refactor(blocks): update kit-agent handoff refs to kei- prefix in 5 blocks

Caught in Phase-2 double-audit pass AFTER commits 1-5 were already pushed: top-level _blocks/*.md contains prose handoff references to "cost-guardian" that get composed into generated agent .md files. These were missed by the skills/manifests sweep because blocks weren't in the original task spec list (only fixture _blocks/ were mentioned, and those are separate). Impact if left unfixed: any project-specialist created via /new-agent with Q3=Yes (paid APIs) or Q7!=None (scrapers) would compose these blocks and emit a generated .md referencing the stale `cost-guardian` handoff target — a dangling reference after the kei-* rename. Files touched (10 references, all to `cost-guardian`): - _blocks/api-apify.md (1) - _blocks/api-elevenlabs.md (2) - _blocks/api-fal-ai.md (2) - _blocks/domain-paid-apis.md (2) - _blocks/scraper-paid-tier.md (3) Verify: cargo test -> 17/17 still green (fixture _blocks/ isolated from top-level _blocks/, so no snapshot drift). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 14:12:49 +08:00 · 2026-04-21 14:12:49 +08:00 · 0398c9ca05
commit 0398c9ca05
parent 2b478ce2b6
5 changed files with 10 additions and 10 deletions
--- a/_blocks/api-apify.md
+++ b/_blocks/api-apify.md
@ -38,4 +38,4 @@ Prefer free path when available — Telethon (Telegram) and YouTube Data API v3

 **LinkedIn HIGH RISK:** `harvestapi` no-cookie actors are safer ($4-10/1K). Cookie-based (`curious_coder`) = ban + ToS exposure. Max 500 profiles/day deep. **Always legal review before EU LinkedIn runs.**

-**Forbidden:** LinkedIn batch without legal sign-off (GDPR + ToS); residential proxies against EU targets without documented consent basis; batch runs without per-item cost estimate to `cost-guardian`; using main personal account for any cookie-based actor (curious_coder line); launching an actor before validating input against its `input_schema.json`; paying Apify for Telegram when Telethon is free.
+**Forbidden:** LinkedIn batch without legal sign-off (GDPR + ToS); residential proxies against EU targets without documented consent basis; batch runs without per-item cost estimate to `kei-cost-guardian`; using main personal account for any cookie-based actor (curious_coder line); launching an actor before validating input against its `input_schema.json`; paying Apify for Telegram when Telethon is free.
--- a/_blocks/api-elevenlabs.md
+++ b/_blocks/api-elevenlabs.md
@ -32,6 +32,6 @@ Skipping or reordering any step = API error. Ephemeral preview IDs expire — ca

 **Video integration (if pairing with a video model that supports voice):** `voice_id` flows into the video model's `voice_ids` payload. Per-speaker markers in prompts ONLY when `voice_ids` actually sent.

-**Cost tracking:** log per-call `characters_used` + cumulative month-to-date → `memory/{project}.md`. Hand off to `cost-guardian` on any batch expected to exceed 50% of monthly quota.
+**Cost tracking:** log per-call `characters_used` + cumulative month-to-date → `memory/{project}.md`. Hand off to `kei-cost-guardian` on any batch expected to exceed 50% of monthly quota.

-**Forbidden:** calling TTS without prior `createVoice` (ephemeral preview IDs fail); exceeding plan character quota without `cost-guardian` check (overage billing surprise); committing `voice_id` values into git when they reference private/cloned voices (storage convention — see `domain-has-secrets.md`); re-designing the same voice per-scene instead of caching `voice_id`; skipping the 3-step flow with direct TTS on `generated_voice_id`.
+**Forbidden:** calling TTS without prior `createVoice` (ephemeral preview IDs fail); exceeding plan character quota without `kei-cost-guardian` check (overage billing surprise); committing `voice_id` values into git when they reference private/cloned voices (storage convention — see `domain-has-secrets.md`); re-designing the same voice per-scene instead of caching `voice_id`; skipping the 3-step flow with direct TTS on `generated_voice_id`.
--- a/_blocks/api-fal-ai.md
+++ b/_blocks/api-fal-ai.md
@ -27,8 +27,8 @@ Live pricing: WebFetch https://fal.ai/pricing before any batch >$2. Maintain you

 **Webhook vs poll:** webhooks need a public HTTPS URL (tunnel with ngrok/CF for local). Poll is fine for <30-min batches.

-**Cost discipline:** 1-2 smoke samples before fanning out to ≥5 generations. Full-site budget template: 20 icons + 5 hero + 10 bg + 35 bg-removal + 35 upscale × 2 iterations ≈ $4-8. Hand off to `cost-guardian` on any batch >$5.
+**Cost discipline:** 1-2 smoke samples before fanning out to ≥5 generations. Full-site budget template: 20 icons + 5 hero + 10 bg + 35 bg-removal + 35 upscale × 2 iterations ≈ $4-8. Hand off to `kei-cost-guardian` on any batch >$5.

