@crewpilot/agent 2.0.0 → 3.0.0

package/prompts/skills/deliver-deploy-guard/SKILL.md

@@ -1,144 +1,144 @@
-# Deploy Guard
-
-> **Pillar**: Deliver | **ID**: `deliver-deploy-guard`
-
-## Purpose
-
-Pre-deployment safety validation. Runs a structured checklist of quality gates before any code ships — catches what CI/CD pipelines often miss. Acts as the last line of defense.
-
-## Activation Triggers
-
-- "ready to deploy?", "pre-deploy check", "can I ship this?"
-- "safety check", "deploy guard", "go/no-go"
-- Automatically chained after `change-management` when `phase_gates` is `strict`
-
-## Methodology
-
-### Process Flow
-
-```dot
-digraph deploy_guard {
-    rankdir=TB;
-    node [shape=box];
-
-    g1 [label="Gate 1\nCode Quality"];
-    g2 [label="Gate 2\nTest Integrity"];
-    g3 [label="Gate 3\nSecurity"];
-    g4 [label="Gate 4\nConfiguration"];
-    g5 [label="Gate 5\nBreaking Changes"];
-    g6 [label="Gate 6\nOperational Readiness"];
-    verdict [label="Verdict", shape=diamond, style=filled, fillcolor="#ffcccc"];
-    go [label="GO \u2705", shape=doublecircle, style=filled, fillcolor="#ccffcc"];
-    nogo [label="NO-GO \u274c", shape=octagon, style=filled, fillcolor="#ff9999"];
-    conditional [label="CONDITIONAL \u26a0\ufe0f", shape=box, style=filled, fillcolor="#ffffcc"];
-
-    g1 -> g2;
-    g2 -> g3;
-    g3 -> g4;
-    g4 -> g5;
-    g5 -> g6;
-    g6 -> verdict;
-    verdict -> go [label="all pass"];
-    verdict -> nogo [label="critical blocker"];
-    verdict -> conditional [label="non-critical\nwarnings"];
-}
-```
-
-### Gate 1 — Code Quality
-- [ ] All linting passes (zero errors)
-- [ ] No `TODO`/`FIXME`/`HACK` in files changed since last deploy
-- [ ] No `console.log`/`print`/debug statements in production paths
-- [ ] No commented-out code blocks
-- Run: `catalyst_metrics_complexity` on changed files — flag any high-complexity additions
-
-### Gate 2 — Test Integrity
-- [ ] All tests pass
-- [ ] Test coverage meets minimum threshold
-- [ ] No skipped tests (`.skip`, `@disabled`, `@pytest.mark.skip`)
-- [ ] No test files with zero assertions
-- Run: `catalyst_metrics_coverage` to validate
-
-### Gate 3 — Security
-- [ ] No new vulnerabilities from `vulnerability-scan`
-- [ ] No hardcoded secrets (API keys, passwords, tokens)
-- [ ] Dependencies have no critical CVEs
-- [ ] No `eval()`, `exec()`, `dangerouslySetInnerHTML` without sanitization
-- Run: `terminal` for `npm audit` / `pip audit` / equivalent
-
-### Gate 4 — Configuration
-- [ ] Environment variables documented and present
-- [ ] No development-only configuration in production paths
-- [ ] Database migrations are forward-compatible and reversible
-- [ ] Feature flags set correctly for this deployment
-
-### Gate 5 — Breaking Changes
-- [ ] API contract changes are backward-compatible (or versioned)
-- [ ] Database schema changes are additive (no column drops without migration)
-- [ ] No removed public exports/endpoints without deprecation period
-- [ ] Breaking changes documented in CHANGELOG
-
-### Gate 6 — Operational Readiness
-- [ ] Health check endpoint exists and responds
-- [ ] Logging is adequate for debugging production issues
-- [ ] Error handling returns appropriate HTTP status codes
-- [ ] Rate limiting is configured for public endpoints
-
-### Verdict
-
-<HARD-GATE>
-If the verdict is NO-GO, do NOT proceed with deployment, merge, or marking as ready.
-All critical blockers MUST be resolved and gates re-run before proceeding.
