@esoteric-logic/praxis-harness 2.9.1 → 2.11.0

package/base/CLAUDE.md

@@ -56,6 +56,13 @@ Vault path and backend are machine-specific. Read from `~/.claude/praxis.config.
 If config file is missing: tell the user to run `praxis/install.sh`.
 All `{vault_path}` references in rules and skills resolve from this config.
 
+## Model & Context Policy
+- Default model: `claude-opus-4-6` (set `ANTHROPIC_MODEL` in shell profile)
+- Sub-agents spawned by Praxis skills: use `haiku` for polling, search, and lint tasks
+- Compact trigger: when context approaches ceiling, finish the current milestone first
+- Never compact mid-plan — complete the milestone, write phase summary to vault, then compact
+- After compaction: re-bootstrap from § After Compaction below, re-run quality checks fresh
+
 ## Durable Memory
 Context is volatile. Files are permanent. Act accordingly.
 
@@ -135,27 +142,42 @@ Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 
 ## Rules Registry — Load on Demand Only
 
-### Universal — always active (9 rules)
+### Universal — always active (12 rules)
+
+Quality is a generation-time constraint, not a post-hoc review. The rules below
+are the lens you write through — they shape every line of code produced.
+
 | File | Purpose |
 |------|---------|
 | `~/.claude/rules/profile.md` | Who the user is, identities, working style |
 | `~/.claude/rules/execution-loop.md` | SPEC/PLAN/VALIDATE loop enforcement |
 | `~/.claude/rules/coding.md` | Context7 mandate, tool preferences, quality architecture reference |
-| `~/.claude/rules/code-quality.md` | Layer 2: Active constraints — hard limits during generation |
+| `~/.claude/rules/code-quality.md` | Active constraints — hard limits during generation (30 lines, 3 nesting, 4 params) |
+| `~/.claude/rules/code-excellence.md` | Core principles — simplicity, correctness, naming, error design, dependency hygiene |
+| `~/.claude/rules/engineering-judgment.md` | Meta-reasoning — Five Questions, YAGNI, Rule of Three, reversibility test |
+| `~/.claude/rules/self-verify.md` | Self-verification — 24-check protocol before every commit |
 | `~/.claude/rules/git-workflow.md` | Commits, branches, identity verification, pre-commit checks |
 | `~/.claude/rules/vault.md` | Second brain integration — vault backend, file purposes |
 | `~/.claude/rules/context-management.md` | Context anti-rot, phase scoping, context reset protocol |
 | `~/.claude/rules/memory-boundary.md` | Auto-memory boundary, MEMORY.md cap, dream integration |
 | `~/.claude/rules/security-posture.md` | Sandbox model, credential protection, protected paths |
 
-### Skills — loaded at session start
-| File | Purpose |
-|------|---------|
-| `~/.claude/skills/code-excellence.md` | Layer 1: Principles — shapes reasoning about code |
-| `~/.claude/skills/engineering-judgment.md` | Layer 1: Meta-reasoning — principal engineer decision framework |
-| `~/.claude/skills/self-verify.md` | Layer 3: Self-verification protocol — proves correctness before commit |
-
 ### Scoped — load only when paths match
+
+#### Language quality (generation-time constraints per language)
+| File | Loads when |
+|------|------------|
+| `~/.claude/rules/python-quality.md` | `**/*.py` |
+| `~/.claude/rules/typescript-quality.md` | `**/*.ts`, `**/*.tsx` |
+| `~/.claude/rules/shell-quality.md` | `**/*.sh` |
+| `~/.claude/rules/go-quality.md` | `**/*.go` |
+| `~/.claude/rules/rust-quality.md` | `**/*.rs` |
+| `~/.claude/rules/java-quality.md` | `**/*.java` |
+| `~/.claude/rules/css-quality.md` | `**/*.css`, `**/*.scss`, `**/*.less` |
+| `~/.claude/rules/sql-quality.md` | `**/*.sql` |
+| `~/.claude/rules/api-quality.md` | `**/routes/**`, `**/api/**`, `**/controllers/**`, `**/handlers/**` |
+
+#### Infrastructure and tooling
 | File | Loads when |
 |------|------------|
 | `~/.claude/rules/azure.md` | `**/*.tf`, `**/*.bicep`, `**/*.azcli` |
@@ -164,6 +186,7 @@ Kit manifests live in `~/.claude/kits/<name>/KIT.md`.
 | `~/.claude/rules/powershell.md` | `**/*.ps1`, `**/*.psm1` |
 | `~/.claude/rules/dependency-freshness.md` | `package.json`, `go.mod`, `requirements.txt`, `Cargo.toml`, `pyproject.toml` |
 | `~/.claude/rules/live-docs-required.md` | Dependency manifests, files importing external packages |
+| `~/.claude/rules/desktop-protocol.md` | Claude Desktop ↔ Claude Code handoff sessions |
 
