@geraldmaron/construct 1.0.14 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -0
- package/bin/construct +3 -3
- package/commands/build/feature.md +0 -6
- package/commands/build/fix.md +0 -6
- package/commands/design/access.md +0 -6
- package/commands/design/flow.md +0 -6
- package/commands/design/ui.md +0 -6
- package/commands/measure/experiment.md +0 -6
- package/commands/measure/metrics.md +0 -6
- package/commands/measure/results.md +0 -6
- package/commands/plan/api.md +0 -6
- package/commands/plan/challenge.md +0 -6
- package/commands/plan/decide.md +0 -6
- package/commands/plan/feature.md +0 -7
- package/commands/plan/requirements.md +0 -6
- package/commands/remember/context.md +0 -6
- package/commands/remember/handoff.md +0 -6
- package/commands/remember/runbook.md +0 -6
- package/commands/review/code.md +0 -6
- package/commands/review/quality.md +0 -6
- package/commands/review/security.md +0 -6
- package/commands/ship/ready.md +0 -6
- package/commands/ship/release.md +0 -6
- package/commands/ship/status.md +0 -6
- package/commands/understand/docs.md +0 -6
- package/commands/understand/research.md +0 -6
- package/commands/understand/this.md +0 -6
- package/commands/understand/why.md +0 -6
- package/commands/work/clean.md +0 -6
- package/commands/work/drive.md +0 -6
- package/commands/work/optimize-prompts.md +0 -6
- package/commands/work/parallel-review.md +0 -6
- package/lib/beads-client.mjs +19 -1
- package/lib/comment-lint.mjs +5 -1
- package/lib/context-state.mjs +15 -3
- package/lib/contracts/validate.mjs +54 -10
- package/lib/contracts/violation-log.mjs +154 -0
- package/lib/document-extract/docling-client.mjs +114 -0
- package/lib/document-extract/docling-sidecar.py +122 -0
- package/lib/document-extract/whisper-client.mjs +79 -0
- package/lib/document-extract.mjs +73 -8
- package/lib/document-ingest.mjs +26 -4
- package/lib/embed/daemon.mjs +6 -1
- package/lib/flavors/loader.mjs +1 -1
- package/lib/handoffs/contract.mjs +2 -2
- package/lib/hooks/session-start.mjs +1 -1
- package/lib/ingest/chunker.mjs +94 -0
- package/lib/ingest/pipeline.mjs +53 -0
- package/lib/ingest/store.mjs +82 -0
- package/lib/knowledge/search.mjs +12 -0
- package/lib/mcp/server.mjs +142 -1
- package/lib/mcp/tools/skills.mjs +6 -3
- package/lib/mcp/tools/workflow.mjs +6 -2
- package/lib/observation-store.mjs +14 -5
- package/lib/ollama-manager.mjs +32 -28
- package/lib/prompt-composer.js +11 -1
- package/lib/runtime/uv-bootstrap.mjs +129 -0
- package/lib/runtime/whisper-bootstrap.mjs +102 -0
- package/lib/server/index.mjs +22 -1
- package/lib/server/static/index.html +1 -1
- package/lib/specialists/postconditions.mjs +1 -1
- package/lib/sync/skill-frontmatter.mjs +113 -21
- package/lib/tracking-surfaces.mjs +2 -0
- package/lib/validators/skills.mjs +86 -54
- package/package.json +5 -5
- package/personas/construct.md +4 -7
- package/platforms/claude/settings.template.json +1 -1
- package/rules/common/beads-hygiene.md +3 -9
- package/rules/common/code-review.md +3 -6
- package/rules/common/coding-style.md +3 -6
- package/rules/common/comments.md +3 -7
- package/rules/common/commit-approval.md +3 -6
- package/rules/common/cx-agent-routing.md +3 -7
- package/rules/common/cx-skill-routing.md +3 -3
- package/rules/common/doc-ownership.md +3 -8
- package/rules/common/efficiency.md +3 -8
- package/rules/common/framing.md +3 -8
- package/rules/common/git-workflow.md +3 -5
- package/rules/common/no-fabrication.md +4 -12
- package/rules/common/patterns.md +3 -5
- package/rules/common/release-gates.md +3 -8
- package/rules/common/research.md +3 -8
- package/rules/common/review-before-change.md +3 -9
- package/rules/common/security.md +3 -6
- package/rules/common/skill-composition.md +3 -7
- package/rules/common/testing.md +3 -6
- package/rules/golang/coding-style.md +1 -5
- package/rules/golang/hooks.md +1 -5
- package/rules/golang/patterns.md +1 -5
- package/rules/golang/security.md +1 -5
- package/rules/golang/testing.md +1 -5
- package/rules/python/coding-style.md +1 -5
- package/rules/python/hooks.md +1 -5
- package/rules/python/patterns.md +1 -5
- package/rules/python/security.md +1 -5
- package/rules/python/testing.md +1 -5
- package/rules/swift/coding-style.md +1 -5
