@ahmed-g-gad/apothem 0.1.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (270) hide show
  1. package/CHANGELOG.md +4 -4
  2. package/README.md +175 -42
  3. package/bin/apothem.mjs +38 -4
  4. package/package.json +8 -2
  5. package/pyproject.toml +27 -17
  6. package/src/apothem/__main__.py +7 -1
  7. package/src/apothem/_vendor/vendor.txt +4 -0
  8. package/src/apothem/agents/dependency-auditor.md +1 -1
  9. package/src/apothem/agents/fact-checker.md +1 -1
  10. package/src/apothem/agents/prompt-evaluator.md +1 -1
  11. package/src/apothem/agents/research-scout.md +1 -1
  12. package/src/apothem/agents/security-scanner.md +1 -1
  13. package/src/apothem/agents/test-runner.md +1 -1
  14. package/src/apothem/audit/README.md +0 -6
  15. package/src/apothem/audit/build_capability_graph.py +4 -0
  16. package/src/apothem/audit/build_plans_provenance.py +8 -1
  17. package/src/apothem/audit/check_links.py +6 -0
  18. package/src/apothem/audit/classify_artifacts.py +6 -0
  19. package/src/apothem/audit/render_capability_index.py +6 -0
  20. package/src/apothem/audit/scan_ai_surfaces.py +72 -0
  21. package/src/apothem/audit/scan_ai_surfaces_coarse.py +6 -0
  22. package/src/apothem/audit/scan_drift_features.py +6 -0
  23. package/src/apothem/audit/scan_frontmatter.py +7 -0
  24. package/src/apothem/audit/scan_plan_leakage.py +6 -0
  25. package/src/apothem/audit/scan_plans_discipline.py +6 -0
  26. package/src/apothem/audit/scan_secrets_pii.py +6 -0
  27. package/src/apothem/audit/scan_stale_tokens.py +6 -0
  28. package/src/apothem/audit/synthesize_drift.py +13 -0
  29. package/src/apothem/benchmarks/README.md +1 -0
  30. package/src/apothem/benchmarks/bench_install.py +1 -1
  31. package/src/apothem/cli/README.md +1 -1
  32. package/src/apothem/cli/__init__.py +6 -9
  33. package/src/apothem/cli/_cmd_completion.py +61 -31
  34. package/src/apothem/cli/_cmd_diff.py +5 -4
  35. package/src/apothem/cli/_cmd_doctor.py +12 -5
  36. package/src/apothem/cli/_cmd_harnesses.py +17 -7
  37. package/src/apothem/cli/_cmd_install.py +51 -6
  38. package/src/apothem/cli/_cmd_migrate_workspace.py +30 -22
  39. package/src/apothem/cli/_cmd_profile.py +13 -5
  40. package/src/apothem/cli/_cmd_status.py +18 -6
  41. package/src/apothem/cli/_cmd_uninstall.py +20 -16
  42. package/src/apothem/cli/_cmd_update.py +84 -16
  43. package/src/apothem/cli/_cmd_verify.py +25 -14
  44. package/src/apothem/cli/_epilogs.py +5 -3
  45. package/src/apothem/cli/_helpers.py +77 -52
  46. package/src/apothem/cli/_materialize.py +39 -18
  47. package/src/apothem/cli/completions/apothem.ps1 +18 -18
  48. package/src/apothem/commands/README.md +3 -0
  49. package/src/apothem/commands/a11y-audit.md +2 -2
  50. package/src/apothem/commands/architecture-review.md +2 -2
  51. package/src/apothem/commands/audit.md +1 -1
  52. package/src/apothem/commands/code-audit.md +2 -2
  53. package/src/apothem/commands/code-review.md +2 -2
  54. package/src/apothem/commands/dependency-audit.md +2 -2
  55. package/src/apothem/commands/docs-review.md +2 -2
  56. package/src/apothem/commands/elevate.md +40 -25
  57. package/src/apothem/commands/eval.md +2 -2
  58. package/src/apothem/commands/fortress.md +5 -5
  59. package/src/apothem/commands/freshify.md +2 -2
  60. package/src/apothem/commands/github-deploy-fresh.md +2 -2
  61. package/src/apothem/commands/github-deploy-next.md +2 -2
  62. package/src/apothem/commands/perf-audit.md +2 -2
  63. package/src/apothem/commands/plan-audit.md +1 -1
  64. package/src/apothem/commands/plan-design.md +2 -2
  65. package/src/apothem/commands/plan-execute.md +1 -1
  66. package/src/apothem/commands/plan-generate.md +1 -1
  67. package/src/apothem/commands/plan-review.md +1 -1
  68. package/src/apothem/commands/plan-spec.md +2 -2
  69. package/src/apothem/commands/plan.md +1 -1
  70. package/src/apothem/commands/projectify.md +3 -3
  71. package/src/apothem/commands/release-readiness.md +2 -2
  72. package/src/apothem/commands/research-analysis.md +10 -5
  73. package/src/apothem/commands/research-design.md +21 -3
  74. package/src/apothem/commands/research-disseminate.md +13 -3
  75. package/src/apothem/commands/research-experiment.md +21 -2
  76. package/src/apothem/commands/research-ideate.md +1 -1
  77. package/src/apothem/commands/research-paper.md +14 -4
  78. package/src/apothem/commands/research-proposal.md +8 -4
  79. package/src/apothem/commands/research-publish.md +10 -3
  80. package/src/apothem/commands/research-review.md +9 -3
  81. package/src/apothem/commands/research-sources.md +10 -2
  82. package/src/apothem/commands/research-spec.md +12 -4
  83. package/src/apothem/commands/research-synthesis.md +10 -3
  84. package/src/apothem/commands/research-theory.md +2 -2
  85. package/src/apothem/commands/research.md +9 -6
  86. package/src/apothem/commands/security-audit.md +2 -2
  87. package/src/apothem/commands/supply-chain-audit.md +4 -4
  88. package/src/apothem/commands/test-suite.md +4 -4
  89. package/src/apothem/commands/threat-model-audit.md +2 -2
  90. package/src/apothem/commands/ux-review.md +2 -2
  91. package/src/apothem/conformity/README.md +5 -0
  92. package/src/apothem/conformity/__init__.py +17 -0
  93. package/src/apothem/conformity/_grep_base.py +143 -7
  94. package/src/apothem/conformity/agnosticism_grep.py +9 -7
  95. package/src/apothem/conformity/always_on_budget_grep.py +2 -0
  96. package/src/apothem/conformity/bare_except_grep.py +78 -12
  97. package/src/apothem/conformity/binding_reciprocity_grep.py +18 -20
  98. package/src/apothem/conformity/brand_mark_grep.py +0 -3
  99. package/src/apothem/conformity/commented_out_code_grep.py +86 -22
  100. package/src/apothem/conformity/completion_claim_grep.py +15 -15
  101. package/src/apothem/conformity/conventional_commit_grep.py +49 -1
  102. package/src/apothem/conformity/copilot_instructions_presence_grep.py +0 -3
  103. package/src/apothem/conformity/cross_platform_matrix_grep.py +119 -37
  104. package/src/apothem/conformity/determinism_grep.py +1 -1
  105. package/src/apothem/conformity/diagram_staleness_grep.py +22 -6
  106. package/src/apothem/conformity/file_header_grep.py +21 -10
  107. package/src/apothem/conformity/freshness_token_grep.py +21 -10
  108. package/src/apothem/conformity/frontmatter_grep.py +1 -1
  109. package/src/apothem/conformity/gate.py +89 -24
  110. package/src/apothem/conformity/hedging_grep.py +10 -16
  111. package/src/apothem/conformity/license_author_consistency_grep.py +0 -3
  112. package/src/apothem/conformity/link_check.py +32 -9
  113. package/src/apothem/conformity/magic_number_grep.py +107 -9
  114. package/src/apothem/conformity/multi_surface_coherence_grep.py +1 -4
  115. package/src/apothem/conformity/naming_grep.py +190 -11
  116. package/src/apothem/conformity/no_toplevel_docs_grep.py +22 -39
  117. package/src/apothem/conformity/option_annotation_grep.py +0 -3
  118. package/src/apothem/conformity/orphan_output_grep.py +0 -3
  119. package/src/apothem/conformity/plan_suite_structure_grep.py +9 -9
  120. package/src/apothem/conformity/production_ready_pr_grep.py +33 -46
  121. package/src/apothem/conformity/reference_token_grep.py +12 -3
  122. package/src/apothem/conformity/secret_leak_grep.py +0 -3
  123. package/src/apothem/conformity/semver_stability_grep.py +93 -48
  124. package/src/apothem/conformity/token_efficiency_grep.py +0 -3
  125. package/src/apothem/conformity/unpinned_action_grep.py +0 -3
  126. package/src/apothem/conformity/user_confirm_grep.py +0 -3
  127. package/src/apothem/harnesses/_shared/install_driver_lifecycle.py +44 -19
  128. package/src/apothem/harnesses/_shared/install_driver_planvalidation.py +5 -4
  129. package/src/apothem/harnesses/_shared/wrapper_factories.py +203 -0
  130. package/src/apothem/harnesses/antigravity/STANDARD-CONVENTION-PIN.md +16 -10
  131. package/src/apothem/harnesses/antigravity/__init__.py +11 -44
  132. package/src/apothem/harnesses/antigravity/install.py +6 -35
  133. package/src/apothem/harnesses/antigravity/templates/GEMINI.md +8 -5
  134. package/src/apothem/harnesses/antigravity/templates/plugin.json +1 -1
  135. package/src/apothem/harnesses/antigravity/uninstall.py +6 -13
  136. package/src/apothem/harnesses/claude_code/install.py +35 -24
  137. package/src/apothem/harnesses/claude_code/verify.py +1 -1
  138. package/src/apothem/harnesses/codebuddy/__init__.py +5 -7
  139. package/src/apothem/harnesses/codebuddy/templates/apothem-rules.md +1 -1
  140. package/src/apothem/harnesses/codebuddy/uninstall.py +13 -14
  141. package/src/apothem/harnesses/codex/__init__.py +11 -38
  142. package/src/apothem/harnesses/codex/capabilities.yml +5 -8
