@geraldmaron/construct 1.0.0 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (471) hide show
  1. package/.env.example +9 -6
  2. package/LICENSE +201 -21
  3. package/README.md +132 -257
  4. package/agents/contracts.json +387 -0
  5. package/agents/prompts/cx-accessibility.md +8 -0
  6. package/agents/prompts/cx-ai-engineer.md +92 -0
  7. package/agents/prompts/cx-architect.md +10 -2
  8. package/agents/prompts/cx-business-strategist.md +13 -0
  9. package/agents/prompts/cx-data-analyst.md +80 -0
  10. package/agents/prompts/cx-data-engineer.md +4 -0
  11. package/agents/prompts/cx-debugger.md +8 -0
  12. package/agents/prompts/cx-designer.md +19 -0
  13. package/agents/prompts/cx-devil-advocate.md +4 -0
  14. package/agents/prompts/cx-docs-keeper.md +128 -0
  15. package/agents/prompts/cx-engineer.md +13 -0
  16. package/agents/prompts/cx-evaluator.md +4 -0
  17. package/agents/prompts/cx-explorer.md +12 -0
  18. package/agents/prompts/cx-legal-compliance.md +13 -0
  19. package/agents/prompts/cx-operations.md +13 -0
  20. package/agents/prompts/cx-orchestrator.md +107 -4
  21. package/agents/prompts/cx-platform-engineer.md +75 -0
  22. package/agents/prompts/cx-product-manager.md +8 -0
  23. package/agents/prompts/cx-qa.md +100 -0
  24. package/agents/prompts/cx-rd-lead.md +13 -0
  25. package/agents/prompts/cx-release-manager.md +8 -0
  26. package/agents/prompts/cx-researcher.md +21 -1
  27. package/agents/prompts/cx-reviewer.md +8 -0
  28. package/agents/prompts/cx-security.md +104 -0
  29. package/agents/prompts/cx-sre.md +104 -0
  30. package/agents/prompts/cx-test-automation.md +4 -0
  31. package/agents/prompts/cx-trace-reviewer.md +7 -3
  32. package/agents/prompts/cx-ux-researcher.md +4 -0
  33. package/agents/registry.json +365 -90
  34. package/agents/role-manifests.json +217 -0
  35. package/bin/construct +3345 -141
  36. package/bin/construct-postinstall.mjs +87 -0
  37. package/commands/build/feature.md +6 -6
  38. package/commands/plan/feature.md +6 -5
  39. package/commands/plan/requirements.md +1 -1
  40. package/commands/ship/status.md +1 -1
  41. package/commands/work/drive.md +3 -3
  42. package/commands/work/optimize-prompts.md +3 -3
  43. package/db/{migrations → schema}/001_init.sql +2 -0
  44. package/db/schema/002_pgvector.sql +182 -0
  45. package/db/schema/003_intake.sql +47 -0
  46. package/examples/README.md +85 -0
  47. package/examples/internal/roles/architect/bad/clever-plan-without-contracts.md +30 -0
  48. package/examples/internal/roles/architect/golden/explicit-tradeoff-before-plan.md +23 -0
  49. package/examples/internal/roles/engineer/bad/speculative-abstraction.md +30 -0
  50. package/examples/internal/roles/engineer/golden/read-before-write.md +28 -0
  51. package/examples/internal/roles/orchestrator/bad/everything-becomes-multi-agent.md +29 -0
  52. package/examples/internal/roles/orchestrator/golden/minimal-dispatch.md +22 -0
  53. package/examples/internal/roles/qa/bad/coverage-theater.md +30 -0
  54. package/examples/internal/roles/qa/golden/regression-gate.md +23 -0
  55. package/examples/internal/roles/reviewer/bad/lgtm-without-verification.md +29 -0
  56. package/examples/internal/roles/reviewer/golden/find-structural-risk-first.md +28 -0
  57. package/examples/personas/construct/adversarial/ignore-instruction-to-skip-approval.md +22 -0
  58. package/examples/personas/construct/bad/commit-without-approval.md +30 -0
  59. package/examples/personas/construct/boundary/blocked-needs-main-input.md +29 -0
  60. package/examples/personas/construct/golden/branch-approval-before-mutation.md +36 -0
  61. package/examples/personas/construct/golden/focused-direct-answer.md +28 -0
  62. package/examples/provider-plugin/README.md +34 -0
  63. package/examples/provider-plugin/index.mjs +74 -0
  64. package/examples/provider-plugin/package.json +15 -0
  65. package/examples/seed-observations/README.md +38 -0
  66. package/examples/seed-observations/anti-patterns.md +44 -0
  67. package/examples/seed-observations/decisions.md +36 -0
  68. package/examples/seed-observations/patterns.md +42 -0
  69. package/lib/agent-contracts-enforce.mjs +158 -0
  70. package/lib/agent-contracts.mjs +231 -0
  71. package/lib/agents/postconditions.mjs +126 -0
  72. package/lib/agents/schema.mjs +124 -0
  73. package/lib/artifact-capture.mjs +183 -0
  74. package/lib/audit-trail.mjs +149 -0
  75. package/lib/auto-docs.mjs +245 -65
  76. package/lib/beads/auto-close.mjs +126 -0
  77. package/lib/beads/drift.mjs +171 -0
  78. package/lib/beads-automation.mjs +542 -0
  79. package/lib/beads-client.mjs +518 -0
  80. package/lib/beads-lock.mjs +377 -0
  81. package/lib/beads-optimistic.mjs +365 -0
  82. package/lib/bootstrap/built-ins.mjs +136 -0
  83. package/lib/bootstrap/lazy-install.mjs +161 -0
  84. package/lib/bootstrap/resources.mjs +120 -0
  85. package/lib/bootstrap.mjs +105 -0
  86. package/lib/cache-governor.js +213 -0
  87. package/lib/cache-strategy-anthropic.js +62 -0
  88. package/lib/cache-strategy-google.js +79 -0
  89. package/lib/cache-strategy-none.js +30 -0
  90. package/lib/cache-strategy-openai.js +48 -0
  91. package/lib/cache-strategy.js +91 -0
  92. package/lib/claude-allow.mjs +149 -0
  93. package/lib/cli-commands.mjs +413 -258
  94. package/lib/codex-config.mjs +3 -1
  95. package/lib/comment-lint.mjs +55 -6
  96. package/lib/completions.mjs +21 -6
  97. package/lib/config/alias.mjs +56 -0
  98. package/lib/config/project-config.mjs +335 -0
  99. package/lib/config/schema.mjs +159 -0
  100. package/lib/context-router.mjs +308 -0
  101. package/lib/cost-ledger.mjs +177 -0
  102. package/lib/cost.mjs +171 -10
  103. package/lib/dashboard-static.mjs +158 -0
  104. package/lib/deployment-mode.mjs +86 -0
  105. package/lib/deprecate.mjs +49 -0
  106. package/lib/dispatch-batch.js +183 -0
  107. package/lib/distill.mjs +21 -8
  108. package/lib/doc-stamp.mjs +164 -0
  109. package/lib/doc-verify.mjs +119 -0
  110. package/lib/docs-routing.mjs +89 -0
  111. package/lib/docs-verify.mjs +417 -0
  112. package/lib/doctor/audit.mjs +71 -0
  113. package/lib/doctor/cli.mjs +99 -0
  114. package/lib/doctor/escalate.mjs +29 -0
  115. package/lib/doctor/index.mjs +140 -0
  116. package/lib/doctor/report.mjs +170 -0
  117. package/lib/doctor/watchers/bd-watch.mjs +117 -0
  118. package/lib/doctor/watchers/cost.mjs +130 -0
  119. package/lib/doctor/watchers/disk.mjs +122 -0
  120. package/lib/doctor/watchers/handoffs.mjs +33 -0
  121. package/lib/doctor/watchers/process-pressure.mjs +60 -0
  122. package/lib/doctor/watchers/service-health.mjs +188 -0
  123. package/lib/document-extract.mjs +288 -0
  124. package/lib/document-ingest.mjs +230 -0
  125. package/lib/drop.mjs +282 -0
  126. package/lib/embed/approval-queue.mjs +176 -0
  127. package/lib/embed/artifact.mjs +349 -0
  128. package/lib/embed/authority-guard.mjs +155 -0
  129. package/lib/embed/cli.mjs +408 -0
  130. package/lib/embed/config.mjs +355 -0
  131. package/lib/embed/conflict-detection.mjs +264 -0
  132. package/lib/embed/customer-profiles.mjs +480 -0
  133. package/lib/embed/daemon.mjs +1309 -0
  134. package/lib/embed/demand-fetch.mjs +449 -0
  135. package/lib/embed/docs-lifecycle.mjs +349 -0
  136. package/lib/embed/inbox-live-watcher.mjs +119 -0
  137. package/lib/embed/inbox.mjs +343 -0
  138. package/lib/embed/intake-metrics.mjs +190 -0
  139. package/lib/embed/jobs/vector-sync.mjs +198 -0
  140. package/lib/embed/notifications.mjs +75 -0
  141. package/lib/embed/output.mjs +79 -0
  142. package/lib/embed/providers/github.mjs +295 -0
  143. package/lib/embed/providers/jira.mjs +192 -0
  144. package/lib/embed/providers/linear.mjs +186 -0
  145. package/lib/embed/providers/registry.mjs +115 -0
  146. package/lib/embed/providers/slack.mjs +203 -0
  147. package/lib/embed/recommendation-store.mjs +378 -0
  148. package/lib/embed/roadmap.mjs +374 -0
  149. package/lib/embed/role-framing.mjs +110 -0
  150. package/lib/embed/scheduler.mjs +99 -0
  151. package/lib/embed/semantic.mjs +325 -0
  152. package/lib/embed/snapshot.mjs +191 -0
  153. package/lib/embed/supervision.mjs +235 -0
  154. package/lib/embed/target-resolver.mjs +186 -0
  155. package/lib/embed/worker.mjs +62 -0
  156. package/lib/embed/workspaces.mjs +297 -0
  157. package/lib/engine/chunker-headings.mjs +110 -0
