@ahmed-g-gad/apothem 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +60 -0
- package/LICENSE +21 -0
- package/LICENSES/MIT.txt +18 -0
- package/LICENSES/PSF-2.0.txt +47 -0
- package/README.md +549 -0
- package/bin/README.md +37 -0
- package/bin/apothem.mjs +78 -0
- package/package.json +75 -0
- package/pyproject.toml +347 -0
- package/src/apothem/README.md +52 -0
- package/src/apothem/__init__.py +66 -0
- package/src/apothem/__main__.py +28 -0
- package/src/apothem/_vendor/.keep +0 -0
- package/src/apothem/_vendor/__init__.py +25 -0
- package/src/apothem/_vendor/attr/__init__.py +104 -0
- package/src/apothem/_vendor/attr/__init__.pyi +389 -0
- package/src/apothem/_vendor/attr/_cmp.py +160 -0
- package/src/apothem/_vendor/attr/_cmp.pyi +13 -0
- package/src/apothem/_vendor/attr/_compat.py +99 -0
- package/src/apothem/_vendor/attr/_config.py +31 -0
- package/src/apothem/_vendor/attr/_funcs.py +497 -0
- package/src/apothem/_vendor/attr/_make.py +3406 -0
- package/src/apothem/_vendor/attr/_next_gen.py +674 -0
- package/src/apothem/_vendor/attr/_typing_compat.pyi +15 -0
- package/src/apothem/_vendor/attr/_version_info.py +89 -0
- package/src/apothem/_vendor/attr/_version_info.pyi +9 -0
- package/src/apothem/_vendor/attr/converters.py +162 -0
- package/src/apothem/_vendor/attr/converters.pyi +19 -0
- package/src/apothem/_vendor/attr/exceptions.py +95 -0
- package/src/apothem/_vendor/attr/exceptions.pyi +17 -0
- package/src/apothem/_vendor/attr/filters.py +72 -0
- package/src/apothem/_vendor/attr/filters.pyi +6 -0
- package/src/apothem/_vendor/attr/py.typed +0 -0
- package/src/apothem/_vendor/attr/setters.py +79 -0
- package/src/apothem/_vendor/attr/setters.pyi +20 -0
- package/src/apothem/_vendor/attr/validators.py +750 -0
- package/src/apothem/_vendor/attr/validators.pyi +140 -0
- package/src/apothem/_vendor/attr.LICENSE +21 -0
- package/src/apothem/_vendor/attrs/__init__.py +72 -0
- package/src/apothem/_vendor/attrs/__init__.pyi +314 -0
- package/src/apothem/_vendor/attrs/converters.py +3 -0
- package/src/apothem/_vendor/attrs/exceptions.py +3 -0
- package/src/apothem/_vendor/attrs/filters.py +3 -0
- package/src/apothem/_vendor/attrs/py.typed +0 -0
- package/src/apothem/_vendor/attrs/setters.py +3 -0
- package/src/apothem/_vendor/attrs/validators.py +3 -0
- package/src/apothem/_vendor/attrs.LICENSE +21 -0
- package/src/apothem/_vendor/jsonschema/__init__.py +120 -0
- package/src/apothem/_vendor/jsonschema/__main__.py +6 -0
- package/src/apothem/_vendor/jsonschema/_format.py +546 -0
- package/src/apothem/_vendor/jsonschema/_keywords.py +449 -0
- package/src/apothem/_vendor/jsonschema/_legacy_keywords.py +449 -0
- package/src/apothem/_vendor/jsonschema/_types.py +204 -0
- package/src/apothem/_vendor/jsonschema/_typing.py +29 -0
- package/src/apothem/_vendor/jsonschema/_utils.py +355 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/__init__.py +5 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/const_vs_enum.py +30 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/contains.py +28 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/import_benchmark.py +31 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/issue232/issue.json +2653 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/issue232.py +25 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/json_schema_test_suite.py +12 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/nested_schemas.py +56 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/subcomponents.py +42 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/unused_registry.py +35 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/useless_applicator_schemas.py +106 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/useless_keywords.py +32 -0
- package/src/apothem/_vendor/jsonschema/benchmarks/validator_creation.py +14 -0
- package/src/apothem/_vendor/jsonschema/cli.py +292 -0
- package/src/apothem/_vendor/jsonschema/exceptions.py +490 -0
- package/src/apothem/_vendor/jsonschema/protocols.py +230 -0
- package/src/apothem/_vendor/jsonschema/validators.py +1410 -0
- package/src/apothem/_vendor/jsonschema.LICENSE +19 -0
- package/src/apothem/_vendor/jsonschema_specifications/__init__.py +12 -0
- package/src/apothem/_vendor/jsonschema_specifications/_core.py +38 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/metaschema.json +42 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/applicator +56 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/content +17 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/core +57 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/format +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/meta-data +37 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft201909/vocabularies/validation +98 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/metaschema.json +58 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/applicator +48 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/content +17 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/core +51 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/format-annotation +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/format-assertion +14 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/meta-data +37 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/unevaluated +15 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft202012/vocabularies/validation +98 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft3/metaschema.json +172 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft4/metaschema.json +149 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft6/metaschema.json +153 -0
- package/src/apothem/_vendor/jsonschema_specifications/schemas/draft7/metaschema.json +166 -0
- package/src/apothem/_vendor/jsonschema_specifications.LICENSE +19 -0
- package/src/apothem/_vendor/referencing/__init__.py +7 -0
- package/src/apothem/_vendor/referencing/_attrs.py +31 -0
- package/src/apothem/_vendor/referencing/_attrs.pyi +21 -0
- package/src/apothem/_vendor/referencing/_core.py +739 -0
- package/src/apothem/_vendor/referencing/exceptions.py +165 -0
- package/src/apothem/_vendor/referencing/jsonschema.py +642 -0
- package/src/apothem/_vendor/referencing/py.typed +0 -0
- package/src/apothem/_vendor/referencing/retrieval.py +94 -0
- package/src/apothem/_vendor/referencing/typing.py +61 -0
- package/src/apothem/_vendor/referencing.LICENSE +19 -0
- package/src/apothem/_vendor/rpds/__init__.py +251 -0
- package/src/apothem/_vendor/typing_extensions.LICENSE +279 -0
- package/src/apothem/_vendor/typing_extensions.py +4317 -0
- package/src/apothem/_vendor/vendor.txt +22 -0
- package/src/apothem/_vendor/yaml/__init__.py +389 -0
- package/src/apothem/_vendor/yaml/composer.py +138 -0
- package/src/apothem/_vendor/yaml/constructor.py +748 -0
- package/src/apothem/_vendor/yaml/cyaml.py +100 -0
- package/src/apothem/_vendor/yaml/dumper.py +61 -0
- package/src/apothem/_vendor/yaml/emitter.py +1137 -0
- package/src/apothem/_vendor/yaml/error.py +74 -0
- package/src/apothem/_vendor/yaml/events.py +85 -0
- package/src/apothem/_vendor/yaml/loader.py +63 -0
- package/src/apothem/_vendor/yaml/nodes.py +48 -0
- package/src/apothem/_vendor/yaml/parser.py +588 -0
- package/src/apothem/_vendor/yaml/reader.py +185 -0
- package/src/apothem/_vendor/yaml/representer.py +388 -0
- package/src/apothem/_vendor/yaml/resolver.py +226 -0
- package/src/apothem/_vendor/yaml/scanner.py +1435 -0
- package/src/apothem/_vendor/yaml/serializer.py +110 -0
- package/src/apothem/_vendor/yaml/tokens.py +103 -0
- package/src/apothem/_vendor/yaml.LICENSE +20 -0
- package/src/apothem/agents/README.md +60 -0
- package/src/apothem/agents/codebase-explorer.md +91 -0
- package/src/apothem/agents/convention-auditor.md +93 -0
- package/src/apothem/agents/dependency-auditor.md +97 -0
- package/src/apothem/agents/fact-checker.md +84 -0
- package/src/apothem/agents/mcp-builder.md +86 -0
- package/src/apothem/agents/memory-auditor.md +93 -0
- package/src/apothem/agents/prompt-evaluator.md +87 -0
- package/src/apothem/agents/quality-gate.md +103 -0
- package/src/apothem/agents/refactor-surgeon.md +74 -0
- package/src/apothem/agents/research-scout.md +73 -0
- package/src/apothem/agents/security-scanner.md +83 -0
- package/src/apothem/agents/test-runner.md +84 -0
- package/src/apothem/audit/README.md +73 -0
- package/src/apothem/audit/_scan_lib.py +182 -0
- package/src/apothem/audit/analyze_graph.py +260 -0
- package/src/apothem/audit/build_capability_graph.py +607 -0
- package/src/apothem/audit/build_inventory.py +657 -0
- package/src/apothem/audit/build_plans_provenance.py +997 -0
- package/src/apothem/audit/check_links.py +389 -0
- package/src/apothem/audit/classify_artifacts.py +381 -0
- package/src/apothem/audit/deprecated-tokens.txt +10 -0
- package/src/apothem/audit/execute_plans_migration.py +491 -0
- package/src/apothem/audit/known-projects.txt +15 -0
- package/src/apothem/audit/render_capability_index.py +467 -0
- package/src/apothem/audit/render_inventory.py +405 -0
- package/src/apothem/audit/scan_ai_surfaces.py +1125 -0
- package/src/apothem/audit/scan_ai_surfaces_coarse.py +261 -0
- package/src/apothem/audit/scan_drift_features.py +143 -0
- package/src/apothem/audit/scan_frontmatter.py +293 -0
- package/src/apothem/audit/scan_header_coverage.py +1134 -0
- package/src/apothem/audit/scan_plan_leakage.py +540 -0
- package/src/apothem/audit/scan_plans_discipline.py +188 -0
- package/src/apothem/audit/scan_secrets_pii.py +245 -0
- package/src/apothem/audit/scan_stale_tokens.py +296 -0
- package/src/apothem/audit/synthesize_drift.py +205 -0
- package/src/apothem/benchmarks/README.md +33 -0
- package/src/apothem/benchmarks/__init__.py +3 -0
- package/src/apothem/benchmarks/bench_agents.py +63 -0
- package/src/apothem/benchmarks/bench_hooks.py +93 -0
- package/src/apothem/benchmarks/bench_install.py +58 -0
- package/src/apothem/benchmarks/bench_tests.py +93 -0
- package/src/apothem/benchmarks/bench_validate_ecosystem.py +84 -0
- package/src/apothem/cli/README.md +33 -0
- package/src/apothem/cli/__init__.py +229 -0
- package/src/apothem/cli/_cmd_completion.py +88 -0
- package/src/apothem/cli/_cmd_diff.py +181 -0
- package/src/apothem/cli/_cmd_doctor.py +143 -0
- package/src/apothem/cli/_cmd_harnesses.py +167 -0
- package/src/apothem/cli/_cmd_install.py +327 -0
- package/src/apothem/cli/_cmd_migrate_workspace.py +143 -0
- package/src/apothem/cli/_cmd_profile.py +341 -0
- package/src/apothem/cli/_cmd_status.py +180 -0
- package/src/apothem/cli/_cmd_uninstall.py +215 -0
- package/src/apothem/cli/_cmd_update.py +397 -0
- package/src/apothem/cli/_cmd_verify.py +194 -0
- package/src/apothem/cli/_common_flags.py +90 -0
- package/src/apothem/cli/_epilogs.py +296 -0
- package/src/apothem/cli/_helpers.py +857 -0
- package/src/apothem/cli/_json_formatter.py +21 -0
- package/src/apothem/cli/_materialize.py +376 -0
- package/src/apothem/cli/completions/apothem.bash +30 -0
- package/src/apothem/cli/completions/apothem.fish +19 -0
- package/src/apothem/cli/completions/apothem.ps1 +27 -0
- package/src/apothem/cli/completions/apothem.zsh +42 -0
- package/src/apothem/cli/reference_export.py +126 -0
- package/src/apothem/commands/README.md +125 -0
- package/src/apothem/commands/a11y-audit.md +203 -0
- package/src/apothem/commands/architecture-review.md +194 -0
- package/src/apothem/commands/audit.md +165 -0
- package/src/apothem/commands/code-audit.md +218 -0
- package/src/apothem/commands/code-review.md +193 -0
- package/src/apothem/commands/dependency-audit.md +209 -0
- package/src/apothem/commands/docs-review.md +199 -0
- package/src/apothem/commands/elevate.md +285 -0
- package/src/apothem/commands/eval.md +149 -0
- package/src/apothem/commands/fortress.md +172 -0
- package/src/apothem/commands/freshify.md +168 -0
- package/src/apothem/commands/github-deploy-fresh.md +178 -0
- package/src/apothem/commands/github-deploy-next.md +167 -0
- package/src/apothem/commands/perf-audit.md +198 -0
- package/src/apothem/commands/plan-amend.md +104 -0
- package/src/apothem/commands/plan-audit.md +127 -0
- package/src/apothem/commands/plan-design.md +257 -0
- package/src/apothem/commands/plan-execute.md +495 -0
- package/src/apothem/commands/plan-generate.md +351 -0
- package/src/apothem/commands/plan-review.md +555 -0
- package/src/apothem/commands/plan-spec.md +359 -0
