@deftai/directive-content 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. package/.agents/skills/deft/SKILL.md +6 -0
  2. package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
  3. package/.agents/skills/deft-directive-build/SKILL.md +10 -0
  4. package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
  5. package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
  6. package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
  7. package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
  8. package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
  9. package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
  10. package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
  11. package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
  12. package/.agents/skills/deft-directive-release/SKILL.md +12 -0
  13. package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
  14. package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
  15. package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
  16. package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
  17. package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
  18. package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
  19. package/LICENSE.md +22 -0
  20. package/QUICK-START.md +167 -0
  21. package/UPGRADING.md +517 -0
  22. package/coding/build-output.md +28 -0
  23. package/coding/coding.md +235 -0
  24. package/coding/debugging.md +110 -0
  25. package/coding/holzmann.md +96 -0
  26. package/coding/hygiene.md +127 -0
  27. package/coding/security.md +158 -0
  28. package/coding/testing.md +162 -0
  29. package/coding/toolchain.md +44 -0
  30. package/commands.md +300 -0
  31. package/context/context.md +57 -0
  32. package/context/deterministic-split.md +67 -0
  33. package/context/examples.md +26 -0
  34. package/context/fractal-summaries.md +69 -0
  35. package/context/long-horizon.md +46 -0
  36. package/context/spec-deltas.md +177 -0
  37. package/context/tool-design.md +34 -0
  38. package/context/working-memory.md +62 -0
  39. package/contracts/boundary-maps.md +65 -0
  40. package/contracts/deterministic-questions.md +59 -0
  41. package/contracts/hierarchy.md +77 -0
  42. package/conventions/content-manifest.json +399 -0
  43. package/conventions/machine-generated-banner.md +130 -0
  44. package/conventions/references.md +120 -0
  45. package/conventions/rule-ownership.json +382 -0
  46. package/conventions/task-caching.md +43 -0
  47. package/conventions/vbrief-filenames.md +70 -0
  48. package/deployments/README.md +37 -0
  49. package/deployments/agentuity/README.md +138 -0
  50. package/deployments/agentuity/via-cli.md +380 -0
  51. package/deployments/agentuity/via-cloud.md +425 -0
  52. package/deployments/agentuity/via-github-actions.md +664 -0
  53. package/deployments/agentuity/via-gravity-network.md +606 -0
  54. package/deployments/agentuity/via-vpc.md +607 -0
  55. package/deployments/aws/README.md +38 -0
  56. package/deployments/aws/via-app-runner.md +612 -0
  57. package/deployments/aws/via-ecs-fargate.md +561 -0
  58. package/deployments/aws/via-elastic-beanstalk.md +628 -0
  59. package/deployments/aws/via-lambda.md +649 -0
  60. package/deployments/azure/README.md +37 -0
  61. package/deployments/azure/via-aks.md +390 -0
  62. package/deployments/azure/via-app-service.md +564 -0
  63. package/deployments/azure/via-container-apps.md +599 -0
  64. package/deployments/azure/via-functions.md +552 -0
  65. package/deployments/cloud-gov/README.md +63 -0
  66. package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
  67. package/deployments/cloud-gov/agents.md +39 -0
  68. package/deployments/cloud-gov/cicd.md +64 -0
  69. package/deployments/cloud-gov/deployment.md +150 -0
  70. package/deployments/cloud-gov/logging.md +43 -0
  71. package/deployments/cloud-gov/manifest.md +121 -0
  72. package/deployments/cloud-gov/overview.md +58 -0
  73. package/deployments/cloud-gov/security.md +46 -0
  74. package/deployments/cloud-gov/services.md +72 -0
  75. package/deployments/cloud-gov/upstream/README.md +18 -0
  76. package/deployments/cloudflare/README.md +33 -0
  77. package/deployments/cloudflare/via-dashboard.md +83 -0
  78. package/deployments/cloudflare/via-git.md +90 -0
  79. package/deployments/cloudflare/via-github-actions.md +185 -0
  80. package/deployments/cloudflare/via-terraform.md +157 -0
  81. package/deployments/cloudflare/via-wrangler.md +165 -0
  82. package/deployments/fly-io/README.md +37 -0
  83. package/deployments/fly-io/via-dockerfile.md +648 -0
  84. package/deployments/fly-io/via-flyctl.md +653 -0
  85. package/deployments/fly-io/via-github-actions.md +695 -0
  86. package/deployments/fly-io/via-multi-region.md +598 -0
  87. package/deployments/google/README.md +34 -0
  88. package/deployments/google/via-app-engine.md +42 -0
  89. package/deployments/google/via-cloud-functions.md +23 -0
  90. package/deployments/google/via-cloud-run.md +330 -0
  91. package/deployments/google/via-gke.md +23 -0
  92. package/deployments/netlify/README.md +99 -0
  93. package/deployments/netlify/via-cli.md +17 -0
  94. package/deployments/netlify/via-functions.md +19 -0
  95. package/deployments/netlify/via-git.md +25 -0
  96. package/deployments/vercel/README.md +90 -0
  97. package/deployments/vercel/via-api.md +16 -0
  98. package/deployments/vercel/via-cli.md +17 -0
  99. package/deployments/vercel/via-git.md +24 -0
  100. package/docs/BROWNFIELD.md +179 -0
  101. package/docs/getting-started.md +137 -0
  102. package/docs/good-agents-md.md +137 -0
  103. package/events/README.md +89 -0
  104. package/events/event-record.schema.json +26 -0
  105. package/events/registry.json +166 -0
  106. package/events/registry.schema.json +71 -0
  107. package/glossary.md +145 -0
  108. package/incidents/README.md +81 -0
  109. package/incidents/_template.md +38 -0
  110. package/interfaces/cli.md +104 -0
  111. package/interfaces/rest.md +212 -0
  112. package/interfaces/tui.md +242 -0
  113. package/interfaces/web.md +123 -0
  114. package/languages/6502-DASM.md +132 -0
  115. package/languages/c.md +235 -0
  116. package/languages/commands.md +23 -0
  117. package/languages/cpp.md +132 -0
  118. package/languages/csharp.md +259 -0
  119. package/languages/dart.md +183 -0
  120. package/languages/delphi.md +218 -0
  121. package/languages/elixir.md +208 -0
  122. package/languages/go.md +78 -0
  123. package/languages/java.md +278 -0
  124. package/languages/javascript.md +163 -0
  125. package/languages/julia.md +175 -0
  126. package/languages/kotlin.md +193 -0
  127. package/languages/markdown.md +168 -0
  128. package/languages/mermaid.md +146 -0
  129. package/languages/officejs.md +392 -0
  130. package/languages/python.md +209 -0
  131. package/languages/r.md +163 -0
  132. package/languages/rust.md +216 -0
  133. package/languages/sql.md +216 -0
  134. package/languages/swift.md +153 -0
  135. package/languages/typescript.md +132 -0
  136. package/languages/vba.md +279 -0
  137. package/languages/vhdl.md +180 -0
  138. package/languages/visual-basic.md +151 -0
  139. package/languages/zig.md +196 -0
  140. package/meta/SOUL.md +27 -0
  141. package/meta/code-field.md +44 -0
  142. package/meta/morals.md +40 -0
  143. package/meta/philosophy.md +39 -0
