@geraldmaron/construct 1.0.15 → 1.0.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -3
- package/bin/construct +376 -98
- package/bin/construct-postinstall.mjs +17 -2
- package/db/schema/010_cx_scores.sql +51 -0
- package/lib/cli-commands.mjs +333 -147
- package/lib/contracts/validate.mjs +20 -10
- package/lib/contracts/violation-log.mjs +27 -12
- package/lib/embedded-contract/audit.mjs +52 -0
- package/lib/embedded-contract/capability.mjs +179 -0
- package/lib/embedded-contract/contract-version.mjs +39 -0
- package/lib/embedded-contract/envelope.mjs +70 -0
- package/lib/embedded-contract/index.mjs +71 -0
- package/lib/embedded-contract/ingest.mjs +77 -0
- package/lib/embedded-contract/model-resolve.mjs +186 -0
- package/lib/embedded-contract/redaction.mjs +91 -0
- package/lib/embedded-contract/role-facts.mjs +66 -0
- package/lib/embedded-contract/triage.mjs +134 -0
- package/lib/embedded-contract/workflow-defs.mjs +125 -0
- package/lib/embedded-contract/workflow-invoke.mjs +218 -0
- package/lib/hooks/config-protection.mjs +12 -5
- package/lib/hooks/stop-notify.mjs +7 -0
- package/lib/init-unified.mjs +36 -26
- package/lib/install/first-invocation.mjs +5 -1
- package/lib/intake/classify.mjs +6 -0
- package/lib/intake/prepare.mjs +22 -4
- package/lib/intake/tables/rnd.mjs +33 -0
- package/lib/integrations/intake-integrations.mjs +28 -2
- package/lib/mcp/server.mjs +69 -0
- package/lib/mcp/tools/embedded-contract.mjs +77 -0
- package/lib/mcp/tools/telemetry.mjs +30 -0
- package/lib/model-router.mjs +40 -0
- package/lib/op-log.mjs +61 -0
- package/lib/orchestration-policy.mjs +15 -0
- package/lib/roles/catalog.mjs +26 -95
- package/lib/roles/gateway.mjs +30 -1
- package/lib/scheduler/index.mjs +24 -4
- package/lib/server/insights.mjs +12 -0
- package/lib/service-manager.mjs +33 -11
- package/lib/setup.mjs +73 -10
- package/lib/update.mjs +31 -3
- package/lib/upgrade.mjs +31 -4
- package/lib/validators/skills.mjs +21 -0
- package/package.json +9 -3
- package/personas/construct.md +2 -0
- package/platforms/claude/CLAUDE.md +43 -15
- package/scripts/sync-specialists.mjs +32 -5
- package/skills/ai/agent-dev.md +2 -0
- package/skills/ai/llm-security.md +2 -0
- package/skills/ai/ml-ops.md +2 -0
- package/skills/ai/orchestration-workflow.md +2 -0
- package/skills/ai/prompt-and-eval.md +2 -0
- package/skills/ai/prompt-optimizer.md +2 -0
- package/skills/ai/rag-system.md +2 -0
- package/skills/ai/trace-triage.md +36 -0
- package/skills/architecture/api-design.md +2 -0
- package/skills/architecture/caching.md +2 -0
- package/skills/architecture/cloud-native.md +2 -0
- package/skills/architecture/message-queue.md +2 -0
- package/skills/architecture/security-arch.md +2 -0
- package/skills/compliance/ai-disclosure.md +2 -0
- package/skills/compliance/data-privacy.md +2 -0
- package/skills/compliance/license-audit.md +2 -0
- package/skills/compliance/regulatory-review.md +2 -0
- package/skills/development/cpp.md +2 -0
- package/skills/development/go.md +2 -0
- package/skills/development/java.md +2 -0
- package/skills/development/kotlin.md +2 -0
- package/skills/development/mobile-crossplatform.md +2 -0
- package/skills/development/python.md +2 -0
- package/skills/development/rust.md +2 -0
- package/skills/development/shell.md +2 -0
- package/skills/development/swift.md +2 -0
- package/skills/development/typescript.md +2 -0
- package/skills/devops/ci-cd.md +2 -0
- package/skills/devops/containerization.md +2 -0
- package/skills/devops/cost-optimization.md +2 -0
- package/skills/devops/data-engineering.md +2 -0
- package/skills/devops/database.md +2 -0
- package/skills/devops/dependency-management.md +2 -0
- package/skills/devops/devsecops.md +2 -0
- package/skills/devops/git-workflow.md +2 -0
- package/skills/devops/incident-response.md +2 -0
- package/skills/devops/monorepo.md +2 -0
- package/skills/devops/observability.md +2 -0
- package/skills/devops/performance.md +2 -0
