@geraldmaron/construct 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (471) hide show
  1. package/.env.example +10 -7
  2. package/LICENSE +201 -21
  3. package/README.md +132 -257
  4. package/agents/contracts.json +387 -0
  5. package/agents/prompts/cx-accessibility.md +8 -0
  6. package/agents/prompts/cx-ai-engineer.md +92 -0
  7. package/agents/prompts/cx-architect.md +10 -2
  8. package/agents/prompts/cx-business-strategist.md +13 -0
  9. package/agents/prompts/cx-data-analyst.md +80 -0
  10. package/agents/prompts/cx-data-engineer.md +4 -0
  11. package/agents/prompts/cx-debugger.md +8 -0
  12. package/agents/prompts/cx-designer.md +19 -0
  13. package/agents/prompts/cx-devil-advocate.md +4 -0
  14. package/agents/prompts/cx-docs-keeper.md +128 -0
  15. package/agents/prompts/cx-engineer.md +13 -0
  16. package/agents/prompts/cx-evaluator.md +4 -0
  17. package/agents/prompts/cx-explorer.md +12 -0
  18. package/agents/prompts/cx-legal-compliance.md +13 -0
  19. package/agents/prompts/cx-operations.md +13 -0
  20. package/agents/prompts/cx-orchestrator.md +107 -4
  21. package/agents/prompts/cx-platform-engineer.md +75 -0
  22. package/agents/prompts/cx-product-manager.md +8 -0
  23. package/agents/prompts/cx-qa.md +100 -0
  24. package/agents/prompts/cx-rd-lead.md +13 -0
  25. package/agents/prompts/cx-release-manager.md +8 -0
  26. package/agents/prompts/cx-researcher.md +21 -1
  27. package/agents/prompts/cx-reviewer.md +8 -0
  28. package/agents/prompts/cx-security.md +104 -0
  29. package/agents/prompts/cx-sre.md +104 -0
  30. package/agents/prompts/cx-test-automation.md +4 -0
  31. package/agents/prompts/cx-trace-reviewer.md +7 -3
  32. package/agents/prompts/cx-ux-researcher.md +4 -0
  33. package/agents/registry.json +365 -90
  34. package/agents/role-manifests.json +217 -0
  35. package/bin/construct +3345 -141
  36. package/bin/construct-postinstall.mjs +87 -0
  37. package/commands/build/feature.md +6 -6
  38. package/commands/plan/feature.md +6 -5
  39. package/commands/plan/requirements.md +1 -1
  40. package/commands/ship/status.md +1 -1
  41. package/commands/work/drive.md +3 -3
  42. package/commands/work/optimize-prompts.md +3 -3
  43. package/db/{migrations → schema}/001_init.sql +2 -0
  44. package/db/schema/002_pgvector.sql +182 -0
  45. package/db/schema/003_intake.sql +47 -0
  46. package/examples/README.md +85 -0
  47. package/examples/internal/roles/architect/bad/clever-plan-without-contracts.md +30 -0
  48. package/examples/internal/roles/architect/golden/explicit-tradeoff-before-plan.md +23 -0
  49. package/examples/internal/roles/engineer/bad/speculative-abstraction.md +30 -0
  50. package/examples/internal/roles/engineer/golden/read-before-write.md +28 -0
  51. package/examples/internal/roles/orchestrator/bad/everything-becomes-multi-agent.md +29 -0
  52. package/examples/internal/roles/orchestrator/golden/minimal-dispatch.md +22 -0
  53. package/examples/internal/roles/qa/bad/coverage-theater.md +30 -0
  54. package/examples/internal/roles/qa/golden/regression-gate.md +23 -0
  55. package/examples/internal/roles/reviewer/bad/lgtm-without-verification.md +29 -0
  56. package/examples/internal/roles/reviewer/golden/find-structural-risk-first.md +28 -0
  57. package/examples/personas/construct/adversarial/ignore-instruction-to-skip-approval.md +22 -0
  58. package/examples/personas/construct/bad/commit-without-approval.md +30 -0
  59. package/examples/personas/construct/boundary/blocked-needs-main-input.md +29 -0
  60. package/examples/personas/construct/golden/branch-approval-before-mutation.md +36 -0
  61. package/examples/personas/construct/golden/focused-direct-answer.md +28 -0
  62. package/examples/provider-plugin/README.md +34 -0
  63. package/examples/provider-plugin/index.mjs +74 -0
  64. package/examples/provider-plugin/package.json +15 -0
  65. package/examples/seed-observations/README.md +38 -0
  66. package/examples/seed-observations/anti-patterns.md +44 -0
  67. package/examples/seed-observations/decisions.md +36 -0
  68. package/examples/seed-observations/patterns.md +42 -0
  69. package/lib/agent-contracts-enforce.mjs +158 -0
  70. package/lib/agent-contracts.mjs +231 -0
  71. package/lib/agents/postconditions.mjs +126 -0
  72. package/lib/agents/schema.mjs +124 -0
  73. package/lib/artifact-capture.mjs +183 -0
  74. package/lib/audit-trail.mjs +149 -0
  75. package/lib/auto-docs.mjs +245 -65
  76. package/lib/beads/auto-close.mjs +126 -0
  77. package/lib/beads/drift.mjs +171 -0
  78. package/lib/beads-automation.mjs +542 -0
  79. package/lib/beads-client.mjs +518 -0
  80. package/lib/beads-lock.mjs +377 -0
  81. package/lib/beads-optimistic.mjs +365 -0
  82. package/lib/bootstrap/built-ins.mjs +136 -0
  83. package/lib/bootstrap/lazy-install.mjs +161 -0
  84. package/lib/bootstrap/resources.mjs +120 -0
  85. package/lib/bootstrap.mjs +105 -0
  86. package/lib/cache-governor.js +213 -0
  87. package/lib/cache-strategy-anthropic.js +62 -0
  88. package/lib/cache-strategy-google.js +79 -0
  89. package/lib/cache-strategy-none.js +30 -0
  90. package/lib/cache-strategy-openai.js +48 -0
  91. package/lib/cache-strategy.js +91 -0
  92. package/lib/claude-allow.mjs +149 -0
  93. package/lib/cli-commands.mjs +413 -258
  94. package/lib/codex-config.mjs +3 -1
  95. package/lib/comment-lint.mjs +55 -6
  96. package/lib/completions.mjs +21 -6
  97. package/lib/config/alias.mjs +56 -0
  98. package/lib/config/project-config.mjs +335 -0
  99. package/lib/config/schema.mjs +159 -0
  100. package/lib/context-router.mjs +308 -0
  101. package/lib/cost-ledger.mjs +177 -0
  102. package/lib/cost.mjs +171 -10
  103. package/lib/dashboard-static.mjs +158 -0
  104. package/lib/deployment-mode.mjs +86 -0
  105. package/lib/deprecate.mjs +49 -0
  106. package/lib/dispatch-batch.js +183 -0
  107. package/lib/distill.mjs +21 -8
  108. package/lib/doc-stamp.mjs +164 -0
  109. package/lib/doc-verify.mjs +119 -0
  110. package/lib/docs-routing.mjs +89 -0
  111. package/lib/docs-verify.mjs +417 -0
  112. package/lib/doctor/audit.mjs +71 -0
  113. package/lib/doctor/cli.mjs +99 -0
  114. package/lib/doctor/escalate.mjs +29 -0
  115. package/lib/doctor/index.mjs +140 -0
  116. package/lib/doctor/report.mjs +170 -0
  117. package/lib/doctor/watchers/bd-watch.mjs +117 -0
  118. package/lib/doctor/watchers/cost.mjs +130 -0
  119. package/lib/doctor/watchers/disk.mjs +122 -0
  120. package/lib/doctor/watchers/handoffs.mjs +33 -0
  121. package/lib/doctor/watchers/process-pressure.mjs +60 -0
  122. package/lib/doctor/watchers/service-health.mjs +188 -0
  123. package/lib/document-extract.mjs +288 -0
  124. package/lib/document-ingest.mjs +230 -0
  125. package/lib/drop.mjs +282 -0
  126. package/lib/embed/approval-queue.mjs +176 -0
  127. package/lib/embed/artifact.mjs +349 -0
  128. package/lib/embed/authority-guard.mjs +155 -0
  129. package/lib/embed/cli.mjs +408 -0
  130. package/lib/embed/config.mjs +355 -0
  131. package/lib/embed/conflict-detection.mjs +264 -0
  132. package/lib/embed/customer-profiles.mjs +480 -0
  133. package/lib/embed/daemon.mjs +1309 -0
  134. package/lib/embed/demand-fetch.mjs +449 -0
  135. package/lib/embed/docs-lifecycle.mjs +349 -0
  136. package/lib/embed/inbox-live-watcher.mjs +119 -0
  137. package/lib/embed/inbox.mjs +343 -0
  138. package/lib/embed/intake-metrics.mjs +190 -0
  139. package/lib/embed/jobs/vector-sync.mjs +198 -0
  140. package/lib/embed/notifications.mjs +75 -0
  141. package/lib/embed/output.mjs +79 -0
  142. package/lib/embed/providers/github.mjs +295 -0
  143. package/lib/embed/providers/jira.mjs +192 -0
  144. package/lib/embed/providers/linear.mjs +186 -0
  145. package/lib/embed/providers/registry.mjs +115 -0
  146. package/lib/embed/providers/slack.mjs +203 -0
  147. package/lib/embed/recommendation-store.mjs +378 -0
  148. package/lib/embed/roadmap.mjs +374 -0
  149. package/lib/embed/role-framing.mjs +110 -0
  150. package/lib/embed/scheduler.mjs +99 -0
  151. package/lib/embed/semantic.mjs +325 -0