  143. package/src/apothem/harnesses/codex/install.py +6 -35
  144. package/src/apothem/harnesses/codex/uninstall.py +7 -14
  145. package/src/apothem/harnesses/cursor/__init__.py +5 -7
  146. package/src/apothem/harnesses/cursor/capabilities.yml +5 -10
  147. package/src/apothem/harnesses/cursor/templates/apothem-rules.mdc +1 -1
  148. package/src/apothem/harnesses/cursor/uninstall.py +13 -14
  149. package/src/apothem/harnesses/gemini_cli/STANDARD-CONVENTION-PIN.md +2 -2
  150. package/src/apothem/harnesses/gemini_cli/__init__.py +5 -7
  151. package/src/apothem/harnesses/gemini_cli/capabilities.yml +3 -8
  152. package/src/apothem/harnesses/gemini_cli/templates/GEMINI.md +1 -1
  153. package/src/apothem/harnesses/gemini_cli/uninstall.py +14 -14
  154. package/src/apothem/harnesses/gemini_cli/verify.py +1 -1
  155. package/src/apothem/harnesses/github_copilot/__init__.py +7 -7
  156. package/src/apothem/harnesses/github_copilot/capabilities.yml +6 -10
  157. package/src/apothem/harnesses/github_copilot/templates/copilot-instructions.md +1 -1
  158. package/src/apothem/harnesses/github_copilot/uninstall.py +13 -14
  159. package/src/apothem/harnesses/github_copilot/verify.py +1 -1
  160. package/src/apothem/harnesses/glm/__init__.py +5 -6
  161. package/src/apothem/harnesses/glm/capabilities.yml +3 -1
  162. package/src/apothem/harnesses/glm/uninstall.py +12 -14
  163. package/src/apothem/harnesses/hermes/STANDARD-CONVENTION-PIN.md +2 -1
  164. package/src/apothem/harnesses/hermes/uninstall.py +14 -23
  165. package/src/apothem/harnesses/kimi_code/__init__.py +1 -1
  166. package/src/apothem/harnesses/kimi_code/install.py +2 -2
  167. package/src/apothem/harnesses/kimi_code/uninstall.py +1 -1
  168. package/src/apothem/harnesses/kimi_code/update.py +1 -1
  169. package/src/apothem/harnesses/kimi_code/verify.py +1 -1
  170. package/src/apothem/harnesses/kiro/__init__.py +5 -7
  171. package/src/apothem/harnesses/kiro/capabilities.yml +6 -4
  172. package/src/apothem/harnesses/kiro/templates/apothem-rules.md +1 -1
  173. package/src/apothem/harnesses/kiro/uninstall.py +13 -14
  174. package/src/apothem/harnesses/open_claw/capabilities.yml +7 -5
  175. package/src/apothem/harnesses/open_claw/uninstall.py +10 -22
  176. package/src/apothem/harnesses/open_claw/verify.py +1 -1
  177. package/src/apothem/harnesses/opencode/STANDARD-CONVENTION-PIN.md +2 -1
  178. package/src/apothem/harnesses/opencode/capabilities.yml +5 -10
  179. package/src/apothem/harnesses/opencode/uninstall.py +14 -24
  180. package/src/apothem/harnesses/qwen_code/STANDARD-CONVENTION-PIN.md +3 -3
  181. package/src/apothem/harnesses/qwen_code/capabilities.yml +5 -11
  182. package/src/apothem/harnesses/qwen_code/materializer.py +49 -21
  183. package/src/apothem/harnesses/qwen_code/uninstall.py +14 -24
  184. package/src/apothem/harnesses/qwen_code/verify.py +1 -1
  185. package/src/apothem/harnesses/trae/__init__.py +5 -7
  186. package/src/apothem/harnesses/trae/templates/apothem-rules.md +1 -1
  187. package/src/apothem/harnesses/trae/uninstall.py +13 -14
  188. package/src/apothem/harnesses/windsurf/__init__.py +5 -7
  189. package/src/apothem/harnesses/windsurf/capabilities.yml +4 -6
  190. package/src/apothem/harnesses/windsurf/templates/apothem-rules.md +1 -1
  191. package/src/apothem/harnesses/windsurf/uninstall.py +15 -14
  192. package/src/apothem/harnesses/zed/__init__.py +6 -8
  193. package/src/apothem/harnesses/zed/templates/apothem-rules.md +2 -2
  194. package/src/apothem/harnesses/zed/uninstall.py +16 -17
  195. package/src/apothem/hooks/README.md +2 -0
  196. package/src/apothem/hooks/askuserquestion_validator.py +4 -2
  197. package/src/apothem/hooks/dispatch.py +14 -18
  198. package/src/apothem/hooks/emit_hook_context.py +121 -39
  199. package/src/apothem/hooks/lib/bootstrap.ps1 +20 -0
  200. package/src/apothem/hooks/lib/bootstrap.sh +23 -4
  201. package/src/apothem/hooks/lib/find-pwsh.ps1 +5 -1
  202. package/src/apothem/hooks/lib/find-pwsh.sh +69 -35
  203. package/src/apothem/hooks/lib/resolve_root.py +13 -2
  204. package/src/apothem/hooks/lib/stdin_json.py +49 -0
  205. package/src/apothem/hooks/proactive_compaction_tracker.py +56 -4
  206. package/src/apothem/hooks/session_start_bootstrap.py +36 -8
  207. package/src/apothem/lib/README.md +13 -5
  208. package/src/apothem/lib/atomic_io.py +51 -8
  209. package/src/apothem/lib/auditor.py +9 -5
  210. package/src/apothem/lib/contexts.py +20 -4
  211. package/src/apothem/lib/data_home.py +26 -15
  212. package/src/apothem/lib/harness_registry.py +1 -1
  213. package/src/apothem/lib/harness_registry_data.py +13 -2
  214. package/src/apothem/lib/install_ledger.py +52 -11
  215. package/src/apothem/lib/learning.py +25 -14
  216. package/src/apothem/lib/memory.py +13 -13
  217. package/src/apothem/lib/plugin_tree.py +8 -7
  218. package/src/apothem/lib/profile.py +40 -13
  219. package/src/apothem/lib/profile_projection.py +44 -7
  220. package/src/apothem/lib/propagation-manifest.yaml +5 -2
  221. package/src/apothem/lib/propagation.py +36 -18
  222. package/src/apothem/lib/python_resolver.py +20 -7
  223. package/src/apothem/lib/schema_errors.py +34 -0
  224. package/src/apothem/lib/workspace_migration.py +9 -1
  225. package/src/apothem/rules/agile-sprints-elements.md +1 -1
  226. package/src/apothem/rules/agnostic-posture.md +1 -1
  227. package/src/apothem/rules/authoritative-referencing-quotation.md +1 -1
  228. package/src/apothem/rules/authority-inquiry-categories.md +14 -0
  229. package/src/apothem/rules/auto-memory.md +1 -1
  230. package/src/apothem/rules/canonical-layout-reporting-tiers.md +1 -1
  231. package/src/apothem/rules/code-craft-python.md +1 -1
  232. package/src/apothem/rules/context-management-protocol.md +1 -1
  233. package/src/apothem/rules/context-management-scratch.md +1 -1
  234. package/src/apothem/rules/host-discovery-manifests.md +7 -4
  235. package/src/apothem/rules/host-discovery.md +11 -2
  236. package/src/apothem/rules/i18n-discipline-locale-cohorts.md +1 -1
  237. package/src/apothem/rules/living-docs.md +10 -1
  238. package/src/apothem/rules/operational-mandates-expanded.md +1 -0
  239. package/src/apothem/rules/persistent-conventions-vigilance.md +1 -1
  240. package/src/apothem/rules/planning-techniques.md +2 -0
  241. package/src/apothem/rules/production-ready-prs-surfaces.md +3 -3
  242. package/src/apothem/rules/production-ready-prs.md +3 -1
  243. package/src/apothem/rules/propagation.md +3 -1
  244. package/src/apothem/rules/recommend-next-step.md +1 -1
  245. package/src/apothem/rules/session-closure.md +2 -2
  246. package/src/apothem/rules/visual-leverage.md +1 -1
  247. package/src/apothem/schemas/cohort-manifest.yaml +6 -2
  248. package/src/apothem/schemas/profile.schema.json +11 -3
  249. package/src/apothem/skills/ecosystem-audit/SKILL.md +1 -1
  250. package/src/apothem/skills/eval-harness/SKILL.md +1 -1
  251. package/src/apothem/skills/plan-suite/SKILL.md +1 -1
  252. package/src/apothem/skills/projectify/SKILL.md +2 -2
  253. package/src/apothem/skills/prompt-engineering/SKILL.md +1 -1
  254. package/src/apothem/skills/research-suite/SKILL.md +24 -4
  255. package/src/apothem/skills/research-suite/references/advancement-gate.md +104 -0
  256. package/src/apothem/skills/research-suite/references/autonomous-experiment-loop.md +168 -0
  257. package/src/apothem/skills/research-suite/references/blinding-and-disclosure.md +58 -0
  258. package/src/apothem/skills/research-suite/references/comparator-provenance.md +72 -0
  259. package/src/apothem/skills/research-suite/references/compute-utilization.md +112 -0
  260. package/src/apothem/skills/research-suite/references/directory-structure.md +2 -1
  261. package/src/apothem/skills/research-suite/references/empirical-comparison-rigor.md +48 -0
  262. package/src/apothem/skills/research-suite/references/experiment-program-scaffold.md +92 -0
  263. package/src/apothem/skills/research-suite/references/lifecycle.md +9 -9
  264. package/src/apothem/skills/research-suite/references/rigor-mandates.md +16 -1
  265. package/src/apothem/skills/research-suite/research_template.md +1 -1
  266. package/src/apothem/skills/secret-rotation/SKILL.md +3 -0
  267. package/src/apothem/skills/vuln-triage/SKILL.md +1 -1
  268. package/src/apothem/statuslines/conformity.json +1 -0
  269. package/src/apothem/statuslines/render.py +37 -10
  270. package/src/apothem/audit/execute_plans_migration.py +0 -491
package/CHANGELOG.md CHANGED
@@ -7,7 +7,7 @@ All notable changes to this project are documented in this file.
7
7
  This changelog follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
8
8
  and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
9
9
 
