@ahmed-g-gad/apothem 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -0
- package/LICENSE +21 -0
- package/LICENSES/MIT.txt +18 -0
- package/LICENSES/PSF-2.0.txt +47 -0
- package/README.md +549 -0
- package/bin/README.md +37 -0
- package/bin/apothem.mjs +78 -0
- package/package.json +75 -0
- package/pyproject.toml +347 -0
- package/src/apothem/README.md +52 -0
- package/src/apothem/__init__.py +66 -0
- package/src/apothem/__main__.py +28 -0
- package/src/apothem/_vendor/.keep +0 -0
- package/src/apothem/_vendor/__init__.py +25 -0
- package/src/apothem/_vendor/attr/__init__.py +104 -0
- package/src/apothem/_vendor/attr/__init__.pyi +389 -0
- package/src/apothem/_vendor/attr/_cmp.py +160 -0
- package/src/apothem/_vendor/attr/_cmp.pyi +13 -0
- package/src/apothem/_vendor/attr/_compat.py +99 -0
- package/src/apothem/_vendor/attr/_config.py +31 -0
- package/src/apothem/_vendor/attr/_funcs.py +497 -0
- package/src/apothem/_vendor/attr/_make.py +3406 -0
- package/src/apothem/_vendor/attr/_next_gen.py +674 -0
- package/src/apothem/_vendor/attr/_typing_compat.pyi +15 -0
- package/src/apothem/_vendor/attr/_version_info.py +89 -0
- package/src/apothem/_vendor/attr/_version_info.pyi +9 -0
- package/src/apothem/_vendor/attr/converters.py +162 -0
- package/src/apothem/_vendor/attr/converters.pyi +19 -0
- package/src/apothem/_vendor/attr/exceptions.py +95 -0
- package/src/apothem/_vendor/attr/exceptions.pyi +17 -0
- package/src/apothem/_vendor/attr/filters.py +72 -0
- package/src/apothem/_vendor/attr/filters.pyi +6 -0
- package/src/apothem/_vendor/attr/py.typed +0 -0
- package/src/apothem/_vendor/attr/setters.py +79 -0
- package/src/apothem/_vendor/attr/setters.pyi +20 -0
- package/src/apothem/_vendor/attr/validators.py +750 -0
- package/src/apothem/_vendor/attr/validators.pyi +140 -0
- package/src/apothem/_vendor/attr.LICENSE +21 -0
- package/src/apothem/_vendor/attrs/__init__.py +72 -0
- package/src/apothem/_vendor/attrs/__init__.pyi +314 -0
- package/src/apothem/_vendor/attrs/converters.py +3 -0
- package/src/apothem/_vendor/attrs/exceptions.py +3 -0
- package/src/apothem/_vendor/attrs/filters.py +3 -0
- package/src/apothem/_vendor/attrs/py.typed +0 -0
- package/src/apothem/_vendor/attrs/setters.py +3 -0
- package/src/apothem/_vendor/attrs/validators.py +3 -0
- package/src/apothem/_vendor/attrs.LICENSE +21 -0
- package/src/apothem/_vendor/jsonschema/__init__.py +120 -0
- package/src/apothem/_vendor/jsonschema/__main__.py +6 -0
- package/src/apothem/_vendor/jsonschema/_format.py +546 -0
- package/src/apothem/_vendor/jsonschema/_keywords.py +449 -0
- package/src/apothem/_vendor/jsonschema/_legacy_keywords.py +449 -0
- package/src/apothem/_vendor/jsonschema/_types.py +204 -0
- package/src/apothem/_vendor/jsonschema/_typing.py +29 -0
- package/src/apothem/_vendor/jsonschema/_utils.py +355 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/__init__.py +5 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/const_vs_enum.py +30 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/contains.py +28 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/import_benchmark.py +31 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/issue232/issue.json +2653 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/issue232.py +25 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/json_schema_test_suite.py +12 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/nested_schemas.py +56 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/subcomponents.py +42 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/unused_registry.py +35 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/useless_applicator_schemas.py +106 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/useless_keywords.py +32 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/validator_creation.py +14 -0
- package/src/apothem/_vendor/jsonschema/cli.py +292 -0
- package/src/apothem/_vendor/jsonschema/exceptions.py +490 -0
- package/src/apothem/_vendor/jsonschema/protocols.py +230 -0
- package/src/apothem/_vendor/jsonschema/validators.py +1410 -0
- package/src/apothem/_vendor/jsonschema.LICENSE +19 -0
- package/src/apothem/_vendor/jsonschema_specifications/__init__.py +12 -0
- package/src/apothem/_vendor/jsonschema_specifications/_core.py +38 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/metaschema.json +42 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/applicator +56 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/content +17 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/core +57 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/format +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/meta-data +37 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/validation +98 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/metaschema.json +58 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/applicator +48 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/content +17 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/core +51 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/format-annotation +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/format-assertion +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/meta-data +37 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/unevaluated +15 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/validation +98 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft3/metaschema.json +172 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft4/metaschema.json +149 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft6/metaschema.json +153 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft7/metaschema.json +166 -0
- package/src/apothem/_vendor/jsonschema_specifications.LICENSE +19 -0
- package/src/apothem/_vendor/referencing/__init__.py +7 -0
- package/src/apothem/_vendor/referencing/_attrs.py +31 -0
- package/src/apothem/_vendor/referencing/_attrs.pyi +21 -0
- package/src/apothem/_vendor/referencing/_core.py +739 -0
- package/src/apothem/_vendor/referencing/exceptions.py +165 -0
- package/src/apothem/_vendor/referencing/jsonschema.py +642 -0
- package/src/apothem/_vendor/referencing/py.typed +0 -0
- package/src/apothem/_vendor/referencing/retrieval.py +94 -0
- package/src/apothem/_vendor/referencing/typing.py +61 -0
- package/src/apothem/_vendor/referencing.LICENSE +19 -0
- package/src/apothem/_vendor/rpds/__init__.py +251 -0
- package/src/apothem/_vendor/typing_extensions.LICENSE +279 -0
- package/src/apothem/_vendor/typing_extensions.py +4317 -0
- package/src/apothem/_vendor/vendor.txt +22 -0
- package/src/apothem/_vendor/yaml/__init__.py +389 -0
- package/src/apothem/_vendor/yaml/composer.py +138 -0
- package/src/apothem/_vendor/yaml/constructor.py +748 -0
- package/src/apothem/_vendor/yaml/cyaml.py +100 -0
- package/src/apothem/_vendor/yaml/dumper.py +61 -0
- package/src/apothem/_vendor/yaml/emitter.py +1137 -0
- package/src/apothem/_vendor/yaml/error.py +74 -0
- package/src/apothem/_vendor/yaml/events.py +85 -0
- package/src/apothem/_vendor/yaml/loader.py +63 -0
- package/src/apothem/_vendor/yaml/nodes.py +48 -0
- package/src/apothem/_vendor/yaml/parser.py +588 -0
- package/src/apothem/_vendor/yaml/reader.py +185 -0
- package/src/apothem/_vendor/yaml/representer.py +388 -0
- package/src/apothem/_vendor/yaml/resolver.py +226 -0
- package/src/apothem/_vendor/yaml/scanner.py +1435 -0
- package/src/apothem/_vendor/yaml/serializer.py +110 -0
- package/src/apothem/_vendor/yaml/tokens.py +103 -0
- package/src/apothem/_vendor/yaml.LICENSE +20 -0
- package/src/apothem/agents/README.md +60 -0
- package/src/apothem/agents/codebase-explorer.md +91 -0
- package/src/apothem/agents/convention-auditor.md +93 -0
- package/src/apothem/agents/dependency-auditor.md +97 -0
- package/src/apothem/agents/fact-checker.md +84 -0
- package/src/apothem/agents/mcp-builder.md +86 -0
- package/src/apothem/agents/memory-auditor.md +93 -0
- package/src/apothem/agents/prompt-evaluator.md +87 -0
- package/src/apothem/agents/quality-gate.md +103 -0
- package/src/apothem/agents/refactor-surgeon.md +74 -0
- package/src/apothem/agents/research-scout.md +73 -0
- package/src/apothem/agents/security-scanner.md +83 -0
- package/src/apothem/agents/test-runner.md +84 -0
- package/src/apothem/audit/README.md +73 -0
- package/src/apothem/audit/_scan_lib.py +182 -0
- package/src/apothem/audit/analyze_graph.py +260 -0
- package/src/apothem/audit/build_capability_graph.py +607 -0
- package/src/apothem/audit/build_inventory.py +657 -0
- package/src/apothem/audit/build_plans_provenance.py +997 -0
- package/src/apothem/audit/check_links.py +389 -0
- package/src/apothem/audit/classify_artifacts.py +381 -0
- package/src/apothem/audit/deprecated-tokens.txt +10 -0
- package/src/apothem/audit/execute_plans_migration.py +491 -0
- package/src/apothem/audit/known-projects.txt +15 -0
- package/src/apothem/audit/render_capability_index.py +467 -0
- package/src/apothem/audit/render_inventory.py +405 -0
- package/src/apothem/audit/scan_ai_surfaces.py +1125 -0
- package/src/apothem/audit/scan_ai_surfaces_coarse.py +261 -0
- package/src/apothem/audit/scan_drift_features.py +143 -0
- package/src/apothem/audit/scan_frontmatter.py +293 -0
- package/src/apothem/audit/scan_header_coverage.py +1134 -0
- package/src/apothem/audit/scan_plan_leakage.py +540 -0
- package/src/apothem/audit/scan_plans_discipline.py +188 -0
- package/src/apothem/audit/scan_secrets_pii.py +245 -0
- package/src/apothem/audit/scan_stale_tokens.py +296 -0
- package/src/apothem/audit/synthesize_drift.py +205 -0
- package/src/apothem/benchmarks/README.md +33 -0
- package/src/apothem/benchmarks/__init__.py +3 -0
- package/src/apothem/benchmarks/bench_agents.py +63 -0
- package/src/apothem/benchmarks/bench_hooks.py +93 -0
- package/src/apothem/benchmarks/bench_install.py +58 -0
- package/src/apothem/benchmarks/bench_tests.py +93 -0
- package/src/apothem/benchmarks/bench_validate_ecosystem.py +84 -0
- package/src/apothem/cli/README.md +33 -0
- package/src/apothem/cli/__init__.py +229 -0
- package/src/apothem/cli/_cmd_completion.py +88 -0
- package/src/apothem/cli/_cmd_diff.py +181 -0
- package/src/apothem/cli/_cmd_doctor.py +143 -0
- package/src/apothem/cli/_cmd_harnesses.py +167 -0
- package/src/apothem/cli/_cmd_install.py +327 -0
- package/src/apothem/cli/_cmd_migrate_workspace.py +143 -0
- package/src/apothem/cli/_cmd_profile.py +341 -0
- package/src/apothem/cli/_cmd_status.py +180 -0
- package/src/apothem/cli/_cmd_uninstall.py +215 -0
- package/src/apothem/cli/_cmd_update.py +397 -0
- package/src/apothem/cli/_cmd_verify.py +194 -0
- package/src/apothem/cli/_common_flags.py +90 -0
- package/src/apothem/cli/_epilogs.py +296 -0
- package/src/apothem/cli/_helpers.py +857 -0
- package/src/apothem/cli/_json_formatter.py +21 -0
- package/src/apothem/cli/_materialize.py +376 -0
- package/src/apothem/cli/completions/apothem.bash +30 -0
- package/src/apothem/cli/completions/apothem.fish +19 -0
- package/src/apothem/cli/completions/apothem.ps1 +27 -0
- package/src/apothem/cli/completions/apothem.zsh +42 -0
- package/src/apothem/cli/reference_export.py +126 -0
- package/src/apothem/commands/README.md +125 -0
- package/src/apothem/commands/a11y-audit.md +203 -0
- package/src/apothem/commands/architecture-review.md +194 -0
- package/src/apothem/commands/audit.md +165 -0
- package/src/apothem/commands/code-audit.md +218 -0
- package/src/apothem/commands/code-review.md +193 -0
- package/src/apothem/commands/dependency-audit.md +209 -0
- package/src/apothem/commands/docs-review.md +199 -0
- package/src/apothem/commands/elevate.md +285 -0
- package/src/apothem/commands/eval.md +149 -0
- package/src/apothem/commands/fortress.md +172 -0
- package/src/apothem/commands/freshify.md +168 -0
- package/src/apothem/commands/github-deploy-fresh.md +178 -0
- package/src/apothem/commands/github-deploy-next.md +167 -0
- package/src/apothem/commands/perf-audit.md +198 -0
- package/src/apothem/commands/plan-amend.md +104 -0
- package/src/apothem/commands/plan-audit.md +127 -0
- package/src/apothem/commands/plan-design.md +257 -0
- package/src/apothem/commands/plan-execute.md +495 -0
- package/src/apothem/commands/plan-generate.md +351 -0
- package/src/apothem/commands/plan-review.md +555 -0
- package/src/apothem/commands/plan-spec.md +359 -0
- package/src/apothem/commands/plan-status.md +222 -0
- package/src/apothem/commands/plan.md +173 -0
- package/src/apothem/commands/projectify.md +142 -0
- package/src/apothem/commands/release-readiness.md +142 -0
- package/src/apothem/commands/research-analysis.md +241 -0
- package/src/apothem/commands/research-design.md +231 -0
- package/src/apothem/commands/research-disseminate.md +225 -0
- package/src/apothem/commands/research-experiment.md +232 -0
- package/src/apothem/commands/research-ideate.md +213 -0
- package/src/apothem/commands/research-paper.md +252 -0
- package/src/apothem/commands/research-proposal.md +220 -0
- package/src/apothem/commands/research-publish.md +255 -0
- package/src/apothem/commands/research-review.md +251 -0
- package/src/apothem/commands/research-sources.md +266 -0
- package/src/apothem/commands/research-spec.md +255 -0
- package/src/apothem/commands/research-synthesis.md +233 -0
- package/src/apothem/commands/research-theory.md +218 -0
- package/src/apothem/commands/research.md +181 -0
- package/src/apothem/commands/security-audit.md +196 -0
- package/src/apothem/commands/supply-chain-audit.md +192 -0
- package/src/apothem/commands/test-suite.md +146 -0
- package/src/apothem/commands/threat-model-audit.md +199 -0
- package/src/apothem/commands/ux-review.md +202 -0
- package/src/apothem/commands/workflow.md +162 -0
- package/src/apothem/conformity/README.md +173 -0
- package/src/apothem/conformity/__init__.py +1 -0
- package/src/apothem/conformity/_grep_base.py +93 -0
- package/src/apothem/conformity/agent_capability_grep.py +306 -0
