@geraldmaron/construct 1.0.14 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (275) hide show
  1. package/README.md +21 -2
  2. package/bin/construct +146 -83
  3. package/commands/build/feature.md +0 -6
  4. package/commands/build/fix.md +0 -6
  5. package/commands/design/access.md +0 -6
  6. package/commands/design/flow.md +0 -6
  7. package/commands/design/ui.md +0 -6
  8. package/commands/measure/experiment.md +0 -6
  9. package/commands/measure/metrics.md +0 -6
  10. package/commands/measure/results.md +0 -6
  11. package/commands/plan/api.md +0 -6
  12. package/commands/plan/challenge.md +0 -6
  13. package/commands/plan/decide.md +0 -6
  14. package/commands/plan/feature.md +0 -7
  15. package/commands/plan/requirements.md +0 -6
  16. package/commands/remember/context.md +0 -6
  17. package/commands/remember/handoff.md +0 -6
  18. package/commands/remember/runbook.md +0 -6
  19. package/commands/review/code.md +0 -6
  20. package/commands/review/quality.md +0 -6
  21. package/commands/review/security.md +0 -6
  22. package/commands/ship/ready.md +0 -6
  23. package/commands/ship/release.md +0 -6
  24. package/commands/ship/status.md +0 -6
  25. package/commands/understand/docs.md +0 -6
  26. package/commands/understand/research.md +0 -6
  27. package/commands/understand/this.md +0 -6
  28. package/commands/understand/why.md +0 -6
  29. package/commands/work/clean.md +0 -6
  30. package/commands/work/drive.md +0 -6
  31. package/commands/work/optimize-prompts.md +0 -6
  32. package/commands/work/parallel-review.md +0 -6
  33. package/db/schema/010_cx_scores.sql +51 -0
  34. package/lib/beads-client.mjs +19 -1
  35. package/lib/cli-commands.mjs +280 -146
  36. package/lib/comment-lint.mjs +5 -1
  37. package/lib/context-state.mjs +15 -3
  38. package/lib/contracts/validate.mjs +72 -18
  39. package/lib/contracts/violation-log.mjs +169 -0
  40. package/lib/document-extract/docling-client.mjs +114 -0
  41. package/lib/document-extract/docling-sidecar.py +122 -0
  42. package/lib/document-extract/whisper-client.mjs +79 -0
  43. package/lib/document-extract.mjs +73 -8
  44. package/lib/document-ingest.mjs +26 -4
  45. package/lib/embed/daemon.mjs +6 -1
  46. package/lib/flavors/loader.mjs +1 -1
  47. package/lib/handoffs/contract.mjs +2 -2
  48. package/lib/hooks/session-start.mjs +1 -1
  49. package/lib/hooks/stop-notify.mjs +7 -0
  50. package/lib/ingest/chunker.mjs +94 -0
  51. package/lib/ingest/pipeline.mjs +53 -0
  52. package/lib/ingest/store.mjs +82 -0
  53. package/lib/install/first-invocation.mjs +5 -1
  54. package/lib/intake/prepare.mjs +22 -4
  55. package/lib/integrations/intake-integrations.mjs +28 -2
  56. package/lib/knowledge/search.mjs +12 -0
  57. package/lib/mcp/server.mjs +142 -1
  58. package/lib/mcp/tools/skills.mjs +6 -3
  59. package/lib/mcp/tools/telemetry.mjs +30 -0
  60. package/lib/mcp/tools/workflow.mjs +6 -2
  61. package/lib/observation-store.mjs +14 -5
  62. package/lib/ollama-manager.mjs +32 -28
  63. package/lib/orchestration-policy.mjs +15 -0
  64. package/lib/prompt-composer.js +11 -1
  65. package/lib/roles/gateway.mjs +30 -1
  66. package/lib/runtime/uv-bootstrap.mjs +129 -0
  67. package/lib/runtime/whisper-bootstrap.mjs +102 -0
  68. package/lib/scheduler/index.mjs +24 -4
  69. package/lib/server/index.mjs +22 -1
  70. package/lib/server/insights.mjs +12 -0
  71. package/lib/server/static/index.html +1 -1
  72. package/lib/setup.mjs +54 -9
  73. package/lib/specialists/postconditions.mjs +1 -1
  74. package/lib/sync/skill-frontmatter.mjs +113 -21
  75. package/lib/tracking-surfaces.mjs +2 -0
  76. package/lib/update.mjs +31 -3
  77. package/lib/upgrade.mjs +31 -4
  78. package/lib/validators/skills.mjs +86 -54
  79. package/package.json +5 -5
  80. package/personas/construct.md +6 -7
  81. package/platforms/claude/CLAUDE.md +43 -15
  82. package/platforms/claude/settings.template.json +1 -1
  83. package/rules/common/beads-hygiene.md +3 -9