  144. package/meta/project.md +49 -0
  145. package/meta/ralph.md +223 -0
  146. package/meta/security.md +80 -0
  147. package/meta/versioning.md +326 -0
  148. package/package.json +22 -0
  149. package/packs/lessons/lessons-pack-0.1.json +553 -0
  150. package/packs/patterns/patterns-pack-0.1.json +57 -0
  151. package/packs/rules/rules-pack-0.1.json +4767 -0
  152. package/packs/skills/skills-pack-0.1.json +262 -0
  153. package/packs/strategies/strategies-pack-0.1.json +167 -0
  154. package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
  155. package/patterns/executor-layer-credentials.md +227 -0
  156. package/patterns/llm-app.md +156 -0
  157. package/patterns/multi-agent.md +278 -0
  158. package/patterns/prompt-assembly-layer-ordering.md +154 -0
  159. package/patterns/role-as-overlay.md +179 -0
  160. package/platforms/2600.md +137 -0
  161. package/platforms/unity.md +329 -0
  162. package/references/composer-skill-porting.md +152 -0
  163. package/references/cost-models.md +163 -0
  164. package/references/ip-risk.md +246 -0
  165. package/references/plain-english-ux.md +275 -0
  166. package/resilience/context-pruning.md +67 -0
  167. package/resilience/continue-here.md +62 -0
  168. package/scm/changelog.md +276 -0
  169. package/scm/git.md +139 -0
  170. package/scm/github.md +265 -0
  171. package/secrets/.gitkeep +0 -0
  172. package/skills/deft-build/SKILL.md +20 -0
  173. package/skills/deft-directive-article-review/SKILL.md +156 -0
  174. package/skills/deft-directive-build/SKILL.md +302 -0
  175. package/skills/deft-directive-cost/SKILL.md +201 -0
  176. package/skills/deft-directive-debug/SKILL.md +140 -0
  177. package/skills/deft-directive-decompose/SKILL.md +96 -0
  178. package/skills/deft-directive-gh-arch/SKILL.md +160 -0
  179. package/skills/deft-directive-gh-slice/SKILL.md +199 -0
  180. package/skills/deft-directive-glossary/SKILL.md +118 -0
  181. package/skills/deft-directive-interview/SKILL.md +528 -0
  182. package/skills/deft-directive-pre-pr/SKILL.md +131 -0
  183. package/skills/deft-directive-probe/SKILL.md +127 -0
  184. package/skills/deft-directive-refinement/SKILL.md +403 -0
  185. package/skills/deft-directive-release/SKILL.md +266 -0
  186. package/skills/deft-directive-review-cycle/SKILL.md +401 -0
  187. package/skills/deft-directive-setup/SKILL.md +717 -0
  188. package/skills/deft-directive-swarm/SKILL.md +989 -0
  189. package/skills/deft-directive-sync/SKILL.md +288 -0
  190. package/skills/deft-directive-triage/SKILL.md +137 -0
  191. package/skills/deft-directive-write-skill/SKILL.md +169 -0
  192. package/skills/deft-interview/SKILL.md +16 -0
  193. package/skills/deft-pre-pr/SKILL.md +16 -0
  194. package/skills/deft-review-cycle/SKILL.md +16 -0
  195. package/skills/deft-roadmap-refresh/SKILL.md +16 -0
  196. package/skills/deft-setup/SKILL.md +20 -0
  197. package/skills/deft-swarm/SKILL.md +16 -0
  198. package/skills/deft-sync/SKILL.md +16 -0
  199. package/strategies/README.md +83 -0
  200. package/strategies/artifact-guards.md +85 -0
  201. package/strategies/bdd.md +115 -0
  202. package/strategies/brownfield.md +7 -0
  203. package/strategies/discuss.md +129 -0
  204. package/strategies/emit-hints.md +69 -0
  205. package/strategies/enterprise.md +193 -0
  206. package/strategies/interview.md +551 -0
  207. package/strategies/map.md +179 -0
  208. package/strategies/probe.md +151 -0
  209. package/strategies/rapid.md +155 -0
  210. package/strategies/research.md +155 -0
  211. package/strategies/roadmap.md +9 -0
  212. package/strategies/speckit.md +437 -0
  213. package/strategies/v0-20-contract.md +134 -0
  214. package/strategies/yolo.md +169 -0
  215. package/swarm/swarm.md +300 -0
  216. package/templates/COST-ESTIMATE.md +114 -0
  217. package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
  218. package/templates/agent-prompt-preamble.md +409 -0
  219. package/templates/agents-entry.md +211 -0
  220. package/templates/agents-entry.placeholders.md +75 -0
  221. package/templates/embed.go +20 -0
  222. package/templates/embed_test.go +36 -0
  223. package/templates/make-spec-example.md +9 -0
  224. package/templates/make-spec.md +246 -0
  225. package/templates/project.md.template +52 -0
  226. package/templates/specification.md +1 -0
  227. package/templates/swarm-greptile-poller-prompt.md +556 -0
  228. package/templates/user.md.template +31 -0
  229. package/tools/RWLDL.md +80 -0
  230. package/tools/greptile.md +141 -0
  231. package/tools/installer.md +23 -0
  232. package/tools/taskfile-migration.md +32 -0
  233. package/tools/taskfile.md +185 -0
  234. package/tools/telemetry.md +285 -0
  235. package/vbrief/schemas/cache-meta.schema.json +137 -0
  236. package/vbrief/schemas/candidates.schema.json +130 -0
  237. package/vbrief/schemas/codebase-map.schema.json +213 -0
  238. package/vbrief/schemas/lessons-pack.schema.json +134 -0
  239. package/vbrief/schemas/patterns-pack.schema.json +84 -0
  240. package/vbrief/schemas/rules-pack.schema.json +105 -0
  241. package/vbrief/schemas/skills-pack.schema.json +94 -0
  242. package/vbrief/schemas/slices.schema.json +87 -0
  243. package/vbrief/schemas/strategies-pack.schema.json +89 -0
  244. package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
  245. package/vbrief/schemas/vbrief-core.schema.json +1022 -0
  246. package/vbrief/vbrief.md +684 -0
  247. package/verification/integration.md +76 -0
  248. package/verification/plan-checking.md +85 -0
  249. package/verification/uat.md +60 -0
  250. package/verification/verification.md +117 -0
@@ -0,0 +1,166 @@
1
+ {
2
+ "$schema": "./registry.schema.json",
3
+ "version": "1",
4
+ "description": "Deft framework event registry -- unified structural artifact listing every framework event in a single data file, partitioned by the required `category` enum (`detection-bound` | `behavioral`). Wired under epic #635 per the canonical #642 workflow comment, unified per the Repair Authority [AXIOM] proposal (#709) and the data-file-convention check follow-up (#710); the prior `events/behavioral.yaml` registry has been folded into this file. Detection-bound events have detectors that already exist in the framework; behavioral events require runtime instrumentation (agent emission point or script-internal capture). Each entry pins an event name, category, payload contract, detector / emission pointer, and consumer pointers. The shape of an emitted event record is governed by event-record.schema.json. Two emission helpers consume this registry: scripts/_event_detect.py for detection-bound events (validates against the full registry) and scripts/_events.py for behavioral events (validates against the behavioral subset, manages 1:1 session-pair invariants, persists to a JSONL log).",
5
+ "events": [
6
+ {
7
+ "name": "pre-cutover:detected",
8
+ "category": "detection-bound",
9
+ "description": "Pre-v0.20 legacy artifacts present at the project root: SPECIFICATION.md or PROJECT.md exist without the deft:deprecated-redirect sentinel. Indicates the project has not yet completed the vBRIEF-centric document model migration (#312, RFC #309).",
10
+ "trigger": "run::_check_upgrade_gate calls run::_detect_pre_cutover_legacy and emits when SPECIFICATION.md or PROJECT.md exist at project root without the redirect sentinel. Emission flows through scripts/_event_detect.py::emit.",
