From b0b984cb55ea12617fb3fb31e8d51446b20d7b96 Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Thu, 28 Aug 2025 11:29:44 +0000
Subject: [PATCH 1/6] =?UTF-8?q?chore(wallet):=20nettoyage=20fichiers=20tem?=
 =?UTF-8?q?plate=20et=20pr=C3=A9-commit=20via=204NK=5Ftemplate?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .cursor/.cursorignore                         |  11 +
 .cursor/rules/05-template-governance.mdc      |  17 ++
 .cursor/rules/98-explain-complex-commands     |   5 +
 .cursor/rules/99-lint-markdow.mdc             |   9 +
 .markdownlint.json                            |  14 +
 SECURITY.md                                   | 257 ++++++++++++++++++
 TEMPLATE_VERSION                              |   1 +
 docs/DEPLOYMENT.md                            |   2 +
 docs/INDEX.md                                 |   1 +
 docs/templates/API.md                         |   8 +
 docs/templates/ARCHITECTURE.md                |   8 +
 docs/templates/CONFIGURATION.md               |   6 +
 docs/templates/INDEX.md                       |  12 +
 docs/templates/OPEN_SOURCE_CHECKLIST.md       |   7 +
 docs/templates/README.md                      |  29 ++
 docs/templates/RELEASE_PLAN.md                |   7 +
 docs/templates/SECURITY_AUDIT.md              |   7 +
 docs/templates/TESTING.md                     |   6 +
 docs/templates/USAGE.md                       |   7 +
 scripts/agents/ai_prompt.sh                   |  53 ++++
 scripts/agents/common.sh                      |  19 ++
 scripts/agents/compilation_agent.sh           |  32 +++
 scripts/agents/dependances_agent.sh           |  31 +++
 scripts/agents/deployment_agent.sh            |  33 +++
 scripts/agents/derogations_locales_agent.sh   |  26 ++
 scripts/agents/documentation_agent.sh         |  52 ++++
 .../agents/documents_bureautiques_agent.sh    |  29 ++
 scripts/agents/donnees_csv_agent.sh           |  28 ++
 scripts/agents/fondation_agent.sh             |  28 ++
 scripts/agents/frontend_agent.sh              |  26 ++
 scripts/agents/gitea_agent.sh                 |  36 +++
 scripts/agents/lang_detect.sh                 |  41 +++
 scripts/agents/open_source_agent.sh           |  36 +++
 scripts/agents/performance_agent.sh           |  26 ++
 scripts/agents/qualite_formelle.sh            |  39 +++
 scripts/agents/quality_tech.sh                |  95 +++++++
 scripts/agents/resolution_agent.sh            |  26 ++
 scripts/agents/run.sh                         |  94 +++++++
 scripts/agents/runner_agent.sh                |  31 +++
 scripts/agents/security_agent.sh              |  37 +++
 scripts/agents/ssh_scripts_agent.sh           |  43 +++
 scripts/agents/structure_agent.sh             |  37 +++
 scripts/agents/sync_template_agent.sh         |  32 +++
 scripts/agents/tests_agent.sh                 |  50 ++++
 scripts/agents/versionnage_agent.sh           |  32 +++
 scripts/build-ihm.ps1                         |  15 -
 scripts/checks/version_alignment.sh           |   0
 scripts/copy-ihm-dist.ps1                     |  22 --
 scripts/deploy/setup.sh                       | 145 ++++++++++
 scripts/dev/run_container.sh                  |  15 +
 scripts/dev/run_project_ci.sh                 |  14 +
 scripts/env/ensure_env.sh                     |  42 +++
 scripts/local/precommit.sh                    |  18 ++
 scripts/release/guard.sh                      |   0
 scripts/scripts/auto-ssh-push.sh              |   0
 scripts/scripts/init-ssh-env.sh               |   0
 scripts/scripts/setup-ssh-ci.sh               |   0
 scripts/security/audit.sh                     |   0
 scripts/utils/check_md024.ps1                 |  47 ++++
 tests/reports/agents/.after_status.txt        |   0
 tests/reports/agents/.before_status.txt       |   0
 tests/reports/agents/changes_applied.md       |   9 +
 tests/reports/agents/compilation_agent.md     |   3 +
 tests/reports/agents/dependances_agent.md     |   4 +
 tests/reports/agents/deployment_agent.md      |   4 +
 .../agents/derogations_locales_agent.md       |   3 +
 tests/reports/agents/documentation_agent.md   |   4 +
 .../agents/documents_bureautiques_agent.md    |   3 +
 tests/reports/agents/donnees_csv_agent.md     |   3 +
 tests/reports/agents/fondation_agent.md       |   3 +
 tests/reports/agents/frontend_agent.md        |   2 +
 tests/reports/agents/gitea_agent.md           |   3 +
 tests/reports/agents/open_source_agent.md     |   4 +
 tests/reports/agents/performance_agent.md     |   3 +
 tests/reports/agents/qualite_formelle.md      |   4 +
 tests/reports/agents/quality_tech.md          |   6 +
 tests/reports/agents/resolution_agent.md      |   3 +
 tests/reports/agents/runner_agent.md          |   3 +
 tests/reports/agents/security_agent.md        |  10 +
 tests/reports/agents/ssh_scripts_agent.md     |   5 +
 tests/reports/agents/structure_agent.md       |   3 +
 tests/reports/agents/sync_template_agent.md   |   4 +
 tests/reports/agents/tests_agent.md           |   5 +
 tests/reports/agents/versionnage_agent.md     |   3 +
 84 files changed, 1801 insertions(+), 37 deletions(-)
 create mode 100644 .cursor/.cursorignore
 create mode 100644 .cursor/rules/05-template-governance.mdc
 create mode 100644 .cursor/rules/98-explain-complex-commands
 create mode 100644 .cursor/rules/99-lint-markdow.mdc
 create mode 100644 .markdownlint.json
 create mode 100644 SECURITY.md
 create mode 100644 TEMPLATE_VERSION
 create mode 100644 docs/DEPLOYMENT.md
 create mode 100644 docs/templates/API.md
 create mode 100644 docs/templates/ARCHITECTURE.md
 create mode 100644 docs/templates/CONFIGURATION.md
 create mode 100644 docs/templates/INDEX.md
 create mode 100644 docs/templates/OPEN_SOURCE_CHECKLIST.md
 create mode 100644 docs/templates/README.md
 create mode 100644 docs/templates/RELEASE_PLAN.md
 create mode 100644 docs/templates/SECURITY_AUDIT.md
 create mode 100644 docs/templates/TESTING.md
 create mode 100644 docs/templates/USAGE.md
 create mode 100755 scripts/agents/ai_prompt.sh
 create mode 100755 scripts/agents/common.sh
 create mode 100755 scripts/agents/compilation_agent.sh
 create mode 100755 scripts/agents/dependances_agent.sh
 create mode 100755 scripts/agents/deployment_agent.sh
 create mode 100755 scripts/agents/derogations_locales_agent.sh
 create mode 100755 scripts/agents/documentation_agent.sh
 create mode 100755 scripts/agents/documents_bureautiques_agent.sh
 create mode 100755 scripts/agents/donnees_csv_agent.sh
 create mode 100755 scripts/agents/fondation_agent.sh
 create mode 100755 scripts/agents/frontend_agent.sh
 create mode 100755 scripts/agents/gitea_agent.sh
 create mode 100755 scripts/agents/lang_detect.sh
 create mode 100755 scripts/agents/open_source_agent.sh
 create mode 100755 scripts/agents/performance_agent.sh
 create mode 100755 scripts/agents/qualite_formelle.sh
 create mode 100755 scripts/agents/quality_tech.sh
 create mode 100755 scripts/agents/resolution_agent.sh
 create mode 100755 scripts/agents/run.sh
 create mode 100755 scripts/agents/runner_agent.sh
 create mode 100755 scripts/agents/security_agent.sh
 create mode 100755 scripts/agents/ssh_scripts_agent.sh
 create mode 100755 scripts/agents/structure_agent.sh
 create mode 100755 scripts/agents/sync_template_agent.sh
 create mode 100755 scripts/agents/tests_agent.sh
 create mode 100755 scripts/agents/versionnage_agent.sh
 delete mode 100644 scripts/build-ihm.ps1
 mode change 100644 => 100755 scripts/checks/version_alignment.sh
 delete mode 100644 scripts/copy-ihm-dist.ps1
 create mode 100755 scripts/deploy/setup.sh
 create mode 100755 scripts/dev/run_container.sh
 create mode 100755 scripts/dev/run_project_ci.sh
 create mode 100755 scripts/env/ensure_env.sh
 create mode 100755 scripts/local/precommit.sh
 mode change 100644 => 100755 scripts/release/guard.sh
 mode change 100644 => 100755 scripts/scripts/auto-ssh-push.sh
 mode change 100644 => 100755 scripts/scripts/init-ssh-env.sh
 mode change 100644 => 100755 scripts/scripts/setup-ssh-ci.sh
 mode change 100644 => 100755 scripts/security/audit.sh
 create mode 100644 scripts/utils/check_md024.ps1
 create mode 100644 tests/reports/agents/.after_status.txt
 create mode 100644 tests/reports/agents/.before_status.txt
 create mode 100644 tests/reports/agents/changes_applied.md
 create mode 100644 tests/reports/agents/compilation_agent.md
 create mode 100644 tests/reports/agents/dependances_agent.md
 create mode 100644 tests/reports/agents/deployment_agent.md
 create mode 100644 tests/reports/agents/derogations_locales_agent.md
 create mode 100644 tests/reports/agents/documentation_agent.md
 create mode 100644 tests/reports/agents/documents_bureautiques_agent.md
 create mode 100644 tests/reports/agents/donnees_csv_agent.md
 create mode 100644 tests/reports/agents/fondation_agent.md
 create mode 100644 tests/reports/agents/frontend_agent.md
 create mode 100644 tests/reports/agents/gitea_agent.md
 create mode 100644 tests/reports/agents/open_source_agent.md
 create mode 100644 tests/reports/agents/performance_agent.md
 create mode 100644 tests/reports/agents/qualite_formelle.md
 create mode 100644 tests/reports/agents/quality_tech.md
 create mode 100644 tests/reports/agents/resolution_agent.md
 create mode 100644 tests/reports/agents/runner_agent.md
 create mode 100644 tests/reports/agents/security_agent.md
 create mode 100644 tests/reports/agents/ssh_scripts_agent.md
 create mode 100644 tests/reports/agents/structure_agent.md
 create mode 100644 tests/reports/agents/sync_template_agent.md
 create mode 100644 tests/reports/agents/tests_agent.md
 create mode 100644 tests/reports/agents/versionnage_agent.md

