@ahmed-g-gad/apothem 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -0
- package/LICENSE +21 -0
- package/LICENSES/MIT.txt +18 -0
- package/LICENSES/PSF-2.0.txt +47 -0
- package/README.md +549 -0
- package/bin/README.md +37 -0
- package/bin/apothem.mjs +78 -0
- package/package.json +75 -0
- package/pyproject.toml +347 -0
- package/src/apothem/README.md +52 -0
- package/src/apothem/__init__.py +66 -0
- package/src/apothem/__main__.py +28 -0
- package/src/apothem/_vendor/.keep +0 -0
- package/src/apothem/_vendor/__init__.py +25 -0
- package/src/apothem/_vendor/attr/__init__.py +104 -0
- package/src/apothem/_vendor/attr/__init__.pyi +389 -0
- package/src/apothem/_vendor/attr/_cmp.py +160 -0
- package/src/apothem/_vendor/attr/_cmp.pyi +13 -0
- package/src/apothem/_vendor/attr/_compat.py +99 -0
- package/src/apothem/_vendor/attr/_config.py +31 -0
- package/src/apothem/_vendor/attr/_funcs.py +497 -0
- package/src/apothem/_vendor/attr/_make.py +3406 -0
- package/src/apothem/_vendor/attr/_next_gen.py +674 -0
- package/src/apothem/_vendor/attr/_typing_compat.pyi +15 -0
- package/src/apothem/_vendor/attr/_version_info.py +89 -0
- package/src/apothem/_vendor/attr/_version_info.pyi +9 -0
- package/src/apothem/_vendor/attr/converters.py +162 -0
- package/src/apothem/_vendor/attr/converters.pyi +19 -0
- package/src/apothem/_vendor/attr/exceptions.py +95 -0
- package/src/apothem/_vendor/attr/exceptions.pyi +17 -0
- package/src/apothem/_vendor/attr/filters.py +72 -0
- package/src/apothem/_vendor/attr/filters.pyi +6 -0
- package/src/apothem/_vendor/attr/py.typed +0 -0
- package/src/apothem/_vendor/attr/setters.py +79 -0
- package/src/apothem/_vendor/attr/setters.pyi +20 -0
- package/src/apothem/_vendor/attr/validators.py +750 -0
- package/src/apothem/_vendor/attr/validators.pyi +140 -0
- package/src/apothem/_vendor/attr.LICENSE +21 -0
- package/src/apothem/_vendor/attrs/__init__.py +72 -0
- package/src/apothem/_vendor/attrs/__init__.pyi +314 -0
- package/src/apothem/_vendor/attrs/converters.py +3 -0
- package/src/apothem/_vendor/attrs/exceptions.py +3 -0
- package/src/apothem/_vendor/attrs/filters.py +3 -0
- package/src/apothem/_vendor/attrs/py.typed +0 -0
- package/src/apothem/_vendor/attrs/setters.py +3 -0
- package/src/apothem/_vendor/attrs/validators.py +3 -0
- package/src/apothem/_vendor/attrs.LICENSE +21 -0
- package/src/apothem/_vendor/jsonschema/__init__.py +120 -0
- package/src/apothem/_vendor/jsonschema/__main__.py +6 -0
- package/src/apothem/_vendor/jsonschema/_format.py +546 -0
- package/src/apothem/_vendor/jsonschema/_keywords.py +449 -0
- package/src/apothem/_vendor/jsonschema/_legacy_keywords.py +449 -0
- package/src/apothem/_vendor/jsonschema/_types.py +204 -0
- package/src/apothem/_vendor/jsonschema/_typing.py +29 -0
- package/src/apothem/_vendor/jsonschema/_utils.py +355 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/__init__.py +5 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/const_vs_enum.py +30 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/contains.py +28 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/import_benchmark.py +31 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/issue232/issue.json +2653 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/issue232.py +25 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/json_schema_test_suite.py +12 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/nested_schemas.py +56 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/subcomponents.py +42 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/unused_registry.py +35 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/useless_applicator_schemas.py +106 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/useless_keywords.py +32 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/validator_creation.py +14 -0
- package/src/apothem/_vendor/jsonschema/cli.py +292 -0
- package/src/apothem/_vendor/jsonschema/exceptions.py +490 -0
- package/src/apothem/_vendor/jsonschema/protocols.py +230 -0
- package/src/apothem/_vendor/jsonschema/validators.py +1410 -0
- package/src/apothem/_vendor/jsonschema.LICENSE +19 -0
- package/src/apothem/_vendor/jsonschema_specifications/__init__.py +12 -0
- package/src/apothem/_vendor/jsonschema_specifications/_core.py +38 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/metaschema.json +42 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/applicator +56 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/content +17 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/core +57 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/format +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/meta-data +37 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/validation +98 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/metaschema.json +58 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/applicator +48 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/content +17 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/core +51 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/format-annotation +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/format-assertion +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/meta-data +37 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/unevaluated +15 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/validation +98 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft3/metaschema.json +172 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft4/metaschema.json +149 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft6/metaschema.json +153 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft7/metaschema.json +166 -0
- package/src/apothem/_vendor/jsonschema_specifications.LICENSE +19 -0
- package/src/apothem/_vendor/referencing/__init__.py +7 -0
- package/src/apothem/_vendor/referencing/_attrs.py +31 -0
- package/src/apothem/_vendor/referencing/_attrs.pyi +21 -0
- package/src/apothem/_vendor/referencing/_core.py +739 -0
- package/src/apothem/_vendor/referencing/exceptions.py +165 -0
- package/src/apothem/_vendor/referencing/jsonschema.py +642 -0
- package/src/apothem/_vendor/referencing/py.typed +0 -0
- package/src/apothem/_vendor/referencing/retrieval.py +94 -0
- package/src/apothem/_vendor/referencing/typing.py +61 -0
- package/src/apothem/_vendor/referencing.LICENSE +19 -0
- package/src/apothem/_vendor/rpds/__init__.py +251 -0
- package/src/apothem/_vendor/typing_extensions.LICENSE +279 -0
- package/src/apothem/_vendor/typing_extensions.py +4317 -0
- package/src/apothem/_vendor/vendor.txt +22 -0
- package/src/apothem/_vendor/yaml/__init__.py +389 -0
- package/src/apothem/_vendor/yaml/composer.py +138 -0
- package/src/apothem/_vendor/yaml/constructor.py +748 -0
- package/src/apothem/_vendor/yaml/cyaml.py +100 -0
- package/src/apothem/_vendor/yaml/dumper.py +61 -0
- package/src/apothem/_vendor/yaml/emitter.py +1137 -0
- package/src/apothem/_vendor/yaml/error.py +74 -0
- package/src/apothem/_vendor/yaml/events.py +85 -0
- package/src/apothem/_vendor/yaml/loader.py +63 -0
- package/src/apothem/_vendor/yaml/nodes.py +48 -0
- package/src/apothem/_vendor/yaml/parser.py +588 -0
- package/src/apothem/_vendor/yaml/reader.py +185 -0
- package/src/apothem/_vendor/yaml/representer.py +388 -0
- package/src/apothem/_vendor/yaml/resolver.py +226 -0
- package/src/apothem/_vendor/yaml/scanner.py +1435 -0
- package/src/apothem/_vendor/yaml/serializer.py +110 -0
- package/src/apothem/_vendor/yaml/tokens.py +103 -0
- package/src/apothem/_vendor/yaml.LICENSE +20 -0
- package/src/apothem/agents/README.md +60 -0
- package/src/apothem/agents/codebase-explorer.md +91 -0
- package/src/apothem/agents/convention-auditor.md +93 -0
- package/src/apothem/agents/dependency-auditor.md +97 -0
- package/src/apothem/agents/fact-checker.md +84 -0
- package/src/apothem/agents/mcp-builder.md +86 -0
- package/src/apothem/agents/memory-auditor.md +93 -0
- package/src/apothem/agents/prompt-evaluator.md +87 -0
- package/src/apothem/agents/quality-gate.md +103 -0
- package/src/apothem/agents/refactor-surgeon.md +74 -0
- package/src/apothem/agents/research-scout.md +73 -0
- package/src/apothem/agents/security-scanner.md +83 -0
- package/src/apothem/agents/test-runner.md +84 -0
- package/src/apothem/audit/README.md +73 -0
- package/src/apothem/audit/_scan_lib.py +182 -0
- package/src/apothem/audit/analyze_graph.py +260 -0
- package/src/apothem/audit/build_capability_graph.py +607 -0
- package/src/apothem/audit/build_inventory.py +657 -0
- package/src/apothem/audit/build_plans_provenance.py +997 -0
- package/src/apothem/audit/check_links.py +389 -0
- package/src/apothem/audit/classify_artifacts.py +381 -0
- package/src/apothem/audit/deprecated-tokens.txt +10 -0
- package/src/apothem/audit/execute_plans_migration.py +491 -0
- package/src/apothem/audit/known-projects.txt +15 -0
- package/src/apothem/audit/render_capability_index.py +467 -0
- package/src/apothem/audit/render_inventory.py +405 -0
- package/src/apothem/audit/scan_ai_surfaces.py +1125 -0
- package/src/apothem/audit/scan_ai_surfaces_coarse.py +261 -0
- package/src/apothem/audit/scan_drift_features.py +143 -0
- package/src/apothem/audit/scan_frontmatter.py +293 -0
- package/src/apothem/audit/scan_header_coverage.py +1134 -0
- package/src/apothem/audit/scan_plan_leakage.py +540 -0
- package/src/apothem/audit/scan_plans_discipline.py +188 -0
- package/src/apothem/audit/scan_secrets_pii.py +245 -0
- package/src/apothem/audit/scan_stale_tokens.py +296 -0
- package/src/apothem/audit/synthesize_drift.py +205 -0
- package/src/apothem/benchmarks/README.md +33 -0
- package/src/apothem/benchmarks/__init__.py +3 -0
- package/src/apothem/benchmarks/bench_agents.py +63 -0
- package/src/apothem/benchmarks/bench_hooks.py +93 -0
- package/src/apothem/benchmarks/bench_install.py +58 -0
- package/src/apothem/benchmarks/bench_tests.py +93 -0
- package/src/apothem/benchmarks/bench_validate_ecosystem.py +84 -0
- package/src/apothem/cli/README.md +33 -0
- package/src/apothem/cli/__init__.py +229 -0
- package/src/apothem/cli/_cmd_completion.py +88 -0
- package/src/apothem/cli/_cmd_diff.py +181 -0
- package/src/apothem/cli/_cmd_doctor.py +143 -0
- package/src/apothem/cli/_cmd_harnesses.py +167 -0
- package/src/apothem/cli/_cmd_install.py +327 -0
- package/src/apothem/cli/_cmd_migrate_workspace.py +143 -0
- package/src/apothem/cli/_cmd_profile.py +341 -0
- package/src/apothem/cli/_cmd_status.py +180 -0
- package/src/apothem/cli/_cmd_uninstall.py +215 -0
- package/src/apothem/cli/_cmd_update.py +397 -0
- package/src/apothem/cli/_cmd_verify.py +194 -0
- package/src/apothem/cli/_common_flags.py +90 -0
- package/src/apothem/cli/_epilogs.py +296 -0
