@deftai/directive-content 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. package/.agents/skills/deft/SKILL.md +6 -0
  2. package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
  3. package/.agents/skills/deft-directive-build/SKILL.md +10 -0
  4. package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
  5. package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
  6. package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
  7. package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
  8. package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
  9. package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
  10. package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
  11. package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
  12. package/.agents/skills/deft-directive-release/SKILL.md +12 -0
  13. package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
  14. package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
  15. package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
  16. package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
  17. package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
  18. package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
  19. package/LICENSE.md +22 -0
  20. package/QUICK-START.md +167 -0
  21. package/UPGRADING.md +517 -0
  22. package/coding/build-output.md +28 -0
  23. package/coding/coding.md +235 -0
  24. package/coding/debugging.md +110 -0
  25. package/coding/holzmann.md +96 -0
  26. package/coding/hygiene.md +127 -0
  27. package/coding/security.md +158 -0
  28. package/coding/testing.md +162 -0
  29. package/coding/toolchain.md +44 -0
  30. package/commands.md +300 -0
  31. package/context/context.md +57 -0
  32. package/context/deterministic-split.md +67 -0
  33. package/context/examples.md +26 -0
  34. package/context/fractal-summaries.md +69 -0
  35. package/context/long-horizon.md +46 -0
  36. package/context/spec-deltas.md +177 -0
  37. package/context/tool-design.md +34 -0
  38. package/context/working-memory.md +62 -0
  39. package/contracts/boundary-maps.md +65 -0
  40. package/contracts/deterministic-questions.md +59 -0
  41. package/contracts/hierarchy.md +77 -0
  42. package/conventions/content-manifest.json +399 -0
  43. package/conventions/machine-generated-banner.md +130 -0
  44. package/conventions/references.md +120 -0
  45. package/conventions/rule-ownership.json +382 -0
  46. package/conventions/task-caching.md +43 -0
  47. package/conventions/vbrief-filenames.md +70 -0
  48. package/deployments/README.md +37 -0
  49. package/deployments/agentuity/README.md +138 -0
  50. package/deployments/agentuity/via-cli.md +380 -0
  51. package/deployments/agentuity/via-cloud.md +425 -0
  52. package/deployments/agentuity/via-github-actions.md +664 -0
  53. package/deployments/agentuity/via-gravity-network.md +606 -0
  54. package/deployments/agentuity/via-vpc.md +607 -0
  55. package/deployments/aws/README.md +38 -0
  56. package/deployments/aws/via-app-runner.md +612 -0
  57. package/deployments/aws/via-ecs-fargate.md +561 -0
  58. package/deployments/aws/via-elastic-beanstalk.md +628 -0
  59. package/deployments/aws/via-lambda.md +649 -0
  60. package/deployments/azure/README.md +37 -0
  61. package/deployments/azure/via-aks.md +390 -0
  62. package/deployments/azure/via-app-service.md +564 -0
  63. package/deployments/azure/via-container-apps.md +599 -0
  64. package/deployments/azure/via-functions.md +552 -0
  65. package/deployments/cloud-gov/README.md +63 -0
  66. package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
  67. package/deployments/cloud-gov/agents.md +39 -0
  68. package/deployments/cloud-gov/cicd.md +64 -0
  69. package/deployments/cloud-gov/deployment.md +150 -0
  70. package/deployments/cloud-gov/logging.md +43 -0
  71. package/deployments/cloud-gov/manifest.md +121 -0
  72. package/deployments/cloud-gov/overview.md +58 -0
  73. package/deployments/cloud-gov/security.md +46 -0
  74. package/deployments/cloud-gov/services.md +72 -0
  75. package/deployments/cloud-gov/upstream/README.md +18 -0
  76. package/deployments/cloudflare/README.md +33 -0
  77. package/deployments/cloudflare/via-dashboard.md +83 -0
  78. package/deployments/cloudflare/via-git.md +90 -0
  79. package/deployments/cloudflare/via-github-actions.md +185 -0
  80. package/deployments/cloudflare/via-terraform.md +157 -0
  81. package/deployments/cloudflare/via-wrangler.md +165 -0
  82. package/deployments/fly-io/README.md +37 -0
  83. package/deployments/fly-io/via-dockerfile.md +648 -0
  84. package/deployments/fly-io/via-flyctl.md +653 -0
  85. package/deployments/fly-io/via-github-actions.md +695 -0
  86. package/deployments/fly-io/via-multi-region.md +598 -0
  87. package/deployments/google/README.md +34 -0
  88. package/deployments/google/via-app-engine.md +42 -0
  89. package/deployments/google/via-cloud-functions.md +23 -0
  90. package/deployments/google/via-cloud-run.md +330 -0
  91. package/deployments/google/via-gke.md +23 -0
  92. package/deployments/netlify/README.md +99 -0
  93. package/deployments/netlify/via-cli.md +17 -0
  94. package/deployments/netlify/via-functions.md +19 -0
  95. package/deployments/netlify/via-git.md +25 -0
  96. package/deployments/vercel/README.md +90 -0
  97. package/deployments/vercel/via-api.md +16 -0
  98. package/deployments/vercel/via-cli.md +17 -0
  99. package/deployments/vercel/via-git.md +24 -0
  100. package/docs/BROWNFIELD.md +179 -0
