@geraldmaron/construct 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (352) hide show
  1. package/.env.example +69 -0
  2. package/LICENSE +21 -0
  3. package/README.md +344 -0
  4. package/agents/prompts/cx-accessibility.md +29 -0
  5. package/agents/prompts/cx-ai-engineer.md +31 -0
  6. package/agents/prompts/cx-architect.md +40 -0
  7. package/agents/prompts/cx-business-strategist.md +25 -0
  8. package/agents/prompts/cx-data-analyst.md +30 -0
  9. package/agents/prompts/cx-data-engineer.md +32 -0
  10. package/agents/prompts/cx-debugger.md +27 -0
  11. package/agents/prompts/cx-designer.md +33 -0
  12. package/agents/prompts/cx-devil-advocate.md +36 -0
  13. package/agents/prompts/cx-docs-keeper.md +50 -0
  14. package/agents/prompts/cx-engineer.md +36 -0
  15. package/agents/prompts/cx-evaluator.md +26 -0
  16. package/agents/prompts/cx-explorer.md +38 -0
  17. package/agents/prompts/cx-legal-compliance.md +25 -0
  18. package/agents/prompts/cx-operations.md +28 -0
  19. package/agents/prompts/cx-orchestrator.md +30 -0
  20. package/agents/prompts/cx-platform-engineer.md +25 -0
  21. package/agents/prompts/cx-product-manager.md +30 -0
  22. package/agents/prompts/cx-qa.md +42 -0
  23. package/agents/prompts/cx-rd-lead.md +25 -0
  24. package/agents/prompts/cx-release-manager.md +31 -0
  25. package/agents/prompts/cx-researcher.md +31 -0
  26. package/agents/prompts/cx-reviewer.md +36 -0
  27. package/agents/prompts/cx-security.md +37 -0
  28. package/agents/prompts/cx-sre.md +26 -0
  29. package/agents/prompts/cx-test-automation.md +35 -0
  30. package/agents/prompts/cx-trace-reviewer.md +76 -0
  31. package/agents/prompts/cx-ux-researcher.md +30 -0
  32. package/agents/registry.json +879 -0
  33. package/agents/teams.json +94 -0
  34. package/bin/construct +613 -0
  35. package/commands/build/feature.md +21 -0
  36. package/commands/build/fix.md +20 -0
  37. package/commands/design/access.md +19 -0
  38. package/commands/design/flow.md +16 -0
  39. package/commands/design/ui.md +18 -0
  40. package/commands/measure/experiment.md +18 -0
  41. package/commands/measure/metrics.md +18 -0
  42. package/commands/measure/results.md +18 -0
  43. package/commands/plan/api.md +19 -0
  44. package/commands/plan/challenge.md +18 -0
  45. package/commands/plan/decide.md +20 -0
  46. package/commands/plan/feature.md +49 -0
  47. package/commands/plan/requirements.md +24 -0
  48. package/commands/remember/context.md +26 -0
  49. package/commands/remember/handoff.md +19 -0
  50. package/commands/remember/runbook.md +20 -0
  51. package/commands/review/code.md +21 -0
  52. package/commands/review/quality.md +19 -0
  53. package/commands/review/security.md +16 -0
  54. package/commands/ship/ready.md +19 -0
  55. package/commands/ship/release.md +19 -0
  56. package/commands/ship/status.md +18 -0
  57. package/commands/understand/docs.md +22 -0
  58. package/commands/understand/research.md +22 -0
  59. package/commands/understand/this.md +23 -0
  60. package/commands/understand/why.md +18 -0
  61. package/commands/work/clean.md +32 -0
  62. package/commands/work/drive.md +69 -0
  63. package/commands/work/optimize-prompts.md +46 -0
  64. package/commands/work/parallel-review.md +40 -0
  65. package/db/migrations/001_init.sql +38 -0
  66. package/langfuse/docker-compose.yml +82 -0
  67. package/lib/audit-skills.mjs +118 -0
  68. package/lib/auto-docs.mjs +293 -0
  69. package/lib/cli-commands.mjs +409 -0
  70. package/lib/codex-config.mjs +114 -0
  71. package/lib/comment-lint.mjs +191 -0
  72. package/lib/completions.mjs +170 -0
  73. package/lib/context-state.mjs +99 -0
  74. package/lib/cost.mjs +213 -0
  75. package/lib/distill.mjs +403 -0
  76. package/lib/efficiency.mjs +139 -0
  77. package/lib/env-config.mjs +53 -0
  78. package/lib/eval-harness.mjs +59 -0
  79. package/lib/features.mjs +209 -0
  80. package/lib/headhunt.mjs +597 -0
  81. package/lib/hooks/adaptive-lint.mjs +112 -0
  82. package/lib/hooks/agent-tracker.mjs +50 -0
  83. package/lib/hooks/bootstrap-guard.mjs +90 -0
  84. package/lib/hooks/comment-lint.mjs +26 -0
  85. package/lib/hooks/config-protection.mjs +52 -0
  86. package/lib/hooks/console-warn.mjs +43 -0
  87. package/lib/hooks/context-window-recovery.mjs +90 -0
  88. package/lib/hooks/continuation-enforcer.mjs +72 -0
  89. package/lib/hooks/dep-audit.mjs +155 -0
  90. package/lib/hooks/drive-guard.mjs +89 -0
  91. package/lib/hooks/edit-accumulator.mjs +36 -0
  92. package/lib/hooks/edit-error-recovery.mjs +46 -0
  93. package/lib/hooks/edit-guard.mjs +109 -0
  94. package/lib/hooks/env-check.mjs +80 -0
  95. package/lib/hooks/guard-bash.mjs +83 -0
  96. package/lib/hooks/mcp-audit.mjs +57 -0
  97. package/lib/hooks/mcp-health-check.mjs +51 -0
  98. package/lib/hooks/mcp-task-scope.mjs +47 -0
  99. package/lib/hooks/model-fallback.mjs +105 -0
  100. package/lib/hooks/pre-compact.mjs +212 -0
  101. package/lib/hooks/pre-push-gate.mjs +129 -0
  102. package/lib/hooks/read-tracker.mjs +129 -0
  103. package/lib/hooks/registry-sync.mjs +23 -0
  104. package/lib/hooks/scan-secrets.mjs +76 -0
  105. package/lib/hooks/session-start.mjs +95 -0
  106. package/lib/hooks/stop-notify.mjs +191 -0
  107. package/lib/hooks/stop-typecheck.mjs +83 -0
  108. package/lib/hooks/task-completed-guard.mjs +43 -0
  109. package/lib/hooks/teammate-idle-guard.mjs +54 -0
  110. package/lib/hooks/workflow-guard.mjs +62 -0
  111. package/lib/host-capabilities.mjs +123 -0
  112. package/lib/init-docs.mjs +382 -0
  113. package/lib/mcp/server.mjs +1123 -0
  114. package/lib/mcp-catalog.json +243 -0
  115. package/lib/mcp-manager.mjs +433 -0
  116. package/lib/mcp-platform-config.mjs +104 -0
  117. package/lib/model-router.mjs +810 -0
  118. package/lib/opencode-config.mjs +44 -0
  119. package/lib/opencode-runtime-plugin.mjs +909 -0