- package/src/apothem/cli/_helpers.py +857 -0
- package/src/apothem/cli/_json_formatter.py +21 -0
- package/src/apothem/cli/_materialize.py +376 -0
- package/src/apothem/cli/completions/apothem.bash +30 -0
- package/src/apothem/cli/completions/apothem.fish +19 -0
- package/src/apothem/cli/completions/apothem.ps1 +27 -0
- package/src/apothem/cli/completions/apothem.zsh +42 -0
- package/src/apothem/cli/reference_export.py +126 -0
- package/src/apothem/commands/README.md +125 -0
- package/src/apothem/commands/a11y-audit.md +203 -0
- package/src/apothem/commands/architecture-review.md +194 -0
- package/src/apothem/commands/audit.md +165 -0
- package/src/apothem/commands/code-audit.md +218 -0
- package/src/apothem/commands/code-review.md +193 -0
- package/src/apothem/commands/dependency-audit.md +209 -0
- package/src/apothem/commands/docs-review.md +199 -0
- package/src/apothem/commands/elevate.md +285 -0
- package/src/apothem/commands/eval.md +149 -0
- package/src/apothem/commands/fortress.md +172 -0
- package/src/apothem/commands/freshify.md +168 -0
- package/src/apothem/commands/github-deploy-fresh.md +178 -0
- package/src/apothem/commands/github-deploy-next.md +167 -0
- package/src/apothem/commands/perf-audit.md +198 -0
- package/src/apothem/commands/plan-amend.md +104 -0
- package/src/apothem/commands/plan-audit.md +127 -0
- package/src/apothem/commands/plan-design.md +257 -0
- package/src/apothem/commands/plan-execute.md +495 -0
- package/src/apothem/commands/plan-generate.md +351 -0
- package/src/apothem/commands/plan-review.md +555 -0
- package/src/apothem/commands/plan-spec.md +359 -0
- package/src/apothem/commands/plan-status.md +222 -0
- package/src/apothem/commands/plan.md +173 -0
- package/src/apothem/commands/projectify.md +142 -0
- package/src/apothem/commands/release-readiness.md +142 -0
- package/src/apothem/commands/research-analysis.md +241 -0
- package/src/apothem/commands/research-design.md +231 -0
- package/src/apothem/commands/research-disseminate.md +225 -0
- package/src/apothem/commands/research-experiment.md +232 -0
- package/src/apothem/commands/research-ideate.md +213 -0
- package/src/apothem/commands/research-paper.md +252 -0
- package/src/apothem/commands/research-proposal.md +220 -0
- package/src/apothem/commands/research-publish.md +255 -0
- package/src/apothem/commands/research-review.md +251 -0
- package/src/apothem/commands/research-sources.md +266 -0
- package/src/apothem/commands/research-spec.md +255 -0
- package/src/apothem/commands/research-synthesis.md +233 -0
- package/src/apothem/commands/research-theory.md +218 -0
- package/src/apothem/commands/research.md +181 -0
- package/src/apothem/commands/security-audit.md +196 -0
- package/src/apothem/commands/supply-chain-audit.md +192 -0
- package/src/apothem/commands/test-suite.md +146 -0
- package/src/apothem/commands/threat-model-audit.md +199 -0
- package/src/apothem/commands/ux-review.md +202 -0
- package/src/apothem/commands/workflow.md +162 -0
- package/src/apothem/conformity/README.md +173 -0
- package/src/apothem/conformity/__init__.py +1 -0
- package/src/apothem/conformity/_grep_base.py +93 -0
- package/src/apothem/conformity/agent_capability_grep.py +306 -0
- package/src/apothem/conformity/agents_md_coverage_grep.py +382 -0
- package/src/apothem/conformity/agnosticism_grep.py +311 -0
- package/src/apothem/conformity/always_on_budget_grep.py +318 -0
- package/src/apothem/conformity/bare_except_grep.py +115 -0
- package/src/apothem/conformity/binding_reciprocity_grep.py +151 -0
- package/src/apothem/conformity/brand_mark_grep.py +272 -0
- package/src/apothem/conformity/commented_out_code_grep.py +176 -0
- package/src/apothem/conformity/completion_claim_grep.py +169 -0
- package/src/apothem/conformity/conventional_commit_grep.py +319 -0
- package/src/apothem/conformity/copilot_instructions_presence_grep.py +324 -0
- package/src/apothem/conformity/cross_platform_matrix_grep.py +297 -0
- package/src/apothem/conformity/determinism_grep.py +306 -0
- package/src/apothem/conformity/diagram_staleness_grep.py +154 -0
- package/src/apothem/conformity/dynamism_grep.py +284 -0
- package/src/apothem/conformity/editorconfig_presence_grep.py +281 -0
- package/src/apothem/conformity/file_header_grep.py +502 -0
- package/src/apothem/conformity/freshness_token_grep.py +233 -0
- package/src/apothem/conformity/frontmatter_grep.py +274 -0
- package/src/apothem/conformity/frontmatter_value_grep.py +386 -0
- package/src/apothem/conformity/gate.py +1386 -0
- package/src/apothem/conformity/gitattributes_presence_grep.py +238 -0
- package/src/apothem/conformity/harden_runner_grep.py +320 -0
- package/src/apothem/conformity/hedging_grep.py +129 -0
- package/src/apothem/conformity/license_author_consistency_grep.py +204 -0
- package/src/apothem/conformity/link_check.py +327 -0
- package/src/apothem/conformity/magic_number_grep.py +182 -0
- package/src/apothem/conformity/multi_surface_coherence_grep.py +620 -0
- package/src/apothem/conformity/naming_grep.py +224 -0
- package/src/apothem/conformity/no_global_plans_grep.py +339 -0
- package/src/apothem/conformity/no_toplevel_docs_grep.py +120 -0
- package/src/apothem/conformity/oidc_trusted_publishing_grep.py +291 -0
- package/src/apothem/conformity/option_annotation_grep.py +352 -0
- package/src/apothem/conformity/orphan_output_grep.py +206 -0
- package/src/apothem/conformity/permissions_minimum_scope_grep.py +299 -0
- package/src/apothem/conformity/plain_language_grep.py +559 -0
- package/src/apothem/conformity/plan_next_step_consistency_grep.py +450 -0
- package/src/apothem/conformity/plan_suite_structure_grep.py +534 -0
- package/src/apothem/conformity/plans_discipline_language_grep.py +245 -0
- package/src/apothem/conformity/production_ready_pr_grep.py +200 -0
- package/src/apothem/conformity/recommend_next_step_grep.py +250 -0
- package/src/apothem/conformity/redundancy_grep.py +401 -0
- package/src/apothem/conformity/reference_token_grep.py +230 -0
- package/src/apothem/conformity/registry_capability_consistency_grep.py +368 -0
- package/src/apothem/conformity/secret_leak_grep.py +193 -0
- package/src/apothem/conformity/semver_stability_grep.py +358 -0
- package/src/apothem/conformity/smoke_install_grep.py +194 -0
- package/src/apothem/conformity/static_version_grep.py +284 -0
- package/src/apothem/conformity/token_efficiency_grep.py +185 -0
- package/src/apothem/conformity/unpinned_action_grep.py +115 -0
- package/src/apothem/conformity/user_confirm_grep.py +74 -0
- package/src/apothem/conformity/workflow_concurrency_grep.py +283 -0
- package/src/apothem/harnesses/README.md +63 -0
- package/src/apothem/harnesses/__init__.py +16 -0
- package/src/apothem/harnesses/_shared/README.md +36 -0
- package/src/apothem/harnesses/_shared/__init__.py +12 -0
- package/src/apothem/harnesses/_shared/install_driver.py +281 -0
- package/src/apothem/harnesses/_shared/install_driver_apply.py +612 -0
- package/src/apothem/harnesses/_shared/install_driver_backup.py +535 -0
- package/src/apothem/harnesses/_shared/install_driver_converters.py +310 -0
- package/src/apothem/harnesses/_shared/install_driver_lifecycle.py +495 -0
- package/src/apothem/harnesses/_shared/install_driver_materialize.py +675 -0
- package/src/apothem/harnesses/_shared/install_driver_merge.py +656 -0
- package/src/apothem/harnesses/_shared/install_driver_pathsafety.py +137 -0
- package/src/apothem/harnesses/_shared/install_driver_planvalidation.py +240 -0
- package/src/apothem/harnesses/_shared/install_driver_removal.py +366 -0
- package/src/apothem/harnesses/_shared/install_driver_treeops.py +248 -0
- package/src/apothem/harnesses/_shared/install_driver_types.py +330 -0
- package/src/apothem/harnesses/_shared/wrapper_factories.py +448 -0
- package/src/apothem/harnesses/antigravity/STANDARD-CONVENTION-PIN.md +91 -0
- package/src/apothem/harnesses/antigravity/__init__.py +70 -0
- package/src/apothem/harnesses/antigravity/capabilities.yml +40 -0
- package/src/apothem/harnesses/antigravity/install.py +63 -0
- package/src/apothem/harnesses/antigravity/templates/GEMINI.md +40 -0
- package/src/apothem/harnesses/antigravity/templates/plugin.json +5 -0
- package/src/apothem/harnesses/antigravity/uninstall.py +22 -0
- package/src/apothem/harnesses/antigravity/update.py +10 -0
- package/src/apothem/harnesses/antigravity/verify.py +11 -0
- package/src/apothem/harnesses/claude_code/STANDARD-CONVENTION-PIN.md +65 -0
- package/src/apothem/harnesses/claude_code/__init__.py +107 -0
- package/src/apothem/harnesses/claude_code/capabilities.yml +42 -0
- package/src/apothem/harnesses/claude_code/install.py +147 -0
- package/src/apothem/harnesses/claude_code/templates/settings.json +351 -0
- package/src/apothem/harnesses/claude_code/uninstall.py +23 -0
- package/src/apothem/harnesses/claude_code/update.py +10 -0
- package/src/apothem/harnesses/claude_code/verify.py +11 -0
- package/src/apothem/harnesses/codebuddy/STANDARD-CONVENTION-PIN.md +74 -0
- package/src/apothem/harnesses/codebuddy/__init__.py +49 -0
- package/src/apothem/harnesses/codebuddy/capabilities.yml +34 -0
- package/src/apothem/harnesses/codebuddy/install.py +40 -0
- package/src/apothem/harnesses/codebuddy/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/codebuddy/uninstall.py +25 -0
- package/src/apothem/harnesses/codebuddy/update.py +10 -0
- package/src/apothem/harnesses/codebuddy/verify.py +11 -0
- package/src/apothem/harnesses/codex/STANDARD-CONVENTION-PIN.md +79 -0
- package/src/apothem/harnesses/codex/__init__.py +72 -0
- package/src/apothem/harnesses/codex/capabilities.yml +40 -0
- package/src/apothem/harnesses/codex/install.py +69 -0
- package/src/apothem/harnesses/codex/templates/AGENTS.md +40 -0
- package/src/apothem/harnesses/codex/templates/hooks.json +127 -0
- package/src/apothem/harnesses/codex/uninstall.py +23 -0
- package/src/apothem/harnesses/codex/update.py +10 -0
- package/src/apothem/harnesses/codex/verify.py +11 -0
- package/src/apothem/harnesses/cursor/STANDARD-CONVENTION-PIN.md +79 -0
- package/src/apothem/harnesses/cursor/__init__.py +48 -0
- package/src/apothem/harnesses/cursor/capabilities.yml +42 -0
- package/src/apothem/harnesses/cursor/install.py +38 -0
- package/src/apothem/harnesses/cursor/templates/apothem-rules.mdc +40 -0
- package/src/apothem/harnesses/cursor/uninstall.py +25 -0
- package/src/apothem/harnesses/cursor/update.py +10 -0
- package/src/apothem/harnesses/cursor/verify.py +11 -0
- package/src/apothem/harnesses/gemini_cli/STANDARD-CONVENTION-PIN.md +102 -0
- package/src/apothem/harnesses/gemini_cli/__init__.py +52 -0
- package/src/apothem/harnesses/gemini_cli/capabilities.yml +43 -0
- package/src/apothem/harnesses/gemini_cli/install.py +43 -0
