@geraldmaron/construct 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (157) hide show
  1. package/README.md +51 -42
  2. package/agents/prompts/cx-ai-engineer.md +6 -26
  3. package/agents/prompts/cx-architect.md +1 -0
  4. package/agents/prompts/cx-business-strategist.md +2 -0
  5. package/agents/prompts/cx-data-analyst.md +6 -26
  6. package/agents/prompts/cx-docs-keeper.md +1 -31
  7. package/agents/prompts/cx-explorer.md +1 -0
  8. package/agents/prompts/cx-orchestrator.md +40 -112
  9. package/agents/prompts/cx-platform-engineer.md +2 -22
  10. package/agents/prompts/cx-product-manager.md +2 -1
  11. package/agents/prompts/cx-qa.md +0 -20
  12. package/agents/prompts/cx-rd-lead.md +2 -0
  13. package/agents/prompts/cx-researcher.md +77 -31
  14. package/agents/prompts/cx-security.md +11 -49
  15. package/agents/prompts/cx-sre.md +9 -43
  16. package/agents/prompts/cx-ux-researcher.md +1 -0
  17. package/agents/role-manifests.json +4 -4
  18. package/bin/construct +279 -4
  19. package/commands/understand/research.md +5 -3
  20. package/db/schema/004_recommendations.sql +46 -0
  21. package/db/schema/005_strategy.sql +21 -0
  22. package/lib/auto-docs.mjs +3 -4
  23. package/lib/beads-automation.mjs +16 -7
  24. package/lib/cli-commands.mjs +52 -2
  25. package/lib/comment-lint.mjs +7 -1
  26. package/lib/config/schema.mjs +3 -0
  27. package/lib/embed/conflict-detection.mjs +26 -9
  28. package/lib/embed/customer-profiles.mjs +37 -17
  29. package/lib/embed/daemon.mjs +10 -8
  30. package/lib/embed/recommendation-store.mjs +213 -14
  31. package/lib/embed/workspaces.mjs +53 -18
  32. package/lib/flavors/loader.mjs +136 -0
  33. package/lib/gates-audit.mjs +3 -3
  34. package/lib/health-check.mjs +1 -1
  35. package/lib/hooks/agent-tracker.mjs +22 -3
  36. package/lib/hooks/pre-compact.mjs +3 -0
  37. package/lib/hooks/pre-push-gate.mjs +14 -1
  38. package/lib/hooks/read-tracker.mjs +10 -101
  39. package/lib/hooks/session-optimize.mjs +3 -2
  40. package/lib/hooks/session-reflect.mjs +68 -0
  41. package/lib/host-capabilities.mjs +90 -1
  42. package/lib/init-unified.mjs +25 -2
  43. package/lib/init-update.mjs +246 -131
  44. package/lib/intake/classify.mjs +61 -183
  45. package/lib/intake/prepare.mjs +7 -0
  46. package/lib/intake/tables/creative.mjs +94 -0
  47. package/lib/intake/tables/operations.mjs +85 -0
  48. package/lib/intake/tables/research.mjs +85 -0
  49. package/lib/intake/tables/rnd.mjs +175 -0
  50. package/lib/intent-classifier.mjs +1 -0
  51. package/lib/knowledge/layout.mjs +10 -0
  52. package/lib/knowledge/research-store.mjs +109 -0
  53. package/lib/mcp/tools/telemetry.mjs +30 -78
  54. package/lib/model-router.mjs +61 -1
  55. package/lib/observation-store.mjs +19 -0
  56. package/lib/ollama-manager.mjs +1 -1
  57. package/lib/opencode-telemetry.mjs +4 -5
  58. package/lib/orchestration-policy.mjs +9 -0
  59. package/lib/outcomes/aggregate.mjs +104 -0
  60. package/lib/outcomes/record.mjs +115 -0
  61. package/lib/parity.mjs +121 -21
  62. package/lib/profiles/lifecycle.mjs +388 -0
  63. package/lib/profiles/loader.mjs +123 -0
  64. package/lib/profiles/validate-custom.mjs +114 -0
  65. package/lib/prompt-composer.js +106 -29
  66. package/lib/read-tracker-store.mjs +149 -0
  67. package/lib/reflect/extractor.mjs +193 -0
  68. package/lib/reflect.mjs +89 -2
  69. package/lib/sandbox.mjs +102 -0
  70. package/lib/server/index.mjs +76 -0
  71. package/lib/server/telemetry-login.mjs +17 -25
  72. package/lib/service-manager.mjs +30 -22
  73. package/lib/services/local-postgres.mjs +15 -0
  74. package/lib/services/telemetry-backend.mjs +1 -2
  75. package/lib/setup.mjs +8 -43
  76. package/lib/status.mjs +51 -5
  77. package/lib/storage/backend.mjs +12 -2
  78. package/lib/strategy-store.mjs +371 -0
  79. package/lib/telemetry/backends/local.mjs +6 -4
  80. package/lib/telemetry/client.mjs +185 -0
  81. package/lib/telemetry/ingest.mjs +13 -5
  82. package/lib/telemetry/team-rollup.mjs +9 -2
  83. package/lib/worker/trace.mjs +17 -27
  84. package/package.json +10 -2
  85. package/personas/construct.md +20 -20
  86. package/platforms/claude/settings.template.json +13 -0
  87. package/rules/common/research.md +44 -12
  88. package/scripts/sync-agents.mjs +11 -0
  89. package/skills/docs/backlog-proposal-workflow.md +2 -2