- package/src/apothem/commands/plan-status.md +222 -0
- package/src/apothem/commands/plan.md +173 -0
- package/src/apothem/commands/projectify.md +142 -0
- package/src/apothem/commands/release-readiness.md +142 -0
- package/src/apothem/commands/research-analysis.md +241 -0
- package/src/apothem/commands/research-design.md +231 -0
- package/src/apothem/commands/research-disseminate.md +225 -0
- package/src/apothem/commands/research-experiment.md +232 -0
- package/src/apothem/commands/research-ideate.md +213 -0
- package/src/apothem/commands/research-paper.md +252 -0
- package/src/apothem/commands/research-proposal.md +220 -0
- package/src/apothem/commands/research-publish.md +255 -0
- package/src/apothem/commands/research-review.md +251 -0
- package/src/apothem/commands/research-sources.md +266 -0
- package/src/apothem/commands/research-spec.md +255 -0
- package/src/apothem/commands/research-synthesis.md +233 -0
- package/src/apothem/commands/research-theory.md +218 -0
- package/src/apothem/commands/research.md +181 -0
- package/src/apothem/commands/security-audit.md +196 -0
- package/src/apothem/commands/supply-chain-audit.md +192 -0
- package/src/apothem/commands/test-suite.md +146 -0
- package/src/apothem/commands/threat-model-audit.md +199 -0
- package/src/apothem/commands/ux-review.md +202 -0
- package/src/apothem/commands/workflow.md +162 -0
- package/src/apothem/conformity/README.md +173 -0
- package/src/apothem/conformity/__init__.py +1 -0
- package/src/apothem/conformity/_grep_base.py +93 -0
- package/src/apothem/conformity/agent_capability_grep.py +306 -0
- package/src/apothem/conformity/agents_md_coverage_grep.py +382 -0
- package/src/apothem/conformity/agnosticism_grep.py +311 -0
- package/src/apothem/conformity/always_on_budget_grep.py +318 -0
- package/src/apothem/conformity/bare_except_grep.py +115 -0
- package/src/apothem/conformity/binding_reciprocity_grep.py +151 -0
- package/src/apothem/conformity/brand_mark_grep.py +272 -0
- package/src/apothem/conformity/commented_out_code_grep.py +176 -0
- package/src/apothem/conformity/completion_claim_grep.py +169 -0
- package/src/apothem/conformity/conventional_commit_grep.py +319 -0
- package/src/apothem/conformity/copilot_instructions_presence_grep.py +324 -0
- package/src/apothem/conformity/cross_platform_matrix_grep.py +297 -0
- package/src/apothem/conformity/determinism_grep.py +306 -0
- package/src/apothem/conformity/diagram_staleness_grep.py +154 -0
- package/src/apothem/conformity/dynamism_grep.py +284 -0
- package/src/apothem/conformity/editorconfig_presence_grep.py +281 -0
- package/src/apothem/conformity/file_header_grep.py +502 -0
- package/src/apothem/conformity/freshness_token_grep.py +233 -0
- package/src/apothem/conformity/frontmatter_grep.py +274 -0
- package/src/apothem/conformity/frontmatter_value_grep.py +386 -0
- package/src/apothem/conformity/gate.py +1386 -0
- package/src/apothem/conformity/gitattributes_presence_grep.py +238 -0
- package/src/apothem/conformity/harden_runner_grep.py +320 -0
- package/src/apothem/conformity/hedging_grep.py +129 -0
- package/src/apothem/conformity/license_author_consistency_grep.py +204 -0
- package/src/apothem/conformity/link_check.py +327 -0
- package/src/apothem/conformity/magic_number_grep.py +182 -0
- package/src/apothem/conformity/multi_surface_coherence_grep.py +620 -0
- package/src/apothem/conformity/naming_grep.py +224 -0
- package/src/apothem/conformity/no_global_plans_grep.py +339 -0
- package/src/apothem/conformity/no_toplevel_docs_grep.py +120 -0
- package/src/apothem/conformity/oidc_trusted_publishing_grep.py +291 -0
- package/src/apothem/conformity/option_annotation_grep.py +352 -0
- package/src/apothem/conformity/orphan_output_grep.py +206 -0
- package/src/apothem/conformity/permissions_minimum_scope_grep.py +299 -0
- package/src/apothem/conformity/plain_language_grep.py +559 -0
- package/src/apothem/conformity/plan_next_step_consistency_grep.py +450 -0
- package/src/apothem/conformity/plan_suite_structure_grep.py +534 -0
- package/src/apothem/conformity/plans_discipline_language_grep.py +245 -0
- package/src/apothem/conformity/production_ready_pr_grep.py +200 -0
- package/src/apothem/conformity/recommend_next_step_grep.py +250 -0
- package/src/apothem/conformity/redundancy_grep.py +401 -0
- package/src/apothem/conformity/reference_token_grep.py +230 -0
- package/src/apothem/conformity/registry_capability_consistency_grep.py +368 -0
- package/src/apothem/conformity/secret_leak_grep.py +193 -0
- package/src/apothem/conformity/semver_stability_grep.py +358 -0
- package/src/apothem/conformity/smoke_install_grep.py +194 -0
- package/src/apothem/conformity/static_version_grep.py +284 -0
- package/src/apothem/conformity/token_efficiency_grep.py +185 -0
- package/src/apothem/conformity/unpinned_action_grep.py +115 -0
- package/src/apothem/conformity/user_confirm_grep.py +74 -0
- package/src/apothem/conformity/workflow_concurrency_grep.py +283 -0
- package/src/apothem/harnesses/README.md +63 -0
- package/src/apothem/harnesses/__init__.py +16 -0
- package/src/apothem/harnesses/_shared/README.md +36 -0
- package/src/apothem/harnesses/_shared/__init__.py +12 -0
- package/src/apothem/harnesses/_shared/install_driver.py +281 -0
- package/src/apothem/harnesses/_shared/install_driver_apply.py +612 -0
- package/src/apothem/harnesses/_shared/install_driver_backup.py +535 -0
- package/src/apothem/harnesses/_shared/install_driver_converters.py +310 -0
- package/src/apothem/harnesses/_shared/install_driver_lifecycle.py +495 -0
- package/src/apothem/harnesses/_shared/install_driver_materialize.py +675 -0
- package/src/apothem/harnesses/_shared/install_driver_merge.py +656 -0
- package/src/apothem/harnesses/_shared/install_driver_pathsafety.py +137 -0
- package/src/apothem/harnesses/_shared/install_driver_planvalidation.py +240 -0
- package/src/apothem/harnesses/_shared/install_driver_removal.py +366 -0
- package/src/apothem/harnesses/_shared/install_driver_treeops.py +248 -0
- package/src/apothem/harnesses/_shared/install_driver_types.py +330 -0
- package/src/apothem/harnesses/_shared/wrapper_factories.py +448 -0
- package/src/apothem/harnesses/antigravity/STANDARD-CONVENTION-PIN.md +91 -0
- package/src/apothem/harnesses/antigravity/__init__.py +70 -0
- package/src/apothem/harnesses/antigravity/capabilities.yml +40 -0
- package/src/apothem/harnesses/antigravity/install.py +63 -0
- package/src/apothem/harnesses/antigravity/templates/GEMINI.md +40 -0
- package/src/apothem/harnesses/antigravity/templates/plugin.json +5 -0
- package/src/apothem/harnesses/antigravity/uninstall.py +22 -0
- package/src/apothem/harnesses/antigravity/update.py +10 -0
- package/src/apothem/harnesses/antigravity/verify.py +11 -0
- package/src/apothem/harnesses/claude_code/STANDARD-CONVENTION-PIN.md +65 -0
- package/src/apothem/harnesses/claude_code/__init__.py +107 -0
- package/src/apothem/harnesses/claude_code/capabilities.yml +42 -0
- package/src/apothem/harnesses/claude_code/install.py +147 -0
- package/src/apothem/harnesses/claude_code/templates/settings.json +351 -0
- package/src/apothem/harnesses/claude_code/uninstall.py +23 -0
- package/src/apothem/harnesses/claude_code/update.py +10 -0
- package/src/apothem/harnesses/claude_code/verify.py +11 -0
- package/src/apothem/harnesses/codebuddy/STANDARD-CONVENTION-PIN.md +74 -0
- package/src/apothem/harnesses/codebuddy/__init__.py +49 -0
- package/src/apothem/harnesses/codebuddy/capabilities.yml +34 -0
- package/src/apothem/harnesses/codebuddy/install.py +40 -0
- package/src/apothem/harnesses/codebuddy/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/codebuddy/uninstall.py +25 -0
- package/src/apothem/harnesses/codebuddy/update.py +10 -0
- package/src/apothem/harnesses/codebuddy/verify.py +11 -0
- package/src/apothem/harnesses/codex/STANDARD-CONVENTION-PIN.md +79 -0
- package/src/apothem/harnesses/codex/__init__.py +72 -0
- package/src/apothem/harnesses/codex/capabilities.yml +40 -0
- package/src/apothem/harnesses/codex/install.py +69 -0
- package/src/apothem/harnesses/codex/templates/AGENTS.md +40 -0
- package/src/apothem/harnesses/codex/templates/hooks.json +127 -0
- package/src/apothem/harnesses/codex/uninstall.py +23 -0
- package/src/apothem/harnesses/codex/update.py +10 -0
- package/src/apothem/harnesses/codex/verify.py +11 -0
- package/src/apothem/harnesses/cursor/STANDARD-CONVENTION-PIN.md +79 -0
- package/src/apothem/harnesses/cursor/__init__.py +48 -0
- package/src/apothem/harnesses/cursor/capabilities.yml +42 -0
- package/src/apothem/harnesses/cursor/install.py +38 -0
- package/src/apothem/harnesses/cursor/templates/apothem-rules.mdc +40 -0
- package/src/apothem/harnesses/cursor/uninstall.py +25 -0
- package/src/apothem/harnesses/cursor/update.py +10 -0
- package/src/apothem/harnesses/cursor/verify.py +11 -0
- package/src/apothem/harnesses/gemini_cli/STANDARD-CONVENTION-PIN.md +102 -0
- package/src/apothem/harnesses/gemini_cli/__init__.py +52 -0
- package/src/apothem/harnesses/gemini_cli/capabilities.yml +43 -0
- package/src/apothem/harnesses/gemini_cli/install.py +43 -0
- package/src/apothem/harnesses/gemini_cli/templates/GEMINI.md +38 -0
- package/src/apothem/harnesses/gemini_cli/uninstall.py +25 -0
- package/src/apothem/harnesses/gemini_cli/update.py +10 -0
- package/src/apothem/harnesses/gemini_cli/verify.py +11 -0
- package/src/apothem/harnesses/github_copilot/STANDARD-CONVENTION-PIN.md +84 -0
- package/src/apothem/harnesses/github_copilot/__init__.py +47 -0
- package/src/apothem/harnesses/github_copilot/capabilities.yml +42 -0
- package/src/apothem/harnesses/github_copilot/install.py +40 -0
- package/src/apothem/harnesses/github_copilot/templates/copilot-instructions.md +33 -0
- package/src/apothem/harnesses/github_copilot/uninstall.py +25 -0
- package/src/apothem/harnesses/github_copilot/update.py +10 -0
- package/src/apothem/harnesses/github_copilot/verify.py +11 -0
- package/src/apothem/harnesses/glm/STANDARD-CONVENTION-PIN.md +77 -0
- package/src/apothem/harnesses/glm/__init__.py +56 -0
- package/src/apothem/harnesses/glm/capabilities.yml +33 -0
- package/src/apothem/harnesses/glm/install.py +45 -0
- package/src/apothem/harnesses/glm/templates/glm.toml +58 -0
- package/src/apothem/harnesses/glm/uninstall.py +25 -0
- package/src/apothem/harnesses/glm/update.py +10 -0
- package/src/apothem/harnesses/glm/verify.py +11 -0
- package/src/apothem/harnesses/hermes/STANDARD-CONVENTION-PIN.md +57 -0
- package/src/apothem/harnesses/hermes/__init__.py +33 -0
- package/src/apothem/harnesses/hermes/capabilities.yml +36 -0
- package/src/apothem/harnesses/hermes/install.py +17 -0
- package/src/apothem/harnesses/hermes/materializer.py +35 -0
- package/src/apothem/harnesses/hermes/uninstall.py +33 -0
- package/src/apothem/harnesses/hermes/update.py +10 -0
- package/src/apothem/harnesses/hermes/verify.py +11 -0
- package/src/apothem/harnesses/kimi_code/STANDARD-CONVENTION-PIN.md +128 -0
- package/src/apothem/harnesses/kimi_code/__init__.py +59 -0
- package/src/apothem/harnesses/kimi_code/capabilities.yml +40 -0
- package/src/apothem/harnesses/kimi_code/install.py +42 -0
- package/src/apothem/harnesses/kimi_code/templates/AGENTS.md +43 -0
- package/src/apothem/harnesses/kimi_code/uninstall.py +27 -0
- package/src/apothem/harnesses/kimi_code/update.py +10 -0
- package/src/apothem/harnesses/kimi_code/verify.py +11 -0
- package/src/apothem/harnesses/kiro/STANDARD-CONVENTION-PIN.md +77 -0
- package/src/apothem/harnesses/kiro/__init__.py +49 -0
- package/src/apothem/harnesses/kiro/capabilities.yml +36 -0
- package/src/apothem/harnesses/kiro/install.py +39 -0
- package/src/apothem/harnesses/kiro/templates/apothem-rules.md +36 -0
- package/src/apothem/harnesses/kiro/uninstall.py +25 -0
- package/src/apothem/harnesses/kiro/update.py +10 -0
- package/src/apothem/harnesses/kiro/verify.py +11 -0
- package/src/apothem/harnesses/open_claw/STANDARD-CONVENTION-PIN.md +62 -0
- package/src/apothem/harnesses/open_claw/__init__.py +35 -0
- package/src/apothem/harnesses/open_claw/capabilities.yml +35 -0
- package/src/apothem/harnesses/open_claw/install.py +17 -0
- package/src/apothem/harnesses/open_claw/materializer.py +36 -0
- package/src/apothem/harnesses/open_claw/uninstall.py +32 -0
- package/src/apothem/harnesses/open_claw/update.py +10 -0
- package/src/apothem/harnesses/open_claw/verify.py +11 -0