  101. package/docs/getting-started.md +137 -0
  102. package/docs/good-agents-md.md +137 -0
  103. package/events/README.md +89 -0
  104. package/events/event-record.schema.json +26 -0
  105. package/events/registry.json +166 -0
  106. package/events/registry.schema.json +71 -0
  107. package/glossary.md +145 -0
  108. package/incidents/README.md +81 -0
  109. package/incidents/_template.md +38 -0
  110. package/interfaces/cli.md +104 -0
  111. package/interfaces/rest.md +212 -0
  112. package/interfaces/tui.md +242 -0
  113. package/interfaces/web.md +123 -0
  114. package/languages/6502-DASM.md +132 -0
  115. package/languages/c.md +235 -0
  116. package/languages/commands.md +23 -0
  117. package/languages/cpp.md +132 -0
  118. package/languages/csharp.md +259 -0
  119. package/languages/dart.md +183 -0
  120. package/languages/delphi.md +218 -0
  121. package/languages/elixir.md +208 -0
  122. package/languages/go.md +78 -0
  123. package/languages/java.md +278 -0
  124. package/languages/javascript.md +163 -0
  125. package/languages/julia.md +175 -0
  126. package/languages/kotlin.md +193 -0
  127. package/languages/markdown.md +168 -0
  128. package/languages/mermaid.md +146 -0
  129. package/languages/officejs.md +392 -0
  130. package/languages/python.md +209 -0
  131. package/languages/r.md +163 -0
  132. package/languages/rust.md +216 -0
  133. package/languages/sql.md +216 -0
  134. package/languages/swift.md +153 -0
  135. package/languages/typescript.md +132 -0
  136. package/languages/vba.md +279 -0
  137. package/languages/vhdl.md +180 -0
  138. package/languages/visual-basic.md +151 -0
  139. package/languages/zig.md +196 -0
  140. package/meta/SOUL.md +27 -0
  141. package/meta/code-field.md +44 -0
  142. package/meta/morals.md +40 -0
  143. package/meta/philosophy.md +39 -0
  144. package/meta/project.md +49 -0
  145. package/meta/ralph.md +223 -0
  146. package/meta/security.md +80 -0
  147. package/meta/versioning.md +326 -0
  148. package/package.json +22 -0
  149. package/packs/lessons/lessons-pack-0.1.json +553 -0
  150. package/packs/patterns/patterns-pack-0.1.json +57 -0
  151. package/packs/rules/rules-pack-0.1.json +4767 -0
  152. package/packs/skills/skills-pack-0.1.json +262 -0
  153. package/packs/strategies/strategies-pack-0.1.json +167 -0
  154. package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
  155. package/patterns/executor-layer-credentials.md +227 -0
  156. package/patterns/llm-app.md +156 -0
  157. package/patterns/multi-agent.md +278 -0
  158. package/patterns/prompt-assembly-layer-ordering.md +154 -0
  159. package/patterns/role-as-overlay.md +179 -0
  160. package/platforms/2600.md +137 -0
  161. package/platforms/unity.md +329 -0
  162. package/references/composer-skill-porting.md +152 -0
  163. package/references/cost-models.md +163 -0
  164. package/references/ip-risk.md +246 -0
  165. package/references/plain-english-ux.md +275 -0
  166. package/resilience/context-pruning.md +67 -0
  167. package/resilience/continue-here.md +62 -0
  168. package/scm/changelog.md +276 -0
  169. package/scm/git.md +139 -0
  170. package/scm/github.md +265 -0
  171. package/secrets/.gitkeep +0 -0
  172. package/skills/deft-build/SKILL.md +20 -0
  173. package/skills/deft-directive-article-review/SKILL.md +156 -0
  174. package/skills/deft-directive-build/SKILL.md +302 -0
  175. package/skills/deft-directive-cost/SKILL.md +201 -0
  176. package/skills/deft-directive-debug/SKILL.md +140 -0
  177. package/skills/deft-directive-decompose/SKILL.md +96 -0
  178. package/skills/deft-directive-gh-arch/SKILL.md +160 -0
  179. package/skills/deft-directive-gh-slice/SKILL.md +199 -0
  180. package/skills/deft-directive-glossary/SKILL.md +118 -0
  181. package/skills/deft-directive-interview/SKILL.md +528 -0
  182. package/skills/deft-directive-pre-pr/SKILL.md +131 -0
  183. package/skills/deft-directive-probe/SKILL.md +127 -0
  184. package/skills/deft-directive-refinement/SKILL.md +403 -0
  185. package/skills/deft-directive-release/SKILL.md +266 -0
  186. package/skills/deft-directive-review-cycle/SKILL.md +401 -0
  187. package/skills/deft-directive-setup/SKILL.md +717 -0
  188. package/skills/deft-directive-swarm/SKILL.md +989 -0
  189. package/skills/deft-directive-sync/SKILL.md +288 -0
  190. package/skills/deft-directive-triage/SKILL.md +137 -0
  191. package/skills/deft-directive-write-skill/SKILL.md +169 -0
  192. package/skills/deft-interview/SKILL.md +16 -0
  193. package/skills/deft-pre-pr/SKILL.md +16 -0
  194. package/skills/deft-review-cycle/SKILL.md +16 -0
  195. package/skills/deft-roadmap-refresh/SKILL.md +16 -0
  196. package/skills/deft-setup/SKILL.md +20 -0
  197. package/skills/deft-swarm/SKILL.md +16 -0
  198. package/skills/deft-sync/SKILL.md +16 -0
  199. package/strategies/README.md +83 -0
  200. package/strategies/artifact-guards.md +85 -0
  201. package/strategies/bdd.md +115 -0
  202. package/strategies/brownfield.md +7 -0
  203. package/strategies/discuss.md +129 -0
  204. package/strategies/emit-hints.md +69 -0
  205. package/strategies/enterprise.md +193 -0
  206. package/strategies/interview.md +551 -0
  207. package/strategies/map.md +179 -0
  208. package/strategies/probe.md +151 -0
  209. package/strategies/rapid.md +155 -0
  210. package/strategies/research.md +155 -0
  211. package/strategies/roadmap.md +9 -0
  212. package/strategies/speckit.md +437 -0
  213. package/strategies/v0-20-contract.md +134 -0
  214. package/strategies/yolo.md +169 -0
