@geraldmaron/construct 1.0.16 → 1.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (191) hide show
  1. package/README.md +4 -1
  2. package/bin/construct +236 -21
  3. package/bin/construct-postinstall.mjs +17 -2
  4. package/commands/design/flow.md +2 -0
  5. package/commands/design/ui.md +2 -0
  6. package/lib/cli-commands.mjs +65 -13
  7. package/lib/embed/semantic.mjs +5 -3
  8. package/lib/embedded-contract/audit.mjs +52 -0
  9. package/lib/embedded-contract/capability.mjs +179 -0
  10. package/lib/embedded-contract/contract-version.mjs +39 -0
  11. package/lib/embedded-contract/envelope.mjs +70 -0
  12. package/lib/embedded-contract/index.mjs +71 -0
  13. package/lib/embedded-contract/ingest.mjs +77 -0
  14. package/lib/embedded-contract/model-resolve.mjs +186 -0
  15. package/lib/embedded-contract/redaction.mjs +91 -0
  16. package/lib/embedded-contract/role-facts.mjs +66 -0
  17. package/lib/embedded-contract/triage.mjs +134 -0
  18. package/lib/embedded-contract/workflow-defs.mjs +125 -0
  19. package/lib/embedded-contract/workflow-invoke.mjs +218 -0
  20. package/lib/hooks/config-protection.mjs +12 -5
  21. package/lib/init-unified.mjs +36 -26
  22. package/lib/intake/classify.mjs +6 -0
  23. package/lib/intake/tables/rnd.mjs +33 -0
  24. package/lib/mcp/server.mjs +69 -0
  25. package/lib/mcp/tools/embedded-contract.mjs +77 -0
  26. package/lib/model-router.mjs +40 -0
  27. package/lib/op-log.mjs +61 -0
  28. package/lib/roles/catalog.mjs +26 -95
  29. package/lib/service-manager.mjs +33 -11
  30. package/lib/setup.mjs +21 -3
  31. package/lib/validators/skills.mjs +21 -0
  32. package/package.json +12 -7
  33. package/scripts/sync-specialists.mjs +12 -3
  34. package/skills/ai/agent-dev.md +2 -0
  35. package/skills/ai/llm-security.md +2 -0
  36. package/skills/ai/ml-ops.md +2 -0
  37. package/skills/ai/orchestration-workflow.md +2 -0
  38. package/skills/ai/prompt-and-eval.md +2 -0
  39. package/skills/ai/prompt-optimizer.md +2 -0
  40. package/skills/ai/rag-system.md +2 -0
  41. package/skills/ai/trace-triage.md +36 -0
  42. package/skills/architecture/api-design.md +2 -0
  43. package/skills/architecture/caching.md +2 -0
  44. package/skills/architecture/cloud-native.md +2 -0
  45. package/skills/architecture/message-queue.md +2 -0
  46. package/skills/architecture/security-arch.md +2 -0
  47. package/skills/compliance/ai-disclosure.md +2 -0
  48. package/skills/compliance/data-privacy.md +2 -0
  49. package/skills/compliance/license-audit.md +2 -0
  50. package/skills/compliance/regulatory-review.md +2 -0
  51. package/skills/development/cpp.md +2 -0
  52. package/skills/development/go.md +2 -0
  53. package/skills/development/java.md +2 -0
  54. package/skills/development/kotlin.md +2 -0
  55. package/skills/development/mobile-crossplatform.md +2 -0
  56. package/skills/development/python.md +2 -0
  57. package/skills/development/rust.md +2 -0
  58. package/skills/development/shell.md +2 -0
  59. package/skills/development/swift.md +2 -0
  60. package/skills/development/typescript.md +2 -0
  61. package/skills/devops/ci-cd.md +2 -0
  62. package/skills/devops/containerization.md +2 -0
  63. package/skills/devops/cost-optimization.md +2 -0
  64. package/skills/devops/data-engineering.md +2 -0
  65. package/skills/devops/database.md +2 -0
  66. package/skills/devops/dependency-management.md +2 -0
  67. package/skills/devops/devsecops.md +2 -0
  68. package/skills/devops/git-workflow.md +2 -0
  69. package/skills/devops/incident-response.md +2 -0
  70. package/skills/devops/monorepo.md +2 -0
  71. package/skills/devops/observability.md +2 -0
  72. package/skills/devops/performance.md +2 -0
  73. package/skills/devops/testing.md +2 -0
  74. package/skills/docs/adr-workflow.md +2 -0
  75. package/skills/docs/backlog-proposal-workflow.md +2 -0
  76. package/skills/docs/customer-profile-workflow.md +2 -0
  77. package/skills/docs/document-ingest-workflow.md +2 -0
  78. package/skills/docs/evidence-ingest-workflow.md +2 -0
  79. package/skills/docs/init-docs.md +2 -0
  80. package/skills/docs/init-project.md +2 -0