- package/skills/devops/testing.md +2 -0
- package/skills/docs/adr-workflow.md +2 -0
- package/skills/docs/backlog-proposal-workflow.md +2 -0
- package/skills/docs/customer-profile-workflow.md +2 -0
- package/skills/docs/document-ingest-workflow.md +2 -0
- package/skills/docs/evidence-ingest-workflow.md +2 -0
- package/skills/docs/init-docs.md +2 -0
- package/skills/docs/init-project.md +2 -0
- package/skills/docs/memo-and-decision-capture.md +45 -0
- package/skills/docs/prd-workflow.md +2 -0
- package/skills/docs/prfaq-workflow.md +2 -0
- package/skills/docs/product-intelligence-review.md +2 -0
- package/skills/docs/product-intelligence-workflow.md +2 -0
- package/skills/docs/product-signal-workflow.md +2 -0
- package/skills/docs/research-workflow.md +2 -0
- package/skills/docs/runbook-workflow.md +2 -0
- package/skills/docs/strategy-workflow.md +2 -0
- package/skills/docs/transcript-synthesis.md +43 -0
- package/skills/exploration/dependency-graph-reading.md +2 -0
- package/skills/exploration/repo-map.md +2 -0
- package/skills/exploration/tracer-bullet-method.md +2 -0
- package/skills/exploration/unknown-codebase-onboarding.md +2 -0
- package/skills/frameworks/django.md +2 -0
- package/skills/frameworks/nextjs.md +2 -0
- package/skills/frameworks/react.md +2 -0
- package/skills/frameworks/spring-boot.md +2 -0
- package/skills/frontend-design/accessibility.md +2 -0
- package/skills/frontend-design/component-patterns.md +2 -0
- package/skills/frontend-design/engineering.md +2 -0
- package/skills/frontend-design/screen-reader-testing.md +34 -0
- package/skills/frontend-design/state-management.md +2 -0
- package/skills/frontend-design/ui-aesthetics.md +2 -0
- package/skills/frontend-design/ux-principles.md +2 -0
- package/skills/operating/change-management.md +2 -0
- package/skills/operating/incident-response.md +2 -0
- package/skills/operating/oncall-rotation.md +2 -0
- package/skills/operating/orchestration-reference.md +2 -0
- package/skills/operating/raw-data-structuring.md +44 -0
- package/skills/operating/unstructured-triage.md +45 -0
- package/skills/quality-gates/premortem.md +37 -0
- package/skills/quality-gates/review-work.md +2 -0
- package/skills/quality-gates/verify-change.md +2 -0
- package/skills/quality-gates/verify-module.md +2 -0
- package/skills/quality-gates/verify-quality.md +2 -0
- package/skills/quality-gates/verify-security.md +2 -0
- package/skills/roles/architect.ai-systems.md +2 -0
- package/skills/roles/architect.data.md +2 -0
- package/skills/roles/architect.enterprise.md +2 -0
- package/skills/roles/architect.integration.md +2 -0
- package/skills/roles/architect.md +2 -0
- package/skills/roles/architect.platform.md +2 -0
- package/skills/roles/data-analyst.experiment.md +2 -0
- package/skills/roles/data-analyst.md +2 -0
- package/skills/roles/data-analyst.product-intelligence.md +2 -0
- package/skills/roles/data-analyst.product.md +2 -0
- package/skills/roles/data-analyst.telemetry.md +2 -0
- package/skills/roles/data-engineer.pipeline.md +2 -0
- package/skills/roles/data-engineer.vector-retrieval.md +2 -0
- package/skills/roles/data-engineer.warehouse.md +2 -0
- package/skills/roles/debugger.md +2 -0
- package/skills/roles/designer.accessibility.md +2 -0
- package/skills/roles/designer.md +2 -0
- package/skills/roles/engineer.ai.md +2 -0
- package/skills/roles/engineer.data.md +2 -0
- package/skills/roles/engineer.md +2 -0
- package/skills/roles/engineer.platform.md +2 -0
- package/skills/roles/operator.docs.md +2 -0
- package/skills/roles/operator.md +2 -0
- package/skills/roles/operator.release.md +2 -0
- package/skills/roles/operator.sre.md +2 -0
- package/skills/roles/orchestrator.md +2 -0
- package/skills/roles/product-manager.ai-product.md +2 -0
- package/skills/roles/product-manager.business-strategy.md +2 -0
- package/skills/roles/product-manager.enterprise.md +2 -0
- package/skills/roles/product-manager.growth.md +2 -0
- package/skills/roles/product-manager.md +2 -0