10
- ## [0.1.1] - 2026-06-27
10
+ ## [1.0.0] - 2026-07-03
11
11
 
12
12
  The first release of Apothem — a host-agnostic configuration manager that
13
13
  authors one shared profile and materializes it into the native configuration of
@@ -30,8 +30,8 @@ reproducible releases.
30
30
  `~/.apothem/backups/` before replacement; uninstalls reverse cleanly with zero
31
31
  orphans.
32
32
  - **CLI.** `quickstart`, `install`, `uninstall`, `update`, `verify`, `status`,
33
- `diff`, `rollback`, `harnesses`, `profile`, `doctor`, and `completion`
34
- commands, with dry-run reporting, drift detection, structured JSON output
33
+ `diff`, `rollback`, `migrate-workspace`, `harnesses`, `profile`, `doctor`, and
34
+ `completion` commands, with dry-run reporting, drift detection, structured JSON output
35
35
  (`--format json`), and per-harness status. The engine is self-contained — the
36
36
  source tree carries its vendored dependencies and runs from a checkout as
37
37
  `python -m apothem` on system Python 3.10+.
@@ -57,4 +57,4 @@ reproducible releases.
57
57
  documentation build, CodeQL, OpenSSF Scorecard, dependency audit, and
58
58
  supply-chain checks before publication.
59
59
 
60
- [0.1.1]: https://github.com/Ahmed-G-Gad/apothem/releases/tag/v0.1.1
60
+ [1.0.0]: https://github.com/ahmed-g-gad/apothem/releases/tag/v1.0.0
package/README.md CHANGED
@@ -12,14 +12,15 @@
12
12
  <h1 align="center">Apothem</h1>
13
13
 
14
14
  <p align="center">
15
- <em>One shared profile · materialized into seventeen assistant harnesses.</em>
15
+ <em>Author one shared profile · materialize it into seventeen tools' native configs.</em>
16
16
  </p>
17
17
 
18
18
  <p align="center">
19
+ <a href="https://github.com/ahmed-g-gad/apothem/releases"><img alt="Release" src="https://img.shields.io/endpoint?url=https%3A%2F%2Fapothem.ahmedgad.com%2Fbadges%2Frelease.json"></a>
19
20
  <a href="https://github.com/ahmed-g-gad/apothem/actions/workflows/ci.yml"><img alt="Build" src="https://github.com/ahmed-g-gad/apothem/actions/workflows/ci.yml/badge.svg?branch=main"></a>
20
21
  <a href="https://github.com/ahmed-g-gad/apothem/blob/main/LICENSE"><img alt="License: MIT" src="https://img.shields.io/github/license/ahmed-g-gad/apothem?color=0F172A"></a>
21
22
  <a href="https://www.npmjs.com/package/@ahmed-g-gad/apothem"><img alt="npm version" src="https://img.shields.io/npm/v/%40ahmed-g-gad%2Fapothem?color=10B981&label=npm"></a>
22
- <a href="https://github.com/ahmed-g-gad/apothem/actions/workflows/ci.yml"><img alt="Coverage" src="https://img.shields.io/badge/coverage-%E2%89%A580%25-2563EB"></a>
23
+ <a href="https://github.com/ahmed-g-gad/apothem/blob/main/pyproject.toml"><img alt="Coverage gate ≥80%" src="https://img.shields.io/badge/coverage%20gate-%E2%89%A580%25-2563EB"></a>
23
24
  <a href="https://securityscorecards.dev/viewer/?uri=github.com/ahmed-g-gad/apothem"><img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/ahmed-g-gad/apothem/badge"></a>
24
25
  <a href="https://github.com/ahmed-g-gad/apothem/discussions"><img alt="Community discussions" src="https://img.shields.io/badge/discussions-GitHub-7C3AED"></a>
25
26
  <a href="https://apothem.ahmedgad.com/"><img alt="Documentation" src="https://img.shields.io/badge/docs-Fumadocs-0F172A"></a>
@@ -27,14 +28,18 @@
27
28
  </p>
28
29
 