  152. package/lib/embed/snapshot.mjs +191 -0
  153. package/lib/embed/supervision.mjs +235 -0
  154. package/lib/embed/target-resolver.mjs +186 -0
  155. package/lib/embed/worker.mjs +62 -0
  156. package/lib/embed/workspaces.mjs +297 -0
  157. package/lib/engine/chunker-headings.mjs +110 -0
  158. package/lib/engine/compressor-heuristic.mjs +100 -0
  159. package/lib/engine/consolidate.mjs +287 -0
  160. package/lib/engine/contracts.mjs +126 -0
  161. package/lib/engine/defaults.mjs +129 -0
  162. package/lib/engine/eval-retrieval.mjs +148 -0
  163. package/lib/engine/fuser-rrf.mjs +62 -0
  164. package/lib/engine/index.mjs +37 -0
  165. package/lib/engine/registry.mjs +146 -0
  166. package/lib/engine/reranker-mmr.mjs +90 -0
  167. package/lib/engine/tokens.mjs +77 -0
  168. package/lib/entity-store.mjs +280 -0
  169. package/lib/env-config.mjs +69 -4
  170. package/lib/evals/retrieval-bench.mjs +159 -0
  171. package/lib/evaluator-optimizer.mjs +317 -0
  172. package/lib/features.mjs +159 -29
  173. package/lib/gates-audit.mjs +236 -0
  174. package/lib/git-hooks/prepare-commit-msg +58 -0
  175. package/lib/handoffs/cleanup.mjs +159 -0
  176. package/lib/handoffs/contract.mjs +162 -0
  177. package/lib/handoffs/inventory.mjs +120 -0
  178. package/lib/headhunt.mjs +28 -47
  179. package/lib/health-check.mjs +399 -0
  180. package/lib/hook-health.mjs +442 -0
  181. package/lib/hooks/_lib/log.mjs +82 -0
  182. package/lib/hooks/adaptive-lint.mjs +26 -2
  183. package/lib/hooks/agent-tracker.mjs +171 -14
  184. package/lib/hooks/audit-reads.mjs +109 -0
  185. package/lib/hooks/audit-trail.mjs +153 -0
  186. package/lib/hooks/bash-output-logger.mjs +71 -0
  187. package/lib/hooks/block-no-verify.mjs +41 -0
  188. package/lib/hooks/ci-status-check.mjs +82 -0
  189. package/lib/hooks/comment-lint.mjs +29 -7
  190. package/lib/hooks/config-protection.mjs +39 -18
  191. package/lib/hooks/context-watch.mjs +137 -0
  192. package/lib/hooks/context-window-recovery.mjs +4 -20
  193. package/lib/hooks/dep-audit.mjs +16 -0
  194. package/lib/hooks/doc-coupling-check.mjs +80 -0
  195. package/lib/hooks/edit-accumulator.mjs +3 -0
  196. package/lib/hooks/edit-error-recovery.mjs +3 -0
  197. package/lib/hooks/edit-guard.mjs +45 -4
  198. package/lib/hooks/env-check.mjs +3 -0
  199. package/lib/hooks/guard-bash.mjs +58 -1
  200. package/lib/hooks/mcp-audit.mjs +18 -20
  201. package/lib/hooks/mcp-health-check.mjs +36 -0
  202. package/lib/hooks/model-fallback.mjs +42 -56
  203. package/lib/hooks/policy-engine.mjs +209 -0
  204. package/lib/hooks/post-merge-docs-check.mjs +63 -0
  205. package/lib/hooks/pre-compact.mjs +4 -24
  206. package/lib/hooks/pre-push-gate.mjs +200 -37
  207. package/lib/hooks/proactive-activation.mjs +284 -0
  208. package/lib/hooks/read-tracker.mjs +27 -4
  209. package/lib/hooks/readme-age-check.mjs +77 -0
  210. package/lib/hooks/registry-sync.mjs +12 -5
  211. package/lib/hooks/scan-secrets.mjs +50 -7
  212. package/lib/hooks/session-optimize.mjs +311 -0
  213. package/lib/hooks/session-start.mjs +287 -28
  214. package/lib/hooks/stop-notify.mjs +236 -96
  215. package/lib/hooks/stop-typecheck.mjs +13 -1
  216. package/lib/hooks/test-watch.mjs +68 -0
  217. package/lib/host-capabilities.mjs +31 -10
  218. package/lib/init-docs.mjs +731 -291
  219. package/lib/init-unified.mjs +1116 -0
  220. package/lib/init-update.mjs +168 -0
  221. package/lib/init.mjs +107 -0
  222. package/lib/install/first-invocation.mjs +119 -0
  223. package/lib/install/stage-project.mjs +69 -0
  224. package/lib/intake/classify.mjs +278 -0
  225. package/lib/intake/feedback.mjs +273 -0
  226. package/lib/intake/filesystem-queue.mjs +158 -0
  227. package/lib/intake/intake-config.mjs +132 -0
  228. package/lib/intake/postgres-queue.mjs +198 -0
  229. package/lib/intake/prepare.mjs +139 -0
  230. package/lib/intake/queue.mjs +83 -0
  231. package/lib/intake/session-prelude.mjs +50 -0
  232. package/lib/integrations/intake-integrations.mjs +740 -0
  233. package/lib/intent-classifier.mjs +253 -0
  234. package/lib/knowledge/layout.mjs +72 -0
  235. package/lib/knowledge/rag.mjs +331 -0
  236. package/lib/knowledge/search.mjs +315 -0
  237. package/lib/knowledge/trends.mjs +261 -0
  238. package/lib/logger.mjs +85 -0
  239. package/lib/mcp/broker.mjs +124 -0
  240. package/lib/mcp/server.mjs +554 -854
  241. package/lib/mcp/tools/document.mjs +132 -0
  242. package/lib/mcp/tools/memory.mjs +209 -0
  243. package/lib/mcp/tools/project.mjs +349 -0
  244. package/lib/mcp/tools/skills.mjs +409 -0
  245. package/lib/mcp/tools/storage.mjs +60 -0
  246. package/lib/mcp/tools/telemetry.mjs +315 -0
  247. package/lib/mcp/tools/workflow.mjs +112 -0
  248. package/lib/mcp-catalog.json +54 -3
  249. package/lib/mcp-manager.mjs +96 -48
  250. package/lib/mcp-platform-config.mjs +22 -22
  251. package/lib/memory-stats.mjs +121 -0
  252. package/lib/mode-commands.mjs +124 -0
  253. package/lib/model-free-selector.mjs +184 -0
  254. package/lib/model-pricing.mjs +152 -0
  255. package/lib/model-registry.mjs +226 -0
  256. package/lib/model-router.mjs +362 -386
  257. package/lib/observation-store.mjs +391 -0
  258. package/lib/ollama-manager.mjs +428 -0
  259. package/lib/opencode-config.mjs +13 -3
  260. package/lib/opencode-runtime-plugin.mjs +70 -38
  261. package/lib/opencode-telemetry.mjs +64 -6
  262. package/lib/orchestration-policy.mjs +509 -6
  263. package/lib/overrides/resolver.mjs +207 -0
  264. package/lib/parity.mjs +147 -0
  265. package/lib/paths.mjs +33 -0
  266. package/lib/performance/generate.mjs +212 -0
  267. package/lib/plugin-registry.mjs +268 -0
  268. package/lib/policy/engine.mjs +130 -0
  269. package/lib/policy/unified-gates.mjs +96 -0
  270. package/lib/project-detection.mjs +129 -0
  271. package/lib/project-init-shared.mjs +272 -0
  272. package/lib/project-profile.mjs +447 -0
  273. package/lib/prompt-composer.js +434 -0
  274. package/lib/prompt-metadata.mjs +1 -1
  275. package/lib/provider-capabilities-anthropic.js +44 -0
  276. package/lib/provider-capabilities-deepseek.js +37 -0
  277. package/lib/provider-capabilities-generic.js +26 -0
  278. package/lib/provider-capabilities-google.js +47 -0
  279. package/lib/provider-capabilities-openai.js +45 -0
  280. package/lib/provider-capabilities.js +142 -0
  281. package/lib/providers/atlassian-confluence/index.mjs +103 -0
  282. package/lib/providers/atlassian-jira/index.mjs +100 -0
  283. package/lib/providers/auth-manager.mjs +126 -0
  284. package/lib/providers/circuit-breaker.mjs +124 -0
  285. package/lib/providers/contract.mjs +93 -0
  286. package/lib/providers/github/index.mjs +126 -0
  287. package/lib/providers/registry.mjs +184 -0
  288. package/lib/providers/salesforce/index.mjs +100 -0
  289. package/lib/providers/slack/index.mjs +80 -0
  290. package/lib/reflect.mjs +137 -0
  291. package/lib/research-lint.mjs +164 -0
  292. package/lib/resources/budget.mjs +259 -0
  293. package/lib/role-preload.mjs +21 -6
  294. package/lib/roles/approval-surface.mjs +54 -0
  295. package/lib/roles/cli.mjs +118 -0
  296. package/lib/roles/event-bus.mjs +79 -0
  297. package/lib/roles/fence.mjs +84 -0
  298. package/lib/roles/gateway.mjs +260 -0
  299. package/lib/roles/hook-emit.mjs +37 -0
  300. package/lib/roles/manifest.mjs +48 -0
  301. package/lib/roles/router.mjs +27 -0
  302. package/lib/runtime-pressure.mjs +360 -0
  303. package/lib/schema-artifact.mjs +134 -0
  304. package/lib/schema-infer.mjs +551 -0
  305. package/lib/server/auth.mjs +168 -0
  306. package/lib/server/chat.mjs +336 -0
  307. package/lib/server/cors.mjs +77 -0
  308. package/lib/server/csrf.mjs +91 -0
  309. package/lib/server/index.mjs +1927 -78
  310. package/lib/server/insights.mjs +765 -0
  311. package/lib/server/rate-limit.mjs +91 -0
  312. package/lib/server/static/assets/index-ab25c707.js +70 -0
  313. package/lib/server/static/assets/index-f0c80a2b.css +1 -0
  314. package/lib/server/static/index.html +12 -817