 ### Auto-invocable skills (replace former universal rules)
 | Skill | Triggers when |

package/base/configs/registry.json

@@ -101,7 +101,8 @@
       {"path": "base/hooks/file-guard.sh", "event": "PreToolUse", "matcher": "Write|Edit|MultiEdit"},
       {"path": "base/hooks/identity-check.sh", "event": "PreToolUse", "matcher": "Bash"},
       {"path": "base/hooks/credential-guard.sh", "event": "PreToolUse", "matcher": "Bash"},
-      {"path": "base/hooks/session-data-collect.sh", "event": "Stop", "matcher": ""}
+      {"path": "base/hooks/session-data-collect.sh", "event": "Stop", "matcher": ""},
+      {"path": "base/hooks/on-stop-failure.sh", "event": "StopFailure", "matcher": ""}
     ],
     "optional": [
       {"path": "base/hooks/recursion-guard.sh", "event": "PreToolUse", "matcher": "", "feature": "recursion-detection"},

package/base/hooks/on-stop-failure.sh

@@ -0,0 +1,121 @@
+#!/usr/bin/env bash
+# on-stop-failure.sh — StopFailure hook (Auto mode failure classifier)
+# Reads Claude's stop context, classifies the failure, and either:
+#   - Auto-repairs (transient: test fail, lint fail, tool error) → exit 0 (continue)
+#   - Escalates to human (boundary/spec/security violation) → exit 1 (halt)
+# Tracks repair attempts per failure fingerprint to prevent infinite loops.
+# Reuses PPID-scoped state pattern from recursion-guard.sh.
+set -euo pipefail
+
+if ! command -v jq &>/dev/null; then
+  echo "on-stop-failure: jq required but not found. Cannot classify failure." >&2
+  exit 1
+fi
+
+# ── Parse input (single jq call) ──
+INPUT=$(cat)
+PARSED=$(echo "$INPUT" | jq -r '[
+  (.exit_code // 1 | tostring),
+  (.stop_reason // ""),
+  (.last_tool_use.name // ""),
+  (.last_tool_use.error // "")
+] | join("\t")' 2>/dev/null || echo "1\t\t\t")
+
+IFS=$'\t' read -r EXIT_CODE STOP_REASON LAST_TOOL TOOL_ERROR <<< "$PARSED"
+
+MAX_REPAIR_ATTEMPTS=3
+MAX_FINGERPRINT_LEN=200
+
+# ── Repair attempt tracker (PPID-scoped, same pattern as recursion-guard.sh) ──
+REPAIR_STATE="/tmp/praxis-repair-${PPID}.json"
+if [[ ! -f "$REPAIR_STATE" ]]; then
+  echo '{"repair_attempts":0,"last_fingerprint":""}' > "$REPAIR_STATE"
+fi
+
+# Compare raw fingerprint strings — no hash needed for equality checks
+FINGERPRINT="${EXIT_CODE}:${LAST_TOOL}:${STOP_REASON:0:$MAX_FINGERPRINT_LEN}"
+
+# Single jq call to read both fields
+STATE_READ=$(jq -r '[(.last_fingerprint // ""), (.repair_attempts // 0 | tostring)] | join("\t")' "$REPAIR_STATE" 2>/dev/null || echo $'\t0')
+IFS=$'\t' read -r LAST_FINGERPRINT CURRENT_ATTEMPTS <<< "$STATE_READ"
+
+# Same fingerprint = looping on the same error
+if [[ "$FINGERPRINT" == "$LAST_FINGERPRINT" ]]; then
+  CURRENT_ATTEMPTS=$((CURRENT_ATTEMPTS + 1))
+else
+  CURRENT_ATTEMPTS=1
+fi
+
+# Atomic state file update (tmp + mv)
+TMP_STATE="${REPAIR_STATE}.tmp"
+jq -n --argjson attempts "$CURRENT_ATTEMPTS" --arg fp "$FINGERPRINT" \
