@geraldmaron/construct 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (293) hide show
  1. package/README.md +57 -44
  2. package/agents/prompts/cx-accessibility.md +3 -3
  3. package/agents/prompts/cx-ai-engineer.md +7 -7
  4. package/agents/prompts/cx-architect.md +6 -6
  5. package/agents/prompts/cx-business-strategist.md +6 -6
  6. package/agents/prompts/cx-data-analyst.md +7 -7
  7. package/agents/prompts/cx-data-engineer.md +3 -3
  8. package/agents/prompts/cx-debugger.md +6 -6
  9. package/agents/prompts/cx-designer.md +5 -5
  10. package/agents/prompts/cx-devil-advocate.md +4 -4
  11. package/agents/prompts/cx-docs-keeper.md +5 -5
  12. package/agents/prompts/cx-engineer.md +5 -5
  13. package/agents/prompts/cx-evaluator.md +2 -2
  14. package/agents/prompts/cx-explorer.md +8 -8
  15. package/agents/prompts/cx-legal-compliance.md +2 -2
  16. package/agents/prompts/cx-operations.md +5 -5
  17. package/agents/prompts/cx-orchestrator.md +10 -10
  18. package/agents/prompts/cx-platform-engineer.md +5 -5
  19. package/agents/prompts/cx-product-manager.md +4 -4
  20. package/agents/prompts/cx-qa.md +8 -8
  21. package/agents/prompts/cx-rd-lead.md +9 -9
  22. package/agents/prompts/cx-release-manager.md +5 -5
  23. package/agents/prompts/cx-researcher.md +22 -22
  24. package/agents/prompts/cx-reviewer.md +7 -7
  25. package/agents/prompts/cx-security.md +10 -10
  26. package/agents/prompts/cx-sre.md +7 -7
  27. package/agents/prompts/cx-test-automation.md +3 -3
  28. package/agents/prompts/cx-trace-reviewer.md +8 -8
  29. package/agents/prompts/cx-ux-researcher.md +3 -3
  30. package/bin/construct +470 -4
  31. package/commands/build/feature.md +4 -4
  32. package/commands/build/fix.md +8 -8
  33. package/commands/design/access.md +3 -3
  34. package/commands/design/flow.md +3 -3
  35. package/commands/design/ui.md +4 -4
  36. package/commands/measure/experiment.md +5 -5
  37. package/commands/measure/metrics.md +3 -3
  38. package/commands/measure/results.md +4 -4
  39. package/commands/plan/api.md +3 -3
  40. package/commands/plan/challenge.md +3 -3
  41. package/commands/plan/decide.md +3 -3
  42. package/commands/plan/feature.md +7 -7
  43. package/commands/plan/requirements.md +3 -3
  44. package/commands/remember/context.md +5 -5
  45. package/commands/remember/handoff.md +3 -3
  46. package/commands/remember/runbook.md +3 -3
  47. package/commands/review/code.md +8 -8
  48. package/commands/review/quality.md +4 -4
  49. package/commands/review/security.md +3 -3
  50. package/commands/ship/ready.md +3 -3
  51. package/commands/ship/release.md +3 -3
  52. package/commands/ship/status.md +4 -4
  53. package/commands/understand/docs.md +3 -3
  54. package/commands/understand/research.md +5 -3
  55. package/commands/understand/this.md +4 -4
  56. package/commands/understand/why.md +8 -8
  57. package/commands/work/clean.md +14 -14
  58. package/commands/work/drive.md +10 -10
  59. package/commands/work/optimize-prompts.md +9 -9
  60. package/commands/work/parallel-review.md +8 -8
  61. package/db/schema/006_graph.sql +24 -0
  62. package/examples/provider-plugin/README.md +7 -7
  63. package/examples/seed-observations/README.md +6 -6
  64. package/examples/seed-observations/anti-patterns.md +14 -14
  65. package/examples/seed-observations/decisions.md +4 -4
  66. package/examples/seed-observations/patterns.md +14 -14
  67. package/lib/auto-docs.mjs +10 -5
  68. package/lib/cli-commands.mjs +45 -1
  69. package/lib/comment-lint.mjs +7 -1
  70. package/lib/config/schema.mjs +3 -0
  71. package/lib/flavors/loader.mjs +136 -0
  72. package/lib/hooks/agent-tracker.mjs +22 -3
  73. package/lib/hooks/pre-push-gate.mjs +14 -1
  74. package/lib/hooks/session-optimize.mjs +3 -2
  75. package/lib/hooks/session-reflect.mjs +68 -0
  76. package/lib/init-unified.mjs +25 -2
  77. package/lib/intake/classify.mjs +61 -183
  78. package/lib/intake/prepare.mjs +7 -0
  79. package/lib/intake/tables/creative.mjs +94 -0
  80. package/lib/intake/tables/operations.mjs +85 -0
  81. package/lib/intake/tables/research.mjs +85 -0
  82. package/lib/intake/tables/rnd.mjs +175 -0
  83. package/lib/knowledge/graph.mjs +213 -0
  84. package/lib/knowledge/research-store.mjs +109 -0
  85. package/lib/mcp/server.mjs +187 -1
  86. package/lib/mcp/tools/profile.mjs +270 -0
  87. package/lib/observation-store.mjs +19 -0
  88. package/lib/outcomes/aggregate.mjs +104 -0
  89. package/lib/outcomes/record.mjs +115 -0
  90. package/lib/parity.mjs +6 -9
  91. package/lib/profiles/lifecycle.mjs +388 -0
  92. package/lib/profiles/loader.mjs +123 -0
  93. package/lib/profiles/validate-custom.mjs +114 -0
  94. package/lib/reflect/extractor.mjs +193 -0
  95. package/lib/reflect.mjs +89 -2
  96. package/lib/sandbox.mjs +102 -0
  97. package/package.json +6 -1
  98. package/personas/construct.md +20 -20
  99. package/platforms/claude/CLAUDE.md +6 -6
  100. package/platforms/claude/settings.template.json +13 -0
  101. package/rules/common/agents.md +2 -2
  102. package/rules/common/beads-hygiene.md +11 -11
  103. package/rules/common/code-review.md +1 -1
  104. package/rules/common/coding-style.md +1 -1
  105. package/rules/common/comments.md +8 -8
  106. package/rules/common/commit-approval.md +4 -4
  107. package/rules/common/cx-agent-routing.md +2 -2
