@geraldmaron/construct 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (352) hide show
  1. package/.env.example +69 -0
  2. package/LICENSE +21 -0
  3. package/README.md +344 -0
  4. package/agents/prompts/cx-accessibility.md +29 -0
  5. package/agents/prompts/cx-ai-engineer.md +31 -0
  6. package/agents/prompts/cx-architect.md +40 -0
  7. package/agents/prompts/cx-business-strategist.md +25 -0
  8. package/agents/prompts/cx-data-analyst.md +30 -0
  9. package/agents/prompts/cx-data-engineer.md +32 -0
  10. package/agents/prompts/cx-debugger.md +27 -0
  11. package/agents/prompts/cx-designer.md +33 -0
  12. package/agents/prompts/cx-devil-advocate.md +36 -0
  13. package/agents/prompts/cx-docs-keeper.md +50 -0
  14. package/agents/prompts/cx-engineer.md +36 -0
  15. package/agents/prompts/cx-evaluator.md +26 -0
  16. package/agents/prompts/cx-explorer.md +38 -0
  17. package/agents/prompts/cx-legal-compliance.md +25 -0
  18. package/agents/prompts/cx-operations.md +28 -0
  19. package/agents/prompts/cx-orchestrator.md +30 -0
  20. package/agents/prompts/cx-platform-engineer.md +25 -0
  21. package/agents/prompts/cx-product-manager.md +30 -0
  22. package/agents/prompts/cx-qa.md +42 -0
  23. package/agents/prompts/cx-rd-lead.md +25 -0
  24. package/agents/prompts/cx-release-manager.md +31 -0
  25. package/agents/prompts/cx-researcher.md +31 -0
  26. package/agents/prompts/cx-reviewer.md +36 -0
  27. package/agents/prompts/cx-security.md +37 -0
  28. package/agents/prompts/cx-sre.md +26 -0
  29. package/agents/prompts/cx-test-automation.md +35 -0
  30. package/agents/prompts/cx-trace-reviewer.md +76 -0
  31. package/agents/prompts/cx-ux-researcher.md +30 -0
  32. package/agents/registry.json +879 -0
  33. package/agents/teams.json +94 -0
  34. package/bin/construct +613 -0
  35. package/commands/build/feature.md +21 -0
  36. package/commands/build/fix.md +20 -0
  37. package/commands/design/access.md +19 -0
  38. package/commands/design/flow.md +16 -0
  39. package/commands/design/ui.md +18 -0
  40. package/commands/measure/experiment.md +18 -0
  41. package/commands/measure/metrics.md +18 -0
  42. package/commands/measure/results.md +18 -0
  43. package/commands/plan/api.md +19 -0
  44. package/commands/plan/challenge.md +18 -0
  45. package/commands/plan/decide.md +20 -0
  46. package/commands/plan/feature.md +49 -0
  47. package/commands/plan/requirements.md +24 -0
  48. package/commands/remember/context.md +26 -0
  49. package/commands/remember/handoff.md +19 -0
  50. package/commands/remember/runbook.md +20 -0
  51. package/commands/review/code.md +21 -0
  52. package/commands/review/quality.md +19 -0
  53. package/commands/review/security.md +16 -0
  54. package/commands/ship/ready.md +19 -0
  55. package/commands/ship/release.md +19 -0
  56. package/commands/ship/status.md +18 -0
  57. package/commands/understand/docs.md +22 -0
  58. package/commands/understand/research.md +22 -0
  59. package/commands/understand/this.md +23 -0
  60. package/commands/understand/why.md +18 -0
  61. package/commands/work/clean.md +32 -0
  62. package/commands/work/drive.md +69 -0
  63. package/commands/work/optimize-prompts.md +46 -0
  64. package/commands/work/parallel-review.md +40 -0
  65. package/db/migrations/001_init.sql +38 -0
  66. package/langfuse/docker-compose.yml +82 -0
  67. package/lib/audit-skills.mjs +118 -0
  68. package/lib/auto-docs.mjs +293 -0
  69. package/lib/cli-commands.mjs +409 -0
  70. package/lib/codex-config.mjs +114 -0
  71. package/lib/comment-lint.mjs +191 -0
  72. package/lib/completions.mjs +170 -0
  73. package/lib/context-state.mjs +99 -0
  74. package/lib/cost.mjs +213 -0
  75. package/lib/distill.mjs +403 -0
  76. package/lib/efficiency.mjs +139 -0
  77. package/lib/env-config.mjs +53 -0
  78. package/lib/eval-harness.mjs +59 -0
  79. package/lib/features.mjs +209 -0
  80. package/lib/headhunt.mjs +597 -0
  81. package/lib/hooks/adaptive-lint.mjs +112 -0
  82. package/lib/hooks/agent-tracker.mjs +50 -0
  83. package/lib/hooks/bootstrap-guard.mjs +90 -0
  84. package/lib/hooks/comment-lint.mjs +26 -0
  85. package/lib/hooks/config-protection.mjs +52 -0
  86. package/lib/hooks/console-warn.mjs +43 -0
  87. package/lib/hooks/context-window-recovery.mjs +90 -0
  88. package/lib/hooks/continuation-enforcer.mjs +72 -0
  89. package/lib/hooks/dep-audit.mjs +155 -0
  90. package/lib/hooks/drive-guard.mjs +89 -0
  91. package/lib/hooks/edit-accumulator.mjs +36 -0
  92. package/lib/hooks/edit-error-recovery.mjs +46 -0
  93. package/lib/hooks/edit-guard.mjs +109 -0
  94. package/lib/hooks/env-check.mjs +80 -0
  95. package/lib/hooks/guard-bash.mjs +83 -0
  96. package/lib/hooks/mcp-audit.mjs +57 -0
  97. package/lib/hooks/mcp-health-check.mjs +51 -0
  98. package/lib/hooks/mcp-task-scope.mjs +47 -0
  99. package/lib/hooks/model-fallback.mjs +105 -0
  100. package/lib/hooks/pre-compact.mjs +212 -0
  101. package/lib/hooks/pre-push-gate.mjs +129 -0
  102. package/lib/hooks/read-tracker.mjs +129 -0
  103. package/lib/hooks/registry-sync.mjs +23 -0