 **API key:** `FAL_KEY` in `<repo>/.env`. Never in chat, source, curl examples, or git (see `domain-has-secrets.md`).

-**Forbidden:** adding `guidance_scale` to FLUX.2 Pro; Kling O3 prompts >2500 chars; launching any batch without cost-guardian handoff; quoting prices from memory for session total >$2 (re-verify via WebFetch); FLUX.2 Pro for plain backgrounds when FLUX.1 Dev does the job (pick cheapest-that-matches-brief); hard-coding `FAL_KEY` in source.
+**Forbidden:** adding `guidance_scale` to FLUX.2 Pro; Kling O3 prompts >2500 chars; launching any batch without kei-cost-guardian handoff; quoting prices from memory for session total >$2 (re-verify via WebFetch); FLUX.2 Pro for plain backgrounds when FLUX.1 Dev does the job (pick cheapest-that-matches-brief); hard-coding `FAL_KEY` in source.
--- a/_blocks/domain-paid-apis.md
+++ b/_blocks/domain-paid-apis.md
@ -2,7 +2,7 @@

 A real cost-overrun incident (a job estimated in tens of dollars that actually ran into triple digits on a GPU provider) motivates every rule below.

-**MANDATORY pre-launch handoff to `cost-guardian` before ANY paid run:**
+**MANDATORY pre-launch handoff to `kei-cost-guardian` before ANY paid run:**
 1. Dashboard balance — state the current number, not "I think it's roughly".
 2. Pricing page — fetch LIVE (WebFetch), not from memory. Rates change.
 3. Running jobs — `modal app list` / provider dashboard → show user what's already billing.
@ -26,4 +26,4 @@ A real cost-overrun incident (a job estimated in tens of dollars that actually r
 - Fal.ai Flux / Kling / others — per image or per video, varies by model
 - Modal A10G ~$1.10/hr · H100 ~$4.50/hr · B200 ~$8/hr

-**Forbidden:** launching without dashboard check; guessing prices; parallel variants without single-variant verify; skipping cost-guardian handoff; running paid compute without logging actuals to `memory/{project}.md` after.
+**Forbidden:** launching without dashboard check; guessing prices; parallel variants without single-variant verify; skipping kei-cost-guardian handoff; running paid compute without logging actuals to `memory/{project}.md` after.
--- a/_blocks/scraper-paid-tier.md
+++ b/_blocks/scraper-paid-tier.md
@ -1,6 +1,6 @@
 # DOMAIN — Scrapers Tier 3 (Apify / Bright Data paid)

-**MANDATORY handoff to `cost-guardian` before ANY paid scraping run.** Tier 3 = fallback, not default. Prove Tier 1 insufficient first.
+**MANDATORY handoff to `kei-cost-guardian` before ANY paid scraping run.** Tier 3 = fallback, not default. Prove Tier 1 insufficient first.

 **Known rates (verify on provider pricing page before launch — rates change):**
 - **Apify YouTube** `apidojo/youtube-scraper` — $0.50/1K (free API v3 preferred when quota allows)
@ -11,7 +11,7 @@
 - **Apify Telegram** — $1-3/1K, **DON'T USE** — Telethon (Tier 1, FREE) gives 100% functionality
 - **Bright Data residential proxies** — ~$7-8/GB (Apify residential add-on same tier)

-**Pre-run checklist (hand off to `cost-guardian`):**
+**Pre-run checklist (hand off to `kei-cost-guardian`):**
 1. Dashboard balance — state current Apify credits / Bright Data balance.
 2. Pricing page fetched LIVE (WebFetch) — quote rate + timestamp.
 3. Running actors — Apify dashboard: show what's already billing.
@ -28,4 +28,4 @@
 **Cost tiers (inherit from `domain-paid-apis`):**
 - < $5 AUTO · $5-$20 WARN · > $20 STOP + explicit user "yes, launch $N.NN" echo.

-**Forbidden:** launching LinkedIn paid scrape without legal-review sign-off in `DECISIONS.md`; cookie-based LinkedIn actors with user's main account (`curious_coder/*` bans accounts); residential proxies on EU individual profiles without DPO approval; batch >100 items without `cost-guardian` estimate; skipping 1-2 item smoke run (failed actor config × N items = N billings); running paid scraper when Tier 1 (YouTube API v3, Telethon, GitHub GraphQL) covers the data; hardcoding Apify tokens in source (use `secrets/*.env`).
+**Forbidden:** launching LinkedIn paid scrape without legal-review sign-off in `DECISIONS.md`; cookie-based LinkedIn actors with user's main account (`curious_coder/*` bans accounts); residential proxies on EU individual profiles without DPO approval; batch >100 items without `kei-cost-guardian` estimate; skipping 1-2 item smoke run (failed actor config × N items = N billings); running paid scraper when Tier 1 (YouTube API v3, Telethon, GitHub GraphQL) covers the data; hardcoding Apify tokens in source (use `secrets/*.env`).