  120. package/lib/opencode-telemetry.mjs +433 -0
  121. package/lib/orchestration-policy.mjs +258 -0
  122. package/lib/prompt-composer.mjs +196 -0
  123. package/lib/prompt-metadata.mjs +68 -0
  124. package/lib/review.mjs +429 -0
  125. package/lib/role-preload.mjs +52 -0
  126. package/lib/schemas/decision.json +50 -0
  127. package/lib/schemas/implementation.json +51 -0
  128. package/lib/schemas/review-report.json +32 -0
  129. package/lib/schemas/test-report.json +43 -0
  130. package/lib/server/index.mjs +334 -0
  131. package/lib/server/static/app.js +841 -0
  132. package/lib/server/static/index.html +820 -0
  133. package/lib/service-manager.mjs +225 -0
  134. package/lib/setup.mjs +319 -0
  135. package/lib/status.mjs +707 -0
  136. package/lib/storage/backend.mjs +44 -0
  137. package/lib/storage/embeddings.mjs +70 -0
  138. package/lib/storage/hybrid-query.mjs +184 -0
  139. package/lib/storage/sql-store.mjs +55 -0
  140. package/lib/storage/state-source.mjs +101 -0
  141. package/lib/storage/sync.mjs +164 -0
  142. package/lib/storage/vector-store.mjs +59 -0
  143. package/lib/telemetry/backends/langfuse.mjs +58 -0
  144. package/lib/telemetry/backends/noop.mjs +16 -0
  145. package/lib/telemetry/langfuse-ingest.mjs +108 -0
  146. package/lib/telemetry/langfuse-model-sync.mjs +270 -0
  147. package/lib/telemetry/team-rollup.mjs +143 -0
  148. package/lib/toolkit-env.mjs +30 -0
  149. package/lib/validator.mjs +181 -0
  150. package/lib/workflow-state.mjs +794 -0
  151. package/package.json +53 -0
  152. package/personas/construct.md +94 -0
  153. package/platforms/claude/CLAUDE.md +30 -0
  154. package/platforms/claude/settings.template.json +472 -0
  155. package/platforms/opencode/config.template.json +65 -0
  156. package/platforms/opencode/plugins/construct-fallback.js +5 -0
  157. package/platforms/opencode/sync-config.mjs +69 -0
  158. package/rules/common/agents.md +55 -0
  159. package/rules/common/code-review.md +129 -0
  160. package/rules/common/coding-style.md +95 -0
  161. package/rules/common/comments.md +139 -0
  162. package/rules/common/cx-agent-routing.md +61 -0
  163. package/rules/common/cx-skill-routing.md +11 -0
  164. package/rules/common/development-workflow.md +49 -0
  165. package/rules/common/git-workflow.md +29 -0
  166. package/rules/common/hooks.md +35 -0
  167. package/rules/common/patterns.md +36 -0
  168. package/rules/common/performance.md +71 -0
  169. package/rules/common/security.md +34 -0
  170. package/rules/common/testing.md +62 -0
  171. package/rules/golang/coding-style.md +37 -0
  172. package/rules/golang/hooks.md +22 -0
  173. package/rules/golang/patterns.md +50 -0
  174. package/rules/golang/security.md +39 -0
  175. package/rules/golang/testing.md +36 -0
  176. package/rules/python/coding-style.md +47 -0
  177. package/rules/python/hooks.md +24 -0
  178. package/rules/python/patterns.md +44 -0
  179. package/rules/python/security.md +35 -0
  180. package/rules/python/testing.md +43 -0
  181. package/rules/swift/coding-style.md +52 -0
  182. package/rules/swift/hooks.md +25 -0
  183. package/rules/swift/patterns.md +71 -0
  184. package/rules/swift/security.md +38 -0
  185. package/rules/swift/testing.md +50 -0
  186. package/rules/typescript/coding-style.md +204 -0
  187. package/rules/typescript/hooks.md +27 -0
  188. package/rules/typescript/patterns.md +57 -0
  189. package/rules/typescript/security.md +33 -0
  190. package/rules/typescript/testing.md +23 -0
  191. package/rules/web/coding-style.md +101 -0
  192. package/rules/web/design-quality.md +68 -0
  193. package/rules/web/hooks.md +125 -0
  194. package/rules/web/patterns.md +84 -0
  195. package/rules/web/performance.md +69 -0
  196. package/rules/web/security.md +62 -0
  197. package/rules/web/testing.md +60 -0
  198. package/rules/zh/README.md +113 -0
  199. package/rules/zh/agents.md +55 -0
  200. package/rules/zh/code-review.md +129 -0
  201. package/rules/zh/coding-style.md +53 -0
  202. package/rules/zh/development-workflow.md +49 -0
  203. package/rules/zh/git-workflow.md +29 -0
  204. package/rules/zh/hooks.md +35 -0
  205. package/rules/zh/patterns.md +36 -0
  206. package/rules/zh/performance.md +60 -0
  207. package/rules/zh/security.md +34 -0
  208. package/rules/zh/testing.md +34 -0
  209. package/skills/ai/agent-dev.md +102 -0
  210. package/skills/ai/llm-security.md +105 -0
  211. package/skills/ai/ml-ops.md +169 -0
  212. package/skills/ai/orchestration-workflow.md +87 -0
  213. package/skills/ai/prompt-and-eval.md +114 -0
  214. package/skills/ai/prompt-optimizer.md +114 -0
  215. package/skills/ai/rag-system.md +104 -0
  216. package/skills/architecture/api-design.md +100 -0
  217. package/skills/architecture/caching.md +101 -0
  218. package/skills/architecture/cloud-native.md +97 -0
  219. package/skills/architecture/message-queue.md +100 -0
  220. package/skills/architecture/security-arch.md +105 -0
  221. package/skills/development/cpp.md +127 -0
  222. package/skills/development/go.md +129 -0
  223. package/skills/development/java.md +134 -0
  224. package/skills/development/kotlin.md +140 -0
  225. package/skills/development/mobile-crossplatform.md +144 -0
  226. package/skills/development/python.md +109 -0
  227. package/skills/development/rust.md +127 -0
  228. package/skills/development/shell.md +127 -0
  229. package/skills/development/swift.md +129 -0
  230. package/skills/development/typescript.md +129 -0
  231. package/skills/devops/ci-cd.md +108 -0
  232. package/skills/devops/containerization.md +106 -0
  233. package/skills/devops/cost-optimization.md +105 -0
  234. package/skills/devops/data-engineering.md +181 -0
  235. package/skills/devops/database.md +95 -0
  236. package/skills/devops/dependency-management.md +91 -0
  237. package/skills/devops/devsecops.md +96 -0