  158. package/lib/engine/compressor-heuristic.mjs +100 -0
  159. package/lib/engine/consolidate.mjs +287 -0
  160. package/lib/engine/contracts.mjs +126 -0
  161. package/lib/engine/defaults.mjs +129 -0
  162. package/lib/engine/eval-retrieval.mjs +148 -0
  163. package/lib/engine/fuser-rrf.mjs +62 -0
  164. package/lib/engine/index.mjs +37 -0
  165. package/lib/engine/registry.mjs +146 -0
  166. package/lib/engine/reranker-mmr.mjs +90 -0
  167. package/lib/engine/tokens.mjs +77 -0
  168. package/lib/entity-store.mjs +280 -0
  169. package/lib/env-config.mjs +69 -4
  170. package/lib/evals/retrieval-bench.mjs +159 -0
  171. package/lib/evaluator-optimizer.mjs +317 -0
  172. package/lib/features.mjs +159 -29
  173. package/lib/gates-audit.mjs +236 -0
  174. package/lib/git-hooks/prepare-commit-msg +58 -0
  175. package/lib/handoffs/cleanup.mjs +159 -0
  176. package/lib/handoffs/contract.mjs +162 -0
  177. package/lib/handoffs/inventory.mjs +120 -0
  178. package/lib/headhunt.mjs +28 -47
  179. package/lib/health-check.mjs +399 -0
  180. package/lib/hook-health.mjs +442 -0
  181. package/lib/hooks/_lib/log.mjs +82 -0
  182. package/lib/hooks/adaptive-lint.mjs +26 -2
  183. package/lib/hooks/agent-tracker.mjs +171 -14
  184. package/lib/hooks/audit-reads.mjs +109 -0
  185. package/lib/hooks/audit-trail.mjs +153 -0
  186. package/lib/hooks/bash-output-logger.mjs +71 -0
  187. package/lib/hooks/block-no-verify.mjs +41 -0
  188. package/lib/hooks/ci-status-check.mjs +82 -0
  189. package/lib/hooks/comment-lint.mjs +29 -7
  190. package/lib/hooks/config-protection.mjs +39 -18
  191. package/lib/hooks/context-watch.mjs +137 -0
  192. package/lib/hooks/context-window-recovery.mjs +4 -20
  193. package/lib/hooks/dep-audit.mjs +16 -0
  194. package/lib/hooks/doc-coupling-check.mjs +80 -0
  195. package/lib/hooks/edit-accumulator.mjs +3 -0
  196. package/lib/hooks/edit-error-recovery.mjs +3 -0
  197. package/lib/hooks/edit-guard.mjs +45 -4
  198. package/lib/hooks/env-check.mjs +3 -0
  199. package/lib/hooks/guard-bash.mjs +58 -1
  200. package/lib/hooks/mcp-audit.mjs +18 -20
  201. package/lib/hooks/mcp-health-check.mjs +36 -0
  202. package/lib/hooks/model-fallback.mjs +42 -56
  203. package/lib/hooks/policy-engine.mjs +209 -0
  204. package/lib/hooks/post-merge-docs-check.mjs +63 -0
  205. package/lib/hooks/pre-compact.mjs +4 -24
  206. package/lib/hooks/pre-push-gate.mjs +200 -37
  207. package/lib/hooks/proactive-activation.mjs +284 -0
  208. package/lib/hooks/read-tracker.mjs +27 -4
  209. package/lib/hooks/readme-age-check.mjs +77 -0
  210. package/lib/hooks/registry-sync.mjs +12 -5
  211. package/lib/hooks/scan-secrets.mjs +50 -7
  212. package/lib/hooks/session-optimize.mjs +311 -0
  213. package/lib/hooks/session-start.mjs +287 -28
  214. package/lib/hooks/stop-notify.mjs +236 -96
  215. package/lib/hooks/stop-typecheck.mjs +13 -1
  216. package/lib/hooks/test-watch.mjs +68 -0
  217. package/lib/host-capabilities.mjs +31 -10
  218. package/lib/init-docs.mjs +731 -291
  219. package/lib/init-unified.mjs +1000 -0
  220. package/lib/init-update.mjs +168 -0
  221. package/lib/init.mjs +107 -0
  222. package/lib/install/first-invocation.mjs +119 -0
  223. package/lib/install/stage-project.mjs +69 -0
  224. package/lib/intake/classify.mjs +278 -0
  225. package/lib/intake/feedback.mjs +273 -0
  226. package/lib/intake/filesystem-queue.mjs +158 -0
  227. package/lib/intake/intake-config.mjs +132 -0
  228. package/lib/intake/postgres-queue.mjs +198 -0
  229. package/lib/intake/prepare.mjs +139 -0
  230. package/lib/intake/queue.mjs +83 -0
  231. package/lib/intake/session-prelude.mjs +50 -0
  232. package/lib/integrations/intake-integrations.mjs +740 -0
  233. package/lib/intent-classifier.mjs +253 -0
  234. package/lib/knowledge/layout.mjs +72 -0
  235. package/lib/knowledge/rag.mjs +331 -0
  236. package/lib/knowledge/search.mjs +315 -0
  237. package/lib/knowledge/trends.mjs +261 -0
  238. package/lib/logger.mjs +85 -0
  239. package/lib/mcp/broker.mjs +124 -0
  240. package/lib/mcp/server.mjs +554 -854
  241. package/lib/mcp/tools/document.mjs +132 -0
  242. package/lib/mcp/tools/memory.mjs +209 -0
  243. package/lib/mcp/tools/project.mjs +349 -0
  244. package/lib/mcp/tools/skills.mjs +409 -0
  245. package/lib/mcp/tools/storage.mjs +60 -0
  246. package/lib/mcp/tools/telemetry.mjs +315 -0
  247. package/lib/mcp/tools/workflow.mjs +112 -0
  248. package/lib/mcp-catalog.json +54 -3
  249. package/lib/mcp-manager.mjs +96 -48
  250. package/lib/mcp-platform-config.mjs +22 -22
  251. package/lib/memory-stats.mjs +121 -0
  252. package/lib/mode-commands.mjs +124 -0
  253. package/lib/model-free-selector.mjs +184 -0
  254. package/lib/model-pricing.mjs +152 -0
  255. package/lib/model-registry.mjs +226 -0
  256. package/lib/model-router.mjs +362 -386
  257. package/lib/observation-store.mjs +391 -0
  258. package/lib/ollama-manager.mjs +428 -0
  259. package/lib/opencode-config.mjs +13 -3
  260. package/lib/opencode-runtime-plugin.mjs +70 -38
  261. package/lib/opencode-telemetry.mjs +64 -6
  262. package/lib/orchestration-policy.mjs +509 -6
  263. package/lib/overrides/resolver.mjs +207 -0
  264. package/lib/parity.mjs +147 -0
  265. package/lib/paths.mjs +33 -0
  266. package/lib/performance/generate.mjs +212 -0
  267. package/lib/plugin-registry.mjs +268 -0
  268. package/lib/policy/engine.mjs +130 -0
  269. package/lib/policy/unified-gates.mjs +96 -0
  270. package/lib/project-detection.mjs +129 -0
  271. package/lib/project-init-shared.mjs +272 -0
  272. package/lib/project-profile.mjs +447 -0
  273. package/lib/prompt-composer.js +434 -0
  274. package/lib/prompt-metadata.mjs +1 -1
  275. package/lib/provider-capabilities-anthropic.js +44 -0
  276. package/lib/provider-capabilities-deepseek.js +37 -0
  277. package/lib/provider-capabilities-generic.js +26 -0
  278. package/lib/provider-capabilities-google.js +47 -0
  279. package/lib/provider-capabilities-openai.js +45 -0
  280. package/lib/provider-capabilities.js +142 -0
  281. package/lib/providers/atlassian-confluence/index.mjs +103 -0
  282. package/lib/providers/atlassian-jira/index.mjs +100 -0
  283. package/lib/providers/auth-manager.mjs +126 -0
  284. package/lib/providers/circuit-breaker.mjs +124 -0
  285. package/lib/providers/contract.mjs +93 -0
  286. package/lib/providers/github/index.mjs +126 -0
  287. package/lib/providers/registry.mjs +184 -0
  288. package/lib/providers/salesforce/index.mjs +100 -0
  289. package/lib/providers/slack/index.mjs +80 -0
  290. package/lib/reflect.mjs +137 -0
  291. package/lib/research-lint.mjs +164 -0
  292. package/lib/resources/budget.mjs +259 -0
  293. package/lib/role-preload.mjs +21 -6
  294. package/lib/roles/approval-surface.mjs +54 -0
  295. package/lib/roles/cli.mjs +118 -0
  296. package/lib/roles/event-bus.mjs +79 -0
  297. package/lib/roles/fence.mjs +84 -0
  298. package/lib/roles/gateway.mjs +260 -0
  299. package/lib/roles/hook-emit.mjs +37 -0
  300. package/lib/roles/manifest.mjs +48 -0
  301. package/lib/roles/router.mjs +27 -0
  302. package/lib/runtime-pressure.mjs +360 -0
  303. package/lib/schema-artifact.mjs +134 -0
  304. package/lib/schema-infer.mjs +551 -0
  305. package/lib/server/auth.mjs +168 -0
  306. package/lib/server/chat.mjs +336 -0
  307. package/lib/server/cors.mjs +77 -0
  308. package/lib/server/csrf.mjs +91 -0
  309. package/lib/server/index.mjs +1927 -78
  310. package/lib/server/insights.mjs +765 -0
  311. package/lib/server/rate-limit.mjs +91 -0
  312. package/lib/server/static/assets/index-ab25c707.js +70 -0
  313. package/lib/server/static/assets/index-f0c80a2b.css +1 -0
  314. package/lib/server/static/index.html +12 -817
  315. package/lib/server/telemetry-login.mjs +108 -0
  316. package/lib/server/webhook.mjs +510 -0
  317. package/lib/service-manager.mjs +522 -58
  318. package/lib/services/pattern-promotion-service.mjs +167 -0
  319. package/lib/services/telemetry-backend.mjs +178 -0
  320. package/lib/session-store.mjs +374 -0
  321. package/lib/setup-prompts.mjs +96 -0
  322. package/lib/setup.mjs +523 -36
  323. package/lib/skills-apply.mjs +280 -0
  324. package/lib/skills-scope.mjs +118 -0
  325. package/lib/status.mjs +261 -70
  326. package/lib/storage/admin.mjs +355 -0
  327. package/lib/storage/backend.mjs +2 -1