11
+ "payload": {
12
+ "project_root": "string -- absolute path to the project root scanned",
13
+ "legacy_files": "array<string> -- filenames at project root that lack the redirect sentinel"
14
+ },
15
+ "consumers": [
16
+ "skills/deft-directive-setup/SKILL.md Pre-Cutover Detection Guard -- routes the operator to task migrate:vbrief",
17
+ "run::_check_upgrade_gate -- emits a pre-v0.20 warning",
18
+ "QUICK-START.md Step 2c -- equivalent prose-encoded detection"
19
+ ]
20
+ },
21
+ {
22
+ "name": "vbrief:invalid",
23
+ "category": "detection-bound",
24
+ "description": "One or more vBRIEF files failed validator D1-D11 checks (schema, status enum, lifecycle folder mapping, filename convention, narratives, items, references) or post-migration placeholder integrity. Emitted by scripts/vbrief_validate.py on every run that surfaces errors or warnings.",
25
+ "trigger": "scripts/vbrief_validate.py validate_all collects errors and warnings across the vbrief/ tree; emits when len(errors) > 0 or len(warnings) > 0. Existing exit-code semantics (0 with warnings, 1 on errors, 1 with --warnings-as-errors) are unchanged.",
26
+ "payload": {
27
+ "vbrief_dir": "string -- absolute path to the vbrief/ directory scanned",
28
+ "error_count": "integer -- D1-D11 hard errors",
29
+ "warning_count": "integer -- D1-D11 warnings (origin missing, render staleness, deprecated placeholder)",
30
+ "errors": "array<string> -- error messages (capped at 50 to keep payload bounded)",
31
+ "warnings": "array<string> -- warning messages (capped at 50)"
32
+ },
33
+ "consumers": [
34
+ "tasks/vbrief.yml validate -- consumed via exit code today; event surface is the structured equivalent",
35
+ "Taskfile.yml check (deps: vbrief:validate) -- pre-commit gate"
36
+ ]
37
+ },
38
+ {
39
+ "name": "agents-md:stale",
40
+ "category": "detection-bound",
41
+ "description": "AGENTS.md references one or more skill paths that either do not exist on disk or contain the deft:deprecated-skill-redirect sentinel. Indicates the consumer's AGENTS.md was generated by a prior framework version and needs the QUICK-START refresh path. Detection logic codified from QUICK-START.md Step 2b prose; the canonical 200-character window is preserved verbatim.",
42
+ "trigger": "scripts/_event_detect.py::detect_agents_md_stale parses AGENTS.md for deft/skills/<name>/SKILL.md tokens, then checks each path's existence and the first 200 characters for the deprecated-skill-redirect sentinel. Emits when missing_paths or redirect_paths is non-empty.",
43
+ "payload": {
44
+ "agents_md_path": "string -- absolute path to AGENTS.md",
45
+ "missing_paths": "array<string> -- referenced skill paths absent from disk",
46
+ "redirect_paths": "array<string> -- referenced skill paths whose first 200 chars contain the deft:deprecated-skill-redirect sentinel"
47
+ },
48
+ "consumers": [
49
+ "QUICK-START.md Step 2b / Case G -- routes the operator to refresh AGENTS.md from templates/agents-entry.md",
50
+ "skills/deft-directive-sync/SKILL.md -- detects stale references during sync"
51
+ ]
52
+ },
53
+ {
54
+ "name": "version:drift",
55
+ "category": "detection-bound",
56
+ "description": "vbrief/.deft-version (or fallback project-root .deft-version) records a framework version that differs from the current run::VERSION constant. Indicates the consumer ran an older framework against this project last and may need task migrate:vbrief or .deft/core/run upgrade.",
57
+ "trigger": "run::_check_upgrade_gate compares _read_version_marker() to VERSION; emits when both are non-None and unequal. The deft-repo self-detection short-circuit (run::_running_inside_deft_repo) suppresses the gate but does not suppress the event so framework maintainers can still observe drift in test fixtures.",
58
+ "payload": {
59
+ "project_root": "string -- absolute path to the consumer project root",
60
+ "recorded_version": "string -- version read from .deft-version",
61
+ "current_version": "string -- run.VERSION (the framework version currently executing)",
62
+ "marker_path": "string -- absolute path of the .deft-version file that won the precedence rule (vbrief/.deft-version > .deft-version)"
63
+ },
64
+ "consumers": [
65
+ "run::cmd_upgrade -- writes the marker to clear drift",
66
+ "skills/deft-directive-sync/SKILL.md -- routes the operator through the upgrade flow"
67
+ ]
68
+ },
69
+ {
70
+ "name": "dirty-tree:detected",
71
+ "category": "detection-bound",
72
+ "description": "git status --porcelain reports uncommitted changes in the project root. Migration is destructive by default; the migrator refuses to run with a dirty tree unless --force is set (#497-3). The event is emitted whenever the dirty-tree guard trips so any orchestrator (skill, task, CI) can react uniformly.",
73
+ "trigger": "scripts/_vbrief_safety.py::is_tree_dirty returns True; the migrator's dirty-tree refusal call site (migrate_vbrief.migrate, line ~1169) emits before returning the canonical refusal message.",
74
+ "payload": {
75
+ "project_root": "string -- absolute path of the project root checked"
76
+ },
77
+ "consumers": [
78
+ "tasks/migrate.yml migrate:vbrief -- the gate this event annotates",
79
+ "skills/deft-directive-pre-pr/SKILL.md -- pre-PR loop already requires a clean tree before the lint phase"
80
+ ]
81
+ },
82
+ {
83
+ "name": "framework:remote-drift",
84
+ "category": "detection-bound",
85
+ "description": "The directive framework's upstream remote ships a higher semver tag than the run::VERSION currently executing in the consumer's project. Indicates the consumer's `./deft` submodule (or framework checkout) is behind upstream and a `task sync` / `git submodule update --remote --merge deft` would pull a new release. Emitted by run::_maybe_emit_remote_drift_warning (#801) only when the read-only `git ls-remote --tags --refs <upstream>` probe returns BEHIND, throttled per-tag at 24h via vbrief/.deft-remote-probe.json.",
86
+ "trigger": "run::_maybe_emit_remote_drift_warning runs the probe via _run_remote_probe (which shells out to `git ls-remote --tags --refs <upstream>` once per 24h, parses the highest semver tag, and compares it to VERSION). Emits when result.status == 'behind' AND the per-tag notification cadence allows. Honors DEFT_NO_NETWORK=1 (silent skip) and DEFT_FORCE_REMOTE_PROBE=1 (bypass throttle).",
87
+ "payload": {
88
+ "project_root": "string -- absolute path of the consumer project root scanned",
89
+ "current_version": "string -- run.VERSION currently executing",
90
+ "remote_version": "string -- highest semver tag visible on the upstream remote (with leading `v` preserved)",
91
+ "upstream_url": "string -- upstream remote URL the probe consulted (origin of ./deft submodule, or origin of the run-rooted repo)",
92
+ "commits_behind": "integer | null -- number of commits the consumer is behind upstream when computable, null when the probe cannot determine it without a fetch"
93
+ },
94
+ "consumers": [
95
+ "run::_check_upgrade_gate -- emits the warn line and event from the gate-integration site",
96
+ "skills/deft-directive-sync/SKILL.md Phase 2 -- the user-triggered remote refresh that resolves the drift",
97
+ "tasks/framework.yml framework:check-updates -- the synchronous interactive surface that reuses the same probe"
98
+ ]
99
+ },
100
+ {
101
