@geraldmaron/construct 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -42
- package/agents/prompts/cx-ai-engineer.md +6 -26
- package/agents/prompts/cx-architect.md +1 -0
- package/agents/prompts/cx-business-strategist.md +2 -0
- package/agents/prompts/cx-data-analyst.md +6 -26
- package/agents/prompts/cx-docs-keeper.md +1 -31
- package/agents/prompts/cx-explorer.md +1 -0
- package/agents/prompts/cx-orchestrator.md +40 -112
- package/agents/prompts/cx-platform-engineer.md +2 -22
- package/agents/prompts/cx-product-manager.md +2 -1
- package/agents/prompts/cx-qa.md +0 -20
- package/agents/prompts/cx-rd-lead.md +2 -0
- package/agents/prompts/cx-researcher.md +77 -31
- package/agents/prompts/cx-security.md +11 -49
- package/agents/prompts/cx-sre.md +9 -43
- package/agents/prompts/cx-ux-researcher.md +1 -0
- package/agents/role-manifests.json +4 -4
- package/bin/construct +279 -4
- package/commands/understand/research.md +5 -3
- package/db/schema/004_recommendations.sql +46 -0
- package/db/schema/005_strategy.sql +21 -0
- package/lib/auto-docs.mjs +3 -4
- package/lib/beads-automation.mjs +16 -7
- package/lib/cli-commands.mjs +52 -2
- package/lib/comment-lint.mjs +7 -1
- package/lib/config/schema.mjs +3 -0
- package/lib/embed/conflict-detection.mjs +26 -9
- package/lib/embed/customer-profiles.mjs +37 -17
- package/lib/embed/daemon.mjs +10 -8
- package/lib/embed/recommendation-store.mjs +213 -14
- package/lib/embed/workspaces.mjs +53 -18
- package/lib/flavors/loader.mjs +136 -0
- package/lib/gates-audit.mjs +3 -3
- package/lib/health-check.mjs +1 -1
- package/lib/hooks/agent-tracker.mjs +22 -3
- package/lib/hooks/pre-compact.mjs +3 -0
- package/lib/hooks/pre-push-gate.mjs +14 -1
- package/lib/hooks/read-tracker.mjs +10 -101
- package/lib/hooks/session-optimize.mjs +3 -2
- package/lib/hooks/session-reflect.mjs +68 -0
- package/lib/host-capabilities.mjs +90 -1
- package/lib/init-unified.mjs +25 -2
- package/lib/init-update.mjs +246 -131
- package/lib/intake/classify.mjs +61 -183
- package/lib/intake/prepare.mjs +7 -0
- package/lib/intake/tables/creative.mjs +94 -0
- package/lib/intake/tables/operations.mjs +85 -0
- package/lib/intake/tables/research.mjs +85 -0
- package/lib/intake/tables/rnd.mjs +175 -0
- package/lib/intent-classifier.mjs +1 -0
- package/lib/knowledge/layout.mjs +10 -0
- package/lib/knowledge/research-store.mjs +109 -0
- package/lib/mcp/tools/telemetry.mjs +30 -78
- package/lib/model-router.mjs +61 -1
- package/lib/observation-store.mjs +19 -0
- package/lib/ollama-manager.mjs +1 -1
- package/lib/opencode-telemetry.mjs +4 -5
- package/lib/orchestration-policy.mjs +9 -0
- package/lib/outcomes/aggregate.mjs +104 -0
- package/lib/outcomes/record.mjs +115 -0
- package/lib/parity.mjs +121 -21
- package/lib/profiles/lifecycle.mjs +388 -0
- package/lib/profiles/loader.mjs +123 -0
- package/lib/profiles/validate-custom.mjs +114 -0
- package/lib/prompt-composer.js +106 -29
- package/lib/read-tracker-store.mjs +149 -0
- package/lib/reflect/extractor.mjs +193 -0
- package/lib/reflect.mjs +89 -2
- package/lib/sandbox.mjs +102 -0
- package/lib/server/index.mjs +76 -0
- package/lib/server/telemetry-login.mjs +17 -25
- package/lib/service-manager.mjs +30 -22
- package/lib/services/local-postgres.mjs +15 -0
- package/lib/services/telemetry-backend.mjs +1 -2
- package/lib/setup.mjs +8 -43
- package/lib/status.mjs +51 -5
- package/lib/storage/backend.mjs +12 -2
- package/lib/strategy-store.mjs +371 -0
- package/lib/telemetry/backends/local.mjs +6 -4
- package/lib/telemetry/client.mjs +185 -0
- package/lib/telemetry/ingest.mjs +13 -5
- package/lib/telemetry/team-rollup.mjs +9 -2
- package/lib/worker/trace.mjs +17 -27
- package/package.json +10 -2
- package/personas/construct.md +20 -20
- package/platforms/claude/settings.template.json +13 -0
- package/rules/common/research.md +44 -12
- package/scripts/sync-agents.mjs +11 -0
- package/skills/docs/backlog-proposal-workflow.md +2 -2
- package/skills/docs/customer-profile-workflow.md +1 -1
- package/skills/docs/evidence-ingest-workflow.md +5 -5
- package/skills/docs/prfaq-workflow.md +1 -1
- package/skills/docs/product-intelligence-review.md +1 -1
- package/skills/docs/product-intelligence-workflow.md +3 -3
- package/skills/docs/product-signal-workflow.md +48 -18
- package/skills/docs/research-workflow.md +26 -14
- package/skills/docs/strategy-workflow.md +36 -0