diff --git a/.cursor/.cursorignore b/.cursor/.cursorignore
new file mode 100644
index 0000000..6d5821d
--- /dev/null
+++ b/.cursor/.cursorignore
@@ -0,0 +1,11 @@
+# Ignorer les sorties volumineuses ou non pertinentes pour le contexte IA
+archive/**
+tests/logs/**
+tests/reports/**
+node_modules/**
+dist/**
+build/**
+.tmp/**
+.cache/**#
+.env
+.env.*
\ No newline at end of file
diff --git a/.cursor/rules/05-template-governance.mdc b/.cursor/rules/05-template-governance.mdc
new file mode 100644
index 0000000..72a0a64
--- /dev/null
+++ b/.cursor/rules/05-template-governance.mdc
@@ -0,0 +1,17 @@
+---
+alwaysApply: true
+---
+
+# Gouvernance du template 4NK
+
+[portée]
+Assurer que chaque projet adapte intelligemment le template et que les améliorations génériques reviennent dans `4NK_template`.
+
+[directives]
+- Conserver `security-audit` et `release-guard` dans tous projets.
+- Adapter la CI, les docs et `AGENTS.md` au contexte local.
+- En cas d'amélioration générique : ouvrir une issue "Template Feedback", prototyper, valider CI, mettre à jour `CHANGELOG.md`/`TEMPLATE_VERSION`.
+
+[validation]
+- Refuser un push/tag si l'adaptation a retiré les vérifications minimales (sécurité, tests, build, version/changelog/tag).
+- Exiger une documentation claire dans `docs/TEMPLATE_ADAPTATION.md` et `docs/TEMPLATE_FEEDBACK.md`.
\ No newline at end of file
diff --git a/.cursor/rules/98-explain-complex-commands b/.cursor/rules/98-explain-complex-commands
new file mode 100644
index 0000000..610e6ca
--- /dev/null
+++ b/.cursor/rules/98-explain-complex-commands
@@ -0,0 +1,5 @@
+---
+alwaysApply: true
+---
+
+quand tu fais une commande ou un requète complexe, explique là avant de la lancer
\ No newline at end of file
diff --git a/.cursor/rules/99-lint-markdow.mdc b/.cursor/rules/99-lint-markdow.mdc
new file mode 100644
index 0000000..6924c29
--- /dev/null
+++ b/.cursor/rules/99-lint-markdow.mdc
@@ -0,0 +1,9 @@
+---
+description:
+globs:
+alwaysApply: true
+---
+
+# Lint
+
+respecter strictement les règles de lint du markdown
diff --git a/.markdownlint.json b/.markdownlint.json
new file mode 100644
index 0000000..56e5c35
--- /dev/null
+++ b/.markdownlint.json
@@ -0,0 +1,14 @@
+{
+  "MD013": {
+    "line_length": 200,
+    "code_blocks": false,
+    "tables": false,
+    "headings": false
+  },
+  "MD007": {
+    "indent": 2
+  },
+  "MD024": {
+    "siblings_only": true
+  }
+}
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..8b07453
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,257 @@
+# Politique de Sécurité - 4NK Node
+
+## 🛡️ Signalement de Vulnérabilités
+
+Nous prenons la sécurité très au sérieux. Si vous découvrez une vulnérabilité de sécurité, nous vous demandons de la signaler de manière responsable.
+
+### Comment Signaler une Vulnérabilité
+
+**NE PAS** créer d'issue publique pour les vulnérabilités de sécurité.
+
+#### À la place
+
+1. Envoyez un email à [security@4nkweb.com](mailto:security@4nkweb.com)
+2. Incluez "SECURITY VULNERABILITY" dans l'objet
+3. Décrivez la vulnérabilité de manière détaillée
+4. Incluez les étapes pour reproduire le problème
+5. Proposez une solution si possible
+
+### Ce que nous attendons
+
+- **Confidentialité** : Ne divulguez pas la vulnérabilité publiquement
+- **Détails** : Fournissez suffisamment d'informations pour reproduire le problème
+- **Patience** : Nous examinerons et répondrons dans les 48h
+- **Coopération** : Nous pouvons avoir besoin de clarifications
+
+### Ce que vous pouvez attendre
+
+- **Réponse rapide** : Accusé de réception dans les 48h
+- **Évaluation** : Analyse de la vulnérabilité
+- **Mise à jour** : Statut de la correction
+- **Reconnaissance** : Mention dans les remerciements (si souhaité)
+
+## 🔒 Bonnes Pratiques de Sécurité
+
+### Pour les Contributeurs
+
+#### Code
+
+- Validez toutes les entrées utilisateur
+- Utilisez des requêtes préparées pour les bases de données
+- Évitez les injections de code
+- Implémentez l'authentification appropriée
+- Utilisez HTTPS pour toutes les communications
+
+#### Configuration
+
+- Ne committez jamais de secrets
+- Utilisez des variables d'environnement pour les données sensibles
+- Vérifiez les permissions des fichiers
+- Maintenez les dépendances à jour
+
+#### Tests
+
+- Incluez des tests de sécurité
+- Testez les cas limites
+- Validez les entrées malveillantes
+- Vérifiez les fuites de mémoire
+
+### Pour les Utilisateurs
+
+#### Installation
+
+- Utilisez des sources officielles
+- Vérifiez les checksums
+- Maintenez le système à jour
+- Utilisez un pare-feu
+
+#### Configuration
+
+- Changez les mots de passe par défaut
+- Utilisez des clés SSH fortes
+- Limitez l'accès réseau
+- Surveillez les logs
+
+#### Opération
+
+- Surveillez les connexions
+- Sauvegardez régulièrement
+- Testez les sauvegardes
+- Documentez les incidents
+
+## 🔍 Audit de Sécurité
+
+### Composants Principaux
+
+#### Bitcoin Core
+
+- **RPC Interface** : Authentification requise
+- **ZMQ** : Communication locale uniquement
+- **P2P** : Validation des blocs
+- **Wallet** : Chiffrement des clés
+
+#### Blindbit
+
+- **API HTTP** : Validation des entrées
+- **Filtres** : Vérification des signatures
+- **Cache** : Protection contre les attaques DoS
+- **Logs** : Pas d'informations sensibles
+
+#### SDK Relay
+
+- **WebSocket** : Validation des messages
+- **Synchronisation** : Authentification des pairs
+- **Cache** : Protection contre les attaques
+- **Configuration** : Validation des paramètres
+
+#### Tor
+
+- **Proxy** : Configuration sécurisée
+- **Contrôle** : Accès restreint
+- **Logs** : Anonymisation
+- **Mise à jour** : Versions récentes
+
+### Tests de Sécurité
+
+#### Tests Automatisés
+
+```bash
+# Tests de sécurité
+./tests/run_security_tests.sh
+
+# Vérification des vulnérabilités
+./tests/check_vulnerabilities.sh
+
+# Audit des dépendances
+./tests/audit_dependencies.sh
+```
+
+#### Tests Manuels
+
+- Tests de pénétration
+- Audit de code
+- Tests de configuration
+- Tests de performance sous charge
+
+## 🚨 Réponse aux Incidents
+
+### Procédure d'Urgence
+
+1. **Détection** : Identifier l'incident
+2. **Containment** : Limiter l'impact
+3. **Éradication** : Supprimer la cause
+4. **Récupération** : Restaurer les services
+5. **Post-mortem** : Analyser et améliorer
+
+### Communication
+
+- **Interne** : Équipe de sécurité
+- **Utilisateurs** : Notification appropriée
+- **Communauté** : Disclosure responsable
+- **Autorités** : Si nécessaire
+
+### Documentation
+
+- **Incident Report** : Détails de l'incident
+- **Timeline** : Chronologie des événements
+- **Actions** : Mesures prises
+- **Lessons Learned** : Améliorations
+
+## 📋 Checklist de Sécurité
+
+### Avant le Déploiement
+
+- [ ] Audit de code de sécurité
+- [ ] Tests de vulnérabilités
+- [ ] Vérification des dépendances
+- [ ] Configuration sécurisée
+- [ ] Tests de charge
+
+### Pendant l'Opération
+
+- [ ] Monitoring de sécurité
+- [ ] Surveillance des logs
+- [ ] Mise à jour des composants
+- [ ] Sauvegarde des données
+- [ ] Tests de récupération
+
+### Après un Incident
+
+- [ ] Analyse post-mortem
+- [ ] Mise à jour des procédures
+- [ ] Formation de l'équipe
+- [ ] Amélioration des outils
+- [ ] Communication à la communauté
+
+## 🔧 Outils de Sécurité
+
+### Monitoring
+
+- **Logs** : Centralisation et analyse
+- **Métriques** : Surveillance en temps réel
+- **Alertes** : Notification automatique
+- **Tableaux de bord** : Vue d'ensemble
+
+### Tests
+
+- **SAST** : Analyse statique
+- **DAST** : Tests dynamiques
+- **IAST** : Tests interactifs
+- **Fuzzing** : Tests de robustesse
+
+### Protection
+
+- **WAF** : Pare-feu applicatif
+- **IDS/IPS** : Détection d'intrusion
+- **Antivirus** : Protection des endpoints
+- **Chiffrement** : Protection des données
+
+## 📚 Ressources
+
+### Documentation
+
+- [Guide de Sécurité Bitcoin](https://bitcoin.org/en/security)
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
+- [CWE/SANS Top 25](https://cwe.mitre.org/top25/)
+- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
+
+### Outils
+
+- [Bandit](https://bandit.readthedocs.io/) - Analyse Python
+- [Clang Static Analyzer](https://clang-analyzer.llvm.org/) - Analyse C/C++
+- [SonarQube](https://www.sonarqube.org/) - Qualité du code
+- [OpenVAS](https://www.openvas.org/) - Scan de vulnérabilités
+
+### Formation
+
+- Cours de sécurité applicative
+- Formation aux tests de pénétration
+- Certification en cybersécurité
+- Participation à des CTF
+
+## 🤝 Collaboration
+
+### Bug Bounty
+
+- Programme de récompenses pour les vulnérabilités
+- Critères d'éligibilité
+- Montants des récompenses
+- Processus de validation
+
+### Responsible Disclosure
+
+- Timeline de divulgation
+- Coordination avec les chercheurs
+- Communication publique
+- Remerciements
+
+### Communauté
+
+- Groupe de sécurité
+- Discussions techniques
+- Partage d'informations
+- Collaboration avec d'autres projets
+
+---
+
+**La sécurité est une responsabilité partagée. Merci de contribuer à maintenir 4NK Node sécurisé !** 🔒
diff --git a/TEMPLATE_VERSION b/TEMPLATE_VERSION
new file mode 100644
index 0000000..264fc29
--- /dev/null
+++ b/TEMPLATE_VERSION
@@ -0,0 +1 @@
+v2025.08.5
\ No newline at end of file
diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
new file mode 100644
index 0000000..bd32249
--- /dev/null
+++ b/docs/DEPLOYMENT.md
@@ -0,0 +1,2 @@
+# Déploiement
+
diff --git a/docs/INDEX.md b/docs/INDEX.md
index 4acea77..1dd0060 100644
--- a/docs/INDEX.md
+++ b/docs/INDEX.md
@@ -4,3 +4,4 @@
 - Intégration iframe/WebView: `INTEGRATION.md`
 - Tests: `TESTING.md`
 - Notes de version: `../CHANGELOG.md`
+# Note de test\n\nAlignement template: pre-commit.
diff --git a/docs/templates/API.md b/docs/templates/API.md
new file mode 100644
index 0000000..431560f
--- /dev/null
+++ b/docs/templates/API.md
@@ -0,0 +1,8 @@
+# Référence API — Template
+
+- Vue d’ensemble
+- Authentification/permissions
+- Endpoints par domaine (schémas, invariants)
+- Codes d’erreur
+- Limites et quotas
+- Sécurité et conformité
diff --git a/docs/templates/ARCHITECTURE.md b/docs/templates/ARCHITECTURE.md
new file mode 100644
index 0000000..42b78b2
--- /dev/null
+++ b/docs/templates/ARCHITECTURE.md
@@ -0,0 +1,8 @@
+# Architecture — Template
+
+- Contexte et objectifs
+- Découpage en couches (UI, services, données)
+- Flux principaux
+- Observabilité
+- CI/CD
+- Contraintes et SLA
diff --git a/docs/templates/CONFIGURATION.md b/docs/templates/CONFIGURATION.md
new file mode 100644
index 0000000..3506069
--- /dev/null
+++ b/docs/templates/CONFIGURATION.md
@@ -0,0 +1,6 @@
+# Configuration — Template
+
+- Variables d’environnement (nom, type, défaut, portée)
+- Fichiers de configuration (format, validation)
+- Réseau et sécurité (ports, TLS, auth)
+- Observabilité (logs, métriques, traces)
diff --git a/docs/templates/INDEX.md b/docs/templates/INDEX.md
new file mode 100644
index 0000000..be566c0
--- /dev/null
+++ b/docs/templates/INDEX.md
@@ -0,0 +1,12 @@
+# Index — Templates de documentation (pour projets dérivés)
+
+Utilisez ces squelettes pour démarrer la documentation de votre projet.
+
+- API.md — squelette de référence API
+- ARCHITECTURE.md — squelette d’architecture
+- CONFIGURATION.md — squelette de configuration
+- USAGE.md — squelette d’usage
+- TESTING.md — squelette de stratégie de tests
+- SECURITY_AUDIT.md — squelette d’audit sécurité
+- RELEASE_PLAN.md — squelette de plan de release
+- OPEN_SOURCE_CHECKLIST.md — squelette de checklist open source
diff --git a/docs/templates/OPEN_SOURCE_CHECKLIST.md b/docs/templates/OPEN_SOURCE_CHECKLIST.md
new file mode 100644
index 0000000..8406e38
--- /dev/null
+++ b/docs/templates/OPEN_SOURCE_CHECKLIST.md
@@ -0,0 +1,7 @@
+# Checklist open source — Template
+
+- Gouvernance: LICENSE, CONTRIBUTING, CODE_OF_CONDUCT
+- CI/CD: workflows, tests, security-audit, release-guard
+- Documentation: README, INDEX, guides essentiels
+- Sécurité: secrets, permissions, audit
+- Publication: tag, changelog, release notes
diff --git a/docs/templates/README.md b/docs/templates/README.md
new file mode 100644
index 0000000..fe4d4bb
--- /dev/null
+++ b/docs/templates/README.md
@@ -0,0 +1,29 @@
+# README — Template de projet
+
+## Présentation
+
+Décrivez brièvement l’objectif du projet, son périmètre et ses utilisateurs cibles.
+
+## Démarrage rapide
+
+- Prérequis (langages/outils)
+- Étapes d’installation
+- Commandes de démarrage
+
+## Documentation
+
+- Index: `docs/INDEX.md`
+- Architecture: `docs/ARCHITECTURE.md`
+- Configuration: `docs/CONFIGURATION.md`
+- Tests: `docs/TESTING.md`
+- Sécurité: `docs/SECURITY_AUDIT.md`
+- Déploiement: `docs/DEPLOYMENT.md`
+
+## Contribution
+
+- GUIDE: `CONTRIBUTING.md`, `CODE_OF_CONDUCT.md`
+- Processus de PR et revues
+
+## Licence
+
+- Indiquez la licence choisie (MIT/Apache-2.0/GPL)
diff --git a/docs/templates/RELEASE_PLAN.md b/docs/templates/RELEASE_PLAN.md
new file mode 100644
index 0000000..ab912bf
--- /dev/null
+++ b/docs/templates/RELEASE_PLAN.md
@@ -0,0 +1,7 @@
+# Plan de release — Template
+
+- Vue d’ensemble, objectifs, date cible
+- Préparation (docs/CI/tests/sécurité)
+- Communication (annonces, canaux)
+- Lancement (checklist, tagging)
+- Post‑lancement (support, retours)
diff --git a/docs/templates/SECURITY_AUDIT.md b/docs/templates/SECURITY_AUDIT.md
new file mode 100644
index 0000000..3876d6a
--- /dev/null
+++ b/docs/templates/SECURITY_AUDIT.md
@@ -0,0 +1,7 @@
+# Audit de sécurité — Template
+
+- Menaces et surfaces d’attaque
+- Contrôles préventifs et détectifs
+- Gestion des secrets
+- Politique de dépendances
+- Vérifications CI (security-audit)
diff --git a/docs/templates/TESTING.md b/docs/templates/TESTING.md
new file mode 100644
index 0000000..81a4b51
--- /dev/null
+++ b/docs/templates/TESTING.md
@@ -0,0 +1,6 @@
+# Tests — Template