- package/src/apothem/harnesses/opencode/STANDARD-CONVENTION-PIN.md +76 -0
- package/src/apothem/harnesses/opencode/__init__.py +35 -0
- package/src/apothem/harnesses/opencode/capabilities.yml +43 -0
- package/src/apothem/harnesses/opencode/install.py +17 -0
- package/src/apothem/harnesses/opencode/materializer.py +31 -0
- package/src/apothem/harnesses/opencode/uninstall.py +34 -0
- package/src/apothem/harnesses/opencode/update.py +10 -0
- package/src/apothem/harnesses/opencode/verify.py +11 -0
- package/src/apothem/harnesses/qwen_code/STANDARD-CONVENTION-PIN.md +87 -0
- package/src/apothem/harnesses/qwen_code/__init__.py +37 -0
- package/src/apothem/harnesses/qwen_code/capabilities.yml +43 -0
- package/src/apothem/harnesses/qwen_code/install.py +19 -0
- package/src/apothem/harnesses/qwen_code/materializer.py +174 -0
- package/src/apothem/harnesses/qwen_code/templates/QWEN.md +30 -0
- package/src/apothem/harnesses/qwen_code/uninstall.py +34 -0
- package/src/apothem/harnesses/qwen_code/update.py +10 -0
- package/src/apothem/harnesses/qwen_code/verify.py +11 -0
- package/src/apothem/harnesses/trae/STANDARD-CONVENTION-PIN.md +70 -0
- package/src/apothem/harnesses/trae/__init__.py +49 -0
- package/src/apothem/harnesses/trae/capabilities.yml +34 -0
- package/src/apothem/harnesses/trae/install.py +38 -0
- package/src/apothem/harnesses/trae/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/trae/uninstall.py +25 -0
- package/src/apothem/harnesses/trae/update.py +10 -0
- package/src/apothem/harnesses/trae/verify.py +11 -0
- package/src/apothem/harnesses/windsurf/STANDARD-CONVENTION-PIN.md +91 -0
- package/src/apothem/harnesses/windsurf/__init__.py +52 -0
- package/src/apothem/harnesses/windsurf/capabilities.yml +40 -0
- package/src/apothem/harnesses/windsurf/install.py +41 -0
- package/src/apothem/harnesses/windsurf/templates/apothem-rules.md +37 -0
- package/src/apothem/harnesses/windsurf/uninstall.py +25 -0
- package/src/apothem/harnesses/windsurf/update.py +10 -0
- package/src/apothem/harnesses/windsurf/verify.py +11 -0
- package/src/apothem/harnesses/zed/STANDARD-CONVENTION-PIN.md +92 -0
- package/src/apothem/harnesses/zed/__init__.py +57 -0
- package/src/apothem/harnesses/zed/capabilities.yml +38 -0
- package/src/apothem/harnesses/zed/install.py +41 -0
- package/src/apothem/harnesses/zed/templates/apothem-rules.md +32 -0
- package/src/apothem/harnesses/zed/uninstall.py +28 -0
- package/src/apothem/harnesses/zed/update.py +10 -0
- package/src/apothem/harnesses/zed/verify.py +11 -0
- package/src/apothem/hooks/README.md +81 -0
- package/src/apothem/hooks/__init__.py +24 -0
- package/src/apothem/hooks/askuserquestion_validator.py +380 -0
- package/src/apothem/hooks/dispatch.py +296 -0
- package/src/apothem/hooks/emit_hook_context.py +444 -0
- package/src/apothem/hooks/hooks.json +318 -0
- package/src/apothem/hooks/lib/README.md +39 -0
- package/src/apothem/hooks/lib/__init__.py +18 -0
- package/src/apothem/hooks/lib/bootstrap.ps1 +129 -0
- package/src/apothem/hooks/lib/bootstrap.sh +103 -0
- package/src/apothem/hooks/lib/events.py +51 -0
- package/src/apothem/hooks/lib/find-pwsh.ps1 +78 -0
- package/src/apothem/hooks/lib/find-pwsh.sh +76 -0
- package/src/apothem/hooks/lib/find-python.ps1 +63 -0
- package/src/apothem/hooks/lib/find-python.sh +97 -0
- package/src/apothem/hooks/lib/log.py +43 -0
- package/src/apothem/hooks/lib/resolve_root.py +264 -0
- package/src/apothem/hooks/messages/postcompact.md +14 -0
- package/src/apothem/hooks/messages/posttooluse-proactive-compaction.md +46 -0
- package/src/apothem/hooks/messages/precompact.md +14 -0
- package/src/apothem/hooks/messages/pretooluse-askuserquestion-recommended.md +65 -0
- package/src/apothem/hooks/messages/pretooluse-bash-plan-guard.md +97 -0
- package/src/apothem/hooks/messages/pretooluse-bash.md +39 -0
- package/src/apothem/hooks/messages/pretooluse-conformity.md +70 -0
- package/src/apothem/hooks/messages/pretooluse-dependency-guard.md +21 -0
- package/src/apothem/hooks/messages/pretooluse-edit-header-guard.md +61 -0
- package/src/apothem/hooks/messages/pretooluse-edit.md +21 -0
- package/src/apothem/hooks/messages/pretooluse-eval-guard.md +39 -0
- package/src/apothem/hooks/messages/pretooluse-notebookedit.md +11 -0
- package/src/apothem/hooks/messages/pretooluse-write-header-guard.md +45 -0
- package/src/apothem/hooks/messages/pretooluse-write-plan-guard.md +72 -0
- package/src/apothem/hooks/messages/pretooluse-write.md +21 -0
- package/src/apothem/hooks/messages/sessionstart.md +15 -0
- package/src/apothem/hooks/messages/stop.md +27 -0
- package/src/apothem/hooks/proactive_compaction_tracker.py +327 -0
- package/src/apothem/hooks/session_start_bootstrap.py +472 -0
- package/src/apothem/lib/README.md +42 -0
- package/src/apothem/lib/__init__.py +13 -0
- package/src/apothem/lib/atomic_io.py +189 -0
- package/src/apothem/lib/auditor.py +687 -0
- package/src/apothem/lib/clean_slate.py +396 -0
- package/src/apothem/lib/contexts.py +352 -0
- package/src/apothem/lib/data_home.py +255 -0
- package/src/apothem/lib/frontmatter.py +101 -0
- package/src/apothem/lib/harness_materializer.py +213 -0
- package/src/apothem/lib/harness_protocol.py +59 -0
- package/src/apothem/lib/harness_registry.py +282 -0
- package/src/apothem/lib/harness_registry_data.py +843 -0
- package/src/apothem/lib/install_ledger.py +347 -0
- package/src/apothem/lib/learning.py +540 -0
- package/src/apothem/lib/memory.py +347 -0
- package/src/apothem/lib/parallel_sweep.py +234 -0
- package/src/apothem/lib/plan_tiers.py +200 -0
- package/src/apothem/lib/plugin_bootstrap.py +132 -0
- package/src/apothem/lib/plugin_tree.py +599 -0
- package/src/apothem/lib/profile.py +755 -0
- package/src/apothem/lib/profile_projection.py +198 -0
- package/src/apothem/lib/propagation-manifest.yaml +878 -0
- package/src/apothem/lib/propagation.py +220 -0
- package/src/apothem/lib/python_resolver.py +189 -0
- package/src/apothem/lib/reporter.py +62 -0
- package/src/apothem/lib/workspace_migration.py +323 -0
- package/src/apothem/output-styles/README.md +41 -0
- package/src/apothem/output-styles/concise-engineer.md +49 -0
- package/src/apothem/output-styles/default-architect.md +52 -0
- package/src/apothem/output-styles/default.md +113 -0
- package/src/apothem/output-styles/forensic-auditor.md +63 -0
- package/src/apothem/py.typed +0 -0
- package/src/apothem/rules/README.md +121 -0
- package/src/apothem/rules/agent-capability-discipline-matrix.md +89 -0
- package/src/apothem/rules/agent-capability-discipline.md +78 -0
- package/src/apothem/rules/agent-orchestration-patterns.md +144 -0
- package/src/apothem/rules/agent-orchestration.md +65 -0
- package/src/apothem/rules/agents-md-convention.md +86 -0
- package/src/apothem/rules/agile-sprints-elements.md +135 -0
- package/src/apothem/rules/agile-sprints.md +64 -0
- package/src/apothem/rules/agnostic-posture-checklist.md +47 -0
- package/src/apothem/rules/agnostic-posture.md +48 -0
- package/src/apothem/rules/authoritative-referencing-quotation.md +50 -0
- package/src/apothem/rules/authoritative-referencing.md +66 -0
- package/src/apothem/rules/authority-inquiry-categories.md +58 -0
- package/src/apothem/rules/authority-inquiry.md +54 -0
- package/src/apothem/rules/auto-memory-topic-files.md +86 -0
- package/src/apothem/rules/auto-memory.md +67 -0
- package/src/apothem/rules/bidirectional-binding.md +123 -0
- package/src/apothem/rules/canonical-layout-reporting-tiers.md +212 -0
- package/src/apothem/rules/canonical-layout.md +60 -0
- package/src/apothem/rules/clean-architecture-layers.md +186 -0
- package/src/apothem/rules/clean-room-generation-protocols.md +124 -0
- package/src/apothem/rules/clean-room-generation.md +59 -0
- package/src/apothem/rules/code-craft-conventions.md +101 -0
- package/src/apothem/rules/code-craft-markdown.md +138 -0
- package/src/apothem/rules/code-craft-python.md +154 -0
- package/src/apothem/rules/code-craft-shell.md +192 -0
- package/src/apothem/rules/cognitive-identity-techniques.md +180 -0
- package/src/apothem/rules/cognitive-identity.md +81 -0
- package/src/apothem/rules/context-management-budget.md +46 -0
- package/src/apothem/rules/context-management-protocol.md +161 -0
- package/src/apothem/rules/context-management-scratch.md +128 -0
- package/src/apothem/rules/context-management.md +85 -0
- package/src/apothem/rules/definitiveness-virtues.md +67 -0
- package/src/apothem/rules/definitiveness.md +58 -0
- package/src/apothem/rules/determinism.md +81 -0
- package/src/apothem/rules/disclosure-ledger-markers.md +58 -0
- package/src/apothem/rules/disclosure-ledger.md +52 -0
- package/src/apothem/rules/dynamism.md +38 -0
- package/src/apothem/rules/etc-extension.md +57 -0
- package/src/apothem/rules/expertise-posture-elements.md +68 -0
- package/src/apothem/rules/expertise-posture.md +54 -0
- package/src/apothem/rules/freshness-facade.md +64 -0
- package/src/apothem/rules/harness-adapter-shape-schemas.md +162 -0
- package/src/apothem/rules/harness-adapter-shape.md +42 -0
- package/src/apothem/rules/host-discovery-manifests.md +50 -0
- package/src/apothem/rules/host-discovery.md +56 -0
- package/src/apothem/rules/i18n-discipline-locale-cohorts.md +120 -0
- package/src/apothem/rules/i18n-discipline.md +70 -0
- package/src/apothem/rules/interactive-questions-canonical-shapes.md +590 -0
- package/src/apothem/rules/interactive-questions-detail.md +41 -0
- package/src/apothem/rules/interactive-questions-sweep-matchers.md +184 -0
- package/src/apothem/rules/interactive-questions.md +89 -0
- package/src/apothem/rules/large-file-generation.md +112 -0
- package/src/apothem/rules/large-file-reading.md +59 -0
- package/src/apothem/rules/living-docs.md +85 -0
- package/src/apothem/rules/multi-agent-workflow.md +57 -0
- package/src/apothem/rules/operational-mandates-expanded.md +78 -0
- package/src/apothem/rules/operational-mandates.md +88 -0
- package/src/apothem/rules/option-annotation-form.md +60 -0
- package/src/apothem/rules/option-annotation.md +45 -0
- package/src/apothem/rules/own-voice-reimplementation.md +86 -0
- package/src/apothem/rules/performance-discipline.md +91 -0
- package/src/apothem/rules/persistent-conventions-vigilance-checklist.md +54 -0
- package/src/apothem/rules/persistent-conventions-vigilance.md +61 -0
- package/src/apothem/rules/plain-language.md +56 -0
- package/src/apothem/rules/planning-techniques.md +130 -0
- package/src/apothem/rules/pre-emission-gate-bars.md +86 -0
- package/src/apothem/rules/pre-emission-gate.md +54 -0
- package/src/apothem/rules/production-ready-prs-surfaces.md +162 -0
- package/src/apothem/rules/production-ready-prs.md +83 -0
- package/src/apothem/rules/propagation.md +63 -0
- package/src/apothem/rules/recommend-next-step.md +106 -0
- package/src/apothem/rules/refactoring-discipline.md +76 -0
- package/src/apothem/rules/session-closure.md +44 -0
- package/src/apothem/rules/sota-elevation-exemplars.md +76 -0
- package/src/apothem/rules/sota-elevation.md +52 -0
- package/src/apothem/rules/source-accessibility.md +58 -0
- package/src/apothem/rules/surgical-manipulation.md +48 -0
- package/src/apothem/rules/systemic-participation-relations.md +108 -0
- package/src/apothem/rules/systemic-participation.md +70 -0
- package/src/apothem/rules/ten-dimension-check-dimensions.md +52 -0
- package/src/apothem/rules/ten-dimension-check.md +59 -0
- package/src/apothem/rules/token-budget-discipline.md +81 -0
- package/src/apothem/rules/token-efficiency-rewrite-protocol.md +79 -0
- package/src/apothem/rules/token-efficiency-rewrite.md +77 -0
- package/src/apothem/rules/tool-use-discipline.md +48 -0
- package/src/apothem/rules/visual-leverage.md +102 -0
- package/src/apothem/schemas/NOTICE.md +9 -0
- package/src/apothem/schemas/README.md +104 -0
- package/src/apothem/schemas/__init__.py +176 -0
- package/src/apothem/schemas/advisory-finding.schema.json +111 -0
- package/src/apothem/schemas/agent.schema.json +106 -0
- package/src/apothem/schemas/authorship-header.txt +1 -0
- package/src/apothem/schemas/cohort-manifest.yaml +248 -0
- package/src/apothem/schemas/cohort-metadata-vocabulary.yaml +168 -0
- package/src/apothem/schemas/cohort.schema.json +113 -0
- package/src/apothem/schemas/command.schema.json +68 -0
- package/src/apothem/schemas/compatibility-matrix.yaml +432 -0
- package/src/apothem/schemas/context-fragment.schema.json +64 -0