- package/skills/roles/architect.ai-systems.md +4 -2
- package/skills/roles/architect.data.md +4 -2
- package/skills/roles/architect.enterprise.md +4 -2
- package/skills/roles/architect.integration.md +4 -2
- package/skills/roles/architect.md +7 -5
- package/skills/roles/architect.platform.md +4 -2
- package/skills/roles/data-analyst.experiment.md +4 -2
- package/skills/roles/data-analyst.md +9 -7
- package/skills/roles/data-analyst.product-intelligence.md +5 -3
- package/skills/roles/data-analyst.product.md +4 -2
- package/skills/roles/data-analyst.telemetry.md +4 -2
- package/skills/roles/data-engineer.pipeline.md +4 -2
- package/skills/roles/data-engineer.vector-retrieval.md +4 -2
- package/skills/roles/data-engineer.warehouse.md +4 -2
- package/skills/roles/debugger.md +7 -5
- package/skills/roles/designer.accessibility.md +4 -2
- package/skills/roles/designer.md +10 -8
- package/skills/roles/engineer.ai.md +4 -2
- package/skills/roles/engineer.data.md +5 -3
- package/skills/roles/engineer.md +14 -12
- package/skills/roles/engineer.platform.md +5 -3
- package/skills/roles/operator.docs.md +6 -4
- package/skills/roles/operator.md +6 -4
- package/skills/roles/operator.release.md +4 -2
- package/skills/roles/operator.sre.md +5 -3
- package/skills/roles/orchestrator.md +5 -3
- package/skills/roles/product-manager.ai-product.md +4 -2
- package/skills/roles/product-manager.business-strategy.md +4 -2
- package/skills/roles/product-manager.enterprise.md +4 -2
- package/skills/roles/product-manager.growth.md +4 -2
- package/skills/roles/product-manager.md +6 -4
- package/skills/roles/product-manager.platform.md +4 -2
- package/skills/roles/product-manager.product.md +4 -2
- package/skills/roles/qa.ai-eval.md +4 -2
- package/skills/roles/qa.api-contract.md +4 -2
- package/skills/roles/qa.data-pipeline.md +4 -2
- package/skills/roles/qa.md +7 -5
- package/skills/roles/qa.test-automation.md +5 -3
- package/skills/roles/qa.web-ui.md +4 -2
- package/skills/roles/researcher.explorer.md +4 -2
- package/skills/roles/researcher.md +35 -20
- package/skills/roles/researcher.ux.md +4 -2
- package/skills/roles/reviewer.devil-advocate.md +4 -2
- package/skills/roles/reviewer.evaluator.md +4 -2
- package/skills/roles/reviewer.md +14 -12
- package/skills/roles/reviewer.trace.md +4 -2
- package/skills/roles/security.ai.md +4 -2
- package/skills/roles/security.appsec.md +4 -2
- package/skills/roles/security.cloud.md +4 -2
- package/skills/roles/security.legal-compliance.md +4 -2
- package/skills/roles/security.md +7 -5
- package/skills/roles/security.privacy.md +4 -2
- package/skills/roles/security.supply-chain.md +4 -2
- package/skills/routing.md +8 -1
- package/templates/docs/persona-artifact.md +36 -0
- package/templates/docs/research-brief.md +63 -9
- package/templates/docs/research-finding.md +26 -0
- package/templates/docs/skill-artifact.md +27 -0
- package/templates/docs/strategy.md +36 -0
- package/templates/homebrew/construct.rb +6 -6
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/researcher.md
|
|
2
|
+
skills/roles/researcher.md. Anti-pattern guidance for the Researcher role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the researcher domain and counter-moves to avoid them.
|
|
@@ -9,11 +9,13 @@ Applies to: cx-researcher, cx-ux-researcher, cx-explorer.
|
|
|
9
9
|
role: researcher
|
|
10
10
|
applies_to: [cx-researcher, cx-ux-researcher, cx-explorer]
|
|
11
11
|
inherits: null
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
|
-
# Researcher
|
|
16
|
+
# Researcher. Role guidance
|
|
15
17
|
|
|
16
|
-
Load this before drafting. These are the failure modes that separate strong role output from weak role output
|
|
18
|
+
Load this before drafting. These are the failure modes that separate strong role output from weak role output. check your draft against each.
|
|
17
19
|
|
|
18
20
|
|
|
19
21
|
### 1. Confirmation bias
|
|
@@ -27,42 +29,55 @@ Load this before drafting. These are the failure modes that separate strong role
|
|
|
27
29
|
**Counter-move**: require at least two independent sources for each load-bearing claim. Note when they disagree.
|
|
28
30
|
|
|
29
31
|
### 3. Freshness blindness
|
|
30
|
-
**Symptom**: cited source dated 2019 used as current for a fast-moving topic
|
|
32
|
+
**Symptom**: cited source dated 2019–2024 used as current for a fast-moving topic. AI capabilities, framework APIs, security advisories.