-Do NOT downgrade a NO-GO to CONDITIONAL without fixing the underlying issue.
-</HARD-GATE>
-
-Produce a clear GO / NO-GO / CONDITIONAL decision:
-- **GO**: All gates pass
-- **CONDITIONAL**: Non-critical issues found — list what to fix or accept
-- **NO-GO**: Critical blocker found — must fix before deployment
-
-## Tools Required
-
-- `terminal` — Run tests, linters, audit tools
-- `codebase` — Scan for anti-patterns, secrets, debug statements
-- `catalyst_metrics_coverage` — Coverage report
-- `catalyst_metrics_complexity` — Complexity scores
-- `catalyst_git_diff` — Changes since last deploy/tag
-
-## Output Format
-
-```
-## [Catalyst → Deploy Guard]
-
-### Gate Results
-
-| Gate | Status | Issues |
-|---|---|---|
-| Code Quality | {pass/warn/fail} | {count} |
-| Test Integrity | {pass/warn/fail} | {count} |
-| Security | {pass/warn/fail} | {count} |
-| Configuration | {pass/warn/fail} | {count} |
-| Breaking Changes | {pass/warn/fail} | {count} |
-| Operational Readiness | {pass/warn/fail} | {count} |
-
-### Blockers (if any)
-{critical issues that block deployment}
-
-### Warnings (if any)
-{non-critical issues to be aware of}
-
-### Verdict: {GO / NO-GO / CONDITIONAL}
-{reasoning}
-```
-
-## Chains To
-
-- `vulnerability-scan` — If security gate needs deeper analysis
-- `change-management` — Fix and recommit if issues found
-- `knowledge-base` — Record deployment decision and any exceptions made
-
-## Anti-Patterns
-
-- Do NOT always say GO — be honest about risks
-- Do NOT block on style issues — only on functional and security concerns
-- Do NOT check gates that aren't relevant (no DB gate for a pure frontend change)
-- Do NOT skip the verdict — always provide a clear decision
+# Deploy Guard
+
+> **Pillar**: Deliver | **ID**: `deliver-deploy-guard`
+
+## Purpose
+
+Pre-deployment safety validation. Runs a structured checklist of quality gates before any code ships — catches what CI/CD pipelines often miss. Acts as the last line of defense.
+
+## Activation Triggers
+
+- "ready to deploy?", "pre-deploy check", "can I ship this?"
+- "safety check", "deploy guard", "go/no-go"
+- Automatically chained after `change-management` when `phase_gates` is `strict`
+
+## Methodology
+
+### Process Flow
+
+```dot
+digraph deploy_guard {
+    rankdir=TB;
+    node [shape=box];
+
+    g1 [label="Gate 1\nCode Quality"];
+    g2 [label="Gate 2\nTest Integrity"];
+    g3 [label="Gate 3\nSecurity"];
+    g4 [label="Gate 4\nConfiguration"];
+    g5 [label="Gate 5\nBreaking Changes"];
+    g6 [label="Gate 6\nOperational Readiness"];
+    verdict [label="Verdict", shape=diamond, style=filled, fillcolor="#ffcccc"];
+    go [label="GO \u2705", shape=doublecircle, style=filled, fillcolor="#ccffcc"];
+    nogo [label="NO-GO \u274c", shape=octagon, style=filled, fillcolor="#ff9999"];
+    conditional [label="CONDITIONAL \u26a0\ufe0f", shape=box, style=filled, fillcolor="#ffffcc"];
+
+    g1 -> g2;
+    g2 -> g3;
+    g3 -> g4;
+    g4 -> g5;
+    g5 -> g6;
+    g6 -> verdict;
+    verdict -> go [label="all pass"];
+    verdict -> nogo [label="critical blocker"];
+    verdict -> conditional [label="non-critical\nwarnings"];
+}
+```
+
+### Gate 1 — Code Quality
+- [ ] All linting passes (zero errors)
+- [ ] No `TODO`/`FIXME`/`HACK` in files changed since last deploy
+- [ ] No `console.log`/`print`/debug statements in production paths
+- [ ] No commented-out code blocks
+- Run: `crewpilot_metrics_complexity` on changed files — flag any high-complexity additions
+
+### Gate 2 — Test Integrity
+- [ ] All tests pass
+- [ ] Test coverage meets minimum threshold