  238. package/skills/devops/git-workflow.md +100 -0
  239. package/skills/devops/incident-response.md +167 -0
  240. package/skills/devops/monorepo.md +87 -0
  241. package/skills/devops/observability.md +103 -0
  242. package/skills/devops/performance.md +104 -0
  243. package/skills/devops/testing.md +104 -0
  244. package/skills/docs/adr-workflow.md +32 -0
  245. package/skills/docs/backlog-proposal-workflow.md +19 -0
  246. package/skills/docs/customer-profile-workflow.md +22 -0
  247. package/skills/docs/evidence-ingest-workflow.md +23 -0
  248. package/skills/docs/init-docs.md +160 -0
  249. package/skills/docs/init-project.md +50 -0
  250. package/skills/docs/prd-workflow.md +57 -0
  251. package/skills/docs/prfaq-workflow.md +25 -0
  252. package/skills/docs/product-intelligence-review.md +22 -0
  253. package/skills/docs/product-intelligence-workflow.md +62 -0
  254. package/skills/docs/product-signal-workflow.md +27 -0
  255. package/skills/docs/research-workflow.md +28 -0
  256. package/skills/docs/runbook-workflow.md +24 -0
  257. package/skills/exploration/repo-map.md +297 -0
  258. package/skills/frameworks/django.md +159 -0
  259. package/skills/frameworks/nextjs.md +148 -0
  260. package/skills/frameworks/react.md +132 -0
  261. package/skills/frameworks/spring-boot.md +165 -0
  262. package/skills/frontend-design/accessibility.md +153 -0
  263. package/skills/frontend-design/component-patterns.md +111 -0
  264. package/skills/frontend-design/engineering.md +122 -0
  265. package/skills/frontend-design/state-management.md +118 -0
  266. package/skills/frontend-design/ui-aesthetics.md +102 -0
  267. package/skills/frontend-design/ux-principles.md +126 -0
  268. package/skills/quality-gates/review-work.md +90 -0
  269. package/skills/quality-gates/verify-change.md +94 -0
  270. package/skills/quality-gates/verify-module.md +96 -0
  271. package/skills/quality-gates/verify-quality.md +93 -0
  272. package/skills/quality-gates/verify-security.md +95 -0
  273. package/skills/roles/architect.ai-systems.md +37 -0
  274. package/skills/roles/architect.data.md +37 -0
  275. package/skills/roles/architect.enterprise.md +37 -0
  276. package/skills/roles/architect.integration.md +37 -0
  277. package/skills/roles/architect.md +68 -0
  278. package/skills/roles/architect.platform.md +37 -0
  279. package/skills/roles/data-analyst.experiment.md +37 -0
  280. package/skills/roles/data-analyst.md +68 -0
  281. package/skills/roles/data-analyst.product-intelligence.md +37 -0
  282. package/skills/roles/data-analyst.product.md +37 -0
  283. package/skills/roles/data-analyst.telemetry.md +37 -0
  284. package/skills/roles/data-engineer.pipeline.md +37 -0
  285. package/skills/roles/data-engineer.vector-retrieval.md +37 -0
  286. package/skills/roles/data-engineer.warehouse.md +37 -0
  287. package/skills/roles/debugger.md +68 -0
  288. package/skills/roles/designer.accessibility.md +43 -0
  289. package/skills/roles/designer.md +68 -0
  290. package/skills/roles/engineer.ai.md +49 -0
  291. package/skills/roles/engineer.data.md +49 -0
  292. package/skills/roles/engineer.md +85 -0
  293. package/skills/roles/engineer.platform.md +49 -0
  294. package/skills/roles/operator.docs.md +43 -0
  295. package/skills/roles/operator.md +68 -0
  296. package/skills/roles/operator.release.md +43 -0
  297. package/skills/roles/operator.sre.md +43 -0
  298. package/skills/roles/orchestrator.md +66 -0
  299. package/skills/roles/product-manager.ai-product.md +37 -0
  300. package/skills/roles/product-manager.business-strategy.md +43 -0
  301. package/skills/roles/product-manager.enterprise.md +37 -0
  302. package/skills/roles/product-manager.growth.md +37 -0
  303. package/skills/roles/product-manager.md +67 -0
  304. package/skills/roles/product-manager.platform.md +37 -0
  305. package/skills/roles/product-manager.product.md +37 -0
  306. package/skills/roles/qa.ai-eval.md +37 -0
  307. package/skills/roles/qa.api-contract.md +37 -0
  308. package/skills/roles/qa.data-pipeline.md +37 -0
  309. package/skills/roles/qa.md +68 -0
  310. package/skills/roles/qa.test-automation.md +49 -0
  311. package/skills/roles/qa.web-ui.md +37 -0
  312. package/skills/roles/researcher.explorer.md +43 -0
  313. package/skills/roles/researcher.md +68 -0
  314. package/skills/roles/researcher.ux.md +43 -0
  315. package/skills/roles/reviewer.devil-advocate.md +43 -0
  316. package/skills/roles/reviewer.evaluator.md +43 -0
  317. package/skills/roles/reviewer.md +68 -0
  318. package/skills/roles/reviewer.trace.md +43 -0
  319. package/skills/roles/security.ai.md +37 -0
  320. package/skills/roles/security.appsec.md +37 -0
  321. package/skills/roles/security.cloud.md +37 -0
  322. package/skills/roles/security.legal-compliance.md +49 -0
  323. package/skills/roles/security.md +68 -0
  324. package/skills/roles/security.privacy.md +37 -0
  325. package/skills/roles/security.supply-chain.md +37 -0
  326. package/skills/routing.md +139 -0
  327. package/skills/security/blue-team.md +83 -0
  328. package/skills/security/code-audit.md +94 -0
  329. package/skills/security/pentest.md +84 -0
  330. package/skills/security/red-team.md +81 -0
  331. package/skills/security/threat-intel.md +89 -0
  332. package/skills/security/vuln-research.md +87 -0
  333. package/skills/utility/clean-code.md +165 -0
  334. package/sync-agents.mjs +899 -0
  335. package/templates/docs/adr.md +27 -0
  336. package/templates/docs/backlog-proposal.md +26 -0
  337. package/templates/docs/customer-profile.md +34 -0
  338. package/templates/docs/evidence-brief.md +37 -0
  339. package/templates/docs/incident-report.md +46 -0
  340. package/templates/docs/memo.md +27 -0
  341. package/templates/docs/meta-prd.md +56 -0
  342. package/templates/docs/one-pager.md +24 -0
  343. package/templates/docs/prd-business.md +61 -0
