@colin4k1024/tsp 2.5.1 → 2.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/commands/dashboard.md +105 -0
- package/commands/goal.md +142 -0
- package/commands/heartbeat.md +129 -0
- package/commands/triage.md +108 -0
- package/hooks/harness-context-monitor.js +4 -0
- package/hooks/hooks.json +23 -23
- package/package.json +1 -1
- package/schemas/goal.schema.json +172 -0
- package/scripts/hooks/session-start-goal-resume.js +95 -0
- package/scripts/hooks/suggest-compact.js +81 -19
- package/scripts/lib/blame-attribution.js +210 -0
- package/scripts/lib/completion-oracle.js +351 -0
- package/scripts/lib/heartbeat-scheduler.js +265 -0
- package/scripts/lib/wave-cost-advisor.js +155 -0
- package/skills/goal-convergence/SKILL.md +150 -0
- package/skills/goframe-v2/examples/practices/quick-demo/manifest/config/config.yaml +14 -14
- package/skills/loop-heartbeat/SKILL.md +120 -0
- package/skills/mcp-connector-bridge/SKILL.md +132 -0
- package/skills/repo-scan/SKILL.md +63 -63
- package/skills/rework-loop/SKILL.md +131 -0
- package/scripts/__pycache__/__init__.cpython-311.pyc +0 -0
- package/scripts/__pycache__/build_platform_artifacts.cpython-311.pyc +0 -0
- package/scripts/__pycache__/install_platform.cpython-311.pyc +0 -0
- package/scripts/__pycache__/langfuse_trace.cpython-311.pyc +0 -0
- package/scripts/__pycache__/query_audit_logs.cpython-311.pyc +0 -0
- package/scripts/__pycache__/scan_leaked_keys.cpython-311.pyc +0 -0
- package/scripts/__pycache__/team_skills_platform.cpython-311.pyc +0 -0
- package/scripts/__pycache__/team_skills_platform.cpython-313.pyc +0 -0
- package/scripts/__pycache__/validate_library.cpython-311.pyc +0 -0
- package/scripts/__pycache__/validate_workflow_state.cpython-311.pyc +0 -0
- package/scripts/evolution/__pycache__/__init__.cpython-311.pyc +0 -0
- package/scripts/evolution/__pycache__/store.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/__init__.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/mcp_health_check.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/observe.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/session_end.cpython-311.pyc +0 -0
- package/scripts/hooks/__pycache__/session_start.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/audit_logger.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/audit_query.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/hook_contract.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/memory_store.cpython-311.pyc +0 -0
- package/scripts/lib/__pycache__/utils.cpython-311.pyc +0 -0
|
@@ -1,22 +1,22 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: repo-scan
|
|
3
|
-
description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
|
|
4
|
-
origin: community
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
# repo-scan
|
|
8
|
-
|
|
9
|
-
> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
|
|
10
|
-
|
|
11
|
-
## When to Use
|
|
12
|
-
|
|
13
|
-
- Taking over a large legacy codebase and need a structural overview
|
|
14
|
-
- Before major refactoring — identify what's core, what's duplicate, what's dead
|
|
15
|
-
- Auditing third-party dependencies embedded directly in source (not declared in package managers)
|
|
16
|
-
- Preparing architecture decision records for monorepo reorganization
|
|
17
|
-
|
|
18
|
-
## Installation
|
|
19
|
-
|
|
1
|
+
---
|
|
2
|
+
name: repo-scan
|
|
3
|
+
description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.
|
|
4
|
+
origin: community
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# repo-scan
|
|
8
|
+
|
|
9
|
+
> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.