  84. package/rules/common/code-review.md +3 -6
  85. package/rules/common/coding-style.md +3 -6
  86. package/rules/common/comments.md +3 -7
  87. package/rules/common/commit-approval.md +3 -6
  88. package/rules/common/cx-agent-routing.md +3 -7
  89. package/rules/common/cx-skill-routing.md +3 -3
  90. package/rules/common/doc-ownership.md +3 -8
  91. package/rules/common/efficiency.md +3 -8
  92. package/rules/common/framing.md +3 -8
  93. package/rules/common/git-workflow.md +3 -5
  94. package/rules/common/no-fabrication.md +4 -12
  95. package/rules/common/patterns.md +3 -5
  96. package/rules/common/release-gates.md +3 -8
  97. package/rules/common/research.md +3 -8
  98. package/rules/common/review-before-change.md +3 -9
  99. package/rules/common/security.md +3 -6
  100. package/rules/common/skill-composition.md +3 -7
  101. package/rules/common/testing.md +3 -6
  102. package/rules/golang/coding-style.md +1 -5
  103. package/rules/golang/hooks.md +1 -5
  104. package/rules/golang/patterns.md +1 -5
  105. package/rules/golang/security.md +1 -5
  106. package/rules/golang/testing.md +1 -5
  107. package/rules/python/coding-style.md +1 -5
  108. package/rules/python/hooks.md +1 -5
  109. package/rules/python/patterns.md +1 -5
  110. package/rules/python/security.md +1 -5
  111. package/rules/python/testing.md +1 -5
  112. package/rules/swift/coding-style.md +1 -5
  113. package/rules/swift/hooks.md +1 -5
  114. package/rules/swift/patterns.md +1 -5
  115. package/rules/swift/security.md +1 -5
  116. package/rules/swift/testing.md +1 -5
  117. package/rules/typescript/coding-style.md +1 -5
  118. package/rules/typescript/hooks.md +1 -5
  119. package/rules/typescript/patterns.md +1 -5
  120. package/rules/typescript/security.md +1 -5
  121. package/rules/typescript/testing.md +1 -5
  122. package/rules/web/coding-style.md +3 -5
  123. package/rules/web/design-quality.md +3 -5
  124. package/rules/web/hooks.md +3 -5
  125. package/rules/web/patterns.md +3 -5
  126. package/rules/web/performance.md +3 -5
  127. package/rules/web/security.md +3 -5
  128. package/rules/web/testing.md +3 -5
  129. package/scripts/sync-specialists.mjs +20 -2
  130. package/skills/ai/agent-dev.md +4 -5
  131. package/skills/ai/llm-security.md +4 -5
  132. package/skills/ai/ml-ops.md +4 -5
  133. package/skills/ai/orchestration-workflow.md +4 -5
  134. package/skills/ai/prompt-and-eval.md +4 -5
  135. package/skills/ai/prompt-optimizer.md +4 -6
  136. package/skills/ai/rag-system.md +4 -5
  137. package/skills/architecture/api-design.md +4 -5
  138. package/skills/architecture/caching.md +4 -5
  139. package/skills/architecture/cloud-native.md +4 -5
  140. package/skills/architecture/message-queue.md +4 -5
  141. package/skills/architecture/security-arch.md +4 -5
  142. package/skills/compliance/ai-disclosure.md +4 -5
  143. package/skills/compliance/data-privacy.md +4 -5
  144. package/skills/compliance/license-audit.md +4 -5
  145. package/skills/compliance/regulatory-review.md +4 -5
  146. package/skills/development/cpp.md +4 -5
  147. package/skills/development/go.md +4 -5
  148. package/skills/development/java.md +4 -5
  149. package/skills/development/kotlin.md +4 -5
  150. package/skills/development/mobile-crossplatform.md +4 -5
  151. package/skills/development/python.md +4 -5
  152. package/skills/development/rust.md +4 -5
  153. package/skills/development/shell.md +4 -5
  154. package/skills/development/swift.md +4 -5
  155. package/skills/development/typescript.md +4 -5
  156. package/skills/devops/ci-cd.md +4 -5
  157. package/skills/devops/containerization.md +4 -5
  158. package/skills/devops/cost-optimization.md +4 -5
  159. package/skills/devops/data-engineering.md +4 -5
  160. package/skills/devops/database.md +4 -5
  161. package/skills/devops/dependency-management.md +4 -5
  162. package/skills/devops/devsecops.md +4 -5
  163. package/skills/devops/git-workflow.md +4 -5
