@deftai/directive-content 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. package/.agents/skills/deft/SKILL.md +6 -0
  2. package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
  3. package/.agents/skills/deft-directive-build/SKILL.md +10 -0
  4. package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
  5. package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
  6. package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
  7. package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
  8. package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
  9. package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
  10. package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
  11. package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
  12. package/.agents/skills/deft-directive-release/SKILL.md +12 -0
  13. package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
  14. package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
  15. package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
  16. package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
  17. package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
  18. package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
  19. package/LICENSE.md +22 -0
  20. package/QUICK-START.md +167 -0
  21. package/UPGRADING.md +517 -0
  22. package/coding/build-output.md +28 -0
  23. package/coding/coding.md +235 -0
  24. package/coding/debugging.md +110 -0
  25. package/coding/holzmann.md +96 -0
  26. package/coding/hygiene.md +127 -0
  27. package/coding/security.md +158 -0
  28. package/coding/testing.md +162 -0
  29. package/coding/toolchain.md +44 -0
  30. package/commands.md +300 -0
  31. package/context/context.md +57 -0
  32. package/context/deterministic-split.md +67 -0
  33. package/context/examples.md +26 -0
  34. package/context/fractal-summaries.md +69 -0
  35. package/context/long-horizon.md +46 -0
  36. package/context/spec-deltas.md +177 -0
  37. package/context/tool-design.md +34 -0
  38. package/context/working-memory.md +62 -0
  39. package/contracts/boundary-maps.md +65 -0
  40. package/contracts/deterministic-questions.md +59 -0
  41. package/contracts/hierarchy.md +77 -0
  42. package/conventions/content-manifest.json +399 -0
  43. package/conventions/machine-generated-banner.md +130 -0
  44. package/conventions/references.md +120 -0
  45. package/conventions/rule-ownership.json +382 -0
  46. package/conventions/task-caching.md +43 -0
  47. package/conventions/vbrief-filenames.md +70 -0
  48. package/deployments/README.md +37 -0
  49. package/deployments/agentuity/README.md +138 -0
  50. package/deployments/agentuity/via-cli.md +380 -0
  51. package/deployments/agentuity/via-cloud.md +425 -0
  52. package/deployments/agentuity/via-github-actions.md +664 -0
  53. package/deployments/agentuity/via-gravity-network.md +606 -0
  54. package/deployments/agentuity/via-vpc.md +607 -0
  55. package/deployments/aws/README.md +38 -0
  56. package/deployments/aws/via-app-runner.md +612 -0
  57. package/deployments/aws/via-ecs-fargate.md +561 -0
  58. package/deployments/aws/via-elastic-beanstalk.md +628 -0
  59. package/deployments/aws/via-lambda.md +649 -0
  60. package/deployments/azure/README.md +37 -0
  61. package/deployments/azure/via-aks.md +390 -0
  62. package/deployments/azure/via-app-service.md +564 -0
  63. package/deployments/azure/via-container-apps.md +599 -0
  64. package/deployments/azure/via-functions.md +552 -0
  65. package/deployments/cloud-gov/README.md +63 -0
  66. package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
  67. package/deployments/cloud-gov/agents.md +39 -0
  68. package/deployments/cloud-gov/cicd.md +64 -0
  69. package/deployments/cloud-gov/deployment.md +150 -0
  70. package/deployments/cloud-gov/logging.md +43 -0
  71. package/deployments/cloud-gov/manifest.md +121 -0
  72. package/deployments/cloud-gov/overview.md +58 -0
  73. package/deployments/cloud-gov/security.md +46 -0
  74. package/deployments/cloud-gov/services.md +72 -0
  75. package/deployments/cloud-gov/upstream/README.md +18 -0
  76. package/deployments/cloudflare/README.md +33 -0
  77. package/deployments/cloudflare/via-dashboard.md +83 -0
  78. package/deployments/cloudflare/via-git.md +90 -0
  79. package/deployments/cloudflare/via-github-actions.md +185 -0
  80. package/deployments/cloudflare/via-terraform.md +157 -0