|
|
10
|
+
|
|
11
|
+
## When to Use
|
|
12
|
+
|
|
13
|
+
- Taking over a large legacy codebase and need a structural overview
|
|
14
|
+
- Before major refactoring — identify what's core, what's duplicate, what's dead
|
|
15
|
+
- Auditing third-party dependencies embedded directly in source (not declared in package managers)
|
|
16
|
+
- Preparing architecture decision records for monorepo reorganization
|
|
17
|
+
|
|
18
|
+
## Installation
|
|
19
|
+
|
|
20
20
|
```bash
|
|
21
21
|
# Fetch only the pinned commit for reproducibility
|
|
22
22
|
mkdir -p ~/.claude/skills/repo-scan
|
|
@@ -27,52 +27,52 @@ git fetch --depth 1 origin 2742664
|
|
|
27
27
|
git checkout --detach FETCH_HEAD
|
|
28
28
|
cp -r . ~/.claude/skills/repo-scan
|
|
29
29
|
```
|
|
30
|
-
|
|
31
|
-
> Review the source before installing any agent skill.
|
|
32
|
-
|
|
33
|
-
## Core Capabilities
|
|
34
|
-
|
|
35
|
-
| Capability | Description |
|
|
36
|
-
|---|---|
|
|
37
|
-
| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
|
|
38
|
-
| **File classification** | Every file tagged as project code, third-party, or build artifact |
|
|
39
|
-
| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
|
|
40
|
-
| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
|
|
41
|
-
| **HTML reports** | Interactive dark-theme pages with drill-down navigation |
|
|
42
|
-
| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
|
|
43
|
-
|
|
44
|
-
## Analysis Depth Levels
|
|
45
|
-
|
|
46
|
-
| Level | Files Read | Use Case |
|
|
47
|
-
|---|---|---|
|
|
48
|
-
| `fast` | 1-2 per module | Quick inventory of huge directories |
|
|
49
|
-
| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
|
|
50
|
-
| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
|
|
51
|
-
| `full` | All files | Pre-merge comprehensive review |
|
|
52
|
-
|
|
53
|
-
## How It Works
|
|
54
|
-
|
|
30
|
+
|
|
31
|
+
> Review the source before installing any agent skill.
|
|
32
|
+
|
|
33
|
+
## Core Capabilities
|
|
34
|
+
|
|
35
|
+
| Capability | Description |
|
|
36
|
+
|---|---|
|
|
37
|
+
| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |
|
|
38
|
+
| **File classification** | Every file tagged as project code, third-party, or build artifact |
|
|
39
|
+
| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |
|
|
40
|
+
| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |
|
|
41
|
+
| **HTML reports** | Interactive dark-theme pages with drill-down navigation |
|
|
42
|
+
| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |
|
|
43
|
+
|
|
44
|
+
## Analysis Depth Levels
|
|
45
|
+
|
|
46
|
+
| Level | Files Read | Use Case |
|
|
47
|
+
|---|---|---|
|
|
48
|
+
| `fast` | 1-2 per module | Quick inventory of huge directories |
|
|
49
|
+
| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |
|
|
50
|
+
| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |
|
|
51
|
+
| `full` | All files | Pre-merge comprehensive review |
|
|
52
|
+
|
|
53
|
+
## How It Works
|
|
54
|
+
|
|
55
55
|
1. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.
|
|
56
56
|
2. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.
|
|
57
57
|
3. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.
|
|
58
58
|
4. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.
|
|
59
59
|
5. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.