+- [ ] No skipped tests (`.skip`, `@disabled`, `@pytest.mark.skip`)
+- [ ] No test files with zero assertions
+- Run: `crewpilot_metrics_coverage` to validate
+
+### Gate 3 — Security
+- [ ] No new vulnerabilities from `vulnerability-scan`
+- [ ] No hardcoded secrets (API keys, passwords, tokens)
+- [ ] Dependencies have no critical CVEs
+- [ ] No `eval()`, `exec()`, `dangerouslySetInnerHTML` without sanitization
+- Run: `terminal` for `npm audit` / `pip audit` / equivalent
+
+### Gate 4 — Configuration
+- [ ] Environment variables documented and present
+- [ ] No development-only configuration in production paths
+- [ ] Database migrations are forward-compatible and reversible
+- [ ] Feature flags set correctly for this deployment
+
+### Gate 5 — Breaking Changes
+- [ ] API contract changes are backward-compatible (or versioned)
+- [ ] Database schema changes are additive (no column drops without migration)
+- [ ] No removed public exports/endpoints without deprecation period
+- [ ] Breaking changes documented in CHANGELOG
+
+### Gate 6 — Operational Readiness
+- [ ] Health check endpoint exists and responds
+- [ ] Logging is adequate for debugging production issues
+- [ ] Error handling returns appropriate HTTP status codes
+- [ ] Rate limiting is configured for public endpoints
+
+### Verdict
+
+<HARD-GATE>
+If the verdict is NO-GO, do NOT proceed with deployment, merge, or marking as ready.
+All critical blockers MUST be resolved and gates re-run before proceeding.
+Do NOT downgrade a NO-GO to CONDITIONAL without fixing the underlying issue.
+</HARD-GATE>
+
+Produce a clear GO / NO-GO / CONDITIONAL decision:
+- **GO**: All gates pass
+- **CONDITIONAL**: Non-critical issues found — list what to fix or accept
+- **NO-GO**: Critical blocker found — must fix before deployment
+
+## Tools Required
+
+- `terminal` — Run tests, linters, audit tools
+- `codebase` — Scan for anti-patterns, secrets, debug statements
+- `crewpilot_metrics_coverage` — Coverage report
+- `crewpilot_metrics_complexity` — Complexity scores
+- `crewpilot_git_diff` — Changes since last deploy/tag
+
+## Output Format
+
+```
+## [CrewPilot → Deploy Guard]
+
+### Gate Results
+
+| Gate | Status | Issues |
+|---|---|---|
+| Code Quality | {pass/warn/fail} | {count} |
+| Test Integrity | {pass/warn/fail} | {count} |
+| Security | {pass/warn/fail} | {count} |
+| Configuration | {pass/warn/fail} | {count} |
+| Breaking Changes | {pass/warn/fail} | {count} |
+| Operational Readiness | {pass/warn/fail} | {count} |
+
+### Blockers (if any)
+{critical issues that block deployment}
+
+### Warnings (if any)
+{non-critical issues to be aware of}
+
+### Verdict: {GO / NO-GO / CONDITIONAL}
+{reasoning}
+```
+
+## Chains To
+
+- `vulnerability-scan` — If security gate needs deeper analysis
+- `change-management` — Fix and recommit if issues found
+- `knowledge-base` — Record deployment decision and any exceptions made
+
+## Anti-Patterns
+
+- Do NOT always say GO — be honest about risks
+- Do NOT block on style issues — only on functional and security concerns
+- Do NOT check gates that aren't relevant (no DB gate for a pure frontend change)
+- Do NOT skip the verdict — always provide a clear decision

package/prompts/skills/deliver-doc-governance/SKILL.md

@@ -1,130 +1,130 @@
-# Doc Governance
-
-> **Pillar**: Deliver | **ID**: `deliver-doc-governance`
-
-## Purpose
-
-Documentation drift detection and synchronization. Ensures READMEs, API docs, and inline documentation stay accurate as code evolves. Treats documentation as a first-class deliverable.