  328. package/lib/storage/backup.mjs +347 -0
  329. package/lib/storage/embeddings-engine.mjs +133 -0
  330. package/lib/storage/embeddings-legacy.mjs +85 -0
  331. package/lib/storage/embeddings-local.mjs +108 -0
  332. package/lib/storage/embeddings-ollama.mjs +78 -0
  333. package/lib/storage/embeddings-openai.mjs +85 -0
  334. package/lib/storage/embeddings.mjs +92 -33
  335. package/lib/storage/file-lock.mjs +130 -0
  336. package/lib/storage/fusion.mjs +95 -0
  337. package/lib/storage/hybrid-query.mjs +34 -27
  338. package/lib/storage/migrations.mjs +187 -0
  339. package/lib/storage/postgres-backup.mjs +124 -0
  340. package/lib/storage/sql-store.mjs +5 -15
  341. package/lib/storage/state-source.mjs +12 -13
  342. package/lib/storage/store-version.mjs +115 -0
  343. package/lib/storage/sync.mjs +144 -35
  344. package/lib/storage/unified-storage.mjs +550 -0
  345. package/lib/storage/vector-client.mjs +286 -0
  346. package/lib/storage/vector-store.mjs +71 -30
  347. package/lib/task-graph/generate.mjs +135 -0
  348. package/lib/task-graph/schema.mjs +81 -0
  349. package/lib/task-graph/store.mjs +71 -0
  350. package/lib/telemetry/backends/local.mjs +62 -0
  351. package/lib/telemetry/backends/{langfuse.mjs → remote.mjs} +27 -14
  352. package/lib/telemetry/backfill.mjs +180 -0
  353. package/lib/telemetry/eval-datasets.mjs +203 -0
  354. package/lib/telemetry/{langfuse-ingest.mjs → ingest.mjs} +26 -20
  355. package/lib/telemetry/intent-verifications.mjs +86 -0
  356. package/lib/telemetry/llm-judge.mjs +350 -0
  357. package/lib/telemetry/model-pricing-catalog.mjs +557 -0
  358. package/lib/telemetry/setup.mjs +151 -0
  359. package/lib/telemetry/skill-calls.mjs +78 -0
  360. package/lib/telemetry/team-rollup.mjs +4 -4
  361. package/lib/token-engine.js +117 -0
  362. package/lib/token-estimator-anthropic.js +15 -0
  363. package/lib/token-estimator-deepseek.js +13 -0
  364. package/lib/token-estimator-default.js +13 -0
  365. package/lib/token-estimator-google.js +13 -0
  366. package/lib/token-estimator-openai.js +13 -0
  367. package/lib/toolkit-env.mjs +1 -1
  368. package/lib/tty-prompts.mjs +211 -0
  369. package/lib/uninstall/uninstall.mjs +423 -0
  370. package/lib/update.mjs +115 -0
  371. package/lib/upgrade.mjs +141 -0
  372. package/lib/validator.mjs +51 -2
  373. package/lib/validators/skills.mjs +142 -0
  374. package/lib/wireframe.mjs +422 -0
  375. package/lib/worker/entrypoint.mjs +241 -0
  376. package/lib/worker/evidence.mjs +107 -0
  377. package/lib/worker/run.mjs +154 -0
  378. package/lib/worker/trace.mjs +182 -0
  379. package/lib/workflow-state.mjs +14 -18
  380. package/package.json +21 -8
  381. package/personas/construct.md +53 -51
  382. package/platforms/claude/CLAUDE.md +1 -1
  383. package/platforms/claude/settings.template.json +115 -68
  384. package/platforms/opencode/config.template.json +3 -7
  385. package/rules/common/agents.md +11 -38
  386. package/rules/common/beads-hygiene.md +75 -0
  387. package/rules/common/code-review.md +11 -100
  388. package/rules/common/coding-style.md +5 -3
  389. package/rules/common/comments.md +30 -111
  390. package/rules/common/commit-approval.md +53 -0
  391. package/rules/common/cx-agent-routing.md +1 -0
  392. package/rules/common/development-workflow.md +23 -41
  393. package/rules/common/doc-ownership.md +54 -0
  394. package/rules/common/efficiency.md +57 -0
  395. package/rules/common/framing.md +76 -0
  396. package/rules/common/git-workflow.md +2 -4
  397. package/rules/common/patterns.md +3 -7
  398. package/rules/common/performance.md +15 -31
  399. package/rules/common/release-gates.md +69 -0
  400. package/rules/common/research.md +107 -0
  401. package/rules/common/security.md +6 -6
  402. package/rules/common/skill-composition.md +67 -0
  403. package/rules/common/testing.md +15 -27
  404. package/rules/golang/hooks.md +0 -4
  405. package/rules/policy/bootstrap.yaml +11 -0
  406. package/rules/policy/drive.yaml +8 -0
  407. package/rules/policy/task.yaml +9 -0
  408. package/rules/policy/workflow.yaml +9 -0
  409. package/rules/python/hooks.md +0 -4
  410. package/rules/swift/hooks.md +0 -4
  411. package/rules/typescript/hooks.md +0 -4
  412. package/rules/web/hooks.md +0 -2
  413. package/{sync-agents.mjs → scripts/sync-agents.mjs} +306 -61
  414. package/skills/ai/prompt-optimizer.md +7 -7
  415. package/skills/compliance/ai-disclosure.md +58 -0
  416. package/skills/compliance/data-privacy.md +46 -0
  417. package/skills/compliance/license-audit.md +40 -0
  418. package/skills/compliance/regulatory-review.md +61 -0
  419. package/skills/docs/document-ingest-workflow.md +52 -0
  420. package/skills/docs/evidence-ingest-workflow.md +9 -0
  421. package/skills/docs/init-docs.md +51 -18
  422. package/skills/docs/product-intelligence-workflow.md +12 -0
  423. package/skills/docs/product-signal-workflow.md +4 -0
  424. package/skills/docs/research-workflow.md +23 -8
  425. package/skills/docs/runbook-workflow.md +1 -1
  426. package/skills/operating/orchestration-reference.md +151 -0
  427. package/skills/roles/architect.md +5 -0
  428. package/skills/roles/engineer.md +32 -0
  429. package/skills/roles/operator.md +12 -0
  430. package/skills/roles/reviewer.md +23 -0
  431. package/skills/routing.md +1 -1
  432. package/templates/devcontainer/Dockerfile.devcontainer +38 -0
  433. package/templates/devcontainer/devcontainer.json +31 -0
  434. package/templates/distribution/bootstrap.ps1 +142 -0
  435. package/templates/distribution/bootstrap.sh +196 -0
  436. package/templates/distribution/run.mjs +187 -0
  437. package/templates/docs/adr.md +44 -8
  438. package/templates/docs/changelog-entry.md +43 -0
  439. package/templates/docs/construct_guide.md +149 -0
  440. package/templates/docs/evidence-brief.md +2 -2
  441. package/templates/docs/meta-prd.md +140 -19
  442. package/templates/docs/onboarding.md +57 -0
  443. package/templates/docs/prd.md +159 -15
  444. package/templates/docs/research-brief.md +4 -4
  445. package/templates/homebrew/construct.rb +67 -0
  446. package/langfuse/docker-compose.yml +0 -82
  447. package/lib/eval-harness.mjs +0 -59
  448. package/lib/hooks/bootstrap-guard.mjs +0 -90
  449. package/lib/hooks/console-warn.mjs +0 -43
  450. package/lib/hooks/continuation-enforcer.mjs +0 -72
  451. package/lib/hooks/drive-guard.mjs +0 -89
  452. package/lib/hooks/mcp-task-scope.mjs +0 -47
  453. package/lib/hooks/task-completed-guard.mjs +0 -43
  454. package/lib/hooks/teammate-idle-guard.mjs +0 -54
  455. package/lib/hooks/workflow-guard.mjs +0 -62
  456. package/lib/prompt-composer.mjs +0 -196
  457. package/lib/review.mjs +0 -429
  458. package/lib/server/static/app.js +0 -841
  459. package/lib/telemetry/langfuse-model-sync.mjs +0 -270
  460. package/rules/common/hooks.md +0 -35
  461. package/rules/zh/README.md +0 -113
  462. package/rules/zh/agents.md +0 -55
  463. package/rules/zh/code-review.md +0 -129
  464. package/rules/zh/coding-style.md +0 -53
  465. package/rules/zh/development-workflow.md +0 -49
  466. package/rules/zh/git-workflow.md +0 -29
  467. package/rules/zh/hooks.md +0 -35
  468. package/rules/zh/patterns.md +0 -36
  469. package/rules/zh/performance.md +0 -60
  470. package/rules/zh/security.md +0 -34
  471. package/rules/zh/testing.md +0 -34
@@ -40,10 +40,6 @@
40
40
  }
41
41
  },
42
42
  "mcp": {
43
- "cass": {
44
- "type": "local",
45
- "command": ["npx", "-y", "@modelcontextprotocol/server-memory@latest"]
46
- },
47
43
  "context7": {
48
44
  "type": "local",
49
45
  "command": ["npx", "-y", "@upstash/context7-mcp@latest"]
@@ -53,9 +49,9 @@
53
49
  "command": ["node", "__CX_TOOLKIT_DIR__/lib/mcp/server.mjs"],
54
50
  "environment": {
55
51
  "CONSTRUCT_TRACE_BACKEND": "__CONSTRUCT_TRACE_BACKEND__",
56
- "LANGFUSE_BASEURL": "__LANGFUSE_BASEURL__",
57
- "LANGFUSE_PUBLIC_KEY": "__LANGFUSE_PUBLIC_KEY__",
58
- "LANGFUSE_SECRET_KEY": "__LANGFUSE_SECRET_KEY__"
52
+ "CONSTRUCT_TELEMETRY_URL": "__CONSTRUCT_TELEMETRY_URL__",
53
+ "CONSTRUCT_TELEMETRY_PUBLIC_KEY": "__CONSTRUCT_TELEMETRY_PUBLIC_KEY__",
54
+ "CONSTRUCT_TELEMETRY_SECRET_KEY": "__CONSTRUCT_TELEMETRY_SECRET_KEY__"
59
55
  }
60
56
  }
61
57
  },
@@ -1,55 +1,28 @@
1
1
  <!--
2
- rules/common/agents.md — <one-line purpose>
2
+ rules/common/agents.md — platform-agnostic agent orchestration guidance.
3
3
 