  90. package/skills/docs/customer-profile-workflow.md +1 -1
  91. package/skills/docs/evidence-ingest-workflow.md +5 -5
  92. package/skills/docs/prfaq-workflow.md +1 -1
  93. package/skills/docs/product-intelligence-review.md +1 -1
  94. package/skills/docs/product-intelligence-workflow.md +3 -3
  95. package/skills/docs/product-signal-workflow.md +48 -18
  96. package/skills/docs/research-workflow.md +26 -14
  97. package/skills/docs/strategy-workflow.md +36 -0
  98. package/skills/roles/architect.ai-systems.md +4 -2
  99. package/skills/roles/architect.data.md +4 -2
  100. package/skills/roles/architect.enterprise.md +4 -2
  101. package/skills/roles/architect.integration.md +4 -2
  102. package/skills/roles/architect.md +7 -5
  103. package/skills/roles/architect.platform.md +4 -2
  104. package/skills/roles/data-analyst.experiment.md +4 -2
  105. package/skills/roles/data-analyst.md +9 -7
  106. package/skills/roles/data-analyst.product-intelligence.md +5 -3
  107. package/skills/roles/data-analyst.product.md +4 -2
  108. package/skills/roles/data-analyst.telemetry.md +4 -2
  109. package/skills/roles/data-engineer.pipeline.md +4 -2
  110. package/skills/roles/data-engineer.vector-retrieval.md +4 -2
  111. package/skills/roles/data-engineer.warehouse.md +4 -2
  112. package/skills/roles/debugger.md +7 -5
  113. package/skills/roles/designer.accessibility.md +4 -2
  114. package/skills/roles/designer.md +10 -8
  115. package/skills/roles/engineer.ai.md +4 -2
  116. package/skills/roles/engineer.data.md +5 -3
  117. package/skills/roles/engineer.md +14 -12
  118. package/skills/roles/engineer.platform.md +5 -3
  119. package/skills/roles/operator.docs.md +6 -4
  120. package/skills/roles/operator.md +6 -4
  121. package/skills/roles/operator.release.md +4 -2
  122. package/skills/roles/operator.sre.md +5 -3
  123. package/skills/roles/orchestrator.md +5 -3
  124. package/skills/roles/product-manager.ai-product.md +4 -2
  125. package/skills/roles/product-manager.business-strategy.md +4 -2
  126. package/skills/roles/product-manager.enterprise.md +4 -2
  127. package/skills/roles/product-manager.growth.md +4 -2
  128. package/skills/roles/product-manager.md +6 -4
  129. package/skills/roles/product-manager.platform.md +4 -2
  130. package/skills/roles/product-manager.product.md +4 -2
  131. package/skills/roles/qa.ai-eval.md +4 -2
  132. package/skills/roles/qa.api-contract.md +4 -2
  133. package/skills/roles/qa.data-pipeline.md +4 -2
  134. package/skills/roles/qa.md +7 -5
  135. package/skills/roles/qa.test-automation.md +5 -3
  136. package/skills/roles/qa.web-ui.md +4 -2
  137. package/skills/roles/researcher.explorer.md +4 -2
  138. package/skills/roles/researcher.md +35 -20
  139. package/skills/roles/researcher.ux.md +4 -2
  140. package/skills/roles/reviewer.devil-advocate.md +4 -2
  141. package/skills/roles/reviewer.evaluator.md +4 -2
  142. package/skills/roles/reviewer.md +14 -12
  143. package/skills/roles/reviewer.trace.md +4 -2
  144. package/skills/roles/security.ai.md +4 -2
  145. package/skills/roles/security.appsec.md +4 -2
  146. package/skills/roles/security.cloud.md +4 -2
  147. package/skills/roles/security.legal-compliance.md +4 -2
  148. package/skills/roles/security.md +7 -5
  149. package/skills/roles/security.privacy.md +4 -2
  150. package/skills/roles/security.supply-chain.md +4 -2
  151. package/skills/routing.md +8 -1
  152. package/templates/docs/persona-artifact.md +36 -0
  153. package/templates/docs/research-brief.md +63 -9
  154. package/templates/docs/research-finding.md +26 -0
  155. package/templates/docs/skill-artifact.md +27 -0
  156. package/templates/docs/strategy.md +36 -0
  157. package/templates/homebrew/construct.rb +6 -6
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/researcher.md Anti-pattern guidance for the Researcher role.
2
+ skills/roles/researcher.md. Anti-pattern guidance for the Researcher role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the researcher domain and counter-moves to avoid them.
@@ -9,11 +9,13 @@ Applies to: cx-researcher, cx-ux-researcher, cx-explorer.
9
9
  role: researcher
10
10
  applies_to: [cx-researcher, cx-ux-researcher, cx-explorer]
11
11
  inherits: null
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
- # Researcher Role guidance
16
+ # Researcher. Role guidance
15
17
 