  108. package/rules/common/cx-skill-routing.md +2 -2
  109. package/rules/common/development-workflow.md +1 -1
  110. package/rules/common/doc-ownership.md +2 -2
  111. package/rules/common/efficiency.md +3 -3
  112. package/rules/common/framing.md +1 -1
  113. package/rules/common/git-workflow.md +1 -1
  114. package/rules/common/patterns.md +1 -1
  115. package/rules/common/performance.md +1 -1
  116. package/rules/common/release-gates.md +7 -7
  117. package/rules/common/research.md +4 -4
  118. package/rules/common/security.md +1 -1
  119. package/rules/common/skill-composition.md +8 -8
  120. package/rules/common/testing.md +1 -1
  121. package/rules/golang/coding-style.md +2 -2
  122. package/rules/golang/hooks.md +1 -1
  123. package/rules/golang/patterns.md +1 -1
  124. package/rules/golang/security.md +1 -1
  125. package/rules/golang/testing.md +1 -1
  126. package/rules/python/coding-style.md +1 -1
  127. package/rules/python/hooks.md +1 -1
  128. package/rules/python/patterns.md +1 -1
  129. package/rules/python/security.md +1 -1
  130. package/rules/python/testing.md +1 -1
  131. package/rules/swift/coding-style.md +3 -3
  132. package/rules/swift/hooks.md +2 -2
  133. package/rules/swift/patterns.md +2 -2
  134. package/rules/swift/security.md +4 -4
  135. package/rules/swift/testing.md +2 -2
  136. package/rules/typescript/coding-style.md +1 -1
  137. package/rules/typescript/hooks.md +1 -1
  138. package/rules/typescript/patterns.md +1 -1
  139. package/rules/typescript/security.md +1 -1
  140. package/rules/typescript/testing.md +1 -1
  141. package/rules/web/coding-style.md +1 -1
  142. package/rules/web/design-quality.md +1 -1
  143. package/rules/web/hooks.md +1 -1
  144. package/rules/web/patterns.md +1 -1
  145. package/rules/web/performance.md +1 -1
  146. package/rules/web/security.md +1 -1
  147. package/rules/web/testing.md +1 -1
  148. package/scripts/sync-agents.mjs +11 -0
  149. package/skills/ai/agent-dev.md +1 -1
  150. package/skills/ai/llm-security.md +1 -1
  151. package/skills/ai/ml-ops.md +6 -6
  152. package/skills/ai/orchestration-workflow.md +1 -1
  153. package/skills/ai/prompt-and-eval.md +1 -1
  154. package/skills/ai/prompt-optimizer.md +13 -13
  155. package/skills/ai/rag-system.md +1 -1
  156. package/skills/architecture/api-design.md +1 -1
  157. package/skills/architecture/caching.md +1 -1
  158. package/skills/architecture/cloud-native.md +1 -1
  159. package/skills/architecture/message-queue.md +1 -1
  160. package/skills/architecture/security-arch.md +1 -1
  161. package/skills/compliance/ai-disclosure.md +1 -1
  162. package/skills/compliance/data-privacy.md +1 -1
  163. package/skills/compliance/license-audit.md +2 -2
  164. package/skills/compliance/regulatory-review.md +1 -1
  165. package/skills/development/cpp.md +1 -1
  166. package/skills/development/go.md +1 -1
  167. package/skills/development/java.md +1 -1
  168. package/skills/development/kotlin.md +9 -9
  169. package/skills/development/mobile-crossplatform.md +13 -13
  170. package/skills/development/python.md +1 -1
  171. package/skills/development/rust.md +1 -1
  172. package/skills/development/shell.md +1 -1
  173. package/skills/development/swift.md +6 -6
  174. package/skills/development/typescript.md +1 -1
  175. package/skills/devops/ci-cd.md +5 -5
  176. package/skills/devops/containerization.md +9 -9
  177. package/skills/devops/cost-optimization.md +1 -1
  178. package/skills/devops/data-engineering.md +2 -2
  179. package/skills/devops/database.md +1 -1
  180. package/skills/devops/dependency-management.md +3 -3
  181. package/skills/devops/devsecops.md +1 -1
  182. package/skills/devops/git-workflow.md +1 -1
  183. package/skills/devops/incident-response.md +18 -18
  184. package/skills/devops/monorepo.md +5 -5
  185. package/skills/devops/observability.md +1 -1
  186. package/skills/devops/performance.md +1 -1
  187. package/skills/devops/testing.md +1 -1
  188. package/skills/docs/adr-workflow.md +2 -2
  189. package/skills/docs/backlog-proposal-workflow.md +1 -1
  190. package/skills/docs/customer-profile-workflow.md +1 -1
  191. package/skills/docs/document-ingest-workflow.md +1 -1
  192. package/skills/docs/evidence-ingest-workflow.md +1 -1
  193. package/skills/docs/init-docs.md +15 -15
  194. package/skills/docs/init-project.md +1 -1
  195. package/skills/docs/prd-workflow.md +3 -3
  196. package/skills/docs/prfaq-workflow.md +1 -1
  197. package/skills/docs/product-intelligence-review.md +1 -1
  198. package/skills/docs/product-intelligence-workflow.md +1 -1
  199. package/skills/docs/product-signal-workflow.md +9 -9
  200. package/skills/docs/research-workflow.md +10 -10
  201. package/skills/docs/runbook-workflow.md +2 -2
  202. package/skills/docs/strategy-workflow.md +3 -3
  203. package/skills/exploration/repo-map.md +11 -11
  204. package/skills/frameworks/django.md +15 -15
  205. package/skills/frameworks/nextjs.md +16 -16
  206. package/skills/frameworks/react.md +12 -12
  207. package/skills/frameworks/spring-boot.md +12 -12
  208. package/skills/frontend-design/accessibility.md +6 -6
  209. package/skills/frontend-design/component-patterns.md +1 -1
  210. package/skills/frontend-design/engineering.md +1 -1
  211. package/skills/frontend-design/state-management.md +1 -1
