npm - @bvdm/delano - Versions diffs - 0.1.7 → 0.2.0 - Mend

@bvdm/delano 0.1.7 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/assets/payload/.agents/adapters/codex/README.md CHANGED Viewed

@@ -1,5 +1,24 @@
 # Codex adapter
-- Start from `AGENTS.md`
-- Use `.project/` as source of truth
-- Reuse runtime scripts via `.agents/scripts/*` (or `.claude/scripts/*` compatibility symlink)
+## Start here
+1. Read root `AGENTS.md` first.
+2. Use this note only for Codex-specific execution reminders.
+3. Inspect `git status --short --branch` and the assigned `.project` contract before editing.
+## Runtime paths
+- Delivery contracts: `.project/`
+- Canonical runtime scripts, hooks, rules, and skills: `.agents/`
+- Compatibility path if needed: `.claude/`
+## Commands
+- `bash .agents/scripts/pm/validate.sh`
+- `npm test`
+- `npm run build:assets`
+- `npm run check:package-manifest`
+## Completion and safety
+Keep changes task-scoped, record evidence before marking done, and report exactly which validation commands passed or were not run. Do not force-push, apply remote writes, commit unsafe logs, or expose local absolute paths unless an explicit task instruction requires it.

package/assets/payload/.agents/adapters/opencode/README.md CHANGED Viewed

@@ -1,5 +1,24 @@
 # OpenCode adapter
-- Start from `AGENTS.md`
-- Use `.project/` as source of truth
-- Reuse runtime scripts via `.agents/scripts/*` (or `.claude/scripts/*` compatibility symlink)
+## Start here
+1. Read root `AGENTS.md` first.
+2. Use this note only for OpenCode-specific execution reminders.
+3. Inspect `git status --short --branch` and the assigned `.project` contract before editing.
+## Runtime paths
+- Delivery contracts: `.project/`
+- Canonical runtime scripts, hooks, rules, and skills: `.agents/`
+- Compatibility path if needed: `.claude/`
+## Commands
+- `bash .agents/scripts/pm/validate.sh`
+- `npm test`
+- `npm run build:assets`
+- `npm run check:package-manifest`
+## Completion and safety
+Keep changes task-scoped, record evidence before marking done, and report exactly which validation commands passed or were not run. Do not force-push, apply remote writes, commit unsafe logs, or expose local absolute paths unless an explicit task instruction requires it.

package/assets/payload/.agents/adapters/pi/README.md CHANGED Viewed

@@ -1,5 +1,24 @@
 # Pi adapter
-- Start from `AGENTS.md`
-- Use `.project/` as source of truth
-- Reuse runtime scripts via `.agents/scripts/*` (or `.claude/scripts/*` compatibility symlink)
+## Start here
+1. Read root `AGENTS.md` first.
+2. Use this note only for Pi-specific execution reminders.
+3. Inspect `git status --short --branch` and the assigned `.project` contract before editing.
+## Runtime paths
+- Delivery contracts: `.project/`
+- Canonical runtime scripts, hooks, rules, and skills: `.agents/`
+- Compatibility path if needed: `.claude/`
+## Commands
+- `bash .agents/scripts/pm/validate.sh`
+- `npm test`
+- `npm run build:assets`
+- `npm run check:package-manifest`
+## Completion and safety
+Keep changes task-scoped, record evidence before marking done, and report exactly which validation commands passed or were not run. Do not force-push, apply remote writes, commit unsafe logs, or expose local absolute paths unless an explicit task instruction requires it.