-
-## Activation Triggers
-
-- "update docs", "docs are stale", "check documentation"
-- "sync README", "API docs", "documentation drift"
-- Automatically chained after `feature-builder` or `architecture-planner` when public APIs change
-
-## Methodology
-
-### Process Flow
-
-```dot
-digraph doc_governance {
-    rankdir=TB;
-    node [shape=box];
-
-    inventory [label="Phase 1\nDocumentation Inventory"];
-    drift [label="Phase 2\nDrift Detection"];
-    classify [label="Phase 3\nImpact Classification"];
-    fix [label="Phase 4\nRemediation"];
-    complete [label="Phase 5\nCompleteness Check", shape=doublecircle];
-
-    inventory -> drift;
-    drift -> classify [label="drift found"];
-    drift -> complete [label="no drift"];
-    classify -> fix;
-    fix -> complete;
-}
-```
-
-### Phase 1 — Documentation Inventory
-1. Locate all documentation files:
-   - `README.md` at root and in subdirectories
-   - `docs/` folder content
-   - API documentation (OpenAPI/Swagger, JSDoc, docstrings)
-   - Inline code comments in public interfaces
-   - `CHANGELOG.md`, `CONTRIBUTING.md`
-2. Map documentation → code relationships
-
-### Phase 2 — Drift Detection
-Compare documentation against current code:
-
-| Check | Method |
-|---|---|
-| **API signatures** | Compare documented function signatures vs. actual |
-| **Configuration** | Compare documented env vars/config vs. actual usage |
-| **Installation** | Verify documented install steps still work |
-| **Examples** | Check if code examples still compile/run |
-| **Architecture** | Compare documented structure vs. actual file tree |
-| **Dependencies** | Compare documented requirements vs. actual manifests |
-
-For each drift found:
-```
-DRIFT: {doc file}:{line} — {what's documented} ≠ {what's actual}
-```
-
-### Phase 3 — Impact Classification
-
-| Severity | Criteria |
-|---|---|
-| **Critical** | Wrong API usage instructions — will cause errors for users |
-| **High** | Missing documentation for new public features |
-| **Medium** | Outdated examples, stale screenshots, wrong file paths |
-| **Low** | Minor wording inaccuracies, formatting issues |
-
-### Phase 4 — Remediation
-For each drift:
-1. Generate the corrected documentation
-2. Preserve the existing documentation style and voice
-3. Add/update code examples that are verified to work
-4. Update any auto-generated content (table of contents, API reference)
-
-### Phase 5 — Completeness Check
-Verify minimum documentation exists:
-- [ ] README with project description, setup, usage
-- [ ] API documentation for all public interfaces
-- [ ] Configuration reference for all env vars/settings
-- [ ] Contributing guide (for open source)
-- [ ] Changelog (if releases are managed)
-
-## Tools Required
-
-- `codebase` — Read source code and documentation files
-- `terminal` — Verify install steps, run examples
-- `catalyst_knowledge_search` — Check if documentation decisions were previously recorded
-
-## Output Format
-
-```
-## [Catalyst → Doc Governance]
-
-### Documentation Map
-| Doc File | Covers | Status |
-|---|---|---|
-| {path} | {what it documents} | {current/stale/missing} |
-
-### Drift Detected
-#### [{severity}] {doc file}:{line}
-**Documented**: {what the doc says}
-**Actual**: {what the code does}
-**Fix**: {corrected content}
-
----
-(repeat per drift)
-
-### Completeness
-{checklist with status}
-
-### Summary
-{N} drifts found: {critical}/{high}/{medium}/{low}
-```
-
-## Chains To
-
-- `change-management` — Commit documentation updates
-- `architecture-planner` — If architecture docs need major restructuring
-
-## Anti-Patterns
-
-- Do NOT rewrite documentation in a different voice/style
-- Do NOT add documentation for internal/private APIs unless asked
-- Do NOT remove valid documentation just because it's verbose
-- Do NOT generate placeholder documentation ("TODO: add docs")
+# Doc Governance
+
+> **Pillar**: Deliver | **ID**: `deliver-doc-governance`
+
+## Purpose
+
+Documentation drift detection and synchronization. Ensures READMEs, API docs, and inline documentation stay accurate as code evolves. Treats documentation as a first-class deliverable.