  212. package/skills/frontend-design/ui-aesthetics.md +1 -1
  213. package/skills/frontend-design/ux-principles.md +1 -1
  214. package/skills/operating/orchestration-reference.md +27 -27
  215. package/skills/quality-gates/review-work.md +3 -3
  216. package/skills/quality-gates/verify-change.md +1 -1
  217. package/skills/quality-gates/verify-module.md +1 -1
  218. package/skills/quality-gates/verify-quality.md +1 -1
  219. package/skills/quality-gates/verify-security.md +1 -1
  220. package/skills/roles/architect.ai-systems.md +4 -2
  221. package/skills/roles/architect.data.md +4 -2
  222. package/skills/roles/architect.enterprise.md +4 -2
  223. package/skills/roles/architect.integration.md +4 -2
  224. package/skills/roles/architect.md +7 -5
  225. package/skills/roles/architect.platform.md +4 -2
  226. package/skills/roles/data-analyst.experiment.md +4 -2
  227. package/skills/roles/data-analyst.md +9 -7
  228. package/skills/roles/data-analyst.product-intelligence.md +4 -2
  229. package/skills/roles/data-analyst.product.md +4 -2
  230. package/skills/roles/data-analyst.telemetry.md +4 -2
  231. package/skills/roles/data-engineer.pipeline.md +4 -2
  232. package/skills/roles/data-engineer.vector-retrieval.md +4 -2
  233. package/skills/roles/data-engineer.warehouse.md +4 -2
  234. package/skills/roles/debugger.md +7 -5
  235. package/skills/roles/designer.accessibility.md +4 -2
  236. package/skills/roles/designer.md +10 -8
  237. package/skills/roles/engineer.ai.md +4 -2
  238. package/skills/roles/engineer.data.md +5 -3
  239. package/skills/roles/engineer.md +14 -12
  240. package/skills/roles/engineer.platform.md +5 -3
  241. package/skills/roles/operator.docs.md +6 -4
  242. package/skills/roles/operator.md +6 -4
  243. package/skills/roles/operator.release.md +4 -2
  244. package/skills/roles/operator.sre.md +5 -3
  245. package/skills/roles/orchestrator.md +5 -3
  246. package/skills/roles/product-manager.ai-product.md +4 -2
  247. package/skills/roles/product-manager.business-strategy.md +4 -2
  248. package/skills/roles/product-manager.enterprise.md +4 -2
  249. package/skills/roles/product-manager.growth.md +4 -2
  250. package/skills/roles/product-manager.md +6 -4
  251. package/skills/roles/product-manager.platform.md +4 -2
  252. package/skills/roles/product-manager.product.md +4 -2
  253. package/skills/roles/qa.ai-eval.md +4 -2
  254. package/skills/roles/qa.api-contract.md +4 -2
  255. package/skills/roles/qa.data-pipeline.md +4 -2
  256. package/skills/roles/qa.md +7 -5
  257. package/skills/roles/qa.test-automation.md +5 -3
  258. package/skills/roles/qa.web-ui.md +4 -2
  259. package/skills/roles/researcher.explorer.md +4 -2
  260. package/skills/roles/researcher.md +11 -9
  261. package/skills/roles/researcher.ux.md +4 -2
  262. package/skills/roles/reviewer.devil-advocate.md +4 -2
  263. package/skills/roles/reviewer.evaluator.md +4 -2
  264. package/skills/roles/reviewer.md +14 -12
  265. package/skills/roles/reviewer.trace.md +4 -2
  266. package/skills/roles/security.ai.md +4 -2
  267. package/skills/roles/security.appsec.md +4 -2
  268. package/skills/roles/security.cloud.md +4 -2
  269. package/skills/roles/security.legal-compliance.md +4 -2
  270. package/skills/roles/security.md +7 -5
  271. package/skills/roles/security.privacy.md +4 -2
  272. package/skills/roles/security.supply-chain.md +4 -2
  273. package/skills/routing.md +14 -14
  274. package/skills/security/blue-team.md +1 -1
  275. package/skills/security/code-audit.md +1 -1
  276. package/skills/security/pentest.md +1 -1
  277. package/skills/security/red-team.md +1 -1
  278. package/skills/security/threat-intel.md +1 -1
  279. package/skills/security/vuln-research.md +1 -1
  280. package/skills/utility/clean-code.md +2 -2
  281. package/templates/docs/changelog-entry.md +1 -1
  282. package/templates/docs/construct_guide.md +13 -13
  283. package/templates/docs/meta-prd.md +16 -16
  284. package/templates/docs/one-pager.md +1 -1
  285. package/templates/docs/persona-artifact.md +36 -0
  286. package/templates/docs/prd-business.md +1 -1
  287. package/templates/docs/prd-platform.md +1 -1
  288. package/templates/docs/prd.md +17 -17
  289. package/templates/docs/research-brief.md +8 -8
  290. package/templates/docs/research-finding.md +26 -0
  291. package/templates/docs/rfc.md +1 -1
  292. package/templates/docs/skill-artifact.md +27 -0
  293. package/templates/docs/strategy.md +1 -1
@@ -460,6 +460,19 @@
460
460
  ],
461
461
  "id": "stop:optimize-agents",
462
462
  "description": "Check performance reviews and auto-optimize low-scoring agents at session end"
463
+ },
464
+ {
465
+ "matcher": "*",
466
+ "hooks": [
467
+ {
468
+ "type": "command",
469
+ "command": "node \"$HOME/.construct/lib/hooks/session-reflect.mjs\"",
470
+ "timeout": 5,
471
+ "async": true
472
+ }
473
+ ],
474
+ "id": "stop:auto-reflect",
475
+ "description": "Deterministic session-end reflect: extracts a transcript summary into .cx/observations (500ms hard budget; CONSTRUCT_REFLECT_AUTO=off to disable)"
463
476
  }
464
477
  ],
465
478
  "UserPromptSubmit": [
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/agents.md platform-agnostic agent orchestration guidance.
2
+ rules/common/agents.md: platform-agnostic agent orchestration guidance.
3
3
 