  81. package/skills/docs/memo-and-decision-capture.md +45 -0
  82. package/skills/docs/prd-workflow.md +2 -0
  83. package/skills/docs/prfaq-workflow.md +2 -0
  84. package/skills/docs/product-intelligence-review.md +2 -0
  85. package/skills/docs/product-intelligence-workflow.md +2 -0
  86. package/skills/docs/product-signal-workflow.md +2 -0
  87. package/skills/docs/research-workflow.md +2 -0
  88. package/skills/docs/runbook-workflow.md +2 -0
  89. package/skills/docs/strategy-workflow.md +2 -0
  90. package/skills/docs/transcript-synthesis.md +43 -0
  91. package/skills/exploration/dependency-graph-reading.md +2 -0
  92. package/skills/exploration/repo-map.md +2 -0
  93. package/skills/exploration/tracer-bullet-method.md +2 -0
  94. package/skills/exploration/unknown-codebase-onboarding.md +2 -0
  95. package/skills/frameworks/django.md +2 -0
  96. package/skills/frameworks/nextjs.md +2 -0
  97. package/skills/frameworks/react.md +2 -0
  98. package/skills/frameworks/spring-boot.md +2 -0
  99. package/skills/frontend-design/accessibility.md +2 -0
  100. package/skills/frontend-design/component-patterns.md +2 -0
  101. package/skills/frontend-design/engineering.md +2 -0
  102. package/skills/frontend-design/screen-reader-testing.md +34 -0
  103. package/skills/frontend-design/state-management.md +2 -0
  104. package/skills/frontend-design/ui-aesthetics.md +2 -0
  105. package/skills/frontend-design/ux-principles.md +2 -0
  106. package/skills/operating/change-management.md +2 -0
  107. package/skills/operating/incident-response.md +2 -0
  108. package/skills/operating/oncall-rotation.md +2 -0
  109. package/skills/operating/orchestration-reference.md +2 -0
  110. package/skills/operating/raw-data-structuring.md +44 -0
  111. package/skills/operating/unstructured-triage.md +45 -0
  112. package/skills/quality-gates/premortem.md +37 -0
  113. package/skills/quality-gates/review-work.md +2 -0
  114. package/skills/quality-gates/verify-change.md +2 -0
  115. package/skills/quality-gates/verify-module.md +2 -0
  116. package/skills/quality-gates/verify-quality.md +2 -0
  117. package/skills/quality-gates/verify-security.md +2 -0
  118. package/skills/roles/architect.ai-systems.md +2 -0
  119. package/skills/roles/architect.data.md +2 -0
  120. package/skills/roles/architect.enterprise.md +2 -0
  121. package/skills/roles/architect.integration.md +2 -0
  122. package/skills/roles/architect.md +2 -0
  123. package/skills/roles/architect.platform.md +2 -0
  124. package/skills/roles/data-analyst.experiment.md +2 -0
  125. package/skills/roles/data-analyst.md +2 -0
  126. package/skills/roles/data-analyst.product-intelligence.md +2 -0
  127. package/skills/roles/data-analyst.product.md +2 -0
  128. package/skills/roles/data-analyst.telemetry.md +2 -0
  129. package/skills/roles/data-engineer.pipeline.md +2 -0
  130. package/skills/roles/data-engineer.vector-retrieval.md +2 -0
  131. package/skills/roles/data-engineer.warehouse.md +2 -0
  132. package/skills/roles/debugger.md +2 -0
  133. package/skills/roles/designer.accessibility.md +2 -0
  134. package/skills/roles/designer.md +2 -0
  135. package/skills/roles/engineer.ai.md +2 -0
  136. package/skills/roles/engineer.data.md +2 -0
  137. package/skills/roles/engineer.md +2 -0
  138. package/skills/roles/engineer.platform.md +2 -0
  139. package/skills/roles/operator.docs.md +2 -0
  140. package/skills/roles/operator.md +2 -0
  141. package/skills/roles/operator.release.md +2 -0
  142. package/skills/roles/operator.sre.md +2 -0
  143. package/skills/roles/orchestrator.md +2 -0
  144. package/skills/roles/product-manager.ai-product.md +2 -0
  145. package/skills/roles/product-manager.business-strategy.md +2 -0
  146. package/skills/roles/product-manager.enterprise.md +2 -0
  147. package/skills/roles/product-manager.growth.md +2 -0
  148. package/skills/roles/product-manager.md +2 -0
  149. package/skills/roles/product-manager.platform.md +2 -0
  150. package/skills/roles/product-manager.product.md +2 -0
  151. package/skills/roles/qa.ai-eval.md +2 -0
  152. package/skills/roles/qa.api-contract.md +2 -0
