# RetrieX Patch 12 - Developer Policies after YAML-only Migration

This patch does not continue the YAML-only migration and does not enable strict validation.

Patch 1 through 11.0a are treated as the completed YAML-only migration baseline. Patch 12 documents the developer rules that must be followed from now on to prevent regressions and new PHP-only configuration drift.

## Scope

Changed files:

- `DEVELOPER_POLICIES.md`
- `README.md`
- `COMMAND_REF.md`

## What changed

### Developer policies

Added a binding policy document with rules for:

- YAML as source of truth
- no new PHP-only defaults
- no hardcoded semantic lists in core code
- fallback restrictions
- mandatory pre-merge checks
- protected regression baseline
- deferred strict validation
- PR checklist

### README

The README now points developers to `DEVELOPER_POLICIES.md` and lists the config-governance commands together with the other important commands.

The previously open final bash code block in the README was also closed while appending the policy section.

### Command reference

`COMMAND_REF.md` now includes the existing config/governance commands:

- `mto:agent:config:validate`
- `mto:agent:config:audit-source`
- `mto:agent:config:dump-effective`
- `mto:agent:regression:test`

## Intentional non-changes

No PHP runtime behavior was changed.
No retrieval, prompt, shop, agent, SSE, audit or validation logic was changed.
Strict YAML validation remains deferred and disabled.

## Recommended validation

```bash
php bin/console cache:clear
php bin/console mto:agent:config:validate
php bin/console mto:agent:config:audit-source --details
php bin/console mto:agent:regression:test
```

In this ZIP work environment, `vendor/` is not included, so Symfony console commands may need to be run in the real project checkout after dependencies are installed.