  81. package/deployments/cloudflare/via-wrangler.md +165 -0
  82. package/deployments/fly-io/README.md +37 -0
  83. package/deployments/fly-io/via-dockerfile.md +648 -0
  84. package/deployments/fly-io/via-flyctl.md +653 -0
  85. package/deployments/fly-io/via-github-actions.md +695 -0
  86. package/deployments/fly-io/via-multi-region.md +598 -0
  87. package/deployments/google/README.md +34 -0
  88. package/deployments/google/via-app-engine.md +42 -0
  89. package/deployments/google/via-cloud-functions.md +23 -0
  90. package/deployments/google/via-cloud-run.md +330 -0
  91. package/deployments/google/via-gke.md +23 -0
  92. package/deployments/netlify/README.md +99 -0
  93. package/deployments/netlify/via-cli.md +17 -0
  94. package/deployments/netlify/via-functions.md +19 -0
  95. package/deployments/netlify/via-git.md +25 -0
  96. package/deployments/vercel/README.md +90 -0
  97. package/deployments/vercel/via-api.md +16 -0
  98. package/deployments/vercel/via-cli.md +17 -0
  99. package/deployments/vercel/via-git.md +24 -0
  100. package/docs/BROWNFIELD.md +179 -0
  101. package/docs/getting-started.md +137 -0
  102. package/docs/good-agents-md.md +137 -0
  103. package/events/README.md +89 -0
  104. package/events/event-record.schema.json +26 -0
  105. package/events/registry.json +166 -0
  106. package/events/registry.schema.json +71 -0
  107. package/glossary.md +145 -0
  108. package/incidents/README.md +81 -0
  109. package/incidents/_template.md +38 -0
  110. package/interfaces/cli.md +104 -0
  111. package/interfaces/rest.md +212 -0
  112. package/interfaces/tui.md +242 -0
  113. package/interfaces/web.md +123 -0
  114. package/languages/6502-DASM.md +132 -0
  115. package/languages/c.md +235 -0
  116. package/languages/commands.md +23 -0
  117. package/languages/cpp.md +132 -0
  118. package/languages/csharp.md +259 -0
  119. package/languages/dart.md +183 -0
  120. package/languages/delphi.md +218 -0
  121. package/languages/elixir.md +208 -0
  122. package/languages/go.md +78 -0
  123. package/languages/java.md +278 -0
  124. package/languages/javascript.md +163 -0
  125. package/languages/julia.md +175 -0
  126. package/languages/kotlin.md +193 -0
  127. package/languages/markdown.md +168 -0
  128. package/languages/mermaid.md +146 -0
  129. package/languages/officejs.md +392 -0
  130. package/languages/python.md +209 -0
  131. package/languages/r.md +163 -0
  132. package/languages/rust.md +216 -0
  133. package/languages/sql.md +216 -0
  134. package/languages/swift.md +153 -0
  135. package/languages/typescript.md +132 -0
  136. package/languages/vba.md +279 -0
  137. package/languages/vhdl.md +180 -0
  138. package/languages/visual-basic.md +151 -0
  139. package/languages/zig.md +196 -0
  140. package/meta/SOUL.md +27 -0
  141. package/meta/code-field.md +44 -0
  142. package/meta/morals.md +40 -0
  143. package/meta/philosophy.md +39 -0
  144. package/meta/project.md +49 -0
  145. package/meta/ralph.md +223 -0
  146. package/meta/security.md +80 -0
  147. package/meta/versioning.md +326 -0
  148. package/package.json +22 -0
  149. package/packs/lessons/lessons-pack-0.1.json +553 -0
  150. package/packs/patterns/patterns-pack-0.1.json +57 -0
  151. package/packs/rules/rules-pack-0.1.json +4767 -0
  152. package/packs/skills/skills-pack-0.1.json +262 -0
  153. package/packs/strategies/strategies-pack-0.1.json +167 -0
  154. package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
  155. package/patterns/executor-layer-credentials.md +227 -0
  156. package/patterns/llm-app.md +156 -0
  157. package/patterns/multi-agent.md +278 -0
  158. package/patterns/prompt-assembly-layer-ordering.md +154 -0
  159. package/patterns/role-as-overlay.md +179 -0
  160. package/platforms/2600.md +137 -0
  161. package/platforms/unity.md +329 -0
  162. package/references/composer-skill-porting.md +152 -0
  163. package/references/cost-models.md +163 -0
  164. package/references/ip-risk.md +246 -0
  165. package/references/plain-english-ux.md +275 -0
  166. package/resilience/context-pruning.md +67 -0
  167. package/resilience/continue-here.md +62 -0
  168. package/scm/changelog.md +276 -0
  169. package/scm/git.md +139 -0
  170. package/scm/github.md +265 -0
  171. package/secrets/.gitkeep +0 -0
  172. package/skills/deft-build/SKILL.md +20 -0
  173. package/skills/deft-directive-article-review/SKILL.md +156 -0