  164. package/skills/devops/incident-response.md +4 -5
  165. package/skills/devops/monorepo.md +4 -5
  166. package/skills/devops/observability.md +4 -5
  167. package/skills/devops/performance.md +4 -5
  168. package/skills/devops/testing.md +4 -5
  169. package/skills/docs/adr-workflow.md +4 -7
  170. package/skills/docs/backlog-proposal-workflow.md +4 -3
  171. package/skills/docs/customer-profile-workflow.md +4 -3
  172. package/skills/docs/document-ingest-workflow.md +4 -3
  173. package/skills/docs/evidence-ingest-workflow.md +4 -3
  174. package/skills/docs/init-docs.md +4 -5
  175. package/skills/docs/init-project.md +4 -5
  176. package/skills/docs/prd-workflow.md +4 -7
  177. package/skills/docs/prfaq-workflow.md +4 -3
  178. package/skills/docs/product-intelligence-review.md +4 -3
  179. package/skills/docs/product-intelligence-workflow.md +4 -6
  180. package/skills/docs/product-signal-workflow.md +4 -5
  181. package/skills/docs/research-workflow.md +4 -5
  182. package/skills/docs/runbook-workflow.md +4 -5
  183. package/skills/docs/strategy-workflow.md +4 -5
  184. package/skills/exploration/dependency-graph-reading.md +4 -7
  185. package/skills/exploration/repo-map.md +4 -5
  186. package/skills/exploration/tracer-bullet-method.md +4 -7
  187. package/skills/exploration/unknown-codebase-onboarding.md +4 -7
  188. package/skills/frameworks/django.md +4 -5
  189. package/skills/frameworks/nextjs.md +4 -5
  190. package/skills/frameworks/react.md +4 -5
  191. package/skills/frameworks/spring-boot.md +4 -5
  192. package/skills/frontend-design/accessibility.md +4 -5
  193. package/skills/frontend-design/component-patterns.md +4 -5
  194. package/skills/frontend-design/engineering.md +4 -5
  195. package/skills/frontend-design/state-management.md +4 -5
  196. package/skills/frontend-design/ui-aesthetics.md +4 -5
  197. package/skills/frontend-design/ux-principles.md +4 -5
  198. package/skills/operating/change-management.md +4 -8
  199. package/skills/operating/incident-response.md +4 -8
  200. package/skills/operating/oncall-rotation.md +4 -7
  201. package/skills/operating/orchestration-reference.md +4 -10
  202. package/skills/quality-gates/review-work.md +4 -5
  203. package/skills/quality-gates/verify-change.md +4 -5
  204. package/skills/quality-gates/verify-module.md +4 -5
  205. package/skills/quality-gates/verify-quality.md +4 -5
  206. package/skills/quality-gates/verify-security.md +4 -5
  207. package/skills/roles/architect.ai-systems.md +6 -9
  208. package/skills/roles/architect.data.md +6 -9
  209. package/skills/roles/architect.enterprise.md +6 -9
  210. package/skills/roles/architect.integration.md +6 -9
  211. package/skills/roles/architect.md +7 -14
  212. package/skills/roles/architect.platform.md +6 -9
  213. package/skills/roles/data-analyst.experiment.md +6 -9
  214. package/skills/roles/data-analyst.md +6 -9
  215. package/skills/roles/data-analyst.product-intelligence.md +7 -9
  216. package/skills/roles/data-analyst.product.md +6 -9
  217. package/skills/roles/data-analyst.telemetry.md +7 -9
  218. package/skills/roles/data-engineer.pipeline.md +6 -9
  219. package/skills/roles/data-engineer.vector-retrieval.md +7 -9
  220. package/skills/roles/data-engineer.warehouse.md +6 -9
  221. package/skills/roles/debugger.md +6 -9
  222. package/skills/roles/designer.accessibility.md +6 -9
  223. package/skills/roles/designer.md +7 -9
  224. package/skills/roles/engineer.ai.md +6 -9
  225. package/skills/roles/engineer.data.md +6 -9
  226. package/skills/roles/engineer.md +9 -9
  227. package/skills/roles/engineer.platform.md +6 -9
  228. package/skills/roles/operator.docs.md +6 -9
  229. package/skills/roles/operator.md +9 -9
  230. package/skills/roles/operator.release.md +6 -9
  231. package/skills/roles/operator.sre.md +6 -9
  232. package/skills/roles/orchestrator.md +6 -9
  233. package/skills/roles/product-manager.ai-product.md +6 -9