+  '{"repair_attempts": $attempts, "last_fingerprint": $fp}' \
+  > "$TMP_STATE" && mv "$TMP_STATE" "$REPAIR_STATE"
+
+# ── Hard escalation: too many repair attempts on same failure ──
+if [[ $CURRENT_ATTEMPTS -gt $MAX_REPAIR_ATTEMPTS ]]; then
+  echo "AUTO-REPAIR EXHAUSTED: $CURRENT_ATTEMPTS attempts on same failure." >&2
+  echo "Failure: exit=$EXIT_CODE tool=$LAST_TOOL" >&2
+  echo "Halting — human review required." >&2
+
+  CONFIG="$HOME/.claude/praxis.config.json"
+  if [[ -f "$CONFIG" ]]; then
+    VAULT_PATH=$(jq -r '.vault_path // ""' "$CONFIG" 2>/dev/null)
+    if [[ -n "$VAULT_PATH" && -d "$VAULT_PATH" ]]; then
+      TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+      ESCALATION_FILE="$VAULT_PATH/notes/escalations.md"
+
+      if [[ ! -f "$ESCALATION_FILE" ]]; then
+        printf -- "---\ntags: [escalation, auto-repair]\ndate: %s\nsource: agent\n---\n\n# Auto-Repair Escalations\n" \
+          "$(date +%Y-%m-%d)" > "$ESCALATION_FILE"
+      fi
+
+      printf "\n## %s\n- **Failure**: exit=%s tool=%s\n- **Attempts**: %s\n- **Reason**: %s\n- **Status**: HALTED — needs human review\n" \
+        "$TIMESTAMP" "$EXIT_CODE" "$LAST_TOOL" "$CURRENT_ATTEMPTS" "${STOP_REASON:0:$MAX_FINGERPRINT_LEN}" \
+        >> "$ESCALATION_FILE"
+    fi
+  fi
+
+  exit 1
+fi
+
+# ── Hard escalation patterns (single regex, never auto-repair these) ──
+HARD_REGEX="BLOCKED:|secret detected|Protected path|out of scope|permission denied|identity mismatch"
+COMBINED_CONTEXT="$STOP_REASON $TOOL_ERROR"
+
+if echo "$COMBINED_CONTEXT" | grep -qiE "$HARD_REGEX"; then
+  MATCHED=$(echo "$COMBINED_CONTEXT" | grep -oiE "$HARD_REGEX" | head -1)
+  echo "ESCALATING: Hard violation — '$MATCHED' matched." >&2
+  echo "Auto-repair suppressed. Human review required." >&2
+  exit 1
+fi
+
+# Exit code 2 = guard hard-block (recursion-guard.sh, secret-scan.sh, file-guard.sh convention)
+if [[ "$EXIT_CODE" == "2" ]]; then
+  echo "ESCALATING: Exit code 2 = guard hard-block. No auto-repair." >&2
+  exit 1
+fi
+
+# ── Transient failure → emit repair prompt (Auto mode continues) ──
+# Claude Code reads stdout from StopFailure hooks as an injected prompt.
+
+cat <<REPAIR
+Auto-repair attempt $CURRENT_ATTEMPTS of $MAX_REPAIR_ATTEMPTS.
+
+Failure context:
+- Exit code: $EXIT_CODE
+- Last tool: $LAST_TOOL
+- Stop reason: ${STOP_REASON:0:500}
+- Tool error: ${TOOL_ERROR:0:$MAX_FINGERPRINT_LEN}
+
+Instructions:
+1. Read the error above carefully. Identify the root cause from actual output.
+2. Apply the minimum fix required. Do not expand scope.
+3. Re-run validation (tests + lint) after fixing.
+4. If this is attempt $CURRENT_ATTEMPTS of $MAX_REPAIR_ATTEMPTS and the fix is not obvious:
+   report What / So What / Now What and halt.
+
+Do NOT re-attempt the same approach that just failed.
+REPAIR
+
+exit 0