- package/rules/swift/hooks.md +1 -5
- package/rules/swift/patterns.md +1 -5
- package/rules/swift/security.md +1 -5
- package/rules/swift/testing.md +1 -5
- package/rules/typescript/coding-style.md +1 -5
- package/rules/typescript/hooks.md +1 -5
- package/rules/typescript/patterns.md +1 -5
- package/rules/typescript/security.md +1 -5
- package/rules/typescript/testing.md +1 -5
- package/rules/web/coding-style.md +3 -5
- package/rules/web/design-quality.md +3 -5
- package/rules/web/hooks.md +3 -5
- package/rules/web/patterns.md +3 -5
- package/rules/web/performance.md +3 -5
- package/rules/web/security.md +3 -5
- package/rules/web/testing.md +3 -5
- package/skills/ai/agent-dev.md +4 -5
- package/skills/ai/llm-security.md +4 -5
- package/skills/ai/ml-ops.md +4 -5
- package/skills/ai/orchestration-workflow.md +4 -5
- package/skills/ai/prompt-and-eval.md +4 -5
- package/skills/ai/prompt-optimizer.md +4 -6
- package/skills/ai/rag-system.md +4 -5
- package/skills/architecture/api-design.md +4 -5
- package/skills/architecture/caching.md +4 -5
- package/skills/architecture/cloud-native.md +4 -5
- package/skills/architecture/message-queue.md +4 -5
- package/skills/architecture/security-arch.md +4 -5
- package/skills/compliance/ai-disclosure.md +4 -5
- package/skills/compliance/data-privacy.md +4 -5
- package/skills/compliance/license-audit.md +4 -5
- package/skills/compliance/regulatory-review.md +4 -5
- package/skills/development/cpp.md +4 -5
- package/skills/development/go.md +4 -5
- package/skills/development/java.md +4 -5
- package/skills/development/kotlin.md +4 -5
- package/skills/development/mobile-crossplatform.md +4 -5
- package/skills/development/python.md +4 -5
- package/skills/development/rust.md +4 -5
- package/skills/development/shell.md +4 -5
- package/skills/development/swift.md +4 -5
- package/skills/development/typescript.md +4 -5
- package/skills/devops/ci-cd.md +4 -5
- package/skills/devops/containerization.md +4 -5
- package/skills/devops/cost-optimization.md +4 -5
- package/skills/devops/data-engineering.md +4 -5
- package/skills/devops/database.md +4 -5
- package/skills/devops/dependency-management.md +4 -5
- package/skills/devops/devsecops.md +4 -5
- package/skills/devops/git-workflow.md +4 -5
- package/skills/devops/incident-response.md +4 -5
- package/skills/devops/monorepo.md +4 -5
- package/skills/devops/observability.md +4 -5
- package/skills/devops/performance.md +4 -5
- package/skills/devops/testing.md +4 -5
- package/skills/docs/adr-workflow.md +4 -7
- package/skills/docs/backlog-proposal-workflow.md +4 -3
- package/skills/docs/customer-profile-workflow.md +4 -3
- package/skills/docs/document-ingest-workflow.md +4 -3
- package/skills/docs/evidence-ingest-workflow.md +4 -3
- package/skills/docs/init-docs.md +4 -5
- package/skills/docs/init-project.md +4 -5
- package/skills/docs/prd-workflow.md +4 -7
- package/skills/docs/prfaq-workflow.md +4 -3
- package/skills/docs/product-intelligence-review.md +4 -3
- package/skills/docs/product-intelligence-workflow.md +4 -6
- package/skills/docs/product-signal-workflow.md +4 -5
- package/skills/docs/research-workflow.md +4 -5
- package/skills/docs/runbook-workflow.md +4 -5
- package/skills/docs/strategy-workflow.md +4 -5
- package/skills/exploration/dependency-graph-reading.md +4 -7
- package/skills/exploration/repo-map.md +4 -5
- package/skills/exploration/tracer-bullet-method.md +4 -7
- package/skills/exploration/unknown-codebase-onboarding.md +4 -7
- package/skills/frameworks/django.md +4 -5
- package/skills/frameworks/nextjs.md +4 -5
- package/skills/frameworks/react.md +4 -5
- package/skills/frameworks/spring-boot.md +4 -5
- package/skills/frontend-design/accessibility.md +4 -5
- package/skills/frontend-design/component-patterns.md +4 -5
- package/skills/frontend-design/engineering.md +4 -5
- package/skills/frontend-design/state-management.md +4 -5
- package/skills/frontend-design/ui-aesthetics.md +4 -5
- package/skills/frontend-design/ux-principles.md +4 -5
- package/skills/operating/change-management.md +4 -8
- package/skills/operating/incident-response.md +4 -8
- package/skills/operating/oncall-rotation.md +4 -7
- package/skills/operating/orchestration-reference.md +4 -10
- package/skills/quality-gates/review-work.md +4 -5