- package/src/apothem/harnesses/gemini_cli/templates/GEMINI.md +38 -0
- package/src/apothem/harnesses/gemini_cli/uninstall.py +25 -0
- package/src/apothem/harnesses/gemini_cli/update.py +10 -0
- package/src/apothem/harnesses/gemini_cli/verify.py +11 -0
- package/src/apothem/harnesses/github_copilot/STANDARD-CONVENTION-PIN.md +84 -0
- package/src/apothem/harnesses/github_copilot/__init__.py +47 -0
- package/src/apothem/harnesses/github_copilot/capabilities.yml +42 -0
- package/src/apothem/harnesses/github_copilot/install.py +40 -0
- package/src/apothem/harnesses/github_copilot/templates/copilot-instructions.md +33 -0
- package/src/apothem/harnesses/github_copilot/uninstall.py +25 -0
- package/src/apothem/harnesses/github_copilot/update.py +10 -0
- package/src/apothem/harnesses/github_copilot/verify.py +11 -0
- package/src/apothem/harnesses/glm/STANDARD-CONVENTION-PIN.md +77 -0
- package/src/apothem/harnesses/glm/__init__.py +56 -0
- package/src/apothem/harnesses/glm/capabilities.yml +33 -0
- package/src/apothem/harnesses/glm/install.py +45 -0
- package/src/apothem/harnesses/glm/templates/glm.toml +58 -0
- package/src/apothem/harnesses/glm/uninstall.py +25 -0
- package/src/apothem/harnesses/glm/update.py +10 -0
- package/src/apothem/harnesses/glm/verify.py +11 -0
- package/src/apothem/harnesses/hermes/STANDARD-CONVENTION-PIN.md +57 -0
- package/src/apothem/harnesses/hermes/__init__.py +33 -0
- package/src/apothem/harnesses/hermes/capabilities.yml +36 -0
- package/src/apothem/harnesses/hermes/install.py +17 -0
- package/src/apothem/harnesses/hermes/materializer.py +35 -0
- package/src/apothem/harnesses/hermes/uninstall.py +33 -0
- package/src/apothem/harnesses/hermes/update.py +10 -0
- package/src/apothem/harnesses/hermes/verify.py +11 -0
- package/src/apothem/harnesses/kimi_code/STANDARD-CONVENTION-PIN.md +128 -0
- package/src/apothem/harnesses/kimi_code/__init__.py +59 -0
- package/src/apothem/harnesses/kimi_code/capabilities.yml +40 -0
- package/src/apothem/harnesses/kimi_code/install.py +42 -0
- package/src/apothem/harnesses/kimi_code/templates/AGENTS.md +43 -0
- package/src/apothem/harnesses/kimi_code/uninstall.py +27 -0
- package/src/apothem/harnesses/kimi_code/update.py +10 -0
- package/src/apothem/harnesses/kimi_code/verify.py +11 -0
- package/src/apothem/harnesses/kiro/STANDARD-CONVENTION-PIN.md +77 -0
- package/src/apothem/harnesses/kiro/__init__.py +49 -0
- package/src/apothem/harnesses/kiro/capabilities.yml +36 -0
- package/src/apothem/harnesses/kiro/install.py +39 -0
- package/src/apothem/harnesses/kiro/templates/apothem-rules.md +36 -0
- package/src/apothem/harnesses/kiro/uninstall.py +25 -0
- package/src/apothem/harnesses/kiro/update.py +10 -0
- package/src/apothem/harnesses/kiro/verify.py +11 -0
- package/src/apothem/harnesses/open_claw/STANDARD-CONVENTION-PIN.md +62 -0
- package/src/apothem/harnesses/open_claw/__init__.py +35 -0
- package/src/apothem/harnesses/open_claw/capabilities.yml +35 -0
- package/src/apothem/harnesses/open_claw/install.py +17 -0
- package/src/apothem/harnesses/open_claw/materializer.py +36 -0
- package/src/apothem/harnesses/open_claw/uninstall.py +32 -0
- package/src/apothem/harnesses/open_claw/update.py +10 -0
- package/src/apothem/harnesses/open_claw/verify.py +11 -0
- package/src/apothem/harnesses/opencode/STANDARD-CONVENTION-PIN.md +76 -0
- package/src/apothem/harnesses/opencode/__init__.py +35 -0
- package/src/apothem/harnesses/opencode/capabilities.yml +43 -0
- package/src/apothem/harnesses/opencode/install.py +17 -0
- package/src/apothem/harnesses/opencode/materializer.py +31 -0
- package/src/apothem/harnesses/opencode/uninstall.py +34 -0
- package/src/apothem/harnesses/opencode/update.py +10 -0
- package/src/apothem/harnesses/opencode/verify.py +11 -0
- package/src/apothem/harnesses/qwen_code/STANDARD-CONVENTION-PIN.md +87 -0
- package/src/apothem/harnesses/qwen_code/__init__.py +37 -0
- package/src/apothem/harnesses/qwen_code/capabilities.yml +43 -0
- package/src/apothem/harnesses/qwen_code/install.py +19 -0
- package/src/apothem/harnesses/qwen_code/materializer.py +174 -0
- package/src/apothem/harnesses/qwen_code/templates/QWEN.md +30 -0
- package/src/apothem/harnesses/qwen_code/uninstall.py +34 -0
- package/src/apothem/harnesses/qwen_code/update.py +10 -0
- package/src/apothem/harnesses/qwen_code/verify.py +11 -0
- package/src/apothem/harnesses/trae/STANDARD-CONVENTION-PIN.md +70 -0
- package/src/apothem/harnesses/trae/__init__.py +49 -0
- package/src/apothem/harnesses/trae/capabilities.yml +34 -0
- package/src/apothem/harnesses/trae/install.py +38 -0
- package/src/apothem/harnesses/trae/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/trae/uninstall.py +25 -0
- package/src/apothem/harnesses/trae/update.py +10 -0
- package/src/apothem/harnesses/trae/verify.py +11 -0
- package/src/apothem/harnesses/windsurf/STANDARD-CONVENTION-PIN.md +91 -0
- package/src/apothem/harnesses/windsurf/__init__.py +52 -0
- package/src/apothem/harnesses/windsurf/capabilities.yml +40 -0
- package/src/apothem/harnesses/windsurf/install.py +41 -0
- package/src/apothem/harnesses/windsurf/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/windsurf/uninstall.py +25 -0
- package/src/apothem/harnesses/windsurf/update.py +10 -0
- package/src/apothem/harnesses/windsurf/verify.py +11 -0
- package/src/apothem/harnesses/zed/STANDARD-CONVENTION-PIN.md +92 -0
- package/src/apothem/harnesses/zed/__init__.py +57 -0
- package/src/apothem/harnesses/zed/capabilities.yml +38 -0
- package/src/apothem/harnesses/zed/install.py +41 -0
- package/src/apothem/harnesses/zed/templates/apothem-rules.md +32 -0
- package/src/apothem/harnesses/zed/uninstall.py +28 -0
- package/src/apothem/harnesses/zed/update.py +10 -0
- package/src/apothem/harnesses/zed/verify.py +11 -0
- package/src/apothem/hooks/README.md +81 -0
- package/src/apothem/hooks/__init__.py +24 -0
- package/src/apothem/hooks/askuserquestion_validator.py +380 -0
- package/src/apothem/hooks/dispatch.py +296 -0
- package/src/apothem/hooks/emit_hook_context.py +444 -0
- package/src/apothem/hooks/hooks.json +318 -0
- package/src/apothem/hooks/lib/README.md +39 -0
- package/src/apothem/hooks/lib/__init__.py +18 -0
- package/src/apothem/hooks/lib/bootstrap.ps1 +129 -0
- package/src/apothem/hooks/lib/bootstrap.sh +103 -0
- package/src/apothem/hooks/lib/events.py +51 -0
- package/src/apothem/hooks/lib/find-pwsh.ps1 +78 -0
- package/src/apothem/hooks/lib/find-pwsh.sh +76 -0
- package/src/apothem/hooks/lib/find-python.ps1 +63 -0
- package/src/apothem/hooks/lib/find-python.sh +97 -0
- package/src/apothem/hooks/lib/log.py +43 -0
- package/src/apothem/hooks/lib/resolve_root.py +264 -0
- package/src/apothem/hooks/messages/postcompact.md +14 -0
- package/src/apothem/hooks/messages/posttooluse-proactive-compaction.md +46 -0
- package/src/apothem/hooks/messages/precompact.md +14 -0
- package/src/apothem/hooks/messages/pretooluse-askuserquestion-recommended.md +65 -0
- package/src/apothem/hooks/messages/pretooluse-bash-plan-guard.md +97 -0
- package/src/apothem/hooks/messages/pretooluse-bash.md +39 -0
- package/src/apothem/hooks/messages/pretooluse-conformity.md +70 -0
- package/src/apothem/hooks/messages/pretooluse-dependency-guard.md +21 -0
- package/src/apothem/hooks/messages/pretooluse-edit-header-guard.md +61 -0
- package/src/apothem/hooks/messages/pretooluse-edit.md +21 -0
- package/src/apothem/hooks/messages/pretooluse-eval-guard.md +39 -0
- package/src/apothem/hooks/messages/pretooluse-notebookedit.md +11 -0
- package/src/apothem/hooks/messages/pretooluse-write-header-guard.md +45 -0
- package/src/apothem/hooks/messages/pretooluse-write-plan-guard.md +72 -0
- package/src/apothem/hooks/messages/pretooluse-write.md +21 -0
- package/src/apothem/hooks/messages/sessionstart.md +15 -0
- package/src/apothem/hooks/messages/stop.md +27 -0
- package/src/apothem/hooks/proactive_compaction_tracker.py +327 -0
- package/src/apothem/hooks/session_start_bootstrap.py +472 -0
- package/src/apothem/lib/README.md +42 -0
- package/src/apothem/lib/__init__.py +13 -0
- package/src/apothem/lib/atomic_io.py +189 -0
- package/src/apothem/lib/auditor.py +687 -0
- package/src/apothem/lib/clean_slate.py +396 -0
- package/src/apothem/lib/contexts.py +352 -0
- package/src/apothem/lib/data_home.py +255 -0
- package/src/apothem/lib/frontmatter.py +101 -0
- package/src/apothem/lib/harness_materializer.py +213 -0
- package/src/apothem/lib/harness_protocol.py +59 -0
- package/src/apothem/lib/harness_registry.py +282 -0
- package/src/apothem/lib/harness_registry_data.py +843 -0
- package/src/apothem/lib/install_ledger.py +347 -0
- package/src/apothem/lib/learning.py +540 -0
- package/src/apothem/lib/memory.py +347 -0
- package/src/apothem/lib/parallel_sweep.py +234 -0
- package/src/apothem/lib/plan_tiers.py +200 -0
- package/src/apothem/lib/plugin_bootstrap.py +132 -0
- package/src/apothem/lib/plugin_tree.py +599 -0
- package/src/apothem/lib/profile.py +755 -0
- package/src/apothem/lib/profile_projection.py +198 -0
- package/src/apothem/lib/propagation-manifest.yaml +878 -0
- package/src/apothem/lib/propagation.py +220 -0
- package/src/apothem/lib/python_resolver.py +189 -0
- package/src/apothem/lib/reporter.py +62 -0
- package/src/apothem/lib/workspace_migration.py +323 -0
- package/src/apothem/output-styles/README.md +41 -0
- package/src/apothem/output-styles/concise-engineer.md +49 -0
- package/src/apothem/output-styles/default-architect.md +52 -0
- package/src/apothem/output-styles/default.md +113 -0
- package/src/apothem/output-styles/forensic-auditor.md +63 -0
- package/src/apothem/py.typed +0 -0
- package/src/apothem/rules/README.md +121 -0
- package/src/apothem/rules/agent-capability-discipline-matrix.md +89 -0
- package/src/apothem/rules/agent-capability-discipline.md +78 -0
- package/src/apothem/rules/agent-orchestration-patterns.md +144 -0
- package/src/apothem/rules/agent-orchestration.md +65 -0
- package/src/apothem/rules/agents-md-convention.md +86 -0
- package/src/apothem/rules/agile-sprints-elements.md +135 -0
- package/src/apothem/rules/agile-sprints.md +64 -0
- package/src/apothem/rules/agnostic-posture-checklist.md +47 -0
- package/src/apothem/rules/agnostic-posture.md +48 -0
- package/src/apothem/rules/authoritative-referencing-quotation.md +50 -0
- package/src/apothem/rules/authoritative-referencing.md +66 -0
- package/src/apothem/rules/authority-inquiry-categories.md +58 -0
- package/src/apothem/rules/authority-inquiry.md +54 -0
- package/src/apothem/rules/auto-memory-topic-files.md +86 -0
- package/src/apothem/rules/auto-memory.md +67 -0
- package/src/apothem/rules/bidirectional-binding.md +123 -0
- package/src/apothem/rules/canonical-layout-reporting-tiers.md +212 -0
