@geraldmaron/construct 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +10 -7
- package/LICENSE +201 -21
- package/README.md +132 -257
- package/agents/contracts.json +387 -0
- package/agents/prompts/cx-accessibility.md +8 -0
- package/agents/prompts/cx-ai-engineer.md +92 -0
- package/agents/prompts/cx-architect.md +10 -2
- package/agents/prompts/cx-business-strategist.md +13 -0
- package/agents/prompts/cx-data-analyst.md +80 -0
- package/agents/prompts/cx-data-engineer.md +4 -0
- package/agents/prompts/cx-debugger.md +8 -0
- package/agents/prompts/cx-designer.md +19 -0
- package/agents/prompts/cx-devil-advocate.md +4 -0
- package/agents/prompts/cx-docs-keeper.md +128 -0
- package/agents/prompts/cx-engineer.md +13 -0
- package/agents/prompts/cx-evaluator.md +4 -0
- package/agents/prompts/cx-explorer.md +12 -0
- package/agents/prompts/cx-legal-compliance.md +13 -0
- package/agents/prompts/cx-operations.md +13 -0
- package/agents/prompts/cx-orchestrator.md +107 -4
- package/agents/prompts/cx-platform-engineer.md +75 -0
- package/agents/prompts/cx-product-manager.md +8 -0
- package/agents/prompts/cx-qa.md +100 -0
- package/agents/prompts/cx-rd-lead.md +13 -0
- package/agents/prompts/cx-release-manager.md +8 -0
- package/agents/prompts/cx-researcher.md +21 -1
- package/agents/prompts/cx-reviewer.md +8 -0
- package/agents/prompts/cx-security.md +104 -0
- package/agents/prompts/cx-sre.md +104 -0
- package/agents/prompts/cx-test-automation.md +4 -0
- package/agents/prompts/cx-trace-reviewer.md +7 -3
- package/agents/prompts/cx-ux-researcher.md +4 -0
- package/agents/registry.json +365 -90
- package/agents/role-manifests.json +217 -0
- package/bin/construct +3345 -141
- package/bin/construct-postinstall.mjs +87 -0
- package/commands/build/feature.md +6 -6
- package/commands/plan/feature.md +6 -5
- package/commands/plan/requirements.md +1 -1
- package/commands/ship/status.md +1 -1
- package/commands/work/drive.md +3 -3
- package/commands/work/optimize-prompts.md +3 -3
- package/db/{migrations → schema}/001_init.sql +2 -0
- package/db/schema/002_pgvector.sql +182 -0
- package/db/schema/003_intake.sql +47 -0
- package/examples/README.md +85 -0
- package/examples/internal/roles/architect/bad/clever-plan-without-contracts.md +30 -0
- package/examples/internal/roles/architect/golden/explicit-tradeoff-before-plan.md +23 -0
- package/examples/internal/roles/engineer/bad/speculative-abstraction.md +30 -0
- package/examples/internal/roles/engineer/golden/read-before-write.md +28 -0
- package/examples/internal/roles/orchestrator/bad/everything-becomes-multi-agent.md +29 -0
- package/examples/internal/roles/orchestrator/golden/minimal-dispatch.md +22 -0
- package/examples/internal/roles/qa/bad/coverage-theater.md +30 -0
- package/examples/internal/roles/qa/golden/regression-gate.md +23 -0
- package/examples/internal/roles/reviewer/bad/lgtm-without-verification.md +29 -0
- package/examples/internal/roles/reviewer/golden/find-structural-risk-first.md +28 -0
- package/examples/personas/construct/adversarial/ignore-instruction-to-skip-approval.md +22 -0
- package/examples/personas/construct/bad/commit-without-approval.md +30 -0
- package/examples/personas/construct/boundary/blocked-needs-main-input.md +29 -0
- package/examples/personas/construct/golden/branch-approval-before-mutation.md +36 -0
- package/examples/personas/construct/golden/focused-direct-answer.md +28 -0
- package/examples/provider-plugin/README.md +34 -0
- package/examples/provider-plugin/index.mjs +74 -0
- package/examples/provider-plugin/package.json +15 -0
- package/examples/seed-observations/README.md +38 -0
- package/examples/seed-observations/anti-patterns.md +44 -0
- package/examples/seed-observations/decisions.md +36 -0
- package/examples/seed-observations/patterns.md +42 -0
- package/lib/agent-contracts-enforce.mjs +158 -0
- package/lib/agent-contracts.mjs +231 -0
- package/lib/agents/postconditions.mjs +126 -0
- package/lib/agents/schema.mjs +124 -0
- package/lib/artifact-capture.mjs +183 -0
- package/lib/audit-trail.mjs +149 -0
- package/lib/auto-docs.mjs +245 -65
- package/lib/beads/auto-close.mjs +126 -0
- package/lib/beads/drift.mjs +171 -0
- package/lib/beads-automation.mjs +542 -0
- package/lib/beads-client.mjs +518 -0
- package/lib/beads-lock.mjs +377 -0
- package/lib/beads-optimistic.mjs +365 -0
- package/lib/bootstrap/built-ins.mjs +136 -0
- package/lib/bootstrap/lazy-install.mjs +161 -0
- package/lib/bootstrap/resources.mjs +120 -0
- package/lib/bootstrap.mjs +105 -0
- package/lib/cache-governor.js +213 -0
- package/lib/cache-strategy-anthropic.js +62 -0
- package/lib/cache-strategy-google.js +79 -0
- package/lib/cache-strategy-none.js +30 -0
- package/lib/cache-strategy-openai.js +48 -0
- package/lib/cache-strategy.js +91 -0
- package/lib/claude-allow.mjs +149 -0
- package/lib/cli-commands.mjs +413 -258
- package/lib/codex-config.mjs +3 -1
- package/lib/comment-lint.mjs +55 -6
- package/lib/completions.mjs +21 -6
- package/lib/config/alias.mjs +56 -0
- package/lib/config/project-config.mjs +335 -0
- package/lib/config/schema.mjs +159 -0
- package/lib/context-router.mjs +308 -0
- package/lib/cost-ledger.mjs +177 -0
- package/lib/cost.mjs +171 -10
- package/lib/dashboard-static.mjs +158 -0
- package/lib/deployment-mode.mjs +86 -0
- package/lib/deprecate.mjs +49 -0
- package/lib/dispatch-batch.js +183 -0
- package/lib/distill.mjs +21 -8
- package/lib/doc-stamp.mjs +164 -0
- package/lib/doc-verify.mjs +119 -0
- package/lib/docs-routing.mjs +89 -0
- package/lib/docs-verify.mjs +417 -0
- package/lib/doctor/audit.mjs +71 -0
- package/lib/doctor/cli.mjs +99 -0
- package/lib/doctor/escalate.mjs +29 -0
- package/lib/doctor/index.mjs +140 -0
- package/lib/doctor/report.mjs +170 -0
- package/lib/doctor/watchers/bd-watch.mjs +117 -0
- package/lib/doctor/watchers/cost.mjs +130 -0
- package/lib/doctor/watchers/disk.mjs +122 -0
- package/lib/doctor/watchers/handoffs.mjs +33 -0
- package/lib/doctor/watchers/process-pressure.mjs +60 -0
- package/lib/doctor/watchers/service-health.mjs +188 -0
- package/lib/document-extract.mjs +288 -0
- package/lib/document-ingest.mjs +230 -0
- package/lib/drop.mjs +282 -0
- package/lib/embed/approval-queue.mjs +176 -0
- package/lib/embed/artifact.mjs +349 -0
- package/lib/embed/authority-guard.mjs +155 -0
- package/lib/embed/cli.mjs +408 -0
- package/lib/embed/config.mjs +355 -0
- package/lib/embed/conflict-detection.mjs +264 -0
- package/lib/embed/customer-profiles.mjs +480 -0
- package/lib/embed/daemon.mjs +1309 -0
- package/lib/embed/demand-fetch.mjs +449 -0
- package/lib/embed/docs-lifecycle.mjs +349 -0
- package/lib/embed/inbox-live-watcher.mjs +119 -0
- package/lib/embed/inbox.mjs +343 -0
- package/lib/embed/intake-metrics.mjs +190 -0