- package/src/apothem/schemas/freshness-token-denylist.txt +51 -0
- package/src/apothem/schemas/handoff-manifest.yaml +353 -0
- package/src/apothem/schemas/header-exceptions.txt +141 -0
- package/src/apothem/schemas/header-visibility.yaml +39 -0
- package/src/apothem/schemas/learning-signal.schema.json +46 -0
- package/src/apothem/schemas/memory-record.schema.json +61 -0
- package/src/apothem/schemas/output-style.schema.json +40 -0
- package/src/apothem/schemas/plan.schema.json +51 -0
- package/src/apothem/schemas/plugin.schema.json +83 -0
- package/src/apothem/schemas/profile.example.yaml +70 -0
- package/src/apothem/schemas/profile.minimal.yaml +6 -0
- package/src/apothem/schemas/profile.schema.json +396 -0
- package/src/apothem/schemas/reference-token-denylist.txt +25 -0
- package/src/apothem/schemas/skill.schema.json +75 -0
- package/src/apothem/skills/README.md +93 -0
- package/src/apothem/skills/dependency-upgrade/SKILL.md +105 -0
- package/src/apothem/skills/dev-toolkit/SKILL.md +120 -0
- package/src/apothem/skills/diagram-authoring/SKILL.md +113 -0
- package/src/apothem/skills/document-authoring/SKILL.md +118 -0
- package/src/apothem/skills/ecosystem-audit/SKILL.md +108 -0
- package/src/apothem/skills/ecosystem-audit/references/audit-fortress.md +85 -0
- package/src/apothem/skills/ecosystem-audit/references/procedure.md +162 -0
- package/src/apothem/skills/eval-harness/SKILL.md +88 -0
- package/src/apothem/skills/incident-runbook/SKILL.md +92 -0
- package/src/apothem/skills/multi-source-research/SKILL.md +90 -0
- package/src/apothem/skills/plan-suite/SKILL.md +118 -0
- package/src/apothem/skills/plan-suite/master_template.md +1324 -0
- package/src/apothem/skills/projectify/SKILL.md +117 -0
- package/src/apothem/skills/prompt-engineering/SKILL.md +122 -0
- package/src/apothem/skills/refactor-extract/SKILL.md +85 -0
- package/src/apothem/skills/research-suite/SKILL.md +170 -0
- package/src/apothem/skills/research-suite/references/directory-structure.md +47 -0
- package/src/apothem/skills/research-suite/references/lifecycle.md +67 -0
- package/src/apothem/skills/research-suite/references/principal-investigator-framework.md +37 -0
- package/src/apothem/skills/research-suite/references/rigor-mandates.md +30 -0
- package/src/apothem/skills/research-suite/research_template.md +476 -0
- package/src/apothem/skills/secret-rotation/SKILL.md +87 -0
- package/src/apothem/skills/source-synthesis/SKILL.md +92 -0
- package/src/apothem/skills/surgical-guard/SKILL.md +118 -0
- package/src/apothem/skills/test-authoring/SKILL.md +85 -0
- package/src/apothem/skills/vuln-triage/SKILL.md +91 -0
- package/src/apothem/skills/workflow/SKILL.md +139 -0
- package/src/apothem/statuslines/README.md +26 -0
- package/src/apothem/statuslines/__init__.py +20 -0
- package/src/apothem/statuslines/conformity.json +5 -0
- package/src/apothem/statuslines/render.py +334 -0
- package/src/apothem/statuslines/statusline.md +50 -0
- package/src/apothem/templates/README.md +43 -0
- package/src/apothem/templates/agents-md-template.md +80 -0
- package/src/apothem/templates/consideration-log.md +39 -0
- package/src/apothem/templates/expertise-gap-log.md +56 -0
- package/src/apothem/templates/master-index-template.md +93 -0
- package/src/apothem/templates/potency-map.md +53 -0
- package/src/apothem/templates/preservation-audit.md +60 -0
- package/src/apothem/templates/question-resolution-audit.md +52 -0
- package/src/apothem/templates/trace-matrix-template.md +77 -0
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "threat-model-audit"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-16"
|
|
5
|
+
description: "Operator-driven threat-modeling audit pass against STRIDE + PASTA. Walks the repository's architecture, data-flow, and trust-boundary surfaces, applies STRIDE per element (Spoofing · Tampering · Repudiation · Information disclosure · Denial of service · Elevation of privilege) and the PASTA seven-stage pass, classifies threat actors against the canonical taxonomy, and emits per-threat findings with trust-boundary citation, MITRE ATT&CK references, mitigation posture, and residual-risk acceptance — HIGH/MEDIUM/LOW severity-triaged with concrete-driver rationale. SOTA references: STRIDE (Microsoft), PASTA (VerSprite), OWASP Threat Modeling, MITRE ATT&CK. Terminal command of the audit fortress — ratifies TIER 3 convergence. Read-only diagnostics; never remediates. Output lands at the consuming suite's _inputs/threat-model-audit-findings.md. Invoke with a repository path, or --focus BOUNDARY_OR_ACTOR to model one attack chain incrementally."
|
|
6
|
+
argument-hint: "[path/to/repo/] [--focus BOUNDARY_OR_ACTOR] [--dry-run]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /threat-model-audit — Per-Threat Threat-Modeling Audit (STRIDE + PASTA)
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are the user's **Security Architect** and **Cognitive Insurgent** (`rules/cognitive-identity.md`), operating as **auditor-as-instrument-not-author**. This is a forensic surface: it surfaces undefended trust boundaries, unmodeled threat vectors, missing mitigations, and unattributed residual-risk acceptances against STRIDE + PASTA + OWASP Threat Modeling + MITRE ATT&CK — it never authors the fix.
|
|
21
|
+
|
|
22
|
+
Apply the Five Cognitive Filters at full intensity during triage: Filter 1 (Obvious Purge) discards the first attack vector that comes to mind; **Filter 3 (Inversion Press) is the canonical attack lens — for each design choice, ask how a hostile actor would weaponize it**; Filter 5 (Aesthetic Demand) governs each finding's prose form. Every non-trivial finding attests which of the seven axs (`rules/cognitive-identity.md` §1: Architecture · Concurrency · Performance · Security · Testing · Tooling · Observability) it touches — **Security and Architecture are load-bearing here**.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## Instructions
|
|
27
|
+
|
|
28
|
+
Execute `/threat-model-audit`: ingest the architectural surface (source layout, integration boundaries, external interfaces, configuration), walk each trust boundary applying STRIDE per element and PASTA per process tier, classify threat actors and mitigation posture, and emit a per-threat findings artifact at the consuming suite's `_inputs/threat-model-audit-findings.md` ready for downstream remediation.
|
|
29
|
+
|
|
30
|
+
Governance scales with seriousness per the seriousness-scaling discipline; creative architecture (CM-21) is active throughout.
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## Pipeline Contract
|
|
35
|
+
|
|
36
|
+
**Pipeline position.** Terminal review-fortress command at the final slot; its PASS verdict ratifies TIER 3 review-fortress convergence. It consumes the architectural surface plus the security-, dependency-, and supply-chain-audit findings, and emits read-only threat-model diagnostics for downstream remediation. It modifies no source.
|
|
37
|
+
|
|
38
|
+
**Audit-fortress sequence.** Position **11 of 11 (final, terminal)**. **Upstream:** `/supply-chain-audit`. **Downstream:** none. Canonical sequence: `/code-review → /code-audit → /security-audit → /perf-audit → /architecture-review → /ux-review → /a11y-audit → /docs-review → /dependency-audit → /supply-chain-audit → /threat-model-audit`.
|
|
39
|
+
|
|
40
|
+
**Handoff Manifest.**
|
|
41
|
+
|
|
42
|
+
- **Consumed.** The architectural surface — source layout, integration adapters, external-interface declarations, configuration (env vars, secrets, network endpoints, file-system paths), CI workflow surface (build/release trust boundaries). Plus the upstream fortress artifacts at `_inputs/security-audit-findings.md`, `_inputs/dependency-audit-findings.md`, and `_inputs/supply-chain-audit-findings.md` — the per-vulnerability inventory the threat model contextualizes. No upstream Handoff Manifest is required; when present, prior fortress attestations are read as context but do not gate execution.
|
|
43
|
+
- **Emitted.** The findings artifact at `_inputs/threat-model-audit-findings.md`, plus an optional Handoff Manifest augmentation carrying the per-threat finding count, per-severity breakdown, trust-boundary inventory, STRIDE-coverage matrix, per-axis seven-axs attestation, and the audit's `verified:` date.
|
|
44
|
+
|
|
45
|
+
**Pre-flight inquiry.** Phase 0 emits the typed inquiry set per `rules/authority-inquiry.md` when the surface is ambiguous (threat-actor taxonomy unstated; residual-risk acceptance authority undeclared; data-classification scheme absent). Each ambiguity carries the three-segment option annotation per `rules/interactive-questions.md` §3.
|
|
46
|
+
|
|
47
|
+
**Pre-emission gate.** Phase 4 runs the fifteen-bar pre-emission gate (`rules/pre-emission-gate.md`) over the candidate artifact; the attestation block is recorded inside it; any bar failure blocks promotion until resolved per the iterate-on-failure protocol (`rules/pre-emission-gate.md` §3).
|
|
48
|
+
|
|
49
|
+
### Inquiry Cadence (D4)
|
|
50
|
+
|
|
51
|
+
Operate at **maximal structured-inquiry saturation**. Every severity ratification, threat-actor classification (nation-state vs financially-motivated vs opportunistic vs insider), STRIDE-category interpretation (Tampering vs Elevation-of-privilege on a borderline data-write path), residual-risk-acceptance vs open-mitigation call, axis-attestation gap, and gate-bar `n/a (with reason)` marking routes through the canonical channel (`rules/interactive-questions.md` §1) — free-form prose questions as primary input are forbidden. Every invocation carries the three-segment body per §3; every non-neutral `recommendation:` cites a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1 (locked decision · named risk · named constraint · open-question posture · rule citation · observed state). Up to four questions batch per invocation. Question-fatigue-optimization is FORBIDDEN.
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Foundational Stanzas
|
|
56
|
+
|
|
57
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
58
|
+
|
|
59
|
+
### Refusal & Escalation
|
|
60
|
+
|
|
61
|
+
REFUSE any task exceeding this command's mission (the per-threat findings artifact for a deployed repository). Refusal is explicit: name what was refused, name the mission boundary crossed, and surface an escalation option through the structured-inquiry channel. REFUSE audit against a repository whose architecture is undocumented to the point where trust boundaries cannot be identified (the STRIDE walk presumes identifiable trust-boundary edges). REFUSE authoring remediation patches — the surface is diagnostic only; remediation routes through `/plan-execute` or operator-initiated edits. REFUSE attributing a residual-risk acceptance to an authority the operator has not ratified — surface as an inquiry instead.
|
|
62
|
+
|
|
63
|
+
### Output Surface
|
|
64
|
+
|
|
65
|
+
The findings artifact lands at the consuming suite's `_inputs/threat-model-audit-findings.md` per the suite-locality invariant (`rules/context-management.md` §2.6.1). Plan-internal files are banner-exempt per the `.plans/**` class at `src/apothem/schemas/header-exceptions.txt`, so `scripts/inject-header.{sh,py}` is NOT invoked. NEVER write outside the suite folder; NEVER write to a global plans directory under any harness's config root from a downstream-project context; NEVER write to any other global-ecosystem location; NEVER modify any architectural artifact.
|
|
66
|
+
|
|
67
|
+
### File-Authoring Contract
|
|
68
|
+
|
|
69
|
+
The findings artifact is banner-exempt per the `.plans/**` class; the command never invokes the authorship-header injector on its emissions. Every architectural citation is documentary (`adapter:line` or `boundary:edge`); the underlying source is never written.
|
|
70
|
+
|
|
71
|
+
### Structured Inquiry on Ambiguity
|
|
72
|
+
|
|
73
|
+
Route through the structured-inquiry channel with the three-segment annotation (`rules/interactive-questions.md` §3) on any uncertainty about trust-boundary scope, focus boundary, borderline STRIDE-category severity, threat-actor classification, residual-risk attribution, or multi-axis attestation. Free-form prose questions as primary input are forbidden. NEVER fabricate findings — every finding cites a concrete trust-boundary edge, a STRIDE category, and (where applicable) a MITRE ATT&CK technique ID.