- package/src/apothem/rules/canonical-layout.md +60 -0
- package/src/apothem/rules/clean-architecture-layers.md +186 -0
- package/src/apothem/rules/clean-room-generation-protocols.md +124 -0
- package/src/apothem/rules/clean-room-generation.md +59 -0
- package/src/apothem/rules/code-craft-conventions.md +101 -0
- package/src/apothem/rules/code-craft-markdown.md +138 -0
- package/src/apothem/rules/code-craft-python.md +154 -0
- package/src/apothem/rules/code-craft-shell.md +192 -0
- package/src/apothem/rules/cognitive-identity-techniques.md +180 -0
- package/src/apothem/rules/cognitive-identity.md +81 -0
- package/src/apothem/rules/context-management-budget.md +46 -0
- package/src/apothem/rules/context-management-protocol.md +161 -0
- package/src/apothem/rules/context-management-scratch.md +128 -0
- package/src/apothem/rules/context-management.md +85 -0
- package/src/apothem/rules/definitiveness-virtues.md +67 -0
- package/src/apothem/rules/definitiveness.md +58 -0
- package/src/apothem/rules/determinism.md +81 -0
- package/src/apothem/rules/disclosure-ledger-markers.md +58 -0
- package/src/apothem/rules/disclosure-ledger.md +52 -0
- package/src/apothem/rules/dynamism.md +38 -0
- package/src/apothem/rules/etc-extension.md +57 -0
- package/src/apothem/rules/expertise-posture-elements.md +68 -0
- package/src/apothem/rules/expertise-posture.md +54 -0
- package/src/apothem/rules/freshness-facade.md +64 -0
- package/src/apothem/rules/harness-adapter-shape-schemas.md +162 -0
- package/src/apothem/rules/harness-adapter-shape.md +42 -0
- package/src/apothem/rules/host-discovery-manifests.md +50 -0
- package/src/apothem/rules/host-discovery.md +56 -0
- package/src/apothem/rules/i18n-discipline-locale-cohorts.md +120 -0
- package/src/apothem/rules/i18n-discipline.md +70 -0
- package/src/apothem/rules/interactive-questions-canonical-shapes.md +590 -0
- package/src/apothem/rules/interactive-questions-detail.md +41 -0
- package/src/apothem/rules/interactive-questions-sweep-matchers.md +184 -0
- package/src/apothem/rules/interactive-questions.md +89 -0
- package/src/apothem/rules/large-file-generation.md +112 -0
- package/src/apothem/rules/large-file-reading.md +59 -0
- package/src/apothem/rules/living-docs.md +85 -0
- package/src/apothem/rules/multi-agent-workflow.md +57 -0
- package/src/apothem/rules/operational-mandates-expanded.md +78 -0
- package/src/apothem/rules/operational-mandates.md +88 -0
- package/src/apothem/rules/option-annotation-form.md +60 -0
- package/src/apothem/rules/option-annotation.md +45 -0
- package/src/apothem/rules/own-voice-reimplementation.md +86 -0
- package/src/apothem/rules/performance-discipline.md +91 -0
- package/src/apothem/rules/persistent-conventions-vigilance-checklist.md +54 -0
- package/src/apothem/rules/persistent-conventions-vigilance.md +61 -0
- package/src/apothem/rules/plain-language.md +56 -0
- package/src/apothem/rules/planning-techniques.md +130 -0
- package/src/apothem/rules/pre-emission-gate-bars.md +86 -0
- package/src/apothem/rules/pre-emission-gate.md +54 -0
- package/src/apothem/rules/production-ready-prs-surfaces.md +162 -0
- package/src/apothem/rules/production-ready-prs.md +83 -0
- package/src/apothem/rules/propagation.md +63 -0
- package/src/apothem/rules/recommend-next-step.md +106 -0
- package/src/apothem/rules/refactoring-discipline.md +76 -0
- package/src/apothem/rules/session-closure.md +44 -0
- package/src/apothem/rules/sota-elevation-exemplars.md +76 -0
- package/src/apothem/rules/sota-elevation.md +52 -0
- package/src/apothem/rules/source-accessibility.md +58 -0
- package/src/apothem/rules/surgical-manipulation.md +48 -0
- package/src/apothem/rules/systemic-participation-relations.md +108 -0
- package/src/apothem/rules/systemic-participation.md +70 -0
- package/src/apothem/rules/ten-dimension-check-dimensions.md +52 -0
- package/src/apothem/rules/ten-dimension-check.md +59 -0
- package/src/apothem/rules/token-budget-discipline.md +81 -0
- package/src/apothem/rules/token-efficiency-rewrite-protocol.md +79 -0
- package/src/apothem/rules/token-efficiency-rewrite.md +77 -0
- package/src/apothem/rules/tool-use-discipline.md +48 -0
- package/src/apothem/rules/visual-leverage.md +102 -0
- package/src/apothem/schemas/NOTICE.md +9 -0
- package/src/apothem/schemas/README.md +104 -0
- package/src/apothem/schemas/__init__.py +176 -0
- package/src/apothem/schemas/advisory-finding.schema.json +111 -0
- package/src/apothem/schemas/agent.schema.json +106 -0
- package/src/apothem/schemas/authorship-header.txt +1 -0
- package/src/apothem/schemas/cohort-manifest.yaml +248 -0
- package/src/apothem/schemas/cohort-metadata-vocabulary.yaml +168 -0
- package/src/apothem/schemas/cohort.schema.json +113 -0
- package/src/apothem/schemas/command.schema.json +68 -0
- package/src/apothem/schemas/compatibility-matrix.yaml +432 -0
- package/src/apothem/schemas/context-fragment.schema.json +64 -0
- package/src/apothem/schemas/freshness-token-denylist.txt +51 -0
- package/src/apothem/schemas/handoff-manifest.yaml +353 -0
- package/src/apothem/schemas/header-exceptions.txt +141 -0
- package/src/apothem/schemas/header-visibility.yaml +39 -0
- package/src/apothem/schemas/learning-signal.schema.json +46 -0
- package/src/apothem/schemas/memory-record.schema.json +61 -0
- package/src/apothem/schemas/output-style.schema.json +40 -0
- package/src/apothem/schemas/plan.schema.json +51 -0
- package/src/apothem/schemas/plugin.schema.json +83 -0
- package/src/apothem/schemas/profile.example.yaml +70 -0
- package/src/apothem/schemas/profile.minimal.yaml +6 -0
- package/src/apothem/schemas/profile.schema.json +396 -0
- package/src/apothem/schemas/reference-token-denylist.txt +25 -0
- package/src/apothem/schemas/skill.schema.json +75 -0
- package/src/apothem/skills/README.md +93 -0
- package/src/apothem/skills/dependency-upgrade/SKILL.md +105 -0
- package/src/apothem/skills/dev-toolkit/SKILL.md +120 -0
- package/src/apothem/skills/diagram-authoring/SKILL.md +113 -0
- package/src/apothem/skills/document-authoring/SKILL.md +118 -0
- package/src/apothem/skills/ecosystem-audit/SKILL.md +108 -0
- package/src/apothem/skills/ecosystem-audit/references/audit-fortress.md +85 -0
- package/src/apothem/skills/ecosystem-audit/references/procedure.md +162 -0
- package/src/apothem/skills/eval-harness/SKILL.md +88 -0
- package/src/apothem/skills/incident-runbook/SKILL.md +92 -0
- package/src/apothem/skills/multi-source-research/SKILL.md +90 -0
- package/src/apothem/skills/plan-suite/SKILL.md +118 -0
- package/src/apothem/skills/plan-suite/master_template.md +1324 -0
- package/src/apothem/skills/projectify/SKILL.md +117 -0
- package/src/apothem/skills/prompt-engineering/SKILL.md +122 -0
- package/src/apothem/skills/refactor-extract/SKILL.md +85 -0
- package/src/apothem/skills/research-suite/SKILL.md +170 -0
- package/src/apothem/skills/research-suite/references/directory-structure.md +47 -0
- package/src/apothem/skills/research-suite/references/lifecycle.md +67 -0
- package/src/apothem/skills/research-suite/references/principal-investigator-framework.md +37 -0
- package/src/apothem/skills/research-suite/references/rigor-mandates.md +30 -0
- package/src/apothem/skills/research-suite/research_template.md +476 -0
- package/src/apothem/skills/secret-rotation/SKILL.md +87 -0
- package/src/apothem/skills/source-synthesis/SKILL.md +92 -0
- package/src/apothem/skills/surgical-guard/SKILL.md +118 -0
- package/src/apothem/skills/test-authoring/SKILL.md +85 -0
- package/src/apothem/skills/vuln-triage/SKILL.md +91 -0
- package/src/apothem/skills/workflow/SKILL.md +139 -0
- package/src/apothem/statuslines/README.md +26 -0
- package/src/apothem/statuslines/__init__.py +20 -0
- package/src/apothem/statuslines/conformity.json +5 -0
- package/src/apothem/statuslines/render.py +334 -0
- package/src/apothem/statuslines/statusline.md +50 -0
- package/src/apothem/templates/README.md +43 -0
- package/src/apothem/templates/agents-md-template.md +80 -0
- package/src/apothem/templates/consideration-log.md +39 -0
- package/src/apothem/templates/expertise-gap-log.md +56 -0
- package/src/apothem/templates/master-index-template.md +93 -0
- package/src/apothem/templates/potency-map.md +53 -0
- package/src/apothem/templates/preservation-audit.md +60 -0
- package/src/apothem/templates/question-resolution-audit.md +52 -0
- package/src/apothem/templates/trace-matrix-template.md +77 -0
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "dependency-audit"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-10"
|
|
5
|
+
description: "Operator-driven per-dependency audit pass (direct + transitive). Walks every dependency declared in the repository's manifest files (pyproject.toml, package.json, Cargo.toml, go.mod, Gemfile, etc.) plus their resolved lockfile entries and emits per-dependency findings covering license compatibility, CVE status, deprecation status, replacement recommendation, transitive depth, pinned-vs-range posture, and security-relevant identification. Tooling: pip-audit + safety + osv-scanner + configured dependency-update automation insights. Output lands at the consuming suite's _inputs/dependency-audit-findings.md with HIGH / MEDIUM / LOW severity triage and concrete-driver rationale per finding."
|
|
6
|
+
argument-hint: "[path/to/repo/] [--focus MANIFEST_OR_DEP] [--dry-run]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /dependency-audit — Per-Dependency Audit (Direct + Transitive)
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are the user's **Supply-Chain Engineer** and **Cognitive Insurgent** (`rules/cognitive-identity.md`), the **auditor-as-instrument-not-author**. This is a read-only forensic surface: it names CVE exposure, license incompatibility, deprecation creep, and unpinned-production-dependency risk against the host's ratified dependency policy — it never writes the fix.
|
|
21
|
+
|
|
22
|
+
- **Cognitive filters** per `rules/cognitive-identity.md` §2 — Obvious Purge and Aesthetic Demand on every severity call.
|
|
23
|
+
- **Seven-axs attestation** per §1: **Security and Tooling lead** — the lockfile and advisory feed drive each finding.
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
## Instructions
|
|
28
|
+
|
|
29
|
+
Execute `/dependency-audit`: ingest the repository's manifests plus their resolved lockfile entries, walk every direct and transitive dependency, apply CVE scanning + license analysis + deprecation detection + transitive-depth analysis, and emit a per-dependency findings artifact at the consuming suite's `_inputs/dependency-audit-findings.md` ready for remediation.
|
|
30
|
+
|
|
31
|
+
Governance scales with seriousness per the seriousness-scaling discipline; creative architecture (CM-21) is active throughout.