  215. package/swarm/swarm.md +300 -0
  216. package/templates/COST-ESTIMATE.md +114 -0
  217. package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
  218. package/templates/agent-prompt-preamble.md +409 -0
  219. package/templates/agents-entry.md +211 -0
  220. package/templates/agents-entry.placeholders.md +75 -0
  221. package/templates/embed.go +20 -0
  222. package/templates/embed_test.go +36 -0
  223. package/templates/make-spec-example.md +9 -0
  224. package/templates/make-spec.md +246 -0
  225. package/templates/project.md.template +52 -0
  226. package/templates/specification.md +1 -0
  227. package/templates/swarm-greptile-poller-prompt.md +556 -0
  228. package/templates/user.md.template +31 -0
  229. package/tools/RWLDL.md +80 -0
  230. package/tools/greptile.md +141 -0
  231. package/tools/installer.md +23 -0
  232. package/tools/taskfile-migration.md +32 -0
  233. package/tools/taskfile.md +185 -0
  234. package/tools/telemetry.md +285 -0
  235. package/vbrief/schemas/cache-meta.schema.json +137 -0
  236. package/vbrief/schemas/candidates.schema.json +130 -0
  237. package/vbrief/schemas/codebase-map.schema.json +213 -0
  238. package/vbrief/schemas/lessons-pack.schema.json +134 -0
  239. package/vbrief/schemas/patterns-pack.schema.json +84 -0
  240. package/vbrief/schemas/rules-pack.schema.json +105 -0
  241. package/vbrief/schemas/skills-pack.schema.json +94 -0
  242. package/vbrief/schemas/slices.schema.json +87 -0
  243. package/vbrief/schemas/strategies-pack.schema.json +89 -0
  244. package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
  245. package/vbrief/schemas/vbrief-core.schema.json +1022 -0
  246. package/vbrief/vbrief.md +684 -0
  247. package/verification/integration.md +76 -0
  248. package/verification/plan-checking.md +85 -0
  249. package/verification/uat.md +60 -0
  250. package/verification/verification.md +117 -0
@@ -0,0 +1,163 @@
1
+ # Cost Model Methodology (cost-models.md)
2
+
3
+ This reference describes how Deft estimates pre-build cost & budget for a
4
+ project produced through the deft-directive workflow. It is the canonical
5
+ methodology consumed by `skills/deft-directive-cost/SKILL.md` and the
6
+ `templates/COST-ESTIMATE.md` artifact body.
7
+
8
+ Audience: agents producing cost estimates AND non-technical end users
9
+ reading the resulting `COST-ESTIMATE.md`. Plain-English voice throughout
10
+ (no spreadsheets, no scientific notation, no industry jargon).
11
+
12
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
13
+
14
+ ## Scope
15
+
16
+ This document covers cost estimation for the **pre-build phase** of a
17
+ deft project -- after the spec is approved but before any build work
18
+ starts. Its purpose is to give the user enough cost information to
19
+ decide whether to proceed (build), pull back scope (rescope), or stop
20
+ (no-build).
21
+
22
+ Out of scope:
23
+
24
+ - Hard cost numbers tied to specific 2026 vendor pricing
25
+ - Real-time pricing API integration
26
+ - Currency / region localisation -- USD-only first pass
27
+ - Cost forecasting beyond a 12-month horizon
28
+ - Cost optimisation / FinOps for already-running projects
29
+
30
+ ## Core Principles
31
+
32
+ - ! Use **loose ranges**, not single point estimates. A \$5-\$20 / month
33
+ band is more honest than \$12.50 / month for a category whose real
34
+ variance is huge (e.g. egress, LLM tokens, image generation).
35
+ - ! Express ranges as plain-English bands: **low**, **typical**, **high**.
36
+ Avoid "p10 / p50 / p90" or other statistical jargon.
37
+ - ! Always state the **assumption** behind each range (e.g. "100 daily
38
+ active users, 5 saved photos each"). The same project shape can be
39
+ \$10/month or \$10,000/month depending on traffic.
40
+ - ! USD-only first pass. The artifact MUST say "USD" explicitly so
41
+ international users know to convert.
42
+ - ⊗ Do NOT pretend a range is exact. If the agent does not know, write
43
+ "unknown -- ask vendor" rather than guessing a number.
44
+
45
+ ## Where Costs Come From
46
+
47
+ For a typical deft project, costs roll up into a small number of
48
+ categories. The agent walks the spec and identifies which categories
49
+ apply, then fills in plain-English bands for each.
50
+
51
+ ### 1. Pre-flight account / sign-up costs
52
+
53
+ Things the user must sign up for before the project can run at all.
54
+ Often \$0 to start (free tier), but the user needs to know the list of
55
+ accounts up front so they are not surprised mid-build.
56
+
57
+ Examples (loose, illustrative):
58
+
59
+ - Cloud hosting account (free tier ~\$0; paid tier varies)
60
+ - Domain name (typical: \$10-\$20 / year)
61
+ - Email-sending provider (free tier; paid tier ~\$10-\$50 / month)
62
+ - Payment processor (no monthly fee; ~3% per transaction)
63
+ - LLM / AI API account (pay-as-you-go; can be \$0 if unused)
64
+
65
+ ### 2. Hosting / infrastructure
66
+
67
+ The recurring monthly cost of running the application. Bands:
68
+
69
+ - **Static site / serverless** (low-traffic): \$0-\$10 / month typical
70
+ - **Single small VM / app service**: \$5-\$30 / month typical
71
+ - **Managed database** (small): \$10-\$50 / month typical
72
+ - **CDN / edge** (low-traffic): \$0-\$10 / month typical
73
+ - **Egress at scale**: this is where the high band can blow up; flag if
74
+ the project shape involves serving large media to many users
75
+
76
+ ### 3. API / third-party fees
77
+
78
+ Per-call or per-event fees for services the project depends on.