  104. package/lib/hooks/scan-secrets.mjs +76 -0
  105. package/lib/hooks/session-start.mjs +95 -0
  106. package/lib/hooks/stop-notify.mjs +191 -0
  107. package/lib/hooks/stop-typecheck.mjs +83 -0
  108. package/lib/hooks/task-completed-guard.mjs +43 -0
  109. package/lib/hooks/teammate-idle-guard.mjs +54 -0
  110. package/lib/hooks/workflow-guard.mjs +62 -0
  111. package/lib/host-capabilities.mjs +123 -0
  112. package/lib/init-docs.mjs +382 -0
  113. package/lib/mcp/server.mjs +1123 -0
  114. package/lib/mcp-catalog.json +243 -0
  115. package/lib/mcp-manager.mjs +433 -0
  116. package/lib/mcp-platform-config.mjs +104 -0
  117. package/lib/model-router.mjs +810 -0
  118. package/lib/opencode-config.mjs +44 -0
  119. package/lib/opencode-runtime-plugin.mjs +909 -0
  120. package/lib/opencode-telemetry.mjs +433 -0
  121. package/lib/orchestration-policy.mjs +258 -0
  122. package/lib/prompt-composer.mjs +196 -0
  123. package/lib/prompt-metadata.mjs +68 -0
  124. package/lib/review.mjs +429 -0
  125. package/lib/role-preload.mjs +52 -0
  126. package/lib/schemas/decision.json +50 -0
  127. package/lib/schemas/implementation.json +51 -0
  128. package/lib/schemas/review-report.json +32 -0
  129. package/lib/schemas/test-report.json +43 -0
  130. package/lib/server/index.mjs +334 -0
  131. package/lib/server/static/app.js +841 -0
  132. package/lib/server/static/index.html +820 -0
  133. package/lib/service-manager.mjs +225 -0
  134. package/lib/setup.mjs +319 -0
  135. package/lib/status.mjs +707 -0
  136. package/lib/storage/backend.mjs +44 -0
  137. package/lib/storage/embeddings.mjs +70 -0
  138. package/lib/storage/hybrid-query.mjs +184 -0
  139. package/lib/storage/sql-store.mjs +55 -0
  140. package/lib/storage/state-source.mjs +101 -0
  141. package/lib/storage/sync.mjs +164 -0
  142. package/lib/storage/vector-store.mjs +59 -0
  143. package/lib/telemetry/backends/langfuse.mjs +58 -0
  144. package/lib/telemetry/backends/noop.mjs +16 -0
  145. package/lib/telemetry/langfuse-ingest.mjs +108 -0
  146. package/lib/telemetry/langfuse-model-sync.mjs +270 -0
  147. package/lib/telemetry/team-rollup.mjs +143 -0
  148. package/lib/toolkit-env.mjs +30 -0
  149. package/lib/validator.mjs +181 -0
  150. package/lib/workflow-state.mjs +794 -0
  151. package/package.json +53 -0
  152. package/personas/construct.md +94 -0
  153. package/platforms/claude/CLAUDE.md +30 -0
  154. package/platforms/claude/settings.template.json +472 -0
  155. package/platforms/opencode/config.template.json +65 -0
  156. package/platforms/opencode/plugins/construct-fallback.js +5 -0
  157. package/platforms/opencode/sync-config.mjs +69 -0
  158. package/rules/common/agents.md +55 -0
  159. package/rules/common/code-review.md +129 -0
  160. package/rules/common/coding-style.md +95 -0
  161. package/rules/common/comments.md +139 -0
  162. package/rules/common/cx-agent-routing.md +61 -0
  163. package/rules/common/cx-skill-routing.md +11 -0
  164. package/rules/common/development-workflow.md +49 -0
  165. package/rules/common/git-workflow.md +29 -0
  166. package/rules/common/hooks.md +35 -0
  167. package/rules/common/patterns.md +36 -0
  168. package/rules/common/performance.md +71 -0
  169. package/rules/common/security.md +34 -0
  170. package/rules/common/testing.md +62 -0
  171. package/rules/golang/coding-style.md +37 -0
  172. package/rules/golang/hooks.md +22 -0
  173. package/rules/golang/patterns.md +50 -0
  174. package/rules/golang/security.md +39 -0
  175. package/rules/golang/testing.md +36 -0
  176. package/rules/python/coding-style.md +47 -0
  177. package/rules/python/hooks.md +24 -0
  178. package/rules/python/patterns.md +44 -0
  179. package/rules/python/security.md +35 -0
  180. package/rules/python/testing.md +43 -0
  181. package/rules/swift/coding-style.md +52 -0
  182. package/rules/swift/hooks.md +25 -0
  183. package/rules/swift/patterns.md +71 -0
  184. package/rules/swift/security.md +38 -0
  185. package/rules/swift/testing.md +50 -0
  186. package/rules/typescript/coding-style.md +204 -0
  187. package/rules/typescript/hooks.md +27 -0
  188. package/rules/typescript/patterns.md +57 -0
  189. package/rules/typescript/security.md +33 -0
  190. package/rules/typescript/testing.md +23 -0
  191. package/rules/web/coding-style.md +101 -0
  192. package/rules/web/design-quality.md +68 -0
  193. package/rules/web/hooks.md +125 -0
  194. package/rules/web/patterns.md +84 -0
  195. package/rules/web/performance.md +69 -0
  196. package/rules/web/security.md +62 -0
  197. package/rules/web/testing.md +60 -0
  198. package/rules/zh/README.md +113 -0
  199. package/rules/zh/agents.md +55 -0
  200. package/rules/zh/code-review.md +129 -0
  201. package/rules/zh/coding-style.md +53 -0
  202. package/rules/zh/development-workflow.md +49 -0
  203. package/rules/zh/git-workflow.md +29 -0
  204. package/rules/zh/hooks.md +35 -0
  205. package/rules/zh/patterns.md +36 -0
  206. package/rules/zh/performance.md +60 -0