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## Pipeline Contract
|
|
36
|
+
|
|
37
|
+
**Pipeline position.** **Terminal review-fortress command.** This command sits at the dependency-fortress slot of the audit-fortress sequence. It consumes the repository's manifest + lockfile state and emits the findings artifact downstream remediation cycles consume. The command does not modify source; the findings are read-only diagnostics.
|
|
38
|
+
|
|
39
|
+
**Audit-fortress sequence position.** **Upstream:** `/docs-review`. **Downstream:** `/supply-chain-audit`. Position 9 of 11 in the canonical audit-fortress linear sequence (`/code-review → /code-audit → /security-audit → /perf-audit → /architecture-review → /ux-review → /a11y-audit → /docs-review → /dependency-audit → /supply-chain-audit → /threat-model-audit`).
|
|
40
|
+
|
|
41
|
+
**Handoff Manifest.**
|
|
42
|
+
|
|
43
|
+
- **Consumed.** The repository's manifest tree (`pyproject.toml`, `setup.cfg`, `requirements*.txt`, `Pipfile`, `package.json`, `Cargo.toml`, `go.mod`, `Gemfile`, etc.) plus their resolved lockfile siblings (`uv.lock`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `Cargo.lock`, `go.sum`, `Gemfile.lock`). No upstream manifest is required; the command operates against the on-disk state. When the consuming suite carries a Handoff Manifest at `_inputs/handoff-manifest.yml`, the prior fortress-phase attestations are read as context but do not gate execution.
|
|
44
|
+
- **Emitted.** The findings artifact at `_inputs/dependency-audit-findings.md` plus an optional Handoff Manifest augmentation with the per-dependency finding count, the per-severity breakdown, the CVE inventory, the license-compatibility matrix, the per-axis attestation against the seven-axs-of-breadth taxonomy, and the audit's `verified:` date.
|
|
45
|
+
|
|
46
|
+
**Pre-flight inquiry set.** Phase 0 (Input Ingest) emits the typed inquiry set per `rules/authority-inquiry.md` when the manifest shape is ambiguous (e.g., the host has manifests for multiple languages, the lockfiles are out of sync with the manifests, the host's accepted-license list is undeclared). Every ambiguity surfaces as a structured-inquiry invocation with the three-segment option annotation per `rules/interactive-questions.md` §3.
|
|
47
|
+
|
|
48
|
+
**Pre-emission gate.** Phase 4 (Validation Gate) runs the fifteen-bar pre-emission gate per `rules/pre-emission-gate.md` against the candidate findings artifact before promotion. The gate attestation block is recorded inside the emitted findings artifact. Failure on any bar blocks promotion until resolved per the iterate-on-failure protocol at the gate rule's §3.
|
|
49
|
+
|
|
50
|
+
### Inquiry Cadence (D4)
|
|
51
|
+
|
|
52
|
+
This command operates at **maximal structured-inquiry saturation**. Every severity ratification (HIGH / MEDIUM / LOW), every CVSS-score borderline call (e.g., CVSS 6.9 vs. the 7.0 HIGH floor), every license-compatibility call on dual-licensed or relicensed dependencies, every axis-attestation gap, and every gate-bar `n/a (with reason)` marking routes through the canonical channel per `rules/interactive-questions.md` §1 (free-form prose questions as primary input are forbidden). Every invocation carries the three-segment body per §3 (`rationale:` / `recommendation:` / `default-pointer:`); every non-neutral `recommendation:` cites a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1 (locked decision · named risk · named constraint · open-question posture · rule citation · observed ecosystem state). Up to four questions may batch per invocation. **Question-fatigue-optimization is FORBIDDEN.**
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## Foundational Stanzas
|
|
57
|
+
|
|
58
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
59
|
+
|
|
60
|
+
### Refusal & Escalation
|
|
61
|
+
|
|
62
|
+
REFUSE any task whose scope exceeds this command's stated mission (producing the per-dependency findings artifact for a deployed repository). Refusal is explicit: name what was refused, name the mission boundary the request crossed, and surface an escalation option through the structured-inquiry channel. REFUSE audit against a repository whose lockfiles are missing or stale (the transitive graph cannot be deterministically walked without lockfiles). REFUSE authoring remediation patches — the command's surface is diagnostic only; remediation routes through `/plan-execute` or operator-initiated edits.
|
|
63
|
+
|
|
64
|
+
### Output Surface
|
|
65
|
+
|
|
66
|
+
The findings artifact lands at the consuming suite's `_inputs/dependency-audit-findings.md` per the suite-locality invariant at `rules/context-management.md` §2.6.1. Plan-internal files are banner-exempt per the `.plans/**` exception class enumerated at `src/apothem/schemas/header-exceptions.txt`; the injector at `scripts/inject-header.{sh,py}` is therefore NOT invoked on emission. NEVER write the findings artifact outside the suite folder; NEVER write to a global plans directory under any harness's config root from a downstream-project context; NEVER write to any other global-ecosystem location; NEVER modify any manifest or lockfile — the command is read-only against the repository.
|
|
67
|
+
|
|
68
|
+
### File-Authoring Contract
|
|
69
|
+
|
|
70
|
+
The findings artifact is banner-exempt per the `.plans/**` exception class. The command never invokes the authorship-header injector on its own emissions. When a finding cites a manifest entry, the citation is documentary (`manifest:line`); the underlying manifest is never written by this command.
|
|
71
|
+
|
|
72
|
+
### Structured Inquiry on Ambiguity
|
|
73
|
+
|
|
74
|
+
When uncertain about manifest scope, focus boundary, severity assignment on borderline CVSS / license / deprecation findings, or axis-of-attention attestation on multi-axis findings, route the resolution through the structured-inquiry channel with the three-segment option annotation per `rules/interactive-questions.md` §3. Free-form prose questions as primary input are forbidden. NEVER fabricate findings — every finding cites a concrete `manifest:line` or `package@version` plus the detecting tool (pip-audit advisory ID, safety CVE ID, osv-scanner GHSA / CVE).
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## Inputs
|
|
79
|
+
|
|
80
|
+
| Argument | Type | Required | Description |
|
|
81
|
+
| -------- | ---- | -------- | ----------- |
|
|
82
|
+
| `path/to/repo/` | Path | Yes | Root directory of the deployed repository. MUST contain at least one manifest file resolvable as a dependency declaration (`pyproject.toml`, `package.json`, `Cargo.toml`, `go.mod`, `Gemfile`, or sibling languages). The command refuses execution when none resolves. |
|
|
83
|
+
| `--focus MANIFEST_OR_DEP` | String | No | Restrict the per-dependency walk to a single manifest file (path) OR a single dependency name (package). Useful when triaging a single transitive chain incrementally. |
|
|
84
|
+
| `--dry-run` | Flag | No | Analyze what would be audited and report — no findings artifact emitted. The dry-run output enumerates the manifest count, the resolved dependency-graph node count per language, the per-tool invocation plan, and any pre-flight inquiries that would fire without committing the artifact. |
|
|
85
|
+
|
|
86
|
+
---
|
|
87
|
+
|
|
88
|
+
## Workflow — Five Transformation Phases
|
|
89
|
+
|
|
90
|
+
**Scan delegation.** The dependency-tree scan this workflow performs is owned by sibling capabilities; the command orchestrates them into a per-dependency findings artifact with license + deprecation coverage rather than re-implementing the detectors:
|
|
91
|
+
|
|
92
|
+
- **Dependency-tree risk scan → `agents/dependency-auditor.md`.** The read-only ecosystem-detection + four-risk-class walk (known-vulnerable · unpinned · duplicate · stale) across npm / pip / cargo / go is the dependency-auditor agent's owned surface. Phase 1's per-dependency walk dispatches that scan and consumes its risk-ranked table; the command deepens the agent's first-pass with the license-compatibility and deprecation analyses the agent does not carry, and emits the validation-gate-attested artifact.
|
|
93
|
+
- **CVE disposition → `skills/vuln-triage`.** Each known-vulnerable finding routes its severity-classify-and-remediation-route disposition (the seven-field triage record) to the vuln-triage skill; the command records the routed band per finding and does not re-publish CVSS or re-solve the dependency graph.
|
|
94
|
+
- **Upgrade remediation → `skills/dependency-upgrade`.** A finding whose remediation is an audited version bump routes its remediation to the dependency-upgrade skill (changelog-reviewed, pinned, gate-verified); the command names the routed owner per finding and never authors the bump inline.
|
|
95
|
+
|
|
96
|
+
### Phase 0 — Input Ingest
|
|
97
|
+
|
|
98
|
+
Read the manifest tree and lockfiles in full. Deploy a Research Team (CM-25A) for parallel ingest — one agent per language ecosystem present (Python / JavaScript / Rust / Go / Ruby / …). Each returns a structured dependency inventory ≤ 500 tokens (CM-25C) with required fields `status` · `manifest-list` · `dependency-count` · `transitive-depth-distribution` · `gaps`.
|
|
99
|
+
|
|
100
|
+
**Required reads.**
|
|
101
|
+
|
|
102
|
+
- **Every manifest** under the root (`pyproject.toml`, `setup.cfg`, `requirements*.txt`, `Pipfile`, `package.json`, `Cargo.toml`, `go.mod`, `Gemfile`, …) per `rules/host-discovery-manifests.md` §1.
|
|
103
|
+
- **Every lockfile sibling** (`uv.lock`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `Cargo.lock`, `go.sum`, `Gemfile.lock`) — the lockfile is the authoritative resolution; the manifest declares ranges the lockfile pins.
|
|
104
|
+
- **The host's ratified accepted-license list** (when present in a project policy file, `REUSE.toml`, or `pyproject.toml` `[tool.<linter>]`).
|
|
105
|
+
|
|
106
|
+
**Externalise** a working inventory at the suite's `_inputs/dependency-audit-inventory.md` (free-form scratch per `rules/context-management-scratch.md` §1): per-language ecosystem count, per-manifest declared dependency count, lockfile resolution count, transitive-depth histogram, and any `--focus` narrowing.
|
|
107
|
+
|
|
108
|
+
### Phase 1 — Per-Dependency Walk
|
|
109
|
+
|
|
110
|
+
Dispatch the `agents/dependency-auditor.md` read-only risk scan first (it enumerates every direct + transitive entry and ranks known-vulnerable → unpinned → duplicate → stale against the host's audit tooling), then deepen its findings with the license + deprecation analyses below. The command consumes the agent's risk-ranked table; it does not re-derive the four risk classes. Run five complementary tools across the present ecosystems:
|
|
111
|
+
|
|
112
|
+
| Tool | Scope | Surface |
|
|
113
|
+
| ---- | ----- | ------- |
|
|
114
|
+
| **pip-audit** | Python | PyPA Advisory Database + OSV CVEs per resolved version |
|
|
115
|
+
| **safety** | Python | sibling CVE feed; cross-referenced with pip-audit |
|
|
116
|
+
| **osv-scanner** | multi-language | Google OSV across Python / JS / Rust / Go / Ruby — the canonical cross-ecosystem CVE surface |
|
|
117
|
+
| **License analysis** | all | each dependency's declared `license` field resolved against the host's accepted-license list (SPDX-license-expression standard) |
|
|
118
|
+
| **Deprecation analysis** | all | registry deprecation markers (PyPI `yanked`, npm `deprecated`, crates.io `yanked`) per resolved version |
|
|
119
|
+
|
|
120
|
+
Attest each detected issue as one canonical finding class:
|
|
121
|
+
|
|
122
|
+
- **CVE** — a known CVE on the resolved version. Carry the CVE ID, CVSS score (CVSS v3.1 baseline), affected version range, and fixed version.
|
|
123
|
+
- **License incompatibility** — the license is off the host's accepted list (or no list exists and a long-lived ratification is needed).
|
|
124
|
+
- **Deprecation** — the resolved version (or whole package) is deprecated / yanked at the registry.
|
|
125
|
+
- **Unpinned production dependency** — a production-tier dependency declared with a range rather than a specific version (per the host's ratified pinning policy).
|
|
126
|
+
- **Transitive-depth concern** — a security-relevant dependency surfacing at transitive depth ≥ 3 (pulled indirectly, without explicit declaration).
|
|
127
|
+
|
|
128
|
+
**Externalise** per-dependency finding drafts at the suite's `_inputs/dependency-audit-per-dep/` (one file per dependency carrying a finding), each enumerating raw findings with `package@version` + the detecting tool's advisory ID before triage.