|
|
60
|
-
|
|
61
|
-
## Examples
|
|
62
|
-
|
|
63
|
-
On a 50,000-file C++ monorepo:
|
|
64
|
-
- Found FFmpeg 2.x (2015 vintage) still in production
|
|
65
|
-
- Discovered the same SDK wrapper duplicated 3 times
|
|
66
|
-
- Identified 636 MB of committed Debug/ipch/obj build artifacts
|
|
67
|
-
- Classified: 3 MB project code vs 596 MB third-party
|
|
68
|
-
|
|
69
|
-
## Best Practices
|
|
70
|
-
|
|
71
|
-
- Start with `standard` depth for first-time audits
|
|
72
|
-
- Use `fast` for monorepos with 100+ modules to get a quick inventory
|
|
73
|
-
- Run `deep` incrementally on modules flagged for refactoring
|
|
74
|
-
- Review the cross-module analysis for duplicate detection across sub-projects
|
|
75
|
-
|
|
76
|
-
## Links
|
|
77
|
-
|
|
78
|
-
- [GitHub Repository](https://github.com/haibindev/repo-scan)
|
|
60
|
+
|
|
61
|
+
## Examples
|
|
62
|
+
|
|
63
|
+
On a 50,000-file C++ monorepo:
|
|
64
|
+
- Found FFmpeg 2.x (2015 vintage) still in production
|
|
65
|
+
- Discovered the same SDK wrapper duplicated 3 times
|
|
66
|
+
- Identified 636 MB of committed Debug/ipch/obj build artifacts
|
|
67
|
+
- Classified: 3 MB project code vs 596 MB third-party
|
|
68
|
+
|
|
69
|
+
## Best Practices
|
|
70
|
+
|
|
71
|
+
- Start with `standard` depth for first-time audits
|
|
72
|
+
- Use `fast` for monorepos with 100+ modules to get a quick inventory
|
|
73
|
+
- Run `deep` incrementally on modules flagged for refactoring
|
|
74
|
+
- Review the cross-module analysis for duplicate detection across sub-projects
|
|
75
|
+
|
|
76
|
+
## Links
|
|
77
|
+
|
|
78
|
+
- [GitHub Repository](https://github.com/haibindev/repo-scan)
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: rework-loop
|
|
3
|
+
description: "Structured rework with git blame attribution for failed goal iterations. Maps failures to responsible changes and routes targeted fix briefs."
|
|
4
|
+
origin: ECC
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Rework Loop
|
|
8
|
+
|
|
9
|
+
Structured rework with blame attribution for failed goal iterations.
|
|
10
|
+
When the oracle says "fail," don't blindly retry — identify what broke,
|
|
11
|
+
map it to the responsible change, and route a targeted fix.
|
|
12
|
+
|
|
13
|
+
## When to Activate
|
|
14
|
+
|
|
15
|
+
- Oracle returns `fail` verdict during a goal iteration
|
|
16
|
+
- Code reviewer identifies rework-worthy issues
|
|
17
|
+
- Build/test failures after a maker iteration
|
|
18
|
+
- Manual invocation for targeted re-implementation
|
|
19
|
+
|
|
20
|
+
## Core Concept: Blame-Attributed Rework
|
|
21
|
+
|
|
22
|
+
Blind retry is the #1 waste in autonomous loops. A rework loop instead:
|
|
23
|
+
|
|
24
|
+
1. **Parses** failure output to extract specific failing locations
|
|
25
|
+
2. **Blames** via `git diff` / `git blame` to find the responsible change
|
|
26
|
+
3. **Constrains** the rework to only the affected scope
|
|
27
|
+
4. **Routes** to the right specialist (TS issues → typescript-reviewer, etc.)
|
|
28
|
+
5. **Tracks** rework attempts per location to detect persistent trouble spots
|
|
29
|
+
|
|
30
|
+
```
|
|
31
|
+
Oracle: FAIL
|
|
32
|
+
│
|
|
33
|
+
▼
|
|
34
|
+
Parse failure → "tests/auth.test.ts:45 — token refresh assertion fails"
|
|
35
|
+
│
|
|
36
|
+
▼
|
|
37
|
+
Blame → "src/auth/refresh.ts:23 changed in this iteration"
|
|
38
|
+
│
|
|
39
|
+
▼
|
|
40
|
+
Rework brief → {file: "src/auth/refresh.ts", constraint: "only fix refresh logic"}
|
|
41
|
+
│
|
|
42
|
+
▼
|
|
43
|
+
Route → backend-engineer or typescript-reviewer
|
|
44
|
+
│
|
|
45
|
+
▼
|
|
46
|
+
Track → attempts[src/auth/refresh.ts] += 1
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
## Rework Brief Format
|