package/base/hooks/settings-hooks.json

@@ -68,6 +68,17 @@
         ]
       }
     ],
+    "StopFailure": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash ~/.claude/hooks/on-stop-failure.sh"
+          }
+        ]
+      }
+    ],
     "PreCompact": [
       {
         "matcher": "",

package/base/rules/api-quality.md

@@ -0,0 +1,25 @@
+# API Quality — Generation Constraints
+# Scope: **/routes/**, **/api/**, **/controllers/**, **/handlers/**
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- Validate all input before touching business logic — type, range, format, length.
+- Auth and permission checks execute before any data access — never after.
+- Every endpoint has an explicit error response shape — no raw stack traces to callers.
+- No raw database objects in responses — always project to a response type or DTO.
+- Parameterized queries only — never concatenate user input into SQL or query strings.
+- Rate limiting or pagination on any endpoint that returns unbounded collections.
+
+## Conventions — WARN on violation
+
+- Consistent error response format across all endpoints (status, code, message, details).
+- Idempotency keys on state-changing operations that clients may retry.
+- Request correlation IDs for tracing — propagate through the call chain.
+- CORS, CSRF, and security headers configured explicitly — not inherited from defaults.
+- Separate validation errors (400) from auth errors (401/403) from not-found (404) from server errors (500).
+- Log request context (method, path, status, duration) — never log request bodies containing PII.
+- API versioning strategy declared before first endpoint is written.
+
+## Removal Condition
+Remove when an API-specific linter rule engine replaces generation-time constraints.

package/base/{skills → rules}/code-excellence.md

@@ -1,7 +1,7 @@
 # Code Excellence — Core Principles
 
-Load this skill at the start of every session. These principles shape how you reason about
-code before writing a single character. They are not a checklist — they are a worldview.
+These principles shape how you reason about code before writing a single character.
+They are not a checklist — they are a worldview. They are always active.
 
 ## The Prime Directive
 Write code that the next engineer will thank you for.
@@ -21,6 +21,13 @@ Before adding any abstraction, answer all three:
 - Would a new engineer understand the code FASTER with this abstraction than without it?
 If any answer is no — do not add it. Inline the logic.
 
+Over-engineering red flags — stop and simplify if you see yourself writing:
+- An interface/factory/strategy with exactly one implementation
+- A wrapper function whose entire body is a single delegating call
+- Unused type parameters, config options no caller sets, plugin systems with one plugin
+- Observer/EventEmitter with 2 listeners, Singleton for a module variable, Builder for 3 fields
+- A function with boolean flags that switch behavior — write two functions instead
+
 ## On Correctness
 Correctness means the code does exactly what its name promises. Not more. Not less.
 A function named `getUserById` returns a user by ID.

package/base/rules/css-quality.md

@@ -0,0 +1,25 @@
+# CSS Quality — Generation Constraints
+# Scope: **/*.css, **/*.scss, **/*.less
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- No `!important` — fix the specificity problem instead.
+- No hardcoded color values — use design tokens or CSS custom properties.
+- No `px` for font sizes — use `rem` for scalability and accessibility.
+- No `z-index` without a comment and reference to the project's z-index scale.
+- No layout via `float` — use flexbox or grid.
+
+## Conventions — WARN on violation
+
+- CSS custom properties (`--var`) for all recurring values: spacing, colors, radii, shadows.
+- Mobile-first media queries (`min-width`) — never desktop-first (`max-width`).
+- Logical properties (`margin-inline`, `padding-block`) over physical (`margin-left`, `padding-top`).
+- `gap` for spacing between flex/grid items — not margin hacks on children.
+- Prefer `clamp()` for fluid typography and spacing over media query breakpoints.
+- `:focus-visible` over `:focus` for keyboard-only focus indicators.
+- `prefers-reduced-motion` media query wrapping any animation or transition.
+- BEM or utility-class convention — never bare tag selectors outside resets.
+
+## Removal Condition
+Remove when a CSS-specific linter rule engine replaces generation-time constraints.