  174. package/skills/deft-directive-build/SKILL.md +302 -0
  175. package/skills/deft-directive-cost/SKILL.md +201 -0
  176. package/skills/deft-directive-debug/SKILL.md +140 -0
  177. package/skills/deft-directive-decompose/SKILL.md +96 -0
  178. package/skills/deft-directive-gh-arch/SKILL.md +160 -0
  179. package/skills/deft-directive-gh-slice/SKILL.md +199 -0
  180. package/skills/deft-directive-glossary/SKILL.md +118 -0
  181. package/skills/deft-directive-interview/SKILL.md +528 -0
  182. package/skills/deft-directive-pre-pr/SKILL.md +131 -0
  183. package/skills/deft-directive-probe/SKILL.md +127 -0
  184. package/skills/deft-directive-refinement/SKILL.md +403 -0
  185. package/skills/deft-directive-release/SKILL.md +266 -0
  186. package/skills/deft-directive-review-cycle/SKILL.md +401 -0
  187. package/skills/deft-directive-setup/SKILL.md +717 -0
  188. package/skills/deft-directive-swarm/SKILL.md +989 -0
  189. package/skills/deft-directive-sync/SKILL.md +288 -0
  190. package/skills/deft-directive-triage/SKILL.md +137 -0
  191. package/skills/deft-directive-write-skill/SKILL.md +169 -0
  192. package/skills/deft-interview/SKILL.md +16 -0
  193. package/skills/deft-pre-pr/SKILL.md +16 -0
  194. package/skills/deft-review-cycle/SKILL.md +16 -0
  195. package/skills/deft-roadmap-refresh/SKILL.md +16 -0
  196. package/skills/deft-setup/SKILL.md +20 -0
  197. package/skills/deft-swarm/SKILL.md +16 -0
  198. package/skills/deft-sync/SKILL.md +16 -0
  199. package/strategies/README.md +83 -0
  200. package/strategies/artifact-guards.md +85 -0
  201. package/strategies/bdd.md +115 -0
  202. package/strategies/brownfield.md +7 -0
  203. package/strategies/discuss.md +129 -0
  204. package/strategies/emit-hints.md +69 -0
  205. package/strategies/enterprise.md +193 -0
  206. package/strategies/interview.md +551 -0
  207. package/strategies/map.md +179 -0
  208. package/strategies/probe.md +151 -0
  209. package/strategies/rapid.md +155 -0
  210. package/strategies/research.md +155 -0
  211. package/strategies/roadmap.md +9 -0
  212. package/strategies/speckit.md +437 -0
  213. package/strategies/v0-20-contract.md +134 -0
  214. package/strategies/yolo.md +169 -0
  215. package/swarm/swarm.md +300 -0
  216. package/templates/COST-ESTIMATE.md +114 -0
  217. package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
  218. package/templates/agent-prompt-preamble.md +409 -0
  219. package/templates/agents-entry.md +211 -0
  220. package/templates/agents-entry.placeholders.md +75 -0
  221. package/templates/embed.go +20 -0
  222. package/templates/embed_test.go +36 -0
  223. package/templates/make-spec-example.md +9 -0
  224. package/templates/make-spec.md +246 -0
  225. package/templates/project.md.template +52 -0
  226. package/templates/specification.md +1 -0
  227. package/templates/swarm-greptile-poller-prompt.md +556 -0
  228. package/templates/user.md.template +31 -0
  229. package/tools/RWLDL.md +80 -0
  230. package/tools/greptile.md +141 -0
  231. package/tools/installer.md +23 -0
  232. package/tools/taskfile-migration.md +32 -0
  233. package/tools/taskfile.md +185 -0
  234. package/tools/telemetry.md +285 -0
  235. package/vbrief/schemas/cache-meta.schema.json +137 -0
  236. package/vbrief/schemas/candidates.schema.json +130 -0
  237. package/vbrief/schemas/codebase-map.schema.json +213 -0
  238. package/vbrief/schemas/lessons-pack.schema.json +134 -0
  239. package/vbrief/schemas/patterns-pack.schema.json +84 -0
  240. package/vbrief/schemas/rules-pack.schema.json +105 -0
  241. package/vbrief/schemas/skills-pack.schema.json +94 -0
  242. package/vbrief/schemas/slices.schema.json +87 -0
  243. package/vbrief/schemas/strategies-pack.schema.json +89 -0
  244. package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
  245. package/vbrief/schemas/vbrief-core.schema.json +1022 -0
  246. package/vbrief/vbrief.md +684 -0
  247. package/verification/integration.md +76 -0
  248. package/verification/plan-checking.md +85 -0
  249. package/verification/uat.md +60 -0
  250. package/verification/verification.md +117 -0
@@ -0,0 +1,285 @@
1
+ # Telemetry Standards
2
+
3
+ Logging, tracing, metrics, and error tracking for production systems.
4
+
5
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
6
+
7
+ **Scope:** Observability, monitoring, and debugging across all modes.
