@defai.digital/automatosx 12.6.3 → 12.7.0

package/dist/index.js

@@ -10417,7 +10417,7 @@ var PRECOMPILED_CONFIG = {
     "enableFreeTierPrioritization": true,
     "enableWorkloadAwareRouting": true
   },
-  "version": "12.6.3"
+  "version": "12.7.0"
 };
 
 // src/core/config/schemas.ts
@@ -10850,10 +10850,11 @@ async function loadConfigFile(path9) {
     if (error instanceof ConfigError) {
       throw error;
     }
-    if (error.code === "ENOENT") {
+    const nodeError = error;
+    if (nodeError.code === "ENOENT") {
       throw ConfigError.notFound(path9);
     }
-    if (error.code === "EACCES") {
+    if (nodeError.code === "EACCES") {
       throw new ConfigError(
         `Permission denied reading config: ${path9}`,
         "E1002" /* CONFIG_PARSE_ERROR */,
@@ -11306,7 +11307,8 @@ async function saveConfigFile(path9, config) {
     if (error instanceof ConfigError) {
       throw error;
     }
-    if (error.code === "EACCES") {
+    const nodeError = error;
+    if (nodeError.code === "EACCES") {
       throw new ConfigError(
         `Permission denied writing config: ${path9}`,
         "E1002" /* CONFIG_PARSE_ERROR */,
@@ -11315,7 +11317,7 @@ async function saveConfigFile(path9, config) {
           "Run with appropriate user privileges",
           "Verify the directory is writable"
         ],
-        { path: path9, error: error.message }
+        { path: path9, error: nodeError.message }
       );
     }
     throw new ConfigError(
@@ -13318,6 +13320,1374 @@ function safeValidateAgentProfile(profile) {
 }
 agentProfileSchema.partial();
 
+// src/agents/cognitive/prompt-composer.ts
+init_esm_shims();
+
+// src/agents/cognitive/reasoning-scaffolds.ts
+init_esm_shims();
+var PROVER_STEPS = [
+  {
+    id: "1_intake",
+    name: "INTAKE",
+    description: "Understand before acting",
+    requiredActions: [
+      "Restate the goal, constraints, and success criteria in your own words",
+      "Read relevant files and cite them (path:line) - do NOT hypothesize without evidence",
+      "List your assumptions and unknowns explicitly",
+      "If blockers exist that prevent progress, ask 1-3 focused clarifying questions"
+    ],
+    skipWhen: ["Task is trivial and self-explanatory"]
+  },
+  {
+    id: "2_risk_scan",
+    name: "RISK SCAN",
+    description: "Anticipate failure modes before they occur",
+    requiredActions: [
+      "Run through your domain-specific checklist (see DOMAIN CHECKLIST section)",
+      "Flag any high-risk items explicitly with [RISK] tag",
+      "Propose mitigations for critical risks before proceeding",
+      "If risks are unacceptable, STOP and discuss with user"
+    ]
+  },
+  {
+    id: "3_options",
+    name: "OPTIONS",
+    description: "Consider alternatives before committing",
+    requiredActions: [
+      "Generate 2-3 viable approaches (skip only if truly trivial)",
+      "Compare each against: complexity, performance, risk, maintainability",
+      "Choose one approach with explicit rationale",
+      "Document what was rejected and why (prevents revisiting)"
+    ],
+    skipWhen: ["Single obvious solution exists", "Task is a simple bug fix"]
+  },
+  {
+    id: "4_plan",
+    name: "PLAN",
+    description: "Decompose before executing",
+    requiredActions: [
+      "Break work into ordered steps (even if small)",
+      "Identify dependencies between steps",
+      "Note which steps are reversible vs. irreversible",
+      'For trivial tasks: "Plan: Single-step execution"'
+    ]
+  },
+  {
+    id: "5_execute",
+    name: "EXECUTE",
+    description: "Implement with discipline",
+    requiredActions: [
+      "Follow the plan step-by-step",
+      "Cite existing patterns in codebase when applicable",
+      "Keep changes minimal and focused - resist scope creep",
+      "Document non-obvious decisions with brief inline comments",
+      "If blocked during execution, update plan rather than improvising"
+    ]
+  },
+  {
+    id: "6_validate",
+    name: "VALIDATE",
+    description: "Verify before delivering - never ship unvalidated work",
+    requiredActions: [
+      "Run verification commands (typecheck, tests, lint)",
+      "State explicitly what WAS validated",
+      "State explicitly what was NOT validated (gaps)",
+      "Note residual risks that remain after validation",
+      "If validation fails, diagnose and fix before reporting"
+    ]
+  },
+  {
+    id: "7_report",
+    name: "REPORT",
+    description: "Structured delivery with full transparency",
+    requiredActions: [
+      "Use the OUTPUT FORMAT structure (see OUTPUT FORMAT section)",
+      "Be concise but complete - no hand-waving",
+      "Include file references with paths for all changes",
+      "Specify concrete follow-up actions if any"
+    ]
+  }
+];
+var PROVER_TEMPLATE = `## MANDATORY REASONING LOOP (PROVER)
+
+For EVERY task, follow this sequence. Skipping steps leads to mistakes.
+
+### 1. INTAKE (before touching code)
+**Purpose**: Understand before acting
+
+- **Restate**: Goal, constraints, success criteria in your own words
+- **Recon**: Read relevant files (cite \`path:line\`) - do NOT hypothesize without evidence
+- **Unknowns**: List assumptions explicitly
+- **Blockers**: If blockers exist, ask 1-3 focused clarifying questions
+
+### 2. RISK SCAN
+**Purpose**: Anticipate failure modes
+
+- Run through your DOMAIN CHECKLIST (see below)
+- Flag high-risk items with [RISK] tag
+- Propose mitigations for critical risks
+- If risks are unacceptable, STOP and discuss
+
+### 3. OPTIONS (skip if truly trivial)
+**Purpose**: Consider alternatives before committing
+
+- Generate 2-3 viable approaches
+- Compare: complexity, performance, risk, maintainability
+- Choose one with explicit rationale
+- Note what was rejected and why
+
+### 4. PLAN
+**Purpose**: Decompose before executing
+
+- Break work into ordered steps
+- Identify dependencies between steps
+- Note reversible vs. irreversible steps
+- For trivial tasks: "Plan: Single-step execution"
+
+### 5. EXECUTE
+**Purpose**: Implement with discipline
+
+- Follow plan step-by-step
+- Cite existing patterns in codebase
+- Keep changes minimal - resist scope creep
+- If blocked, update plan rather than improvising
+
+### 6. VALIDATE
+**Purpose**: Never ship unvalidated work
+
+- Run: typecheck, tests, lint (as applicable)
+- State what WAS validated
+- State what was NOT validated (gaps)
+- If validation fails, fix before reporting
+
+### 7. REPORT
+**Purpose**: Structured delivery
+
+- Use the OUTPUT FORMAT structure
+- Include file paths for all changes
+- Specify follow-up actions
+
+---
+
+**CRITICAL**: If uncertain at any step, ASK rather than assume.
+If proceeding with assumptions, LIST THEM EXPLICITLY.
