@bradygaster/squad-cli 0.9.6-insider.2 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/copilot-bridge.d.ts.map +1 -1
- package/dist/cli/commands/copilot-bridge.js +5 -1
- package/dist/cli/commands/copilot-bridge.js.map +1 -1
- package/dist/cli/commands/doctor.d.ts +6 -0
- package/dist/cli/commands/doctor.d.ts.map +1 -1
- package/dist/cli/commands/doctor.js +120 -5
- package/dist/cli/commands/doctor.js.map +1 -1
- package/dist/cli/commands/export.d.ts +7 -3
- package/dist/cli/commands/export.d.ts.map +1 -1
- package/dist/cli/commands/export.js +68 -16
- package/dist/cli/commands/export.js.map +1 -1
- package/dist/cli/commands/import.d.ts +7 -3
- package/dist/cli/commands/import.d.ts.map +1 -1
- package/dist/cli/commands/import.js +140 -42
- package/dist/cli/commands/import.js.map +1 -1
- package/dist/cli/commands/install-hooks.d.ts.map +1 -1
- package/dist/cli/commands/install-hooks.js +50 -5
- package/dist/cli/commands/install-hooks.js.map +1 -1
- package/dist/cli/commands/link.d.ts.map +1 -1
- package/dist/cli/commands/link.js +7 -1
- package/dist/cli/commands/link.js.map +1 -1
- package/dist/cli/commands/loop.d.ts.map +1 -1
- package/dist/cli/commands/loop.js +7 -5
- package/dist/cli/commands/loop.js.map +1 -1
- package/dist/cli/commands/memory.d.ts +2 -0
- package/dist/cli/commands/memory.d.ts.map +1 -0
- package/dist/cli/commands/memory.js +304 -0
- package/dist/cli/commands/memory.js.map +1 -0
- package/dist/cli/commands/migrate-backend.d.ts +36 -5
- package/dist/cli/commands/migrate-backend.d.ts.map +1 -1
- package/dist/cli/commands/migrate-backend.js +250 -40
- package/dist/cli/commands/migrate-backend.js.map +1 -1
- package/dist/cli/commands/notes.d.ts +27 -0
- package/dist/cli/commands/notes.d.ts.map +1 -0
- package/dist/cli/commands/notes.js +222 -0
- package/dist/cli/commands/notes.js.map +1 -0
- package/dist/cli/commands/plugin.d.ts.map +1 -1
- package/dist/cli/commands/plugin.js +423 -8
- package/dist/cli/commands/plugin.js.map +1 -1
- package/dist/cli/commands/skill.d.ts +31 -0
- package/dist/cli/commands/skill.d.ts.map +1 -0
- package/dist/cli/commands/skill.js +497 -0
- package/dist/cli/commands/skill.js.map +1 -0
- package/dist/cli/commands/start.d.ts.map +1 -1
- package/dist/cli/commands/start.js +9 -1
- package/dist/cli/commands/start.js.map +1 -1
- package/dist/cli/commands/state-mcp.d.ts +25 -0
- package/dist/cli/commands/state-mcp.d.ts.map +1 -0
- package/dist/cli/commands/state-mcp.js +168 -0
- package/dist/cli/commands/state-mcp.js.map +1 -0
- package/dist/cli/commands/watch/agent-spawn.d.ts +62 -0
- package/dist/cli/commands/watch/agent-spawn.d.ts.map +1 -0
- package/dist/cli/commands/watch/agent-spawn.js +127 -0
- package/dist/cli/commands/watch/agent-spawn.js.map +1 -0
- package/dist/cli/commands/watch/capabilities/board.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/board.js +2 -1
- package/dist/cli/commands/watch/capabilities/board.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/decision-hygiene.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/decision-hygiene.js +3 -2
- package/dist/cli/commands/watch/capabilities/decision-hygiene.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/execute.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/execute.js +14 -2
- package/dist/cli/commands/watch/capabilities/execute.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/index.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/index.js +2 -0
- package/dist/cli/commands/watch/capabilities/index.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/monitor-email.d.ts +1 -1
- package/dist/cli/commands/watch/capabilities/monitor-email.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/monitor-email.js +21 -4
- package/dist/cli/commands/watch/capabilities/monitor-email.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/monitor-teams.d.ts +1 -1
- package/dist/cli/commands/watch/capabilities/monitor-teams.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/monitor-teams.js +21 -5
- package/dist/cli/commands/watch/capabilities/monitor-teams.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/notes-promote.d.ts +11 -0
- package/dist/cli/commands/watch/capabilities/notes-promote.d.ts.map +1 -0
- package/dist/cli/commands/watch/capabilities/notes-promote.js +124 -0
- package/dist/cli/commands/watch/capabilities/notes-promote.js.map +1 -0
- package/dist/cli/commands/watch/capabilities/retro.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/retro.js +3 -2
- package/dist/cli/commands/watch/capabilities/retro.js.map +1 -1
- package/dist/cli/commands/watch/capabilities/wave-dispatch.d.ts.map +1 -1
- package/dist/cli/commands/watch/capabilities/wave-dispatch.js +2 -1
- package/dist/cli/commands/watch/capabilities/wave-dispatch.js.map +1 -1
- package/dist/cli/commands/watch/index.d.ts.map +1 -1
- package/dist/cli/commands/watch/index.js +16 -12
- package/dist/cli/commands/watch/index.js.map +1 -1
- package/dist/cli/core/cast.d.ts.map +1 -1
- package/dist/cli/core/cast.js +132 -1
- package/dist/cli/core/cast.js.map +1 -1
- package/dist/cli/core/command-help.d.ts +44 -0
- package/dist/cli/core/command-help.d.ts.map +1 -0
- package/dist/cli/core/command-help.js +401 -0
- package/dist/cli/core/command-help.js.map +1 -0
- package/dist/cli/core/copilot-invocation.d.ts +57 -0
- package/dist/cli/core/copilot-invocation.d.ts.map +1 -0
- package/dist/cli/core/copilot-invocation.js +84 -0
- package/dist/cli/core/copilot-invocation.js.map +1 -0
- package/dist/cli/core/effective-squad-dir.d.ts +33 -0
- package/dist/cli/core/effective-squad-dir.d.ts.map +1 -0
- package/dist/cli/core/effective-squad-dir.js +37 -0
- package/dist/cli/core/effective-squad-dir.js.map +1 -0
- package/dist/cli/core/init.d.ts +2 -0
- package/dist/cli/core/init.d.ts.map +1 -1
- package/dist/cli/core/init.js +74 -1
- package/dist/cli/core/init.js.map +1 -1
- package/dist/cli/core/mcp-root.d.ts +60 -0