29
30
  <p align="center">
31
+ <a href="https://github.com/ahmed-g-gad/apothem#why-apothem">Why Apothem</a>
32
+ &nbsp;·&nbsp;
30
33
  <a href="https://github.com/ahmed-g-gad/apothem#install">Install</a>
31
34
  &nbsp;·&nbsp;
32
35
  <a href="https://github.com/ahmed-g-gad/apothem#quick-start">Quick Start</a>
33
36
  &nbsp;·&nbsp;
34
- <a href="https://apothem.ahmedgad.com/">Documentation</a>
37
+ <a href="https://github.com/ahmed-g-gad/apothem#how-it-works">How it works</a>
35
38
  &nbsp;·&nbsp;
36
39
  <a href="https://github.com/ahmed-g-gad/apothem#supported-harnesses">Supported harnesses</a>
37
40
  &nbsp;·&nbsp;
41
+ <a href="https://apothem.ahmedgad.com/">Documentation</a>
42
+ &nbsp;·&nbsp;
38
43
  <a href="https://github.com/ahmed-g-gad/apothem/blob/main/CHANGELOG.md">Changelog</a>
39
44
  &nbsp;·&nbsp;
40
45
  <a href="https://github.com/ahmed-g-gad/apothem/blob/main/CONTRIBUTING.md">Contributing</a>
@@ -50,7 +55,7 @@
50
55
  </a>
51
56
  </p>
52
57
 
53
- **Apothem** authors one shared profile — rules, slash-commands, skills, hooks, output-styles, settings (including MCP servers), schemas, and docs — and materializes that *whole synced unit* into all seventeen supported harnesses' native configuration directories through per-harness adapters. One source of truth. Seventeen destinations. Zero hand-maintained drift. A mechanized conformity gate keeps every materialized surface in line.
58
+ **Apothem** authors one shared profile — rules, slash-commands, skills, hooks, output-styles, settings (including MCP servers), schemas, and docs — and materializes that *whole synced unit* into all seventeen supported harnesses' native configuration directories through per-harness adapters. Edit the profile once; every tool picks up the change from a single command. One source of truth, seventeen destinations, zero hand-maintained drift with a mechanized conformity gate keeping every materialized surface in line.
54
59
 
55
60
  ## Why Apothem
56
61
 
@@ -59,9 +64,9 @@ Supported harnesses proliferate; each one parks its configuration in a different
59
64
  Apothem cuts the drift at the root, and goes wider than file-copying or rules-only sync:
60
65
 
61
66
  - **One profile, seventeen destinations.** Author your rules, slash-commands, skills, hooks, output-styles, settings (MCP servers included), schemas, and docs once. Push the whole unit to every harness with one command.
62
- - **A wide synced unit, not rules alone.** Rules · slash-commands · skills · hooks · output-styles · settings (with MCP servers) · schemas · docs travel together as first-class primitives — translated into each harness's native schema, not flattened to a lowest common denominator.
67
+ - **A wide synced unit, not rules alone.** Every primitive travels as a first-class citizen — translated into each harness's native schema, never flattened to a lowest common denominator.
63
68
  - **A mechanized governance gate.** `python -m apothem.conformity.gate` runs multi-bar pre-emission checks — authorship headers, naming, code-craft, hedging, binding reciprocity — so every materialized surface stays conformant.
64
- - **Deterministic pipelines.** A review pipeline (`/plan-spec → /plan-generate → /plan-review → /plan-design → /plan-execute`, where `/plan-design` runs only for architecture-bearing suites), a 13-stage `/research` pipeline, and an eleven-command audit fortress apply to every change to the profile itself.
69
+ - **Deterministic pipelines.** A review pipeline (`/plan-spec → /plan-generate → /plan-review → /plan-design → /plan-execute`, where `/plan-design` runs only for architecture-bearing suites), a thirteen-stage `/research` pipeline, and an eleven-command audit fortress apply to every change to the profile itself.
65
70
  - **Reversible, verified lifecycle.** Every install is undone by the matching uninstall — timestamped backups, zero orphans; `apothem verify --harness <name>` answers "is the profile faithfully installed here?" with a structured JSON drift report.
66
71
  - **Durable memory + opt-in learning.** A persistent memory tier and an opt-in continuous-learning loop carry confirmed conventions forward across sessions.
67
72
  - **Work that survives session, account, and machine boundaries.** Long-running work externalizes its full state to a project-local `.apothem/plans/` suite — a resumption contract plus a cold-start protocol. Because the state lives in your project's files, not locked inside one cloud chat history, a fresh session on any account or machine pointed at the project picks the work back up in place. See [Resumable planning](https://apothem.ahmedgad.com/docs/concepts/resumable-planning/).
@@ -73,7 +78,7 @@ Apothem cuts the drift at the root, and goes wider than file-copying or rules-on
73
78
  | 🎯 | **One profile → seventeen native configs** | Author once; install everywhere. Each harness receives the profile translated into its own native schema — no lowest-common-denominator flattening. |
74
79
  | 🧩 | **A wide synced unit** | Rules · slash-commands · skills · hooks · output-styles · settings (with MCP servers) · schemas · docs travel together as first-class primitives — not rules alone. |
75
80
  | 🛡️ | **Mechanized governance gate** | `python -m apothem.conformity.gate` runs multi-bar pre-emission checks — authorship headers, naming, code-craft, hedging, binding reciprocity — across every materialized surface; a behavior-diff golden corpus regression-locks each adapter's output, so any unintended change to what a harness receives is caught. |
76
- | 🧭 | **Deterministic pipelines** | A staged `/plan` review pipeline and a 13-stage `/research` pipeline apply the same discipline to every change to the profile itself. |
81
+ | 🧭 | **Deterministic pipelines** | A staged `/plan` review pipeline and a thirteen-stage `/research` pipeline apply the same discipline to every change to the profile itself. |
77
82
  | 🏰 | **eleven-command audit fortress** | Security · code · accessibility · performance · dependency · supply-chain · threat-model · architecture · code-review · docs-review · UX audits on demand. |
78
83
  | 🧠 | **Durable memory + opt-in learning** | A persistent memory tier and an opt-in continuous-learning loop carry confirmed conventions forward across sessions. |
79
84
  | 👁️ | **Preview before write** | `apothem diff --harness <name>` shows every pending change to a harness's native config before anything lands — inspect the full diff, then install. |
@@ -85,19 +90,19 @@ Apothem cuts the drift at the root, and goes wider than file-copying or rules-on
85
90
 
86
91
  ## How Apothem compares
87
92
 
88
- Other tools solve adjacent slices of this problem. File-based config managers like **chezmoi** and **GNU Stow** place or template files but never translate one source into each harness's *native* configuration schema. Cross-tool rule-sync CLIs like **rulesync** do generate per-tool native files across many tools — a broader tool count than Apothem's seventeen. Apothem's distinction is the **breadth of the synced unit** and the discipline shipped around it:
93
+ Other tools solve adjacent slices of this problem. File-based config managers like **chezmoi** and **GNU Stow** place or template files but never translate one source into each harness's *native* configuration schema. Cross-tool rule-sync CLIs like **rulesync** do generate per-tool native files across many tools — a broader tool count than Apothem's seventeen, and a comparably wide synced unit. Apothem's distinction is the **governance and lifecycle discipline shipped around the sync** — a mechanized conformity gate, deterministic pipelines, an audit fortress, and a reversible verified lifecycle:
89
94
 
