@codacy/verity-cli 0.20.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,214 @@
1
+ # /verity-analyze — Run Verity analysis on demand
2
+
3
+ You are running an on-demand Verity analysis. This is like a "second opinion" — the user (or you) can invoke it at any point to get a quality and security review with rich context.
4
+
5
+ **Usage:**
6
+ - `/verity-analyze` — Curate files, write intent, select specs autonomously (deep review)
7
+ - `/verity-analyze src/api/routes.ts src/db.ts` — Analyze specific files (quick check)
8
+ - `/verity-analyze src/api/` — Analyze a directory and related files
9
+ - `/verity-analyze --full` — Sample the full codebase (20 most recently modified files)
10
+ - `/verity-analyze --intent "Implementing OAuth2 PKCE flow per spec/AUTH.md"` — User provides intent
11
+
12
+ ---
13
+
14
+ ## Step 1: Check configuration
15
+
16
+ 1. Verify `.verity/standard.yaml` exists. If not: "Run `/verity-setup` first."
17
+ 2. Verify `verity` CLI is available: `which verity`. If not: "Re-run the Verity installer: `curl -fsSL https://raw.githubusercontent.com/codacy/verity/main/install.sh | bash`"
18
+ 3. Run `verity auth verify` to check token is valid. If it fails: "Verity not configured. Run `/verity-setup` first."
19
+
20
+ ---
21
+
22
+ ## Step 2: Determine files to analyze
23
+
24
+ ### Quick mode (specific files or `--full`)
25
+
26
+ **Specific files** (paths or directories provided):
27
+ - Use the provided file paths directly. If a directory is given, include all analyzable files under it.
28
+ - Verify each file exists.
29
+
30
+ **`--full` flag** (full codebase sample):
31
+ ```bash
32
+ FILES=$(git ls-files | grep -E '\.(ts|tsx|js|jsx|mjs|cjs|py|go|java|kt|rb|rs|c|cpp|h|hpp|cs|php)$')
33
+ ```
34
+ If more than 20 files, select the 20 most recently modified:
35
+ ```bash
36
+ echo "$FILES" | xargs ls -t | head -20
37
+ ```
38
+
39
+ In quick mode, skip Steps 3 and 4 — go straight to Step 5.
40
+
41
+ ### Deep mode (no arguments, or directory hints)
42
+
43
+ When no specific files are given, curate a comprehensive review scope:
44
+
45
+ #### 2a. Start with changed files
46
+
47
+ ```bash
48
+ CHANGED=$(git diff --name-only HEAD 2>/dev/null; git diff --name-only --cached 2>/dev/null; git ls-files --others --exclude-standard 2>/dev/null)
49
+ CHANGED_CODE=$(echo "$CHANGED" | sort -u | grep -E '\.(ts|tsx|js|jsx|mjs|cjs|py|go|java|kt|rb|rs|c|cpp|h|hpp|cs|php)$')
50
+ ```
51
+
52
+ Also check if the agent just committed (clean tree but recent HEAD):
53
+ ```bash
54
+ # If working tree is clean, check what the last commit changed
55
+ git diff --name-only HEAD~1..HEAD 2>/dev/null
56
+ ```
57
+
58
+ If the user provided directory hints (e.g., `/verity-analyze src/api/`), also include all files under those directories.
59
+
60
+ #### 2b. Add related files
61
+
62
+ For each changed file, identify and add:
63
+
64
+ 1. **Direct dependencies** — files that the changed file imports. Read the import/require statements and resolve the paths.
65
+ 2. **Reverse dependencies** — files that import the changed file. Grep for the module name across the codebase.
66
+ 3. **Type/interface files** — shared type definitions, interfaces, or schemas referenced by the changes.
67
+ 4. **Test files** — corresponding test files for changed modules (e.g., `foo.test.ts` for `foo.ts`, `test_foo.py` for `foo.py`).
68
+
69
+ #### 2c. Prioritize and cap
70
+
71
+ Rank files by relevance:
72
+ 1. Changed files (always included first)
73
+ 2. Direct dependencies that define interfaces/types being used
74
+ 3. Test files for changed code
75
+ 4. Reverse dependencies (consumers that might break)
76
+
77
+ **Cap at 20 files total.** If you need to cut, drop reverse dependencies first, then tests.
78
+
79
+ #### 2d. Track changed vs context
80
+
81
+ Keep two lists:
82
+ - **`changed_files`** — the files that were actually modified (git dirty or recently committed)
83
+ - **`all_files`** — all files to include in the analysis (changed + context)
84
+
85
+ If no analyzable files found: "No analyzable files found."
