@geraldmaron/construct 1.0.14 → 1.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +21 -2
- package/bin/construct +146 -83
- package/commands/build/feature.md +0 -6
- package/commands/build/fix.md +0 -6
- package/commands/design/access.md +0 -6
- package/commands/design/flow.md +0 -6
- package/commands/design/ui.md +0 -6
- package/commands/measure/experiment.md +0 -6
- package/commands/measure/metrics.md +0 -6
- package/commands/measure/results.md +0 -6
- package/commands/plan/api.md +0 -6
- package/commands/plan/challenge.md +0 -6
- package/commands/plan/decide.md +0 -6
- package/commands/plan/feature.md +0 -7
- package/commands/plan/requirements.md +0 -6
- package/commands/remember/context.md +0 -6
- package/commands/remember/handoff.md +0 -6
- package/commands/remember/runbook.md +0 -6
- package/commands/review/code.md +0 -6
- package/commands/review/quality.md +0 -6
- package/commands/review/security.md +0 -6
- package/commands/ship/ready.md +0 -6
- package/commands/ship/release.md +0 -6
- package/commands/ship/status.md +0 -6
- package/commands/understand/docs.md +0 -6
- package/commands/understand/research.md +0 -6
- package/commands/understand/this.md +0 -6
- package/commands/understand/why.md +0 -6
- package/commands/work/clean.md +0 -6
- package/commands/work/drive.md +0 -6
- package/commands/work/optimize-prompts.md +0 -6
- package/commands/work/parallel-review.md +0 -6
- package/db/schema/010_cx_scores.sql +51 -0
- package/lib/beads-client.mjs +19 -1
- package/lib/cli-commands.mjs +280 -146
- package/lib/comment-lint.mjs +5 -1
- package/lib/context-state.mjs +15 -3
- package/lib/contracts/validate.mjs +72 -18
- package/lib/contracts/violation-log.mjs +169 -0
- package/lib/document-extract/docling-client.mjs +114 -0
- package/lib/document-extract/docling-sidecar.py +122 -0
- package/lib/document-extract/whisper-client.mjs +79 -0
- package/lib/document-extract.mjs +73 -8
- package/lib/document-ingest.mjs +26 -4
- package/lib/embed/daemon.mjs +6 -1
- package/lib/flavors/loader.mjs +1 -1
- package/lib/handoffs/contract.mjs +2 -2
- package/lib/hooks/session-start.mjs +1 -1
- package/lib/hooks/stop-notify.mjs +7 -0
- package/lib/ingest/chunker.mjs +94 -0
- package/lib/ingest/pipeline.mjs +53 -0
- package/lib/ingest/store.mjs +82 -0
- package/lib/install/first-invocation.mjs +5 -1
- package/lib/intake/prepare.mjs +22 -4
- package/lib/integrations/intake-integrations.mjs +28 -2
- package/lib/knowledge/search.mjs +12 -0
- package/lib/mcp/server.mjs +142 -1
- package/lib/mcp/tools/skills.mjs +6 -3
- package/lib/mcp/tools/telemetry.mjs +30 -0
- package/lib/mcp/tools/workflow.mjs +6 -2
- package/lib/observation-store.mjs +14 -5
- package/lib/ollama-manager.mjs +32 -28
- package/lib/orchestration-policy.mjs +15 -0
- package/lib/prompt-composer.js +11 -1
- package/lib/roles/gateway.mjs +30 -1
- package/lib/runtime/uv-bootstrap.mjs +129 -0
- package/lib/runtime/whisper-bootstrap.mjs +102 -0
- package/lib/scheduler/index.mjs +24 -4
- package/lib/server/index.mjs +22 -1
- package/lib/server/insights.mjs +12 -0
- package/lib/server/static/index.html +1 -1
- package/lib/setup.mjs +54 -9
- package/lib/specialists/postconditions.mjs +1 -1
- package/lib/sync/skill-frontmatter.mjs +113 -21
- package/lib/tracking-surfaces.mjs +2 -0
- package/lib/update.mjs +31 -3
- package/lib/upgrade.mjs +31 -4
- package/lib/validators/skills.mjs +86 -54
- package/package.json +5 -5
- package/personas/construct.md +6 -7
- package/platforms/claude/CLAUDE.md +43 -15
- package/platforms/claude/settings.template.json +1 -1
- package/rules/common/beads-hygiene.md +3 -9
- package/rules/common/code-review.md +3 -6
- package/rules/common/coding-style.md +3 -6
- package/rules/common/comments.md +3 -7
- package/rules/common/commit-approval.md +3 -6
- package/rules/common/cx-agent-routing.md +3 -7
- package/rules/common/cx-skill-routing.md +3 -3
- package/rules/common/doc-ownership.md +3 -8
- package/rules/common/efficiency.md +3 -8