- package/src/apothem/conformity/agents_md_coverage_grep.py +382 -0
- package/src/apothem/conformity/agnosticism_grep.py +311 -0
- package/src/apothem/conformity/always_on_budget_grep.py +318 -0
- package/src/apothem/conformity/bare_except_grep.py +115 -0
- package/src/apothem/conformity/binding_reciprocity_grep.py +151 -0
- package/src/apothem/conformity/brand_mark_grep.py +272 -0
- package/src/apothem/conformity/commented_out_code_grep.py +176 -0
- package/src/apothem/conformity/completion_claim_grep.py +169 -0
- package/src/apothem/conformity/conventional_commit_grep.py +319 -0
- package/src/apothem/conformity/copilot_instructions_presence_grep.py +324 -0
- package/src/apothem/conformity/cross_platform_matrix_grep.py +297 -0
- package/src/apothem/conformity/determinism_grep.py +306 -0
- package/src/apothem/conformity/diagram_staleness_grep.py +154 -0
- package/src/apothem/conformity/dynamism_grep.py +284 -0
- package/src/apothem/conformity/editorconfig_presence_grep.py +281 -0
- package/src/apothem/conformity/file_header_grep.py +502 -0
- package/src/apothem/conformity/freshness_token_grep.py +233 -0
- package/src/apothem/conformity/frontmatter_grep.py +274 -0
- package/src/apothem/conformity/frontmatter_value_grep.py +386 -0
- package/src/apothem/conformity/gate.py +1386 -0
- package/src/apothem/conformity/gitattributes_presence_grep.py +238 -0
- package/src/apothem/conformity/harden_runner_grep.py +320 -0
- package/src/apothem/conformity/hedging_grep.py +129 -0
- package/src/apothem/conformity/license_author_consistency_grep.py +204 -0
- package/src/apothem/conformity/link_check.py +327 -0
- package/src/apothem/conformity/magic_number_grep.py +182 -0
- package/src/apothem/conformity/multi_surface_coherence_grep.py +620 -0
- package/src/apothem/conformity/naming_grep.py +224 -0
- package/src/apothem/conformity/no_global_plans_grep.py +339 -0
- package/src/apothem/conformity/no_toplevel_docs_grep.py +120 -0
- package/src/apothem/conformity/oidc_trusted_publishing_grep.py +291 -0
- package/src/apothem/conformity/option_annotation_grep.py +352 -0
- package/src/apothem/conformity/orphan_output_grep.py +206 -0
- package/src/apothem/conformity/permissions_minimum_scope_grep.py +299 -0
- package/src/apothem/conformity/plain_language_grep.py +559 -0
- package/src/apothem/conformity/plan_next_step_consistency_grep.py +450 -0
- package/src/apothem/conformity/plan_suite_structure_grep.py +534 -0
- package/src/apothem/conformity/plans_discipline_language_grep.py +245 -0
- package/src/apothem/conformity/production_ready_pr_grep.py +200 -0
- package/src/apothem/conformity/recommend_next_step_grep.py +250 -0
- package/src/apothem/conformity/redundancy_grep.py +401 -0
- package/src/apothem/conformity/reference_token_grep.py +230 -0
- package/src/apothem/conformity/registry_capability_consistency_grep.py +368 -0
- package/src/apothem/conformity/secret_leak_grep.py +193 -0
- package/src/apothem/conformity/semver_stability_grep.py +358 -0
- package/src/apothem/conformity/smoke_install_grep.py +194 -0
- package/src/apothem/conformity/static_version_grep.py +284 -0
- package/src/apothem/conformity/token_efficiency_grep.py +185 -0
- package/src/apothem/conformity/unpinned_action_grep.py +115 -0
- package/src/apothem/conformity/user_confirm_grep.py +74 -0
- package/src/apothem/conformity/workflow_concurrency_grep.py +283 -0
- package/src/apothem/harnesses/README.md +63 -0
- package/src/apothem/harnesses/__init__.py +16 -0
- package/src/apothem/harnesses/_shared/README.md +36 -0
- package/src/apothem/harnesses/_shared/__init__.py +12 -0
- package/src/apothem/harnesses/_shared/install_driver.py +281 -0
- package/src/apothem/harnesses/_shared/install_driver_apply.py +612 -0
- package/src/apothem/harnesses/_shared/install_driver_backup.py +535 -0
- package/src/apothem/harnesses/_shared/install_driver_converters.py +310 -0
- package/src/apothem/harnesses/_shared/install_driver_lifecycle.py +495 -0
- package/src/apothem/harnesses/_shared/install_driver_materialize.py +675 -0
- package/src/apothem/harnesses/_shared/install_driver_merge.py +656 -0
- package/src/apothem/harnesses/_shared/install_driver_pathsafety.py +137 -0
- package/src/apothem/harnesses/_shared/install_driver_planvalidation.py +240 -0
- package/src/apothem/harnesses/_shared/install_driver_removal.py +366 -0
- package/src/apothem/harnesses/_shared/install_driver_treeops.py +248 -0
- package/src/apothem/harnesses/_shared/install_driver_types.py +330 -0
- package/src/apothem/harnesses/_shared/wrapper_factories.py +448 -0
- package/src/apothem/harnesses/antigravity/STANDARD-CONVENTION-PIN.md +91 -0
- package/src/apothem/harnesses/antigravity/__init__.py +70 -0
- package/src/apothem/harnesses/antigravity/capabilities.yml +40 -0
- package/src/apothem/harnesses/antigravity/install.py +63 -0
- package/src/apothem/harnesses/antigravity/templates/GEMINI.md +40 -0
- package/src/apothem/harnesses/antigravity/templates/plugin.json +5 -0
- package/src/apothem/harnesses/antigravity/uninstall.py +22 -0
- package/src/apothem/harnesses/antigravity/update.py +10 -0
- package/src/apothem/harnesses/antigravity/verify.py +11 -0
- package/src/apothem/harnesses/claude_code/STANDARD-CONVENTION-PIN.md +65 -0
- package/src/apothem/harnesses/claude_code/__init__.py +107 -0
- package/src/apothem/harnesses/claude_code/capabilities.yml +42 -0
- package/src/apothem/harnesses/claude_code/install.py +147 -0
- package/src/apothem/harnesses/claude_code/templates/settings.json +351 -0
- package/src/apothem/harnesses/claude_code/uninstall.py +23 -0
- package/src/apothem/harnesses/claude_code/update.py +10 -0
- package/src/apothem/harnesses/claude_code/verify.py +11 -0
- package/src/apothem/harnesses/codebuddy/STANDARD-CONVENTION-PIN.md +74 -0
- package/src/apothem/harnesses/codebuddy/__init__.py +49 -0
- package/src/apothem/harnesses/codebuddy/capabilities.yml +34 -0
- package/src/apothem/harnesses/codebuddy/install.py +40 -0
- package/src/apothem/harnesses/codebuddy/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/codebuddy/uninstall.py +25 -0
- package/src/apothem/harnesses/codebuddy/update.py +10 -0
- package/src/apothem/harnesses/codebuddy/verify.py +11 -0
- package/src/apothem/harnesses/codex/STANDARD-CONVENTION-PIN.md +79 -0
- package/src/apothem/harnesses/codex/__init__.py +72 -0
- package/src/apothem/harnesses/codex/capabilities.yml +40 -0
- package/src/apothem/harnesses/codex/install.py +69 -0
- package/src/apothem/harnesses/codex/templates/AGENTS.md +40 -0
- package/src/apothem/harnesses/codex/templates/hooks.json +127 -0
- package/src/apothem/harnesses/codex/uninstall.py +23 -0
- package/src/apothem/harnesses/codex/update.py +10 -0
- package/src/apothem/harnesses/codex/verify.py +11 -0
- package/src/apothem/harnesses/cursor/STANDARD-CONVENTION-PIN.md +79 -0
- package/src/apothem/harnesses/cursor/__init__.py +48 -0
- package/src/apothem/harnesses/cursor/capabilities.yml +42 -0
- package/src/apothem/harnesses/cursor/install.py +38 -0
- package/src/apothem/harnesses/cursor/templates/apothem-rules.mdc +40 -0
- package/src/apothem/harnesses/cursor/uninstall.py +25 -0
- package/src/apothem/harnesses/cursor/update.py +10 -0
- package/src/apothem/harnesses/cursor/verify.py +11 -0
- package/src/apothem/harnesses/gemini_cli/STANDARD-CONVENTION-PIN.md +102 -0
- package/src/apothem/harnesses/gemini_cli/__init__.py +52 -0
- package/src/apothem/harnesses/gemini_cli/capabilities.yml +43 -0
- package/src/apothem/harnesses/gemini_cli/install.py +43 -0
- package/src/apothem/harnesses/gemini_cli/templates/GEMINI.md +38 -0
- package/src/apothem/harnesses/gemini_cli/uninstall.py +25 -0
- package/src/apothem/harnesses/gemini_cli/update.py +10 -0
- package/src/apothem/harnesses/gemini_cli/verify.py +11 -0
- package/src/apothem/harnesses/github_copilot/STANDARD-CONVENTION-PIN.md +84 -0
- package/src/apothem/harnesses/github_copilot/__init__.py +47 -0
- package/src/apothem/harnesses/github_copilot/capabilities.yml +42 -0
- package/src/apothem/harnesses/github_copilot/install.py +40 -0
- package/src/apothem/harnesses/github_copilot/templates/copilot-instructions.md +33 -0
- package/src/apothem/harnesses/github_copilot/uninstall.py +25 -0
- package/src/apothem/harnesses/github_copilot/update.py +10 -0
- package/src/apothem/harnesses/github_copilot/verify.py +11 -0
- package/src/apothem/harnesses/glm/STANDARD-CONVENTION-PIN.md +77 -0
- package/src/apothem/harnesses/glm/__init__.py +56 -0
- package/src/apothem/harnesses/glm/capabilities.yml +33 -0
- package/src/apothem/harnesses/glm/install.py +45 -0
- package/src/apothem/harnesses/glm/templates/glm.toml +58 -0
- package/src/apothem/harnesses/glm/uninstall.py +25 -0
- package/src/apothem/harnesses/glm/update.py +10 -0
- package/src/apothem/harnesses/glm/verify.py +11 -0
- package/src/apothem/harnesses/hermes/STANDARD-CONVENTION-PIN.md +57 -0
- package/src/apothem/harnesses/hermes/__init__.py +33 -0
- package/src/apothem/harnesses/hermes/capabilities.yml +36 -0
- package/src/apothem/harnesses/hermes/install.py +17 -0
- package/src/apothem/harnesses/hermes/materializer.py +35 -0
- package/src/apothem/harnesses/hermes/uninstall.py +33 -0
- package/src/apothem/harnesses/hermes/update.py +10 -0
- package/src/apothem/harnesses/hermes/verify.py +11 -0
- package/src/apothem/harnesses/kimi_code/STANDARD-CONVENTION-PIN.md +128 -0
- package/src/apothem/harnesses/kimi_code/__init__.py +59 -0
- package/src/apothem/harnesses/kimi_code/capabilities.yml +40 -0
- package/src/apothem/harnesses/kimi_code/install.py +42 -0
- package/src/apothem/harnesses/kimi_code/templates/AGENTS.md +43 -0
- package/src/apothem/harnesses/kimi_code/uninstall.py +27 -0
- package/src/apothem/harnesses/kimi_code/update.py +10 -0
- package/src/apothem/harnesses/kimi_code/verify.py +11 -0
- package/src/apothem/harnesses/kiro/STANDARD-CONVENTION-PIN.md +77 -0
- package/src/apothem/harnesses/kiro/__init__.py +49 -0
- package/src/apothem/harnesses/kiro/capabilities.yml +36 -0
- package/src/apothem/harnesses/kiro/install.py +39 -0
- package/src/apothem/harnesses/kiro/templates/apothem-rules.md +36 -0
- package/src/apothem/harnesses/kiro/uninstall.py +25 -0
- package/src/apothem/harnesses/kiro/update.py +10 -0
- package/src/apothem/harnesses/kiro/verify.py +11 -0
- package/src/apothem/harnesses/open_claw/STANDARD-CONVENTION-PIN.md +62 -0
- package/src/apothem/harnesses/open_claw/__init__.py +35 -0
- package/src/apothem/harnesses/open_claw/capabilities.yml +35 -0
- package/src/apothem/harnesses/open_claw/install.py +17 -0
- package/src/apothem/harnesses/open_claw/materializer.py +36 -0
- package/src/apothem/harnesses/open_claw/uninstall.py +32 -0
- package/src/apothem/harnesses/open_claw/update.py +10 -0
- package/src/apothem/harnesses/open_claw/verify.py +11 -0
- package/src/apothem/harnesses/opencode/STANDARD-CONVENTION-PIN.md +76 -0
- package/src/apothem/harnesses/opencode/__init__.py +35 -0
- package/src/apothem/harnesses/opencode/capabilities.yml +43 -0
- package/src/apothem/harnesses/opencode/install.py +17 -0
- package/src/apothem/harnesses/opencode/materializer.py +31 -0
- package/src/apothem/harnesses/opencode/uninstall.py +34 -0
- package/src/apothem/harnesses/opencode/update.py +10 -0
- package/src/apothem/harnesses/opencode/verify.py +11 -0
- package/src/apothem/harnesses/qwen_code/STANDARD-CONVENTION-PIN.md +87 -0
- package/src/apothem/harnesses/qwen_code/__init__.py +37 -0
- package/src/apothem/harnesses/qwen_code/capabilities.yml +43 -0
- package/src/apothem/harnesses/qwen_code/install.py +19 -0
- package/src/apothem/harnesses/qwen_code/materializer.py +174 -0
- package/src/apothem/harnesses/qwen_code/templates/QWEN.md +30 -0
- package/src/apothem/harnesses/qwen_code/uninstall.py +34 -0
- package/src/apothem/harnesses/qwen_code/update.py +10 -0
- package/src/apothem/harnesses/qwen_code/verify.py +11 -0
- package/src/apothem/harnesses/trae/STANDARD-CONVENTION-PIN.md +70 -0
- package/src/apothem/harnesses/trae/__init__.py +49 -0
- package/src/apothem/harnesses/trae/capabilities.yml +34 -0
- package/src/apothem/harnesses/trae/install.py +38 -0
- package/src/apothem/harnesses/trae/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/trae/uninstall.py +25 -0
- package/src/apothem/harnesses/trae/update.py +10 -0
- package/src/apothem/harnesses/trae/verify.py +11 -0
- package/src/apothem/harnesses/windsurf/STANDARD-CONVENTION-PIN.md +91 -0
- package/src/apothem/harnesses/windsurf/__init__.py +52 -0
- package/src/apothem/harnesses/windsurf/capabilities.yml +40 -0
- package/src/apothem/harnesses/windsurf/install.py +41 -0
- package/src/apothem/harnesses/windsurf/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/windsurf/uninstall.py +25 -0
- package/src/apothem/harnesses/windsurf/update.py +10 -0
- package/src/apothem/harnesses/windsurf/verify.py +11 -0
- package/src/apothem/harnesses/zed/STANDARD-CONVENTION-PIN.md +92 -0
- package/src/apothem/harnesses/zed/__init__.py +57 -0
- package/src/apothem/harnesses/zed/capabilities.yml +38 -0
- package/src/apothem/harnesses/zed/install.py +41 -0
- package/src/apothem/harnesses/zed/templates/apothem-rules.md +32 -0
- package/src/apothem/harnesses/zed/uninstall.py +28 -0
- package/src/apothem/harnesses/zed/update.py +10 -0
- package/src/apothem/harnesses/zed/verify.py +11 -0
- package/src/apothem/hooks/README.md +81 -0
- package/src/apothem/hooks/__init__.py +24 -0
- package/src/apothem/hooks/askuserquestion_validator.py +380 -0
- package/src/apothem/hooks/dispatch.py +296 -0
- package/src/apothem/hooks/emit_hook_context.py +444 -0
- package/src/apothem/hooks/hooks.json +318 -0
- package/src/apothem/hooks/lib/README.md +39 -0
- package/src/apothem/hooks/lib/__init__.py +18 -0
- package/src/apothem/hooks/lib/bootstrap.ps1 +129 -0
- package/src/apothem/hooks/lib/bootstrap.sh +103 -0
- package/src/apothem/hooks/lib/events.py +51 -0
- package/src/apothem/hooks/lib/find-pwsh.ps1 +78 -0