  344. package/templates/docs/prd-platform.md +62 -0
  345. package/templates/docs/prd.md +47 -0
  346. package/templates/docs/prfaq.md +31 -0
  347. package/templates/docs/product-intelligence-report.md +31 -0
  348. package/templates/docs/research-brief.md +29 -0
  349. package/templates/docs/rfc-platform.md +60 -0
  350. package/templates/docs/rfc.md +46 -0
  351. package/templates/docs/runbook.md +33 -0
  352. package/templates/docs/signal-brief.md +25 -0
@@ -0,0 +1,167 @@
1
+ <!--
2
+ skills/devops/incident-response.md — Incident Response — | Sev | User impact | Response time | Example |
3
+
4
+ ## Severity Levels | Sev | User impact | Response time | Example |
5
+ -->
6
+ # Incident Response
7
+
8
+ ## Severity Levels
9
+
10
+ | Sev | User impact | Response time | Example |
11
+ |---|---|---|---|
12
+ | **P0** | Total outage, data loss, security breach | Immediate (< 5 min) | Production DB down, credentials leaked |
13
+ | **P1** | Major feature broken for all users | < 15 min | Auth service down, checkout failing |
14
+ | **P2** | Significant degradation, partial outage | < 1 hour | Elevated error rate, slow responses |
15
+ | **P3** | Minor impact, workaround available | Best effort / next business day | Single user affected, cosmetic |
16
+
17
+ Define severity in your runbook and assign it early — it determines escalation and comms cadence.
18
+
19
+ ## The Response Loop
20
+
21
+ ```
22
+ Detect → Declare → Triage → Mitigate → Resolve → Post-mortem
23
+ ```
24
+
25
+ ### Detect
26
+
27
+ Alert sources: Prometheus/Grafana alerting, Datadog, PagerDuty, user reports, on-call rotation.
28
+
29
+ Healthy detection requires:
30
+ - Symptom-based alerts (error rate, latency p99, availability) not just cause-based
31
+ - Alert fatigue prevention: alert on SLO burn rate, not raw thresholds
32
+ - Clear escalation paths: who gets paged first, who is backup
33
+
34
+ ### Declare
35
+
36
+ Declare an incident early, even if uncertain. It is easier to downgrade than to delay comms.
37
+
38
+ 1. Create incident channel: `#incident-YYYY-MM-DD-brief-description`
39
+ 2. Assign **Incident Commander (IC)** — one person owns the call and all decisions
40
+ 3. Assign **Scribe** — records timeline, decisions, actions in real time
41
+ 4. Assign **Comms Lead** — status page updates and stakeholder notifications
42
+
43
+ ### Triage
44
+
45
+ IC asks: **"What is the user impact and is it getting better or worse?"**
46
+
47
+ ```
48
+ 1. Confirm the alert is real (not a monitoring fluke)
49
+ 2. Bound the blast radius — how many users? Which regions?
50
+ 3. Identify the change vector — what deployed recently?
51
+ 4. Establish a working hypothesis
52
+ ```
53
+
54
+ Use `git log --since="2 hours ago"` and deployment logs to find the change vector.
55
+
56
+ ### Mitigate (not root cause — stop the bleeding first)
57
+
58
+ Mitigation options in priority order:
59
+ 1. **Rollback** — fastest if a recent deploy is the cause
60
+ 2. **Feature flag off** — disable the failing feature
61
+ 3. **Traffic shift** — route to a healthy region or canary
62
+ 4. **Scale up** — if resource exhaustion is the cause
63
+ 5. **Restart** — for stuck processes (last resort — often hides root cause)
64
+
65
+ Do NOT wait for a perfect fix. Mitigate first, fix properly after users are unblocked.
66
+
67
+ ### Resolve
68
+
69
+ Incident is resolved when:
70
+ - User impact returns to baseline
71
+ - Monitoring shows healthy signals for ≥ 15 minutes
72
+ - A clear path to permanent fix is identified
73
+
74
+ Close the incident channel. Update the status page. Send resolution notification to stakeholders.
75
+
76
+ ## Communication During the Incident
77
+
78
+ ### Status page cadence
79
+
80
+ | Phase | Cadence |
81
+ |---|---|
82
+ | P0/P1 active | Every 15 minutes |
83
+ | P2 active | Every 30–60 minutes |
84
+ | Resolved | One final update with summary |
85
+
86
+ Status updates must include: what is impacted, what we know, what we are doing, when the next update is.
87
+
88
+ ```
89
+ [INVESTIGATING] We are seeing elevated error rates on the checkout service.
90
+ Impact: ~30% of checkout attempts are failing.
91
+ We are investigating and will provide an update in 15 minutes.
92
+ ```
93
+
94
+ ### Internal Slack cadence
95
+
96
+ IC posts to the incident channel:
97
+ - Current hypothesis
98
+ - Actions being taken and by whom
99
+ - Decisions made
100
+ - New findings
101
+
102
+ Scribe captures everything in the timeline doc.
103
+
104
+ ## Post-Mortem (Blameless)
105
+
106
+ Write the post-mortem within 48 hours while memory is fresh.
107
+
108
+ ### Required sections
109
+
110
+ 1. **Summary** — 3-sentence description of what happened, impact, and resolution
111
+ 2. **Timeline** — chronological log with timestamps
112
+ 3. **Root cause(s)** — use 5-whys to reach systemic causes, not surface symptoms
113
+ 4. **Contributing factors** — process/tooling gaps that allowed the issue
114
+ 5. **What went well** — detection worked, rollback was fast, etc.
115
+ 6. **Action items** — concrete, assigned, time-bounded; not vague recommendations
116
+
117
+ ### 5-Whys example
118
+
119
+ ```
120
+ User impact: checkout error rate 30%
121
+ Why? → Payment service returning 500s
122
+ Why? → DB connection pool exhausted
123
+ Why? → Query added in yesterday's deploy was unindexed and slow
124
+ Why? → No query performance review in the PR process
125
+ Why? → We have no policy requiring EXPLAIN ANALYZE on new queries
126
+
127
+ Action: Add query plan check to PR template + CI gate for slow queries
128
+ ```
129
+
130
+ ### Blameless culture
131
+
132
+ The post-mortem finds systemic failures, not individual errors. A person took an action that made sense given the information and tools available at the time — the question is why the system allowed that action to cause an outage.