90
95
  | Capability | Apothem | File config managers<br>(chezmoi, Stow) | Cross-tool rule sync<br>(rulesync) | Per-tool native config |
91
96
  |---|:---:|:---:|:---:|:---:|
92
97
  | One source → many tools' native schemas | ✅ seventeen harness adapters | ❌ copy / symlink, no translation | ✅ | ❌ single tool |
93
- | Synced unit | rules · slash-commands · skills · hooks · output-styles · settings (MCP) · schemas · docs | arbitrary files | rules · MCP · commands | — |
98
+ | Synced unit | rules · slash-commands · skills · hooks · output-styles · settings (MCP) · schemas · docs | arbitrary files | rules · ignore · MCP · commands · subagents · skills · hooks · permissions | — |
94
99
  | Mechanized governance gate | ✅ `python -m apothem.conformity.gate` | ❌ | ❌ | ❌ |
95
- | Deterministic `/plan` + 13-stage `/research` pipelines | ✅ | ❌ | ❌ | ❌ |
100
+ | Deterministic `/plan` + thirteen-stage `/research` pipelines | ✅ | ❌ | ❌ | ❌ |
96
101
  | eleven-command audit fortress | ✅ security · perf · a11y · supply-chain · … | ❌ | ❌ | ❌ |
97
102
  | Durable memory + opt-in learning loop | ✅ | ❌ | ❌ | ❌ |
98
103
  | Reversible, verified lifecycle | ✅ backup + `apothem verify` + zero-orphan uninstall | varies | varies | — |
99
104
 
100
- Where a peer is stronger, it is named: **rulesync** reaches more tools, and several sync tools materialize native schemas. Apothem trades raw tool count for a wider synced unitskills, hooks, MCP servers, and the command pipelines as first-class, not rules alone and the governance, audit, and review discipline that ships with it.
105
+ Where a peer is stronger, it is named: **rulesync** reaches more tools and carries a comparably wide synced unit, and several sync tools materialize native schemas. Apothem trades raw tool count for the governance, audit, and lifecycle discipline shipped around the sync a conformity gate, deterministic `/plan` and `/research` pipelines, an eleven-command audit fortress, durable memory, and a reversible verified lifecycle that a rule-sync tool does not carry.
101
106
 
102
107
  ## Quick Start
103
108
 
@@ -116,8 +121,9 @@ npx @ahmed-g-gad/apothem verify --harness claude-code
116
121
 
117
122
  That is the whole path: `quickstart` scaffolds a shared profile when none
118
123
  exists, previews every file it will write, installs, and names the next
119
- commands; `verify` reports whether the profile is faithfully installed. The rest
120
- of this section is the longer tour.
124
+ commands; `verify` reports whether the profile is faithfully installed. What
125
+ follows is the longer tour — the same one command explained in full, then the
126
+ explicit step-by-step alternative.
121
127
 
122
128
  ### Other ways to install
123
129
 
@@ -137,16 +143,14 @@ curl -fsSL https://apothem.ahmedgad.com/install.sh | sh # POSIX
137
143
  irm https://apothem.ahmedgad.com/install.ps1 | iex # Windows
138
144
  ```
139
145
 
140
- The guided first step is a single command that walks the whole canonical path
141
- create a shared profile if none exists, preview the files each harness will
142
- write, confirm, then install:
146
+ The `quickstart` command walks the whole canonical path in one guided step:
143
147
 
144
148
  ```shell
145
149
  npx @ahmed-g-gad/apothem quickstart
146
150
  ```
147
151
 
148
- `quickstart` ensures a profile (scaffolding one with a personalize nudge if it
149
- is missing), previews the writes grouped by project root versus your home
152
+ It ensures a profile (scaffolding one with a personalize nudge if it is
153
+ missing), previews the writes grouped by project root versus your home
150
154
  directory, asks before writing outside the project, installs with the grouped
151
155
  capability-note output, and ends by naming the next commands. `--yes` runs it
152
156
  non-interactively; `--format json` emits one structured summary.
@@ -182,8 +186,36 @@ Every install path runs the same self-contained engine: the source tree
182
186
  carries its vendored dependencies and runs from a checkout on system Python
183
187
  3.10 or newer (see
184
188
  [the self-contained runtime](https://apothem.ahmedgad.com/docs/architecture/self-contained-runtime/)).
189
+ Two prerequisites are shared by every path — **system Python 3.10 or newer** on
190
+ `PATH`, with the `click` and `rich` packages importable under it; the npm-shim
191
+ and tool-plugin paths additionally need **Node.js 18 or newer** to run `npx`.
192
+
193
+ Eight install channels are available. Pick by how you already work; each
194
+ channel's own subsection below gives its prerequisites, one copy-ready command,
195
+ and a verification step.
196
+
197
+ | # | Channel | Delivers | Prerequisites |
198
+ |---|---|---|---|
199
+ | 1 | [Claude Code plugin](#1--claude-code-plugin) | Full harness in Claude Code | Claude Code · Python 3.10+ |
200
+ | 2 | [npm shim (`npx`)](#2--npm-shim-npx) | Full harness, any tool | Node 18+ · Python 3.10+ |
201
+ | 3 | [One-shot installers](#3--one-shot-installers) | Full harness + an `apothem` command | Python 3.10+ (`git` for a network install) |
202
+ | 4 | [VS Code family extension](#4--vs-code-family-extension) | Full harness from the editor | VS Code · Node 18+ · Python 3.10+ |
203
+ | 5 | [Gemini CLI extension](#5--gemini-cli-extension) | Bootstrap that runs the engine | Gemini CLI · Node 18+ · Python 3.10+ |
204
+ | 6 | [Qwen Code extension](#6--qwen-code-extension) | Bootstrap that runs the engine | Qwen Code · Node 18+ · Python 3.10+ |
205
+ | 7 | [Codex plugin](#7--codex-plugin) | Bootstrap that runs the engine | Codex · Node 18+ · Python 3.10+ |
206
+ | 8 | [Direct engine (`python -m apothem`)](#8--direct-engine-python--m-apothem) | Full harness from a checkout | Python 3.10+ (`click`, `rich`) |
207
+
208
+ The npm shim (2), the one-shot installers (3), and the direct engine (8)
209
+ deliver the whole synced unit for any harness. The Gemini CLI, Qwen Code, and
210
+ Codex extensions (5–7) install a small bootstrap that shells out to the engine
211
+ (`npx @ahmed-g-gad/apothem install`) to materialize the full harness — they are
212
+ the entry point, not the full delivery on their own.
213
+
214
+ Every path is idempotent: re-running is safe and converges to the same state.
215
+
216
+ ### 1 — Claude Code plugin
185
217
 
186
- ### Claude Code plugin
218
+ **Prerequisites:** Claude Code, and system Python 3.10+ on `PATH`.
187
219
 
188
220
  Inside Claude Code:
189
221
 
@@ -192,10 +224,18 @@ Inside Claude Code:
192
224
  /plugin install apothem@apothem
193
225
  ```
194
226
 
195
- ### npx
227
+ **Verify:** run `/help` inside Claude Code and confirm the Apothem commands are
228
+ listed, or check the drift report with:
196
229
 
197
- The npm shim locates Python 3.10+ and forwards every CLI command to the
198
- bundled engine:
230
+ ```shell
231
+ npx @ahmed-g-gad/apothem verify --harness claude-code
232
+ ```
233
+
234
+ ### 2 — npm shim (`npx`)
235
+
236
+ **Prerequisites:** Node.js 18+ (for `npx`) and system Python 3.10+ on `PATH`.
237
+ The shim locates the interpreter and forwards every CLI command to the bundled
238
+ engine.
199
239
 
200
240
  ```shell
201
241
  npx @ahmed-g-gad/apothem install --harness claude-code
@@ -207,7 +247,18 @@ It also runs straight from the repository:
207
247
  npx github:ahmed-g-gad/apothem install --harness claude-code
208
248
  ```
209
249
 