- package/skills/roles/product-manager.platform.md +2 -0
- package/skills/roles/product-manager.product.md +2 -0
- package/skills/roles/qa.ai-eval.md +2 -0
- package/skills/roles/qa.api-contract.md +2 -0
- package/skills/roles/qa.data-pipeline.md +2 -0
- package/skills/roles/qa.md +2 -0
- package/skills/roles/qa.test-automation.md +2 -0
- package/skills/roles/qa.web-ui.md +2 -0
- package/skills/roles/researcher.explorer.md +2 -0
- package/skills/roles/researcher.md +2 -0
- package/skills/roles/researcher.ux.md +2 -0
- package/skills/roles/reviewer.devil-advocate.md +2 -0
- package/skills/roles/reviewer.evaluator.md +2 -0
- package/skills/roles/reviewer.md +2 -0
- package/skills/roles/reviewer.trace.md +2 -0
- package/skills/roles/security.ai.md +2 -0
- package/skills/roles/security.appsec.md +2 -0
- package/skills/roles/security.cloud.md +2 -0
- package/skills/roles/security.legal-compliance.md +2 -0
- package/skills/roles/security.md +2 -0
- package/skills/roles/security.privacy.md +2 -0
- package/skills/roles/security.supply-chain.md +2 -0
- package/skills/security/blue-team.md +2 -0
- package/skills/security/code-audit.md +2 -0
- package/skills/security/pentest.md +2 -0
- package/skills/security/red-team.md +2 -0
- package/skills/security/threat-intel.md +2 -0
- package/skills/security/vuln-research.md +2 -0
- package/skills/strategy/competitive-landscape.md +2 -0
- package/skills/strategy/jobs-to-be-done.md +38 -0
- package/skills/strategy/market-research-methods.md +2 -0
- package/skills/strategy/narrative-arc.md +2 -0
- package/skills/strategy/pricing-positioning.md +2 -0
- package/skills/utility/clean-code.md +2 -0
- package/specialists/prompts/cx-engineer.md +1 -1
- package/specialists/registry.json +18 -9
- package/specialists/role-manifests.json +1 -1
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-orchestrator
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Orchestrator role. Use when reviewing or generating work by cx-orchestrator, or when an agent is acting in the Orchestrator role.
|
|
4
|
+
inputs: [task-context, request]
|
|
5
|
+
artifactType: role-guidance
|
|
4
6
|
role: orchestrator
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-orchestrator
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager-ai-product
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager — AI Product role. Use when reviewing or generating work by cx-product-manager, or when an agent is acting in the Product Manager — AI Product role.
|
|
4
|
+
inputs: [prd, eval-criteria]
|
|
5
|
+
artifactType: role-guidance
|
|
4
6
|
role: product-manager.ai-product
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-product-manager
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager-business-strategy
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager — Business Strategy role. Use when reviewing or generating work by cx-business-strategist, or when an agent is acting in the Product Manager — Business Strategy role.
|
|
4
|
+
inputs: [strategy-doc, competitive-analysis]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: product-manager.business-strategy
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-business-strategist
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager-enterprise
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager — Enterprise role. Use when reviewing or generating work by cx-product-manager, or when an agent is acting in the Product Manager — Enterprise role.
|
|
4
|
+
inputs: [prd, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: product-manager.enterprise
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-product-manager
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager-growth
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager — Growth role. Use when reviewing or generating work by cx-product-manager, cx-business-strategist, or when an agent is acting in the Product Manager — Growth role.