4
- <2–6 line summary.>
4
+ Defines when to route to specialist agents, parallel execution rules,
5
+ and multi-perspective analysis patterns. Does not reference specific
6
+ platform agent types or config paths.
5
7
  -->
6
8
  # Agent Orchestration
7
9
 
8
- ## Available Agents
9
-
10
- Located in `~/.claude/agents/`:
11
-
12
- | Agent | Purpose | When to Use |
13
- |-------|---------|-------------|
14
- | planner | Implementation planning | Complex features, refactoring |
15
- | architect | System design | Architectural decisions |
16
- | tdd-guide | Test-driven development | New features, bug fixes |
17
- | code-reviewer | Code review | After writing code |
18
- | security-reviewer | Security analysis | Before commits |
19
- | build-error-resolver | Fix build errors | When build fails |
20
- | e2e-runner | E2E testing | Critical user flows |
21
- | refactor-cleaner | Dead code cleanup | Code maintenance |
22
- | doc-updater | Documentation | Updating docs |
23
- | rust-reviewer | Rust code review | Rust projects |
24
-
25
10
  ## Immediate Agent Usage
26
11
 
27
- No user prompt needed:
28
- 1. Complex feature requests - Use **planner** agent
29
- 2. Code just written/modified - Use **code-reviewer** agent
30
- 3. Bug fix or new feature - Use **tdd-guide** agent
31
- 4. Architectural decision - Use **architect** agent
12
+ No user prompt needed — match the task to the right specialist:
13
+ 1. Complex feature requests - planning specialist
14
+ 2. Code just written/modified - code review specialist
15
+ 3. Bug fix or new feature - TDD specialist
16
+ 4. Architectural decision - architecture specialist
32
17
 