  234. package/skills/roles/product-manager.business-strategy.md +6 -9
  235. package/skills/roles/product-manager.enterprise.md +6 -9
  236. package/skills/roles/product-manager.growth.md +7 -9
  237. package/skills/roles/product-manager.md +7 -9
  238. package/skills/roles/product-manager.platform.md +6 -9
  239. package/skills/roles/product-manager.product.md +6 -9
  240. package/skills/roles/qa.ai-eval.md +8 -9
  241. package/skills/roles/qa.api-contract.md +7 -9
  242. package/skills/roles/qa.data-pipeline.md +7 -9
  243. package/skills/roles/qa.md +7 -9
  244. package/skills/roles/qa.test-automation.md +6 -9
  245. package/skills/roles/qa.web-ui.md +7 -9
  246. package/skills/roles/researcher.explorer.md +6 -9
  247. package/skills/roles/researcher.md +8 -9
  248. package/skills/roles/researcher.ux.md +6 -9
  249. package/skills/roles/reviewer.devil-advocate.md +6 -9
  250. package/skills/roles/reviewer.evaluator.md +6 -9
  251. package/skills/roles/reviewer.md +9 -9
  252. package/skills/roles/reviewer.trace.md +6 -9
  253. package/skills/roles/security.ai.md +7 -9
  254. package/skills/roles/security.appsec.md +6 -9
  255. package/skills/roles/security.cloud.md +6 -9
  256. package/skills/roles/security.legal-compliance.md +6 -9
  257. package/skills/roles/security.md +7 -9
  258. package/skills/roles/security.privacy.md +7 -9
  259. package/skills/roles/security.supply-chain.md +7 -9
  260. package/skills/security/blue-team.md +4 -5
  261. package/skills/security/code-audit.md +4 -5
  262. package/skills/security/pentest.md +4 -5
  263. package/skills/security/red-team.md +4 -5
  264. package/skills/security/threat-intel.md +4 -5
  265. package/skills/security/vuln-research.md +4 -5
  266. package/skills/strategy/competitive-landscape.md +4 -8
  267. package/skills/strategy/market-research-methods.md +4 -8
  268. package/skills/strategy/narrative-arc.md +4 -8
  269. package/skills/strategy/pricing-positioning.md +4 -8
  270. package/skills/utility/clean-code.md +4 -5
  271. package/specialists/policy-inventory.json +14 -0
  272. package/lib/specialist-contracts-enforce.mjs +0 -172
  273. package/rules/common/agents.md +0 -28
  274. package/rules/common/development-workflow.md +0 -32
  275. package/rules/common/performance.md +0 -55
@@ -1,8 +1,7 @@
1
- <!--
2
- skills/security/red-team.md (Red Team) Use this skill when planning or executing offensive security assessments, advers
3
-
4
- Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations. ## Reconnaissance
5
- -->
1
+ ---
2
+ name: security-red-team
3
+ description: Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
4
+ ---
6
5
  # Red Team
7
6
 
8
7
  Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
@@ -1,8 +1,7 @@
1
- <!--
2
- skills/security/threat-intel.md (Threat Intelligence) Use this skill when performing OSINT, threat modeling, or building threat intell
3
-
4
- Use this skill when performing OSINT, threat modeling, or building threat intelligence programs. ## OSINT Collection
5
- -->
1
+ ---
2
+ name: security-threat-intel
3
+ description: Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
4
+ ---
6
5
  # Threat Intelligence
7
6
 
8
7
  Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
@@ -1,8 +1,7 @@
1
- <!--
2
- skills/security/vuln-research.md (Vulnerability Research) Use this skill when analyzing binaries, fuzzing software, or developing exploits
3
-
4
- Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research. ## Binary Analysis
5
- -->
1
+ ---
2
+ name: security-vuln-research
3
+ description: Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
4
+ ---
6
5
  # Vulnerability Research
7
6
 
8
7
  Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
@@ -1,11 +1,7 @@
1
- <!--
2
- skills/strategy/competitive-landscape.md (Competitive Landscape Analysis)
3
- Use when the team needs a structured read on where competitors sit, what
4
- customers have already decided, and where defensible whitespace exists.
