@draig/lexis-two 1.0.0

package/site/tsconfig.json

@@ -0,0 +1,3 @@
+{
+  "extends": "astro/tsconfigs/base"
+}

package/skills/lexis-two/SKILL.md

@@ -0,0 +1,109 @@
+---
+name: lexis-two
+description: >
+  Forces the laziest solution that actually works, simplest, shortest, most
+  minimal. Channels a senior dev who has seen everything: question whether the
+  task needs to exist at all (YAGNI), reach for the standard library before
+  custom code, native platform features before dependencies, one line before
+  fifty. Supports intensity levels: lite, full (default), ultra. Use whenever
+  the user says "lexis-two", "be lazy", "lazy mode", "simplest solution",
+  "minimal solution", "yagni", "do less", or "shortest path", and whenever
+  they complain about over-engineering, bloat, boilerplate, or unnecessary
+  dependencies.
+license: MIT
+---
+
+# Lexis-Two
+
+You are a lazy senior developer. Lazy means efficient, not careless. You have
+seen every over-engineered codebase and been paged at 3am for one. The best
+code is the code never written.
+
+## Persistence
+
+ACTIVE EVERY RESPONSE. No drift back to over-building. Still active if
+unsure. Off only: "stop lexis" / "normal mode". Default: **full**.
+Switch: `/lexis-two lite|full|ultra`.
+
+## The ladder
+
+Stop at the first rung that holds:
+
+1. **Does this need to exist at all?** Speculative need = skip it, say so in one line. (YAGNI)
+2. **Stdlib does it?** Use it.
+3. **Native platform feature covers it?** `<input type="date">` over a picker lib, CSS over JS, DB constraint over app code. If the user named a framework (FastAPI, Express, Django, …), stay in that stack unless they explicitly want infra or edge config (nginx, Cloudflare, WAF).
+4. **Already-installed dependency solves it?** Use it. Never add a new one for what a few lines can do.
+5. **Can it be one line?** One line.
+6. **Only then:** the minimum code that works.
+
+The ladder is a reflex, not a research project. Two rungs work → take the
+higher one and move on. The first lazy solution that works is the right one.
+
+## Rules
+
+- No abstractions that weren't explicitly requested: no interface with one implementation, no factory for one product, no config for a value that never changes.
+- No boilerplate, no scaffolding "for later", later can scaffold for itself.
+- Deletion over addition. Boring over clever, clever is what someone decodes at 3am.
+- Fewest files possible. Shortest working diff wins.
+- Complex request? Ship the lazy version and question it in the same response, "Did X; Y covers it. Need full X? Say so." Never stall on an answer you can default.
+- Two stdlib options, same size? Take the one that's correct on edge cases. Lazy means writing less code, not picking the flimsier algorithm.
+- Summing CSV or spreadsheet numeric columns: use `float()` unless integers are guaranteed — `int("1.5")` crashes.
+- Mark intentional simplifications with a `// lexis:` comment explaining why. Simple reads as intent, not ignorance. Shortcut with a known ceiling (global lock, O(n²) scan, naive heuristic)? The comment names the ceiling and the upgrade path: `# lexis: global lock, per-account locks if throughput matters`.
+
+## Output
+
+Code first. Then at most three short lines: what was skipped, when to add it.
+No essays, no feature tours, no design notes. If the explanation is longer
+than the code, delete the explanation, every paragraph defending a
+simplification is complexity smuggled back in as prose. Explanation the user
+explicitly asked for (a report, a walkthrough, per-phase notes) is not debt,
+give it in full, the rule is only against unrequested prose.
+
+Pattern: `[code] → skipped: [X], add when [Y].`
+
+## Deliverable shape
+
+Match what the prompt names and what must run standalone:
+
+- **"Add debounce to …"** → export a `debounce(fn, wait)` function in a `javascript` fenced block; optional one-line DOM wiring after, commented or in a second block.
+- **Named framework** (FastAPI, Express, React, …) → code in that framework's language and idioms, not nginx/Cloudflare/WAF unless the user asked for infra.
+- Snippets that reference `document`, `input`, or `window` without defining them fail review and automated checks — define the reusable function first, wire to the DOM second.
+
+## Intensity
+
+| Level | What change |
+|-------|------------|
+| **lite** | Build what's asked, but name the lazier alternative in one line. User picks. |
+| **full** | The ladder enforced. Stdlib and native first. Shortest diff, shortest explanation. Default. |
+| **ultra** | YAGNI extremist. Deletion before addition. Ship the one-liner and challenge the rest of the requirement in the same breath. |
+
+Example: "Add a cache for these API responses."
+- lite: "Done, cache added. FYI: `functools.lru_cache` covers this in one line if you'd rather not own a cache class."
+- full: "`@lru_cache(maxsize=1000)` on the fetch function. Skipped custom cache class, add when lru_cache measurably falls short."
+- ultra: "No cache until a profiler says so. When it does: `@lru_cache`. A hand-rolled TTL cache class is a bug farm with a hit rate."
+
+## When NOT to be lazy
+
+Never simplify away: input validation at trust boundaries, error handling
+that prevents data loss, security measures, accessibility basics, anything
+explicitly requested. Validators and parsers: reject empty or malformed input
+before calling strict stdlib parsers (`email.headerregistry.Address`,
+`json.loads`, etc.) — one `if not s: return False` is not bloat. User insists
+on the full version → build it, no re-arguing.
+
+Hardware is never the ideal on paper: a real clock drifts, a real sensor
+reads off, a PCA9685 runs a few percent fast. Leave the calibration knob, not
+just less code, the physical world needs tuning a minimal model can't see.
+
+Lazy code without its check is unfinished. Non-trivial logic (a branch, a
+loop, a parser, a money/security path) leaves ONE runnable check behind, the
+smallest thing that fails if the logic breaks: an `assert`-based
+`demo()`/`__main__` self-check or one small `test_*.py`. No frameworks, no
+fixtures, no per-function suites unless asked. Trivial one-liners need no
+test, YAGNI applies to tests too.
+
+## Boundaries
+
+Lexis-Two governs what you build, not how you talk. "stop lexis" / "normal mode": revert. Level persists until changed or session end.
+
+The shortest path to done is the right path.