- package/rules/common/framing.md +3 -8
- package/rules/common/git-workflow.md +3 -5
- package/rules/common/no-fabrication.md +4 -12
- package/rules/common/patterns.md +3 -5
- package/rules/common/release-gates.md +3 -8
- package/rules/common/research.md +3 -8
- package/rules/common/review-before-change.md +3 -9
- package/rules/common/security.md +3 -6
- package/rules/common/skill-composition.md +3 -7
- package/rules/common/testing.md +3 -6
- package/rules/golang/coding-style.md +1 -5
- package/rules/golang/hooks.md +1 -5
- package/rules/golang/patterns.md +1 -5
- package/rules/golang/security.md +1 -5
- package/rules/golang/testing.md +1 -5
- package/rules/python/coding-style.md +1 -5
- package/rules/python/hooks.md +1 -5
- package/rules/python/patterns.md +1 -5
- package/rules/python/security.md +1 -5
- package/rules/python/testing.md +1 -5
- package/rules/swift/coding-style.md +1 -5
- package/rules/swift/hooks.md +1 -5
- package/rules/swift/patterns.md +1 -5
- package/rules/swift/security.md +1 -5
- package/rules/swift/testing.md +1 -5
- package/rules/typescript/coding-style.md +1 -5
- package/rules/typescript/hooks.md +1 -5
- package/rules/typescript/patterns.md +1 -5
- package/rules/typescript/security.md +1 -5
- package/rules/typescript/testing.md +1 -5
- package/rules/web/coding-style.md +3 -5
- package/rules/web/design-quality.md +3 -5
- package/rules/web/hooks.md +3 -5
- package/rules/web/patterns.md +3 -5
- package/rules/web/performance.md +3 -5
- package/rules/web/security.md +3 -5
- package/rules/web/testing.md +3 -5
- package/scripts/sync-specialists.mjs +20 -2
- package/skills/ai/agent-dev.md +4 -5
- package/skills/ai/llm-security.md +4 -5
- package/skills/ai/ml-ops.md +4 -5
- package/skills/ai/orchestration-workflow.md +4 -5
- package/skills/ai/prompt-and-eval.md +4 -5
- package/skills/ai/prompt-optimizer.md +4 -6
- package/skills/ai/rag-system.md +4 -5
- package/skills/architecture/api-design.md +4 -5
- package/skills/architecture/caching.md +4 -5
- package/skills/architecture/cloud-native.md +4 -5
- package/skills/architecture/message-queue.md +4 -5
- package/skills/architecture/security-arch.md +4 -5
- package/skills/compliance/ai-disclosure.md +4 -5
- package/skills/compliance/data-privacy.md +4 -5
- package/skills/compliance/license-audit.md +4 -5
- package/skills/compliance/regulatory-review.md +4 -5
- package/skills/development/cpp.md +4 -5
- package/skills/development/go.md +4 -5
- package/skills/development/java.md +4 -5
- package/skills/development/kotlin.md +4 -5
- package/skills/development/mobile-crossplatform.md +4 -5
- package/skills/development/python.md +4 -5
- package/skills/development/rust.md +4 -5
- package/skills/development/shell.md +4 -5
- package/skills/development/swift.md +4 -5
- package/skills/development/typescript.md +4 -5
- package/skills/devops/ci-cd.md +4 -5
- package/skills/devops/containerization.md +4 -5
- package/skills/devops/cost-optimization.md +4 -5
- package/skills/devops/data-engineering.md +4 -5
- package/skills/devops/database.md +4 -5
- package/skills/devops/dependency-management.md +4 -5
- package/skills/devops/devsecops.md +4 -5
- package/skills/devops/git-workflow.md +4 -5
- package/skills/devops/incident-response.md +4 -5
- package/skills/devops/monorepo.md +4 -5
- package/skills/devops/observability.md +4 -5
- package/skills/devops/performance.md +4 -5
- package/skills/devops/testing.md +4 -5
- package/skills/docs/adr-workflow.md +4 -7
- package/skills/docs/backlog-proposal-workflow.md +4 -3
- package/skills/docs/customer-profile-workflow.md +4 -3
- package/skills/docs/document-ingest-workflow.md +4 -3
- package/skills/docs/evidence-ingest-workflow.md +4 -3
- package/skills/docs/init-docs.md +4 -5
- package/skills/docs/init-project.md +4 -5
- package/skills/docs/prd-workflow.md +4 -7
- package/skills/docs/prfaq-workflow.md +4 -3
- package/skills/docs/product-intelligence-review.md +4 -3
- package/skills/docs/product-intelligence-workflow.md +4 -6