|
|
31
33
|
**Why it fails**: the reader assumes the finding is current; acts on stale information.
|
|
32
|
-
**Counter-move**:
|
|
34
|
+
**Counter-move**: start searches from the most recent year and step backward only if insufficient. Record the publication date of every source. For fast-moving topics (LLM behavior, security advisories, market data), treat anything older than 12 months as presumptively stale unless a newer source confirms it is still accurate.
|
|
33
35
|
|
|
34
|
-
### 4.
|
|
36
|
+
### 4. Wrong starting point
|
|
37
|
+
**Symptom**: searching Google or a general index when a domain-specific authoritative source exists. arXiv for AI research, NVD for CVEs, NeurIPS/ICML proceedings for ML, official vendor docs for APIs.
|
|
38
|
+
**Why it fails**: general search returns popularity-ranked results, not authority-ranked ones. The most-cited blog post is not the same as the primary paper.
|
|
39
|
+
**Counter-move**: use the domain's authoritative starting point first (see `rules/common/research.md` §2). Only fall back to general search if the authoritative source is insufficient.
|
|
40
|
+
|
|
41
|
+
### 5. Unverified URLs
|
|
42
|
+
**Symptom**: URLs included in the brief have not been fetched. the researcher copied them from a search result or from memory.
|
|
43
|
+
**Why it fails**: URLs rot. A confident citation pointing to a 404 or a different page than intended is worse than no citation.
|
|
44
|
+
**Counter-move**: fetch every URL before including it. Confirm the content matches the cited claim. Mark any URL that cannot be fetched `[unverified]` and flag it as a gap.
|
|
45
|
+
|
|
46
|
+
### 6. Findings without confidence
|
|
35
47
|
**Symptom**: all findings presented flatly, with no distinction between what is well-established and what is speculative.
|
|
36
48
|
**Why it fails**: the reader cannot decide how much weight to place on each claim.
|
|
37
49
|
**Counter-move**: label each finding high / medium / low confidence, with a one-line reason.
|
|
38
50
|
|
|
39
|
-
###
|
|
51
|
+
### 7. Observation confused with inference
|
|
40
52
|
**Symptom**: the doc presents what the author concluded as what the source said.
|
|
41
53
|
**Why it fails**: the conclusion cannot be audited. Reviewers who disagree cannot find the step where the logic turned.
|
|
42
54
|
**Counter-move**: separate "what the source said" from "what I infer from this". Label them.
|
|
43
55
|
|
|
44
|
-
###
|
|
56
|
+
### 8. Secondary sources passed as primary
|
|
45
57
|
**Symptom**: citations point to summaries, listicles, or syntheses instead of the underlying paper, spec, or changelog.
|
|
46
58
|
**Why it fails**: the summary may misrepresent the primary source. The chain of error is invisible.
|
|
47
|
-
**Counter-move**: cite primary sources
|
|
59
|
+
**Counter-move**: cite primary sources. the actual paper, spec, commit, or dataset. Use secondary sources only to discover primary ones.
|
|
48
60
|
|
|
49
|
-
###
|
|
61
|
+
### 9. Scope creep
|
|
50
62
|
**Symptom**: the research question was about X but the brief covers X, Y, and Z because they came up.
|
|
51
63
|
**Why it fails**: the original question does not get answered well; reviewers cannot tell which findings are load-bearing.
|
|
52
64
|
**Counter-move**: answer the original question first and completely. Tangential findings go into a separate section or a follow-up.
|
|
53
65
|
|
|
54
|
-
###
|
|
66
|
+
### 10. Action without evidence threshold
|
|
55
67
|
**Symptom**: the implications section recommends a change without stating what evidence would have led to a different recommendation.
|
|
56
68
|
**Why it fails**: the research is unfalsifiable. Any finding leads to the same recommendation.
|
|
57
69
|
**Counter-move**: state up-front what evidence would cause the recommendation to flip. Verify the actual evidence meets the threshold.
|
|
58
70
|
|
|
59
71
|
## Self-check before shipping
|
|
60
72
|
|
|
61
|
-
- [ ]
|
|
62
|
-
- [ ]
|
|
63
|
-
- [ ]
|
|
64
|
-
- [ ]
|
|
65
|
-
- [ ]
|
|
66
|
-
- [ ]
|
|
67
|
-
- [ ]
|
|
68
|
-
- [ ]
|
|
73
|
+
- [ ] Started search from the most recent year and stepped back only when insufficient
|
|
74
|
+
- [ ] Used domain-specific authoritative starting point (see `rules/common/research.md` §2), not general search as default
|
|
75
|
+
- [ ] Every URL fetched and confirmed to match the cited claim
|
|
76
|
+
- [ ] Strongest counter-finding named and addressed
|
|
77
|
+
- [ ] Each load-bearing claim has at least two independent sources (or one authoritative primary)
|
|
78
|
+
- [ ] Source dates recorded; fast-moving topics use sources within last 12 months
|
|
79
|
+
- [ ] Each finding labeled with confidence (high/medium/low) and one-line reason
|
|
80
|
+
- [ ] Observation separated from inference. labeled differently
|
|
81
|
+
- [ ] Citations point to primary sources, not summaries or index pages
|
|
82
|
+
- [ ] Original question answered first; tangents in a separate section
|
|
83
|
+
- [ ] Evidence threshold for the recommendation is stated explicitly
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/researcher.ux.md
|
|
2
|
+
skills/roles/researcher.ux.md. Anti-pattern guidance for the Researcher.ux (ux) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the researcher.ux (ux) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-ux-researcher.