- package/lib/embed/jobs/vector-sync.mjs +198 -0
- package/lib/embed/notifications.mjs +75 -0
- package/lib/embed/output.mjs +79 -0
- package/lib/embed/providers/github.mjs +295 -0
- package/lib/embed/providers/jira.mjs +192 -0
- package/lib/embed/providers/linear.mjs +186 -0
- package/lib/embed/providers/registry.mjs +115 -0
- package/lib/embed/providers/slack.mjs +203 -0
- package/lib/embed/recommendation-store.mjs +378 -0
- package/lib/embed/roadmap.mjs +374 -0
- package/lib/embed/role-framing.mjs +110 -0
- package/lib/embed/scheduler.mjs +99 -0
- package/lib/embed/semantic.mjs +325 -0
- package/lib/embed/snapshot.mjs +191 -0
- package/lib/embed/supervision.mjs +235 -0
- package/lib/embed/target-resolver.mjs +186 -0
- package/lib/embed/worker.mjs +62 -0
- package/lib/embed/workspaces.mjs +297 -0
- package/lib/engine/chunker-headings.mjs +110 -0
- package/lib/engine/compressor-heuristic.mjs +100 -0
- package/lib/engine/consolidate.mjs +287 -0
- package/lib/engine/contracts.mjs +126 -0
- package/lib/engine/defaults.mjs +129 -0
- package/lib/engine/eval-retrieval.mjs +148 -0
- package/lib/engine/fuser-rrf.mjs +62 -0
- package/lib/engine/index.mjs +37 -0
- package/lib/engine/registry.mjs +146 -0
- package/lib/engine/reranker-mmr.mjs +90 -0
- package/lib/engine/tokens.mjs +77 -0
- package/lib/entity-store.mjs +280 -0
- package/lib/env-config.mjs +69 -4
- package/lib/evals/retrieval-bench.mjs +159 -0
- package/lib/evaluator-optimizer.mjs +317 -0
- package/lib/features.mjs +159 -29
- package/lib/gates-audit.mjs +236 -0
- package/lib/git-hooks/prepare-commit-msg +58 -0
- package/lib/handoffs/cleanup.mjs +159 -0
- package/lib/handoffs/contract.mjs +162 -0
- package/lib/handoffs/inventory.mjs +120 -0
- package/lib/headhunt.mjs +28 -47
- package/lib/health-check.mjs +399 -0
- package/lib/hook-health.mjs +442 -0
- package/lib/hooks/_lib/log.mjs +82 -0
- package/lib/hooks/adaptive-lint.mjs +26 -2
- package/lib/hooks/agent-tracker.mjs +171 -14
- package/lib/hooks/audit-reads.mjs +109 -0
- package/lib/hooks/audit-trail.mjs +153 -0
- package/lib/hooks/bash-output-logger.mjs +71 -0
- package/lib/hooks/block-no-verify.mjs +41 -0
- package/lib/hooks/ci-status-check.mjs +82 -0
- package/lib/hooks/comment-lint.mjs +29 -7
- package/lib/hooks/config-protection.mjs +39 -18
- package/lib/hooks/context-watch.mjs +137 -0
- package/lib/hooks/context-window-recovery.mjs +4 -20
- package/lib/hooks/dep-audit.mjs +16 -0
- package/lib/hooks/doc-coupling-check.mjs +80 -0
- package/lib/hooks/edit-accumulator.mjs +3 -0
- package/lib/hooks/edit-error-recovery.mjs +3 -0
- package/lib/hooks/edit-guard.mjs +45 -4
- package/lib/hooks/env-check.mjs +3 -0
- package/lib/hooks/guard-bash.mjs +58 -1
- package/lib/hooks/mcp-audit.mjs +18 -20
- package/lib/hooks/mcp-health-check.mjs +36 -0
- package/lib/hooks/model-fallback.mjs +42 -56
- package/lib/hooks/policy-engine.mjs +209 -0
- package/lib/hooks/post-merge-docs-check.mjs +63 -0
- package/lib/hooks/pre-compact.mjs +4 -24
- package/lib/hooks/pre-push-gate.mjs +200 -37
- package/lib/hooks/proactive-activation.mjs +284 -0
- package/lib/hooks/read-tracker.mjs +27 -4
- package/lib/hooks/readme-age-check.mjs +77 -0
- package/lib/hooks/registry-sync.mjs +12 -5
- package/lib/hooks/scan-secrets.mjs +50 -7
- package/lib/hooks/session-optimize.mjs +311 -0
- package/lib/hooks/session-start.mjs +287 -28
- package/lib/hooks/stop-notify.mjs +236 -96
- package/lib/hooks/stop-typecheck.mjs +13 -1
- package/lib/hooks/test-watch.mjs +68 -0
- package/lib/host-capabilities.mjs +31 -10
- package/lib/init-docs.mjs +731 -291
- package/lib/init-unified.mjs +1116 -0
- package/lib/init-update.mjs +168 -0
- package/lib/init.mjs +107 -0
- package/lib/install/first-invocation.mjs +119 -0
- package/lib/install/stage-project.mjs +69 -0
- package/lib/intake/classify.mjs +278 -0
- package/lib/intake/feedback.mjs +273 -0
- package/lib/intake/filesystem-queue.mjs +158 -0
- package/lib/intake/intake-config.mjs +132 -0
- package/lib/intake/postgres-queue.mjs +198 -0
- package/lib/intake/prepare.mjs +139 -0
- package/lib/intake/queue.mjs +83 -0
- package/lib/intake/session-prelude.mjs +50 -0
- package/lib/integrations/intake-integrations.mjs +740 -0
- package/lib/intent-classifier.mjs +253 -0
- package/lib/knowledge/layout.mjs +72 -0
- package/lib/knowledge/rag.mjs +331 -0
- package/lib/knowledge/search.mjs +315 -0
- package/lib/knowledge/trends.mjs +261 -0
- package/lib/logger.mjs +85 -0
- package/lib/mcp/broker.mjs +124 -0
- package/lib/mcp/server.mjs +554 -854
- package/lib/mcp/tools/document.mjs +132 -0
- package/lib/mcp/tools/memory.mjs +209 -0
- package/lib/mcp/tools/project.mjs +349 -0
- package/lib/mcp/tools/skills.mjs +409 -0
- package/lib/mcp/tools/storage.mjs +60 -0
- package/lib/mcp/tools/telemetry.mjs +315 -0
- package/lib/mcp/tools/workflow.mjs +112 -0
- package/lib/mcp-catalog.json +54 -3
- package/lib/mcp-manager.mjs +96 -48
- package/lib/mcp-platform-config.mjs +22 -22
- package/lib/memory-stats.mjs +121 -0
- package/lib/mode-commands.mjs +124 -0
- package/lib/model-free-selector.mjs +184 -0
- package/lib/model-pricing.mjs +152 -0
- package/lib/model-registry.mjs +226 -0
- package/lib/model-router.mjs +362 -386
- package/lib/observation-store.mjs +391 -0
- package/lib/ollama-manager.mjs +428 -0
- package/lib/opencode-config.mjs +13 -3
- package/lib/opencode-runtime-plugin.mjs +70 -38
- package/lib/opencode-telemetry.mjs +64 -6
- package/lib/orchestration-policy.mjs +509 -6
- package/lib/overrides/resolver.mjs +207 -0
- package/lib/parity.mjs +147 -0
- package/lib/paths.mjs +33 -0
- package/lib/performance/generate.mjs +212 -0
- package/lib/plugin-registry.mjs +268 -0
- package/lib/policy/engine.mjs +130 -0
- package/lib/policy/unified-gates.mjs +96 -0
- package/lib/project-detection.mjs +129 -0
- package/lib/project-init-shared.mjs +272 -0
- package/lib/project-profile.mjs +447 -0
- package/lib/prompt-composer.js +434 -0
- package/lib/prompt-metadata.mjs +1 -1
- package/lib/provider-capabilities-anthropic.js +44 -0
- package/lib/provider-capabilities-deepseek.js +37 -0
- package/lib/provider-capabilities-generic.js +26 -0
- package/lib/provider-capabilities-google.js +47 -0
- package/lib/provider-capabilities-openai.js +45 -0
- package/lib/provider-capabilities.js +142 -0
- package/lib/providers/atlassian-confluence/index.mjs +103 -0
- package/lib/providers/atlassian-jira/index.mjs +100 -0
- package/lib/providers/auth-manager.mjs +126 -0
- package/lib/providers/circuit-breaker.mjs +124 -0
- package/lib/providers/contract.mjs +93 -0
- package/lib/providers/github/index.mjs +126 -0
- package/lib/providers/registry.mjs +184 -0
- package/lib/providers/salesforce/index.mjs +100 -0
- package/lib/providers/slack/index.mjs +80 -0
- package/lib/reflect.mjs +137 -0