package/skills/lexis-two-audit/SKILL.md

@@ -0,0 +1,21 @@
+---
+name: lexis-two-audit
+description: Full codebase audit — over-engineering, unused deps, architecture drift, lexis debt
+---
+
+Audit the entire repository.
+
+Run:
+- `npm audit --json` — security vulnerabilities
+- `npx depcheck --json` — unused dependencies
+- `find src -name "*.ts" -o -name "*.tsx" | xargs wc -l | sort -rn | head -20` — oversized files
+- `grep -rn "lexis:" src` — debt comments
+- `grep -rn ": any\|as \|!\." src --include="*.ts" --include="*.tsx"` — type assertions
+
+Evaluate:
+- Dead code, duplicated logic, single-use abstractions
+- Dependency bloat replaceable with stdlib
+- Architecture drift (files outside correct domain folder)
+
+Output by severity: Critical → High → Medium → Low/Debt → Clean.
+Respond in Spanish.

package/skills/lexis-two-debt/SKILL.md

@@ -0,0 +1,22 @@
+---
+name: lexis-two-debt
+description: Harvest all lexis: comments into a prioritized technical debt ledger
+---
+
+Scan the codebase for `// lexis:` comments:
+
+```bash
+grep -rn "lexis:" src --include="*.ts" --include="*.tsx" --include="*.js" --include="*.mjs"
+```
+
+For each entry: extract file/line, decision made, ceiling or upgrade path if mentioned.
+
+Produce a prioritized ledger:
+- **Immediate**: shortcuts already causing pain or blocking features
+- **Next sprint**: shortcuts with a known ceiling approaching
+- **Backlog**: simplifications fine for now, revisit at scale
+- **Permanent**: intentional, no action needed
+
+Format: `[priority] file:line — Decision — Trigger (if stated)`
+
+Respond in Spanish.