8
+
9
+ **⚠️ See also**: [main.md](../../main.md) | [coding.md](../coding/coding.md)
10
+
11
+ ## Mode-Specific Requirements
12
+
13
+ ### fun Mode (Learning/Prototyping)
14
+
15
+ **Logging:**
16
+ - ? Use print() or basic logging
17
+ - ? Structured logging optional
18
+
19
+ **Error Tracking:**
20
+ - ? Optional
21
+
22
+ **Tracing:**
23
+ - ? Optional
24
+
25
+ **Metrics:**
26
+ - ? Optional
27
+
28
+ ### fast Mode (Development - Default)
29
+
30
+ **Logging:**
31
+ - ~ Structured logging (structlog, loguru, zerolog)
32
+ - ~ Log levels: DEBUG, INFO, WARN, ERROR
33
+ - ~ Include context: timestamp, level, message, request_id
34
+
35
+ **Error Tracking:**
36
+ - ~ Use Sentry.io or equivalent
37
+ - ~ Sample rate: 10-50% in dev, 100% errors
38
+ - ~ Capture stack traces
39
+
40
+ **Tracing:**
41
+ - ? Optional for debugging
42
+ - ~ Use for complex workflows
43
+
44
+ **Metrics:**
45
+ - ~ Basic metrics (request count, latency)
46
+ - ? Custom business metrics
47
+
48
+ ### pro Mode (Production)
49
+
50
+ **Logging:**
51
+ - ! Structured logging mandatory
52
+ - ! Log levels: INFO, WARN, ERROR (⊗ DEBUG in production)
53
+ - ! Include: timestamp, level, message, trace_id, span_id, user_id, request_id
54
+ - ! Log rotation and retention policy
55
+
56
+ **Error Tracking:**
57
+ - ! Sentry.io or equivalent mandatory
58
+ - ! Sample rate: 100% errors, 10-20% transactions
59
+ - ! Release tracking and source maps
60
+ - ! User feedback integration
61
+
62
+ **Tracing:**
63
+ - ! Distributed tracing (OpenTelemetry, logfire, Sentry)
64
+ - ! Instrument critical paths
65
+ - ! Trace sampling: 1-10% in production
66
+ - ! Include: service name, operation name, duration, tags
67
+
68
+ **Metrics:**
69
+ - ! RED metrics (Rate, Error, Duration)
70
+ - ! System metrics (CPU, memory, disk)
71
+ - ! Business metrics (orders, users, revenue)
72
+ - ! Alerting on SLOs/SLIs
73
+
74
+ ## Recommended Tools
75
+
76
+ **Structured Logging:**
77
+ - Python: logfire (pro), structlog (fast/pro), loguru (fast)
78
+ - Go: zerolog, zap
79
+ - TypeScript: pino, winston
80
+ - C++: spdlog
81
+
82
+ **Error Tracking:**
83
+ - Sentry.io (all languages, all modes)
84
+ - Rollbar, Bugsnag (alternatives)
85
+
86
+ **Tracing:**
87
+ - OpenTelemetry (all languages, pro mode)
88
+ - logfire (Python, pro mode)
89
+ - Sentry (all languages, fast/pro mode)
90
+
91
+ **Metrics:**
92
+ - Prometheus (self-hosted)
93
+ - Datadog, New Relic (SaaS)
94
+ - OpenTelemetry metrics
95
+
96
+ ## Logging Best Practices
97
+
98
+ **Structure:**
99
+ - ! JSON format for machine parsing
100
+ - ! Human-readable format for development
101
+ - ! Consistent field names across services
102
+
103
+ **Content:**
104
+ - ! Include context: timestamp, level, logger name, message
105
+ - ~ Include identifiers: user_id, request_id, trace_id, span_id
106
+ - ~ Include metadata: environment, version, host
107
+ - ⊗ Log sensitive data (PII, secrets, passwords)
108
+
109
+ **Levels:**
110
+ - **DEBUG**: Detailed diagnostic information (fun/fast only)
111
+ - **INFO**: General informational messages
112
+ - **WARN**: Warning messages, potentially harmful situations
113
+ - **ERROR**: Error events, but application continues
114
+ - **FATAL**: Severe errors causing shutdown
115
+
116
+ **Examples:**
117
+ ```python
118
+ # Good
119
+ log.info("order_created", order_id=order.id, user_id=user.id, total=order.total)
120
+
121
+ # Bad
122
+ log.info(f"Order {order.id} created by {user.email} for ${order.total}") # Not structured
123
+ log.debug(f"Password: {password}") # Sensitive data
124
+ ```
125
+
126
+ ## Tracing Best Practices
127
+
128
+ **Span Naming:**
129
+ - ! Use verb + noun: `process_order`, `validate_user`, `fetch_data`
130
+ - ! Include operation type: `http.request`, `db.query`, `cache.get`
131
+ - ⊗ Generic names: `process`, `handle`, `do_work`
132
+
133
+ **Span Attributes:**
134
+ - ~ Add business context: order_id, user_id, amount
135
+ - ~ Add technical context: http.method, http.status_code, db.statement
136
+ - ~ Add errors: error=true, error.message, error.type
137
+ - ⊗ Add sensitive data
138
+
139