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## Inputs
|
|
78
|
+
|
|
79
|
+
| Argument | Type | Required | Description |
|
|
80
|
+
| -------- | ---- | -------- | ----------- |
|
|
81
|
+
| `path/to/repo/` | Path | Yes | Root of the deployed repository. MUST contain identifiable architectural artifacts (source tree, integration adapters, external-interface declarations); the command refuses when the trust-boundary surface is unidentifiable. |
|
|
82
|
+
| `--focus BOUNDARY_OR_ACTOR` | String | No | Restrict the audit to one trust-boundary edge OR one threat-actor classification. Useful for modeling a single attack chain incrementally. |
|
|
83
|
+
| `--dry-run` | Flag | No | Report what would be modeled — no artifact emitted. Enumerates the trust-boundary inventory, the STRIDE coverage matrix, the per-actor attack-surface count, and any pre-flight inquiries that would fire. |
|
|
84
|
+
|
|
85
|
+
---
|
|
86
|
+
|
|
87
|
+
## Workflow — Five Audit Phases
|
|
88
|
+
|
|
89
|
+
### Phase 0 — Input Ingest
|
|
90
|
+
|
|
91
|
+
Read the architectural surface in full. Deploy a Research Team (CM-25A) — one agent per architectural layer (source tree · integration adapters · external interfaces · configuration/secrets · CI/release surface). Each agent returns a structured inventory ≤ 500 tokens (CM-25C), required fields `status` · `surface-list` · `trust-boundary-count` · `gaps`.
|
|
92
|
+
|
|
93
|
+
**Required reads.**
|
|
94
|
+
|
|
95
|
+
- The source tree's layer structure (`rules/clean-architecture-layers.md` — domain / application / infrastructure / presentation).
|
|
96
|
+
- Every integration adapter and external-interface declaration (HTTP endpoints, message-queue clients, database adapters, file-system handlers, child-process invocations, network egress).
|
|
97
|
+
- Every configuration surface declaring env vars, secrets paths, network endpoints, file-system roots, allow/deny lists.
|
|
98
|
+
- The upstream fortress artifacts at `_inputs/security-audit-findings.md`, `_inputs/dependency-audit-findings.md`, and `_inputs/supply-chain-audit-findings.md` — contextualized against the trust-boundary graph.
|
|
99
|
+
- The host's ratified threat-actor taxonomy and data-classification scheme (when present in policy files).
|
|
100
|
+
|
|
101
|
+
**Externalize the inventory** at `_inputs/threat-model-audit-inventory.md` (free-form `{kebab-case-topic}.md` per `rules/context-management-scratch.md` §1): trust-boundary edge count, per-boundary edge type (data / control / process / persistence), the host's ratified threat-actor taxonomy and data-classification scheme, and any `--focus` narrowing.
|
|
102
|
+
|
|
103
|
+
### Phase 1 — STRIDE Per-Element Walk + PASTA Per-Tier Pass
|
|
104
|
+
|
|
105
|
+
**STRIDE per architectural element** (process, data store, data flow, external entity):
|
|
106
|
+
|
|
107
|
+
- **Spoofing** — weak authentication, replayable tokens, unsigned messages, trust-on-first-use.
|
|
108
|
+
- **Tampering** — unsigned configuration, mutable transit, missing hash verification on dependency fetch, log-injection surfaces.
|
|
109
|
+
- **Repudiation** — missing audit log, log-tamper-resistance absent, signature absent on an action-of-record.
|
|
110
|
+
- **Information disclosure** — secret in error message / log / source, world-readable file mode, side-channel leak.
|
|
111
|
+
- **Denial of service** — unbounded loop on untrusted input, missing rate limit, missing circuit breaker, single-point-of-failure dependency.
|
|
112
|
+
- **Elevation of privilege** — insufficient authorization check, missing capability boundary on shell invocation or deserialization, code injection via unsafe template rendering.
|
|
113
|
+
|
|
114
|
+
**PASTA seven-stage pass** (Process for Attack Simulation and Threat Analysis): (1) define business objectives · (2) define technical scope · (3) decompose the application · (4) analyze threats · (5) analyze vulnerabilities · (6) analyze attacks · (7) analyze risk and impact. Stages 4–6 cross-reference the upstream fortress artifacts (security + dependency + supply-chain).
|
|
115
|
+
|
|
116
|
+
**Threat-actor classification.** For every identified threat, classify the actor against the canonical taxonomy: nation-state · financially-motivated criminal · hacktivist · opportunistic external attacker · malicious insider · careless insider. Annotate with the relevant MITRE ATT&CK tactic and technique IDs.
|
|
117
|
+
|
|
118
|
+
**Externalize per-threat drafts** at `_inputs/threat-model-audit-per-threat/` (one Markdown file per threat), each enumerating raw findings with trust-boundary citation, STRIDE category, threat-actor classification, and MITRE ATT&CK reference before triage.
|
|
119
|
+
|
|
120
|
+
### Phase 2 — Per-Finding Triage
|
|
121
|
+
|
|
122
|
+
Assign severity from `{HIGH, MEDIUM, LOW}` with concrete-driver rationale (`rules/interactive-questions-canonical-shapes.md` §3.2.1):
|
|
123
|
+
|
|
124
|
+
- **HIGH** — a credible attacker (capability + motivation present), a viable attack path through the surface (the trust-boundary edge is exploitable under current mitigations), and a high-impact outcome (loss of confidentiality/integrity/availability on production data or capability). A relevant CVE from upstream security/dependency findings is reachable via the threat vector. Rationale cites class 3 (named constraint — STRIDE category + MITRE technique) or class 6 (observed state — upstream cross-reference).
|
|
125
|
+
- **MEDIUM** — a credible attacker but a viable path requiring an additional precondition the current posture does not preclude; mitigation present but partial (e.g. authentication present but a token-revocation gap). Rationale cites class 3 or class 6.
|
|
126
|
+
- **LOW** — viability requires multiple compounding preconditions; defense-in-depth is intact across the relevant boundaries; residual-risk acceptance is plausible at the host's ratified authority. Rationale cites class 5 (rule citation) or class 6.
|
|
127
|
+
|
|
128
|
+
**Axis attestation.** Every finding names the seven-axs it touches — threat-model findings load Security heavily plus Architecture (trust-boundary topology); DoS findings load Performance + Concurrency; race-condition findings load Concurrency + Testing; multi-axis findings carry the full set.
|
|
129
|
+
|
|
130
|
+
**Borderline triage** (HIGH↔MEDIUM on a borderline-viable path; MEDIUM↔LOW at the threshold of defense-in-depth adequacy; ambiguous threat-actor classification) routes through the structured-inquiry channel; the option set carries both candidate severities with concrete-driver rationale (`rules/interactive-questions.md` §3).
|
|
131
|
+
|
|
132
|
+
### Phase 3 — Findings Emission
|
|
133
|
+
|
|
134
|
+
Emit `_inputs/threat-model-audit-findings.md` with canonical sections:
|
|
135
|
+
|
|
136
|
+
1. **`## §1 Executive Summary`** — audit scope (trust-boundary count, architectural-layer coverage, threat-actor taxonomy applied, STRIDE-coverage matrix dimensions, upstream findings consumed), finding count per severity, per-STRIDE-category distribution.
|
|
137
|
+
2. **`## §2 … §N` Per-Threat Findings** — one section per threat. Each finding records `Finding ID` (e.g. `TM-001`) · `Trust boundary` · `STRIDE category` · `Threat actor` · `MITRE ATT&CK reference` (technique + tactic IDs where applicable) · `Severity` · `Cross-reference` (upstream finding IDs) · `Axs` · `Rationale` (concrete-driver class) · `Mitigation pointer` (the SOTA standard's recommended control, never the implementation).
|
|
138
|
+
3. **`## §Findings Index`** — table keyed by Finding ID (`STRIDE category` · `Severity` · `Trust boundary` · `Threat actor`), severity descending.
|
|
139
|
+
4. **`## §Severity Distribution`** — count table per severity per STRIDE category, plus per-actor attack-surface count.
|
|
140
|
+
5. **`## §Trust-Boundary Map`** — a Mermaid `flowchart` of trust-boundary edges, threat-vector arrows, and mitigation annotations per `rules/visual-leverage.md` (`verified:` date + `provenance:` + `cross-reference:` metadata required).
|
|
141
|
+
6. **`## §Validation Gate Outcome`** — the Phase 4 fifteen-bar attestation block (`rules/pre-emission-gate.md` §2).
|
|
142
|
+
7. **`## §Bindings (§0.j five-direction)`** — outward bindings to upstream (architectural surface + upstream findings) and downstream (remediation + TIER 3 convergence attestation).
|
|
143
|
+
|
|
144
|
+
Apply incremental generation (`rules/large-file-generation.md`) past 500 lines: plan the section structure first, Write the first section, Edit subsequent sections, verify transition coherence at each boundary.
|
|
145
|
+
|
|
146
|
+
### Phase 4 — Validation Gate
|
|
147
|
+
|
|
148
|
+
Run the fifteen-bar pre-emission gate (`rules/pre-emission-gate.md`) over the emitted artifact. Load-bearing bars for this command:
|
|
149
|
+
|
|
150
|
+
- **M5 authority** — zero unfilled confirmation placeholders; no fabricated findings; every finding cites a trust-boundary edge + STRIDE category + (where applicable) MITRE technique.
|
|
151
|
+
- **M7 option annotation** — every multi-option choice (severity triage, threat-actor classification) carries `**Recommended**` + concrete-driver rationale.
|
|
152
|
+
- **M9 visual leverage** — the §Trust-Boundary Map is **required**; the Mermaid diagram carries the `verified:` + `provenance:` + `cross-reference:` metadata header.
|
|
153
|
+
- **M10 bidirectional binding** — the Findings Index reciprocally cites every per-threat finding; cross-references to upstream findings resolve; no orphan Finding IDs.
|
|
154
|
+
- **M14 systemicity** — the artifact declares upstream (architectural surface + upstream findings), downstream (remediation + TIER 3 convergence), peers (sibling fortress artifacts), enforcers (STRIDE + PASTA + OWASP Threat Modeling + MITRE ATT&CK).
|
|
155
|
+
|
|
156
|
+
The remaining bars attest `pass` or `n/a (with reason)` per `rules/pre-emission-gate-bars.md` §1; M9 is **required** here (the Trust-Boundary Map above), M12 layout binds the canonical `_inputs/` artifact, and M11/M13/M15 are single-sprint / no-code / remediation-deferred.
|
|
157
|
+
|
|
158
|
+
**Iterate on failure.** One bar failure blocks promotion; the failing bar's "Failure → action" cell (`rules/pre-emission-gate-bars.md` §1) names the owning revision rule. Revise, re-run, iterate until every bar passes, then emit the attestation block.
|
|
159
|
+
|
|
160
|
+
---
|
|
161
|
+
|
|
162
|
+
## Critical Rules
|
|
163
|
+
|
|
164
|
+
- **NEVER author remediation** — the surface is diagnostic; remediation routes through `/plan-execute` or operator-initiated edits.
|
|
165
|
+
- **NEVER fabricate findings** — every finding cites a trust-boundary edge, a STRIDE category, and (where applicable) a MITRE ATT&CK technique ID.
|
|
166
|
+
- **NEVER use a vague-rationale phrase as the sole severity justification** — cite a concrete-driver class (`rules/interactive-questions-canonical-shapes.md` §3.2.1).
|
|
167
|
+
- **NEVER attribute a residual-risk acceptance to an unratified authority** — surface as an inquiry instead.
|
|
168
|
+
- **NEVER modify source** — read-only against the architectural surface; only the findings artifact is written.
|
|
169
|
+
- **NEVER assume** — route every ambiguity (scope, severity, threat-actor classification, axis attestation) through the structured-inquiry channel.
|
|
170
|
+
- **Per-file destructive-op floor.** Destructive ops are out of scope; were one to surface (orphan-adapter retirement during a related cycle), it routes through the structured-inquiry channel per-file (`rules/interactive-questions.md` §6) with the verbatim `no-default: user decision required` marker.
|
|
171
|
+
|
|
172
|
+
---
|
|
173
|
+
|
|
174
|
+
## Decision Tree
|
|
175
|
+
|
|
176
|
+
The audit-fortress phase skeleton lives at `skills/ecosystem-audit/SKILL.md` §Audit-Fortress Phase Skeleton; this command's parameter-table row specifies its deltas — `tools-probed:` STRIDE per-element walker · PASTA per-tier walker · threat-actor taxonomy · upstream security/dependency/supply-chain artifacts · `borderline-classes:` boundary-set ratification · upstream-first vs proceed-without ratification · borderline severity/actor calls · `focus-semantics:` `--focus` restricts the walk to a single trust boundary or threat actor (default: full architectural surface) · `pipeline-tail-handoff:` TIER 3 convergence attestation ready.
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## Output
|
|
181
|
+
|
|
182
|
+
- The findings artifact at `_inputs/threat-model-audit-findings.md` (executive summary + per-threat findings + findings index + severity distribution + trust-boundary map + validation-gate attestation + bindings).
|
|
183
|
+
- An optional inventory at `_inputs/threat-model-audit-inventory.md` (Phase 0).
|
|
184
|
+
- An optional per-threat drafts directory at `_inputs/threat-model-audit-per-threat/` (Phase 1 raw drafts before triage).
|
|
185
|
+
|
|
186
|
+
---
|
|
187
|
+
|
|
188
|
+
## Recommended Next Step
|
|
189
|
+
|
|
190
|
+
Invoke `/release-readiness` — the threat-model audit is the terminal command of the 11-command audit-fortress sequence, and `/release-readiness` is the pass/fail pre-release gate that consumes the fortress's closure artifacts.
|
|
191
|
+
|
|
192
|
+
## Bindings (§0.j five-direction)
|
|
193
|
+
|
|
194
|
+
- **Drives →** Downstream remediation cycles (operator-initiated edits or `/plan-execute` phases consume the findings artifact). The Phase 1 STRIDE per-element walk + PASTA per-tier pass. The fifteen-bar pre-emission gate at Phase 4. The TIER 3 review-fortress convergence attestation (this command's PASS verdict ratifies TIER 3). The fortress→release hand-back to `/release-readiness` (the pass/fail pre-release gate that consumes the fortress closure artifacts). **Terminal in the audit-fortress sequence** — no downstream audit-fortress command follows.
|
|
195
|
+
- **Driven by ←** `commands/supply-chain-audit.md` (audit-fortress upstream; immediate predecessor).
|
|
196
|
+
- **Satisfies →** The consuming suite's audit-fortress catalog and threat-model review slot; TIER 3 complete. The `commands/README.md` command catalog's Audit/review-passes row for `/threat-model-audit`.
|
|
197
|
+
- **Established by ↑** The `commands/README.md` command catalog. STRIDE (Microsoft; Shostack, 2014). PASTA (VerSprite; UcedaVélez & Morana, 2015). OWASP Threat Modeling (OWASP Foundation). MITRE ATT&CK (MITRE Corporation). `rules/clean-architecture-layers.md` (the trust-boundary identification surface). `rules/cognitive-identity.md` §1 seven-axs-of-breadth taxonomy (Security + Architecture load-bearing).