package/assets/payload/.agents/common/log-safety.js ADDED Viewed

@@ -0,0 +1,55 @@
+const crypto = require('crypto');
+const SECRET_PATTERNS = [
+  /\b(sk-[A-Za-z0-9_-]{12,})\b/g,
+  /\b(github_pat_[A-Za-z0-9_]{20,})\b/g,
+  /\b(gh[pousr]_[A-Za-z0-9_]{20,})\b/g,
+  /\b(xox[baprs]-[A-Za-z0-9-]{10,})\b/g,
+  /\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b/g,
+  /\b(password|passwd|pwd|secret|token|api[_-]?key)\s*[:=]\s*([^\s"']+)/gi
+];
+function sha256Hex(value) {
+  return crypto.createHash('sha256').update(String(value || '')).digest('hex');
+}
+function envFlag(name, defaultValue = false) {
+  const value = process.env[name];
+  if (value === undefined || value === '') return defaultValue;
+  return ['1', 'true', 'yes', 'on'].includes(String(value).toLowerCase());
+}
+function redactString(value) {
+  let output = String(value || '');
+  let replacements = 0;
+  for (const pattern of SECRET_PATTERNS) {
+    output = output.replace(pattern, (...args) => {
+      replacements += 1;
+      const match = args[0];
+      if (/^(password|passwd|pwd|secret|token|api[_-]?key)/i.test(match)) {
+        return match.replace(/[:=]\s*[^\s"']+/i, ': [REDACTED]');
+      }
+      return '[REDACTED]';
+    });
+  }
+  return { value: output, replacements };
+}
+function redactObject(value) {
+  if (typeof value === 'string') return redactString(value).value;
+  if (Array.isArray(value)) return value.map(redactObject);
+  if (!value || typeof value !== 'object') return value;
+  return Object.fromEntries(
+    Object.entries(value).map(([key, nested]) => [key, redactObject(nested)])
+  );
+}
+module.exports = {
+  envFlag,
+  redactObject,
+  redactString,
+  sha256Hex
+};

package/assets/payload/.agents/eval-fixtures/skill-output/invalid/missing-evidence/output.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "schema_version": 1,
+  "skill": "learning-skill",
+  "outcome": "claims success without evidence",
+  "privacy": "metadata-only"
+}

package/assets/payload/.agents/eval-fixtures/skill-output/valid/summary/output.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "schema_version": 1,
+  "skill": "learning-skill",
+  "outcome": "summary-only delivery metrics recorded",
+  "evidence": ["scripts/summarize-project-metrics.mjs", ".project/registry/linear-map.json"],
+  "privacy": "metadata-only"
+}

package/assets/payload/.agents/fixtures/github/status-snapshot.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "schema_version": 1,
+  "source": "mock-github-status-snapshot",
+  "generated_at": "2026-04-30T00:55:00Z",
+  "repositories": []
+}

package/assets/payload/.agents/fixtures/linear/issue-snapshot.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "schema_version": 1,
+  "source": "mock-linear-issue-snapshot",
+  "generated_at": "2026-04-30T01:05:00Z",
+  "issues": []
+}

package/assets/payload/.agents/hooks/bash-worktree-fix.sh CHANGED Viewed

@@ -4,4 +4,5 @@ set -euo pipefail
 # Ensure shell starts in repository root when invoked from nested worktree paths.
 root="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
 cd "$root"
-echo "worktree context set: $root"
+repo_name="$(basename "$root")"
+echo "worktree context set: <repo-root> ($repo_name)"

package/assets/payload/.agents/hooks/post-tool-logger.js CHANGED Viewed

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 const fs = require('fs');
 const path = require('path');
+const { redactObject } = require('../common/log-safety');
 const payload = process.argv[2] ? JSON.parse(process.argv[2]) : { type: 'tool_mutation' };
 const root = process.cwd();
@@ -12,7 +13,7 @@ const row = {
   timestamp: new Date().toISOString(),
   type: payload.type || 'tool_mutation',
   actor: payload.actor || 'runtime',
-  meta: payload.meta || {}
+  meta: redactObject(payload.meta || {})
 };
 fs.appendFileSync(file, JSON.stringify(row) + '\n', 'utf8');

package/assets/payload/.agents/hooks/user-prompt-logger.js CHANGED Viewed

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 const fs = require('fs');
 const path = require('path');
+const { envFlag, redactString, sha256Hex } = require('../common/log-safety');
 const prompt = process.argv.slice(2).join(' ');
 if (!prompt) process.exit(0);
@@ -10,9 +11,24 @@ const dir = path.join(root, '.agents', 'logs');
 const file = path.join(dir, 'prompts.jsonl');
 fs.mkdirSync(dir, { recursive: true });
+const redacted = redactString(prompt);
 const row = {
   timestamp: new Date().toISOString(),
-  prompt
+  prompt_hash: sha256Hex(prompt),
+  prompt_length: prompt.length,
+  redaction: {
+    applied: redacted.replacements > 0,
+    replacements: redacted.replacements
+  }
 };
+if (envFlag('DELANO_LOG_REDACTED_PROMPTS')) {
+  row.prompt_redacted = redacted.value;
+}
+if (envFlag('DELANO_LOG_RAW_PROMPTS')) {
+  row.prompt_raw = envFlag('DELANO_LOG_UNREDACTED_PROMPTS') ? prompt : redacted.value;
+  row.raw_prompt_redacted = !envFlag('DELANO_LOG_UNREDACTED_PROMPTS');
+}
 fs.appendFileSync(file, JSON.stringify(row) + '\n', 'utf8');