  153. package/skills/roles/qa.data-pipeline.md +2 -0
  154. package/skills/roles/qa.md +2 -0
  155. package/skills/roles/qa.test-automation.md +2 -0
  156. package/skills/roles/qa.web-ui.md +2 -0
  157. package/skills/roles/researcher.explorer.md +2 -0
  158. package/skills/roles/researcher.md +2 -0
  159. package/skills/roles/researcher.ux.md +2 -0
  160. package/skills/roles/reviewer.devil-advocate.md +2 -0
  161. package/skills/roles/reviewer.evaluator.md +2 -0
  162. package/skills/roles/reviewer.md +2 -0
  163. package/skills/roles/reviewer.trace.md +2 -0
  164. package/skills/roles/security.ai.md +2 -0
  165. package/skills/roles/security.appsec.md +2 -0
  166. package/skills/roles/security.cloud.md +2 -0
  167. package/skills/roles/security.legal-compliance.md +2 -0
  168. package/skills/roles/security.md +2 -0
  169. package/skills/roles/security.privacy.md +2 -0
  170. package/skills/roles/security.supply-chain.md +2 -0
  171. package/skills/security/blue-team.md +2 -0
  172. package/skills/security/code-audit.md +2 -0
  173. package/skills/security/pentest.md +2 -0
  174. package/skills/security/red-team.md +2 -0
  175. package/skills/security/threat-intel.md +2 -0
  176. package/skills/security/vuln-research.md +2 -0
  177. package/skills/strategy/competitive-landscape.md +2 -0
  178. package/skills/strategy/jobs-to-be-done.md +38 -0
  179. package/skills/strategy/market-research-methods.md +2 -0
  180. package/skills/strategy/narrative-arc.md +2 -0
  181. package/skills/strategy/pricing-positioning.md +2 -0
  182. package/skills/utility/clean-code.md +2 -0
  183. package/specialists/prompts/cx-architect.md +1 -0
  184. package/specialists/prompts/cx-designer.md +1 -1
  185. package/specialists/prompts/cx-engineer.md +1 -1
  186. package/specialists/prompts/cx-operations.md +1 -0
  187. package/specialists/prompts/cx-rd-lead.md +1 -0
  188. package/specialists/prompts/cx-sre.md +1 -0
  189. package/specialists/registry.json +20 -11
  190. package/specialists/role-manifests.json +1 -1
  191. package/templates/docs/test-plan.md +96 -0
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: security-blue-team
3
3
  description: Use this skill when defending systems, responding to incidents, or building detection and monitoring capabilities.
4
+ inputs: [system-design]
5
+ artifactType: guidance
4
6
  ---
5
7
  # Blue Team
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: security-code-audit
3
3
  description: Use this skill when reviewing source code for security vulnerabilities through static analysis.
4
+ inputs: [code]
5
+ artifactType: vulnerability-report
4
6
  ---
5
7
  # Code Audit
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: security-pentest
3
3
  description: Use this skill when testing web applications or APIs for security vulnerabilities.
4
+ inputs: [system-design, binary]
5
+ artifactType: pentest-report
4
6
  ---
5
7
  # Penetration Testing
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: security-red-team
3
3
  description: Use this skill when planning or executing offensive security assessments, adversary emulation, or attack simulations.
4
+ inputs: [system-design, binary]
5
+ artifactType: pentest-report
4
6
  ---
5
7
  # Red Team
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: security-threat-intel
3
3
  description: Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
4
+ inputs: [system-design]
5
+ artifactType: threat-model
4
6
  ---
5
7
  # Threat Intelligence
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: security-vuln-research
3
3
  description: Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
4
+ inputs: [target-binary-or-software]
5
+ artifactType: vulnerability-report
4
6
  ---
5
7
  # Vulnerability Research
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: strategy-competitive-landscape
3
3
  description: Use when the team needs a structured read on market positioning before committing direction.
4
+ inputs: [competitor-data, market-signals]
5
+ artifactType: competitive-analysis
4
6
  ---
5
7
  # Competitive Landscape Analysis
6
8
 