+
+- Pyramide: unit, integration, connectivity, external, performance
+- Structure des répertoires
+- Exécution et rapports
+- Intégration CI
diff --git a/docs/templates/USAGE.md b/docs/templates/USAGE.md
new file mode 100644
index 0000000..8cad2e9
--- /dev/null
+++ b/docs/templates/USAGE.md
@@ -0,0 +1,7 @@
+# Usage — Template
+
+- Démarrage quotidien
+- Opérations courantes
+- Tests (référence vers TESTING.md)
+- Sécurité (référence vers SECURITY_AUDIT.md)
+- Déploiement (référence vers DEPLOYMENT.md)
diff --git a/scripts/agents/ai_prompt.sh b/scripts/agents/ai_prompt.sh
new file mode 100755
index 0000000..f84d462
--- /dev/null
+++ b/scripts/agents/ai_prompt.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Utilitaire générique pour appeler l'API OpenAI Chat Completions.
+# Prérequis: variable d'environnement OPENAI_API_KEY et curl.
+
+# Chargement env utilisateur (~/.4nk_template/.env) pour exécutions locales/CI docke
+"$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/env/ensure_env.sh" || true
+if [[ -f "${HOME}/.4nk_template/.env" ]]; then
+  set -a
+  . "${HOME}/.4nk_template/.env"
+  set +a
+fi
+
+for bin in curl jq; do
+  if ! command -v "$bin" >/dev/null 2>&1; then
+    echo "$bin manquant. Installez $bin." >&2
+    exit 2
+  fi
+done
+
+MODEL="${OPENAI_MODEL}"
+API_BASE="${OPENAI_API_BASE:-https://api.openai.com/v1}"
+TEMPERATURE="${OPENAI_TEMPERATURE:-0.2}"
+
+read -r -d '' SYSTEM_PROMPT <<'SYS'
+Tu es un agent de conformité pour le template 4NK. Réponds en français, sans exemples d'application. Produit des listes d'actions, des risques et des recommandations courtes. Respecte la typographie française.
+SYS
+
+PROMPT="${1:-}"
+if [[ -z "${PROMPT}" ]]; then
+  echo "Usage: $0 'message utilisateur'" >&2
+  exit 2
+fi
+
+if [[ -z "${OPENAI_API_KEY:-}" ]]; then
+  echo "OPENAI_API_KEY non défini; exécution sans IA (noop)." >&2
+  # No-op mode: renvoyer le prompt pour traçabilité
+  echo "[NO-AI] ${PROMPT}"
+  exit 0
+fi
+
+payload=$(jq -n \
+  --arg model "$MODEL" \
+  --arg system "$SYSTEM_PROMPT" \
+  --arg user "$PROMPT" \
+  --arg temperature "$TEMPERATURE" \
+  '{model: $model, temperature: ($temperature|tonumber? // 0.2), messages: [ {role:"system", content:$system}, {role:"user", content:$user} ] }')
+
+curl -sS -X POST "${API_BASE}/chat/completions" \
+  -H "Authorization: Bearer ${OPENAI_API_KEY}" \
+  -H "Content-Type: application/json" \
+  -d "$payload" | jq -r '.choices[0].message.content // ""'
diff --git a/scripts/agents/common.sh b/scripts/agents/common.sh
new file mode 100755
index 0000000..e918815
--- /dev/null
+++ b/scripts/agents/common.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Portée des contrôles: all (défaut) ou changed
+export SCOPE="${SCOPE:-all}"
+
+list_changed_paths() {
+  # Renvoie la liste des chemins modifiés (HEAD~1..HEAD), ou vide si non dispo
+  git diff --name-only HEAD~1..HEAD 2>/dev/null || true
+}
+
+is_path_changed() {
+  local path="$1"
+  if [[ "$SCOPE" != "changed" ]]; then return 0; fi
+  local changed
+  changed=$(list_changed_paths)
+  if [[ -z "$changed" ]]; then return 0; fi
+  grep -q "^${path%/}\(/\|$\)" <<<"$changed" && return 0 || return 1
+}
diff --git a/scripts/agents/compilation_agent.sh b/scripts/agents/compilation_agent.sh
new file mode 100755
index 0000000..65f005c
--- /dev/null
+++ b/scripts/agents/compilation_agent.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/compilation_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Compilation" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(.gitea/workflows/ci.yml)
+  any=0; for p in "${relevant[@]}"; do if is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement compilation CI (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+if grep -q "cargo" .gitea/workflows/ci.yml 2>/dev/null; then
+  echo "- Étapes de build/format/clippy Rust détectées dans la CI." >> "$SUMMARY_FILE"
+else
+  echo "- Étapes de compilation non détectées dans la CI (à ajouter si nécessaire)." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Précise une cadence de compilation (avant refactor/push, après update deps) et les conditions de blocage si erreurs.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/dependances_agent.sh b/scripts/agents/dependances_agent.sh
new file mode 100755
index 0000000..65786c4
--- /dev/null
+++ b/scripts/agents/dependances_agent.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/dependances_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Dépendances" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+echo "- Vérifier régulièrement les dépendances (audit sécurité, mises à jour stables)." >> "$SUMMARY_FILE"
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(package.json package-lock.json pnpm-lock.yaml yarn.lock requirements.txt pyproject.toml Cargo.toml go.mod .gitea/workflows/ci.yml)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement dépendances/CI (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+if grep -q "security-audit" .gitea/workflows/ci.yml 2>/dev/null; then
+  echo "- Job CI security-audit détecté." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Établis une politique de dépendances: ajout automatique si justifié, vérification des dernières versions stables, documentation des impacts (ARCHITECTURE, CONFIGURATION, CHANGELOG), et rollback.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/deployment_agent.sh b/scripts/agents/deployment_agent.sh
new file mode 100755
index 0000000..623d19b
--- /dev/null
+++ b/scripts/agents/deployment_agent.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/deployment_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Déploiement" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(docs/DEPLOYMENT.md docs/RELEASE_PLAN.md .gitea/workflows/ci.yml)
+  any=0; for p in "${relevant[@]}"; do if is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+echo "## Résultats locaux" >> "$SUMMARY_FILE"
+ok=1
+for f in docs/DEPLOYMENT.md docs/RELEASE_PLAN.md .gitea/workflows/ci.yml; do
+  if [[ ! -e "$f" ]]; then echo "- Manquant: $f" >> "$SUMMARY_FILE"; ok=0; fi
+done
+if [[ $ok -eq 1 ]]; then echo "- Pré‑requis documentaires présents." >> "$SUMMARY_FILE"; fi
+
+PROMPT=$(cat <<'EOF'
+Établis une checklist de déploiement minimale (pré‑checks, variables, smoke tests, rollback, post‑deploy) adaptée à un template CI Gitea.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/derogations_locales_agent.sh b/scripts/agents/derogations_locales_agent.sh
new file mode 100755
index 0000000..83e232c
--- /dev/null
+++ b/scripts/agents/derogations_locales_agent.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/derogations_locales_agent.md"
+
+echo "# Agent Dérogations locales" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ -f LOCAL_OVERRIDES.yml || -f .gitea/workflows/LOCAL_OVERRIDES.yml ]]; then
+  echo "- Fichier de dérogations locales détecté." >> "$SUMMARY_FILE"
+else
+  echo "- Aucun fichier de dérogations locales détecté." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Définis un format pour enregistrer les dérogations (path, raison, propriétaire, échéance), tolérance CI, et revue périodique.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/documentation_agent.sh b/scripts/agents/documentation_agent.sh
new file mode 100755
index 0000000..efbe5c5
--- /dev/null
+++ b/scripts/agents/documentation_agent.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/documentation_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Documentation" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+required=(docs/INDEX.md docs/ARCHITECTURE.md docs/TESTING.md docs/SECURITY_AUDIT.md docs/DEPLOYMENT.md)
+missing=()
+for f in "${required[@]}"; do [[ -f "$f" ]] || missing+=("$f"); done
+
+echo "## Résultats locaux" >> "$SUMMARY_FILE"
+if ((${#missing[@]}==0)); then
+  echo "- Documentation essentielle présente." >> "$SUMMARY_FILE"
+else
+  echo "- Fichiers manquants:" >> "$SUMMARY_FILE"
+  for m in "${missing[@]}"; do echo "  - $m" >> "$SUMMARY_FILE"; done
+  if [[ "${AUTO_FIX:-0}" == "1" ]]; then
+    echo >> "$SUMMARY_FILE"
+    echo "## Auto‑corrections" >> "$SUMMARY_FILE"
+    for m in "${missing[@]}"; do
+      case "$m" in
+        docs/INDEX.md)
+          mkdir -p docs && printf "# Index\n\n" > "$m" && echo "- Créé squelette: $m" >> "$SUMMARY_FILE" ;;
+        docs/ARCHITECTURE.md)
+          mkdir -p docs && printf "# Architecture\n\n" > "$m" && echo "- Créé squelette: $m" >> "$SUMMARY_FILE" ;;
+        docs/TESTING.md)
+          mkdir -p docs && printf "# Tests\n\n" > "$m" && echo "- Créé squelette: $m" >> "$SUMMARY_FILE" ;;
+        docs/SECURITY_AUDIT.md)
+          mkdir -p docs && printf "# Security Audit\n\n" > "$m" && echo "- Créé squelette: $m" >> "$SUMMARY_FILE" ;;
+        docs/DEPLOYMENT.md)
+          mkdir -p docs && printf "# Déploiement\n\n" > "$m" && echo "- Créé squelette: $m" >> "$SUMMARY_FILE" ;;
+        *) : ;;
+      esac
+    done
+  fi
+fi
+
+PROMPT=$(cat <<'EOF'
+Élabore une liste courte d’améliorations documentation (INDEX à jour, traçabilité changes ↔ CHANGELOG, sections sécurité/tests/déploiement).
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/documents_bureautiques_agent.sh b/scripts/agents/documents_bureautiques_agent.sh
new file mode 100755
index 0000000..f6fc469
--- /dev/null
+++ b/scripts/agents/documents_bureautiques_agent.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/documents_bureautiques_agent.md"
+
+echo "# Agent Documents bureautiques" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+docsx=$(git ls-files '*.docx' 2>/dev/null || true)
+if [[ -z "$docsx" ]]; then
+  echo "- Aucun fichier .docx détecté." >> "$SUMMARY_FILE"
+else
+  echo "- .docx détectés:" >> "$SUMMARY_FILE"
+  echo "$docsx" | sed 's/^/  - /' >> "$SUMMARY_FILE"
+  echo "- Utiliser docx2txt pour extraction et documenter dans docs/INDEX.md" >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Décris une procédure standard de traitement des .docx (docx2txt, import, traçabilité dans docs/INDEX.md) et les risques à éviter.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/donnees_csv_agent.sh b/scripts/agents/donnees_csv_agent.sh
new file mode 100755
index 0000000..9467409
--- /dev/null
+++ b/scripts/agents/donnees_csv_agent.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/donnees_csv_agent.md"
+
+echo "# Agent Données CSV" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+csvs=$(git ls-files '*.csv' 2>/dev/null || true)
+if [[ -z "$csvs" ]]; then
+  echo "- Aucun CSV détecté dans le dépôt." >> "$SUMMARY_FILE"
+else
+  echo "- CSV détectés:" >> "$SUMMARY_FILE"
+  echo "$csvs" | sed 's/^/  - /' >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+À partir des CSV présents (en‑têtes multi‑lignes possibles), propose une méthode pour définir toutes les colonnes, types et validations, et pointer vers les docs à mettre à jour (API, ARCHITECTURE, USAGE).
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/fondation_agent.sh b/scripts/agents/fondation_agent.sh
new file mode 100755
index 0000000..ab8b5f2
--- /dev/null
+++ b/scripts/agents/fondation_agent.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/fondation_agent.md"
+
+echo "# Agent Fondation" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+issues=0
+# Vérification basique: fichiers de gouvernance présents
+pushd "$TARGET_DIR" >/dev/null
+for f in README.md CODE_OF_CONDUCT.md CONTRIBUTING.md LICENSE; do
+  if [[ ! -f "$f" ]]; then echo "- Manquant: $f" >> "$SUMMARY_FILE"; issues=$((issues+1)); fi
+done
+
+if [[ $issues -eq 0 ]]; then echo "- Conformité éditoriale de base: OK (présence des fichiers clés)." >> "$SUMMARY_FILE"; fi
+
+PROMPT=$(cat <<'EOF'
+Évalue la conformité éditoriale (français, pas d’exemples applicatifs, intro/conclusion) et liste 5 actions d’amélioration priorisées.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/frontend_agent.sh b/scripts/agents/frontend_agent.sh
new file mode 100755
index 0000000..d101a89
--- /dev/null
+++ b/scripts/agents/frontend_agent.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/frontend_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Frontend" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+PROMPT=$(cat <<'EOF'
+Définis des principes front: code splitting (React.lazy/Suspense), centralisation d’état (Redux/Context), abstraction des services, et tests associés.
+EOF
+)
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(package.json tsconfig.json src/)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement frontend pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/gitea_agent.sh b/scripts/agents/gitea_agent.sh
new file mode 100755
index 0000000..3dbbcdb
--- /dev/null
+++ b/scripts/agents/gitea_agent.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/gitea_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Gitea" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(.gitea/ISSUE_TEMPLATE/bug_report.md .gitea/ISSUE_TEMPLATE/feature_request.md .gitea/PULL_REQUEST_TEMPLATE.md .gitea/workflows/ci.yml)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement Gitea pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+need=(.gitea/ISSUE_TEMPLATE/bug_report.md .gitea/ISSUE_TEMPLATE/feature_request.md .gitea/PULL_REQUEST_TEMPLATE.md .gitea/workflows/ci.yml)
+missing=()
+for f in "${need[@]}"; do [[ -f "$f" ]] || missing+=("$f"); done
+
+if ((${#missing[@]}==0)); then
+  echo "- Configuration Gitea présente." >> "$SUMMARY_FILE"
+else
+  echo "- Manquants:" >> "$SUMMARY_FILE"; for m in "${missing[@]}"; do echo "  - $m" >> "$SUMMARY_FILE"; done
+fi
+
+PROMPT=$(cat <<'EOF'
+Propose des vérifications CI additionnelles Gitea (lint, tests, sécurité, scripts exécutables) et notifications en cas d’échecs.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/lang_detect.sh b/scripts/agents/lang_detect.sh