- package/src/apothem/hooks/lib/find-pwsh.sh +76 -0
- package/src/apothem/hooks/lib/find-python.ps1 +63 -0
- package/src/apothem/hooks/lib/find-python.sh +97 -0
- package/src/apothem/hooks/lib/log.py +43 -0
- package/src/apothem/hooks/lib/resolve_root.py +264 -0
- package/src/apothem/hooks/messages/postcompact.md +14 -0
- package/src/apothem/hooks/messages/posttooluse-proactive-compaction.md +46 -0
- package/src/apothem/hooks/messages/precompact.md +14 -0
- package/src/apothem/hooks/messages/pretooluse-askuserquestion-recommended.md +65 -0
- package/src/apothem/hooks/messages/pretooluse-bash-plan-guard.md +97 -0
- package/src/apothem/hooks/messages/pretooluse-bash.md +39 -0
- package/src/apothem/hooks/messages/pretooluse-conformity.md +70 -0
- package/src/apothem/hooks/messages/pretooluse-dependency-guard.md +21 -0
- package/src/apothem/hooks/messages/pretooluse-edit-header-guard.md +61 -0
- package/src/apothem/hooks/messages/pretooluse-edit.md +21 -0
- package/src/apothem/hooks/messages/pretooluse-eval-guard.md +39 -0
- package/src/apothem/hooks/messages/pretooluse-notebookedit.md +11 -0
- package/src/apothem/hooks/messages/pretooluse-write-header-guard.md +45 -0
- package/src/apothem/hooks/messages/pretooluse-write-plan-guard.md +72 -0
- package/src/apothem/hooks/messages/pretooluse-write.md +21 -0
- package/src/apothem/hooks/messages/sessionstart.md +15 -0
- package/src/apothem/hooks/messages/stop.md +27 -0
- package/src/apothem/hooks/proactive_compaction_tracker.py +327 -0
- package/src/apothem/hooks/session_start_bootstrap.py +472 -0
- package/src/apothem/lib/README.md +42 -0
- package/src/apothem/lib/__init__.py +13 -0
- package/src/apothem/lib/atomic_io.py +189 -0
- package/src/apothem/lib/auditor.py +687 -0
- package/src/apothem/lib/clean_slate.py +396 -0
- package/src/apothem/lib/contexts.py +352 -0
- package/src/apothem/lib/data_home.py +255 -0
- package/src/apothem/lib/frontmatter.py +101 -0
- package/src/apothem/lib/harness_materializer.py +213 -0
- package/src/apothem/lib/harness_protocol.py +59 -0
- package/src/apothem/lib/harness_registry.py +282 -0
- package/src/apothem/lib/harness_registry_data.py +843 -0
- package/src/apothem/lib/install_ledger.py +347 -0
- package/src/apothem/lib/learning.py +540 -0
- package/src/apothem/lib/memory.py +347 -0
- package/src/apothem/lib/parallel_sweep.py +234 -0
- package/src/apothem/lib/plan_tiers.py +200 -0
- package/src/apothem/lib/plugin_bootstrap.py +132 -0
- package/src/apothem/lib/plugin_tree.py +599 -0
- package/src/apothem/lib/profile.py +755 -0
- package/src/apothem/lib/profile_projection.py +198 -0
- package/src/apothem/lib/propagation-manifest.yaml +878 -0
- package/src/apothem/lib/propagation.py +220 -0
- package/src/apothem/lib/python_resolver.py +189 -0
- package/src/apothem/lib/reporter.py +62 -0
- package/src/apothem/lib/workspace_migration.py +323 -0
- package/src/apothem/output-styles/README.md +41 -0
- package/src/apothem/output-styles/concise-engineer.md +49 -0
- package/src/apothem/output-styles/default-architect.md +52 -0
- package/src/apothem/output-styles/default.md +113 -0
- package/src/apothem/output-styles/forensic-auditor.md +63 -0
- package/src/apothem/py.typed +0 -0
- package/src/apothem/rules/README.md +121 -0
- package/src/apothem/rules/agent-capability-discipline-matrix.md +89 -0
- package/src/apothem/rules/agent-capability-discipline.md +78 -0
- package/src/apothem/rules/agent-orchestration-patterns.md +144 -0
- package/src/apothem/rules/agent-orchestration.md +65 -0
- package/src/apothem/rules/agents-md-convention.md +86 -0
- package/src/apothem/rules/agile-sprints-elements.md +135 -0
- package/src/apothem/rules/agile-sprints.md +64 -0
- package/src/apothem/rules/agnostic-posture-checklist.md +47 -0
- package/src/apothem/rules/agnostic-posture.md +48 -0
- package/src/apothem/rules/authoritative-referencing-quotation.md +50 -0
- package/src/apothem/rules/authoritative-referencing.md +66 -0
- package/src/apothem/rules/authority-inquiry-categories.md +58 -0
- package/src/apothem/rules/authority-inquiry.md +54 -0
- package/src/apothem/rules/auto-memory-topic-files.md +86 -0
- package/src/apothem/rules/auto-memory.md +67 -0
- package/src/apothem/rules/bidirectional-binding.md +123 -0
- package/src/apothem/rules/canonical-layout-reporting-tiers.md +212 -0
- package/src/apothem/rules/canonical-layout.md +60 -0
- package/src/apothem/rules/clean-architecture-layers.md +186 -0
- package/src/apothem/rules/clean-room-generation-protocols.md +124 -0
- package/src/apothem/rules/clean-room-generation.md +59 -0
- package/src/apothem/rules/code-craft-conventions.md +101 -0
- package/src/apothem/rules/code-craft-markdown.md +138 -0
- package/src/apothem/rules/code-craft-python.md +154 -0
- package/src/apothem/rules/code-craft-shell.md +192 -0
- package/src/apothem/rules/cognitive-identity-techniques.md +180 -0
- package/src/apothem/rules/cognitive-identity.md +81 -0
- package/src/apothem/rules/context-management-budget.md +46 -0
- package/src/apothem/rules/context-management-protocol.md +161 -0
- package/src/apothem/rules/context-management-scratch.md +128 -0
- package/src/apothem/rules/context-management.md +85 -0
- package/src/apothem/rules/definitiveness-virtues.md +67 -0
- package/src/apothem/rules/definitiveness.md +58 -0
- package/src/apothem/rules/determinism.md +81 -0
- package/src/apothem/rules/disclosure-ledger-markers.md +58 -0
- package/src/apothem/rules/disclosure-ledger.md +52 -0
- package/src/apothem/rules/dynamism.md +38 -0
- package/src/apothem/rules/etc-extension.md +57 -0
- package/src/apothem/rules/expertise-posture-elements.md +68 -0
- package/src/apothem/rules/expertise-posture.md +54 -0
- package/src/apothem/rules/freshness-facade.md +64 -0
- package/src/apothem/rules/harness-adapter-shape-schemas.md +162 -0
- package/src/apothem/rules/harness-adapter-shape.md +42 -0
- package/src/apothem/rules/host-discovery-manifests.md +50 -0
- package/src/apothem/rules/host-discovery.md +56 -0
- package/src/apothem/rules/i18n-discipline-locale-cohorts.md +120 -0
- package/src/apothem/rules/i18n-discipline.md +70 -0
- package/src/apothem/rules/interactive-questions-canonical-shapes.md +590 -0
- package/src/apothem/rules/interactive-questions-detail.md +41 -0
- package/src/apothem/rules/interactive-questions-sweep-matchers.md +184 -0
- package/src/apothem/rules/interactive-questions.md +89 -0
- package/src/apothem/rules/large-file-generation.md +112 -0
- package/src/apothem/rules/large-file-reading.md +59 -0
- package/src/apothem/rules/living-docs.md +85 -0
- package/src/apothem/rules/multi-agent-workflow.md +57 -0
- package/src/apothem/rules/operational-mandates-expanded.md +78 -0
- package/src/apothem/rules/operational-mandates.md +88 -0
- package/src/apothem/rules/option-annotation-form.md +60 -0
- package/src/apothem/rules/option-annotation.md +45 -0
- package/src/apothem/rules/own-voice-reimplementation.md +86 -0
- package/src/apothem/rules/performance-discipline.md +91 -0
- package/src/apothem/rules/persistent-conventions-vigilance-checklist.md +54 -0
- package/src/apothem/rules/persistent-conventions-vigilance.md +61 -0
- package/src/apothem/rules/plain-language.md +56 -0
- package/src/apothem/rules/planning-techniques.md +130 -0
- package/src/apothem/rules/pre-emission-gate-bars.md +86 -0
- package/src/apothem/rules/pre-emission-gate.md +54 -0
- package/src/apothem/rules/production-ready-prs-surfaces.md +162 -0
- package/src/apothem/rules/production-ready-prs.md +83 -0
- package/src/apothem/rules/propagation.md +63 -0
- package/src/apothem/rules/recommend-next-step.md +106 -0
- package/src/apothem/rules/refactoring-discipline.md +76 -0
- package/src/apothem/rules/session-closure.md +44 -0
- package/src/apothem/rules/sota-elevation-exemplars.md +76 -0
- package/src/apothem/rules/sota-elevation.md +52 -0
- package/src/apothem/rules/source-accessibility.md +58 -0
- package/src/apothem/rules/surgical-manipulation.md +48 -0
- package/src/apothem/rules/systemic-participation-relations.md +108 -0
- package/src/apothem/rules/systemic-participation.md +70 -0
- package/src/apothem/rules/ten-dimension-check-dimensions.md +52 -0
- package/src/apothem/rules/ten-dimension-check.md +59 -0
- package/src/apothem/rules/token-budget-discipline.md +81 -0
- package/src/apothem/rules/token-efficiency-rewrite-protocol.md +79 -0
- package/src/apothem/rules/token-efficiency-rewrite.md +77 -0
- package/src/apothem/rules/tool-use-discipline.md +48 -0
- package/src/apothem/rules/visual-leverage.md +102 -0
- package/src/apothem/schemas/NOTICE.md +9 -0
- package/src/apothem/schemas/README.md +104 -0
- package/src/apothem/schemas/__init__.py +176 -0
- package/src/apothem/schemas/advisory-finding.schema.json +111 -0
- package/src/apothem/schemas/agent.schema.json +106 -0
- package/src/apothem/schemas/authorship-header.txt +1 -0
- package/src/apothem/schemas/cohort-manifest.yaml +248 -0
- package/src/apothem/schemas/cohort-metadata-vocabulary.yaml +168 -0
- package/src/apothem/schemas/cohort.schema.json +113 -0
- package/src/apothem/schemas/command.schema.json +68 -0
- package/src/apothem/schemas/compatibility-matrix.yaml +432 -0
- package/src/apothem/schemas/context-fragment.schema.json +64 -0
- package/src/apothem/schemas/freshness-token-denylist.txt +51 -0
- package/src/apothem/schemas/handoff-manifest.yaml +353 -0
- package/src/apothem/schemas/header-exceptions.txt +141 -0
- package/src/apothem/schemas/header-visibility.yaml +39 -0
- package/src/apothem/schemas/learning-signal.schema.json +46 -0
- package/src/apothem/schemas/memory-record.schema.json +61 -0
- package/src/apothem/schemas/output-style.schema.json +40 -0
- package/src/apothem/schemas/plan.schema.json +51 -0
- package/src/apothem/schemas/plugin.schema.json +83 -0
- package/src/apothem/schemas/profile.example.yaml +70 -0
- package/src/apothem/schemas/profile.minimal.yaml +6 -0
- package/src/apothem/schemas/profile.schema.json +396 -0
- package/src/apothem/schemas/reference-token-denylist.txt +25 -0
- package/src/apothem/schemas/skill.schema.json +75 -0
- package/src/apothem/skills/README.md +93 -0
- package/src/apothem/skills/dependency-upgrade/SKILL.md +105 -0
- package/src/apothem/skills/dev-toolkit/SKILL.md +120 -0
- package/src/apothem/skills/diagram-authoring/SKILL.md +113 -0
- package/src/apothem/skills/document-authoring/SKILL.md +118 -0
- package/src/apothem/skills/ecosystem-audit/SKILL.md +108 -0
- package/src/apothem/skills/ecosystem-audit/references/audit-fortress.md +85 -0
- package/src/apothem/skills/ecosystem-audit/references/procedure.md +162 -0
- package/src/apothem/skills/eval-harness/SKILL.md +88 -0
- package/src/apothem/skills/incident-runbook/SKILL.md +92 -0
- package/src/apothem/skills/multi-source-research/SKILL.md +90 -0
- package/src/apothem/skills/plan-suite/SKILL.md +118 -0
- package/src/apothem/skills/plan-suite/master_template.md +1324 -0
- package/src/apothem/skills/projectify/SKILL.md +117 -0
- package/src/apothem/skills/prompt-engineering/SKILL.md +122 -0
- package/src/apothem/skills/refactor-extract/SKILL.md +85 -0
- package/src/apothem/skills/research-suite/SKILL.md +170 -0
- package/src/apothem/skills/research-suite/references/directory-structure.md +47 -0
- package/src/apothem/skills/research-suite/references/lifecycle.md +67 -0
- package/src/apothem/skills/research-suite/references/principal-investigator-framework.md +37 -0
- package/src/apothem/skills/research-suite/references/rigor-mandates.md +30 -0
- package/src/apothem/skills/research-suite/research_template.md +476 -0
- package/src/apothem/skills/secret-rotation/SKILL.md +87 -0
- package/src/apothem/skills/source-synthesis/SKILL.md +92 -0
- package/src/apothem/skills/surgical-guard/SKILL.md +118 -0
- package/src/apothem/skills/test-authoring/SKILL.md +85 -0
- package/src/apothem/skills/vuln-triage/SKILL.md +91 -0
- package/src/apothem/skills/workflow/SKILL.md +139 -0
- package/src/apothem/statuslines/README.md +26 -0
- package/src/apothem/statuslines/__init__.py +20 -0
- package/src/apothem/statuslines/conformity.json +5 -0
- package/src/apothem/statuslines/render.py +334 -0
- package/src/apothem/statuslines/statusline.md +50 -0
- package/src/apothem/templates/README.md +43 -0
- package/src/apothem/templates/agents-md-template.md +80 -0
- package/src/apothem/templates/consideration-log.md +39 -0
- package/src/apothem/templates/expertise-gap-log.md +56 -0
- package/src/apothem/templates/master-index-template.md +93 -0
- package/src/apothem/templates/potency-map.md +53 -0
- package/src/apothem/templates/preservation-audit.md +60 -0
- package/src/apothem/templates/question-resolution-audit.md +52 -0
- package/src/apothem/templates/trace-matrix-template.md +77 -0
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
2
|
+
|
|
3
|
+
# Commands
|
|
4
|
+
|
|
5
|
+
Slash-command definitions — flat `.md` files, each defining one `/command-name` invocable. A command file's YAML frontmatter declares the command's identity and argument surface; its body is the multi-step workflow the command runs. Forty-five commands register at the top level — the seven **planning-pipeline** stage commands plus the `/plan-amend` amendment command and the `/plan` wrapped-workflow orchestrator, the thirteen **research-pipeline** stage commands plus the `/research` wrapped-workflow orchestrator, the eleven **audit / review** passes plus the `/audit` wrapped-workflow orchestrator and the `/fortress` closed-loop hardening orchestrator, three **cohort** commands (`test-suite`, `eval`, `release-readiness`), four **deployment / elevation** commands (`freshify`, `github-deploy-fresh`, `github-deploy-next`, `elevate`), and two **operator-workflow** commands (`workflow`, `projectify`). Each planning and research stage is an independently invocable `/plan-<stage>` / `/research-<stage>` command, and the eleven audit passes are each individually invocable.