33
18
  ## Parallel Task Execution
34
19
 
35
- ALWAYS use parallel Task execution for independent operations:
36
-
37
- ```markdown
38
- # GOOD: Parallel execution
39
- Launch 3 agents in parallel:
40
- 1. Agent 1: Security analysis of auth module
41
- 2. Agent 2: Performance review of cache system
42
- 3. Agent 3: Type checking of utilities
43
-
44
- # BAD: Sequential when unnecessary
45
- First agent 1, then agent 2, then agent 3
46
- ```
20
+ ALWAYS use parallel execution for independent operations. Launch multiple specialists concurrently when their work is independent.
47
21
 
48
22
  ## Multi-Perspective Analysis
49
23
 
50
- For complex problems, use split role sub-agents:
24
+ For complex problems, use multiple specialist perspectives:
51
25
  - Factual reviewer
52
26
  - Senior engineer
53
27
  - Security expert
54
28
  - Consistency reviewer
55
- - Redundancy checker
@@ -0,0 +1,75 @@
1
+ <!--
2
+ rules/common/beads-hygiene.md — Beads issue tracker hygiene contract.
3
+
4
+ Beads is the system of record for durable work in this project. Status drifts
5
+ when issues are not updated alongside the code, so every agent and persona
6
+ operating in Construct treats hygiene as part of the work, not as cleanup.
7
+ Loaded by AGENTS.md, CLAUDE.md, the construct persona, and the engineer /
8
+ operator / planner role overlays.
9
+ -->
10
+ # Beads Hygiene — Project Contract
11
+
12
+ Beads (`bd`) is the canonical durable tracker for Construct. Beads only earn their keep when their state matches the world. Stale "open" issues pollute `bd ready`, hide real work, and let agents propose work that already shipped. Every agent — human or AI, on any platform — is responsible for keeping the tracker honest.
13
+
14
+ ## When to update beads
15
+
16
+ | Event | Required action |
17
+ |---|---|
18
+ | About to start non-trivial work | A Beads issue exists. `bd ready` to find or `bd create` if missing. `bd update <id> --claim` before edits. |
19
+ | Work lands on `main` | `bd close <id> --reason="Landed in PR #N — verified: <file:line evidence>"`. Do not wait for someone else to notice. |
20
+ | Direction reverses mid-work | `bd supersede <old-id> --with=<new-id>`. Do not edit the old description in place. |
21
+ | Issue scope expands | Update the description and acceptance criteria in the same change that broadens scope. |
22
+ | A blocker is discovered | Add the dependency with `bd dep add <id> <depends-on>` so the readiness queue reflects reality. |
23
+ | A bead becomes irrelevant | `bd close <id> --reason="No longer needed because <why>"`. Do not leave it open hoping someone closes it later. |
24
+ | An existing memory contradicts current behavior | `bd remember --key <key> "..."` to update in place. Do not let future agents read stale "facts". |
25
+
26
+ ## Pre-work checks (every session)
27
+
28
+ Run before planning, before claiming work, before proposing changes:
29
+
30
+ 1. `bd ready` — surface unblocked work.
31
+ 2. `bd list --status=in_progress` — verify nothing has been left mid-flight by an earlier session.
32
+ 3. `bd stale` — surface anything untouched past the staleness window.
33
+ 4. Cross-check the open list against `git log --oneline -20 origin/main` — close anything whose work actually landed.
34
+
35
+ If any of these surface drift, fix it before starting new work. Drift you observe and ignore becomes drift the next agent inherits.
36
+
37
+ ## Post-work checks (every commit / push)
38
+
39
+ After the code changes land in main:
40
+
41
+ 1. The bead the work was claimed against is closed with evidence in the reason.
42
+ 2. Any beads superseded by the change are marked superseded, not left open.
43
+ 3. New beads exist for follow-up work that was discovered but not done — file them in the same session, not "later".
44
+ 4. `bd doctor` and `bd preflight` should run before push and report clean.
45
+
46
+ ## What goes in a bead
47
+
48
+ | Field | Standard |
49
+ |---|---|
50
+ | Title | Imperative, scoped, parseable. "PR 3 — `construct intake` CLI" beats "intake CLI". |
51
+ | Description | Why the bead exists + what success looks like. State the new shape directly. Do not preserve a "current behavior must keep working" goal unless the user explicitly asked for migration. |
52
+ | Acceptance criteria | Numbered, binary checks. A reviewer can answer pass/fail without re-reading the description. |
53
+ | Dependencies | Wire `bd dep add` whenever order matters. Implicit ordering rots into parallel work that breaks each other. |
54
+ | Notes | Verification evidence and decisions made *during* the work, not the original framing (description owns that). |
55
+
56
+ ## What does **not** belong in a bead
57
+
58
+ - Internal-tracker references inside committed artifacts (CHANGELOG, commit messages, code comments, user-facing docs). Bead ids live in the bead, in `bd close --reason`, and in `.cx/context.md`. They do not leak into the public surface.
59
+ - Vague placeholders like "investigate X". Either there is a question to answer (`bd note` it on a parent), or there is concrete work to do (file the concrete work).
60
+ - Multi-phase epics with no children. Either decompose into the actual issues at filing time or mark the parent `[epic]` and file children before claiming.
61
+
62
+ ## Hard rules
63
+
64
+ - **No claim, no edit.** If you are about to modify files, the bead exists and is claimed by you.
65
+ - **No close before verify.** "Tests pass" without `npm test` evidence is not done. Reason field carries the evidence.
66
+ - **No silent supersede.** Both the old and new bead reference each other; the old's close-reason names the new.
67
+ - **No drift past the session boundary.** If you observed drift but did not close/supersede/file, you have not finished the session.
68
+
69
+ ## Bypass
70
+
71
+ There is no authorized bypass. Beads hygiene is a release gate. If the tooling is genuinely broken (e.g., dolt lock contention, `bd` crash), state the problem, file a bead for the broken tooling, and use `construct beads ...` lock-aware commands while it is being fixed. "I'll update beads later" is not a valid path.
72
+
73
+ ## Automation
74
+
75
+ Project-level automation is tracked in the beads queue — auto-close on merge, pre-push `bd preflight` gate, weekly drift report, memory-contradiction detection. Until that ships, hygiene is a per-session discipline.
@@ -1,59 +1,30 @@
1
1
  <!--
2
- rules/common/code-review.md — <one-line purpose>
2
+ rules/common/code-review.md — when and how to conduct code reviews.
3
3
 