+ "name": "session:interrupted",
102
+ "category": "behavioral",
103
+ "description": "Agent detected a session-state shift (context window pressure, session resume, 'are you using Deft?' alignment probe) and is about to re-confirm Deft alignment per AGENTS.md. Paired with session:resumed -- every session:resumed MUST reference the id of a prior session:interrupted via payload.interrupted_id; orphan resumed records are surfaced by scripts/_events.py::validate_pairing.",
104
+ "trigger": "Agent runtime emission point: scripts/_events.py::emit when AGENTS.md 'Deft Alignment Confirmation' fires (context-window-shift, alignment-probe, manual-resume). Skills emit via `python -m scripts._events emit session:interrupted --session-id <id> --reason <enum>`.",
105
+ "payload": {
106
+ "session_id": "string -- stable identifier for the agent session being interrupted; agents SHOULD reuse a single session_id across the lifetime of one logical conversation so multiple interrupt/resume pairs share provenance",
107
+ "reason": "string enum -- one of context-window-shift | alignment-probe | manual-resume | other; agents SHOULD prefer the named values over 'other'",
108
+ "detail": "string (optional) -- free-form one-liner with additional context"
109
+ },
110
+ "consumers": [
111
+ "skills/deft-directive-sync/SKILL.md Framework Events Emitted Here -- emits the pair on every alignment confirmation",
112
+ "scripts/_events.py::validate_pairing -- enforces the 1:1 session:interrupted -> session:resumed invariant"
113
+ ]
114
+ },
115
+ {
116
+ "name": "session:resumed",
117
+ "category": "behavioral",
118
+ "description": "Agent has finished re-confirming Deft alignment after a session:interrupted and is resuming work. MUST reference a prior session:interrupted event id via payload.interrupted_id; one interrupted_id may satisfy at most one session:resumed (1:1 pairing per Greptile #706 P2). Orphan or double-resumed records are flagged by scripts/_events.py::validate_pairing.",
119
+ "trigger": "Agent runtime emission point: scripts/_events.py::emit immediately after the agent emits the alignment confirmation line. Skills emit via `python -m scripts._events emit session:resumed --session-id <id> --interrupted-id <id-from-prior-emit>`.",
120
+ "payload": {
121
+ "session_id": "string -- same identifier used in the matching session:interrupted",
122
+ "interrupted_id": "string -- id of the matching session:interrupted event; cross-referenced by scripts/_events.py::validate_pairing",
123
+ "detail": "string (optional) -- free-form one-liner with additional context"
124
+ },
125
+ "consumers": [
126
+ "skills/deft-directive-sync/SKILL.md Framework Events Emitted Here -- emits the pair on every alignment confirmation",
127
+ "scripts/_events.py::validate_pairing -- enforces the 1:1 session:interrupted -> session:resumed invariant"
128
+ ]
129
+ },
130
+ {
131
+ "name": "plan:approved",
132
+ "category": "behavioral",
133
+ "description": "User approved a plan reaching the Phase 5 -> 6 merge gate per skills/deft-directive-review-cycle and the canonical #642 workflow comment ready-to-merge templates. Emitted when the user types yes / confirmed / approve on a ready-to-merge PR thread or equivalent gate. Downstream effects (auto-merge, status update, notifications) are explicitly deferred to follow-up work; this event currently emits a record only.",
134
+ "trigger": "Agent runtime emission point: scripts/_events.py::emit when a skill detects an affirmative reply (yes / confirmed / approve) on a ready-to-merge PR thread. Skills emit via `python -m scripts._events emit plan:approved --plan-ref <pr-url> --approver <login> --approval-phrase <yes|confirmed|approve> --pr-number <N>`.",
135
+ "payload": {
136
+ "plan_ref": "string -- pointer to the plan being approved; format: GitHub PR URL (preferred) or vBRIEF path; agents SHOULD use the canonical URL when available",
137
+ "approver": "string -- identifier of the approving user (GitHub login when available, 'user' otherwise)",
138
+ "approval_phrase": "string enum (optional) -- one of yes | confirmed | approve | other; the exact affirmative phrase the user used, normalised to lowercase; skills SHOULD prefer one of the canonical phrases per the canonical #642 workflow comment",
139
+ "pr_number": "integer (optional) -- GitHub PR number, when applicable"
140
+ },
141
+ "consumers": [
142
+ "skills/deft-directive-review-cycle/SKILL.md Framework Events Emitted Here -- Phase 5 -> 6 merge gate emission",
143
+ "(deferred -- no downstream consumer in this PR; future auto-merge / status-update / audit handlers will subscribe by name)"
144
+ ]
145
+ },
146
+ {
147
+ "name": "legacy:detected",
148
+ "category": "behavioral",
149
+ "description": "Migrator captured a non-canonical pre-cutover section (SPECIFICATION.md / PROJECT.md / PRD.md hand-edit) to vbrief/legacy/ or an inline LegacyArtifacts narrative during task migrate:vbrief (#505). Emitted once per captured section; additive to the existing vbrief/migration/LEGACY-REPORT.md write -- this event is structural emission only. Action policy (warn vs auto-migrate vs block) is explicitly out of scope for this PR and is deferred to follow-up.",
150
+ "trigger": "Script-internal emission point: scripts/_vbrief_legacy.emit_legacy_artifacts invokes the event_emitter callback wired by scripts/migrate_vbrief.py once per captured section. Emission flows through scripts/_events.py::emit (the migrator wires a project-root-scoped emitter; failures are swallowed so legacy capture remains the primary contract).",
151
+ "payload": {
152
+ "title": "string -- original section heading (e.g. 'Open Questions')",
153
+ "source": "string -- source filename (e.g. SPECIFICATION.md, PROJECT.md, PRD.md)",
154
+ "range": "string -- 1-indexed line range (e.g. '12-34' or '12')",
155
+ "size_bytes": "integer -- UTF-8 byte size of the captured section body",
156
+ "inline": "boolean (optional) -- true if the body fit inline; false if it overflowed to a sidecar at vbrief/legacy/{stem}-{slug}.md",
157
+ "sidecar": "string (optional) -- sidecar relative path when inline is false; null/absent otherwise",
158
+ "flagged": "boolean (optional) -- true for PRD.md hand-edit captures (warning prefix applied)"
159
+ },
160
+ "consumers": [
161
+ "scripts/migrate_vbrief.py -- wires the emitter into all three _emit_legacy_artifacts call sites (SPECIFICATION / PROJECT / PRD captures)",
162
+ "(deferred -- no downstream handler in this PR; future migrate:vbrief audit reporting and consumer-facing legacy-handling skills will subscribe by name)"
163
+ ]
164
+ }
165
+ ]
166
+ }
@@ -0,0 +1,71 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://github.com/deftai/directive/events/registry.schema.json",
4
+ "title": "Deft Events Registry",
5
+ "description": "Schema for events/registry.json. Validates the structural event registry that lists detection-bound and behavioral framework events. The registry is the single source of truth for event names, payload contracts, and detector/consumer pointers. See events/event-record.schema.json for the shape of an emitted event record.",
6
+ "type": "object",
7
+ "required": ["version", "events"],
8
+ "additionalProperties": true,
9
+ "properties": {
10
+ "$schema": {
11
+ "type": "string",
12
+ "description": "Optional pointer to this schema for editor tooling."