86
+
87
+ ---
88
+
89
+ ## Step 3: Write the intent description
90
+
91
+ Synthesize the conversation context into a clear intent description. This is NOT the raw user prompt — it's your understanding of what the work is trying to achieve.
92
+
93
+ **Template:**
94
+
95
+ ```
96
+ I am [adding/modifying/fixing/refactoring] [feature/component name].
97
+
98
+ Goal: [What the user asked for, or the problem being solved.]
99
+
100
+ Approach: [Key architectural decisions. What patterns are being used?]
101
+
102
+ Trade-offs: [Anything you chose deliberately that could be questioned.]
103
+
104
+ Review focus: [Specific concerns you want the reviewer to evaluate.]
105
+ ```
106
+
107
+ **Guidelines:**
108
+ - Cap at 2000 characters
109
+ - Be specific — "adding JWT auth with RS256 to /api/users" not "adding authentication"
110
+ - Include trade-offs and areas of uncertainty — the reviewer will focus there
111
+ - If the user provided `--intent`, use it as the base and augment with your understanding
112
+ - Skip this step entirely in quick mode (specific files or --full)
113
+
114
+ ---
115
+
116
+ ## Step 4: Select relevant specs
117
+
118
+ Identify spec/documentation files that provide context:
119
+
120
+ - Specs referenced in the user's request
121
+ - Specs that define interfaces or APIs being implemented
122
+ - Architecture docs relevant to the area being changed
123
+
124
+ **Read each spec file and prepare for inclusion.** Limits: max 10 files, 10KB per file, 30KB total.
125
+
126
+ Common spec locations to check:
127
+ - `spec/*.md`, `docs/*.md`
128
+ - `CLAUDE.md`, `AGENTS.md`, `CONTRIBUTING.md`
129
+
130
+ If no specs are relevant, skip this step.
131
+
132
+ ---
133
+
134
+ ## Step 5: Run the analysis
135
+
136
+ Use the `verity review` command with all the context you gathered:
137
+
138
+ ```bash
139
+ verity review \
140
+ --files "src/auth/pkce.ts,src/auth/callback.ts,src/auth/types.ts,src/middleware/auth.ts" \
141
+ --changed "src/auth/pkce.ts,src/auth/callback.ts" \
142
+ --intent "I am adding OAuth2 PKCE authentication flow..." \
143
+ --specs "spec/AUTH.md,CLAUDE.md"
144
+ ```
145
+
146
+ **Arguments:**
147
+ - `--files` (required): Comma-separated list of ALL files to include (changed + context)
148
+ - `--changed` (optional): Comma-separated list of actually-modified files (subset of --files). If omitted, all files are treated as changed.
149
+ - `--intent` (optional): Your synthesized intent description. Quote it.
150
+ - `--specs` (optional): Comma-separated list of spec file paths to include.
151
+
152
+ The CLI handles static analysis, file reading with size limits, payload construction, and the API call.
153
+
154
+ ---
155
+
156
+ ## Step 6: Display results
157
+
158
+ Parse the JSON response and format clearly:
159
+
160
+ ```
161
+ === Verity Analysis ===
162
+ Gate Decision: WARN
163
+ Quality: 7.5/10 | Security: 8.0/10 | Overall: 7.8/10
164
+ Trend: stable
165
+
166
+ --- Assessment ---
167
+ [narrative from assessment.narrative]
168
+
169
+ --- Findings (2) ---
170
+
171
+ [HIGH] Service Role Client for Non-Admin Operations
172
+ File: supabase/functions/webhook/index.ts:25
173
+ Pattern: access-control-checks (CWE-639)
174
+ Fix: Limit SELECT fields to only what's needed for the notification.
175
+
176
+ [MEDIUM] File Complexity Exceeds Threshold
177
+ File: supabase/functions/webhook/index.ts:1
178
+ Pattern: comprehensibility
179
+ Fix: Refactor into separate handler files per event type.
180
+
181
+ --- Intent Alignment ---
182
+ Score: 9/10 (aligned)
183
+ Goal: "Add webhook handlers for Stripe events"
184
+ Implementation matches intent. No gaps detected.