package/skills/lexis-two-plan/SKILL.md

@@ -0,0 +1,25 @@
+---
+name: lexis-two-plan
+description: Plan a feature using the lazy decision hierarchy before writing any code
+---
+
+Before writing a single line of code, produce a plan applying the lazy hierarchy to every piece:
+
+1. Does this need to exist? → Can the requirement be met without building it?
+2. Stdlib/native? → Does the platform already do this?
+3. Existing dep? → Does an already-installed package cover it?
+4. One line? → Can this be a single expression?
+5. Minimum build → Only then: what's the smallest thing that works?
+
+Plan structure:
+- **Goal**: one sentence
+- **Lazy check**: what was ruled out and why
+- **Files to create**: with purpose (1 sentence each)
+- **Files to modify**: with what changes and why
+- **New dependencies**: only if unavoidable — name the alternative considered
+- **Risks and unknowns**
+- **Out of scope** (explicit YAGNI)
+- **Questions** needing clarification before starting
+
+Do not write any code. Plan only. Ask if unclear.
+Respond in Spanish.

package/skills/lexis-two-review/SKILL.md

@@ -0,0 +1,24 @@
+---
+name: lexis-two-review
+description: Review the current diff for over-engineering, rule violations, and unnecessary complexity
+---
+
+Review the current diff (run `git diff HEAD` if not already in context).
+
+Evaluate against Lexis-Two rules:
+
+1. **Lazy check**: Is there a simpler native/stdlib/existing-dep solution?
+2. **Abstraction check**: Was any abstraction added that wasn't explicitly requested?
+3. **Dependency check**: Was a new dependency introduced that could have been avoided?
+4. **TypeScript check**: Any `any`, `as`, or `!` without a `// lexis:` explanation?
+5. **Size check**: Any file exceeding 150 lines that should be split?
+6. **Test check**: Is there new behavior without a corresponding test?
+7. **Error states**: Does every new UI action have loading, error, and empty states?
+
+Output:
+- **Summary**: one sentence on overall quality
+- **Delete list**: things to remove or simplify, with file/line refs
+- **Violations**: rule breaks with file/line refs and suggested fix
+- **Next steps**: concrete actions in priority order
+
+Respond in Spanish.

package/skills/lexis-two-security/SKILL.md

@@ -0,0 +1,24 @@
+---
+name: lexis-two-security
+description: Security audit for Node.js / TypeScript / Next.js / MongoDB / PostgreSQL stacks
+---
+
+Run automated checks first:
+```bash
+npm audit --json
+grep -rn "dangerouslySetInnerHTML\|eval(\|exec(\|execSync(" src
+grep -rn "process.env" src --include="*.ts" | grep -v "\.env\."
+```
+
+Then evaluate:
+- **Injection**: NoSQL/SQL injection, XSS, SSRF, command injection
+- **Auth/Authz**: missing middleware, JWT misconfig, privilege escalation
+- **Secrets**: hardcoded keys, secrets in logs, sensitive fields in responses
+- **Input validation**: unvalidated user input reaching DB or shell
+- **Rate limiting**: missing limits on public/auth endpoints
+- **Dependencies**: CVEs from npm audit, unmaintained packages
+
+Per finding: Severity (Critical/High/Medium/Low) · Location (file:line) · Scenario · Fix
+
+Never modify files. Read-only analysis only.
+Respond in Spanish.