+ **Sampling:**
140
+ - ! Sample strategically to control costs
141
+ - ~ 100% errors, 1-10% success in production
142
+ - ~ Higher rate for critical paths
143
+ - ? Adaptive sampling based on latency
144
+
145
+ ## Metrics Best Practices
146
+
147
+ **RED Metrics (Mandatory in pro):**
148
+ - **Rate**: Requests per second
149
+ - **Error**: Error rate (%)
150
+ - **Duration**: Latency (p50, p95, p99)
151
+
152
+ **Naming:**
153
+ - ! Use descriptive names: `http_requests_total`, `order_processing_duration_seconds`
154
+ - ! Include units: `_seconds`, `_bytes`, `_total`
155
+ - ! Use labels for dimensions: method, status, endpoint
156
+
157
+ **Types:**
158
+ - **Counter**: Monotonically increasing (requests, errors)
159
+ - **Gauge**: Current value (memory, queue depth)
160
+ - **Histogram**: Distribution (latency, size)
161
+ - **Summary**: Similar to histogram (p50, p95, p99)
162
+
163
+ ## Error Tracking
164
+
165
+ **What to Track:**
166
+ - ! All unhandled exceptions
167
+ - ! Explicit error captures (validation failures, business logic errors)
168
+ - ~ Performance issues (slow queries, timeouts)
169
+ - ~ User feedback (bug reports, feature requests)
170
+
171
+ **Context:**
172
+ - ! Stack trace
173
+ - ! Request data (sanitized)
174
+ - ! User context (ID, not PII)
175
+ - ! Environment (version, host, OS)
176
+ - ~ Breadcrumbs (previous events)
177
+
178
+ **Sentry Configuration:**
179
+ ```python
180
+ import sentry_sdk
181
+
182
+ sentry_sdk.init(
183
+ dsn="https://...@sentry.io/...",
184
+ environment="production",
185
+ release="my-app@1.2.3",
186
+ traces_sample_rate=0.1,
187
+ profiles_sample_rate=0.1,
188
+ before_send=sanitize_data, # ! Remove PII
189
+ )
190
+ ```
191
+
192
+ ## Integration Patterns
193
+
194
+ **Context Propagation:**
195
+ - ! Propagate trace_id and span_id across service boundaries
196
+ - ! Use W3C Trace Context headers
197
+ - ! Include trace_id/span_id in logs for correlation
198
+
199
+ **Alerting:**
200
+ - ! Alert on error rate spikes
201
+ - ! Alert on latency degradation (p95 > threshold)
202
+ - ! Alert on critical business metrics
203
+ - ~ Use runbooks for common issues
204
+
205
+ ## Anti-Patterns
206
+
207
+ - ⊗ Logging in tight loops (performance impact)
208
+ - ⊗ Logging sensitive data (PII, secrets, passwords)
209
+ - ⊗ Using string formatting instead of structured logging
210
+ - ⊗ No sampling in high-traffic production (cost explosion)
211
+ - ⊗ Ignoring errors silently
212
+ - ⊗ Missing context (no trace_id, request_id)
213
+ - ⊗ Generic span/metric names
214
+ - ⊗ Over-instrumenting (trace everything)
215
+
216
+ ## Mode Decision Matrix
217
+
218
+ | Feature | fun | fast | pro |
219
+ |---------|-----|------|-----|
220
+ | Structured Logging | ? | ~ | ! |
221
+ | Error Tracking | ? | ~ | ! |
222
+ | Distributed Tracing | ? | ? | ! |
223
+ | Metrics (RED) | ? | ~ | ! |
224
+ | Log Rotation | ? | ~ | ! |
225
+ | Alerting | ? | ? | ! |
226
+ | PII Sanitization | ? | ~ | ! |
227
+ | Source Maps | ? | ~ | ! |
228
+ | Release Tracking | ? | ~ | ! |
229
+
230
+ ## Testing Telemetry
231
+
232
+ **Development:**
233
+ - ~ Use local exporters (console, file)
234
+ - ~ Test with sampling=1.0
235
+ - ~ Verify context propagation
236
+
237
+ **Staging:**
238
+ - ~ Mirror production config
239
+ - ~ Test alerting thresholds
240
+ - ~ Validate dashboards
241
+
242
+ **Production:**
243
+ - ! Gradual rollout of telemetry changes
244
+ - ! Monitor telemetry overhead (<5% CPU)
245
+ - ! Validate data quality
246
+
247
+ ## LLM-specific observability (#481)
248
+
249
+ LLM applications carry observability needs that conventional request/response tracing does not address. Poisoning, prompt drift, output schema regressions, and token-budget exhaustion are invisible to standard logging unless the prompt and response are captured verbatim and the model + token telemetry is recorded alongside the call. This section extends the general telemetry guidance for projects that call LLM APIs (see [../patterns/llm-app.md](../patterns/llm-app.md) for the full LLM-application standards; this section is the observability slice).