79
+ Examples (illustrative bands, not authoritative):
80
+
81
+ - LLM API calls (text): a few cents to a few dollars per 1M tokens,
82
+ depending on model tier
83
+ - Image generation: a few cents per image typical
84
+ - Search / embeddings: a few cents per 1M tokens typical
85
+ - Telephony (SMS / voice): a few cents per message / minute typical
86
+ - Maps / geocoding: free tier exists; can scale to \$ hundreds / month
87
+ for high-volume apps
88
+
89
+ ### 4. Build & maintenance time
90
+
91
+ Not strictly a recurring cost, but worth surfacing so the user
92
+ understands the time cost too:
93
+
94
+ - Initial build effort (rough hours)
95
+ - Ongoing maintenance (rough hours / month)
96
+
97
+ ## Building the Monthly Band
98
+
99
+ After categories are filled in, the artifact rolls them up into a single
100
+ **monthly band**:
101
+
102
+ - **Low**: free tier / minimal usage (e.g. demo, internal use only)
103
+ - **Typical**: realistic everyday usage as described in the spec
104
+ - **High**: stretch scenario (popular launch, viral spike, growth)
105
+
106
+ Rules:
107
+
108
+ - ! The roll-up MUST stay loose. Adding a range to a range gives a
109
+ range; do NOT collapse to a single number.
110
+ - ! State the **scale assumption** (e.g. "100 daily users") in the same
111
+ block as the typical band so the reader can scale up or down.
112
+ - ~ When the high band is more than ~10x the typical band, surface a
113
+ separate **scale considerations** note explaining what would push the
114
+ project from typical -> high (e.g. "media-heavy traffic blows up
115
+ egress").
116
+
117
+ ## Decision Point
118
+
119
+ Every cost estimate ends with an explicit, four-way decision. All four
120
+ options are first-class outcomes; the build skill's Cost Phase Gate
121
+ treats each one as a recorded decision (a `skip` with no reason is the
122
+ same as no decision and the gate refuses kickoff).
123
+
124
+ 1. **Build** -- user accepts the cost and proceeds to the build phase.
125
+ 2. **Rescope** -- user wants to keep building but reduce cost (drop a
126
+ feature, swap a vendor, lower the scale assumption). Loops back to
127
+ spec edits, then re-runs the cost phase.
128
+ 3. **No-build** -- user stops the project at this stage. Recorded
129
+ explicitly so the deft project history shows the decision.
130
+ 4. **Skip** -- explicit escape hatch (e.g. hobby project where cost is
131
+ irrelevant, or a follow-up project where cost was already estimated
132
+ for the parent project). The skip MUST record a short skip reason so
133
+ the artifact's existence is auditable.
134
+
135
+ ## Plain-English Voice
136
+
137
+ The artifact and skill prose are read by non-technical users. Hard
138
+ rules:
139
+
140
+ - ! Use **dollars, not "USD"** in body text where it reads naturally
141
+ (the artifact still states "all figures in USD" up top).
142
+ - ! Use **whole numbers** in bands where the precision does not matter
143
+ (\$5-\$20, not \$5.37-\$19.84).
144
+ - ! When using a technical term that the user might not know, define it
145
+ in a short parenthetical (e.g. "egress (data leaving the cloud)").
146
+ - ⊗ Do not use jargon like "TCO", "burn rate", "p50", "OPEX vs CAPEX",
147
+ "amortised", "blended rate", "unit economics", or "FTE".
148
+
149
+ ## Anti-Patterns
150
+
151
+ - ⊗ Quote single-point estimates ("this will cost \$47.12 / month")
152
+ - ⊗ Quote ranges without an assumption (e.g. \$5-\$5,000 with no
153
+ context is useless)
154
+ - ⊗ Cite live vendor pricing as if it were a guarantee (vendor pricing
155
+ changes; the artifact must read as a snapshot)
156
+ - ⊗ Skip the decision point -- the build skill MUST refuse kickoff
157
+ until the user has explicitly chosen build / rescope / no-build /
158
+ skip(+reason)
159
+ - ⊗ Use jargon that a non-technical user will not understand
160
+ - ⊗ Promise that the project will "definitely" stay within a band --
161
+ always say "expected", "typical", or "in our estimate"
162
+ - ⊗ Generate the artifact and proceed silently to build without
163
+ surfacing the decision point to the user
@@ -0,0 +1,246 @@
1
+ # IP / Legal Risk -- Heuristic, Question Script, and Minimum-Protection Checklist
2
+
3
+ Reference document for skill authors and interview-running agents who need to
4
+ flag third-party intellectual-property (IP) risk during the research /
5
+ interview phase. Issue: [#738](https://github.com/deftai/directive/issues/738).
6
+
7
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
8
+
9
+ **⚠️ Note**: This document is *advisory*. Deft is not a law firm. It does
10
+ not provide legal advice and ⊗ MUST NOT be used as a substitute for lawyer
11
+ consultation when the project is commercial and IP-adjacent.