+`;
+var LITE_STEPS = [
+  {
+    id: "1_understand",
+    name: "UNDERSTAND",
+    description: "Quick comprehension",
+    requiredActions: [
+      "Confirm what needs to be done",
+      "Check relevant file if needed"
+    ]
+  },
+  {
+    id: "2_do",
+    name: "DO",
+    description: "Execute the task",
+    requiredActions: [
+      "Make the change",
+      "Follow existing patterns"
+    ]
+  },
+  {
+    id: "3_verify",
+    name: "VERIFY",
+    description: "Quick validation",
+    requiredActions: [
+      "Run typecheck/tests if applicable",
+      "Note if verification was skipped and why"
+    ]
+  },
+  {
+    id: "4_report",
+    name: "REPORT",
+    description: "Brief summary",
+    requiredActions: [
+      "State what was done",
+      "Note any caveats or follow-ups"
+    ]
+  }
+];
+var LITE_TEMPLATE = `## REASONING LOOP (LITE)
+
+For simple tasks, follow this streamlined process:
+
+### 1. UNDERSTAND
+- Confirm what needs to be done
+- Check relevant file if needed
+
+### 2. DO
+- Make the change
+- Follow existing patterns
+
+### 3. VERIFY
+- Run typecheck/tests if applicable
+- Note if skipped and why
+
+### 4. REPORT
+- State what was done
+- Note any caveats
+
+---
+
+**Escalate to PROVER scaffold if task is more complex than expected.**
+`;
+var SCAFFOLDS = {
+  prover: {
+    id: "prover",
+    name: "PROVER",
+    description: "Full reasoning loop: Plan-Risk-Options-Validate-Execute-Report",
+    steps: PROVER_STEPS,
+    template: PROVER_TEMPLATE
+  },
+  lite: {
+    id: "lite",
+    name: "LITE",
+    description: "Lightweight reasoning: Understand-Do-Verify-Report",
+    steps: LITE_STEPS,
+    template: LITE_TEMPLATE
+  }
+};
+function getReasoningScaffold(type) {
+  const scaffold = SCAFFOLDS[type];
+  if (!scaffold) {
+    throw new Error(`Unknown reasoning scaffold: ${type}`);
+  }
+  return scaffold;
+}
+function getScaffoldTemplate(type) {
+  return getReasoningScaffold(type).template;
+}
+
+// src/agents/cognitive/role-checklists.ts
+init_esm_shims();
+var BACKEND_CHECKLIST = {
+  id: "backend",
+  name: "Backend Checklist",
+  role: "Backend Developer",
+  categories: {
+    security: [
+      { id: "be-sec-1", category: "security", text: "Authentication: Are endpoints properly protected?", severity: "critical", triggers: ["api", "endpoint", "route"] },
+      { id: "be-sec-2", category: "security", text: "Authorization: Is access control enforced (who can do what)?", severity: "critical", triggers: ["user", "role", "permission"] },
+      { id: "be-sec-3", category: "security", text: "Input validation: Are all inputs validated and sanitized?", severity: "critical", triggers: ["input", "request", "body", "params"] },
+      { id: "be-sec-4", category: "security", text: "Secrets: No hardcoded credentials, tokens, or keys?", severity: "critical", triggers: ["config", "env", "secret", "key"] }
+    ],
+    data_integrity: [
+      { id: "be-data-1", category: "data_integrity", text: "Migrations: Are database migrations reversible and safe?", severity: "high", triggers: ["migration", "schema", "database", "table"] },
+      { id: "be-data-2", category: "data_integrity", text: "Transactions: Are operations atomic where needed?", severity: "high", triggers: ["transaction", "update", "insert", "delete"] },
+      { id: "be-data-3", category: "data_integrity", text: "Idempotency: Can operations be safely retried?", severity: "medium", triggers: ["retry", "idempotent", "duplicate"] },
+      { id: "be-data-4", category: "data_integrity", text: "Data validation: Are data constraints enforced at DB level?", severity: "medium", triggers: ["constraint", "schema", "validate"] }
+    ],
+    performance: [
+      { id: "be-perf-1", category: "performance", text: "N+1 queries: Are database calls optimized (no loops of queries)?", severity: "high", triggers: ["query", "loop", "database", "fetch"] },
+      { id: "be-perf-2", category: "performance", text: "Caching: Is caching strategy appropriate for this data?", severity: "medium", triggers: ["cache", "redis", "memory"] },
+      { id: "be-perf-3", category: "performance", text: "Indexing: Are queries using appropriate indexes?", severity: "medium", triggers: ["query", "search", "filter", "where"] },
+      { id: "be-perf-4", category: "performance", text: "Connection pooling: Are database connections managed properly?", severity: "medium", triggers: ["connection", "pool", "database"] }
+    ],
+    reliability: [
+      { id: "be-rel-1", category: "reliability", text: "Error handling: Are errors caught, logged, and handled gracefully?", severity: "high", triggers: ["error", "catch", "exception"] },
+      { id: "be-rel-2", category: "reliability", text: "Retry logic: Is there backoff for transient failures?", severity: "medium", triggers: ["retry", "backoff", "timeout"] },
+      { id: "be-rel-3", category: "reliability", text: "Circuit breakers: Are external service calls protected?", severity: "medium", triggers: ["external", "api", "service", "http"] },
+      { id: "be-rel-4", category: "reliability", text: "Observability: Are metrics, logs, and traces in place?", severity: "medium", triggers: ["log", "metric", "trace", "monitor"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Backend
+
+Before finalizing, verify each applicable item:
+
+**Security** (CRITICAL)
+- [ ] Authentication: Are endpoints properly protected?
+- [ ] Authorization: Is access control enforced?
+- [ ] Input validation: Are all inputs sanitized?
+- [ ] Secrets: No hardcoded credentials?
+
+**Data Integrity** (HIGH)
+- [ ] Migrations: Reversible and safe?
+- [ ] Transactions: Atomic where needed?
+- [ ] Idempotency: Safe to retry?
+- [ ] Data validation: Constraints enforced?
+
+**Performance** (MEDIUM-HIGH)
+- [ ] N+1 queries: Optimized database calls?
+- [ ] Caching: Appropriate strategy?
+- [ ] Indexing: Queries using indexes?
+- [ ] Connection pooling: Managed properly?
+
+**Reliability** (HIGH)
+- [ ] Error handling: Graceful failures?
+- [ ] Retry logic: Backoff for transient failures?
+- [ ] Circuit breakers: External calls protected?
+- [ ] Observability: Logs, metrics, traces?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var FRONTEND_CHECKLIST = {
+  id: "frontend",
+  name: "Frontend Checklist",
+  role: "Frontend Developer",
+  categories: {
+    accessibility: [
+      { id: "fe-a11y-1", category: "accessibility", text: "Semantic HTML: Are elements properly labeled (headings, landmarks)?", severity: "high", triggers: ["html", "element", "component"] },
+      { id: "fe-a11y-2", category: "accessibility", text: "Keyboard navigation: Is everything navigable without mouse?", severity: "high", triggers: ["button", "link", "interactive", "focus"] },
+      { id: "fe-a11y-3", category: "accessibility", text: "Screen reader: Are ARIA labels and roles correct?", severity: "high", triggers: ["aria", "label", "role"] },
+      { id: "fe-a11y-4", category: "accessibility", text: "Color contrast: Does it meet WCAG AA standards?", severity: "medium", triggers: ["color", "text", "background", "style"] }
+    ],
+    user_experience: [
+      { id: "fe-ux-1", category: "user_experience", text: "Loading states: Are async operations indicated to user?", severity: "high", triggers: ["async", "fetch", "load", "api"] },
+      { id: "fe-ux-2", category: "user_experience", text: "Error states: Are failures communicated clearly?", severity: "high", triggers: ["error", "fail", "catch"] },
+      { id: "fe-ux-3", category: "user_experience", text: "Empty states: Is there guidance when no data exists?", severity: "medium", triggers: ["empty", "no data", "list", "table"] },
+      { id: "fe-ux-4", category: "user_experience", text: "Responsive: Does it work on all screen sizes?", severity: "high", triggers: ["layout", "grid", "flex", "responsive"] }
+    ],
+    performance: [
+      { id: "fe-perf-1", category: "performance", text: "Bundle size: Are imports optimized (no full library imports)?", severity: "medium", triggers: ["import", "library", "package"] },
+      { id: "fe-perf-2", category: "performance", text: "Lazy loading: Are heavy components/routes deferred?", severity: "medium", triggers: ["route", "component", "heavy", "large"] },
+      { id: "fe-perf-3", category: "performance", text: "Memoization: Are expensive renders cached (useMemo, React.memo)?", severity: "medium", triggers: ["render", "memo", "expensive", "computation"] },
+      { id: "fe-perf-4", category: "performance", text: "Images: Are they optimized and lazy-loaded?", severity: "medium", triggers: ["image", "img", "picture", "media"] }
+    ],
+    security: [
+      { id: "fe-sec-1", category: "security", text: "XSS: Is user-generated content sanitized before rendering?", severity: "critical", triggers: ["user", "content", "html", "dangerously"] },
+      { id: "fe-sec-2", category: "security", text: "CSRF: Are forms and state-changing requests protected?", severity: "high", triggers: ["form", "submit", "post", "put", "delete"] },
+      { id: "fe-sec-3", category: "security", text: "Sensitive data: Is PII handled correctly (not logged, masked)?", severity: "high", triggers: ["password", "email", "personal", "sensitive"] },
+      { id: "fe-sec-4", category: "security", text: "Dependencies: No known vulnerable packages?", severity: "medium", triggers: ["dependency", "package", "npm"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Frontend
+
+Before finalizing, verify each applicable item:
+
+**Accessibility** (HIGH)
+- [ ] Semantic HTML: Proper labels and landmarks?