250
+
251
+ **Per-call audit log (mandatory in pro mode; recommended in fast mode):**
252
+ - ! Log every LLM call: model identifier, prompt hash, response hash, latency, token count (input + output), tool calls invoked
253
+ - ! Store prompt/response pairs in a queryable audit log, separate from application logs — application logs carry pointers/hashes only; the audit log carries the verbatim content
254
+ - ! Log tool invocations alongside the LLM call that produced them so the audit trail `(prompt -> response -> tool call -> outcome)` is recoverable as a single chain
255
+ - ⊗ MUST NOT log raw secrets or PII that leaked into the prompt; redact at log-write time, not at log-read time (the general `⊗ Log sensitive data` rule applies equally to LLM audit logs)
256
+
257
+ **Token budget tracking:**
258
+ - ~ Track token budgets per session and per user — budget exhaustion is a denial-of-service vector AND a cost-attack vector
259
+ - ~ Emit a metric on every LLM call: `llm_tokens_total{model, kind="input|output", user_id, session_id}`
260
+ - ~ Alert on per-user token spikes (anomaly detection on the distribution; a sudden 10x in tokens/hour for one user is a probe signal)
261
+
262
+ **Latency histograms per model/prompt variant:**
263
+ - ~ Record latency as a histogram dimensioned by `{model, prompt_variant}` so a slow-down on one prompt template is visible without polluting the model-wide aggregate
264
+ - ~ Track p50/p95/p99 separately for streaming vs. non-streaming calls (streaming p99 is end-of-first-token; non-streaming p99 is end-of-full-response — conflating them hides regressions)
265
+
266
+ **Evaluation harness logging:**
267
+ - ~ Record evaluation-harness results in the audit log so output quality can be tracked over time (regression detection on the model output distribution, not just the application's behavior)
268
+ - ~ Tag each eval run with the prompt-template version and the model identifier so a quality regression can be traced to either a prompt edit or a provider model update
269
+
270
+ **Anomaly detection on output distributions:**
271
+ - ~ Track output-length distribution per prompt variant; a sudden shift (longer outputs, shorter outputs, or higher variance) is a probe signal worth investigating
272
+ - ~ Track refusal-rate per prompt variant; an unexpected refusal-rate change typically points at a provider-side policy update or a prompt drift
273
+ - ~ Alert when a deployed prompt template diverges from the reviewed baseline (the **prompt drift detector**); a code review approved one prompt, a runtime change to that prompt without review is a regression signal
274
+
275
+ **Cross-references:**
276
+ - [../patterns/llm-app.md](../patterns/llm-app.md) `## LLM-specific observability` -- the full standards body this section anchors to
277
+ - [../coding/coding.md](../coding/coding.md) `## Calling LLM APIs (#481)` -- short addendum cross-linking the patterns file
278
+
279
+ ## References
280
+
281
+ - OpenTelemetry: https://opentelemetry.io/
282
+ - Sentry.io: https://sentry.io/
283
+ - logfire: https://pydantic.dev/logfire
284
+ - structlog: https://www.structlog.org/
285
+ - zerolog: https://github.com/rs/zerolog
@@ -0,0 +1,137 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://vbrief.dev/schemas/cache-meta-1.0.schema.json",
4
+ "title": "Deft Cache Entry meta.json",
5
+ "description": "Per-entry metadata file for the unified content cache (#883 v1). Validates on read AND write so a corrupt or version-incompatible meta.json fails closed (epic v1_must_include M4). Layout: .deft-cache/<source>/<key>/meta.json -- one file per cache entry, sibling to raw.json (always present) and content.md (only present when scan_result.passed=true OR scanner severity is fence-and-pass / strip-and-pass).",
6
+ "type": "object",
7
+ "required": [
8
+ "source",
9
+ "key",
10
+ "fetched_at",
11
+ "ttl_seconds",
12
+ "expires_at",
13
+ "scan_result",
14
+ "size_bytes",
15
+ "stale"
16
+ ],
17
+ "properties": {
18
+ "source": {
19
+ "type": "string",
20
+ "description": "Cache source type. v1 ships 'github-issue' only; 5 additional types (github-pr, github-review, url, email, file) are deferred to v2 per the epic deferred_to_v2 list. The schema constrains the enum so a typo or premature v2 source fails closed at write time.",
21
+ "enum": ["github-issue"]
22
+ },
23
+ "key": {
24
+ "type": "string",
25
+ "minLength": 1,
26
+ "description": "Source-specific lookup key. For github-issue: '<owner>/<repo>/<N>' (e.g. 'deftai/directive/883'). The cache.py CLI normalises and validates the shape per source before write."
27
+ },
28
+ "fetched_at": {
29
+ "$ref": "#/$defs/dateTime",
30
+ "description": "ISO-8601 UTC timestamp at which raw.json was retrieved from upstream. Consumed by triage_refresh.py (Story 3) for staleness detection."
31
+ },
32
+ "ttl_seconds": {
33
+ "type": "integer",
34
+ "minimum": 0,
35
+ "description": "Source-specific TTL in seconds (github-issue=604800 / 7d in v1). Hard-coded per source by cache.py; persisted here so future TTL bumps do not silently re-classify pre-existing entries."
36
+ },
37
+ "expires_at": {
38
+ "$ref": "#/$defs/dateTime",
39
+ "description": "ISO-8601 UTC timestamp at which this entry should be considered stale. Computed at write time as fetched_at + ttl_seconds; pinned in meta.json so the staleness check is a simple time comparison without re-derivation."