12
+
13
+ **⚠️ See also**: [skills/deft-directive-interview/SKILL.md](../skills/deft-directive-interview/SKILL.md) | [strategies/research.md](../strategies/research.md) | [scripts/ip_risk.py](../../scripts/ip_risk.py)
14
+
15
+ ---
16
+
17
+ ## Why This Document Exists
18
+
19
+ The #151 playtester walked through the full Deft interview + PRD +
20
+ SPECIFICATION approval flow building a Magic: The Gathering deck-builder app
21
+ **without Deft ever flagging Wizards of the Coast copyright**, recommending a
22
+ disclaimer, or suggesting a lawyer. The framework currently has no surface
23
+ that prompts users about IP risk, monetization intent, or legal protection
24
+ when building on established third-party IP (games, music, film, characters,
25
+ sports leagues, branded products).
26
+
27
+ This reference codifies a permissive heuristic, an explicit
28
+ monetization-intent question, a plain-English risk summary, and a minimum-
29
+ protection checklist that the interview / research skills MUST surface
30
+ whenever the heuristic detects an IP-adjacent project.
31
+
32
+ ---
33
+
34
+ ## Heuristic (Permissive Detection)
35
+
36
+ ! Use a permissive heuristic that errs on the side of false positives. The
37
+ cost of one extra "is this Magic: The Gathering related?" question is
38
+ trivial; the cost of letting a commercial IP-adjacent project ship without
39
+ the question is potentially substantial.
40
+
41
+ The canonical implementation lives at
42
+ [`scripts/ip_risk.py`](../../scripts/ip_risk.py) and exposes
43
+ `detect_ip_terms(text)`, `is_ip_adjacent(text)`, `ip_risk_scope_items(monetization_intent)`,
44
+ and `plain_risk_summary(hits, monetization_intent)` for callers.
45
+
46
+ ### Categories Scanned
47
+
48
+ The detector scans the user-supplied project description (and any
49
+ research-phase notes) for terms in these categories:
50
+
51
+ 1. **Recognisable IP names** -- branded games and franchises (Magic: The
52
+ Gathering, Pokemon, Yu-Gi-Oh, Dungeons & Dragons, Warhammer, Final
53
+ Fantasy, etc.).
54
+ 2. **Fictional-universe terms** -- proper nouns from established universes
55
+ (Hogwarts, Tatooine, Jedi, Klingon, Quidditch, Mandalorian, etc.).
56
+ 3. **Branded characters** -- named characters owned by a single rights
57
+ holder (Mickey Mouse, Spider-Man, Batman, Pikachu, Master Chief, etc.).
58
+ 4. **Sports leagues** -- NFL, NBA, MLB, NHL, FIFA, UEFA, Olympics, etc.
59
+ 5. **Trademarked products** -- iPhone, Xbox, PlayStation, Lego, Coca-Cola,
60
+ etc.
61
+ 6. **Music / film** -- artist names and platform names that are commonly
62
+ misappropriated (Taylor Swift, Beyoncé, Spotify, Netflix, HBO, etc.).
63
+
64
+ ### Matching Rules
65
+
66
+ - ! Case-insensitive.
67
+ - ! Word-boundary scoped (substring matches inside a longer word do NOT
68
+ trigger -- "magicwand" is not "Magic", "starcraft" is not "Star Wars").
69
+ - ! Deduplicated by `(term, category)` pair so repeated mentions count
70
+ once.
71
+ - ⊗ Treat the absence of detected terms as proof that the project is
72
+ IP-free -- the heuristic only knows about the curated lists. When the
73
+ user describes a project in vague terms, the interview SHOULD ask
74
+ directly "is this based on a game / film / sports league / brand?".
75
+
76
+ ### Updating the Term Lists
77
+
78
+ ! When you add a recurring miss (a real IP-adjacent project that slipped
79
+ through), append the term to the matching category in
80
+ `scripts/ip_risk.py` AND mention it here in the relevant category. The
81
+ two surfaces MUST stay in sync. The unit tests in
82
+ `tests/scripts/test_ip_risk.py` verify the helpers; add a positive
83
+ detection test for any new term you introduce.
84
+
85
+ ---
86
+
87
+ ## Question Script (Monetization Intent)
88
+
89
+ When `detect_ip_terms` returns at least one hit, the interview MUST ask the
90
+ user the monetization-intent question before generating the SPECIFICATION.
91
+
92
+ ### Canonical Question
93
+
94
+ ```
95
+ Your project description references third-party intellectual property (IP)
96
+ that someone else owns. How do you plan to use this project?
97
+
98
+ 0. Discuss with agent (pause interview to talk it through)
99
+ ─────────────────────────────────────────────────────────
100
+ 1. Personal use only -- private learning, personal play, no public
101
+ distribution, no monetization.
102
+ 2. Commercial use -- I plan to sell access, charge subscriptions,
103
+ run ads, or distribute publicly to paying users. [default: 2]
104
+ 3. Other / I don't know
105
+
106
+ Enter confirm / b back / 0 discuss
107
+ ```
108
+
109
+ ### Defaulting to Commercial
110
+
111
+ ! The `[default: 2]` in the canonical question is intentional. When the
112
+ user is unsure, the **commercial** path produces the stricter checklist
113
+ and the lawyer recommendation. Defaulting away from the stricter path
114
+ when intent is unclear is the wrong-side-of-safe choice.
115
+
116
+ ### Branching Behavior
117
+
118
+ - ! On `commercial`: emit the plain-English risk summary AND the
119
+ non-optional `MUST consult a lawyer before public release`
120
+ recommendation. Both go into the interview output AND into an
121
+ `IPRisk` narrative on the specification vBRIEF.
122
+ - ! On `personal`: emit the plain-English risk summary noting that
123
+ personal use is lower risk but not zero risk; warn explicitly that if
124
+ the project ever goes public, becomes monetized, or is shared widely,
125
+ the risk profile changes and a lawyer review becomes worthwhile.