5
- Covers Porter Five Forces, Jobs-to-be-Done framing, and competitive
6
- response sequencing.
7
- -->
8
-
1
+ ---
2
+ name: strategy-competitive-landscape
3
+ description: Use when the team needs a structured read on market positioning before committing direction.
4
+ ---
9
5
  # Competitive Landscape Analysis
10
6
 
11
7
  Use when the team needs a structured read on market positioning before committing direction.
@@ -1,11 +1,7 @@
1
- <!--
2
- skills/strategy/market-research-methods.md (Market Research Methods)
3
- Use when planning customer discovery, validating product direction, or
4
- sizing a market. Covers qualitative and quantitative methods, JTBD
5
- interview technique, survey design traps, and research-to-decision
6
- handoff.
7
- -->
8
-
1
+ ---
2
+ name: strategy-market-research-methods
3
+ description: Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
4
+ ---
9
5
  # Market Research Methods
10
6
 
11
7
  Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
@@ -1,11 +1,7 @@
1
- <!--
2
- skills/strategy/narrative-arc.md (Strategic Narrative Construction)
3
- Use when drafting a strategy memo, PRD positioning section, board update,
4
- or fundraising narrative. Covers Andy Raskin's strategic narrative
5
- structure, the five components of a compelling story, and common failure
6
- modes in executive communication.
7
- -->
8
-
1
+ ---
2
+ name: strategy-narrative-arc
3
+ description: Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
4
+ ---
9
5
  # Strategic Narrative Construction
10
6
 
11
7
  Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
@@ -1,11 +1,7 @@
1
- <!--
2
- skills/strategy/pricing-positioning.md (Pricing and Positioning)
3
- Use when setting or revisiting price, defining positioning vs. competitors,
4
- or preparing a go-to-market argument. Covers value-based vs. cost-plus
5
- pricing, willingness-to-pay research techniques, and positioning statement
6
- construction.
7
- -->
8
-
1
+ ---
2
+ name: strategy-pricing-positioning
3
+ description: Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
4
+ ---
9
5
  # Pricing and Positioning
10
6
 
11
7
  Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
@@ -1,8 +1,7 @@
1
- <!--
2
- skills/utility/clean-code.md (AI Slop Removal) Patterns and heuristics for identifying and removing AI-generated code smells. U
3
-
4
- Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools. ## Decision Tree
5
- -->
1
+ ---
2
+ name: utility-clean-code
3
+ description: Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
4
+ ---
6
5
  # AI Slop Removal
7
6
 
8
7
  Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
@@ -155,6 +155,20 @@
155
155
  "enforcement": "(persona prompt)",
156
156
  "mode": "honor-system",
157
157
  "description": "Architectural pattern guidance (module boundaries, error handling, async contracts) applied at authoring time."
158
+ },
159
+ {
160
+ "id": "review-before-change",
161
+ "source": "rules/common/review-before-change.md",
162
+ "enforcement": "(persona prompt)",
163
+ "mode": "honor-system",
164
+ "description": "Requires an existing-artifact audit before authoring or rewriting any durable doc, rule, template, or PRD/ADR/RFC. Extend or supersede; do not duplicate."
165
+ },
166
+ {
167
+ "id": "session-efficiency",
168
+ "source": "rules/common/efficiency.md",
169
+ "enforcement": "lib/read-tracker-store.mjs + session-start digest",
170
+ "mode": "deterministic",
171
+ "description": "Read discipline, probe-before-bulk-read, and tool parallelism rules. Read counts tracked per-file; the session-start efficiency digest surfaces files crossing the re-read threshold."