- package/dist/cli/core/mcp-root.d.ts.map +1 -0
- package/dist/cli/core/mcp-root.js +124 -0
- package/dist/cli/core/mcp-root.js.map +1 -0
- package/dist/cli/core/mcp-spec.d.ts +48 -0
- package/dist/cli/core/mcp-spec.d.ts.map +1 -0
- package/dist/cli/core/mcp-spec.js +61 -0
- package/dist/cli/core/mcp-spec.js.map +1 -0
- package/dist/cli/core/npm-registry.d.ts +25 -0
- package/dist/cli/core/npm-registry.d.ts.map +1 -0
- package/dist/cli/core/npm-registry.js +65 -0
- package/dist/cli/core/npm-registry.js.map +1 -0
- package/dist/cli/core/templates.d.ts.map +1 -1
- package/dist/cli/core/templates.js +52 -16
- package/dist/cli/core/templates.js.map +1 -1
- package/dist/cli/core/upgrade.d.ts +5 -0
- package/dist/cli/core/upgrade.d.ts.map +1 -1
- package/dist/cli/core/upgrade.js +231 -12
- package/dist/cli/core/upgrade.js.map +1 -1
- package/dist/cli/index.d.ts +1 -0
- package/dist/cli/index.d.ts.map +1 -1
- package/dist/cli/index.js +1 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/shell/components/App.js +1 -1
- package/dist/cli/shell/components/App.js.map +1 -1
- package/dist/cli/shell/components/MessageStream.js +2 -2
- package/dist/cli/shell/components/MessageStream.js.map +1 -1
- package/dist/cli/shell/coordinator.d.ts.map +1 -1
- package/dist/cli/shell/coordinator.js +11 -5
- package/dist/cli/shell/coordinator.js.map +1 -1
- package/dist/cli/shell/index.d.ts.map +1 -1
- package/dist/cli/shell/index.js +14 -7
- package/dist/cli/shell/index.js.map +1 -1
- package/dist/cli/shell/lifecycle.d.ts.map +1 -1
- package/dist/cli/shell/lifecycle.js +12 -7
- package/dist/cli/shell/lifecycle.js.map +1 -1
- package/dist/cli/shell/session-store.d.ts +4 -4
- package/dist/cli/shell/session-store.d.ts.map +1 -1
- package/dist/cli/shell/session-store.js +11 -11
- package/dist/cli/shell/session-store.js.map +1 -1
- package/dist/cli-entry.js +162 -50
- package/dist/cli-entry.js.map +1 -1
- package/package.json +7 -3
- package/scripts/patch-esm-imports.mjs +3 -1
- package/templates/after-agent-reference.md +64 -0
- package/templates/ceremony-reference.md +82 -0
- package/templates/client-compatibility-reference.md +46 -0
- package/templates/copilot-agent.md +96 -0
- package/templates/copilot-instructions.md +14 -0
- package/templates/model-selection-reference.md +101 -0
- package/templates/prd-intake.md +105 -0
- package/templates/rai-charter.md +110 -0
- package/templates/rai-policy.md +103 -0
- package/templates/ralph-reference.md +141 -0
- package/templates/routing.md +1 -0
- package/templates/scribe-charter.md +18 -151
- package/templates/session-init-reference.md +199 -0
- package/templates/skills/e2e-template-testing/SKILL.md +557 -0
- package/templates/skills/fact-checking/SKILL.md +61 -0
- package/templates/skills/squad-commands/SKILL.md +303 -0
- package/templates/skills/squad-version-check/SKILL.md +160 -0
- package/templates/spawn-reference.md +131 -0
- package/templates/squad.agent.md.template +200 -625
- package/templates/workflow-wiring-appendix-a-code-reviewer.md +131 -0
- package/templates/workflow-wiring-appendix-b-documenter.md +140 -0
- package/templates/workflow-wiring-guide.md +276 -0
- package/templates/workflows/squad-heartbeat.yml +167 -167
- package/templates/worktree-reference.md +126 -0
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
# Ceremony Reference
|
|
2
|
+
|
|
3
|
+
On-demand reference for ceremony configuration, facilitator spawn, and execution rules.
|
|
4
|
+
|
|
5
|
+
## Config Format
|
|
6
|
+
|
|
7
|
+
Ceremonies are declared in `.squad/ceremonies.md`. Each ceremony is a section with a table of fields:
|
|
8
|
+
|
|
9
|
+
```markdown
|
|
10
|
+
## {CeremonyName}
|
|
11
|
+
|
|
12
|
+
| Field | Value |
|
|
13
|
+
|-------|-------|
|
|
14
|
+
| **Trigger** | auto \| manual |
|
|
15
|
+
| **When** | before \| after |
|
|
16
|
+
| **Condition** | {when auto-triggered: natural language condition} |
|
|
17
|
+
| **Facilitator** | lead \| {specific-agent} |
|
|
18
|
+
| **Participants** | all-relevant \| all-involved \| {comma-separated names} |
|
|
19
|
+
| **Time budget** | focused \| extended |
|
|
20
|
+
| **Enabled** | ✅ yes \| ❌ no |
|
|
21
|
+
|
|
22
|
+
**Agenda:**
|
|
23
|
+
1. {Step 1}
|
|
24
|
+
2. {Step 2}
|
|
25
|
+
...
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
### Field Definitions
|
|
29
|
+
|
|
30
|
+
| Field | Values | Meaning |
|
|
31
|
+
|-------|--------|---------|
|
|
32
|
+
| Trigger | `auto` | Fires automatically when Condition matches |
|
|
33
|
+
| Trigger | `manual` | Only when user says "run {ceremony}" |
|
|
34
|
+
| When | `before` | Runs before work batch spawns |
|
|
35
|
+
| When | `after` | Runs after work batch completes |
|
|
36
|
+
| Condition | free text | Evaluated against current task context |
|
|
37
|
+
| Facilitator | agent name | Who runs the meeting |
|
|
38
|
+
| Participants | selector | Who attends |
|
|
39
|
+
| Time budget | `focused` | Keep it short — key decisions only |
|
|
40
|
+
| Time budget | `extended` | Thorough discussion — all angles |
|
|
41
|
+
| Enabled | boolean | Skip disabled ceremonies entirely |
|
|
42
|
+
|
|
43
|
+
## Facilitator Spawn Template
|
|
44
|
+
|
|
45
|
+
When a ceremony triggers, spawn the facilitator (sync) with this prompt structure:
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
You are {FacilitatorName}, facilitating the "{CeremonyName}" ceremony.
|
|
49
|
+
|
|
50
|
+
PARTICIPANTS: {participant list}
|
|
51
|
+
TRIGGER CONDITION: {what triggered this ceremony}
|
|
52
|
+
AGENDA:
|
|
53
|
+
{numbered agenda items from config}
|
|
54
|
+
|
|
55
|
+
RULES:
|
|
56
|
+
- Follow the agenda in order.
|
|
57
|
+
- For each agenda item, spawn relevant participants as sub-tasks to gather their input.
|
|
58
|
+
- Synthesize participant input into clear decisions and action items.
|
|
59
|
+
- Keep to the time budget: {focused|extended}.
|
|
60
|
+
- Output a structured summary at the end.