210
- ### One-shot installers
250
+ **Verify:**
251
+
252
+ ```shell
253
+ npx @ahmed-g-gad/apothem --version
254
+ npx @ahmed-g-gad/apothem verify --harness claude-code
255
+ ```
256
+
257
+ ### 3 — One-shot installers
258
+
259
+ **Prerequisites:** system Python 3.10+ on `PATH` (the installer offers to add
260
+ the `click` / `rich` prerequisites for you); `git` is needed only for a network
261
+ install that clones the source.
211
262
 
212
263
  The one-shot installer resolves the latest signed release tag, verifies its
213
264
  signature, fetches the Apothem source tree at that tag, runs the engine
@@ -219,6 +270,16 @@ tag-pinned verified install is the default and recommended path.
219
270
  | **POSIX** (macOS / Linux / WSL) | `curl -fsSL https://apothem.ahmedgad.com/install.sh \| sh` |
220
271
  | **Windows** (PowerShell) | `irm https://apothem.ahmedgad.com/install.ps1 \| iex` |
221
272
 
273
+ The same scripts ship in a checkout under
274
+ [`scripts/installer/`](scripts/installer/) — `install`, `uninstall`, and
275
+ `update` in `.sh`, `.ps1`, and `.bat` forms — so you can run them directly
276
+ after cloning:
277
+
278
+ ```shell
279
+ APOTHEM_HARNESS=claude-code sh scripts/installer/install.sh # POSIX
280
+ $env:APOTHEM_HARNESS = 'claude-code'; pwsh -NoProfile -File scripts/installer/install.ps1 # Windows
281
+ ```
282
+
222
283
  **Trust model (tag-pinned, verified by default).** With no `APOTHEM_REF` set,
223
284
  the installer resolves the highest `vMAJOR.MINOR.PATCH` release tag and checks
224
285
  *that* out — never the moving `main` branch. Before any configuration is
@@ -266,7 +327,7 @@ dependencies) — POSIX into `$HOME/.local/bin`, Windows into
266
327
  `%LOCALAPPDATA%\Microsoft\WindowsApps` (a user directory already on the default
267
328
  Windows PATH). The installer never edits your PATH. Once the directory is on
268
329
  PATH you run `apothem <command>` directly, with no manual `PYTHONPATH`. If the
269
- directory is not on PATH (or the shim could not be placed), the banner prints how
330
+ directory is not on PATH (or the shim was not placed), the banner prints how
270
331
  to add it and falls back to the self-contained `PYTHONPATH=… python -m apothem`
271
332
  form — it never advertises a bare `apothem` command the run did not resolve.
272
333
 
@@ -294,25 +355,36 @@ and re-materialize.
294
355
  configuration (it prompts unless `--yes` / `-Yes`); pass `--remove-source` /
295
356
  `-RemoveSource` to also remove the managed clone at `APOTHEM_HOME`.
296
357
 
297
- Verify the install:
358
+ **Verify:**
298
359
 
299
360
  ```shell
300
- npx @ahmed-g-gad/apothem verify --harness claude-code
361
+ apothem verify --harness claude-code
301
362
 
302
- # or run the engine from the bundled source:
363
+ # or, before the shim is on PATH, from the bundled source:
303
364
  PYTHONPATH="$HOME/.apothem/src" python -m apothem verify --harness claude-code
304
365
  ```
305
366
 
306
- ### VS Code family extension
367
+ ### 4 — VS Code family extension
368
+
369
+ **Prerequisites:** VS Code, Node.js 18+, and system Python 3.10+ on `PATH`.
307
370
 
308
371
  Install the **Apothem** extension from the
309
- [Visual Studio Marketplace](https://marketplace.visualstudio.com/) — one
310
- extension covers VS Code and GitHub Copilot. Its commands (`Apothem:
372
+ [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=ahmed-g-gad.apothem) —
373
+ one extension covers VS Code and GitHub Copilot. Its commands (`Apothem:
311
374
  Install`, `Verify`, `Update`, `Uninstall`, `Doctor`) run the same engine
312
375
  through the configured runner (`npx @ahmed-g-gad/apothem` by default). Source
313
376
  lives under [`vscode-extension/`](vscode-extension/).
314
377
 
315
- ### Gemini CLI extension
378
+ **Verify:** run the **Apothem: Verify** command from the editor's command
379
+ palette, or from a terminal:
380
+
381
+ ```shell
382
+ npx @ahmed-g-gad/apothem verify --harness claude-code
383
+ ```
384
+
385
+ ### 5 — Gemini CLI extension
386
+
387
+ **Prerequisites:** Gemini CLI, Node.js 18+, and system Python 3.10+ on `PATH`.
316
388
 
317
389
  Install Apothem as a Gemini CLI extension straight from the repository:
318
390
 
@@ -320,10 +392,24 @@ Install Apothem as a Gemini CLI extension straight from the repository:
320
392
  gemini extensions install https://github.com/ahmed-g-gad/apothem
321
393
  ```
322
394
 
323
- The extension loads an Apothem context file and adds a `/apothem` command that
324
- runs any engine subcommand.
395
+ This extension is a bootstrap, not the full install on its own: it loads an
396
+ Apothem context file and adds a `/apothem` command that shells out to the
397
+ engine (`npx @ahmed-g-gad/apothem`). Materialize the full harness by running
398
+ the install through it:
399
+
400
+ ```shell
401
+ npx @ahmed-g-gad/apothem install --harness gemini-cli --project .
402
+ ```
403
+
404
+ **Verify:**
325
405
 
326
- ### Qwen Code extension
406
+ ```shell
407
+ npx @ahmed-g-gad/apothem verify --harness gemini-cli --project .
408
+ ```
409
+
410
+ ### 6 — Qwen Code extension
411
+
412
+ **Prerequisites:** Qwen Code, Node.js 18+, and system Python 3.10+ on `PATH`.
327
413
 
328
414
  Install Apothem as a Qwen Code extension straight from the repository:
329
415
 
@@ -331,11 +417,24 @@ Install Apothem as a Qwen Code extension straight from the repository:
331
417
  qwen extensions install ahmed-g-gad/apothem
332
418
  ```
333
419
 
334
- The extension loads an Apothem context file (`QWEN.md`). Qwen Code also installs
335
- Gemini CLI extensions and Claude Code marketplace plugins directly, so those
336
- entries work as well.
420
+ Like the Gemini CLI extension, this is a bootstrap: it loads an Apothem context
421
+ file (`QWEN.md`) and shells out to the engine; materialize the full harness by
422
+ running the install through it. Qwen Code also installs Gemini CLI extensions
423
+ and Claude Code marketplace plugins directly, so those entries work as well.
337
424
 
338
- ### Codex plugin
425
+ ```shell
426
+ npx @ahmed-g-gad/apothem install --harness qwen-code
427
+ ```
428
+
429
+ **Verify:**
430
+
431
+ ```shell
432
+ npx @ahmed-g-gad/apothem verify --harness qwen-code
433
+ ```
434
+
435
+ ### 7 — Codex plugin
436
+
437
+ **Prerequisites:** Codex, Node.js 18+, and system Python 3.10+ on `PATH`.
339
438
 
340
439
  Add the repository as a Codex plugin marketplace, then install the plugin:
341
440
 
