@geraldmaron/construct 1.0.12 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (337) hide show
  1. package/README.md +14 -2
  2. package/bin/construct +262 -14
  3. package/bin/construct-postinstall.mjs +23 -2
  4. package/commands/build/feature.md +0 -6
  5. package/commands/build/fix.md +0 -6
  6. package/commands/design/access.md +0 -6
  7. package/commands/design/flow.md +0 -6
  8. package/commands/design/ui.md +0 -6
  9. package/commands/measure/experiment.md +0 -6
  10. package/commands/measure/metrics.md +0 -6
  11. package/commands/measure/results.md +0 -6
  12. package/commands/plan/api.md +0 -6
  13. package/commands/plan/challenge.md +0 -6
  14. package/commands/plan/decide.md +0 -6
  15. package/commands/plan/feature.md +0 -7
  16. package/commands/plan/requirements.md +0 -6
  17. package/commands/remember/context.md +0 -6
  18. package/commands/remember/handoff.md +0 -6
  19. package/commands/remember/runbook.md +0 -6
  20. package/commands/review/code.md +0 -6
  21. package/commands/review/quality.md +0 -6
  22. package/commands/review/security.md +0 -6
  23. package/commands/ship/ready.md +0 -6
  24. package/commands/ship/release.md +0 -6
  25. package/commands/ship/status.md +0 -6
  26. package/commands/understand/docs.md +0 -6
  27. package/commands/understand/research.md +0 -6
  28. package/commands/understand/this.md +0 -6
  29. package/commands/understand/why.md +0 -6
  30. package/commands/work/clean.md +0 -6
  31. package/commands/work/drive.md +0 -6
  32. package/commands/work/optimize-prompts.md +0 -6
  33. package/commands/work/parallel-review.md +0 -6
  34. package/lib/auto-docs.mjs +11 -7
  35. package/lib/beads-client.mjs +19 -1
  36. package/lib/comment-lint.mjs +5 -1
  37. package/lib/context-state.mjs +15 -3
  38. package/lib/contracts/validate.mjs +54 -10
  39. package/lib/contracts/violation-log.mjs +154 -0
  40. package/lib/dashboard-static.mjs +7 -4
  41. package/lib/doc-stamp.mjs +16 -0
  42. package/lib/docs-verify.mjs +1 -8
  43. package/lib/doctor/watchers/bd-watch.mjs +6 -2
  44. package/lib/document-extract/docling-client.mjs +114 -0
  45. package/lib/document-extract/docling-sidecar.py +122 -0
  46. package/lib/document-extract/whisper-client.mjs +79 -0
  47. package/lib/document-extract.mjs +73 -8
  48. package/lib/document-ingest.mjs +26 -4
  49. package/lib/embed/daemon.mjs +26 -1
  50. package/lib/embed/docs-lifecycle.mjs +19 -0
  51. package/lib/embed/inbox.mjs +85 -2
  52. package/lib/embed/recommendation-store.mjs +29 -0
  53. package/lib/flavors/loader.mjs +1 -1
  54. package/lib/gates-audit.mjs +18 -12
  55. package/lib/handoffs/contract.mjs +2 -2
  56. package/lib/hooks/_lib/input.mjs +52 -0
  57. package/lib/hooks/adaptive-lint.mjs +4 -0
  58. package/lib/hooks/agent-tracker.mjs +59 -15
  59. package/lib/hooks/audit-reads.mjs +83 -42
  60. package/lib/hooks/audit-trail.mjs +28 -18
  61. package/lib/hooks/bash-output-logger.mjs +8 -2
  62. package/lib/hooks/block-no-verify.mjs +4 -0
  63. package/lib/hooks/ci-status-check.mjs +4 -0
  64. package/lib/hooks/comment-lint.mjs +6 -4
  65. package/lib/hooks/config-protection.mjs +4 -0
  66. package/lib/hooks/context-watch.mjs +4 -0
  67. package/lib/hooks/context-window-recovery.mjs +4 -0
  68. package/lib/hooks/dep-audit.mjs +12 -5
  69. package/lib/hooks/doc-coupling-check.mjs +5 -1
  70. package/lib/hooks/edit-accumulator.mjs +25 -10
  71. package/lib/hooks/edit-error-recovery.mjs +4 -0
  72. package/lib/hooks/edit-guard.mjs +4 -0
  73. package/lib/hooks/guard-bash.mjs +4 -0
  74. package/lib/hooks/mcp-audit.mjs +4 -0
  75. package/lib/hooks/mcp-health-check.mjs +4 -0
  76. package/lib/hooks/model-fallback.mjs +7 -11
  77. package/lib/hooks/policy-engine.mjs +4 -0
  78. package/lib/hooks/post-merge-docs-check.mjs +4 -0
  79. package/lib/hooks/post-merge-tracking.mjs +82 -0
  80. package/lib/hooks/pre-compact.mjs +4 -0
  81. package/lib/hooks/pre-push-gate.mjs +84 -231
  82. package/lib/hooks/proactive-activation.mjs +5 -2
  83. package/lib/hooks/readme-age-check.mjs +4 -0
  84. package/lib/hooks/registry-sync.mjs +35 -20
  85. package/lib/hooks/rule-verifier.mjs +3 -0
  86. package/lib/hooks/scan-secrets.mjs +4 -0
  87. package/lib/hooks/session-optimize.mjs +4 -0
  88. package/lib/hooks/session-reflect.mjs +4 -0
  89. package/lib/hooks/session-start.mjs +49 -2
  90. package/lib/hooks/session-tracking-refresh.mjs +70 -0
  91. package/lib/hooks/stop-notify.mjs +13 -2
  92. package/lib/hooks/stop-typecheck.mjs +4 -0
  93. package/lib/hooks/test-watch.mjs +8 -4
  94. package/lib/ingest/chunker.mjs +94 -0
  95. package/lib/ingest/pipeline.mjs +53 -0
  96. package/lib/ingest/store.mjs +82 -0
  97. package/lib/init-unified.mjs +90 -23
  98. package/lib/intake/attribution.mjs +77 -0
  99. package/lib/intake/intake-config.mjs +3 -0
  100. package/lib/intake/manifest.mjs +107 -0
  101. package/lib/intake/poll-lock.mjs +136 -0
  102. package/lib/intake/prepare.mjs +42 -4
  103. package/lib/knowledge/search.mjs +12 -0
  104. package/lib/logging/rotate.mjs +394 -0
  105. package/lib/mcp/server.mjs +142 -1
  106. package/lib/mcp/tools/project.mjs +2 -2
  107. package/lib/mcp/tools/skills.mjs +6 -3
  108. package/lib/mcp/tools/telemetry.mjs +1 -1
  109. package/lib/mcp/tools/workflow.mjs +6 -2
  110. package/lib/observation-store.mjs +14 -5
  111. package/lib/ollama-manager.mjs +32 -28
  112. package/lib/opencode-config.mjs +10 -3
  113. package/lib/orchestration/routing-tables.mjs +176 -0
  114. package/lib/orchestration-policy.mjs +18 -106
  115. package/lib/parity.mjs +48 -7
  116. package/lib/profiles/lifecycle.mjs +19 -1
  117. package/lib/project-init-shared.mjs +11 -5
  118. package/lib/project-root.mjs +104 -0
  119. package/lib/prompt-composer.js +11 -1
  120. package/lib/roles/catalog.mjs +1 -1
  121. package/lib/roles/event-bus.mjs +29 -9
  122. package/lib/roles/router.mjs +8 -7
  123. package/lib/runtime/uv-bootstrap.mjs +129 -0
  124. package/lib/runtime/whisper-bootstrap.mjs +102 -0
  125. package/lib/server/index.mjs +53 -10
  126. package/lib/server/static/index.html +1 -15
  127. package/lib/specialists/postconditions.mjs +1 -1
  128. package/lib/status.mjs +1 -1
  129. package/lib/storage/backup.mjs +2 -2
  130. package/lib/sync/skill-frontmatter.mjs +113 -21
  131. package/lib/telemetry/intent-verifications.mjs +16 -3
  132. package/lib/telemetry/skill-calls.mjs +12 -3
  133. package/lib/tracking-surfaces.mjs +377 -0
  134. package/lib/validators/skills.mjs +86 -54
  135. package/lib/worker/trace.mjs +19 -2
  136. package/package.json +10 -6
  137. package/personas/construct.md +4 -7
  138. package/platforms/claude/settings.template.json +29 -28
  139. package/rules/common/beads-hygiene.md +3 -9