|
|
129
|
+
|
|
130
|
+
### Phase 2 — Per-Finding Triage
|
|
131
|
+
|
|
132
|
+
Assign each drafted finding a severity from the closed taxonomy `{HIGH, MEDIUM, LOW}` with concrete-driver rationale per `rules/interactive-questions-canonical-shapes.md` §3.2.1:
|
|
133
|
+
|
|
134
|
+
- **HIGH** — CVE with CVSS v3.1 ≥ 7.0 and an exploit-available indicator; license incompatibility with a production-distributed dependency (GPL / AGPL into MIT / Apache redistribution surfaces); security-critical dependency at transitive depth ≥ 3 with no direct equivalent; or yanked production dependency with no published replacement. Cites class 3 (named constraint — CVE / SPDX identifier) or class 6 (tool advisory).
|
|
135
|
+
- **MEDIUM** — CVE with CVSS v3.1 in 4.0–6.9; license uncertainty (dual-licensed dependency, active license unclear); deprecation of a development-tier dependency; unpinned production dependency without an active CVE; or transitive-depth concern at depth = 2. Cites class 3 or class 6.
|
|
136
|
+
- **LOW** — CVE with CVSS v3.1 < 4.0; license drift (a non-load-bearing dev dependency on an unusual but permissive license); deprecation of a test-only dependency; or a transitive-depth concern without a security or licensing trigger. Cites class 5 (rule citation) or class 6.
|
|
137
|
+
|
|
138
|
+
**Axis attestation.** Every finding names which seven-axs it touches: CVE findings load Security heavily + Tooling (scanner instrumentation); license findings load Security + Architecture (redistribution-surface implications); deprecation findings load Tooling + Observability (registry-marker drift). Multi-axis findings carry the full set.
|
|
139
|
+
|
|
140
|
+
**Borderline calls route through inquiry.** When severity is genuinely underdetermined (CVSS 6.9 vs. the 7.0 floor; dual-license disposition; transitive-depth = 2 borderline), surface the triage through the structured-inquiry channel — the option set names both candidate severities with concrete-driver rationale per `rules/interactive-questions.md` §3.
|
|
141
|
+
|
|
142
|
+
**Remediation routing.** Each CVE finding routes its disposition through `skills/vuln-triage` (the seven-field severity-band + reachability + route record); each finding whose remediation is an audited version bump routes through `skills/dependency-upgrade` (changelog-reviewed, pinned, gate-verified). The command records the routed owner per finding; it never re-publishes CVSS, re-solves the graph, or authors the bump inline.
|
|
143
|
+
|
|
144
|
+
### Phase 3 — Findings Emission
|
|
145
|
+
|
|
146
|
+
Emit the suite's `_inputs/dependency-audit-findings.md` with the following canonical sections:
|
|
147
|
+
|
|
148
|
+
1. **`## §1 Executive Summary`** — one paragraph stating the audit scope (manifest count per language, total dependency-graph node count, transitive-depth distribution, tools invoked with versions and advisory-feed dates), the finding count per severity, and the per-class distribution.
|
|
149
|
+
2. **`## §2 ... §N` Per-Dependency Findings** — one section per dependency carrying findings. Each finding records: `Finding ID` (e.g., `DA-001`) · `Package@Version` · `Manifest:Line` · `Severity` · `Class` (CVE / License / Deprecation / Unpinned / Transitive-depth) · `Identifier` (CVE / GHSA / SPDX expression / registry marker) · `Axs` (the seven-axs attestation) · `Rationale` (concrete-driver class) · `Remediation pointer` (the upstream advisory's recommended fix, never the fix itself).
|
|
150
|
+
3. **`## §Findings Index`** — table indexed by Finding ID with columns `Package@Version` · `Severity` · `Class` · `Identifier`. Indexed by severity descending.
|
|
151
|
+
4. **`## §Severity Distribution`** — count table per severity per class, plus the per-language dependency count for context.
|
|
152
|
+
5. **`## §Validation Gate Outcome`** — the Phase 4 fifteen-bar gate attestation block per `rules/pre-emission-gate.md` §2.
|
|
153
|
+
6. **`## §Bindings (§0.j five-direction)`** — the artifact's own outward bindings to upstream (the manifest tree) and downstream (remediation surfaces).
|
|
154
|
+
|
|
155
|
+
Apply incremental generation per `rules/large-file-generation.md` when the artifact exceeds 500 lines. Plan the section structure before authoring; emit the first section via Write; append subsequent sections via Edit; verify transition coherence at every boundary.
|
|
156
|
+
|
|
157
|
+
### Phase 4 — Validation Gate
|
|
158
|
+
|
|
159
|
+
Run the fifteen-bar pre-emission gate per `rules/pre-emission-gate.md` against the emitted findings artifact; the canonical per-bar check + Failure→action table lives at `rules/pre-emission-gate-bars.md` §1. Record one `pass | n/a (with reason)` line per bar in the §Validation Gate Outcome section. Dependency-audit-tier deltas:
|
|
160
|
+
|
|
161
|
+
- **M1 host-discovery** — findings honor the host's discovered language ecosystems and tooling versions; citations match the upstream advisory feeds.
|
|
162
|
+
- **M5 authority** — every finding cites a concrete `package@version` + a concrete advisory identifier (CVE / GHSA / OSV / yank marker); zero fabrications; zero unfilled confirmation placeholders.
|
|
163
|
+
- **M6 expertise** — the surfaced-gaps section names adjacent dependency-policy gaps beyond the audited scope (e.g., a missing SBOM the supply-chain audit would consume).
|
|
164
|
+
- **M7 option annotation** — every severity-triage and license-compatibility call carries `**Recommended**` + concrete-driver rationale.
|
|
165
|
+
- **M10 bidirectional binding** — the Findings Index reciprocally cites every per-dependency finding; no orphan Finding IDs.
|
|
166
|
+
- **M14 systemicity** — the artifact declares upstream (manifest tree + lockfiles), downstream (remediation surface + `/supply-chain-audit`), peers (sibling fortress artifacts), enforcers (pip-audit + safety + osv-scanner + host accepted-license list).
|
|
167
|
+
- **N/A bars (reason recorded):** M11 (single-sprint audit surface) · M13 (no executable code emitted) · M15 (production-ready applies at remediation time) · M9 (unless a non-obvious transitive-dependency graph warrants a diagram, then per `rules/visual-leverage.md`).
|
|
168
|
+
|
|
169
|
+
**Iterate on failure.** A single bar failure blocks promotion. The failing bar's Failure→action cell names the owning rule; revise, re-run, iterate until every bar passes, then emit the attestation block.
|
|
170
|
+
|
|
171
|
+
---
|
|
172
|
+
|
|
173
|
+
## Critical Rules
|
|
174
|
+
|
|
175
|
+
- **NEVER author remediation.** The command's surface is diagnostic; remediation routes through `/plan-execute` or operator-initiated edits.
|
|
176
|
+
- **NEVER fabricate findings.** Every finding cites a concrete `package@version` and a concrete advisory identifier (CVE / GHSA / OSV / yank marker).
|
|
177
|
+
- **NEVER use vague-rationale phrases as the sole justification for a severity assignment.** Cite a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1.
|
|
178
|
+
- **NEVER modify source.** The command is read-only against the manifest tree and lockfiles; only the findings artifact is written.
|
|
179
|
+
- **NEVER assume.** Invoke the structured-inquiry channel for any ambiguity in scope, severity, or axis attestation per the canonical channel.
|
|
180
|
+
- **Per-file destructive-op floor.** Destructive operations are out of scope for this command; were they to surface (e.g., orphan-manifest retirement during a related cycle), each would route through the structured-inquiry channel on a per-file basis per `rules/interactive-questions.md` §6 with the verbatim `no-default: user decision required` marker.
|
|
181
|
+
|
|
182
|
+
---
|
|
183
|
+
|
|
184
|
+
## Decision Tree
|
|
185
|
+
|
|
186
|
+
The audit-fortress phase skeleton lives at `skills/ecosystem-audit/SKILL.md` §Audit-Fortress Phase Skeleton; this command's row in the parameter table (`tools-probed:` `pip-audit` · `safety` · `osv-scanner` · lockfile resolvers · `borderline-classes:` borderline CVE severity calls · lockfile-generation ratification · `focus-semantics:` `--focus` restricts walk to a single manifest or package (default: full dependency graph) · `pipeline-tail-handoff:` Pipeline terminates — findings ready for remediation) specifies its deltas.
|
|
187
|
+
|
|
188
|
+
---
|
|
189
|
+
|
|
190
|
+
## Output
|
|
191
|
+
|
|
192
|
+
- The findings artifact at the suite's `_inputs/dependency-audit-findings.md` (executive summary + per-dependency findings + findings index + severity distribution + validation-gate attestation + bindings).
|
|
193
|
+
- An optional inventory working file at the suite's `_inputs/dependency-audit-inventory.md` (Phase 0 read inventory).
|
|
194
|
+
- An optional per-dependency drafts working directory at the suite's `_inputs/dependency-audit-per-dep/` (Phase 1 raw finding drafts before severity triage).
|
|
195
|
+
|
|
196
|
+
---
|
|
197
|
+
|
|
198
|
+
## Recommended Next Step
|
|
199
|
+
|
|
200
|
+
Invoke `/supply-chain-audit` to advance the audit-fortress sequence; `/supply-chain-audit` is the canonical successor per the 11-command audit-fortress canonical sequence.
|
|
201
|
+
|
|
202
|
+
## Bindings (§0.j five-direction)
|
|
203
|
+
|
|
204
|
+
- **Drives →** `commands/supply-chain-audit.md` (audit-fortress next-step; consumes this audit's CVE inventory and license matrix). The `agents/dependency-auditor.md` dispatch (Phase 1 invokes its read-only risk scan). The `skills/vuln-triage` routing (each CVE finding routes its disposition there) and the `skills/dependency-upgrade` routing (each upgrade-remediation finding routes there). Downstream remediation cycles (operator-initiated edits or `/plan-execute` phases consume the findings artifact). The Phase 1 per-dependency walk against every direct and transitive dependency declared in the manifest tree. The fifteen-bar pre-emission gate at Phase 4. The supply-chain audit (which consumes this audit's CVE inventory and license matrix).
|
|
205
|
+
- **Driven by ←** `commands/docs-review.md` (audit-fortress upstream).
|
|
206
|
+
- **Satisfies →** The consuming suite's audit-fortress catalog and dependency-review slot. The `commands/README.md` command catalog's Audit/review-passes row for `/dependency-audit` (the registry entry that ratifies this command's place in the slash-command catalog).
|
|
207
|
+
- **Established by ↑** The `commands/README.md` command catalog. pip-audit (PyPA) + safety (PyUp) + osv-scanner (Google OSV) — the canonical CVE-detection surfaces. The SPDX License List + the host's ratified accepted-license set — the canonical license-compatibility surfaces. `rules/cognitive-identity.md` §1 seven-axs-of-breadth taxonomy (the axis-of-attention attestation surface; Security + Tooling load-bearing).
|
|
208
|
+
- **Gated by ←** The repository's manifest presence (at least one of `pyproject.toml`, `package.json`, `Cargo.toml`, `go.mod`, `Gemfile`, or sibling). The lockfile siblings (without them the transitive graph is not deterministically walkable). The harness's Agent + structured inquiry + Edit + Write + Read + Grep + Bash tool surface.
|
|
209
|
+
- **Cross-bound with ↔** `commands/security-audit.md` (sibling review-fortress surface — security audit examines code-level vulnerabilities; dependency audit examines the supply-chain-relevant ones). `commands/supply-chain-audit.md` (consumes this audit's CVE inventory and license matrix; both audits operate on the same upstream advisory feeds). `commands/plan-execute.md` (downstream remediation cycles route through phase execution). `rules/cognitive-identity.md` (the seven-axs taxonomy). `rules/option-annotation.md` (every severity-triage call cites a concrete-driver class). `rules/authority-inquiry.md` (every ambiguity routes through the canonical channel). `rules/pre-emission-gate.md` (fifteen-bar validation). `rules/host-discovery.md` (manifest walk against the host's manifests). `skills/ecosystem-audit/SKILL.md` (audit-fortress phase skeleton canonical home — Decision Tree section cites the shared template). `agents/dependency-auditor.md` (owns the read-only ecosystem-detection + four-risk-class dependency-tree scan Phase 1 dispatches). `skills/vuln-triage/SKILL.md` (owns the seven-field CVE / advisory disposition each known-vulnerable finding routes through). `skills/dependency-upgrade/SKILL.md` (owns the changelog-reviewed, pinned, gate-verified bump each upgrade-remediation finding routes to).