13
+ },
14
+ "version": {
15
+ "type": "string",
16
+ "description": "Registry schema version. Bumped when the registry's own shape changes (not when individual events are added/removed)."
17
+ },
18
+ "description": {
19
+ "type": "string"
20
+ },
21
+ "events": {
22
+ "type": "array",
23
+ "description": "Registered events. Order is not significant, but names MUST be unique.",
24
+ "items": {
25
+ "$ref": "#/$defs/Event"
26
+ }
27
+ }
28
+ },
29
+ "$defs": {
30
+ "Event": {
31
+ "type": "object",
32
+ "required": ["name", "category", "description", "trigger", "payload", "consumers"],
33
+ "additionalProperties": false,
34
+ "properties": {
35
+ "name": {
36
+ "type": "string",
37
+ "description": "Canonical event name. Convention: lowercase, colon-separated namespace (e.g. 'pre-cutover:detected', 'session:interrupted').",
38
+ "pattern": "^[a-z][a-z0-9-]*(:[a-z][a-z0-9-]*)+$"
39
+ },
40
+ "category": {
41
+ "type": "string",
42
+ "enum": ["detection-bound", "behavioral"],
43
+ "description": "detection-bound: detectable from filesystem state alone. behavioral: requires runtime instrumentation (agent emission point or script-internal capture)."
44
+ },
45
+ "description": {
46
+ "type": "string",
47
+ "description": "Human-readable description of what the event represents."
48
+ },
49
+ "trigger": {
50
+ "type": "string",
51
+ "description": "Free-form pointer to the detection logic or emission point (file::function or skill section)."
52
+ },
53
+ "payload": {
54
+ "type": "object",
55
+ "description": "Field-name -> contract-string map. Each value is a free-form description of the field's type and meaning.",
56
+ "additionalProperties": {
57
+ "type": "string"
58
+ }
59
+ },
60
+ "consumers": {
61
+ "type": "array",
62
+ "description": "Pointers to skills, tasks, or scripts that consume this event by name. At least one consumer is required so the surface stays usable.",
63
+ "minItems": 1,
64
+ "items": {
65
+ "type": "string"
66
+ }
67
+ }
68
+ }
69
+ }
70
+ }
71
+ }
package/glossary.md ADDED
@@ -0,0 +1,145 @@
1
+ # Glossary
2
+
3
+ The authoritative vocabulary for the Deft framework.
4
+
5
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
6
+
7
+ ! When a term used in any directive file is not locally defined, load this file to resolve it.
8
+ ! When introducing a new term in any directive file, define it here first.
9
+ ⊗ Define the same term differently in two files — one definition, one source of truth.
10
+
11
+ ---
12
+
13
+ ## Deft Work Decomposition Hierarchy
14
+
15
+ ```
16
+ Release ← Shippable version (one or more features)
17
+ └── Feature ← Independently demo-able vertical capability
18
+ └── Task ← Context-window-sized unit of work
19
+ ```
20
+
21
+ **Release** — A shippable version of the product. Contains one or more features. Maps to a git tag and a CHANGELOG entry. See [versioning.md](./meta/versioning.md).
22
+
23
+ **Feature** — An independently demo-able vertical capability. Scoped by a **demo sentence**: "After this, the user can ___." If you can't fill in that blank with something a human can observe, the feature is scoped wrong. Features are vertical (user-visible) not horizontal ("implement the database layer").
24
+
25
+ **Task** — The atomic unit of work. Must fit in one agent context window. If it doesn't fit, it's two tasks. This is an iron rule — violating it is where agents lose coherence.
26
+
27
+ ---
28
+
29
+ ## Terms Introduced by Deft (with GSD lineage)
30
+
31
+ These concepts originate from [GSD](https://github.com/gsd-build/get-shit-done) and have been adapted into the Deft framework.
32
+
33
+ **Anchor pruning** — Giving each task a fresh context window by pruning prior tasks' tool calls, intermediate reads, and debugging traces. Eliminates context rot. See [resilience/context-pruning.md](./resilience/context-pruning.md).
34
+
35
+ **Context rot** — The silent degradation of agent reasoning quality as the context window fills with stale tool output, dead-end debugging, and outdated file reads from prior tasks. By task 3–4 in a sequence, signal-to-noise has collapsed.
36
+
37
+ **Decision locking** — Decisions made during the discuss/interview phase are recorded in a context file and treated as **locked** for all downstream work. Downstream tasks inherit them — they don't re-debate. See [strategies/discuss.md](./strategies/discuss.md).
38
+
39
+ **Demo sentence** — The scoping test for a feature: "After this, the user can ___." If the blank can't be filled with something a human can observe, the feature is scoped wrong.
40
+
41
+ **Fractal summaries** — Hierarchical memory compression: task summaries compress into feature summaries, which compress into release summaries. Iron rule: never summarize summaries — regenerate each level from the level below + code state. See [context/fractal-summaries.md](./context/fractal-summaries.md).
42
+
43
+ **Specification vbrief** — The source-of-truth pattern for project intent. `./vbrief/specification.vbrief.json` is the canonical specification file; `SPECIFICATION.md` is a generated artifact rendered from it. The spec vbrief is created via interview (`templates/make-spec.md`), reviewed by the user, approved (`status: approved`), then rendered. Never edit the `.md` directly — edit the source vbrief. See [vbrief/vbrief.md](./vbrief/vbrief.md).
44
+
45
+ **Stub detection** — Scanning completed code for incomplete implementations: `TODO`/`FIXME` markers, `return null`/`return {}`/`pass` placeholders, functions under ~8 lines returning hardcoded values. See [verification/verification.md](./verification/verification.md).
46
+
47
+ **Verification ladder** — A 4-tier model for verifying agent work, picking the strongest tier reachable: (1) Static — files exist, exports present, no stubs. (2) Command — tests pass, build succeeds. (3) Behavioral — flows work, APIs respond correctly. (4) Human — manual verification only when tiers 1–3 can't confirm. See [verification/verification.md](./verification/verification.md).