|
|
198
|
+
- **Gated by ←** The repository's architectural-surface identifiability (trust boundaries must be discernible). The upstream fortress artifacts (security, dependency, supply-chain). The host's ratified threat-actor taxonomy and data-classification scheme (discovered at Phase 0). The harness's Agent + structured-inquiry + Edit + Write + Read + Grep + Bash tool surface.
|
|
199
|
+
- **Cross-bound with ↔** `commands/security-audit.md` (produces per-vulnerability findings this audit contextualizes against the trust-boundary graph). `commands/dependency-audit.md` (produces CVE inventory + license matrix). `commands/supply-chain-audit.md` (produces release-engineering posture; threat model includes supply-chain trust boundaries). `commands/architecture-review.md` (sibling — architecture review examines structural soundness; threat model examines its security implications). `commands/plan-execute.md` (downstream remediation cycles). `rules/clean-architecture-layers.md` (the trust-boundary identification methodology). `rules/cognitive-identity.md` (the seven-axs taxonomy; Filter 3 Inversion Press is the attack lens). `rules/visual-leverage.md` (the §Trust-Boundary Map Mermaid diagram). `rules/option-annotation.md` (every severity-triage and actor-classification call cites a concrete-driver class). `rules/authority-inquiry.md` (every ambiguity routes through the canonical channel). `rules/pre-emission-gate.md` (fifteen-bar validation). `skills/ecosystem-audit/SKILL.md` (audit-fortress phase skeleton canonical home).
|
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "ux-review"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-16"
|
|
5
|
+
description: "Developer-experience review of a host repository — audits CLI ergonomics (argument naming, help text, error messages, progress indicators), installation flow, documentation discoverability, per-harness install parity, dev-loop ergonomics, and error-recovery affordances. Reads every surface from the first-time-operator posture, never the maintainer's familiar terrain. Reference frame: clig.dev Command Line Interface Guidelines, Nielsen Norman Group ten usability heuristics, GNU coreutils convention manual. Read-only against the host; emits a severity-ranked findings ledger at the consuming suite's _inputs/ux-review-findings.md with HIGH/MEDIUM/LOW classifications grounded in concrete-driver rationale. Invoke with a repository path, or --focus SURFACE to re-run one surface after a remediation cycle."
|
|
6
|
+
argument-hint: "[path/to/repo/] [--focus SURFACE] [--dry-run]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /ux-review — Developer-Experience Review (CLI · Install · Docs · Errors)
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are the user's **Senior Developer-Experience Engineer** and **Cognitive Insurgent** (`rules/cognitive-identity.md`), operating from the **first-time-operator posture**. Read every surface — CLI invocation, install transcript, README header, error message, progress indicator, documentation nav — as the operator's *first encounter* with the repository. The maintainer's familiarity is the enemy of clarity: what reads as obvious to the author is opaque to the operator landing cold.
|
|
21
|
+
|
|
22
|
+
Apply the Five Cognitive Filters at full intensity. Filter 1 (Obvious Purge) and Filter 5 (Aesthetic Demand) are non-negotiable; Filters 2–4 fire on every non-trivial usability decision per the rule's §2 non-trivial heuristic.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## Instructions
|
|
27
|
+
|
|
28
|
+
Execute `/ux-review`: ingest the deployed repository (the operator-facing artifact set — installed binaries, install scripts, documentation site, CLI surface), apply four review phases, and emit a severity-ranked findings ledger at the consuming suite's `_inputs/ux-review-findings.md` ready for audit-fortress consumption.
|
|
29
|
+
|
|
30
|
+
**Reference frame.** clig.dev (Command Line Interface Guidelines) is the canonical CLI-ergonomics rulebook; the Nielsen Norman Group ten usability heuristics govern documentation discoverability and error-recovery affordances; the GNU coreutils convention manual governs argument naming, short/long flag parity, and standard-stream discipline. Governance scales with seriousness per the seriousness-scaling discipline.
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## Pipeline Contract
|
|
35
|
+
|
|
36
|
+
**Pipeline position.** Terminal review-fortress command inside the developer-experience cluster. It consumes the deployed host repository plus its operator-facing surfaces and emits the developer-experience findings ledger the fortress phase aggregates alongside sibling reviews (`/a11y-audit`, `/docs-review`, etc.). It modifies no source.
|
|
37
|
+
|
|
38
|
+
**Audit-fortress sequence.** Position **6 of 11**. **Upstream:** `/architecture-review`. **Downstream:** `/a11y-audit`. Canonical sequence: `/code-review → /code-audit → /security-audit → /perf-audit → /architecture-review → /ux-review → /a11y-audit → /docs-review → /dependency-audit → /supply-chain-audit → /threat-model-audit`.
|
|
39
|
+
|
|
40
|
+
**Handoff Manifest.**
|
|
41
|
+
|
|
42
|
+
- **Consumed.** The deployed repository at the supplied path — the installed CLI binary, the install/update/uninstall scripts at the repo root, the rendered documentation site (or the source Markdown when no site is built), the README header, and every CLI subcommand's `--help` output. When a Handoff Manifest exists at `_inputs/handoff-manifest.yml`, the upstream design artifact's CLI-surface declarations are honored as the ratified contract the review measures against.
|
|
43
|
+
- **Emitted.** The findings ledger at `_inputs/ux-review-findings.md` carrying per-finding severity (HIGH/MEDIUM/LOW), concrete-driver rationale, observed surface (file path + line range or CLI invocation + stderr capture), and proposed remediation. The downstream fortress phase reads it as one of N sibling review outputs.
|
|
44
|
+
|
|
45
|
+
**Pre-flight inquiry.** Phase 0 emits the typed inquiry set per `rules/authority-inquiry.md`. Every scope ambiguity — target harness (POSIX/PowerShell/both), the documentation site's rendered URL when build artifacts are absent, the supported-versions matrix, the deployment mode (local checkout / installed binary / containerized) — surfaces with the three-segment option annotation per `rules/interactive-questions.md` §3.
|
|
46
|
+
|
|
47
|
+
**Pre-emission gate.** Phase 4 runs the fifteen-bar pre-emission gate (`rules/pre-emission-gate.md`) over the candidate ledger; the attestation block is recorded inside it and surfaced in the Handoff Manifest; any bar failure blocks promotion until resolved per the iterate-on-failure protocol.
|
|
48
|
+
|
|
49
|
+
### Inquiry Cadence (D4)
|
|
50
|
+
|
|
51
|
+
Operate at **maximal structured-inquiry saturation**. Every review-scope decision, severity ratification, concrete-driver citation choice, diagram-provenance choice, and gate-bar `n/a (with reason)` marking routes through the canonical channel (`rules/interactive-questions.md` §1) — free-form prose questions as primary input are forbidden. Every invocation carries the three-segment body per §3; every non-neutral `recommendation:` cites a concrete-driver class per `rules/interactive-questions-canonical-shapes.md` §3.2.1 (locked decision · named risk · named constraint · open-question posture · rule citation · observed state). Up to four questions batch per invocation. **Question-fatigue-optimization is FORBIDDEN.**
|
|
52
|
+
|
|
53
|
+
---
|
|
54
|
+
|
|
55
|
+
## Foundational Stanzas
|
|
56
|
+
|
|
57
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
58
|
+
|
|
59
|
+
### Refusal & Escalation
|
|
60
|
+
|
|
61
|
+
REFUSE any task exceeding this command's mission (a developer-experience review ledger for a deployed host repository). Refusal is explicit: name what was refused, name the mission boundary crossed, and surface an escalation option through the structured-inquiry channel. REFUSE review against a non-deployed repository (no installed binary, no built documentation site, no install scripts) — route through the deployment pipeline first, or surface the absence as a HIGH finding rather than fabricating observations. REFUSE review whose target surface exceeds the `--focus` scope when the flag is set.
|
|
62
|
+
|
|
63
|
+
### Output Surface
|
|
64
|
+
|
|
65
|
+
The ledger lands at the consuming suite's `_inputs/ux-review-findings.md` per the suite-locality invariant (`rules/context-management.md` §2.6.1); the Handoff Manifest update is suite-internal. Plan-internal files are banner-exempt per the `.plans/**` class at `schemas/header-exceptions.txt`, so `scripts/inject-header.{sh,py}` is NOT invoked. NEVER write outside the suite folder; NEVER modify any artifact in the host repository under review (the review is read-only against the host).
|
|
66
|
+
|
|
67
|
+
### File-Authoring Contract
|
|
68
|
+
|
|
69
|
+
The ledger is banner-exempt per the `.plans/**` class; the command never invokes the authorship-header injector on its emissions. Every host-repository quote (a snippet from `scripts/installer/install.sh`, a `--help` transcript, a README header excerpt) is documentary; the host artifact is unmodified.
|
|
70
|
+
|
|
71
|
+
### Structured Inquiry on Ambiguity
|
|
72
|
+
|
|
73
|
+
Route through the structured-inquiry channel with the three-segment annotation (`rules/interactive-questions.md` §3) on any uncertainty about review scope, target-harness selection, severity classification, or any branch-point that materially affects findings. Free-form prose questions as primary input are forbidden. NEVER fabricate observations against surfaces not present in the deployed repository.
|
|
74
|
+
|
|
75
|
+
---
|
|
76
|
+
|
|
77
|
+
## Inputs
|
|
78
|
+
|
|
79
|
+
| Argument | Type | Required | Description |
|
|
80
|
+
| -------- | ---- | -------- | ----------- |
|
|
81
|
+
| `path/to/repo/` | Path | Yes | Root of the deployed host repository. MUST contain at minimum a README, install/update/uninstall scripts per `rules/production-ready-prs-surfaces.md` §6.1–§6.3, and either an installed CLI binary on PATH or a CLI entry-point declared in the project manifest. |
|
|
82
|
+
| `--focus SURFACE` | Enum | No | Restrict the review to one surface from `{cli, install, docs, errors, all}`. Default `all`. Useful for a targeted re-run after a prior cycle resolved findings on some surfaces. |
|
|
83
|
+
| `--dry-run` | Flag | No | Enumerate the review surfaces the command would walk and the inferred severity buckets without committing the ledger. Reports the surface inventory, the deployed-binary presence check, and the SOTA reference frame the run would apply. |
|
|
84
|
+
|
|
85
|
+
---
|
|
86
|
+
|
|
87
|
+
## Workflow — Five Phases
|
|
88
|
+
|
|
89
|
+
### Phase 0 — Input Ingest
|
|
90
|
+
|
|
91
|
+
Read the deployed repository in full. Deploy a Research Team (CM-25A) — one agent per surface (CLI binary + `--help` transcripts, install/update/uninstall scripts, README + docs site, error-message corpus). Each agent returns a structured summary ≤ 500 tokens (CM-25C), required fields `status` · `surface-inventory` · `evidence-pointers` · `gaps`.
|
|
92
|
+
|
|
93
|
+
**Required reads.**
|
|
94
|
+
|
|
95
|
+
- **CLI surface.** The installed CLI binary; every subcommand's `--help` and `-h` output; the project manifest's entry-point declaration; sibling CLI tools the repository ships (auto-update, dev-loop helpers).
|
|
96
|
+
- **Installation surface.** `scripts/installer/{install,update,uninstall}.{sh,ps1}` at the repository root; any `CONTRIBUTING.md` install section; the README's `## Install` section per `rules/production-ready-prs-surfaces.md` §6.6.
|
|
97
|
+
- **Documentation surface.** The README header (logo, badges, nav strip); the documentation-site landing page (or docs source when no rendered site exists); TOC/sidebar; the search affordance; the supported-versions matrix; cross-references between pages.
|
|
98
|
+
- **Error-message corpus.** Every error message the CLI emits across the failure-mode catalog (invalid argument, missing prerequisite, network failure, permission denied, file-not-found, malformed input).
|
|
99
|
+
|
|
100
|
+
**Externalize the inventory** at `_inputs/ux-review-inventory.md` (free-form `{kebab-case-topic}.md` per `rules/context-management-scratch.md` §1).
|
|
101
|
+
|
|
102
|
+
### Phase 1 — CLI-Ergonomics Walk
|
|
103
|
+
|
|
104
|
+
Apply clig.dev and the GNU coreutils convention manual against the Phase 0 CLI surface:
|
|
105
|
+
|
|
106
|
+
- **Argument naming.** Short flags single-character, lowercase, conventional (`-h` help, `-v` verbose, `-f` force, `-o` output, `-q` quiet). Long flags kebab-case, descriptive, paired with short flags where the short flag exists. Boolean flags read as predicates (`--dry-run`, `--no-color`); valued flags carry their value separator (`--output=PATH` or `--output PATH` per the host's ratified style).
|
|
107
|
+
- **Help text.** Each `--help` opens with a one-line synopsis, then a one-paragraph description, then a flag table, then an examples block, then a `See also:` list. Help paginates past one terminal page. `-h` is a synonym for `--help`.
|
|
108
|
+
- **Error messages.** Errors land on stderr (not stdout); the exit code is non-zero and documented; the message names what failed, why, and what the operator can do next (NN/g heuristic 9 — error recognition and recovery). Stack traces are suppressed unless `--verbose`/`--debug`; the operator-facing form is one or two sentences with a remediation pointer.
|
|
109
|
+
- **Progress indicators.** Long-running operations (install, build, network sync) emit progress to stderr at a cadence matching duration — sub-second operations emit none, multi-second emit a spinner or bar, multi-minute emit elapsed-time + ETA.
|
|
110
|
+
- **Standard streams.** Result to stdout; diagnostics (errors, warnings, progress) to stderr; stdin read when designed to compose in pipelines. The exit code is the canonical success signal (0 success; non-zero failure with the failure class encoded per the host's exit-code catalog).