new file mode 100755
index 0000000..cd2d313
--- /dev/null
+++ b/scripts/agents/lang_detect.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Détection de langages et outillages par conventions de fichiers.
+# À sourcer depuis les agents. Utilise le répertoire courant comme racine projet.
+
+has_file() { [[ -f "$1" ]]; }
+has_dir() { [[ -d "$1" ]]; }
+has_bin() { command -v "$1" >/dev/null 2>&1; }
+
+export HAS_NODE=0 HAS_TYPESCRIPT=0 HAS_GO=0 HAS_RUST=0 HAS_PYTHON=0 HAS_SHELL_BASH=0 HAS_SHELL_PWSH=0
+
+# Node / TypeScript
+if has_file package.json; then HAS_NODE=1; fi
+if has_file tsconfig.json || git ls-files '*.ts' | grep -q . 2>/dev/null; then HAS_TYPESCRIPT=1; fi
+
+# Go
+if has_file go.mod || has_file go.work; then HAS_GO=1; fi
+
+# Rust
+if has_file Cargo.toml; then HAS_RUST=1; fi
+
+# Python
+if has_file pyproject.toml || has_file requirements.txt || git ls-files '*.py' | grep -q . 2>/dev/null; then HAS_PYTHON=1; fi
+
+# Shell (bash)
+if git ls-files '*.sh' | grep -q . 2>/dev/null; then HAS_SHELL_BASH=1; fi
+
+# PowerShell (pwsh)
+if git ls-files '*.ps1' | grep -q . 2>/dev/null; then HAS_SHELL_PWSH=1; fi
+
+# Exposer aussi l'état des outils lorsqu’ils existent
+export HAS_NPM=0 HAS_NPX=0 HAS_GO_BIN=0 HAS_CARGO=0 HAS_PYTHON_BIN=0 HAS_PIP=0 HAS_SHELLCHECK=0 HAS_PWSH=0
+has_bin npm && HAS_NPM=1
+has_bin npx && HAS_NPX=1
+has_bin go && HAS_GO_BIN=1
+has_bin cargo && HAS_CARGO=1
+has_bin python && HAS_PYTHON_BIN=1 || true
+has_bin pip && HAS_PIP=1 || true
+has_bin shellcheck && HAS_SHELLCHECK=1 || true
+has_bin pwsh && HAS_PWSH=1 || true
diff --git a/scripts/agents/open_source_agent.sh b/scripts/agents/open_source_agent.sh
new file mode 100755
index 0000000..15b65e2
--- /dev/null
+++ b/scripts/agents/open_source_agent.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/open_source_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Open Source" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(LICENSE CONTRIBUTING.md CODE_OF_CONDUCT.md docs/OPEN_SOURCE_CHECKLIST.md)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement open source pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+need=(LICENSE CONTRIBUTING.md CODE_OF_CONDUCT.md docs/OPEN_SOURCE_CHECKLIST.md)
+missing=()
+for f in "${need[@]}"; do [[ -f "$f" ]] || missing+=("$f"); done
+
+if ((${#missing[@]}==0)); then
+  echo "- Pré‑requis open source présents." >> "$SUMMARY_FILE"
+else
+  echo "- Manquants:" >> "$SUMMARY_FILE"; for m in "${missing[@]}"; do echo "  - $m" >> "$SUMMARY_FILE"; done
+fi
+
+PROMPT=$(cat <<'EOF'
+Propose une checklist pour préparer l’ouverture open source (gouvernance, CI, sécurité, documentation) compatible avec Gitea.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/performance_agent.sh b/scripts/agents/performance_agent.sh
new file mode 100755
index 0000000..820ad8c
--- /dev/null
+++ b/scripts/agents/performance_agent.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/performance_agent.md"
+
+echo "# Agent Performance" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ -d tests/performance ]]; then
+  echo "- Dossier tests/performance présent." >> "$SUMMARY_FILE"
+else
+  echo "- Dossier tests/performance manquant." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Propose un plan minimal de tests de performance reproductibles (outillage, métriques, critères de succès) et archivage des rapports.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/qualite_formelle.sh b/scripts/agents/qualite_formelle.sh
new file mode 100755
index 0000000..7ed334a
--- /dev/null
+++ b/scripts/agents/qualite_formelle.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Chargement env utilisateur (~/.4nk_template/.env)
+"$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/env/ensure_env.sh" || true
+if [[ -f "${HOME}/.4nk_template/.env" ]]; then
+  set -a
+  . "${HOME}/.4nk_template/.env"
+  set +a
+fi
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/qualite_formelle.md"
+
+echo "# Agent Qualité formelle" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+# Contrôles basiques
+issues=0
+pushd "$TARGET_DIR" >/dev/null
+if grep -R "RESUME" docs/ >/dev/null 2>&1; then
+  echo "- Placeholder 'RESUME' détecté dans docs/ (à remplacer)." >> "$SUMMARY_FILE"; issues=$((issues+1))
+fi
+
+echo "## Résultats locaux" >> "$SUMMARY_FILE"
+if [[ $issues -eq 0 ]]; then
+  echo "- Aucun problème formel bloquant détecté." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Évalue la qualité formelle (français uniquement, typographie, absence d’exemples applicatifs, intro/conclusion) et propose 5 recommandations priorisées.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/quality_tech.sh b/scripts/agents/quality_tech.sh
new file mode 100755
index 0000000..a365f4d
--- /dev/null
+++ b/scripts/agents/quality_tech.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Chargement env utilisateur (~/.4nk_template/.env)
+"$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/env/ensure_env.sh" || true
+if [[ -f "${HOME}/.4nk_template/.env" ]]; then
+  set -a
+  . "${HOME}/.4nk_template/.env"
+  set +a
+fi
+
+# Portée (all|changed)
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+
+SUMMARY_FILE="$OUTPUT_DIR/quality_tech.md"
+
+# Checks de base (adaptés à ce template)
+mapfile -t required_files < <(cat <<'REQ'
+README.md
+LICENSE
+CONTRIBUTING.md
+CODE_OF_CONDUCT.md
+CHANGELOG.md
+docs/INDEX.md
+docs/ARCHITECTURE.md
+docs/TESTING.md
+.gitea/workflows/ci.yml
+REQ
+)
+
+pushd "$TARGET_DIR" >/dev/null
+missing=()
+for f in "${required_files[@]}"; do
+  [[ -f "$f" ]] || missing+=("$f")
+done
+
+echo "# Agent Qualité technique" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+echo "## Résultats locaux" >> "$SUMMARY_FILE"
+if ((${#missing[@]}==0)); then
+  echo "- Tous les fichiers requis sont présents." >> "$SUMMARY_FILE"
+else
+  echo "- Fichiers manquants:" >> "$SUMMARY_FILE"
+  for m in "${missing[@]}"; do echo "  - $m" >> "$SUMMARY_FILE"; done
+fi
+
+# Détection des langages et contrôles best‑effort
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/lang_detect.sh"
+echo >> "$SUMMARY_FILE"
+echo "## Contrôles automatiques (best‑effort)" >> "$SUMMARY_FILE"
+if [[ "$HAS_RUST" -eq 1 && "$HAS_CARGO" -eq 1 ]]; then
+  (cargo check -q && echo "- Rust: cargo check OK" >> "$SUMMARY_FILE") || echo "- Rust: cargo check a signalé des problèmes" >> "$SUMMARY_FILE"
+fi
+if [[ "$HAS_GO" -eq 1 && "$HAS_GO_BIN" -eq 1 ]]; then
+  (go vet ./... >/dev/null 2>&1 && echo "- Go: go vet OK" >> "$SUMMARY_FILE") || echo "- Go: go vet a signalé des problèmes" >> "$SUMMARY_FILE"
+fi
+if [[ "$HAS_NODE" -eq 1 && "$HAS_NPX" -eq 1 ]]; then
+  (npx -y --yes -- eslint . >/dev/null 2>&1 && echo "- Node: eslint OK" >> "$SUMMARY_FILE") || echo "- Node: eslint non exécuté ou problèmes" >> "$SUMMARY_FILE"
+  if [[ "$HAS_TYPESCRIPT" -eq 1 ]]; then
+    (npx -y --yes -- tsc --noEmit >/dev/null 2>&1 && echo "- TS: tsc --noEmit OK" >> "$SUMMARY_FILE") || echo "- TS: tsc a signalé des problèmes" >> "$SUMMARY_FILE"
+  fi
+fi
+if [[ "$HAS_PYTHON" -eq 1 ]]; then
+  if command -v ruff >/dev/null 2>&1; then
+    (ruff . >/dev/null 2>&1 && echo "- Python: ruff OK" >> "$SUMMARY_FILE") || echo "- Python: ruff a signalé des problèmes" >> "$SUMMARY_FILE"
+  elif command -v flake8 >/dev/null 2>&1; then
+    (flake8 . >/dev/null 2>&1 && echo "- Python: flake8 OK" >> "$SUMMARY_FILE") || echo "- Python: flake8 a signalé des problèmes" >> "$SUMMARY_FILE"
+  else
+    echo "- Python: aucun linter détecté (ruff/flake8)" >> "$SUMMARY_FILE"
+  fi
+fi
+if [[ "$HAS_SHELL_BASH" -eq 1 ]]; then
+  if [[ "$HAS_SHELLCHECK" -eq 1 ]]; then
+    (git ls-files '*.sh' | xargs -r shellcheck >/dev/null 2>&1 && echo "- Shell: shellcheck OK" >> "$SUMMARY_FILE") || echo "- Shell: shellcheck a signalé des problèmes" >> "$SUMMARY_FILE"
+  else
+    echo "- Shell: shellcheck non disponible" >> "$SUMMARY_FILE"
+  fi
+fi
+if [[ "$HAS_SHELL_PWSH" -eq 1 && "$HAS_PWSH" -eq 1 ]]; then
+  echo "- PowerShell: PSScriptAnalyzer recommandé" >> "$SUMMARY_FILE"
+fi
+
+# IA (optionnelle)
+PROMPT=$(cat <<'EOF'
+Analyse la conformité qualité technique du dépôt selon AGENTS.md et la CI. Priorise: lint/format/type-check, structure de tests, cohérence docs/CI, sécurité basique. Propose 5 actions concrètes.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/resolution_agent.sh b/scripts/agents/resolution_agent.sh
new file mode 100755
index 0000000..d803f3b
--- /dev/null
+++ b/scripts/agents/resolution_agent.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/resolution_agent.md"
+
+echo "# Agent Résolution" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ -d archive ]]; then
+  echo "- Dossier archive/ présent (pour REX)." >> "$SUMMARY_FILE"
+else
+  echo "- Dossier archive/ manquant (recommandé pour REX)." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Décris la boucle de triage complète (repro minimale, logs, bissection, hypothèses, tests ciblés, correctif, non‑régression) et quand produire un REX.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/run.sh b/scripts/agents/run.sh
new file mode 100755
index 0000000..6642337
--- /dev/null
+++ b/scripts/agents/run.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Chargement env utilisateur (~/.4nk_template/.env)
+"$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/env/ensure_env.sh" || true
+if [[ -f "${HOME}/.4nk_template/.env" ]]; then
+  set -a
+  . "${HOME}/.4nk_template/.env"
+  set +a
+fi
+
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+AGENT="${3:-all}"
+
+mkdir -p "$OUTPUT_DIR"
+
+# Capture état avant
+pushd "$TARGET_DIR" >/dev/null || true
+before_status_file="$OUTPUT_DIR/.before_status.txt"
+after_status_file="$OUTPUT_DIR/.after_status.txt"
+changes_report="$OUTPUT_DIR/changes_applied.md"
+(git status --porcelain || true) > "$before_status_file" 2>/dev/null || true
+popd >/dev/null || true
+
+usage() {
+  cat <<USAGE
+Usage: $0 [target_dir] [output_dir] [agent]
+Agents: fondation, structure, documentation, donnees-csv, documents-bureautiques,
+        tests, performance, qualite-technique/quality-tech, dependances, compilation,
+        resolution, ssh-scripts, frontend, open-source, gitea, versionnage,
+        securite, deploiement, sync-template, derogations-locales, runner, all
+USAGE
+}
+
+run_agent() {
+  local script_name="$1"
+  "$DIR/${script_name}" "$TARGET_DIR" "$OUTPUT_DIR" || true
+}
+
+case "$AGENT" in
+  runner)                run_agent "runner_agent.sh" ;;
+  quality-tech|qualite-technique) run_agent "quality_tech.sh" ;;
+  qualite-formelle|fondation)     "$DIR/qualite_formelle.sh" "$TARGET_DIR" "$OUTPUT_DIR" || true; "$DIR/fondation_agent.sh" "$TARGET_DIR" "$OUTPUT_DIR" || true ;;
+  structure)             run_agent "structure_agent.sh" ;;
+  tests)                 run_agent "tests_agent.sh" ;;
+  performance)           run_agent "performance_agent.sh" ;;
+  documentation)         run_agent "documentation_agent.sh" ;;
+  donnees-csv)           run_agent "donnees_csv_agent.sh" ;;
+  documents-bureautiques)run_agent "documents_bureautiques_agent.sh" ;;
+  securite)              run_agent "security_agent.sh" ;;
+  deploiement)           run_agent "deployment_agent.sh" ;;
+  dependances)           run_agent "dependances_agent.sh" ;;
+  compilation)           run_agent "compilation_agent.sh" ;;
+  resolution)            run_agent "resolution_agent.sh" ;;
+  ssh-scripts)           run_agent "ssh_scripts_agent.sh" ;;
+  frontend)              run_agent "frontend_agent.sh" ;;
+  open-source)           run_agent "open_source_agent.sh" ;;
+  gitea)                 run_agent "gitea_agent.sh" ;;
+  versionnage)           run_agent "versionnage_agent.sh" ;;
+  sync-template)         run_agent "sync_template_agent.sh" ;;
+  derogations-locales)   run_agent "derogations_locales_agent.sh" ;;
+  all)
+    for a in \
+      runner_agent.sh quality_tech.sh qualite_formelle.sh fondation_agent.sh structure_agent.sh \
+      tests_agent.sh performance_agent.sh documentation_agent.sh donnees_csv_agent.sh \
+      documents_bureautiques_agent.sh security_agent.sh deployment_agent.sh dependances_agent.sh \
+      compilation_agent.sh resolution_agent.sh ssh_scripts_agent.sh frontend_agent.sh \
+      open_source_agent.sh gitea_agent.sh versionnage_agent.sh sync_template_agent.sh derogations_locales_agent.sh; do
+      "$DIR/$a" "$TARGET_DIR" "$OUTPUT_DIR" || true
+    done ;;
+  -h|--help)             usage; exit 0 ;;
+  *) echo "Agent inconnu: $AGENT" >&2; usage; exit 2 ;;
+esac
+
+# Capture état après et rapport
+pushd "$TARGET_DIR" >/dev/null || true
+(git status --porcelain || true) > "$after_status_file" 2>/dev/null || true
+{
+  echo "# Modifications appliquées par les agents"
+  echo
+  echo "## Fichiers modifiés/non suivis (avant)"
+  if [[ -s "$before_status_file" ]]; then sed "s/^/  /" "$before_status_file"; else echo "  (aucun)"; fi
+  echo
+  echo "## Fichiers modifiés/non suivis (après)"
+  if [[ -s "$after_status_file" ]]; then sed "s/^/  /" "$after_status_file"; else echo "  (aucun)"; fi
+  echo
+  echo "## Diff par rapport au dernier commit"
+  git diff --name-status || true
+} > "$changes_report"
+popd >/dev/null || true
+
+echo "Agents terminés → $OUTPUT_DIR"
diff --git a/scripts/agents/runner_agent.sh b/scripts/agents/runner_agent.sh
new file mode 100755
index 0000000..ede54ee
--- /dev/null
+++ b/scripts/agents/runner_agent.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+
+mkdir -p "${OUTPUT_DIR}"
+report="${OUTPUT_DIR}/runner_agent.md"
+
+echo "# Agent Runner" >"${report}"
+echo >>"${report}"
+
+if ! command -v docker >/dev/null 2>&1; then
+  echo "- Docker non détecté sur l'hôte. Impossible de gérer le runner." >>"${report}"
+  exit 0
+fi
+