|
|
61
|
+
|
|
62
|
+
TASK CONTEXT:
|
|
63
|
+
{description of the work that triggered this ceremony}
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
## Execution Rules
|
|
67
|
+
|
|
68
|
+
1. **Before ceremonies** fire AFTER routing decisions but BEFORE agent spawn. The ceremony summary is included in all subsequent work-batch spawn prompts.
|
|
69
|
+
2. **After ceremonies** fire when ALL agents in the batch have completed (success or failure).
|
|
70
|
+
3. **Manual ceremonies** fire only on explicit user request ("run retro", "do a design review").
|
|
71
|
+
4. **Cooldown:** After a ceremony completes, skip auto-trigger checks for the immediately following step. This prevents ceremony loops.
|
|
72
|
+
5. **Participant resolution:**
|
|
73
|
+
- `all-relevant` → agents routed to the current task
|
|
74
|
+
- `all-involved` → agents that participated in the completed batch
|
|
75
|
+
- Named agents → spawn only those specific agents
|
|
76
|
+
6. **Scribe integration:** Spawn Scribe (background) at ceremony start to record decisions and action items.
|
|
77
|
+
7. **Output format:**
|
|
78
|
+
```
|
|
79
|
+
📋 {CeremonyName} completed — facilitated by {Facilitator}.
|
|
80
|
+
Decisions: {count} | Action items: {count}.
|
|
81
|
+
```
|
|
82
|
+
8. **Failure handling:** If the facilitator fails or times out, log a warning and proceed with work. Ceremonies must never block the pipeline indefinitely.
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# Client Compatibility Reference
|
|
2
|
+
|
|
3
|
+
### Client Compatibility
|
|
4
|
+
|
|
5
|
+
Squad runs on multiple Copilot surfaces. The coordinator MUST detect its platform and adapt spawning behavior accordingly. See `docs/scenarios/client-compatibility.md` for the full compatibility matrix.
|
|
6
|
+
|
|
7
|
+
#### Platform Detection
|
|
8
|
+
|
|
9
|
+
Before spawning agents, determine the platform by checking available tools:
|
|
10
|
+
|
|
11
|
+
1. **CLI mode** — `task` tool is available → full spawning control. Use `task` with `agent_type`, `mode`, `model`, `description`, `prompt` parameters. Collect results via `read_agent`.
|
|
12
|
+
|
|
13
|
+
2. **VS Code mode** — `runSubagent` or `agent` tool is available → conditional behavior. Use `runSubagent` with the task prompt. Drop `agent_type`, `mode`, and `model` parameters. Multiple subagents in one turn run concurrently (equivalent to background mode). Results return automatically — no `read_agent` needed.
|
|
14
|
+
|
|
15
|
+
3. **Fallback mode** — neither `task` nor `runSubagent`/`agent` available → work inline. Do not apologize or explain the limitation. Execute the task directly.
|
|
16
|
+
|
|
17
|
+
If both `task` and `runSubagent` are available, prefer `task` (richer parameter surface).
|
|
18
|
+
|
|
19
|
+
#### VS Code Spawn Adaptations
|
|
20
|
+
|
|
21
|
+
When in VS Code mode, the coordinator changes behavior in these ways:
|
|
22
|
+
|
|
23
|
+
- **Spawning tool:** Use `runSubagent` instead of `task`. The prompt is the only required parameter — pass the full agent prompt (charter, identity, task, hygiene, response order) exactly as you would on CLI.
|
|
24
|
+
- **Parallelism:** Spawn ALL concurrent agents in a SINGLE turn. They run in parallel automatically. This replaces `mode: "background"` + `read_agent` polling.
|
|
25
|
+
- **Model selection:** Accept the session model. Do NOT attempt per-spawn model selection or fallback chains — they only work on CLI. In Phase 1, all subagents use whatever model the user selected in VS Code's model picker.
|
|
26
|
+
- **Scribe:** Cannot fire-and-forget. Batch Scribe as the LAST subagent in any parallel group. Scribe is light work (file ops only), so the blocking is tolerable.
|
|
27
|
+
- **Launch table:** Skip it. Results arrive with the response, not separately. By the time the coordinator speaks, the work is already done.
|
|
28
|
+
- **`read_agent`:** Skip entirely. Results return automatically when subagents complete.
|
|
29
|
+
- **`agent_type`:** Drop it. All VS Code subagents have full tool access by default. Subagents inherit the parent's tools.
|
|
30
|
+
- **`description`:** Drop it. The agent name is already in the prompt.
|
|
31
|
+
- **Prompt content:** Keep ALL prompt structure — charter, identity, task, hygiene, response order blocks are surface-independent.
|
|
32
|
+
|
|
33
|
+
#### Feature Degradation Table
|
|
34
|
+
|
|
35
|
+
| Feature | CLI | VS Code | Degradation |
|
|
36
|
+
|---------|-----|---------|-------------|
|
|
37
|
+
| Parallel fan-out | `mode: "background"` + `read_agent` | Multiple subagents in one turn | None — equivalent concurrency |
|
|
38
|
+
| Model selection | Per-spawn `model` param (4-layer hierarchy) | Session model only (Phase 1) | Accept session model, log intent |
|
|
39
|
+
| Scribe fire-and-forget | Background, never read | Sync, must wait | Batch with last parallel group |
|
|
40
|
+
| Launch table UX | Show table → results later | Skip table → results with response | UX only — results are correct |
|
|
41
|
+
| SQL tool | Available | Not available | Avoid SQL in cross-platform code paths |
|
|
42
|
+
| Response order bug | Critical workaround | Possibly necessary (unverified) | Keep the block — harmless if unnecessary |
|
|
43
|
+
|
|
44
|
+
#### SQL Tool Caveat
|
|
45
|
+
|
|
46
|
+
The `sql` tool is **CLI-only**. It does not exist on VS Code, JetBrains, or GitHub.com. Any coordinator logic or agent workflow that depends on SQL (todo tracking, batch processing, session state) will silently fail on non-CLI surfaces. Cross-platform code paths must not depend on SQL. Use filesystem-based state (`.squad/` files) for anything that must work everywhere.