185
+
186
+ --- Quality Dimensions ---
187
+ Comprehensibility: 6.5/10 — webhook file is too large
188
+ Modularity: 7.0/10 — good separation except webhook handler
189
+ Type Safety: 9.0/10 — strict TypeScript throughout
190
+ Test Adequacy: 5.0/10 — missing webhook handler tests
191
+
192
+ --- Pending Items ---
193
+ 1. [HIGH] Add tests for webhook event handlers
194
+ 2. [MEDIUM] Refactor webhook into handler modules
195
+
196
+ View full report: https://verity.md/runs/run-20260327-...?token=verityview_...
197
+ ```
198
+
199
+ ---
200
+
201
+ ## Step 7: Offer to fix
202
+
203
+ - **If FAIL or findings exist**: "The analysis found N issues. Would you like me to fix them?" If yes, apply fixes from findings, then re-run (iteration 2 max). If iteration 2 still fails, report remaining issues for human review.
204
+ - **If WARN**: "Non-blocking issues found. Would you like me to address them?"
205
+ - **If PASS**: "Code meets the Standard. No issues found."
206
+
207
+ ---
208
+
209
+ ## Important notes
210
+
211
+ - This does NOT replace the automatic stop hook. The hook still fires on every agent stop.
212
+ - Runs are tagged with `trigger: "review"` in the database.
213
+ - Size limits: 20 files max, 50KB per file, 200KB total code, 2000 char intent, 30KB specs.
214
+ - If the service is unreachable, static analysis still runs locally.
@@ -0,0 +1,39 @@
1
+ # /verity-feedback — Send feedback
2
+
3
+ ## General feedback
4
+
5
+ If the user provided a message (e.g., `/verity-feedback the analysis is too slow`), use their **exact words** as the message. Do NOT rephrase, expand, add context, or editorialize. Send exactly what they typed, nothing more.
6
+
7
+ If they just typed `/verity-feedback` with no message, ask: "What feedback would you like to share?"
8
+
9
+ ```bash
10
+ verity feedback message "<their exact message>"
11
+ ```
12
+
13
+ On success: "Thanks, feedback sent!"
14
+ On error: "Couldn't send feedback right now. Your message: [repeat it so it's not lost]."
15
+
16
+ ## Per-finding feedback
17
+
18
+ If the user wants to mark a specific finding (e.g., a false positive from a recent analysis run), use the finding sub-command.
19
+
20
+ Ask for the required info if not provided:
21
+ - **run-id**: from the most recent analysis run (check `verity status` or the run output)
22
+ - **pattern-id**: the Standard pattern that produced the finding (e.g., `no-hardcoded-secrets`, `file_length`)
23
+ - **action**: one of `false_positive`, `acknowledged`, `will_fix_later`, `wrong_severity`, `useful`
24
+
25
+ ```bash
26
+ verity feedback finding <run-id> <pattern-id> <action> "optional note"
27
+ ```
28
+
29
+ Optional flags:
30
+ - `--file <path>` — the file the finding applies to
31
+ - `--line <n>` — the line number
32
+
33
+ Example: marking a test file's fake JWT as a false positive:
34
+ ```bash
35
+ verity feedback finding run-20260420-abc1 no-hardcoded-secrets false_positive "Fake JWT used in tests" --file src/auth/tokens.test.ts --line 42
36
+ ```
37
+
38
+ On success: report whether auto-suppression is now active (requires ≥2 independent dismissals for the same pattern+file pattern).
39
+ On error: show the error message.
@@ -0,0 +1,87 @@
1
+ # /verity-insights — Project quality insights and Standard evolution
2
+
3
+ Surface metrics from accumulated run data and manage Standard evolution suggestions.