  140. package/rules/common/code-review.md +3 -6
  141. package/rules/common/coding-style.md +3 -6
  142. package/rules/common/comments.md +3 -7
  143. package/rules/common/commit-approval.md +3 -6
  144. package/rules/common/cx-agent-routing.md +3 -7
  145. package/rules/common/cx-skill-routing.md +3 -3
  146. package/rules/common/doc-ownership.md +3 -8
  147. package/rules/common/efficiency.md +3 -8
  148. package/rules/common/framing.md +3 -8
  149. package/rules/common/git-workflow.md +3 -5
  150. package/rules/common/no-fabrication.md +4 -12
  151. package/rules/common/patterns.md +3 -5
  152. package/rules/common/release-gates.md +3 -8
  153. package/rules/common/research.md +3 -8
  154. package/rules/common/review-before-change.md +3 -9
  155. package/rules/common/security.md +3 -6
  156. package/rules/common/skill-composition.md +3 -7
  157. package/rules/common/testing.md +3 -6
  158. package/rules/golang/coding-style.md +1 -5
  159. package/rules/golang/hooks.md +1 -5
  160. package/rules/golang/patterns.md +1 -5
  161. package/rules/golang/security.md +1 -5
  162. package/rules/golang/testing.md +1 -5
  163. package/rules/python/coding-style.md +1 -5
  164. package/rules/python/hooks.md +1 -5
  165. package/rules/python/patterns.md +1 -5
  166. package/rules/python/security.md +1 -5
  167. package/rules/python/testing.md +1 -5
  168. package/rules/swift/coding-style.md +1 -5
  169. package/rules/swift/hooks.md +1 -5
  170. package/rules/swift/patterns.md +1 -5
  171. package/rules/swift/security.md +1 -5
  172. package/rules/swift/testing.md +1 -5
  173. package/rules/typescript/coding-style.md +1 -5
  174. package/rules/typescript/hooks.md +1 -5
  175. package/rules/typescript/patterns.md +1 -5
  176. package/rules/typescript/security.md +1 -5
  177. package/rules/typescript/testing.md +1 -5
  178. package/rules/web/coding-style.md +3 -5
  179. package/rules/web/design-quality.md +3 -5
  180. package/rules/web/hooks.md +3 -5
  181. package/rules/web/patterns.md +3 -5
  182. package/rules/web/performance.md +3 -5
  183. package/rules/web/security.md +3 -5
  184. package/rules/web/testing.md +3 -5
  185. package/scripts/sync-specialists.mjs +269 -75
  186. package/skills/ai/agent-dev.md +4 -5
  187. package/skills/ai/llm-security.md +4 -5
  188. package/skills/ai/ml-ops.md +4 -5
  189. package/skills/ai/orchestration-workflow.md +4 -5
  190. package/skills/ai/prompt-and-eval.md +4 -5
  191. package/skills/ai/prompt-optimizer.md +4 -6
  192. package/skills/ai/rag-system.md +4 -5
  193. package/skills/architecture/api-design.md +4 -5
  194. package/skills/architecture/caching.md +4 -5
  195. package/skills/architecture/cloud-native.md +4 -5
  196. package/skills/architecture/message-queue.md +4 -5
  197. package/skills/architecture/security-arch.md +4 -5
  198. package/skills/compliance/ai-disclosure.md +4 -5
  199. package/skills/compliance/data-privacy.md +4 -5
  200. package/skills/compliance/license-audit.md +4 -5
  201. package/skills/compliance/regulatory-review.md +4 -5
  202. package/skills/development/cpp.md +4 -5
  203. package/skills/development/go.md +4 -5
  204. package/skills/development/java.md +4 -5
  205. package/skills/development/kotlin.md +4 -5
  206. package/skills/development/mobile-crossplatform.md +4 -5
  207. package/skills/development/python.md +4 -5
  208. package/skills/development/rust.md +4 -5
  209. package/skills/development/shell.md +4 -5
  210. package/skills/development/swift.md +4 -5
  211. package/skills/development/typescript.md +4 -5
  212. package/skills/devops/ci-cd.md +4 -5
  213. package/skills/devops/containerization.md +4 -5
  214. package/skills/devops/cost-optimization.md +4 -5
  215. package/skills/devops/data-engineering.md +4 -5
  216. package/skills/devops/database.md +4 -5
  217. package/skills/devops/dependency-management.md +4 -5
  218. package/skills/devops/devsecops.md +4 -5
  219. package/skills/devops/git-workflow.md +4 -5
  220. package/skills/devops/incident-response.md +4 -5
  221. package/skills/devops/monorepo.md +4 -5
  222. package/skills/devops/observability.md +4 -5
  223. package/skills/devops/performance.md +4 -5
  224. package/skills/devops/testing.md +4 -5
  225. package/skills/docs/adr-workflow.md +4 -7
  226. package/skills/docs/backlog-proposal-workflow.md +4 -3
  227. package/skills/docs/customer-profile-workflow.md +4 -3
  228. package/skills/docs/document-ingest-workflow.md +4 -3
  229. package/skills/docs/evidence-ingest-workflow.md +4 -3
  230. package/skills/docs/init-docs.md +4 -5
  231. package/skills/docs/init-project.md +4 -5
  232. package/skills/docs/prd-workflow.md +4 -7
  233. package/skills/docs/prfaq-workflow.md +4 -3
  234. package/skills/docs/product-intelligence-review.md +4 -3
  235. package/skills/docs/product-intelligence-workflow.md +4 -6
  236. package/skills/docs/product-signal-workflow.md +4 -5
  237. package/skills/docs/research-workflow.md +4 -5
  238. package/skills/docs/runbook-workflow.md +4 -5
  239. package/skills/docs/strategy-workflow.md +4 -5
  240. package/skills/exploration/dependency-graph-reading.md +4 -7
  241. package/skills/exploration/repo-map.md +4 -5
  242. package/skills/exploration/tracer-bullet-method.md +4 -7
  243. package/skills/exploration/unknown-codebase-onboarding.md +4 -7
  244. package/skills/frameworks/django.md +4 -5
  245. package/skills/frameworks/nextjs.md +4 -5
  246. package/skills/frameworks/react.md +4 -5
  247. package/skills/frameworks/spring-boot.md +4 -5
  248. package/skills/frontend-design/accessibility.md +4 -5
  249. package/skills/frontend-design/component-patterns.md +4 -5
  250. package/skills/frontend-design/engineering.md +4 -5
  251. package/skills/frontend-design/state-management.md +4 -5
  252. package/skills/frontend-design/ui-aesthetics.md +4 -5
  253. package/skills/frontend-design/ux-principles.md +4 -5
  254. package/skills/operating/change-management.md +4 -8
  255. package/skills/operating/incident-response.md +4 -8
  256. package/skills/operating/oncall-rotation.md +4 -7
  257. package/skills/operating/orchestration-reference.md +4 -10
  258. package/skills/quality-gates/review-work.md +4 -5
  259. package/skills/quality-gates/verify-change.md +4 -5
  260. package/skills/quality-gates/verify-module.md +4 -5
  261. package/skills/quality-gates/verify-quality.md +4 -5
  262. package/skills/quality-gates/verify-security.md +4 -5
  263. package/skills/roles/architect.ai-systems.md +6 -9
  264. package/skills/roles/architect.data.md +6 -9
  265. package/skills/roles/architect.enterprise.md +6 -9
  266. package/skills/roles/architect.integration.md +6 -9
  267. package/skills/roles/architect.md +7 -14
  268. package/skills/roles/architect.platform.md +6 -9