- package/skills/quality-gates/verify-change.md +4 -5
- package/skills/quality-gates/verify-module.md +4 -5
- package/skills/quality-gates/verify-quality.md +4 -5
- package/skills/quality-gates/verify-security.md +4 -5
- package/skills/roles/architect.ai-systems.md +6 -9
- package/skills/roles/architect.data.md +6 -9
- package/skills/roles/architect.enterprise.md +6 -9
- package/skills/roles/architect.integration.md +6 -9
- package/skills/roles/architect.md +7 -14
- package/skills/roles/architect.platform.md +6 -9
- package/skills/roles/data-analyst.experiment.md +6 -9
- package/skills/roles/data-analyst.md +6 -9
- package/skills/roles/data-analyst.product-intelligence.md +7 -9
- package/skills/roles/data-analyst.product.md +6 -9
- package/skills/roles/data-analyst.telemetry.md +7 -9
- package/skills/roles/data-engineer.pipeline.md +6 -9
- package/skills/roles/data-engineer.vector-retrieval.md +7 -9
- package/skills/roles/data-engineer.warehouse.md +6 -9
- package/skills/roles/debugger.md +6 -9
- package/skills/roles/designer.accessibility.md +6 -9
- package/skills/roles/designer.md +7 -9
- package/skills/roles/engineer.ai.md +6 -9
- package/skills/roles/engineer.data.md +6 -9
- package/skills/roles/engineer.md +9 -9
- package/skills/roles/engineer.platform.md +6 -9
- package/skills/roles/operator.docs.md +6 -9
- package/skills/roles/operator.md +9 -9
- package/skills/roles/operator.release.md +6 -9
- package/skills/roles/operator.sre.md +6 -9
- package/skills/roles/orchestrator.md +6 -9
- package/skills/roles/product-manager.ai-product.md +6 -9
- package/skills/roles/product-manager.business-strategy.md +6 -9
- package/skills/roles/product-manager.enterprise.md +6 -9
- package/skills/roles/product-manager.growth.md +7 -9
- package/skills/roles/product-manager.md +7 -9
- package/skills/roles/product-manager.platform.md +6 -9
- package/skills/roles/product-manager.product.md +6 -9
- package/skills/roles/qa.ai-eval.md +8 -9
- package/skills/roles/qa.api-contract.md +7 -9
- package/skills/roles/qa.data-pipeline.md +7 -9
- package/skills/roles/qa.md +7 -9
- package/skills/roles/qa.test-automation.md +6 -9
- package/skills/roles/qa.web-ui.md +7 -9
- package/skills/roles/researcher.explorer.md +6 -9
- package/skills/roles/researcher.md +8 -9
- package/skills/roles/researcher.ux.md +6 -9
- package/skills/roles/reviewer.devil-advocate.md +6 -9
- package/skills/roles/reviewer.evaluator.md +6 -9
- package/skills/roles/reviewer.md +9 -9
- package/skills/roles/reviewer.trace.md +6 -9
- package/skills/roles/security.ai.md +7 -9
- package/skills/roles/security.appsec.md +6 -9
- package/skills/roles/security.cloud.md +6 -9
- package/skills/roles/security.legal-compliance.md +6 -9
- package/skills/roles/security.md +7 -9
- package/skills/roles/security.privacy.md +7 -9
- package/skills/roles/security.supply-chain.md +7 -9
- package/skills/security/blue-team.md +4 -5
- package/skills/security/code-audit.md +4 -5
- package/skills/security/pentest.md +4 -5
- package/skills/security/red-team.md +4 -5
- package/skills/security/threat-intel.md +4 -5
- package/skills/security/vuln-research.md +4 -5
- package/skills/strategy/competitive-landscape.md +4 -8
- package/skills/strategy/market-research-methods.md +4 -8
- package/skills/strategy/narrative-arc.md +4 -8
- package/skills/strategy/pricing-positioning.md +4 -8
- package/skills/utility/clean-code.md +4 -5
- package/specialists/policy-inventory.json +14 -0
- package/lib/specialist-contracts-enforce.mjs +0 -172
- package/rules/common/agents.md +0 -28
- package/rules/common/development-workflow.md +0 -32
- package/rules/common/performance.md +0 -55
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/reviewer.devil-advocate.md. Anti-pattern guidance for the Reviewer.devil-advocate (devil advocate) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the reviewer.devil-advocate (devil advocate) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-devil-advocate.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-reviewer-devil-advocate
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer — Devil Advocate role. Use when reviewing or generating work by cx-devil-advocate, or when an agent is acting in the Reviewer — Devil Advocate role.