16
- Load this before drafting. These are the failure modes that separate strong role output from weak role output check your draft against each.
18
+ Load this before drafting. These are the failure modes that separate strong role output from weak role output. check your draft against each.
17
19
 
18
20
 
19
21
  ### 1. Confirmation bias
@@ -27,42 +29,55 @@ Load this before drafting. These are the failure modes that separate strong role
27
29
  **Counter-move**: require at least two independent sources for each load-bearing claim. Note when they disagree.
28
30
 
29
31
  ### 3. Freshness blindness
30
- **Symptom**: cited source dated 2019 used as current for a fast-moving topic AI capabilities, framework APIs, security advisories.
32
+ **Symptom**: cited source dated 2019–2024 used as current for a fast-moving topic. AI capabilities, framework APIs, security advisories.
31
33
  **Why it fails**: the reader assumes the finding is current; acts on stale information.
32
- **Counter-move**: check and record the publication date of every source. For fast-moving topics, prefer sources within the last 12 months.
34
+ **Counter-move**: start searches from the most recent year and step backward only if insufficient. Record the publication date of every source. For fast-moving topics (LLM behavior, security advisories, market data), treat anything older than 12 months as presumptively stale unless a newer source confirms it is still accurate.
33
35
 
34
- ### 4. Findings without confidence
36
+ ### 4. Wrong starting point
37
+ **Symptom**: searching Google or a general index when a domain-specific authoritative source exists. arXiv for AI research, NVD for CVEs, NeurIPS/ICML proceedings for ML, official vendor docs for APIs.
38
+ **Why it fails**: general search returns popularity-ranked results, not authority-ranked ones. The most-cited blog post is not the same as the primary paper.
39
+ **Counter-move**: use the domain's authoritative starting point first (see `rules/common/research.md` §2). Only fall back to general search if the authoritative source is insufficient.
40
+
41
+ ### 5. Unverified URLs
42
+ **Symptom**: URLs included in the brief have not been fetched. the researcher copied them from a search result or from memory.
43
+ **Why it fails**: URLs rot. A confident citation pointing to a 404 or a different page than intended is worse than no citation.
44
+ **Counter-move**: fetch every URL before including it. Confirm the content matches the cited claim. Mark any URL that cannot be fetched `[unverified]` and flag it as a gap.
45
+
46
+ ### 6. Findings without confidence
35
47
  **Symptom**: all findings presented flatly, with no distinction between what is well-established and what is speculative.
36
48
  **Why it fails**: the reader cannot decide how much weight to place on each claim.
37
49
  **Counter-move**: label each finding high / medium / low confidence, with a one-line reason.
38
50
 
39
- ### 5. Observation confused with inference
51
+ ### 7. Observation confused with inference
40
52
  **Symptom**: the doc presents what the author concluded as what the source said.
41
53
  **Why it fails**: the conclusion cannot be audited. Reviewers who disagree cannot find the step where the logic turned.
42
54
  **Counter-move**: separate "what the source said" from "what I infer from this". Label them.
43
55
 
44
- ### 6. Secondary sources passed as primary
56
+ ### 8. Secondary sources passed as primary
45
57
  **Symptom**: citations point to summaries, listicles, or syntheses instead of the underlying paper, spec, or changelog.
46
58
  **Why it fails**: the summary may misrepresent the primary source. The chain of error is invisible.
47
- **Counter-move**: cite primary sources the actual paper, spec, commit, or dataset. Use secondary sources only to discover primary ones.
59
+ **Counter-move**: cite primary sources. the actual paper, spec, commit, or dataset. Use secondary sources only to discover primary ones.
48
60
 
49
- ### 7. Scope creep
61
+ ### 9. Scope creep
50
62
  **Symptom**: the research question was about X but the brief covers X, Y, and Z because they came up.
51
63
  **Why it fails**: the original question does not get answered well; reviewers cannot tell which findings are load-bearing.
52
64
  **Counter-move**: answer the original question first and completely. Tangential findings go into a separate section or a follow-up.
53
65
 
54
- ### 8. Action without evidence threshold
66
+ ### 10. Action without evidence threshold
55
67
  **Symptom**: the implications section recommends a change without stating what evidence would have led to a different recommendation.
56
68
  **Why it fails**: the research is unfalsifiable. Any finding leads to the same recommendation.
57
69
  **Counter-move**: state up-front what evidence would cause the recommendation to flip. Verify the actual evidence meets the threshold.
58
70
 