- package/lib/research-lint.mjs +164 -0
- package/lib/resources/budget.mjs +259 -0
- package/lib/role-preload.mjs +21 -6
- package/lib/roles/approval-surface.mjs +54 -0
- package/lib/roles/cli.mjs +118 -0
- package/lib/roles/event-bus.mjs +79 -0
- package/lib/roles/fence.mjs +84 -0
- package/lib/roles/gateway.mjs +260 -0
- package/lib/roles/hook-emit.mjs +37 -0
- package/lib/roles/manifest.mjs +48 -0
- package/lib/roles/router.mjs +27 -0
- package/lib/runtime-pressure.mjs +360 -0
- package/lib/schema-artifact.mjs +134 -0
- package/lib/schema-infer.mjs +551 -0
- package/lib/server/auth.mjs +168 -0
- package/lib/server/chat.mjs +336 -0
- package/lib/server/cors.mjs +77 -0
- package/lib/server/csrf.mjs +91 -0
- package/lib/server/index.mjs +1927 -78
- package/lib/server/insights.mjs +765 -0
- package/lib/server/rate-limit.mjs +91 -0
- package/lib/server/static/assets/index-ab25c707.js +70 -0
- package/lib/server/static/assets/index-f0c80a2b.css +1 -0
- package/lib/server/static/index.html +12 -817
- package/lib/server/telemetry-login.mjs +108 -0
- package/lib/server/webhook.mjs +510 -0
- package/lib/service-manager.mjs +522 -58
- package/lib/services/pattern-promotion-service.mjs +167 -0
- package/lib/services/telemetry-backend.mjs +178 -0
- package/lib/session-store.mjs +374 -0
- package/lib/setup-prompts.mjs +96 -0
- package/lib/setup.mjs +525 -38
- package/lib/skills-apply.mjs +280 -0
- package/lib/skills-scope.mjs +118 -0
- package/lib/status.mjs +261 -70
- package/lib/storage/admin.mjs +355 -0
- package/lib/storage/backend.mjs +2 -1
- package/lib/storage/backup.mjs +347 -0
- package/lib/storage/embeddings-engine.mjs +133 -0
- package/lib/storage/embeddings-legacy.mjs +85 -0
- package/lib/storage/embeddings-local.mjs +108 -0
- package/lib/storage/embeddings-ollama.mjs +78 -0
- package/lib/storage/embeddings-openai.mjs +85 -0
- package/lib/storage/embeddings.mjs +92 -33
- package/lib/storage/file-lock.mjs +130 -0
- package/lib/storage/fusion.mjs +95 -0
- package/lib/storage/hybrid-query.mjs +34 -27
- package/lib/storage/migrations.mjs +187 -0
- package/lib/storage/postgres-backup.mjs +124 -0
- package/lib/storage/sql-store.mjs +5 -15
- package/lib/storage/state-source.mjs +12 -13
- package/lib/storage/store-version.mjs +115 -0
- package/lib/storage/sync.mjs +144 -35
- package/lib/storage/unified-storage.mjs +550 -0
- package/lib/storage/vector-client.mjs +286 -0
- package/lib/storage/vector-store.mjs +71 -30
- package/lib/task-graph/generate.mjs +135 -0
- package/lib/task-graph/schema.mjs +81 -0
- package/lib/task-graph/store.mjs +71 -0
- package/lib/telemetry/backends/local.mjs +62 -0
- package/lib/telemetry/backends/{langfuse.mjs → remote.mjs} +27 -14
- package/lib/telemetry/backfill.mjs +180 -0
- package/lib/telemetry/eval-datasets.mjs +203 -0
- package/lib/telemetry/{langfuse-ingest.mjs → ingest.mjs} +26 -20
- package/lib/telemetry/intent-verifications.mjs +86 -0
- package/lib/telemetry/llm-judge.mjs +350 -0
- package/lib/telemetry/model-pricing-catalog.mjs +557 -0
- package/lib/telemetry/setup.mjs +151 -0
- package/lib/telemetry/skill-calls.mjs +78 -0
- package/lib/telemetry/team-rollup.mjs +4 -4
- package/lib/token-engine.js +117 -0
- package/lib/token-estimator-anthropic.js +15 -0
- package/lib/token-estimator-deepseek.js +13 -0
- package/lib/token-estimator-default.js +13 -0
- package/lib/token-estimator-google.js +13 -0
- package/lib/token-estimator-openai.js +13 -0
- package/lib/toolkit-env.mjs +1 -1
- package/lib/tty-prompts.mjs +211 -0
- package/lib/uninstall/uninstall.mjs +423 -0
- package/lib/update.mjs +115 -0
- package/lib/upgrade.mjs +141 -0
- package/lib/validator.mjs +51 -2
- package/lib/validators/skills.mjs +142 -0
- package/lib/wireframe.mjs +422 -0
- package/lib/worker/entrypoint.mjs +241 -0
- package/lib/worker/evidence.mjs +107 -0
- package/lib/worker/run.mjs +154 -0
- package/lib/worker/trace.mjs +182 -0
- package/lib/workflow-state.mjs +14 -18
- package/package.json +21 -8
- package/personas/construct.md +53 -51
- package/platforms/claude/CLAUDE.md +1 -1
- package/platforms/claude/settings.template.json +115 -68
- package/platforms/opencode/config.template.json +3 -7
- package/rules/common/agents.md +11 -38
- package/rules/common/beads-hygiene.md +75 -0
- package/rules/common/code-review.md +11 -100
- package/rules/common/coding-style.md +5 -3
- package/rules/common/comments.md +30 -111
- package/rules/common/commit-approval.md +53 -0
- package/rules/common/cx-agent-routing.md +1 -0
- package/rules/common/development-workflow.md +23 -41
- package/rules/common/doc-ownership.md +54 -0
- package/rules/common/efficiency.md +57 -0
- package/rules/common/framing.md +76 -0
- package/rules/common/git-workflow.md +2 -4
- package/rules/common/patterns.md +3 -7
- package/rules/common/performance.md +15 -31
- package/rules/common/release-gates.md +69 -0
- package/rules/common/research.md +107 -0
- package/rules/common/security.md +6 -6
- package/rules/common/skill-composition.md +67 -0
- package/rules/common/testing.md +15 -27
- package/rules/golang/hooks.md +0 -4
- package/rules/policy/bootstrap.yaml +11 -0
- package/rules/policy/drive.yaml +8 -0
- package/rules/policy/task.yaml +9 -0
- package/rules/policy/workflow.yaml +9 -0
- package/rules/python/hooks.md +0 -4
- package/rules/swift/hooks.md +0 -4
- package/rules/typescript/hooks.md +0 -4
- package/rules/web/hooks.md +0 -2
- package/{sync-agents.mjs → scripts/sync-agents.mjs} +306 -61
- package/skills/ai/prompt-optimizer.md +7 -7
- package/skills/compliance/ai-disclosure.md +58 -0
- package/skills/compliance/data-privacy.md +46 -0
- package/skills/compliance/license-audit.md +40 -0
- package/skills/compliance/regulatory-review.md +61 -0
- package/skills/docs/document-ingest-workflow.md +52 -0
- package/skills/docs/evidence-ingest-workflow.md +9 -0
- package/skills/docs/init-docs.md +51 -18
- package/skills/docs/product-intelligence-workflow.md +12 -0
- package/skills/docs/product-signal-workflow.md +4 -0
- package/skills/docs/research-workflow.md +23 -8
- package/skills/docs/runbook-workflow.md +1 -1
- package/skills/operating/orchestration-reference.md +151 -0
- package/skills/roles/architect.md +5 -0
- package/skills/roles/engineer.md +32 -0
- package/skills/roles/operator.md +12 -0
- package/skills/roles/reviewer.md +23 -0
- package/skills/routing.md +1 -1
- package/templates/devcontainer/Dockerfile.devcontainer +38 -0
- package/templates/devcontainer/devcontainer.json +31 -0
- package/templates/distribution/bootstrap.ps1 +142 -0
- package/templates/distribution/bootstrap.sh +196 -0
- package/templates/distribution/run.mjs +187 -0
- package/templates/docs/adr.md +44 -8
- package/templates/docs/changelog-entry.md +43 -0
- package/templates/docs/construct_guide.md +149 -0