  207. package/rules/zh/security.md +34 -0
  208. package/rules/zh/testing.md +34 -0
  209. package/skills/ai/agent-dev.md +102 -0
  210. package/skills/ai/llm-security.md +105 -0
  211. package/skills/ai/ml-ops.md +169 -0
  212. package/skills/ai/orchestration-workflow.md +87 -0
  213. package/skills/ai/prompt-and-eval.md +114 -0
  214. package/skills/ai/prompt-optimizer.md +114 -0
  215. package/skills/ai/rag-system.md +104 -0
  216. package/skills/architecture/api-design.md +100 -0
  217. package/skills/architecture/caching.md +101 -0
  218. package/skills/architecture/cloud-native.md +97 -0
  219. package/skills/architecture/message-queue.md +100 -0
  220. package/skills/architecture/security-arch.md +105 -0
  221. package/skills/development/cpp.md +127 -0
  222. package/skills/development/go.md +129 -0
  223. package/skills/development/java.md +134 -0
  224. package/skills/development/kotlin.md +140 -0
  225. package/skills/development/mobile-crossplatform.md +144 -0
  226. package/skills/development/python.md +109 -0
  227. package/skills/development/rust.md +127 -0
  228. package/skills/development/shell.md +127 -0
  229. package/skills/development/swift.md +129 -0
  230. package/skills/development/typescript.md +129 -0
  231. package/skills/devops/ci-cd.md +108 -0
  232. package/skills/devops/containerization.md +106 -0
  233. package/skills/devops/cost-optimization.md +105 -0
  234. package/skills/devops/data-engineering.md +181 -0
  235. package/skills/devops/database.md +95 -0
  236. package/skills/devops/dependency-management.md +91 -0
  237. package/skills/devops/devsecops.md +96 -0
  238. package/skills/devops/git-workflow.md +100 -0
  239. package/skills/devops/incident-response.md +167 -0
  240. package/skills/devops/monorepo.md +87 -0
  241. package/skills/devops/observability.md +103 -0
  242. package/skills/devops/performance.md +104 -0
  243. package/skills/devops/testing.md +104 -0
  244. package/skills/docs/adr-workflow.md +32 -0
  245. package/skills/docs/backlog-proposal-workflow.md +19 -0
  246. package/skills/docs/customer-profile-workflow.md +22 -0
  247. package/skills/docs/evidence-ingest-workflow.md +23 -0
  248. package/skills/docs/init-docs.md +160 -0
  249. package/skills/docs/init-project.md +50 -0
  250. package/skills/docs/prd-workflow.md +57 -0
  251. package/skills/docs/prfaq-workflow.md +25 -0
  252. package/skills/docs/product-intelligence-review.md +22 -0
  253. package/skills/docs/product-intelligence-workflow.md +62 -0
  254. package/skills/docs/product-signal-workflow.md +27 -0
  255. package/skills/docs/research-workflow.md +28 -0
  256. package/skills/docs/runbook-workflow.md +24 -0
  257. package/skills/exploration/repo-map.md +297 -0
  258. package/skills/frameworks/django.md +159 -0
  259. package/skills/frameworks/nextjs.md +148 -0
  260. package/skills/frameworks/react.md +132 -0
  261. package/skills/frameworks/spring-boot.md +165 -0
  262. package/skills/frontend-design/accessibility.md +153 -0
  263. package/skills/frontend-design/component-patterns.md +111 -0
  264. package/skills/frontend-design/engineering.md +122 -0
  265. package/skills/frontend-design/state-management.md +118 -0
  266. package/skills/frontend-design/ui-aesthetics.md +102 -0
  267. package/skills/frontend-design/ux-principles.md +126 -0
  268. package/skills/quality-gates/review-work.md +90 -0
  269. package/skills/quality-gates/verify-change.md +94 -0
  270. package/skills/quality-gates/verify-module.md +96 -0
  271. package/skills/quality-gates/verify-quality.md +93 -0
  272. package/skills/quality-gates/verify-security.md +95 -0
  273. package/skills/roles/architect.ai-systems.md +37 -0
  274. package/skills/roles/architect.data.md +37 -0
  275. package/skills/roles/architect.enterprise.md +37 -0
  276. package/skills/roles/architect.integration.md +37 -0
  277. package/skills/roles/architect.md +68 -0
  278. package/skills/roles/architect.platform.md +37 -0
  279. package/skills/roles/data-analyst.experiment.md +37 -0
  280. package/skills/roles/data-analyst.md +68 -0
  281. package/skills/roles/data-analyst.product-intelligence.md +37 -0
  282. package/skills/roles/data-analyst.product.md +37 -0
  283. package/skills/roles/data-analyst.telemetry.md +37 -0
  284. package/skills/roles/data-engineer.pipeline.md +37 -0
  285. package/skills/roles/data-engineer.vector-retrieval.md +37 -0
  286. package/skills/roles/data-engineer.warehouse.md +37 -0
  287. package/skills/roles/debugger.md +68 -0
  288. package/skills/roles/designer.accessibility.md +43 -0
  289. package/skills/roles/designer.md +68 -0
  290. package/skills/roles/engineer.ai.md +49 -0
  291. package/skills/roles/engineer.data.md +49 -0
  292. package/skills/roles/engineer.md +85 -0
  293. package/skills/roles/engineer.platform.md +49 -0
  294. package/skills/roles/operator.docs.md +43 -0
  295. package/skills/roles/operator.md +68 -0
  296. package/skills/roles/operator.release.md +43 -0
  297. package/skills/roles/operator.sre.md +43 -0
  298. package/skills/roles/orchestrator.md +66 -0