- package/skills/docs/product-signal-workflow.md +4 -5
- package/skills/docs/research-workflow.md +4 -5
- package/skills/docs/runbook-workflow.md +4 -5
- package/skills/docs/strategy-workflow.md +4 -5
- package/skills/exploration/dependency-graph-reading.md +4 -7
- package/skills/exploration/repo-map.md +4 -5
- package/skills/exploration/tracer-bullet-method.md +4 -7
- package/skills/exploration/unknown-codebase-onboarding.md +4 -7
- package/skills/frameworks/django.md +4 -5
- package/skills/frameworks/nextjs.md +4 -5
- package/skills/frameworks/react.md +4 -5
- package/skills/frameworks/spring-boot.md +4 -5
- package/skills/frontend-design/accessibility.md +4 -5
- package/skills/frontend-design/component-patterns.md +4 -5
- package/skills/frontend-design/engineering.md +4 -5
- package/skills/frontend-design/state-management.md +4 -5
- package/skills/frontend-design/ui-aesthetics.md +4 -5
- package/skills/frontend-design/ux-principles.md +4 -5
- package/skills/operating/change-management.md +4 -8
- package/skills/operating/incident-response.md +4 -8
- package/skills/operating/oncall-rotation.md +4 -7
- package/skills/operating/orchestration-reference.md +4 -10
- package/skills/quality-gates/review-work.md +4 -5
- package/skills/quality-gates/verify-change.md +4 -5
- package/skills/quality-gates/verify-module.md +4 -5
- package/skills/quality-gates/verify-quality.md +4 -5
- package/skills/quality-gates/verify-security.md +4 -5
- package/skills/roles/architect.ai-systems.md +6 -9
- package/skills/roles/architect.data.md +6 -9
- package/skills/roles/architect.enterprise.md +6 -9
- package/skills/roles/architect.integration.md +6 -9
- package/skills/roles/architect.md +7 -14
- package/skills/roles/architect.platform.md +6 -9
- package/skills/roles/data-analyst.experiment.md +6 -9
- package/skills/roles/data-analyst.md +6 -9
- package/skills/roles/data-analyst.product-intelligence.md +7 -9
- package/skills/roles/data-analyst.product.md +6 -9
- package/skills/roles/data-analyst.telemetry.md +7 -9
- package/skills/roles/data-engineer.pipeline.md +6 -9
- package/skills/roles/data-engineer.vector-retrieval.md +7 -9
- package/skills/roles/data-engineer.warehouse.md +6 -9
- package/skills/roles/debugger.md +6 -9
- package/skills/roles/designer.accessibility.md +6 -9
- package/skills/roles/designer.md +7 -9
- package/skills/roles/engineer.ai.md +6 -9
- package/skills/roles/engineer.data.md +6 -9
- package/skills/roles/engineer.md +9 -9
- package/skills/roles/engineer.platform.md +6 -9
- package/skills/roles/operator.docs.md +6 -9
- package/skills/roles/operator.md +9 -9
- package/skills/roles/operator.release.md +6 -9
- package/skills/roles/operator.sre.md +6 -9
- package/skills/roles/orchestrator.md +6 -9
- package/skills/roles/product-manager.ai-product.md +6 -9
- package/skills/roles/product-manager.business-strategy.md +6 -9
- package/skills/roles/product-manager.enterprise.md +6 -9
- package/skills/roles/product-manager.growth.md +7 -9
- package/skills/roles/product-manager.md +7 -9
- package/skills/roles/product-manager.platform.md +6 -9
- package/skills/roles/product-manager.product.md +6 -9
- package/skills/roles/qa.ai-eval.md +8 -9
- package/skills/roles/qa.api-contract.md +7 -9
- package/skills/roles/qa.data-pipeline.md +7 -9
- package/skills/roles/qa.md +7 -9
- package/skills/roles/qa.test-automation.md +6 -9
- package/skills/roles/qa.web-ui.md +7 -9
- package/skills/roles/researcher.explorer.md +6 -9
- package/skills/roles/researcher.md +8 -9
- package/skills/roles/researcher.ux.md +6 -9
- package/skills/roles/reviewer.devil-advocate.md +6 -9
- package/skills/roles/reviewer.evaluator.md +6 -9
- package/skills/roles/reviewer.md +9 -9
- package/skills/roles/reviewer.trace.md +6 -9
- package/skills/roles/security.ai.md +7 -9
- package/skills/roles/security.appsec.md +6 -9
- package/skills/roles/security.cloud.md +6 -9
- package/skills/roles/security.legal-compliance.md +6 -9
- package/skills/roles/security.md +7 -9