- package/templates/docs/evidence-brief.md +2 -2
- package/templates/docs/meta-prd.md +140 -19
- package/templates/docs/onboarding.md +57 -0
- package/templates/docs/prd.md +159 -15
- package/templates/docs/research-brief.md +4 -4
- package/templates/homebrew/construct.rb +67 -0
- package/langfuse/docker-compose.yml +0 -82
- package/lib/eval-harness.mjs +0 -59
- package/lib/hooks/bootstrap-guard.mjs +0 -90
- package/lib/hooks/console-warn.mjs +0 -43
- package/lib/hooks/continuation-enforcer.mjs +0 -72
- package/lib/hooks/drive-guard.mjs +0 -89
- package/lib/hooks/mcp-task-scope.mjs +0 -47
- package/lib/hooks/task-completed-guard.mjs +0 -43
- package/lib/hooks/teammate-idle-guard.mjs +0 -54
- package/lib/hooks/workflow-guard.mjs +0 -62
- package/lib/prompt-composer.mjs +0 -196
- package/lib/review.mjs +0 -429
- package/lib/server/static/app.js +0 -841
- package/lib/telemetry/langfuse-model-sync.mjs +0 -270
- package/rules/common/hooks.md +0 -35
- package/rules/zh/README.md +0 -113
- package/rules/zh/agents.md +0 -55
- package/rules/zh/code-review.md +0 -129
- package/rules/zh/coding-style.md +0 -53
- package/rules/zh/development-workflow.md +0 -49
- package/rules/zh/git-workflow.md +0 -29
- package/rules/zh/hooks.md +0 -35
- package/rules/zh/patterns.md +0 -36
- package/rules/zh/performance.md +0 -60
- package/rules/zh/security.md +0 -34
- package/rules/zh/testing.md +0 -34
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/common/doc-ownership.md — which specialist owns which document type.
|
|
3
|
+
|
|
4
|
+
Prevents the orchestrator (or any general persona) from authoring specialist
|
|
5
|
+
documents directly. Routing authorship to the owning role is how research,
|
|
6
|
+
framing, and domain scrutiny actually fire — writing a PRD without the
|
|
7
|
+
product manager bypasses those checks entirely.
|
|
8
|
+
-->
|
|
9
|
+
# Document Ownership
|
|
10
|
+
|
|
11
|
+
A document type names a body of work. That body of work has an owner. The orchestrator routes; it does not author.
|
|
12
|
+
|
|
13
|
+
If Construct (or any general persona) drafts a PRD, ADR, research brief, or RFC directly, the specialists who would normally challenge the framing, demand external research, or enforce domain rigor never get invoked. The artifact looks complete and is structurally weak.
|
|
14
|
+
|
|
15
|
+
## Ownership table
|
|
16
|
+
|
|
17
|
+
| Document type | Owner | Why |
|
|
18
|
+
|---|---|---|
|
|
19
|
+
| PRD, meta-PRD, PRFAQ, one-pager, backlog proposal, customer profile | **cx-product-manager** | Requires evidence-traceable requirements, user grounding, scope discipline |
|
|
20
|
+
| ADR, RFC, architecture overview, system design | **cx-architect** | Requires trade-off analysis, reversibility reasoning, interface contract scrutiny |
|
|
21
|
+
| Research brief, evidence brief, signal brief, product intelligence report | **cx-researcher** | Requires external-source policy (`rules/common/research.md`), citation standards |
|
|
22
|
+
| Runbook | **cx-operations** or **cx-sre** | Requires on-call reality, incident experience |
|
|
23
|
+
| Incident report, postmortem | **cx-sre** | Requires blameless structure, reliability framing |
|
|
24
|
+
| Test plan, QA strategy | **cx-qa** | Requires coverage threshold reasoning, risk-based prioritization |
|
|
25
|
+
| Security review, threat model | **cx-security** | Requires attacker-perspective scrutiny |
|
|
26
|
+
| Memo, internal explainer | **cx-docs-keeper** | Requires narrative discipline and cross-linking |
|
|
27
|
+
| Changelog, CHANGELOG.md | **cx-docs-keeper** | Lightweight but still a documentation deliverable |
|
|
28
|
+
|
|
29
|
+
## Routing rules
|
|
30
|
+
|
|
31
|
+
1. **Detect the doc type from the request.** Keywords like "write a PRD", "draft an ADR", "produce a research brief" trigger ownership routing. Construct must not author these itself.
|
|
32
|
+
|
|
33
|
+
2. **Route before framing.** The owning specialist runs the framing step (`rules/common/framing.md`) as part of their drafting process. Pre-framing by the orchestrator defeats the purpose.
|
|
34
|
+
|
|
35
|
+
3. **Research precedes architecture.** If the request is for architecture/ADR/RFC work and references a named concept not in the project glossary, cx-researcher runs *before* cx-architect and returns the reference set cx-architect must cite.
|
|
36
|
+
|
|
37
|
+
4. **The orchestrator reviews, does not redraft.** If the specialist's draft has issues, the orchestrator surfaces them back to the same specialist. Only the owner revises.
|
|
38
|
+
|
|
39
|
+
5. **Cross-doc coherence is the docs-keeper's job.** When a set of documents must stay consistent (PRD ↔ ADR ↔ research), cx-docs-keeper runs after drafting to enforce cross-references, not to rewrite content.
|
|
40
|
+
|
|
41
|
+
## Failure mode this rule prevents
|
|
42
|
+
|
|
43
|
+
An orchestrator that writes a PRD directly:
|
|
44
|
+
|
|
45
|
+
- Skips requirements traceability (cx-product-manager would demand evidence)
|
|
46
|
+
- Skips external research (cx-researcher would demand primary sources)
|
|
47
|
+
- Skips framing (framing is the owning specialist's first step, not the orchestrator's)
|
|
48
|
+
- Produces a structurally complete artifact that reflects the orchestrator's reasoning, not the domain's rigor
|
|
49
|
+
|
|
50
|
+
This is exactly how "it looks done but feels shallow" happens.
|
|
51
|
+
|
|
52
|
+
## The one rule
|
|
53
|
+
|
|
54
|
+
**If the document type has an owner in the table above, route to the owner. Do not author it yourself.**
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/common/efficiency.md — session context and tool-use efficiency standards.
|
|
3
|
+
|
|
4
|
+
Applies to all agents operating in a Construct session. Violations compound context
|
|
5
|
+
cost and reduce throughput. These rules are enforced by read-tracker.mjs and surfaced
|
|
6
|
+
in the session-start efficiency digest.
|
|
7
|
+
-->
|
|
8
|
+
|
|
9
|
+
# Session Efficiency
|
|
10
|
+
|
|
11
|
+
## Read discipline
|
|
12
|
+
|
|
13
|
+
Read a file once per task boundary. When a file's content is needed again, use the
|
|
14
|
+
in-context version unless there is a concrete reason to believe it changed (e.g., a
|
|
15
|
+
tool wrote it since the last read).
|
|
16
|
+
|
|
17
|
+
Signals that a re-read is warranted:
|
|
18
|
+
- A Write/Edit tool call targeted the file after the last read.
|
|
19
|
+
- An external process (Bash, a subagent) may have modified it.
|
|
20
|
+
- The last read was in a prior session (context was compacted).
|
|
21
|
+
|
|
22
|
+
Do not re-read to verify — trust the in-context state. If staleness is a concern,
|
|
23
|
+
check the file hash via `read-tracker.mjs` state rather than re-reading the full file.