4
+
5
+ ## Metrics overview
6
+
7
+ Gather data from multiple sources to give the user a quality health report:
8
+
9
+ ```bash
10
+ # Knowledge base size — active lessons or memory nodes
11
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
12
+ "$(verity config service-url)/compound/lessons" | jq '.total_active'
13
+
14
+ # Memory graph stats (if graph enabled)
15
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
16
+ "$(verity config service-url)/compound/memory/nodes" | jq '.total'
17
+
18
+ # Run trends — use verity status for a quick summary
19
+ verity status
20
+
21
+ # Pending suggestions — Standard evolution candidates
22
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
23
+ "$(verity config service-url)/compound/standard-suggestions" | jq '.suggestions | length'
24
+ ```
25
+
26
+ ### What to surface
27
+
28
+ 1. **Pattern signal/noise**: patterns with high FP rates (candidates for retirement or severity lowering)
29
+ 2. **High-value patterns**: patterns with high TP rates (proving their worth)
30
+ 3. **Active suppressions**: count of per-finding false-positive suppressions
31
+ 4. **Knowledge base size**: lesson/node count by kind, recent additions
32
+ 5. **Score trends**: quality and security scores over the last 10 runs
33
+ 6. **Finding recurrence**: how often the same finding_key reappears (should decrease over time)
34
+ 7. **Lesson injection rate**: % of recent runs where ≥1 lesson/node was injected
35
+
36
+ ## Standard evolution suggestions
37
+
38
+ The system analyzes accumulated telemetry and suggests Standard changes:
39
+
40
+ ### View pending suggestions
41
+
42
+ ```bash
43
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
44
+ "$(verity config service-url)/compound/standard-suggestions" | jq '.suggestions[]'
45
+ ```
46
+
47
+ Suggestion kinds:
48
+ - **retire_pattern**: Pattern had 90+ runs with zero findings — not earning its place
49
+ - **lower_severity**: Pattern has >50% false-positive rate — too noisy at current severity
50
+ - **sharpen**: Pattern has >80% true-positive rate over 50+ findings — consider raising severity
51
+ - **add_exclusion**: Pattern dismissed ≥3 times for same file pattern — add file-scope exclusion
52
+ - **promote_lesson**: High-confidence lesson cited ≥5 times — promote to custom Standard pattern
53
+
54
+ ### Approve a suggestion
55
+
56
+ Approving creates a new Standard version automatically:
57
+
58
+ ```bash
59
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
60
+ "$(verity config service-url)/compound/standard-suggestions/<suggestion-id>/approve"
61
+ ```
62
+
63
+ ### Reject a suggestion
64
+
65
+ Rejected suggestions won't resurface for 30 days:
66
+
67
+ ```bash
68
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
69
+ "$(verity config service-url)/compound/standard-suggestions/<suggestion-id>/reject"
70
+ ```
71
+
72
+ ### Generate suggestions manually
73
+
74
+ Normally runs weekly. To trigger manually:
75
+
76
+ ```bash
77
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
78
+ "$(verity config service-url)/compound/generate-suggestions"
79
+ ```
80
+
81
+ ## How evolution works
82
+
83
+ 1. **Observe**: Every run accumulates pattern telemetry (signal vs noise) and finding feedback
84
+ 2. **Aggregate**: Weekly job reads telemetry + feedback → produces evolution candidates
85
+ 3. **Review**: User sees suggestions with evidence (run counts, FP rates, citation counts)
86
+ 4. **Apply**: Approved suggestions become a new Standard version (immutable, rollback-safe)
87
+ 5. **No autonomous changes** in v1 — every suggestion requires human approval
@@ -0,0 +1,63 @@
1
+ # /verity-learn — View and manage project knowledge
2
+
3
+ Project knowledge is durable insights extracted from analysis runs — decisions, patterns, gotchas, and conventions. When the memory graph is enabled (`memory_graph_enabled`), this skill delegates to the graph. Otherwise, it uses flat lessons.
4
+
5
+ ## Graph mode (memory_graph_enabled = true)
6
+
7
+ When the memory graph is active, `/verity-learn` delegates to `/verity-memory`. Use these commands:
8
+
9
+ - **List nodes**: `ls .verity/memory/*/` or see `/verity-memory list`
10
+ - **Show a node**: `cat .verity/memory/<domain>/<slug>.md` or see `/verity-memory show <node_id>`
11
+ - **Walk the graph**: see `/verity-memory walk --files <files>`
12
+ - **Add knowledge**: see `/verity-memory add <kind> "<title>"`
13
+
14
+ For full documentation, use `/verity-memory`.
15
+
16
+ ## Flat mode (memory_graph_enabled = false, default for existing projects)
17
+
18
+ ### List lessons
19
+
20
+ ```bash
21
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
22
+ "$(verity config service-url)/compound/lessons" | jq '.lessons[] | {id, kind, title, confidence}'
23
+ ```
24
+
25
+ ### Add a lesson (user-authored)
26
+
27
+ ```bash
28
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
29
+ -H "Content-Type: application/json" \
30
+ "$(verity config service-url)/compound/lessons" \
31
+ -d '{
32
+ "kind": "gotcha",
33
+ "title": "RLS policies and cleanup cron are coupled",
34
+ "body": "Changing RLS policies without updating the cleanup cron will break retention.",
35
+ "file_globs": ["server/supabase/migrations/**"]
36
+ }'
37
+ ```
38
+
39
+ Valid kinds: `bug_pattern`, `architectural_decision`, `gotcha`, `preferred_convention`, `false_positive_rule`, `intent_template`.