@@ -344,12 +443,46 @@ codex plugin marketplace add ahmed-g-gad/apothem
344
443
  codex plugin add apothem@apothem
345
444
  ```
346
445
 
347
- ### OpenCode and other adapter-only tools
446
+ Like the Gemini CLI and Qwen Code extensions, this is a bootstrap that shells
447
+ out to the engine; materialize the full harness by running the install through
448
+ it:
449
+
450
+ ```shell
451
+ npx @ahmed-g-gad/apothem install --harness codex
452
+ ```
453
+
454
+ **Verify:**
455
+
456
+ ```shell
457
+ npx @ahmed-g-gad/apothem verify --harness codex
458
+ ```
459
+
460
+ ### 8 — Direct engine (`python -m apothem`)
461
+
462
+ **Prerequisites:** system Python 3.10+ with the `click` and `rich` packages
463
+ importable; a checkout of the repository. No Node.js required.
464
+
465
+ Run the self-contained engine straight from a clone — the source tree carries
466
+ its vendored dependencies, so `PYTHONPATH=src` is the whole setup:
467
+
468
+ ```shell
469
+ git clone https://github.com/ahmed-g-gad/apothem
470
+ cd apothem
471
+ PYTHONPATH=src python -m apothem install --harness claude-code
472
+ ```
473
+
474
+ **Verify:**
475
+
476
+ ```shell
477
+ PYTHONPATH=src python -m apothem verify --harness claude-code
478
+ ```
479
+
480
+ ### Every other tool (OpenCode and adapter-only harnesses)
348
481
 
349
482
  Some tools — OpenCode among them — expose no separate plugin or extension
350
483
  registry for a configuration manager; their native surface is their own config
351
- directory. Apothem syncs those directly through the npm shim or the one-shot
352
- installers:
484
+ directory. Apothem syncs those directly through the npm shim (channel 2), the
485
+ one-shot installers (channel 3), or the direct engine (channel 8):
353
486
 
354
487
  ```shell
355
488
  npx @ahmed-g-gad/apothem install --harness opencode
@@ -387,7 +520,7 @@ graph LR
387
520
  A --> OC["~/.config/opencode/<br/>OpenCode"]
388
521
  A --> QW["~/.qwen/<br/>Qwen Code"]
389
522
  A --> TR["project .trae/rules<br/>Trae"]
390
- A --> WI["project .devin/rules<br/>Windsurf (Devin Desktop)"]
523
+ A --> WI["project .devin/rules (.windsurf/rules fallback)<br/>Windsurf (Devin Desktop)"]
391
524
  A --> ZE["project .rules<br/>Zed"]
392
525
  A --> KM["project AGENTS.md + .kimi-code/<br/>Kimi Code"]
393
526
  A --> GL["project .apothem/providers/glm.toml<br/>GLM (Z.ai)"]
package/bin/apothem.mjs CHANGED
@@ -19,9 +19,21 @@ const packageRoot = fileURLToPath(new URL("..", import.meta.url));
19
19
  const vendorPath = join(packageRoot, "src", "apothem", "_vendor");
20
20
  const sourcePath = join(packageRoot, "src");
21
21
 
22
+ // The probe both enforces the version floor and rejects the Microsoft Store
23
+ // launcher shims (zero-byte stubs under AppData\Local\Microsoft\WindowsApps).
24
+ // Those stubs satisfy `python`/`py` on PATH but, when executed, open the Store
25
+ // install page instead of running Python — every other entry path (install.sh
26
+ // via hooks/lib/find-python.sh, install.ps1) already rejects them. `sys.base_prefix`
27
+ // is printed so a real interpreter can be distinguished from a shim by path.
22
28
  const versionProbe =
23
- "import sys; raise SystemExit(0 if sys.version_info[:2] >= " +
24
- `(${MIN_PYTHON[0]}, ${MIN_PYTHON[1]}) else 1)`;
29
+ "import sys; " +
30
+ `sys.exit(1) if sys.version_info[:2] < (${MIN_PYTHON[0]}, ${MIN_PYTHON[1]}) else ` +
31
+ "print(sys.executable or '')";
32
+
33
+ /** True when a resolved interpreter path is a Microsoft Store launcher shim. */
34
+ function isWindowsAppsShim(execPath) {
35
+ return /[\\/]Microsoft[\\/]WindowsApps[\\/]/i.test(execPath);
36
+ }
25
37
 
26
38
  /** Interpreter candidates, ordered; each is [command, ...leading args]. */
27
39
  const candidates = [];
@@ -33,9 +45,15 @@ candidates.push(["python3"], ["python"], ["py", "-3"]);
33
45
  function probe(candidate) {
34
46
  const [command, ...lead] = candidate;
35
47
  const result = spawnSync(command, [...lead, "-c", versionProbe], {
36
- stdio: "ignore",
48
+ encoding: "utf8",
37
49
  });
38
- return result.status === 0;
50
+ if (result.status !== 0) {
51
+ return false;
52
+ }
53
+ // Reject the Store shim: it can exit 0 on the probe yet trigger a Store
54
+ // popup (or fail) on the real invocation.
55
+ const execPath = (result.stdout || "").trim();
56
+ return !isWindowsAppsShim(execPath);
39
57
  }
40
58
 
41
59
  const interpreter = candidates.find(probe);
@@ -75,4 +93,20 @@ const run = spawnSync(command, [...lead, "-m", "apothem", ...process.argv.slice(
75
93
  stdio: "inherit",
76
94
  env,
77
95
  });
96
+
97
+ // A spawn-level failure (ENOENT: interpreter vanished between probe and run;
98
+ // EPERM: not executable) leaves `run.status` null with the cause in `run.error`
99
+ // — report it instead of exiting a bare 1. A signal termination likewise leaves
100
+ // `status` null; surface the signal so a killed child is not mistaken for a
101
+ // clean exit.
102
+ if (run.error) {
103
+ process.stderr.write(
104
+ `apothem: failed to run '${command}': ${run.error.message}\n`,
105
+ );
106
+ process.exit(1);
107
+ }
108
+ if (run.signal) {
109
+ process.stderr.write(`apothem: interpreter terminated by signal ${run.signal}\n`);
110
+ process.exit(1);
111
+ }
78
112
  process.exit(run.status ?? 1);
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@ahmed-g-gad/apothem",
3
- "version": "0.1.1",
4
- "description": "Host-agnostic AI-harness configuration manager: one shared profile materializes native configs for seventeen AI assistant harnesses, syncing rules, skills, slash-commands, hooks, and MCP servers behind a conformity governance gate and signed releases.",
3
+ "version": "1.0.0",
4
+ "description": "Host-agnostic AI-harness configuration manager: one shared profile materializes native configs for seventeen AI assistant harnesses, syncing rules, slash-commands, skills, hooks, output-styles, settings, schemas, and docs behind a conformity governance gate and signed releases.",
5
5
  "keywords": [
6
6
  "agent",
7
7
  "agnostic",
@@ -59,6 +59,12 @@
59
59
  "files": [
60
60
  "bin/",
61
61
  "src/apothem/",
62
+ "!**/__pycache__",
63
+ "!**/*.pyc",
64
+ "!**/*.pyo",
65
+ "!**/.mypy_cache",
66
+ "!**/.pytest_cache",
67
+ "!**/.ruff_cache",
62
68
  "pyproject.toml",
63
69
  "LICENSE",
64
70
  "LICENSES/",
package/pyproject.toml CHANGED
@@ -1,12 +1,14 @@
1
1
  # SPDX-License-Identifier: MIT
2
2
 
3
3
  [build-system]
4
- requires = ["setuptools>=68.0", "wheel"]
4
+ # Modern setuptools builds wheels natively; a separate "wheel" requirement is
5
+ # no longer part of the recommended configuration on packaging.python.org.
6
+ requires = ["setuptools>=77.0"]
5
7
  build-backend = "setuptools.build_meta"
6
8
 