  315. package/lib/server/telemetry-login.mjs +108 -0
  316. package/lib/server/webhook.mjs +510 -0
  317. package/lib/service-manager.mjs +522 -58
  318. package/lib/services/pattern-promotion-service.mjs +167 -0
  319. package/lib/services/telemetry-backend.mjs +178 -0
  320. package/lib/session-store.mjs +374 -0
  321. package/lib/setup-prompts.mjs +96 -0
  322. package/lib/setup.mjs +525 -38
  323. package/lib/skills-apply.mjs +280 -0
  324. package/lib/skills-scope.mjs +118 -0
  325. package/lib/status.mjs +261 -70
  326. package/lib/storage/admin.mjs +355 -0
  327. package/lib/storage/backend.mjs +2 -1
  328. package/lib/storage/backup.mjs +347 -0
  329. package/lib/storage/embeddings-engine.mjs +133 -0
  330. package/lib/storage/embeddings-legacy.mjs +85 -0
  331. package/lib/storage/embeddings-local.mjs +108 -0
  332. package/lib/storage/embeddings-ollama.mjs +78 -0
  333. package/lib/storage/embeddings-openai.mjs +85 -0
  334. package/lib/storage/embeddings.mjs +92 -33
  335. package/lib/storage/file-lock.mjs +130 -0
  336. package/lib/storage/fusion.mjs +95 -0
  337. package/lib/storage/hybrid-query.mjs +34 -27
  338. package/lib/storage/migrations.mjs +187 -0
  339. package/lib/storage/postgres-backup.mjs +124 -0
  340. package/lib/storage/sql-store.mjs +5 -15
  341. package/lib/storage/state-source.mjs +12 -13
  342. package/lib/storage/store-version.mjs +115 -0
  343. package/lib/storage/sync.mjs +144 -35
  344. package/lib/storage/unified-storage.mjs +550 -0
  345. package/lib/storage/vector-client.mjs +286 -0
  346. package/lib/storage/vector-store.mjs +71 -30
  347. package/lib/task-graph/generate.mjs +135 -0
  348. package/lib/task-graph/schema.mjs +81 -0
  349. package/lib/task-graph/store.mjs +71 -0
  350. package/lib/telemetry/backends/local.mjs +62 -0
  351. package/lib/telemetry/backends/{langfuse.mjs → remote.mjs} +27 -14
  352. package/lib/telemetry/backfill.mjs +180 -0
  353. package/lib/telemetry/eval-datasets.mjs +203 -0
  354. package/lib/telemetry/{langfuse-ingest.mjs → ingest.mjs} +26 -20
  355. package/lib/telemetry/intent-verifications.mjs +86 -0
  356. package/lib/telemetry/llm-judge.mjs +350 -0
  357. package/lib/telemetry/model-pricing-catalog.mjs +557 -0
  358. package/lib/telemetry/setup.mjs +151 -0
  359. package/lib/telemetry/skill-calls.mjs +78 -0
  360. package/lib/telemetry/team-rollup.mjs +4 -4
  361. package/lib/token-engine.js +117 -0
  362. package/lib/token-estimator-anthropic.js +15 -0
  363. package/lib/token-estimator-deepseek.js +13 -0
  364. package/lib/token-estimator-default.js +13 -0
  365. package/lib/token-estimator-google.js +13 -0
  366. package/lib/token-estimator-openai.js +13 -0
  367. package/lib/toolkit-env.mjs +1 -1
  368. package/lib/tty-prompts.mjs +211 -0
  369. package/lib/uninstall/uninstall.mjs +423 -0
  370. package/lib/update.mjs +115 -0
  371. package/lib/upgrade.mjs +141 -0
  372. package/lib/validator.mjs +51 -2
  373. package/lib/validators/skills.mjs +142 -0
  374. package/lib/wireframe.mjs +422 -0
  375. package/lib/worker/entrypoint.mjs +241 -0
  376. package/lib/worker/evidence.mjs +107 -0
  377. package/lib/worker/run.mjs +154 -0
  378. package/lib/worker/trace.mjs +182 -0
  379. package/lib/workflow-state.mjs +14 -18
  380. package/package.json +21 -8
  381. package/personas/construct.md +53 -51
  382. package/platforms/claude/CLAUDE.md +1 -1
  383. package/platforms/claude/settings.template.json +115 -68
  384. package/platforms/opencode/config.template.json +3 -7
  385. package/rules/common/agents.md +11 -38
  386. package/rules/common/beads-hygiene.md +75 -0
  387. package/rules/common/code-review.md +11 -100
  388. package/rules/common/coding-style.md +5 -3
  389. package/rules/common/comments.md +30 -111
  390. package/rules/common/commit-approval.md +53 -0
  391. package/rules/common/cx-agent-routing.md +1 -0
  392. package/rules/common/development-workflow.md +23 -41
  393. package/rules/common/doc-ownership.md +54 -0
  394. package/rules/common/efficiency.md +57 -0
  395. package/rules/common/framing.md +76 -0
  396. package/rules/common/git-workflow.md +2 -4
  397. package/rules/common/patterns.md +3 -7
  398. package/rules/common/performance.md +15 -31
  399. package/rules/common/release-gates.md +69 -0
  400. package/rules/common/research.md +107 -0
  401. package/rules/common/security.md +6 -6
  402. package/rules/common/skill-composition.md +67 -0
  403. package/rules/common/testing.md +15 -27
  404. package/rules/golang/hooks.md +0 -4
  405. package/rules/policy/bootstrap.yaml +11 -0
  406. package/rules/policy/drive.yaml +8 -0
  407. package/rules/policy/task.yaml +9 -0
  408. package/rules/policy/workflow.yaml +9 -0
  409. package/rules/python/hooks.md +0 -4
  410. package/rules/swift/hooks.md +0 -4
  411. package/rules/typescript/hooks.md +0 -4
  412. package/rules/web/hooks.md +0 -2
  413. package/{sync-agents.mjs → scripts/sync-agents.mjs} +306 -61
  414. package/skills/ai/prompt-optimizer.md +7 -7
  415. package/skills/compliance/ai-disclosure.md +58 -0
  416. package/skills/compliance/data-privacy.md +46 -0
  417. package/skills/compliance/license-audit.md +40 -0
  418. package/skills/compliance/regulatory-review.md +61 -0
  419. package/skills/docs/document-ingest-workflow.md +52 -0
  420. package/skills/docs/evidence-ingest-workflow.md +9 -0
  421. package/skills/docs/init-docs.md +51 -18
  422. package/skills/docs/product-intelligence-workflow.md +12 -0
  423. package/skills/docs/product-signal-workflow.md +4 -0
  424. package/skills/docs/research-workflow.md +23 -8
  425. package/skills/docs/runbook-workflow.md +1 -1
  426. package/skills/operating/orchestration-reference.md +151 -0
  427. package/skills/roles/architect.md +5 -0
  428. package/skills/roles/engineer.md +32 -0
  429. package/skills/roles/operator.md +12 -0
  430. package/skills/roles/reviewer.md +23 -0
  431. package/skills/routing.md +1 -1
  432. package/templates/devcontainer/Dockerfile.devcontainer +38 -0
  433. package/templates/devcontainer/devcontainer.json +31 -0
  434. package/templates/distribution/bootstrap.ps1 +142 -0
  435. package/templates/distribution/bootstrap.sh +196 -0
  436. package/templates/distribution/run.mjs +187 -0
  437. package/templates/docs/adr.md +44 -8
  438. package/templates/docs/changelog-entry.md +43 -0
  439. package/templates/docs/construct_guide.md +149 -0
  440. package/templates/docs/evidence-brief.md +2 -2
  441. package/templates/docs/meta-prd.md +140 -19
  442. package/templates/docs/onboarding.md +57 -0
  443. package/templates/docs/prd.md +159 -15
  444. package/templates/docs/research-brief.md +4 -4
  445. package/templates/homebrew/construct.rb +67 -0
  446. package/langfuse/docker-compose.yml +0 -82
  447. package/lib/eval-harness.mjs +0 -59
  448. package/lib/hooks/bootstrap-guard.mjs +0 -90
  449. package/lib/hooks/console-warn.mjs +0 -43
  450. package/lib/hooks/continuation-enforcer.mjs +0 -72
  451. package/lib/hooks/drive-guard.mjs +0 -89
  452. package/lib/hooks/mcp-task-scope.mjs +0 -47
  453. package/lib/hooks/task-completed-guard.mjs +0 -43
  454. package/lib/hooks/teammate-idle-guard.mjs +0 -54
  455. package/lib/hooks/workflow-guard.mjs +0 -62
  456. package/lib/prompt-composer.mjs +0 -196
  457. package/lib/review.mjs +0 -429
  458. package/lib/server/static/app.js +0 -841
  459. package/lib/telemetry/langfuse-model-sync.mjs +0 -270
  460. package/rules/common/hooks.md +0 -35
  461. package/rules/zh/README.md +0 -113
  462. package/rules/zh/agents.md +0 -55
  463. package/rules/zh/code-review.md +0 -129
  464. package/rules/zh/coding-style.md +0 -53
  465. package/rules/zh/development-workflow.md +0 -49
  466. package/rules/zh/git-workflow.md +0 -29
  467. package/rules/zh/hooks.md +0 -35
  468. package/rules/zh/patterns.md +0 -36
  469. package/rules/zh/performance.md +0 -60
  470. package/rules/zh/security.md +0 -34
  471. package/rules/zh/testing.md +0 -34
@@ -1,12 +1,12 @@
1
1
  <!--
2
2
  skills/ai/prompt-optimizer.md — Closed-loop prompt auto-optimization guide.
3
3
 
