@ahmed-g-gad/apothem 0.1.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -4
- package/README.md +175 -42
- package/bin/apothem.mjs +38 -4
- package/package.json +8 -2
- package/pyproject.toml +27 -17
- package/src/apothem/__main__.py +7 -1
- package/src/apothem/_vendor/vendor.txt +4 -0
- package/src/apothem/agents/dependency-auditor.md +1 -1
- package/src/apothem/agents/fact-checker.md +1 -1
- package/src/apothem/agents/prompt-evaluator.md +1 -1
- package/src/apothem/agents/research-scout.md +1 -1
- package/src/apothem/agents/security-scanner.md +1 -1
- package/src/apothem/agents/test-runner.md +1 -1
- package/src/apothem/audit/README.md +0 -6
- package/src/apothem/audit/build_capability_graph.py +4 -0
- package/src/apothem/audit/build_plans_provenance.py +8 -1
- package/src/apothem/audit/check_links.py +6 -0
- package/src/apothem/audit/classify_artifacts.py +6 -0
- package/src/apothem/audit/render_capability_index.py +6 -0
- package/src/apothem/audit/scan_ai_surfaces.py +72 -0
- package/src/apothem/audit/scan_ai_surfaces_coarse.py +6 -0
- package/src/apothem/audit/scan_drift_features.py +6 -0
- package/src/apothem/audit/scan_frontmatter.py +7 -0
- package/src/apothem/audit/scan_plan_leakage.py +6 -0
- package/src/apothem/audit/scan_plans_discipline.py +6 -0
- package/src/apothem/audit/scan_secrets_pii.py +6 -0
- package/src/apothem/audit/scan_stale_tokens.py +6 -0
- package/src/apothem/audit/synthesize_drift.py +13 -0
- package/src/apothem/benchmarks/README.md +1 -0
- package/src/apothem/benchmarks/bench_install.py +1 -1
- package/src/apothem/cli/README.md +1 -1
- package/src/apothem/cli/__init__.py +6 -9
- package/src/apothem/cli/_cmd_completion.py +61 -31
- package/src/apothem/cli/_cmd_diff.py +5 -4
- package/src/apothem/cli/_cmd_doctor.py +12 -5
- package/src/apothem/cli/_cmd_harnesses.py +17 -7
- package/src/apothem/cli/_cmd_install.py +51 -6
- package/src/apothem/cli/_cmd_migrate_workspace.py +30 -22
- package/src/apothem/cli/_cmd_profile.py +13 -5
- package/src/apothem/cli/_cmd_status.py +18 -6
- package/src/apothem/cli/_cmd_uninstall.py +20 -16
- package/src/apothem/cli/_cmd_update.py +84 -16
- package/src/apothem/cli/_cmd_verify.py +25 -14
- package/src/apothem/cli/_epilogs.py +5 -3
- package/src/apothem/cli/_helpers.py +77 -52
- package/src/apothem/cli/_materialize.py +39 -18
- package/src/apothem/cli/completions/apothem.ps1 +18 -18
- package/src/apothem/commands/README.md +3 -0
- package/src/apothem/commands/a11y-audit.md +2 -2
- package/src/apothem/commands/architecture-review.md +2 -2
- package/src/apothem/commands/audit.md +1 -1
- package/src/apothem/commands/code-audit.md +2 -2
- package/src/apothem/commands/code-review.md +2 -2
- package/src/apothem/commands/dependency-audit.md +2 -2
- package/src/apothem/commands/docs-review.md +2 -2
- package/src/apothem/commands/elevate.md +40 -25
- package/src/apothem/commands/eval.md +2 -2
- package/src/apothem/commands/fortress.md +5 -5
- package/src/apothem/commands/freshify.md +2 -2
- package/src/apothem/commands/github-deploy-fresh.md +2 -2
- package/src/apothem/commands/github-deploy-next.md +2 -2
- package/src/apothem/commands/perf-audit.md +2 -2
- package/src/apothem/commands/plan-audit.md +1 -1
- package/src/apothem/commands/plan-design.md +2 -2
- package/src/apothem/commands/plan-execute.md +1 -1
- package/src/apothem/commands/plan-generate.md +1 -1
- package/src/apothem/commands/plan-review.md +1 -1
- package/src/apothem/commands/plan-spec.md +2 -2
- package/src/apothem/commands/plan.md +1 -1
- package/src/apothem/commands/projectify.md +3 -3
- package/src/apothem/commands/release-readiness.md +2 -2
- package/src/apothem/commands/research-analysis.md +10 -5
- package/src/apothem/commands/research-design.md +21 -3
- package/src/apothem/commands/research-disseminate.md +13 -3
- package/src/apothem/commands/research-experiment.md +21 -2
- package/src/apothem/commands/research-ideate.md +1 -1
- package/src/apothem/commands/research-paper.md +14 -4
- package/src/apothem/commands/research-proposal.md +8 -4
- package/src/apothem/commands/research-publish.md +10 -3
- package/src/apothem/commands/research-review.md +9 -3
- package/src/apothem/commands/research-sources.md +10 -2
- package/src/apothem/commands/research-spec.md +12 -4
- package/src/apothem/commands/research-synthesis.md +10 -3
- package/src/apothem/commands/research-theory.md +2 -2
- package/src/apothem/commands/research.md +9 -6
- package/src/apothem/commands/security-audit.md +2 -2
- package/src/apothem/commands/supply-chain-audit.md +4 -4
- package/src/apothem/commands/test-suite.md +4 -4
- package/src/apothem/commands/threat-model-audit.md +2 -2
- package/src/apothem/commands/ux-review.md +2 -2
- package/src/apothem/conformity/README.md +5 -0
- package/src/apothem/conformity/__init__.py +17 -0
- package/src/apothem/conformity/_grep_base.py +143 -7
- package/src/apothem/conformity/agnosticism_grep.py +9 -7
- package/src/apothem/conformity/always_on_budget_grep.py +2 -0
- package/src/apothem/conformity/bare_except_grep.py +78 -12
- package/src/apothem/conformity/binding_reciprocity_grep.py +18 -20
- package/src/apothem/conformity/brand_mark_grep.py +0 -3
- package/src/apothem/conformity/commented_out_code_grep.py +86 -22
- package/src/apothem/conformity/completion_claim_grep.py +15 -15
- package/src/apothem/conformity/conventional_commit_grep.py +49 -1
- package/src/apothem/conformity/copilot_instructions_presence_grep.py +0 -3
- package/src/apothem/conformity/cross_platform_matrix_grep.py +119 -37
- package/src/apothem/conformity/determinism_grep.py +1 -1
- package/src/apothem/conformity/diagram_staleness_grep.py +22 -6
- package/src/apothem/conformity/file_header_grep.py +21 -10
- package/src/apothem/conformity/freshness_token_grep.py +21 -10
- package/src/apothem/conformity/frontmatter_grep.py +1 -1
- package/src/apothem/conformity/gate.py +89 -24
- package/src/apothem/conformity/hedging_grep.py +10 -16
- package/src/apothem/conformity/license_author_consistency_grep.py +0 -3
- package/src/apothem/conformity/link_check.py +32 -9
- package/src/apothem/conformity/magic_number_grep.py +107 -9
- package/src/apothem/conformity/multi_surface_coherence_grep.py +1 -4
- package/src/apothem/conformity/naming_grep.py +190 -11
- package/src/apothem/conformity/no_toplevel_docs_grep.py +22 -39
- package/src/apothem/conformity/option_annotation_grep.py +0 -3
- package/src/apothem/conformity/orphan_output_grep.py +0 -3
- package/src/apothem/conformity/plan_suite_structure_grep.py +9 -9
- package/src/apothem/conformity/production_ready_pr_grep.py +33 -46
- package/src/apothem/conformity/reference_token_grep.py +12 -3
- package/src/apothem/conformity/secret_leak_grep.py +0 -3
- package/src/apothem/conformity/semver_stability_grep.py +93 -48
- package/src/apothem/conformity/token_efficiency_grep.py +0 -3
- package/src/apothem/conformity/unpinned_action_grep.py +0 -3
- package/src/apothem/conformity/user_confirm_grep.py +0 -3
- package/src/apothem/harnesses/_shared/install_driver_lifecycle.py +44 -19
- package/src/apothem/harnesses/_shared/install_driver_planvalidation.py +5 -4
- package/src/apothem/harnesses/_shared/wrapper_factories.py +203 -0
- package/src/apothem/harnesses/antigravity/STANDARD-CONVENTION-PIN.md +16 -10
- package/src/apothem/harnesses/antigravity/__init__.py +11 -44
- package/src/apothem/harnesses/antigravity/install.py +6 -35
- package/src/apothem/harnesses/antigravity/templates/GEMINI.md +8 -5
- package/src/apothem/harnesses/antigravity/templates/plugin.json +1 -1
- package/src/apothem/harnesses/antigravity/uninstall.py +6 -13
- package/src/apothem/harnesses/claude_code/install.py +35 -24
- package/src/apothem/harnesses/claude_code/verify.py +1 -1
- package/src/apothem/harnesses/codebuddy/__init__.py +5 -7
- package/src/apothem/harnesses/codebuddy/templates/apothem-rules.md +1 -1
- package/src/apothem/harnesses/codebuddy/uninstall.py +13 -14
- package/src/apothem/harnesses/codex/__init__.py +11 -38