+- [ ] Keyboard navigation: Works without mouse?
+- [ ] Screen reader: ARIA labels correct?
+- [ ] Color contrast: Meets WCAG AA?
+
+**User Experience** (HIGH)
+- [ ] Loading states: Async operations indicated?
+- [ ] Error states: Failures communicated clearly?
+- [ ] Empty states: Guidance when no data?
+- [ ] Responsive: Works on all screen sizes?
+
+**Performance** (MEDIUM)
+- [ ] Bundle size: Imports optimized?
+- [ ] Lazy loading: Heavy components deferred?
+- [ ] Memoization: Expensive renders cached?
+- [ ] Images: Optimized and lazy-loaded?
+
+**Security** (CRITICAL-HIGH)
+- [ ] XSS: User content sanitized?
+- [ ] CSRF: Forms protected?
+- [ ] Sensitive data: PII handled correctly?
+- [ ] Dependencies: No known vulnerabilities?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var SECURITY_CHECKLIST = {
+  id: "security",
+  name: "Security Checklist",
+  role: "Security Engineer",
+  categories: {
+    threat_model: [
+      { id: "sec-tm-1", category: "threat_model", text: "Attack surface: What can be attacked? (inputs, APIs, data stores)", severity: "critical", triggers: ["api", "input", "endpoint"] },
+      { id: "sec-tm-2", category: "threat_model", text: "Threat actors: Who would attack this? (script kiddies, insiders, nation states)", severity: "high", triggers: ["user", "access", "public"] },
+      { id: "sec-tm-3", category: "threat_model", text: "Assets: What valuable data/access is at risk?", severity: "critical", triggers: ["data", "pii", "credential", "secret"] },
+      { id: "sec-tm-4", category: "threat_model", text: "STRIDE: Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation?", severity: "high", triggers: ["security", "threat", "vulnerability"] }
+    ],
+    owasp_top_10: [
+      { id: "sec-owasp-1", category: "owasp_top_10", text: "Injection: SQL, NoSQL, OS, LDAP injection possible?", severity: "critical", triggers: ["query", "sql", "database", "command"] },
+      { id: "sec-owasp-2", category: "owasp_top_10", text: "Broken Auth: Session management, credential handling secure?", severity: "critical", triggers: ["auth", "login", "session", "token"] },
+      { id: "sec-owasp-3", category: "owasp_top_10", text: "Sensitive Data: Encryption at rest and in transit?", severity: "critical", triggers: ["encrypt", "https", "data", "store"] },
+      { id: "sec-owasp-4", category: "owasp_top_10", text: "XXE: External entity processing disabled?", severity: "high", triggers: ["xml", "parse", "entity"] },
+      { id: "sec-owasp-5", category: "owasp_top_10", text: "Broken Access Control: Privilege escalation possible?", severity: "critical", triggers: ["role", "permission", "admin", "access"] },
+      { id: "sec-owasp-6", category: "owasp_top_10", text: "Misconfiguration: Default settings, errors exposed?", severity: "high", triggers: ["config", "default", "error", "debug"] },
+      { id: "sec-owasp-7", category: "owasp_top_10", text: "XSS: Reflected, stored, DOM-based XSS possible?", severity: "critical", triggers: ["html", "script", "render", "output"] },
+      { id: "sec-owasp-8", category: "owasp_top_10", text: "Deserialization: Untrusted data deserialized safely?", severity: "high", triggers: ["json", "deserialize", "parse", "object"] },
+      { id: "sec-owasp-9", category: "owasp_top_10", text: "Components: Using components with known vulnerabilities?", severity: "high", triggers: ["dependency", "package", "library", "npm"] },
+      { id: "sec-owasp-10", category: "owasp_top_10", text: "Logging: Insufficient monitoring and logging?", severity: "medium", triggers: ["log", "audit", "monitor", "alert"] }
+    ],
+    secrets: [
+      { id: "sec-secret-1", category: "secrets", text: "No hardcoded secrets in code or config files?", severity: "critical", triggers: ["key", "token", "password", "secret"] },
+      { id: "sec-secret-2", category: "secrets", text: "Environment variables for sensitive config?", severity: "high", triggers: ["env", "config", "setting"] },
+      { id: "sec-secret-3", category: "secrets", text: "Secrets rotation policy in place?", severity: "medium", triggers: ["rotate", "expire", "refresh"] },
+      { id: "sec-secret-4", category: "secrets", text: "Audit logging for secret access?", severity: "medium", triggers: ["audit", "access", "log"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Security
+
+Before finalizing, verify each applicable item:
+
+**Threat Model** (CRITICAL)
+- [ ] Attack surface: What can be attacked?
+- [ ] Threat actors: Who would attack this?
+- [ ] Assets: What valuable data is at risk?
+- [ ] STRIDE: Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation?
+
+**OWASP Top 10** (CRITICAL)
+- [ ] Injection: SQL/NoSQL/OS/LDAP injection possible?
+- [ ] Broken Auth: Session/credential handling secure?
+- [ ] Sensitive Data: Encrypted at rest and in transit?
+- [ ] XXE: External entity processing disabled?
+- [ ] Broken Access Control: Privilege escalation possible?
+- [ ] Misconfiguration: Defaults secured, errors hidden?
+- [ ] XSS: Reflected/stored/DOM XSS prevented?
+- [ ] Deserialization: Untrusted data handled safely?
+- [ ] Components: No known vulnerable dependencies?
+- [ ] Logging: Sufficient monitoring and alerting?
+
+**Secrets Management** (CRITICAL)
+- [ ] No hardcoded secrets in code?
+- [ ] Env vars for sensitive config?
+- [ ] Rotation policy exists?
+- [ ] Audit logging for access?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var QUALITY_CHECKLIST = {
+  id: "quality",
+  name: "Quality Checklist",
+  role: "QA Engineer",
+  categories: {
+    test_scope: [
+      { id: "qa-scope-1", category: "test_scope", text: "Requirements: Are all requirements covered by tests?", severity: "high", triggers: ["requirement", "spec", "feature"] },
+      { id: "qa-scope-2", category: "test_scope", text: "Edge cases: Are boundary conditions tested?", severity: "high", triggers: ["edge", "boundary", "limit", "max", "min"] },
+      { id: "qa-scope-3", category: "test_scope", text: "Error paths: Are failure scenarios tested?", severity: "high", triggers: ["error", "fail", "exception", "invalid"] },
+      { id: "qa-scope-4", category: "test_scope", text: "Integration points: Are interfaces tested?", severity: "medium", triggers: ["api", "interface", "integration", "external"] }
+    ],
+    test_quality: [
+      { id: "qa-qual-1", category: "test_quality", text: "Isolation: Are tests independent (no shared state)?", severity: "high", triggers: ["test", "describe", "it"] },
+      { id: "qa-qual-2", category: "test_quality", text: "Determinism: Do tests pass consistently (no flakiness)?", severity: "high", triggers: ["flaky", "random", "timeout", "intermittent"] },
+      { id: "qa-qual-3", category: "test_quality", text: "Speed: Are tests fast enough for CI feedback loop?", severity: "medium", triggers: ["slow", "timeout", "performance"] },
+      { id: "qa-qual-4", category: "test_quality", text: "Readability: Can failures be diagnosed quickly?", severity: "medium", triggers: ["message", "assert", "expect"] }
+    ],
+    regression: [
+      { id: "qa-reg-1", category: "regression", text: "Existing tests: Do all existing tests still pass?", severity: "critical", triggers: ["change", "modify", "update"] },
+      { id: "qa-reg-2", category: "regression", text: "Coverage: Has test coverage decreased?", severity: "high", triggers: ["coverage", "uncovered", "gap"] },
+      { id: "qa-reg-3", category: "regression", text: "Breaking changes: Are APIs backward compatible?", severity: "high", triggers: ["api", "interface", "contract", "public"] },
+      { id: "qa-reg-4", category: "regression", text: "Performance: Has latency/memory regressed?", severity: "medium", triggers: ["performance", "latency", "memory", "slow"] }
+    ],
+    validation: [
+      { id: "qa-val-1", category: "validation", text: "Reproducibility: Can the bug/behavior be reproduced?", severity: "high", triggers: ["bug", "issue", "reproduce"] },
+      { id: "qa-val-2", category: "validation", text: "Root cause: Is the fix addressing the root cause?", severity: "high", triggers: ["fix", "patch", "resolve"] },
+      { id: "qa-val-3", category: "validation", text: "Side effects: Are there unintended changes?", severity: "medium", triggers: ["change", "affect", "impact"] },
+      { id: "qa-val-4", category: "validation", text: "Documentation: Are test changes documented?", severity: "low", triggers: ["doc", "comment", "readme"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Quality
+
+Before finalizing, verify each applicable item:
+
+**Test Scope** (HIGH)
+- [ ] Requirements: All requirements covered?