133
+
134
+ ## Runbook Template
135
+
136
+ Every on-call service should have a runbook per alert type:
137
+
138
+ ```markdown
139
+ # Alert: HighPaymentErrorRate
140
+
141
+ ## What this means
142
+ The fraction of payment attempts returning 5xx has exceeded 5% for 5 minutes.
143
+
144
+ ## Immediate checks
145
+ 1. `kubectl logs -n payments -l app=payment-svc --tail=100`
146
+ 2. Check Grafana → Payments dashboard → DB connection pool utilization
147
+ 3. Check recent deploys: `kubectl rollout history deployment/payment-svc`
148
+
149
+ ## Mitigation options
150
+ - If deploy-related: `kubectl rollout undo deployment/payment-svc`
151
+ - If DB-related: page DBA on-call; check slow query log
152
+
153
+ ## Escalation
154
+ If unresolved after 20 min: escalate to on-call lead.
155
+ ```
156
+
157
+ ## Tools Reference
158
+
159
+ | Need | Tool |
160
+ |---|---|
161
+ | Alerting | PagerDuty, OpsGenie |
162
+ | Dashboards | Grafana, Datadog |
163
+ | Log search | Loki, Datadog Logs, CloudWatch |
164
+ | Trace analysis | Jaeger, Tempo, Datadog APM |
165
+ | Status page | Statuspage.io, Atlassian Status |
166
+ | Incident management | Incident.io, FireHydrant, PagerDuty IR |
167
+ | Post-mortem tracking | Linear, Jira, Notion |
@@ -0,0 +1,87 @@
1
+ <!--
2
+ skills/devops/monorepo.md — Monorepo — Use this skill when selecting monorepo tooling, structuring packages, or optimiz
3
+
4
+ Use this skill when selecting monorepo tooling, structuring packages, or optimizing affected-only builds. ## Tool Selection
5
+ -->
6
+ # Monorepo
7
+
8
+ Use this skill when selecting monorepo tooling, structuring packages, or optimizing affected-only builds.
9
+
10
+ ## Tool Selection
11
+
12
+ | Tool | Best For | When NOT to Use | Overhead |
13
+ |---|---|---|---|
14
+ | pnpm workspaces | Simple multi-package repos, shared deps, no task orchestration | Complex task graphs, build caching requirements | Minimal |
15
+ | Turborepo | Medium complexity, build/test caching critical, TypeScript/JS-first, works on pnpm/yarn/npm | Polyglot repos with non-JS build systems | Low |
16
+ | Nx | Large orgs, polyglot, code generation, fine-grained ownership, plugin ecosystem | Small teams or repos where Nx's concepts add more friction than value | Medium–High |
17
+ | Bazel | 10k+ files, strict reproducibility, polyglot, hermetic builds | Any team without a dedicated Bazel expert; startup cost is high | Very High |
18
+
19
+ Start with pnpm workspaces. Add Turborepo when caching becomes valuable. Reach for Nx only when you need its generator, constraint, or ownership systems.
20
+
21
+ ## Repository Layout
22
+
23
+ ```
24
+ apps/
25
+ web/ # deployable applications
26
+ api/
27
+ packages/
28
+ shared/ # shared types, utilities consumed by multiple apps or packages
29
+ ui/ # component library
30
+ config/ # shared eslint, tsconfig, prettier configs
31
+ billing/ # domain packages — business logic with no UI
32
+ auth/
33
+ ```
34
+
35
+ Keep `apps/` for deployable surfaces and `packages/` for everything importable. Never put deployable entrypoints inside `packages/`. Config packages (`packages/config/`) centralise tooling setup — each app/package extends rather than duplicates.
36
+
37
+ ## Package Boundaries
38
+
39
+ - One package per domain or product surface (`packages/billing`, `packages/auth`, `apps/web`, `apps/api`).
40
+ - Place shared utilities in `packages/utils` or `packages/shared` — never in an app package.
41
+ - Never import directly from one `apps/` package to another `apps/` package; extract shared code to `packages/`.
42
+ - Each package exposes its public API through a single `index.ts` barrel file; internal modules are private.
43
+ - Enforce boundaries with Nx `@nrwl/enforce-module-boundaries` lint rules or ESLint's `import/no-restricted-paths`.
44
+
45
+ ## Affected-only Builds
46
+
47
+ Turborepo:
48
+ ```bash
49
+ turbo run build --filter=[HEAD^1]
50
+ turbo run test --filter=[HEAD^1]...
51
+ ```
52
+
53
+ Nx:
54
+ ```bash
55
+ nx affected --target=build --base=origin/main
56
+ nx affected --target=test --base=origin/main
57
+ ```
58
+
59
+ Both tools build a change graph from the dependency tree. A change to `packages/utils` marks every downstream package as affected. Only affected packages run in CI — unaffected packages use cached results.
60
+
61
+ CI integration: set `--base` to the merge base of the PR branch (`origin/main` or `$(git merge-base HEAD origin/main)`), not `HEAD^1`, to correctly identify all changed files in the PR.
62
+
63
+ ## Dependency Management
64
+
65
+ - Use the workspace protocol in pnpm (`workspace:*`) to reference local packages; this guarantees the local version is always used.
66
+ - Never duplicate a dependency version across packages unless there is an explicit version conflict. Use a single lock file at the repo root.
67
+ - Align peer dependencies across all packages; mismatched React or TypeScript versions produce hard-to-diagnose errors.
68
+ - Use `pnpm why <package>` to trace why a transitive dep is installed before removing it.
69
+ - Run `pnpm dedupe` after bulk upgrades to collapse duplicate transitive versions.
70
+
71
+ ## Versioning Strategies
72
+
73
+ | Strategy | Tool | When to Use |
74
+ |---|---|---|
75
+ | Fixed (all packages same version) | Lerna (`--unified`), Nx Release | Libraries published together; consumers always upgrade the full suite |
76
+ | Independent (each package versioned separately) | Changesets, Lerna (`--independent`) | Packages released on different cadences; consumers pick and choose |
77
+
78
+ Changesets workflow: developers add a changeset file (`pnpm changeset`) describing the change and bump type; CI applies changesets and publishes on merge to main. This keeps version decisions in PRs rather than as a post-merge step.