48
+
49
+ **Zero discovery calls** — The principle that agents should never spend tokens figuring out where they are, what exists, or what was decided. All of that should be pre-assembled in context before the task starts. See [resilience/context-pruning.md](./resilience/context-pruning.md).
50
+
51
+ **Brownfield mapping** — Structured reconnaissance of an existing codebase before modifying it. Produces four artifacts: STACK (languages, frameworks, infrastructure), ARCHITECTURE (layers, entry points, data flow), CONVENTIONS (naming, patterns, file layout), and CONCERNS (tech debt, fragile areas, missing tests). See [strategies/map.md](./strategies/map.md). Invoked via `/deft:run:map`.
52
+
53
+ **Integration checking** — Cross-feature wiring verification that every export has a matching import, every API endpoint has a consumer, auth gates protect all required routes, and at least one E2E flow traces through the full stack. See [verification/integration.md](./verification/integration.md).
54
+
55
+ **Plan checking** — Pre-execution verification of a plan across four dimensions: (1) coverage — every acceptance criterion maps to at least one task, (2) completeness — every task has a verify command, (3) wiring — cross-feature dependencies declared in boundary maps, (4) scope — task count within sanity thresholds (2–3 ideal, 5+ requires split). See [verification/plan-checking.md](./verification/plan-checking.md).
56
+
57
+ **Scope sanity** — A threshold-based guard against over-scoped plans that degrade context window quality. 1–3 tasks per plan is ideal; 4 is a warning; 5+ is a blocker requiring plan split. Part of plan checking dimension 4. See [verification/plan-checking.md](./verification/plan-checking.md).
58
+
59
+ **Spec delta** — A scoped document capturing how a change modifies existing requirements. Shows new requirements and was/now diffs for modified ones. Linked to the baseline spec via vBRIEF `references` with `type: "x-vbrief/plan"`. Lives in `history/changes/<name>/specs/`. See [context/spec-deltas.md](./context/spec-deltas.md). Invoked as part of `/deft:change`.
60
+
61
+ **Verify command** — A concrete, runnable command specified per task that confirms the task's work is correct (e.g., `pytest tests/test_auth.py`, `curl localhost:8080/health`). Required by plan checking dimension 2 (completeness). Tasks without a verify command fail the plan check.
62
+
63
+ ---
64
+
65
+ ## Framework Design Terms
66
+
67
+ Terms describing how directive itself is structured and governed.
68
+
69
+ **Bounded context** (framework sense) — A file or directory in directive that owns a specific rule domain. Other files reference it; they do not restate its rules. Prevents rule drift through duplication. Examples: `coding/hygiene.md` owns hygiene rules; `coding/testing.md` owns universal testing standards.
70
+
71
+ **Rule ownership** — The principle that each concept in directive has exactly one owning file. When multiple files need to reference the concept, they link to the owner rather than duplicating the rule.
72
+
73
+ **Ubiquitous language** — The shared, precisely defined vocabulary used consistently across all directive files and by all agents. This glossary is the source of truth. Synonyms and informal restatements of defined terms are not permitted.
74
+
75
+ ---
76
+
77
+ ## Hygiene Terms
78
+
79
+ Terms used in [coding/hygiene.md](./coding/hygiene.md).
80
+
81
+ **Hygiene** — The ongoing practice of keeping a codebase clean beyond what individual changes introduce: removing dead code, eliminating circular dependencies, surfacing hidden errors, and removing legacy/deprecated code paths. Distinct from per-change quality gates, which only govern new code.
82
+
83
+ **Dead code** — Code that is defined but never executed: unused functions, unreachable branches, stale feature flags, and commented-out blocks. Distinct from deprecated code, which may still execute on a legacy path.
84
+
85
+ **Error hiding** — Any pattern that prevents an error from being observed by the caller or operator: empty catch blocks, silent fallbacks, returning neutral/zero values to mask failures, or log-and-continue without surfacing the error upstream.
86
+
87
+ **Legacy code** — A code path, implementation, or feature flag that has been superseded but not removed. Identified by markers such as `LEGACY`, `COMPAT`, `OLD_`, `TODO: remove`, or the presence of two parallel implementations without a migration path.
88
+
89
+ **Circular dependency** — An import cycle where module A depends on module B which depends (directly or transitively) on module A. Indicates architectural coupling that prevents modular testing and signals a layering violation.
90
+
91
+ ---
92
+
93
+ ## GSD → Deft Term Mapping
94
+
95
+ For readers familiar with [GSD](https://github.com/gsd-build/get-shit-done):
96
+
97
+ | GSD Term | Deft Term | Notes |
98
+ |----------|-----------|-------|
99
+ | Milestone | **Release** | Shippable version |
100
+ | Slice | **Feature** | Vertical capability with demo sentence |
101
+ | Task | **Task** | Same — add "fits in one context window" |
102
+ | Must-haves | **Acceptance criteria** | With subcategories: truths, artifacts, key links |
103
+ | Continue file | **Continue checkpoint** | `./vbrief/continue.vbrief.json` (singular) |
104
+ | Discuss phase | **Interview** (extended) | Adds decision locking + Feynman technique |
105
+ | Boundary map | **Contract** (at planning level) | Extension of Contract-First |
106
+ | Wave execution | **Parallel group** | Speckit `[P]`/`[S]` markers |
107
+ | Research phase | **Research** | Already in speckit |
108
+
109
+ ---
110
+
111
+ ## vBRIEF Lifecycle Terms (v0.20+)
112
+
113
+ Canonical vocabulary for the vBRIEF lifecycle. (Merged from the former top-level `glossary.md` during the #1875 content/ move; deduplicated to a single canonical glossary.)
114
+
115
+ - **Scope vBRIEF** -- A durable unit-of-work record, one per feature / bug / initiative, stored as `YYYY-MM-DD-slug.vbrief.json` inside a [lifecycle folder](#terms). Scope vBRIEFs are the primary work artifact in v0.20 (see [vbrief/vbrief.md -- Scope vBRIEFs and Lifecycle Folders](./vbrief/vbrief.md#scope-vbriefs-and-lifecycle-folders)).
116
+
117
+ - **Lifecycle folder** -- One of the five subdirectories under `vbrief/`: `proposed/`, `pending/`, `active/`, `completed/`, `cancelled/`. Folder location reflects (but does not define) `plan.status`; see [vbrief/vbrief.md -- Directory Structure](./vbrief/vbrief.md#directory-structure) and [Status-Driven Moves](./vbrief/vbrief.md#status-driven-moves).
118
+
119
+ - **Plan-level narrative** -- A key under `plan.narratives` in a vBRIEF file, describing the scope/plan as a whole (e.g. `Description`, `Acceptance`, `Traces`). Plan-level narratives describe the *what and why*; see [vbrief/vbrief.md -- Narratives](./vbrief/vbrief.md#narratives).
120
+
121
+ - **Item-level narrative** -- A narrative string under `plan.items[].narrative` describing a single `PlanItem` (a task / subtask within a scope). Both plan-level and item-level narratives MUST be plain strings -- never objects (see [vbrief/vbrief.md -- Narratives](./vbrief/vbrief.md#narratives)).