@@ -0,0 +1,38 @@
1
+ ---
2
+ name: strategy-jobs-to-be-done
3
+ description: "Use when: user research needs to uncover the job a user is hiring a product to do — the underlying progress they seek — rather than feature requests or stated preferences."
4
+ inputs: [user-signals-or-interviews]
5
+ artifactType: jtbd-summary
6
+ ---
7
+ # Jobs To Be Done
8
+
9
+ Use this skill when user research needs to surface the underlying job a user is trying to get done, not the features they ask for.
10
+
11
+ Users describe solutions ("add a dark mode"); the job is the progress they're trying to make and the context that triggers it. Building to stated features without the job produces local optima nobody hires.
12
+
13
+ ## Steps
14
+
15
+ 1. **Anchor on a real episode**, not a hypothetical. "Tell me about the last time you…" — recent, specific, remembered.
16
+ 2. **Trace the timeline**: the trigger (what changed that made them act), the struggle with the current approach, what they tried, and the outcome they were after.
17
+ 3. **Separate the job from the solution.** "I want X feature" → ask "what would X let you do that you can't now?" Keep climbing until you reach a stable goal that doesn't reference your product.
18
+ 4. **Capture the forces**: push (problems with the status quo), pull (attraction of a new way), and anxieties/habits that hold them back. Adoption is decided by these four forces.
19
+ 5. **Watch for non-consumption**: people who have the job but use nothing, or a manual workaround — often the clearest signal of the job.
20
+ 6. **State the job** as `When <situation>, I want to <motivation>, so I can <expected outcome>` — sourced to the episodes, not invented.
21
+
22
+ ## Output shape
23
+
24
+ ```
25
+ ## Job statement(s)
26
+ - When <situation>, I want to <motivation>, so I can <outcome> — evidence: <episode refs>
27
+
28
+ ## Forces
29
+ - push: … · pull: … · anxiety: … · habit: …
30
+
31
+ ## Non-consumption / workarounds observed
32
+ ```
33
+
34
+ ## Verification bar
35
+
36
+ - Each job statement traces to a specific recounted episode, not a generalization or an assumption about "users".
37
+ - Solution language ("add X") is climbed back to the underlying job, not recorded as the job.
38
+ - Forces and non-consumption come from what was observed/said, labeled where inferred.
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: strategy-market-research-methods
3
3
  description: Use when the team needs to validate assumptions before committing resources, or when a decision is being made on vibes rather than signal.
4
+ inputs: [market-signals, user-signals]
5
+ artifactType: market-brief
4
6
  ---
5
7
  # Market Research Methods
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: strategy-narrative-arc
3
3
  description: Use when the argument must move people, not just inform them. Strategic narrative is the difference between a document that gets read and one that changes what people do.
4
+ inputs: [market-signals, user-signals]
5
+ artifactType: positioning
4
6
  ---
5
7
  # Strategic Narrative Construction
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: strategy-pricing-positioning
3
3
  description: Use when the team needs to set price, adjust positioning, or defend either to stakeholders.
4
+ inputs: [market-signals, competitor-data]
5
+ artifactType: positioning
4
6
  ---
5
7
  # Pricing and Positioning
6
8
 