- package/src/apothem/harnesses/codex/capabilities.yml +5 -8
- package/src/apothem/harnesses/codex/install.py +6 -35
- package/src/apothem/harnesses/codex/uninstall.py +7 -14
- package/src/apothem/harnesses/cursor/__init__.py +5 -7
- package/src/apothem/harnesses/cursor/capabilities.yml +5 -10
- package/src/apothem/harnesses/cursor/templates/apothem-rules.mdc +1 -1
- package/src/apothem/harnesses/cursor/uninstall.py +13 -14
- package/src/apothem/harnesses/gemini_cli/STANDARD-CONVENTION-PIN.md +2 -2
- package/src/apothem/harnesses/gemini_cli/__init__.py +5 -7
- package/src/apothem/harnesses/gemini_cli/capabilities.yml +3 -8
- package/src/apothem/harnesses/gemini_cli/templates/GEMINI.md +1 -1
- package/src/apothem/harnesses/gemini_cli/uninstall.py +14 -14
- package/src/apothem/harnesses/gemini_cli/verify.py +1 -1
- package/src/apothem/harnesses/github_copilot/__init__.py +7 -7
- package/src/apothem/harnesses/github_copilot/capabilities.yml +6 -10
- package/src/apothem/harnesses/github_copilot/templates/copilot-instructions.md +1 -1
- package/src/apothem/harnesses/github_copilot/uninstall.py +13 -14
- package/src/apothem/harnesses/github_copilot/verify.py +1 -1
- package/src/apothem/harnesses/glm/__init__.py +5 -6
- package/src/apothem/harnesses/glm/capabilities.yml +3 -1
- package/src/apothem/harnesses/glm/uninstall.py +12 -14
- package/src/apothem/harnesses/hermes/STANDARD-CONVENTION-PIN.md +2 -1
- package/src/apothem/harnesses/hermes/uninstall.py +14 -23
- package/src/apothem/harnesses/kimi_code/__init__.py +1 -1
- package/src/apothem/harnesses/kimi_code/install.py +2 -2
- package/src/apothem/harnesses/kimi_code/uninstall.py +1 -1
- package/src/apothem/harnesses/kimi_code/update.py +1 -1
- package/src/apothem/harnesses/kimi_code/verify.py +1 -1
- package/src/apothem/harnesses/kiro/__init__.py +5 -7
- package/src/apothem/harnesses/kiro/capabilities.yml +6 -4
- package/src/apothem/harnesses/kiro/templates/apothem-rules.md +1 -1
- package/src/apothem/harnesses/kiro/uninstall.py +13 -14
- package/src/apothem/harnesses/open_claw/capabilities.yml +7 -5
- package/src/apothem/harnesses/open_claw/uninstall.py +10 -22
- package/src/apothem/harnesses/open_claw/verify.py +1 -1
- package/src/apothem/harnesses/opencode/STANDARD-CONVENTION-PIN.md +2 -1
- package/src/apothem/harnesses/opencode/capabilities.yml +5 -10
- package/src/apothem/harnesses/opencode/uninstall.py +14 -24
- package/src/apothem/harnesses/qwen_code/STANDARD-CONVENTION-PIN.md +3 -3
- package/src/apothem/harnesses/qwen_code/capabilities.yml +5 -11
- package/src/apothem/harnesses/qwen_code/materializer.py +49 -21
- package/src/apothem/harnesses/qwen_code/uninstall.py +14 -24
- package/src/apothem/harnesses/qwen_code/verify.py +1 -1
- package/src/apothem/harnesses/trae/__init__.py +5 -7
- package/src/apothem/harnesses/trae/templates/apothem-rules.md +1 -1
- package/src/apothem/harnesses/trae/uninstall.py +13 -14
- package/src/apothem/harnesses/windsurf/__init__.py +5 -7
- package/src/apothem/harnesses/windsurf/capabilities.yml +4 -6
- package/src/apothem/harnesses/windsurf/templates/apothem-rules.md +1 -1
- package/src/apothem/harnesses/windsurf/uninstall.py +15 -14
- package/src/apothem/harnesses/zed/__init__.py +6 -8
- package/src/apothem/harnesses/zed/templates/apothem-rules.md +2 -2
- package/src/apothem/harnesses/zed/uninstall.py +16 -17
- package/src/apothem/hooks/README.md +2 -0
- package/src/apothem/hooks/askuserquestion_validator.py +4 -2
- package/src/apothem/hooks/dispatch.py +14 -18
- package/src/apothem/hooks/emit_hook_context.py +121 -39
- package/src/apothem/hooks/lib/bootstrap.ps1 +20 -0
- package/src/apothem/hooks/lib/bootstrap.sh +23 -4
- package/src/apothem/hooks/lib/find-pwsh.ps1 +5 -1
- package/src/apothem/hooks/lib/find-pwsh.sh +69 -35
- package/src/apothem/hooks/lib/resolve_root.py +13 -2
- package/src/apothem/hooks/lib/stdin_json.py +49 -0
- package/src/apothem/hooks/proactive_compaction_tracker.py +56 -4
- package/src/apothem/hooks/session_start_bootstrap.py +36 -8
- package/src/apothem/lib/README.md +13 -5
- package/src/apothem/lib/atomic_io.py +51 -8
- package/src/apothem/lib/auditor.py +9 -5
- package/src/apothem/lib/contexts.py +20 -4
- package/src/apothem/lib/data_home.py +26 -15
- package/src/apothem/lib/harness_registry.py +1 -1
- package/src/apothem/lib/harness_registry_data.py +13 -2
- package/src/apothem/lib/install_ledger.py +52 -11
- package/src/apothem/lib/learning.py +25 -14
- package/src/apothem/lib/memory.py +13 -13
- package/src/apothem/lib/plugin_tree.py +8 -7
- package/src/apothem/lib/profile.py +40 -13
- package/src/apothem/lib/profile_projection.py +44 -7
- package/src/apothem/lib/propagation-manifest.yaml +5 -2
- package/src/apothem/lib/propagation.py +36 -18
- package/src/apothem/lib/python_resolver.py +20 -7
- package/src/apothem/lib/schema_errors.py +34 -0
- package/src/apothem/lib/workspace_migration.py +9 -1
- package/src/apothem/rules/agile-sprints-elements.md +1 -1
- package/src/apothem/rules/agnostic-posture.md +1 -1
- package/src/apothem/rules/authoritative-referencing-quotation.md +1 -1
- package/src/apothem/rules/authority-inquiry-categories.md +14 -0
- package/src/apothem/rules/auto-memory.md +1 -1
- package/src/apothem/rules/canonical-layout-reporting-tiers.md +1 -1
- package/src/apothem/rules/code-craft-python.md +1 -1
- package/src/apothem/rules/context-management-protocol.md +1 -1
- package/src/apothem/rules/context-management-scratch.md +1 -1
- package/src/apothem/rules/host-discovery-manifests.md +7 -4
- package/src/apothem/rules/host-discovery.md +11 -2
- package/src/apothem/rules/i18n-discipline-locale-cohorts.md +1 -1
- package/src/apothem/rules/living-docs.md +10 -1
- package/src/apothem/rules/operational-mandates-expanded.md +1 -0
- package/src/apothem/rules/persistent-conventions-vigilance.md +1 -1
- package/src/apothem/rules/planning-techniques.md +2 -0
- package/src/apothem/rules/production-ready-prs-surfaces.md +3 -3
- package/src/apothem/rules/production-ready-prs.md +3 -1
- package/src/apothem/rules/propagation.md +3 -1
- package/src/apothem/rules/recommend-next-step.md +1 -1
- package/src/apothem/rules/session-closure.md +2 -2
- package/src/apothem/rules/visual-leverage.md +1 -1
- package/src/apothem/schemas/cohort-manifest.yaml +6 -2
- package/src/apothem/schemas/profile.schema.json +11 -3
- package/src/apothem/skills/ecosystem-audit/SKILL.md +1 -1
- package/src/apothem/skills/eval-harness/SKILL.md +1 -1
- package/src/apothem/skills/plan-suite/SKILL.md +1 -1
- package/src/apothem/skills/projectify/SKILL.md +2 -2
- package/src/apothem/skills/prompt-engineering/SKILL.md +1 -1
- package/src/apothem/skills/research-suite/SKILL.md +24 -4
- package/src/apothem/skills/research-suite/references/advancement-gate.md +104 -0
- package/src/apothem/skills/research-suite/references/autonomous-experiment-loop.md +168 -0
- package/src/apothem/skills/research-suite/references/blinding-and-disclosure.md +58 -0
- package/src/apothem/skills/research-suite/references/comparator-provenance.md +72 -0
- package/src/apothem/skills/research-suite/references/compute-utilization.md +112 -0
- package/src/apothem/skills/research-suite/references/directory-structure.md +2 -1
- package/src/apothem/skills/research-suite/references/empirical-comparison-rigor.md +48 -0
- package/src/apothem/skills/research-suite/references/experiment-program-scaffold.md +92 -0
- package/src/apothem/skills/research-suite/references/lifecycle.md +9 -9
- package/src/apothem/skills/research-suite/references/rigor-mandates.md +16 -1
- package/src/apothem/skills/research-suite/research_template.md +1 -1
- package/src/apothem/skills/secret-rotation/SKILL.md +3 -0
- package/src/apothem/skills/vuln-triage/SKILL.md +1 -1
- package/src/apothem/statuslines/conformity.json +1 -0
- package/src/apothem/statuslines/render.py +37 -10
- package/src/apothem/audit/execute_plans_migration.py +0 -491
package/CHANGELOG.md
CHANGED
|
@@ -7,7 +7,7 @@ All notable changes to this project are documented in this file.