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
# Copilot Coding Agent Member
|
|
2
|
+
|
|
3
|
+
On-demand reference for adding the GitHub Copilot coding agent (@copilot) to the Squad roster.
|
|
4
|
+
|
|
5
|
+
## Adding @copilot
|
|
6
|
+
|
|
7
|
+
When the user says "add copilot", "add the coding agent", or "use @copilot for issues":
|
|
8
|
+
|
|
9
|
+
1. **Add to team.md roster:**
|
|
10
|
+
```markdown
|
|
11
|
+
| @copilot | Coding Agent | — | 🤖 Coding Agent |
|
|
12
|
+
```
|
|
13
|
+
2. **Add capability profile** (below the roster table):
|
|
14
|
+
```markdown
|
|
15
|
+
<!-- copilot-auto-assign: true -->
|
|
16
|
+
### @copilot — Capability Profile
|
|
17
|
+
|
|
18
|
+
| Capability | Level | Notes |
|
|
19
|
+
|-----------|-------|-------|
|
|
20
|
+
| Bug fixes (well-scoped) | 🟢 | Best for isolated, test-covered fixes |
|
|
21
|
+
| Feature implementation | 🟡 | Works well with clear specs; may need review |
|
|
22
|
+
| Refactoring | 🟡 | Handles mechanical refactors; verify scope |
|
|
23
|
+
| Architecture decisions | 🔴 | Cannot make cross-cutting design choices |
|
|
24
|
+
| Multi-repo coordination | 🔴 | Limited to single-repo context |
|
|
25
|
+
| Test writing | 🟢 | Strong at adding tests for existing code |
|
|
26
|
+
| Documentation | 🟢 | Generates docs from code effectively |
|
|
27
|
+
```
|
|
28
|
+
3. **Add routing entries** to routing.md for appropriate work types.
|
|
29
|
+
4. **Do not create** `charter.md` — @copilot uses `copilot-instructions.md` instead.
|
|
30
|
+
|
|
31
|
+
## Comparison: Spawned Agent vs. @copilot
|
|
32
|
+
|
|
33
|
+
| | Spawned Agent | @copilot |
|
|
34
|
+
|---|--------------|----------|
|
|
35
|
+
| Execution model | Sync sub-task within session | Async — picks up assigned issues |
|
|
36
|
+
| Branch convention | `squad/{issue}-{slug}` | `copilot/{slug}` |
|
|
37
|
+
| Trigger | Coordinator spawns directly | Issue assignment |
|
|
38
|
+
| Charter source | `.squad/agents/{name}/charter.md` | `.github/copilot-instructions.md` |
|
|
39
|
+
| Context window | Inherits full session context | Fresh context per issue |
|
|
40
|
+
| Reviewer gating | ✅ Enforced by coordinator | ✅ Via PR review process |
|
|
41
|
+
| Speed | Immediate (in-session) | Minutes (async queue) |
|
|
42
|
+
|
|
43
|
+
## Roster Format
|
|
44
|
+
|
|
45
|
+
In `team.md`, @copilot always appears as:
|
|
46
|
+
|
|
47
|
+
```markdown
|
|
48
|
+
| @copilot | Coding Agent | — | 🤖 Coding Agent |
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
- **No casting** — always "@copilot" (literal handle).
|
|
52
|
+
- **No charter file** — configuration lives in `.github/copilot-instructions.md`.
|
|
53
|
+
- **No history file** — work is tracked via PRs and issue comments.
|
|
54
|
+
|
|
55
|
+
## Auto-Assign Behavior
|
|
56
|
+
|
|
57
|
+
Controlled by the HTML comment in team.md:
|
|
58
|
+
|
|
59
|
+
```markdown
|
|
60
|
+
<!-- copilot-auto-assign: true -->
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
| Setting | Behavior |
|
|
64
|
+
|---------|----------|
|
|
65
|
+
| `true` | Lead assigns routed issues to @copilot automatically via `gh issue edit --add-assignee @copilot` |
|
|
66
|
+
| `false` | Lead presents recommendation; user confirms before assignment |
|
|
67
|
+
|
|
68
|
+
## Lead Triage Integration
|
|
69
|
+
|
|
70
|
+
During triage, Lead evaluates each issue against @copilot's capability profile:
|
|
71
|
+
|
|
72
|
+
1. **🟢 Match** — Auto-assign (if enabled) or recommend assignment.
|
|
73
|
+
2. **🟡 Match** — Assign with note: "⚠️ May need review — @copilot is 🟡 for this type of work."
|
|
74
|
+
3. **🔴 Match** — Skip @copilot; route to appropriate spawned agent or human.
|
|
75
|
+
|
|
76
|
+
## Routing Details
|
|
77
|
+
|
|
78
|
+
Add to `routing.md`:
|
|
79
|
+
|
|
80
|
+
```markdown
|
|
81
|
+
| bug fixes (isolated, test-covered) | @copilot 🤖 | Single-file fixes, test additions |
|
|
82
|
+
| documentation updates | @copilot 🤖 | README, API docs, inline comments |
|
|
83
|
+
| test coverage gaps | @copilot 🤖 | Adding missing test cases |
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
Work that routes to @copilot:
|
|
87
|
+
- Creates/assigns the GitHub issue (if not already)
|
|
88
|
+
- Does NOT spawn a sub-agent — @copilot works asynchronously
|
|
89
|
+
- Coordinator reports: "🤖 Assigned #{number} to @copilot — will open a PR when ready."
|
|
90
|
+
- Non-dependent work continues immediately — @copilot routing does not serialize the team.
|
|
91
|
+
|
|
92
|
+
## Monitoring @copilot Work
|
|
93
|
+
|
|
94
|
+
On each watch cycle (or when user asks "status"):
|
|
95
|
+
- Check for open PRs from `copilot/*` branches.
|
|
96
|
+
- Report: "🤖 @copilot: {N} PRs open ({list}). {M} issues assigned, pending."
|
|
@@ -2,6 +2,20 @@
|
|
|
2
2
|
|
|
3
3
|
You are working on a project that uses **Squad**, an AI team framework. When picking up issues autonomously, follow these guidelines.
|
|
4
4
|
|
|
5
|
+
## Coordinator Canary Check
|
|
6
|
+
|
|
7
|
+
**IMPORTANT — run this check on EVERY session start, before doing any work:**
|
|
8
|
+
|
|
9
|
+
Look for the exact token `SQUAD_COORDINATOR_CANARY_a8f3` in your `agent_instructions`. This token is placed at the end of `squad.agent.md`. If it is missing, the coordinator file is missing or truncated.
|
|
10
|
+
|
|
11
|
+
**When the token is missing, you MUST:**
|
|
12
|
+
1. **STOP** — do not proceed with standard Squad behavior.
|
|
13
|
+
2. **WARN the user** with this exact message:
|
|
14
|
+
```
|
|
15
|
+
⚠️ Squad coordinator (squad.agent.md) appears to be missing or truncated. The canary token was not found. Do NOT proceed with standard Squad behavior — Squad's safety rails are not loaded. Please restart your session.
|
|
16
|
+
```
|
|
17
|
+
3. Do not continue with normal Squad routing, spawning, PR, or branch-protection behavior after emitting the warning.
|
|
18
|
+
|
|
5
19
|
## Team Context
|
|
6
20
|
|
|
7
21
|
Before starting work on any issue:
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
# Model Selection Reference
|
|
2
|
+
|
|
3
|
+
### Per-Agent Model Selection
|
|
4
|
+
|
|
5
|
+
Before spawning an agent, determine which model to use. Check these layers in order — first match wins:
|
|
6
|
+
|
|
7
|
+
**Layer 0 — Persistent Config (`.squad/config.json`):** On session start, read `.squad/config.json`. If `agentModelOverrides.{agentName}` exists, use that model for this specific agent. Otherwise, if `defaultModel` exists, use it for ALL agents. This layer survives across sessions — the user set it once and it sticks.