  269. package/skills/roles/data-analyst.experiment.md +6 -9
  270. package/skills/roles/data-analyst.md +6 -9
  271. package/skills/roles/data-analyst.product-intelligence.md +7 -9
  272. package/skills/roles/data-analyst.product.md +6 -9
  273. package/skills/roles/data-analyst.telemetry.md +7 -9
  274. package/skills/roles/data-engineer.pipeline.md +6 -9
  275. package/skills/roles/data-engineer.vector-retrieval.md +7 -9
  276. package/skills/roles/data-engineer.warehouse.md +6 -9
  277. package/skills/roles/debugger.md +6 -9
  278. package/skills/roles/designer.accessibility.md +6 -9
  279. package/skills/roles/designer.md +7 -9
  280. package/skills/roles/engineer.ai.md +6 -9
  281. package/skills/roles/engineer.data.md +6 -9
  282. package/skills/roles/engineer.md +9 -9
  283. package/skills/roles/engineer.platform.md +6 -9
  284. package/skills/roles/operator.docs.md +6 -9
  285. package/skills/roles/operator.md +9 -9
  286. package/skills/roles/operator.release.md +6 -9
  287. package/skills/roles/operator.sre.md +6 -9
  288. package/skills/roles/orchestrator.md +6 -9
  289. package/skills/roles/product-manager.ai-product.md +6 -9
  290. package/skills/roles/product-manager.business-strategy.md +6 -9
  291. package/skills/roles/product-manager.enterprise.md +6 -9
  292. package/skills/roles/product-manager.growth.md +7 -9
  293. package/skills/roles/product-manager.md +7 -9
  294. package/skills/roles/product-manager.platform.md +6 -9
  295. package/skills/roles/product-manager.product.md +6 -9
  296. package/skills/roles/qa.ai-eval.md +8 -9
  297. package/skills/roles/qa.api-contract.md +7 -9
  298. package/skills/roles/qa.data-pipeline.md +7 -9
  299. package/skills/roles/qa.md +7 -9
  300. package/skills/roles/qa.test-automation.md +6 -9
  301. package/skills/roles/qa.web-ui.md +7 -9
  302. package/skills/roles/researcher.explorer.md +6 -9
  303. package/skills/roles/researcher.md +8 -9
  304. package/skills/roles/researcher.ux.md +6 -9
  305. package/skills/roles/reviewer.devil-advocate.md +6 -9
  306. package/skills/roles/reviewer.evaluator.md +6 -9
  307. package/skills/roles/reviewer.md +9 -9
  308. package/skills/roles/reviewer.trace.md +6 -9
  309. package/skills/roles/security.ai.md +7 -9
  310. package/skills/roles/security.appsec.md +6 -9
  311. package/skills/roles/security.cloud.md +6 -9
  312. package/skills/roles/security.legal-compliance.md +6 -9
  313. package/skills/roles/security.md +7 -9
  314. package/skills/roles/security.privacy.md +7 -9
  315. package/skills/roles/security.supply-chain.md +7 -9
  316. package/skills/security/blue-team.md +4 -5
  317. package/skills/security/code-audit.md +4 -5
  318. package/skills/security/pentest.md +4 -5
  319. package/skills/security/red-team.md +4 -5
  320. package/skills/security/threat-intel.md +4 -5
  321. package/skills/security/vuln-research.md +4 -5
  322. package/skills/strategy/competitive-landscape.md +4 -8
  323. package/skills/strategy/market-research-methods.md +4 -8
  324. package/skills/strategy/narrative-arc.md +4 -8
  325. package/skills/strategy/pricing-positioning.md +4 -8
  326. package/skills/utility/clean-code.md +4 -5
  327. package/specialists/policy-inventory.json +14 -0
  328. package/specialists/registry.json +158 -13
  329. package/lib/hooks/env-check.mjs +0 -83
  330. package/lib/hooks/read-tracker.mjs +0 -61
  331. package/lib/policy/unified-gates.mjs +0 -96
  332. package/lib/server/static/assets/index-ab25c707.js +0 -70
  333. package/lib/server/static/assets/index-f0c80a2b.css +0 -1
  334. package/lib/specialist-contracts-enforce.mjs +0 -158
  335. package/rules/common/agents.md +0 -28
  336. package/rules/common/development-workflow.md +0 -32
  337. package/rules/common/performance.md +0 -55
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@geraldmaron/construct",
3
- "version": "1.0.12",
3
+ "version": "1.0.15",
4
4
  "type": "module",
5
5
  "description": "Construct — agent orchestration layer for OpenCode, Claude Code, and other coding surfaces",
6
6
  "bin": {
@@ -27,6 +27,10 @@
27
27
  "engines": {
28
28
  "node": ">=20"
29
29
  },
30
+ "workspaces": [
31
+ "apps/*",
32
+ "packages/*"
33
+ ],
30
34
  "license": "Apache-2.0",
31
35
  "publishConfig": {
32
36
  "access": "public"
@@ -42,7 +46,7 @@
42
46
  "scripts": {
43
47
  "mcp": "node lib/mcp/server.mjs",
44
48
  "test": "node scripts/run-tests.mjs",
45
- "test:functional": "node --test --test-timeout=30000 tests/functional/*.functional.test.mjs",
49
+ "test:functional": "node --test --test-timeout=120000 --test-concurrency=1 tests/functional/*.functional.test.mjs",
46
50
  "test:unit": "node scripts/run-tests.mjs --exclude=tests/functional",
47
51
  "docs:init": "node lib/init-docs.mjs --yes",
48
52
  "docs:update": "node ./bin/construct docs:update",
@@ -53,7 +57,6 @@
53
57
  "lint:contracts": "node ./bin/construct lint:contracts",
54
58
  "lint:agents": "node ./bin/construct lint:agents",
55
59
  "build:sea": "esbuild bin/construct --bundle --platform=node --target=node20 --packages=external --outfile=dist/construct-bundle.cjs 2>&1 || (echo 'esbuild not found — install with: npm install -g esbuild' && exit 1)",
56
- "lint:prose": "node scripts/lint-prose.mjs",
57
60
  "lint:profiles": "node scripts/lint-profiles.mjs",
58
61
  "learning:status": "node scripts/learning-status.mjs",
59
62
  "lint:templates": "node scripts/lint-commits-pr.mjs",
@@ -69,16 +72,17 @@
69
72
  "@huggingface/transformers": "^4.2.0",
70
73
  "@modelcontextprotocol/sdk": "^1.12.0",
71
74
  "@xenova/transformers": "^2.0.1",
75
+ "js-yaml": "^4.2.0",
72
76
  "node-webvtt": "^1.9.3",
73
77
  "postgres": "^3.4.9"
74
78
  },
75
79
  "optionalDependencies": {
76
80
  "@opentelemetry/api": "^1.9.0",
77
- "@opentelemetry/sdk-trace-node": "^1.25.0",
81
+ "@opentelemetry/core": "^1.25.0",
78
82
  "@opentelemetry/exporter-trace-otlp-http": "^0.52.0",
79
83
  "@opentelemetry/resources": "^1.25.0",
80
- "@opentelemetry/semantic-conventions": "^1.25.0",
81
- "@opentelemetry/core": "^1.25.0"
84
+ "@opentelemetry/sdk-trace-node": "^1.25.0",
85
+ "@opentelemetry/semantic-conventions": "^1.25.0"
82
86
  },
83
87
  "overrides": {
84
88
  "express-rate-limit": "8.5.1",
@@ -1,10 +1,7 @@
1
- <!--
2
- personas/construct.md. Construct persona prompt.
3
-
4
- Defines the single user-facing AI interface and its session-start behavior,
5
- routing rules, approval boundaries, and output contract. Loaded by sync-specialists
6
- and emitted to every supported platform.
7
- -->
1
+ ---
2
+ name: construct
3
+ description: Construct persona prompt.
4
+ ---
8
5
  You are Construct. The user talks only to you; internal routing and specialist dispatch are implementation detail.
9
6
 