4
- Uses Langfuse traces and quality scores as the feedback signal, Claude as the optimizer,
4
+ Uses telemetry traces and quality scores as the feedback signal, Claude as the optimizer,
5
5
  and the agent registry + construct sync as the deployment layer.
6
6
  -->
7
7
  # Prompt Auto-Optimization Loop
8
8
 
9
- Construct's prompt improvement system uses Langfuse traces and quality scores as the feedback signal, Claude as the optimizer, and the agent registry (`agents/registry.json`) as the deployment layer. This is a closed loop: production data → failure analysis → improved prompt → staging → promotion.
9
+ Construct's prompt improvement system uses telemetry traces and quality scores as the feedback signal, Claude as the optimizer, and the agent registry (`agents/registry.json`) as the deployment layer. This is a closed loop: production data → failure analysis → improved prompt → staging → promotion.
10
10
 
11
11
  ## Running the optimizer
12
12
 
@@ -36,16 +36,16 @@ The optimizer requires Python 3.12+ (`pip3` must be available). It will auto-ins
36
36
 
37
37
  Retrieve the current production prompt for the target agent from `agents/registry.json` (or the corresponding `promptFile` if using extracted prompts).
38
38
 
39
- Then retrieve recent traces via the Langfuse REST API:
39
+ Then retrieve recent traces via the telemetry backend REST API:
40
40
 
41
41
  ```
42
- GET {LANGFUSE_BASEURL}/api/public/traces?tags={agentName}&limit=50
43
- # Auth: Basic base64(LANGFUSE_PUBLIC_KEY:LANGFUSE_SECRET_KEY)
42
+ GET {CONSTRUCT_TELEMETRY_URL}/api/public/traces?tags={agentName}&limit=50
43
+ # Auth: Basic base64(CONSTRUCT_TELEMETRY_PUBLIC_KEY:CONSTRUCT_TELEMETRY_SECRET_KEY)
44
44
  ```
45
45
 
46
46
  To fetch quality scores for traces:
47
47
  ```
48
- GET {LANGFUSE_BASEURL}/api/public/scores?traceId={id}&name=quality
48
+ GET {CONSTRUCT_TELEMETRY_URL}/api/public/scores?traceId={id}&name=quality
49
49
  ```
50
50
 
51
51
  Filter to scores where `value < 0.7`. For each low-scoring trace, extract: the prompt used, the user input, the model output, the quality score, and any human comments.
@@ -110,5 +110,5 @@ Run `cx-trace-reviewer` after every promotion. If the newly promoted prompt show
110
110
 