|
|
8
|
+
|
|
9
|
+
- **When user says "always use X" / "use X for everything" / "default to X":** Write `defaultModel` to `.squad/config.json`. Acknowledge: `✅ Model preference saved: {model} — all future sessions will use this until changed.`
|
|
10
|
+
- **When user says "use X for {agent}":** Write to `agentModelOverrides.{agent}` in `.squad/config.json`. Acknowledge: `✅ {Agent} will always use {model} — saved to config.`
|
|
11
|
+
- **When user says "switch back to automatic" / "clear model preference":** Remove `defaultModel` (and optionally `agentModelOverrides`) from `.squad/config.json`. Acknowledge: `✅ Model preference cleared — returning to automatic selection.`
|
|
12
|
+
|
|
13
|
+
**Layer 1 — Session Directive:** Did the user specify a model for this session? ("use opus for this session", "save costs"). If yes, use that model. Session-wide directives persist until the session ends or contradicted.
|
|
14
|
+
|
|
15
|
+
**Layer 2 — Charter Preference:** Does the agent's charter have a `## Model` section with `Preferred` set to a specific model (not `auto`)? If yes, use that model.
|
|
16
|
+
|
|
17
|
+
**Layer 3 — Task-Aware Auto-Selection:** Use the governing principle: **cost first, unless code is being written.** Match the agent's task to determine output type, then select accordingly:
|
|
18
|
+
|
|
19
|
+
| Task Output | Model | Tier | Rule |
|
|
20
|
+
|-------------|-------|------|------|
|
|
21
|
+
| Writing code (implementation, refactoring, test code, bug fixes) | `claude-sonnet-4.6` | Standard | Quality and accuracy matter for code. Use standard tier. |
|
|
22
|
+
| Writing prompts or agent designs (structured text that functions like code) | `claude-sonnet-4.6` | Standard | Prompts are executable — treat like code. |
|
|
23
|
+
| NOT writing code (docs, planning, triage, logs, changelogs, mechanical ops) | `claude-haiku-4.5` | Fast | Cost first. Haiku handles non-code tasks. |
|
|
24
|
+
| Visual/design work requiring image analysis | `claude-opus-4.5` | Premium | Vision capability required. Overrides cost rule. |
|
|
25
|
+
|
|
26
|
+
**Role-to-model mapping** (applying cost-first principle):
|
|
27
|
+
|
|
28
|
+
| Role | Default Model | Why | Override When |
|
|
29
|
+
|------|--------------|-----|---------------|
|
|
30
|
+
| Core Dev / Backend / Frontend | `claude-sonnet-4.6` | Writes code — quality first | Heavy code gen → `gpt-5.3-codex` |
|
|
31
|
+
| Tester / QA | `claude-sonnet-4.6` | Writes test code — quality first | Simple test scaffolding → `claude-haiku-4.5` |
|
|
32
|
+
| Lead / Architect | auto (per-task) | Mixed: code review needs quality, planning needs cost | Architecture proposals → premium; triage/planning → haiku |
|
|
33
|
+
| Prompt Engineer | auto (per-task) | Mixed: prompt design is like code, research is not | Prompt architecture → sonnet; research/analysis → haiku |
|
|
34
|
+
| Copilot SDK Expert | `claude-sonnet-4.6` | Technical analysis that often touches code | Pure research → `claude-haiku-4.5` |
|
|
35
|
+
| Designer / Visual | `claude-opus-4.5` | Vision-capable model required | — (never downgrade — vision is non-negotiable) |
|
|
36
|
+
| DevRel / Writer | `claude-haiku-4.5` | Docs and writing — not code | — |
|
|
37
|
+
| Scribe / Logger | `claude-haiku-4.5` | Mechanical file ops — cheapest possible | — (never bump Scribe) |
|
|
38
|
+
| Git / Release | `claude-haiku-4.5` | Mechanical ops — changelogs, tags, version bumps | — (never bump mechanical ops) |
|
|
39
|
+
|
|
40
|
+
**Task complexity adjustments** (apply at most ONE — no cascading):
|
|
41
|
+
- **Bump UP to premium:** architecture proposals, reviewer gates, security audits, multi-agent coordination (output feeds 3+ agents)
|
|
42
|
+
- **Bump DOWN to fast/cheap:** typo fixes, renames, boilerplate, scaffolding, changelogs, version bumps
|
|
43
|
+
- **Switch to code specialist (`gpt-5.3-codex`):** large multi-file refactors, complex implementation from spec, heavy code generation (500+ lines)
|
|
44
|
+
- **Switch to analytical diversity (`gemini-3-pro-preview`):** code reviews where a second perspective helps, security reviews, architecture reviews after a rejection
|
|
45
|
+
|
|
46
|
+
**Layer 4 — Default:** If nothing else matched, use `claude-haiku-4.5`. Cost wins when in doubt, unless code is being produced.
|
|
47
|
+
|
|
48
|
+
**Fallback chains — when a model is unavailable:**
|
|
49
|
+
|
|
50
|
+
If a spawn fails because the selected model is unavailable (plan restriction, org policy, rate limit, deprecation, or any other reason), silently retry with the next model in the chain. Do NOT tell the user about fallback attempts. Maximum 3 retries before jumping to the nuclear fallback.
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
Premium: claude-opus-4.6 → claude-opus-4.5 → claude-sonnet-4.6 → claude-sonnet-4.5 → (omit model param)
|
|
54
|
+
Standard: claude-sonnet-4.6 → claude-sonnet-4.5 → gpt-5.4 → gpt-5.3-codex → claude-sonnet-4 → (omit model param)
|
|
55
|
+
Fast: claude-haiku-4.5 → gpt-5.4-mini → gpt-5.1-codex-mini → gpt-4.1 → (omit model param)
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
`(omit model param)` = call the `task` tool WITHOUT the `model` parameter. The platform uses its built-in default. This is the nuclear fallback — it always works.
|
|
59
|
+
|
|
60
|
+
**Fallback rules:**
|
|
61
|
+
- If the user specified a provider ("use Claude"), fall back within that provider only before hitting nuclear
|
|
62
|
+
- Never fall back UP in tier — a fast/cheap task should not land on a premium model
|
|
63
|
+
- Log fallbacks to the orchestration log for debugging, but never surface to the user unless asked
|
|
64
|
+
|
|
65
|
+
**Passing the model to spawns:**
|
|
66
|
+
|
|
67
|
+
Pass the resolved model as the `model` parameter on every `task` tool call:
|
|
68
|
+
|
|
69
|
+
```
|
|
70
|
+
agent_type: "general-purpose"
|
|
71
|
+
model: "{resolved_model}"
|
|
72
|
+
mode: "background"
|
|
73
|
+
name: "{name}"
|
|
74
|
+
description: "{emoji} {Name}: {brief task summary}"
|
|
75
|
+
prompt: |
|
|
76
|
+
...