|
|
|
9
9
|
role: researcher.ux
|
|
10
10
|
applies_to: [cx-ux-researcher]
|
|
11
11
|
inherits: researcher
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# UX Researcher Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/reviewer.devil-advocate.md
|
|
2
|
+
skills/roles/reviewer.devil-advocate.md. Anti-pattern guidance for the Reviewer.devil-advocate (devil advocate) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the reviewer.devil-advocate (devil advocate) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-devil-advocate.
|
|
|
9
9
|
role: reviewer.devil-advocate
|
|
10
10
|
applies_to: [cx-devil-advocate]
|
|
11
11
|
inherits: reviewer
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Devil's Advocate Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/reviewer.evaluator.md
|
|
2
|
+
skills/roles/reviewer.evaluator.md. Anti-pattern guidance for the Reviewer.evaluator (evaluator) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the reviewer.evaluator (evaluator) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-evaluator.
|
|
|
9
9
|
role: reviewer.evaluator
|
|
10
10
|
applies_to: [cx-evaluator]
|
|
11
11
|
inherits: reviewer
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Evaluator Overlay
|
|
15
17
|
|
package/skills/roles/reviewer.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/reviewer.md
|
|
2
|
+
skills/roles/reviewer.md. Anti-pattern guidance for the Reviewer role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the reviewer domain and counter-moves to avoid them.
|
|
@@ -9,17 +9,19 @@ Applies to: cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer.
|
|
|
9
9
|
role: reviewer
|
|
10
10
|
applies_to: [cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer]
|
|
11
11
|
inherits: null
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
|
-
# Reviewer
|
|
16
|
+
# Reviewer. Role guidance
|
|
15
17
|
|
|
16
|
-
Load this before drafting. These are the failure modes that separate strong role output from weak role output
|
|
18
|
+
Load this before drafting. These are the failure modes that separate strong role output from weak role output. check your draft against each.
|
|
17
19
|
|
|
18
20
|
|
|
19
21
|
### 1. Nit-picking over structure
|
|
20
|
-
**Symptom**: the review focuses on variable names and formatting while leaving the structural problem
|
|
22
|
+
**Symptom**: the review focuses on variable names and formatting while leaving the structural problem. wrong abstraction, missing tests, unsafe concurrency. unflagged.
|
|
21
23
|
**Why it fails**: the author fixes the surface and ships the real bug. The reviewer signals thoroughness while providing no real coverage.
|
|
22
|
-
**Counter-move**: audit structure first
|
|
24
|
+
**Counter-move**: audit structure first. correctness, blast radius, invariants, test coverage. before any style feedback.
|
|
23
25
|
|
|
24
26
|
### 2. LGTM without running the code
|
|
25
27
|
**Symptom**: approval given based on reading the diff, with no build, no test run, no exploration of the change in situ.
|
|
@@ -32,7 +34,7 @@ Load this before drafting. These are the failure modes that separate strong role
|
|
|
32
34
|
**Counter-move**: grep for callers of anything changed. Check whether the change is backwards-compatible for each.
|
|
33
35
|
|
|
34
36
|
### 4. No severity
|
|
35
|
-
**Symptom**: all feedback presented at the same weight
|
|
37
|
+
**Symptom**: all feedback presented at the same weight. a typo and a security vulnerability get equal prominence.
|
|
36
38
|
**Why it fails**: the author cannot tell what blocks merge versus what is optional. Real issues get lost.
|
|
37
39
|
**Counter-move**: label each finding CRITICAL / HIGH / MEDIUM / LOW. State what the author must address before merge.
|
|
38
40
|
|
|
@@ -71,11 +73,11 @@ Load this before drafting. These are the failure modes that separate strong role
|
|
|
71
73
|
|
|
72
74
|
A review that approves while these gates would fail in CI is a failed review. Run or confirm the author ran:
|
|
73
75
|
|
|
74
|
-
- [ ] `npm test
|
|
75
|
-
- [ ] `node bin/construct lint:comments
|
|
76
|
-
- [ ] `node bin/construct docs:verify
|
|
77
|
-
- [ ] `node bin/construct docs:update --check
|
|
78
|
-
- [ ] `npm run lint:templates
|
|
76
|
+
- [ ] `npm test`. 0 failed
|
|
77
|
+
- [ ] `node bin/construct lint:comments`. 0 errors AND 0 warnings (treat warnings as blocking)
|
|
78
|
+
- [ ] `node bin/construct docs:verify`. all checks passed, no warnings
|
|
79
|
+
- [ ] `node bin/construct docs:update --check`. AUTO regions up to date
|
|
80
|
+
- [ ] `npm run lint:templates`. commit subjects + PR body match the canonical templates
|
|
79
81
|
|
|
80
82
|
See `rules/common/release-gates.md`. Block approval until evidence is in the PR body.