package/base/rules/desktop-protocol.md

@@ -0,0 +1,64 @@
+# Desktop Protocol — Rules
+# Scope: Sessions involving Claude Desktop ↔ Claude Code handoff
+# Defines role boundaries and structured handoff format
+
+## Role Boundaries
+
+| Surface | Role | Responsible for |
+|---------|------|-----------------|
+| Claude Desktop | Architect / Reviewer | ADR review, security audit, diff validation, prompt engineering |
+| Claude Code | Executor | File writes, git ops, test runs, tool use, vault updates |
+
+Desktop generates structured intent. Code executes it.
+Never use Desktop for file writes. Never use Code for open-ended architecture debate.
+
+## Handoff Format — Desktop → Code
+
+When Desktop completes a review or decision, it emits a structured handoff block.
+Code reads this block as its initial task context.
+
+```
+HANDOFF:
+  TASK: [one-line description]
+  SPEC: [link to vault plan or spec file]
+  CONSTRAINTS: [hard limits — what must NOT change]
+  ACCEPTANCE: [how to know it's done]
+  CONTEXT: [optional — key decisions or rationale from review]
+```
+
+Code MUST NOT start implementation without at least TASK and ACCEPTANCE filled.
+If SPEC is missing, Code asks before proceeding.
+
+## Handoff Format — Code → Desktop
+
+When Code completes implementation and wants architectural review:
+
+```
+REVIEW-REQUEST:
+  TASK: [what was implemented]
+  DIFF: [git diff summary or branch name]
+  SPEC: [link to plan that drove this work]
+  QUESTIONS: [specific things to review — not "does this look good"]
+```
+
+## Vault Write-Back
+
+After Desktop review, append the decision to `{vault_path}/notes/review-decisions.md`:
+
+```
+## YYYY-MM-DD | [task-slug]
+- **Decision**: APPROVED | CHANGES_REQUESTED | DEFERRED
+- **Rationale**: [1-2 sentences]
+- **Action items**: [if CHANGES_REQUESTED — specific items for Code to address]
+```
+
+## Conventions — WARN on violation
+
+- Desktop review decisions that affect architecture go to `{vault_path}/specs/` as ADRs
+- Desktop review decisions that are tactical (naming, style, small refactors) stay in `review-decisions.md`
+- Code must not self-approve architectural changes — route through Desktop review
+- If Desktop is unavailable, Code may proceed but must flag the decision in `status.md` for later review
+
+## Removal Condition
+Remove when a unified Claude surface handles both architecture review and code execution
+natively, eliminating the need for explicit handoff protocols.

package/base/rules/go-quality.md

@@ -0,0 +1,25 @@
+# Go Quality — Generation Constraints
+# Scope: **/*.go
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- Every error return checked immediately — no `_` for error values.
+- No `panic` in library code — return errors. Reserve `panic` for truly unrecoverable states in `main`.
+- No `interface{}` or `any` without a comment explaining why a concrete type won't work.
+- Context (`context.Context`) as the first parameter of any function that does I/O or may be cancelled.
+- No goroutine without a clear ownership and shutdown path — leaked goroutines are memory leaks.
+
+## Conventions — WARN on violation
+
+- Table-driven tests for any function with more than 2 test cases.
+- `errors.Is` / `errors.As` for error comparison — never string matching on `err.Error()`.
+- `fmt.Errorf("context: %w", err)` to wrap errors with context — never lose the original.
+- Named return values only when they clarify the function signature — not as a substitute for declarations.
+- `sync.Mutex` fields placed immediately above the fields they protect, with a comment.
+- `defer` for cleanup — but never defer in a loop body.
+- Prefer `io.Reader` / `io.Writer` interfaces over concrete types in function signatures.
+- Struct field tags (`json`, `db`) on every field of a struct used for serialization.
+
+## Removal Condition
+Remove when golangci-lint rules replace generation-time constraints entirely.