4
4
  Defines when to route to specialist agents, parallel execution rules,
5
5
  and multi-perspective analysis patterns. Does not reference specific
@@ -9,7 +9,7 @@ platform agent types or config paths.
9
9
 
10
10
  ## Immediate Agent Usage
11
11
 
12
- No user prompt needed match the task to the right specialist:
12
+ No user prompt needed: match the task to the right specialist:
13
13
  1. Complex feature requests - planning specialist
14
14
  2. Code just written/modified - code review specialist
15
15
  3. Bug fix or new feature - TDD specialist
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/beads-hygiene.md Beads issue tracker hygiene contract.
2
+ rules/common/beads-hygiene.md: Beads issue tracker hygiene contract.
3
3
 
4
4
  Beads is the system of record for durable work in this project. Status drifts
5
5
  when issues are not updated alongside the code, so every agent and persona
@@ -7,16 +7,16 @@ operating in Construct treats hygiene as part of the work, not as cleanup.
7
7
  Loaded by AGENTS.md, CLAUDE.md, the construct persona, and the engineer /
8
8
  operator / planner role overlays.
9
9
  -->
10
- # Beads Hygiene Project Contract
10
+ # Beads Hygiene: Project Contract
11
11
 
12
- Beads (`bd`) is the canonical durable tracker for Construct. Beads only earn their keep when their state matches the world. Stale "open" issues pollute `bd ready`, hide real work, and let agents propose work that already shipped. Every agent human or AI, on any platform is responsible for keeping the tracker honest.
12
+ Beads (`bd`) is the canonical durable tracker for Construct. Beads only earn their keep when their state matches the world. Stale "open" issues pollute `bd ready`, hide real work, and let agents propose work that already shipped. Every agent (human or AI, on any platform) is responsible for keeping the tracker honest.
13
13
 
14
14
  ## When to update beads
15
15
 
16
16
  | Event | Required action |
17
17
  |---|---|
18
18
  | About to start non-trivial work | A Beads issue exists. `bd ready` to find or `bd create` if missing. `bd update <id> --claim` before edits. |
19
- | Work lands on `main` | `bd close <id> --reason="Landed in PR #N — verified: <file:line evidence>"`. Do not wait for someone else to notice. |
19
+ | Work lands on `main` | `bd close <id> --reason="Landed in PR #N. Verified: <file:line evidence>"`. Do not wait for someone else to notice. |
20
20
  | Direction reverses mid-work | `bd supersede <old-id> --with=<new-id>`. Do not edit the old description in place. |
21
21
  | Issue scope expands | Update the description and acceptance criteria in the same change that broadens scope. |
22
22
  | A blocker is discovered | Add the dependency with `bd dep add <id> <depends-on>` so the readiness queue reflects reality. |
@@ -27,10 +27,10 @@ Beads (`bd`) is the canonical durable tracker for Construct. Beads only earn the
27
27
 
28
28
  Run before planning, before claiming work, before proposing changes:
29
29
 
30
- 1. `bd ready` surface unblocked work.
31
- 2. `bd list --status=in_progress` verify nothing has been left mid-flight by an earlier session.
32
- 3. `bd stale` surface anything untouched past the staleness window.
33
- 4. Cross-check the open list against `git log --oneline -20 origin/main` close anything whose work actually landed.
30
+ 1. `bd ready`: surface unblocked work.
31
+ 2. `bd list --status=in_progress`: verify nothing has been left mid-flight by an earlier session.
32
+ 3. `bd stale`: surface anything untouched past the staleness window.
33
+ 4. Cross-check the open list against `git log --oneline -20 origin/main`: close anything whose work actually landed.
34
34
 
35
35
  If any of these surface drift, fix it before starting new work. Drift you observe and ignore becomes drift the next agent inherits.
36
36
 
@@ -40,14 +40,14 @@ After the code changes land in main:
40
40
 
41
41
  1. The bead the work was claimed against is closed with evidence in the reason.
42
42
  2. Any beads superseded by the change are marked superseded, not left open.
43
- 3. New beads exist for follow-up work that was discovered but not done file them in the same session, not "later".
43
+ 3. New beads exist for follow-up work that was discovered but not done: file them in the same session, not "later".
44
44
  4. `bd doctor` and `bd preflight` should run before push and report clean.
45
45
 
46
46
  ## What goes in a bead
47
47
 
48
48
  | Field | Standard |
49
49
  |---|---|
50
- | Title | Imperative, scoped, parseable. "PR 3 `construct intake` CLI" beats "intake CLI". |
50
+ | Title | Imperative, scoped, parseable. "PR 3: `construct intake` CLI" beats "intake CLI". |
51
51
  | Description | Why the bead exists + what success looks like. State the new shape directly. Do not preserve a "current behavior must keep working" goal unless the user explicitly asked for migration. |
52
52
  | Acceptance criteria | Numbered, binary checks. A reviewer can answer pass/fail without re-reading the description. |
53
53
  | Dependencies | Wire `bd dep add` whenever order matters. Implicit ordering rots into parallel work that breaks each other. |
@@ -72,4 +72,4 @@ There is no authorized bypass. Beads hygiene is a release gate. If the tooling i
72
72
 
73
73
  ## Automation
74
74
 
75
- Project-level automation is tracked in the beads queue auto-close on merge, pre-push `bd preflight` gate, weekly drift report, memory-contradiction detection. Until that ships, hygiene is a per-session discipline.
75
+ Project-level automation is tracked in the beads queue: auto-close on merge, pre-push `bd preflight` gate, weekly drift report, memory-contradiction detection. Until that ships, hygiene is a per-session discipline.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/code-review.md when and how to conduct code reviews.
2
+ rules/common/code-review.md: when and how to conduct code reviews.
3
3
 
4
4
  Defines mandatory review triggers, severity levels, approval criteria,
5
5
  and references coding-style.md and security.md for checklists.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/coding-style.md language-agnostic coding standards.
2
+ rules/common/coding-style.md: language-agnostic coding standards.
3
3
 
4
4
  Covers immutability, core principles (KISS/DRY/YAGNI), file organization,
5
5
  error handling, input validation, naming conventions, and quality checklist.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/comments.md Construct comment convention for JS/TS/MJS source files.
2
+ rules/common/comments.md: Construct comment convention for JS/TS/MJS source files.
3
3
 
4
4
  Defines the two allowed comment forms (file header, section context block) and
5
5
  what is never allowed (inline narration, trailing comments, mid-function notes).
@@ -37,12 +37,12 @@ The blank line between the comment and the code is required. It signals "this co
37
37
 