|
|
81
83
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/reviewer.trace.md
|
|
2
|
+
skills/roles/reviewer.trace.md. Anti-pattern guidance for the Reviewer.trace (trace) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the reviewer.trace (trace) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-trace-reviewer.
|
|
|
9
9
|
role: reviewer.trace
|
|
10
10
|
applies_to: [cx-trace-reviewer]
|
|
11
11
|
inherits: reviewer
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Trace Reviewer Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.ai.md
|
|
2
|
+
skills/roles/security.ai.md. Anti-pattern guidance for the Security.ai (ai) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security.ai (ai) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-security, cx-ai-engineer.
|
|
|
9
9
|
role: security.ai
|
|
10
10
|
applies_to: [cx-security, cx-ai-engineer]
|
|
11
11
|
inherits: security
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# AI Security Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.appsec.md
|
|
2
|
+
skills/roles/security.appsec.md. Anti-pattern guidance for the Security.appsec (appsec) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security.appsec (appsec) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-security.
|
|
|
9
9
|
role: security.appsec
|
|
10
10
|
applies_to: [cx-security]
|
|
11
11
|
inherits: security
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# AppSec Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.cloud.md
|
|
2
|
+
skills/roles/security.cloud.md. Anti-pattern guidance for the Security.cloud (cloud) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security.cloud (cloud) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-security.
|
|
|
9
9
|
role: security.cloud
|
|
10
10
|
applies_to: [cx-security]
|
|
11
11
|
inherits: security
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Cloud Security Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.legal-compliance.md
|
|
2
|
+
skills/roles/security.legal-compliance.md. Anti-pattern guidance for the Security.legal-compliance (legal compliance) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security.legal-compliance (legal compliance) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-legal-compliance.
|
|
|
9
9
|
role: security.legal-compliance
|
|
10
10
|
applies_to: [cx-legal-compliance]
|
|
11
11
|
inherits: security
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Legal & Compliance Overlay
|
|
15
17
|
|
package/skills/roles/security.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.md
|
|
2
|
+
skills/roles/security.md. Anti-pattern guidance for the Security role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security domain and counter-moves to avoid them.
|
|
@@ -9,15 +9,17 @@ Applies to: cx-security, cx-legal-compliance.
|
|
|
9
9
|
role: security
|
|
10
10
|
applies_to: [cx-security, cx-legal-compliance]
|
|
11
11
|
inherits: null
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
|
-
# Security
|
|
16
|
+
# Security. Role guidance
|
|
15
17
|
|
|
16
|
-
Load this before drafting. These are the failure modes that separate strong role output from weak role output
|
|
18
|
+
Load this before drafting. These are the failure modes that separate strong role output from weak role output. check your draft against each.
|
|
17
19
|
|
|
18
20
|
|
|
19
21
|
### 1. Defense in absence
|
|
20
|
-
**Symptom**: protection depends on a single layer
|
|
22
|
+
**Symptom**: protection depends on a single layer. a firewall, a middleware, a validation step. with no defense if that layer is bypassed.
|
|
21
23
|
**Why it fails**: one misconfiguration or bug eliminates all protection at once.
|
|
22
24
|
**Counter-move**: assume any single control can fail. Layer controls at the network, application, and data boundaries.
|
|
23
25
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.privacy.md
|
|
2
|
+
skills/roles/security.privacy.md. Anti-pattern guidance for the Security.privacy (privacy) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security.privacy (privacy) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-security, cx-legal-compliance.
|
|
|
9
9
|
role: security.privacy
|
|
10
10
|
applies_to: [cx-security, cx-legal-compliance]
|
|
11
11
|
inherits: security
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Privacy Security Overlay
|
|
15
17
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/roles/security.supply-chain.md
|
|
2
|
+
skills/roles/security.supply-chain.md. Anti-pattern guidance for the Security.supply-chain (supply chain) role.
|
|
3
3
|
|
|
4
4
|
Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
|
|
5
5
|
Covers common failure modes for the security.supply-chain (supply chain) domain and counter-moves to avoid them.
|
|
@@ -9,7 +9,9 @@ Applies to: cx-security, cx-platform-engineer.