|
|
4
|
+
inputs: [prd, growth-metrics]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: product-manager.growth
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-product-manager
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager role. Use when reviewing or generating work by cx-product-manager, cx-business-strategist, or when an agent is acting in the Product Manager role.
|
|
4
|
+
inputs: [prd, user-evidence]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: product-manager
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-product-manager
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager-platform
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager — Platform role. Use when reviewing or generating work by cx-product-manager, or when an agent is acting in the Product Manager — Platform role.
|
|
4
|
+
inputs: [prd, api-spec]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: product-manager.platform
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-product-manager
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-product-manager-product
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Product Manager — Product role. Use when reviewing or generating work by cx-product-manager, or when an agent is acting in the Product Manager — Product role.
|
|
4
|
+
inputs: [prd, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: product-manager.product
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-product-manager
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-qa-ai-eval
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the QA — AI Eval role. Use when reviewing or generating work by cx-qa, cx-test-automation, cx-evaluator, or when an agent is acting in the QA — AI Eval role.
|
|
4
|
+
inputs: [eval-set, model-output]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: qa.ai-eval
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-qa
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-qa-api-contract
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the QA — API Contract role. Use when reviewing or generating work by cx-qa, cx-test-automation, or when an agent is acting in the QA — API Contract role.
|
|
4
|
+
inputs: [api-spec, test-suite]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: qa.api-contract
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-qa
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-qa-data-pipeline
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the QA — Data Pipeline role. Use when reviewing or generating work by cx-qa, cx-test-automation, or when an agent is acting in the QA — Data Pipeline role.
|
|
4
|
+
inputs: [pipeline, test-suite]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: qa.data-pipeline
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-qa
|
package/skills/roles/qa.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-qa
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the QA role. Use when reviewing or generating work by cx-qa, cx-test-automation, or when an agent is acting in the QA role.
|
|
4
|
+
inputs: [test-suite, code-diff]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: qa
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-qa
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-qa-test-automation
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the QA — Test Automation role. Use when reviewing or generating work by cx-test-automation, or when an agent is acting in the QA — Test Automation role.
|
|
4
|
+
inputs: [test-suite, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: qa.test-automation
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-test-automation
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-qa-web-ui
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the QA — Web UI role. Use when reviewing or generating work by cx-qa, cx-test-automation, or when an agent is acting in the QA — Web UI role.
|
|
4
|
+
inputs: [test-suite, ui]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: qa.web-ui
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-qa
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-researcher-explorer
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Researcher — Explorer role. Use when reviewing or generating work by cx-explorer, or when an agent is acting in the Researcher — Explorer role.
|
|
4
|
+
inputs: [repo, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: researcher.explorer
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-explorer
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-researcher
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Researcher role. Use when reviewing or generating work by cx-researcher, cx-ux-researcher, cx-explorer, or when an agent is acting in the Researcher role.
|
|
4
|
+
inputs: [research-question, sources]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: researcher
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-researcher
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-researcher-ux
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Researcher — UX role. Use when reviewing or generating work by cx-ux-researcher, or when an agent is acting in the Researcher — UX role.
|
|
4
|
+
inputs: [user-research, interview-data]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: researcher.ux
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-ux-researcher
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-reviewer-devil-advocate
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer — Devil Advocate role. Use when reviewing or generating work by cx-devil-advocate, or when an agent is acting in the Reviewer — Devil Advocate role.
|
|
4
|
+
inputs: [plan, proposal]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: reviewer.devil-advocate
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-devil-advocate
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-reviewer-evaluator
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer — Evaluator role. Use when reviewing or generating work by cx-evaluator, or when an agent is acting in the Reviewer — Evaluator role.
|
|
4
|
+
inputs: [model-output, eval-set]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: reviewer.evaluator
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-evaluator
|
package/skills/roles/reviewer.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-reviewer
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer role. Use when reviewing or generating work by cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer, or when an agent is acting in the Reviewer role.