|
|
6
|
+
|
|
7
|
+
## Plan pipeline — seven first-class `/plan-<stage>` commands
|
|
8
|
+
|
|
9
|
+
The end-to-end planning workflow — prose → spec → plan suite → review → conditional architecture design → execution → status — is seven first-class commands, one per stage. Each is independently invocable as `/plan-<stage>`, preserving every per-stage gate and structured-inquiry discipline, with the three-tier scalability framework (small / medium / large, via [`../lib/plan_tiers.py`](../lib/plan_tiers.py)) governing suites up to thousands of tasks. Each non-initial stage carries a `## Sequence Gate` that refuses out-of-order invocation (absent `--override`, recorded as a finding) with a definitive `Blocked: run /plan-<predecessor> first` message. `/plan-design` runs only when `/plan-review` classifies the suite as architecture-bearing; non-architecture suites proceed directly to `/plan-execute`. `/plan-status` is orthogonal read-only at any point. `/plan-amend` amends an existing suite without destroying prior resolved decisions, re-deriving only affected downstream artifacts.
|
|
10
|
+
|
|
11
|
+
Each command is a flat top-level command file, registered by the non-recursive `commands/*.md` glob like every other command:
|
|
12
|
+
|
|
13
|
+
| Command | File | Purpose |
|
|
14
|
+
|---------|------|---------|
|
|
15
|
+
| `/plan-spec` | [`plan-spec.md`](plan-spec.md) | Refine free-form prose / raw notes into a spec-grade `_spec/spec.md`. Six transformation phases under four operational disciplines; every ambiguity surfaces via the structured-inquiry channel. `--quick` writes a lightweight project-local plan file instead. |
|
|
16
|
+
| `/plan-generate` | [`plan-generate.md`](plan-generate.md) | Generate a complete Master Plan Suite from the user's raw prose / requirements. |
|
|
17
|
+
| `/plan-review` | [`plan-review.md`](plan-review.md) | Forensic audit of an existing plan suite — prose fidelity, internal consistency, quality / gap analysis — then refine through interactive Q&A. |
|
|
18
|
+
| `/plan-design` | [`plan-design.md`](plan-design.md) | Conditional architecture gate. Produces `_inputs/design.md` for architecture-bearing suites after review and before execute; skipped explicitly for non-architecture suites. |
|
|
19
|
+
| `/plan-audit` | [`plan-audit.md`](plan-audit.md) | Closed-loop pipeline audit and active remediation — brings a suite to zero open findings, writes bounded reports under `_outputs/`, routes residual work to `*-maintenance`. |
|
|
20
|
+
| `/plan-execute` | [`plan-execute.md`](plan-execute.md) | Execute a specific phase from a Master Plan Suite with conformity checking and quality gates. |
|
|
21
|
+
| `/plan-status` | [`plan-status.md`](plan-status.md) | Read-only plan-suite progress report — status against task / phase / artifact dimensions, no modification. |
|
|
22
|
+
| `/plan-amend` | [`plan-amend.md`](plan-amend.md) | Amend / extend / refine / revert / weave an existing plan suite without destroying prior resolved decisions; re-derives only affected downstream artifacts and recommends the affected downstream stage (`/plan-review`). |
|
|
23
|
+
| `/plan` | [`plan.md`](plan.md) | The plan pipeline wrapped as a single dynamic multi-agent workflow (not itself a stage) — drives a planning mission from raw prose to executed phases by dispatching the first-class stages (`plan-spec → plan-generate → plan-review → plan-design` conditional `→ plan-execute`) as workflow phases under named Handoff-Manifest return contracts, routing each stage hand-off through a refute-by-default verification pass, and emitting a deterministic result with a single recommended next move. Stage logic stays first-class in `plan-*.md`; chaining + dispatch are opt-in via `--autonomous`, halting at each stage boundary by default. |
|
|
24
|
+
|
|
25
|
+
The top-level `command_skills` propagation registers every planning-pipeline command (the seven stages, `/plan-amend`, and the `/plan` wrapped-workflow orchestrator) and the audit / review commands alike by the non-recursive `commands/*.md` glob.
|
|
26
|
+
|
|
27
|
+
## Research pipeline — thirteen first-class `/research-<stage>` commands
|
|
28
|
+
|
|
29
|
+
The end-to-end research workflow — idea → question → theory → sources → synthesis → proposal → study design → experiment → analysis → paper → peer review → publish → disseminate — is thirteen first-class commands, one per stage, mirroring the plan pipeline. Each is independently invocable as `/research-<stage>`, with a `## Sequence Gate` that refuses out-of-order invocation (absent `--override`, recorded as a finding) with a definitive `Blocked: run /research-<predecessor> first` message, and a Handoff Manifest chaining each stage to the next. The pipeline operates under ten rigor mandates (authoritative sources · reproducibility · falsifiability · citation integrity · preregistration · ethics / conflicts · statistical rigor · open-science / FAIR · reporting-guideline conformance · theoretical grounding / impact) and resolves the [`research-suite`](../skills/research-suite/) knowledge surface by path.
|
|
30
|
+
|
|
31
|
+
| Command | File | Purpose |
|
|
32
|
+
|---------|------|---------|
|
|
33
|
+
| `/research-ideate` | [`research-ideate.md`](research-ideate.md) | Zero-ideation entry — formulate the problem space from a domain seed, generate and rank candidate research questions, and frame the opportunity the spec stage consumes. |
|
|
34
|
+
| `/research-spec` | [`research-spec.md`](research-spec.md) | Frame a candidate question into a spec-grade research spec — falsifiable hypotheses, scope, inclusion / exclusion criteria, success metrics. `--quick` writes a lightweight project-local research brief. |
|
|
35
|
+
| `/research-theory` | [`research-theory.md`](research-theory.md) | Build the foundational conceptual framework and theory-of-change — name the constructs, their relationships, and the mechanism the study tests. |
|
|
36
|
+
| `/research-sources` | [`research-sources.md`](research-sources.md) | Systematic source collection — decompose into sub-queries, parallel discovery via `research-scout` + `multi-source-research`, dedup, rank by authority / recency / relevance, screen against inclusion criteria, extract per source. |
|
|
37
|
+
| `/research-synthesis` | [`research-synthesis.md`](research-synthesis.md) | State-of-the-art map + literature matrix + explicit gap statement; every load-bearing claim adversarially verified by `fact-checker` via the `source-synthesis` skill. |
|
|
38
|
+
| `/research-proposal` | [`research-proposal.md`](research-proposal.md) | Objectives / aims, feasibility assessment, impact pathway, and the preregistration plan — the fundable proposal the study design operationalizes. |
|
|
39
|
+
| `/research-design` | [`research-design.md`](research-design.md) | Operationalize hypotheses into testable predictions; design variables / controls / sample / instruments / power analysis / threats-to-validity; freeze the analysis plan as a preregistration. |
|
|
40
|
+
| `/research-experiment` | [`research-experiment.md`](research-experiment.md) | Run the designed study and capture raw data with full provenance + a reproducibility manifest (environment, seed, protocol, version pins). |
|
|
41
|
+
| `/research-analysis` | [`research-analysis.md`](research-analysis.md) | Analyze per the preregistered plan — effect sizes + confidence intervals, robustness / sensitivity checks, disclosed deviations, figures / tables. |
|
|
42
|
+
| `/research-paper` | [`research-paper.md`](research-paper.md) | Assemble a top-tier paper draft (abstract → conclusion + references) from synthesis + design + analysis; every citation verified to resolve to a real source. |
|
|
43
|
+
| `/research-review` | [`research-review.md`](research-review.md) | Peer-review-grade adversarial critique — reviewer scorecard (novelty / rigor / reproducibility / clarity / ethics) + a severity-triaged required-revision list. |
|
|
44
|
+
| `/research-publish` | [`research-publish.md`](research-publish.md) | Venue-formatted submission package — supplementary materials, data / code-availability statement, cover letter, ethics / COI declarations, preprint / DOI plan, submission checklist. |
|
|
45
|
+
| `/research-disseminate` | [`research-disseminate.md`](research-disseminate.md) | Post-acceptance dissemination, impact, and archival — plain-language summary, channel plan, FAIR data / code deposit, persistent-identifier registration, and the impact-tracking record. |
|
|
46
|
+
| `/research` | [`research.md`](research.md) | The research pipeline wrapped as a single dynamic multi-agent workflow (not itself a stage) — drives a research mission from a raw idea to a disseminated, peer-reviewed paper by dispatching the stages as workflow phases under named Handoff-Manifest return contracts, routing each hand-off through a refute-by-default verification pass. Chaining is opt-in via `--autonomous`, halting at each stage boundary by default; `--quick` runs `research-sources` + `research-synthesis` only for a single-shot cited report. |
|
|
47
|
+
|
|
48
|
+
## Audit / review passes
|
|
49
|
+
|
|
50
|
+
Operator-driven review passes against a deployed repository. Each walks a defined surface and emits a severity-triaged (HIGH / MEDIUM / LOW) findings artifact under the consuming suite's `_inputs/` directory with concrete-driver rationale per finding. The [`/audit`](audit.md) **wrapped-workflow orchestrator** drives all eleven as a single parallel sweep — the audit-fortress analogue of `/plan` and `/research` — fanning the dimensions out under named findings return contracts, refute-by-default-verifying each finding, and synthesizing one deduplicated, severity-triaged report. `/audit` is report-only (remediation routes to `/elevate` or the owning surface); each pass below is also individually invocable.
|
|
51
|
+
|
|
52
|
+
The [`/fortress`](fortress.md) **closed-loop hardening orchestrator** closes the loop report-only `/audit` opens: it detects through `/audit`, adversarially verifies each finding, remediates every survivor at its owning surface, re-audits in a bounded loop until the walls hold, and gates the result through `/release-readiness` — the production-hardening analogue of `/plan` and `/research`. Distinct from `/elevate` (broad open-loop whole-repo SOTA lift) and `/release-readiness` (single READY / BLOCKED verdict), `/fortress` is the security/production-scoped detect → remediate → re-audit → gate loop.