|
|
|
9
9
|
role: security.supply-chain
|
|
10
10
|
applies_to: [cx-security, cx-platform-engineer]
|
|
11
11
|
inherits: security
|
|
12
|
-
version:
|
|
12
|
+
version: 2
|
|
13
|
+
profiles: [rnd]
|
|
14
|
+
cap: 1
|
|
13
15
|
---
|
|
14
16
|
# Supply Chain Security Overlay
|
|
15
17
|
|
package/skills/routing.md
CHANGED
|
@@ -122,7 +122,8 @@ Read the matching skill file before responding when the user's request matches t
|
|
|
122
122
|
| init docs, create docs structure, set up documentation, docs scaffold, documentation init | `skills/docs/init-docs.md` | Initialize required project-state docs and documentation structure |
|
|
123
123
|
| research X, investigate X, find evidence, gather evidence | `skills/docs/research-workflow.md` | Research workflow — question to .cx/research/ file |
|
|
124
124
|
| product intelligence, customer notes, field notes, product signals, customer profile, evidence brief, signal brief, backlog proposal | `skills/docs/product-intelligence-workflow.md` | Product Intelligence workflow — evidence to product artifacts |
|
|
125
|
-
|
|
|
125
|
+
| strategy, product strategy, strategic bet, non-bet, north star, time horizon, competitive positioning | `skills/docs/strategy-workflow.md` | Product strategy — read, update, and reason about the strategy store |
|
|
126
|
+
| ingest evidence, ingest customer notes, ingest Slack thread, ingest support ticket, normalize field notes | `skills/docs/evidence-ingest-workflow.md` | Evidence ingest workflow — raw source to .cx/knowledge/ |
|
|
126
127
|
| write a PRD, create requirements, spec out, requirements document, Meta PRD, platform PRD | `skills/docs/prd-workflow.md` | PRD workflow — requirements to docs/prd/ or docs/meta-prd/ |
|
|
127
128
|
| write a PRFAQ, working backwards doc, press release FAQ | `skills/docs/prfaq-workflow.md` | PRFAQ workflow — launch narrative from PRD or evidence |
|
|
128
129
|
| create Jira proposal, update Linear, backlog proposal, issue proposal | `skills/docs/backlog-proposal-workflow.md` | Backlog proposal workflow — approval-gated issue tracker changes |
|
|
@@ -137,3 +138,9 @@ Read the matching skill file before responding when the user's request matches t
|
|
|
137
138
|
3. Detect programming language from file extensions or context and read the corresponding development skill.
|
|
138
139
|
4. Read each skill file once per conversation.
|
|
139
140
|
5. Skill file content is authoritative over training data when they conflict.
|
|
141
|
+
|
|
142
|
+
## Agent Roster Disambiguation
|
|
143
|
+
|
|
144
|
+
**cx-engineer vs cx-platform-engineer:** cx-engineer builds product features for end users. cx-platform-engineer builds the internal platform — CI/CD, deployment tooling, developer environments, internal APIs, and reliability infrastructure. They operate in distinct domains with different quality bars (user-facing UX vs. developer ergonomics and system reliability). Use cx-platform-engineer when the subject is a platform service, internal tool, build pipeline, or infrastructure component that engineers consume, not end users.
|
|
145
|
+
|
|
146
|
+
**Platform domain overlays** (`roles/product-manager.platform`, `roles/architect.platform`, `roles/engineer.platform`) apply when the PRODUCT being designed or built is a platform — an API, SDK, or developer surface consumed by other developers. These are skill overlays on PM/architect/engineer roles, not routing to cx-platform-engineer. Route to cx-platform-engineer only when the work is infra/ops, not product.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# <Role display name>
|
|
2
|
+
|
|
3
|
+
> Anchor doc for the <role-id> persona. Methodology: `docs/concepts/persona-research.md`. This file is generated by `construct profile create` and is part of the discover + frame phases. The persona is not promotable until every section below is filled from evidence, not opinion.
|
|
4
|
+
|
|
5
|
+
## Goals
|
|
6
|
+
|
|
7
|
+
- <What does success look like for this role? Not the org's goals; theirs.>
|
|
8
|
+
- <Goal 2>
|
|
9
|
+
|
|
10
|
+
## Frustrations
|
|
11
|
+
|
|
12
|
+
- <What slows them down, what they get blamed for.>
|
|
13
|
+
|
|
14
|
+
## Decision rights
|
|
15
|
+
|
|
16
|
+
- Decides: <list>
|
|
17
|
+
- Escalates: <list>
|
|
18
|
+
|
|
19
|
+
## Handoffs
|
|
20
|
+
|
|
21
|
+
- Hands off to: <role> when <condition>
|
|
22
|
+
- Receives from: <role> when <condition>
|
|
23
|
+
|
|
24
|
+
## Output contract
|
|
25
|
+
|
|
26
|
+
- Format: <markdown structure, code diff, JSON, etc.>
|
|
27
|
+
- Depth: <short bullet list, two-page doc, one-screen summary, etc.>
|
|
28
|
+
- Citations: <required | encouraged | none>
|
|
29
|
+
|
|
30
|
+
## Failure modes
|
|
31
|
+
|
|
32
|
+
- <Common ways this persona goes wrong; what to watch for.>
|
|
33
|
+
|
|
34
|
+
## Evidence
|
|
35
|
+
|
|
36
|
+
- <Interview, doc, postmortem, public job spec. At least two primary sources.>
|
|
@@ -2,28 +2,82 @@
|
|
|
2
2
|
|
|
3
3
|
- **Date**: {YYYY-MM-DD}
|
|
4
4
|
- **Author**: {name}
|
|
5
|
+
- **Domain**: {ai-tools | developer-tools | security | market | cloud-api | regulatory | academic | other}
|
|
5
6
|
- **Status**: in-progress | complete
|
|
7
|
+
- **Recency baseline**: Sources from {YYYY} and later preferred; oldest source used: {YYYY-MM-DD}
|
|
6
8
|
|
|
7
9
|
## Question
|
|
8
|
-
|
|
10
|
+
|
|
11
|
+
<!-- One specific, falsifiable question this research must answer. Not a topic — a question with a determinate answer. -->
|
|
9
12
|
|
|
10
13
|
## Method
|
|
11
|
-
|
|
14
|
+
|
|
15
|
+
<!-- How the question was investigated:
|
|
16
|
+
- Domain starting point used (arXiv, NVD, Stack Overflow Survey, vendor docs, etc.)