|
|
9
4
|
role: reviewer.devil-advocate
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-devil-advocate
|
|
11
7
|
inherits: reviewer
|
|
12
8
|
version: 2
|
|
13
|
-
profiles:
|
|
9
|
+
profiles:
|
|
10
|
+
- rnd
|
|
14
11
|
cap: 1
|
|
15
12
|
---
|
|
16
13
|
# Devil's Advocate Overlay
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/reviewer.evaluator.md. Anti-pattern guidance for the Reviewer.evaluator (evaluator) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the reviewer.evaluator (evaluator) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-evaluator.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-reviewer-evaluator
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer — Evaluator role. Use when reviewing or generating work by cx-evaluator, or when an agent is acting in the Reviewer — Evaluator role.
|
|
9
4
|
role: reviewer.evaluator
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-evaluator
|
|
11
7
|
inherits: reviewer
|
|
12
8
|
version: 2
|
|
13
|
-
profiles:
|
|
9
|
+
profiles:
|
|
10
|
+
- rnd
|
|
14
11
|
cap: 1
|
|
15
12
|
---
|
|
16
13
|
# Evaluator Overlay
|
package/skills/roles/reviewer.md
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/reviewer.md. Anti-pattern guidance for the Reviewer role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the reviewer domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-reviewer
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer role. Use when reviewing or generating work by cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer, or when an agent is acting in the Reviewer role.
|
|
9
4
|
role: reviewer
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-reviewer
|
|
7
|
+
- cx-devil-advocate
|
|
8
|
+
- cx-evaluator
|
|
9
|
+
- cx-trace-reviewer
|
|
11
10
|
inherits: null
|
|
12
11
|
version: 2
|
|
13
|
-
profiles:
|
|
12
|
+
profiles:
|
|
13
|
+
- rnd
|
|
14
14
|
cap: 1
|
|
15
15
|
---
|
|
16
16
|
# Reviewer. Role guidance
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/reviewer.trace.md. Anti-pattern guidance for the Reviewer.trace (trace) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the reviewer.trace (trace) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-trace-reviewer.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-reviewer-trace
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer — Trace role. Use when reviewing or generating work by cx-trace-reviewer, or when an agent is acting in the Reviewer — Trace role.
|
|
9
4
|
role: reviewer.trace
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-trace-reviewer
|
|
11
7
|
inherits: reviewer
|
|
12
8
|
version: 2
|
|
13
|
-
profiles:
|
|
9
|
+
profiles:
|
|
10
|
+
- rnd
|
|
14
11
|
cap: 1
|
|
15
12
|
---
|
|
16
13
|
# Trace Reviewer Overlay
|
|
@@ -1,16 +1,14 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.ai.md. Anti-pattern guidance for the Security.ai (ai) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security.ai (ai) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-security, cx-ai-engineer.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security-ai
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — AI role. Use when reviewing or generating work by cx-security, cx-ai-engineer, or when an agent is acting in the Security — AI role.
|
|
9
4
|
role: security.ai
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-security
|
|
7
|
+
- cx-ai-engineer
|
|
11
8
|
inherits: security
|
|
12
9
|
version: 2
|
|
13
|
-
profiles:
|
|
10
|
+
profiles:
|
|
11
|
+
- rnd
|
|
14
12
|
cap: 1
|
|
15
13
|
---
|
|
16
14
|
# AI Security Overlay
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.appsec.md. Anti-pattern guidance for the Security.appsec (appsec) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security.appsec (appsec) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-security.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security-appsec
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Appsec role. Use when reviewing or generating work by cx-security, or when an agent is acting in the Security — Appsec role.
|
|
9
4
|
role: security.appsec
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-security
|
|
11
7
|
inherits: security
|
|
12
8
|
version: 2
|
|
13
|
-
profiles:
|
|
9
|
+
profiles:
|
|
10
|
+
- rnd
|
|
14
11
|
cap: 1
|
|
15
12
|
---
|
|
16
13
|
# AppSec Overlay
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.cloud.md. Anti-pattern guidance for the Security.cloud (cloud) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security.cloud (cloud) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-security.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security-cloud
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Cloud role. Use when reviewing or generating work by cx-security, or when an agent is acting in the Security — Cloud role.
|
|
9
4
|
role: security.cloud
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-security
|
|
11
7
|
inherits: security
|
|
12
8
|
version: 2
|
|
13
|
-
profiles:
|
|
9
|
+
profiles:
|
|
10
|
+
- rnd
|
|
14
11
|
cap: 1
|
|
15
12
|
---
|
|
16
13
|
# Cloud Security Overlay
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.legal-compliance.md. Anti-pattern guidance for the Security.legal-compliance (legal compliance) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security.legal-compliance (legal compliance) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-legal-compliance.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security-legal-compliance
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Legal Compliance role. Use when reviewing or generating work by cx-legal-compliance, or when an agent is acting in the Security — Legal Compliance role.