40
+
41
+ ### Archive a lesson
42
+
43
+ ```bash
44
+ curl -s -X PATCH -H "Authorization: Bearer $VERITY_TOKEN" \
45
+ -H "Content-Type: application/json" \
46
+ "$(verity config service-url)/compound/lessons/<lesson-id>" \
47
+ -d '{"status": "archived"}'
48
+ ```
49
+
50
+ ### Trigger extraction
51
+
52
+ ```bash
53
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
54
+ -H "Content-Type: application/json" \
55
+ "$(verity config service-url)/compound/extract" \
56
+ -d '{"task_id": "<task-uuid>"}'
57
+ ```
58
+
59
+ ## How it works
60
+
61
+ 1. **Extraction**: When a task closes or reaches 5 runs, an LLM extracts 0-3 durable knowledge items.
62
+ 2. **Injection**: On each analysis run, the most relevant knowledge is scored and injected into the reviewer prompt.
63
+ 3. **Compounding**: Knowledge that proves useful gets higher confidence. Unused knowledge is eventually archived.
@@ -0,0 +1,113 @@
1
+ # /verity-memory — Manage the project knowledge graph
2
+
3
+ The memory graph is a collection of markdown nodes at `.verity/memory/` organized into 8 domains. Each node has YAML frontmatter with typed edges that form a graph. The graph is the project's accumulated knowledge — decisions, patterns, gotchas, security constraints, and more.
4
+
5
+ ## Commands
6
+
7
+ ### List nodes
8
+
9
+ ```bash
10
+ # List all active nodes
11
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
12
+ "$(verity config service-url)/compound/memory/nodes" | jq '.nodes[] | {node_id, kind, title, confidence}'
13
+
14
+ # Filter by kind
15
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
16
+ "$(verity config service-url)/compound/memory/nodes?kind=security" | jq '.nodes[]'
17
+ ```
18
+
19
+ Or browse locally: `ls .verity/memory/*/`
20
+
21
+ ### Show a node
22
+
23
+ ```bash
24
+ curl -s -H "Authorization: Bearer $VERITY_TOKEN" \
25
+ "$(verity config service-url)/compound/memory/nodes/<node_id>" | jq '.'
26
+ ```
27
+
28
+ Or read directly: `cat .verity/memory/decisions/<slug>.md`
29
+
30
+ ### Walk the graph
31
+
32
+ Find related knowledge by seeding from files you're working on:
33
+
34
+ ```bash
35
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
36
+ -H "Content-Type: application/json" \
37
+ "$(verity config service-url)/compound/memory/walk" \
38
+ -d '{"seed_files": ["src/auth/tokens.ts"], "max_hops": 2, "budget_tokens": 2000}'
39
+ ```
40
+
41
+ ### Add a node (user-authored)
42
+
43
+ User-authored nodes get `confidence: 1.0` and are never auto-archived:
44
+
45
+ ```bash
46
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
47
+ -H "Content-Type: application/json" \
48
+ "$(verity config service-url)/compound/memory/nodes" \
49
+ -d '{
50
+ "kind": "gotcha",
51
+ "title": "RLS policies and cleanup cron are coupled",
52
+ "body": "Changing RLS policies without updating the cleanup cron will break retention.",
53
+ "file_globs": ["server/supabase/migrations/**"],
54
+ "domains": ["security", "database"]
55
+ }'
56
+ ```
57
+
58
+ Valid kinds: `decision`, `quality`, `security`, `intent`, `gotcha`, `pattern`, `domain`, `integration`.
59
+
60
+ Or create the markdown file directly at `.verity/memory/<domain>/<slug>.md` with proper frontmatter (see `.verity/memory/SCHEMA.md` for the template).
61
+
62
+ ### Edit a node
63
+
64
+ Edit the markdown file directly at `.verity/memory/<domain>/<slug>.md`. Changes sync to the cloud on the next analysis run. User edits are always preserved (repo wins for `source: user`).
65
+
66
+ ### Archive a node
67
+
68
+ ```bash
69
+ curl -s -X PATCH -H "Authorization: Bearer $VERITY_TOKEN" \
70
+ -H "Content-Type: application/json" \
71
+ "$(verity config service-url)/compound/memory/nodes/<node_id>" \
72
+ -d '{"status": "archived"}'
73
+ ```
74
+
75
+ ### Search nodes
76
+
77
+ Use full-text search via the list endpoint, or `grep -r "keyword" .verity/memory/` locally.