7
9
  [project]
8
10
  name = "apothem"
9
- version = "0.1.1"
11
+ version = "1.0.0"
10
12
  description = "Host-agnostic AI-harness configuration manager: one shared profile materializes native configs for seventeen AI assistant harnesses, syncing rules, skills, slash-commands, hooks, and MCP servers behind a conformity governance gate and signed releases."
11
13
  requires-python = ">=3.10"
12
14
  readme = "README.md"
@@ -59,11 +61,11 @@ Homepage = "https://apothem.ahmedgad.com/"
59
61
  Documentation = "https://apothem.ahmedgad.com/docs/usage/"
60
62
  Reference = "https://apothem.ahmedgad.com/docs/reference/"
61
63
  Architecture = "https://apothem.ahmedgad.com/docs/architecture/"
62
- Repository = "https://github.com/ahmed-g-gad/apothem"
63
- Issues = "https://github.com/ahmed-g-gad/apothem/issues"
64
- Discussions = "https://github.com/ahmed-g-gad/apothem/discussions"
65
- Changelog = "https://github.com/ahmed-g-gad/apothem/blob/main/CHANGELOG.md"
66
- Security = "https://github.com/ahmed-g-gad/apothem/security"
64
+ Repository = "https://github.com/Ahmed-G-Gad/apothem"
65
+ Issues = "https://github.com/Ahmed-G-Gad/apothem/issues"
66
+ Discussions = "https://github.com/Ahmed-G-Gad/apothem/discussions"
67
+ Changelog = "https://github.com/Ahmed-G-Gad/apothem/blob/main/CHANGELOG.md"
68
+ Security = "https://github.com/Ahmed-G-Gad/apothem/security"
67
69
  Brand = "https://apothem.ahmedgad.com/docs/brand/"
68
70
 
69
71
  # Console scripts are intentionally absent: apothem installs as a per-harness
@@ -176,18 +178,24 @@ where = ["src"]
176
178
 
177
179
  [project.optional-dependencies]
178
180
  dev = [
179
- "ruff>=0.15.14",
181
+ # Floor at 0.15.20: 0.15.17 introduced (and 0.15.20 removed) rule RUF076,
182
+ # so pinning past the removal keeps selector behavior stable across
183
+ # contributor environments.
184
+ "ruff>=0.15.20",
180
185
  "mypy>=2.1.0",
181
186
  "types-PyYAML>=6.0.12.20260518",
182
187
  "types-jsonschema>=4.26.0.20260518",
183
- "pytest>=9.0.3",
188
+ "pytest>=9.1.1",
184
189
  "pytest-cov>=7.1.0",
185
190
  "pytest-xdist>=3.8.0",
186
191
  # Hypothesis ratifies the property-test surface that feeds the OpenSSF
187
192
  # Scorecard Fuzzing check. Property tests at tests/property/ exercise
188
193
  # invariants (round-trip, idempotence, schema-validity) across
189
194
  # auto-generated inputs across the search space.
190
- "hypothesis>=6.152.9",
195
+ # Floor below 6.156.0: that release begins the Rust-internals migration
196
+ # (native wheels; source builds need a Rust toolchain). Verify wheel
197
+ # coverage for every CI OS/arch target before floating past it.
198
+ "hypothesis>=6.155.7",
191
199
  ]
192
200
  security = [
193
201
  "bandit[toml]>=1.9.4",
@@ -264,13 +272,15 @@ ignore = ["E501"]
264
272
  # in the fixture's pass/fail counterparts, not authored in
265
273
  # real source.
266
274
  "tests/conformity/**" = ["E722", "S105", "S110", "F841", "BLE001"]
267
- # The hook dispatcher and emit_hook_context.py manipulate sys.path
268
- # before importing local helpers, so import-sort and module-import-
269
- # at-top rules cannot apply uniformly. The fail-open try/except/pass
270
- # is intentional per the dispatcher's contract: hook context is
271
- # advisory and must never block the underlying tool call.
272
- "src/apothem/hooks/dispatch.py" = ["E402", "I001", "S110"]
273
- "src/apothem/hooks/emit_hook_context.py" = ["E402", "I001"]
275
+ # The hook entrypoints (dispatch.py, emit_hook_context.py, and
276
+ # session_start_bootstrap.py) manipulate sys.path before importing
277
+ # local helpers, so import-sort and module-import-at-top rules cannot
278
+ # apply uniformly. The fail-open try/except/pass (S110) is intentional
279
+ # per the dispatcher's contract: hook context is advisory and must
280
+ # never block the underlying tool call.
281
+ "src/apothem/hooks/dispatch.py" = ["E402", "I001", "S110"]
282
+ "src/apothem/hooks/emit_hook_context.py" = ["E402", "I001"]
283
+ "src/apothem/hooks/session_start_bootstrap.py" = ["E402", "I001"]
274
284
  # Tooling scripts invoke subprocesses with controlled, internally-
275
285
  # constructed argument vectors. The S603 / S607 security rules
276
286
  # generalize to "untrusted input" but the inputs here are always
@@ -25,4 +25,10 @@ if __name__ == "__main__":
25
25
  # pipe or redirect. The group-callback call remains as defense-in-depth
26
26
  # for a direct ``apothem.cli.main`` import that bypasses this entry.
27
27
  _configure_stdio()
28
- raise SystemExit(main())
28
+ # Pin the completion trigger. Click derives the completion env var from
29
+ # the detected program name, which under ``python -m apothem`` is
30
+ # "python -m apothem" — an unmatchable variable name — so the emitted
31
+ # completion scripts (which all set ``_APOTHEM_COMPLETE``) would never
32
+ # engage. Pinning complete_var keeps shell completion working on every
33
+ # invocation surface without altering usage strings.
34
+ raise SystemExit(main(complete_var="_APOTHEM_COMPLETE"))
@@ -19,4 +19,8 @@ jsonschema-specifications==2025.9.1
19
19
  referencing==0.37.0
20
20
  typing_extensions==4.15.0
21
21
  PyYAML==6.0.3
22
+ # rpds-py: upstream moved to CalVer after 0.x; 0.30.0 was the final 0.x
23
+ # release and is the intentionally-frozen API anchor the apothem-authored
24
+ # pure-Python rpds shim mirrors. Do not bump this pin to a CalVer tag — the
25
+ # shim tracks the 0.30.0 API subset, not the upstream distribution.
22
26
  rpds-py==0.30.0 # upstream API anchor for the apothem-authored rpds shim
@@ -4,7 +4,7 @@ version: "0.1.0"
4
4
  updated: "2026-06-23"
5
5
  description: "Read-only dependency-tree risk audit — flags unpinned, stale, duplicate, and known-vulnerable dependencies with manifest/lockfile evidence. Use when auditing supply-chain risk, before a release cut, after adding a dependency, or when a CVE/advisory lands. Detects the ecosystem via host-discovery: npm (package.json + package-lock/yarn/pnpm), pip (pyproject/requirements + lock), cargo (Cargo.toml + Cargo.lock), go (go.mod + go.sum). Runs npm audit / pip-audit / cargo audit / govulncheck and returns a risk-ranked table (known-vulnerable → unpinned → duplicate → stale) with per-row evidence; never widens a pin or escalates a scope — gaps surface as inquiry."
6
6
  tools: "Read, Glob, Grep, Bash"
7
- disallowedTools: "Write, Edit"
7
+ disallowedTools: "Write, Edit, TodoWrite"
8
8
  maxTurns: 15
9
9
  # maxTurns rationale: 15 exceeds the 5–10 norm because a dependency audit reads the manifest and
10
10
  # lockfile, enumerates direct and transitive entries, and runs the host's audit tooling
@@ -4,7 +4,7 @@ version: "0.1.0"
4
4
  updated: "2026-06-23"
5
5
  description: "Read-only adversarial claim verification — decompose input into atomic claims, seek ≥2 independent sources, attempt refutation, assign cited verdicts (supported / refuted / unverifiable) with quoted evidence and confidence. Use when a claim needs proof before it ships: a benchmark or statistic in docs/copy, a 'X is faster/safer than Y' assertion, a citation that names an RFC or spec, a release note, or any factual claim a reviewer would challenge. Routes external claims through WebSearch / WebFetch and repository claims through Read / Glob / Grep; defaults to refuted-or-unverifiable when evidence is insufficient, never a charitable supported."
6
6
  tools: "Read, Glob, Grep, WebSearch, WebFetch"
7
- disallowedTools: "Write, Edit"
7
+ disallowedTools: "Write, Edit, TodoWrite"
8
8
  maxTurns: 15
9
9
  # maxTurns rationale: 15 exceeds the 5–10 norm because adversarial verification requires
10
10
  # sequential search → fetch → cross-reference chains per claim. Each claim needs ≥2 independent