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "docs-review"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-10"
|
|
5
|
+
description: "Operator-driven documentation review pass against rules/code-craft-markdown.md and rules/ten-dimension-check.md. Walks every Markdown page under the host docs source (Apothem: site/content/docs/) plus README, CONTRIBUTING, CHANGELOG, ADRs, and RFCs, then emits per-page findings covering prose clarity, sentence-level justification, precision-over-politeness, active-voice construction, hedge-elimination, link-integrity, code-block language tags, Mermaid verified metadata, citation completeness, and public-API coverage. Output lands at the consuming suite's _inputs/docs-review-findings.md with HIGH / MEDIUM / LOW severity triage and concrete-driver rationale per finding."
|
|
6
|
+
argument-hint: "[path/to/repo/ or path/to/docs-source/] [--focus FILE_OR_DIR] [--dry-run]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /docs-review — Per-Page Documentation Review
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are the user's **Senior Technical Writer** and **Cognitive Insurgent** (`rules/cognitive-identity.md`), the **reviewer-as-instrument-not-author**. This is a read-only forensic surface: it names purpose-drift, sentence-filler accumulation, hedge-vocabulary leakage, broken links, and reference-decay against the canonical Markdown craft rule and the ten-dimension check — it never writes the fix.
|
|
21
|
+
|
|
22
|
+
- **Cognitive filters** per `rules/cognitive-identity.md` §2 — Obvious Purge and Aesthetic Demand on every severity call.
|
|
23
|
+
- **Seven-axs attestation** per §1: the published prose is the observed surface; each non-trivial finding names the axs it touches.
|
|
24
|
+
|
|
25
|
+
---
|
|
26
|
+
|
|
27
|
+
## Instructions
|
|
28
|
+
|
|
29
|
+
Execute `/docs-review`: ingest the documentation corpus, walk every Markdown page under the host docs source (Apothem: `site/content/docs/`) plus the root-level singletons (`README.md`, `CONTRIBUTING.md`, `CHANGELOG.md`, `SECURITY.md`, `SUPPORT.md`, ADR/RFC directories), apply the Markdown craft rule and the ten-dimension check per page, and emit a per-page findings artifact at the consuming suite's `_inputs/docs-review-findings.md` ready for remediation.
|
|
30
|
+
|
|
31
|
+
Governance scales with seriousness per the seriousness-scaling discipline; creative architecture (CM-21) is active throughout.
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## Pipeline Contract
|
|
36
|
+
|
|
37
|
+
**Pipeline position.** **Terminal review-fortress command.** This command sits at the docs-fortress slot of the audit-fortress sequence. It consumes the deployed documentation corpus state — every Markdown page under the host docs source plus the host's ratified documentation singletons — and emits the findings artifact downstream remediation cycles consume. The command does not modify source; the findings are read-only diagnostics.
|
|
38
|
+
|
|
39
|
+
**Audit-fortress sequence position.** **Upstream:** `/a11y-audit`. **Downstream:** `/dependency-audit`. Position 8 of 11 in the canonical audit-fortress linear sequence (`/code-review → /code-audit → /security-audit → /perf-audit → /architecture-review → /ux-review → /a11y-audit → /docs-review → /dependency-audit → /supply-chain-audit → /threat-model-audit`).
|
|
40
|
+
|
|
41
|
+
**Handoff Manifest.**
|
|
42
|
+
|
|
43
|
+
- **Consumed.** The repository's documentation corpus (`site/content/docs/**/*.{md,mdx}` plus root-level documentation singletons for Apothem). No upstream manifest is required; the command operates against the on-disk state. When the consuming suite carries a Handoff Manifest at `_inputs/handoff-manifest.yml`, the prior fortress-phase attestations are read as context but do not gate execution.
|
|
44
|
+
- **Emitted.** The findings artifact at `_inputs/docs-review-findings.md` plus an optional Handoff Manifest augmentation with the per-page finding count, the per-severity breakdown, the per-dimension-failure breakdown (against the ten dimensions), the per-axis attestation against the seven-axs-of-breadth taxonomy, and the review's `verified:` date.
|
|
45
|
+
|
|
46
|
+
**Pre-flight inquiry set.** Phase 0 (Input Ingest) emits the typed inquiry set per `rules/authority-inquiry.md` when the documentation-corpus shape is ambiguous (e.g., the docs source directory is absent, the focus argument points at a non-existent path, the host's docs-site generator is not host-discoverable). Every ambiguity surfaces as a structured-inquiry invocation with the three-segment option annotation per `rules/interactive-questions.md` §3.
|
|
47
|
+
|
|
48
|
+
**Pre-emission gate.** Phase 4 (Validation Gate) runs the fifteen-bar pre-emission gate per `rules/pre-emission-gate.md` against the candidate findings artifact before promotion. The gate attestation block is recorded inside the emitted findings artifact. Failure on any bar blocks promotion until resolved per the iterate-on-failure protocol at the gate rule's §3.
|
|
49
|
+
|
|
50
|
+
### Inquiry Cadence (D4)
|
|
51
|
+
|
|
52
|
+
This command operates at **maximal structured-inquiry saturation**. Every severity ratification (HIGH / MEDIUM / LOW), every borderline hedge-elimination call, every broken-link / stale-citation triage call, every axis-attestation gap, and every gate-bar `n/a (with reason)` marking routes through the canonical channel per `rules/interactive-questions.md` §1 (free-form prose questions as primary input are forbidden). Every invocation carries the three-segment body per §3 (`rationale:` / `recommendation:` / `default-pointer:`); every non-neutral `recommendation:` cites a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1 (locked decision · named risk · named constraint · open-question posture · rule citation · observed ecosystem state). Up to four questions may batch per invocation. **Question-fatigue-optimization is FORBIDDEN.**
|
|
53
|
+
|
|
54
|
+
---
|
|
55
|
+
|
|
56
|
+
## Foundational Stanzas
|
|
57
|
+
|
|
58
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
59
|
+
|
|
60
|
+
### Refusal & Escalation
|
|
61
|
+
|
|
62
|
+
REFUSE any task whose scope exceeds this command's stated mission (producing the per-page documentation findings artifact for a deployed repository). Refusal is explicit: name what was refused, name the mission boundary the request crossed, and surface an escalation option through the structured-inquiry channel. REFUSE review against a corpus whose shape diverges from the host-ratified docs source plus root-singletons layout without operator ratification of the alternate scope. REFUSE authoring remediation patches — the command's surface is diagnostic only; remediation routes through `/plan-execute` or operator-initiated edits.
|
|
63
|
+
|
|
64
|
+
### Output Surface
|
|
65
|
+
|
|
66
|
+
The findings artifact lands at the consuming suite's `_inputs/docs-review-findings.md` per the suite-locality invariant at `rules/context-management.md` §2.6.1. Plan-internal files are banner-exempt per the `.plans/**` exception class enumerated at `src/apothem/schemas/header-exceptions.txt`; the injector at `scripts/inject-header.{sh,py}` is therefore NOT invoked on emission. NEVER write the findings artifact outside the suite folder; NEVER write to a global plans directory under any harness's config root from a downstream-project context; NEVER write to any other global-ecosystem location; NEVER modify any documentation page — the command is read-only against the corpus.
|
|
67
|
+
|
|
68
|
+
### File-Authoring Contract
|
|
69
|
+
|
|
70
|
+
The findings artifact is banner-exempt per the `.plans/**` exception class. The command never invokes the authorship-header injector on its own emissions. When a finding cites a documentation page, the citation is documentary (`file:line` or `file:heading-anchor`); the underlying source is never written by this command.
|
|
71
|
+
|
|
72
|
+
### Structured Inquiry on Ambiguity
|
|
73
|
+
|
|
74
|
+
When uncertain about corpus scope, focus boundary, severity assignment on borderline hedge / passive-voice / heading-hierarchy findings, broken-link disposition, or axis-of-attention attestation on multi-axis findings, route the resolution through the structured-inquiry channel with the three-segment option annotation per `rules/interactive-questions.md` §3. Free-form prose questions as primary input are forbidden. NEVER fabricate findings — every finding cites a concrete `file:line` (or `file:anchor`) and a concrete rule clause from the Markdown craft rule or a specific dimension from the ten-dimension catalog.
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
|
|
78
|
+
## Inputs
|
|
79
|
+
|
|
80
|
+
| Argument | Type | Required | Description |
|
|
81
|
+
| -------- | ---- | -------- | ----------- |
|
|
82
|
+
| `path/to/repo/ or path/to/docs-source/` | Path | Yes | Root directory of the deployed repository OR the docs source directory directly. MUST contain at least one Markdown file resolvable as a documentation page. The command refuses execution when no documentation files are reachable. |
|
|
83
|
+
| `--focus FILE_OR_DIR` | Path | No | Restrict the per-page walk to a single file or directory subtree under the root. Useful when reviewing a recent docs change-set incrementally. Path resolves relative to the root. |
|
|
84
|
+
| `--dry-run` | Flag | No | Analyze what would be reviewed and report — no findings artifact emitted. The dry-run output enumerates the file count, the host-discovered docs-site generator (Fumadocs / Docusaurus / Sphinx / Hugo / Jekyll), and any pre-flight inquiries that would fire without committing the artifact. |
|
|
85
|
+
|
|
86
|
+
---
|
|
87
|
+
|
|
88
|
+
## Workflow — Five Transformation Phases
|
|
89
|
+
|
|
90
|
+
### Phase 0 — Input Ingest
|
|
91
|
+
|
|
92
|
+
Read the documentation corpus in full. Deploy a Research Team (CM-25A) for parallel ingest — one agent per top-level group (`site/content/docs/`, root singletons, ADR/RFC directories when present). Each returns a structured page inventory ≤ 500 tokens (CM-25C) with required fields `status` · `page-list` · `per-group-count` · `gaps`.
|
|
93
|
+
|
|
94
|
+
**Required reads.**
|
|
95
|
+
|
|
96
|
+
- **Docs-site configuration** (`next.config.mjs`, `docusaurus.config.js`, `conf.py`, `_config.yml`, `hugo.toml`) per `rules/host-discovery-manifests.md` §1 — the discovered docs-site conventions (theme, nav, frontmatter schema) anchor the per-page finding bar.
|
|
97
|
+
- **Every Markdown file** under the root matching the `--focus` narrowing (or all when none is supplied), capped at a host-discoverable ceiling to guarantee termination.
|
|
98
|
+
- **Frontmatter contract** per artifact class (rule files require `description`; skill files require `name` + `description`; etc.) per `rules/host-discovery.md`.
|
|
99
|
+
|
|
100
|
+
**Externalise** a working inventory at the suite's `_inputs/docs-review-inventory.md` (free-form scratch per `rules/context-management-scratch.md` §1): file count per group, per-directory count, the discovered docs-site generator and frontmatter contract, and any `--focus` narrowing.