122
+
123
+ - **Filename stem** -- The portion of a vBRIEF filename before `.vbrief.json`. For scope vBRIEFs the stem follows `YYYY-MM-DD-<slug>`; for speckit Phase 4 emissions the stem is `YYYY-MM-DD-ip<NNN>-<slug>` with `NNN` zero-padded to 3 digits (see [vbrief/vbrief.md -- Filename Convention](./vbrief/vbrief.md#filename-convention)).
124
+
125
+ - **Cross-scope dependency** -- A dependency between two scope vBRIEFs (rather than between items inside a single scope). Cross-scope dependencies live at `plan.metadata.dependencies` as an array of dependency IDs -- plan-level by design (see [vbrief/vbrief.md -- Plan-level metadata](./vbrief/vbrief.md#plan-level-metadata)).
126
+
127
+ - **Exit Commands** -- The seven deterministic `task scope:*` commands that transition a scope vBRIEF between lifecycle folders: `scope:promote`, `scope:activate`, `scope:complete`, `scope:cancel`, `scope:restore`, `scope:block`, `scope:unblock` (see [tasks/scope.yml](../tasks/scope.yml)). Agents MUST use these instead of moving files by hand.
128
+
129
+ - **Origin provenance** -- A `references` entry on a scope vBRIEF linking back to the issue / ticket / user-request that spawned it (`type: github-issue`, `jira-ticket`, or `user-request`). Required for ingestion dedup; see [vbrief/vbrief.md -- Origin Provenance](./vbrief/vbrief.md#origin-provenance).
130
+
131
+ - **Canonical narrative key** -- One of the small set of reserved plan-level narrative keys (`Description`, `Acceptance`, `Traces`) that tooling (`task roadmap:render`, swarm allocator) reads by name. See [vbrief/vbrief.md -- Scope vBRIEF narrative keys](./vbrief/vbrief.md#scope-vbrief-narrative-keys).
132
+
133
+ - **Preparatory strategy** -- A [strategies/](./strategies/) workflow that gathers context without producing a spec directly (e.g. `research.md`, `discuss.md`, `map.md`, `bdd.md`). Preparatory strategies chain into a [spec-generating strategy](#terms).
134
+
135
+ - **Spec-generating strategy** -- A [strategies/](./strategies/) workflow that emits `vbrief/specification.vbrief.json` (and optionally scope vBRIEFs) as its authoritative output (e.g. `interview.md`, `speckit.md`, `enterprise.md`, `rapid.md`, `yolo.md`).
136
+
137
+ - **Rendered export** -- A human-readable `.md` file (`SPECIFICATION.md`, `PRD.md`, `ROADMAP.md`) generated on demand by a `task *:render` command from the underlying `.vbrief.json` file. Rendered exports are read-only views; direct edits are overwritten on the next render (see [UPGRADING.md -- What to expect](./UPGRADING.md#what-to-expect)).
138
+
139
+ - **Source of truth** -- The file that tooling treats as authoritative for a given piece of information. In v0.20 the `.vbrief.json` files are the source of truth; the corresponding `.md` files are [rendered exports](#terms). Editing a rendered export does not change the source of truth -- edit the `.vbrief.json` instead.
140
+
141
+ - **Deterministic mode** -- The interaction shape used by every Deft skill that asks the user structured questions (via `ask_user_question` single-select / multi-select) or numbered-menu prompts in skill prose. Every deterministic-mode prompt MUST include `Discuss` and `Back` as the final two numbered options (#767). The canonical rule and verbatim Discuss-pause semantic live at [`contracts/deterministic-questions.md`](./contracts/deterministic-questions.md); skill prose `!` cross-references that contract instead of duplicating the rule body.
142
+
143
+ - **Branch-protection policy** -- The Deft policy surface that controls whether direct commits to the default branch (master/main) are allowed. The typed flag is `plan.policy.allowDirectCommitsToMaster` on `vbrief/PROJECT-DEFINITION.vbrief.json` (#746); default `false` (enforce feature branches). Three enforcement surfaces back the policy: skill-level guards at the entry of `deft-directive-{swarm,review-cycle,pre-pr,release}` (#746 part C), the detection-bound `scripts/preflight_branch.py` reachable via `task verify:branch` and the `.githooks/pre-commit` + `.githooks/pre-push` hooks (#747), and the CI `branch-gate` workflow asserting `head_ref != base_ref` (#747 part E). Reconfigure via `task policy:show` / `task policy:enforce-branches` / `task policy:allow-direct-commits -- --confirm`. Emergency bypass: `DEFT_ALLOW_DEFAULT_BRANCH_COMMIT=1`.
144
+
145
+ - **Policy audit log** -- One-line append-only ledger at `meta/policy-changes.log` recording every transition of `plan.policy.allowDirectCommitsToMaster`. Written by `scripts/policy_set.py` whenever `task policy:enforce-branches` or `task policy:allow-direct-commits -- --confirm` is invoked, including the actor, previous value, and any operator-supplied `--note`. Surface introduced by #746 acceptance criterion G2.
@@ -0,0 +1,81 @@
1
+ # Incidents Library
2
+
3
+ This directory captures real-world incidents that motivated specific Deft
4
+ Directive rules. Each entry is short, structured, and answers one question:
5
+ "if our rules had been in force, would this incident have been prevented?"
6
+
7
+ The library was stood up by Wave 2 cohort issue [#708](https://github.com/deftai/directive/issues/708)
8
+ alongside the destructive-op guardrails it documents.
9
+
10
+ ## Why this exists
11
+
12
+ Rules without recurrence records become advisory prose. Recurrence records
13
+ without rules become war stories. The pairing -- rule body in `coding/`,
14
+ incident entry here, deterministic test in `tests/content/` -- is the
15
+ [AXIOM] strongest-applicable-encoding tier in `main.md`.
16
+
17
+ When a future agent reads `coding/security.md` and asks "do I really need
18
+ the Environment Isolation Gate?", the incident entry answers in the
19
+ agent's own terms: a real database with real backups got wiped in nine
20
+ seconds because the agent acted on the user's prompt instead of a trusted
21
+ environment signal.
22
+
23
+ ## Entry format
24
+
25
+ Every entry MUST follow this shape. Use [`_template.md`](_template.md) as
26
+ the starting point.
27
+
28
+ 1. **One-line summary** (`# <date>: <plain-English summary>`)
29
+ 2. **Date** -- ISO 8601; the date of the incident, not the date of the
30
+ write-up
31
+ 3. **Source** -- canonical external link (vendor postmortem, news article,
32
+ GitHub issue, internal write-up)
33
+ 4. **What happened** -- one or two paragraphs in the actor's perspective;
34
+ no editorialising
35
+ 5. **Root cause** -- the structural gap, not the proximate trigger
36
+ 6. **Which Deft rule(s) would have intervened** -- explicit cross-reference
37
+ to the rule body in `coding/` (path + section heading + issue number).
38
+ If no rule existed at incident time, name the rule introduced by this
39
+ entry
40
+ 7. **Eval / regression coverage** -- link to the test that exercises the
41
+ lesson (typically `tests/content/test_*.py` for content-pinned rules,
42
+ or `tests/cli/` for behavioural rules)
43
+ 8. **Status** -- one of: `rules-in-place`, `rules-proposed`, `no-rule-yet`
44
+
45
+ ## Filename convention
46
+
47
+ `YYYY-MM-<short-slug>.md` for incidents identified by month;
48
+ `YYYY-MM-DD-<short-slug>.md` when the exact date matters.