79
+
80
+ Generate changelogs automatically from changeset files; do not write changelogs manually.
81
+
82
+ ## CI Optimization
83
+
84
+ - Cache `.turbo` or Nx's default cache directory (`node_modules/.cache/nx`) between CI runs, keyed to the lock file hash.
85
+ - Enable remote caching (Turborepo Remote Cache, Nx Cloud) for team environments — local caches do not transfer between CI runners.
86
+ - Run `turbo prune --scope=<app>` to generate a minimal lockfile subset for Docker builds of individual apps.
87
+ - Gate PR merges on `affected` tests, not the full suite, to keep CI under 10 minutes for large repos.
@@ -0,0 +1,103 @@
1
+ <!--
2
+ skills/devops/observability.md — Observability — Use this skill when designing logging, tracing, metrics, or alerting systems.
3
+
4
+ Use this skill when designing logging, tracing, metrics, or alerting systems. ## Three Pillars
5
+ -->
6
+ # Observability
7
+
8
+ Use this skill when designing logging, tracing, metrics, or alerting systems.
9
+
10
+ ## Three Pillars
11
+
12
+ ### Logs
13
+ - Structured format (JSON) with consistent field names
14
+ - Required fields: timestamp, level, service, request_id, message
15
+ - Levels: DEBUG (development only), INFO (normal operations), WARN (unexpected but handled), ERROR (failures requiring attention)
16
+ - Never log secrets, passwords, tokens, or full PII
17
+ - Correlate logs with trace IDs for request-level debugging
18
+ - Centralize logs: ELK, Loki, CloudWatch, Datadog
19
+
20
+ ### Metrics
21
+ - USE method for resources: Utilization, Saturation, Errors
22
+ - RED method for services: Rate, Errors, Duration
23
+ - Four golden signals: latency, traffic, errors, saturation
24
+ - Use histograms for latency (not averages)
25
+ - Label dimensions: service, endpoint, status_code, environment
26
+ - Keep cardinality manageable; avoid high-cardinality labels
27
+
28
+ ### Traces
29
+ - Distributed tracing across service boundaries
30
+ - Propagate trace context via headers (W3C Trace Context or B3)
31
+ - Instrument: HTTP clients/servers, database queries, message queue operations
32
+ - Sample in production: 1-10% for high-traffic services, 100% for low-traffic
33
+ - Record: span name, duration, status, attributes, parent span
34
+
35
+ ## Instrumentation
36
+
37
+ ### What to Instrument
38
+ - Every inbound request (HTTP, gRPC, message consumer)
39
+ - Every outbound call (database, cache, external API, queue publish)
40
+ - Business events: signup, purchase, error recovery
41
+ - Background jobs: start, complete, fail
42
+
43
+ ### How to Instrument
44
+ - Use OpenTelemetry for vendor-neutral instrumentation
45
+ - Auto-instrumentation for frameworks and libraries when available
46
+ - Custom spans for business-critical code paths
47
+ - Baggage for cross-service context (tenant ID, feature flags)
48
+
49
+ ## Alerting
50
+
51
+ ### Alert Design
52
+ - Alert on symptoms (error rate, latency), not causes (CPU, memory)
53
+ - Use burn rate alerts for SLO-based monitoring
54
+ - Page for user-impacting issues; ticket for non-urgent
55
+ - Every alert must have a runbook link
56
+ - Test alerts regularly; unused alerts should be deleted
57
+
58
+ ### Severity Levels
59
+
60
+ | Level | Response Time | Example |
61
+ |---|---|---|
62
+ | Critical (page) | <15 min | Service down, data loss risk |
63
+ | High (page) | <1 hour | Error rate >5%, SLO breach |
64
+ | Medium (ticket) | <24 hours | Elevated latency, disk >80% |
65
+ | Low (ticket) | <1 week | Dependency deprecation, minor anomaly |
66
+
67
+ ### Anti-Patterns
68
+ - Alerting on every metric threshold (alert fatigue)
69
+ - Alerts without runbooks (responder does not know what to do)
70
+ - Alerts that always fire (desensitization)
71
+ - No owner assigned to an alert
72
+
73
+ ## SLOs
74
+
75
+ - Define SLIs: the metric that represents user experience (availability, latency, correctness)
76
+ - Set SLO target: e.g., 99.9% of requests complete in <300ms
77
+ - Calculate error budget: 100% - SLO = acceptable failures per period
78
+ - Alert when error budget burn rate exceeds threshold
79
+ - Review SLOs quarterly; adjust based on business needs and reliability data
80
+
81
+ ## Dashboards
82
+
83
+ ### Principles
84
+ - One overview dashboard per service
85
+ - Top section: SLO status, error budget remaining
86
+ - Middle section: traffic, latency (p50, p95, p99), error rate
87
+ - Bottom section: resource utilization, dependency health
88
+ - Drill-down dashboards for specific subsystems
89
+ - Avoid vanity metrics; every panel should inform a decision
90
+
91
+ ### Tools
92
+ - Grafana for open-source metric visualization
93
+ - Datadog, New Relic, or Honeycomb for managed observability
94
+ - PagerDuty or Opsgenie for alert routing and escalation
95
+
96
+ ## Incident Investigation Flow
97
+
98
+ 1. Check SLO dashboard for affected services
99
+ 2. Inspect error rate and latency spikes for timing
100
+ 3. Filter traces by error status in the time window
101
+ 4. Read logs correlated with failing trace IDs
102
+ 5. Identify the root service and operation
103
+ 6. Check recent deployments and configuration changes
@@ -0,0 +1,104 @@
1
+ <!--
2
+ skills/devops/performance.md — Performance Engineering — Use this skill when profiling, load testing, or optimizing application and infra
3
+
4
+ Use this skill when profiling, load testing, or optimizing application and infrastructure performance. ## Performance Targets
5
+ -->
6
+ # Performance Engineering
7
+
8
+ Use this skill when profiling, load testing, or optimizing application and infrastructure performance.
9
+
10
+ ## Performance Targets
11
+
12
+ Define targets before optimizing. Measure against real user experience.