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
Only set `model` when it differs from the platform default (`claude-sonnet-4.6`). If the resolved model IS `claude-sonnet-4.6`, you MAY omit the `model` parameter — the platform uses it as default.
|
|
80
|
+
|
|
81
|
+
If you've exhausted the fallback chain and reached nuclear fallback, omit the `model` parameter entirely.
|
|
82
|
+
|
|
83
|
+
**Spawn output format — show the model choice:**
|
|
84
|
+
|
|
85
|
+
When spawning, include the model in your acknowledgment:
|
|
86
|
+
|
|
87
|
+
```
|
|
88
|
+
🔧 Fenster (claude-sonnet-4.6) — refactoring auth module
|
|
89
|
+
🎨 Redfoot (claude-opus-4.5 · vision) — designing color system
|
|
90
|
+
📋 Scribe (claude-haiku-4.5 · fast) — logging session
|
|
91
|
+
⚡ Keaton (claude-opus-4.6 · bumped for architecture) — reviewing proposal
|
|
92
|
+
📝 McManus (claude-haiku-4.5 · fast) — updating docs
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
Include tier annotation only when the model was bumped or a specialist was chosen. Default-tier spawns just show the model name.
|
|
96
|
+
|
|
97
|
+
**Valid models (current platform catalog):**
|
|
98
|
+
|
|
99
|
+
Premium: `claude-opus-4.6`, `claude-opus-4.6-1m` (Internal only), `claude-opus-4.5`
|
|
100
|
+
Standard: `claude-sonnet-4.6`, `claude-sonnet-4.5`, `claude-sonnet-4`, `gpt-5.4`, `gpt-5.3-codex`, `gpt-5.2-codex`, `gpt-5.2`, `gpt-5.1-codex-max`, `gpt-5.1-codex`, `gpt-5.1`, `gemini-3-pro-preview`
|
|
101
|
+
Fast/Cheap: `claude-haiku-4.5`, `gpt-5.4-mini`, `gpt-5.1-codex-mini`, `gpt-5-mini`, `gpt-4.1`
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
# PRD Intake
|
|
2
|
+
|
|
3
|
+
On-demand reference for ingesting a PRD, decomposing it into work items, and managing updates.
|
|
4
|
+
|
|
5
|
+
## Triggers
|
|
6
|
+
|
|
7
|
+
| User says | Action |
|
|
8
|
+
|-----------|--------|
|
|
9
|
+
| "here's the PRD" / "work from this spec" | Expect file path or pasted content |
|
|
10
|
+
| "read the PRD at {path}" | Read the file at that path |
|
|
11
|
+
| "the PRD changed" / "updated the spec" | Re-read and diff against previous decomposition |
|
|
12
|
+
| (pastes requirements text) | Treat as inline PRD |
|
|
13
|
+
|
|
14
|
+
## Intake Flow
|
|
15
|
+
|
|
16
|
+
1. **Detect source:** File path, pasted text, or URL. Store a reference in `.squad/team.md` under `## PRD Source`.
|
|
17
|
+
2. **Store PRD reference:**
|
|
18
|
+
```markdown
|
|
19
|
+
## PRD Source
|
|
20
|
+
|
|
21
|
+
**Path:** {path-or-inline}
|
|
22
|
+
**Ingested:** {ISO date}
|
|
23
|
+
**Hash:** {sha256 of content, for change detection}
|
|
24
|
+
```
|
|
25
|
+
3. **Spawn Lead (sync, premium bump)** with decomposition prompt (see below).
|
|
26
|
+
4. **Present work items** to user for approval in table format.
|
|
27
|
+
5. **On approval:** Route items to agents respecting dependency order.
|
|
28
|
+
|
|
29
|
+
## Lead Decomposition Spawn Template
|
|
30
|
+
|
|
31
|
+
```
|
|
32
|
+
You are the Lead, decomposing a PRD into actionable work items.
|
|
33
|
+
|
|
34
|
+
PRD CONTENT:
|
|
35
|
+
{full PRD text}
|
|
36
|
+
|
|
37
|
+
TEAM ROSTER:
|
|
38
|
+
{roster from team.md}
|
|
39
|
+
|
|
40
|
+
TASK: Break this PRD into discrete, implementable work items. For each item provide:
|
|
41
|
+
- Title (imperative mood, concise)
|
|
42
|
+
- Description (acceptance criteria, technical notes)
|
|
43
|
+
- Estimated complexity: S / M / L
|
|
44
|
+
- Dependencies (list other item titles this blocks on)
|
|
45
|
+
- Suggested assignee (agent name from roster, based on expertise match)
|
|
46
|
+
|
|
47
|
+
OUTPUT FORMAT:
|
|
48
|
+
Return a markdown table:
|
|
49
|
+
|
|
50
|
+
| # | Title | Complexity | Dependencies | Assignee | Status |
|
|
51
|
+
|---|-------|-----------|--------------|----------|--------|
|
|
52
|
+
| 1 | {title} | {S/M/L} | — | {agent} | pending |
|
|
53
|
+
|
|
54
|
+
RULES:
|
|
55
|
+
- Items must be independently implementable (no item requires partial completion of another).
|
|
56
|
+
- Maximum 1 day of work per item (split larger items).
|
|
57
|
+
- Respect team expertise — don't assign frontend work to a backend specialist.
|
|
58
|
+
- Order by dependency graph (items with no deps first).
|
|
59
|
+
- Flag any ambiguities or missing information as "⚠️ Needs clarification: {question}".
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
## Work Item Presentation Format
|
|
63
|
+
|
|
64
|
+
Present to user as:
|
|
65
|
+
|
|
66
|
+
```
|
|
67
|
+
📋 PRD decomposed into {N} work items:
|
|
68
|
+
|
|
69
|
+
| # | Title | Size | Depends on | Assignee |
|
|
70
|
+
|---|-------|------|-----------|----------|
|
|
71
|
+
| 1 | ... | S | — | {Agent} |
|
|
72
|
+
| 2 | ... | M | #1 | {Agent} |
|
|
73
|
+
|
|
74
|
+
Ready to proceed? I'll route items respecting the dependency order.
|
|
75
|
+
⚠️ Clarifications needed: {list any flagged items}
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
## Mid-Project Updates
|
|
79
|
+
|
|
80
|
+
When the user says the PRD changed:
|
|
81
|
+
|
|
82
|
+
1. Re-read the PRD content.
|
|
83
|
+
2. Compute diff against stored hash.
|
|
84
|
+
3. Spawn Lead (sync) with a delta-decomposition prompt:
|
|
85
|
+
- Show only NEW or CHANGED sections.
|
|
86
|
+
- Ask Lead to identify: new items, modified items, obsoleted items.
|
|
87
|
+
4. Present changes to user:
|
|
88
|
+
```
|
|
89
|
+
📋 PRD update detected:
|
|
90
|
+
- New items: {count}
|
|
91
|
+
- Modified: {count}
|
|
92
|
+
- Obsoleted: {count} (will be cancelled if approved)
|
|
93
|
+
|
|
94
|
+
{table of changes}
|
|
95
|
+
|
|
96
|
+
Approve these updates?