package/assets/payload/.agents/logs/delivery-metrics.md ADDED Viewed

@@ -0,0 +1,22 @@
+# Delivery Metrics
+Delivery metric events are local, metadata-only records used to summarize Delano delivery flow without copying prompt text, raw logs, customer data, or machine-local paths.
+## Location
+- Runtime stream: `.agents/logs/delivery-events.jsonl`
+- Compatibility runtime: `.claude/logs/delivery-events.jsonl`
+- Contract: `.agents/schemas/metrics/delivery-events.schema.json`
+## Captured events
+- `task_status_changed`: task lifecycle movement, especially ready/in-progress/done/blocked.
+- `validation_run`: validation command result and count summary.
+- `lease_acquired` / `lease_released`: multi-agent lease lifecycle.
+- `drift_report_generated`: dry-run sync drift report summary.
+- `repair_plan_created`: gated repair plan summary.
+- `closeout_recorded`: closeout and learning-loop handoff.
+## Privacy posture
+Events are metadata-only summaries. Store repo-relative paths only, hash or omit sensitive values, and keep command evidence limited to commands that are safe to show in local project evidence.

package/assets/payload/.agents/logs/schema.md CHANGED Viewed

@@ -1,7 +1,11 @@
 # Log Schema
+Delano logs are local runtime evidence. Treat them as operationally sensitive and do not copy them into public issues, PRs, or reports without review.
 ## `changes.jsonl`
+Metadata is redacted before write by Delano logging helpers.
 ```json
 {
   "timestamp": "ISO8601 UTC",
@@ -23,15 +27,30 @@
 ## `prompts.jsonl`
+Raw prompt text is not stored by default. Default prompt logs store only hash/length/redaction metadata.
 ```json
 {
   "timestamp": "ISO8601 UTC",
-  "prompt": "string"
+  "prompt_hash": "sha256 hex string",
+  "prompt_length": 123,
+  "redaction": {
+    "applied": true,
+    "replacements": 1
+  }
 }
 ```
+Optional environment flags:
+- `DELANO_LOG_REDACTED_PROMPTS=1`: also write `prompt_redacted`.
+- `DELANO_LOG_RAW_PROMPTS=1`: also write `prompt_raw`, redacted unless explicitly overridden.
+- `DELANO_LOG_UNREDACTED_PROMPTS=1`: allow unredacted `prompt_raw`; only use in private debugging contexts.
 ## `test-runs.jsonl`
+Test logs intentionally preserve command output as evidence. Review logs before sharing outside the local repo.
 ```json
 {
   "timestamp": "ISO8601 UTC",

package/assets/payload/.agents/rules/delivery-modes.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Delano operating modes
+Use operating modes to choose the lightest safe delivery contract. The mode should reduce ambiguity, not add ceremony.
+| Mode | Slug | Name | Best fit | Minimum contract |
+| --- | --- | --- | --- | --- |
+| 0 | patch | Patch | Tiny, low-risk fix with obvious validation | Focused change plus validation evidence |
+| 1 | scoped-change | Scoped change | Bounded task with clear acceptance criteria | Task contract, acceptance criteria, local validation |
+| 2 | feature | Feature | Multi-step delivery with clear solution direction | Spec/plan, task sequence or workstream, validation gate |
+| 3 | uncertain-feature | Uncertain feature | Feature with meaningful unknowns | Uncertainty statement, probe decision, probe evidence before build commitment |
+| 4 | multi-stream | Multi-stream delivery | Concurrent streams or coordination/collision risk | Workstream map, conflict zones or leases, handoff summaries, sync/drift checks when relevant |
+## Validation posture
+`operating-modes.json` is the canonical machine-readable contract. `npm run check:operating-modes` verifies that modes 0 through 4 are present, ordered, uniquely named, and documented with requirements.
+Modes are additive for now. Existing artifacts do not need an `operating_mode` field until stricter migration work lands.