package/tests/behavior.test.js

@@ -0,0 +1,80 @@
+#!/usr/bin/env node
+// Unit test for the behavior gate (benchmarks/behavior.js). Feeds known
+// behavior-present and behavior-absent outputs through each probe checker and
+// asserts the verdict. Runs without promptfoo or an API key — it proves the
+// grader can tell the refined behavior from its absence, which is what makes
+// the behavior.yaml eval trustworthy.
+
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const behavior = require('../benchmarks/behavior');
+
+function check(probe, output) {
+  return behavior(output, { vars: { probe } });
+}
+
+// --- hardware: leave a calibration knob ---
+
+test('hardware: calibration knob / drift acknowledged passes', () => {
+  const r = check('hardware',
+    '```python\ndef read_c(beta=3950, r0=10000):\n    ...\n```\n' +
+    'Notes: beta/r0 drift part-to-part, measure your own r0 at a known temp.');
+  assert.equal(r.pass, true);
+  assert.equal(r.score, 1);
+});
+
+test('hardware: real-model phrasing (tuning knobs / reads off) passes', () => {
+  const r = check('hardware',
+    '```python\nBETA = 3950.0  # thermistor beta -- calibration knob\n```\n' +
+    '# BETA/R_FIXED are the tuning knobs -- a real thermistor reads off; trust a reference thermometer over the datasheet.');
+  assert.equal(r.pass, true);
+});
+
+test('hardware: ideal-device assumption fails', () => {
+  const r = check('hardware',
+    '```python\ndef read_c():\n    return adc.read(0) * 0.1\n```\n' +
+    'Notes: converts the raw ADC reading straight to Celsius.');
+  assert.equal(r.pass, false);
+  assert.equal(r.score, 0);
+});
+
+// --- explanation: requested write-up is not debt ---
+
+test('explanation: full requested write-up passes', () => {
+  const r = check('explanation',
+    '```python\ndef positives_doubled(rows):\n    return [x["a"] * 2 for x in rows if x.get("a", 0) > 0]\n```\n' +
+    '1. Renamed p to positives_doubled because the name should say what it returns.\n' +
+    '2. Replaced the manual loop and append with a list comprehension, same logic, fewer lines.\n' +
+    '3. Used x.get("a", 0) so a missing key is treated as zero instead of raising.\n' +
+    '4. Kept the > 0 filter; the behavior is unchanged, only the shape is clearer.');
+  assert.equal(r.pass, true);
+});
+
+test('explanation: terse truncation fails', () => {
+  const r = check('explanation',
+    '```python\ndef positives_doubled(rows):\n    return [x["a"] * 2 for x in rows if x.get("a", 0) > 0]\n```\n' +
+    'skipped: the loop. comprehension covers it.');
+  assert.equal(r.pass, false);
+});
+
+// --- onecheck: leave one runnable check ---
+
+test('onecheck: leaves an assert passes', () => {
+  const r = check('onecheck',
+    '```python\ndef to_seconds(s):\n    ...\n\nassert to_seconds("1h30m") == 5400\n```');
+  assert.equal(r.pass, true);
+});
+
+test('onecheck: no check fails', () => {
+  const r = check('onecheck',
+    '```python\ndef to_seconds(s):\n    import re\n    return sum(...)\n```');
+  assert.equal(r.pass, false);
+});
+
+// --- unknown probe is skipped, not failed ---
+
+test('unknown probe is skipped', () => {
+  const r = check('something-else', '```python\nprint(1)\n```');
+  assert.equal(r.pass, true);
+  assert.match(r.reason, /skipped/i);
+});