59
71
  ## Self-check before shipping
60
72
 
61
- - [ ] Strongest counter-finding is named and addressed
62
- - [ ] Each load-bearing claim has at least two independent sources
63
- - [ ] Source dates recorded; fast-moving topics use recent sources
64
- - [ ] Each finding labeled with confidence and reason
65
- - [ ] Observation separated from inference
66
- - [ ] Citations point to primary sources
67
- - [ ] Original question is answered first; tangents are separate
68
- - [ ] Evidence threshold for the recommendation is stated
73
+ - [ ] Started search from the most recent year and stepped back only when insufficient
74
+ - [ ] Used domain-specific authoritative starting point (see `rules/common/research.md` §2), not general search as default
75
+ - [ ] Every URL fetched and confirmed to match the cited claim
76
+ - [ ] Strongest counter-finding named and addressed
77
+ - [ ] Each load-bearing claim has at least two independent sources (or one authoritative primary)
78
+ - [ ] Source dates recorded; fast-moving topics use sources within last 12 months
79
+ - [ ] Each finding labeled with confidence (high/medium/low) and one-line reason
80
+ - [ ] Observation separated from inference. labeled differently
81
+ - [ ] Citations point to primary sources, not summaries or index pages
82
+ - [ ] Original question answered first; tangents in a separate section
83
+ - [ ] Evidence threshold for the recommendation is stated explicitly
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/researcher.ux.md Anti-pattern guidance for the Researcher.ux (ux) role.
2
+ skills/roles/researcher.ux.md. Anti-pattern guidance for the Researcher.ux (ux) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the researcher.ux (ux) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-ux-researcher.
9
9
  role: researcher.ux
10
10
  applies_to: [cx-ux-researcher]
11
11
  inherits: researcher
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # UX Researcher Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/reviewer.devil-advocate.md Anti-pattern guidance for the Reviewer.devil-advocate (devil advocate) role.
2
+ skills/roles/reviewer.devil-advocate.md. Anti-pattern guidance for the Reviewer.devil-advocate (devil advocate) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the reviewer.devil-advocate (devil advocate) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-devil-advocate.
9
9
  role: reviewer.devil-advocate
10
10
  applies_to: [cx-devil-advocate]
11
11
  inherits: reviewer
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Devil's Advocate Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/reviewer.evaluator.md Anti-pattern guidance for the Reviewer.evaluator (evaluator) role.
2
+ skills/roles/reviewer.evaluator.md. Anti-pattern guidance for the Reviewer.evaluator (evaluator) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the reviewer.evaluator (evaluator) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-evaluator.
9
9
  role: reviewer.evaluator
10
10
  applies_to: [cx-evaluator]
11
11
  inherits: reviewer
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Evaluator Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/reviewer.md Anti-pattern guidance for the Reviewer role.
2
+ skills/roles/reviewer.md. Anti-pattern guidance for the Reviewer role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the reviewer domain and counter-moves to avoid them.
@@ -9,17 +9,19 @@ Applies to: cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer.
9
9
  role: reviewer
10
10
  applies_to: [cx-reviewer, cx-devil-advocate, cx-evaluator, cx-trace-reviewer]
11
11
  inherits: null
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
- # Reviewer Role guidance
16
+ # Reviewer. Role guidance
15
17
 
16
- Load this before drafting. These are the failure modes that separate strong role output from weak role output check your draft against each.
18
+ Load this before drafting. These are the failure modes that separate strong role output from weak role output. check your draft against each.
17
19
 
18
20
 
19
21
  ### 1. Nit-picking over structure
20
- **Symptom**: the review focuses on variable names and formatting while leaving the structural problem wrong abstraction, missing tests, unsafe concurrency unflagged.
22
+ **Symptom**: the review focuses on variable names and formatting while leaving the structural problem. wrong abstraction, missing tests, unsafe concurrency. unflagged.
21
23
  **Why it fails**: the author fixes the surface and ships the real bug. The reviewer signals thoroughness while providing no real coverage.
22
- **Counter-move**: audit structure first correctness, blast radius, invariants, test coverage before any style feedback.
24
+ **Counter-move**: audit structure first. correctness, blast radius, invariants, test coverage. before any style feedback.
23
25
 
24
26
  ### 2. LGTM without running the code
25
27
  **Symptom**: approval given based on reading the diff, with no build, no test run, no exploration of the change in situ.
@@ -32,7 +34,7 @@ Load this before drafting. These are the failure modes that separate strong role
32
34
  **Counter-move**: grep for callers of anything changed. Check whether the change is backwards-compatible for each.
33
35
 
34
36
  ### 4. No severity
35
- **Symptom**: all feedback presented at the same weight a typo and a security vulnerability get equal prominence.
37
+ **Symptom**: all feedback presented at the same weight. a typo and a security vulnerability get equal prominence.
36
38
  **Why it fails**: the author cannot tell what blocks merge versus what is optional. Real issues get lost.
37
39
  **Counter-move**: label each finding CRITICAL / HIGH / MEDIUM / LOW. State what the author must address before merge.
38
40
 