126
+ - ! On `Other / I don't know`: do NOT proceed to spec generation. Re-ask
127
+ the question or open a freeform discussion until an explicit answer is
128
+ captured.
129
+
130
+ ---
131
+
132
+ ## Plain-English Risk Summary
133
+
134
+ ! After the monetization-intent question is answered, emit a plain-English
135
+ risk summary in the interview output. The summary:
136
+
137
+ - ! Opens with `not legal advice` -- this is a hard line.
138
+ - ! Names the detected categories and the actual matched terms.
139
+ - ! For commercial intent: states explicitly that lawyer consultation is
140
+ not optional output from this interview.
141
+ - ! For personal intent: states that the risk profile changes if the
142
+ project goes public / monetized.
143
+ - ⊗ Use legalese ("hereby", "tortious", "in perpetuity", "without
144
+ prejudice"). The audience is the project owner, not a court.
145
+
146
+ The canonical builder is `plain_risk_summary(hits, monetization_intent)`
147
+ in `scripts/ip_risk.py`.
148
+
149
+ ---
150
+
151
+ ## Minimum-Protection Checklist (SPECIFICATION Scope Items)
152
+
153
+ ! When IP is detected, the SPECIFICATION generation step MUST inject the
154
+ following three protection scope items into the
155
+ `specification.vbrief.json` `plan.items` array (and therefore into the
156
+ rendered SPECIFICATION.md).
157
+
158
+ The canonical generator is `ip_risk_scope_items(monetization_intent)`
159
+ in `scripts/ip_risk.py` -- it returns the three items shaped for vBRIEF
160
+ v0.6 PlanItem (`title`, `status`, `narrative`). All three items are
161
+ emitted regardless of monetization intent because even personal
162
+ IP-adjacent projects can leak into commercial use over time. The
163
+ `Acceptance` narrative is tightened to the commercial-level checklist
164
+ (lawyer-confirmed terms, written license, counsel-reviewed hosting) for
165
+ **any intent other than `personal`** -- per the wrong-side-of-safe
166
+ policy, `unknown` (interview hasn't captured an explicit answer yet)
167
+ inherits the stricter checklist. Only the explicit `personal` answer
168
+ relaxes the acceptance language.
169
+
170
+ ### Item 1: Disclaimer Stub (`IP-1`)
171
+
172
+ > Add a "not affiliated with / not endorsed by" notice on the app's
173
+ > first user-visible surface (splash screen, landing page, or CLI banner).
174
+
175
+ - Acceptance (personal): reviewed by the project owner before any public
176
+ release.
177
+ - Acceptance (commercial): lawyer-confirmed wording before public release.
178
+
179
+ ### Item 2: API-Only Third-Party Asset Access Policy (`IP-2`)
180
+
181
+ > Never bundle third-party IP assets (images, audio, video, text, card
182
+ > data, character likenesses) in the repository or build artifacts.
183
+ > Access only via official APIs that grant a license.
184
+
185
+ - Acceptance (personal): all third-party assets reach the app via
186
+ official APIs only; no assets bundled in the repository or build
187
+ artifacts.
188
+ - Acceptance (commercial): same, plus a license that explicitly permits
189
+ the planned use, plus lawyer-confirmed before public release.
190
+
191
+ ### Item 3: Hosting Policy Gated on Monetization Intent (`IP-3`)
192
+
193
+ > Document the hosting plan and gate it on the captured monetization
194
+ > intent. Self-hosted private use is the default; commercial hosting
195
+ > requires lawyer review.
196
+
197
+ - Acceptance (personal): self-hosted private use only; do not deploy
198
+ publicly until a monetization decision is made and re-reviewed
199
+ against this rule.
200
+ - Acceptance (commercial): hosting plan reviewed by counsel; written
201
+ license terms cover the deployment region and audience; revenue model
202
+ documented.
203
+
204
+ ### Why These Three?
205
+
206
+ - The disclaimer is the cheapest defense -- a single line of text on the
207
+ splash / landing surface meaningfully reduces consumer confusion about
208
+ endorsement.
209
+ - The API-only-asset policy is the structural defense -- it prevents the
210
+ most common copyright incidents (bundling sprite sheets, card images,
211
+ audio clips) from being possible at all.
212
+ - The hosting policy is the deployment-time gate -- self-hosted private
213
+ use is a different legal posture than a publicly-marketed commercial
214
+ service, and the spec should make the gate explicit so it is not
215
+ forgotten when the project drifts toward "let's just put it online".
216
+
217
+ ---
218
+
219
+ ## Out of Scope
220
+
221
+ ⊗ Do not attempt to:
222
+
223
+ - Provide legal advice.
224
+ - Catalogue specific IP holders or trademark owners.
225
+ - Run automated trademark / copyright lookups against external services.
226
+ - Make a "is this fair use?" determination.
227
+
228
+ The heuristic exists to **surface the question**, not to answer it.
229
+
230
+ ---
231
+
232
+ ## Workflow Summary (for Interview / Research Skills)
233
+
234
+ ```
235
+ 1. Capture project description (and research notes if research strategy ran).
236
+ 2. Run scripts/ip_risk.py:detect_ip_terms(text).
237
+ 3. If empty -> proceed normally.
238
+ 4. If non-empty:
239
+ a. Ask the monetization-intent question (Personal / Commercial / Other).
240
+ b. Loop on the freeform follow-up if "Other" is chosen until intent is captured.
241
+ c. Emit plain_risk_summary(hits, intent) into the interview output.
242
+ d. Inject ip_risk_scope_items(intent) into the spec vBRIEF.