+if [[ -f "runner/docker-compose.yml" ]]; then
+  (
+    cd runne
+    # Démarre (ou met à jour) le runne
+    docker compose up -d || true
+  )
+  echo "- Runner démarré/présent via docker compose (runner/docker-compose.yml)." >>"${report}"
+else
+  echo "- Fichier runner/docker-compose.yml introuvable; aucun démarrage effectué." >>"${report}"
+fi
+
+echo "- Rapports: ${report}" >>"${report}"
+exit 0
+
diff --git a/scripts/agents/security_agent.sh b/scripts/agents/security_agent.sh
new file mode 100755
index 0000000..00de948
--- /dev/null
+++ b/scripts/agents/security_agent.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/security_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Sécurité" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(scripts/security/audit.sh .gitea/workflows/ci.yml docs/SECURITY_AUDIT.md)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement sécurité pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+echo "## Résultats locaux" >> "$SUMMARY_FILE"
+if [[ -x scripts/security/audit.sh ]]; then
+  if scripts/security/audit.sh >> "$SUMMARY_FILE" 2>&1; then
+    echo "- Audit sécurité scripté exécuté (voir détails ci‑dessus)." >> "$SUMMARY_FILE"
+  else
+    echo "- Audit a signalé des problèmes (ci‑dessus)." >> "$SUMMARY_FILE"
+  fi
+else
+  echo "- scripts/security/audit.sh introuvable ou non exécutable." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+À partir d’un dépôt template, propose 5 contrôles sécurité CI/CD additionnels (secrets, permissions, dépendances, scans) et un ordre de priorité.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/ssh_scripts_agent.sh b/scripts/agents/ssh_scripts_agent.sh
new file mode 100755
index 0000000..28c347e
--- /dev/null
+++ b/scripts/agents/ssh_scripts_agent.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/ssh_scripts_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent SSH & scripts" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(scripts/auto-ssh-push.sh scripts/init-ssh-env.sh scripts/setup-ssh-ci.sh docs/SSH_UPDATE.md)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement SSH/scripts pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+paths=(
+  scripts/auto-ssh-push.sh
+  scripts/init-ssh-env.sh
+  scripts/setup-ssh-ci.sh
+  scripts/scripts/auto-ssh-push.sh
+  scripts/scripts/init-ssh-env.sh
+  scripts/scripts/setup-ssh-ci.sh
+)
+
+found=0
+for p in "${paths[@]}"; do
+  if [[ -f "$p" ]]; then echo "- Trouvé: $p" >> "$SUMMARY_FILE"; found=1; fi
+done
+if [[ $found -eq 0 ]]; then echo "- Scripts SSH standard introuvables (vérifier l’arborescence)." >> "$SUMMARY_FILE"; fi
+
+if [[ -f docs/SSH_UPDATE.md ]]; then echo "- docs/SSH_UPDATE.md présent." >> "$SUMMARY_FILE"; fi
+
+PROMPT=$(cat <<'EOF'
+Propose une checklist de conformité SSH (permissions, secrets CI, idempotence, journalisation non sensible) et intégration de contrôles CI.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/structure_agent.sh b/scripts/agents/structure_agent.sh
new file mode 100755
index 0000000..724dac8
--- /dev/null
+++ b/scripts/agents/structure_agent.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/structure_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Structure" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(docs .gitea scripts CHANGELOG.md AGENTS.md)
+  any=0; for p in "${relevant[@]}"; do if [[ -e "$p" ]] && is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement structurel pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+need=(docs .gitea scripts CHANGELOG.md AGENTS.md)
+missing=()
+for p in "${need[@]}"; do [[ -e "$p" ]] || missing+=("$p"); done
+
+if ((${#missing[@]}==0)); then
+  echo "- Arborescence de base présente." >> "$SUMMARY_FILE"
+else
+  echo "- Éléments manquants:" >> "$SUMMARY_FILE"
+  for m in "${missing[@]}"; do echo "  - $m" >> "$SUMMARY_FILE"; done
+fi
+
+PROMPT=$(cat <<'EOF'
+Vérifie l’alignement avec l’arborescence 4NK_node et propose 5 corrections prioritaires (créations/archives/métadonnées) si des écarts sont détectés.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/sync_template_agent.sh b/scripts/agents/sync_template_agent.sh
new file mode 100755
index 0000000..5cf7f12
--- /dev/null
+++ b/scripts/agents/sync_template_agent.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/sync_template_agent.md"
+
+echo "# Agent Synchronisation de template" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ -f .gitea/workflows/template-sync.yml ]]; then
+  echo "- Workflow template-sync présent." >> "$SUMMARY_FILE"
+else
+  echo "- Workflow template-sync manquant." >> "$SUMMARY_FILE"
+fi
+
+if [[ -f .4nk-sync.yml ]]; then
+  echo "- Manifeste .4nk-sync.yml présent." >> "$SUMMARY_FILE"
+else
+  echo "- Manifeste .4nk-sync.yml manquant." >> "$SUMMARY_FILE"
+fi
+
+PROMPT=$(cat <<'EOF'
+Propose une procédure de synchronisation contrôlée (PR dédiée, vérif checksums/manifest_checksum, mise à jour TEMPLATE_VERSION, mise à jour CHANGELOG/INDEX).
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/tests_agent.sh b/scripts/agents/tests_agent.sh
new file mode 100755
index 0000000..afe6438
--- /dev/null
+++ b/scripts/agents/tests_agent.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Chargement env utilisateur (~/.4nk_template/.env)
+"$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)/env/ensure_env.sh" || true
+if [[ -f "${HOME}/.4nk_template/.env" ]]; then
+  set -a
+  . "${HOME}/.4nk_template/.env"
+  set +a
+fi
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/tests_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Tests" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+# Vérifier existence structure
+pushd "$TARGET_DIR" >/dev/null
+need=(tests/unit tests/integration tests/connectivity tests/external tests/performance tests/logs tests/reports)
+missing=()
+for d in "${need[@]}"; do [[ -d "$d" ]] || missing+=("$d"); done
+
+echo "## Résultats locaux" >> "$SUMMARY_FILE"
+if ((${#missing[@]}==0)); then
+  echo "- Structure de tests conforme au template." >> "$SUMMARY_FILE"
+else
+  echo "- Dossiers manquants:" >> "$SUMMARY_FILE"
+  for m in "${missing[@]}"; do echo "  - $m" >> "$SUMMARY_FILE"; done
+  if [[ "${AUTO_FIX:-0}" == "1" ]]; then
+    echo >> "$SUMMARY_FILE"
+    echo "## Auto‑corrections" >> "$SUMMARY_FILE"
+    for m in "${missing[@]}"; do
+      mkdir -p "$m" && echo "- Créé: $m" >> "$SUMMARY_FILE"
+    done
+    mkdir -p tests/reports/agents tests/logs || true
+  fi
+fi
+
+PROMPT=$(cat <<'EOF'
+Propose un plan court pour renforcer la pyramide de tests (unit, integration, connectivity, external, performance) pour ce template, avec 5 actions.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/agents/versionnage_agent.sh b/scripts/agents/versionnage_agent.sh
new file mode 100755
index 0000000..02136c0
--- /dev/null
+++ b/scripts/agents/versionnage_agent.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+TARGET_DIR="${1:-.}"
+OUTPUT_DIR="${2:-tests/reports/agents}"
+mkdir -p "$OUTPUT_DIR"
+SUMMARY_FILE="$OUTPUT_DIR/versionnage_agent.md"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common.sh" || true
+
+echo "# Agent Versionnage" > "$SUMMARY_FILE"
+echo >> "$SUMMARY_FILE"
+
+pushd "$TARGET_DIR" >/dev/null
+if [[ "$SCOPE" == "changed" ]]; then
+  relevant=(CHANGELOG.md TEMPLATE_VERSION)
+  any=0; for p in "${relevant[@]}"; do if is_path_changed "$p"; then any=1; break; fi; done
+  if [[ $any -eq 0 ]]; then echo "- Aucun changement versionnage pertinent (SCOPE=changed)." >> "$SUMMARY_FILE"; echo "Rapport: $SUMMARY_FILE"; popd >/dev/null; exit 0; fi
+fi
+ok=1
+for f in CHANGELOG.md TEMPLATE_VERSION; do
+  if [[ ! -f "$f" ]]; then echo "- Manquant: $f" >> "$SUMMARY_FILE"; ok=0; fi
+done
+if [[ $ok -eq 1 ]]; then echo "- CHANGELOG et TEMPLATE_VERSION présents." >> "$SUMMARY_FILE"; fi
+
+PROMPT=$(cat <<'EOF'
+Décris la procédure d’alignement version ↔ changelog ↔ tag git (latest vs wip) et conditions de blocage release.
+EOF
+)
+scripts/agents/ai_prompt.sh "$PROMPT" >> "$SUMMARY_FILE" || true
+
+echo "Rapport: $SUMMARY_FILE"
+popd >/dev/null
diff --git a/scripts/build-ihm.ps1 b/scripts/build-ihm.ps1
deleted file mode 100644
index 11df2f2..0000000
--- a/scripts/build-ihm.ps1
+++ /dev/null
@@ -1,15 +0,0 @@
-param()
-$ErrorActionPreference = 'Stop'
-
-Push-Location "$PSScriptRoot/../..\ihm_client"
-try {
-  if (Test-Path package-lock.json) {
-    npm ci --silent
-  } else {
-    npm install --silent
-  }
-  npm run build
-} finally {
-  Pop-Location
-}
-
diff --git a/scripts/checks/version_alignment.sh b/scripts/checks/version_alignment.sh
old mode 100644
new mode 100755
diff --git a/scripts/copy-ihm-dist.ps1 b/scripts/copy-ihm-dist.ps1
deleted file mode 100644
index 08aa12f..0000000
--- a/scripts/copy-ihm-dist.ps1
+++ /dev/null
@@ -1,22 +0,0 @@
-param()
-$ErrorActionPreference = 'Stop'
-
-$repoRoot = Resolve-Path "$PSScriptRoot/../.."
-$ihmDist = Join-Path $repoRoot 'ihm_client/dist'
-$targetAssets = Join-Path (Resolve-Path "$PSScriptRoot/..") 'assets/ihm'
-$targetWeb = Join-Path (Resolve-Path "$PSScriptRoot/..") 'web/ihm'
-
-if (!(Test-Path $ihmDist)) {
-  Write-Error "Le build d'ihm_client est introuvable: $ihmDist"
-}
-
-New-Item -ItemType Directory -Force -Path $targetAssets | Out-Null
-Remove-Item -Recurse -Force -ErrorAction SilentlyContinue (Join-Path $targetAssets '*') | Out-Null
-Copy-Item -Recurse -Force "$ihmDist/*" $targetAssets
-Write-Host "Copie terminée: $ihmDist -> $targetAssets"
-
-New-Item -ItemType Directory -Force -Path $targetWeb | Out-Null
-Remove-Item -Recurse -Force -ErrorAction SilentlyContinue (Join-Path $targetWeb '*') | Out-Null
-Copy-Item -Recurse -Force "$ihmDist/*" $targetWeb
-Write-Host "Copie terminée: $ihmDist -> $targetWeb"
-
diff --git a/scripts/deploy/setup.sh b/scripts/deploy/setup.sh
new file mode 100755
index 0000000..8908ea9
--- /dev/null
+++ b/scripts/deploy/setup.sh
@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ENV_DIR="${HOME}/.4nk_template"
+ENV_FILE="${ENV_DIR}/.env"
+TEMPLATE_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+TEMPLATE_IN_REPO="${TEMPLATE_ROOT}/scripts/env/.env.template"
+
+usage() {
+  cat <<USAGE
+Usage: $0 <git_url> [--dest DIR] [--force]
+
+Actions:
+  1) Provisionne ~/.4nk_template/.env (si absent)
+  2) Clone le dépôt cible si le dossier n'existe pas
+  3) Copie la structure normative 4NK_template dans le projet cible:
+     - .gitea/** (workflows, templates issues/PR)
+     - AGENTS.md
+     - .cursor/rules/** (si présent)
+     - scripts/agents/**, scripts/env/ensure_env.sh, scripts/deploy/setup.sh
+     - docs/templates/** et docs/INDEX.md (table des matières)
+  4) Ne remplace pas les fichiers existants sauf si --force
+
+Exemples:
+  $0 https://git.example.com/org/projet.git
+  $0 git@host:org/projet.git --dest ~/work --force
+USAGE
+}
+
+GIT_URL="${1:-}"
+DEST_PARENT="$(pwd)"
+FORCE_COPY=0
+shift || true
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --dest)
+      DEST_PARENT="${2:-}"; shift 2 ;;
+    --force)
+      FORCE_COPY=1; shift ;;
+    -h|--help)
+      usage; exit 0 ;;
+    *)
+      echo "Option inconnue: $1" >&2; usage; exit 2 ;;
+  esac
+done
+
+if [[ -z "${GIT_URL}" ]]; then
+  usage; exit 2
+fi
+
+mkdir -p "${ENV_DIR}"
+chmod 700 "${ENV_DIR}" || true
+
+if [[ ! -f "${ENV_FILE}" ]]; then
+  if [[ -f "${TEMPLATE_IN_REPO}" ]]; then
+    cp "${TEMPLATE_IN_REPO}" "${ENV_FILE}"
+  else
+    cat >"${ENV_FILE}" <<'EOF'
+# Fichier d'exemple d'environnement pour 4NK_template
+# Copiez ce fichier vers ~/.4nk_template/.env puis complétez les valeurs.
+# Ne committez jamais de fichier contenant des secrets.
+
+# OpenAI (agents IA)
+OPENAI_API_KEY=
+OPENAI_MODEL=
+OPENAI_API_BASE=https://api.openai.com/v1
+OPENAI_TEMPERATURE=0.2
+
+# Gitea (release via API)
+BASE_URL=https://git.4nkweb.com
+RELEASE_TOKEN=
+EOF
+  fi
+  chmod 600 "${ENV_FILE}" || true
+  echo "Fichier créé: ${ENV_FILE}. Complétez les valeurs requises (ex: OPENAI_API_KEY, OPENAI_MODEL, RELEASE_TOKEN)." >&2
+fi
+
+# 2) Clonage du dépôt si nécessaire
+repo_name="$(basename -s .git "${GIT_URL}")"
+target_dir="${DEST_PARENT%/}/${repo_name}"
+if [[ ! -d "${target_dir}" ]]; then
+  echo "Clonage: ${GIT_URL} → ${target_dir}" >&2
+  git clone --depth 1 "${GIT_URL}" "${target_dir}"
+else
+  echo "Dossier existant, pas de clone: ${target_dir}" >&2
+fi
+
+copy_item() {
+  local src="$1" dst="$2"
+  if [[ ! -e "$src" ]]; then return 0; fi
+  if [[ -d "$src" ]]; then
+    mkdir -p "$dst"
+    if (( FORCE_COPY )); then
+      cp -a "$src/." "$dst/"
+    else
+      (cd "$src" && find . -type f -print0) | while IFS= read -r -d '' f; do
+        if [[ ! -e "$dst/$f" ]]; then
+          mkdir -p "$(dirname "$dst/$f")"
+          cp -a "$src/$f" "$dst/$f"
+        fi
+      done
+    fi
+  else
+    if [[ -e "$dst" && $FORCE_COPY -eq 0 ]]; then return 0; fi
+    mkdir -p "$(dirname "$dst")" && cp -a "$src" "$dst"
+  fi
+}
+
+# 3) Copie de la structure normative
+copy_item "${TEMPLATE_ROOT}/.gitea"                    "${target_dir}/.gitea"
+copy_item "${TEMPLATE_ROOT}/AGENTS.md"                 "${target_dir}/AGENTS.md"
+copy_item "${TEMPLATE_ROOT}/.cursor"                   "${target_dir}/.cursor"
+copy_item "${TEMPLATE_ROOT}/.cursorignore"             "${target_dir}/.cursorignore"
+copy_item "${TEMPLATE_ROOT}/.gitignore"                "${target_dir}/.gitignore"
+copy_item "${TEMPLATE_ROOT}/.markdownlint.json"        "${target_dir}/.markdownlint.json"
+copy_item "${TEMPLATE_ROOT}/LICENSE"                   "${target_dir}/LICENSE"
+copy_item "${TEMPLATE_ROOT}/CONTRIBUTING.md"           "${target_dir}/CONTRIBUTING.md"
+copy_item "${TEMPLATE_ROOT}/CODE_OF_CONDUCT.md"        "${target_dir}/CODE_OF_CONDUCT.md"
+copy_item "${TEMPLATE_ROOT}/SECURITY.md"               "${target_dir}/SECURITY.md"
+copy_item "${TEMPLATE_ROOT}/TEMPLATE_VERSION"          "${target_dir}/TEMPLATE_VERSION"