158
172
  }
159
173
  ]
160
174
  }
@@ -1,172 +0,0 @@
1
- /**
2
- * lib/specialist-contracts-enforce.mjs — runtime contract enforcement.
3
- *
4
- * Wraps `validatePacket` from `lib/specialist-contracts.mjs` with three production
5
- * concerns:
6
- *
7
- * 1. Block on violation. `enforcePacket` throws a `ContractViolationError`
8
- * when the packet doesn't satisfy the contract direction. Callers can
9
- * catch and degrade if they want advisory mode, but the default is hard
10
- * enforcement so contract bugs surface loudly.
11
- *
12
- * 2. Tamper-evident violation log. Every violation appends a JSONL record
13
- * to `~/.cx/contract-violations.jsonl` with a sha256 chain-hash over
14
- * the prior line. Same pattern as the mutation audit trail. Operators
15
- * can replay the chain to detect after-the-fact tampering.
16
- *
17
- * 3. Visibility into `construct doctor`. `recentViolations(windowMs)`
18
- * returns the last N violations so doctor can surface
19
- * "3 contract violations in the last 24h — see ~/.cx/contract-violations.jsonl".
20
- *
21
- * The enforcement is identity-aware. Each violation logs the active agent
22
- * (via `~/.cx/last-agent.json` like audit-trail does) so operators can
23
- * identify which producer or consumer is at fault.
24
- */
25
-
26
- import { existsSync, mkdirSync, statSync, readFileSync } from 'node:fs';
27
- import { join, dirname } from 'node:path';
28
- import { homedir } from 'node:os';
29
- import { createHash } from 'node:crypto';
30
- import { getContractById, validatePacket } from './specialist-contracts.mjs';
31
- import { appendBounded } from './logging/rotate.mjs';
32
- import { resolveProjectScopedPath } from './project-root.mjs';
33
- import { validatePostconditions } from './specialists/postconditions.mjs';
34
-
35
- const CX_DIR = join(homedir(), '.cx');
36
- // contract-violations are PROJECT-SCOPED — a violation belongs to a
37
- // specific contract chain in a specific project. Resolves to
38
- // <project>/.cx/contract-violations.jsonl when inside a project, falling
39
- // back to the legacy ~/.cx path for standalone invocations. Resolved on
40
- // every call so cwd/HOME changes inside the same process (tests, harness
41
- // reuse) route correctly.
42
-
43
- function logFile() {
44
- return resolveProjectScopedPath('contract-violations.jsonl', { ensureDir: false });
45
- }
46
- const LAST_AGENT = join(CX_DIR, 'last-agent.json');
47
-
48
- export class ContractViolationError extends Error {
49
- constructor({ contractId, direction, missing, verdict = 'CONTRACT_VIOLATION', postconditionFailures = [] }) {
50
- const detail = postconditionFailures.length > 0
51
- ? `postcondition(s) failed: ${postconditionFailures.map((f) => f.id).join(', ')}`
52
- : `missing field(s): ${(missing || []).join(', ')}`;
53
- super(`contract '${contractId}' (${direction}) violated — ${detail}`);
54
- this.name = 'ContractViolationError';
55
- this.contractId = contractId;
56
- this.direction = direction;
57
- this.missing = missing || [];
58
- this.verdict = verdict;
59
- this.postconditionFailures = postconditionFailures;
60
- }
61
- }
62
-
63
- function sha256(input) { return createHash('sha256').update(input).digest('hex'); }
64
-
65
- function readLastAgent() {
66
- try { return JSON.parse(readFileSync(LAST_AGENT, 'utf8'))?.agent || 'construct'; }
67
- catch { return 'construct'; }
68
- }
69
-
70
- function readPrevLineHash() {
71
- try {
72
- const file = logFile();
73
- if (!existsSync(file)) return null;
74
- const size = statSync(file).size;
75
- if (size === 0) return null;
76
- const tail = readFileSync(file, 'utf8').slice(Math.max(0, size - 2048));
77
- const lines = tail.split('\n').filter(Boolean);
78
- return lines.length === 0 ? null : sha256(lines[lines.length - 1]);
79
- } catch { return null; }
80
- }
81
-
82
- function logViolation(contractId, direction, missing, packet, extra = {}) {
83
- try {
84
- const file = logFile();
85
- mkdirSync(dirname(file), { recursive: true });
86
- const record = {
87
- ts: new Date().toISOString(),
88
- agent: readLastAgent(),
89
- contractId,
90
- direction,
91
- missing,
92
- packet_keys: packet && typeof packet === 'object' ? Object.keys(packet) : null,
93
- prev_line_hash: readPrevLineHash(),
94
- ...extra,
95
- };
96
- appendBounded('contract-violations', file, JSON.stringify(record) + '\n');
97
- } catch { /* logging is best-effort */ }
98
- }
99
-
100
- /**
101
- * Validate `packet` against `contractId` in the given `direction`. Throws
102
- * a `ContractViolationError` on failure (and logs the violation). Returns
103
- * the validation result on success so callers can inspect the resolved
104
- * contract metadata.