243
+ e. On commercial intent, surface the non-optional lawyer-consultation
244
+ recommendation in the interview output AND in the IPRisk narrative.
245
+ 5. Continue to the rest of the interview flow.
246
+ ```
@@ -0,0 +1,275 @@
1
+ # Plain-English UX Guidelines for Skill Authors
2
+
3
+ Reference document for skill authors writing user-facing prompts in interview,
4
+ PRD review, and SPECIFICATION review skills. Issue:
5
+ [#740](https://github.com/deftai/directive/issues/740).
6
+
7
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
8
+
9
+ **⚠️ See also**: [skills/deft-directive-interview/SKILL.md](../skills/deft-directive-interview/SKILL.md) | [strategies/interview.md](../strategies/interview.md)
10
+
11
+ ---
12
+
13
+ ## Why This Document Exists
14
+
15
+ The #151 playtester only completed the planning flow because they had a
16
+ second AI translating jargon, decoding ambiguous approval actions, and
17
+ explaining red/green diff views. Defects clustered into three buckets:
18
+
19
+ 1. **Jargon without explanations** -- frontend, backend, DB, auth,
20
+ deployment, PRD, Next.js -- shipped raw at users with no plain-English
21
+ context note.
22
+ 2. **Unclear approval actions** -- "Accept / Refine / Edit" buttons did
23
+ not say what would actually happen on each choice.
24
+ 3. **Alarming red/green diff view at PRD/SPEC review** -- the diff looked
25
+ like an error report; the user had to ask their other AI whether
26
+ anything was wrong.
27
+
28
+ This reference codifies the rules that fix all three buckets and the
29
+ patterns skill authors should follow going forward.
30
+
31
+ ---
32
+
33
+ ## Rule 1 -- Plain-English Context Note on Every Technical Question
34
+
35
+ ! Every technical question MUST carry a one-line plain-English context
36
+ note that explains what the answer affects in non-technical terms.
37
+
38
+ The context note appears as preamble ABOVE the structured-tool call (per
39
+ the interview SKILL Rule 2 Preamble Placement subsection). It does NOT
40
+ replace the structured question -- both the preamble AND the structured
41
+ options are required.
42
+
43
+ ### Anti-pattern
44
+
45
+ ```
46
+ Which deployment platform?
47
+
48
+ 1. Linux server
49
+ 2. Web hosting (cloud)
50
+ 3. Embedded
51
+ ```
52
+
53
+ ### Correct
54
+
55
+ ```
56
+ Where will this app actually run for users? This decides whether you
57
+ need a server you maintain, a cloud account someone else manages, or
58
+ a tiny computer that ships with the product.
59
+
60
+ 0. Discuss with agent
61
+ ────────────────────
62
+ 1. Server you maintain (Linux machine, you handle updates)
63
+ 2. Cloud you rent (a hosting service runs it; you pay monthly)
64
+ [default: 2]
65
+ 3. Tiny dedicated device (ships inside hardware -- e.g. a thermostat)
66
+ 4. Other / I don't know
67
+ 5. Discuss
68
+ 6. Back
69
+
70
+ Enter confirm / b back / 0 discuss
71
+ ```
72
+
73
+ The plain-English preamble explains the *consequence* of the choice.
74
+ The numbered options use plain-English labels with the technical term
75
+ in parenthesis (or omit it entirely when the technical term is not load-
76
+ bearing).
77
+
78
+ ---
79
+
80
+ ## Rule 2 -- Acronyms Defined Inline on First Use
81
+
82
+ ! Every acronym MUST be defined inline the first time it appears in a
83
+ user-facing message within a skill session. The definition format is
84
+ `ACRONYM (full expansion)`. Subsequent uses MAY use the acronym alone.
85
+
86
+ Common acronyms in Deft's interview surface and their canonical
87
+ expansions:
88
+
89
+ - **PRD** (Product Requirements Document) -- "what to build" doc reviewed
90
+ before implementation.
91
+ - **NFR** (Non-Functional Requirement) -- a performance / security /
92
+ scalability rule rather than a feature.
93
+ - **FR** (Functional Requirement) -- a numbered behavior the spec MUST
94
+ implement.
95
+ - **SPEC** (Specification) -- the implementation plan derived from the
96
+ PRD.
97
+ - **API** (Application Programming Interface) -- the way two pieces of
98
+ software talk to each other.
99
+ - **DB** (Database) -- where the app's data is stored.
100
+ - **CI** (Continuous Integration) -- the automated checks that run on
101
+ every change.
102
+ - **MVP** (Minimum Viable Product) -- the smallest version of the
103
+ product worth shipping.
104
+
105
+ ### Anti-pattern
106
+
107
+ ```
108
+ After PRD review, we'll generate the SPEC and run CI before merging.
109
+ ```
110
+
111
+ ### Correct
112
+
113
+ ```
114
+ After PRD (Product Requirements Document) review, we'll generate the
115
+ SPEC (Specification) and run CI (Continuous Integration -- the automated
116
+ checks) before merging.
117
+ ```
118
+
119
+ After this first sentence, the agent MAY use the acronyms unadorned for
120
+ the rest of the session.
121
+
122
+ ---
123
+
124
+ ## Rule 3 -- Framework Justifications Explained or Removed
125
+
126
+ ! When a skill recommends a framework, library, language, or tool, the
127
+ recommendation MUST either:
128
+
129
+ - **Explain why** in plain-English terms the user actually cares about
130
+ (cost, speed, hiring, hosting compatibility, etc.); OR
131
+ - **Remove the justification** entirely and present it as a default the
132
+ user can override.
133
+
134
+ ⊗ Drop a framework name with a one-word "modern" or "industry-standard"
135
+ justification. That phrasing is jargon-flavoured advertising and the
136
+ user has no way to evaluate it.