+
+## Activation Triggers
+
+- "update docs", "docs are stale", "check documentation"
+- "sync README", "API docs", "documentation drift"
+- Automatically chained after `feature-builder` or `architecture-planner` when public APIs change
+
+## Methodology
+
+### Process Flow
+
+```dot
+digraph doc_governance {
+    rankdir=TB;
+    node [shape=box];
+
+    inventory [label="Phase 1\nDocumentation Inventory"];
+    drift [label="Phase 2\nDrift Detection"];
+    classify [label="Phase 3\nImpact Classification"];
+    fix [label="Phase 4\nRemediation"];
+    complete [label="Phase 5\nCompleteness Check", shape=doublecircle];
+
+    inventory -> drift;
+    drift -> classify [label="drift found"];
+    drift -> complete [label="no drift"];
+    classify -> fix;
+    fix -> complete;
+}
+```
+
+### Phase 1 — Documentation Inventory
+1. Locate all documentation files:
+   - `README.md` at root and in subdirectories
+   - `docs/` folder content
+   - API documentation (OpenAPI/Swagger, JSDoc, docstrings)
+   - Inline code comments in public interfaces
+   - `CHANGELOG.md`, `CONTRIBUTING.md`
+2. Map documentation → code relationships
+
+### Phase 2 — Drift Detection
+Compare documentation against current code:
+
+| Check | Method |
+|---|---|
+| **API signatures** | Compare documented function signatures vs. actual |
+| **Configuration** | Compare documented env vars/config vs. actual usage |
+| **Installation** | Verify documented install steps still work |
+| **Examples** | Check if code examples still compile/run |
+| **Architecture** | Compare documented structure vs. actual file tree |
+| **Dependencies** | Compare documented requirements vs. actual manifests |
+
+For each drift found:
+```
+DRIFT: {doc file}:{line} — {what's documented} ≠ {what's actual}
+```
+
+### Phase 3 — Impact Classification
+
+| Severity | Criteria |
+|---|---|
+| **Critical** | Wrong API usage instructions — will cause errors for users |
+| **High** | Missing documentation for new public features |
+| **Medium** | Outdated examples, stale screenshots, wrong file paths |
+| **Low** | Minor wording inaccuracies, formatting issues |
+
+### Phase 4 — Remediation
+For each drift:
+1. Generate the corrected documentation
+2. Preserve the existing documentation style and voice
+3. Add/update code examples that are verified to work
+4. Update any auto-generated content (table of contents, API reference)
+
+### Phase 5 — Completeness Check
+Verify minimum documentation exists:
+- [ ] README with project description, setup, usage
+- [ ] API documentation for all public interfaces
+- [ ] Configuration reference for all env vars/settings
+- [ ] Contributing guide (for open source)
+- [ ] Changelog (if releases are managed)
+
+## Tools Required
+
+- `codebase` — Read source code and documentation files
+- `terminal` — Verify install steps, run examples
+- `crewpilot_knowledge_search` — Check if documentation decisions were previously recorded
+
+## Output Format
+
+```
+## [CrewPilot → Doc Governance]
+
+### Documentation Map
+| Doc File | Covers | Status |
+|---|---|---|
+| {path} | {what it documents} | {current/stale/missing} |
+
+### Drift Detected
+#### [{severity}] {doc file}:{line}
+**Documented**: {what the doc says}
+**Actual**: {what the code does}
+**Fix**: {corrected content}
+
+---
+(repeat per drift)
+
+### Completeness
+{checklist with status}
+
+### Summary
+{N} drifts found: {critical}/{high}/{medium}/{low}
+```
+
+## Chains To
+
+- `change-management` — Commit documentation updates
+- `architecture-planner` — If architecture docs need major restructuring
+
+## Anti-Patterns
+
+- Do NOT rewrite documentation in a different voice/style
+- Do NOT add documentation for internal/private APIs unless asked
+- Do NOT remove valid documentation just because it's verbose
+- Do NOT generate placeholder documentation ("TODO: add docs")