|
|
9
4
|
role: security.legal-compliance
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-legal-compliance
|
|
11
7
|
inherits: security
|
|
12
8
|
version: 2
|
|
13
|
-
profiles:
|
|
9
|
+
profiles:
|
|
10
|
+
- rnd
|
|
14
11
|
cap: 1
|
|
15
12
|
---
|
|
16
13
|
# Legal & Compliance Overlay
|
package/skills/roles/security.md
CHANGED
|
@@ -1,16 +1,14 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.md. Anti-pattern guidance for the Security role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-security, cx-legal-compliance.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security role. Use when reviewing or generating work by cx-security, cx-legal-compliance, or when an agent is acting in the Security role.
|
|
9
4
|
role: security
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-security
|
|
7
|
+
- cx-legal-compliance
|
|
11
8
|
inherits: null
|
|
12
9
|
version: 2
|
|
13
|
-
profiles:
|
|
10
|
+
profiles:
|
|
11
|
+
- rnd
|
|
14
12
|
cap: 1
|
|
15
13
|
---
|
|
16
14
|
# Security. Role guidance
|
|
@@ -1,16 +1,14 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.privacy.md. Anti-pattern guidance for the Security.privacy (privacy) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security.privacy (privacy) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-security, cx-legal-compliance.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security-privacy
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Privacy role. Use when reviewing or generating work by cx-security, cx-legal-compliance, or when an agent is acting in the Security — Privacy role.
|
|
9
4
|
role: security.privacy
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-security
|
|
7
|
+
- cx-legal-compliance
|
|
11
8
|
inherits: security
|
|
12
9
|
version: 2
|
|
13
|
-
profiles:
|
|
10
|
+
profiles:
|
|
11
|
+
- rnd
|
|
14
12
|
cap: 1
|
|
15
13
|
---
|
|
16
14
|
# Privacy Security Overlay
|
|
@@ -1,16 +1,14 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
skills/roles/security.supply-chain.md. Anti-pattern guidance for the Security.supply-chain (supply chain) role.
|
|
3
|
-
|
|
4
|
-
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
|
-
Covers common failure modes for the security.supply-chain (supply chain) domain and counter-moves to avoid them.
|
|
6
|
-
Applies to: cx-security, cx-platform-engineer.
|
|
7
|
-
-->
|
|
8
1
|
---
|
|
2
|
+
name: roles-security-supply-chain
|
|
3
|
+
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Supply Chain role. Use when reviewing or generating work by cx-security, cx-platform-engineer, or when an agent is acting in the Security — Supply Chain role.
|
|
9
4
|
role: security.supply-chain
|
|
10
|
-
applies_to:
|
|
5
|
+
applies_to:
|
|
6
|
+
- cx-security
|
|
7
|
+
- cx-platform-engineer
|
|
11
8
|
inherits: security
|
|
12
9
|
version: 2
|
|
13
|
-
profiles:
|
|
10
|
+
profiles:
|
|
11
|
+
- rnd
|
|
14
12
|
cap: 1
|
|
15
13
|
---
|
|
16
14
|
# Supply Chain Security Overlay
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-blue-team
|
|
3
|
+
description: Use this skill when defending systems, responding to incidents, or building detection and monitoring capabilities.
|
|
4
|
+
---
|
|
6
5
|
# Blue Team
|
|
7
6
|
|
|
8
7
|
Use this skill when defending systems, responding to incidents, or building detection and monitoring capabilities.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-code-audit
|
|
3
|
+
description: Use this skill when reviewing source code for security vulnerabilities through static analysis.
|
|
4
|
+
---
|
|
6
5
|
# Code Audit
|
|
7
6
|
|
|
8
7
|
Use this skill when reviewing source code for security vulnerabilities through static analysis.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-pentest
|
|
3
|
+
description: Use this skill when testing web applications or APIs for security vulnerabilities.
|
|
4
|
+
---
|
|
6
5
|
# Penetration Testing
|
|
7
6
|
|
|
8
7
|
Use this skill when testing web applications or APIs for security vulnerabilities.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-red-team
|
|
3
|
+
description: Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
|
|
4
|
+
---
|
|
6
5
|
# Red Team
|
|
7
6
|
|
|
8
7
|
Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-threat-intel
|
|
3
|
+
description: Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
|
|
4
|
+
---
|
|
6
5
|
# Threat Intelligence
|
|
7
6
|
|
|
8
7
|
Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-vuln-research
|
|
3
|
+
description: Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
|
|
4
|
+
---
|
|
6
5
|
# Vulnerability Research
|
|
7
6
|
|
|
8
7
|
Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when the team needs a structured read on
|
|
4
|
-
|
|
5
|
-
Covers Porter Five Forces, Jobs-to-be-Done framing, and competitive
|
|
6
|
-
response sequencing.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-competitive-landscape
|
|
3
|
+
description: Use when the team needs a structured read on market positioning before committing direction.
