one.
+
+**Violation:** Editing `V1234__create_members_table.sql` after it has been applied.
+
+**Fix:** Create `V1235__alter_members_add_column.sql` with the corrective change.
+
+---
+
+### 2. Migration filename format (SHOULD FIX)
+
+Migration files must follow: `V{epoch}__{description}.sql` and `U{epoch}__{description}.sql` (undo). The version must be unique and greater than all existing versions.
+
+---
+
+### 3. Migrations must be safe for production (CRITICAL)
+
+Avoid:
+- `DROP TABLE` without verifying data is no longer needed
+- `ALTER TABLE ... NOT NULL` without a default or two-step migration (add nullable first, backfill, then add constraint)
+- Renaming columns without updating all code references first
+- Large table operations without considering lock impact
+
+---
+
+## Data Access Layer Queries
+
+### 4. Parameterized queries only — no string interpolation (CRITICAL)
+
+All queries must use parameterized placeholders (`$1`, `$2`, etc.). Never interpolate user input directly into SQL.
+
+**Violation:**
+```ts
+await queryExecutor.query(`SELECT * FROM members WHERE email = '${email}'`)
+```
+
+**Fix:**
+```ts
+await queryExecutor.query('SELECT * FROM members WHERE email = $1', [email])
+```
+
+---
+
+### 5. Placeholder count matches bind values (CRITICAL)
+
+Every `$N` placeholder must have a corresponding value in the binds array, in correct order. Mismatch causes runtime errors.
+
+---
+
+### 6. Index awareness (SHOULD FIX)
+
+Before writing a query, verify the table has an index on the WHERE clause columns. Flag queries that will cause full table scans on large tables (`members`, `activities`, `organizations`).
+
+Common indexed columns: `id`, `tenantId`, `platform`, `sourceId`, `memberId`, `organizationId`, `timestamp`, `deletedAt`.
+
+---
+
+### 7. Blast radius check for modified DAL functions (SHOULD FIX)
+
+If a shared DAL function in `services/libs/data-access-layer/src/` is modified, check all callers. Use `grep -r "functionName" services/ backend/` to find them.
+
+---
+
+### 8. Soft-delete awareness (SHOULD FIX)
+
+Many tables use `deletedAt` for soft deletes. Queries that don't filter on `deletedAt IS NULL` may return deleted records. Verify the intended behavior.
diff --git a/AGENTS.md b/AGENTS.md
new file mode 120000
index 0000000000..681311eb9c
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1 @@
+CLAUDE.md
\ No newline at end of file
diff --git a/docs/adr/README.md b/docs/adr/README.md
new file mode 100644
index 0000000000..6e2c3ae031
--- /dev/null
+++ b/docs/adr/README.md
@@ -0,0 +1,20 @@
+# Architecture Decision Records
+
+Architecture Decision Records (ADRs) capture significant technical decisions made in this project, including context, alternatives considered, and consequences.
+
+Use the `/adr` skill in Claude Code to record new ADRs or query past decisions.
+
+## Index
+
+| ADR | Title | Status | Date |
+| --- | ----- | ------ | ---- |
+| _none yet_ | | | |
+
+## Why ADRs?
+
+The codebase is in active transition across several axes (see `CLAUDE.md`). ADRs provide a durable record of:
+- Why old patterns are being replaced (e.g. Sequelize → pg-promise)
+- What alternatives were considered before choosing the current approach
+- What trade-offs were accepted
+
+New contributors can understand constraints without needing to ask — the reasoning is in the ADRs.
diff --git a/docs/adr/template.md b/docs/adr/template.md
new file mode 100644
index 0000000000..f21d8c134e
--- /dev/null
+++ b/docs/adr/template.md
@@ -0,0 +1,36 @@
+# ADR-NNNN: [Decision Title]
+
+**Date**: YYYY-MM-DD
+**Status**: proposed | accepted | deprecated | superseded by ADR-NNNN
+**Deciders**: [who was involved]
+
+## Context
+
+[2–5 sentences describing the situation, constraints, and forces at play. What problem prompted this decision?]
+
+## Decision
+
+[1–3 sentences stating the change clearly and unambiguously. "We decided to..."]
+
+## Alternatives Considered
+
+### Alternative 1: [Name]
+- **Pros**: [benefits]
+- **Cons**: [drawbacks]
+- **Why not**: [specific rejection reason]
+
+### Alternative 2: [Name]
+- **Pros**: [benefits]
+- **Cons**: [drawbacks]
+- **Why not**: [specific rejection reason]
+
+## Consequences
+
+### Positive
+- [benefit 1]
+
+### Negative
+- [trade-off 1]
+
+### Risks
+- [risk and how it's mitigated]