+- [ ] Edge cases: Boundary conditions tested?
+- [ ] Error paths: Failure scenarios tested?
+- [ ] Integration points: Interfaces tested?
+
+**Test Quality** (HIGH)
+- [ ] Isolation: Tests independent (no shared state)?
+- [ ] Determinism: Tests pass consistently?
+- [ ] Speed: Fast enough for CI?
+- [ ] Readability: Failures diagnosable?
+
+**Regression** (CRITICAL)
+- [ ] Existing tests: All still pass?
+- [ ] Coverage: Not decreased?
+- [ ] Breaking changes: APIs compatible?
+- [ ] Performance: No regression?
+
+**Validation** (HIGH)
+- [ ] Reproducibility: Bug reproducible?
+- [ ] Root cause: Fix addresses cause?
+- [ ] Side effects: No unintended changes?
+- [ ] Documentation: Changes documented?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var ARCHITECTURE_CHECKLIST = {
+  id: "architecture",
+  name: "Architecture Checklist",
+  role: "Software Architect",
+  categories: {
+    design: [
+      { id: "arch-des-1", category: "design", text: "Requirements alignment: Does it solve the right problem?", severity: "critical", triggers: ["design", "architecture", "system"] },
+      { id: "arch-des-2", category: "design", text: "Simplicity: Is this the simplest viable solution?", severity: "high", triggers: ["complex", "simple", "pattern"] },
+      { id: "arch-des-3", category: "design", text: "Extensibility: Can it evolve with future needs?", severity: "medium", triggers: ["future", "extend", "scale"] },
+      { id: "arch-des-4", category: "design", text: "Consistency: Does it follow existing patterns?", severity: "high", triggers: ["pattern", "convention", "style"] }
+    ],
+    trade_offs: [
+      { id: "arch-trade-1", category: "trade_offs", text: "Performance vs. complexity trade-off documented?", severity: "high", triggers: ["performance", "complexity", "trade"] },
+      { id: "arch-trade-2", category: "trade_offs", text: "Build vs. buy decision documented?", severity: "medium", triggers: ["build", "buy", "library", "vendor"] },
+      { id: "arch-trade-3", category: "trade_offs", text: "Technology choices justified?", severity: "high", triggers: ["technology", "framework", "language"] },
+      { id: "arch-trade-4", category: "trade_offs", text: "Rejected alternatives documented?", severity: "medium", triggers: ["alternative", "option", "consider"] }
+    ],
+    risk: [
+      { id: "arch-risk-1", category: "risk", text: "Single points of failure identified?", severity: "critical", triggers: ["single", "failure", "dependency"] },
+      { id: "arch-risk-2", category: "risk", text: "Scalability bottlenecks identified?", severity: "high", triggers: ["scale", "bottleneck", "limit"] },
+      { id: "arch-risk-3", category: "risk", text: "Security implications considered?", severity: "critical", triggers: ["security", "auth", "data"] },
+      { id: "arch-risk-4", category: "risk", text: "Operational complexity acceptable?", severity: "medium", triggers: ["ops", "deploy", "maintain"] }
+    ],
+    governance: [
+      { id: "arch-gov-1", category: "governance", text: "ADR created for significant decisions?", severity: "high", triggers: ["decision", "adr", "architecture"] },
+      { id: "arch-gov-2", category: "governance", text: "Stakeholders consulted?", severity: "medium", triggers: ["stakeholder", "team", "review"] },
+      { id: "arch-gov-3", category: "governance", text: "Migration path defined?", severity: "high", triggers: ["migrate", "transition", "phase"] },
+      { id: "arch-gov-4", category: "governance", text: "Rollback strategy exists?", severity: "high", triggers: ["rollback", "revert", "undo"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Architecture
+
+Before finalizing, verify each applicable item:
+
+**Design** (CRITICAL-HIGH)
+- [ ] Requirements alignment: Solves the right problem?
+- [ ] Simplicity: Simplest viable solution?
+- [ ] Extensibility: Can evolve with future needs?
+- [ ] Consistency: Follows existing patterns?
+
+**Trade-offs** (HIGH)
+- [ ] Performance vs. complexity documented?
+- [ ] Build vs. buy decision documented?
+- [ ] Technology choices justified?
+- [ ] Rejected alternatives documented?
+
+**Risk** (CRITICAL)
+- [ ] Single points of failure identified?
+- [ ] Scalability bottlenecks identified?
+- [ ] Security implications considered?
+- [ ] Operational complexity acceptable?
+
+**Governance** (HIGH)
+- [ ] ADR created for significant decisions?
+- [ ] Stakeholders consulted?
+- [ ] Migration path defined?
+- [ ] Rollback strategy exists?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var DEVOPS_CHECKLIST = {
+  id: "devops",
+  name: "DevOps Checklist",
+  role: "DevOps Engineer",
+  categories: {
+    deployment: [
+      { id: "devops-dep-1", category: "deployment", text: "Zero-downtime: Can deploy without service interruption?", severity: "high", triggers: ["deploy", "release", "rollout"] },
+      { id: "devops-dep-2", category: "deployment", text: "Rollback: Can quickly revert if issues arise?", severity: "critical", triggers: ["rollback", "revert", "fail"] },
+      { id: "devops-dep-3", category: "deployment", text: "Configuration: Env-specific configs separated from code?", severity: "high", triggers: ["config", "env", "environment"] },
+      { id: "devops-dep-4", category: "deployment", text: "Secrets: Managed securely (not in code/config)?", severity: "critical", triggers: ["secret", "key", "credential"] }
+    ],
+    infrastructure: [
+      { id: "devops-infra-1", category: "infrastructure", text: "IaC: Infrastructure defined as code?", severity: "high", triggers: ["infrastructure", "terraform", "kubernetes"] },
+      { id: "devops-infra-2", category: "infrastructure", text: "Scaling: Auto-scaling configured correctly?", severity: "high", triggers: ["scale", "auto", "capacity"] },
+      { id: "devops-infra-3", category: "infrastructure", text: "Resources: CPU/memory limits appropriate?", severity: "medium", triggers: ["resource", "memory", "cpu", "limit"] },
+      { id: "devops-infra-4", category: "infrastructure", text: "Networking: Security groups and firewalls configured?", severity: "high", triggers: ["network", "firewall", "security group"] }
+    ],
+    observability: [
+      { id: "devops-obs-1", category: "observability", text: "Logging: Structured logs with correlation IDs?", severity: "high", triggers: ["log", "logging", "trace"] },
+      { id: "devops-obs-2", category: "observability", text: "Metrics: Key metrics exposed and collected?", severity: "high", triggers: ["metric", "prometheus", "grafana"] },
+      { id: "devops-obs-3", category: "observability", text: "Alerting: Alerts configured for critical conditions?", severity: "high", triggers: ["alert", "notify", "oncall"] },
+      { id: "devops-obs-4", category: "observability", text: "Dashboards: Visibility into system health?", severity: "medium", triggers: ["dashboard", "monitor", "visualize"] }
+    ],
+    reliability: [
+      { id: "devops-rel-1", category: "reliability", text: "Health checks: Liveness and readiness probes configured?", severity: "high", triggers: ["health", "probe", "check"] },
+      { id: "devops-rel-2", category: "reliability", text: "Disaster recovery: Backup and restore tested?", severity: "critical", triggers: ["backup", "restore", "disaster"] },
+      { id: "devops-rel-3", category: "reliability", text: "Failover: Multi-region/AZ redundancy?", severity: "high", triggers: ["failover", "redundancy", "region", "availability"] },
+      { id: "devops-rel-4", category: "reliability", text: "Runbooks: Incident response procedures documented?", severity: "medium", triggers: ["runbook", "incident", "procedure"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: DevOps
+
+Before finalizing, verify each applicable item:
+
+**Deployment** (CRITICAL-HIGH)
+- [ ] Zero-downtime: Deploy without interruption?