  299. package/skills/roles/product-manager.ai-product.md +37 -0
  300. package/skills/roles/product-manager.business-strategy.md +43 -0
  301. package/skills/roles/product-manager.enterprise.md +37 -0
  302. package/skills/roles/product-manager.growth.md +37 -0
  303. package/skills/roles/product-manager.md +67 -0
  304. package/skills/roles/product-manager.platform.md +37 -0
  305. package/skills/roles/product-manager.product.md +37 -0
  306. package/skills/roles/qa.ai-eval.md +37 -0
  307. package/skills/roles/qa.api-contract.md +37 -0
  308. package/skills/roles/qa.data-pipeline.md +37 -0
  309. package/skills/roles/qa.md +68 -0
  310. package/skills/roles/qa.test-automation.md +49 -0
  311. package/skills/roles/qa.web-ui.md +37 -0
  312. package/skills/roles/researcher.explorer.md +43 -0
  313. package/skills/roles/researcher.md +68 -0
  314. package/skills/roles/researcher.ux.md +43 -0
  315. package/skills/roles/reviewer.devil-advocate.md +43 -0
  316. package/skills/roles/reviewer.evaluator.md +43 -0
  317. package/skills/roles/reviewer.md +68 -0
  318. package/skills/roles/reviewer.trace.md +43 -0
  319. package/skills/roles/security.ai.md +37 -0
  320. package/skills/roles/security.appsec.md +37 -0
  321. package/skills/roles/security.cloud.md +37 -0
  322. package/skills/roles/security.legal-compliance.md +49 -0
  323. package/skills/roles/security.md +68 -0
  324. package/skills/roles/security.privacy.md +37 -0
  325. package/skills/roles/security.supply-chain.md +37 -0
  326. package/skills/routing.md +139 -0
  327. package/skills/security/blue-team.md +83 -0
  328. package/skills/security/code-audit.md +94 -0
  329. package/skills/security/pentest.md +84 -0
  330. package/skills/security/red-team.md +81 -0
  331. package/skills/security/threat-intel.md +89 -0
  332. package/skills/security/vuln-research.md +87 -0
  333. package/skills/utility/clean-code.md +165 -0
  334. package/sync-agents.mjs +899 -0
  335. package/templates/docs/adr.md +27 -0
  336. package/templates/docs/backlog-proposal.md +26 -0
  337. package/templates/docs/customer-profile.md +34 -0
  338. package/templates/docs/evidence-brief.md +37 -0
  339. package/templates/docs/incident-report.md +46 -0
  340. package/templates/docs/memo.md +27 -0
  341. package/templates/docs/meta-prd.md +56 -0
  342. package/templates/docs/one-pager.md +24 -0
  343. package/templates/docs/prd-business.md +61 -0
  344. package/templates/docs/prd-platform.md +62 -0
  345. package/templates/docs/prd.md +47 -0
  346. package/templates/docs/prfaq.md +31 -0
  347. package/templates/docs/product-intelligence-report.md +31 -0
  348. package/templates/docs/research-brief.md +29 -0
  349. package/templates/docs/rfc-platform.md +60 -0
  350. package/templates/docs/rfc.md +46 -0
  351. package/templates/docs/runbook.md +33 -0
  352. package/templates/docs/signal-brief.md +25 -0
@@ -0,0 +1,65 @@
1
+ {
2
+ "$schema": "https://opencode.ai/config.json",
3
+ "model": "openrouter/openrouter/free",
4
+ "enabled_providers": [
5
+ "anthropic",
6
+ "openai",
7
+ "openrouter",
8
+ "ollama"
9
+ ],
10
+ "provider": {
11
+ "anthropic": {
12
+ "models": {}
13
+ },
14
+ "openai": {
15
+ "models": {}
16
+ },
17
+ "openrouter": {
18
+ "npm": "@ai-sdk/openai-compatible",
19
+ "name": "OpenRouter",
20
+ "options": {
21
+ "baseURL": "https://openrouter.ai/api/v1",
22
+ "headers": {
23
+ "HTTP-Referer": "__OPENROUTER_REFERER__",
24
+ "X-Title": "__OPENROUTER_TITLE__",
25
+ "Authorization": "Bearer __OPENROUTER_API_KEY__"
26
+ }
27
+ },
28
+ "models": {}
29
+ },
30
+ "ollama": {
31
+ "npm": "@ai-sdk/openai-compatible",
32
+ "name": "Ollama (local)",
33
+ "options": {
34
+ "baseURL": "http://localhost:11434/v1",
35
+ "headers": {
36
+ "Authorization": "Bearer ollama"
37
+ }
38
+ },
39
+ "models": {}
40
+ }
41
+ },
42
+ "mcp": {
43
+ "cass": {
44
+ "type": "local",
45
+ "command": ["npx", "-y", "@modelcontextprotocol/server-memory@latest"]
46
+ },
47
+ "context7": {
48
+ "type": "local",
49
+ "command": ["npx", "-y", "@upstash/context7-mcp@latest"]
50
+ },
51
+ "construct-mcp": {
52
+ "type": "local",
53
+ "command": ["node", "__CX_TOOLKIT_DIR__/lib/mcp/server.mjs"],
54
+ "environment": {
55
+ "CONSTRUCT_TRACE_BACKEND": "__CONSTRUCT_TRACE_BACKEND__",
56
+ "LANGFUSE_BASEURL": "__LANGFUSE_BASEURL__",
57
+ "LANGFUSE_PUBLIC_KEY": "__LANGFUSE_PUBLIC_KEY__",
58
+ "LANGFUSE_SECRET_KEY": "__LANGFUSE_SECRET_KEY__"
59
+ }
60
+ }
61
+ },
62
+ "agent": {
63
+ "__AGENTS_GENERATED_BY_CONSTRUCT_SYNC__": {}
64
+ }
65
+ }
@@ -0,0 +1,5 @@
1
+ import { createConstructOpenCodePlugin } from "__CX_TOOLKIT_DIR__/lib/opencode-runtime-plugin.mjs";
2
+
3
+ export const ConstructFallbackPlugin = createConstructOpenCodePlugin({
4
+ toolkitDir: process.env.CX_TOOLKIT_DIR || "__CX_TOOLKIT_DIR__",
5
+ });
@@ -0,0 +1,69 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * sync-config.mjs — Fetch free models from OpenRouter and sync into OpenCode config.
4
+ * Run periodically or during install to keep the free model list current.