package/assets/payload/.agents/schemas/README.md ADDED Viewed

@@ -0,0 +1,22 @@
+# Delano artifact schema scope
+This directory defines the first contract surface for Delano project artifacts.
+`artifact-scope.json` defines which artifacts are in scope, which fields are required or optional, which fields should become enum-constrained, and which values can be derived by tooling later.
+`artifacts/*.schema.json` contains the first JSON Schema contracts for each scoped artifact type. The schemas are intentionally additive: they make canonical fields explicit without forbidding current project-specific metadata.
+## In scope for the first schema pass
+- Project specs
+- Project plans
+- Workstreams
+- Tasks
+- Decision logs
+- Updates
+- Context documents
+- Evidence records in task logs or update files
+## Validation posture
+The scope and schema contracts are additive and local-first. Existing validation still runs through `bash .agents/scripts/pm/validate.sh`; schema-specific validation starts with `npm run check:artifact-scope` and `npm run check:artifact-schemas` before stricter artifact-instance enforcement is added.

package/assets/payload/.agents/schemas/artifact-scope.json ADDED Viewed

@@ -0,0 +1,237 @@
+{
+  "schema_version": 1,
+  "status": "draft",
+  "purpose": "Defines the first enforceable Delano artifact contract surface before JSON schemas are introduced.",
+  "artifact_types": {
+    "spec": {
+      "path_patterns": [
+        ".project/projects/<project>/spec.md"
+      ],
+      "frontmatter": true,
+      "required_fields": [
+        "name",
+        "slug",
+        "owner",
+        "status",
+        "created",
+        "updated",
+        "outcome",
+        "uncertainty",
+        "probe_required",
+        "probe_status"
+      ],
+      "optional_fields": [
+        "source_review",
+        "external_reference",
+        "target_version",
+        "operating_mode"
+      ],
+      "enum_fields": {
+        "status": [
+          "planned",
+          "active",
+          "complete",
+          "deferred"
+        ],
+        "probe_required": [
+          "true",
+          "false"
+        ],
+        "probe_status": [
+          "not-started",
+          "pending",
+          "completed",
+          "skipped"
+        ]
+      },
+      "derived_fields": [
+        "slug may be derived from the project directory name when absent in future migration tooling"
+      ],
+      "schema_path": ".agents/schemas/artifacts/spec.schema.json"
+    },
+    "plan": {
+      "path_patterns": [
+        ".project/projects/<project>/plan.md"
+      ],
+      "frontmatter": true,
+      "required_fields": [
+        "name",
+        "status",
+        "lead",
+        "created",
+        "updated",
+        "linear_project_id",
+        "risk_level",
+        "spec_status_at_plan_time"
+      ],
+      "optional_fields": [
+        "target_version",
+        "operating_mode"
+      ],
+      "enum_fields": {
+        "status": [
+          "planned",
+          "active",
+          "done",
+          "deferred"
+        ],
+        "risk_level": [
+          "low",
+          "medium",
+          "high"
+        ]
+      },
+      "derived_fields": [
+        "spec_status_at_plan_time is copied from spec.status when the plan is created"
+      ],
+      "schema_path": ".agents/schemas/artifacts/plan.schema.json"
+    },
+    "workstream": {
+      "path_patterns": [
+        ".project/projects/<project>/workstreams/*.md"
+      ],
+      "frontmatter": true,
+      "required_fields": [
+        "name",
+        "status",
+        "owner",
+        "created",
+        "updated"
+      ],
+      "optional_fields": [
+        "id",
+        "child_project",
+        "operating_mode"
+      ],
+      "enum_fields": {
+        "status": [
+          "planned",
+          "active",
+          "done",
+          "deferred"
+        ]
+      },
+      "derived_fields": [
+        "id may be derived from a canonical filename prefix like WS-A"
+      ],
+      "schema_path": ".agents/schemas/artifacts/workstream.schema.json"
+    },
+    "task": {
+      "path_patterns": [
+        ".project/projects/<project>/tasks/*.md"
+      ],
+      "frontmatter": true,
+      "required_fields": [
+        "id",
+        "name",
+        "status",
+        "workstream",
+        "created",
+        "updated",
+        "linear_issue_id",
+        "github_issue",
+        "github_pr",
+        "depends_on",
+        "conflicts_with",
+        "parallel",
+        "priority",
+        "estimate"
+      ],
+      "optional_fields": [
+        "operating_mode"
+      ],
+      "enum_fields": {
+        "status": [
+          "ready",
+          "in-progress",
+          "blocked",
+          "done",
+          "deferred"
+        ],
+        "parallel": [
+          "true",
+          "false"
+        ],
+        "priority": [
+          "low",
+          "medium",
+          "high"
+        ],
+        "estimate": [
+          "S",
+          "M",
+          "L",
+          "XL"
+        ]
+      },
+      "derived_fields": [
+        "workstream must match a workstream id available in the same project"
+      ],
+      "schema_path": ".agents/schemas/artifacts/task.schema.json"
+    },
+    "decision_log": {
+      "path_patterns": [
+        ".project/projects/<project>/decisions.md"
+      ],
+      "frontmatter": false,
+      "required_sections": [
+        "# Decisions"
+      ],
+      "optional_fields": [],
+      "enum_fields": {},
+      "derived_fields": [],
+      "schema_path": ".agents/schemas/artifacts/decision_log.schema.json"
+    },
+    "update": {
+      "path_patterns": [
+        ".project/projects/<project>/updates/**/*.md"
+      ],
+      "frontmatter": "optional",
+      "required_sections": [],
+      "optional_fields": [
+        "date",
+        "related_task",
+        "status"
+      ],
+      "enum_fields": {},
+      "derived_fields": [
+        "related_task should reference a local task id when present"
+      ],
+      "schema_path": ".agents/schemas/artifacts/update.schema.json"
+    },
+    "context": {
+      "path_patterns": [
+        ".project/context/*.md"
+      ],
+      "frontmatter": false,
+      "required_sections": [],
+      "optional_fields": [],
+      "enum_fields": {},
+      "derived_fields": [],
+      "schema_path": ".agents/schemas/artifacts/context.schema.json"
+    },
+    "evidence": {
+      "path_patterns": [
+        "Evidence Log sections inside task files",
+        ".project/projects/<project>/updates/**/*.md"
+      ],
+      "frontmatter": false,
+      "required_fields": [
+        "timestamp",
+        "claim",
+        "validation_or_artifact"
+      ],
+      "optional_fields": [
+        "command",
+        "result",
+        "log_path",
+        "commit"
+      ],
+      "enum_fields": {},
+      "derived_fields": [
+        "timestamp is the leading ISO8601 UTC value in a task Evidence Log bullet"
+      ],
+      "schema_path": ".agents/schemas/artifacts/evidence.schema.json"
+    }
+  }
+}