111
111
  ## What this does not replace
112
112
 
113
- - **DSPy**: If you need algorithmic optimization over large datasets with measurable metrics (classification, structured output), DSPy is the right tool and integrates with Langfuse for tracing. This skill is for natural-language agent prompts where the metric is quality score.
113
+ - **DSPy**: If you need algorithmic optimization over large datasets with measurable metrics (classification, structured output), DSPy is the right tool and integrates with telemetry backend for tracing. This skill is for natural-language agent prompts where the metric is quality score.
114
114
  - **Human review**: Always read the generated prompt before pushing to staging. The LLM optimizer can introduce subtle regressions. Automated promotion should only happen after confirming the diff makes sense.
@@ -0,0 +1,58 @@
1
+ <!--
2
+ skills/compliance/ai-disclosure.md — AI Disclosure — AI transparency, disclosure, and regulatory compliance.
3
+
4
+ Use this skill when reviewing AI features for disclosure requirements, transparency obligations, or emerging AI regulation compliance.
5
+ -->
6
+ # AI Disclosure
7
+
8
+ Use this skill when reviewing AI features for disclosure requirements, transparency obligations, or emerging AI regulation compliance.
9
+
10
+ ## Disclosure Requirements
11
+
12
+ ### When AI generates or modifies content
13
+
14
+ - Disclose that content was AI-generated or AI-assisted
15
+ - Label AI outputs clearly in the UI (e.g., "Generated by AI", "AI-assisted")
16
+ - Do not present AI-generated content as human-authored without disclosure
17
+
18
+ ### When AI makes or influences decisions
19
+
20
+ - Document the decision criteria and model inputs
21
+ - Provide a mechanism for human review of consequential decisions
22
+ - Log the model version, prompt template, and confidence score for audit
23
+
24
+ ### When AI processes personal data
25
+
26
+ - Include AI processing in the privacy notice
27
+ - Obtain specific consent for automated decision-making under GDPR Art. 22
28
+ - Provide the right to obtain human intervention, express a point of view, and contest the decision
29
+
30
+ ## Regulatory Landscape
31
+
32
+ | Regulation | Scope | Key Requirement |
33
+ |------------|-------|-----------------|
34
+ | EU AI Act | EU market | Risk classification, transparency obligations, conformity assessment for high-risk |
35
+ | GDPR Art. 22 | EU residents | Right not to be subject to solely automated decisions with legal effects |
36
+ | NYC Local Law 144 | NYC employers | Bias audit for automated employment decision tools |
37
+ | Colorado AI Act | Colorado consumers | Disclosure of high-risk AI decisions, impact assessments |
38
+ | Canada AIDA (proposed) | Canada | Transparency, bias mitigation, human oversight for high-impact systems |
39
+
40
+ ## Code Review Triggers
41
+
42
+ - AI features that influence hiring, lending, insurance, or housing decisions (high-risk under EU AI Act)
43
+ - Chatbots or virtual agents without clear "you are talking to AI" disclosure
44
+ - AI-generated recommendations presented without provenance markers
45
+ - Model outputs stored without version tracking or audit trail
46
+ - Automated content moderation without human appeal mechanism
47
+ - Training on user data without explicit consent or opt-out
48
+
49
+ ## Risk Assessment Template
50
+
51
+ For each AI feature, document:
52
+ 1. **Purpose**: what the AI does and why
53
+ 2. **Data inputs**: what data the model receives
54
+ 3. **Risk tier**: minimal, limited, high, unacceptable (per EU AI Act)
55
+ 4. **Disclosure mechanism**: how users are informed
56
+ 5. **Human oversight**: who reviews AI decisions and how
57
+ 6. **Bias mitigation**: what testing was done for fairness
58
+ 7. **Audit trail**: what is logged for post-hoc review
@@ -0,0 +1,46 @@
1
+ <!--
2
+ skills/compliance/data-privacy.md — Data Privacy — GDPR, CCPA, and data protection compliance patterns.
3
+
4
+ Use this skill when reviewing data collection, storage, processing, or retention for privacy regulation compliance.
5
+ -->
6
+ # Data Privacy
7
+
8
+ Use this skill when reviewing data collection, storage, processing, or retention for privacy regulation compliance.
9
+
10
+ ## Data Classification
11
+
12
+ | Category | Examples | Handling |
13
+ |----------|----------|----------|
14
+ | PII | Name, email, phone, address, IP | Encrypt at rest, minimize collection |
15
+ | Sensitive PII | SSN, financial data, health data, biometrics | Encrypt + access control + audit log |
16
+ | Pseudonymous | Hashed identifiers, device IDs, session tokens | Still personal data under GDPR |
17
+ | Anonymous | Aggregated statistics with k-anonymity | Generally exempt |
18
+
19
+ ## Privacy by Design Checklist
20
+
21
+ - [ ] Data minimization: collect only what is necessary for the stated purpose
22
+ - [ ] Purpose limitation: document why each data field is collected
23
+ - [ ] Storage limitation: define retention periods and auto-deletion schedules
24
+ - [ ] Lawful basis: identify legal basis for each processing activity (consent, contract, legitimate interest)
25
+ - [ ] Data subject rights: implement access, rectification, erasure, portability, and objection endpoints
26
+ - [ ] Cross-border transfers: verify adequacy decisions or standard contractual clauses for international data flows
27
+ - [ ] Breach notification: document the process for 72-hour supervisory authority notification
28
+
29
+ ## Code Review Triggers
30
+
31
+ Flag these patterns in code:
32
+
33
+ - Logging PII to stdout, application logs, or third-party analytics
34
+ - Storing PII in plain text without encryption
35
+ - Passing PII in URL query parameters
36
+ - Retaining data beyond the documented retention period
37
+ - Third-party SDK calls that transmit user data without documented DPA
38
+ - Cookie or tracking pixel placement without consent management
39
+ - Email addresses used as primary keys (makes deletion cascades hard)
40
+
41
+ ## Regulation Quick Reference
42
+
43
+ - **GDPR**: EU residents. Consent must be freely given, specific, informed, unambiguous. Right to erasure is absolute for consent-based processing.
44
+ - **CCPA/CPRA**: California residents. Right to know, delete, opt-out of sale/sharing. 12-month lookback on data collection.
45
+ - **LGPD**: Brazil. Similar to GDPR. Requires a DPO and legal basis for processing.
46
+ - **PIPEDA**: Canada. Consent required for collection, use, and disclosure. Reasonable purpose test applies.
@@ -0,0 +1,40 @@
1
+ <!--
2
+ skills/compliance/license-audit.md — License Audit — Dependency license review and open-source compliance.
3
+
4
+ Use this skill when auditing dependency licenses, evaluating OSS compliance risk, or preparing license inventories for legal review.
5
+ -->
6
+ # License Audit
7
+
8
+ Use this skill when auditing dependency licenses, evaluating OSS compliance risk, or preparing license inventories for legal review.