- package/skills/roles/security.privacy.md +7 -9
- package/skills/roles/security.supply-chain.md +7 -9
- package/skills/security/blue-team.md +4 -5
- package/skills/security/code-audit.md +4 -5
- package/skills/security/pentest.md +4 -5
- package/skills/security/red-team.md +4 -5
- package/skills/security/threat-intel.md +4 -5
- package/skills/security/vuln-research.md +4 -5
- package/skills/strategy/competitive-landscape.md +4 -8
- package/skills/strategy/market-research-methods.md +4 -8
- package/skills/strategy/narrative-arc.md +4 -8
- package/skills/strategy/pricing-positioning.md +4 -8
- package/skills/utility/clean-code.md +4 -5
- package/specialists/policy-inventory.json +14 -0
- package/lib/specialist-contracts-enforce.mjs +0 -172
- package/rules/common/agents.md +0 -28
- package/rules/common/development-workflow.md +0 -32
- package/rules/common/performance.md +0 -55
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-red-team
|
|
3
|
+
description: Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
|
|
4
|
+
---
|
|
6
5
|
# Red Team
|
|
7
6
|
|
|
8
7
|
Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-threat-intel
|
|
3
|
+
description: Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
|
|
4
|
+
---
|
|
6
5
|
# Threat Intelligence
|
|
7
6
|
|
|
8
7
|
Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: security-vuln-research
|
|
3
|
+
description: Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
|
|
4
|
+
---
|
|
6
5
|
# Vulnerability Research
|
|
7
6
|
|
|
8
7
|
Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when the team needs a structured read on
|
|
4
|
-
|
|
5
|
-
Covers Porter Five Forces, Jobs-to-be-Done framing, and competitive
|
|
6
|
-
response sequencing.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-competitive-landscape
|
|
3
|
+
description: Use when the team needs a structured read on market positioning before committing direction.
|
|
4
|
+
---
|
|
9
5
|
# Competitive Landscape Analysis
|
|
10
6
|
|
|
11
7
|
Use when the team needs a structured read on market positioning before committing direction.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when
|
|
4
|
-
|
|
5
|
-
interview technique, survey design traps, and research-to-decision
|
|
6
|
-
handoff.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-market-research-methods
|
|
3
|
+
description: Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
|
|
4
|
+
---
|
|
9
5
|
# Market Research Methods
|
|
10
6
|
|
|
11
7
|
Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when
|
|
4
|
-
|
|
5
|
-
structure, the five components of a compelling story, and common failure
|
|
6
|
-
modes in executive communication.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-narrative-arc
|
|
3
|
+
description: Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
|
|
4
|
+
---
|
|
9
5
|
# Strategic Narrative Construction
|
|
10
6
|
|
|
11
7
|
Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
|
|
@@ -1,11 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
Use when
|
|
4
|
-
|
|
5
|
-
pricing, willingness-to-pay research techniques, and positioning statement
|
|
6
|
-
construction.
|
|
7
|
-
-->
|
|
8
|
-
|
|
1
|
+
---
|
|
2
|
+
name: strategy-pricing-positioning
|
|
3
|
+
description: Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
|
|
4
|
+
---
|
|
9
5
|
# Pricing and Positioning
|
|
10
6
|
|
|
11
7
|
Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
|
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
-->
|
|
1
|
+
---
|
|
2
|
+
name: utility-clean-code
|
|
3
|
+
description: Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
|
|
4
|
+
---
|
|
6
5
|
# AI Slop Removal
|
|
7
6
|
|
|
8
7
|
Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
|
|
@@ -155,6 +155,20 @@
|
|
|
155
155
|
"enforcement": "(persona prompt)",
|
|
156
156
|
"mode": "honor-system",
|
|
157
157
|
"description": "Architectural pattern guidance (module boundaries, error handling, async contracts) applied at authoring time."