package/base/rules/java-quality.md

@@ -0,0 +1,25 @@
+# Java Quality — Generation Constraints
+# Scope: **/*.java
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- No raw types — always use parameterized generics (`List<String>`, not `List`).
+- No empty catch blocks — handle, re-throw with context, or log with severity.
+- No `null` returns from public methods without `@Nullable` annotation and documented behavior.
+- All public API methods have Javadoc with `@param`, `@return`, and `@throws`.
+- Resources (streams, connections) use try-with-resources — never manual `finally` close.
+
+## Conventions — WARN on violation
+
+- Records over classes for immutable data carriers (Java 16+).
+- `Optional` return type over nullable for methods that may not produce a result.
+- `var` for local variables only when the type is obvious from the right-hand side.
+- `sealed` interfaces/classes for closed hierarchies with pattern matching.
+- Builder pattern only for objects with 5+ fields — constructors or factories for fewer.
+- Prefer `List.of()`, `Map.of()` for immutable collections — not `Collections.unmodifiable*`.
+- `@Override` on every overriding method — let the compiler catch signature drift.
+- Stream operations only when they improve readability — explicit loops for complex logic.
+
+## Removal Condition
+Remove when a Java-specific linter rule engine replaces generation-time constraints.

package/base/rules/python-quality.md

@@ -0,0 +1,25 @@
+# Python Quality — Generation Constraints
+# Scope: **/*.py
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- Type hints on every function signature — parameters and return type. No exceptions.
+- No bare `except:` — always catch a specific exception type.
+- No mutable default arguments (`def f(x=[])`) — use `None` and assign inside.
+- No `import *` — explicit imports only.
+- No `type: ignore` without an inline comment explaining why it's safe.
+- f-strings only for string formatting — never `%` or `.format()`.
+
+## Conventions — WARN on violation
+
+- `dataclass` or `TypedDict` over raw dicts for structured data with 3+ fields.
+- `pathlib.Path` over `os.path` for path manipulation.
+- Context managers (`with`) for all resource handling (files, connections, locks).
+- Comprehensions only when they fit one line — explicit loops otherwise.
+- `enum.Enum` or `Literal` for fixed sets of values — never raw strings.
+- `logging` module over `print()` in anything that isn't a CLI script.
+- Async functions: every `await` in a try/except or the caller handles the exception.
+
+## Removal Condition
+Remove when a Python-specific linter rule engine replaces generation-time constraints.

package/base/rules/rust-quality.md

@@ -0,0 +1,25 @@
+# Rust Quality — Generation Constraints
+# Scope: **/*.rs
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- No `.unwrap()` or `.expect()` in library code — propagate errors with `?`.
+- No `unsafe` blocks without an inline `// SAFETY:` comment explaining the invariant.
+- No `.clone()` to silence the borrow checker — restructure ownership instead.
+- All public items have doc comments (`///`) — the API is the documentation.
+- Error types implement `std::error::Error` and provide context via `Display`.
+
+## Conventions — WARN on violation
+
+- `thiserror` for library error types, `anyhow` for application error types.
+- Prefer `&str` over `String` in function parameters — take ownership only when needed.
+- Prefer iterators and combinators over manual loops where they improve readability.
+- `#[must_use]` on functions whose return value should not be silently ignored.
+- Derive `Debug` on all public structs and enums.
+- `#[non_exhaustive]` on public enums that may gain variants.
+- Prefer `impl Trait` in argument position over generic type parameters when the type is used once.
+- Integration tests in `tests/` directory — unit tests in the same file with `#[cfg(test)]`.
+
+## Removal Condition
+Remove when clippy rules replace generation-time constraints entirely.