|
|
4
|
+
---
|
|
9
5
|
# Competitive Landscape Analysis
|
|
10
6
|
|
|
11
7
|
Use when the team needs a structured read on market positioning before committing direction.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when
|
|
4
|
-
|
|
5
|
-
interview technique, survey design traps, and research-to-decision
|
|
6
|
-
handoff.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-market-research-methods
|
|
3
|
+
description: Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
|
|
4
|
+
---
|
|
9
5
|
# Market Research Methods
|
|
10
6
|
|
|
11
7
|
Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when
|
|
4
|
-
|
|
5
|
-
structure, the five components of a compelling story, and common failure
|
|
6
|
-
modes in executive communication.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-narrative-arc
|
|
3
|
+
description: Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
|
|
4
|
+
---
|
|
9
5
|
# Strategic Narrative Construction
|
|
10
6
|
|
|
11
7
|
Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when
|
|
4
|
-
|
|
5
|
-
pricing, willingness-to-pay research techniques, and positioning statement
|
|
6
|
-
construction.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-pricing-positioning
|
|
3
|
+
description: Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
|
|
4
|
+
---
|
|
9
5
|
# Pricing and Positioning
|
|
10
6
|
|
|
11
7
|
Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: utility-clean-code
|
|
3
|
+
description: Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
|
|
4
|
+
---
|
|
6
5
|
# AI Slop Removal
|
|
7
6
|
|
|
8
7
|
Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
|
|
@@ -155,6 +155,20 @@
|
|
|
155
155
|
"enforcement": "(persona prompt)",
|
|
156
156
|
"mode": "honor-system",
|
|
157
157
|
"description": "Architectural pattern guidance (module boundaries, error handling, async contracts) applied at authoring time."
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
"id": "review-before-change",
|
|
161
|
+
"source": "rules/common/review-before-change.md",
|
|
162
|
+
"enforcement": "(persona prompt)",
|
|
163
|
+
"mode": "honor-system",
|
|
164
|
+
"description": "Requires an existing-artifact audit before authoring or rewriting any durable doc, rule, template, or PRD/ADR/RFC. Extend or supersede; do not duplicate."
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
"id": "session-efficiency",
|
|
168
|
+
"source": "rules/common/efficiency.md",
|
|
169
|
+
"enforcement": "lib/read-tracker-store.mjs + session-start digest",
|
|
170
|
+
"mode": "deterministic",
|
|
171
|
+
"description": "Read discipline, probe-before-bulk-read, and tool parallelism rules. Read counts tracked per-file; the session-start efficiency digest surfaces files crossing the re-read threshold."
|
|
158
172
|
}
|
|
159
173
|
]
|
|
160
174
|
}
|
|
@@ -1,172 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* lib/specialist-contracts-enforce.mjs — runtime contract enforcement.
|
|
3
|
-
*
|
|
4
|
-
* Wraps `validatePacket` from `lib/specialist-contracts.mjs` with three production
|
|
5
|
-
* concerns:
|
|
6
|
-
*
|
|
7
|
-
* 1. Block on violation. `enforcePacket` throws a `ContractViolationError`
|
|
8
|
-
* when the packet doesn't satisfy the contract direction. Callers can
|
|
9
|
-
* catch and degrade if they want advisory mode, but the default is hard
|
|
10
|
-
* enforcement so contract bugs surface loudly.
|
|
11
|
-
*
|
|
12
|
-
* 2. Tamper-evident violation log. Every violation appends a JSONL record
|
|
13
|
-
* to `~/.cx/contract-violations.jsonl` with a sha256 chain-hash over
|
|
14
|
-
* the prior line. Same pattern as the mutation audit trail. Operators
|
|
15
|
-
* can replay the chain to detect after-the-fact tampering.
|
|
16
|
-
*
|
|
17
|
-
* 3. Visibility into `construct doctor`. `recentViolations(windowMs)`
|
|
18
|
-
* returns the last N violations so doctor can surface
|
|
19
|
-
* "3 contract violations in the last 24h — see ~/.cx/contract-violations.jsonl".
|
|
20
|
-
*
|
|
21
|
-
* The enforcement is identity-aware. Each violation logs the active agent
|
|
22
|
-
* (via `~/.cx/last-agent.json` like audit-trail does) so operators can
|
|
23
|
-
* identify which producer or consumer is at fault.