@@ -71,11 +73,11 @@ Load this before drafting. These are the failure modes that separate strong role
71
73
 
72
74
  A review that approves while these gates would fail in CI is a failed review. Run or confirm the author ran:
73
75
 
74
- - [ ] `npm test` 0 failed
75
- - [ ] `node bin/construct lint:comments` 0 errors AND 0 warnings (treat warnings as blocking)
76
- - [ ] `node bin/construct docs:verify` all checks passed, no warnings
77
- - [ ] `node bin/construct docs:update --check` AUTO regions up to date
78
- - [ ] `npm run lint:templates` commit subjects + PR body match the canonical templates
76
+ - [ ] `npm test`. 0 failed
77
+ - [ ] `node bin/construct lint:comments`. 0 errors AND 0 warnings (treat warnings as blocking)
78
+ - [ ] `node bin/construct docs:verify`. all checks passed, no warnings
79
+ - [ ] `node bin/construct docs:update --check`. AUTO regions up to date
80
+ - [ ] `npm run lint:templates`. commit subjects + PR body match the canonical templates
79
81
 
80
82
  See `rules/common/release-gates.md`. Block approval until evidence is in the PR body.
81
83
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/reviewer.trace.md Anti-pattern guidance for the Reviewer.trace (trace) role.
2
+ skills/roles/reviewer.trace.md. Anti-pattern guidance for the Reviewer.trace (trace) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the reviewer.trace (trace) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-trace-reviewer.
9
9
  role: reviewer.trace
10
10
  applies_to: [cx-trace-reviewer]
11
11
  inherits: reviewer
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Trace Reviewer Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.ai.md Anti-pattern guidance for the Security.ai (ai) role.
2
+ skills/roles/security.ai.md. Anti-pattern guidance for the Security.ai (ai) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security.ai (ai) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-security, cx-ai-engineer.
9
9
  role: security.ai
10
10
  applies_to: [cx-security, cx-ai-engineer]
11
11
  inherits: security
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # AI Security Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.appsec.md Anti-pattern guidance for the Security.appsec (appsec) role.
2
+ skills/roles/security.appsec.md. Anti-pattern guidance for the Security.appsec (appsec) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security.appsec (appsec) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-security.
9
9
  role: security.appsec
10
10
  applies_to: [cx-security]
11
11
  inherits: security
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # AppSec Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.cloud.md Anti-pattern guidance for the Security.cloud (cloud) role.
2
+ skills/roles/security.cloud.md. Anti-pattern guidance for the Security.cloud (cloud) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security.cloud (cloud) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-security.
9
9
  role: security.cloud
10
10
  applies_to: [cx-security]
11
11
  inherits: security
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Cloud Security Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.legal-compliance.md Anti-pattern guidance for the Security.legal-compliance (legal compliance) role.
2
+ skills/roles/security.legal-compliance.md. Anti-pattern guidance for the Security.legal-compliance (legal compliance) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security.legal-compliance (legal compliance) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-legal-compliance.
9
9
  role: security.legal-compliance
10
10
  applies_to: [cx-legal-compliance]
11
11
  inherits: security
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Legal & Compliance Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.md Anti-pattern guidance for the Security role.
2
+ skills/roles/security.md. Anti-pattern guidance for the Security role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security domain and counter-moves to avoid them.
@@ -9,15 +9,17 @@ Applies to: cx-security, cx-legal-compliance.
9
9
  role: security
10
10
  applies_to: [cx-security, cx-legal-compliance]
11
11
  inherits: null
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
- # Security Role guidance
16
+ # Security. Role guidance
15
17
 
16
- Load this before drafting. These are the failure modes that separate strong role output from weak role output check your draft against each.
18
+ Load this before drafting. These are the failure modes that separate strong role output from weak role output. check your draft against each.
17
19
 
18
20
 
19
21
  ### 1. Defense in absence
20
- **Symptom**: protection depends on a single layer a firewall, a middleware, a validation step with no defense if that layer is bypassed.
22
+ **Symptom**: protection depends on a single layer. a firewall, a middleware, a validation step. with no defense if that layer is bypassed.
21
23
  **Why it fails**: one misconfiguration or bug eliminates all protection at once.
22
24
  **Counter-move**: assume any single control can fail. Layer controls at the network, application, and data boundaries.
23
25
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.privacy.md Anti-pattern guidance for the Security.privacy (privacy) role.
2
+ skills/roles/security.privacy.md. Anti-pattern guidance for the Security.privacy (privacy) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security.privacy (privacy) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-security, cx-legal-compliance.
9
9
  role: security.privacy
10
10
  applies_to: [cx-security, cx-legal-compliance]
11
11
  inherits: security
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Privacy Security Overlay
15
17
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- skills/roles/security.supply-chain.md Anti-pattern guidance for the Security.supply-chain (supply chain) role.
2
+ skills/roles/security.supply-chain.md. Anti-pattern guidance for the Security.supply-chain (supply chain) role.
3
3
 