|
|
|
7
7
|
This changelog follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
|
|
8
8
|
and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
9
9
|
|
|
10
|
-
## [0.
|
|
10
|
+
## [1.0.0] - 2026-07-03
|
|
11
11
|
|
|
12
12
|
The first release of Apothem — a host-agnostic configuration manager that
|
|
13
13
|
authors one shared profile and materializes it into the native configuration of
|
|
@@ -30,8 +30,8 @@ reproducible releases.
|
|
|
30
30
|
`~/.apothem/backups/` before replacement; uninstalls reverse cleanly with zero
|
|
31
31
|
orphans.
|
|
32
32
|
- **CLI.** `quickstart`, `install`, `uninstall`, `update`, `verify`, `status`,
|
|
33
|
-
`diff`, `rollback`, `harnesses`, `profile`, `doctor`, and
|
|
34
|
-
commands, with dry-run reporting, drift detection, structured JSON output
|
|
33
|
+
`diff`, `rollback`, `migrate-workspace`, `harnesses`, `profile`, `doctor`, and
|
|
34
|
+
`completion` commands, with dry-run reporting, drift detection, structured JSON output
|
|
35
35
|
(`--format json`), and per-harness status. The engine is self-contained — the
|
|
36
36
|
source tree carries its vendored dependencies and runs from a checkout as
|
|
37
37
|
`python -m apothem` on system Python 3.10+.
|
|
@@ -57,4 +57,4 @@ reproducible releases.
|
|
|
57
57
|
documentation build, CodeQL, OpenSSF Scorecard, dependency audit, and
|
|
58
58
|
supply-chain checks before publication.
|
|
59
59
|
|
|
60
|
-
[0.
|
|
60
|
+
[1.0.0]: https://github.com/ahmed-g-gad/apothem/releases/tag/v1.0.0
|
package/README.md
CHANGED
|
@@ -12,14 +12,15 @@
|
|
|
12
12
|
<h1 align="center">Apothem</h1>
|
|
13
13
|
|
|
14
14
|
<p align="center">
|
|
15
|
-
<em>
|
|
15
|
+
<em>Author one shared profile · materialize it into seventeen tools' native configs.</em>
|
|
16
16
|
</p>
|
|
17
17
|
|
|
18
18
|
<p align="center">
|
|
19
|
+
<a href="https://github.com/ahmed-g-gad/apothem/releases"><img alt="Release" src="https://img.shields.io/endpoint?url=https%3A%2F%2Fapothem.ahmedgad.com%2Fbadges%2Frelease.json"></a>
|
|
19
20
|
<a href="https://github.com/ahmed-g-gad/apothem/actions/workflows/ci.yml"><img alt="Build" src="https://github.com/ahmed-g-gad/apothem/actions/workflows/ci.yml/badge.svg?branch=main"></a>
|
|
20
21
|
<a href="https://github.com/ahmed-g-gad/apothem/blob/main/LICENSE"><img alt="License: MIT" src="https://img.shields.io/github/license/ahmed-g-gad/apothem?color=0F172A"></a>
|
|
21
22
|
<a href="https://www.npmjs.com/package/@ahmed-g-gad/apothem"><img alt="npm version" src="https://img.shields.io/npm/v/%40ahmed-g-gad%2Fapothem?color=10B981&label=npm"></a>
|
|
22
|
-
<a href="https://github.com/ahmed-g-gad/apothem/
|
|
23
|
+
<a href="https://github.com/ahmed-g-gad/apothem/blob/main/pyproject.toml"><img alt="Coverage gate ≥80%" src="https://img.shields.io/badge/coverage%20gate-%E2%89%A580%25-2563EB"></a>
|
|
23
24
|
<a href="https://securityscorecards.dev/viewer/?uri=github.com/ahmed-g-gad/apothem"><img alt="OpenSSF Scorecard" src="https://api.securityscorecards.dev/projects/github.com/ahmed-g-gad/apothem/badge"></a>
|
|
24
25
|
<a href="https://github.com/ahmed-g-gad/apothem/discussions"><img alt="Community discussions" src="https://img.shields.io/badge/discussions-GitHub-7C3AED"></a>
|
|
25
26
|
<a href="https://apothem.ahmedgad.com/"><img alt="Documentation" src="https://img.shields.io/badge/docs-Fumadocs-0F172A"></a>
|
|
@@ -27,14 +28,18 @@
|
|
|
27
28
|
</p>
|
|
28
29
|
|
|
29
30
|
<p align="center">
|
|
31
|
+
<a href="https://github.com/ahmed-g-gad/apothem#why-apothem">Why Apothem</a>
|
|
32
|
+
·
|
|
30
33
|
<a href="https://github.com/ahmed-g-gad/apothem#install">Install</a>
|
|
31
34
|
·
|
|
32
35
|
<a href="https://github.com/ahmed-g-gad/apothem#quick-start">Quick Start</a>
|
|
33
36
|
·
|
|
34
|
-
<a href="https://
|
|
37
|
+
<a href="https://github.com/ahmed-g-gad/apothem#how-it-works">How it works</a>
|
|
35
38
|
·
|
|
36
39
|
<a href="https://github.com/ahmed-g-gad/apothem#supported-harnesses">Supported harnesses</a>
|
|
37
40
|
·
|
|
41
|
+
<a href="https://apothem.ahmedgad.com/">Documentation</a>
|
|
42
|
+
·
|
|
38
43
|
<a href="https://github.com/ahmed-g-gad/apothem/blob/main/CHANGELOG.md">Changelog</a>
|
|
39
44
|
·
|
|
40
45
|
<a href="https://github.com/ahmed-g-gad/apothem/blob/main/CONTRIBUTING.md">Contributing</a>
|
|
@@ -50,7 +55,7 @@
|
|
|
50
55
|
</a>
|
|
51
56
|
</p>
|
|
52
57
|
|
|
53
|
-
**Apothem** authors one shared profile — rules, slash-commands, skills, hooks, output-styles, settings (including MCP servers), schemas, and docs — and materializes that *whole synced unit* into all seventeen supported harnesses' native configuration directories through per-harness adapters. One source of truth
|
|
58
|
+
**Apothem** authors one shared profile — rules, slash-commands, skills, hooks, output-styles, settings (including MCP servers), schemas, and docs — and materializes that *whole synced unit* into all seventeen supported harnesses' native configuration directories through per-harness adapters. Edit the profile once; every tool picks up the change from a single command. One source of truth, seventeen destinations, zero hand-maintained drift — with a mechanized conformity gate keeping every materialized surface in line.