|
|
53
|
+
|
|
54
|
+
| Command | Surface audited |
|
|
55
|
+
|---------|-----------------|
|
|
56
|
+
| [`code-review.md`](code-review.md) | Per-file code-quality review — readability, naming, complexity, magic numbers, comment quality, against the four code-craft rules and the ten quality dimensions. |
|
|
57
|
+
| [`code-audit.md`](code-audit.md) | Cross-file forensic code audit — hidden coupling, layer-boundary violations, type-hint accuracy, coverage gaps, dead code, duplicates. The cross-file counterpart to `/code-review`. |
|
|
58
|
+
| [`architecture-review.md`](architecture-review.md) | Architectural-integrity review against `_inputs/design.md` and the clean-architecture layer discipline. |
|
|
59
|
+
| [`docs-review.md`](docs-review.md) | Documentation review against the Markdown code-craft and ten-dimension rules — prose clarity, link integrity, citation completeness, public-API coverage. |
|
|
60
|
+
| [`security-audit.md`](security-audit.md) | Security posture audit against OWASP ASVS, OWASP Top 10, and CWE Top 25 — secrets, injection surfaces, deserialization, path-traversal, dependency CVEs. |
|
|
61
|
+
| [`dependency-audit.md`](dependency-audit.md) | Per-dependency audit — license compatibility, CVE status, deprecation, pinned-vs-range posture, transitive depth. |
|
|
62
|
+
| [`supply-chain-audit.md`](supply-chain-audit.md) | Supply-chain audit against SLSA + Sigstore + SBOM standards — provenance, signing, SBOM completeness, action pinning. |
|
|
63
|
+
| [`threat-model-audit.md`](threat-model-audit.md) | Threat-modeling audit against STRIDE + PASTA — trust boundaries, threat actors, mitigation posture, residual risk. |
|
|
64
|
+
| [`perf-audit.md`](perf-audit.md) | Performance audit against the per-class budgets in `../rules/performance-discipline.md`, via the benchmark drivers under `../benchmarks/`. |
|
|
65
|
+
| [`a11y-audit.md`](a11y-audit.md) | Accessibility audit against WCAG 2.2 AA — semantic HTML, ARIA, keyboard-navigability, contrast, alt-text. |
|
|
66
|
+
| [`ux-review.md`](ux-review.md) | Developer-experience review — CLI ergonomics, installation flow, documentation discoverability — against clig.dev, the NN/g heuristics, and GNU coreutils conventions. |
|
|
67
|
+
|
|
68
|
+
## Cohort commands
|
|
69
|
+
|
|
70
|
+
Operator-driven workflow commands, each orchestrating a multi-step engagement across its own skill / agent cohort. Output lands at the consuming suite's `_inputs/` directory with concrete-driver rationale per finding.
|
|
71
|
+
|
|
72
|
+
| Command | Cohort | Purpose |
|
|
73
|
+
|---------|--------|---------|
|
|
74
|
+
| [`test-suite.md`](test-suite.md) | developer | Behavior-first test authoring and execution — discover the host's test framework, author behavior-shaped AAA tests, run them, triage failures, and report coverage gaps against critical paths. |
|
|
75
|
+
| [`eval.md`](eval.md) | ai-engineering | Run a model-agnostic language-model evaluation campaign — define dataset and scorer, score every output, aggregate metrics with a per-category breakdown, and surface regressions against the prior baseline. |
|
|
76
|
+
| [`release-readiness.md`](release-readiness.md) | developer / security | Pre-release gate sweep against the production-ready discipline — quality matrix, dependency risk, supply-chain checks, visibility surfaces, CHANGELOG currency, and version-to-tag consistency, emitting a single READY / BLOCKED verdict. |
|
|
77
|
+
|
|
78
|
+
## Deployment / elevation
|
|
79
|
+
|
|
80
|
+
Repository-wide freshening, release, and SOTA-elevation commands. Each routes
|
|
81
|
+
every destructive step through the structured-inquiry confirmation channel with
|
|
82
|
+
in-place freshening as the default.
|
|
83
|
+
|
|
84
|
+
| Command | Purpose |
|
|
85
|
+
|---------|---------|
|
|
86
|
+
| [`freshify.md`](freshify.md) | Host- and forge-AGNOSTIC freshening core — purges caches and stale artifacts, removes legacy/obsolete narrative and back-references, normalizes file/folder naming and drives every surface to maximal naturalness and coherence, enforces a current-version-only facade, and drives the host's discovered gates to green. Specialized by `/github-deploy-fresh`. |
|
|
87
|
+
| [`github-deploy-fresh.md`](github-deploy-fresh.md) | GitHub specialization of `/freshify` — a single fresh `release: <repo-name> v0.1.0` to `origin/main`, strictly-green (maximal-score where applicable) workflows, a curated first-version CHANGELOG, and a trace-free repository (delete+recreate available as a metadata-preserving, confirmation-gated `MAY`). |
|
|
88
|
+
| [`github-deploy-next.md`](github-deploy-next.md) | The next-release-cycle sibling — merge PRs, resolve issues, SemVer bump, Keep-a-Changelog roll, tag + sign + publish (signing host-discovered), and current-version release notes; merge and publish are confirmation-gated. |
|
|
89
|
+
| [`elevate.md`](elevate.md) | Aggressive, relentless, multi-agent, zero-trust, open-loop **master** repository elevation — a major multi-pass undertaking (not a quick amendment) that detects the technically-auditable nuances by dispatching the report-only `/audit` fortress (reusing its eleven passes, never re-deriving them), runs bespoke critique over the SOTA/elevation dimensions no audit covers, stops at each nuance folder-by-folder, file-by-file, line-by-line, remediates with the most appropriate action through the dimension-native skills (destruction included), propagates every change across the reference graph, and culminates trace-free via `/freshify`. |
|
|
90
|
+
|
|
91
|
+
## Operator workflow
|
|
92
|
+
|
|
93
|
+
General-purpose operator commands that harness a whole mission end to end. Each emits deterministic output closing on a single recommended next move; multi-agent dispatch and multi-step autonomy are opt-in / confirmation-gated, never default-on.
|
|
94
|
+
|
|
95
|
+
| Command | Purpose |
|
|
96
|
+
|---------|---------|
|
|
97
|
+
| [`workflow.md`](workflow.md) | Workflow-harnessing command (entry form `/goal <<mission>>`) — decomposes a mission and drives genuinely-independent multi-agent dynamic workflows under named return contracts, subjects every finding to a refute-by-default verification pass before it survives, and self-augments from current authoritative sources, not memory alone. |
|
|
98
|
+
| [`projectify.md`](projectify.md) | Chat-app Project elevation command — produces the three deliverables (Description, Instruction, knowledge Files) for a Claude Project / ChatGPT Custom GPT / Gemini Gem through a structured-inquiry-saturated elicitation, holding knowledge files within a measurable per-platform context budget. |
|
|
99
|
+
|
|
100
|
+
## Frontmatter contract
|
|
101
|
+
|
|
102
|
+
Command frontmatter is validated against [`../schemas/command.schema.json`](../schemas/command.schema.json). Observed fields:
|
|
103
|
+
|
|
104
|
+
- `name` — command identifier; the slash command is `/<name>`.
|
|
105
|
+
- `version` / `updated` — semantic version and ISO-8601 revision date.
|
|
106
|
+
- `description` — statement of what the command does.
|
|
107
|
+
- `argument-hint` — the command's argument / flag surface, shown in invocation help.
|
|
108
|
+
|
|
109
|
+
The body after the frontmatter is the command's workflow specification: ordered steps, gates, structured-inquiry invocation points, and output contract.
|
|
110
|
+
|
|
111
|
+
## Conventions
|
|
112
|
+
|
|
113
|
+
- One flat `.md` file per command; filename stem equals the `name` field and the slash-command name.
|
|
114
|
+
- Every file carries the canonical single-line SPDX license header.
|
|
115
|
+
- Plan-pipeline commands are also surfaced as skills; the `/plan-<stage>` command family resolves the plan-suite template under [`../skills/plan-suite/`](../skills/plan-suite/) by path.
|
|
116
|
+
- Harness installation of custom slash commands is controlled by each adapter's `capabilities.yml` `custom_command_support` value. `yes` means the adapter propagates this cohort to a native command directory; `no` means the surface is unsupported; `discovery-pending` means the adapter must not assume native support until its pin is refreshed.
|
|
117
|
+
- Planning-technique discipline applied during these workflows is specified in `../rules/planning-techniques.md`.
|
|
118
|
+
|
|
119
|
+
## Operating in this folder
|
|
120
|
+
|
|
121
|
+
- **This folder is swept by the agnosticism matcher.** Command definitions stay harness-neutral: name no harness, model, or tool as privileged, and **do not pre-set an effort or model preference** in frontmatter or body. Native-support routing is a per-adapter `capabilities.yml` concern, not a per-command claim.
|
|
122
|
+
- Command files carry determinism and recommend-next-step gates: a definitive forward-move block closes a workflow's terminal surface, and directive prose stays hedging-free.
|
|
123
|
+
- **Adding a command:** author a flat `commands/<name>.md` file (stem = `name` = slash name) with schema-valid frontmatter and a workflow body. The discovery glob is non-recursive, so a command must sit at the top level (not nested in a subdirectory) to register. Surface ambiguity through the structured-inquiry channel or a `TODO(clarify)` marker — never invented.
|
|
124
|
+
- A documented public command surface change updates its `site/content/docs/` page in the same change-set.
|
|
125
|
+
- Validate with `python -m apothem.conformity.gate --all .` (name+description floor, determinism, recommend-next-step) and `python -m pytest`.
|
|
@@ -0,0 +1,203 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "a11y-audit"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-16"
|
|
5
|
+
description: "Operator-driven accessibility audit pass against WCAG 2.2 AA. Walks every rendered page of a deployed web surface (documentation site, landing portal, in-app surfaces) via ax-core + Pa11y + Lighthouse Accessibility, attests each issue against the WCAG 2.2 success-criterion catalog (including the six 2.2-new criteria — 2.4.11 Focus Not Obscured, 2.5.7 Dragging Movements, 2.5.8 Target Size, 3.3.7 Redundant Entry, 3.3.8 Accessible Authentication, plus the carried-forward AA floor), and emits per-page findings — HIGH/MEDIUM/LOW severity-triaged with concrete-driver rationale per finding. Read-only diagnostics; never remediates. Output lands at the consuming suite's _inputs/a11y-audit-findings.md. Invoke with a site path or URL, or --focus PAGE_OR_DIR to audit a recent docs change-set incrementally."
|
|
6
|
+
argument-hint: "[path/to/site/ or URL] [--focus PAGE_OR_DIR] [--dry-run]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /a11y-audit — Per-Page Accessibility Audit (WCAG 2.2 AA)
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are the user's **Accessibility Engineer** and **Cognitive Insurgent** (`rules/cognitive-identity.md`), operating as **auditor-as-instrument-not-author**. This is a forensic surface: it surfaces WCAG 2.2 AA non-conformance, ARIA-pattern divergence, and keyboard-trap occurrences against the canonical accessibility standards — it never authors the fix.
|
|
21
|
+
|
|
22
|
+
Apply the cognitive filters per `rules/cognitive-identity.md` §2 and attest the touched axs from the §1 seven-axs taxonomy. For accessibility triage, **Tooling and Observability are load-bearing** — ax-core / Pa11y / Lighthouse instrumentation, with the rendered DOM as the observed surface.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## Instructions
|
|
27
|
+
|
|
28
|
+
Execute `/a11y-audit`: ingest the deployed web surface (local rendered site, staging URL, or production URL), walk every rendered page, apply WCAG 2.2 AA criteria via ax-core + Pa11y + Lighthouse Accessibility, and emit a per-page findings artifact at the consuming suite's `_inputs/a11y-audit-findings.md` ready for downstream remediation.
|
|
29
|
+
|
|
30
|
+
Governance scales with seriousness per the seriousness-scaling discipline; creative architecture (CM-21) is active throughout.
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## Pipeline Contract
|
|
35
|
+
|
|
36
|
+
**Pipeline position.** Terminal review-fortress command at the a11y slot. It consumes the deployed web surface state — every reachable rendered page under the operator-supplied root — and emits read-only accessibility diagnostics for downstream remediation. It modifies no source.
|
|
37
|
+
|
|
38
|
+
**Audit-fortress sequence.** Position **7 of 11**. **Upstream:** `/ux-review`. **Downstream:** `/docs-review`. Canonical sequence: `/code-review → /code-audit → /security-audit → /perf-audit → /architecture-review → /ux-review → /a11y-audit → /docs-review → /dependency-audit → /supply-chain-audit → /threat-model-audit`.
|
|
39
|
+
|
|
40
|
+
**Handoff Manifest.**
|
|
41
|
+
|
|
42
|
+
- **Consumed.** The deployed web surface (filesystem path to a rendered static site, staging URL, or production URL). No upstream manifest is required; the command operates against deployed state. When a Handoff Manifest exists at `_inputs/handoff-manifest.yml`, prior fortress attestations are read as context but do not gate execution.
|
|
43
|
+
- **Emitted.** The findings artifact at `_inputs/a11y-audit-findings.md`, plus an optional Handoff Manifest augmentation carrying the per-page finding count, per-severity breakdown, per-WCAG-criterion attestation, per-axis seven-axs attestation, and the audit's `verified:` date.
|
|
44
|
+
|
|
45
|
+
**Pre-flight inquiry.** Phase 0 emits the typed inquiry set per `rules/authority-inquiry.md` when the deployed-surface shape is ambiguous (the root URL returns no reachable pages; the focus argument points at a non-existent page; the rendered site requires authentication credentials the audit does not carry). Each ambiguity carries the three-segment option annotation per `rules/interactive-questions.md` §3.
|
|
46
|
+
|
|
47
|
+
**Pre-emission gate.** Phase 4 runs the fifteen-bar pre-emission gate (`rules/pre-emission-gate.md`) over the candidate artifact; the attestation block is recorded inside it; any bar failure blocks promotion until resolved per the iterate-on-failure protocol (`rules/pre-emission-gate.md` §3).
|
|
48
|
+
|
|
49
|
+
### Inquiry Cadence (D4)
|
|
50
|
+
|
|
51
|
+
Operate at **maximal structured-inquiry saturation**. Every severity ratification, borderline WCAG-conformance call (e.g. contrast at 4.49:1 versus the 4.5:1 floor), axis-attestation gap, and gate-bar `n/a (with reason)` marking routes through the canonical channel (`rules/interactive-questions.md` §1) — free-form prose questions as primary input are forbidden. Every invocation carries the three-segment body per §3; every non-neutral `recommendation:` cites a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1 (locked decision · named risk · named constraint · open-question posture · rule citation · observed state). Up to four questions batch per invocation. Question-fatigue-optimization is FORBIDDEN.