4
- <2–6 line summary.>
4
+ Defines mandatory review triggers, severity levels, approval criteria,
5
+ and references coding-style.md and security.md for checklists.
5
6
  -->
6
7
  # Code Review Standards
7
8
 
8
- ## Purpose
9
-
10
- Code review ensures quality, security, and maintainability before code is merged. This rule defines when and how to conduct code reviews.
11
-
12
9
  ## When to Review
13
10
 
14
- **MANDATORY review triggers:**
15
-
11
+ **Mandatory triggers:**
16
12
  - After writing or modifying code
17
13
  - Before any commit to shared branches
18
14
  - When security-sensitive code is changed (auth, payments, user data)
19
15
  - When architectural changes are made
20
16
  - Before merging pull requests
21
17
 
22
- **Pre-Review Requirements:**
23
-
24
- Before requesting review, ensure:
25
-
26
- - All automated checks (CI/CD) are passing
27
- - Merge conflicts are resolved
28
- - Branch is up to date with target branch
29
-
30
- ## Review Checklist
31
-
32
- Before marking code complete:
18
+ **Pre-review:** CI passing, conflicts resolved, branch up to date.
33
19
 
34
- - [ ] Code is readable and well-named
35
- - [ ] Functions are focused (<50 lines)
36
- - [ ] Files are cohesive (<800 lines)
37
- - [ ] No deep nesting (>4 levels)
38
- - [ ] Errors are handled explicitly
39
- - [ ] No hardcoded secrets or credentials
40
- - [ ] No console.log or debug statements
41
- - [ ] Tests exist for new functionality
42
- - [ ] Test coverage meets 80% minimum
43
-
44
- ## Security Review Triggers
45
-
46
- **STOP and use security-reviewer agent when:**
20
+ ## Review Workflow
47
21
 
48
- - Authentication or authorization code
49
- - User input handling
50
- - Database queries
51
- - File system operations
52
- - External API calls
53
- - Cryptographic operations
54
- - Payment or financial code
22
+ 1. `git diff` to understand changes
23
+ 2. Security checklist (see [security.md](security.md))
24
+ 3. Code quality checklist (see [coding-style.md](coding-style.md))
25
+ 4. Run tests, verify coverage >= 80%
55
26
 
56
- ## Review Severity Levels
27
+ ## Severity Levels
57
28
 
58
29
  | Level | Meaning | Action |
59
30
  |-------|---------|--------|
@@ -62,68 +33,8 @@ Before marking code complete:
62
33
  | MEDIUM | Maintainability concern | **INFO** - Consider fixing |
63
34
  | LOW | Style or minor suggestion | **NOTE** - Optional |
64
35
 
65
- ## Agent Usage
66
-
67
- Use these agents for code review:
68
-
69
- | Agent | Purpose |
70
- |-------|---------|
71
- | **code-reviewer** | General code quality, patterns, best practices |
72
- | **security-reviewer** | Security vulnerabilities, OWASP Top 10 |
73
- | **typescript-reviewer** | TypeScript/JavaScript specific issues |
74
- | **python-reviewer** | Python specific issues |
75
- | **go-reviewer** | Go specific issues |
76
- | **rust-reviewer** | Rust specific issues |
77
-
78
- ## Review Workflow
79
-
80
- ```
81
- 1. Run git diff to understand changes
82
- 2. Check security checklist first
83
- 3. Review code quality checklist
84
- 4. Run relevant tests
85
- 5. Verify coverage >= 80%
86
- 6. Use appropriate agent for detailed review
87
- ```
88
-
89
- ## Common Issues to Catch
90
-
91
- ### Security
92
-
93
- - Hardcoded credentials (API keys, passwords, tokens)
94
- - SQL injection (string concatenation in queries)
95
- - XSS vulnerabilities (unescaped user input)
96
- - Path traversal (unsanitized file paths)
97
- - CSRF protection missing
98
- - Authentication bypasses
99
-
100
- ### Code Quality
101
-
102
- - Large functions (>50 lines) - split into smaller
103
- - Large files (>800 lines) - extract modules
104
- - Deep nesting (>4 levels) - use early returns
105
- - Missing error handling - handle explicitly
106
- - Mutation patterns - prefer immutable operations
107
- - Missing tests - add test coverage
108
-
109
- ### Performance
110
-
111
- - N+1 queries - use JOINs or batching
112
- - Missing pagination - add LIMIT to queries
113
- - Unbounded queries - add constraints
114
- - Missing caching - cache expensive operations
115
-
116
36
  ## Approval Criteria
117
37
 
118
38
  - **Approve**: No CRITICAL or HIGH issues
119
39
  - **Warning**: Only HIGH issues (merge with caution)
120
40
  - **Block**: CRITICAL issues found
121
-
122
- ## Integration with Other Rules
123
-
124
- This rule works with:
125
-
126
- - [testing.md](testing.md) - Test coverage requirements
127
- - [security.md](security.md) - Security checklist
128
- - [git-workflow.md](git-workflow.md) - Commit standards
129
- - [agents.md](agents.md) - Agent delegation
@@ -1,7 +1,8 @@
1
1
  <!--
2
- rules/common/coding-style.md — <one-line purpose>
2
+ rules/common/coding-style.md — language-agnostic coding standards.
3
3
 
4
- <2–6 line summary.>
4
+ Covers immutability, core principles (KISS/DRY/YAGNI), file organization,
5
+ error handling, input validation, naming conventions, and quality checklist.
5
6
  -->
6
7
  # Coding Style
7
8
 
@@ -67,7 +68,8 @@ ALWAYS validate at system boundaries:
67
68
  - Booleans: prefer `is`, `has`, `should`, or `can` prefixes
68
69
  - Interfaces, types, and components: `PascalCase`
69
70
  - Constants: `UPPER_SNAKE_CASE`
70
- - Custom hooks: `camelCase` with a `use` prefix
71
+
72
+ > **Language note**: Naming conventions may be overridden by language-specific rules (e.g. snake_case in Python/Go).
71
73
 
72
74
  ## Code Smells to Avoid
73
75
 
@@ -1,139 +1,58 @@
1
1
  <!--
2
- rules/common/comments.md — canonical comment policy for the Construct repo.
2
+ rules/common/comments.md — Construct comment convention for JS/TS/MJS source files.
3
3
 