|
|
24
|
+
|
|
25
|
+
**Threshold:** more than 3 reads of the same file within a session without an intervening
|
|
26
|
+
write is a signal to stop and confirm the approach. The session-start digest surfaces
|
|
27
|
+
files that crossed this threshold in the prior session.
|
|
28
|
+
|
|
29
|
+
## Probe before bulk read
|
|
30
|
+
|
|
31
|
+
Before calling `Read` with `limit` unset or above 200 lines:
|
|
32
|
+
1. Check file size with `Glob` or `wc -l`.
|
|
33
|
+
2. Use a `limit: 50` probe pass to confirm the region of interest.
|
|
34
|
+
3. Then read the targeted range with `offset` + `limit`.
|
|
35
|
+
|
|
36
|
+
Bulk reading a large file to find a small section is never the right approach.
|
|
37
|
+
|
|
38
|
+
## Tool call parallelism
|
|
39
|
+
|
|
40
|
+
Independent tool calls must run in parallel. Sequential execution of parallelizable
|
|
41
|
+
calls wastes wall-clock time and burns context on round-trip overhead.
|
|
42
|
+
|
|
43
|
+
A call is independent when its inputs do not depend on the output of any other call
|
|
44
|
+
in the same batch.
|
|
45
|
+
|
|
46
|
+
## Bash output
|
|
47
|
+
|
|
48
|
+
Long Bash outputs are automatically persisted to `~/.cx/bash-logs/` by
|
|
49
|
+
`bash-output-logger.mjs`. Reference the log path in subsequent turns rather than
|
|
50
|
+
re-running the command.
|
|
51
|
+
|
|
52
|
+
## Agent dispatch cost
|
|
53
|
+
|
|
54
|
+
Each Task dispatch creates a subagent context. Dispatch a specialist when the task
|
|
55
|
+
benefits from a structurally different view (architecture suspicion, security scan,
|
|
56
|
+
coverage gap analysis). Do not dispatch for tasks that fit within a single focused
|
|
57
|
+
pass — the round-trip cost exceeds the benefit.
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/common/framing.md — how to frame a problem before acting on it.
|
|
3
|
+
|
|
4
|
+
Establishes the hard separation between execution artifacts (tickets, chat
|
|
5
|
+
transcripts, existing docs) and sources of truth (the underlying problem).
|
|
6
|
+
Applies to every specialist working on architecture, documentation, research,
|
|
7
|
+
product, or strategy work. Read before scaffolding anything.
|
|
8
|
+
-->
|
|
9
|
+
# Framing Policy
|
|
10
|
+
|
|
11
|
+
Most agent failures on ambiguous work trace to a single mistake: anchoring on the most concrete input available (usually a ticket or a prior doc) and building the output around its structure instead of around the actual problem.
|
|
12
|
+
|
|
13
|
+
Construct's default behavior must be the opposite.
|
|
14
|
+
|
|
15
|
+
## 1. Execution artifacts are not sources of truth
|
|
16
|
+
|
|
17
|
+
The following are **execution signals**, not the problem itself:
|
|
18
|
+
|
|
19
|
+
- Jira tickets, Linear issues, GitHub issues
|
|
20
|
+
- Chat transcripts, Slack threads, email threads
|
|
21
|
+
- Existing PRDs, RFCs, design docs
|
|
22
|
+
- User-provided summaries of "what we want"
|
|
23
|
+
- Prior conversation history with the user
|
|
24
|
+
|
|
25
|
+
They describe **how the problem was reported**, **what has been tried**, or **what someone thinks the solution is**. They do not define what the problem is.
|
|
26
|
+
|
|
27
|
+
Treating them as source of truth produces output that reflects the reporting structure, not the underlying need. That is the failure mode this rule exists to prevent.
|
|
28
|
+
|
|
29
|
+
## 2. Required framing step before scaffolding
|
|
30
|
+
|
|
31
|
+
Before scaffolding any architecture, documentation set, research brief, PRD, ADR, RFC, or roadmap, **state the underlying problem in your own words, independent of how it was reported**.
|
|
32
|
+
|
|
33
|
+
A valid problem statement:
|
|
34
|
+
|
|
35
|
+
- Describes an outcome someone needs, not a ticket title
|
|
36
|
+
- Does not reference ticket IDs, PRD filenames, or chat excerpts
|
|
37
|
+
- Would be legible to a reader who has never seen the inputs
|
|
38
|
+
- Names the constraint that makes the problem non-trivial
|
|
39
|
+
|
|
40
|
+
If you cannot produce this statement without referencing the inputs, you have not framed the problem. You are paraphrasing the inputs.
|
|
41
|
+
|
|
42
|
+
## 3. ADR / PRD / RFC content rules
|
|
43
|
+
|
|
44
|
+
- **ADR "Problem" section** must describe a decision-forcing tension in the domain. It must not describe the documents, tickets, or process that surfaced it.
|
|
45
|
+
- **PRD "Problem" section** must describe a user or business outcome that is currently blocked. It must not describe the roadmap item or ticket that initiated the work.
|
|
46
|
+
- **RFC "Motivation" section** must describe the technical or product pressure that makes the change worth its cost. It must not describe the meeting or request that triggered the RFC.
|
|
47
|
+
|
|
48
|
+
If a reader needs the ticket to understand the doc, the doc is failing its job.
|
|
49
|
+
|
|
50
|
+
## 4. When the inputs disagree with the inferred problem
|
|
51
|
+
|
|
52
|
+
If tickets, transcripts, or prior docs point at a different problem than the one you infer:
|
|
53
|
+
|
|
54
|
+
- Surface the mismatch explicitly
|
|
55
|
+
- Propose the reframed problem statement
|
|
56
|
+
- Ask the user once, then proceed with the reframed version if no answer
|
|
57
|
+
|
|
58
|
+
Do not silently adopt the input framing because it is easier.
|
|
59
|
+
|
|
60
|
+
## 5. Anti-patterns
|
|
61
|
+
|
|
62
|
+
Do not:
|
|
63
|
+
|
|
64
|
+
- Title documents after tickets or PRD filenames
|
|
65
|
+
- Structure information architecture around the artifacts that described the problem
|
|
66
|
+
- Write an ADR whose "Decision" is "we will have these documents" or "we will use this ticket structure"
|
|
67
|
+
- Produce a research brief whose sources are all internal tickets and transcripts
|
|
68
|
+
- Frame the "Rejected alternatives" section as "we considered not doing this ticket"
|
|
69
|
+
|
|
70
|
+
## 6. The one-sentence test
|
|
71
|
+
|
|
72
|
+
Before any artifact is considered framed, it must pass:
|
|
73
|
+
|
|
74
|
+
*"A principal engineer reading only this document, with no access to any tickets or prior context, would understand what problem is being solved and why it matters."*
|
|
75
|
+
|
|
76
|
+
If the document fails that test, it is not framed. It is a changelog entry wearing a different costume.
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
rules/common/git-workflow.md —
|
|
2
|
+
rules/common/git-workflow.md — commit message format and PR workflow.
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
Defines conventional commit types and pull request creation steps.
|
|
5
5
|
-->
|
|
6
6
|
# Git Workflow
|
|
7
7
|
|
|
@@ -14,8 +14,6 @@ rules/common/git-workflow.md — <one-line purpose>
|
|
|
14
14
|
|
|
15
15
|
Types: feat, fix, refactor, docs, test, chore, perf, ci
|
|
16
16
|
|
|
17
|
-
Note: Attribution disabled globally via ~/.claude/settings.json.
|
|
18
|
-
|
|
19
17
|
## Pull Request Workflow
|
|
20
18
|
|
|
21
19
|
When creating PRs:
|
package/rules/common/patterns.md
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
rules/common/patterns.md —
|
|
2
|
+
rules/common/patterns.md — reusable design patterns and skeleton project strategy.