|
|
4
|
+
inputs: [code-diff, pull-request]
|
|
5
|
+
artifactType: review-report
|
|
4
6
|
role: reviewer
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-reviewer
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-reviewer-trace
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Reviewer — Trace role. Use when reviewing or generating work by cx-trace-reviewer, or when an agent is acting in the Reviewer — Trace role.
|
|
4
|
+
inputs: [trace, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: reviewer.trace
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-trace-reviewer
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security-ai
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — AI role. Use when reviewing or generating work by cx-security, cx-ai-engineer, or when an agent is acting in the Security — AI role.
|
|
4
|
+
inputs: [ai-system, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security.ai
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-security
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security-appsec
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Appsec role. Use when reviewing or generating work by cx-security, or when an agent is acting in the Security — Appsec role.
|
|
4
|
+
inputs: [code-diff, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security.appsec
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-security
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security-cloud
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Cloud role. Use when reviewing or generating work by cx-security, or when an agent is acting in the Security — Cloud role.
|
|
4
|
+
inputs: [cloud-config, iam-policy]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security.cloud
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-security
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security-legal-compliance
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Legal Compliance role. Use when reviewing or generating work by cx-legal-compliance, or when an agent is acting in the Security — Legal Compliance role.
|
|
4
|
+
inputs: [policy, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security.legal-compliance
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-legal-compliance
|
package/skills/roles/security.md
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security role. Use when reviewing or generating work by cx-security, cx-legal-compliance, or when an agent is acting in the Security role.
|
|
4
|
+
inputs: [code-diff, threat-model]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-security
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security-privacy
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Privacy role. Use when reviewing or generating work by cx-security, cx-legal-compliance, or when an agent is acting in the Security — Privacy role.
|
|
4
|
+
inputs: [data-flow, task-context]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security.privacy
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-security
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: roles-security-supply-chain
|
|
3
3
|
description: Surfaces anti-patterns, failure modes, and counter-moves specific to the Security — Supply Chain role. Use when reviewing or generating work by cx-security, cx-platform-engineer, or when an agent is acting in the Security — Supply Chain role.
|
|
4
|
+
inputs: [dependencies, ci-config]
|
|
5
|
+
artifactType: guidance
|
|
4
6
|
role: security.supply-chain
|
|
5
7
|
applies_to:
|
|
6
8
|
- cx-security
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: strategy-competitive-landscape
|
|
3
3
|
description: Use when the team needs a structured read on market positioning before committing direction.
|
|
4
|
+
inputs: [competitor-data, market-signals]
|
|
5
|
+
artifactType: competitive-analysis
|
|
4
6
|
---
|
|
5
7
|
# Competitive Landscape Analysis
|
|
6
8
|
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: strategy-jobs-to-be-done
|
|
3
|
+
description: "Use when: user research needs to uncover the job a user is hiring a product to do — the underlying progress they seek — rather than feature requests or stated preferences."
|
|
4
|
+
inputs: [user-signals-or-interviews]
|
|
5
|
+
artifactType: jtbd-summary
|
|
6
|
+
---
|
|
7
|
+
# Jobs To Be Done
|
|
8
|
+
|
|
9
|
+
Use this skill when user research needs to surface the underlying job a user is trying to get done, not the features they ask for.
|
|
10
|
+
|
|
11
|
+
Users describe solutions ("add a dark mode"); the job is the progress they're trying to make and the context that triggers it. Building to stated features without the job produces local optima nobody hires.
|
|
12
|
+
|
|
13
|
+
## Steps
|
|
14
|
+
|
|
15
|
+
1. **Anchor on a real episode**, not a hypothetical. "Tell me about the last time you…" — recent, specific, remembered.
|
|
16
|
+
2. **Trace the timeline**: the trigger (what changed that made them act), the struggle with the current approach, what they tried, and the outcome they were after.
|
|
17
|
+
3. **Separate the job from the solution.** "I want X feature" → ask "what would X let you do that you can't now?" Keep climbing until you reach a stable goal that doesn't reference your product.
|
|
18
|
+
4. **Capture the forces**: push (problems with the status quo), pull (attraction of a new way), and anxieties/habits that hold them back. Adoption is decided by these four forces.
|
|
19
|
+
5. **Watch for non-consumption**: people who have the job but use nothing, or a manual workaround — often the clearest signal of the job.