4
- Applies to every file in this repository, including generated agent output.
5
- Enforced by `construct lint:comments`, the comment-lint PostToolUse hook,
6
- and CI. Authoring agents must follow this policy without needing reminders.
4
+ Defines the two allowed comment forms (file header, section context block) and
5
+ what is never allowed (inline narration, trailing comments, mid-function notes).
6
+ Enforced by lib/hooks/comment-lint.mjs and tests/hooks-budget.test.mjs.
7
7
  -->
8
+ # Comment Convention
8
9
 
9
- # Comment Policy
10
+ Two forms are allowed. Everything else is deleted.
10
11
 
11
- Construct treats comments as durable documentation, not scratch notes. This file is the single source of truth. Every change to Construct — manual or agent-driven — must respect it.
12
+ ## File header
12
13
 
13
- ## 1. File header block (required)
14
-
15
- Every file listed below must start with a header block that states the file's path, a one-line purpose, and a short summary of what it does, who calls it, and any side effects.
16
-
17
- **Scope:**
18
-
19
- - `bin/**/*` — executable entrypoints
20
- - `lib/**/*.mjs` — runtime, hooks, server, MCP
21
- - `sync-agents.mjs`
22
- - `tests/**/*.mjs`
23
- - `personas/**/*.md`
24
- - `skills/**/*.md`
25
- - `rules/**/*.md`
26
- - `commands/**/*.md`
27
- - Generated platform output under `platforms/claude/agents/` and `platforms/opencode/`
28
- - Scripts under `.github/**` and any top-level shell/Node script
29
-
30
- **Format — JavaScript / Node:**
14
+ One `/** */` block at the top of every file. Describes module purpose, key behaviors, and non-obvious constraints. Written once; updated only when the module's contract changes.
31
15
 
32
16
  ```js
33
17
  /**
34
- * <relative/path.mjs><one-line purpose>
18
+ * lib/observation-store.mjs — hybrid BM25 + cosine ranking over in-tree vector index.
35
19
  *
36
- * <2–6 line summary: what it does, who calls it, key side effects or
37
- * dependencies a reader would need to know before touching it.>
20
+ * Writes are append-only. Reads fan out to both stores and merge by max score.
21
+ * IDF is recomputed per query acceptable at current corpus size.
38
22
  */
39
23
  ```
40
24
 
41
- **Format Markdown:**
42
-
43
- ```html
44
- <!--
45
- <relative/path.md> — <one-line purpose>
25
+ ## Section context block
46
26
 
47
- <2–6 line summary matching the JS variant.>
48
- -->
49
- ```
50
-
51
- **Format — Shell:**
52
-
53
- ```bash
54
- # <relative/path.sh> — <one-line purpose>
55
- #
56
- # <2–6 line summary.>
57
- ```
58
-
59
- The linter extracts the path from the block's first line and verifies it matches the file's actual location.
60
-
61
- ## 2. Section comments (allowed, kept short)
62
-
63
- Inside a file, a one-line section comment is fine when it genuinely helps navigation:
27
+ A comment block immediately before a logical section, followed by a blank line, then the code. Used only when the section's purpose is not obvious from the function or variable names alone.
64
28
 
65
29
  ```js
66
- // --- model selection ---
67
- ```
68
-
69
- Do not write multi-line section banners. Do not repeat what the code immediately below already says.
70
-
71
- ## 3. Inline comments
72
-
73
- Default to no inline comment. Only write one when the *why* is non-obvious: a hidden constraint, an invariant, a workaround for a specific bug that would surprise a reader, or a subtle ordering requirement.
74
-
75
- A comment that describes *what* the code does is almost always noise — the code already says that. Delete it.
30
+ // BM25 is unbounded; normalize against its own max so it merges fairly with cosine [0,1].
76
31
 