13
+
14
+ | Metric | Web Target | API Target |
15
+ |---|---|---|
16
+ | p50 latency | <200ms | <50ms |
17
+ | p95 latency | <1s | <200ms |
18
+ | p99 latency | <3s | <500ms |
19
+ | Throughput | - | Define per endpoint |
20
+ | Error rate | <0.1% | <0.1% |
21
+
22
+ ## Profiling
23
+
24
+ ### Application Profiling
25
+ - CPU profiling: identify hot functions and call paths
26
+ - Memory profiling: find leaks, excessive allocations, and retention
27
+ - Trace profiling: follow requests across service boundaries
28
+ - Flame graphs for visual analysis of CPU and memory usage
29
+ - Profile in production or with production-like data; synthetic benchmarks mislead
30
+
31
+ ### Database Profiling
32
+ - Slow query log (threshold: 100ms)
33
+ - EXPLAIN ANALYZE on suspect queries
34
+ - Index usage statistics
35
+ - Connection pool utilization
36
+ - Lock contention and wait events
37
+
38
+ ### Network Profiling
39
+ - DNS resolution time
40
+ - TLS handshake time
41
+ - Time to first byte (TTFB)
42
+ - Payload size and compression effectiveness
43
+ - Connection reuse and keep-alive behavior
44
+
45
+ ## Load Testing
46
+
47
+ ### Types
48
+ - **Smoke**: minimal load to verify the system works (1-5 users)
49
+ - **Load**: expected production traffic to establish baseline
50
+ - **Stress**: beyond expected traffic to find the breaking point
51
+ - **Soak**: sustained load for hours to find leaks and degradation
52
+ - **Spike**: sudden traffic burst to test auto-scaling and recovery
53
+
54
+ ### Tools
55
+ - k6, Gatling, Locust, Artillery, or JMeter
56
+ - Script realistic user journeys, not just single endpoints
57
+ - Ramp up gradually; sudden jumps obscure bottleneck identification
58
+ - Run against an environment isolated from production
59
+ - Collect metrics from application, database, and infrastructure during tests
60
+
61
+ ### Analysis
62
+ - Identify the bottleneck: CPU, memory, I/O, network, database, external service
63
+ - Fix one bottleneck at a time; re-measure after each fix
64
+ - Document baseline metrics before optimization
65
+ - Compare before and after with statistical significance
66
+
67
+ ## Optimization Techniques
68
+
69
+ ### Application
70
+ - Cache expensive computations and repeated queries
71
+ - Use connection pooling for databases and HTTP clients
72
+ - Batch operations instead of sequential calls
73
+ - Async processing for non-blocking work
74
+ - Precompute and materialize frequently accessed derived data
75
+
76
+ ### Database
77
+ - Optimize queries before adding hardware
78
+ - Add indexes for slow queries (EXPLAIN first)
79
+ - Use read replicas for read-heavy workloads
80
+ - Partition large tables by time or tenant
81
+ - Archive old data to reduce active dataset size
82
+
83
+ ### Infrastructure
84
+ - Right-size instances based on actual utilization
85
+ - Auto-scale based on leading indicators (queue depth, CPU trend)
86
+ - Use CDN for static content and cacheable API responses
87
+ - Place compute close to data to reduce network latency
88
+ - Compress responses (gzip, brotli, zstd)
89
+
90
+ ## Monitoring for Performance
91
+
92
+ - Track p50, p95, p99 latency per endpoint
93
+ - Monitor error rate alongside latency
94
+ - Set SLOs and alert on burn rate, not individual breaches
95
+ - Dashboard: latency, throughput, error rate, saturation (CPU, memory, connections)
96
+ - Compare metrics week-over-week to detect gradual degradation
97
+
98
+ ## Anti-Patterns
99
+
100
+ - Optimizing without profiling (guessing the bottleneck)
101
+ - Premature optimization of code that runs rarely
102
+ - Caching without invalidation strategy
103
+ - Adding resources instead of fixing the root cause
104
+ - Micro-benchmarks that do not reflect production workloads
@@ -0,0 +1,104 @@
1
+ <!--
2
+ skills/devops/testing.md — Testing Strategy — Use this skill when planning test coverage, selecting test types, or establishin
3
+
4
+ Use this skill when planning test coverage, selecting test types, or establishing testing practices. ## Test Pyramid
5
+ -->
6
+ # Testing Strategy
7
+
8
+ Use this skill when planning test coverage, selecting test types, or establishing testing practices.
9
+
10
+ ## Test Pyramid
11
+
12
+ ### Unit Tests (70%)
13
+ - Test individual functions, methods, and classes in isolation
14
+ - Fast: entire suite runs in seconds
15
+ - Mock external dependencies (database, network, file system)
16
+ - One assertion per test when practical
17
+ - Name tests for the behavior they verify
18
+
19
+ ### Integration Tests (20%)
20
+ - Test interactions between components
21
+ - Use real databases (Docker containers) when practical
22
+ - Test API endpoints end-to-end within the service
23
+ - Verify serialization, query behavior, and error propagation
24
+ - Slower than unit tests; run in CI, not necessarily on every save
25
+
26
+ ### End-to-End Tests (10%)
27
+ - Test critical user flows through the full system
28
+ - Use browser automation (Playwright, Cypress) for web
29
+ - Cover the happy path and the most important error paths
30
+ - Flaky by nature; invest in deterministic waits and stable selectors
31
+ - Run in CI; gate deployment on these passing
32
+
33
+ ## Test Structure (AAA)
34
+
35
+ ```
36
+ Arrange: set up preconditions and inputs
37
+ Act: execute the behavior under test
38
+ Assert: verify the expected outcome
39
+ ```
40
+
41
+ - One act per test
42
+ - Minimize arrangement; use factories or fixtures
43
+ - Assertions should be specific and descriptive
44
+
45
+ ## Coverage Targets
46
+
47
+ | Category | Minimum | Target |
48
+ |---|---|---|
49
+ | Overall | 80% | 90% |
50
+ | Critical paths | 95% | 100% |
51
+ | Utility functions | 90% | 95% |
52
+ | Error handling | 80% | 90% |
53
+
54
+ - Measure branch coverage, not just line coverage
55
+ - Coverage is a floor, not a ceiling; high coverage does not guarantee quality
56
+ - Uncovered code should have documented justification
57
+
58
+ ## Test Naming
59
+
60
+ Use descriptive names that explain the scenario:
61
+ - `returns empty array when no results match`
62
+ - `throws validation error when email is missing`
63
+ - `retries three times before failing`
64
+
65
+ Avoid: `test1`, `testCreate`, `it works`
66
+
67
+ ## Mocking Guidelines
68
+
69
+ - Mock external dependencies, not internal implementation
70
+ - Prefer fakes (in-memory database) over mocks when practical
71
+ - Verify mock interactions only when the interaction itself is the behavior
72
+ - Reset mocks between tests to prevent state leakage
73
+ - Avoid mocking what you do not own; use integration tests instead
74
+
75
+ ## Test Data
76
+
77
+ - Use factories or builders for test data creation
78
+ - Randomize non-essential fields to catch hidden dependencies
79
+ - Use realistic data shapes and sizes
80
+ - Clean up test data after each test or use transactions with rollback
81
+ - Never use production data in tests
82
+
83
+ ## Flaky Test Management
84
+
85
+ - Quarantine flaky tests immediately; do not let them erode CI trust
86
+ - Fix or delete within one sprint
87
+ - Common causes: timing, shared state, external dependencies, race conditions
88
+ - Use retry as a diagnostic tool, not a fix
89
+
90
+ ## Performance Testing
91
+
92
+ - Load test: expected traffic for baseline
93
+ - Stress test: beyond expected traffic to find breaking point
94
+ - Soak test: sustained load to find memory leaks and resource exhaustion
95
+ - Benchmark critical paths with repeatable measurements
96
+ - Automate performance regression detection in CI
97
+
98
+ ## Security Testing
99
+
100
+ - SAST: static analysis in CI on every commit
101
+ - DAST: dynamic scanning against staging environment
102
+ - Dependency scanning: `audit` commands in CI
103
+ - Penetration testing: quarterly or after major changes
104
+ - See `skills/security/pentest.md` for detailed web testing guidance
@@ -0,0 +1,32 @@
1
+ <!--
2
+ skills/docs/adr-workflow.md — Workflow for recording an architectural decision as an ADR.