10
7
  **Anti-fabrication contract**: every load-bearing claim cites a verifiable source. Missing source becomes `unknown` or `[unverified]`. Specialists tailor; the persona never weakens. See `rules/common/no-fabrication.md`.
@@ -14,19 +14,7 @@
14
14
  }
15
15
  ],
16
16
  "id": "session:start",
17
- "description": "Load prior project context and git status at session start"
18
- },
19
- {
20
- "matcher": "*",
21
- "hooks": [
22
- {
23
- "type": "command",
24
- "command": "node \"$HOME/.construct/lib/hooks/env-check.mjs\"",
25
- "timeout": 5
26
- }
27
- ],
28
- "id": "session:env-check",
29
- "description": "Warn about missing required env vars at session open"
17
+ "description": "Load prior project context, git status, and missing-env-var notice at session start"
30
18
  }
31
19
  ],
32
20
  "PreToolUse": [
@@ -163,7 +151,7 @@
163
151
  }
164
152
  ],
165
153
  "id": "post:edit:comment-lint",
166
- "description": "Block edits that violate comment policy (banned patterns, missing required header). Bypass: CONSTRUCT_SKIP_COMMENT_LINT=1"
154
+ "description": "Block edits that violate comment policy (banned patterns, missing required header). No bypass — repair the policy if it fires wrong."
167
155
  },
168
156
  {
169
157
  "matcher": "Write|Edit|MultiEdit",
@@ -215,19 +203,6 @@
215
203
  "id": "post:edit:dep-audit",
216
204
  "description": "Audit dependencies for vulnerabilities after manifest changes"
217
205
  },
218
- {
219
- "matcher": "Read",
220
- "hooks": [
221
- {
222
- "type": "command",
223
- "command": "node \"$HOME/.construct/lib/hooks/read-tracker.mjs\"",
224
- "timeout": 3,
225
- "async": true
226
- }
227
- ],
228
- "id": "post:read-tracker",
229
- "description": "Record file content hash after Read for staleness detection in edit-guard"
230
- },
231
206
  {
232
207
  "matcher": "Read",
233
208
  "hooks": [
@@ -239,7 +214,7 @@
239
214
  }
240
215
  ],
241
216
  "id": "post:audit-reads",
242
- "description": "Tamper-evident chain log of every Read tool call. Off by default enable with CONSTRUCT_AUDIT_READS=1."
217
+ "description": "Update file-hashes.json for edit-guard staleness detection on every Read; optionally write a tamper-evident audit chain when CONSTRUCT_AUDIT_READS=1."
243
218
  },
244
219
  {
245
220
  "matcher": "mcp__.*",
@@ -305,6 +280,19 @@
305
280
  "id": "post:bash:post-merge-docs-check",
306
281
  "description": "Emit doc-drift events when a merge lands without matching docs/CHANGELOG updates"
307
282
  },
283
+ {
284
+ "matcher": "Bash",
285
+ "hooks": [
286
+ {
287
+ "type": "command",
288
+ "command": "node \"$HOME/.construct/lib/hooks/post-merge-tracking.mjs\"",
289
+ "timeout": 5,
290
+ "async": true
291
+ }
292
+ ],
293
+ "id": "post:bash:post-merge-tracking",
294
+ "description": "After `gh pr merge` succeeds, parse the PR body's Refs/Closes/Fixes lines and close every referenced construct-XXX bead so plan.md and .cx/context.md don't drift behind merged work"
295
+ },
308
296
  {
309
297
  "matcher": "Edit|Write|MultiEdit|NotebookEdit|Bash",
310
298
  "hooks": [
@@ -473,6 +461,19 @@
473
461
  ],
474
462
  "id": "stop:auto-reflect",
475
463
  "description": "Deterministic session-end reflect: extracts a transcript summary into .cx/observations (500ms hard budget; CONSTRUCT_REFLECT_AUTO=off to disable)"
464
+ },
465
+ {
466
+ "matcher": "*",
467
+ "hooks": [
468
+ {
469
+ "type": "command",
470
+ "command": "node \"$HOME/.construct/lib/hooks/session-tracking-refresh.mjs\"",
471
+ "timeout": 5,
472
+ "async": true
473
+ }
474
+ ],
475
+ "id": "stop:tracking-refresh",
476
+ "description": "Auto-refresh .cx/context.{md,json} from recent observations + commits + closed beads; sync plan.md bead-status table; archive plan.md to .cx/handoffs/ when all referenced beads are closed"
476
477
  }
477
478
  ],
478
479
  "UserPromptSubmit": [
@@ -1,12 +1,6 @@
1
- <!--
2
- rules/common/beads-hygiene.md: Beads issue tracker hygiene contract.
3
-
4
- Beads is the system of record for durable work in this project. Status drifts
5
- when issues are not updated alongside the code, so every agent and persona
6
- operating in Construct treats hygiene as part of the work, not as cleanup.
7
- Loaded by AGENTS.md, CLAUDE.md, the construct persona, and the engineer /
8
- operator / planner role overlays.
9
- -->
1
+ ---
2
+ description: Beads issue tracker hygiene contract.
3
+ ---
10
4
  # Beads Hygiene: Project Contract
11
5
 