4
4
  Loaded at sync time to inline role-specific failure modes into specialist agent prompts.
5
5
  Covers common failure modes for the security.supply-chain (supply chain) domain and counter-moves to avoid them.
@@ -9,7 +9,9 @@ Applies to: cx-security, cx-platform-engineer.
9
9
  role: security.supply-chain
10
10
  applies_to: [cx-security, cx-platform-engineer]
11
11
  inherits: security
12
- version: 1
12
+ version: 2
13
+ profiles: [rnd]
14
+ cap: 1
13
15
  ---
14
16
  # Supply Chain Security Overlay
15
17
 
package/skills/routing.md CHANGED
@@ -122,7 +122,8 @@ Read the matching skill file before responding when the user's request matches t
122
122
  | init docs, create docs structure, set up documentation, docs scaffold, documentation init | `skills/docs/init-docs.md` | Initialize required project-state docs and documentation structure |
123
123
  | research X, investigate X, find evidence, gather evidence | `skills/docs/research-workflow.md` | Research workflow — question to .cx/research/ file |
124
124
  | product intelligence, customer notes, field notes, product signals, customer profile, evidence brief, signal brief, backlog proposal | `skills/docs/product-intelligence-workflow.md` | Product Intelligence workflow — evidence to product artifacts |
125
- | ingest evidence, ingest customer notes, ingest Slack thread, ingest support ticket, normalize field notes | `skills/docs/evidence-ingest-workflow.md` | Evidence ingest workflow raw source to .cx/product-intel/ |
125
+ | strategy, product strategy, strategic bet, non-bet, north star, time horizon, competitive positioning | `skills/docs/strategy-workflow.md` | Product strategyread, update, and reason about the strategy store |
126
+ | ingest evidence, ingest customer notes, ingest Slack thread, ingest support ticket, normalize field notes | `skills/docs/evidence-ingest-workflow.md` | Evidence ingest workflow — raw source to .cx/knowledge/ |
126
127
  | write a PRD, create requirements, spec out, requirements document, Meta PRD, platform PRD | `skills/docs/prd-workflow.md` | PRD workflow — requirements to docs/prd/ or docs/meta-prd/ |
127
128
  | write a PRFAQ, working backwards doc, press release FAQ | `skills/docs/prfaq-workflow.md` | PRFAQ workflow — launch narrative from PRD or evidence |
128
129
  | create Jira proposal, update Linear, backlog proposal, issue proposal | `skills/docs/backlog-proposal-workflow.md` | Backlog proposal workflow — approval-gated issue tracker changes |
@@ -137,3 +138,9 @@ Read the matching skill file before responding when the user's request matches t
137
138
  3. Detect programming language from file extensions or context and read the corresponding development skill.
138
139
  4. Read each skill file once per conversation.
139
140
  5. Skill file content is authoritative over training data when they conflict.
141
+
142
+ ## Agent Roster Disambiguation
143
+
144
+ **cx-engineer vs cx-platform-engineer:** cx-engineer builds product features for end users. cx-platform-engineer builds the internal platform — CI/CD, deployment tooling, developer environments, internal APIs, and reliability infrastructure. They operate in distinct domains with different quality bars (user-facing UX vs. developer ergonomics and system reliability). Use cx-platform-engineer when the subject is a platform service, internal tool, build pipeline, or infrastructure component that engineers consume, not end users.
145
+
146
+ **Platform domain overlays** (`roles/product-manager.platform`, `roles/architect.platform`, `roles/engineer.platform`) apply when the PRODUCT being designed or built is a platform — an API, SDK, or developer surface consumed by other developers. These are skill overlays on PM/architect/engineer roles, not routing to cx-platform-engineer. Route to cx-platform-engineer only when the work is infra/ops, not product.
@@ -0,0 +1,36 @@
1
+ # <Role display name>
2
+
3
+ > Anchor doc for the <role-id> persona. Methodology: `docs/concepts/persona-research.md`. This file is generated by `construct profile create` and is part of the discover + frame phases. The persona is not promotable until every section below is filled from evidence, not opinion.
4
+
5
+ ## Goals
6
+
7
+ - <What does success look like for this role? Not the org's goals; theirs.>
8
+ - <Goal 2>
9
+
10
+ ## Frustrations
11
+
12
+ - <What slows them down, what they get blamed for.>
13
+
14
+ ## Decision rights
15
+
16
+ - Decides: <list>
17
+ - Escalates: <list>
18
+
19
+ ## Handoffs
20
+
21
+ - Hands off to: <role> when <condition>
22
+ - Receives from: <role> when <condition>
23
+
24
+ ## Output contract
25
+
26
+ - Format: <markdown structure, code diff, JSON, etc.>
27
+ - Depth: <short bullet list, two-page doc, one-screen summary, etc.>
28
+ - Citations: <required | encouraged | none>
29
+
30
+ ## Failure modes
31
+
32
+ - <Common ways this persona goes wrong; what to watch for.>
33
+
34
+ ## Evidence
35
+
36
+ - <Interview, doc, postmortem, public job spec. At least two primary sources.>
@@ -2,28 +2,82 @@
2
2
 