5
+ */
6
+ import fs from "node:fs";
7
+ import { readOpenCodeConfig, writeOpenCodeConfig, findOpenCodeConfigPath } from "../lib/opencode-config.mjs";
8
+
9
+ const configPath = findOpenCodeConfigPath();
10
+
11
+ async function fetchFreeModels() {
12
+ try {
13
+ const res = await fetch("https://openrouter.ai/api/v1/models");
14
+ if (!res.ok) throw new Error(`HTTP ${res.status}`);
15
+ const { data } = await res.json();
16
+ return data
17
+ .filter((m) => m.id.endsWith(":free") && m.context_length >= 4096)
18
+ .map((m) => ({ id: m.id, name: m.name || m.id.replace(/:free$/, "") }))
19
+ .sort((a, b) => a.name.localeCompare(b.name));
20
+ } catch (err) {
21
+ console.warn(`Warning: Could not fetch OpenRouter models: ${err.message}`);
22
+ return [];
23
+ }
24
+ }
25
+
26
+ async function main() {
27
+ if (!fs.existsSync(configPath)) {
28
+ console.log("OpenCode config not found. Run 'construct sync' first.");
29
+ return;
30
+ }
31
+
32
+ const { config } = readOpenCodeConfig();
33
+ const freeModels = await fetchFreeModels();
34
+
35
+ if (freeModels.length === 0) {
36
+ console.log("No free models fetched. Config unchanged.");
37
+ return;
38
+ }
39
+
40
+ if (!config.provider) config.provider = {};
41
+ if (!config.provider.openrouter) {
42
+ config.provider.openrouter = {
43
+ npm: "@ai-sdk/openai-compatible",
44
+ name: "OpenRouter",
45
+ options: {
46
+ baseURL: "https://openrouter.ai/api/v1",
47
+ headers: {}
48
+ },
49
+ models: {}
50
+ };
51
+ }
52
+
53
+ const existingModels = config.provider.openrouter.models ?? {};
54
+ const merged = { ...existingModels };
55
+ for (const model of freeModels) {
56
+ if (!merged[model.id]) {
57
+ merged[model.id] = { name: `${model.name} (free)` };
58
+ }
59
+ }
60
+
61
+ config.provider.openrouter.models = Object.fromEntries(
62
+ Object.entries(merged).sort((a, b) => (a[1].name ?? a[0]).localeCompare(b[1].name ?? b[0]))
63
+ );
64
+
65
+ writeOpenCodeConfig(config, configPath);
66
+ console.log(`Synced ${freeModels.length} free models from OpenRouter.`);
67
+ }
68
+
69
+ main();
@@ -0,0 +1,55 @@
1
+ <!--
2
+ rules/common/agents.md — <one-line purpose>
3
+
4
+ <2–6 line summary.>
5
+ -->
6
+ # Agent Orchestration
7
+
8
+ ## Available Agents
9
+
10
+ Located in `~/.claude/agents/`:
11
+
12
+ | Agent | Purpose | When to Use |
13
+ |-------|---------|-------------|
14
+ | planner | Implementation planning | Complex features, refactoring |
15
+ | architect | System design | Architectural decisions |
16
+ | tdd-guide | Test-driven development | New features, bug fixes |
17
+ | code-reviewer | Code review | After writing code |
18
+ | security-reviewer | Security analysis | Before commits |
19
+ | build-error-resolver | Fix build errors | When build fails |
20
+ | e2e-runner | E2E testing | Critical user flows |
21
+ | refactor-cleaner | Dead code cleanup | Code maintenance |
22
+ | doc-updater | Documentation | Updating docs |
23
+ | rust-reviewer | Rust code review | Rust projects |
24
+
25
+ ## Immediate Agent Usage
26
+
27
+ No user prompt needed:
28
+ 1. Complex feature requests - Use **planner** agent
29
+ 2. Code just written/modified - Use **code-reviewer** agent
30
+ 3. Bug fix or new feature - Use **tdd-guide** agent
31
+ 4. Architectural decision - Use **architect** agent
32
+
33
+ ## Parallel Task Execution
34
+
35
+ ALWAYS use parallel Task execution for independent operations:
36
+
37
+ ```markdown
38
+ # GOOD: Parallel execution
39
+ Launch 3 agents in parallel:
40
+ 1. Agent 1: Security analysis of auth module
41
+ 2. Agent 2: Performance review of cache system
42
+ 3. Agent 3: Type checking of utilities
43
+
44
+ # BAD: Sequential when unnecessary
45
+ First agent 1, then agent 2, then agent 3
46
+ ```
47
+
48
+ ## Multi-Perspective Analysis
49
+
50
+ For complex problems, use split role sub-agents:
51
+ - Factual reviewer
52
+ - Senior engineer
53
+ - Security expert
54
+ - Consistency reviewer
55
+ - Redundancy checker
@@ -0,0 +1,129 @@
1
+ <!--
2
+ rules/common/code-review.md — <one-line purpose>
3
+
4
+ <2–6 line summary.>
5
+ -->
6
+ # Code Review Standards
7
+
8
+ ## Purpose
9
+
10
+ Code review ensures quality, security, and maintainability before code is merged. This rule defines when and how to conduct code reviews.
11
+
12
+ ## When to Review
13
+
14
+ **MANDATORY review triggers:**
15
+
16
+ - After writing or modifying code
17
+ - Before any commit to shared branches
18
+ - When security-sensitive code is changed (auth, payments, user data)
19
+ - When architectural changes are made
20
+ - Before merging pull requests
21
+
22
+ **Pre-Review Requirements:**
23
+
24
+ Before requesting review, ensure:
25
+
26
+ - All automated checks (CI/CD) are passing
27
+ - Merge conflicts are resolved
28
+ - Branch is up to date with target branch
29
+
30
+ ## Review Checklist
31
+
32
+ Before marking code complete:
33
+
34
+ - [ ] Code is readable and well-named
35
+ - [ ] Functions are focused (<50 lines)
36
+ - [ ] Files are cohesive (<800 lines)
37
+ - [ ] No deep nesting (>4 levels)
38
+ - [ ] Errors are handled explicitly
39
+ - [ ] No hardcoded secrets or credentials
40
+ - [ ] No console.log or debug statements
41
+ - [ ] Tests exist for new functionality
42
+ - [ ] Test coverage meets 80% minimum
43
+
44
+ ## Security Review Triggers
45
+
46
+ **STOP and use security-reviewer agent when:**
47
+
48
+ - Authentication or authorization code
49
+ - User input handling
50
+ - Database queries
51
+ - File system operations
52
+ - External API calls
53
+ - Cryptographic operations
54
+ - Payment or financial code
55
+
56
+ ## Review Severity Levels
57
+
58
+ | Level | Meaning | Action |
59
+ |-------|---------|--------|
60
+ | CRITICAL | Security vulnerability or data loss risk | **BLOCK** - Must fix before merge |
61