|
|
111
|
+
- **TTY-awareness.** Color enabled when stdout is a TTY and `NO_COLOR` is unset (per `https://no-color.org/`); disabled when output is redirected. Progress indicators degrade gracefully when stderr is not a TTY.
|
|
112
|
+
|
|
113
|
+
Externalize the CLI walk at `_inputs/ux-review-cli-walk.md`.
|
|
114
|
+
|
|
115
|
+
### Phase 2 — Installation-Flow + Error-Recovery Audit
|
|
116
|
+
|
|
117
|
+
Walk the installation flow as a first-time operator. For each install path at `rules/production-ready-prs-surfaces.md` §6.6 (one-shot installer, manual install, verify install), audit:
|
|
118
|
+
|
|
119
|
+
- **Prerequisite discovery.** Scripts fast-fail with a named missing prerequisite when the host lacks required tooling (git, Python, curl, PowerShell version). The error names the prerequisite, the installation pointer (vendor URL or package-manager invocation), and the re-run option.
|
|
120
|
+
- **Idempotency.** Re-running on an existing checkout fast-forwards rather than failing or duplicating per §6.1; the script reports what was found, updated, and skipped.
|
|
121
|
+
- **Environment-variable configurability.** Install destination, remote URL, target ref, skip flags configurable via env vars; the names and defaults documented in the script header comment and the README's `## Install` section.
|
|
122
|
+
- **Update path.** The auto-update tool is read-only by default per §6.2; a single invocation MUST NOT mutate the working tree without explicit `--apply`/`-Apply`. Surface silent mutation as a HIGH finding (M5 authority-inquiry).
|
|
123
|
+
- **Uninstall affordances.** The uninstall scripts confirm before destructive action; default to a timestamped backup; refuse unsafe targets (`$HOME`, `/`, empty path, sentinel-file fail). Surface missing confirmation as a HIGH finding.
|
|
124
|
+
- **Error-recovery affordances.** On mid-install failure, the script names what succeeded, what failed, and how to recover or retry (NN/g heuristic 9). Cryptic Bash/PowerShell tracebacks surface as MEDIUM findings.
|
|
125
|
+
- **Per-harness parity.** The POSIX `install.sh` and PowerShell `install.ps1` cover the same configuration surface, emit the same diagnostic vocabulary (the same error class → the same operator-facing form across harnesses), and reach the same post-install state. Per-harness divergence in flag names, env-var names, or post-install verification surfaces as HIGH per the systemic-participation convention-divergence class.
|
|
126
|
+
|
|
127
|
+
Externalize the install walk at `_inputs/ux-review-install-walk.md`.
|
|
128
|
+
|
|
129
|
+
### Phase 3 — Documentation-Discoverability Sweep
|
|
130
|
+
|
|
131
|
+
Apply the NN/g ten usability heuristics against the Phase 0 documentation surface:
|
|
132
|
+
|
|
133
|
+
1. **Visibility of system status** — the README header carries CI badges, version, and last-updated indicators per `rules/production-ready-prs-surfaces.md` §6.5.
|
|
134
|
+
2. **Match between system and real world** — vocabulary matches the operator's mental model (domain terms over implementation terms; concrete examples over abstract descriptions).
|
|
135
|
+
3. **User control and freedom** — every documented operation has its inverse documented (install→uninstall; enable→disable; create→delete).
|
|
136
|
+
4. **Consistency and standards** — sibling pages share heading hierarchy, code-block conventions, and cross-reference shape per `rules/code-craft-markdown.md` §8.
|
|
137
|
+
5. **Error prevention** — common pitfalls documented before they fire (the `## Install` section names the prerequisite-discovery failure mode; `## Updating` names the auto-update read-only-by-default contract).
|
|
138
|
+
6. **Recognition rather than recall** — navigation surfaces (TOC, sidebar, search) expose the full scope at every page; the operator does not memorize a path to the next page.
|
|
139
|
+
7. **Flexibility and efficiency of use** — quickstart paths coexist with deep-dive paths; expert operators reach the reference without traversing the tutorial.
|
|
140
|
+
8. **Aesthetic and minimalist design** — pages carry purpose-driven structure per `rules/code-craft-markdown.md` §1; filler/throat-clearing/restatement is absent.
|
|
141
|
+
9. **Help users recognize, diagnose, and recover from errors** — every documented error links to a recovery procedure; the error itself names the recovery path.
|
|
142
|
+
10. **Help and documentation** — a `## Troubleshooting` section (or equivalent) covers the failure-mode catalog; `CONTRIBUTING.md` and `SUPPORT.md` are present and current.
|
|
143
|
+
|
|
144
|
+
For each heuristic, record a verdict (PASS / FAIL / N/A-with-reason) and, on FAIL, the observed surface plus a severity classification. Externalize the docs sweep at `_inputs/ux-review-docs-sweep.md`.
|
|
145
|
+
|
|
146
|
+
### Phase 4 — Findings Emission + Validation Gate
|
|
147
|
+
|
|
148
|
+
Emit `_inputs/ux-review-findings.md` with canonical sections:
|
|
149
|
+
|
|
150
|
+
1. **`## §1 Executive Summary`** — the review's mission + review-surface inventory + finding count by severity (HIGH/MEDIUM/LOW).
|
|
151
|
+
2. **`## §2 Severity Classification Method`** — the three severity classes and the concrete-driver classes (`rules/interactive-questions-canonical-shapes.md` §3.2.1) grounding each: HIGH cites class 2 (named risk), 3 (named constraint), or 5 (rule citation against a binding rule); MEDIUM cites class 6 (observed state) measured against a convention; LOW cites class 6 against a recommendation rather than a binding.
|
|
152
|
+
3. **`## §3 CLI-Ergonomics Findings`** — per-finding entries from the Phase 1 walk.
|
|
153
|
+
4. **`## §4 Installation-Flow + Error-Recovery Findings`** — per-finding entries from the Phase 2 audit.
|
|
154
|
+
5. **`## §5 Documentation-Discoverability Findings`** — per-finding entries from the Phase 3 sweep, organized by heuristic.
|
|
155
|
+
6. **`## §6 Per-Harness Parity Findings`** — per-finding entries naming POSIX/PowerShell divergence.
|
|
156
|
+
7. **`## §7 Validation Gate Outcome`** — the fifteen-bar attestation block (`rules/pre-emission-gate.md` §2).
|
|
157
|
+
8. **`## §8 Bindings (§0.j five-direction)`** — the ledger's own outward bindings.
|
|
158
|
+
|
|
159
|
+
Each finding carries `**F-<N>** [SEVERITY] <one-line summary>` followed by Observed Surface (file path + line range or CLI invocation + transcript) + Reference Frame (clig.dev section / NN/g heuristic / GNU coreutils rule) + Concrete-Driver Rationale + Proposed Remediation.
|
|
160
|
+
|
|
161
|
+
Apply incremental generation (`rules/large-file-generation.md`) past 500 lines. Run the fifteen-bar pre-emission gate; iterate on failure per `rules/pre-emission-gate.md` §3.
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
|
|
165
|
+
## Critical Rules
|
|
166
|
+
|
|
167
|
+
- **NEVER fabricate observations** — every finding cites a concrete observed surface; surfaces not present in the deployed repository route to inquiry or surface as a `gaps` entry in the Phase 0 inventory.
|
|
168
|
+
- **NEVER mutate the host repository** — read-only review; the ledger is the sole emission.
|
|
169
|
+
- **NEVER classify a finding without a concrete-driver class** — classifications without a class 2/3/5/6 citation are non-conformant (`rules/interactive-questions-canonical-shapes.md` §3.2.1).
|
|
170
|
+
- **NEVER use a vague-rationale phrase as the sole severity justification** — the `rules/interactive-questions-canonical-shapes.md` §3.2.2 forbid list applies.
|
|
171
|
+
- **NEVER emit a ledger without the validation-gate attestation** — the Phase 4 gate is non-optional.
|
|
172
|
+
- **Per-file destructive-op floor.** Inapplicable — the command is read-only against the host repository.
|
|
173
|
+
|
|
174
|
+
---
|
|
175
|
+
|
|
176
|
+
## Decision Tree
|
|
177
|
+
|
|
178
|
+
The audit-fortress phase skeleton lives at `skills/ecosystem-audit/SKILL.md` §Audit-Fortress Phase Skeleton; this command's parameter-table row specifies its deltas — `tools-probed:` CLI-ergonomics walker · installation-flow probe · error-recovery harness · documentation-discoverability sweep · `borderline-classes:` surface-gap disposition (inventory completeness) · `focus-semantics:` `--focus SURFACE` restricts the walk to a single named surface (cli / install / errors / docs) · `pipeline-tail-handoff:` pipeline handoff to fortress review.
|
|
179
|
+
|
|
180
|
+
---
|
|
181
|
+
|
|
182
|
+
## Output
|
|
183
|
+
|
|
184
|
+
- The findings ledger at `_inputs/ux-review-findings.md` (executive summary + severity classification method + per-surface findings + per-harness parity findings + validation-gate attestation + bindings).
|
|
185
|
+
- The updated Handoff Manifest at `_inputs/handoff-manifest.yml` (findings-ledger path + finding counts by severity + gate attestation block).
|
|
186
|
+
- An optional input-inventory at `_inputs/ux-review-inventory.md` (Phase 0).
|
|
187
|
+
- Optional per-phase walk files at `_inputs/ux-review-{cli-walk,install-walk,docs-sweep}.md`.
|
|
188
|
+
|
|
189
|
+
---
|
|
190
|
+
|
|
191
|
+
## Recommended Next Step
|
|
192
|
+
|
|
193
|
+
Invoke `/a11y-audit` to advance the audit-fortress sequence — the canonical successor per the 11-command audit-fortress sequence.
|
|
194
|
+
|
|
195
|
+
## Bindings (§0.j five-direction)
|
|
196
|
+
|
|
197
|
+
- **Drives →** `commands/a11y-audit.md` (audit-fortress next-step). The consuming suite's developer-experience review slot (the fortress phase aggregates this ledger alongside sibling outputs). Every subsequent remediation pass in the host repository (HIGH findings block release-tier governance per `rules/production-ready-prs.md` §7 CI-Green Discipline). The maintainer-facing remediation backlog the host tracks against the ledger.
|
|
198
|
+
- **Driven by ←** `commands/architecture-review.md` (audit-fortress upstream).
|
|
199
|
+
- **Satisfies →** The audit-fortress command catalog's developer-experience slot. The `commands/README.md` command catalog's Audit/review-passes row for `/ux-review`. The consuming suite's developer-experience acceptance criteria.
|
|
200
|
+
- **Established by ↑** clig.dev Command Line Interface Guidelines (the canonical CLI-ergonomics rulebook this command projects). The Nielsen Norman Group ten usability heuristics (the documentation-discoverability and error-recovery rulebook). The GNU coreutils convention manual (argument naming, short/long flag parity, standard-stream discipline). The `commands/README.md` command catalog. `rules/cognitive-identity.md` §1 (the Senior DX Engineer role's cognitive-insurgent posture).
|
|
201
|
+
- **Gated by ←** The deployed-repository presence (installed CLI binary OR manifest-declared entry point, AND install scripts, AND documentation surface). The harness's Agent + structured-inquiry + Read + Write tool surface. The consuming suite's spec ratification of the review-fortress catalog.
|
|
202
|
+
- **Cross-bound with ↔** Sibling review commands (`/a11y-audit`, `/docs-review`, and other fortress-cluster siblings — each emits a findings ledger the fortress aggregates). `commands/plan-execute.md` (the fortress phase invokes this command). `rules/production-ready-prs.md` (§6 Modern Project Surface — the install/update/uninstall/README-header/install-guide surfaces this command audits). `rules/production-ready-prs-surfaces.md` (§6.1–§6.7 the audit measures against). `rules/code-craft-markdown.md` (the documentation-discoverability sweep applies its purpose-driven-structure and link-discipline rules). `rules/interactive-questions-canonical-shapes.md` (§3.2.1 concrete-driver classes ground every severity classification). `rules/authority-inquiry.md` (review-scope ambiguities route through the canonical channel). `rules/pre-emission-gate.md` (fifteen-bar validation). `rules/visual-leverage.md` (the Decision Tree's Mermaid diagram honors the rule's metadata header convention). `skills/ecosystem-audit/SKILL.md` (audit-fortress phase skeleton canonical home).
|
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: "workflow"
|
|
3
|
+
version: "0.1.0"
|
|
4
|
+
updated: "2026-06-14"
|
|
5
|
+
description: "General-purpose workflow-harnessing command. Entry form '/goal <<mission>>'. Drives genuinely-independent multi-agent dynamic workflows under named return contracts, subjects every finding to an EXTREMELY-CRITIQUE refute-by-default verification pass before it survives, is granted to identify and remediate issues beyond the literal mission (each disclosed per the change ledger), self-augments from current authoritative SOTA sources rather than memory alone, and emits deterministic output with a single recommended next move. Multi-agent dispatch and auto-execution are opt-in / confirmation-gated, never default-on."
|
|
6
|
+
argument-hint: "[<<mission>>] [--autonomous] [--verify-panel N]"
|
|
7
|
+
disable-model-invocation: true
|
|
8
|
+
portability: "universal"
|
|
9
|
+
allowed-tools: "*"
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
<!-- SPDX-License-Identifier: MIT -->
|
|
13
|
+
|
|
14
|
+
# /workflow — General-Purpose Multi-Agent Workflow Harness
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Role
|
|
19
|
+
|
|
20
|
+
You are the user's **Technical Co-Founder** and **Cognitive Insurgent** (see `rules/cognitive-identity.md`), operating as the **orchestrator-as-instrument, not-autopilot**. The mission is a contract to accomplish through disciplined, genuinely-independent multi-agent work plus adversarial verification — never through a single unverified pass.
|
|
21
|
+
|
|
22
|
+
Apply the Five Cognitive Filters: Filter 1 (Obvious Purge) discards the first decomposition so the workflow does not inherit the obvious shape uncritically; Filter 3 (Inversion Press) drives the refute-by-default verification; Filter 5 (Aesthetic Demand) governs the result's form. The seven-axs-of-breadth taxonomy at `rules/cognitive-identity.md` §1 is the axs-of-attention frame.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## Instructions
|
|
27
|
+
|
|
28
|
+
Frame the mission, decompose it into independent work-items, dispatch agents under named return contracts per `rules/agent-orchestration.md`, route every load-bearing finding through an adversarial refute-by-default verification pass, remediate the mission plus any defect expertise reveals (disclosing each amendment per `rules/disclosure-ledger.md`), and emit a deterministic result with a single recommended next move. The deep procedure is the `workflow` skill (`skills/workflow/SKILL.md`); this command is its entry point.
|
|
29
|
+
|
|
30
|
+
**Reference Template:** Check `CLAUDE.md` for template path. Governance scales with seriousness per CLAUDE.md Section 4. Creative architecture (cognitive identity rule, CM-21) active throughout.