+- [ ] Rollback: Can quickly revert?
+- [ ] Configuration: Env-specific configs separated?
+- [ ] Secrets: Managed securely?
+
+**Infrastructure** (HIGH)
+- [ ] IaC: Infrastructure as code?
+- [ ] Scaling: Auto-scaling configured?
+- [ ] Resources: CPU/memory limits appropriate?
+- [ ] Networking: Security groups configured?
+
+**Observability** (HIGH)
+- [ ] Logging: Structured with correlation IDs?
+- [ ] Metrics: Key metrics collected?
+- [ ] Alerting: Critical alerts configured?
+- [ ] Dashboards: System health visible?
+
+**Reliability** (CRITICAL-HIGH)
+- [ ] Health checks: Probes configured?
+- [ ] Disaster recovery: Backup/restore tested?
+- [ ] Failover: Multi-region redundancy?
+- [ ] Runbooks: Incident procedures documented?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var DATA_CHECKLIST = {
+  id: "data",
+  name: "Data Checklist",
+  role: "Data Engineer",
+  categories: {
+    data_quality: [
+      { id: "data-qual-1", category: "data_quality", text: "Schema validation: Data conforms to expected schema?", severity: "high", triggers: ["schema", "type", "validate"] },
+      { id: "data-qual-2", category: "data_quality", text: "Null handling: Missing values handled appropriately?", severity: "high", triggers: ["null", "missing", "empty"] },
+      { id: "data-qual-3", category: "data_quality", text: "Duplicates: Deduplication strategy in place?", severity: "medium", triggers: ["duplicate", "unique", "distinct"] },
+      { id: "data-qual-4", category: "data_quality", text: "Freshness: Data SLAs defined and monitored?", severity: "medium", triggers: ["fresh", "stale", "latency", "sla"] }
+    ],
+    pipeline: [
+      { id: "data-pipe-1", category: "pipeline", text: "Idempotency: Pipeline can be safely re-run?", severity: "high", triggers: ["pipeline", "etl", "process"] },
+      { id: "data-pipe-2", category: "pipeline", text: "Error handling: Failed records captured for review?", severity: "high", triggers: ["error", "fail", "dead letter"] },
+      { id: "data-pipe-3", category: "pipeline", text: "Backfill: Historical data can be reprocessed?", severity: "medium", triggers: ["backfill", "historical", "reprocess"] },
+      { id: "data-pipe-4", category: "pipeline", text: "Monitoring: Pipeline health and progress visible?", severity: "high", triggers: ["monitor", "alert", "status"] }
+    ],
+    governance: [
+      { id: "data-gov-1", category: "governance", text: "Lineage: Data origin and transformations documented?", severity: "medium", triggers: ["lineage", "origin", "source"] },
+      { id: "data-gov-2", category: "governance", text: "Privacy: PII identified and protected?", severity: "critical", triggers: ["pii", "privacy", "gdpr", "personal"] },
+      { id: "data-gov-3", category: "governance", text: "Retention: Data lifecycle and deletion policies?", severity: "high", triggers: ["retention", "delete", "archive"] },
+      { id: "data-gov-4", category: "governance", text: "Access control: Data access properly restricted?", severity: "high", triggers: ["access", "permission", "role"] }
+    ],
+    performance: [
+      { id: "data-perf-1", category: "performance", text: "Partitioning: Data partitioned for query efficiency?", severity: "high", triggers: ["partition", "query", "large"] },
+      { id: "data-perf-2", category: "performance", text: "Indexing: Appropriate indexes for access patterns?", severity: "high", triggers: ["index", "search", "filter"] },
+      { id: "data-perf-3", category: "performance", text: "Compression: Storage optimized with compression?", severity: "medium", triggers: ["compress", "storage", "size"] },
+      { id: "data-perf-4", category: "performance", text: "Caching: Frequently accessed data cached?", severity: "medium", triggers: ["cache", "frequent", "hot"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Data
+
+Before finalizing, verify each applicable item:
+
+**Data Quality** (HIGH)
+- [ ] Schema validation: Conforms to expected schema?
+- [ ] Null handling: Missing values handled?
+- [ ] Duplicates: Deduplication in place?
+- [ ] Freshness: Data SLAs defined?
+
+**Pipeline** (HIGH)
+- [ ] Idempotency: Safe to re-run?
+- [ ] Error handling: Failed records captured?
+- [ ] Backfill: Historical reprocessing possible?
+- [ ] Monitoring: Pipeline health visible?
+
+**Governance** (CRITICAL-HIGH)
+- [ ] Lineage: Origin and transforms documented?
+- [ ] Privacy: PII identified and protected?
+- [ ] Retention: Lifecycle policies defined?
+- [ ] Access control: Properly restricted?
+
+**Performance** (HIGH)
+- [ ] Partitioning: Query-efficient partitions?
+- [ ] Indexing: Appropriate indexes?
+- [ ] Compression: Storage optimized?
+- [ ] Caching: Hot data cached?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var PRODUCT_CHECKLIST = {
+  id: "product",
+  name: "Product Checklist",
+  role: "Product Manager",
+  categories: {
+    requirements: [
+      { id: "prod-req-1", category: "requirements", text: "User problem: Is the problem clearly defined?", severity: "critical", triggers: ["user", "problem", "pain"] },
+      { id: "prod-req-2", category: "requirements", text: "Success criteria: How will we measure success?", severity: "high", triggers: ["success", "metric", "kpi"] },
+      { id: "prod-req-3", category: "requirements", text: "Scope: Is scope clearly bounded?", severity: "high", triggers: ["scope", "feature", "requirement"] },
+      { id: "prod-req-4", category: "requirements", text: 'Acceptance criteria: What defines "done"?', severity: "high", triggers: ["done", "accept", "criteria"] }
+    ],
+    stakeholders: [
+      { id: "prod-stake-1", category: "stakeholders", text: "Alignment: Key stakeholders aligned on approach?", severity: "high", triggers: ["stakeholder", "team", "align"] },
+      { id: "prod-stake-2", category: "stakeholders", text: "Dependencies: Cross-team dependencies identified?", severity: "medium", triggers: ["dependency", "team", "coordinate"] },
+      { id: "prod-stake-3", category: "stakeholders", text: "Communication: Rollout communication planned?", severity: "medium", triggers: ["communicate", "announce", "rollout"] },
+      { id: "prod-stake-4", category: "stakeholders", text: "Feedback: User feedback collection planned?", severity: "medium", triggers: ["feedback", "user", "research"] }
+    ],
+    delivery: [
+      { id: "prod-del-1", category: "delivery", text: "Timeline: Realistic timeline established?", severity: "high", triggers: ["timeline", "deadline", "schedule"] },
+      { id: "prod-del-2", category: "delivery", text: "Risks: Key risks identified and mitigated?", severity: "high", triggers: ["risk", "blocker", "issue"] },
+      { id: "prod-del-3", category: "delivery", text: "MVP: Minimum viable scope defined?", severity: "high", triggers: ["mvp", "minimum", "viable"] },
+      { id: "prod-del-4", category: "delivery", text: "Rollback: Can we undo if issues arise?", severity: "medium", triggers: ["rollback", "undo", "revert"] }
+    ]
+  },
+  template: `## DOMAIN CHECKLIST: Product
+
+Before finalizing, verify each applicable item:
+
+**Requirements** (CRITICAL-HIGH)
+- [ ] User problem: Problem clearly defined?