@@ -1,6 +1,8 @@
1
1
  ---
2
2
  name: utility-clean-code
3
3
  description: Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
4
+ inputs: [code]
5
+ artifactType: refactor
4
6
  ---
5
7
  # AI Slop Removal
6
8
 
@@ -16,6 +16,7 @@ You have inherited enough unmaintainable systems to be permanently suspicious of
16
16
  **Failure mode warning**: If the ADR has no "options rejected" section, the decision wasn't made: it defaulted. Defaulted decisions are the ones that bite hardest.
17
17
 
18
18
  **Role guidance**: call `get_skill("roles/architect")` before drafting.
19
+ **Templates**: call `get_template("adr")` before authoring an ADR so the section structure, framing rules, and rejected-alternatives requirement come from the canonical template rather than memory. Use `list_templates` to discover overrides.
19
20
  **Strategy grounding**: for decisions with long-term interface or data model implications, check `.cx/knowledge/decisions/strategy/` for any declared strategy documents before choosing. A decision that contradicts a declared Bet or enables a Non-bet must surface the conflict explicitly in the ADR's OPTIONS CONSIDERED section. If no strategy documents exist, proceed without: do not block the workflow or invent strategy.
20
21
 
21
22
  When the architecture domain is clear, also load exactly one relevant overlay before drafting:
@@ -32,7 +32,7 @@ When the user asks for a visual deliverable, choose the lightest artifact that h
32
32
  - walkthroughs and demo videos: use the available browser/demo tooling and follow a discover → rehearse → record flow instead of jumping straight to recording
33
33
 
34
34
  Tool and skill discipline:
35
- - prefer existing visual tools such as `construct wireframe` or equivalent Mermaid/HTML outputs before inventing bespoke formats
35
+ - prefer the bundled generator before inventing bespoke formats: `construct wireframe "<description>" --type=<layout|flow|state|sequence|er|user-journey>` writes a diffable artifact to `.cx/wireframes/`. Use `layout` for screens, `flow`/`user-journey` for paths, `state`/`sequence`/`er` for system diagrams. It is zero-dependency and text-first; do not add a diagramming library
36
36
  - use `list_skills` and `search_skills` to load the host's relevant visual skill when the ask is a deck, presentation, polished UI exploration, or demo video
37
37
  - if the user provides source material like a `.pptx`, export, or PDF, ingest it first so the deliverable is grounded in the actual content
38
38
 
@@ -44,7 +44,7 @@ Construct may dispatch you in response to a `handoff.received`, `incident.handof
44
44
  **Fence (declared in specialists/role-manifests.json → engineer):**
45
45
  - Allowed paths: `lib/**`, `bin/**`, `src/**`, `app/**`, `tests/**`, `docs/**`
46
46
  - Allowed bd labels: `bug`, `feature`, `task`, `engineering`, `fix`
47
- - Approval required: any commit, any push, any edit to protected files (`specialists/registry.json`, `install.sh`, `claude/settings.template.json`)
47
+ - Approval required: any commit, any push, any edit to protected files (`specialists/registry.json`, `lib/setup.mjs`, `claude/settings.template.json`)
48
48
 
49
49
  You may edit production code, write tests, and run verification freely inside your fence. You **must not commit or push** without explicit user approval per `rules/common/commit-approval.md`. Stage edits, run verification, and stop.
50
50
 
@@ -16,6 +16,7 @@ A beautiful plan is worthless if it can't be executed in the right sequence. You
16
16
  **Failure mode warning**: If every task can run in parallel, the dependency graph wasn't drawn. Real plans have sequences, and real sequences have blockers.
17
17
 