137
+
138
+ ### Anti-pattern
139
+
140
+ ```
141
+ Recommended: Next.js (industry-standard, modern).
142
+ ```
143
+
144
+ ### Correct (explained)
145
+
146
+ ```
147
+ Recommended: Next.js -- a popular toolkit for building websites that
148
+ need both pages and live data. Picking it now means more example code
149
+ on the internet and easier hiring later.
150
+ ```
151
+
152
+ ### Correct (removed)
153
+
154
+ ```
155
+ Default: Next.js. Pick "Other" below if you want a different web
156
+ framework and we'll capture your reason in the spec.
157
+ ```
158
+
159
+ ---
160
+
161
+ ## Rule 4 -- Numbered Approval Menu After PRD and SPEC Review
162
+
163
+ ! After every PRD review AND every SPECIFICATION review, the agent MUST
164
+ present an explicit numbered approval menu. The menu replaces ambiguous
165
+ buttons like "Accept / Refine / Edit" with action-shaped labels that
166
+ state what will happen.
167
+
168
+ ### Canonical Menu Shape (PRD review)
169
+
170
+ ```
171
+ What would you like to do with the PRD?
172
+
173
+ 1. Approve and continue (lock the PRD, generate the SPECIFICATION)
174
+ 2. Suggest changes (you describe what to change; the agent rewrites)
175
+ 3. Edit yourself (you edit the PRD directly; the agent waits)
176
+ 4. Discuss
177
+ 5. Back
178
+
179
+ Enter confirm / b back / 0 discuss
180
+ ```
181
+
182
+ ### Canonical Menu Shape (SPECIFICATION review)
183
+
184
+ ```
185
+ What would you like to do with the SPECIFICATION?
186
+
187
+ 1. Approve and continue (lock the SPEC, proceed to implementation)
188
+ 2. Suggest changes (you describe what to change; the agent rewrites)
189
+ 3. Edit yourself (you edit the SPEC directly; the agent waits)
190
+ 4. Discuss
191
+ 5. Back
192
+
193
+ Enter confirm / b back / 0 discuss
194
+ ```
195
+
196
+ ### Discuss + Back Are the Final Two Options (#767 framework rule)
197
+
198
+ ! Every numbered approval menu MUST follow the #767 deterministic-
199
+ question framework rule: the final two numbered options MUST be
200
+ `Discuss` and `Back`, in that order. This is consistent with the
201
+ interview SKILL's Rule 9 (back-navigation) and Rule 10 (slot-0
202
+ discuss-with-agent escape) and provides a uniform exit path on every
203
+ menu the user sees.
204
+
205
+ ! When `contracts/deterministic-questions.md` lands (Agent 1, #767),
206
+ this reference doc and the canonical menu shapes MUST be re-read against
207
+ that contract; any inconsistency is fixed by editing this doc, not the
208
+ contract.
209
+
210
+ ⊗ Add a numbered approval menu where Discuss and Back are not the
211
+ final two options. ⊗ Use plain "Accept / Refine / Edit" buttons without
212
+ explanatory parentheticals.
213
+
214
+ ---
215
+
216
+ ## Rule 5 -- Diff-View Preface (Non-Alarming)
217
+
218
+ ! When a PRD or SPECIFICATION review surfaces a red/green diff (e.g. via
219
+ `git diff` or any structured-diff renderer), the agent MUST emit a one-
220
+ line non-alarming preface ABOVE the diff. The preface MUST set
221
+ expectations that red lines are removals and green lines are additions
222
+ in the new version, NOT errors.
223
+
224
+ ? Alternatively, hide the diff entirely on the FIRST review pass and
225
+ present a plain-English summary of changes; only show the diff on the
226
+ second pass or when the user explicitly asks for it.
227
+
228
+ ### Canonical Preface
229
+
230
+ ```
231
+ Here's what changed since the previous draft. Red lines were removed,
232
+ green lines were added. Nothing here is broken -- this is a normal
233
+ review.
234
+ ```
235
+
236
+ ### Anti-pattern
237
+
238
+ ```
239
+ [diff output starts immediately with no preface]
240
+ ```
241
+
242
+ The user sees red and green and reads it as an error report; this is
243
+ exactly the #151 #11 playtest defect.
244
+
245
+ ---
246
+
247
+ ## Rule 6 -- Audience Test
248
+
249
+ ! Before shipping a question or output line in a user-facing skill, run
250
+ the **audience test**: read the line aloud and ask "would a non-technical
251
+ person understand the *consequence* of this choice?". If the answer is
252
+ no, rewrite or add a context note.
253
+
254
+ The audience test is not a heuristic the agent runs at runtime -- it is
255
+ a content-review rule for skill authors at edit time.
256
+
257
+ ---
258
+
259
+ ## Anti-Patterns
260
+
261
+ - ⊗ Drop a technical question on the user without a plain-English
262
+ context note above it.
263
+ - ⊗ Use an acronym for the first time without inlining `(full
264
+ expansion)`.
265
+ - ⊗ Recommend a framework with one-word jargon-flavoured justification
266
+ ("industry-standard", "modern", "scalable").
267
+ - ⊗ Present an approval menu without explicit numbered actions whose
268
+ labels state what will happen.
269
+ - ⊗ Place Discuss / Back anywhere except as the final two numbered
270
+ options of an approval menu (per #767).
271
+ - ⊗ Show a red/green diff at first review without a non-alarming
272
+ preface.
273
+ - ⊗ Treat "the user can ask their other AI to translate" as an
274
+ acceptable mitigation for jargon. The user's other AI is not a Deft
275
+ surface and is not a reliable communication channel.