|
|
24
|
-
*/
|
|
25
|
-
|
|
26
|
-
import { existsSync, mkdirSync, statSync, readFileSync } from 'node:fs';
|
|
27
|
-
import { join, dirname } from 'node:path';
|
|
28
|
-
import { homedir } from 'node:os';
|
|
29
|
-
import { createHash } from 'node:crypto';
|
|
30
|
-
import { getContractById, validatePacket } from './specialist-contracts.mjs';
|
|
31
|
-
import { appendBounded } from './logging/rotate.mjs';
|
|
32
|
-
import { resolveProjectScopedPath } from './project-root.mjs';
|
|
33
|
-
import { validatePostconditions } from './specialists/postconditions.mjs';
|
|
34
|
-
|
|
35
|
-
const CX_DIR = join(homedir(), '.cx');
|
|
36
|
-
// contract-violations are PROJECT-SCOPED — a violation belongs to a
|
|
37
|
-
// specific contract chain in a specific project. Resolves to
|
|
38
|
-
// <project>/.cx/contract-violations.jsonl when inside a project, falling
|
|
39
|
-
// back to the legacy ~/.cx path for standalone invocations. Resolved on
|
|
40
|
-
// every call so cwd/HOME changes inside the same process (tests, harness
|
|
41
|
-
// reuse) route correctly.
|
|
42
|
-
|
|
43
|
-
function logFile() {
|
|
44
|
-
return resolveProjectScopedPath('contract-violations.jsonl', { ensureDir: false });
|
|
45
|
-
}
|
|
46
|
-
const LAST_AGENT = join(CX_DIR, 'last-agent.json');
|
|
47
|
-
|
|
48
|
-
export class ContractViolationError extends Error {
|
|
49
|
-
constructor({ contractId, direction, missing, verdict = 'CONTRACT_VIOLATION', postconditionFailures = [] }) {
|
|
50
|
-
const detail = postconditionFailures.length > 0
|
|
51
|
-
? `postcondition(s) failed: ${postconditionFailures.map((f) => f.id).join(', ')}`
|
|
52
|
-
: `missing field(s): ${(missing || []).join(', ')}`;
|
|
53
|
-
super(`contract '${contractId}' (${direction}) violated — ${detail}`);
|
|
54
|
-
this.name = 'ContractViolationError';
|
|
55
|
-
this.contractId = contractId;
|
|
56
|
-
this.direction = direction;
|
|
57
|
-
this.missing = missing || [];
|
|
58
|
-
this.verdict = verdict;
|
|
59
|
-
this.postconditionFailures = postconditionFailures;
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
function sha256(input) { return createHash('sha256').update(input).digest('hex'); }
|
|
64
|
-
|
|
65
|
-
function readLastAgent() {
|
|
66
|
-
try { return JSON.parse(readFileSync(LAST_AGENT, 'utf8'))?.agent || 'construct'; }
|
|
67
|
-
catch { return 'construct'; }
|
|
68
|
-
}
|
|
69
|
-
|
|
70
|
-
function readPrevLineHash() {
|
|
71
|
-
try {
|
|
72
|
-
const file = logFile();
|
|
73
|
-
if (!existsSync(file)) return null;
|
|
74
|
-
const size = statSync(file).size;
|
|
75
|
-
if (size === 0) return null;
|
|
76
|
-
const tail = readFileSync(file, 'utf8').slice(Math.max(0, size - 2048));
|
|
77
|
-
const lines = tail.split('\n').filter(Boolean);
|
|
78
|
-
return lines.length === 0 ? null : sha256(lines[lines.length - 1]);
|
|
79
|
-
} catch { return null; }
|
|
80
|
-
}
|
|
81
|
-
|
|
82
|
-
function logViolation(contractId, direction, missing, packet, extra = {}) {
|
|
83
|
-
try {
|
|
84
|
-
const file = logFile();
|
|
85
|
-
mkdirSync(dirname(file), { recursive: true });
|
|
86
|
-
const record = {
|
|
87
|
-
ts: new Date().toISOString(),
|
|
88
|
-
agent: readLastAgent(),
|
|
89
|
-
contractId,
|
|
90
|
-
direction,
|
|
91
|
-
missing,
|
|
92
|
-
packet_keys: packet && typeof packet === 'object' ? Object.keys(packet) : null,
|
|
93
|
-
prev_line_hash: readPrevLineHash(),
|
|
94
|
-
...extra,
|
|
95
|
-
};
|
|
96
|
-
appendBounded('contract-violations', file, JSON.stringify(record) + '\n');
|
|
97
|
-
} catch { /* logging is best-effort */ }
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
/**
|
|
101
|
-
* Validate `packet` against `contractId` in the given `direction`. Throws
|
|
102
|
-
* a `ContractViolationError` on failure (and logs the violation). Returns
|
|
103
|
-
* the validation result on success so callers can inspect the resolved
|
|
104
|
-
* contract metadata.
|
|
105
|
-
*
|
|
106
|
-
* For `direction === 'output'`, also evaluates the producer's binary
|
|
107
|
-
* postconditions from `lib/agents/postconditions.mjs`. A failed postcondition
|
|
108
|
-
* raises with `verdict: 'BLOCKED_CONTRACT'` so the dispatcher can branch on
|
|
109
|
-
* the typed verdict rather than parsing the error message.