18
18
  **Role guidance**: call `get_skill("roles/operator")` before drafting.
19
+ **Templates**: call `get_template("runbook")` before authoring an operational runbook and `get_template("incident-report")` before authoring a post-incident writeup, so the section structure and required fields come from the canonical template rather than memory. Use `list_templates` to discover overrides.
19
20
 
20
21
  Start only after cx-architect and cx-engineer have produced a plan and cx-devil-advocate feedback is resolved.
21
22
 
@@ -16,6 +16,7 @@ Most "problems" that arrive on your desk are actually hypotheses masquerading as
16
16
  **Failure mode warning**: If you can't write a falsifiable hypothesis, you don't have an R&D task: you have a planning task being treated as R&D to avoid committing to a spec.
17
17
 
18
18
  **Role guidance**: call `get_skill("roles/architect")` before drafting.
19
+ **Templates**: call `get_template("research-brief")` before authoring so the section structure comes from the canonical template rather than memory. Use `list_templates` to discover overrides.
19
20
  **Evidence policy**: hypotheses must be grounded in evidence, not plausibility. Follow `rules/common/research.md` (most-recent-first, primary sources, verified URLs) when citing external literature, benchmarks, or published results to motivate an R&D task.
20
21
  **Strategy grounding**: before proposing an R&D direction, check `.cx/knowledge/decisions/strategy/` for declared Bets and Non-bets. A research direction that contradicts a Non-bet requires explicit surfacing and user decision before proceeding.
21
22
 
@@ -16,6 +16,7 @@ You have been paged at 2am enough times to know that reliability problems are de
16
16
  **Failure mode warning**: If there's no alert definition before deployment, nobody planned for failure. The first alert will be a user report.
17
17
 
18
18
  **Role guidance**: call `get_skill("roles/operator.sre")` before drafting.
19
+ **Templates**: call `get_template("runbook")` before authoring a runbook and `get_template("incident-report")` before authoring a postmortem, so the section structure and required fields come from the canonical template rather than memory. Use `list_templates` to discover overrides.
19
20
 