+copy_item "${TEMPLATE_ROOT}/security"                  "${target_dir}/security"
+copy_item "${TEMPLATE_ROOT}/scripts"                   "${target_dir}/scripts"
+copy_item "${TEMPLATE_ROOT}/docs/templates"            "${target_dir}/docs/templates"
+
+# Génération docs/INDEX.md dans le projet cible (si absent ou --force)
+INDEX_DST="${target_dir}/docs/INDEX.md"
+if [[ ! -f "${INDEX_DST}" || $FORCE_COPY -eq 1 ]]; then
+  mkdir -p "$(dirname "${INDEX_DST}")"
+  cat >"${INDEX_DST}" <<'IDX'
+# Documentation du projet
+
+Cette table des matières oriente vers:
+- Documentation spécifique au projet: `docs/project/`
+- Modèles génériques à adapter: `docs/templates/`
+
+## Sommaire
+- À personnaliser: `docs/project/README.md`, `docs/project/INDEX.md`, `docs/project/ARCHITECTURE.md`, `docs/project/USAGE.md`, etc.
+
+## Modèles génériques
+- Voir: `docs/templates/`
+IDX
+fi
+
+echo "Template 4NK appliqué à: ${target_dir}" >&2
+exit 0
diff --git a/scripts/dev/run_container.sh b/scripts/dev/run_container.sh
new file mode 100755
index 0000000..2d543cb
--- /dev/null
+++ b/scripts/dev/run_container.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+IMAGE_NAME="4nk-template-dev:debian"
+DOCKERFILE="docker/Dockerfile.debian"
+
+echo "[build] ${IMAGE_NAME}"
+docker build -t "${IMAGE_NAME}" -f "${DOCKERFILE}" .
+
+echo "[run] launching container and executing agents"
+docker run --rm -it \
+  -v "${PWD}:/work" -w /work \
+  "${IMAGE_NAME}" \
+  "scripts/agents/run.sh; ls -la tests/reports/agents || true"
+
diff --git a/scripts/dev/run_project_ci.sh b/scripts/dev/run_project_ci.sh
new file mode 100755
index 0000000..d92d96b
--- /dev/null
+++ b/scripts/dev/run_project_ci.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Build et lance le conteneur unifié (runner+agents) sur ce projet
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
+cd "$ROOT_DIR"
+
+# Build image
+docker compose -f docker-compose.ci.yml build
+
+# Exécuter agents par défaut
+RUNNER_MODE="${RUNNER_MODE:-agents}" BASE_URL="${BASE_URL:-}" REGISTRATION_TOKEN="${REGISTRATION_TOKEN:-}" \
+  docker compose -f docker-compose.ci.yml up --remove-orphans --abort-on-container-exit
diff --git a/scripts/env/ensure_env.sh b/scripts/env/ensure_env.sh
new file mode 100755
index 0000000..6435819
--- /dev/null
+++ b/scripts/env/ensure_env.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+TEMPLATE_FILE="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/.env.template"
+ENV_DIR="${HOME}/.4nk_template"
+ENV_FILE="${ENV_DIR}/.env"
+
+mkdir -p "${ENV_DIR}"
+chmod 700 "${ENV_DIR}" || true
+
+if [[ ! -f "${ENV_FILE}" ]]; then
+  if [[ -f "${TEMPLATE_FILE}" ]]; then
+    cp "${TEMPLATE_FILE}" "${ENV_FILE}"
+    chmod 600 "${ENV_FILE}" || true
+    echo "Fichier d'environnement créé: ${ENV_FILE}" >&2
+    echo "Veuillez renseigner les variables requises (OPENAI_API_KEY, OPENAI_MODEL, etc.)." >&2
+    exit 3
+  else
+    echo "Modèle d'environnement introuvable: ${TEMPLATE_FILE}" >&2
+    exit 2
+  fi
+fi
+
+# Charger pour validation
+set -a
+. "${ENV_FILE}"
+set +a
+
+MISSING=()
+for var in OPENAI_API_KEY OPENAI_MODEL; do
+  if [[ -z "${!var:-}" ]]; then
+    MISSING+=("$var")
+  fi
+done
+
+if (( ${#MISSING[@]} > 0 )); then
+  echo "Variables manquantes dans ${ENV_FILE}: ${MISSING[*]}" >&2
+  exit 4
+fi
+
+echo "Environnement valide: ${ENV_FILE}" >&2
diff --git a/scripts/local/precommit.sh b/scripts/local/precommit.sh
new file mode 100755
index 0000000..e9a1387
--- /dev/null
+++ b/scripts/local/precommit.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Script de pré-commit pour 4NK_wallet
+# Lance les agents de 4NK_template sur ce projet
+
+PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+TEMPLATE_DIR="$(cd "$PROJECT_DIR/../4NK_template" && pwd)"
+
+echo "=== Pré-commit 4NK_wallet via 4NK_template ==="
+
+# Créer le dossier de sortie
+mkdir -p "$PROJECT_DIR/tests/reports/agents"
+
+# Lancer les agents de 4NK_template sur ce projet
+"$TEMPLATE_DIR/scripts/local/run_agents_for_project.sh" "$PROJECT_DIR" "tests/reports/agents"
+
+echo "=== Pré-commit terminé ==="
diff --git a/scripts/release/guard.sh b/scripts/release/guard.sh
old mode 100644
new mode 100755
diff --git a/scripts/scripts/auto-ssh-push.sh b/scripts/scripts/auto-ssh-push.sh
old mode 100644
new mode 100755
diff --git a/scripts/scripts/init-ssh-env.sh b/scripts/scripts/init-ssh-env.sh
old mode 100644
new mode 100755
diff --git a/scripts/scripts/setup-ssh-ci.sh b/scripts/scripts/setup-ssh-ci.sh
old mode 100644
new mode 100755
diff --git a/scripts/security/audit.sh b/scripts/security/audit.sh
old mode 100644
new mode 100755
diff --git a/scripts/utils/check_md024.ps1 b/scripts/utils/check_md024.ps1
new file mode 100644
index 0000000..000c6d1
--- /dev/null
+++ b/scripts/utils/check_md024.ps1
@@ -0,0 +1,47 @@
+Param(
+  [string]$Root = "."
+)
+
+$ErrorActionPreference = "Stop"
+
+$files = Get-ChildItem -Path $Root -Recurse -Filter *.md | Where-Object { $_.FullName -notmatch '\\archive\\' }
+$had = $false
+foreach ($f in $files) {
+  try {
+    $lines = Get-Content -LiteralPath $f.FullName -Encoding UTF8 -ErrorAction Stop
+  } catch {
+    Write-Warning ("Impossible de lire: {0} — {1}" -f $f.FullName, $_.Exception.Message)
+    continue
+  }
+  $map = @{}
+  $firstMap = @{}
+  $dups = @{}
+  for ($i = 0; $i -lt $lines.Count; $i++) {
+    $line = $lines[$i]
+    if ($line -match '^\s{0,3}#{1,6}\s+(.*)$') {
+      $t = $Matches[1].Trim()
+      $norm = ([regex]::Replace($t, '\s+', ' ')).ToLowerInvariant()
+      if ($map.ContainsKey($norm)) {
+        if (-not $dups.ContainsKey($norm)) {
+          $dups[$norm] = New-Object System.Collections.ArrayList
+          $firstMap[$norm] = $map[$norm]
+        }
+        [void]$dups[$norm].Add($i + 1)
+      } else {
+        $map[$norm] = $i + 1
+      }
+    }
+  }
+  if ($dups.Keys.Count -gt 0) {
+    $had = $true
+    Write-Output "=== $($f.FullName) ==="
+    foreach ($k in $dups.Keys) {
+      $first = $firstMap[$k]
+      $others = ($dups[$k] -join ', ')
+      Write-Output ("Heading: '{0}' first@{1} duplicates@[{2}]" -f $k, $first, $others)
+    }
+  }
+}
+if (-not $had) {
+  Write-Output "No duplicate headings detected."
+}
diff --git a/tests/reports/agents/.after_status.txt b/tests/reports/agents/.after_status.txt
new file mode 100644
index 0000000..e69de29
diff --git a/tests/reports/agents/.before_status.txt b/tests/reports/agents/.before_status.txt
new file mode 100644
index 0000000..e69de29
diff --git a/tests/reports/agents/changes_applied.md b/tests/reports/agents/changes_applied.md
new file mode 100644
index 0000000..98fa7c6
--- /dev/null
+++ b/tests/reports/agents/changes_applied.md
@@ -0,0 +1,9 @@
+# Modifications appliquées par les agents
+
+## Fichiers modifiés/non suivis (avant)
+  (aucun)
+
+## Fichiers modifiés/non suivis (après)
+  (aucun)
+
+## Diff par rapport au dernier commit
diff --git a/tests/reports/agents/compilation_agent.md b/tests/reports/agents/compilation_agent.md
new file mode 100644
index 0000000..fd67ba1
--- /dev/null
+++ b/tests/reports/agents/compilation_agent.md
@@ -0,0 +1,3 @@
+# Agent Compilation
+
+- Étapes de build/format/clippy Rust détectées dans la CI.
diff --git a/tests/reports/agents/dependances_agent.md b/tests/reports/agents/dependances_agent.md
new file mode 100644
index 0000000..f2dc0e2
--- /dev/null
+++ b/tests/reports/agents/dependances_agent.md
@@ -0,0 +1,4 @@
+# Agent Dépendances
+
+- Vérifier régulièrement les dépendances (audit sécurité, mises à jour stables).
+- Job CI security-audit détecté.
diff --git a/tests/reports/agents/deployment_agent.md b/tests/reports/agents/deployment_agent.md
new file mode 100644
index 0000000..01bac39
--- /dev/null
+++ b/tests/reports/agents/deployment_agent.md
@@ -0,0 +1,4 @@
+# Agent Déploiement
+
+## Résultats locaux
+- Manquant: docs/RELEASE_PLAN.md
diff --git a/tests/reports/agents/derogations_locales_agent.md b/tests/reports/agents/derogations_locales_agent.md
new file mode 100644
index 0000000..abaade6
--- /dev/null
+++ b/tests/reports/agents/derogations_locales_agent.md
@@ -0,0 +1,3 @@
+# Agent Dérogations locales
+
+- Fichier de dérogations locales détecté.
diff --git a/tests/reports/agents/documentation_agent.md b/tests/reports/agents/documentation_agent.md
new file mode 100644
index 0000000..aeb09e4
--- /dev/null
+++ b/tests/reports/agents/documentation_agent.md
@@ -0,0 +1,4 @@
+# Agent Documentation
+
+## Résultats locaux
+- Documentation essentielle présente.
diff --git a/tests/reports/agents/documents_bureautiques_agent.md b/tests/reports/agents/documents_bureautiques_agent.md
new file mode 100644
index 0000000..7cd42e9
--- /dev/null
+++ b/tests/reports/agents/documents_bureautiques_agent.md
@@ -0,0 +1,3 @@
+# Agent Documents bureautiques
+
+- Aucun fichier .docx détecté.
diff --git a/tests/reports/agents/donnees_csv_agent.md b/tests/reports/agents/donnees_csv_agent.md
new file mode 100644
index 0000000..2fe3a8c
--- /dev/null
+++ b/tests/reports/agents/donnees_csv_agent.md
@@ -0,0 +1,3 @@
+# Agent Données CSV
+
+- Aucun CSV détecté dans le dépôt.
diff --git a/tests/reports/agents/fondation_agent.md b/tests/reports/agents/fondation_agent.md
new file mode 100644
index 0000000..bdb3835
--- /dev/null
+++ b/tests/reports/agents/fondation_agent.md
@@ -0,0 +1,3 @@
+# Agent Fondation
+
+- Conformité éditoriale de base: OK (présence des fichiers clés).
diff --git a/tests/reports/agents/frontend_agent.md b/tests/reports/agents/frontend_agent.md
new file mode 100644
index 0000000..68f343f
--- /dev/null
+++ b/tests/reports/agents/frontend_agent.md
@@ -0,0 +1,2 @@
+# Agent Frontend
+
diff --git a/tests/reports/agents/gitea_agent.md b/tests/reports/agents/gitea_agent.md
new file mode 100644
index 0000000..d2ba0c5
--- /dev/null
+++ b/tests/reports/agents/gitea_agent.md
@@ -0,0 +1,3 @@
+# Agent Gitea
+
+- Configuration Gitea présente.
diff --git a/tests/reports/agents/open_source_agent.md b/tests/reports/agents/open_source_agent.md
new file mode 100644
index 0000000..dd9a89b
--- /dev/null
+++ b/tests/reports/agents/open_source_agent.md
@@ -0,0 +1,4 @@
+# Agent Open Source
+
+- Manquants:
+  - docs/OPEN_SOURCE_CHECKLIST.md
diff --git a/tests/reports/agents/performance_agent.md b/tests/reports/agents/performance_agent.md
new file mode 100644
index 0000000..83b6a3c
--- /dev/null
+++ b/tests/reports/agents/performance_agent.md
@@ -0,0 +1,3 @@
+# Agent Performance
+
+- Dossier tests/performance présent.
diff --git a/tests/reports/agents/qualite_formelle.md b/tests/reports/agents/qualite_formelle.md
new file mode 100644
index 0000000..ca51c0d
--- /dev/null
+++ b/tests/reports/agents/qualite_formelle.md
@@ -0,0 +1,4 @@
+# Agent Qualité formelle
+
+## Résultats locaux
+- Aucun problème formel bloquant détecté.
diff --git a/tests/reports/agents/quality_tech.md b/tests/reports/agents/quality_tech.md
new file mode 100644
index 0000000..8f61827
--- /dev/null
+++ b/tests/reports/agents/quality_tech.md
@@ -0,0 +1,6 @@
+# Agent Qualité technique
+
+## Résultats locaux
+- Tous les fichiers requis sont présents.
+
+## Contrôles automatiques (best‑effort)
diff --git a/tests/reports/agents/resolution_agent.md b/tests/reports/agents/resolution_agent.md
new file mode 100644
index 0000000..04e40bf
--- /dev/null
+++ b/tests/reports/agents/resolution_agent.md
@@ -0,0 +1,3 @@
+# Agent Résolution
+
+- Dossier archive/ manquant (recommandé pour REX).
diff --git a/tests/reports/agents/runner_agent.md b/tests/reports/agents/runner_agent.md
new file mode 100644
index 0000000..6d502cf
--- /dev/null
+++ b/tests/reports/agents/runner_agent.md
@@ -0,0 +1,3 @@
+# Agent Runner
+
+- Docker non détecté sur l'hôte. Impossible de gérer le runner.
diff --git a/tests/reports/agents/security_agent.md b/tests/reports/agents/security_agent.md
new file mode 100644
index 0000000..ffc609a
--- /dev/null
+++ b/tests/reports/agents/security_agent.md
@@ -0,0 +1,10 @@
+# Agent Sécurité
+
+## Résultats locaux
+[security-audit] démarrage
+[security-audit] pas de projet Rust (ok)
+[security-audit] pas de package.json (ok)
+[security-audit] scan secrets
+[security-audit] aucun secret évident
+[security-audit] terminé rc=0
+- Audit sécurité scripté exécuté (voir détails ci‑dessus).
diff --git a/tests/reports/agents/ssh_scripts_agent.md b/tests/reports/agents/ssh_scripts_agent.md
new file mode 100644
index 0000000..6239f97
--- /dev/null
+++ b/tests/reports/agents/ssh_scripts_agent.md
@@ -0,0 +1,5 @@
+# Agent SSH & scripts
+
+- Trouvé: scripts/scripts/auto-ssh-push.sh
+- Trouvé: scripts/scripts/init-ssh-env.sh
+- Trouvé: scripts/scripts/setup-ssh-ci.sh
diff --git a/tests/reports/agents/structure_agent.md b/tests/reports/agents/structure_agent.md
new file mode 100644
index 0000000..8f072f4
--- /dev/null
+++ b/tests/reports/agents/structure_agent.md
@@ -0,0 +1,3 @@
+# Agent Structure
+
+- Arborescence de base présente.
diff --git a/tests/reports/agents/sync_template_agent.md b/tests/reports/agents/sync_template_agent.md
new file mode 100644
index 0000000..8e46a16
--- /dev/null
+++ b/tests/reports/agents/sync_template_agent.md
@@ -0,0 +1,4 @@
+# Agent Synchronisation de template
+
+- Workflow template-sync présent.
+- Manifeste .4nk-sync.yml présent.
diff --git a/tests/reports/agents/tests_agent.md b/tests/reports/agents/tests_agent.md
new file mode 100644
index 0000000..7de3804
--- /dev/null
+++ b/tests/reports/agents/tests_agent.md
@@ -0,0 +1,5 @@
+# Agent Tests
+
+## Résultats locaux
+- Dossiers manquants:
+  - tests/logs
diff --git a/tests/reports/agents/versionnage_agent.md b/tests/reports/agents/versionnage_agent.md
new file mode 100644
index 0000000..3921cda
--- /dev/null
+++ b/tests/reports/agents/versionnage_agent.md
@@ -0,0 +1,3 @@
+# Agent Versionnage
+
+- CHANGELOG et TEMPLATE_VERSION présents.