+- [ ] Success criteria: How measured?
+- [ ] Scope: Clearly bounded?
+- [ ] Acceptance criteria: What defines "done"?
+
+**Stakeholders** (HIGH-MEDIUM)
+- [ ] Alignment: Key stakeholders aligned?
+- [ ] Dependencies: Cross-team deps identified?
+- [ ] Communication: Rollout planned?
+- [ ] Feedback: Collection planned?
+
+**Delivery** (HIGH)
+- [ ] Timeline: Realistic?
+- [ ] Risks: Identified and mitigated?
+- [ ] MVP: Minimum scope defined?
+- [ ] Rollback: Can undo if needed?
+
+Mark items as [x] when verified, or note [N/A] if not applicable.
+Flag any concerns with [RISK].
+`
+};
+var NONE_CHECKLIST = {
+  id: "none",
+  name: "No Checklist",
+  role: "General",
+  categories: {},
+  template: ""
+};
+var CHECKLISTS = {
+  backend: BACKEND_CHECKLIST,
+  frontend: FRONTEND_CHECKLIST,
+  security: SECURITY_CHECKLIST,
+  quality: QUALITY_CHECKLIST,
+  architecture: ARCHITECTURE_CHECKLIST,
+  devops: DEVOPS_CHECKLIST,
+  data: DATA_CHECKLIST,
+  product: PRODUCT_CHECKLIST,
+  none: NONE_CHECKLIST
+};
+function getRoleChecklist(type) {
+  const checklist = CHECKLISTS[type];
+  if (!checklist) {
+    throw new Error(`Unknown checklist type: ${type}`);
+  }
+  return checklist;
+}
+function getChecklistTemplate(type) {
+  return getRoleChecklist(type).template;
+}
+function applyChecklistOverrides(type, overrides) {
+  let template = getChecklistTemplate(type);
+  if (overrides.remove && overrides.remove.length > 0) {
+    for (const item of overrides.remove) {
+      const regex = new RegExp(`^- \\[ \\] .*${item}.*$`, "gm");
+      template = template.replace(regex, "");
+    }
+    template = template.replace(/\n\n+/g, "\n\n");
+  }
+  if (overrides.add && overrides.add.length > 0) {
+    const customSection = `
+**Custom Checks**
+${overrides.add.map((item) => `- [ ] ${item}`).join("\n")}
+`;
+    template = template.replace(/Mark items as \[x\]/, customSection + "\nMark items as [x]");
+  }
+  return template;
+}
+
+// src/agents/cognitive/output-contracts.ts
+init_esm_shims();
+var STANDARD_SECTIONS = [
+  {
+    name: "Context",
+    required: true,
+    description: "What was understood about the task",
+    format: `**Context**
+- Goal: [restated objective in your own words]
+- Constraints: [key limitations or requirements]
+- Assumptions: [what was assumed - be explicit]`
+  },
+  {
+    name: "Plan",
+    required: true,
+    description: "What will be/was done",
+    format: `**Plan**
+1. [Step 1]
+2. [Step 2]
+3. [Step 3]
+...
+(For trivial tasks: "Plan: Single-step execution")`
+  },
+  {
+    name: "Actions",
+    required: true,
+    description: "What was actually done",
+    format: `**Actions**
+- [Action 1]: \`path/to/file.ts:line\` - [brief description]
+- [Action 2]: \`path/to/file.ts:line\` - [brief description]
+- [Command run]: \`pnpm test\` - [result summary]
+...`
+  },
+  {
+    name: "Verification",
+    required: true,
+    description: "How the work was validated",
+    format: `**Verification**
+- Validated:
+  - [x] [What was tested/checked]
+  - [x] [Another validation]
+- Commands run:
+  - \`pnpm typecheck\` - [result]
+  - \`pnpm test path/to/test\` - [result]
+- Gaps (not validated):
+  - [ ] [What was NOT tested and why]`
+  },
+  {
+    name: "Risks",
+    required: true,
+    description: "What could go wrong or needs attention",
+    format: `**Risks**
+- [Risk 1]: [SEVERITY: LOW/MEDIUM/HIGH/CRITICAL] - [mitigation or note]
+- [Risk 2]: [SEVERITY] - [mitigation or note]
+(If none: "Risks: None identified for this change")`
+  },
+  {
+    name: "Next Steps",
+    required: true,
+    description: "What should happen after this",
+    format: `**Next Steps**
+- [ ] [Recommended action 1]
+- [ ] [Recommended action 2]
+(If complete: "Next Steps: Ready for review/merge")`
+  }
+];
+var FAILURE_SECTIONS = [
+  {
+    name: "Failure",
+    required: true,
+    description: "What failed and why",
+    format: `**Failure**
+- What failed: [description of the failure]
+- Root cause: [analysis of why it failed]
+- Attempted recovery: [what was tried to fix it]
+- Blocked: [yes/no] - [what's needed to proceed]`
+  }
+];
+var STANDARD_CONTRACT = {
+  id: "standard",
+  name: "Standard Output",
+  description: "Full structured output with all sections for complete transparency",
+  sections: STANDARD_SECTIONS,
+  failureSections: FAILURE_SECTIONS,
+  template: `## OUTPUT FORMAT
+
+Structure your response with these sections:
+
+**Context**
+- Goal: [restated objective]
+- Constraints: [key limitations]
+- Assumptions: [what was assumed]
+
+**Plan**
+1. [Step 1]
+2. [Step 2]
+(For trivial tasks: "Plan: Single-step execution")
+
+**Actions**
+- [Action]: \`path/to/file.ts:line\` - [description]
+- [Command]: \`command\` - [result]
+
+**Verification**
+- Validated:
+  - [x] [What was tested]
+- Commands: \`pnpm typecheck\`, \`pnpm test\`
+- Gaps: [What was NOT tested]
+
+**Risks**
+- [Risk]: [SEVERITY] - [mitigation]
+(If none: "Risks: None identified")
+
+**Next Steps**
+- [ ] [Action item]
+(If complete: "Ready for review")
+
+---
+
+**If something fails, add:**
+
+**Failure**
+- What failed: [description]
+- Root cause: [analysis]
+- Attempted recovery: [what was tried]
+- Blocked: [yes/no, what's needed]
+`
+};
+var MINIMAL_SECTIONS = [
+  {
+    name: "Done",
+    required: true,
+    description: "What was done",
+    format: `**Done**
+- [Action]: \`file:line\``
+  },
+  {
+    name: "Verified",
+    required: true,
+    description: "How it was verified",
+    format: `**Verified**: [command or check]`
+  },
+  {
+    name: "Note",
+    required: false,
+    description: "Any important notes",
+    format: `**Note**: [anything important]`
+  }
+];
+var MINIMAL_CONTRACT = {
+  id: "minimal",
+  name: "Minimal Output",
+  description: "Condensed output for simple tasks",
+  sections: MINIMAL_SECTIONS,
+  template: `## OUTPUT FORMAT (MINIMAL)
+
+For simple tasks, use this condensed format:
+
+**Done**
+- [Action]: \`file:line\`
+
+**Verified**: [command or "visual check"]
+
+**Note**: [anything important, or omit if none]
+`
+};
+var DETAILED_SECTIONS = [
+  ...STANDARD_SECTIONS,
+  {
+    name: "Options Considered",
+    required: false,
+    description: "Alternatives that were evaluated",
+    format: `**Options Considered**
+| Option | Pros | Cons | Why Chosen/Rejected |
+|--------|------|------|---------------------|
+| [Option 1] | [pros] | [cons] | [rationale] |
+| [Option 2] | [pros] | [cons] | [rationale] |`
+  },
+  {
+    name: "Dependencies",
+    required: false,
+    description: "Dependencies and related changes",
+    format: `**Dependencies**
+- Upstream: [what this depends on]
+- Downstream: [what depends on this]
+- Related: [related tickets/PRs]`
+  },
+  {
+    name: "Rollback Plan",
+    required: false,
+    description: "How to undo if needed",
+    format: `**Rollback Plan**
+1. [Step to revert]
+2. [Step to verify revert]`
+  }
+];
+var DETAILED_CONTRACT = {
+  id: "detailed",
+  name: "Detailed Output",
+  description: "Extended output for complex tasks requiring more documentation",
+  sections: DETAILED_SECTIONS,
+  failureSections: FAILURE_SECTIONS,
+  template: `## OUTPUT FORMAT (DETAILED)
+
+For complex tasks, use this extended format:
+
+**Context**
+- Goal: [restated objective]
+- Constraints: [key limitations]
+- Assumptions: [what was assumed]
+