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
"id": "review-before-change",
|
|
161
|
+
"source": "rules/common/review-before-change.md",
|
|
162
|
+
"enforcement": "(persona prompt)",
|
|
163
|
+
"mode": "honor-system",
|
|
164
|
+
"description": "Requires an existing-artifact audit before authoring or rewriting any durable doc, rule, template, or PRD/ADR/RFC. Extend or supersede; do not duplicate."
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
"id": "session-efficiency",
|
|
168
|
+
"source": "rules/common/efficiency.md",
|
|
169
|
+
"enforcement": "lib/read-tracker-store.mjs + session-start digest",
|
|
170
|
+
"mode": "deterministic",
|
|
171
|
+
"description": "Read discipline, probe-before-bulk-read, and tool parallelism rules. Read counts tracked per-file; the session-start efficiency digest surfaces files crossing the re-read threshold."
|
|
158
172
|
}
|
|
159
173
|
]
|
|
160
174
|
}
|
|
@@ -1,172 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* lib/specialist-contracts-enforce.mjs — runtime contract enforcement.
|
|
3
|
-
*
|
|
4
|
-
* Wraps `validatePacket` from `lib/specialist-contracts.mjs` with three production
|
|
5
|
-
* concerns:
|
|
6
|
-
*
|
|
7
|
-
* 1. Block on violation. `enforcePacket` throws a `ContractViolationError`
|
|
8
|
-
* when the packet doesn't satisfy the contract direction. Callers can
|
|
9
|
-
* catch and degrade if they want advisory mode, but the default is hard
|
|
10
|
-
* enforcement so contract bugs surface loudly.
|
|
11
|
-
*
|
|
12
|
-
* 2. Tamper-evident violation log. Every violation appends a JSONL record
|
|
13
|
-
* to `~/.cx/contract-violations.jsonl` with a sha256 chain-hash over
|
|
14
|
-
* the prior line. Same pattern as the mutation audit trail. Operators
|
|
15
|
-
* can replay the chain to detect after-the-fact tampering.
|
|
16
|
-
*
|
|
17
|
-
* 3. Visibility into `construct doctor`. `recentViolations(windowMs)`
|
|
18
|
-
* returns the last N violations so doctor can surface
|
|
19
|
-
* "3 contract violations in the last 24h — see ~/.cx/contract-violations.jsonl".
|
|
20
|
-
*
|
|
21
|
-
* The enforcement is identity-aware. Each violation logs the active agent
|
|
22
|
-
* (via `~/.cx/last-agent.json` like audit-trail does) so operators can
|
|
23
|
-
* identify which producer or consumer is at fault.
|
|
24
|
-
*/
|
|
25
|
-
|
|
26
|
-
import { existsSync, mkdirSync, statSync, readFileSync } from 'node:fs';
|
|
27
|
-
import { join, dirname } from 'node:path';
|
|
28
|
-
import { homedir } from 'node:os';
|
|
29
|
-
import { createHash } from 'node:crypto';
|
|
30
|
-
import { getContractById, validatePacket } from './specialist-contracts.mjs';
|
|
31
|
-
import { appendBounded } from './logging/rotate.mjs';
|
|
32
|
-
import { resolveProjectScopedPath } from './project-root.mjs';
|
|
33
|
-
import { validatePostconditions } from './specialists/postconditions.mjs';
|
|
34
|
-
|
|
35
|
-
const CX_DIR = join(homedir(), '.cx');
|
|
36
|
-
// contract-violations are PROJECT-SCOPED — a violation belongs to a
|
|
37
|
-
// specific contract chain in a specific project. Resolves to
|
|
38
|
-
// <project>/.cx/contract-violations.jsonl when inside a project, falling
|
|
39
|
-
// back to the legacy ~/.cx path for standalone invocations. Resolved on
|
|
40
|
-
// every call so cwd/HOME changes inside the same process (tests, harness
|
|
41
|
-
// reuse) route correctly.