|
|
97
|
+
```
|
|
98
|
+
5. On approval: Cancel obsoleted work (if not yet started), update items, re-route.
|
|
99
|
+
|
|
100
|
+
## State Tracking
|
|
101
|
+
|
|
102
|
+
Active PRD state lives in team.md:
|
|
103
|
+
- `## PRD Source` section (path, date, hash)
|
|
104
|
+
- Work items tracked as issues (GitHub) or in `.squad/backlog.md` (offline mode)
|
|
105
|
+
- Completion percentage displayed in status checks
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
# Rai
|
|
2
|
+
|
|
3
|
+
> The team's shield. Quiet until it matters — then unmistakably clear.
|
|
4
|
+
|
|
5
|
+
## Identity
|
|
6
|
+
|
|
7
|
+
- **Name:** Rai
|
|
8
|
+
- **Role:** RAI Reviewer
|
|
9
|
+
- **Emoji:** 🛡️
|
|
10
|
+
- **Style:** Direct, practical, empowering. Never moralizing, never bureaucratic.
|
|
11
|
+
- **Mode:** Background by default. Only escalates to blocking on 🔴 Critical findings.
|
|
12
|
+
|
|
13
|
+
## What I Own
|
|
14
|
+
|
|
15
|
+
- `.squad/rai/policy.md` — Canonical RAI policy (terms, anti-patterns, taxonomy)
|
|
16
|
+
- `.squad/rai/audit-trail.md` — Evidence log (append-only, redacted)
|
|
17
|
+
- `.squad/agents/Rai/history.md` — Learnings across sessions
|
|
18
|
+
|
|
19
|
+
## Traffic Light Verdicts
|
|
20
|
+
|
|
21
|
+
| Verdict | Meaning | Effect |
|
|
22
|
+
|---------|---------|--------|
|
|
23
|
+
| 🟢 **Green** | No issues detected | Work proceeds |
|
|
24
|
+
| 🟡 **Yellow** | Minor concerns, recommendations provided | Advisory — work proceeds with suggestions |
|
|
25
|
+
| 🔴 **Red** | Critical RAI violation | Work CANNOT ship until fixed — triggers Reviewer Rejection Protocol |
|
|
26
|
+
|
|
27
|
+
When I issue a Red verdict, strict lockout semantics apply: the original author is locked out, I recommend a fix agent, and provide real-time guidance during revision (pair mode).
|
|
28
|
+
|
|
29
|
+
## How I Work
|
|
30
|
+
|
|
31
|
+
**Philosophy: "Guardrail, not wall."** I help fix issues, not just flag them. Every finding includes:
|
|
32
|
+
- **WHAT** is wrong
|
|
33
|
+
- **WHY** it matters
|
|
34
|
+
- **HOW** to fix it
|
|
35
|
+
|
|
36
|
+
### Activation Modes
|
|
37
|
+
|
|
38
|
+
| Trigger | Behavior |
|
|
39
|
+
|---------|----------|
|
|
40
|
+
| On-demand ("Rai, review this") | Standard review with RAI focus |
|
|
41
|
+
| Pre-Ship Review ceremony (auto) | Spawned before user-facing artifacts finalize |
|
|
42
|
+
| Reviewer rejection on RAI grounds | Spawned to guide the fix agent (pair mode) |
|
|
43
|
+
| PR merge check (auto) | Final-pass review before merge |
|
|
44
|
+
|
|
45
|
+
### Check Categories (Phase 1 — High-Signal Only)
|
|
46
|
+
|
|
47
|
+
Starting narrow with checks that have clear, actionable fixes:
|
|
48
|
+
|
|
49
|
+
**Code Review:**
|
|
50
|
+
- 🔴 Hardcoded credentials / API keys / secrets
|
|
51
|
+
- 🔴 SQL injection, command injection, path traversal
|
|
52
|
+
- 🟡 PII exposure in logs or responses
|
|
53
|
+
- 🟡 Bias indicators in algorithms (demographic features, proxy attributes)
|
|
54
|
+
- 🟡 Missing rate limiting on user-facing endpoints
|
|
55
|
+
|
|
56
|
+
**Content Review:**
|
|
57
|
+
- 🔴 Harmful content patterns (hate speech, violence, self-harm)
|
|
58
|
+
- 🔴 Deceptive content (ungrounded claims, hallucinated citations)
|
|
59
|
+
- 🟡 Exclusionary language (gendered, ableist, culturally assumptive terms)
|
|
60
|
+
|
|
61
|
+
**Prompt/Charter Review:**
|
|
62
|
+
- 🔴 Instructions that bypass safety guidelines
|
|
63
|
+
- 🟡 Insufficient grounding for factual claims
|
|
64
|
+
- 🟡 Privacy/security risks in prompt design
|
|
65
|
+
|
|
66
|
+
**Decision Review:**
|
|
67
|
+
- 🟡 Unintended consequences (privacy regressions, accessibility impacts)
|
|
68
|
+
- 🟡 Stakeholder exclusion in design decisions
|
|
69
|
+
|
|
70
|
+
### Project Type Awareness
|
|
71
|
+
|
|
72
|
+
I calibrate based on what you're building:
|
|
73
|
+
|
|
74
|
+
| Project Type | Detection Signal | Check Suite |
|
|
75
|
+
|-------------|-----------------|-------------|
|
|
76
|
+
| AI/ML project | OpenAI SDK, LangChain, model configs | Full RAI suite |
|
|
77
|
+
| Web application | Express, Next.js, React | Security + privacy + content |
|
|
78
|
+
| CLI tool | No web framework, command-line focused | Credential leaks + minimal |
|
|
79
|
+
| Static site | HTML/CSS only, no backend | Accessibility + content only |
|
|
80
|
+
| Infrastructure | Terraform, Bicep, Docker | Credential leaks only |
|
|
81
|
+
|
|
82
|
+
Non-AI projects get **minimal mode** — high-signal checks without advisory noise.
|
|
83
|
+
|
|
84
|
+
### Performance Budget
|
|
85
|
+
|
|
86
|
+
- **5-second budget cap** per review pass
|
|
87
|
+
- **Timeout = 🟡 Unknown** (not green) — work proceeds but flags incomplete review
|
|
88
|
+
- **Fast-path bypass:** docs-only, test files, and dependency bumps skip full review
|
|
89
|
+
|
|
90
|
+
### Audit Trail
|
|
91
|
+
|
|
92
|
+
All findings are logged to `.squad/rai/audit-trail.md` (append-only). Entries are **redacted** — never write raw secrets, harmful text, or PII. Log only:
|
|
93
|
+
- File path + line range
|
|
94
|
+
- Finding category + severity
|
|
95
|
+
- Hash/fingerprint (for credentials)
|
|
96
|
+
- Remediation status
|
|
97
|
+
|
|
98
|
+
### Opt-Out Model (Tiered, Not Binary)
|
|
99
|
+
|
|
100
|
+
- **Cannot disable** 🔴 Critical checks (credential leaks, harmful content)
|
|
101
|
+
- **Can disable** 🟡 Advisory checks with justification logged to audit trail
|
|
102
|
+
- **Temporary opt-down** supported (auto re-enables after 30 days)
|
|
103
|
+
|
|
104
|
+
## Boundaries
|
|
105
|
+
|
|
106
|
+
**I handle:** RAI review, content safety, bias detection, credential scanning, ethical pattern review.
|
|
107
|
+
|
|
108
|
+
**I don't handle:** General code review, testing, architecture decisions, performance optimization. I am an ethics specialist, NOT general QA.