49
+
50
+ Examples:
51
+
52
+ - `2026-04-pocketos-railway-prod-db-wipe.md`
53
+ - `2026-04-15-some-other-incident.md`
54
+
55
+ Filenames use hyphens, not underscores -- this mirrors the project-wide
56
+ filename convention in [`main.md`](../../main.md).
57
+
58
+ ## When to add an entry
59
+
60
+ Add an entry when ALL of these are true:
61
+
62
+ - The incident is publicly documented (vendor postmortem, news article,
63
+ GitHub issue) OR is reproducible from a synthetic prompt
64
+ - The structural gap maps to a specific Deft rule (existing or proposed)
65
+ - The lesson is non-obvious -- "the agent ran `rm -rf /`" without a
66
+ structural takeaway does not warrant an entry
67
+
68
+ Add an entry WITHOUT a backing rule only when the entry itself is the
69
+ proposal mechanism (status: `rules-proposed`); the rule MUST land in a
70
+ follow-up PR within the same cycle.
71
+
72
+ ## Anti-patterns
73
+
74
+ - Long, editorialising write-ups -- the goal is a structured record, not
75
+ a narrative
76
+ - Entries without a `Which Deft rule(s) would have intervened` section --
77
+ the cross-reference is the load-bearing field
78
+ - Entries that cite a rule body without a deterministic test reference --
79
+ use [AXIOM] tier 1 enforcement, not prose alone
80
+ - Speculative incidents ("imagine if an agent did X") -- this directory
81
+ is for documented or synthetic-reproducible recurrence records only
@@ -0,0 +1,38 @@
1
+ # YYYY-MM-DD: <one-line plain-English summary>
2
+
3
+ **Date:** YYYY-MM-DD
4
+ **Status:** <rules-in-place | rules-proposed | no-rule-yet>
5
+ **Source:** <https://example.com/canonical-link>
6
+
7
+ ## What happened
8
+
9
+ One or two paragraphs in the actor's perspective. Name the system, the
10
+ operator action, the agent action, and the user-visible outcome. No
11
+ editorialising.
12
+
13
+ ## Root cause
14
+
15
+ The structural gap, not the proximate trigger. "Agent ran a destructive
16
+ command" is a proximate trigger; "agent acted on a prompt-claimed
17
+ environment without verifying the trusted signal" is the structural gap.
18
+
19
+ ## Which Deft rule(s) would have intervened
20
+
21
+ - `<coding/path.md>` `## <section heading>` (#<issue>) -- <one-line
22
+ explanation of how the rule blocks the failure mode>
23
+ - (add as many bullets as there are intervening rules)
24
+
25
+ If no rule existed at incident time, name the rule(s) introduced by this
26
+ entry and link them.
27
+
28
+ ## Eval / regression coverage
29
+
30
+ - `tests/content/test_<file>.py::<test_name>` -- pins the rule body
31
+ - `tests/cli/test_<file>.py::<test_name>` -- exercises the runtime
32
+ behaviour (if applicable)
33
+
34
+ ## References
35
+
36
+ - Source postmortem / news article
37
+ - Related GitHub issues
38
+ - Related incidents (other entries in this directory)
@@ -0,0 +1,104 @@
1
+ # CLI Best Practices
2
+
3
+ Opinionated patterns for command-line interfaces with AI agents.
4
+
5
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
6
+ Tags: Py=Python; TS=TypeScript; Node=Node.js
7
+
8
+ ## Framework Selection
9
+
10
+ **Python:**
11
+ - ! Use Typer (except: existing Click+plugins, simple argparse scripts)
12
+
13
+ **TypeScript/Node.js:**
14
+ - ! Use commander (except: existing codebases, simple scripts)
15
+ - ⊗ Use `readline` for complex CLIs (use TUI libraries instead)
16
+
17
+ ## Output
18
+
19
+ - ~ Support multiple formats for data CLIs (JSON, tree, markdown, HTML)
20
+ - ! Enforce format flag mutual exclusivity
21
+ - ~ Default to human-readable (tree, table); JSON for machines/LLMs
22
+ - Use individual flags (`--json`, `--tree`) not `--format=json`
23
+
24
+ ## Commands
25
+
26
+ - ! One command = one action
27
+ - ~ Use subcommands for related actions
28
+ - ~ Keep names short and clear
29
+ - ! Provide `--help` / `-h` with clear descriptions
30
+ - ~ Provide `--ai-help` for LLM-detailed guidance
31
+ - ! Provide rich error messages with actionable suggestions
32
+
33
+ ## Architecture
34
+
35
+ - ~ Separate concerns: cli.py (parsing), client.py (logic), formatters.py (output)
36
+ - ~ Use enums for options
37
+ - ! Validate before execution
38
+ - Config hierarchy: CLI flags > env vars > config file > defaults
39
+
40
+ ## UX
41
+
42
+ - ~ Show help (not error) when no args
43
+ - ~ Support flexible input parsing (natural language where practical)
44
+ - ~ Support shell completion (Typer/commander provide this)
45
+ - ! Version info available
46
+
47
+ ## Authentication
48
+
49
+ - ⊗ Hardcode credentials
50
+ - ! Use environment variables or secure stores
51
+ - ~ Support multiple auth methods
52
+ - ! Clear error when auth fails
53
+
54
+ ## Output Handling
55
+
56
+ - ≉ Buffer large outputs
57
+ - ~ Stream when possible
58
+ - ~ Consider pagination for large results
59
+
60
+ ## Testing
61
+
62
+ See [testing.md](../coding/testing.md) for universal requirements.
63
+
64
+ - ! Test all command paths, format options, error conditions
65
+ - ~ Snapshot test output formats (CLI output, help text)
66
+
67
+ ## Common Patterns
68
+
69
+ **Config priority:**
70
+ 1. CLI flags (highest)
71
+ 2. Environment variables
72
+ 3. Config file
73
+ 4. Defaults (lowest)
74
+
75
+ **Dual mode**:
76
+ - ? Switch to TUI when interactive, CLI otherwise
77
+ ```python
78
+ if sys.stdout.isatty() and not format_flags:
79
+ run_tui()
80
+ else:
81
+ run_cli()
82
+ ```
83
+
84
+ **Plugin architecture**:
85
+ - ? Support plugin discovery via entry points
86
+ - ? Validate plugins before use
87
+ - ? Define protocol/interface for plugins
88
+
89
+ ## Documentation
90
+
91
+ - ! Module docstrings with usage examples
92
+ - ! Command docstrings with descriptions and examples
93
+ - ~ README: quick start, commands, config, dev setup
94
+
95
+ ## Anti-patterns
96
+
97
+ - ⊗ Assume user timezone (document behavior)
98
+ - ⊗ Allow multiple format flags simultaneously
99
+ - ⊗ Buffer large outputs without streaming
100
+ - ⊗ Provide unclear error messages
101
+
102
+ ---
103
+
104
+ **See also**: [python.md](../languages/python.md) | [typescript.md](../languages/typescript.md) | [tui.md](../interfaces/tui.md)