+**Options Considered** (if applicable)
+| Option | Pros | Cons | Decision |
+|--------|------|------|----------|
+| [Option 1] | [pros] | [cons] | [Chosen/Rejected: why] |
+
+**Plan**
+1. [Step 1]
+2. [Step 2]
+
+**Actions**
+- [Action]: \`path/to/file.ts:line\` - [description]
+- [Command]: \`command\` - [result]
+
+**Verification**
+- Validated:
+  - [x] [What was tested]
+- Commands: \`pnpm typecheck\`, \`pnpm test\`
+- Gaps: [What was NOT tested]
+
+**Dependencies** (if applicable)
+- Upstream: [what this depends on]
+- Downstream: [what depends on this]
+
+**Risks**
+- [Risk]: [SEVERITY] - [mitigation]
+
+**Rollback Plan** (if applicable)
+1. [How to undo]
+
+**Next Steps**
+- [ ] [Action item]
+`
+};
+var CONTRACTS = {
+  standard: STANDARD_CONTRACT,
+  minimal: MINIMAL_CONTRACT,
+  detailed: DETAILED_CONTRACT
+};
+function getOutputContract(type) {
+  const contract = CONTRACTS[type];
+  if (!contract) {
+    throw new Error(`Unknown output contract: ${type}`);
+  }
+  return contract;
+}
+function getContractTemplate(type) {
+  return getOutputContract(type).template;
+}
+
+// src/agents/cognitive/uncertainty-protocol.ts
+init_esm_shims();
+var ASK_FIRST_PROTOCOL = {
+  id: "ask_first",
+  name: "Ask First",
+  askWhen: [
+    "Requirements are ambiguous or could be interpreted multiple ways",
+    "Security or data implications require explicit authorization",
+    "Change scope significantly exceeds the original request",
+    "Irreversible actions are required (delete, migrate, deploy to production)",
+    "You need access to resources, credentials, or information not available",
+    "Multiple valid approaches exist and user preference is unknown",
+    "The task involves user-facing changes where UX matters",
+    "You are making assumptions about business logic"
+  ],
+  proceedWhen: [
+    "The request is completely unambiguous",
+    "You are applying a well-documented standard or best practice",
+    "The change is trivial and easily reversible"
+  ],
+  assumptionFormat: `**Clarification Needed**
+
+Before proceeding, I need to clarify:
+
+1. [Question 1 - be specific about what you need to know]
+2. [Question 2 - if applicable]
+
+This will help ensure I deliver exactly what you need.`,
+  template: `## UNCERTAINTY HANDLING (ASK FIRST)
+
+**Default behavior**: Ask for clarification when uncertain.
+
+**Ask when** (any of these apply):
+- Requirements could be interpreted multiple ways
+- Security or data implications exist
+- Change scope exceeds original request
+- Irreversible actions required
+- Multiple valid approaches exist
+- Business logic assumptions needed
+
+**Only proceed without asking when**:
+- Request is completely unambiguous
+- Applying documented standard/best practice
+- Change is trivial and reversible
+
+**When asking, use this format:**
+
+**Clarification Needed**
+
+Before proceeding, I need to clarify:
+
+1. [Specific question]
+2. [Specific question if needed]
+
+This ensures I deliver exactly what you need.
+
+---
+
+**Confidence Tagging**: Tag recommendations with confidence level.
+- **[HIGH]**: Well-established pattern, verified approach
+- **[MEDIUM]**: Reasonable approach, some assumptions
+- **[LOW]**: Exploratory, needs validation
+`
+};
+var PROCEED_PROTOCOL = {
+  id: "proceed_with_assumptions",
+  name: "Proceed With Assumptions",
+  askWhen: [
+    "Security-critical decisions require explicit authorization",
+    "Irreversible actions that cannot be undone (data deletion, production deploy)",
+    "Change would break existing functionality or APIs",
+    "You are completely blocked and cannot make progress"
+  ],
+  proceedWhen: [
+    "Best practice clearly applies to the situation",
+    "Change is safely reversible (can be undone easily)",
+    "Scope is well-defined and bounded",
+    "Similar patterns exist in the codebase",
+    "You can make reasonable assumptions based on context",
+    "The risk of proceeding is low"
+  ],
+  assumptionFormat: `**Assumptions Made**
+
+I proceeded with these assumptions:
+- [Assumption 1]: [rationale for this assumption]
+- [Assumption 2]: [rationale]
+
+If any are incorrect, let me know and I'll adjust.`,
+  template: `## UNCERTAINTY HANDLING (PROCEED WITH ASSUMPTIONS)
+
+**Default behavior**: Proceed and document assumptions.
+
+**Only stop and ask when**:
+- Security-critical decisions need authorization
+- Irreversible actions that cannot be undone
+- Change would break existing functionality
+- Completely blocked with no path forward
+
+**Proceed (with documented assumptions) when**:
+- Best practice clearly applies
+- Change is safely reversible
+- Similar patterns exist in codebase
+- Reasonable assumptions can be made
+- Risk of proceeding is low
+
+**When proceeding with assumptions:**
+
+**Assumptions Made**
+
+I proceeded with these assumptions:
+- [Assumption 1]: [rationale]
+- [Assumption 2]: [rationale]
+
+If any are incorrect, let me know and I'll adjust.
+
+---
+
+**Confidence Tagging**: Tag recommendations with confidence level.
+- **[HIGH]**: Well-established pattern, verified approach
+- **[MEDIUM]**: Reasonable approach, some assumptions
+- **[LOW]**: Exploratory, needs validation
+`
+};
+var BALANCED_PROTOCOL = {
+  id: "balanced",
+  name: "Balanced",
+  askWhen: [
+    "Security implications exist (auth, data access, secrets)",
+    "Data integrity could be affected (migrations, deletions, updates)",
+    "Irreversible actions are involved",
+    "User explicitly requested confirmation before changes",
+    "Multiple fundamentally different approaches exist",
+    "You are unsure which of several options the user would prefer",
+    "The scope is larger than expected (> 2x original estimate)"
+  ],
+  proceedWhen: [
+    "Clear best practice applies",
+    "Change is low-risk and reversible",
+    "You have high confidence in the approach",
+    "Similar pattern exists in codebase",
+    "Scope is well-defined and matches expectations",
+    "Edge cases are handled or documented"
+  ],
+  assumptionFormat: `**Assumptions**
+- [Assumption]: [brief rationale]
+
+Proceeding with the above assumptions. Correct me if any are wrong.`,
+  template: `## UNCERTAINTY HANDLING (BALANCED)
+
+**Default behavior**: Use risk-based judgment.
+
+**Stop and ask when** (HIGH RISK):
+- Security implications (auth, data, secrets)
+- Data integrity at risk (migrations, deletions)
+- Irreversible actions involved
+- User requested confirmation
+- Scope significantly larger than expected
+- Multiple fundamentally different approaches
+
+**Proceed with documented assumptions when** (LOW RISK):
+- Clear best practice applies
+- Change is low-risk and reversible
+- High confidence in approach
+- Similar pattern in codebase
+- Scope matches expectations
+
+**When proceeding with assumptions:**
+
+**Assumptions**
+- [Assumption]: [brief rationale]
+
+Proceeding with the above. Correct me if any are wrong.
+
+---
+
+**Risk Assessment Quick Check**:
+Before deciding to ask vs proceed, consider:
+1. What's the worst case if I'm wrong? (severity)
+2. How likely is it that I'm wrong? (probability)
+3. Can it be easily undone? (reversibility)
+
+If severity HIGH or probability HIGH and reversibility LOW \u2192 ASK
+Otherwise \u2192 PROCEED with documented assumptions
+
+---
+
+**Confidence Tagging**: Tag recommendations with confidence level.