|
|
54
59
|
|
|
55
60
|
## Why Apothem
|
|
56
61
|
|
|
@@ -59,9 +64,9 @@ Supported harnesses proliferate; each one parks its configuration in a different
|
|
|
59
64
|
Apothem cuts the drift at the root, and goes wider than file-copying or rules-only sync:
|
|
60
65
|
|
|
61
66
|
- **One profile, seventeen destinations.** Author your rules, slash-commands, skills, hooks, output-styles, settings (MCP servers included), schemas, and docs once. Push the whole unit to every harness with one command.
|
|
62
|
-
- **A wide synced unit, not rules alone.**
|
|
67
|
+
- **A wide synced unit, not rules alone.** Every primitive travels as a first-class citizen — translated into each harness's native schema, never flattened to a lowest common denominator.
|
|
63
68
|
- **A mechanized governance gate.** `python -m apothem.conformity.gate` runs multi-bar pre-emission checks — authorship headers, naming, code-craft, hedging, binding reciprocity — so every materialized surface stays conformant.
|
|
64
|
-
- **Deterministic pipelines.** A review pipeline (`/plan-spec → /plan-generate → /plan-review → /plan-design → /plan-execute`, where `/plan-design` runs only for architecture-bearing suites), a
|
|
69
|
+
- **Deterministic pipelines.** A review pipeline (`/plan-spec → /plan-generate → /plan-review → /plan-design → /plan-execute`, where `/plan-design` runs only for architecture-bearing suites), a thirteen-stage `/research` pipeline, and an eleven-command audit fortress apply to every change to the profile itself.
|
|
65
70
|
- **Reversible, verified lifecycle.** Every install is undone by the matching uninstall — timestamped backups, zero orphans; `apothem verify --harness <name>` answers "is the profile faithfully installed here?" with a structured JSON drift report.
|
|
66
71
|
- **Durable memory + opt-in learning.** A persistent memory tier and an opt-in continuous-learning loop carry confirmed conventions forward across sessions.
|
|
67
72
|
- **Work that survives session, account, and machine boundaries.** Long-running work externalizes its full state to a project-local `.apothem/plans/` suite — a resumption contract plus a cold-start protocol. Because the state lives in your project's files, not locked inside one cloud chat history, a fresh session on any account or machine pointed at the project picks the work back up in place. See [Resumable planning](https://apothem.ahmedgad.com/docs/concepts/resumable-planning/).
|
|
@@ -73,7 +78,7 @@ Apothem cuts the drift at the root, and goes wider than file-copying or rules-on
|
|
|
73
78
|
| 🎯 | **One profile → seventeen native configs** | Author once; install everywhere. Each harness receives the profile translated into its own native schema — no lowest-common-denominator flattening. |
|
|
74
79
|
| 🧩 | **A wide synced unit** | Rules · slash-commands · skills · hooks · output-styles · settings (with MCP servers) · schemas · docs travel together as first-class primitives — not rules alone. |
|
|
75
80
|
| 🛡️ | **Mechanized governance gate** | `python -m apothem.conformity.gate` runs multi-bar pre-emission checks — authorship headers, naming, code-craft, hedging, binding reciprocity — across every materialized surface; a behavior-diff golden corpus regression-locks each adapter's output, so any unintended change to what a harness receives is caught. |
|
|
76
|
-
| 🧭 | **Deterministic pipelines** | A staged `/plan` review pipeline and a
|
|
81
|
+
| 🧭 | **Deterministic pipelines** | A staged `/plan` review pipeline and a thirteen-stage `/research` pipeline apply the same discipline to every change to the profile itself. |
|
|
77
82
|
| 🏰 | **eleven-command audit fortress** | Security · code · accessibility · performance · dependency · supply-chain · threat-model · architecture · code-review · docs-review · UX audits on demand. |
|
|
78
83
|
| 🧠 | **Durable memory + opt-in learning** | A persistent memory tier and an opt-in continuous-learning loop carry confirmed conventions forward across sessions. |
|
|
79
84
|
| 👁️ | **Preview before write** | `apothem diff --harness <name>` shows every pending change to a harness's native config before anything lands — inspect the full diff, then install. |
|
|
@@ -85,19 +90,19 @@ Apothem cuts the drift at the root, and goes wider than file-copying or rules-on
|
|
|
85
90
|
|
|
86
91
|
## How Apothem compares
|
|
87
92
|
|
|
88
|
-
Other tools solve adjacent slices of this problem. File-based config managers like **chezmoi** and **GNU Stow** place or template files but never translate one source into each harness's *native* configuration schema. Cross-tool rule-sync CLIs like **rulesync** do generate per-tool native files across many tools — a broader tool count than Apothem's seventeen. Apothem's distinction is the **
|
|
93
|
+
Other tools solve adjacent slices of this problem. File-based config managers like **chezmoi** and **GNU Stow** place or template files but never translate one source into each harness's *native* configuration schema. Cross-tool rule-sync CLIs like **rulesync** do generate per-tool native files across many tools — a broader tool count than Apothem's seventeen, and a comparably wide synced unit. Apothem's distinction is the **governance and lifecycle discipline shipped around the sync** — a mechanized conformity gate, deterministic pipelines, an audit fortress, and a reversible verified lifecycle:
|
|
89
94
|
|
|
90
95
|
| Capability | Apothem | File config managers<br>(chezmoi, Stow) | Cross-tool rule sync<br>(rulesync) | Per-tool native config |
|
|
91
96
|
|---|:---:|:---:|:---:|:---:|
|
|
92
97
|
| One source → many tools' native schemas | ✅ seventeen harness adapters | ❌ copy / symlink, no translation | ✅ | ❌ single tool |
|
|
93
|
-
| Synced unit | rules · slash-commands · skills · hooks · output-styles · settings (MCP) · schemas · docs | arbitrary files | rules · MCP · commands | — |
|
|
98
|
+
| Synced unit | rules · slash-commands · skills · hooks · output-styles · settings (MCP) · schemas · docs | arbitrary files | rules · ignore · MCP · commands · subagents · skills · hooks · permissions | — |
|
|
94
99
|
| Mechanized governance gate | ✅ `python -m apothem.conformity.gate` | ❌ | ❌ | ❌ |
|
|
95
|
-
| Deterministic `/plan` +
|
|
100
|
+
| Deterministic `/plan` + thirteen-stage `/research` pipelines | ✅ | ❌ | ❌ | ❌ |
|
|
96
101
|
| eleven-command audit fortress | ✅ security · perf · a11y · supply-chain · … | ❌ | ❌ | ❌ |
|
|
97
102
|
| Durable memory + opt-in learning loop | ✅ | ❌ | ❌ | ❌ |
|
|
98
103
|
| Reversible, verified lifecycle | ✅ backup + `apothem verify` + zero-orphan uninstall | varies | varies | — |
|
|
99
104
|
|
|
100
|
-
Where a peer is stronger, it is named: **rulesync** reaches more tools, and several sync tools materialize native schemas. Apothem trades raw tool count for
|
|
105
|
+
Where a peer is stronger, it is named: **rulesync** reaches more tools and carries a comparably wide synced unit, and several sync tools materialize native schemas. Apothem trades raw tool count for the governance, audit, and lifecycle discipline shipped around the sync — a conformity gate, deterministic `/plan` and `/research` pipelines, an eleven-command audit fortress, durable memory, and a reversible verified lifecycle — that a rule-sync tool does not carry.
|
|
101
106
|
|
|
102
107
|
## Quick Start
|
|
103
108
|
|
|
@@ -116,8 +121,9 @@ npx @ahmed-g-gad/apothem verify --harness claude-code
|
|
|
116
121
|
|
|
117
122
|
That is the whole path: `quickstart` scaffolds a shared profile when none
|
|
118
123
|
exists, previews every file it will write, installs, and names the next
|
|
119
|
-
commands; `verify` reports whether the profile is faithfully installed.
|
|
120
|
-
|
|
124
|
+
commands; `verify` reports whether the profile is faithfully installed. What
|
|
125
|
+
follows is the longer tour — the same one command explained in full, then the
|
|
126
|
+
explicit step-by-step alternative.