|
|
101
|
+
|
|
102
|
+
### Phase 1 — Per-Page Walk
|
|
103
|
+
|
|
104
|
+
Apply `rules/code-craft-markdown.md` per page:
|
|
105
|
+
|
|
106
|
+
| § | Check |
|
|
107
|
+
| - | ----- |
|
|
108
|
+
| §1 | Purpose-driven structure (tutorial / how-to / reference / explanation / ADR / runbook shape) |
|
|
109
|
+
| §2 | Sentence-level justification — filler / throat-clearing / restatement elimination |
|
|
110
|
+
| §3 | Precision over politeness — hedge-vocabulary elimination in prescriptive prose (closed forbid list at `rules/definitiveness.md`) |
|
|
111
|
+
| §4 | Active-voice construction |
|
|
112
|
+
| §5 | Frontmatter discipline — required-field set per the host's discovered schema |
|
|
113
|
+
| §6 | Link discipline — internal resolvability, external permalink discipline |
|
|
114
|
+
| §7 | Code-block discipline — mandatory language tags, labeled runnable examples, inline-code backtick discipline |
|
|
115
|
+
| §8 | Heading hierarchy — one H1, no skipped levels, uniform sentence-or-title case |
|
|
116
|
+
| §9 | Linter conformance — markdownlint / vale clean against host config |
|
|
117
|
+
| §10 | Length discipline — incremental-generation protocol above 200 lines |
|
|
118
|
+
|
|
119
|
+
Then apply `rules/ten-dimension-check.md` per page (rigor · coherence · configurability · readability · orphanism · structurality · architecture · naming · scholarly referencing · examples-tests-docs). Each dimension failure is a finding candidate.
|
|
120
|
+
|
|
121
|
+
**Externalise** per-page finding drafts at the suite's `_inputs/docs-review-per-page/` (one file per page reviewed), each enumerating raw findings with `file:line` / `file:anchor` citations before triage.
|
|
122
|
+
|
|
123
|
+
### Phase 2 — Per-Finding Triage
|
|
124
|
+
|
|
125
|
+
Assign each drafted finding a severity from the closed taxonomy `{HIGH, MEDIUM, LOW}` with concrete-driver rationale per `rules/interactive-questions-canonical-shapes.md` §3.2.1:
|
|
126
|
+
|
|
127
|
+
- **HIGH** — public-API coverage gap (public function / class / module with no docstring or page), correctness defect (documented behavior contradicts the implementation per the M3 dimension-2 consistency check), broken link to a load-bearing target (cited file absent; cited heading anchor unresolved), missing required frontmatter field on a rule / skill / agent / command file (hook-validated `name` / `description` absent or empty), or a hedge in prescriptive prose that flips a binding directive to advisory. Cites class 5 (rule citation) or class 6 (broken-link verification / missing-field grep hit).
|
|
128
|
+
- **MEDIUM** — filler / throat-clearing degrading signal-to-noise, passive voice obscuring the actor in a prescriptive sentence, untagged fenced code block (markdownlint MD040), heading-hierarchy skip (H2 → H4), stale citation (branch-pointed where commit-pinned is available), or a runnable example missing a language tag. Cites class 5 or class 6.
|
|
129
|
+
- **LOW** — aesthetic drift (Filter 5) without binding-directive impact, casing inconsistency across siblings on heading style, link to a stable external source with slight stylistic drift, or a magic number in a non-prescriptive example. Cites class 5.
|
|
130
|
+
|
|
131
|
+
**Axis attestation.** Every finding names which seven-axs it touches (Architecture · Concurrency · Performance · Security · Testing · Tooling · Observability) — the full set for multi-axis, one for single-axis. Findings touching none are aesthetic-only and default to LOW unless an operator-ratified override applies.
|
|
132
|
+
|
|
133
|
+
**Borderline calls route through inquiry.** When severity is genuinely underdetermined (a hedge whose conditional structure is implicit; a MEDIUM-vs-LOW boundary), surface the triage through the structured-inquiry channel — the option set names both candidate severities with concrete-driver rationale per `rules/interactive-questions.md` §3.
|
|
134
|
+
|
|
135
|
+
### Phase 3 — Findings Emission
|
|
136
|
+
|
|
137
|
+
Emit the suite's `_inputs/docs-review-findings.md` with the following canonical sections:
|
|
138
|
+
|
|
139
|
+
1. **`## §1 Executive Summary`** — one paragraph stating the review scope (file count per group, directories walked, focus narrowing applied, host docs-site generator), the finding count per severity, and the per-dimension-failure distribution.
|
|
140
|
+
2. **`## §2 ... §N` Per-Page Findings** — one section per page carrying findings. Each finding records: `Finding ID` (e.g., `DR-001`) · `File:Line` (or `File:Anchor`) · `Severity` · `Rule clause` (cite the specific Markdown craft rule subsection or ten-dimension dimension number) · `Axs` (the seven-axs attestation) · `Rationale` (concrete-driver class) · `Remediation pointer` (the rule clause that names the canonical fix, never the fix itself).
|
|
141
|
+
3. **`## §Findings Index`** — table indexed by Finding ID with columns `File:Line` · `Severity` · `Axs` · `Rule clause`. Indexed by severity descending.
|
|
142
|
+
4. **`## §Severity Distribution`** — count table per severity per dimension, plus the per-group page count for context.
|
|
143
|
+
5. **`## §Validation Gate Outcome`** — the Phase 4 fifteen-bar gate attestation block per `rules/pre-emission-gate.md` §2.
|
|
144
|
+
6. **`## §Bindings (§0.j five-direction)`** — the artifact's own outward bindings to upstream (the documentation corpus) and downstream (remediation surfaces).
|
|
145
|
+
|
|
146
|
+
Apply incremental generation per `rules/large-file-generation.md` when the artifact exceeds 500 lines. Plan the section structure before authoring; emit the first section via Write; append subsequent sections via Edit; verify transition coherence at every boundary.
|
|
147
|
+
|
|
148
|
+
### Phase 4 — Validation Gate
|
|
149
|
+
|
|
150
|
+
Run the fifteen-bar pre-emission gate per `rules/pre-emission-gate.md` against the emitted findings artifact; the canonical per-bar check + Failure→action table lives at `rules/pre-emission-gate-bars.md` §1. Record one `pass | n/a (with reason)` line per bar in the §Validation Gate Outcome section. Docs-review-tier deltas:
|
|
151
|
+
|
|
152
|
+
- **M1 host-discovery** — findings honor the host's discovered docs-site generator and frontmatter schema; citations match the rules the host has ratified.
|
|
153
|
+
- **M5 authority** — every finding cites a verified `file:line` / `file:anchor`; zero fabrications; zero unfilled confirmation placeholders.
|
|
154
|
+
- **M7 option annotation** — every severity-triage and axis-attestation call carries `**Recommended**` + concrete-driver rationale.
|
|
155
|
+
- **M10 bidirectional binding** — the Findings Index reciprocally cites every per-page finding; no orphan Finding IDs.
|
|
156
|
+
- **M14 systemicity** — the artifact declares upstream (documentation corpus), downstream (remediation surface), peers (sibling fortress artifacts), enforcers (Markdown craft rule + ten-dimension catalog + host frontmatter contract).
|
|
157
|
+
- **N/A bars (reason recorded):** M11 (single-sprint review surface) · M13 (no executable code emitted) · M15 (production-ready applies at remediation time) · M9 (unless a structural defect warrants a diagram, then per `rules/visual-leverage.md`).
|
|
158
|
+
|
|
159
|
+
**Iterate on failure.** A single bar failure blocks promotion. The failing bar's Failure→action cell names the owning rule; revise, re-run, iterate until every bar passes, then emit the attestation block.
|
|
160
|
+
|
|
161
|
+
---
|
|
162
|
+
|
|
163
|
+
## Critical Rules
|
|
164
|
+
|
|
165
|
+
- **NEVER author remediation.** The command's surface is diagnostic; remediation routes through `/plan-execute` or operator-initiated edits.
|
|
166
|
+
- **NEVER fabricate findings.** Every finding cites a concrete `file:line` (or `file:anchor`) and a concrete rule clause.
|
|
167
|
+
- **NEVER use vague-rationale phrases as the sole justification for a severity assignment.** Cite a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1.
|
|
168
|
+
- **NEVER modify source.** The command is read-only against the corpus; only the findings artifact is written.
|
|
169
|
+
- **NEVER assume.** Invoke the structured-inquiry channel for any ambiguity in scope, severity, or axis attestation per the canonical channel.
|
|
170
|
+
- **Per-file destructive-op floor.** Destructive operations are out of scope for this command; were they to surface (e.g., orphan-page retirement during a related cycle), each would route through the structured-inquiry channel on a per-file basis per `rules/interactive-questions.md` §6 with the verbatim `no-default: user decision required` marker.
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
## Decision Tree
|
|
175
|
+
|
|
176
|
+
The audit-fortress phase skeleton lives at `skills/ecosystem-audit/SKILL.md` §Audit-Fortress Phase Skeleton; this command's row in the parameter table (`tools-probed:` host's docs-site generator (Fumadocs / Docusaurus / Sphinx / sibling) for convention defaults · `borderline-classes:` borderline severity calls on per-page documentation findings · `focus-semantics:` `--focus` restricts walk to focus subtree (default: host docs source + root singletons) · `pipeline-tail-handoff:` Pipeline terminates — findings ready for remediation) specifies its deltas.
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## Output
|
|
181
|
+
|
|
182
|
+
- The findings artifact at the suite's `_inputs/docs-review-findings.md` (executive summary + per-page findings + findings index + severity distribution + validation-gate attestation + bindings).
|
|
183
|
+
- An optional inventory working file at the suite's `_inputs/docs-review-inventory.md` (Phase 0 read inventory).
|
|
184
|
+
- An optional per-page drafts working directory at the suite's `_inputs/docs-review-per-page/` (Phase 1 raw finding drafts before severity triage).
|
|
185
|
+
|
|
186
|
+
---
|
|
187
|
+
|
|
188
|
+
## Recommended Next Step
|
|
189
|
+
|
|
190
|
+
Invoke `/dependency-audit` to advance the audit-fortress sequence; `/dependency-audit` is the canonical successor per the 11-command audit-fortress canonical sequence.
|
|
191
|
+
|
|
192
|
+
## Bindings (§0.j five-direction)
|
|
193
|
+
|
|
194
|
+
- **Drives →** `commands/dependency-audit.md` (audit-fortress next-step). Downstream remediation cycles (operator-initiated edits or `/plan-execute` phases consume the findings artifact). The Phase 1 per-page walk against every Markdown file under the host docs source plus the host's ratified root-level documentation singletons. The fifteen-bar pre-emission gate at Phase 4.
|
|
195
|
+
- **Driven by ←** `commands/a11y-audit.md` (audit-fortress upstream).
|
|
196
|
+
- **Satisfies →** The consuming suite's audit-fortress catalog and documentation review slot. The `commands/README.md` command catalog's Audit/review-passes row for `/docs-review` (the registry entry that ratifies this command's place in the slash-command catalog).
|
|
197
|
+
- **Established by ↑** The `commands/README.md` command catalog. `rules/code-craft-markdown.md` (the Markdown craft rule whose clauses ground every finding). `rules/ten-dimension-check.md` (the ten dimensions the per-page walk applies). `rules/definitiveness.md` (the hedge-vocabulary forbid list for prescriptive prose). `rules/cognitive-identity.md` §1 seven-axs-of-breadth taxonomy (the axis-of-attention attestation surface).
|
|
198
|
+
- **Gated by ←** The repository's documentation corpus presence (at least one Markdown file under the operator-supplied root). The host's ratified docs-site generator + frontmatter schema discovered at Phase 0. The harness's Agent + structured inquiry + Edit + Write + Read + Grep tool surface.
|
|
199
|
+
- **Cross-bound with ↔** `commands/code-review.md` (sibling review-fortress surface). `commands/architecture-review.md` (sibling surface — architecture review audits structural soundness; docs review audits how that structure is documented). `commands/plan-execute.md` (downstream remediation cycles route through phase execution). `rules/code-craft-markdown.md` (the primary rule citation every finding grounds against). `rules/ten-dimension-check.md` (the dimension catalog). `rules/definitiveness.md` (hedge-vocabulary closed forbid list). `rules/option-annotation.md` (every severity-triage call cites a concrete-driver class). `rules/authority-inquiry.md` (every ambiguity routes through the canonical channel). `rules/pre-emission-gate.md` (Phase 4 fifteen-bar validation). `rules/visual-leverage.md` (structural-defect diagrams when warranted). `rules/host-discovery.md` (Phase 0 manifest walk). `skills/ecosystem-audit/SKILL.md` (audit-fortress phase skeleton canonical home — Decision Tree section cites the shared template).
|