+ | HIGH | Bug or significant quality issue | **WARN** - Should fix before merge |
62
+ | MEDIUM | Maintainability concern | **INFO** - Consider fixing |
63
+ | LOW | Style or minor suggestion | **NOTE** - Optional |
64
+
65
+ ## Agent Usage
66
+
67
+ Use these agents for code review:
68
+
69
+ | Agent | Purpose |
70
+ |-------|---------|
71
+ | **code-reviewer** | General code quality, patterns, best practices |
72
+ | **security-reviewer** | Security vulnerabilities, OWASP Top 10 |
73
+ | **typescript-reviewer** | TypeScript/JavaScript specific issues |
74
+ | **python-reviewer** | Python specific issues |
75
+ | **go-reviewer** | Go specific issues |
76
+ | **rust-reviewer** | Rust specific issues |
77
+
78
+ ## Review Workflow
79
+
80
+ ```
81
+ 1. Run git diff to understand changes
82
+ 2. Check security checklist first
83
+ 3. Review code quality checklist
84
+ 4. Run relevant tests
85
+ 5. Verify coverage >= 80%
86
+ 6. Use appropriate agent for detailed review
87
+ ```
88
+
89
+ ## Common Issues to Catch
90
+
91
+ ### Security
92
+
93
+ - Hardcoded credentials (API keys, passwords, tokens)
94
+ - SQL injection (string concatenation in queries)
95
+ - XSS vulnerabilities (unescaped user input)
96
+ - Path traversal (unsanitized file paths)
97
+ - CSRF protection missing
98
+ - Authentication bypasses
99
+
100
+ ### Code Quality
101
+
102
+ - Large functions (>50 lines) - split into smaller
103
+ - Large files (>800 lines) - extract modules
104
+ - Deep nesting (>4 levels) - use early returns
105
+ - Missing error handling - handle explicitly
106
+ - Mutation patterns - prefer immutable operations
107
+ - Missing tests - add test coverage
108
+
109
+ ### Performance
110
+
111
+ - N+1 queries - use JOINs or batching
112
+ - Missing pagination - add LIMIT to queries
113
+ - Unbounded queries - add constraints
114
+ - Missing caching - cache expensive operations
115
+
116
+ ## Approval Criteria
117
+
118
+ - **Approve**: No CRITICAL or HIGH issues
119
+ - **Warning**: Only HIGH issues (merge with caution)
120
+ - **Block**: CRITICAL issues found
121
+
122
+ ## Integration with Other Rules
123
+
124
+ This rule works with:
125
+
126
+ - [testing.md](testing.md) - Test coverage requirements
127
+ - [security.md](security.md) - Security checklist
128
+ - [git-workflow.md](git-workflow.md) - Commit standards
129
+ - [agents.md](agents.md) - Agent delegation
@@ -0,0 +1,95 @@
1
+ <!--
2
+ rules/common/coding-style.md — <one-line purpose>
3
+
4
+ <2–6 line summary.>
5
+ -->
6
+ # Coding Style
7
+
8
+ ## Immutability (CRITICAL)
9
+
10
+ ALWAYS create new objects, NEVER mutate existing ones:
11
+
12
+ ```
13
+ // Pseudocode
14
+ WRONG: modify(original, field, value) → changes original in-place
15
+ CORRECT: update(original, field, value) → returns new copy with change
16
+ ```
17
+
18
+ Rationale: Immutable data prevents hidden side effects, makes debugging easier, and enables safe concurrency.
19
+
20
+ ## Core Principles
21
+
22
+ ### KISS (Keep It Simple)
23
+
24
+ - Prefer the simplest solution that actually works
25
+ - Avoid premature optimization
26
+ - Optimize for clarity over cleverness
27
+
28
+ ### DRY (Don't Repeat Yourself)
29
+
30
+ - Extract repeated logic into shared functions or utilities
31
+ - Avoid copy-paste implementation drift
32
+ - Introduce abstractions when repetition is real, not speculative
33
+
34
+ ### YAGNI (You Aren't Gonna Need It)
35
+
36
+ - Do not build features or abstractions before they are needed
37
+ - Avoid speculative generality
38
+ - Start simple, then refactor when the pressure is real
39
+
40
+ ## File Organization
41
+
42
+ MANY SMALL FILES > FEW LARGE FILES:
43
+ - High cohesion, low coupling
44
+ - 200-400 lines typical, 800 max
45
+ - Extract utilities from large modules
46
+ - Organize by feature/domain, not by type
47
+
48
+ ## Error Handling
49
+
50
+ ALWAYS handle errors comprehensively:
51
+ - Handle errors explicitly at every level
52
+ - Provide user-friendly error messages in UI-facing code
53
+ - Log detailed error context on the server side
54
+ - Never silently swallow errors
55
+
56
+ ## Input Validation
57
+
58
+ ALWAYS validate at system boundaries:
59
+ - Validate all user input before processing
60
+ - Use schema-based validation where available
61
+ - Fail fast with clear error messages
62
+ - Never trust external data (API responses, user input, file content)
63
+
64
+ ## Naming Conventions
65
+
66
+ - Variables and functions: `camelCase` with descriptive names
67
+ - Booleans: prefer `is`, `has`, `should`, or `can` prefixes
68
+ - Interfaces, types, and components: `PascalCase`
69
+ - Constants: `UPPER_SNAKE_CASE`
70
+ - Custom hooks: `camelCase` with a `use` prefix
71
+
72
+ ## Code Smells to Avoid
73
+
74
+ ### Deep Nesting
75
+
76
+ Prefer early returns over nested conditionals once the logic starts stacking.
77
+
78
+ ### Magic Numbers
79
+
80
+ Use named constants for meaningful thresholds, delays, and limits.
81
+
82
+ ### Long Functions
83
+
84
+ Split large functions into focused pieces with clear responsibilities.
85
+
86
+ ## Code Quality Checklist
87
+
88
+ Before marking work complete:
89
+ - [ ] Code is readable and well-named
90
+ - [ ] Functions are small (<50 lines)
91
+ - [ ] Files are focused (<800 lines)
92
+ - [ ] No deep nesting (>4 levels)
93
+ - [ ] Proper error handling
94
+ - [ ] No hardcoded values (use constants or config)
95
+ - [ ] No mutation (immutable patterns used)
@@ -0,0 +1,139 @@
1
+ <!--
2
+ rules/common/comments.md — canonical comment policy for the Construct repo.
3
+
4
+ Applies to every file in this repository, including generated agent output.
5
+ Enforced by `construct lint:comments`, the comment-lint PostToolUse hook,
6
+ and CI. Authoring agents must follow this policy without needing reminders.