+- **[HIGH]**: Well-established pattern, verified approach
+- **[MEDIUM]**: Reasonable approach, some assumptions
+- **[LOW]**: Exploratory, needs validation
+`
+};
+var PROTOCOLS = {
+  ask_first: ASK_FIRST_PROTOCOL,
+  proceed_with_assumptions: PROCEED_PROTOCOL,
+  balanced: BALANCED_PROTOCOL
+};
+function getUncertaintyProtocol(mode) {
+  const protocol = PROTOCOLS[mode];
+  if (!protocol) {
+    throw new Error(`Unknown uncertainty mode: ${mode}`);
+  }
+  return protocol;
+}
+function getProtocolTemplate(mode) {
+  return getUncertaintyProtocol(mode).template;
+}
+
+// src/agents/cognitive/prompt-composer.ts
+function estimateTokens(text) {
+  return Math.ceil(text.length / 4);
+}
+function cleanPersonaSection(basePrompt) {
+  let cleaned = basePrompt;
+  cleaned = cleaned.replace(
+    /Your thinking patterns:[\s\S]*?(?=\n\n|\n##|\n\*\*[A-Z]|$)/gi,
+    ""
+  );
+  cleaned = cleaned.replace(
+    /Thinking patterns:[\s\S]*?(?=\n\n|\n##|\n\*\*[A-Z]|$)/gi,
+    ""
+  );
+  cleaned = cleaned.replace(
+    /## Thinking Patterns[\s\S]*?(?=\n##|$)/gi,
+    ""
+  );
+  const lines = cleaned.split("\n");
+  const seenCommunicationStyle = /* @__PURE__ */ new Set();
+  const dedupedLines = lines.filter((line) => {
+    if (line.trim().startsWith("Communication style:")) {
+      const key = line.trim();
+      if (seenCommunicationStyle.has(key)) {
+        return false;
+      }
+      seenCommunicationStyle.add(key);
+    }
+    return true;
+  });
+  cleaned = dedupedLines.join("\n");
+  cleaned = cleaned.replace(/\n{3,}/g, "\n\n");
+  return cleaned.trim();
+}
+function formatRepoContext(context) {
+  const lines = ["**Repository Context**"];
+  if (context.packageManager) {
+    lines.push(`- Package manager: ${context.packageManager}`);
+  }
+  if (context.moduleSystem) {
+    lines.push(`- Module system: ${context.moduleSystem}`);
+  }
+  if (context.testFramework) {
+    lines.push(`- Test framework: ${context.testFramework}`);
+  }
+  if (context.tempDir) {
+    lines.push(`- Temp directory: ${context.tempDir}`);
+  }
+  if (context.rules && context.rules.length > 0) {
+    lines.push("- Additional rules:");
+    for (const rule of context.rules) {
+      lines.push(`  - ${rule}`);
+    }
+  }
+  return lines.join("\n");
+}
+function composePrompt(options) {
+  const { basePrompt, config, additionalContext, repoContext } = options;
+  const sections = [];
+  const personaSection = cleanPersonaSection(basePrompt);
+  if (personaSection) {
+    sections.push(personaSection);
+  }
+  if (repoContext) {
+    sections.push(formatRepoContext(repoContext));
+  }
+  if (additionalContext) {
+    sections.push(additionalContext);
+  }
+  const scaffoldTemplate = getScaffoldTemplate(config.scaffold);
+  sections.push(scaffoldTemplate);
+  if (config.checklist !== "none") {
+    let checklistTemplate = getChecklistTemplate(config.checklist);
+    if (config.checklistOverrides) {
+      checklistTemplate = applyChecklistOverrides(config.checklist, config.checklistOverrides);
+    }
+    if (config.customChecklist && config.customChecklist.length > 0) {
+      const customSection = `
+**Custom Checks**
+${config.customChecklist.map((item) => `- [ ] ${item}`).join("\n")}
+`;
+      checklistTemplate = checklistTemplate.replace(
+        /Mark items as \[x\]/,
+        customSection + "\nMark items as [x]"
+      );
+    }
+    sections.push(checklistTemplate);
+  }
+  const contractTemplate = getContractTemplate(config.outputContract);
+  sections.push(contractTemplate);
+  const protocolTemplate = getProtocolTemplate(config.uncertaintyMode);
+  sections.push(protocolTemplate);
+  const fullText = sections.join("\n\n---\n\n");
+  return {
+    text: fullText,
+    components: {
+      persona: !!personaSection,
+      scaffold: config.scaffold,
+      checklist: config.checklist,
+      outputContract: config.outputContract,
+      uncertainty: config.uncertaintyMode
+    },
+    estimatedTokens: estimateTokens(fullText)
+  };
+}
+var AUTOMATOSX_REPO_CONTEXT = {
+  packageManager: "pnpm",
+  moduleSystem: "ESM (strict, with .js extensions)",
+  testFramework: "Vitest",
+  tempDir: "automatosx/tmp/",
+  rules: [
+    "Use explicit .js extensions in imports",
+    "Store temporary files in automatosx/tmp/",
+    "Store PRD files in automatosx/PRD/",
+    "Follow existing patterns in codebase"
+  ]
+};
+
+// src/types/cognitive.ts
+init_esm_shims();
+var DEFAULT_COGNITIVE_CONFIG = {
+  scaffold: "prover",
+  checklist: "none",
+  outputContract: "standard",
+  uncertaintyMode: "balanced"
+};
+
 // src/agents/profile-loader.ts
 var ProfileLoader = class {
   profilesDir;
@@ -14007,6 +15377,75 @@ var ProfileLoader = class {
     }
     return void 0;
   }
+  /**
+   * Compose cognitive prompt for an agent
+   * v13.0.0+: Assembles the full prompt with reasoning scaffold, checklist, etc.
+   *
+   * @param agentName - Agent name or displayName
+   * @param overrideConfig - Optional config overrides
+   * @returns Composed prompt with all cognitive framework components
+   */
+  async composeAgentPrompt(agentName, overrideConfig) {
+    const profile = await this.loadProfile(agentName);
+    let config = profile.cognitiveFramework ? { ...profile.cognitiveFramework } : this.inferCognitiveConfig(profile);
+    if (overrideConfig) {
+      config = { ...config, ...overrideConfig };
+    }
+    const composed = composePrompt({
+      basePrompt: profile.systemPrompt,
+      config,
+      repoContext: AUTOMATOSX_REPO_CONTEXT
+    });
+    logger.debug("Composed cognitive prompt", {
+      agent: agentName,
+      scaffold: config.scaffold,
+      checklist: config.checklist,
+      outputContract: config.outputContract,
+      estimatedTokens: composed.estimatedTokens
+    });
+    return composed;
+  }
+  /**
+   * Infer cognitive config from agent profile when not explicitly specified
+   * v13.0.0+: Smart defaults based on agent role and abilities
+   */
+  inferCognitiveConfig(profile) {
+    const role = profile.role.toLowerCase();
+    const name = profile.name.toLowerCase();
+    let checklist = "none";
+    if (role.includes("backend") || name === "backend" || role.includes("api")) {
+      checklist = "backend";
+    } else if (role.includes("frontend") || name === "frontend" || role.includes("ui")) {
+      checklist = "frontend";
+    } else if (role.includes("security") || name === "security") {
+      checklist = "security";
+    } else if (role.includes("qa") || role.includes("quality") || name === "quality" || role.includes("test")) {
+      checklist = "quality";
+    } else if (role.includes("architect") || name === "architecture") {
+      checklist = "architecture";
+    } else if (role.includes("devops") || name === "devops" || role.includes("infrastructure")) {
+      checklist = "devops";
+    } else if (role.includes("data") || name === "data" || role.includes("pipeline")) {
+      checklist = "data";
+    } else if (role.includes("product") || name === "product") {
+      checklist = "product";
+    }
+    return {
+      ...DEFAULT_COGNITIVE_CONFIG,
+      checklist
+    };
+  }
+  /**
+   * Get the composed system prompt for an agent
+   * v13.0.0+: Convenience method that returns just the prompt text
+   *
+   * @param agentName - Agent name or displayName
+   * @returns Full composed prompt text
+   */
+  async getComposedPrompt(agentName) {
+    const composed = await this.composeAgentPrompt(agentName);
+    return composed.text;
+  }
 };
 
 // src/core/team-manager.ts