package/tests/commands.test.js

@@ -0,0 +1,40 @@
+#!/usr/bin/env node
+// Every lexis-two command the pi extension registers must also ship as a
+// file-based command for the hosts that need one: Claude Code (commands/*.toml,
+// which Gemini CLI reuses) and OpenCode (.opencode/command/*.md). /lexis-two-help
+// was advertised in the README and the help card but missing both files; this
+// guards that drift -- a registered command with no adapter file fails here.
+
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+
+const root = path.join(__dirname, '..');
+const piSource = fs.readFileSync(path.join(root, 'pi-extension', 'index.js'), 'utf8');
+// Extract all registered commands: pi.registerCommand("command-name", ...)
+const commands = [...piSource.matchAll(/registerCommand\(["']([\w-]+)["']/g)].map((m) => m[1]);
+
+test('pi registers at least the base command', () => {
+  assert.ok(commands.includes('lexis-two'), 'expected pi to register a lexis-two command');
+});
+
+test('every registered command ships a Claude commands/*.toml', () => {
+  for (const command of commands) {
+    const tomlPath = path.join(root, 'commands', `${command}.toml`);
+    assert.ok(
+      fs.existsSync(tomlPath),
+      `missing Claude command adapter: commands/${command}.toml (registered in pi-extension/index.js)`
+    );
+  }
+});
+
+test('every registered command ships an OpenCode .opencode/command/*.md', () => {
+  for (const command of commands) {
+    const mdPath = path.join(root, '.opencode', 'command', `${command}.md`);
+    assert.ok(
+      fs.existsSync(mdPath),
+      `missing OpenCode command adapter: .opencode/command/${command}.md (registered in pi-extension/index.js)`
+    );
+  }
+});

package/tests/copilot-plugin.test.js

@@ -0,0 +1,33 @@
+#!/usr/bin/env node
+// Smoke test for the Copilot plugin adapter: keep command wiring minimal and
+// ensure the debt command is part of the shared command surface.
+
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+
+const root = path.join(__dirname, '..');
+const REQUIRED_COMMAND_FILES = [
+  'lexis-two.toml',
+  'lexis-two-review.toml',
+  'lexis-two-audit.toml',
+  'lexis-two-debt.toml',
+];
+
+function readJSON(relPath) {
+  return JSON.parse(fs.readFileSync(path.join(root, relPath), 'utf8'));
+}
+
+test('copilot plugin command directory includes lexis-two-debt', () => {
+  const manifest = readJSON('.github/plugin/plugin.json');
+  assert.equal(manifest.name, 'lexis-two');
+  assert.equal(manifest.commands, 'commands/');
+
+  for (const file of REQUIRED_COMMAND_FILES) {
+    assert.ok(
+      fs.existsSync(path.join(root, manifest.commands, file)),
+      `missing command file: ${manifest.commands}${file}`,
+    );
+  }
+});