78
+
79
+ ### Run lint
80
+
81
+ Check for orphan nodes, stale knowledge, missing backlinks, and contradictions:
82
+
83
+ ```bash
84
+ curl -s -X POST -H "Authorization: Bearer $VERITY_TOKEN" \
85
+ "$(verity config service-url)/compound/memory/lint"
86
+ ```
87
+
88
+ Results appear in `.verity/memory/log.md` after the next sync.
89
+
90
+ ## How the graph works
91
+
92
+ 1. **Extraction**: When tasks close or reach 5 runs, an LLM extracts 0-3 knowledge nodes with typed edges.
93
+ 2. **Sync**: On every analysis run, the CLI sends a manifest of local files. The server returns new nodes as `memory_writes[]` that the CLI applies locally.
94
+ 3. **Injection**: The reviewer prompt receives a graph-walk neighborhood (2 hops from changed files, budget-capped at 2000 tokens).
95
+ 4. **Linking**: Nodes connect opportunistically via shared file_globs, keyword overlap, and shared evidence runs.
96
+ 5. **Lint**: Weekly checks for orphans, stale nodes, contradictions, and missing backlinks.
97
+
98
+ ## Domains
99
+
100
+ | Directory | Purpose |
101
+ |-----------|---------|
102
+ | `decisions/` | Architectural choices (WHY is it this way?) |
103
+ | `quality/` | Quality patterns (WHAT does "good" mean here?) |
104
+ | `security/` | Security constraints (WHAT must be protected?) |
105
+ | `intent/` | Intent templates (WHAT does the user expect?) |
106
+ | `gotchas/` | Footguns and surprises (WHAT will trip you up?) |
107
+ | `patterns/` | Code conventions (HOW should it be done?) |
108
+ | `domain/` | Business logic concepts (WHAT does this mean?) |
109
+ | `integrations/` | External system knowledge (WHAT's around us?) |
110
+
111
+ ## Obsidian compatibility
112
+
113
+ The `.verity/memory/` directory is designed to open directly in Obsidian, Foam, or Logseq. Nodes use `[[wikilink]]` syntax for cross-references.
@@ -0,0 +1,47 @@
1
+ # /verity-reflect — Capture learnings after a task
2
+
3
+ Trigger knowledge extraction for the current task, or submit a human reflection that becomes a high-confidence knowledge node.
4
+
5
+ ## Auto-reflection (extract from task history)
6
+
7
+ When called without `--user-input`, triggers the LLM extractor to review the current task's run history and produce 0-3 knowledge nodes:
8
+
9
+ ```bash
10
+ verity reflect
11
+ ```
12
+
13
+ This is the same extraction that runs automatically on task close and every 5 runs. Use this to manually trigger it mid-task if you've learned something significant.
14
+
15
+ ## Human reflection (the compound moment)
16
+
17
+ When the user provides their own insight, it becomes a high-confidence node (`source: user`, `confidence: 1.0`) that is never auto-archived:
18
+
19
+ ```bash
20
+ verity reflect --user-input "The Stripe retry logic needs idempotency keys or we double-charge"
21
+ ```
22
+
23
+ The CLI will:
24
+ 1. Call the extractor LLM to classify the reflection into a domain (decisions/, patterns/, gotchas/, etc.)
25
+ 2. Set `source: 'user'` and `confidence: 1.0`
26
+ 3. Opportunistically link to existing nodes
27
+ 4. Write the node locally and sync to cloud
28
+
29
+ ## When to reflect
30
+
31
+ The agent should ask for a reflection at natural task-completion moments:
32
+
33
+ - After creating a PR
34
+ - When the user says "done", "ship it", or "that's it"
35
+ - When a task is explicitly closed
36
+
37
+ The reflection prompt (installed in CLAUDE.md during setup):
38
+
39
+ > "Quick reflection for future agents: what's one thing you learned during this task that would help next time? A decision, a gotcha, a pattern — anything worth remembering. (Say 'skip' to skip.)"
40
+
41
+ If the user says "skip", do NOT call `verity reflect`. The reflection is optional.
42
+
43
+ ## Examples of good reflections
44
+
45
+ - "The Stripe retry logic needs to use idempotency keys or we double-charge. Learned this the hard way." → `gotchas/stripe-idempotency-keys.md`
46
+ - "We decided to use advisory locks instead of optimistic locking because Supabase supports it natively." → `decisions/advisory-locks-for-versioning.md`
47
+ - "Don't touch the RLS policies without updating the cleanup cron job — they're coupled." → `gotchas/rls-cleanup-coupling.md`