|
|
121
127
|
|
|
122
128
|
### Other ways to install
|
|
123
129
|
|
|
@@ -137,16 +143,14 @@ curl -fsSL https://apothem.ahmedgad.com/install.sh | sh # POSIX
|
|
|
137
143
|
irm https://apothem.ahmedgad.com/install.ps1 | iex # Windows
|
|
138
144
|
```
|
|
139
145
|
|
|
140
|
-
The
|
|
141
|
-
create a shared profile if none exists, preview the files each harness will
|
|
142
|
-
write, confirm, then install:
|
|
146
|
+
The `quickstart` command walks the whole canonical path in one guided step:
|
|
143
147
|
|
|
144
148
|
```shell
|
|
145
149
|
npx @ahmed-g-gad/apothem quickstart
|
|
146
150
|
```
|
|
147
151
|
|
|
148
|
-
|
|
149
|
-
|
|
152
|
+
It ensures a profile (scaffolding one with a personalize nudge if it is
|
|
153
|
+
missing), previews the writes grouped by project root versus your home
|
|
150
154
|
directory, asks before writing outside the project, installs with the grouped
|
|
151
155
|
capability-note output, and ends by naming the next commands. `--yes` runs it
|
|
152
156
|
non-interactively; `--format json` emits one structured summary.
|
|
@@ -182,8 +186,36 @@ Every install path runs the same self-contained engine: the source tree
|
|
|
182
186
|
carries its vendored dependencies and runs from a checkout on system Python
|
|
183
187
|
3.10 or newer (see
|
|
184
188
|
[the self-contained runtime](https://apothem.ahmedgad.com/docs/architecture/self-contained-runtime/)).
|
|
189
|
+
Two prerequisites are shared by every path — **system Python 3.10 or newer** on
|
|
190
|
+
`PATH`, with the `click` and `rich` packages importable under it; the npm-shim
|
|
191
|
+
and tool-plugin paths additionally need **Node.js 18 or newer** to run `npx`.
|
|
192
|
+
|
|
193
|
+
Eight install channels are available. Pick by how you already work; each
|
|
194
|
+
channel's own subsection below gives its prerequisites, one copy-ready command,
|
|
195
|
+
and a verification step.
|
|
196
|
+
|
|
197
|
+
| # | Channel | Delivers | Prerequisites |
|
|
198
|
+
|---|---|---|---|
|
|
199
|
+
| 1 | [Claude Code plugin](#1--claude-code-plugin) | Full harness in Claude Code | Claude Code · Python 3.10+ |
|
|
200
|
+
| 2 | [npm shim (`npx`)](#2--npm-shim-npx) | Full harness, any tool | Node 18+ · Python 3.10+ |
|
|
201
|
+
| 3 | [One-shot installers](#3--one-shot-installers) | Full harness + an `apothem` command | Python 3.10+ (`git` for a network install) |
|
|
202
|
+
| 4 | [VS Code family extension](#4--vs-code-family-extension) | Full harness from the editor | VS Code · Node 18+ · Python 3.10+ |
|
|
203
|
+
| 5 | [Gemini CLI extension](#5--gemini-cli-extension) | Bootstrap that runs the engine | Gemini CLI · Node 18+ · Python 3.10+ |
|
|
204
|
+
| 6 | [Qwen Code extension](#6--qwen-code-extension) | Bootstrap that runs the engine | Qwen Code · Node 18+ · Python 3.10+ |
|
|
205
|
+
| 7 | [Codex plugin](#7--codex-plugin) | Bootstrap that runs the engine | Codex · Node 18+ · Python 3.10+ |
|
|
206
|
+
| 8 | [Direct engine (`python -m apothem`)](#8--direct-engine-python--m-apothem) | Full harness from a checkout | Python 3.10+ (`click`, `rich`) |
|
|
207
|
+
|
|
208
|
+
The npm shim (2), the one-shot installers (3), and the direct engine (8)
|
|
209
|
+
deliver the whole synced unit for any harness. The Gemini CLI, Qwen Code, and
|
|
210
|
+
Codex extensions (5–7) install a small bootstrap that shells out to the engine
|
|
211
|
+
(`npx @ahmed-g-gad/apothem install`) to materialize the full harness — they are
|
|
212
|
+
the entry point, not the full delivery on their own.
|
|
213
|
+
|
|
214
|
+
Every path is idempotent: re-running is safe and converges to the same state.
|
|
215
|
+
|
|
216
|
+
### 1 — Claude Code plugin
|
|
185
217
|
|
|
186
|
-
|
|
218
|
+
**Prerequisites:** Claude Code, and system Python 3.10+ on `PATH`.
|
|
187
219
|
|
|
188
220
|
Inside Claude Code:
|
|
189
221
|
|
|
@@ -192,10 +224,18 @@ Inside Claude Code:
|
|
|
192
224
|
/plugin install apothem@apothem
|
|
193
225
|
```
|
|
194
226
|
|
|
195
|
-
|
|
227
|
+
**Verify:** run `/help` inside Claude Code and confirm the Apothem commands are
|
|
228
|
+
listed, or check the drift report with:
|
|
196
229
|
|
|
197
|
-
|
|
198
|
-
|
|
230
|
+
```shell
|
|
231
|
+
npx @ahmed-g-gad/apothem verify --harness claude-code
|
|
232
|
+
```
|
|
233
|
+
|
|
234
|
+
### 2 — npm shim (`npx`)
|
|
235
|
+
|
|
236
|
+
**Prerequisites:** Node.js 18+ (for `npx`) and system Python 3.10+ on `PATH`.
|
|
237
|
+
The shim locates the interpreter and forwards every CLI command to the bundled
|
|
238
|
+
engine.
|
|
199
239
|
|
|
200
240
|
```shell
|
|
201
241
|
npx @ahmed-g-gad/apothem install --harness claude-code
|
|
@@ -207,7 +247,18 @@ It also runs straight from the repository:
|
|
|
207
247
|
npx github:ahmed-g-gad/apothem install --harness claude-code
|
|
208
248
|
```
|
|
209
249
|
|
|
210
|
-
|
|
250
|
+
**Verify:**
|
|
251
|
+
|
|
252
|
+
```shell
|
|
253
|
+
npx @ahmed-g-gad/apothem --version
|
|
254
|
+
npx @ahmed-g-gad/apothem verify --harness claude-code
|
|
255
|
+
```
|
|
256
|
+
|
|
257
|
+
### 3 — One-shot installers
|
|
258
|
+
|
|
259
|
+
**Prerequisites:** system Python 3.10+ on `PATH` (the installer offers to add
|
|
260
|
+
the `click` / `rich` prerequisites for you); `git` is needed only for a network
|
|
261
|
+
install that clones the source.
|
|
211
262
|
|
|
212
263
|
The one-shot installer resolves the latest signed release tag, verifies its
|
|
213
264
|
signature, fetches the Apothem source tree at that tag, runs the engine
|
|
@@ -219,6 +270,16 @@ tag-pinned verified install is the default and recommended path.
|
|
|
219
270
|
| **POSIX** (macOS / Linux / WSL) | `curl -fsSL https://apothem.ahmedgad.com/install.sh \| sh` |
|
|
220
271
|
| **Windows** (PowerShell) | `irm https://apothem.ahmedgad.com/install.ps1 \| iex` |
|
|
221
272
|
|
|
273
|
+
The same scripts ship in a checkout under
|
|
274
|
+
[`scripts/installer/`](scripts/installer/) — `install`, `uninstall`, and
|
|
275
|
+
`update` in `.sh`, `.ps1`, and `.bat` forms — so you can run them directly
|
|
276
|
+
after cloning:
|
|
277
|
+
|
|
278
|
+
```shell
|
|
279
|
+
APOTHEM_HARNESS=claude-code sh scripts/installer/install.sh # POSIX
|
|
280
|
+
$env:APOTHEM_HARNESS = 'claude-code'; pwsh -NoProfile -File scripts/installer/install.ps1 # Windows
|
|
281
|
+
```
|
|
282
|
+
|
|
222
283
|
**Trust model (tag-pinned, verified by default).** With no `APOTHEM_REF` set,
|
|
223
284
|
the installer resolves the highest `vMAJOR.MINOR.PATCH` release tag and checks
|
|
224
285
|
*that* out — never the moving `main` branch. Before any configuration is
|
|
@@ -266,7 +327,7 @@ dependencies) — POSIX into `$HOME/.local/bin`, Windows into
|
|
|
266
327
|
`%LOCALAPPDATA%\Microsoft\WindowsApps` (a user directory already on the default
|
|
267
328
|
Windows PATH). The installer never edits your PATH. Once the directory is on
|
|
268
329
|
PATH you run `apothem <command>` directly, with no manual `PYTHONPATH`. If the
|
|
269
|
-
directory is not on PATH (or the shim
|
|
330
|
+
directory is not on PATH (or the shim was not placed), the banner prints how
|
|
270
331
|
to add it and falls back to the self-contained `PYTHONPATH=… python -m apothem`
|
|
271
332
|
form — it never advertises a bare `apothem` command the run did not resolve.