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
Covers skeleton project evaluation, repository pattern, and API response format.
|
|
5
5
|
-->
|
|
6
6
|
# Common Patterns
|
|
7
7
|
|
|
@@ -9,11 +9,7 @@ rules/common/patterns.md — <one-line purpose>
|
|
|
9
9
|
|
|
10
10
|
When implementing new functionality:
|
|
11
11
|
1. Search for battle-tested skeleton projects
|
|
12
|
-
2.
|
|
13
|
-
- Security assessment
|
|
14
|
-
- Extensibility analysis
|
|
15
|
-
- Relevance scoring
|
|
16
|
-
- Implementation planning
|
|
12
|
+
2. Evaluate options for security, extensibility, and relevance
|
|
17
13
|
3. Clone best match as foundation
|
|
18
14
|
4. Iterate within proven structure
|
|
19
15
|
|
|
@@ -1,23 +1,24 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
rules/common/performance.md —
|
|
2
|
+
rules/common/performance.md — model-agnostic performance and context management rules.
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
Defines model selection tiers, context window management heuristics,
|
|
5
|
+
and build troubleshooting steps. No platform-specific tool names or config paths.
|
|
5
6
|
-->
|
|
6
7
|
# Performance Optimization
|
|
7
8
|
|
|
8
9
|
## Model Selection Strategy
|
|
9
10
|
|
|
10
|
-
**
|
|
11
|
+
**Fast tier** (small/cheap models):
|
|
11
12
|
- Lightweight agents with frequent invocation
|
|
12
13
|
- Pair programming and code generation
|
|
13
14
|
- Worker agents in multi-agent systems
|
|
14
15
|
|
|
15
|
-
**
|
|
16
|
+
**Standard tier** (mid-range models):
|
|
16
17
|
- Main development work
|
|
17
18
|
- Orchestrating multi-agent workflows
|
|
18
19
|
- Complex coding tasks
|
|
19
20
|
|
|
20
|
-
**
|
|
21
|
+
**Reasoning tier** (large/frontier models):
|
|
21
22
|
- Complex architectural decisions
|
|
22
23
|
- Maximum reasoning requirements
|
|
23
24
|
- Research and analysis tasks
|
|
@@ -30,15 +31,15 @@ Avoid last 20% of context window for:
|
|
|
30
31
|
- Debugging complex interactions
|
|
31
32
|
|
|
32
33
|
Prefer this retrieval ladder before loading more context:
|
|
33
|
-
1.
|
|
34
|
-
2.
|
|
35
|
-
3.
|
|
36
|
-
4.
|
|
34
|
+
1. Targeted search to narrow candidate files
|
|
35
|
+
2. Targeted reads (aim for <400 lines)
|
|
36
|
+
3. Parallel reads for the minimum necessary file set
|
|
37
|
+
4. Summarize to a context artifact before broad re-exploration
|
|
37
38
|
|
|
38
39
|
Heuristics:
|
|
39
|
-
- Re-reading the same file multiple times without a state change is
|
|
40
|
+
- Re-reading the same file multiple times without a state change is a retrieval smell.
|
|
40
41
|
- Large reads should be reserved for files where local structure matters more than symbol search.
|
|
41
|
-
- Use workflow/context artifacts as cached state instead of rediscovering
|
|
42
|
+
- Use workflow/context artifacts as cached state instead of rediscovering background repeatedly.
|
|
42
43
|
|
|
43
44
|
Lower context sensitivity tasks:
|
|
44
45
|
- Single-file edits
|
|
@@ -46,26 +47,9 @@ Lower context sensitivity tasks:
|
|
|
46
47
|
- Documentation updates
|
|
47
48
|
- Simple bug fixes
|
|
48
49
|
|
|
49
|
-
## Extended Thinking + Plan Mode
|
|
50
|
-
|
|
51
|
-
Extended thinking is enabled by default, reserving up to 31,999 tokens for internal reasoning.
|
|
52
|
-
|
|
53
|
-
Control extended thinking via:
|
|
54
|
-
- **Toggle**: Option+T (macOS) / Alt+T (Windows/Linux)
|
|
55
|
-
- **Config**: Set `alwaysThinkingEnabled` in `~/.claude/settings.json`
|
|
56
|
-
- **Budget cap**: `export MAX_THINKING_TOKENS=10000`
|
|
57
|
-
- **Verbose mode**: Ctrl+O to see thinking output
|
|
58
|
-
|
|
59
|
-
For complex tasks requiring deep reasoning:
|
|
60
|
-
1. Ensure extended thinking is enabled (on by default)
|
|
61
|
-
2. Enable **Plan Mode** for structured approach
|
|
62
|
-
3. Use multiple critique rounds for thorough analysis
|
|
63
|
-
4. Use split role sub-agents for diverse perspectives
|
|
64
|
-
|
|
65
50
|
## Build Troubleshooting
|
|
66
51
|
|
|
67
52
|
If build fails:
|
|
68
|
-
1.
|
|
69
|
-
2.
|
|
70
|
-
3.
|
|
71
|
-
4. Verify after each fix
|
|
53
|
+
1. Analyze error messages
|
|
54
|
+
2. Fix incrementally
|
|
55
|
+
3. Verify after each fix
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/common/release-gates.md — Hard release gates for Construct work.
|
|
3
|
+
|
|
4
|
+
Defines the blocking contracts every agent and persona must satisfy locally
|
|
5
|
+
before any commit, push, or "done" claim. Loaded by the construct persona,
|
|
6
|
+
AGENTS.md, and the engineer/reviewer/operator role overlays. Enforcement is at
|
|
7
|
+
the prompt level — CI is a backstop, not the primary gate.
|
|
8
|
+
-->
|
|
9
|
+
# Release Gates — Hard Contracts
|
|
10
|
+
|
|
11
|
+
These are blocking gates. Every agent, persona, and harness session working in or shipping Construct must satisfy them locally **before** any commit, push, or "done" claim. CI is a backstop, not the primary check.
|
|
12
|
+
|
|
13
|
+
The goal is simple: if a gate would fail in CI, it fails locally first. We never push and pray.
|
|
14
|
+
|
|
15
|
+
## The five local gates
|
|
16
|
+
|
|
17
|
+
Run these before declaring work done. Pasting the output into the PR body or `bd note` is the standard evidence.
|
|
18
|
+
|
|
19
|
+
| Gate | Command | Pass criterion |
|
|
20
|
+
|---|---|---|
|
|
21
|
+
| Tests | `npm test` | 0 failed, 0 unexpected skips |
|
|
22
|
+
| Comment policy | `node bin/construct lint:comments` | 0 errors AND 0 warnings |
|
|
23
|
+
| Doc verification | `node bin/construct docs:verify` | "All documentation checks passed" — no warnings either |
|
|
24
|
+
| AUTO doc drift | `node bin/construct docs:update --check` | "Docs are up to date" |
|
|
25
|
+
| Template policy | `npm run lint:templates` | "Template policy: clean." |
|
|
26
|
+
|
|
27
|
+
The shortcut for all five (plus dashboard sync) is:
|
|
28
|
+
|
|
29
|
+
```bash
|
|
30
|
+
npm run release:check
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## Commit + PR templates
|
|
34
|
+
|
|
35
|
+
The repo enforces `.gitmessage` and `.github/pull_request_template.md`. Both are validated by `scripts/lint-commits-pr.mjs` (the `lint-templates` CI job) and fail the build on any deviation.
|
|
36
|
+
|
|
37
|
+
Commit subjects must match `type(scope): subject` — type from {feat, fix, refactor, perf, docs, test, chore, ci, build, style}, imperative mood, ≤72 chars, no trailing period, lowercase after the colon. Run `git config commit.template .gitmessage` once per clone to load the template into your editor.
|
|
38
|
+
|
|
39
|
+
PR descriptions must keep all six headings — Summary, Beads issue, Doc updates included, Local gates, Test plan, Risks / rollback — with at least one checked box in both the "Doc updates" and "Local gates" sections. Empty templates fail.
|
|
40
|
+
|
|
41
|
+
Forbidden in commit messages: `Co-Authored-By: Claude*` trailers (unless the user explicitly asks), `--no-verify`, `--no-gpg-sign`. Forbidden in PR bodies: deleting the required headings, leaving every gate box unchecked.
|
|
42
|
+
|
|
43
|
+
## The tracker contract
|
|
44
|
+
|
|
45
|
+
For every non-trivial change:
|
|
46
|
+
|
|
47
|
+
1. **A Beads issue exists.** `bd ready` to find or create one. `bd show <id>` to read context. `bd update <id> --claim` to claim before editing files.