38
38
  ## What is never allowed
39
39
 
40
- - **Inline trailing comments** `const x = 1; // increment` delete them
41
- - **Mid-function narration** a comment in the middle of a function body that describes what the next line does delete it; rename the variable or extract a function instead
42
- - **Between-group labels** `// Language patterns`, `// Dashboard`, `// Step 1:` delete them
43
- - **Narrative voice** `// We weight BM25`, `// Now test the keys`, `// This correctly scores` delete them
44
- - **Point-in-time notes** `// X removed`, `// previously`, `// no longer` belongs in git log
45
- - **Noise sentinels** `// ok`, `// best effort`, `// skip` delete them; use `/* non-critical */` inline only when the catch clause would otherwise look like a bug
40
+ - **Inline trailing comments** (`const x = 1; // increment`) delete them
41
+ - **Mid-function narration** (a comment in the middle of a function body that describes what the next line does) delete it; rename the variable or extract a function instead
42
+ - **Between-group labels** (`// Language patterns`, `// Dashboard`, `// Step 1:`) delete them
43
+ - **Narrative voice** (`// We weight BM25`, `// Now test the keys`, `// This correctly scores`) delete them
44
+ - **Point-in-time notes** (`// X removed`, `// previously`, `// no longer`) belongs in git log
45
+ - **Noise sentinels** (`// ok`, `// best effort`, `// skip`) delete them; use `/* non-critical */` inline only when the catch clause would otherwise look like a bug
46
46
 
47
47
  ## SLA annotations (hooks only)
48
48
 
@@ -54,5 +54,5 @@ The blank line between the comment and the code is required. It signals "this co
54
54
 
55
55
  ## Rule of thumb
56
56
 
57
- Delete the comment. If the section becomes harder to understand, the comment earns its place as a block before it, with a blank line after. If it reads just as clearly without, it stays deleted.
57
+ Delete the comment. If the section becomes harder to understand, the comment earns its place: as a block before it, with a blank line after. If it reads just as clearly without, it stays deleted.
58
58
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/commit-approval.md conversational approval rule for mutating git operations.
2
+ rules/common/commit-approval.md: conversational approval rule for mutating git operations.
3
3
 
4
4
  Behavioral rule, not a hook. The agent asks and waits for a yes; the user
5
5
  replies in chat. Infrastructure stays out of the way.
@@ -19,7 +19,7 @@ Before running any of these Bash tool calls:
19
19
  The agent must:
20
20
 
21
21
  1. **State the working branch** so the user sees the scope.
22
- 2. **Show the proposed action verbatim** for a commit, the full proposed message (subject and body) formatted exactly as it will appear in `git log`. For a push, the target refspec. For a merge, the PR number and merge mode (`--squash`, `--rebase`, etc.).
22
+ 2. **Show the proposed action verbatim**: for a commit, the full proposed message (subject and body) formatted exactly as it will appear in `git log`. For a push, the target refspec. For a merge, the PR number and merge mode (`--squash`, `--rebase`, etc.).
23
23
  3. **Ask for confirmation** and wait for a yes before executing.
24
24
 
25
25
  A yes from the user in chat is the approval. No marker file, no CLI command, no special syntax.
@@ -41,13 +41,13 @@ Then stop and wait.
41
41
 
42
42
  ## Exceptions
43
43
 
44
- - **The user explicitly tells the agent to run a defined sequence** ("commit, push, and merge when ready"). That single yes covers the named batch but only the actions named, in the order named. A new commit triggered later (e.g. by a CI fix or follow-up edit) is its own approval gate.
44
+ - **The user explicitly tells the agent to run a defined sequence** ("commit, push, and merge when ready"). That single yes covers the named batch: but only the actions named, in the order named. A new commit triggered later (e.g. by a CI fix or follow-up edit) is its own approval gate.
45
45
  - **Read-only git operations** (`git status`, `git log`, `git diff`, `git fetch`, `git branch`, `git show`) don't need approval.
46
46
 
47
47
  A "yes" from earlier in the session does NOT carry forward to subsequent commits. Each new commit message must be shown and approved.
48
48
 
49
49
  ## Why this is a rule, not a hook
50
50
 
51
- A hook that blocked every commit turned out to be over-restrictive it required a separate command invocation to write a marker file each time, which added friction without much safety beyond the agent just following the rule. The agent is the one producing commit messages; asking in chat is the right interface.
51
+ A hook that blocked every commit turned out to be over-restrictive: it required a separate command invocation to write a marker file each time, which added friction without much safety beyond the agent just following the rule. The agent is the one producing commit messages; asking in chat is the right interface.
52
52
 
53
53
  If the agent ever commits without asking, that's a correctness bug. Surface it in the session and raise a follow-up to catch the regression.
@@ -1,11 +1,11 @@
1
1
  <!--
2
- rules/common/cx-agent-routing.md auto-trigger routing rules for cx-* specialist agents.
2
+ rules/common/cx-agent-routing.md: auto-trigger routing rules for cx-* specialist agents.
3
3
 
4
4
  Defines when to route directly to a cx-* specialist vs through Construct orchestration.
5
5
  Covers intent-based routing table, complexity gate, and routing rules.
6
6
  Loaded by rule-loading systems that look for cx-agent-routing in the rules hierarchy.
7
7
  -->
8
- # cx-* Agent Routing Auto-trigger Rules
8
+ # cx-* Agent Routing: Auto-trigger Rules
9
9
 
10
10
  When a request matches the trigger patterns below, automatically route to the corresponding cx-* specialist or persona before responding.
11
11
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/cx-skill-routing.md Redirect to canonical skill routing table.
2
+ rules/common/cx-skill-routing.md: Redirect to canonical skill routing table.
3
3
  -->
4
4
  # cx-* Skill Routing
5
5
 
@@ -7,5 +7,5 @@ rules/common/cx-skill-routing.md — Redirect to canonical skill routing table.
7
7
  >
8
8
  > All skill routing keywords, domain tables, and routing rules live there.
9
9
  > This file exists only as a named entry point for rule-loading systems that
10
- > look for `cx-skill-routing.md`. Do not add routing entries here update
10
+ > look for `cx-skill-routing.md`. Do not add routing entries here: update
11
11
  > `skills/routing.md` instead.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/development-workflow.md feature implementation pipeline.
2
+ rules/common/development-workflow.md: feature implementation pipeline.
3
3
 