12
6
  Beads (`bd`) is the canonical durable tracker for Construct. Beads only earn their keep when their state matches the world. Stale "open" issues pollute `bd ready`, hide real work, and let agents propose work that already shipped. Every agent (human or AI, on any platform) is responsible for keeping the tracker honest.
@@ -1,9 +1,6 @@
1
- <!--
2
- rules/common/code-review.md: when and how to conduct code reviews.
3
-
4
- Defines mandatory review triggers, severity levels, approval criteria,
5
- and references coding-style.md and security.md for checklists.
6
- -->
1
+ ---
2
+ description: when and how to conduct code reviews.
3
+ ---
7
4
  # Code Review Standards
8
5
 
9
6
  ## When to Review
@@ -1,9 +1,6 @@
1
- <!--
2
- rules/common/coding-style.md: language-agnostic coding standards.
3
-
4
- Covers immutability, core principles (KISS/DRY/YAGNI), file organization,
5
- error handling, input validation, naming conventions, and quality checklist.
6
- -->
1
+ ---
2
+ description: language-agnostic coding standards.
3
+ ---
7
4
  # Coding Style
8
5
 
9
6
  ## Immutability (CRITICAL)
@@ -1,10 +1,6 @@
1
- <!--
2
- rules/common/comments.md: Construct comment convention for JS/TS/MJS source files.
3
-
4
- Defines the two allowed comment forms (file header, section context block) and
5
- what is never allowed (inline narration, trailing comments, mid-function notes).
6
- Enforced by lib/hooks/comment-lint.mjs and tests/hooks-budget.test.mjs.
7
- -->
1
+ ---
2
+ description: Construct comment convention for JS/TS/MJS source files.
3
+ ---
8
4
  # Comment Convention
9
5
 