|
|
42
|
-
|
|
43
|
-
function logFile() {
|
|
44
|
-
return resolveProjectScopedPath('contract-violations.jsonl', { ensureDir: false });
|
|
45
|
-
}
|
|
46
|
-
const LAST_AGENT = join(CX_DIR, 'last-agent.json');
|
|
47
|
-
|
|
48
|
-
export class ContractViolationError extends Error {
|
|
49
|
-
constructor({ contractId, direction, missing, verdict = 'CONTRACT_VIOLATION', postconditionFailures = [] }) {
|
|
50
|
-
const detail = postconditionFailures.length > 0
|
|
51
|
-
? `postcondition(s) failed: ${postconditionFailures.map((f) => f.id).join(', ')}`
|
|
52
|
-
: `missing field(s): ${(missing || []).join(', ')}`;
|
|
53
|
-
super(`contract '${contractId}' (${direction}) violated — ${detail}`);
|
|
54
|
-
this.name = 'ContractViolationError';
|
|
55
|
-
this.contractId = contractId;
|
|
56
|
-
this.direction = direction;
|
|
57
|
-
this.missing = missing || [];
|
|
58
|
-
this.verdict = verdict;
|
|
59
|
-
this.postconditionFailures = postconditionFailures;
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
|
|
63
|
-
function sha256(input) { return createHash('sha256').update(input).digest('hex'); }
|
|
64
|
-
|
|
65
|
-
function readLastAgent() {
|
|
66
|
-
try { return JSON.parse(readFileSync(LAST_AGENT, 'utf8'))?.agent || 'construct'; }
|
|
67
|
-
catch { return 'construct'; }
|
|
68
|
-
}
|
|
69
|
-
|
|
70
|
-
function readPrevLineHash() {
|
|
71
|
-
try {
|
|
72
|
-
const file = logFile();
|
|
73
|
-
if (!existsSync(file)) return null;
|
|
74
|
-
const size = statSync(file).size;
|
|
75
|
-
if (size === 0) return null;
|
|
76
|
-
const tail = readFileSync(file, 'utf8').slice(Math.max(0, size - 2048));
|
|
77
|
-
const lines = tail.split('\n').filter(Boolean);
|
|
78
|
-
return lines.length === 0 ? null : sha256(lines[lines.length - 1]);
|
|
79
|
-
} catch { return null; }
|
|
80
|
-
}
|
|
81
|
-
|
|
82
|
-
function logViolation(contractId, direction, missing, packet, extra = {}) {
|
|
83
|
-
try {
|
|
84
|
-
const file = logFile();
|
|
85
|
-
mkdirSync(dirname(file), { recursive: true });
|
|
86
|
-
const record = {
|
|
87
|
-
ts: new Date().toISOString(),
|
|
88
|
-
agent: readLastAgent(),
|
|
89
|
-
contractId,
|
|
90
|
-
direction,
|
|
91
|
-
missing,
|
|
92
|
-
packet_keys: packet && typeof packet === 'object' ? Object.keys(packet) : null,
|
|
93
|
-
prev_line_hash: readPrevLineHash(),
|
|
94
|
-
...extra,
|
|
95
|
-
};
|
|
96
|
-
appendBounded('contract-violations', file, JSON.stringify(record) + '\n');
|
|
97
|
-
} catch { /* logging is best-effort */ }
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
/**
|
|
101
|
-
* Validate `packet` against `contractId` in the given `direction`. Throws
|
|
102
|
-
* a `ContractViolationError` on failure (and logs the violation). Returns
|
|
103
|
-
* the validation result on success so callers can inspect the resolved
|
|
104
|
-
* contract metadata.
|
|
105
|
-
*
|
|
106
|
-
* For `direction === 'output'`, also evaluates the producer's binary
|
|
107
|
-
* postconditions from `lib/agents/postconditions.mjs`. A failed postcondition
|
|
108
|
-
* raises with `verdict: 'BLOCKED_CONTRACT'` so the dispatcher can branch on
|
|
109
|
-
* the typed verdict rather than parsing the error message.