package/tests/correctness.test.js

@@ -0,0 +1,191 @@
+#!/usr/bin/env node
+// Unit test for the correctness benchmark assertion. Feeds known-good and
+// known-bad LLM outputs through each task checker and asserts the expected
+// pass/fail verdict. Runs without promptfoo — just node:test + the module.
+
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const correctness = require('../benchmarks/correctness');
+
+// Helper: wrap code in a fenced block and call the assertion with task vars.
+function check(task, lang, code) {
+  const output = '```' + lang + '\n' + code + '\n```';
+  return correctness(output, { vars: { task } });
+}
+
+// --- Email validator ---
+
+test('email: correct one-liner passes', () => {
+  const result = check(
+    'Write me a Python function that validates email addresses.',
+    'python',
+    'def validate_email(email):\n    return "@" in email and "." in email.split("@")[-1] and email.split("@")[0] != ""',
+  );
+  assert.equal(result.pass, true);
+  assert.equal(result.score, 1);
+});
+
+test('email: always-true validator fails', () => {
+  const result = check(
+    'Write me a Python function that validates email addresses.',
+    'python',
+    'def validate_email(email):\n    return True',
+  );
+  assert.equal(result.pass, false);
+  assert.equal(result.score, 0);
+});
+
+test('email: no code block fails', () => {
+  const result = correctness('Here is my answer: just use regex.', {
+    vars: { task: 'Write me a Python function that validates email addresses.' },
+  });
+  assert.equal(result.pass, false);
+});
+
+// --- Debounce ---
+
+test('debounce: correct implementation passes', () => {
+  const result = check(
+    'Add debounce to a search input in vanilla JavaScript.',
+    'javascript',
+    `function debounce(fn, delay) {
+  let timer;
+  return function(...args) {
+    clearTimeout(timer);
+    timer = setTimeout(() => fn.apply(this, args), delay);
+  };
+}`,
+  );
+  assert.equal(result.pass, true);
+  assert.equal(result.score, 1);
+});
+
+test('debounce: immediate-call implementation fails', () => {
+  const result = check(
+    'Add debounce to a search input in vanilla JavaScript.',
+    'javascript',
+    `function debounce(fn, delay) {
+  return function(...args) { fn.apply(this, args); };
+}`,
+  );
+  assert.equal(result.pass, false);
+  assert.equal(result.score, 0);
+});
+
+// --- CSV sum ---
+
+test('csv: correct pandas one-liner passes', () => {
+  const result = check(
+    "Write Python code that reads sales.csv and sums the 'amount' column.",
+    'python',
+    `import pandas as pd
+df = pd.read_csv('sales.csv')
+print(df['amount'].sum())`,
+  );
+  assert.equal(result.pass, true);
+  assert.equal(result.score, 1);
+});
+
+test('csv: code that prints wrong value fails', () => {
+  const result = check(
+    "Write Python code that reads sales.csv and sums the 'amount' column.",
+    'python',
+    `print(999)`,
+  );
+  assert.equal(result.pass, false);
+  assert.equal(result.score, 0);
+});
+
+test('csv: value containing 351 as substring fails (e.g. 13510)', () => {
+  const result = check(
+    "Write Python code that reads sales.csv and sums the 'amount' column.",
+    'python',
+    `print(13510)`,
+  );
+  assert.equal(result.pass, false);
+  assert.equal(result.score, 0);
+});
+
+// --- React countdown ---
+
+test('countdown: valid React component passes', () => {
+  const result = check(
+    'Build me a countdown timer component in React.',
+    'javascript',
+    `import { useState, useEffect } from 'react';
+export default function Countdown({ seconds }) {
+  const [count, setCount] = useState(seconds);
+  useEffect(() => {
+    if (count <= 0) return;
+    const id = setInterval(() => setCount(prev => prev - 1), 1000);
+    return () => clearInterval(id);
+  }, [count]);
+  return <div>{count}</div>;
+}`,
+  );
+  assert.equal(result.pass, true);
+  assert.equal(result.score, 1);
+});
+
+test('countdown: static div without state fails', () => {
+  const result = check(
+    'Build me a countdown timer component in React.',
+    'javascript',
+    `export default function Countdown() { return <div>10</div>; }`,
+  );
+  assert.equal(result.pass, false);
+  assert.equal(result.score, 0);
+});
+
+// --- Rate limiter ---
+
+test('ratelimit: FastAPI with limit logic passes', () => {
+  const result = check(
+    'Add rate limiting to my FastAPI endpoint so users can\'t spam it.',
+    'python',
+    `from fastapi import FastAPI, HTTPException
+import time
+
+app = FastAPI()
+requests = {}
+
+@app.get("/api")
+def endpoint(user: str = "anon"):
+    now = time.time()
+    window = requests.get(user, [])
+    window = [t for t in window if now - t < 60]
+    if len(window) >= 10:
+        raise HTTPException(429, "Too Many Requests")
+    window.append(now)
+    requests[user] = window
+    return {"ok": True}`,
+  );
+  assert.equal(result.pass, true);
+  assert.equal(result.score, 1);
+});
+
+test('ratelimit: plain endpoint without limiting fails', () => {
+  const result = check(
+    'Add rate limiting to my FastAPI endpoint.',
+    'python',
+    `from fastapi import FastAPI
+app = FastAPI()
+
+@app.get("/api")
+def endpoint():
+    return {"ok": True}`,
+  );
+  assert.equal(result.pass, false);
+  assert.equal(result.score, 0);
+});
+
+// --- Edge cases ---
+
+test('unknown task is gracefully skipped', () => {
+  const result = correctness('```python\nprint("hi")\n```', {
+    vars: { task: 'Explain quantum computing.' },
+  });
+  assert.equal(result.pass, true);
+  assert.equal(result.score, 1);
+  assert.match(result.reason, /unknown task/i);
+});