10
6
  Two forms are allowed. Everything else is deleted.
@@ -1,9 +1,6 @@
1
- <!--
2
- rules/common/commit-approval.md: conversational approval rule for mutating git operations.
3
-
4
- Behavioral rule, not a hook. The agent asks and waits for a yes; the user
5
- replies in chat. Infrastructure stays out of the way.
6
- -->
1
+ ---
2
+ description: conversational approval rule for mutating git operations.
3
+ ---
7
4
  # Commit Approval
8
5
 
9
6
  Construct does not commit, push, or merge without the user explicitly saying yes in the current conversation.
@@ -1,10 +1,6 @@
1
- <!--
2
- rules/common/cx-agent-routing.md: auto-trigger routing rules for cx-* specialist agents.
3
-
4
- Defines when to route directly to a cx-* specialist vs through Construct orchestration.
5
- Covers intent-based routing table, complexity gate, and routing rules.
6
- Loaded by rule-loading systems that look for cx-agent-routing in the rules hierarchy.
7
- -->
1
+ ---
2
+ description: auto-trigger routing rules for cx-* specialist agents.
3
+ ---
8
4
  # cx-* Agent Routing: Auto-trigger Rules
9
5
 
10
6
  When a request matches the trigger patterns below, automatically route to the corresponding cx-* specialist or persona before responding.
@@ -1,6 +1,6 @@
1
- <!--
2
- rules/common/cx-skill-routing.md: Redirect to canonical skill routing table.
3
- -->
1
+ ---
2
+ description: Redirect to canonical skill routing table.
3
+ ---
4
4
  # cx-* Skill Routing
5
5
 
6
6
  > **Canonical file:** [`skills/routing.md`](../../skills/routing.md)
@@ -1,11 +1,6 @@
1
- <!--
2
- rules/common/doc-ownership.md: which specialist owns which document type.
3
-
4
- Prevents the orchestrator (or any general persona) from authoring specialist
5
- documents directly. Routing authorship to the owning role is how research,
6
- framing, and domain scrutiny actually fire: writing a PRD without the
7
- product manager bypasses those checks entirely.
8
- -->
1
+ ---
2
+ description: which specialist owns which document type.
3
+ ---
9
4
  # Document Ownership
10
5
 
11
6
  A document type names a body of work. That body of work has an owner. The orchestrator routes; it does not author.
@@ -1,11 +1,6 @@
1
- <!--
2
- rules/common/efficiency.md: session context and tool-use efficiency standards.
3
-
4
- Applies to all agents operating in a Construct session. Violations compound context
5
- cost and reduce throughput. These rules are enforced by read-tracker.mjs and surfaced
6
- in the session-start efficiency digest.
7
- -->
8
-
1
+ ---
2
+ description: session context and tool-use efficiency standards.
3
+ ---
9
4
  # Session Efficiency
10
5
 
11
6
  ## Read discipline
@@ -1,11 +1,6 @@
1
- <!--
2
- rules/common/framing.md: how to frame a problem before acting on it.
3
-
4
- Establishes the hard separation between execution artifacts (tickets, chat
5
- transcripts, existing docs) and sources of truth (the underlying problem).
6
- Applies to every specialist working on architecture, documentation, research,
7
- product, or strategy work. Read before scaffolding anything.
8
- -->
1
+ ---
2
+ description: how to frame a problem before acting on it.
3
+ ---
9
4
  # Framing Policy
10
5
 