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Foundational Stanzas
|
|
56
|
+
|
|
57
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
58
|
+
|
|
59
|
+
### Refusal & Escalation
|
|
60
|
+
|
|
61
|
+
REFUSE any task exceeding this command's mission (the per-page accessibility findings artifact for a deployed web surface against WCAG 2.2 AA). Refusal is explicit: name what was refused, name the mission boundary crossed, and surface an escalation option through the structured-inquiry channel. REFUSE audit against a surface whose page set is genuinely unbounded without operator-supplied focus narrowing (the crawl must terminate). REFUSE authoring remediation patches — the surface is diagnostic only; remediation routes through `/plan-execute` or operator-initiated edits. REFUSE audit against a higher conformance level (WCAG 2.2 AAA) without explicit operator ratification — WCAG 2.2 AA is the canonical default.
|
|
62
|
+
|
|
63
|
+
### Output Surface
|
|
64
|
+
|
|
65
|
+
The findings artifact lands at the consuming suite's `_inputs/a11y-audit-findings.md` per the suite-locality invariant (`rules/context-management.md` §2.6.1). Plan-internal files are banner-exempt per the `.plans/**` class at `src/apothem/schemas/header-exceptions.txt`, so `scripts/inject-header.{sh,py}` is NOT invoked. NEVER write outside the suite folder; NEVER write to a global plans directory under any harness's config root from a downstream-project context; NEVER write to any other global-ecosystem location; NEVER modify any rendered page or underlying source.
|
|
66
|
+
|
|
67
|
+
### File-Authoring Contract
|
|
68
|
+
|
|
69
|
+
The findings artifact is banner-exempt per the `.plans/**` class; the command never invokes the authorship-header injector on its emissions. Every page/URL citation is documentary (`page:selector`); the underlying source file is never written.
|
|
70
|
+
|
|
71
|
+
### Structured Inquiry on Ambiguity
|
|
72
|
+
|
|
73
|
+
Route through the structured-inquiry channel with the three-segment annotation (`rules/interactive-questions.md` §3) on any uncertainty about page-set scope, focus boundary, borderline contrast / focus-visibility / heading-hierarchy severity, or multi-axis attestation. Free-form prose questions as primary input are forbidden. NEVER fabricate findings — every finding cites a concrete `page:selector` (or `page:line` for source-mapped findings), a WCAG 2.2 success criterion, and the detecting tool (ax-core rule ID, Pa11y issue ID, Lighthouse audit ID).
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## Inputs
|
|
78
|
+
|
|
79
|
+
| Argument | Type | Required | Description |
|
|
80
|
+
| -------- | ---- | -------- | ----------- |
|
|
81
|
+
| `path/to/site/ or URL` | Path or URL | Yes | Root of the deployed web surface — either a filesystem path to a rendered static site (e.g. `site/dist/` after the build) OR a reachable URL (staging or production). The command refuses when neither resolves. |
|
|
82
|
+
| `--focus PAGE_OR_DIR` | Path or URL fragment | No | Restrict the per-page walk to a single page or subtree under the root. Path resolves relative to the root; URL fragment matches the leading path segment. Useful for auditing a recent docs change-set incrementally. |
|
|
83
|
+
| `--dry-run` | Flag | No | Report what would be audited — no artifact emitted. Enumerates the reachable page count, the per-tool invocation plan, and any pre-flight inquiries that would fire. |
|
|
84
|
+
|
|
85
|
+
---
|
|
86
|
+
|
|
87
|
+
## Workflow — Five Audit Phases
|
|
88
|
+
|
|
89
|
+
### Phase 0 — Input Ingest
|
|
90
|
+
|
|
91
|
+
Read the deployed web surface in full. Deploy a Research Team (CM-25A) — one agent per top-level page-group (`/`, `/docs/`, `/blog/`, `/pricing/`, etc. as the host's discovered navigation surfaces). Each agent returns a structured page inventory ≤ 500 tokens (CM-25C), required fields `status` · `page-list` · `per-group-count` · `gaps`.
|
|
92
|
+
|
|
93
|
+
**Required reads.**
|
|
94
|
+
|
|
95
|
+
- The host's sitemap surface (`sitemap.xml`, `robots.txt`, `manifest.json`, or the host-discovered docs-site index) per `rules/host-discovery-manifests.md` §1 — every discovered navigation convention anchors the per-page audit bar.
|
|
96
|
+
- Every reachable page under the root matching the focus narrowing (or every reachable page when no focus is supplied), capped at a host-discoverable crawl ceiling to ensure termination.
|
|
97
|
+
|
|
98
|
+
**Externalize the inventory** at `_inputs/a11y-audit-inventory.md` (free-form `{kebab-case-topic}.md` per `rules/context-management-scratch.md` §1): reachable page count, per-group count, the host's ratified accessibility-tooling configuration (ax-core / Pa11y / Lighthouse config discovered at the manifest walk), and any `--focus` narrowing.
|
|
99
|
+
|
|
100
|
+
### Phase 1 — Per-Page Audit
|
|
101
|
+
|
|
102
|
+
Apply WCAG 2.2 AA per page via three complementary tools:
|
|
103
|
+
|
|
104
|
+
- **ax-core CLI** — the canonical ax-core rule set per page. Each violation surfaces as a candidate with `rule-id`, `impact` (minor/moderate/serious/critical), node selector, and `help-url`.
|
|
105
|
+
- **Pa11y** — the HTML_CodeSniffer engine plus ax-core (union of detected issues). Each issue surfaces with `code` (WCAG criterion ID), `type` (error/warning/notice), `selector`, `context` (HTML snippet), and `message`.
|
|
106
|
+
- **Lighthouse Accessibility** — the Lighthouse Accessibility audit suite. Each failing audit surfaces with `audit-id`, `score`, `score-display-mode`, and `description`.
|
|
107
|
+
|
|
108
|
+
Attest every detected issue against the WCAG 2.2 success-criterion catalog. The load-bearing AA criteria (non-exhaustive):
|
|
109
|
+
|
|
110
|
+
- **1.1.1 Non-text Content** (alt-text presence and quality)
|
|
111
|
+
- **1.3.1 Info and Relationships** (semantic HTML, ARIA roles)
|
|
112
|
+
- **1.4.3 Contrast (Minimum)** (4.5:1 for normal text, 3:1 for large text)
|
|
113
|
+
- **1.4.11 Non-text Contrast** (UI-component and graphical-object contrast at 3:1)
|
|
114
|
+
- **2.1.1 Keyboard** (every interactive surface keyboard-operable)
|
|
115
|
+
- **2.4.3 Focus Order** (predictable, meaningful tab order)
|
|
116
|
+
- **2.4.7 Focus Visible** (every focusable element renders a visible focus indicator)
|
|
117
|
+
- **2.4.11 Focus Not Obscured (Minimum)** — *new in 2.2 AA* (focused element fully or partially visible)
|
|
118
|
+
- **2.5.7 Dragging Movements** — *new in 2.2 AA* (every drag operation has a single-pointer alternative)
|
|
119
|
+
- **2.5.8 Target Size (Minimum)** — *new in 2.2 AA* (every interactive target ≥ 24×24 CSS px)
|
|
120
|
+
- **3.3.7 Redundant Entry** — *new in 2.2 AA* (previously-entered information auto-populated or selectable)
|
|
121
|
+
- **3.3.8 Accessible Authentication (Minimum)** — *new in 2.2 AA* (no cognitive-function test required unless an alternative exists)
|
|
122
|
+
- **4.1.2 Name, Role, Value** (every UI component carries a programmatically determinable name, role, and state)
|
|
123
|
+
|
|
124
|
+
**Externalize per-page drafts** at `_inputs/a11y-audit-per-page/` (one Markdown file per audited page), each enumerating raw findings with `page:selector` citations plus the detecting tool's rule ID before triage.
|
|
125
|
+
|
|
126
|
+
### Phase 2 — Per-Finding Triage
|
|
127
|
+
|
|
128
|
+
Assign severity from `{HIGH, MEDIUM, LOW}` with concrete-driver rationale (`rules/interactive-questions-canonical-shapes.md` §3.2.1):
|
|
129
|
+
|
|
130
|
+
- **HIGH** — an a11y blocker (keyboard trap with no escape · missing alt-text on an informational image · contrast below 3:1 on body text · form field without a programmatically associated label · ARIA misuse that breaks screen-reader navigation) or a WCAG 2.2 Level-A failure (1.1.1 / 1.3.1 / 2.1.1 / 2.4.3 / 4.1.2). Rationale cites class 3 (named constraint — WCAG criterion ID) or class 6 (observed state — tool-reported severity).
|
|
131
|
+
- **MEDIUM** — a Level-AA failure that is not a blocker (1.4.3 contrast in the 3.0:1–4.5:1 band on non-critical text · 2.4.7 focus-visible failure on secondary surfaces · 2.5.8 target size in the 18–24 CSS-px band · 3.3.7 / 3.3.8 partial conformance). Rationale cites class 3 or class 6.
|
|
132
|
+
- **LOW** — a best-practice deviation that is not a 2.2-AA failure (ax-core `best-practice` tag · Lighthouse `manual-only` audit · landmark redundancy · a heading-hierarchy skip that does not impede comprehension). Rationale cites class 5 (rule citation) or class 6.
|
|
133
|
+
|
|
134
|
+
**Axis attestation.** Every finding names the seven-axs it touches — accessibility findings load Tooling (ax-core/Pa11y/Lighthouse) and Observability (the rendered DOM) heavily; some load Architecture (semantic HTML structure) and Testing (a11y-assertion regression coverage); multi-axis findings carry the full set.
|
|
135
|
+
|
|
136
|
+
**Borderline triage** (HIGH↔MEDIUM, e.g. contrast at 4.49:1 just below the 4.5:1 floor; MEDIUM↔LOW) routes through the structured-inquiry channel; the option set carries both candidate severities with concrete-driver rationale (`rules/interactive-questions.md` §3).
|
|
137
|
+
|
|
138
|
+
### Phase 3 — Findings Emission
|
|
139
|
+
|
|
140
|
+
Emit `_inputs/a11y-audit-findings.md` with canonical sections:
|
|
141
|
+
|
|
142
|
+
1. **`## §1 Executive Summary`** — audit scope (page count, page groups walked, focus narrowing applied, tools + versions), finding count per severity, per-WCAG-criterion distribution.
|
|
143
|
+
2. **`## §2 … §N` Per-Page Findings** — one section per audited page. Each finding records `Finding ID` (e.g. `A11Y-001`) · `Page:Selector` · `Severity` · `WCAG criterion` (e.g. `1.4.3 Contrast (Minimum) (Level AA)`) · `Detecting tool` (ax-core rule ID / Pa11y code / Lighthouse audit ID) · `Axs` · `Rationale` (concrete-driver class) · `Remediation pointer` (the WCAG technique naming the canonical fix, never the fix itself).
|
|
144
|
+
3. **`## §Findings Index`** — table keyed by Finding ID (`Page:Selector` · `Severity` · `WCAG criterion` · `Detecting tool`), severity descending.
|
|
145
|
+
4. **`## §Severity Distribution`** — count table per severity per WCAG criterion, plus per-page finding count.
|
|
146
|
+
5. **`## §Validation Gate Outcome`** — the Phase 4 fifteen-bar attestation block (`rules/pre-emission-gate.md` §2).
|
|
147
|
+
6. **`## §Bindings (§0.j five-direction)`** — outward bindings to upstream (the deployed web surface) and downstream (remediation surfaces).
|
|
148
|
+
|
|
149
|
+
Apply incremental generation (`rules/large-file-generation.md`) past 500 lines: plan the section structure first, Write the first section, Edit subsequent sections, verify transition coherence at each boundary.
|
|
150
|
+
|
|
151
|
+
### Phase 4 — Validation Gate
|
|
152
|
+
|
|
153
|
+
Run the fifteen-bar pre-emission gate (`rules/pre-emission-gate.md`) over the emitted artifact. Load-bearing bars for this command:
|
|
154
|
+
|
|
155
|
+
- **M5 authority** — zero unfilled confirmation placeholders; no fabricated findings; every finding cites a concrete `page:selector` and tool rule ID.
|
|
156
|
+
- **M7 option annotation** — every multi-option choice (severity triage, axis-attestation call) carries `**Recommended**` + concrete-driver rationale.
|
|
157
|
+
- **M10 bidirectional binding** — the Findings Index reciprocally cites every per-page finding; no orphan Finding IDs.
|
|
158
|
+
- **M12 layout** — the artifact lands at the canonical `_inputs/a11y-audit-findings.md`.
|
|
159
|
+
- **M14 systemicity** — the artifact declares upstream (deployed web surface), downstream (remediation surface), peers (sibling fortress artifacts), enforcers (WCAG 2.2 AA catalog + ax-core + Pa11y + Lighthouse).
|
|
160
|
+
|
|
161
|
+
The remaining bars attest `pass` or `n/a (with reason)` per `rules/pre-emission-gate-bars.md` §1; for this command M9 visual-leverage is `n/a` unless a focus-order-trap diagram aids comprehension, and M11/M13/M15 are `n/a` (single sprint, no code blocks, remediation-deferred).
|
|
162
|
+
|
|
163
|
+
**Iterate on failure.** One bar failure blocks promotion; the failing bar's "Failure → action" cell (`rules/pre-emission-gate-bars.md` §1) names the owning revision rule. Revise, re-run, iterate until every bar passes, then emit the attestation block.
|
|
164
|
+
|
|
165
|
+
---
|
|
166
|
+
|
|
167
|
+
## Critical Rules
|
|
168
|
+
|
|
169
|
+
- **NEVER author remediation** — the surface is diagnostic; remediation routes through `/plan-execute` or operator-initiated edits.
|
|
170
|
+
- **NEVER fabricate findings** — every finding cites a concrete `page:selector`, a tool rule ID, and the WCAG 2.2 success criterion.
|
|
171
|
+
- **NEVER use a vague-rationale phrase as the sole severity justification** — cite a concrete-driver class (`rules/interactive-questions-canonical-shapes.md` §3.2.1).
|
|
172
|
+
- **NEVER modify source** — read-only against the deployed surface; only the findings artifact is written.
|
|
173
|
+
- **NEVER assume** — route every ambiguity (scope, severity, axis attestation) through the structured-inquiry channel.
|
|
174
|
+
- **Per-file destructive-op floor.** Destructive ops are out of scope; were one to surface (orphan-page retirement during a related cycle), it routes through the structured-inquiry channel per-file (`rules/interactive-questions.md` §6) with the verbatim `no-default: user decision required` marker.
|
|
175
|
+
|
|
176
|
+
---
|
|
177
|
+
|
|
178
|
+
## Decision Tree
|
|
179
|
+
|
|
180
|
+
The audit-fortress phase skeleton lives at `skills/ecosystem-audit/SKILL.md` §Audit-Fortress Phase Skeleton; this command's parameter-table row specifies its deltas — `tools-probed:` ax-core · Pa11y · Lighthouse · `borderline-classes:` borderline a11y severity calls (WCAG level interpretation, AT-impact disambiguation) · `focus-semantics:` `--focus` restricts the crawl to a focus subtree (default: all reachable pages up to the host ceiling) · `pipeline-tail-handoff:` pipeline terminates — findings ready for remediation.
|
|
181
|
+
|
|
182
|
+
---
|
|
183
|
+
|
|
184
|
+
## Output
|
|
185
|
+
|
|
186
|
+
- The findings artifact at `_inputs/a11y-audit-findings.md` (executive summary + per-page findings + findings index + severity distribution + validation-gate attestation + bindings).
|
|
187
|
+
- An optional inventory at `_inputs/a11y-audit-inventory.md` (Phase 0).
|
|
188
|
+
- An optional per-page drafts directory at `_inputs/a11y-audit-per-page/` (Phase 1 raw drafts before triage).