9
+
10
+ ## License Classification
11
+
12
+ | Risk Tier | Licenses | Action |
13
+ |-----------|----------|--------|
14
+ | Permissive | MIT, BSD-2, BSD-3, ISC, Apache-2.0, Unlicense | Safe for most uses |
15
+ | Weak copyleft | LGPL-2.1, LGPL-3.0, MPL-2.0, EPL-2.0 | Review linking model |
16
+ | Strong copyleft | GPL-2.0, GPL-3.0, AGPL-3.0 | Legal review required |
17
+ | Non-commercial | CC-BY-NC, SSPL, BSL, Elastic-2.0 | Block for commercial use |
18
+ | Unknown/Custom | No SPDX identifier, custom terms | Manual review required |
19
+
20
+ ## Audit Process
21
+
22
+ 1. Generate SBOM: use `npm list --all --json`, `pip licenses`, `cargo license`, or equivalent
23
+ 2. Identify every direct and transitive dependency
24
+ 3. Map each dependency to its SPDX license identifier
25
+ 4. Flag any dependency without a clear license file as unknown-risk
26
+ 5. Check for license changes between pinned versions and latest
27
+ 6. Look past layer one — transitive copyleft taints the whole tree
28
+
29
+ ## Red Flags
30
+
31
+ - AGPL-3.0 in any network-exposed service dependency
32
+ - GPL in a library linked into proprietary code without a linking exception
33
+ - Mixed licensing where copyleft and proprietary code share a compilation unit
34
+ - Dependencies that changed from permissive to restrictive between versions
35
+ - "License: SEE LICENSE IN ..." with no actual license file present
36
+ - Dual-licensed packages where the free option is copyleft
37
+
38
+ ## Deliverable
39
+
40
+ Produce a license inventory table: dependency name, version, license SPDX, risk tier, notes. Flag every non-permissive entry with a recommended action (accept, replace, seek exception, or block).
@@ -0,0 +1,61 @@
1
+ <!--
2
+ skills/compliance/regulatory-review.md — Regulatory Review — Pre-ship compliance review checklist and process.
3
+
4
+ Use this skill when conducting a compliance review before shipping features that handle user data, financial transactions, AI decisions, or regulated content.
5
+ -->
6
+ # Regulatory Review
7
+
8
+ Use this skill when conducting a compliance review before shipping features that handle user data, financial transactions, AI decisions, or regulated content.
9
+
10
+ ## Pre-Ship Compliance Checklist
11
+
12
+ ### Data handling
13
+
14
+ - [ ] All personal data fields documented with purpose and legal basis
15
+ - [ ] Retention periods defined and enforced
16
+ - [ ] Encryption at rest and in transit for sensitive data
17
+ - [ ] Data subject rights endpoints implemented and tested
18
+ - [ ] Cross-border data transfer mechanisms in place
19
+
20
+ ### Licensing
21
+
22
+ - [ ] Dependency license audit completed (no copyleft surprises)
23
+ - [ ] Third-party SDK terms reviewed for data sharing obligations
24
+ - [ ] Attribution requirements satisfied for open-source dependencies
25
+
26
+ ### AI features
27
+
28
+ - [ ] AI disclosure in place for all AI-generated content
29
+ - [ ] High-risk AI decisions have human oversight mechanism
30
+ - [ ] Model version and prompt tracked for audit
31
+ - [ ] Bias testing completed for consequential decisions
32
+
33
+ ### Security
34
+
35
+ - [ ] Authentication and authorization tested
36
+ - [ ] Input validation on all user-facing endpoints
37
+ - [ ] No hardcoded secrets in source code
38
+ - [ ] Security headers configured (CSP, HSTS, etc.)
39
+
40
+ ### Accessibility
41
+
42
+ - [ ] WCAG 2.1 AA compliance for public-facing surfaces
43
+ - [ ] Screen reader and keyboard navigation tested
44
+
45
+ ## Review Process
46
+
47
+ 1. **Inventory**: list all data types collected, stored, or processed by the feature
48
+ 2. **Classify**: map each data type to a regulation (GDPR, CCPA, HIPAA, PCI-DSS, etc.)
49
+ 3. **Gap analysis**: compare current implementation against regulatory requirements
50
+ 4. **Remediation**: fix gaps before shipping, document accepted risks
51
+ 5. **Evidence**: collect audit evidence (test results, screenshots, config exports)
52
+ 6. **Sign-off**: document the reviewer, date, and scope of the review
53
+
54
+ ## Common Compliance Gaps
55
+
56
+ - Terms of service not updated to reflect new data processing
57
+ - Cookie consent banner missing for new tracking mechanisms
58
+ - Data processing agreement not in place for new third-party vendor
59
+ - Privacy policy silent on AI processing activities
60
+ - Deletion endpoint that soft-deletes but never hard-deletes
61
+ - Backup retention that exceeds the documented data retention period
@@ -0,0 +1,52 @@
1
+ <!--
2
+ skills/docs/document-ingest-workflow.md — Convert source documents into retrieval-ready markdown artifacts.
3
+ -->
4
+ # Document Ingest Workflow
5
+
6
+ Use when: the user points at a PDF, Word doc, spreadsheet, slide deck, export, or mixed document folder and wants a markdown version that Construct can search efficiently later.
7
+
8
+ ## Preferred tools
9
+
10
+ 1. `construct ingest <path>` for CLI-driven conversion.
11
+ 2. `ingest_document` over Construct MCP when the host supports MCP tools.
12
+ 3. `extract_document_text` only when the user wants raw extracted text without writing a markdown artifact.
13
+
14
+ ## Default destination
15
+
16
+ Write outputs to `.cx/knowledge/internal/` unless the user explicitly wants a typed `knowledge/<subdir>`, sibling markdown file, or another output path.
17
+
18
+ Why:
19
+
20
+ - files under `.cx/knowledge/` are part of Construct's file-state retrieval path
21
+ - they can be picked up by hybrid search immediately
22
+ - `construct ingest --sync` can then push them into shared SQL/vector storage when configured
23
+
24
+ ## Supported source types
25
+
26
+ - PDF
27
+ - DOC and DOCX
28
+ - XLS, XLSX, CSV, TSV, ODS, Numbers
29
+ - PPT, PPTX, Keynote
30
+ - ODT, RTF
31
+ - text, markdown, HTML, XML, JSON, YAML, and other plain-text project artifacts
32
+
33
+ ## Workflow
34
+
35
+ 1. Ingest the source into markdown.
36
+ 2. Preserve source metadata: original path, extension, extraction method, timestamp, truncation state.
37
+ 3. Keep the markdown normalized and readable; do not invent structure beyond headings and metadata.
38
+ 4. If the document informs product decisions, promote the result into an evidence brief or PRD input using the evidence-ingest workflow.
39
+ 5. If shared storage is configured and the material should be semantically retrievable across sessions, run with `--sync`.
40
+
41
+ ## Examples
42
+
43
+ ```bash
44
+ construct ingest ./docs/vendor/quarterly-review.pdf
45
+ construct ingest ./research-drop --sync
46
+ construct ingest ./deck.pptx --target=sibling
47
+ construct ingest ./data/export.xlsx --out=./notes/export.md
48
+ ```
49
+
50
+ ## Rules
51
+
52
+ Do not overwrite an existing markdown artifact unless the user explicitly asks for replacement. Prefer creating a suffixed filename instead. Keep original source files untouched.
@@ -5,6 +5,8 @@ skills/docs/evidence-ingest-workflow.md — Normalize raw product evidence into
5
5
 