11
6
  Most agent failures on ambiguous work trace to a single mistake: anchoring on the most concrete input available (usually a ticket or a prior doc) and building the output around its structure instead of around the actual problem.
@@ -1,8 +1,6 @@
1
- <!--
2
- rules/common/git-workflow.md: commit message format and PR workflow.
3
-
4
- Defines conventional commit types and pull request creation steps.
5
- -->
1
+ ---
2
+ description: commit message format and PR workflow.
3
+ ---
6
4
  # Git Workflow
7
5
 
8
6
  ## Commit Message Format
@@ -1,14 +1,6 @@
1
- <!--
2
- rules/common/no-fabrication.md: canonical anti-fabrication policy for Construct.
3
-
4
- Defines the trust contract between operators and the system: outputs stick to
5
- source, gaps stay visible, and confidence reflects evidence. Applies to every
6
- specialist, every artifact, and every summary — intake processing, document
7
- evaluation, knowledge writing, plan drafting, review verdicts, handoffs.
8
-
9
- Sibling rules: research.md (evidence hierarchy), framing.md (execution
10
- artifacts are not sources), comments.md (banned voice patterns).
11
- -->
1
+ ---
2
+ description: canonical anti-fabrication policy for Construct.
3
+ ---
12
4
  # No-Fabrication Policy
13
5
 
14
6
  Fabrication is the single largest threat to trust in an agent system. A persona that invents a customer quote, sharpens a vague signal into a confident assertion, or papers over a gap with plausible-sounding prose corrupts every artifact downstream. This rule applies to **every output** Construct produces: intake summaries, classification rationales, PRDs, ADRs, RFCs, knowledge notes, handoffs, review verdicts, plan entries, beads issues, MCP tool responses, dashboard text.
@@ -61,7 +53,7 @@ Fabrication is the single largest threat to trust in an agent system. A persona
61
53
  ## Enforcement
62
54
 
63
55
  - `lib/comment-lint.mjs` enforces a subset of these patterns on artifact paths (`docs/prd/**`, `docs/adr/**`, `docs/rfc/**`, `docs/research/**`, `.cx/knowledge/**`, `.cx/handoffs/**`, `.cx/research/**`). PostToolUse warns; `npm run lint:comments`, `construct lint:comments`, and the release gate block.
64
- - `specialists/contracts.json` postconditions check structural requirements (mandatory sections, intake traceability, citation density). `lib/contracts/validate.mjs#validateHandoff` blocks handoffs that fail validation when `CONSTRUCT_CONTRACT_ENFORCEMENT=block`.
56
+ - `specialists/contracts.json` postconditions check structural requirements (mandatory sections, intake traceability, citation density). `lib/contracts/validate.mjs#validateHandoff` blocks handoffs that fail validation; binary postconditions in `lib/specialists/postconditions.mjs` block rubber-stamp reviews, post-hoc threat models, symptom-only fixes, stale-doc PRs, and post-hoc accessibility. Enforcement is hard-default `block`.
65
57
  - `construct intake done <id> --output=<path>` stamps `intake_id`, `intake_confidence`, and `intake_rationale` into the artifact's frontmatter so every intake-derived artifact carries verifiable provenance.
66
58
 
67
59
  ## Bypass
@@ -1,8 +1,6 @@
1
- <!--
2
- rules/common/patterns.md: reusable design patterns and skeleton project strategy.
3
-
4
- Covers skeleton project evaluation, repository pattern, and API response format.
5
- -->
1
+ ---
2
+ description: reusable design patterns and skeleton project strategy.
3
+ ---
6
4
  # Common Patterns
7
5
 
8
6
  ## Skeleton Projects
@@ -1,11 +1,6 @@
1
- <!--
2
- rules/common/release-gates.md: Hard release gates for Construct work.
3
-
4
- Defines the blocking contracts every agent and persona must satisfy locally
5
- before any commit, push, or "done" claim. Loaded by the construct persona,
6
- AGENTS.md, and the engineer/reviewer/operator role overlays. Enforcement is at
7
- the prompt level: CI is a backstop, not the primary gate.
8
- -->
1
+ ---
2
+ description: Hard release gates for Construct work.
3
+ ---
9
4
  # Release Gates: Hard Contracts
10
5
 
11
6
  These are blocking gates. Every agent, persona, and harness session working in or shipping Construct must satisfy them locally **before** any commit, push, or "done" claim. CI is a backstop, not the primary check.
@@ -1,11 +1,6 @@
1
- <!--
2
- rules/common/research.md: canonical research and evidence policy for Construct.
3
-
4
- Defines how research starts, which sources to prefer, how claims are verified,
5
- and what must be recorded so findings are reproducible. Applies to research,
6
- product evidence synthesis, document ingest follow-up, and any recommendation
7
- that depends on external facts or evolving internal evidence.
8
- -->
1
+ ---
2
+ description: canonical research and evidence policy for Construct.
3
+ ---
9
4
  # Research Policy
10
5
 
11
6
  Construct treats research as a reproducible evidence-gathering process, not free-form browsing. If a claim could change decisions, scope, architecture, or roadmap, it must be tied to verifiable evidence.
@@ -1,11 +1,6 @@
1
- <!--
2
- rules/common/review-before-change.md: audit the current state before authoring anything new.
3
-
4
- Applies to every specialist on every platform. Pairs with framing.md (frame the
5
- problem) and development-workflow.md step 0 (research and reuse before code).
6
- This rule extends the same discipline to artifacts: docs, strategy, PRDs, ADRs,
7
- RFCs, rules, templates, and any other durable file. Read before scaffolding.
8
- -->
1
+ ---
2
+ description: audit the current state before authoring anything new.
3
+ ---
9
4
  # Review Before Change
10
5
 
11
6
  Before creating or rewriting a durable artifact, check what already exists.
@@ -54,5 +49,4 @@ For artifacts that go through a review cycle (strategy, PRD, ADR, RFC), the fram
54
49
  ## Related
55
50
 