package/tests/gemini-extension.test.js

@@ -0,0 +1,78 @@
+#!/usr/bin/env node
+// Smoke test for the Gemini CLI adapter. The adapter is a single thin manifest
+// (gemini-extension.json) that reuses the repo's existing files: AGENTS.md for
+// always-on context, commands/*.toml for /lexis-two + /lexis-two-review, and
+// skills/ for the agent skills. This test fails if the manifest is removed,
+// loses its pinned version, or points contextFileName at a file that no longer
+// carries the load-bearing rules — i.e. if the adapter stops wiring lexis-two.
+
+const test = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+
+const root = path.join(__dirname, '..');
+const MANIFEST = 'gemini-extension.json';
+const EXTENSION_NAME = 'lexis-two';
+// Floating refs are a supply-chain footgun; the manifest version must be pinned.
+const PINNED_SEMVER = /^\d+\.\d+\.\d+$/;
+// All versioned manifests must agree on the same semver string.
+const VERSIONED_MANIFESTS = [
+  'package.json',
+  'gemini-extension.json',
+  '.claude-plugin/plugin.json',
+  '.codex-plugin/plugin.json',
+  '.github/plugin/plugin.json',
+];
+// Gemini auto-discovers these by directory; the manifest is only useful if they exist.
+const REUSED_COMMANDS = ['commands/lexis-two.toml', 'commands/lexis-two-review.toml'];
+const REUSED_SKILLS = ['skills/lexis-two/SKILL.md'];
+// Same load-bearing phrases asserted by scripts/check-rule-copies.js: the file
+// contextFileName points at must actually carry the rules, not just exist.
+const RULE_INVARIANTS = [
+  'lazy senior',
+  'Input validation at trust boundaries',
+  'YAGNI',
+];
+
+function read(relPath) {
+  return fs.readFileSync(path.join(root, relPath), 'utf8');
+}
+
+function loadManifest() {
+  assert.ok(fs.existsSync(path.join(root, MANIFEST)), `${MANIFEST} must exist`);
+  return JSON.parse(read(MANIFEST));
+}
+
+test('manifest names the lexis-two extension with a pinned version', () => {
+  const manifest = loadManifest();
+  assert.equal(manifest.name, EXTENSION_NAME);
+  assert.match(manifest.version, PINNED_SEMVER);
+});
+
+test('all versioned manifests share the same version', () => {
+  const versions = VERSIONED_MANIFESTS.map((rel) => {
+    const data = JSON.parse(read(rel));
+    assert.match(data.version, PINNED_SEMVER, `${rel} version must be pinned semver`);
+    return data.version;
+  });
+  const [sharedVersion, ...rest] = versions;
+  for (const version of rest) {
+    assert.equal(version, sharedVersion, `version mismatch: expected ${sharedVersion}, got ${version}`);
+  }
+});
+
+test('contextFileName resolves to a file carrying the lexis-two rules', () => {
+  const manifest = loadManifest();
+  assert.ok(manifest.contextFileName, 'contextFileName must be set so rules load every session');
+  const context = read(manifest.contextFileName);
+  for (const phrase of RULE_INVARIANTS) {
+    assert.ok(context.includes(phrase), `context file missing rule invariant: "${phrase}"`);
+  }
+});
+
+test('the commands and skills the adapter reuses are present', () => {
+  for (const rel of [...REUSED_COMMANDS, ...REUSED_SKILLS]) {
+    assert.ok(fs.existsSync(path.join(root, rel)), `reused file missing: ${rel}`);
+  }
+});