20
21
  For each observability or reliability initiative, define:
21
22
 
@@ -50,7 +50,8 @@
50
50
  "skills": [
51
51
  "ai/orchestration-workflow",
52
52
  "operating/orchestration-reference",
53
- "operating/change-management"
53
+ "operating/change-management",
54
+ "operating/unstructured-triage"
54
55
  ],
55
56
  "perspective": {
56
57
  "bias": "Over-routing to cx-engineer, false simplicity, plans where every task runs in parallel",
@@ -200,7 +201,8 @@
200
201
  ]
201
202
  },
202
203
  "skills": [
203
- "docs/research-workflow"
204
+ "docs/research-workflow",
205
+ "strategy/jobs-to-be-done"
204
206
  ],
205
207
  "perspective": {
206
208
  "bias": "Ideal-user personas, invisible friction, 'users will figure it out'",
@@ -269,7 +271,7 @@
269
271
  "modelTier": "standard",
270
272
  "reasoningEffort": "medium",
271
273
  "codexSandbox": "read-only",
272
- "claudeTools": "Read,Grep,Glob,LS,WebSearch,WebFetch,list_skills,get_skill,search_skills,memory_search,memory_add_observations",
274
+ "claudeTools": "Read,Grep,Glob,LS,WebSearch,WebFetch,list_skills,get_skill,search_skills,get_template,list_templates,memory_search,memory_add_observations",
273
275
  "promptFile": "specialists/prompts/cx-researcher.md",
274
276
  "embedOrientation": {
275
277
  "focusAreas": [
@@ -291,7 +293,8 @@
291
293
  },
292
294
  "skills": [
293
295
  "docs/research-workflow",
294
- "devops/dependency-management"
296
+ "devops/dependency-management",
297
+ "docs/transcript-synthesis"
295
298
  ],
296
299
  "perspective": {
297
300
  "bias": "Undated sources, version-specific claims without citation, blog posts treated as authoritative",
@@ -389,7 +392,8 @@
389
392
  },
390
393
  "skills": [
391
394
  "devops/observability",
392
- "devops/database"
395
+ "devops/database",
396
+ "operating/raw-data-structuring"
393
397
  ],
394
398
  "perspective": {
395
399
  "bias": "Vanity metrics, post-hoc success definitions, averages that hide distributions",
@@ -645,7 +649,8 @@
645
649
  ]
646
650
  },
647
651
  "skills": [
648
- "quality-gates/review-work"
652
+ "quality-gates/review-work",
653
+ "quality-gates/premortem"
649
654
  ],
650
655
  "perspective": {
651
656
  "bias": "Plans that are too elegant, 'unlikely' failure modes, scope drift with stable acceptance criteria",
@@ -1070,7 +1075,7 @@
1070
1075
  "modelTier": "standard",
1071
1076
  "reasoningEffort": "medium",
1072
1077
  "codexSandbox": "workspace-write",
1073
- "claudeTools": "Read,Grep,Glob,LS,Edit,Write,Bash,list_skills,get_skill,search_skills,memory_search,memory_add_observations",
1078
+ "claudeTools": "Read,Grep,Glob,LS,Edit,Write,Bash,list_skills,get_skill,search_skills,get_template,list_templates,memory_search,memory_add_observations",
1074
1079
  "promptFile": "specialists/prompts/cx-docs-keeper.md",
1075
1080
  "embedOrientation": {
1076
1081
  "focusAreas": [
@@ -1094,7 +1099,8 @@
1094
1099
  "skills": [
1095
1100
  "docs/adr-workflow",
1096
1101
  "docs/runbook-workflow",
1097
- "docs/init-docs"
1102
+ "docs/init-docs",
1103
+ "docs/memo-and-decision-capture"
1098
1104
  ],
1099
1105
  "perspective": {
1100
1106
  "bias": "Completed work with no context update, decisions 'everyone understands' but nobody wrote down",
@@ -1193,7 +1199,8 @@
1193
1199
  ]
1194
1200
  },
1195
1201
  "skills": [
1196
- "frontend-design/accessibility"
1202
+ "frontend-design/accessibility",
1203
+ "frontend-design/screen-reader-testing"
1197
1204
  ],
1198
1205
  "perspective": {
1199
1206
  "bias": "ARIA added to pass audits, keyboard navigation never tested, contrast that 'looks fine' but fails the spec",
@@ -1280,7 +1287,8 @@
1280
1287
  ]
1281
1288
  },
1282
1289
  "skills": [
1283
- "ai/prompt-optimizer"
1290
+ "ai/prompt-optimizer",
1291
+ "ai/trace-triage"
1284
1292
  ],
1285
1293
  "perspective": {
1286
1294
  "bias": "Stable-looking medians hiding variance, trace analyses looking only at successes, promotions on too few traces",
@@ -1322,7 +1330,8 @@
1322
1330
  "skills": [
1323
1331
  "devops/data-engineering",
1324
1332
  "devops/database",
1325
- "devops/observability"
1333
+ "devops/observability",
1334
+ "operating/raw-data-structuring"
1326
1335
  ],
1327
1336
  "perspective": {
1328
1337
  "bias": "Non-idempotent pipelines, unwritten data contracts, quality gates added after the first corruption incident",
@@ -73,7 +73,7 @@
73
73
  "allowedPaths": ["lib/**", "bin/**", "src/**", "app/**", "tests/**", "docs/**"],
74
74
  "allowedBdLabels": ["bug", "feature", "task", "engineering", "fix"],