|
|
110
|
-
*
|
|
111
|
-
* @param {string} contractId
|
|
112
|
-
* @param {object} packet
|
|
113
|
-
* @param {'input'|'output'} [direction]
|
|
114
|
-
* @returns {{ ok: true, contract, direction }}
|
|
115
|
-
*/
|
|
116
|
-
export function enforcePacket(contractId, packet, direction = 'input') {
|
|
117
|
-
const result = validatePacket(contractId, packet, direction);
|
|
118
|
-
if (!result.ok) {
|
|
119
|
-
if (result.reason === 'contract-not-found') {
|
|
120
|
-
throw new ContractViolationError({
|
|
121
|
-
contractId,
|
|
122
|
-
direction,
|
|
123
|
-
missing: ['(contract not found)'],
|
|
124
|
-
});
|
|
125
|
-
}
|
|
126
|
-
logViolation(contractId, direction, result.missing || [], packet);
|
|
127
|
-
throw new ContractViolationError({
|
|
128
|
-
contractId,
|
|
129
|
-
direction,
|
|
130
|
-
missing: result.missing || [],
|
|
131
|
-
});
|
|
132
|
-
}
|
|
133
|
-
|
|
134
|
-
if (direction === 'output') {
|
|
135
|
-
const contract = result.contract || getContractById(contractId);
|
|
136
|
-
const producer = contract?.producer;
|
|
137
|
-
if (producer) {
|
|
138
|
-
const postcondition = validatePostconditions(producer, packet);
|
|
139
|
-
if (!postcondition.ok) {
|
|
140
|
-
logViolation(contractId, direction, [], packet, {
|
|
141
|
-
verdict: 'BLOCKED_CONTRACT',
|
|
142
|
-
postconditionFailures: postcondition.failures,
|
|
143
|
-
});
|
|
144
|
-
throw new ContractViolationError({
|
|
145
|
-
contractId,
|
|
146
|
-
direction,
|
|
147
|
-
verdict: 'BLOCKED_CONTRACT',
|
|
148
|
-
postconditionFailures: postcondition.failures,
|
|
149
|
-
});
|
|
150
|
-
}
|
|
151
|
-
}
|
|
152
|
-
}
|
|
153
|
-
|
|
154
|
-
return result;
|
|
155
|
-
}
|
|
156
|
-
|
|
157
|
-
/**
|
|
158
|
-
* Read recent violations from the chain log. Returns oldest-first.
|
|
159
|
-
*/
|
|
160
|
-
export function recentViolations({ windowMs = 24 * 60 * 60 * 1000 } = {}) {
|
|
161
|
-
const file = logFile();
|
|
162
|
-
if (!existsSync(file)) return [];
|
|
163
|
-
try {
|
|
164
|
-
const cutoff = Date.now() - windowMs;
|
|
165
|
-
return readFileSync(file, 'utf8')
|
|
166
|
-
.trim()
|
|
167
|
-
.split('\n')
|
|
168
|
-
.filter(Boolean)
|
|
169
|
-
.map((line) => { try { return JSON.parse(line); } catch { return null; } })
|
|
170
|
-
.filter((r) => r && new Date(r.ts).getTime() >= cutoff);
|
|
171
|
-
} catch { return []; }
|
|
172
|
-
}
|
package/rules/common/agents.md
DELETED
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
rules/common/agents.md: platform-agnostic agent orchestration guidance.
|
|
3
|
-
|
|
4
|
-
Defines when to route to specialist agents, parallel execution rules,
|
|
5
|
-
and multi-perspective analysis patterns. Does not reference specific
|
|
6
|
-
platform agent types or config paths.
|
|
7
|
-
-->
|
|
8
|
-
# Agent Orchestration
|
|
9
|
-
|
|
10
|
-
## Immediate Agent Usage
|
|
11
|
-
|
|
12
|
-
No user prompt needed: match the task to the right specialist:
|
|
13
|
-
1. Complex feature requests - planning specialist
|
|
14
|
-
2. Code just written/modified - code review specialist
|
|
15
|
-
3. Bug fix or new feature - TDD specialist
|
|
16
|
-
4. Architectural decision - architecture specialist
|
|
17
|
-
|
|
18
|
-
## Parallel Task Execution
|
|
19
|
-
|
|
20
|
-
ALWAYS use parallel execution for independent operations. Launch multiple specialists concurrently when their work is independent.
|
|
21
|
-
|
|
22
|
-
## Multi-Perspective Analysis
|
|
23
|
-
|
|
24
|
-
For complex problems, use multiple specialist perspectives:
|
|
25
|
-
- Factual reviewer
|
|
26
|
-
- Senior engineer
|
|
27
|
-
- Security expert
|
|
28
|
-
- Consistency reviewer
|