|
|
110
|
-
*
|
|
111
|
-
* @param {string} contractId
|
|
112
|
-
* @param {object} packet
|
|
113
|
-
* @param {'input'|'output'} [direction]
|
|
114
|
-
* @returns {{ ok: true, contract, direction }}
|
|
115
|
-
*/
|
|
116
|
-
export function enforcePacket(contractId, packet, direction = 'input') {
|
|
117
|
-
const result = validatePacket(contractId, packet, direction);
|
|
118
|
-
if (!result.ok) {
|
|
119
|
-
if (result.reason === 'contract-not-found') {
|
|
120
|
-
throw new ContractViolationError({
|
|
121
|
-
contractId,
|
|
122
|
-
direction,
|
|
123
|
-
missing: ['(contract not found)'],
|
|
124
|
-
});
|
|
125
|
-
}
|
|
126
|
-
logViolation(contractId, direction, result.missing || [], packet);
|
|
127
|
-
throw new ContractViolationError({
|
|
128
|
-
contractId,
|
|
129
|
-
direction,
|
|
130
|
-
missing: result.missing || [],
|
|
131
|
-
});
|
|
132
|
-
}
|
|
133
|
-
|
|
134
|
-
if (direction === 'output') {
|
|
135
|
-
const contract = result.contract || getContractById(contractId);
|
|
136
|
-
const producer = contract?.producer;
|
|
137
|
-
if (producer) {
|
|
138
|
-
const postcondition = validatePostconditions(producer, packet);
|
|
139
|
-
if (!postcondition.ok) {
|
|
140
|
-
logViolation(contractId, direction, [], packet, {
|
|
141
|
-
verdict: 'BLOCKED_CONTRACT',
|
|
142
|
-
postconditionFailures: postcondition.failures,
|
|
143
|
-
});
|
|
144
|
-
throw new ContractViolationError({
|
|
145
|
-
contractId,
|
|
146
|
-
direction,
|
|
147
|
-
verdict: 'BLOCKED_CONTRACT',
|
|
148
|
-
postconditionFailures: postcondition.failures,
|
|
149
|
-
});
|
|
150
|
-
}
|
|
151
|
-
}
|
|
152
|
-
}
|
|
153
|
-
|
|
154
|
-
return result;
|
|
155
|
-
}
|
|
156
|
-
|
|
157
|
-
/**
|
|
158
|
-
* Read recent violations from the chain log. Returns oldest-first.
|
|
159
|
-
*/
|
|
160
|
-
export function recentViolations({ windowMs = 24 * 60 * 60 * 1000 } = {}) {
|
|
161
|
-
const file = logFile();
|
|
162
|
-
if (!existsSync(file)) return [];
|
|
163
|
-
try {
|
|
164
|
-
const cutoff = Date.now() - windowMs;
|
|
165
|
-
return readFileSync(file, 'utf8')
|
|
166
|
-
.trim()
|
|
167
|
-
.split('\n')
|
|
168
|
-
.filter(Boolean)
|
|
169
|
-
.map((line) => { try { return JSON.parse(line); } catch { return null; } })
|
|
170
|
-
.filter((r) => r && new Date(r.ts).getTime() >= cutoff);
|
|
171
|
-
} catch { return []; }
|
|
172
|
-
}
|
package/rules/common/agents.md
DELETED
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
rules/common/agents.md: platform-agnostic agent orchestration guidance.
|
|
3
|
-
|
|
4
|
-
Defines when to route to specialist agents, parallel execution rules,
|
|
5
|
-
and multi-perspective analysis patterns. Does not reference specific
|
|
6
|
-
platform agent types or config paths.
|
|
7
|
-
-->
|
|
8
|
-
# Agent Orchestration
|
|
9
|
-
|
|
10
|
-
## Immediate Agent Usage
|
|
11
|
-
|
|
12
|
-
No user prompt needed: match the task to the right specialist:
|
|
13
|
-
1. Complex feature requests - planning specialist
|
|
14
|
-
2. Code just written/modified - code review specialist
|
|
15
|
-
3. Bug fix or new feature - TDD specialist
|
|
16
|
-
4. Architectural decision - architecture specialist
|
|
17
|
-
|
|
18
|
-
## Parallel Task Execution
|
|
19
|
-
|
|
20
|
-
ALWAYS use parallel execution for independent operations. Launch multiple specialists concurrently when their work is independent.
|
|
21
|
-
|
|
22
|
-
## Multi-Perspective Analysis
|
|
23
|
-
|
|
24
|
-
For complex problems, use multiple specialist perspectives:
|
|
25
|
-
- Factual reviewer
|
|
26
|
-
- Senior engineer
|
|
27
|
-
- Security expert
|
|
28
|
-
- Consistency reviewer
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
rules/common/development-workflow.md: feature implementation pipeline.
|
|
3
|
-
|
|
4
|
-
Defines the research-plan-TDD-review-commit workflow that runs before
|
|
5
|
-
git operations. References testing.md, code-review.md, git-workflow.md.
|
|
6
|
-
-->
|
|
7
|
-
# Development Workflow
|
|
8
|
-
|
|
9
|
-
## Feature Implementation Workflow
|
|
10
|
-
|
|
11
|
-
0. **Research & Reuse** _(mandatory before any new implementation or artifact)_
|
|
12
|
-
- **Search existing code first:** Look for existing implementations, templates, and patterns before writing anything new.
|
|
13
|
-
- **Search existing artifacts:** Before authoring a doc, rule, template, strategy, PRD, ADR, or RFC, audit what already exists. See [review-before-change.md](review-before-change.md) for the audit checklist. Extend or supersede; do not duplicate.