75
75
  "allowedCommands": ["bd create", "bd note", "bd update", "bd link", "bd label", "bd close", "node", "npm", "git status", "git diff", "git log"],
76
- "approvalRequired": ["commit", "push", "edit:specialists/registry.json", "edit:install.sh", "edit:claude/settings.template.json"]
76
+ "approvalRequired": ["commit", "push", "edit:specialists/registry.json", "edit:lib/setup.mjs", "edit:claude/settings.template.json"]
77
77
  },
78
78
  "outputs": {
79
79
  "bdLabels": ["engineering", "fix"],
@@ -0,0 +1,96 @@
1
+ # Test Plan: {feature or system name}
2
+
3
+ - **Date**: {YYYY-MM-DD}
4
+ - **Owner**: {name or role}
5
+ - **Status**: draft | in-review | approved | executed
6
+ - **Related**: {PRD / ADR paths or none}
7
+
8
+ <!--
9
+ Use this when a feature, migration, or system change needs a deliberate
10
+ verification strategy before it ships. The plan is the contract between
11
+ what was specified and what will be proven; every scenario below must
12
+ trace to a requirement or an observed risk, never to guesswork.
13
+
14
+ Before drafting, read rules/common/framing.md and rules/common/no-fabrication.md.
15
+ Acceptance criteria must be binary pass/fail. If a criterion cannot be
16
+ checked without asking the author, it is not done. Cite the requirement
17
+ (FR/NFR id, ADR decision, ticket) each scenario verifies.
18
+ -->
19
+
20
+ ## Scope
21
+ <!--
22
+ What is under test and what is explicitly not. Name the components, surfaces,
23
+ or behaviors covered. The out-of-scope list protects reviewer attention and
24
+ makes coverage gaps deliberate rather than accidental.
25
+ -->
26
+
27
+ | | Description |
28
+ |---|---|
29
+ | **In scope** | <what this plan verifies> |
30
+ | **Out of scope** | <related behavior deliberately not tested here, and why> |
31
+
32
+ ## Test strategy
33
+ <!--
34
+ The levels of testing applied and why each is justified. Map levels to risk:
35
+ unit for logic, integration for contracts and boundaries, end-to-end for
36
+ user-visible flows, manual/exploratory for what automation cannot reach.
37
+ State what each level is responsible for so coverage gaps are visible.
38
+ -->
39
+
40
+ | Level | What it covers | Why it lives at this level |
41
+ |---|---|---|
42
+ | Unit | <logic, pure functions, edge cases> | <reason> |
43
+ | Integration | <contracts, boundaries, data access> | <reason> |
44
+ | End-to-end | <user-visible flows> | <reason> |
45
+ | Manual / exploratory | <what automation cannot reach> | <reason> |
46
+
47
+ ## Key scenarios
48
+ <!--
49
+ The scenarios that prove the change works. Each scenario names the requirement
50
+ it verifies, the setup, the action, and the binary acceptance criterion. A
51
+ reviewer must be able to run or read the scenario and decide pass/fail without
52
+ asking the author.
53
+ -->
54
+
55
+ | ID | Scenario | Verifies | Acceptance (binary pass/fail) |
56
+ |---|---|---|---|
57
+ | TC-1 | <setup, action, expected result> | <FR/NFR id or risk> | <observable condition> |
58
+ | TC-2 | <...> | <...> | <...> |
59
+
60
+ ## Risks and edge cases
61
+ <!--
62
+ The failure modes and boundary conditions worth explicit attention: empty
63
+ inputs, concurrency, partial failure, large data, permission boundaries,
64
+ rollback. For each, state how the plan covers it or why the residual risk
65
+ is accepted.
66
+ -->
67
+
68
+ | Risk / edge case | Likelihood | Impact | Coverage or accepted reason |
69
+ |---|---|---|---|
70
+ | <condition> | low / med / high | low / med / high | <how it is tested, or why accepted> |
71
+
72
+ ## Environments and data
73
+ <!--
74
+ Where tests run and what data they use. Name the environments, fixtures,
75
+ seed data, and any external dependencies (sandboxes, stubs, recorded
76
+ responses). Flag data that must be synthetic or anonymized.
77
+ -->
78
+
79
+ ## Entry and exit criteria
80
+ <!--
81
+ Entry: what must be true before testing starts (build available, environment
82
+ provisioned, dependencies stubbed). Exit: what must be true to call testing
83
+ done (all blocking scenarios pass, known issues triaged, coverage threshold
84
+ met). Both are checklists a reviewer can verify.
85
+ -->
86
+
87
+ **Entry criteria**
88
+
89
+ - <condition that must hold before execution begins>
90
+
91
+ **Exit criteria**
92
+
93
+ - <condition that must hold to declare the plan executed>
94
+
95
+ ## References
96
+ <!-- PRD, ADR, RFC, related test plans, prior incidents. -->