From b2c80be2c7cae617f6435e32b704fee4f8bcf5fb Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Thu, 28 Aug 2025 11:31:46 +0000
Subject: [PATCH 2/6] chore(wallet): precommit via image module 4NK_template

---
 tests/reports/agents/security_agent.md      | 7 ++++---
 tests/reports/agents/sync_template_agent.md | 2 +-
 tests/reports/agents/tests_agent.md         | 3 +--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tests/reports/agents/security_agent.md b/tests/reports/agents/security_agent.md
index ffc609a..0d350af 100644
--- a/tests/reports/agents/security_agent.md
+++ b/tests/reports/agents/security_agent.md
@@ -2,9 +2,10 @@
 
 ## Résultats locaux
 [security-audit] démarrage
+[security-audit] npm audit --audit-level=moderate
+scripts/security/audit.sh: line 13: npm: command not found
 [security-audit] pas de projet Rust (ok)
-[security-audit] pas de package.json (ok)
 [security-audit] scan secrets
 [security-audit] aucun secret évident
-[security-audit] terminé rc=0
-- Audit sécurité scripté exécuté (voir détails ci‑dessus).
+[security-audit] terminé rc=1
+- Audit a signalé des problèmes (ci‑dessus).
diff --git a/tests/reports/agents/sync_template_agent.md b/tests/reports/agents/sync_template_agent.md
index 8e46a16..d054f7c 100644
--- a/tests/reports/agents/sync_template_agent.md
+++ b/tests/reports/agents/sync_template_agent.md
@@ -1,4 +1,4 @@
 # Agent Synchronisation de template
 