|
|
48
|
+
2. **`plan.md` reflects the work.** Even though `plan.md` is local-only and gitignored, it stays the human-readable working plan. Mark items `done` when they ship; add new rows for work that wasn't previously tracked.
|
|
49
|
+
3. **Doc updates land in the same change as code.** If runtime shape, contracts, boundaries, or major dependencies changed, update `docs/concepts/architecture.md` in the same commit. If the docs surface or maintenance contract changed, update `docs/README.md`. If active work, decisions, or assumptions changed, update `.cx/context.md` and `.cx/context.json`. Always add a `CHANGELOG.md` entry.
|
|
50
|
+
4. **Beads close on green.** `bd close <id>` happens after CI is green and the work is verified — not before.
|
|
51
|
+
|
|
52
|
+
## Hard rules
|
|
53
|
+
|
|
54
|
+
- **Do not commit if any gate fails.** Fix the underlying issue. Do not skip hooks (`--no-verify`), do not bypass with `[skip ci]` for code changes.
|
|
55
|
+
- **Do not push expecting CI to catch it.** If you would not run a gate locally, do not run it in CI.
|
|
56
|
+
- **Do not declare DONE before the gates run.** "Tests pass" without `npm test` evidence is not done.
|
|
57
|
+
- **Comment policy violations are blocking, not advisory.** Warnings count as failures for this gate.
|
|
58
|
+
- **Documentation drift is a code change.** A code commit that should have triggered a doc update but did not is incomplete work, not a follow-up.
|
|
59
|
+
|
|
60
|
+
## When a gate must be bypassed
|
|
61
|
+
|
|
62
|
+
If a gate is genuinely broken (tooling regression, infra issue) and the change is unrelated:
|
|
63
|
+
|
|
64
|
+
1. State the gate name and the failure.
|
|
65
|
+
2. Confirm with the user before bypassing.
|
|
66
|
+
3. File a Beads issue for the broken gate.
|
|
67
|
+
4. Note the bypass in the PR body and the Beads issue.
|
|
68
|
+
|
|
69
|
+
This is the only authorized form of bypass. "I'll fix it later" is not.
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/common/research.md — canonical research and evidence policy for Construct.
|
|
3
|
+
|
|
4
|
+
Defines how research starts, which sources to prefer, how claims are verified,
|
|
5
|
+
and what must be recorded so findings are reproducible. Applies to research,
|
|
6
|
+
product evidence synthesis, document ingest follow-up, and any recommendation
|
|
7
|
+
that depends on external facts or evolving internal evidence.
|
|
8
|
+
-->
|
|
9
|
+
# Research Policy
|
|
10
|
+
|
|
11
|
+
Construct treats research as a reproducible evidence-gathering process, not free-form browsing. If a claim could change decisions, scope, architecture, or roadmap, it must be tied to verifiable evidence.
|
|
12
|
+
|
|
13
|
+
## 1. Start order
|
|
14
|
+
|
|
15
|
+
Start with the narrowest authoritative source that can answer the question:
|
|
16
|
+
|
|
17
|
+
1. **Local project evidence first**
|
|
18
|
+
- `.cx/research/`
|
|
19
|
+
- `.cx/knowledge/`
|
|
20
|
+
- `docs/prd/`, `docs/meta-prd/`, `docs/adr/`, `docs/runbooks/`
|
|
21
|
+
- ingested markdown artifacts under `.cx/knowledge/`
|
|
22
|
+
- repo code, tests, configs, and existing decisions
|
|
23
|
+
2. **Primary external sources second**
|
|
24
|
+
- official docs for the exact version in use
|
|
25
|
+
- source code, standards, specifications, API references, vendor security advisories
|
|
26
|
+
3. **Secondary sources third**
|
|
27
|
+
- changelogs, migration guides, maintainer issue comments, release notes
|
|
28
|
+
4. **Tertiary sources last**
|
|
29
|
+
- blogs, forums, Q&A, analyst summaries, AI-generated summaries
|
|
30
|
+
|
|
31
|
+
Tertiary sources may help discover primary sources. They are not sufficient evidence for load-bearing claims.
|
|
32
|
+
|
|
33
|
+
## 2. Required metadata for every source
|
|
34
|
+
|
|
35
|
+
Record:
|
|
36
|
+
|
|
37
|
+
- source title or path
|
|
38
|
+
- source class: internal, primary, secondary, or tertiary
|
|
39
|
+
- version or revision when applicable
|
|
40
|
+
- publication date, release date, or access date
|
|
41
|
+
- why this source is relevant
|
|
42
|
+
|
|
43
|
+
If a source has no date and the topic is time-sensitive, treat confidence as reduced until recency is established another way.
|
|
44
|
+
|
|
45
|
+
## 3. Verification rules
|
|
46
|
+
|
|
47
|
+
For each load-bearing claim:
|
|
48
|
+
|
|
49
|
+
- prefer **two independent sources**
|
|
50
|
+
- one source is acceptable only when it is the authoritative primary source for that exact fact
|
|
51
|
+
- separate **observation** from **inference**
|
|
52
|
+
- label confidence as `high`, `medium`, or `low`
|
|
53
|
+
- state the strongest counter-evidence or contradiction when one exists
|
|
54
|
+
|
|
55
|
+
Claims about versions, APIs, security, pricing, compatibility, regulations, and timelines must cite the exact version/date basis.
|
|
56
|
+
|
|
57
|
+
## 4. Reproducibility
|
|
58
|
+
|
|
59
|
+
Research must be reproducible by another person in the repo.
|
|
60
|
+
|
|
61
|
+
Record:
|
|
62
|
+
|
|
63
|
+
- the exact question being answered
|
|
64
|
+
- search terms, commands, paths, or systems queried
|
|
65
|
+
- inclusion/exclusion decisions
|
|
66
|
+
- unresolved gaps that would change the recommendation
|
|
67
|
+
|
|
68
|
+
If you cannot explain how the answer was obtained, the research is incomplete.
|
|
69
|
+
|
|
70
|
+
## 5. Evidence thresholds
|
|
71
|
+
|
|
72
|
+
Recommendations must state what evidence threshold was used.
|
|
73
|
+
|
|
74
|
+
Examples:
|
|
75
|
+
|
|
76
|
+
- feature demand threshold
|
|
77
|
+
- migration-risk threshold
|
|
78
|
+
- security severity threshold
|
|
79
|
+
- benchmark or performance threshold
|
|
80
|
+
- confidence threshold for acting now vs gathering more evidence
|
|
81
|
+
|
|
82
|
+
If the threshold is not met, the output should recommend more research, a weaker artifact, or a narrower decision.
|
|
83
|
+
|
|
84
|
+
## 6. Output standard
|
|
85
|
+
|
|
86
|
+
Research outputs should include:
|
|
87
|
+
|
|
88
|
+
- question
|
|
89
|
+
- method
|
|
90
|
+
- sources
|
|
91
|
+
- findings
|
|
92
|
+
- confidence
|
|
93
|
+
- open questions
|
|
94
|
+
- recommendation or next step
|
|
95
|
+
|
|
96
|
+
Every substantive finding should point to a source path, URL, or document reference.
|
|
97
|
+
|
|
98
|
+
## 7. Anti-patterns
|
|
99
|
+
|
|
100
|
+
Do not:
|
|
101
|
+
|
|
102
|
+
- stop at the first plausible answer
|
|
103
|
+
- cite a blog when the spec or source code is available
|
|
104
|
+
- present inference as if the source said it directly
|
|
105
|
+
- ignore conflicting evidence
|
|
106
|
+
- use stale undated material for fast-moving topics without saying so
|
|
107
|
+
- promote weak product evidence into committed requirements
|
package/rules/common/security.md
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
rules/common/security.md —
|
|
2
|
+
rules/common/security.md — mandatory security checks and secret management.