105
- *
106
- * For `direction === 'output'`, also evaluates the producer's binary
107
- * postconditions from `lib/agents/postconditions.mjs`. A failed postcondition
108
- * raises with `verdict: 'BLOCKED_CONTRACT'` so the dispatcher can branch on
109
- * the typed verdict rather than parsing the error message.
110
- *
111
- * @param {string} contractId
112
- * @param {object} packet
113
- * @param {'input'|'output'} [direction]
114
- * @returns {{ ok: true, contract, direction }}
115
- */
116
- export function enforcePacket(contractId, packet, direction = 'input') {
117
- const result = validatePacket(contractId, packet, direction);
118
- if (!result.ok) {
119
- if (result.reason === 'contract-not-found') {
120
- throw new ContractViolationError({
121
- contractId,
122
- direction,
123
- missing: ['(contract not found)'],
124
- });
125
- }
126
- logViolation(contractId, direction, result.missing || [], packet);
127
- throw new ContractViolationError({
128
- contractId,
129
- direction,
130
- missing: result.missing || [],
131
- });
132
- }
133
-
134
- if (direction === 'output') {
135
- const contract = result.contract || getContractById(contractId);
136
- const producer = contract?.producer;
137
- if (producer) {
138
- const postcondition = validatePostconditions(producer, packet);
139
- if (!postcondition.ok) {
140
- logViolation(contractId, direction, [], packet, {
141
- verdict: 'BLOCKED_CONTRACT',
142
- postconditionFailures: postcondition.failures,
143
- });
144
- throw new ContractViolationError({
145
- contractId,
146
- direction,
147
- verdict: 'BLOCKED_CONTRACT',
148
- postconditionFailures: postcondition.failures,
149
- });
150
- }
151
- }
152
- }
153
-
154
- return result;
155
- }
156
-
157
- /**
158
- * Read recent violations from the chain log. Returns oldest-first.
159
- */
160
- export function recentViolations({ windowMs = 24 * 60 * 60 * 1000 } = {}) {
161
- const file = logFile();
162
- if (!existsSync(file)) return [];
163
- try {
164
- const cutoff = Date.now() - windowMs;
165
- return readFileSync(file, 'utf8')
166
- .trim()
167
- .split('\n')
168
- .filter(Boolean)
169
- .map((line) => { try { return JSON.parse(line); } catch { return null; } })
170
- .filter((r) => r && new Date(r.ts).getTime() >= cutoff);
171
- } catch { return []; }
172
- }
@@ -1,28 +0,0 @@
1
- <!--
2
- rules/common/agents.md: platform-agnostic agent orchestration guidance.
3
-
4
- Defines when to route to specialist agents, parallel execution rules,
5
- and multi-perspective analysis patterns. Does not reference specific
6
- platform agent types or config paths.
7
- -->
8
- # Agent Orchestration
9
-
10
- ## Immediate Agent Usage
11
-
12
- No user prompt needed: match the task to the right specialist:
13
- 1. Complex feature requests - planning specialist
14
- 2. Code just written/modified - code review specialist
15
- 3. Bug fix or new feature - TDD specialist
16
- 4. Architectural decision - architecture specialist
17
-
18
- ## Parallel Task Execution
19
-
20
- ALWAYS use parallel execution for independent operations. Launch multiple specialists concurrently when their work is independent.