40
+ },
41
+ "etag": {
42
+ "type": "string",
43
+ "description": "Reserved for v2 ETag-based conditional refresh. Deferred from v1 (gh CLI does not expose ETag at the JSON layer). Optional; omit on write in v1 callers."
44
+ },
45
+ "scan_result": {
46
+ "$ref": "#/$defs/ScanResult"
47
+ },
48
+ "size_bytes": {
49
+ "type": "integer",
50
+ "minimum": 0,
51
+ "description": "Byte length of raw.json on disk at write time. Audit-only -- consumed by cache:stats / cache:doctor (deferred to v2) for sanity checks; v1 callers persist the value but do not act on it."
52
+ },
53
+ "stale": {
54
+ "type": "boolean",
55
+ "description": "Frozen at write time as 'false'. The runtime staleness check on cache:get re-computes from current time vs expires_at; this field exists so a downstream consumer reading meta.json directly (without invoking cache:get) sees a defined value. v1 substitute for the deferred cache:check command per the epic deferred_to_v2 list."
56
+ }
57
+ },
58
+ "additionalProperties": false,
59
+ "$defs": {
60
+ "ScanResult": {
61
+ "type": "object",
62
+ "required": [
63
+ "passed",
64
+ "scanned_at",
65
+ "scanner_version",
66
+ "flags"
67
+ ],
68
+ "description": "Quarantine scan outcome (#583 / scanner v2). passed=false means the credentials category fired (hard-fail severity); fence-and-pass / strip-and-pass severities still record flags but passed remains true and content.md is written.",
69
+ "properties": {
70
+ "passed": {
71
+ "type": "boolean",
72
+ "description": "Whether the entry's content.md was safe to write. False only when at least one flag carries severity hard-fail (credentials category)."
73
+ },
74
+ "scanned_at": {
75
+ "$ref": "#/$defs/dateTime",
76
+ "description": "ISO-8601 UTC timestamp at which the scan ran. Distinct from fetched_at because a future cache:doctor --rescan can update scan_result without re-fetching."
77
+ },
78
+ "scanner_version": {
79
+ "type": "string",
80
+ "pattern": "^\\d+\\.\\d+\\.\\d+$",
81
+ "description": "Scanner SemVer (e.g. '2.0.0') as reported by scripts/cache_scanner.SCANNER_VERSION. Documented bump rule in the scanner module: patch=patterns, minor=categories, major=semantic rewrites."
82
+ },
83
+ "flags": {
84
+ "type": "array",
85
+ "description": "Per-flag findings. Empty array means a clean pass with no scanner action; non-empty does not by itself imply passed=false (only hard-fail severity does).",
86
+ "items": {
87
+ "$ref": "#/$defs/ScanFlag"
88
+ }
89
+ }
90
+ },
91
+ "additionalProperties": false
92
+ },
93
+ "ScanFlag": {
94
+ "type": "object",
95
+ "required": [
96
+ "category",
97
+ "severity",
98
+ "detail"
99
+ ],
100
+ "properties": {
101
+ "category": {
102
+ "type": "string",
103
+ "enum": [
104
+ "injection-heading",
105
+ "credentials",
106
+ "invisible-unicode"
107
+ ],
108
+ "description": "Scanner v2 category. v1 baseline ships these three; shell-cmd-injection and exfiltration-patterns are deferred to v2."
109
+ },
110
+ "severity": {
111
+ "type": "string",
112
+ "enum": [
113
+ "fence-and-pass",
114
+ "hard-fail",
115
+ "strip-and-pass"
116
+ ],
117
+ "description": "Per-category severity. injection-heading=fence-and-pass; credentials=hard-fail; invisible-unicode=strip-and-pass. Per-category severity is a documented epic departure from the design doc's uniform hard-fail (rationale: hard-fail-on-injection-headings would break legitimate '## STEP' template headings)."
118
+ },
119
+ "detail": {
120
+ "type": "string",
121
+ "description": "Human-readable summary of what was matched (e.g. 'matched credential pattern: ghp_<32 chars>' or 'stripped 3 invisible unicode codepoints'). Detail strings MUST NOT include the matched secret itself for the credentials category -- emit a redacted descriptor only."
122
+ },
123
+ "match_count": {
124
+ "type": "integer",
125
+ "minimum": 0,
126
+ "description": "Number of distinct matches for this flag. Useful for invisible-unicode strip-and-pass where the meaningful number is the codepoint count, not a string excerpt."