package/base/rules/shell-quality.md

@@ -0,0 +1,26 @@
+# Shell Quality — Generation Constraints
+# Scope: **/*.sh
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- Every script starts with `#!/usr/bin/env bash` and `set -euo pipefail`.
+- All variable expansions quoted: `"$VAR"`, never bare `$VAR`.
+- No `eval` — ever. Use arrays for dynamic command construction.
+- `[[ ]]` for conditionals — never `[ ]` (no word splitting, no glob expansion).
+- No inline credentials or tokens — use environment variables.
+- Exit codes: 0 for success, 1 for general failure, 2 for hard block (Praxis convention).
+
+## Conventions — WARN on violation
+
+- Heredocs or `printf` for multi-line output — never multi-line `echo`.
+- `local` keyword for all variables inside functions.
+- `command -v` for tool detection — never `which`.
+- `mktemp` for temporary files — never hardcoded `/tmp/myfile`.
+- Trap `ERR` or use explicit error handling — don't rely solely on `set -e`.
+- Use `jq` with `--arg` / `--argjson` for JSON — never interpolate variables into JSON strings.
+- Prefer `$(...)` over backticks for command substitution.
+- Group related options into functions — no scripts longer than 100 lines without functions.
+
+## Removal Condition
+Remove when a shell-specific linter rule engine replaces generation-time constraints.

package/base/rules/sql-quality.md

@@ -0,0 +1,25 @@
+# SQL Quality — Generation Constraints
+# Scope: **/*.sql
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- Parameterized queries only — never concatenate user input into SQL strings.
+- Every `SELECT` on user-generated data has a `LIMIT` — no unbounded result sets.
+- Every migration is reversible — include both `UP` and `DOWN` in every migration file.
+- No `SELECT *` — explicitly list columns. Schema changes should not silently alter query results.
+- No `DROP TABLE` or `DROP COLUMN` without a preceding data migration or explicit confirmation.
+
+## Conventions — WARN on violation
+
+- Uppercase SQL keywords (`SELECT`, `FROM`, `WHERE`) — lowercase for identifiers.
+- `snake_case` for all table and column names.
+- Foreign keys have explicit `ON DELETE` and `ON UPDATE` behavior — never rely on defaults.
+- Indexes on all columns used in `WHERE`, `JOIN`, and `ORDER BY` on tables >1000 rows.
+- `NOT NULL` by default — nullable columns require a comment explaining why null is valid.
+- `TIMESTAMP WITH TIME ZONE` for all temporal columns — never naive timestamps.
+- `CHECK` constraints for domain validation at the database level — don't rely solely on application code.
+- CTEs (`WITH`) for readability over nested subqueries beyond 2 levels.
+
+## Removal Condition
+Remove when a SQL-specific linter rule engine replaces generation-time constraints.

package/base/rules/typescript-quality.md

@@ -0,0 +1,26 @@
+# TypeScript Quality — Generation Constraints
+# Scope: **/*.ts, **/*.tsx
+# Active during code generation, not post-hoc review
+
+## Invariants — BLOCK on violation
+
+- No `any` type — ever. Use `unknown` and narrow, or define the actual type.
+- Explicit return types on all exported functions.
+- No non-null assertion (`!`) without an inline comment explaining why it's safe.
+- No `@ts-ignore` or `@ts-expect-error` without an inline comment explaining why.
+- No `as` type assertions unless narrowing from `unknown` — prefer type guards.
+- Strict null checks: handle `null` and `undefined` explicitly, never assume presence.
+
+## Conventions — WARN on violation
+
+- `const` by default — `let` only when reassignment is necessary. Never `var`.
+- Discriminated unions over optional fields for modeling distinct states.
+- `readonly` on properties that should not be mutated after construction.
+- `interface` for object shapes, `type` for unions, intersections, and computed types.
+- Named exports over default exports — better refactoring support and tree-shaking.
+- `Promise.all` for independent async operations — never sequential awaits for parallel work.
+- Error boundaries in React components that render user-generated or external data.
+- `satisfies` operator over `as` for type validation without widening.
+
+## Removal Condition
+Remove when a TypeScript-specific linter rule engine replaces generation-time constraints.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@esoteric-logic/praxis-harness",
-  "version": "2.9.1",
+  "version": "2.11.0",
   "description": "Layered Claude Code harness — workflow discipline, AI-Kits, persistent vault integration",
   "bin": {
     "praxis-harness": "./bin/praxis.js"