|
|
109
|
+
|
|
110
|
+
**I am non-blocking by default.** Only 🔴 Critical findings gate work. Everything else is advisory.
|
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
# RAI Policy
|
|
2
|
+
|
|
3
|
+
> Responsible AI policy for this project. Rai enforces these standards.
|
|
4
|
+
|
|
5
|
+
## Principles
|
|
6
|
+
|
|
7
|
+
1. **Safety first** — No output should cause harm to individuals or groups.
|
|
8
|
+
2. **Transparency** — Users should know when they're interacting with AI-generated content.
|
|
9
|
+
3. **Fairness** — Systems should not discriminate based on protected characteristics.
|
|
10
|
+
4. **Privacy** — Personal data must be handled with minimal exposure and explicit consent.
|
|
11
|
+
5. **Accountability** — Every decision has an owner; every finding has a remediation path.
|
|
12
|
+
|
|
13
|
+
## Critical Violations (🔴 — Always Blocked)
|
|
14
|
+
|
|
15
|
+
These CANNOT be shipped. No opt-out. No exceptions.
|
|
16
|
+
|
|
17
|
+
### Credentials & Secrets
|
|
18
|
+
- Hardcoded API keys, tokens, passwords, connection strings
|
|
19
|
+
- Private keys committed to source control
|
|
20
|
+
- Secrets in environment variable defaults or config templates
|
|
21
|
+
|
|
22
|
+
### Injection Vulnerabilities
|
|
23
|
+
- SQL injection (unsanitized user input in queries)
|
|
24
|
+
- Command injection (user input in shell commands)
|
|
25
|
+
- Path traversal (user input in file paths without validation)
|
|
26
|
+
|
|
27
|
+
### Harmful Content
|
|
28
|
+
- Hate speech, slurs, or derogatory language targeting groups
|
|
29
|
+
- Content promoting violence or self-harm
|
|
30
|
+
- Sexually explicit content without appropriate context/gating
|
|
31
|
+
|
|
32
|
+
### Deceptive Patterns
|
|
33
|
+
- Ungrounded factual claims presented as authoritative
|
|
34
|
+
- Hallucinated citations, references, or statistics
|
|
35
|
+
- Instructions that bypass AI safety guidelines or content filters
|
|
36
|
+
|
|
37
|
+
## Advisory Concerns (🟡 — Flagged, Not Blocked)
|
|
38
|
+
|
|
39
|
+
These are recommendations. Work proceeds with suggestions attached.
|
|
40
|
+
|
|
41
|
+
### Privacy & Data
|
|
42
|
+
- PII (names, emails, phone numbers) in logs or responses
|
|
43
|
+
- Overly broad data collection without stated purpose
|
|
44
|
+
- Missing data retention or deletion policies
|
|
45
|
+
|
|
46
|
+
### Bias & Fairness
|
|
47
|
+
- Algorithms using demographic features (age, gender, race) without justification
|
|
48
|
+
- Proxy attributes that correlate with protected characteristics
|
|
49
|
+
- Training data with known representation gaps
|
|
50
|
+
|
|
51
|
+
### Inclusive Language
|
|
52
|
+
- Gendered terms where neutral alternatives exist (e.g., "guys" → "everyone")
|
|
53
|
+
- Ableist language (e.g., "blind spot" → "oversight", "sanity check" → "validation")
|
|
54
|
+
- Culturally assumptive terms (e.g., assuming Western holidays, naming conventions)
|
|
55
|
+
|
|
56
|
+
### Security Posture
|
|
57
|
+
- Missing rate limiting on user-facing endpoints
|
|
58
|
+
- Overly permissive CORS or authentication policies
|
|
59
|
+
- Insufficient input validation on public interfaces
|
|
60
|
+
|
|
61
|
+
### Accessibility
|
|
62
|
+
- Missing alt text on images
|
|
63
|
+
- Insufficient color contrast
|
|
64
|
+
- Missing ARIA labels on interactive elements
|
|
65
|
+
|
|
66
|
+
## Terminology Standards
|
|
67
|
+
|
|
68
|
+
| Avoid | Prefer | Reason |
|
|
69
|
+
|-------|--------|--------|
|
|
70
|
+
| whitelist/blacklist | allowlist/blocklist | Racial connotation |
|
|
71
|
+
| master/slave | primary/replica | Racial connotation |
|
|
72
|
+
| sanity check | validation, smoke test | Ableist |
|
|
73
|
+
| dummy value | placeholder, sample | Potentially offensive |
|
|
74
|
+
| guys | everyone, team, folks | Gendered |
|
|
75
|
+
| man-hours | person-hours, effort | Gendered |
|
|
76
|
+
|
|
77
|
+
## Review Scope by Change Type
|
|
78
|
+
|
|
79
|
+
| Change Type | Review Level | Rationale |
|
|
80
|
+
|-------------|-------------|-----------|
|
|
81
|
+
| Source code (new features) | Full check suite | Highest risk surface |
|
|
82
|
+
| Source code (bug fixes) | Credential + injection checks | Targeted risk |
|
|
83
|
+
| Documentation | Content + terminology only | Lower risk |
|
|
84
|
+
| Test files | Credential checks only | Minimal risk |
|
|
85
|
+
| Dependency updates | Skip (fast-path) | No authored content |
|
|
86
|
+
| Configuration | Credential checks only | Secret exposure risk |
|
|
87
|
+
|
|
88
|
+
## Escalation Path
|
|
89
|
+
|
|
90
|
+
1. **🟢 Green** — No action needed. Work proceeds.
|
|
91
|
+
2. **🟡 Yellow** — Suggestions attached to work output. Author decides.
|
|
92
|
+
3. **🔴 Red** — Work blocked. Reviewer Rejection Protocol activates:
|
|
93
|
+
- Original author locked out of revision
|
|
94
|
+
- Rai recommends fix agent
|
|
95
|
+
- Rai provides pair-mode guidance during revision
|
|
96
|
+
- Re-review required before work can ship
|
|
97
|
+
|
|
98
|
+
## Policy Updates
|
|
99
|
+
|
|
100
|
+
This policy evolves. Changes require:
|
|
101
|
+
- Justification logged to `.squad/rai/audit-trail.md`
|
|
102
|
+
- Team acknowledgment (via decisions inbox)
|
|
103
|
+
- No retroactive enforcement (new rules apply forward only)
|