7
+ -->
8
+
9
+ # Comment Policy
10
+
11
+ Construct treats comments as durable documentation, not scratch notes. This file is the single source of truth. Every change to Construct — manual or agent-driven — must respect it.
12
+
13
+ ## 1. File header block (required)
14
+
15
+ Every file listed below must start with a header block that states the file's path, a one-line purpose, and a short summary of what it does, who calls it, and any side effects.
16
+
17
+ **Scope:**
18
+
19
+ - `bin/**/*` — executable entrypoints
20
+ - `lib/**/*.mjs` — runtime, hooks, server, MCP
21
+ - `sync-agents.mjs`
22
+ - `tests/**/*.mjs`
23
+ - `personas/**/*.md`
24
+ - `skills/**/*.md`
25
+ - `rules/**/*.md`
26
+ - `commands/**/*.md`
27
+ - Generated platform output under `platforms/claude/agents/` and `platforms/opencode/`
28
+ - Scripts under `.github/**` and any top-level shell/Node script
29
+
30
+ **Format — JavaScript / Node:**
31
+
32
+ ```js
33
+ /**
34
+ * <relative/path.mjs> — <one-line purpose>
35
+ *
36
+ * <2–6 line summary: what it does, who calls it, key side effects or
37
+ * dependencies a reader would need to know before touching it.>
38
+ */
39
+ ```
40
+
41
+ **Format — Markdown:**
42
+
43
+ ```html
44
+ <!--
45
+ <relative/path.md> — <one-line purpose>
46
+
47
+ <2–6 line summary matching the JS variant.>
48
+ -->
49
+ ```
50
+
51
+ **Format — Shell:**
52
+
53
+ ```bash
54
+ # <relative/path.sh> — <one-line purpose>
55
+ #
56
+ # <2–6 line summary.>
57
+ ```
58
+
59
+ The linter extracts the path from the block's first line and verifies it matches the file's actual location.
60
+
61
+ ## 2. Section comments (allowed, kept short)
62
+
63
+ Inside a file, a one-line section comment is fine when it genuinely helps navigation:
64
+
65
+ ```js
66
+ // --- model selection ---
67
+ ```
68
+
69
+ Do not write multi-line section banners. Do not repeat what the code immediately below already says.
70
+
71
+ ## 3. Inline comments
72
+
73
+ Default to no inline comment. Only write one when the *why* is non-obvious: a hidden constraint, an invariant, a workaround for a specific bug that would surprise a reader, or a subtle ordering requirement.
74
+
75
+ A comment that describes *what* the code does is almost always noise — the code already says that. Delete it.
76
+
77
+ ## 4. Banned patterns
78
+
79
+ The linter flags these as warnings. Agents must not introduce them.
80
+
81
+ ### Point-in-time references
82
+
83
+ Comments decay. These phrases tie a comment to a moment that the reader can no longer verify:
84
+
85
+ - `added` / `added for` / `added recently`
86
+ - `new:` / `recently` / `just` / `now`
87
+ - `previously` / `we used to` / `no longer`
88
+ - `removed` / `deleted` (as narration, not instruction)
89
+ - `in this PR` / `for this task` / `for the X flow`
90
+ - absolute dates (`2024-…`, `Jan 2025`, etc.) unless tied to a real external deadline
91
+
92
+ ### Caller references
93
+
94
+ The reader can grep for callers. Comments that claim to enumerate them rot:
95
+
96
+ - `used by X` / `called from Y` / `only consumer is Z`
97
+
98
+ *Exception:* the file-header block may list primary consumers when the list is short and load-bearing (see `lib/cli-commands.mjs` for the pattern).
99
+
100
+ ### Issue / PR / ticket references
101
+
102
+ These belong in commit messages and PR bodies, not in source:
103
+
104
+ - `#\d+` / `GH-\d+` / `JIRA-\d+`
105
+ - `fixes #…` / `closes #…` / `see ticket …`
106
+
107
+ ### Trailing "why" comments on self-evident code
108
+
109
+ If the code reads cleanly, leave it alone:
110
+
111
+ ```js
112
+ const total = subtotal + tax; // add tax ← delete this
113
+ ```
114
+
115
+ ### TODO / FIXME without context
116
+
117
+ TODOs without an owner and a reason are abandoned the moment they are written. Required shape:
118
+
119
+ ```js
120
+ // TODO(owner): <what and why> — <condition that resolves it>
121
+ ```
122
+
123
+ ## 5. Generated files
124
+
125
+ Files under `platforms/claude/agents/` and `platforms/opencode/` that are generated output must carry the canonical "Generated by construct sync" banner produced by `sync-agents.mjs`. Hand-edits to these files are rejected; regenerate instead.
126
+
127
+ ## 6. Enforcement
128
+
129
+ | Violation | Level | Enforced by |
130
+ |---|---|---|
131
+ | Missing file header in a scoped path | error | `construct lint:comments`, CI |
132
+ | Banned pattern in a comment | warning | `construct lint:comments`, PostToolUse hook |
133
+ | Hand-edit to a generated file | error | `sync-agents.mjs` regeneration + CI |
134
+
135
+ `construct lint:comments --fix` adds stub headers to files missing one. Banned patterns must be resolved by hand — the linter refuses to guess at the author's intent.
136
+
137
+ ## 7. Why this is strict
138
+
139
+ The repo generates configs for every downstream tool. A point-in-time comment in a persona file becomes a point-in-time comment in every Claude Code, OpenCode, Codex, and Copilot install of Construct. The cost of a lazy comment is multiplied across every surface.
@@ -0,0 +1,61 @@
1
+ <!--
2
+ rules/common/cx-agent-routing.md — auto-trigger routing rules for cx-* specialist agents.
3
+
4
+ Defines when to route directly to a cx-* specialist vs through Construct orchestration.
5
+ Covers intent-based routing table, complexity gate, and routing rules.
6
+ Loaded by rule-loading systems that look for cx-agent-routing in the rules hierarchy.
7
+ -->
8
+ # cx-* Agent Routing — Auto-trigger Rules
9
+
10
+ When a request matches the trigger patterns below, automatically route to the corresponding cx-* specialist or persona before responding.
11
+
12
+ **Default: execute, don't plan.** Most tasks go directly to the right specialist. Route through Construct orchestration only for genuinely complex, multi-workstream work.