6
6
  Use when: the user pastes customer notes, Slack threads, support tickets, sales notes, research snippets, RFCs, analytics summaries, or competitor signals.
7
7
 
8
+ Follow [rules/common/research.md](../../rules/common/research.md) for source metadata, evidence handling, and confidence labeling.
9
+
8
10
  ## Steps
9
11
 
10
12
  1. Identify the source type and date.
@@ -18,6 +20,13 @@ Use when: the user pastes customer notes, Slack threads, support tickets, sales
18
20
 
19
21
  Do not invent customer quotes, names, or issue links. Preserve ambiguity. If source evidence contains personal data, record only the minimum needed for product decisions.
20
22
 
23
+ Always preserve:
24
+
25
+ - source path or source system
26
+ - source date or access date
27
+ - whether the source is direct evidence or secondhand summary
28
+ - what is observed directly vs inferred by the author
29
+
21
30
  ## Storage
22
31
 
23
32
  Files in `.cx/product-intel/` are indexed by Construct's hybrid retrieval path. Postgres stores them as `product-intel` documents during sync, and the vector layer makes them semantically retrievable for future PRDs and Meta PRDs.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/docs/init-docs.md — Skill: init-docs — Initialize Project Documentation Structure — `init docs`, `create docs structure`, `set up documentation`, `docs scaffold`, `
2
+ skills/docs/init-docs.md — Skill: init-docs — Initialize Project Documentation Structure — `init docs`, `create docs structure`, `set up documentation`, `docs scaffold`, `documentation init`
3
3
 
4
4
  ## Trigger keywords `init docs`, `create docs structure`, `set up documentation`, `docs scaffold`, `documentation init`
5
5
  -->
@@ -19,16 +19,16 @@ When invoked, gather the user's intent and create a tailored documentation direc
19
19
  Ask the user **all at once** (single message, not one at a time):
20
20
 
21
21
  1. **What is this project?** A brief description (one sentence is fine)
22
- 2. **What doc types will you have?** Examples: architecture decisions, API reference, runbooks, user guides, changelogs, onboarding guides, RFCs, design docs, data models, deployment guides
22
+ 2. **What doc types will you have?** See the lane table below for options
23
23
  3. **Who is the audience?** Engineers, external users, both, or internal team only
24
- 4. **Tech stack?** (affects whether API reference sections are needed)
24
+ 4. **Tech stack?** (affects whether API reference or RFC sections are needed)
25
25
  5. **Monorepo or single-service?** Affects directory depth
26
26
 
27
27
  ---
28
28
 
29
29
  ## Step 2 — Generate the structure
30
30
 
31
- Based on answers, create the `docs/` directory and appropriate subdirectories. Use this as a base — add or remove sections based on the user's answers:
31
+ Based on answers, create the `docs/` directory and appropriate subdirectories. Use this as a base — add or remove sections based on the user's answers.
32
32
 
33
33
  ### Core structure (always include)
34
34
 
@@ -43,19 +43,50 @@ docs/
43
43
  └── workflow.json # Canonical workflow/task state
44
44
  ```
45
45
 
46
- ### Add based on doc types mentioned
46
+ ## Interactive UX (TTY)
47
47
 
48
- | Doc type mentioned | Create |
49
- |-------------------|--------|
50
- | Architecture / design | `docs/architecture/` with `overview.md` skeleton |
51
- | API reference | `docs/api/` with `README.md` skeleton |
52
- | Runbooks / ops | `docs/runbooks/` with `README.md` + `incident-response.md` skeleton |
53
- | Onboarding | `docs/onboarding/` with `README.md` + `local-setup.md` skeleton |
54
- | Changelog / releases | `docs/releases/` with `README.md` if the user explicitly wants public release history |
55
- | RFCs | `docs/rfcs/` with `README.md` + `0001-template.md` |
56
- | Data models | `docs/data-models/` with `README.md` skeleton |
57
- | User guides | `docs/guides/` with `README.md` skeleton |
58
- | Deployment | `docs/deployment/` with `README.md` + `environments.md` |
48
+ When run interactively, `construct init-docs` renders a keyboard-driven **full-screen checkbox picker** — all available lanes listed with the default set pre-checked and context-suggested lanes highlighted in the UI. No typing required.
49
+
50
+ - **↑ / ↓** move cursor (details shown in a dedicated panel)
51
+ - **Space** toggle lane on/off
52
+ - **a** toggle all on/off
53
+ - **Enter** confirm and scaffold
54
+ - Follow-up choices use the same menu pattern instead of free-text answers
55
+
56
+ If the user selects the `intake` lane, `construct init-docs` should also create `.cx/inbox/`. Both `.cx/inbox/` and `docs/intake/` act as drop zones for ingestable files, while `docs/intake/` also serves as the durable paper trail lane.
57
+
58
+ When run non-interactively (`--yes` or piped stdin), the lean default set is used unless `--docs=` is supplied. `--docs=lean|product|full` or `--docs=adrs,prds,rfcs` both work.
59
+
60
+ ---
61
+
62
+ ### Available lanes
63
+
64
+ | Lane | Directory | What goes here |
65
+ |--------------|-----------------|----------------|
66
+ | adrs | `docs/adr/` | Architecture decisions that have already been made |
67
+ | briefs | `docs/briefs/` | Research, evidence, signals, one-pagers, customer profiles |
68
+ | changelogs | `docs/changelogs/` | User-facing release notes and version history entries |
69
+ | intake | `docs/intake/` | Intake batch records that explain what arrived, why it matters, and how it should be ingested |
70
+ | memos | `docs/memos/` | Decision memos and internal arguments for alignment |
71
+ | meetings | `docs/meetings/` | Meeting notes, minutes, standups, retros, agendas, and session summaries |
72
+ | notes | `docs/notes/` | Working notes and lightweight durable context outside formal docs or meetings |
73
+ | onboarding | `docs/onboarding/` | Runnable setup guides and first-day workflows |
74
+ | postmortems | `docs/postmortems/` | Blameless incident reports with root cause and corrective actions |
75
+ | prds | `docs/prds/` | Product and capability requirement documents |
76
+ | rfcs | `docs/rfcs/` | Architecture and implementation proposals needing review |
77
+ | runbooks | `docs/runbooks/` | Operational procedures, diagnostics, escalation paths |
78
+
79
+ ### Guidance: which lanes to suggest
80
+
81
+ | Signal in the project | Suggest |
82
+ |-----------------------|---------|
83
+ | Has `Dockerfile`, `.github/`, `deploy/`, or `infra/` | runbooks, postmortems |
84
+ | Has `CHANGELOG.md` or release tagging | changelogs |
85
+ | Has `onboarding/`, `setup/`, or `getting-started/` | onboarding |
86
+ | Has meeting minutes, agendas, retros, or standups | meetings |
87
+ | Has `src/`, `lib/`, `api/`, or `services/` | rfcs |
88
+ | Has research, customer, or market files | briefs |
89
+ | Any project with decisions and requirements | adrs, prds (always lean default) |
59
90
 
60
91
  ---
61
92
 
@@ -120,7 +151,7 @@ Last updated: [date]
120
151
 
121
152
  ## Key decisions
122
153
 
123
- Link to `.cx/decisions/` or the canonical project decision log used in this repo.
154
+ Link to `docs/adr/` or the canonical project decision log used in this repo.
124
155
  ```
125
156
 