77
- ## 4. Banned patterns
78
-
79
- The linter flags these as warnings. Agents must not introduce them.
80
-
81
- ### Point-in-time references
82
-
83
- Comments decay. These phrases tie a comment to a moment that the reader can no longer verify:
84
-
85
- - `added` / `added for` / `added recently`
86
- - `new:` / `recently` / `just` / `now`
87
- - `previously` / `we used to` / `no longer`
88
- - `removed` / `deleted` (as narration, not instruction)
89
- - `in this PR` / `for this task` / `for the X flow`
90
- - absolute dates (`2024-…`, `Jan 2025`, etc.) unless tied to a real external deadline
91
-
92
- ### Caller references
93
-
94
- The reader can grep for callers. Comments that claim to enumerate them rot:
95
-
96
- - `used by X` / `called from Y` / `only consumer is Z`
97
-
98
- *Exception:* the file-header block may list primary consumers when the list is short and load-bearing (see `lib/cli-commands.mjs` for the pattern).
99
-
100
- ### Issue / PR / ticket references
101
-
102
- These belong in commit messages and PR bodies, not in source:
103
-
104
- - `#\d+` / `GH-\d+` / `JIRA-\d+`
105
- - `fixes #…` / `closes #…` / `see ticket …`
32
+ const bm25Max = bm25Scored[0]?.score || 1;
33
+ for (const item of bm25Scored) { ... }
34
+ ```
106
35
 
107
- ### Trailing "why" comments on self-evident code
36
+ The blank line between the comment and the code is required. It signals "this comment describes the block below", not "this comment describes the line above".
108
37
 
109
- If the code reads cleanly, leave it alone:
38
+ ## What is never allowed
110
39
 
111
- ```js
112
- const total = subtotal + tax; // add tax ← delete this
113
- ```
40
+ - **Inline trailing comments** — `const x = 1; // increment` — delete them
41
+ - **Mid-function narration** a comment in the middle of a function body that describes what the next line does — delete it; rename the variable or extract a function instead
42
+ - **Between-group labels** — `// Language patterns`, `// Dashboard`, `// Step 1:` — delete them
43
+ - **Narrative voice** — `// We weight BM25`, `// Now test the keys`, `// This correctly scores` — delete them
44
+ - **Point-in-time notes** — `// X removed`, `// previously`, `// no longer` — belongs in git log
45
+ - **Noise sentinels** — `// ok`, `// best effort`, `// skip` — delete them; use `/* non-critical */` inline only when the catch clause would otherwise look like a bug
114
46
 
115
- ### TODO / FIXME without context
47
+ ## SLA annotations (hooks only)
116
48
 
117
- TODOs without an owner and a reason are abandoned the moment they are written. Required shape:
49
+ `@p95ms` and `@maxBlockingScope` are required on every hook file header. They are metadata, not narration, and are exempt from the above rules.
118
50
 
119
51
  ```js
120
- // TODO(owner): <what and why> — <condition that resolves it>
52
+ // @p95ms 40 @maxBlockingScope PreToolUse
121
53
  ```
122
54
 
123
- ## 5. Generated files
124
-
125
- Files under `platforms/claude/agents/` and `platforms/opencode/` that are generated output must carry the canonical "Generated by construct sync" banner produced by `sync-agents.mjs`. Hand-edits to these files are rejected; regenerate instead.
126
-
127
- ## 6. Enforcement
128
-
129
- | Violation | Level | Enforced by |
130
- |---|---|---|
131
- | Missing file header in a scoped path | error | `construct lint:comments`, CI |
132
- | Banned pattern in a comment | warning | `construct lint:comments`, PostToolUse hook |
133
- | Hand-edit to a generated file | error | `sync-agents.mjs` regeneration + CI |
134
-
135
- `construct lint:comments --fix` adds stub headers to files missing one. Banned patterns must be resolved by hand — the linter refuses to guess at the author's intent.
55
+ ## Rule of thumb
136
56
 
137
- ## 7. Why this is strict
57
+ Delete the comment. If the section becomes harder to understand, the comment earns its place — as a block before it, with a blank line after. If it reads just as clearly without, it stays deleted.
138
58
 
139
- The repo generates configs for every downstream tool. A point-in-time comment in a persona file becomes a point-in-time comment in every Claude Code, OpenCode, Codex, and Copilot install of Construct. The cost of a lazy comment is multiplied across every surface.
@@ -0,0 +1,53 @@
1
+ <!--
2
+ rules/common/commit-approval.md — conversational approval rule for mutating git operations.
3
+
4
+ Behavioral rule, not a hook. The agent asks and waits for a yes; the user
5
+ replies in chat. Infrastructure stays out of the way.
6
+ -->
7
+ # Commit Approval
8
+
9
+ Construct does not commit, push, or merge without the user explicitly saying yes in the current conversation.
10
+
11
+ ## The rule
12
+
13
+ Before running any of these Bash tool calls:
14
+
15
+ - `git commit` (including `git commit --amend`)
16
+ - `git push`
17
+ - `gh pr merge`
18
+
19
+ The agent must:
20
+
21
+ 1. **State the working branch** so the user sees the scope.
22
+ 2. **Show the proposed action verbatim** — for a commit, the full proposed message (subject and body) formatted exactly as it will appear in `git log`. For a push, the target refspec. For a merge, the PR number and merge mode (`--squash`, `--rebase`, etc.).
23
+ 3. **Ask for confirmation** and wait for a yes before executing.
24
+
25
+ A yes from the user in chat is the approval. No marker file, no CLI command, no special syntax.
26
+
27
+ The standard proposal format for a commit:
28
+
29
+ ```
30
+ Branch: <name>
31
+ Proposed commit message:
32
+
33
+ type(scope): subject
34
+
35
+ Optional body explaining the why.
36
+
37
+ Run `git commit`?
38
+ ```
39
+
40
+ Then stop and wait.
41
+
42
+ ## Exceptions
43
+
44
+ - **The user explicitly tells the agent to run a defined sequence** ("commit, push, and merge when ready"). That single yes covers the named batch — but only the actions named, in the order named. A new commit triggered later (e.g. by a CI fix or follow-up edit) is its own approval gate.
45
+ - **Read-only git operations** (`git status`, `git log`, `git diff`, `git fetch`, `git branch`, `git show`) don't need approval.
46
+
47
+ A "yes" from earlier in the session does NOT carry forward to subsequent commits. Each new commit message must be shown and approved.
48
+
49
+ ## Why this is a rule, not a hook
50
+
51
+ A hook that blocked every commit turned out to be over-restrictive — it required a separate command invocation to write a marker file each time, which added friction without much safety beyond the agent just following the rule. The agent is the one producing commit messages; asking in chat is the right interface.
52
+
53
+ If the agent ever commits without asking, that's a correctness bug. Surface it in the session and raise a follow-up to catch the regression.
@@ -59,3 +59,4 @@ When a request matches the trigger patterns below, automatically route to the co
59
59
  6. **Explorer for unknown territory.** When the codebase area is unfamiliar, route to cx-explorer first.
60
60
  7. **Unclear requirements always stop at planning.** If missing acceptance criteria or ambiguous scope, route to cx-product-manager or cx-ux-researcher before implementation.
61
61
  8. **Read once per conversation.** No need to re-read this file if already loaded.
62
+ 9. **Research follows the common research policy.** Research, evidence synthesis, and doc-grounding tasks should apply `rules/common/research.md` before treating claims as decision-ready.
@@ -1,49 +1,31 @@
1
1
  <!--
2
- rules/common/development-workflow.md — <one-line purpose>
2
+ rules/common/development-workflow.md — feature implementation pipeline.
3
3
 
4
- <2–6 line summary.>
4
+ Defines the research-plan-TDD-review-commit workflow that runs before
5
+ git operations. References testing.md, code-review.md, git-workflow.md.
5
6
  -->
6
7
  # Development Workflow
7
8
 
8
- > This file extends [common/git-workflow.md](./git-workflow.md) with the full feature development process that happens before git operations.
9
-
10
- The Feature Implementation Workflow describes the development pipeline: research, planning, TDD, code review, and then committing to git.
11
-
12
9
  ## Feature Implementation Workflow
13
10
 
14
11
  0. **Research & Reuse** _(mandatory before any new implementation)_
15
- - **GitHub code search first:** Run `gh search repos` and `gh search code` to find existing implementations, templates, and patterns before writing anything new.
16
- - **Library docs second:** Use Context7 or primary vendor docs to confirm API behavior, package usage, and version-specific details before implementing.
17
- - **Exa only when the first two are insufficient:** Use Exa for broader web research or discovery after GitHub search and primary docs.
18
- - **Check package registries:** Search npm, PyPI, crates.io, and other registries before writing utility code. Prefer battle-tested libraries over hand-rolled solutions.
19
- - **Search for adaptable implementations:** Look for open-source projects that solve 80%+ of the problem and can be forked, ported, or wrapped.
20
- - Prefer adopting or porting a proven approach over writing net-new code when it meets the requirement.
21
-
22
- 1. **Plan First**
23
- - Use **planner** agent to create implementation plan
24
- - Generate planning docs before coding: PRD, architecture, system_design, tech_doc, task_list
25
- - Identify dependencies and risks
26
- - Break down into phases
27
-
28
- 2. **TDD Approach**
29
- - Use **tdd-guide** agent
30
- - Write tests first (RED)
31
- - Implement to pass tests (GREEN)
32
- - Refactor (IMPROVE)
33
- - Verify 80%+ coverage
34
-
35
- 3. **Code Review**
36
- - Use **code-reviewer** agent immediately after writing code
37
- - Address CRITICAL and HIGH issues
38
- - Fix MEDIUM issues when possible
39
-
40
- 4. **Commit & Push**
41
- - Detailed commit messages
42
- - Follow conventional commits format
43
- - See [git-workflow.md](./git-workflow.md) for commit message format and PR process
44
-
45
- 5. **Pre-Review Checks**
46
- - Verify all automated checks (CI/CD) are passing
47
- - Resolve any merge conflicts
48
- - Ensure branch is up to date with target branch
49
- - Only request review after these checks pass
12
+ - **Search existing code first:** Look for existing implementations, templates, and patterns before writing anything new.
13
+ - **Check docs:** Confirm API behavior, package usage, and version-specific details before implementing.
14
+ - **Check package registries:** npm, PyPI, crates.io before writing utility code.
15
+ - Prefer adopting a proven approach over writing net-new code.
16
+
17
+ 1. **Plan** - Break into phases; identify dependencies and risks.
18
+
19
+ 2. **TDD** - Write tests first (RED), implement (GREEN), refactor (IMPROVE). See [testing.md](testing.md).
20
+
21
+ 3. **Code Review** - Review immediately after writing. See [code-review.md](code-review.md).
22
+
23
+ 3.5. **Docs** _(mandatory for any user-facing change)_
24
+ - If you added or changed a CLI command, API endpoint, config option, or architecture boundary: update `docs/concepts/architecture.md` and create or update the relevant `docs/cookbook/` recipe.
25
+ - If you added a CLI command, ensure the cookbook index links to a recipe for it.
26
+ - Run `construct docs:update` to regenerate AUTO-managed regions.
27
+ - A change is not DONE if a user-facing capability exists with no documentation.
28
+
29
+ 4. **Commit** - Conventional commits format. See [git-workflow.md](git-workflow.md).
30
+
31
+ 5. **Pre-Review Checks** - CI passing, conflicts resolved, branch synced.