|
|
272
333
|
|
|
@@ -294,25 +355,36 @@ and re-materialize.
|
|
|
294
355
|
configuration (it prompts unless `--yes` / `-Yes`); pass `--remove-source` /
|
|
295
356
|
`-RemoveSource` to also remove the managed clone at `APOTHEM_HOME`.
|
|
296
357
|
|
|
297
|
-
Verify
|
|
358
|
+
**Verify:**
|
|
298
359
|
|
|
299
360
|
```shell
|
|
300
|
-
|
|
361
|
+
apothem verify --harness claude-code
|
|
301
362
|
|
|
302
|
-
# or
|
|
363
|
+
# or, before the shim is on PATH, from the bundled source:
|
|
303
364
|
PYTHONPATH="$HOME/.apothem/src" python -m apothem verify --harness claude-code
|
|
304
365
|
```
|
|
305
366
|
|
|
306
|
-
### VS Code family extension
|
|
367
|
+
### 4 — VS Code family extension
|
|
368
|
+
|
|
369
|
+
**Prerequisites:** VS Code, Node.js 18+, and system Python 3.10+ on `PATH`.
|
|
307
370
|
|
|
308
371
|
Install the **Apothem** extension from the
|
|
309
|
-
[Visual Studio Marketplace](https://marketplace.visualstudio.com/) —
|
|
310
|
-
extension covers VS Code and GitHub Copilot. Its commands (`Apothem:
|
|
372
|
+
[Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=ahmed-g-gad.apothem) —
|
|
373
|
+
one extension covers VS Code and GitHub Copilot. Its commands (`Apothem:
|
|
311
374
|
Install`, `Verify`, `Update`, `Uninstall`, `Doctor`) run the same engine
|
|
312
375
|
through the configured runner (`npx @ahmed-g-gad/apothem` by default). Source
|
|
313
376
|
lives under [`vscode-extension/`](vscode-extension/).
|
|
314
377
|
|
|
315
|
-
|
|
378
|
+
**Verify:** run the **Apothem: Verify** command from the editor's command
|
|
379
|
+
palette, or from a terminal:
|
|
380
|
+
|
|
381
|
+
```shell
|
|
382
|
+
npx @ahmed-g-gad/apothem verify --harness claude-code
|
|
383
|
+
```
|
|
384
|
+
|
|
385
|
+
### 5 — Gemini CLI extension
|
|
386
|
+
|
|
387
|
+
**Prerequisites:** Gemini CLI, Node.js 18+, and system Python 3.10+ on `PATH`.
|
|
316
388
|
|
|
317
389
|
Install Apothem as a Gemini CLI extension straight from the repository:
|
|
318
390
|
|
|
@@ -320,10 +392,24 @@ Install Apothem as a Gemini CLI extension straight from the repository:
|
|
|
320
392
|
gemini extensions install https://github.com/ahmed-g-gad/apothem
|
|
321
393
|
```
|
|
322
394
|
|
|
323
|
-
|
|
324
|
-
|
|
395
|
+
This extension is a bootstrap, not the full install on its own: it loads an
|
|
396
|
+
Apothem context file and adds a `/apothem` command that shells out to the
|
|
397
|
+
engine (`npx @ahmed-g-gad/apothem`). Materialize the full harness by running
|
|
398
|
+
the install through it:
|
|
399
|
+
|
|
400
|
+
```shell
|
|
401
|
+
npx @ahmed-g-gad/apothem install --harness gemini-cli --project .
|
|
402
|
+
```
|
|
403
|
+
|
|
404
|
+
**Verify:**
|
|
325
405
|
|
|
326
|
-
|
|
406
|
+
```shell
|
|
407
|
+
npx @ahmed-g-gad/apothem verify --harness gemini-cli --project .
|
|
408
|
+
```
|
|
409
|
+
|
|
410
|
+
### 6 — Qwen Code extension
|
|
411
|
+
|
|
412
|
+
**Prerequisites:** Qwen Code, Node.js 18+, and system Python 3.10+ on `PATH`.
|
|
327
413
|
|
|
328
414
|
Install Apothem as a Qwen Code extension straight from the repository:
|
|
329
415
|
|
|
@@ -331,11 +417,24 @@ Install Apothem as a Qwen Code extension straight from the repository:
|
|
|
331
417
|
qwen extensions install ahmed-g-gad/apothem
|
|
332
418
|
```
|
|
333
419
|
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
420
|
+
Like the Gemini CLI extension, this is a bootstrap: it loads an Apothem context
|
|
421
|
+
file (`QWEN.md`) and shells out to the engine; materialize the full harness by
|
|
422
|
+
running the install through it. Qwen Code also installs Gemini CLI extensions
|
|
423
|
+
and Claude Code marketplace plugins directly, so those entries work as well.
|
|
337
424
|
|
|
338
|
-
|
|
425
|
+
```shell
|
|
426
|
+
npx @ahmed-g-gad/apothem install --harness qwen-code
|
|
427
|
+
```
|
|
428
|
+
|
|
429
|
+
**Verify:**
|
|
430
|
+
|
|
431
|
+
```shell
|
|
432
|
+
npx @ahmed-g-gad/apothem verify --harness qwen-code
|
|
433
|
+
```
|
|
434
|
+
|
|
435
|
+
### 7 — Codex plugin
|
|
436
|
+
|
|
437
|
+
**Prerequisites:** Codex, Node.js 18+, and system Python 3.10+ on `PATH`.
|
|
339
438
|
|
|
340
439
|
Add the repository as a Codex plugin marketplace, then install the plugin:
|
|
341
440
|
|
|
@@ -344,12 +443,46 @@ codex plugin marketplace add ahmed-g-gad/apothem
|
|
|
344
443
|
codex plugin add apothem@apothem
|
|
345
444
|
```
|
|
346
445
|
|
|
347
|
-
|
|
446
|
+
Like the Gemini CLI and Qwen Code extensions, this is a bootstrap that shells
|
|
447
|
+
out to the engine; materialize the full harness by running the install through
|
|
448
|
+
it:
|
|
449
|
+
|
|
450
|
+
```shell
|
|
451
|
+
npx @ahmed-g-gad/apothem install --harness codex
|
|
452
|
+
```
|
|
453
|
+
|
|
454
|
+
**Verify:**
|
|
455
|
+
|
|
456
|
+
```shell
|
|
457
|
+
npx @ahmed-g-gad/apothem verify --harness codex
|
|
458
|
+
```
|
|
459
|
+
|
|
460
|
+
### 8 — Direct engine (`python -m apothem`)
|
|
461
|
+
|
|
462
|
+
**Prerequisites:** system Python 3.10+ with the `click` and `rich` packages
|
|
463
|
+
importable; a checkout of the repository. No Node.js required.