4
4
  Defines the research-plan-TDD-review-commit workflow that runs before
5
5
  git operations. References testing.md, code-review.md, git-workflow.md.
@@ -1,9 +1,9 @@
1
1
  <!--
2
- rules/common/doc-ownership.md which specialist owns which document type.
2
+ rules/common/doc-ownership.md: which specialist owns which document type.
3
3
 
4
4
  Prevents the orchestrator (or any general persona) from authoring specialist
5
5
  documents directly. Routing authorship to the owning role is how research,
6
- framing, and domain scrutiny actually fire writing a PRD without the
6
+ framing, and domain scrutiny actually fire: writing a PRD without the
7
7
  product manager bypasses those checks entirely.
8
8
  -->
9
9
  # Document Ownership
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/efficiency.md session context and tool-use efficiency standards.
2
+ rules/common/efficiency.md: session context and tool-use efficiency standards.
3
3
 
4
4
  Applies to all agents operating in a Construct session. Violations compound context
5
5
  cost and reduce throughput. These rules are enforced by read-tracker.mjs and surfaced
@@ -19,7 +19,7 @@ Signals that a re-read is warranted:
19
19
  - An external process (Bash, a subagent) may have modified it.
20
20
  - The last read was in a prior session (context was compacted).
21
21
 
22
- Do not re-read to verify trust the in-context state. If staleness is a concern,
22
+ Do not re-read to verify: trust the in-context state. If staleness is a concern,
23
23
  check the file hash via `read-tracker.mjs` state rather than re-reading the full file.
24
24
 
25
25
  **Threshold:** more than 3 reads of the same file within a session without an intervening
@@ -54,4 +54,4 @@ re-running the command.
54
54
  Each Task dispatch creates a subagent context. Dispatch a specialist when the task
55
55
  benefits from a structurally different view (architecture suspicion, security scan,
56
56
  coverage gap analysis). Do not dispatch for tasks that fit within a single focused
57
- pass the round-trip cost exceeds the benefit.
57
+ pass: the round-trip cost exceeds the benefit.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/framing.md how to frame a problem before acting on it.
2
+ rules/common/framing.md: how to frame a problem before acting on it.
3
3
 
4
4
  Establishes the hard separation between execution artifacts (tickets, chat
5
5
  transcripts, existing docs) and sources of truth (the underlying problem).
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/git-workflow.md commit message format and PR workflow.
2
+ rules/common/git-workflow.md: commit message format and PR workflow.
3
3
 
4
4
  Defines conventional commit types and pull request creation steps.
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/patterns.md reusable design patterns and skeleton project strategy.
2
+ rules/common/patterns.md: reusable design patterns and skeleton project strategy.
3
3
 
4
4
  Covers skeleton project evaluation, repository pattern, and API response format.
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/performance.md model-agnostic performance and context management rules.
2
+ rules/common/performance.md: model-agnostic performance and context management rules.
3
3
 
4
4
  Defines model selection tiers, context window management heuristics,
5
5
  and build troubleshooting steps. No platform-specific tool names or config paths.
@@ -1,12 +1,12 @@
1
1
  <!--
2
- rules/common/release-gates.md Hard release gates for Construct work.
2
+ rules/common/release-gates.md: Hard release gates for Construct work.
3
3
 
4
4
  Defines the blocking contracts every agent and persona must satisfy locally
5
5
  before any commit, push, or "done" claim. Loaded by the construct persona,
6
6
  AGENTS.md, and the engineer/reviewer/operator role overlays. Enforcement is at
7
- the prompt level CI is a backstop, not the primary gate.
7
+ the prompt level: CI is a backstop, not the primary gate.
8
8
  -->
9
- # Release Gates Hard Contracts
9
+ # Release Gates: Hard Contracts
10
10
 
11
11
  These are blocking gates. Every agent, persona, and harness session working in or shipping Construct must satisfy them locally **before** any commit, push, or "done" claim. CI is a backstop, not the primary check.
12
12
 
@@ -20,7 +20,7 @@ Run these before declaring work done. Pasting the output into the PR body or `bd
20
20
  |---|---|---|
21
21
  | Tests | `npm test` | 0 failed, 0 unexpected skips |
22
22
  | Comment policy | `node bin/construct lint:comments` | 0 errors AND 0 warnings |
23
- | Doc verification | `node bin/construct docs:verify` | "All documentation checks passed" no warnings either |
23
+ | Doc verification | `node bin/construct docs:verify` | "All documentation checks passed": no warnings either |
24
24
  | AUTO doc drift | `node bin/construct docs:update --check` | "Docs are up to date" |
25
25
  | Template policy | `npm run lint:templates` | "Template policy: clean." |
26
26
 
@@ -34,9 +34,9 @@ npm run release:check
34
34
 
35
35
  The repo enforces `.gitmessage` and `.github/pull_request_template.md`. Both are validated by `scripts/lint-commits-pr.mjs` (the `lint-templates` CI job) and fail the build on any deviation.
36
36
 
37
- Commit subjects must match `type(scope): subject` type from {feat, fix, refactor, perf, docs, test, chore, ci, build, style}, imperative mood, ≤72 chars, no trailing period, lowercase after the colon. Run `git config commit.template .gitmessage` once per clone to load the template into your editor.
37
+ Commit subjects must match `type(scope): subject`: type from {feat, fix, refactor, perf, docs, test, chore, ci, build, style}, imperative mood, ≤72 chars, no trailing period, lowercase after the colon. Run `git config commit.template .gitmessage` once per clone to load the template into your editor.
38
38
 
39
- PR descriptions must keep all six headings Summary, Beads issue, Doc updates included, Local gates, Test plan, Risks / rollback with at least one checked box in both the "Doc updates" and "Local gates" sections. Empty templates fail.
39
+ PR descriptions must keep all six headings (Summary, Beads issue, Doc updates included, Local gates, Test plan, Risks / rollback) with at least one checked box in both the "Doc updates" and "Local gates" sections. Empty templates fail.
40
40
 