3
3
  - **Date**: {YYYY-MM-DD}
4
4
  - **Author**: {name}
5
+ - **Domain**: {ai-tools | developer-tools | security | market | cloud-api | regulatory | academic | other}
5
6
  - **Status**: in-progress | complete
7
+ - **Recency baseline**: Sources from {YYYY} and later preferred; oldest source used: {YYYY-MM-DD}
6
8
 
7
9
  ## Question
8
- <!-- The specific, falsifiable question this research is trying to answer. One sentence. -->
10
+
11
+ <!-- One specific, falsifiable question this research must answer. Not a topic — a question with a determinate answer. -->
9
12
 
10
13
  ## Method
11
- <!-- How the question was investigated. Start order, queries run, internal paths checked, experiments performed, and systems consulted. Enough detail that another person could reproduce it. -->
14
+
15
+ <!-- How the question was investigated:
16
+ - Domain starting point used (arXiv, NVD, Stack Overflow Survey, vendor docs, etc.)
17
+ - Date filter applied (search from YYYY-first)
18
+ - Internal paths checked (.cx/research/, .cx/knowledge/, ADRs, etc.)
19
+ - Search terms and queries run
20
+ - Systems and indexes consulted
21
+ - Inclusion/exclusion decisions
22
+ Enough detail that another person could reproduce it. -->
12
23
 
13
24
  ## Sources
14
- <!-- For each source record: title/path, source class (internal/primary/secondary/tertiary), version or revision if relevant, and publication/access date. Separate primary from secondary. Note where sources disagree. -->
25
+
26
+ | Title / Path | Class | Date | URL | Verified | Relevance |
27
+ |---|---|---|---|---|---|
28
+ | {source title or file path} | primary / secondary / tertiary | {YYYY-MM-DD} | {URL or path} | yes / no / n/a | {one-line} |
29
+
30
+ <!-- Class definitions:
31
+ - primary: peer-reviewed papers, official docs at exact version, raw source code, standards, company announcements, SEC filings
32
+ - secondary: changelogs, migration guides, tracked issues, maintainer posts, conference talks by authors
33
+ - tertiary: blog posts, forums, Q&A, analyst summaries — for discovery only, never as evidence
34
+ Mark Verified = yes only after fetching the URL and confirming content matches. -->
15
35
 
16
36
  ## Findings
17
- <!-- What the evidence says. Separate observation from inference. Label each finding with its confidence level and cite the supporting source(s). -->
18
37
 
19
- ## Confidence
20
- <!-- Per finding: high / medium / low, and why. Name the biggest unknowns. -->
38
+ <!-- For each finding, state separately:
39
+ - Observation: what the source(s) actually say direct, traceable
40
+ - Inference: what is concluded from the observation — labeled as inference
41
+ - Confidence: high / medium / low, with a one-line reason
42
+ - Sources: reference the Source table row(s) -->
43
+
44
+ ### Finding 1 — {short label}
45
+
46
+ **Observation**: <!-- what the sources say -->
47
+ **Inference**: <!-- what is concluded — labeled as inference -->
48
+ **Confidence**: high / medium / low — {reason}
49
+ **Sources**: {source title(s) from table}
50
+
51
+ ### Finding N — {short label}
52
+
53
+ <!-- repeat as needed -->
54
+
55
+ ## Counter-evidence
56
+
57
+ <!-- The strongest finding that contradicts or complicates the conclusion. How it was addressed. If no counter-evidence was found, state that and note whether it was actively searched for. -->
58
+
59
+ ## Confidence summary
60
+
61
+ <!-- Overall confidence across all findings. Key uncertainties. What would most change the conclusion. -->
62
+
63
+ ## Gaps
64
+
65
+ <!-- What this research did not resolve. For each gap: what evidence is missing and what would be needed to fill it. -->
21
66
 
22
67
  ## Implications
23
- <!-- What decisions this research enables or blocks. Who should act on it. -->
68
+
69
+ <!-- What decisions this research enables or blocks. Who should act on it and in what timeframe. -->
70
+
71
+ ## Recommendation
72
+
73
+ <!-- What the evidence supports. State the evidence threshold at which this recommendation would flip. -->
24
74
 
25
75
  ## Open questions
26
- <!-- What this research did not resolve. What would be needed to answer each. -->
76
+
77
+ <!-- Remaining questions scoped out of this brief. Suitable for a follow-up research task or a handoff. -->
27
78
 