13
+
14
+ ---
15
+
16
+ ## Complexity Gate
17
+
18
+ **Simple/bounded → specialist directly:**
19
+ - Bug fix or regression (root cause diagnosable from description)
20
+ - Change scoped to known files with clear outcome
21
+ - Refactor within existing patterns
22
+
23
+ **Complex/uncertain → Construct orchestration (or cx-orchestrator):**
24
+ - New feature requiring new data models or cross-system API contracts
25
+ - Work spanning multiple workstreams
26
+ - Ambiguous scope where approaches produce meaningfully different outcomes
27
+
28
+ ---
29
+
30
+ ## By Intent Type
31
+
32
+ | Request shape | Route | Notes |
33
+ |---|---|---|
34
+ | "explain / what is / how does" | Research (cx-researcher) | handles both general research and library/API docs |
35
+ | "build / add / implement (simple)" | Implementation (cx-engineer) directly | no planning chain needed |
36
+ | "build / add / implement (complex)" | Plan → Implement → Validate | full pipeline |
37
+ | unclear scope, missing requirements | Planning (cx-product-manager, cx-ux-researcher) | requirements before implementation |
38
+ | "broken / failing / error" | Research (cx-debugger) → Implementation (cx-engineer) | debug first, then fix |
39
+ | "review / audit / check code" | Validation (cx-reviewer) | cx-security for auth/secrets/payments |
40
+ | "plan / design / architect" | Planning (cx-architect) | challenge with cx-devil-advocate for risky changes |
41
+ | "test / verify / coverage" | Validation (cx-qa) | |
42
+ | "release / deploy / rollout" | Operations (cx-release-manager) | |
43
+ | "metrics / measure / instrument" | Planning (cx-data-analyst) | |
44
+ | "performance / SLO / alert / monitor" | Operations (cx-sre) | |
45
+ | "prompt / model / RAG / agent workflow" | Implementation (cx-ai-engineer) | require cx-evaluator before shipping |
46
+ | "accessibility / a11y / screen reader" | Validation (cx-accessibility) | |
47
+ | "docs / runbook / decision record" | Research (cx-docs-keeper) | |
48
+ | "explore / trace / investigate code" | Research (cx-explorer) | read-only before changes |
49
+
50
+ ---
51
+
52
+ ## Routing Rules
53
+
54
+ 1. **Match on intent, not exact string.** "Can we ship this?" triggers operations routing.
55
+ 2. **Security and auth always get cx-security.** No exceptions for auth, payments, secrets.
56
+ 3. **Broken things go to cx-debugger first.** Don't plan a fix before root cause is confirmed.
57
+ 4. **Skip cx-devil-advocate for routine changes.** Only invoke for genuinely novel or risky decisions.
58
+ 5. **Require cx-devil-advocate for persistent capability changes.** Any promotion of a temporary overlay/capability into a reusable Construct capability must include a devil's advocate challenge before approval.
59
+ 6. **Explorer for unknown territory.** When the codebase area is unfamiliar, route to cx-explorer first.
60
+ 7. **Unclear requirements always stop at planning.** If missing acceptance criteria or ambiguous scope, route to cx-product-manager or cx-ux-researcher before implementation.
61
+ 8. **Read once per conversation.** No need to re-read this file if already loaded.
@@ -0,0 +1,11 @@
1
+ <!--
2
+ rules/common/cx-skill-routing.md — Redirect to canonical skill routing table.
3
+ -->
4
+ # cx-* Skill Routing
5
+
6
+ > **Canonical file:** [`skills/routing.md`](../../skills/routing.md)
7
+ >
8
+ > All skill routing keywords, domain tables, and routing rules live there.
9
+ > This file exists only as a named entry point for rule-loading systems that
10
+ > look for `cx-skill-routing.md`. Do not add routing entries here — update
11
+ > `skills/routing.md` instead.
@@ -0,0 +1,49 @@
1
+ <!--
2
+ rules/common/development-workflow.md — <one-line purpose>
3
+
4
+ <2–6 line summary.>
5
+ -->
6
+ # Development Workflow
7
+
8
+ > This file extends [common/git-workflow.md](./git-workflow.md) with the full feature development process that happens before git operations.
9
+
10
+ The Feature Implementation Workflow describes the development pipeline: research, planning, TDD, code review, and then committing to git.
11
+
12
+ ## Feature Implementation Workflow
13
+
14
+ 0. **Research & Reuse** _(mandatory before any new implementation)_
15
+ - **GitHub code search first:** Run `gh search repos` and `gh search code` to find existing implementations, templates, and patterns before writing anything new.
16
+ - **Library docs second:** Use Context7 or primary vendor docs to confirm API behavior, package usage, and version-specific details before implementing.
17
+ - **Exa only when the first two are insufficient:** Use Exa for broader web research or discovery after GitHub search and primary docs.
18
+ - **Check package registries:** Search npm, PyPI, crates.io, and other registries before writing utility code. Prefer battle-tested libraries over hand-rolled solutions.
19
+ - **Search for adaptable implementations:** Look for open-source projects that solve 80%+ of the problem and can be forked, ported, or wrapped.
20
+ - Prefer adopting or porting a proven approach over writing net-new code when it meets the requirement.
21
+
22
+ 1. **Plan First**
23
+ - Use **planner** agent to create implementation plan
24
+ - Generate planning docs before coding: PRD, architecture, system_design, tech_doc, task_list
25
+ - Identify dependencies and risks
26
+ - Break down into phases
27
+
28
+ 2. **TDD Approach**
29
+ - Use **tdd-guide** agent
30
+ - Write tests first (RED)
31
+ - Implement to pass tests (GREEN)
32
+ - Refactor (IMPROVE)
33
+ - Verify 80%+ coverage
34
+
35
+ 3. **Code Review**
36
+ - Use **code-reviewer** agent immediately after writing code
37
+ - Address CRITICAL and HIGH issues
38
+ - Fix MEDIUM issues when possible
39
+
40
+ 4. **Commit & Push**
41
+ - Detailed commit messages
42
+ - Follow conventional commits format
43
+ - See [git-workflow.md](./git-workflow.md) for commit message format and PR process
44
+
45
+ 5. **Pre-Review Checks**
46
+ - Verify all automated checks (CI/CD) are passing
47
+ - Resolve any merge conflicts
48
+ - Ensure branch is up to date with target branch
49
+ - Only request review after these checks pass