|
|
17
|
+
- Date filter applied (search from YYYY-first)
|
|
18
|
+
- Internal paths checked (.cx/research/, .cx/knowledge/, ADRs, etc.)
|
|
19
|
+
- Search terms and queries run
|
|
20
|
+
- Systems and indexes consulted
|
|
21
|
+
- Inclusion/exclusion decisions
|
|
22
|
+
Enough detail that another person could reproduce it. -->
|
|
12
23
|
|
|
13
24
|
## Sources
|
|
14
|
-
|
|
25
|
+
|
|
26
|
+
| Title / Path | Class | Date | URL | Verified | Relevance |
|
|
27
|
+
|---|---|---|---|---|---|
|
|
28
|
+
| {source title or file path} | primary / secondary / tertiary | {YYYY-MM-DD} | {URL or path} | yes / no / n/a | {one-line} |
|
|
29
|
+
|
|
30
|
+
<!-- Class definitions:
|
|
31
|
+
- primary: peer-reviewed papers, official docs at exact version, raw source code, standards, company announcements, SEC filings
|
|
32
|
+
- secondary: changelogs, migration guides, tracked issues, maintainer posts, conference talks by authors
|
|
33
|
+
- tertiary: blog posts, forums, Q&A, analyst summaries — for discovery only, never as evidence
|
|
34
|
+
Mark Verified = yes only after fetching the URL and confirming content matches. -->
|
|
15
35
|
|
|
16
36
|
## Findings
|
|
17
|
-
<!-- What the evidence says. Separate observation from inference. Label each finding with its confidence level and cite the supporting source(s). -->
|
|
18
37
|
|
|
19
|
-
|
|
20
|
-
|
|
38
|
+
<!-- For each finding, state separately:
|
|
39
|
+
- Observation: what the source(s) actually say — direct, traceable
|
|
40
|
+
- Inference: what is concluded from the observation — labeled as inference
|
|
41
|
+
- Confidence: high / medium / low, with a one-line reason
|
|
42
|
+
- Sources: reference the Source table row(s) -->
|
|
43
|
+
|
|
44
|
+
### Finding 1 — {short label}
|
|
45
|
+
|
|
46
|
+
**Observation**: <!-- what the sources say -->
|
|
47
|
+
**Inference**: <!-- what is concluded — labeled as inference -->
|
|
48
|
+
**Confidence**: high / medium / low — {reason}
|
|
49
|
+
**Sources**: {source title(s) from table}
|
|
50
|
+
|
|
51
|
+
### Finding N — {short label}
|
|
52
|
+
|
|
53
|
+
<!-- repeat as needed -->
|
|
54
|
+
|
|
55
|
+
## Counter-evidence
|
|
56
|
+
|
|
57
|
+
<!-- The strongest finding that contradicts or complicates the conclusion. How it was addressed. If no counter-evidence was found, state that and note whether it was actively searched for. -->
|
|
58
|
+
|
|
59
|
+
## Confidence summary
|
|
60
|
+
|
|
61
|
+
<!-- Overall confidence across all findings. Key uncertainties. What would most change the conclusion. -->
|
|
62
|
+
|
|
63
|
+
## Gaps
|
|
64
|
+
|
|
65
|
+
<!-- What this research did not resolve. For each gap: what evidence is missing and what would be needed to fill it. -->
|
|
21
66
|
|
|
22
67
|
## Implications
|
|
23
|
-
|
|
68
|
+
|
|
69
|
+
<!-- What decisions this research enables or blocks. Who should act on it and in what timeframe. -->
|
|
70
|
+
|
|
71
|
+
## Recommendation
|
|
72
|
+
|
|
73
|
+
<!-- What the evidence supports. State the evidence threshold at which this recommendation would flip. -->
|
|
24
74
|
|
|
25
75
|
## Open questions
|
|
26
|
-
|
|
76
|
+
|
|
77
|
+
<!-- Remaining questions scoped out of this brief. Suitable for a follow-up research task or a handoff. -->
|
|
27
78
|
|
|
28
79
|
## References
|
|
29
|
-
|
|
80
|
+
|
|
81
|
+
<!-- Full citation list. Format: Author(s). (Year). Title. Venue/Source. Retrieved from URL.
|
|
82
|
+
Include: author(s) or org, year, title, publication venue, URL, access date for web sources.