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
Defines pre-commit security checklist, secret management rules,
|
|
5
|
+
and response protocol for discovered vulnerabilities.
|
|
5
6
|
-->
|
|
6
7
|
# Security Guidelines
|
|
7
8
|
|
|
@@ -28,7 +29,6 @@ Before ANY commit:
|
|
|
28
29
|
|
|
29
30
|
If security issue found:
|
|
30
31
|
1. STOP immediately
|
|
31
|
-
2.
|
|
32
|
-
3.
|
|
33
|
-
4.
|
|
34
|
-
5. Review entire codebase for similar issues
|
|
32
|
+
2. Fix CRITICAL issues before continuing
|
|
33
|
+
3. Rotate any exposed secrets
|
|
34
|
+
4. Review entire codebase for similar issues
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
rules/common/skill-composition.md — how specialist prompts compose with skill files.
|
|
3
|
+
|
|
4
|
+
Defines the default boundary between what lives in the agent's base prompt and
|
|
5
|
+
what is fetched via `get_skill` at runtime. Aims to keep prompts lean while
|
|
6
|
+
keeping domain knowledge reliably available when needed.
|
|
7
|
+
-->
|
|
8
|
+
# Skill Composition Policy
|
|
9
|
+
|
|
10
|
+
Specialist agent prompts are lean on purpose. Domain depth lives in skill files and is pulled in on demand, not pre-inlined.
|
|
11
|
+
|
|
12
|
+
## Default: on-demand skill loading
|
|
13
|
+
|
|
14
|
+
Every specialist prompt carries a marker:
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
**Role guidance**: call `get_skill("roles/NAME")` before drafting.
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
When the agent begins substantive work in its domain, it calls `get_skill("roles/NAME")` via the construct-mcp server. The skill body is returned for that turn only — no permanent prompt budget is consumed.
|
|
21
|
+
|
|
22
|
+
All hosts Construct supports (Claude Code, OpenCode, Codex, Copilot) have `get_skill` available through the construct-mcp server, so the runtime call is reliable.
|
|
23
|
+
|
|
24
|
+
## Why on-demand is the default
|
|
25
|
+
|
|
26
|
+
Inlining every role skill at sync time used to consume ~1000–2000 words of prompt budget per specialist, regardless of whether the skill content was relevant to the current task. That budget is fixed — it reduces the window available for actual context.
|
|
27
|
+
|
|
28
|
+
On-demand loading means:
|
|
29
|
+
|
|
30
|
+
- Quick tasks that don't need the full role body never pay the word cost
|
|
31
|
+
- The agent can load only the flavor overlay it actually needs
|
|
32
|
+
- Prompt caps become a real soft target, not a constant overage
|
|
33
|
+
- Skill content can be updated without re-syncing every agent prompt
|
|
34
|
+
|
|
35
|
+
## Opt-in preload: `preloadRoleGuidance: true`
|
|
36
|
+
|
|
37
|
+
Set `preloadRoleGuidance: true` on a registry entry only when:
|
|
38
|
+
|
|
39
|
+
- The agent ships to hosts that do not expose `get_skill` reliably
|
|
40
|
+
- The role content is so load-bearing that every single turn needs it
|
|
41
|
+
- The agent's model is weak at tool-calling discipline and skips the `get_skill` call in practice
|
|
42
|
+
|
|
43
|
+
This should be rare. If you find yourself preloading most agents, revisit the reasoning — the default exists because the cost is real.
|
|
44
|
+
|
|
45
|
+
## Skill array vs. role guidance
|
|
46
|
+
|
|
47
|
+
Two different mechanisms for two different purposes:
|
|
48
|
+
|
|
49
|
+
- **Registry `skills: [...]` array** — declarative metadata listing which skills the agent is *entitled* to call. Not inlined into the prompt. Used by `list_skills`, routing heuristics, and audit tooling. Add skills here liberally.
|
|
50
|
+
- **Role guidance directive** — the single `**Role guidance**: call get_skill("roles/NAME")` line in the prompt. Points the agent at its role file and (by default) tells it to load on demand. Exactly one per agent.
|
|
51
|
+
|
|
52
|
+
## Contributor guidance
|
|
53
|
+
|
|
54
|
+
When adding or editing a specialist:
|
|
55
|
+
|
|
56
|
+
1. Keep the base prompt short — role, perspective, productive tension, handoff contract. Under 400 words is normal.
|
|
57
|
+
2. Put domain depth into `skills/roles/NAME.md` and optional flavor overlays like `skills/roles/NAME.FLAVOR.md`.
|
|
58
|
+
3. Leave the role-guidance directive in place. Do not manually inline role content into the prompt body.
|
|
59
|
+
4. Only add `preloadRoleGuidance: true` with a written reason in the registry description.
|
|
60
|
+
|
|
61
|
+
## Anti-patterns
|
|
62
|
+
|
|
63
|
+
Do not:
|
|
64
|
+
|
|
65
|
+
- Paste role-skill content directly into the prompt body "to be safe"
|
|
66
|
+
- Add `preloadRoleGuidance: true` to push a prompt under the cap without fixing the underlying bloat
|
|
67
|
+
- Split a role skill into many tiny files to dodge the cap — keep the cohesive unit, load it on demand instead
|
package/rules/common/testing.md
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
rules/common/testing.md —
|
|
2
|
+
rules/common/testing.md — test coverage requirements and TDD workflow.
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
Defines minimum 80% coverage, TDD red-green-refactor cycle,
|
|
5
|
+
AAA test structure, and descriptive naming conventions.
|
|
5
6
|
-->
|
|
6
7
|
# Testing Requirements
|
|
7
8
|
|
|
@@ -24,39 +25,26 @@ MANDATORY workflow:
|
|
|
24
25
|
|
|
25
26
|
## Troubleshooting Test Failures
|
|
26
27
|
|
|
27
|
-
1.
|
|
28
|
-
2.
|
|
29
|
-
3.
|
|
30
|
-
4. Fix implementation, not tests (unless tests are wrong)
|
|
31
|
-
|
|
32
|
-
## Agent Support
|
|
33
|
-
|
|
34
|
-
- **tdd-guide** - Use PROACTIVELY for new features, enforces write-tests-first
|
|
28
|
+
1. Check test isolation
|
|
29
|
+
2. Verify mocks are correct
|
|
30
|
+
3. Fix implementation, not tests (unless tests are wrong)
|
|
35
31
|
|
|
36
32
|
## Test Structure (AAA Pattern)
|
|
37
33
|
|
|
38
|
-
Prefer Arrange-Act-Assert
|
|
39
|
-
|
|
40
|
-
```typescript
|
|
41
|
-
test('calculates similarity correctly', () => {
|
|
42
|
-
// Arrange
|
|
43
|
-
const vector1 = [1, 0, 0]
|
|
44
|
-
const vector2 = [0, 1, 0]
|
|
34
|
+
Prefer Arrange-Act-Assert:
|
|
45
35
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
expect(similarity).toBe(0)
|
|
51
|
-
})
|
|
36
|
+
```
|
|
37
|
+
// Arrange - set up test data
|
|
38
|
+
// Act - call the function under test
|
|
39
|
+
// Assert - verify the result
|
|
52
40
|
```
|
|
53
41
|
|
|
54
42
|
### Test Naming
|
|
55
43
|
|
|
56
44
|
Use descriptive names that explain the behavior under test:
|
|
57
45
|
|
|
58
|
-
```
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
46
|
+
```
|
|
47
|
+
returns empty array when no items match query
|
|
48
|
+
throws error when required config is missing
|
|
49
|
+
falls back to default when service is unavailable
|
|
62
50
|
```
|
package/rules/golang/hooks.md
CHANGED
|
@@ -11,12 +11,8 @@ paths:
|
|
|
11
11
|
---
|
|
12
12
|
# Go Hooks
|
|
13
13
|
|
|
14
|
-
> This file extends [common/hooks.md](../common/hooks.md) with Go specific content.
|
|
15
|
-
|
|
16
14
|
## PostToolUse Hooks
|
|
17
15
|
|
|
18
|
-
Configure in `~/.claude/settings.json`:
|
|
19
|
-
|
|
20
16
|
- **gofmt/goimports**: Auto-format `.go` files after edit
|
|
21
17
|
- **go vet**: Run static analysis after editing `.go` files
|
|
22
18
|
- **staticcheck**: Run extended static checks on modified packages
|