|
|
464
|
+
|
|
465
|
+
Run the self-contained engine straight from a clone — the source tree carries
|
|
466
|
+
its vendored dependencies, so `PYTHONPATH=src` is the whole setup:
|
|
467
|
+
|
|
468
|
+
```shell
|
|
469
|
+
git clone https://github.com/ahmed-g-gad/apothem
|
|
470
|
+
cd apothem
|
|
471
|
+
PYTHONPATH=src python -m apothem install --harness claude-code
|
|
472
|
+
```
|
|
473
|
+
|
|
474
|
+
**Verify:**
|
|
475
|
+
|
|
476
|
+
```shell
|
|
477
|
+
PYTHONPATH=src python -m apothem verify --harness claude-code
|
|
478
|
+
```
|
|
479
|
+
|
|
480
|
+
### Every other tool (OpenCode and adapter-only harnesses)
|
|
348
481
|
|
|
349
482
|
Some tools — OpenCode among them — expose no separate plugin or extension
|
|
350
483
|
registry for a configuration manager; their native surface is their own config
|
|
351
|
-
directory. Apothem syncs those directly through the npm shim
|
|
352
|
-
installers:
|
|
484
|
+
directory. Apothem syncs those directly through the npm shim (channel 2), the
|
|
485
|
+
one-shot installers (channel 3), or the direct engine (channel 8):
|
|
353
486
|
|
|
354
487
|
```shell
|
|
355
488
|
npx @ahmed-g-gad/apothem install --harness opencode
|
|
@@ -387,7 +520,7 @@ graph LR
|
|
|
387
520
|
A --> OC["~/.config/opencode/<br/>OpenCode"]
|
|
388
521
|
A --> QW["~/.qwen/<br/>Qwen Code"]
|
|
389
522
|
A --> TR["project .trae/rules<br/>Trae"]
|
|
390
|
-
A --> WI["project .devin/rules<br/>Windsurf (Devin Desktop)"]
|
|
523
|
+
A --> WI["project .devin/rules (.windsurf/rules fallback)<br/>Windsurf (Devin Desktop)"]
|
|
391
524
|
A --> ZE["project .rules<br/>Zed"]
|
|
392
525
|
A --> KM["project AGENTS.md + .kimi-code/<br/>Kimi Code"]
|
|
393
526
|
A --> GL["project .apothem/providers/glm.toml<br/>GLM (Z.ai)"]
|
package/bin/apothem.mjs
CHANGED
|
@@ -19,9 +19,21 @@ const packageRoot = fileURLToPath(new URL("..", import.meta.url));
|
|
|
19
19
|
const vendorPath = join(packageRoot, "src", "apothem", "_vendor");
|
|
20
20
|
const sourcePath = join(packageRoot, "src");
|
|
21
21
|
|
|
22
|
+
// The probe both enforces the version floor and rejects the Microsoft Store
|
|
23
|
+
// launcher shims (zero-byte stubs under AppData\Local\Microsoft\WindowsApps).
|
|
24
|
+
// Those stubs satisfy `python`/`py` on PATH but, when executed, open the Store
|
|
25
|
+
// install page instead of running Python — every other entry path (install.sh
|
|
26
|
+
// via hooks/lib/find-python.sh, install.ps1) already rejects them. `sys.base_prefix`
|
|
27
|
+
// is printed so a real interpreter can be distinguished from a shim by path.
|
|
22
28
|
const versionProbe =
|
|
23
|
-
"import sys;
|
|
24
|
-
`(${MIN_PYTHON[0]}, ${MIN_PYTHON[1]}) else
|
|
29
|
+
"import sys; " +
|
|
30
|
+
`sys.exit(1) if sys.version_info[:2] < (${MIN_PYTHON[0]}, ${MIN_PYTHON[1]}) else ` +
|
|
31
|
+
"print(sys.executable or '')";
|
|
32
|
+
|
|
33
|
+
/** True when a resolved interpreter path is a Microsoft Store launcher shim. */
|
|
34
|
+
function isWindowsAppsShim(execPath) {
|
|
35
|
+
return /[\\/]Microsoft[\\/]WindowsApps[\\/]/i.test(execPath);
|
|
36
|
+
}
|
|
25
37
|
|
|
26
38
|
/** Interpreter candidates, ordered; each is [command, ...leading args]. */
|
|
27
39
|
const candidates = [];
|
|
@@ -33,9 +45,15 @@ candidates.push(["python3"], ["python"], ["py", "-3"]);
|
|
|
33
45
|
function probe(candidate) {
|
|
34
46
|
const [command, ...lead] = candidate;
|
|
35
47
|
const result = spawnSync(command, [...lead, "-c", versionProbe], {
|
|
36
|
-
|
|
48
|
+
encoding: "utf8",
|
|
37
49
|
});
|
|
38
|
-
|
|
50
|
+
if (result.status !== 0) {
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
53
|
+
// Reject the Store shim: it can exit 0 on the probe yet trigger a Store
|
|
54
|
+
// popup (or fail) on the real invocation.
|
|
55
|
+
const execPath = (result.stdout || "").trim();
|
|
56
|
+
return !isWindowsAppsShim(execPath);
|
|
39
57
|
}
|
|
40
58
|
|
|
41
59
|
const interpreter = candidates.find(probe);
|
|
@@ -75,4 +93,20 @@ const run = spawnSync(command, [...lead, "-m", "apothem", ...process.argv.slice(
|
|
|
75
93
|
stdio: "inherit",
|
|
76
94
|
env,
|
|
77
95
|
});
|
|
96
|
+
|
|
97
|
+
// A spawn-level failure (ENOENT: interpreter vanished between probe and run;
|
|
98
|
+
// EPERM: not executable) leaves `run.status` null with the cause in `run.error`
|
|
99
|
+
// — report it instead of exiting a bare 1. A signal termination likewise leaves
|
|
100
|
+
// `status` null; surface the signal so a killed child is not mistaken for a
|
|
101
|
+
// clean exit.
|
|
102
|
+
if (run.error) {
|
|
103
|
+
process.stderr.write(
|
|
104
|
+
`apothem: failed to run '${command}': ${run.error.message}\n`,
|
|
105
|
+
);
|
|
106
|
+
process.exit(1);
|
|
107
|
+
}
|
|
108
|
+
if (run.signal) {
|
|
109
|
+
process.stderr.write(`apothem: interpreter terminated by signal ${run.signal}\n`);
|
|
110
|
+
process.exit(1);
|
|
111
|
+
}
|
|
78
112
|
process.exit(run.status ?? 1);
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ahmed-g-gad/apothem",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Host-agnostic AI-harness configuration manager: one shared profile materializes native configs for seventeen AI assistant harnesses, syncing rules,
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Host-agnostic AI-harness configuration manager: one shared profile materializes native configs for seventeen AI assistant harnesses, syncing rules, slash-commands, skills, hooks, output-styles, settings, schemas, and docs behind a conformity governance gate and signed releases.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"agent",
|
|
7
7
|
"agnostic",
|
|
@@ -59,6 +59,12 @@
|
|
|
59
59
|
"files": [
|
|
60
60
|
"bin/",
|
|
61
61
|
"src/apothem/",
|
|
62
|
+
"!**/__pycache__",
|
|
63
|
+
"!**/*.pyc",
|
|
64
|
+
"!**/*.pyo",
|
|
65
|
+
"!**/.mypy_cache",
|
|
66
|
+
"!**/.pytest_cache",
|
|
67
|
+
"!**/.ruff_cache",
|
|
62
68
|
"pyproject.toml",
|
|
63
69
|
"LICENSE",
|
|
64
70
|
"LICENSES/",
|
package/pyproject.toml
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
# SPDX-License-Identifier: MIT
|
|
2
2
|
|
|
3
3
|
[build-system]
|
|
4
|
-
|
|
4
|
+
# Modern setuptools builds wheels natively; a separate "wheel" requirement is
|
|
5
|
+
# no longer part of the recommended configuration on packaging.python.org.
|
|
6
|
+
requires = ["setuptools>=77.0"]
|
|
5
7
|
build-backend = "setuptools.build_meta"
|
|
6
8
|
|
|
7
9
|
[project]
|
|
8
10
|
name = "apothem"
|
|
9
|
-
version = "0.
|
|
11
|
+
version = "1.0.0"
|
|
10
12
|
description = "Host-agnostic AI-harness configuration manager: one shared profile materializes native configs for seventeen AI assistant harnesses, syncing rules, skills, slash-commands, hooks, and MCP servers behind a conformity governance gate and signed releases."