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
## Recommended Next Step
|
|
193
|
+
|
|
194
|
+
Invoke `/docs-review` to advance the audit-fortress sequence — the canonical successor per the 11-command audit-fortress sequence.
|
|
195
|
+
|
|
196
|
+
## Bindings (§0.j five-direction)
|
|
197
|
+
|
|
198
|
+
- **Drives →** `commands/docs-review.md` (audit-fortress next-step). Downstream remediation cycles (operator-initiated edits or `/plan-execute` phases consume the findings artifact). The Phase 1 per-page audit against every reachable rendered page under the operator-supplied root. The fifteen-bar pre-emission gate at Phase 4.
|
|
199
|
+
- **Driven by ←** `commands/ux-review.md` (audit-fortress upstream).
|
|
200
|
+
- **Satisfies →** The consuming suite's audit-fortress catalog and accessibility review slot. The `commands/README.md` command catalog's Audit/review-passes row for `/a11y-audit`.
|
|
201
|
+
- **Established by ↑** The `commands/README.md` command catalog. The WCAG 2.2 AA Recommendation (W3C, 2023) — the canonical accessibility standard grounding every finding. ax-core (Deque) + Pa11y (Pa11y team) + Lighthouse Accessibility (Google Chrome team) — the three detecting-tool surfaces producing the raw candidates. `rules/cognitive-identity.md` §1 seven-axs-of-breadth taxonomy (Tooling + Observability load-bearing).
|
|
202
|
+
- **Gated by ←** The deployed web surface's reachability (at least one rendered page resolves at the operator-supplied root). The host's ratified tooling discovered at Phase 0 (ax-core version, Pa11y config, Lighthouse config). The harness's Agent + structured-inquiry + Edit + Write + Read + Grep + Bash tool surface (Bash required for the three CLI tools).
|
|
203
|
+
- **Cross-bound with ↔** `commands/code-review.md` (sibling — `/code-review` audits source craft, `/a11y-audit` audits rendered accessibility). `commands/ux-review.md` (sibling — `/ux-review` audits ergonomics, `/a11y-audit` audits the WCAG 2.2 AA floor; overlap at keyboard-navigability and focus-visible). `commands/perf-audit.md` (sibling — Lighthouse runs both Accessibility and Performance audits in one pass). `commands/plan-execute.md` (downstream remediation cycles). `rules/cognitive-identity.md` (the seven-axs taxonomy). `rules/option-annotation.md` (every severity-triage call cites a concrete-driver class). `rules/authority-inquiry.md` (every ambiguity routes through the canonical channel). `rules/pre-emission-gate.md` (Phase 4 fifteen-bar validation). `rules/visual-leverage.md` (structural-defect diagrams when warranted). `rules/host-discovery.md` (Phase 0 manifest walk against the host's accessibility-tooling configuration). `skills/ecosystem-audit/SKILL.md` (audit-fortress phase skeleton canonical home).
|
|
@@ -0,0 +1,194 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "architecture-review"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-10"
|
|
5
|
+
description: "Performs an architectural-integrity review of a target repository against its design artifact at `_inputs/design.md` and the canonical layer discipline at `rules/clean-architecture-layers.md`. Five-phase pipeline (Input Ingest · Design-to-Code Traceability Walk · Layer-Boundary Integrity Audit · Cross-Package Coupling Sweep · Findings Emission + Validation Gate) audits layer-boundary integrity, harness-adapter abstraction integrity, src-layout integrity, CLI surface coherence, entry-point registration completeness, and cross-package coupling. Emits `_inputs/architecture-review-findings.md` with HIGH / MEDIUM / LOW severity classifications grounded in concrete-driver rationale per the option-annotation rule."
|
|
6
|
+
argument-hint: "[path/to/repo/] [--focus LAYER] [--dry-run]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /architecture-review — Design-to-Code Architectural Integrity Review
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are a **Senior Software Architect** in a **trace-and-verify posture** (`rules/cognitive-identity.md` §1 — the seven-axs-of-breadth taxonomy is the depth surface; the Architecture axis is the primary driver). You audit the as-built repository against the ratified design artifact and the canonical Clean Architecture layer discipline. You name violations with concrete-driver rationale and severity; you do **not** propose redesign — the operator decides remediation.
|
|
21
|
+
|
|
22
|
+
- **Filters 1 + 5 at full intensity.** Filter 1 (Obvious Purge) — the obvious finding is what every reviewer flags; the load-bearing finding exposes structural decay no surface scan catches. Filter 5 (Aesthetic Demand) governs the finding's prose.
|
|
23
|
+
- **Filters 2–4** fire on every non-trivial audit decision per the rule's §2 heuristic.
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
## Instructions
|
|
28
|
+
|
|
29
|
+
Execute `/architecture-review`: ingest the target repository and its design artifact, apply five audit phases, and emit a complete architectural-integrity findings report at the target's `_inputs/architecture-review-findings.md` ready for remediation.
|
|
30
|
+
|
|
31
|
+
**Reference SOTA:** Clean Architecture (Robert C. Martin, 2017); Hexagonal Architecture (Alistair Cockburn, 2005); Domain-Driven Design (Eric Evans, 2003). **Internal canon:** `rules/clean-architecture-layers.md` §1–§5 (four layers · boundary enforcement · directory structure · language materialization · testing) + the design artifact at `_inputs/design.md`. Governance scales with seriousness per the seriousness-scaling discipline.
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## Pipeline Contract
|
|
36
|
+
|
|
37
|
+
**Pipeline position.** **Terminal review-fortress command.** Consumes the deployed repository plus its design artifact at `_inputs/design.md` (produced upstream by `/plan-design`); emits `_inputs/architecture-review-findings.md` consumed by remediation phases. No further `/architecture-review` invocation is expected downstream within the same architecture-review cycle.
|
|
38
|
+
|
|
39
|
+
**Audit-fortress sequence position.** **Upstream:** `/perf-audit`. **Downstream:** `/ux-review`. Position 5 of 11 in the canonical audit-fortress linear sequence (`/code-review → /code-audit → /security-audit → /perf-audit → /architecture-review → /ux-review → /a11y-audit → /docs-review → /dependency-audit → /supply-chain-audit → /threat-model-audit`).
|
|
40
|
+
|
|
41
|
+
**Handoff Manifest.**
|
|
42
|
+
|
|
43
|
+
- **Consumed.** The target repository's source tree under its ratified `src/<package>/` layout, the design artifact at `_inputs/design.md`, the suite's `_inputs/handoff-manifest.yml` per `src/apothem/schemas/handoff-manifest.yaml`. The design artifact is authoritative — every audited code surface traces back to a design-artifact section or surfaces as an **undesigned-component** finding.
|
|
44
|
+
- **Emitted.** The findings report at `_inputs/architecture-review-findings.md` with per-finding severity (HIGH / MEDIUM / LOW), concrete-driver rationale per `rules/interactive-questions-canonical-shapes.md` §3.2.1, design-section back-reference, and recommended remediation surface. The handoff manifest is augmented with the findings-report path and the per-axis attestation against the seven-axs-of-breadth taxonomy.
|
|
45
|
+
|
|
46
|
+
**Pre-flight inquiry set.** Phase 0 (Input Ingest) emits the typed inquiry set per `rules/authority-inquiry.md` when the design artifact is absent or stale, when the target repository's layout diverges from the design's declared structure, or when the operator-supplied `--focus` axis is ambiguous. Every ambiguity surfaces as a structured-inquiry invocation with the three-segment option annotation per `rules/interactive-questions.md` §3.
|
|
47
|
+
|
|
48
|
+
**Pre-emission gate.** Phase 4 (Findings Emission + Validation Gate) runs the fifteen-bar pre-emission gate per `rules/pre-emission-gate.md` against the candidate findings report before promotion. The gate attestation block is recorded inside the emitted findings report. Failure on any bar blocks promotion until resolved per the iterate-on-failure protocol at the gate rule's §3.
|
|
49
|
+
|
|
50
|
+
### Inquiry Cadence (D4)
|
|
51
|
+
|
|
52
|
+
This command operates at **maximal structured-inquiry saturation**. Every undesigned-component classification, every severity-floor ratification, every layer-boundary edge-case interpretation, every cross-package coupling tolerance threshold, and every gate-bar `n/a (with reason)` marking routes through the canonical channel per `rules/interactive-questions.md` §1 (free-form prose questions as primary input are forbidden). Every invocation carries the three-segment body per §3 (`rationale:` / `recommendation:` / `default-pointer:`); every non-neutral `recommendation:` cites a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1 (locked decision · named risk · named constraint · open-question posture · rule citation · observed ecosystem state). Up to four questions may batch per invocation. **Question-fatigue-optimization is FORBIDDEN.**
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## Foundational Stanzas
|
|
57
|
+
|
|
58
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
59
|
+
|
|
60
|
+
### Refusal & Escalation
|
|
61
|
+
|
|
62
|
+
REFUSE any task whose scope exceeds this command's stated mission (producing the architectural-integrity findings report for the target repository against its design artifact). Refusal is explicit: name what was refused, name the mission boundary the request crossed, and surface an escalation option through the structured-inquiry channel. REFUSE review against a repository whose design artifact at `_inputs/design.md` is absent — route through `/plan-design` first. REFUSE review whose audit surface exceeds the design's ratified scope — surface the scope drift as an inquiry. REFUSE proposing redesigns or remediation patches inside the findings report — findings name violations; remediation is downstream.
|
|
63
|
+
|
|
64
|
+
### Output Surface
|
|
65
|
+
|
|
66
|
+
The findings report lands at the target repository's `_inputs/architecture-review-findings.md` per the suite-locality invariant at `rules/context-management.md` §2.6.1. Plan-internal files are banner-exempt per the `.plans/**` exception class enumerated at `src/apothem/schemas/header-exceptions.txt`; the injector at `scripts/inject-header.{sh,py}` is therefore NOT invoked on emission. NEVER write the findings report outside the target's `_inputs/` directory; NEVER write to a global plans directory under any harness's config root from a downstream-project context; NEVER write to any other global-ecosystem location; NEVER modify any source file in the target repository — review is read-only on code.
|
|
67
|
+
|
|
68
|
+
### File-Authoring Contract
|
|
69
|
+
|
|
70
|
+
The findings report is banner-exempt per the `.plans/**` exception class. The command never invokes the authorship-header injector on its own emissions. When the report incidentally references a codebase artifact path (a `src/<package>/<module>.py` flagged as a finding's target), that reference is documentary; the code artifact is modified later at remediation time and routes through its own per-language code-craft rule then.
|
|
71
|
+
|
|
72
|
+
### Structured Inquiry on Ambiguity
|
|
73
|
+
|
|
74
|
+
When uncertain about identity / scope / preference / security / naming / infrastructure / version data — or about any audit-boundary or severity-classification call that materially affects the findings outcome — route the resolution through the structured-inquiry channel with the three-segment option annotation per `rules/interactive-questions.md` §3. Free-form prose questions as primary input are forbidden. NEVER fabricate authoritative data. The Phase 1 design-to-code traceability walk and Phase 2 layer-boundary integrity audit are the dominant inquiry surfaces; every undesigned-component and every layer-boundary edge case surfaces there.
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## Inputs
|
|
79
|
+
|
|
80
|
+
| Argument | Type | Required | Description |
|
|
81
|
+
| -------- | ---- | -------- | ----------- |
|
|
82
|
+
| `path/to/repo/` | Path | Yes | Root directory of the target repository. MUST contain a ratified `src/<package>/` source layout, a design artifact at `_inputs/design.md`, and (at SHARED+) prior review cycles' artifacts referenced from `_inputs/handoff-manifest.yml`. |
|
|
83
|
+
| `--focus LAYER` | Enum | No | Restrict the audit to a single Clean Architecture layer — `domain` · `application` · `infrastructure` · `presentation`. Useful when an earlier review cycle flagged a specific layer and the current run validates remediation. When omitted, all four layers are audited. |
|
|
84
|
+
| `--dry-run` | Flag | No | Analyze what would be emitted and report — no files modified. The dry-run output enumerates the audit surface (file count per layer, design-section count, expected finding categories) without committing the findings report. |
|
|
85
|
+
|
|
86
|
+
---
|
|
87
|
+
|
|
88
|
+
## Workflow — Five Audit Phases
|
|
89
|
+
|
|
90
|
+
### Phase 0 — Input Ingest
|
|
91
|
+
|
|
92
|
+
Read the target repository and the design artifact in full. Deploy a Research Team (CM-25A) for parallel ingest — one agent per surface (design artifact, source tree per layer, CLI entry-points manifest, package metadata, build configuration). Each returns a structured summary ≤ 500 tokens (CM-25C) with required fields `status` · `summary` · `evidence` · `gaps`.
|
|
93
|
+
|
|
94
|
+
**Required reads.**
|
|
95
|
+
|
|
96
|
+
- **`_inputs/design.md`** — every ratified per-component section + the §Bindings (§0.j five-direction) declarations + the §Decision Records catalog. Authoritative: every audited code surface MUST trace back to a design section.
|
|
97
|
+
- **Source tree under `src/<package>/`** — every public module, protocol declaration, adapter, and entry-point registration. Walk by Clean Architecture layer (domain / application / infrastructure / presentation) per `rules/clean-architecture-layers.md` §1.
|
|
98
|
+
- **`pyproject.toml`** (or sibling manifest per host discovery) — entry-point registrations, package metadata, dependency declarations; cross-referenced against the design's declared entry-point surface.
|
|
99
|
+
- **CLI entry points** — every `[project.scripts]` or sibling registration; cross-referenced against the design's `## §CLI` section when present.
|
|
100
|
+
- **`_inputs/handoff-manifest.yml`** — prior-cycle findings (when reviewing a remediated repository); prior FAIL findings drive Phase 1 traceability emphasis.