21
-
22
- ## Multi-Perspective Analysis
23
-
24
- For complex problems, use multiple specialist perspectives:
25
- - Factual reviewer
26
- - Senior engineer
27
- - Security expert
28
- - Consistency reviewer
@@ -1,32 +0,0 @@
1
- <!--
2
- rules/common/development-workflow.md: feature implementation pipeline.
3
-
4
- Defines the research-plan-TDD-review-commit workflow that runs before
5
- git operations. References testing.md, code-review.md, git-workflow.md.
6
- -->
7
- # Development Workflow
8
-
9
- ## Feature Implementation Workflow
10
-
11
- 0. **Research & Reuse** _(mandatory before any new implementation or artifact)_
12
- - **Search existing code first:** Look for existing implementations, templates, and patterns before writing anything new.
13
- - **Search existing artifacts:** Before authoring a doc, rule, template, strategy, PRD, ADR, or RFC, audit what already exists. See [review-before-change.md](review-before-change.md) for the audit checklist. Extend or supersede; do not duplicate.
14
- - **Check docs:** Confirm API behavior, package usage, and version-specific details before implementing.
15
- - **Check package registries:** npm, PyPI, crates.io before writing utility code.
16
- - Prefer adopting a proven approach over writing net-new code.
17
-
18
- 1. **Plan** - Break into phases; identify dependencies and risks.
19
-
20
- 2. **TDD** - Write tests first (RED), implement (GREEN), refactor (IMPROVE). See [testing.md](testing.md).
21
-
22
- 3. **Code Review** - Review immediately after writing. See [code-review.md](code-review.md).
23
-
24
- 3.5. **Docs** _(mandatory for any user-facing change)_
25
- - If you added or changed a CLI command, API endpoint, config option, or architecture boundary: update `docs/concepts/architecture.md` and create or update the relevant `docs/cookbook/` recipe.
26
- - If you added a CLI command, ensure the cookbook index links to a recipe for it.
27
- - Run `construct docs:update` to regenerate AUTO-managed regions.
28
- - A change is not DONE if a user-facing capability exists with no documentation.
29
-
30
- 4. **Commit** - Conventional commits format. See [git-workflow.md](git-workflow.md).
31
-
32
- 5. **Pre-Review Checks** - CI passing, conflicts resolved, branch synced.
@@ -1,55 +0,0 @@
1
- <!--
2
- rules/common/performance.md: model-agnostic performance and context management rules.
3
-
4
- Defines model selection tiers, context window management heuristics,
5
- and build troubleshooting steps. No platform-specific tool names or config paths.
6
- -->
7
- # Performance Optimization
8
-
9
- ## Model Selection Strategy
10
-
11
- **Fast tier** (small/cheap models):
12
- - Lightweight agents with frequent invocation
13
- - Pair programming and code generation
14
- - Worker agents in multi-agent systems
15
-
16
- **Standard tier** (mid-range models):
17
- - Main development work
18
- - Orchestrating multi-agent workflows
19
- - Complex coding tasks
20
-
21
- **Reasoning tier** (large/frontier models):
22
- - Complex architectural decisions
23
- - Maximum reasoning requirements
24
- - Research and analysis tasks
25
-
26
- ## Context Window Management
27
-
28
- Avoid last 20% of context window for:
29
- - Large-scale refactoring
30
- - Feature implementation spanning multiple files
31
- - Debugging complex interactions
32
-
33
- Prefer this retrieval ladder before loading more context:
34
- 1. Targeted search to narrow candidate files
35
- 2. Targeted reads (aim for <400 lines)
36
- 3. Parallel reads for the minimum necessary file set
37
- 4. Summarize to a context artifact before broad re-exploration
38
-
39
- Heuristics:
40
- - Re-reading the same file multiple times without a state change is a retrieval smell.
41
- - Large reads should be reserved for files where local structure matters more than symbol search.
42
- - Use workflow/context artifacts as cached state instead of rediscovering background repeatedly.
43
-
44
- Lower context sensitivity tasks:
45
- - Single-file edits
46
- - Independent utility creation
47
- - Documentation updates
48
- - Simple bug fixes
49
-
50
- ## Build Troubleshooting
51
-
52
- If build fails:
53
- 1. Analyze error messages
54
- 2. Fix incrementally
55
- 3. Verify after each fix