28
79
  ## References
29
- <!-- Full citation list. Include URLs, document paths, versions, and dates. -->
80
+
81
+ <!-- Full citation list. Format: Author(s). (Year). Title. Venue/Source. Retrieved from URL.
82
+ Include: author(s) or org, year, title, publication venue, URL, access date for web sources.
83
+ Mark any URL that was not verified as [unverified]. -->
@@ -0,0 +1,26 @@
1
+ ---
2
+ kind: research-finding
3
+ topic: "<short topic line>"
4
+ confidence: inferred
5
+ sources: []
6
+ created: <ISO timestamp set by construct knowledge add>
7
+ expiresAt: <ISO timestamp, default created + 90d>
8
+ profile: <active profile id>
9
+ ---
10
+
11
+ ## FINDINGS
12
+
13
+ - <Finding 1 with citation>
14
+ - <Finding 2 with citation>
15
+
16
+ ## INFERENCES
17
+
18
+ - <Inference labeled as such>
19
+
20
+ ## GAPS
21
+
22
+ - <What we could not confirm>
23
+
24
+ ## RECOMMENDATION
25
+
26
+ - <Next action based on the evidence available>
@@ -0,0 +1,27 @@
1
+ ---
2
+ name: <verb-led-id>
3
+ scope: <one paragraph: what it covers, what it does not>
4
+ observable_outcome: <how someone outside the role tells this skill happened>
5
+ provenance:
6
+ - <citation: post-mortem, public framework, competency model>
7
+ roles:
8
+ - <role-id that uses this skill>
9
+ ---
10
+
11
+ # <Skill display name>
12
+
13
+ ## What this skill produces
14
+
15
+ <Concrete output. Bloom-style: not "knows X" but "produces Y".>
16
+
17
+ ## When to invoke it
18
+
19
+ <Triggers. What the operator or the upstream persona is doing when this skill is the right call.>
20
+
21
+ ## How it composes
22
+
23
+ <Other skills typically chained before or after.>
24
+
25
+ ## Anti-patterns
26
+
27
+ <Ways this skill gets misapplied; what looks similar but is not this.>
@@ -0,0 +1,36 @@
1
+ ---
2
+ title: Product Strategy
3
+ updated: YYYY-MM-DD
4
+ horizon: "6–12 months"
5
+ ---
6
+
7
+ <!--
8
+ templates/docs/strategy.md — Template for product strategy documents.
9
+ Use for both user-product strategy and Construct's own strategy (.cx/strategy.md).
10
+ Canonical store: ~/.cx/strategy.md (user-global) or .cx/strategy.md (project-local, committed).
11
+ Owning workflow: skills/docs/strategy-workflow.md.
12
+ -->
13
+
14
+ ## Vision
15
+ <!-- 1–3 sentences. Where are we going in 3–5 years? -->
16
+
17
+ ## Bets
18
+ <!-- Explicit choices. Each bet: what we're doing and why. -->
19
+ - **Bet 1**: …
20
+ - **Bet 2**: …
21
+
22
+ ## Non-bets
23
+ <!-- What we are explicitly NOT doing, and why. This section prevents strategy drift. -->
24
+ - **Not doing**: … **Because**: …
25
+
26
+ ## Time Horizon
27
+ <!-- Current cycle focus. What must be true 6–12 months from now? -->
28
+
29
+ ## North Star Metric
30
+ <!-- Single measurable outcome. Format: Metric / Baseline / Target / Owner -->
31
+
32
+ ## Competitive Positioning
33
+ <!-- How we differentiate. 2–4 sentences. -->
34
+
35
+ ## Open Bets
36
+ <!-- Decisions not yet made. Clarify and move to Bets or Non-bets. -->
@@ -2,13 +2,13 @@
2
2
  #
3
3
  # Authoritative copy lives in the construct repo at templates/homebrew/
4
4
  # construct.rb. The tap repo (geraldmaron/homebrew-construct) carries the
5
- # active formula at Formula/construct.rb and is updated by the release
6
- # workflow's Homebrew bump step on every tag push.
5
+ # active formula at Formula/construct.rb.
7
6
  #
8
- # When the release pipeline fires for `vX.Y.Z`, dawidd6/action-homebrew-bump-
9
- # formula rewrites the url + sha256 fields for each platform from the
10
- # matching GitHub Release asset. The placeholder SHAs below are only used
11
- # when seeding the tap by hand the first time.
7
+ # The release workflow's `homebrew` job regenerates Formula/construct.rb from
8
+ # scratch on every `v*` tag push it downloads sha256 sidecars from the
9
+ # GitHub Release, fills in the version and per-platform URLs/SHAs, and pushes
10
+ # directly to the tap. The placeholder SHAs below are only used when seeding
11
+ # the tap by hand the first time (see docs/maintenance/homebrew-tap.md).
12
12
  class Construct < Formula
13
13
  desc "Deployable AI R&D operating system for coding agents — runs locally or for teams"
14
14
  homepage "https://github.com/geraldmaron/construct"