|
|
11
13
|
requires-python = ">=3.10"
|
|
12
14
|
readme = "README.md"
|
|
@@ -59,11 +61,11 @@ Homepage = "https://apothem.ahmedgad.com/"
|
|
|
59
61
|
Documentation = "https://apothem.ahmedgad.com/docs/usage/"
|
|
60
62
|
Reference = "https://apothem.ahmedgad.com/docs/reference/"
|
|
61
63
|
Architecture = "https://apothem.ahmedgad.com/docs/architecture/"
|
|
62
|
-
Repository = "https://github.com/
|
|
63
|
-
Issues = "https://github.com/
|
|
64
|
-
Discussions = "https://github.com/
|
|
65
|
-
Changelog = "https://github.com/
|
|
66
|
-
Security = "https://github.com/
|
|
64
|
+
Repository = "https://github.com/Ahmed-G-Gad/apothem"
|
|
65
|
+
Issues = "https://github.com/Ahmed-G-Gad/apothem/issues"
|
|
66
|
+
Discussions = "https://github.com/Ahmed-G-Gad/apothem/discussions"
|
|
67
|
+
Changelog = "https://github.com/Ahmed-G-Gad/apothem/blob/main/CHANGELOG.md"
|
|
68
|
+
Security = "https://github.com/Ahmed-G-Gad/apothem/security"
|
|
67
69
|
Brand = "https://apothem.ahmedgad.com/docs/brand/"
|
|
68
70
|
|
|
69
71
|
# Console scripts are intentionally absent: apothem installs as a per-harness
|
|
@@ -176,18 +178,24 @@ where = ["src"]
|
|
|
176
178
|
|
|
177
179
|
[project.optional-dependencies]
|
|
178
180
|
dev = [
|
|
179
|
-
|
|
181
|
+
# Floor at 0.15.20: 0.15.17 introduced (and 0.15.20 removed) rule RUF076,
|
|
182
|
+
# so pinning past the removal keeps selector behavior stable across
|
|
183
|
+
# contributor environments.
|
|
184
|
+
"ruff>=0.15.20",
|
|
180
185
|
"mypy>=2.1.0",
|
|
181
186
|
"types-PyYAML>=6.0.12.20260518",
|
|
182
187
|
"types-jsonschema>=4.26.0.20260518",
|
|
183
|
-
"pytest>=9.
|
|
188
|
+
"pytest>=9.1.1",
|
|
184
189
|
"pytest-cov>=7.1.0",
|
|
185
190
|
"pytest-xdist>=3.8.0",
|
|
186
191
|
# Hypothesis ratifies the property-test surface that feeds the OpenSSF
|
|
187
192
|
# Scorecard Fuzzing check. Property tests at tests/property/ exercise
|
|
188
193
|
# invariants (round-trip, idempotence, schema-validity) across
|
|
189
194
|
# auto-generated inputs across the search space.
|
|
190
|
-
|
|
195
|
+
# Floor below 6.156.0: that release begins the Rust-internals migration
|
|
196
|
+
# (native wheels; source builds need a Rust toolchain). Verify wheel
|
|
197
|
+
# coverage for every CI OS/arch target before floating past it.
|
|
198
|
+
"hypothesis>=6.155.7",
|
|
191
199
|
]
|
|
192
200
|
security = [
|
|
193
201
|
"bandit[toml]>=1.9.4",
|
|
@@ -264,13 +272,15 @@ ignore = ["E501"]
|
|
|
264
272
|
# in the fixture's pass/fail counterparts, not authored in
|
|
265
273
|
# real source.
|
|
266
274
|
"tests/conformity/**" = ["E722", "S105", "S110", "F841", "BLE001"]
|
|
267
|
-
# The hook
|
|
268
|
-
#
|
|
269
|
-
# at-top rules cannot
|
|
270
|
-
#
|
|
271
|
-
#
|
|
272
|
-
|
|
273
|
-
"src/apothem/hooks/
|
|
275
|
+
# The hook entrypoints (dispatch.py, emit_hook_context.py, and
|
|
276
|
+
# session_start_bootstrap.py) manipulate sys.path before importing
|
|
277
|
+
# local helpers, so import-sort and module-import-at-top rules cannot
|
|
278
|
+
# apply uniformly. The fail-open try/except/pass (S110) is intentional
|
|
279
|
+
# per the dispatcher's contract: hook context is advisory and must
|
|
280
|
+
# never block the underlying tool call.
|
|
281
|
+
"src/apothem/hooks/dispatch.py" = ["E402", "I001", "S110"]
|
|
282
|
+
"src/apothem/hooks/emit_hook_context.py" = ["E402", "I001"]
|
|
283
|
+
"src/apothem/hooks/session_start_bootstrap.py" = ["E402", "I001"]
|
|
274
284
|
# Tooling scripts invoke subprocesses with controlled, internally-
|
|
275
285
|
# constructed argument vectors. The S603 / S607 security rules
|
|
276
286
|
# generalize to "untrusted input" but the inputs here are always
|
package/src/apothem/__main__.py
CHANGED
|
@@ -25,4 +25,10 @@ if __name__ == "__main__":
|
|
|
25
25
|
# pipe or redirect. The group-callback call remains as defense-in-depth
|
|
26
26
|
# for a direct ``apothem.cli.main`` import that bypasses this entry.
|
|
27
27
|
_configure_stdio()
|
|
28
|
-
|
|
28
|
+
# Pin the completion trigger. Click derives the completion env var from
|
|
29
|
+
# the detected program name, which under ``python -m apothem`` is
|
|
30
|
+
# "python -m apothem" — an unmatchable variable name — so the emitted
|
|
31
|
+
# completion scripts (which all set ``_APOTHEM_COMPLETE``) would never
|
|
32
|
+
# engage. Pinning complete_var keeps shell completion working on every
|
|
33
|
+
# invocation surface without altering usage strings.
|
|
34
|
+
raise SystemExit(main(complete_var="_APOTHEM_COMPLETE"))
|
|
@@ -19,4 +19,8 @@ jsonschema-specifications==2025.9.1
|
|
|
19
19
|
referencing==0.37.0
|
|
20
20
|
typing_extensions==4.15.0
|
|
21
21
|
PyYAML==6.0.3
|
|
22
|
+
# rpds-py: upstream moved to CalVer after 0.x; 0.30.0 was the final 0.x
|
|
23
|
+
# release and is the intentionally-frozen API anchor the apothem-authored
|
|
24
|
+
# pure-Python rpds shim mirrors. Do not bump this pin to a CalVer tag — the
|
|
25
|
+
# shim tracks the 0.30.0 API subset, not the upstream distribution.
|
|
22
26
|
rpds-py==0.30.0 # upstream API anchor for the apothem-authored rpds shim
|
|
@@ -4,7 +4,7 @@ version: "0.1.0"
|
|
|
4
4
|
updated: "2026-06-23"
|
|
5
5
|
description: "Read-only dependency-tree risk audit — flags unpinned, stale, duplicate, and known-vulnerable dependencies with manifest/lockfile evidence. Use when auditing supply-chain risk, before a release cut, after adding a dependency, or when a CVE/advisory lands. Detects the ecosystem via host-discovery: npm (package.json + package-lock/yarn/pnpm), pip (pyproject/requirements + lock), cargo (Cargo.toml + Cargo.lock), go (go.mod + go.sum). Runs npm audit / pip-audit / cargo audit / govulncheck and returns a risk-ranked table (known-vulnerable → unpinned → duplicate → stale) with per-row evidence; never widens a pin or escalates a scope — gaps surface as inquiry."
|
|
6
6
|
tools: "Read, Glob, Grep, Bash"
|
|
7
|
-
disallowedTools: "Write, Edit"
|
|
7
|
+
disallowedTools: "Write, Edit, TodoWrite"
|
|
8
8
|
maxTurns: 15
|
|
9
9
|
# maxTurns rationale: 15 exceeds the 5–10 norm because a dependency audit reads the manifest and
|
|
10
10
|
# lockfile, enumerates direct and transitive entries, and runs the host's audit tooling
|
|
@@ -4,7 +4,7 @@ version: "0.1.0"
|
|
|
4
4
|
updated: "2026-06-23"
|
|
5
5
|
description: "Read-only adversarial claim verification — decompose input into atomic claims, seek ≥2 independent sources, attempt refutation, assign cited verdicts (supported / refuted / unverifiable) with quoted evidence and confidence. Use when a claim needs proof before it ships: a benchmark or statistic in docs/copy, a 'X is faster/safer than Y' assertion, a citation that names an RFC or spec, a release note, or any factual claim a reviewer would challenge. Routes external claims through WebSearch / WebFetch and repository claims through Read / Glob / Grep; defaults to refuted-or-unverifiable when evidence is insufficient, never a charitable supported."
|
|
6
6
|
tools: "Read, Glob, Grep, WebSearch, WebFetch"
|
|
7
|
-
disallowedTools: "Write, Edit"
|
|
7
|
+
disallowedTools: "Write, Edit, TodoWrite"
|
|
8
8
|
maxTurns: 15
|
|
9
9
|
# maxTurns rationale: 15 exceeds the 5–10 norm because adversarial verification requires
|
|
10
10
|
# sequential search → fetch → cross-reference chains per claim. Each claim needs ≥2 independent
|