 - Workflow template-sync présent.
-- Manifeste .4nk-sync.yml présent.
+- Manifeste .4nk-sync.yml manquant.
diff --git a/tests/reports/agents/tests_agent.md b/tests/reports/agents/tests_agent.md
index 7de3804..176a57d 100644
--- a/tests/reports/agents/tests_agent.md
+++ b/tests/reports/agents/tests_agent.md
@@ -1,5 +1,4 @@
 # Agent Tests
 
 ## Résultats locaux
-- Dossiers manquants:
-  - tests/logs
+- Structure de tests conforme au template.

From 26740ba4cc93b5fed49c9df1592cc53a45379870 Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Thu, 28 Aug 2025 11:39:43 +0000
Subject: [PATCH 3/6] chore(wallet): ajoute prepush local et rapports agents

---
 scripts/local/prepush.sh             | 20 ++++++++++++++++++++
 tests/reports/agents/quality_tech.md |  1 +
 tests/reports/agents/runner_agent.md |  3 ++-
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100755 scripts/local/prepush.sh

diff --git a/scripts/local/prepush.sh b/scripts/local/prepush.sh
new file mode 100755
index 0000000..2d3d93a
--- /dev/null
+++ b/scripts/local/prepush.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT_DIR/.."
+
+# Agents complets
+AUTO_FIX="${AUTO_FIX:-1}" SCOPE="${SCOPE:-all}" scripts/agents/run.sh
+
+# Audit sécurité (best effort)
+if [ -f scripts/security/audit.sh ]; then
+  bash scripts/security/audit.sh || true
+fi
+
+# Release guard (dry-run logique)
+if [ -f scripts/release/guard.sh ]; then
+  bash scripts/release/guard.sh || true
+fi
+
+echo "[pre-push] OK"
diff --git a/tests/reports/agents/quality_tech.md b/tests/reports/agents/quality_tech.md
index 8f61827..d4c7a04 100644
--- a/tests/reports/agents/quality_tech.md
+++ b/tests/reports/agents/quality_tech.md
@@ -4,3 +4,4 @@
 - Tous les fichiers requis sont présents.
 
 ## Contrôles automatiques (best‑effort)
+- Shell: shellcheck non disponible
diff --git a/tests/reports/agents/runner_agent.md b/tests/reports/agents/runner_agent.md
index 6d502cf..378cb3d 100644
--- a/tests/reports/agents/runner_agent.md
+++ b/tests/reports/agents/runner_agent.md
@@ -1,3 +1,4 @@
 # Agent Runner
 
-- Docker non détecté sur l'hôte. Impossible de gérer le runner.
+- Fichier runner/docker-compose.yml introuvable; aucun démarrage effectué.
+- Rapports: tests/reports/agents/runner_agent.md

From ed2c658d88f9f23f8ef965cf1524912f2daa0a18 Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Thu, 28 Aug 2025 11:55:01 +0000
Subject: [PATCH 4/6] [skip ci] chore(release): v2025.08.1

---
 TEMPLATE_VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/TEMPLATE_VERSION b/TEMPLATE_VERSION
index 264fc29..4fe1131 100644
--- a/TEMPLATE_VERSION
+++ b/TEMPLATE_VERSION
@@ -1 +1 @@
-v2025.08.5
\ No newline at end of file
+v2025.08.1

From 18434a787b120b2dbdf17eff2d8c39bb4c3b45e9 Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Thu, 28 Aug 2025 12:05:18 +0000
Subject: [PATCH 5/6] [skip ci] chore(agents): centralisation via 4NK_template
 (hooks+doc)

---
 docs/AGENTS_INTEGRATION.md     |  6 ++++++
 scripts/local/install_hooks.sh | 19 +++++++++++++++++++
 scripts/local/precommit.sh     | 19 ++++++-------------
 scripts/local/prepush.sh       | 23 ++++++++++++-----------
 scripts/local/release_local.sh | 20 ++++++++++++++++++++
 5 files changed, 63 insertions(+), 24 deletions(-)
 create mode 100644 docs/AGENTS_INTEGRATION.md
 create mode 100755 scripts/local/install_hooks.sh
 create mode 100755 scripts/local/release_local.sh

diff --git a/docs/AGENTS_INTEGRATION.md b/docs/AGENTS_INTEGRATION.md
new file mode 100644
index 0000000..ac4b41d
--- /dev/null
+++ b/docs/AGENTS_INTEGRATION.md
@@ -0,0 +1,6 @@
+# Intégration des agents 4NK_template
+
+- Hooks centralisés: pre-commit / pre-push via ../4NK_template (Docker).
+- Pré-requis: ~/.4nk_template/.env monté en RO dans le conteneur.
+- Exécution: scripts/local/precommit.sh ou git push (déclenche pre-push).
+- Rapports: tests/reports/agents/.
diff --git a/scripts/local/install_hooks.sh b/scripts/local/install_hooks.sh
new file mode 100755
index 0000000..bd0f600
--- /dev/null
+++ b/scripts/local/install_hooks.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"/..
+HOOKS_DIR="$REPO_ROOT/.git/hooks"
+
+mkdir -p "$HOOKS_DIR"
+install_hook() {
+  local name="$1" src="$2"
+  cp -f "$src" "$HOOKS_DIR/$name"
+  chmod +x "$HOOKS_DIR/$name"
+  echo "Installed hook: $name"
+}
+
+# Hooks qui délèguent aux agents via l'image Docker du template sur le projet courant
+install_hook pre-commit "$REPO_ROOT/scripts/local/precommit.sh"
+install_hook pre-push   "$REPO_ROOT/scripts/local/prepush.sh"
+
+echo "Hooks installés (mode agents via 4NK_template)."
diff --git a/scripts/local/precommit.sh b/scripts/local/precommit.sh
index e9a1387..b2b502c 100755
--- a/scripts/local/precommit.sh
+++ b/scripts/local/precommit.sh
@@ -1,18 +1,11 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Script de pré-commit pour 4NK_wallet
-# Lance les agents de 4NK_template sur ce projet
+# Exécuter les agents depuis l'image Docker de 4NK_template sur le projet courant
+PROJECT_DIR="$(git rev-parse --show-toplevel)"
+TEMPLATE_DIR="$(cd "${PROJECT_DIR}/../4NK_template" && pwd)"
 
-PROJECT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
-TEMPLATE_DIR="$(cd "$PROJECT_DIR/../4NK_template" && pwd)"
+mkdir -p "${PROJECT_DIR}/tests/reports/agents"
+"${TEMPLATE_DIR}/scripts/local/run_agents_for_project.sh" "${PROJECT_DIR}" "tests/reports/agents"
 
-echo "=== Pré-commit 4NK_wallet via 4NK_template ==="
-
-# Créer le dossier de sortie
-mkdir -p "$PROJECT_DIR/tests/reports/agents"
-
-# Lancer les agents de 4NK_template sur ce projet
-"$TEMPLATE_DIR/scripts/local/run_agents_for_project.sh" "$PROJECT_DIR" "tests/reports/agents"
-
-echo "=== Pré-commit terminé ==="
+echo "[pre-commit] OK (agents via 4NK_template)"
diff --git a/scripts/local/prepush.sh b/scripts/local/prepush.sh
index 2d3d93a..7cb8c7d 100755
--- a/scripts/local/prepush.sh
+++ b/scripts/local/prepush.sh
@@ -1,20 +1,21 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
-cd "$ROOT_DIR/.."
+# Exécuter les agents depuis l'image Docker de 4NK_template sur le projet courant
+PROJECT_DIR="$(git rev-parse --show-toplevel)"
+TEMPLATE_DIR="$(cd "${PROJECT_DIR}/../4NK_template" && pwd)"
 
-# Agents complets
-AUTO_FIX="${AUTO_FIX:-1}" SCOPE="${SCOPE:-all}" scripts/agents/run.sh
+mkdir -p "${PROJECT_DIR}/tests/reports/agents"
+"${TEMPLATE_DIR}/scripts/local/run_agents_for_project.sh" "${PROJECT_DIR}" "tests/reports/agents"
 
-# Audit sécurité (best effort)
-if [ -f scripts/security/audit.sh ]; then
-  bash scripts/security/audit.sh || true
+# Audit sécurité (best effort) dans le contexte du projet
+if [ -f "${PROJECT_DIR}/scripts/security/audit.sh" ]; then
+  (cd "${PROJECT_DIR}" && bash scripts/security/audit.sh) || true
 fi
 
-# Release guard (dry-run logique)
-if [ -f scripts/release/guard.sh ]; then
-  bash scripts/release/guard.sh || true
+# Release guard (dry-run logique) dans le contexte du projet
+if [ -f "${PROJECT_DIR}/scripts/release/guard.sh" ]; then
+  (cd "${PROJECT_DIR}" && bash scripts/release/guard.sh) || true
 fi
 
-echo "[pre-push] OK"
+echo "[pre-push] OK (agents via 4NK_template)"
diff --git a/scripts/local/release_local.sh b/scripts/local/release_local.sh
new file mode 100755
index 0000000..e3f48ed
--- /dev/null
+++ b/scripts/local/release_local.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VERSION="${1:-}"
+if [[ -z "$VERSION" ]]; then
+  echo "Usage: $0 vYYYY.MM.P" >&2
+  exit 2
+fi
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT_DIR/.."
+
+echo "$VERSION" > TEMPLATE_VERSION
+git add TEMPLATE_VERSION CHANGELOG.md 2>/dev/null || true
+git commit -m "[skip ci] chore(release): $VERSION" || true
+git tag -a "$VERSION" -m "release: $VERSION (latest)"
+git push || true
+git push origin "$VERSION"
+
+echo "Release locale préparée: $VERSION"

From bd8d34a7fafc9a3514dabbe70375e8548404837b Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Thu, 28 Aug 2025 13:56:23 +0000
Subject: [PATCH 6/6] [skip ci] chore(reports): maj agents avant merge

---
 tests/reports/agents/quality_tech.md | 1 -
 tests/reports/agents/runner_agent.md | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/tests/reports/agents/quality_tech.md b/tests/reports/agents/quality_tech.md
index d4c7a04..8f61827 100644
--- a/tests/reports/agents/quality_tech.md
+++ b/tests/reports/agents/quality_tech.md
@@ -4,4 +4,3 @@
 - Tous les fichiers requis sont présents.
 
 ## Contrôles automatiques (best‑effort)
-- Shell: shellcheck non disponible
diff --git a/tests/reports/agents/runner_agent.md b/tests/reports/agents/runner_agent.md
index 378cb3d..6d502cf 100644
--- a/tests/reports/agents/runner_agent.md
+++ b/tests/reports/agents/runner_agent.md
@@ -1,4 +1,3 @@
 # Agent Runner
 
-- Fichier runner/docker-compose.yml introuvable; aucun démarrage effectué.
-- Rapports: tests/reports/agents/runner_agent.md
+- Docker non détecté sur l'hôte. Impossible de gérer le runner.