|
50
|
+
|
|
51
|
+
The rework brief is a structured context packet for the next iteration:
|
|
52
|
+
|
|
53
|
+
```markdown
|
|
54
|
+
## REWORK BRIEF
|
|
55
|
+
|
|
56
|
+
**Goal:** {original objective}
|
|
57
|
+
**Iteration:** {N} (rework attempt {M} for this location)
|
|
58
|
+
|
|
59
|
+
**Failing evidence:**
|
|
60
|
+
- Test: tests/auth.test.ts:45 — "should refresh expired tokens"
|
|
61
|
+
- Error: Expected token.expiresAt to be > now, got 2024-01-01
|
|
62
|
+
|
|
63
|
+
**Root cause (blame):**
|
|
64
|
+
- File: src/auth/refresh.ts:23
|
|
65
|
+
- Change: Added early return before expiry check
|
|
66
|
+
- Commit: (this iteration, uncommitted)
|
|
67
|
+
|
|
68
|
+
**Constraint:**
|
|
69
|
+
- ONLY modify src/auth/refresh.ts
|
|
70
|
+
- DO NOT touch test files (they define correct behavior)
|
|
71
|
+
- The refresh logic must handle: valid token, expired token, missing token
|
|
72
|
+
|
|
73
|
+
**Suggested fix:**
|
|
74
|
+
- Remove the early return at line 23
|
|
75
|
+
- Ensure expiry check runs before refresh attempt
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
## Escalation Triggers
|
|
79
|
+
|
|
80
|
+
Rework escalates to triage when:
|
|
81
|
+
|
|
82
|
+
| Condition | Action |
|
|
83
|
+
|-----------|--------|
|
|
84
|
+
| 3+ rework attempts on same location | Escalate: "persistent trouble spot" |
|
|
85
|
+
| Rework introduces new failures | Escalate: "regression cascade" |
|
|
86
|
+
| Blame maps to multiple unrelated files | Escalate: "scope too broad for targeted rework" |
|
|
87
|
+
| No clear blame (flaky test, env issue) | Escalate: "non-deterministic failure" |
|
|
88
|
+
|
|
89
|
+
## Blame Attribution Algorithm
|
|
90
|
+
|
|
91
|
+
1. **Parse failure output** for file paths and line numbers
|
|
92
|
+
2. **Get changed files** via `git diff --name-only` (this iteration vs last good)
|
|
93
|
+
3. **Intersect** failing files with changed files
|
|
94
|
+
4. **For each intersection:**
|
|
95
|
+
- `git diff <file>` to extract specific hunks
|
|
96
|
+
- Map test failure line to source change via call stack or import chain
|
|
97
|
+
5. **If no intersection:** failure is pre-existing or environmental → escalate
|
|
98
|
+
|
|
99
|
+
## Rework Tracking
|
|
100
|
+
|
|
101
|
+
Track attempts per file/function to detect patterns:
|
|
102
|
+
|
|
103
|
+
```json
|
|
104
|
+
{
|
|
105
|
+
"src/auth/refresh.ts": {
|
|
106
|
+
"attempts": 3,
|
|
107
|
+
"lastAttempt": "2024-01-15T10:30:00Z",
|
|
108
|
+
"outcomes": ["fail", "fail", "pass"],
|
|
109
|
+
"totalCost": 1.20
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
When `attempts >= 3` without convergence: this is a persistent trouble spot.
|
|
115
|
+
The loop should escalate rather than keep burning budget.
|
|
116
|
+
|
|
117
|
+
## Integration Points
|
|
118
|
+
|
|
119
|
+
- **`/goal`**: Rework replaces blind retry in the maker-oracle loop
|
|
120
|
+
- **`completion-oracle.js`**: Oracle's `failReasons` feed into blame parsing
|
|
121
|
+
- **`/triage`**: Escalated rework items go to triage inbox
|
|
122
|
+
- **Specialist agents**: Rework briefs route to appropriate specialists
|
|
123
|
+
- **Cost advisor**: Rework attempts count toward goal budget
|
|
124
|
+
|
|
125
|
+
## Hard Bans
|
|
126
|
+
|
|
127
|
+
- DO NOT retry without blame analysis (blind retry wastes budget)
|
|
128
|
+
- DO NOT modify test files during rework (tests define correct behavior)
|
|
129
|
+
- DO NOT expand scope beyond blamed files (scope creep = new bugs)
|
|
130
|
+
- DO NOT rework indefinitely (3 attempts max per location)
|
|
131
|
+
- DO NOT skip tracking (rework history enables pattern detection)
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|