|
|
20
|
+
6. **State the job** as `When <situation>, I want to <motivation>, so I can <expected outcome>` — sourced to the episodes, not invented.
|
|
21
|
+
|
|
22
|
+
## Output shape
|
|
23
|
+
|
|
24
|
+
```
|
|
25
|
+
## Job statement(s)
|
|
26
|
+
- When <situation>, I want to <motivation>, so I can <outcome> — evidence: <episode refs>
|
|
27
|
+
|
|
28
|
+
## Forces
|
|
29
|
+
- push: … · pull: … · anxiety: … · habit: …
|
|
30
|
+
|
|
31
|
+
## Non-consumption / workarounds observed
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
## Verification bar
|
|
35
|
+
|
|
36
|
+
- Each job statement traces to a specific recounted episode, not a generalization or an assumption about "users".
|
|
37
|
+
- Solution language ("add X") is climbed back to the underlying job, not recorded as the job.
|
|
38
|
+
- Forces and non-consumption come from what was observed/said, labeled where inferred.
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: strategy-market-research-methods
|
|
3
3
|
description: Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
|
|
4
|
+
inputs: [market-signals, user-signals]
|
|
5
|
+
artifactType: market-brief
|
|
4
6
|
---
|
|
5
7
|
# Market Research Methods
|
|
6
8
|
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: strategy-narrative-arc
|
|
3
3
|
description: Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
|
|
4
|
+
inputs: [market-signals, user-signals]
|
|
5
|
+
artifactType: positioning
|
|
4
6
|
---
|
|
5
7
|
# Strategic Narrative Construction
|
|
6
8
|
|
|
@@ -44,7 +44,7 @@ Construct may dispatch you in response to a `handoff.received`, `incident.handof
|
|
|
44
44
|
**Fence (declared in specialists/role-manifests.json → engineer):**
|
|
45
45
|
- Allowed paths: `lib/**`, `bin/**`, `src/**`, `app/**`, `tests/**`, `docs/**`
|
|
46
46
|
- Allowed bd labels: `bug`, `feature`, `task`, `engineering`, `fix`
|
|
47
|
-
- Approval required: any commit, any push, any edit to protected files (`specialists/registry.json`, `
|
|
47
|
+
- Approval required: any commit, any push, any edit to protected files (`specialists/registry.json`, `lib/setup.mjs`, `claude/settings.template.json`)
|
|
48
48
|
|
|
49
49
|
You may edit production code, write tests, and run verification freely inside your fence. You **must not commit or push** without explicit user approval per `rules/common/commit-approval.md`. Stage edits, run verification, and stop.
|
|
50
50
|
|
|
@@ -50,7 +50,8 @@
|
|
|
50
50
|
"skills": [
|
|
51
51
|
"ai/orchestration-workflow",
|
|
52
52
|
"operating/orchestration-reference",
|
|
53
|
-
"operating/change-management"
|
|
53
|
+
"operating/change-management",
|
|
54
|
+
"operating/unstructured-triage"
|
|
54
55
|
],
|
|
55
56
|
"perspective": {
|
|
56
57
|
"bias": "Over-routing to cx-engineer, false simplicity, plans where every task runs in parallel",
|
|
@@ -200,7 +201,8 @@
|
|
|
200
201
|
]
|
|
201
202
|
},
|
|
202
203
|
"skills": [
|
|
203
|
-
"docs/research-workflow"
|
|
204
|
+
"docs/research-workflow",
|
|
205
|
+
"strategy/jobs-to-be-done"
|
|
204
206
|
],
|
|
205
207
|
"perspective": {
|
|
206
208
|
"bias": "Ideal-user personas, invisible friction, 'users will figure it out'",
|
|
@@ -291,7 +293,8 @@
|
|
|
291
293
|
},
|
|
292
294
|
"skills": [
|
|
293
295
|
"docs/research-workflow",
|
|
294
|
-
"devops/dependency-management"