56
51
  - `rules/common/framing.md`: frame the underlying problem before reaching for inputs.
57
- - `rules/common/development-workflow.md`: step 0 covers the same discipline for code.
58
52
  - `rules/common/doc-ownership.md`: which specialist owns which artifact type.
@@ -1,9 +1,6 @@
1
- <!--
2
- rules/common/security.md: mandatory security checks and secret management.
3
-
4
- Defines pre-commit security checklist, secret management rules,
5
- and response protocol for discovered vulnerabilities.
6
- -->
1
+ ---
2
+ description: mandatory security checks and secret management.
3
+ ---
7
4
  # Security Guidelines
8
5
 
9
6
  ## Mandatory Security Checks
@@ -1,10 +1,6 @@
1
- <!--
2
- rules/common/skill-composition.md: how specialist prompts compose with skill files.
3
-
4
- Defines the default boundary between what lives in the agent's base prompt and
5
- what is fetched via `get_skill` at runtime. Aims to keep prompts lean while
6
- keeping domain knowledge reliably available when needed.
7
- -->
1
+ ---
2
+ description: how specialist prompts compose with skill files.
3
+ ---
8
4
  # Skill Composition Policy
9
5
 
10
6
  Specialist agent prompts are lean on purpose. Domain depth lives in skill files and is pulled in on demand, not pre-inlined.
@@ -1,9 +1,6 @@
1
- <!--
2
- rules/common/testing.md: test coverage requirements and TDD workflow.
3
-
4
- Defines minimum 80% coverage, TDD red-green-refactor cycle,
5
- AAA test structure, and descriptive naming conventions.
6
- -->
1
+ ---
2
+ description: test coverage requirements and TDD workflow.
3
+ ---
7
4
  # Testing Requirements
8
5
 
9
6
  ## Minimum Test Coverage: 80%
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/golang/coding-style.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct golang coding style rule. Applies to files matching **/*.go, **/go.mod, **/go.sum. Use when writing or reviewing golang code that involves coding style.
7
3
  paths:
8
4
  - "**/*.go"
9
5
  - "**/go.mod"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/golang/hooks.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct golang hooks rule. Applies to files matching **/*.go, **/go.mod, **/go.sum. Use when writing or reviewing golang code that involves hooks.
7
3
  paths:
8
4
  - "**/*.go"
9
5
  - "**/go.mod"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/golang/patterns.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct golang patterns rule. Applies to files matching **/*.go, **/go.mod, **/go.sum. Use when writing or reviewing golang code that involves patterns.
7
3
  paths:
8
4
  - "**/*.go"
9
5
  - "**/go.mod"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/golang/security.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct golang security rule. Applies to files matching **/*.go, **/go.mod, **/go.sum. Use when writing or reviewing golang code that involves security.
7
3
  paths:
8
4
  - "**/*.go"
9
5
  - "**/go.mod"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/golang/testing.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct golang testing rule. Applies to files matching **/*.go, **/go.mod, **/go.sum. Use when writing or reviewing golang code that involves testing.
7
3
  paths:
8
4
  - "**/*.go"
9
5
  - "**/go.mod"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/python/coding-style.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct python coding style rule. Applies to files matching **/*.py, **/*.pyi. Use when writing or reviewing python code that involves coding style.
7
3
  paths:
8
4
  - "**/*.py"
9
5
  - "**/*.pyi"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/python/hooks.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct python hooks rule. Applies to files matching **/*.py, **/*.pyi. Use when writing or reviewing python code that involves hooks.
7
3
  paths:
8
4
  - "**/*.py"
9
5
  - "**/*.pyi"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/python/patterns.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct python patterns rule. Applies to files matching **/*.py, **/*.pyi. Use when writing or reviewing python code that involves patterns.
7
3
  paths:
8
4
  - "**/*.py"
9
5
  - "**/*.pyi"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/python/security.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct python security rule. Applies to files matching **/*.py, **/*.pyi. Use when writing or reviewing python code that involves security.
7
3
  paths:
8
4
  - "**/*.py"
9
5
  - "**/*.pyi"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/python/testing.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct python testing rule. Applies to files matching **/*.py, **/*.pyi. Use when writing or reviewing python code that involves testing.
7
3
  paths:
8
4
  - "**/*.py"
9
5
  - "**/*.pyi"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/swift/coding-style.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct swift coding style rule. Applies to files matching **/*.swift, **/Package.swift. Use when writing or reviewing swift code that involves coding style.
7
3
  paths:
8
4
  - "**/*.swift"
9
5
  - "**/Package.swift"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/swift/hooks.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: "Flag `print()` statements: use `os.Logger` or structured logging instead for production code."
7
3
  paths:
8
4
  - "**/*.swift"
9
5
  - "**/Package.swift"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/swift/patterns.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct swift patterns rule. Applies to files matching **/*.swift, **/Package.swift. Use when writing or reviewing swift code that involves patterns.
7
3
  paths:
8
4
  - "**/*.swift"
9
5
  - "**/Package.swift"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/swift/security.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct swift security rule. Applies to files matching **/*.swift, **/Package.swift. Use when writing or reviewing swift code that involves security.
7
3
  paths:
8
4
  - "**/*.swift"
9
5
  - "**/Package.swift"
@@ -1,9 +1,5 @@
1
- <!--
2
- rules/swift/testing.md: <one-line purpose>
3
-
4
- <2–6 line summary.>
5
- -->
6
1
  ---
2
+ description: Construct swift testing rule. Applies to files matching **/*.swift, **/Package.swift. Use when writing or reviewing swift code that involves testing.
7
3
  paths:
8
4
  - "**/*.swift"
9
5
  - "**/Package.swift"