41
41
  Forbidden in commit messages: `Co-Authored-By: Claude*` trailers (unless the user explicitly asks), `--no-verify`, `--no-gpg-sign`. Forbidden in PR bodies: deleting the required headings, leaving every gate box unchecked.
42
42
 
@@ -47,7 +47,7 @@ For every non-trivial change:
47
47
  1. **A Beads issue exists.** `bd ready` to find or create one. `bd show <id>` to read context. `bd update <id> --claim` to claim before editing files.
48
48
  2. **`plan.md` reflects the work.** Even though `plan.md` is local-only and gitignored, it stays the human-readable working plan. Mark items `done` when they ship; add new rows for work that wasn't previously tracked.
49
49
  3. **Doc updates land in the same change as code.** If runtime shape, contracts, boundaries, or major dependencies changed, update `docs/concepts/architecture.md` in the same commit. If the docs surface or maintenance contract changed, update `docs/README.md`. If active work, decisions, or assumptions changed, update `.cx/context.md` and `.cx/context.json`. Always add a `CHANGELOG.md` entry.
50
- 4. **Beads close on green.** `bd close <id>` happens after CI is green and the work is verified not before.
50
+ 4. **Beads close on green.** `bd close <id>` happens after CI is green and the work is verified: not before.
51
51
 
52
52
  ## Hard rules
53
53
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/research.md canonical research and evidence policy for Construct.
2
+ rules/common/research.md: canonical research and evidence policy for Construct.
3
3
 
4
4
  Defines how research starts, which sources to prefer, how claims are verified,
5
5
  and what must be recorded so findings are reproducible. Applies to research,
@@ -14,9 +14,9 @@ Construct treats research as a reproducible evidence-gathering process, not free
14
14
 
15
15
  Research always starts from the most recent available evidence.
16
16
 
17
- - Default to sources from the current year before earlier years always search most-recent-first.
17
+ - Default to sources from the current year before earlier years: always search most-recent-first.
18
18
  - For fast-moving topics (AI tools, LLM behavior, cloud APIs, security advisories, market data), treat anything older than 12 months as presumptively stale unless a newer source confirms it is still accurate.
19
- - When using a search engine or index, always filter or sort by date do not rely on relevance ranking alone.
19
+ - When using a search engine or index, always filter or sort by date: do not rely on relevance ranking alone.
20
20
  - State the publication or access date for every external source. If a source has no date, treat its confidence as `low` until recency is established another way.
21
21
 
22
22
  ## 2. Domain-specific starting points
@@ -67,7 +67,7 @@ Record:
67
67
  Every URL cited in a committed document must be verified before the document is published.
68
68
 
69
69
  - Fetch the URL. Confirm it resolves and the content matches the cited claim.
70
- - Do not cite aggregate or index pages (e.g., arxiv.org search results, Google Scholar listings) for quantitative claims cite the specific paper or article URL.
70
+ - Do not cite aggregate or index pages (e.g., arxiv.org search results, Google Scholar listings) for quantitative claims: cite the specific paper or article URL.
71
71
  - If a URL returns a 404, paywall, or redirect loop, find the canonical source or replace the citation.
72
72
  - Unverified URLs must be marked `[unverified]` until confirmed.
73
73
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/security.md mandatory security checks and secret management.
2
+ rules/common/security.md: mandatory security checks and secret management.
3
3
 
4
4
  Defines pre-commit security checklist, secret management rules,
5
5
  and response protocol for discovered vulnerabilities.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/skill-composition.md how specialist prompts compose with skill files.
2
+ rules/common/skill-composition.md: how specialist prompts compose with skill files.
3
3
 