3
+
4
+ Triggered when cx-architect finalizes a design or a technology choice is made. Writes a
5
+ full ADR to docs/adr/ using the shipped template (user-overridable via .cx/templates/docs/adr.md)
6
+ and a shorter entry to .cx/decisions/ for session context.
7
+ -->
8
+ # ADR Workflow
9
+
10
+ Use when: an architectural decision is made that affects the system structure, data model, API contracts, or technology choices.
11
+
12
+ ## Trigger automatically when
13
+ - cx-architect finalizes a design
14
+ - A technology is selected over alternatives
15
+ - A pattern is established that should be followed project-wide
16
+ - A previous decision is reversed or superseded
17
+
18
+ ## Steps
19
+
20
+ 1. **cx-architect** or **cx-engineer** identifies the decision
21
+ 2. **Write to `docs/adr/ADR-{NNN}-{slug}.md`** using the template from `get_template("adr")` — resolves `.cx/templates/docs/adr.md` (override) then `templates/docs/adr.md` (shipped)
22
+ - NNN = next sequential number (check existing files)
23
+ 3. **Also write a shorter entry to `.cx/decisions/`** for session context
24
+ 4. **cx-docs-keeper** updates `.cx/context.md` Architecture Notes with a one-line summary and link
25
+
26
+ ## File naming
27
+ - `docs/adr/ADR-001-use-postgres-over-mysql.md`
28
+ - `docs/adr/ADR-002-jwt-auth-strategy.md`
29
+
30
+ ## Cross-referencing
31
+ - If this ADR supersedes another: update the old ADR's status field
32
+ - If this ADR depends on another: add a References link
@@ -0,0 +1,19 @@
1
+ <!--
2
+ skills/docs/backlog-proposal-workflow.md — Approval-gated issue tracker proposals.
3
+ -->
4
+ # Backlog Proposal Workflow
5
+
6
+ Use when: product evidence should create or update Jira, Linear, GitHub Issues, or another tracker.
7
+
8
+ ## Steps
9
+
10
+ 1. Load source evidence, evidence brief, PRD, or signal brief.
11
+ 2. Search existing tracker context if an MCP is configured; otherwise search local docs and product-intel artifacts.
12
+ 3. Create `.cx/product-intel/backlog-proposals/{date}-{slug}.md` with `get_template("backlog-proposal")`.
13
+ 4. Include duplicate/conflict analysis and exact proposed writes.
14
+ 5. Return `NEEDS_MAIN_INPUT` for approval before any external write.
15
+ 6. After approval, apply changes and update the proposal's application log.
16
+
17
+ ## Rules
18
+
19
+ Never write externally from weak evidence without making the risk explicit. Never create duplicate issues when an existing issue can be updated.
@@ -0,0 +1,22 @@
1
+ <!--
2
+ skills/docs/customer-profile-workflow.md — Maintain durable customer/account memory for Product Intelligence.
3
+ -->
4
+ # Customer Profile Workflow
5
+
6
+ Use when: customer evidence should update durable product memory.
7
+
8
+ ## Steps
9
+
10
+ 1. Load the existing customer profile from `.cx/product-intel/customer-profiles/` if present.
11
+ 2. Read the new source evidence.
12
+ 3. Add new facts, asks, pain points, contacts, product areas, and evidence links.
13
+ 4. Preserve historical entries. Do not delete or rewrite prior history without explicit approval.
14
+ 5. Save with `get_template("customer-profile")`.
15
+
16
+ ## Rules
17
+
18
+ Profiles are product memory, not CRM records. Keep only information needed for product decisions. Mark uncertain facts as uncertain and cite the source.
19
+
20
+ ## Retrieval
21
+
22
+ Customer profiles are indexed by hybrid retrieval. Future PRDs, PRFAQs, evidence briefs, and backlog proposals should search them before drafting.
@@ -0,0 +1,23 @@
1
+ <!--
2
+ skills/docs/evidence-ingest-workflow.md — Normalize raw product evidence into Construct product-intel artifacts.
3
+ -->
4
+ # Evidence Ingest Workflow
5
+
6
+ Use when: the user pastes customer notes, Slack threads, support tickets, sales notes, research snippets, RFCs, analytics summaries, or competitor signals.
7
+
8
+ ## Steps
9
+
10
+ 1. Identify the source type and date.
11
+ 2. Extract source metadata: customer, actor, product area, channel, linked issue, and confidence.
12
+ 3. Save raw or lightly normalized source material under `.cx/product-intel/sources/`.
13
+ 4. If customer-specific, update or create `.cx/product-intel/customer-profiles/{customer}.md` using `get_template("customer-profile")`.
14
+ 5. Create `.cx/product-intel/evidence-briefs/{date}-{slug}.md` using `get_template("evidence-brief")` when the evidence supports a product decision.
15
+ 6. If evidence is weak but worth preserving, create a signal brief with `get_template("signal-brief")`.
16
+
17
+ ## Rules
18
+
19
+ Do not invent customer quotes, names, or issue links. Preserve ambiguity. If source evidence contains personal data, record only the minimum needed for product decisions.
20
+
21
+ ## Storage
22
+
23
+ Files in `.cx/product-intel/` are indexed by Construct's hybrid retrieval path. Postgres stores them as `product-intel` documents during sync, and the vector layer makes them semantically retrievable for future PRDs and Meta PRDs.