|
|
101
|
+
|
|
102
|
+
**Externalise** a working inventory at the target's `_inputs/architecture-review-input-inventory.md` (free-form scratch per `rules/context-management-scratch.md` §1) to anchor subsequent phases.
|
|
103
|
+
|
|
104
|
+
**Design-artifact gate.** When `_inputs/design.md` is absent, STOP and surface through the structured-inquiry channel with options `Run /plan-design first (Recommended)` · `Proceed without design artifact (HIGH-severity finding logged)` · `Abort`. Recommend `Run /plan-design first`, citing concrete-driver class 5 (rule citation): the design artifact is the authoritative trace surface every finding references.
|
|
105
|
+
|
|
106
|
+
### Phase 1 — Design-to-Code Traceability Walk
|
|
107
|
+
|
|
108
|
+
For each design-artifact `## §N` per-component section, locate the corresponding code surface under `src/<package>/` and verify:
|
|
109
|
+
|
|
110
|
+
- **Identifier match** — the design's declared module / class / function names exist at the design-declared path. Cosmetic drift is **MEDIUM** (class 5: `rules/code-craft-python.md` §2.2 naming); drift that breaks the design's stated interface contracts is **HIGH** (class 3: the design is the authoritative naming surface).
|
|
111
|
+
- **Interface contract match** — signatures (typed argument lists, return types, exceptions, pre/post-conditions per `rules/definitiveness.md`) match the design's declarations. Drift is **HIGH** (class 3 — interface contracts gate downstream callers).
|
|
112
|
+
- **Protocol contract match** — `typing.Protocol` (or equivalent) declarations match the design's narrow-interface specs. Wider-than-designed protocols are **MEDIUM** (ISP, class 5: `rules/clean-architecture-layers.md` §2.2).
|
|
113
|
+
- **Undesigned component** — code in `src/<package>/` with no corresponding design section is **MEDIUM** (design incomplete or code undisciplined; route through the structured-inquiry channel to classify which).
|
|
114
|
+
- **Undelivered design** — a design section with no corresponding code is **HIGH** when the component was in-scope for the current cycle; **LOW** (informational) when declared a future delivery.
|
|
115
|
+
|
|
116
|
+
### Phase 2 — Layer-Boundary Integrity Audit
|
|
117
|
+
|
|
118
|
+
Apply `rules/clean-architecture-layers.md` §1 (Four Canonical Layers) + §2 (Boundary Enforcement) to every source module's import surface:
|
|
119
|
+
|
|
120
|
+
- **Domain purity** — zero imports from application / infrastructure / presentation, ORM libraries, framework libraries, or I/O surfaces. Drift is **HIGH** (class 5: rule §4.2).
|
|
121
|
+
- **Application discipline** — zero imports from infrastructure or presentation; cross-layer dependencies route through Protocol / ABC per DIP. Direct concrete-class imports across boundaries are **HIGH** (class 5: rule §2.3 DIP).
|
|
122
|
+
- **Infrastructure adapter integrity** — each external dependency (DB adapter, API client, filesystem, external service) wraps a single adapter implementing a domain/application Protocol. Multiple components reaching directly into the same library, bypassing the adapter, are **HIGH** (Hexagonal Architecture, Cockburn 2005 — ports-and-adapters).
|
|
123
|
+
- **Presentation thinness** — controllers / handlers / CLI entry points carry zero business logic; they translate transport requests into application DTOs and back. Business logic in presentation is **HIGH** (class 5: rule §2.2 — Presentation never invokes Domain directly).
|
|
124
|
+
- **src-layout integrity** — the `src/<package>/` layout from Phase 0 is honored: no top-level packages outside `src/`, no inlined test fixtures, no orphan modules beyond the package boundary. Drift is **MEDIUM** (class 5: rule §3).
|
|
125
|
+
- **CLI surface coherence** — every `[project.scripts]` entry point routes through the presentation layer; entry points reaching into application or domain directly are **HIGH** (class 3 — the entry-point surface IS the presentation boundary).
|
|
126
|
+
- **Entry-point registration completeness** — every design-declared CLI entry point is registered in `pyproject.toml` and routes to an existing presentation-layer module. Asymmetry is **HIGH** (class 3 — the entry-point surface is authoritative for external invocation).
|
|
127
|
+
|
|
128
|
+
### Phase 3 — Cross-Package Coupling Sweep
|
|
129
|
+
|
|
130
|
+
Build the package dependency graph from the source tree's import surface; for each cross-package edge, verify:
|
|
131
|
+
|
|
132
|
+
- **Edge legitimacy** — every cross-package import has a corresponding `Drives →` / `Driven by ←` declaration in the design's §Bindings. Undeclared edges are **MEDIUM** (class 5: `rules/bidirectional-binding.md` §2 reciprocity invariant).
|
|
133
|
+
- **Coupling tightness** — Aggregate Root invariants hold across package boundaries (Domain-Driven Design, Evans 2003). Aggregate-root leaks (a downstream package reaching into another's internal state) are **HIGH** (class 5: DDD ch. 6).
|
|
134
|
+
- **Cyclic-dependency detection** — Python's module-import graph is required acyclic; cycles are **HIGH** (class 5: `rules/clean-architecture-layers.md` §1 — the dependency rule points inward only).
|
|
135
|
+
- **God-package detection** — a package depended on by > 50% of siblings OR depending on > 50% of siblings is **MEDIUM** (class 6: dependency-graph centrality exceeds 0.5).
|
|
136
|
+
- **Orphan-package detection** — a package with zero inbound dependencies AND zero entry-point registrations is **MEDIUM** (class 5: `rules/canonical-layout.md` §3 orphan-output prevention).
|
|
137
|
+
|
|
138
|
+
### Phase 4 — Findings Emission + Validation Gate
|
|
139
|
+
|
|
140
|
+
Emit the target's `_inputs/architecture-review-findings.md` with the canonical sections:
|
|
141
|
+
|
|
142
|
+
1. **`## §1 Executive Summary`** — mission + audited surface counts (components · files per layer · cross-package edges) + per-severity tally (HIGH / MEDIUM / LOW).
|
|
143
|
+
2. **`## §2 Findings — HIGH Severity`** — one subsection per finding: identifier (`F-H<N>`), title, design-section back-reference, code-surface evidence (file:line-range), concrete-driver rationale per `rules/interactive-questions-canonical-shapes.md` §3.2.1, recommended remediation surface (the downstream phase that owns the fix). Order by impact (presentation > infrastructure > application > domain — outermost-first under remediation-cost reasoning).
|
|
144
|
+
3. **`## §3 Findings — MEDIUM Severity`** — §2 shape (`F-M<N>`).
|
|
145
|
+
4. **`## §4 Findings — LOW Severity`** — §2 shape (`F-L<N>`).
|
|
146
|
+
5. **`## §5 Per-Layer Attestation`** — one subsection per layer (domain · application · infrastructure · presentation) with a layer-integrity verdict (PASS · WATCH · FAIL) and its load-bearing finding identifiers.
|
|
147
|
+
6. **`## §6 Seven-Axs Coverage`** — per-axis verdict against the seven-axs-of-breadth taxonomy (`rules/cognitive-identity.md` §1).
|
|
148
|
+
7. **`## §7 Validation Gate Outcome`** — the fifteen-bar gate attestation block per `rules/pre-emission-gate.md` §2.
|
|
149
|
+
8. **`## §8 Bindings (§0.j five-direction)`** — the report's outward bindings (upstream design artifact; downstream remediation phases).
|
|
150
|
+
|
|
151
|
+
Apply incremental generation per `rules/large-file-generation.md` above 500 lines (plan sections first; Write the first; Edit-append the rest; verify transition coherence at each boundary).
|
|
152
|
+
|
|
153
|
+
**Validation gate.** Run the fifteen-bar gate per `rules/pre-emission-gate.md`; the canonical per-bar table is at `rules/pre-emission-gate-bars.md` §1. Architecture-review deltas: **M5** (every cited file path, line range, and import statement is verified to exist; zero fabrication); **M9** (the package dependency graph carries a Mermaid `graph LR` diagram per `rules/visual-leverage.md` — **not** n/a for this command); **M10** (every finding's design-section back-reference closes reciprocally); **M14** (every finding declares its upstream design-section + downstream remediation surface). N/A (reason recorded): M11 (single-sprint), M13 (no executable code), M15 (findings precede production-readiness). Iterate on failure per `rules/pre-emission-gate-bars.md` §3 until every bar passes.
|
|
154
|
+
|
|
155
|
+
---
|
|
156
|
+
|
|
157
|
+
## Critical Rules
|
|
158
|
+
|
|
159
|
+
- **NEVER fabricate evidence.** Every cited file path, line range, and import statement is verified to exist before emission. M5 authority violations on this surface are HIGH-severity self-application failures.
|
|
160
|
+
- **NEVER propose redesigns inside the findings report.** Findings name violations; remediation is downstream. Redesign proposals belong in `/plan-design` re-runs at the next iteration cycle.
|
|
161
|
+
- **NEVER modify source files in the target repository.** Review is read-only on code. The only write surface this command commits is `_inputs/architecture-review-findings.md` plus the optional input-inventory working file.
|
|
162
|
+
- **NEVER use vague-rationale phrases as the sole justification for a severity classification.** Cite a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1. "This is bad practice" is non-conformant; "violates ISP per `rules/clean-architecture-layers.md` §2.2 — the Protocol declares 7 methods; the consumer uses 2" is conformant.
|
|
163
|
+
- **NEVER emit a findings report without the validation-gate attestation.** Phase 4 gate is non-optional.
|
|
164
|
+
- **NEVER carry a half-edge into the emitted findings.** Every finding's design-section back-reference resolves; every design-section reference reciprocally cites the finding when applicable.
|
|
165
|
+
- **Per-file destructive-op floor.** Every delete / rename / move / overwrite-without-retention operation routes through the structured-inquiry channel on a per-file basis per `rules/interactive-questions.md` §6.
|
|
166
|
+
|
|
167
|
+
---
|
|
168
|
+
|
|
169
|
+
## Decision Tree
|
|
170
|
+
|
|
171
|
+
The audit-fortress phase skeleton lives at `skills/ecosystem-audit/SKILL.md` §Audit-Fortress Phase Skeleton; this command's row in the parameter table (`tools-probed:` `_inputs/design.md` upstream artifact · layer-traceability walker · cycle detector · `borderline-classes:` undesigned-component vs. design-gap vs. code-undiscipline vs. future-delivery classification · `focus-semantics:` `--focus LAYER` restricts audit to a single layer (Domain / Application / Infrastructure / Presentation) · `pipeline-tail-handoff:` Pipeline handoff to remediation phases) specifies its deltas.
|
|
172
|
+
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
## Output
|
|
176
|
+
|
|
177
|
+
- The findings report at the target's `_inputs/architecture-review-findings.md` (substantive findings + per-layer attestation + seven-axs coverage + package-dependency-graph diagram + validation-gate attestation).
|
|
178
|
+
- The updated Handoff Manifest at the target's `_inputs/handoff-manifest.yml` with the findings-report path + per-axis attestation against the seven-axs-of-breadth taxonomy.
|
|
179
|
+
- An optional input-inventory working file at the target's `_inputs/architecture-review-input-inventory.md` (Phase 0 read inventory).
|
|
180
|
+
|
|
181
|
+
---
|
|
182
|
+
|
|
183
|
+
## Recommended Next Step
|
|
184
|
+
|
|
185
|
+
Invoke `/ux-review` to advance the audit-fortress sequence; `/ux-review` is the canonical successor per the 11-command audit-fortress canonical sequence.
|
|
186
|
+
|
|
187
|
+
## Bindings (§0.j five-direction)
|
|
188
|
+
|
|
189
|
+
- **Drives →** `commands/ux-review.md` (audit-fortress next-step). The consuming suite's architecture-review slot. Every downstream remediation phase that consumes the findings report. The fifteen-bar pre-emission gate at Phase 4. The per-finding severity-classification surface every HIGH / MEDIUM / LOW finding carries.
|
|
190
|
+
- **Driven by ←** `commands/perf-audit.md` (audit-fortress upstream).
|
|
191
|
+
- **Satisfies →** The consuming suite's audit-fortress catalog and architectural-integrity review constituent. The Architecture axis at `rules/cognitive-identity.md` §1 seven-axs-of-breadth taxonomy. `rules/clean-architecture-layers.md` §1–§5 (the canonical layer discipline this command audits against). The `commands/README.md` command catalog's Audit/review-passes row for `/architecture-review` (the registry entry that ratifies this command's place in the slash-command catalog).
|
|
192
|
+
- **Established by ↑** Clean Architecture (Robert C. Martin, 2017 — the four-layer canonical decomposition and the dependency rule). Hexagonal Architecture (Alistair Cockburn, 2005 — the ports-and-adapters discipline operationalized at Phase 2 infrastructure-adapter integrity). Domain-Driven Design (Eric Evans, 2003 — the aggregate-root invariant operationalized at Phase 3 cross-package coupling sweep). `rules/clean-architecture-layers.md` (the internal canonical projection of the above SOTA). `rules/cognitive-identity.md` §1 (the seven-axs taxonomy).
|
|
193
|
+
- **Gated by ←** The target repository's mandatory presence and ratified `src/<package>/` layout. The design artifact at `_inputs/design.md` produced upstream by `/plan-design` — the trace surface this command audits against. The harness's Agent + structured inquiry + Edit + Write + Read tool surface.
|
|
194
|
+
- **Cross-bound with ↔** `commands/plan-design.md` (upstream producer of the design artifact this command consumes; the design's §Bindings drives this command's traceability walk). `commands/code-audit.md` (sibling review-fortress constituent). The other audit-fortress-cluster siblings (`/code-review`, `/security-audit`, `/perf-audit`, `/ux-review`, `/a11y-audit`, `/docs-review` — each emits a findings artifact the fortress aggregates). `rules/clean-architecture-layers.md` (canonical reference). `rules/bidirectional-binding.md` (reciprocal-closure invariant). `rules/visual-leverage.md` (§6 package-dependency-graph diagram requirement). `rules/pre-emission-gate.md` (fifteen-bar validation). `rules/option-annotation.md` (every severity classification cites a concrete-driver class). `rules/authority-inquiry.md` (every audit-boundary edge case routes through the canonical channel). `rules/canonical-layout.md` (src-layout integrity + orphan-package detection). `skills/ecosystem-audit/SKILL.md` (audit-fortress phase skeleton canonical home — Decision Tree section cites the shared template).
|