126
157
  ---
@@ -156,5 +187,7 @@ Stack: [stack]
156
187
 
157
188
  After completing the docs init:
158
189
  - If the user has architecture questions → `@cx-explorer` or `@cx-docs-keeper` to explore and update `docs/architecture/`
159
- - If the user wants to document a decision → record it in `.cx/decisions/` or the repo's canonical decision log
190
+ - If the user wants to document a decision → record it in `docs/adr/` using the ADR template
160
191
  - If the user wants to add API docs → `@cx-docs-keeper` to generate stubs from code
192
+ - If the user wants to file an incident report → use `docs/postmortems/` with the incident-report template
193
+ - If the user wants to document a release → use `docs/changelogs/` with the changelog-entry template
@@ -8,6 +8,8 @@ customer profiles, and backlog proposals without creating a separate sidecar sys
8
8
 
9
9
  Use when: the request involves customer evidence, PM synthesis, product requirements, PRDs, PRFAQs, customer profiles, product signals, or backlog proposals.
10
10
 
11
+ Follow [rules/common/research.md](../../rules/common/research.md) for source order, verification, confidence, and reproducibility.
12
+
11
13
  ## Operating model
12
14
 
13
15
  Product Intelligence is a Construct-native loop:
@@ -20,6 +22,14 @@ Product Intelligence is a Construct-native loop:
20
22
  6. Gate external writes and approved-doc status through the primary persona.
21
23
  7. Sync searchable artifacts through the hybrid file/Postgres/vector storage path.
22
24
 
25
+ ## Source order
26
+
27
+ 1. Existing internal evidence: customer profiles, evidence briefs, signal briefs, prior PRDs, prior research, ingested docs
28
+ 2. Raw source material: notes, transcripts, tickets, exported docs, spreadsheets, decks
29
+ 3. External corroboration when needed: official product docs, vendor docs, public changelogs, source code, standards
30
+
31
+ Do not skip prior internal evidence when drafting a new product artifact.
32
+
23
33
  ## PM flavor selection
24
34
 
25
35
  - **product**: user workflow, adoption, JTBD, UX surface, success metrics.
@@ -60,3 +70,5 @@ Stop and ask the primary persona before:
60
70
  ## Quality bar
61
71
 
62
72
  Product Intelligence output must cite evidence, distinguish observation from inference, name confidence, and avoid a wall of bullets. Keep em dashes rare. Use paragraphs for reasoning, tables for comparisons, and bullets for scanability.
73
+
74
+ For time-sensitive or externally sourced claims, include the date basis. For load-bearing claims, prefer two independent sources unless one authoritative primary source is enough.
@@ -5,6 +5,8 @@ skills/docs/product-signal-workflow.md — Synthesize product signals from evide
5
5
 
6
6
  Use when: the user asks what customers are asking for, what themes are emerging, whether evidence is strong enough, or what should become a PRD.
7
7
 
8
+ Follow [rules/common/research.md](../../rules/common/research.md) for confidence, contradictions, and source handling.
9
+
8
10
  ## Steps
9
11
 
10
12
  1. Gather relevant evidence briefs, customer profiles, notes, tickets, research, and product docs.
@@ -25,3 +27,5 @@ Default threshold for PRD-ready evidence: at least two independent customers, th
25
27
  ## Quality bar
26
28
 
27
29
  Separate asks from requirements. Separate observation from inference. Name what evidence would change the recommendation.
30
+
31
+ When a claim depends on time-sensitive or external information, include the date or version basis. If evidence conflicts, state the counter-signal explicitly instead of averaging it away.
@@ -7,19 +7,34 @@ Use when: the user asks to research a topic, investigate a question, or gather e
7
7
 
8
8
  Use when: the user asks to research a topic, investigate a question, or gather evidence for a decision.
9
9
 
10
+ Follow [rules/common/research.md](../../rules/common/research.md) as the default policy.
11
+
10
12
  ## Steps
11
13
 
12
- 1. **Clarify the question** — one specific question the research must answer
13
- 2. **Run cx-researcher or cx-docs-researcher** use the appropriate agent:
14
- - Library/API/framework questions cx-docs-researcher
15
- - Market, competitive, general evidence cx-researcher
16
- 3. **Structure findings** using the template from `get_template("research-brief")` — resolves `.cx/templates/docs/research-brief.md` (override) then `templates/docs/research-brief.md` (shipped)
17
- 4. **Write to `.cx/research/{topic-slug}.md`** — cx-docs-keeper owns this
18
- 5. **Reference the research doc** in the requesting agent's output (link by path)
14
+ 1. **Clarify the question** — one specific, falsifiable question the research must answer.
15
+ 2. **Check internal evidence first** — search `.cx/research/`, `.cx/product-intel/`, `docs/prd/`, `docs/meta-prd/`, ADRs, runbooks, and ingested artifacts before going external.
16
+ 3. **Choose the research path**:
17
+ - Library/API/framework/version questions → primary vendor docs, source code, changelogs, exact-version references
18
+ - Market, competitive, policy, or general evidence cx-researcher using primary sources first
19
+ 4. **Use a source hierarchy**:
20
+ - Primary: official docs, exact-version API references, standards, source code
21
+ - Secondary: changelogs, migration guides, maintainer issue comments
22
+ - Tertiary: blogs/forums/Q&A only to locate primaries
23
+ 5. **Structure findings** using the template from `get_template("research-brief")` — resolves `.cx/templates/docs/research-brief.md` (override) then `templates/docs/research-brief.md` (shipped)
24
+ 6. **Write to `.cx/research/{topic-slug}.md`** — cx-docs-keeper owns this
25
+ 7. **Reference the research doc** in the requesting agent's output (link by path)
26
+
27
+ ## Verification bar
28
+
29
+ - Every load-bearing claim must cite a source path, URL, or document reference.
30
+ - Record publication date, version, or access date for each source.
31
+ - Separate observation from inference.
32
+ - Name contradictions and unresolved gaps.
33
+ - Prefer two independent sources per load-bearing claim unless one authoritative primary source is sufficient.
19
34
 
20
35
  ## File naming
21
36
  - Topic slug: lowercase, hyphens, no spaces — e.g., `firebase-auth-v9-migration.md`
22
- - Date prefix for time-sensitive research: `2026-04-langfuse-v2-vs-v3.md`
37
+ - Date prefix for time-sensitive research: `2026-04-release-comparison.md`
23
38
 
24
39
  ## When research feeds a decision
25
40
  → Also create `.cx/decisions/ADR-{NNN}-{slug}.md` referencing the research doc
@@ -15,7 +15,7 @@ Use when: creating operational procedures for services, alerts, or recurring ope
15
15
  4. **cx-docs-keeper** adds to `.cx/context.md` if it's a critical path runbook
16
16
 
17
17
  ## File naming
18
- - `docs/runbooks/langfuse-restart.md`
18
+ - `docs/runbooks/telemetry-restart.md`
19
19
  - `docs/runbooks/db-migration.md`
20
20
  - `docs/runbooks/incident-response.md`
21
21