|
|
296
|
+
"devops/dependency-management",
|
|
297
|
+
"docs/transcript-synthesis"
|
|
295
298
|
],
|
|
296
299
|
"perspective": {
|
|
297
300
|
"bias": "Undated sources, version-specific claims without citation, blog posts treated as authoritative",
|
|
@@ -389,7 +392,8 @@
|
|
|
389
392
|
},
|
|
390
393
|
"skills": [
|
|
391
394
|
"devops/observability",
|
|
392
|
-
"devops/database"
|
|
395
|
+
"devops/database",
|
|
396
|
+
"operating/raw-data-structuring"
|
|
393
397
|
],
|
|
394
398
|
"perspective": {
|
|
395
399
|
"bias": "Vanity metrics, post-hoc success definitions, averages that hide distributions",
|
|
@@ -645,7 +649,8 @@
|
|
|
645
649
|
]
|
|
646
650
|
},
|
|
647
651
|
"skills": [
|
|
648
|
-
"quality-gates/review-work"
|
|
652
|
+
"quality-gates/review-work",
|
|
653
|
+
"quality-gates/premortem"
|
|
649
654
|
],
|
|
650
655
|
"perspective": {
|
|
651
656
|
"bias": "Plans that are too elegant, 'unlikely' failure modes, scope drift with stable acceptance criteria",
|
|
@@ -1094,7 +1099,8 @@
|
|
|
1094
1099
|
"skills": [
|
|
1095
1100
|
"docs/adr-workflow",
|
|
1096
1101
|
"docs/runbook-workflow",
|
|
1097
|
-
"docs/init-docs"
|
|
1102
|
+
"docs/init-docs",
|
|
1103
|
+
"docs/memo-and-decision-capture"
|
|
1098
1104
|
],
|
|
1099
1105
|
"perspective": {
|
|
1100
1106
|
"bias": "Completed work with no context update, decisions 'everyone understands' but nobody wrote down",
|
|
@@ -1193,7 +1199,8 @@
|
|
|
1193
1199
|
]
|
|
1194
1200
|
},
|
|
1195
1201
|
"skills": [
|
|
1196
|
-
"frontend-design/accessibility"
|
|
1202
|
+
"frontend-design/accessibility",
|
|
1203
|
+
"frontend-design/screen-reader-testing"
|
|
1197
1204
|
],
|
|
1198
1205
|
"perspective": {
|
|
1199
1206
|
"bias": "ARIA added to pass audits, keyboard navigation never tested, contrast that 'looks fine' but fails the spec",
|
|
@@ -1280,7 +1287,8 @@
|
|
|
1280
1287
|
]
|
|
1281
1288
|
},
|
|
1282
1289
|
"skills": [
|
|
1283
|
-
"ai/prompt-optimizer"
|
|
1290
|
+
"ai/prompt-optimizer",
|
|
1291
|
+
"ai/trace-triage"
|
|
1284
1292
|
],
|
|
1285
1293
|
"perspective": {
|
|
1286
1294
|
"bias": "Stable-looking medians hiding variance, trace analyses looking only at successes, promotions on too few traces",
|
|
@@ -1322,7 +1330,8 @@
|
|
|
1322
1330
|
"skills": [
|
|
1323
1331
|
"devops/data-engineering",
|
|
1324
1332
|
"devops/database",
|
|
1325
|
-
"devops/observability"
|
|
1333
|
+
"devops/observability",
|
|
1334
|
+
"operating/raw-data-structuring"
|
|
1326
1335
|
],
|
|
1327
1336
|
"perspective": {
|
|
1328
1337
|
"bias": "Non-idempotent pipelines, unwritten data contracts, quality gates added after the first corruption incident",
|
|
@@ -73,7 +73,7 @@
|
|
|
73
73
|
"allowedPaths": ["lib/**", "bin/**", "src/**", "app/**", "tests/**", "docs/**"],
|
|
74
74
|
"allowedBdLabels": ["bug", "feature", "task", "engineering", "fix"],
|
|
75
75
|
"allowedCommands": ["bd create", "bd note", "bd update", "bd link", "bd label", "bd close", "node", "npm", "git status", "git diff", "git log"],
|
|
76
|
-
"approvalRequired": ["commit", "push", "edit:specialists/registry.json", "edit:
|
|
76
|
+
"approvalRequired": ["commit", "push", "edit:specialists/registry.json", "edit:lib/setup.mjs", "edit:claude/settings.template.json"]
|
|
77
77
|
},
|
|
78
78
|
"outputs": {
|
|
79
79
|
"bdLabels": ["engineering", "fix"],
|