127
+ }
128
+ },
129
+ "additionalProperties": false
130
+ },
131
+ "dateTime": {
132
+ "type": "string",
133
+ "format": "date-time",
134
+ "pattern": "(Z|[+-]\\d{2}:\\d{2})$"
135
+ }
136
+ }
137
+ }
@@ -0,0 +1,130 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://deft.dev/schemas/candidates-1.0.schema.json",
4
+ "title": "Triage Candidates Log Entry v1",
5
+ "description": "Frozen interface contract for one line in vbrief/.eval/candidates.jsonl. Each line is a single JSON object capturing one triage decision. The log is append-only -- existing lines are never edited or deleted. Consumed by Story 3 (triage actions), Story 4 (triage:bulk + triage:refresh), and Story 6 (bootstrap). Field set, types, and enums are FROZEN -- new fields may only be added in additive, optional positions in a follow-up schema version.",
6
+ "type": "object",
7
+ "additionalProperties": false,
8
+ "required": [
9
+ "decision_id",
10
+ "timestamp",
11
+ "repo",
12
+ "issue_number",
13
+ "decision",
14
+ "actor"
15
+ ],
16
+ "properties": {
17
+ "decision_id": {
18
+ "type": "string",
19
+ "format": "uuid",
20
+ "description": "RFC 4122 UUID (any version) uniquely identifying this decision row.",
21
+ "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$"
22
+ },
23
+ "timestamp": {
24
+ "type": "string",
25
+ "format": "date-time",
26
+ "description": "ISO-8601 UTC timestamp with the literal Z suffix (e.g. 2026-05-03T16:32:54Z) when the decision was recorded. Non-UTC offsets are intentionally rejected because latest_decision() sorts by lexicographic timestamp comparison, which is correct only when every entry is anchored to the same zone.",
27
+ "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(\\.\\d+)?Z$"
28
+ },
29
+ "repo": {
30
+ "type": "string",
31
+ "description": "GitHub-style 'owner/name' coordinate of the repository the issue belongs to.",
32
+ "pattern": "^[A-Za-z0-9._-]+/[A-Za-z0-9._-]+$"
33
+ },
34
+ "issue_number": {
35
+ "type": "integer",
36
+ "minimum": 1,
37
+ "description": "Issue number within `repo`."
38
+ },
39
+ "decision": {
40
+ "type": "string",
41
+ "enum": [
42
+ "accept",
43
+ "reject",
44
+ "defer",
45
+ "needs-ac",
46
+ "mark-duplicate",
47
+ "reset",
48
+ "resume-eligible"
49
+ ],
50
+ "description": "Decision verb. `mark-duplicate` requires `linked_to`; `reset` and `resume-eligible` require `prior_decision_id`. `resume-eligible` is appended by the resume-condition evaluator (#1123 / D3) when a prior `defer` entry's `resume_on` expression fires; it does NOT auto-un-defer."
51
+ },
52
+ "actor": {
53
+ "type": "string",
54
+ "minLength": 1,
55
+ "description": "Decision actor identity -- a human username (e.g. 'msadams') or an agent tag (e.g. 'agent:warp-oz')."
56
+ },
57
+ "reason": {
58
+ "type": "string",
59
+ "description": "Optional free-form rationale captured at decision time."
60
+ },
61
+ "resume_on": {
62
+ "type": "string",
63
+ "description": "Optional structured resume condition recorded on `defer` entries (#1123 / D3). Grammar v1: `ref:closed:#N` | `ref:merged:#N` | `date:>=YYYY-MM-DD` | `pending-count:>=N` | `pending-count:<=N`, joined by a single top-level `AND` / `OR`. Evaluated by `scripts/resume_conditions.py`; firings append a sibling `resume-eligible` entry.",
64
+ "minLength": 1
65
+ },
66
+ "linked_to": {
67
+ "type": "integer",
68
+ "minimum": 1,
69
+ "description": "Required ONLY when `decision` is `mark-duplicate`: issue number this duplicate links to."
70
+ },
71
+ "prior_decision_id": {
72
+ "type": "string",
73
+ "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$",
74
+ "description": "Required ONLY when `decision` is `reset`: the prior decision's `decision_id` being undone."
75
+ }
76
+ },
77
+ "allOf": [
78
+ {
79
+ "if": {
80
+ "properties": {
81
+ "decision": {
82
+ "const": "mark-duplicate"
83
+ }
84
+ },
85
+ "required": [
86
+ "decision"
87
+ ]
88
+ },
89
+ "then": {
90
+ "required": [
91
+ "linked_to"
92
+ ]
93
+ },
94
+ "else": {
95
+ "not": {
96
+ "required": [
97
+ "linked_to"
98
+ ]
99
+ }
100
+ }
101
+ },
102
+ {
103
+ "if": {
104
+ "properties": {
105
+ "decision": {
106
+ "enum": [
107
+ "reset",
108
+ "resume-eligible"
109
+ ]
110
+ }
111
+ },
112
+ "required": [
113
+ "decision"
114
+ ]
115
+ },
116
+ "then": {
117
+ "required": [
118
+ "prior_decision_id"
119
+ ]
120
+ },
121
+ "else": {
122
+ "not": {
123
+ "required": [
124
+ "prior_decision_id"
125
+ ]
126
+ }
127
+ }
128
+ }
129
+ ]
130
+ }