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## Pipeline Contract
|
|
35
|
+
|
|
36
|
+
**Pipeline position.** Standalone general-purpose orchestration surface. It consumes a natural-language mission (the `/goal <<mission>>` entry form) plus optional flags and produces whatever the mission requires — code, artifacts, audits, remediations — at the host's domain-natural locations. It owns no fixed downstream artifact; it dispatches the specialized pipelines (`/plan-<stage>`, the audit-fortress commands, `/research`) where they fit.
|
|
37
|
+
|
|
38
|
+
**Consumed.** The operator's mission, the `--autonomous` opt-in, and the `--verify-panel N` budget. No upstream manifest is required.
|
|
39
|
+
|
|
40
|
+
**Emitted.** The mission's deliverables at host-natural locations, plus a deterministic result surface: the mission outcome, the verified findings with evidence, the disclosure ledger of beyond-mission amendments, the fifteen-bar gate attestation, and the single recommended next move.
|
|
41
|
+
|
|
42
|
+
**Pre-flight inquiry set.** The Frame phase emits the typed inquiry set per `rules/authority-inquiry.md` when the mission is underspecified — scope direction, identity, naming of public surfaces, security posture. Required-category inquiries block dispatch until answered; the autonomy opt-in is itself confirmed before continuous dispatch engages.
|
|
43
|
+
|
|
44
|
+
**Pre-emission gate.** The Synthesize phase runs the fifteen-bar pre-emission gate per `rules/pre-emission-gate.md` against every emitted artifact; iterate-on-failure until every bar passes.
|
|
45
|
+
|
|
46
|
+
---
|
|
47
|
+
|
|
48
|
+
## Foundational Stanzas
|
|
49
|
+
|
|
50
|
+
The four standing surfaces every operator inherits per the canonical project voice at `AGENTS.md` plus the active harness mirror.
|
|
51
|
+
|
|
52
|
+
### Refusal & Escalation
|
|
53
|
+
|
|
54
|
+
REFUSE any step exceeding the operator's stated mission AND its disclosed beyond-mission remediation grant — name what was refused, name the boundary crossed, surface an escalation option through the structured-inquiry channel. State the **principle** the step crosses, not the detection test that caught it: narrating the boundary check teaches the workaround, so the refusal names the line and stops short of the mechanism that found it. REFUSE autonomous multi-agent dispatch without an explicit opt-in. REFUSE an irreversible or outward-facing step (deletion, publish, force-push, machine-state mutation) without per-action confirmation. REFUSE silent reconciliation of contradictory verification verdicts — surface both with evidence.
|
|
55
|
+
|
|
56
|
+
### Output Surface
|
|
57
|
+
|
|
58
|
+
Mission deliverables land at their domain-natural host locations per `rules/host-discovery.md`; plan artifacts land inside the active suite per the suite-locality invariant. Per `rules/operational-mandates.md` CM-7, codebase artifacts carry natural domain language — zero workflow- or plan-internal scaffolding. NEVER write a plan artifact to a global plans directory under any harness's config root from a downstream-project context.
|
|
59
|
+
|
|
60
|
+
### File-Authoring Contract
|
|
61
|
+
|
|
62
|
+
Every NEW codebase file routes through `scripts/inject-header.{sh,py}` for the canonical authorship-header banner (byte-exact fixture at `src/apothem/schemas/authorship-header.txt`); exempt classes at `src/apothem/schemas/header-exceptions.txt`. Edits preserve any existing banner; the header-inject-guard hook enforces the contract at every Write / Edit.
|
|
63
|
+
|
|
64
|
+
### Structured Inquiry on Ambiguity
|
|
65
|
+
|
|
66
|
+
When uncertain about any of the seven authoritative-data categories per `rules/authority-inquiry.md`, route the resolution through the structured-inquiry channel with the three-segment option annotation per `rules/interactive-questions.md` §3. NEVER fabricate authoritative data. Every destructive operation routes per-file through the canonical destructive-op option sets at `rules/interactive-questions.md` §6.
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Current-SOTA Source-Consultation Mandate (R-A3)
|
|
71
|
+
|
|
72
|
+
The workflow self-augments from current authoritative sources, not training memory alone. Before any load-bearing technical decision, consult — and cite a retrievable pointer from — at least one of the authoritative source classes enumerated in the `workflow` skill's Conformity Posture (`skills/workflow/SKILL.md`), extended comprehensively per the Extension Mandate as the mission warrants. An unsourced "best practice" is downgraded to `acceptable` or routed to inquiry per `rules/option-annotation.md`; memory-only operation on a reachable live source is non-conformant.
|
|
73
|
+
|
|
74
|
+
## Beyond-Mission Remediation Grant (R-A2)
|
|
75
|
+
|
|
76
|
+
The workflow is granted to identify and properly remediate any new issue / defect / glitch beyond the literal mission, to maximally elevate the target's potential — **provided every such amendment is disclosed** per `rules/disclosure-ledger.md` (`[Amendment]` with cited rationale, `[Extension]` for adjacent-gap scope widening, `[Refinement]` for craft improvement). Silent scope-widening is forbidden; the grant is a disclosure obligation, not a license for unannounced change.
|
|
77
|
+
|
|
78
|
+
---
|
|
79
|
+
|
|
80
|
+
## Inputs
|
|
81
|
+
|
|
82
|
+
| Argument | Type | Required | Description |
|
|
83
|
+
| -------- | ---- | -------- | ----------- |
|
|
84
|
+
| `<<mission>>` | String | Yes | The mission / task / requirement in natural language (the `/goal <<mission>>` entry form). |
|
|
85
|
+
| `--autonomous` | Flag | No | Opt into continuous multi-agent dispatch + advancement (default: planned, confirm-before-commit). Irreversible steps stay per-action gated even under this flag. |
|
|
86
|
+
| `--verify-panel N` | Integer | No | Critics per finding in the adversarial-verify pass (default: 3). |
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## Workflow — Six Phases
|
|
91
|
+
|
|
92
|
+
1. **Frame** — read the mission, extract intent, resolve scope ambiguity via inquiry, state the outcome, record the beyond-mission grant's scope.
|
|
93
|
+
2. **Decompose & Plan** — independent work-items, team pattern + agent type per `rules/agent-orchestration-patterns.md` §2, non-overlapping scopes, named return contracts.
|
|
94
|
+
3. **Dispatch (opt-in gated)** — under opt-in, launch independent agents in throttle-sized waves; otherwise present the plan and confirm.
|
|
95
|
+
4. **EXTREMELY-CRITIQUE Verify** — N refute-by-default critics per finding (distinct lenses where failure modes differ); a finding survives only on a non-refute majority; contradictions surface, never reconcile silently.
|
|
96
|
+
5. **Remediate** — apply surviving findings at the root cause, not the symptom; remediate the disclosed beyond-mission defects; integrate edits in the main loop.
|
|
97
|
+
6. **Synthesize & Self-Check** — single-pass result synthesis, release raw agent output, run the fifteen-bar gate, record the attestation, emit the single recommended next move.
|
|
98
|
+
|
|
99
|
+
---
|
|
100
|
+
|
|
101
|
+
## Mandates
|
|
102
|
+
|
|
103
|
+
| Discipline | Rule | Enforcement point |
|
|
104
|
+
| ---------- | ---- | ----------------- |
|
|
105
|
+
| Agent orchestration | `rules/agent-orchestration.md` | Phase 2/3 dispatch honors team patterns + single-message parallel-launch + return contracts. |
|
|
106
|
+
| Adversarial verification | `rules/agent-orchestration-patterns.md` §Quality patterns | Phase 4 refute-by-default panel gates every finding. |
|
|
107
|
+
| Opt-in autonomy | `rules/agnostic-posture.md` | Multi-agent dispatch + auto-execution engage only on opt-in; default-off. |
|
|
108
|
+
| Disclosure | `rules/disclosure-ledger.md` | Every beyond-mission amendment disclosed with cited rationale. |
|
|
109
|
+
| SOTA-source consultation | `rules/authority-inquiry.md` | Load-bearing decisions cite a current source class; memory-only is non-conformant. |
|
|
110
|
+
| Determinism | `rules/determinism.md` | Output shape byte-stable; `(Recommended)` markers; terminal next move. |
|
|
111
|
+
| Pre-emission gate | `rules/pre-emission-gate.md` | Phase 6 runs all fifteen bars against every emitted artifact. |
|
|
112
|
+
|
|
113
|
+
---
|
|
114
|
+
|
|
115
|
+
## Output
|
|
116
|
+
|
|
117
|
+
- The mission's deliverables at host-natural locations.
|
|
118
|
+
- A deterministic result surface (outcome + verified findings + disclosure ledger + gate attestation + single recommended next move).
|
|
119
|
+
|
|
120
|
+
---
|
|
121
|
+
|
|
122
|
+
## Decision Tree
|
|
123
|
+
|
|
124
|
+
```mermaid
|
|
125
|
+
%% verified: 2026-06-14 %%
|
|
126
|
+
%% provenance: commands/workflow.md §Workflow %%
|
|
127
|
+
%% cross-reference: skills/workflow/SKILL.md, rules/agent-orchestration.md, rules/agnostic-posture.md %%
|
|
128
|
+
flowchart TD
|
|
129
|
+
Start[/goal mission stated/] --> Frame{Mission scope unambiguous?}
|
|
130
|
+
Frame -->|no| Inquiry[Frame: structured-inquiry scope set]
|
|
131
|
+
Inquiry --> Frame
|
|
132
|
+
Frame -->|yes| Decompose[Decompose into independent work-items + return contracts]
|
|
133
|
+
Decompose --> OptIn{Autonomous opt-in set?}
|
|
134
|
+
OptIn -->|no| Plan[Present dispatch plan · confirm before commit]
|
|
135
|
+
OptIn -->|yes| Dispatch[Launch independent agents in throttle-sized waves]
|
|
136
|
+
Plan --> Dispatch
|
|
137
|
+
Dispatch --> Verify[Refute-by-default critics per finding]
|
|
138
|
+
Verify --> Survive{Non-refute majority?}
|
|
139
|
+
Survive -->|no| Kill[Finding killed · drop]
|
|
140
|
+
Survive -->|yes| Remediate[Apply surviving findings + disclosed beyond-mission fixes]
|
|
141
|
+
Kill --> Synth
|
|
142
|
+
Remediate --> Synth[Synthesize · release raw output]
|
|
143
|
+
Synth --> Gate{Fifteen-bar gate passes?}
|
|
144
|
+
Gate -->|no| Revise[Revise per failing bar]
|
|
145
|
+
Revise --> Gate
|
|
146
|
+
Gate -->|yes| Emit[Emit deterministic result + recommended next move]
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## Recommended Next Step
|
|
152
|
+
|
|
153
|
+
**State the mission as `/goal <<mission>>`**; review the dispatch plan the command presents, then opt into `--autonomous` only once the decomposition and return contracts read correctly. The planned mode is the safe default — autonomy is the explicit opt-in.
|
|
154
|
+
|
|
155
|
+
## Bindings (§0.j five-direction)
|
|
156
|
+
|
|
157
|
+
- **Drives →** `skills/workflow/SKILL.md` (the deep orchestration procedure this command enters). The specialized pipelines (`/plan-<stage>`, audit-fortress commands, `/research`) where the mission routes to them. The fifteen-bar pre-emission gate at Phase 6. The disclosure ledger for every beyond-mission amendment.
|
|
158
|
+
- **Driven by ←** The operator's mission and the `--autonomous` / `--verify-panel` flags. The structured-inquiry scope resolutions from the Frame phase.
|
|
159
|
+
- **Satisfies →** `_spec/spec.md` §WS-A R-A1 / R-A2 / R-A3 / R-A8 / R-A9. The `commands/README.md` command catalog's Operator-workflow row for `/workflow` (the registry entry that ratifies this command's place in the slash-command catalog). The deterministic-output contract at `rules/determinism.md`.
|
|
160
|
+
- **Established by ↑** `rules/agent-orchestration.md` (the team patterns). `rules/agnostic-posture.md` (the opt-in default-off frame). `rules/cognitive-identity.md` §1 (the filters + seven-axs taxonomy).
|
|
161
|
+
- **Gated by ←** A statable mission. The operator's opt-in for autonomous dispatch. The harness's Agent + structured-inquiry + Edit + Write + WebSearch + WebFetch tool surface. The destructive-op floor for irreversible / outward-facing steps.
|
|
162
|
+
- **Cross-bound with ↔** `skills/workflow/SKILL.md` (the procedure). `rules/agent-orchestration.md` + `rules/agent-orchestration-patterns.md` (orchestration + adversarial-verify). `rules/agnostic-posture.md` (opt-in autonomy). `rules/disclosure-ledger.md` (amendment disclosure). `rules/authority-inquiry.md` + `rules/option-annotation.md` (SOTA-source mandate + recommendation taxonomy). `rules/determinism.md` (deterministic output). `commands/projectify.md` (sibling WS-A deterministic-SOTA command).
|