package/assets/payload/.agents/schemas/artifacts/context.schema.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://delano.local/schemas/artifacts/context.schema.json",
+  "title": "Delano context document",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["path"],
+  "properties": {
+    "path": { "type": "string", "pattern": "^\\.project/context/[^/]+\\.md$" }
+  }
+}

package/assets/payload/.agents/schemas/artifacts/decision_log.schema.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://delano.local/schemas/artifacts/decision-log.schema.json",
+  "title": "Delano decision log document",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["path", "required_sections"],
+  "properties": {
+    "path": { "type": "string", "pattern": "^\\.project/projects/[^/]+/decisions\\.md$" },
+    "required_sections": { "type": "array", "contains": { "const": "# Decisions" } }
+  }
+}

package/assets/payload/.agents/schemas/artifacts/evidence.schema.json ADDED Viewed

@@ -0,0 +1,17 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://delano.local/schemas/artifacts/evidence.schema.json",
+  "title": "Delano evidence record",
+  "type": "object",
+  "additionalProperties": true,
+  "required": ["timestamp", "claim", "validation_or_artifact"],
+  "properties": {
+    "timestamp": { "type": "string", "format": "date-time" },
+    "claim": { "type": "string", "minLength": 1 },
+    "validation_or_artifact": { "type": "string", "minLength": 1 },
+    "command": { "type": "string" },
+    "result": { "type": "string" },
+    "log_path": { "type": "string" },
+    "commit": { "type": "string", "pattern": "^[0-9a-f]{7,40}$" }
+  }
+}