|
|
14
|
-
- **Check docs:** Confirm API behavior, package usage, and version-specific details before implementing.
|
|
15
|
-
- **Check package registries:** npm, PyPI, crates.io before writing utility code.
|
|
16
|
-
- Prefer adopting a proven approach over writing net-new code.
|
|
17
|
-
|
|
18
|
-
1. **Plan** - Break into phases; identify dependencies and risks.
|
|
19
|
-
|
|
20
|
-
2. **TDD** - Write tests first (RED), implement (GREEN), refactor (IMPROVE). See [testing.md](testing.md).
|
|
21
|
-
|
|
22
|
-
3. **Code Review** - Review immediately after writing. See [code-review.md](code-review.md).
|
|
23
|
-
|
|
24
|
-
3.5. **Docs** _(mandatory for any user-facing change)_
|
|
25
|
-
- If you added or changed a CLI command, API endpoint, config option, or architecture boundary: update `docs/concepts/architecture.md` and create or update the relevant `docs/cookbook/` recipe.
|
|
26
|
-
- If you added a CLI command, ensure the cookbook index links to a recipe for it.
|
|
27
|
-
- Run `construct docs:update` to regenerate AUTO-managed regions.
|
|
28
|
-
- A change is not DONE if a user-facing capability exists with no documentation.
|
|
29
|
-
|
|
30
|
-
4. **Commit** - Conventional commits format. See [git-workflow.md](git-workflow.md).
|
|
31
|
-
|
|
32
|
-
5. **Pre-Review Checks** - CI passing, conflicts resolved, branch synced.
|
|
@@ -1,55 +0,0 @@
|
|
|
1
|
-
<!--
|
|
2
|
-
rules/common/performance.md: model-agnostic performance and context management rules.
|
|
3
|
-
|
|
4
|
-
Defines model selection tiers, context window management heuristics,
|
|
5
|
-
and build troubleshooting steps. No platform-specific tool names or config paths.
|
|
6
|
-
-->
|
|
7
|
-
# Performance Optimization
|
|
8
|
-
|
|
9
|
-
## Model Selection Strategy
|
|
10
|
-
|
|
11
|
-
**Fast tier** (small/cheap models):
|
|
12
|
-
- Lightweight agents with frequent invocation
|
|
13
|
-
- Pair programming and code generation
|
|
14
|
-
- Worker agents in multi-agent systems
|
|
15
|
-
|
|
16
|
-
**Standard tier** (mid-range models):
|
|
17
|
-
- Main development work
|
|
18
|
-
- Orchestrating multi-agent workflows
|
|
19
|
-
- Complex coding tasks
|
|
20
|
-
|
|
21
|
-
**Reasoning tier** (large/frontier models):
|
|
22
|
-
- Complex architectural decisions
|
|
23
|
-
- Maximum reasoning requirements
|
|
24
|
-
- Research and analysis tasks
|
|
25
|
-
|
|
26
|
-
## Context Window Management
|
|
27
|
-
|
|
28
|
-
Avoid last 20% of context window for:
|
|
29
|
-
- Large-scale refactoring
|
|
30
|
-
- Feature implementation spanning multiple files
|
|
31
|
-
- Debugging complex interactions
|
|
32
|
-
|
|
33
|
-
Prefer this retrieval ladder before loading more context:
|
|
34
|
-
1. Targeted search to narrow candidate files
|
|
35
|
-
2. Targeted reads (aim for <400 lines)
|
|
36
|
-
3. Parallel reads for the minimum necessary file set
|
|
37
|
-
4. Summarize to a context artifact before broad re-exploration
|
|
38
|
-
|
|
39
|
-
Heuristics:
|
|
40
|
-
- Re-reading the same file multiple times without a state change is a retrieval smell.
|
|
41
|
-
- Large reads should be reserved for files where local structure matters more than symbol search.
|
|
42
|
-
- Use workflow/context artifacts as cached state instead of rediscovering background repeatedly.
|
|
43
|
-
|
|
44
|
-
Lower context sensitivity tasks:
|
|
45
|
-
- Single-file edits
|
|
46
|
-
- Independent utility creation
|
|
47
|
-
- Documentation updates
|
|
48
|
-
- Simple bug fixes
|
|
49
|
-
|
|
50
|
-
## Build Troubleshooting
|
|
51
|
-
|
|
52
|
-
If build fails:
|
|
53
|
-
1. Analyze error messages
|
|
54
|
-
2. Fix incrementally
|
|
55
|
-
3. Verify after each fix
|