4
4
  Defines the default boundary between what lives in the agent's base prompt and
5
5
  what is fetched via `get_skill` at runtime. Aims to keep prompts lean while
@@ -17,13 +17,13 @@ Every specialist prompt carries a marker:
17
17
  **Role guidance**: call `get_skill("roles/NAME")` before drafting.
18
18
  ```
19
19
 
20
- When the agent begins substantive work in its domain, it calls `get_skill("roles/NAME")` via the construct-mcp server. The skill body is returned for that turn only no permanent prompt budget is consumed.
20
+ When the agent begins substantive work in its domain, it calls `get_skill("roles/NAME")` via the construct-mcp server. The skill body is returned for that turn only: no permanent prompt budget is consumed.
21
21
 
22
22
  All hosts Construct supports (Claude Code, OpenCode, Codex, Copilot) have `get_skill` available through the construct-mcp server, so the runtime call is reliable.
23
23
 
24
24
  ## Why on-demand is the default
25
25
 
26
- Inlining every role skill at sync time used to consume ~1000–2000 words of prompt budget per specialist, regardless of whether the skill content was relevant to the current task. That budget is fixed it reduces the window available for actual context.
26
+ Inlining every role skill at sync time used to consume ~1000–2000 words of prompt budget per specialist, regardless of whether the skill content was relevant to the current task. That budget is fixed: it reduces the window available for actual context.
27
27
 
28
28
  On-demand loading means:
29
29
 
@@ -40,20 +40,20 @@ Set `preloadRoleGuidance: true` on a registry entry only when:
40
40
  - The role content is so load-bearing that every single turn needs it
41
41
  - The agent's model is weak at tool-calling discipline and skips the `get_skill` call in practice
42
42
 
43
- This should be rare. If you find yourself preloading most agents, revisit the reasoning the default exists because the cost is real.
43
+ This should be rare. If you find yourself preloading most agents, revisit the reasoning: the default exists because the cost is real.
44
44
 
45
45
  ## Skill array vs. role guidance
46
46
 
47
47
  Two different mechanisms for two different purposes:
48
48
 
49
- - **Registry `skills: [...]` array** declarative metadata listing which skills the agent is *entitled* to call. Not inlined into the prompt. Used by `list_skills`, routing heuristics, and audit tooling. Add skills here liberally.
50
- - **Role guidance directive** the single `**Role guidance**: call get_skill("roles/NAME")` line in the prompt. Points the agent at its role file and (by default) tells it to load on demand. Exactly one per agent.
49
+ - **Registry `skills: [...]` array**: declarative metadata listing which skills the agent is *entitled* to call. Not inlined into the prompt. Used by `list_skills`, routing heuristics, and audit tooling. Add skills here liberally.
50
+ - **Role guidance directive**: the single `**Role guidance**: call get_skill("roles/NAME")` line in the prompt. Points the agent at its role file and (by default) tells it to load on demand. Exactly one per agent.
51
51
 
52
52
  ## Contributor guidance
53
53
 
54
54
  When adding or editing a specialist:
55
55
 
56
- 1. Keep the base prompt short role, perspective, productive tension, handoff contract. Under 400 words is normal.
56
+ 1. Keep the base prompt short: role, perspective, productive tension, handoff contract. Under 400 words is normal.
57
57
  2. Put domain depth into `skills/roles/NAME.md` and optional flavor overlays like `skills/roles/NAME.FLAVOR.md`.
58
58
  3. Leave the role-guidance directive in place. Do not manually inline role content into the prompt body.
59
59
  4. Only add `preloadRoleGuidance: true` with a written reason in the registry description.
@@ -64,4 +64,4 @@ Do not:
64
64
 
65
65
  - Paste role-skill content directly into the prompt body "to be safe"
66
66
  - Add `preloadRoleGuidance: true` to push a prompt under the cap without fixing the underlying bloat
67
- - Split a role skill into many tiny files to dodge the cap keep the cohesive unit, load it on demand instead
67
+ - Split a role skill into many tiny files to dodge the cap: keep the cohesive unit, load it on demand instead
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/common/testing.md test coverage requirements and TDD workflow.
2
+ rules/common/testing.md: test coverage requirements and TDD workflow.
3
3
 
4
4
  Defines minimum 80% coverage, TDD red-green-refactor cycle,
5
5
  AAA test structure, and descriptive naming conventions.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/golang/coding-style.md <one-line purpose>
2
+ rules/golang/coding-style.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -15,7 +15,7 @@ paths:
15
15
 
16
16
  ## Formatting
17
17
 
18
- - **gofmt** and **goimports** are mandatory no style debates
18
+ - **gofmt** and **goimports** are mandatory: no style debates
19
19
 
20
20
  ## Design Principles
21
21
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/golang/hooks.md <one-line purpose>
2
+ rules/golang/hooks.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/golang/patterns.md <one-line purpose>
2
+ rules/golang/patterns.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/golang/security.md <one-line purpose>
2
+ rules/golang/security.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/golang/testing.md <one-line purpose>
2
+ rules/golang/testing.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/python/coding-style.md <one-line purpose>
2
+ rules/python/coding-style.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/python/hooks.md <one-line purpose>
2
+ rules/python/hooks.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/python/patterns.md <one-line purpose>
2
+ rules/python/patterns.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/python/security.md <one-line purpose>
2
+ rules/python/security.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/python/testing.md <one-line purpose>
2
+ rules/python/testing.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/swift/coding-style.md <one-line purpose>
2
+ rules/swift/coding-style.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -19,14 +19,14 @@ paths:
19
19
 
20
20
  ## Immutability
21
21
 
22
- - Prefer `let` over `var` define everything as `let` and only change to `var` if the compiler requires it
22
+ - Prefer `let` over `var`: define everything as `let` and only change to `var` if the compiler requires it
23
23
  - Use `struct` with value semantics by default; use `class` only when identity or reference semantics are needed
24
24
 
25
25
  ## Naming
26
26
 
27
27
  Follow [Apple API Design Guidelines](https://www.swift.org/documentation/api-design-guidelines/):
28
28
 
29
- - Clarity at the point of use omit needless words
29
+ - Clarity at the point of use: omit needless words
30
30
  - Name methods and properties for their roles, not their types
31
31
  - Use `static let` for constants over global constants
32
32
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/swift/hooks.md <one-line purpose>
2
+ rules/swift/hooks.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -18,4 +18,4 @@ paths:
18
18
 
19
19
  ## Warning
20
20
 
21
- Flag `print()` statements use `os.Logger` or structured logging instead for production code.
21
+ Flag `print()` statements: use `os.Logger` or structured logging instead for production code.
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/swift/patterns.md <one-line purpose>
2
+ rules/swift/patterns.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -53,7 +53,7 @@ actor Cache<Key: Hashable & Sendable, Value: Sendable> {
53
53
 
54
54
  ## Dependency Injection
55
55
 
56
- Inject protocols with default parameters production uses defaults, tests inject mocks:
56
+ Inject protocols with default parameters: production uses defaults, tests inject mocks:
57
57
 
58
58
  ```swift
59
59
  struct UserService {
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/swift/security.md <one-line purpose>
2
+ rules/swift/security.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -14,9 +14,9 @@ paths:
14
14
 
15
15
  ## Secret Management
16
16
 
17
- - Use **Keychain Services** for sensitive data (tokens, passwords, keys) never `UserDefaults`
17
+ - Use **Keychain Services** for sensitive data (tokens, passwords, keys): never `UserDefaults`
18
18
  - Use environment variables or `.xcconfig` files for build-time secrets
19
- - Never hardcode secrets in source decompilation tools extract them trivially
19
+ - Never hardcode secrets in source: decompilation tools extract them trivially
20
20
 
21
21
  ```swift
22
22
  let apiKey = ProcessInfo.processInfo.environment["API_KEY"]
@@ -27,7 +27,7 @@ guard let apiKey, !apiKey.isEmpty else {
27
27
 
28
28
  ## Transport Security
29
29
 
30
- - App Transport Security (ATS) is enforced by default do not disable it
30
+ - App Transport Security (ATS) is enforced by default: do not disable it
31
31
  - Use certificate pinning for critical endpoints
32
32
  - Validate all server certificates
33
33
 
@@ -1,5 +1,5 @@
1
1
  <!--
2
- rules/swift/testing.md <one-line purpose>
2
+ rules/swift/testing.md: <one-line purpose>
3
3
 
4
4
  <2–6 line summary.>
5
5
  -->
@@ -27,7 +27,7 @@ func userCreationValidatesEmail() throws {
27
27
 
28
28
  ## Test Isolation
29
29
 
30
- Each test gets a fresh instance set up in `init`, tear down in `deinit`. No shared mutable state between tests.
30
+ Each test gets a fresh instance: set up in `init`, tear down in `deinit`. No shared mutable state between tests.
31
31
 
32
32
  ## Parameterized Tests
33
33