|
|
83
|
+
Mark any URL that was not verified as [unverified]. -->
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
---
|
|
2
|
+
kind: research-finding
|
|
3
|
+
topic: "<short topic line>"
|
|
4
|
+
confidence: inferred
|
|
5
|
+
sources: []
|
|
6
|
+
created: <ISO timestamp set by construct knowledge add>
|
|
7
|
+
expiresAt: <ISO timestamp, default created + 90d>
|
|
8
|
+
profile: <active profile id>
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## FINDINGS
|
|
12
|
+
|
|
13
|
+
- <Finding 1 with citation>
|
|
14
|
+
- <Finding 2 with citation>
|
|
15
|
+
|
|
16
|
+
## INFERENCES
|
|
17
|
+
|
|
18
|
+
- <Inference labeled as such>
|
|
19
|
+
|
|
20
|
+
## GAPS
|
|
21
|
+
|
|
22
|
+
- <What we could not confirm>
|
|
23
|
+
|
|
24
|
+
## RECOMMENDATION
|
|
25
|
+
|
|
26
|
+
- <Next action based on the evidence available>
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: <verb-led-id>
|
|
3
|
+
scope: <one paragraph: what it covers, what it does not>
|
|
4
|
+
observable_outcome: <how someone outside the role tells this skill happened>
|
|
5
|
+
provenance:
|
|
6
|
+
- <citation: post-mortem, public framework, competency model>
|
|
7
|
+
roles:
|
|
8
|
+
- <role-id that uses this skill>
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# <Skill display name>
|
|
12
|
+
|
|
13
|
+
## What this skill produces
|
|
14
|
+
|
|
15
|
+
<Concrete output. Bloom-style: not "knows X" but "produces Y".>
|
|
16
|
+
|
|
17
|
+
## When to invoke it
|
|
18
|
+
|
|
19
|
+
<Triggers. What the operator or the upstream persona is doing when this skill is the right call.>
|
|
20
|
+
|
|
21
|
+
## How it composes
|
|
22
|
+
|
|
23
|
+
<Other skills typically chained before or after.>
|
|
24
|
+
|
|
25
|
+
## Anti-patterns
|
|
26
|
+
|
|
27
|
+
<Ways this skill gets misapplied; what looks similar but is not this.>
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Product Strategy
|
|
3
|
+
updated: YYYY-MM-DD
|
|
4
|
+
horizon: "6–12 months"
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
<!--
|
|
8
|
+
templates/docs/strategy.md — Template for product strategy documents.
|
|
9
|
+
Use for both user-product strategy and Construct's own strategy (.cx/strategy.md).
|
|
10
|
+
Canonical store: ~/.cx/strategy.md (user-global) or .cx/strategy.md (project-local, committed).
|
|
11
|
+
Owning workflow: skills/docs/strategy-workflow.md.
|
|
12
|
+
-->
|
|
13
|
+
|
|
14
|
+
## Vision
|
|
15
|
+
<!-- 1–3 sentences. Where are we going in 3–5 years? -->
|
|
16
|
+
|
|
17
|
+
## Bets
|
|
18
|
+
<!-- Explicit choices. Each bet: what we're doing and why. -->
|
|
19
|
+
- **Bet 1**: …
|
|
20
|
+
- **Bet 2**: …
|
|
21
|
+
|
|
22
|
+
## Non-bets
|
|
23
|
+
<!-- What we are explicitly NOT doing, and why. This section prevents strategy drift. -->
|
|
24
|
+
- **Not doing**: … **Because**: …
|
|
25
|
+
|
|
26
|
+
## Time Horizon
|
|
27
|
+
<!-- Current cycle focus. What must be true 6–12 months from now? -->
|
|
28
|
+
|
|
29
|
+
## North Star Metric
|
|
30
|
+
<!-- Single measurable outcome. Format: Metric / Baseline / Target / Owner -->
|
|
31
|
+
|
|
32
|
+
## Competitive Positioning
|
|
33
|
+
<!-- How we differentiate. 2–4 sentences. -->
|
|
34
|
+
|
|
35
|
+
## Open Bets
|
|
36
|
+
<!-- Decisions not yet made. Clarify and move to Bets or Non-bets. -->
|
|
@@ -2,13 +2,13 @@
|
|
|
2
2
|
#
|
|
3
3
|
# Authoritative copy lives in the construct repo at templates/homebrew/
|
|
4
4
|
# construct.rb. The tap repo (geraldmaron/homebrew-construct) carries the
|
|
5
|
-
# active formula at Formula/construct.rb
|
|
6
|
-
# workflow's Homebrew bump step on every tag push.
|
|
5
|
+
# active formula at Formula/construct.rb.
|
|
7
6
|
#
|
|
8
|
-
#
|
|
9
|
-
#
|
|
10
|
-
#
|
|
11
|
-
#
|
|
7
|
+
# The release workflow's `homebrew` job regenerates Formula/construct.rb from
|
|
8
|
+
# scratch on every `v*` tag push — it downloads sha256 sidecars from the
|
|
9
|
+
# GitHub Release, fills in the version and per-platform URLs/SHAs, and pushes
|
|
10
|
+
# directly to the tap. The placeholder SHAs below are only used when seeding
|
|
11
|
+
# the tap by hand the first time (see docs/maintenance/homebrew-tap.md).
|
|
12
12
|
class Construct < Formula
|
|
13
13
|
desc "Deployable AI R&D operating system for coding agents — runs locally or for teams"
|
|
14
14
|
homepage "https://github.com/geraldmaron/construct"
|