@geraldmaron/construct 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. package/README.md +20 -17
  2. package/bin/construct +1199 -69
  3. package/commands/work/optimize-prompts.md +1 -1
  4. package/db/schema/007_tags.sql +30 -0
  5. package/db/schema/008_skill_usage.sql +24 -0
  6. package/db/schema/009_scheduler.sql +14 -0
  7. package/examples/internal/roles/architect/bad/clever-plan-without-contracts.md +1 -1
  8. package/examples/internal/roles/architect/golden/explicit-tradeoff-before-plan.md +1 -1
  9. package/examples/internal/roles/engineer/bad/speculative-abstraction.md +1 -1
  10. package/examples/internal/roles/engineer/golden/read-before-write.md +1 -1
  11. package/examples/internal/roles/qa/bad/coverage-theater.md +1 -1
  12. package/examples/internal/roles/qa/golden/regression-gate.md +1 -1
  13. package/examples/seed-observations/decisions.md +1 -1
  14. package/lib/audit-skills.mjs +3 -3
  15. package/lib/auto-docs.mjs +2 -2
  16. package/lib/cli-commands.mjs +276 -122
  17. package/lib/comment-lint.mjs +5 -1
  18. package/lib/completions.mjs +1 -1
  19. package/lib/config/schema.mjs +15 -1
  20. package/lib/contracts/validate.mjs +65 -17
  21. package/lib/distill.mjs +22 -4
  22. package/lib/doc-stamp.mjs +48 -0
  23. package/lib/doctor/watchers/consistency.mjs +62 -12
  24. package/lib/document-extract.mjs +221 -28
  25. package/lib/document-ingest.mjs +2 -0
  26. package/lib/embed/inbox.mjs +48 -3
  27. package/lib/embed/role-framing.mjs +3 -3
  28. package/lib/env-config.mjs +9 -3
  29. package/lib/extractors/calendar.mjs +173 -0
  30. package/lib/extractors/shared/drop-info.mjs +22 -0
  31. package/lib/extractors/transcript.mjs +0 -0
  32. package/lib/gates-audit.mjs +8 -2
  33. package/lib/git-hooks/prepare-commit-msg +1 -1
  34. package/lib/headhunt.mjs +2 -2
  35. package/lib/hooks/agent-tracker.mjs +6 -11
  36. package/lib/hooks/guard-bash.mjs +35 -14
  37. package/lib/hooks/mcp-audit.mjs +12 -0
  38. package/lib/hooks/pre-compact.mjs +92 -5
  39. package/lib/hooks/pre-push-gate.mjs +41 -8
  40. package/lib/hooks/registry-sync.mjs +2 -2
  41. package/lib/hooks/stop-notify.mjs +7 -6
  42. package/lib/host-capabilities.mjs +10 -1
  43. package/lib/hygiene/scan.mjs +141 -0
  44. package/lib/init-unified.mjs +18 -0
  45. package/lib/install/stage-project.mjs +4 -4
  46. package/lib/intake/classify.mjs +222 -55
  47. package/lib/intake/filesystem-queue.mjs +25 -5
  48. package/lib/intake/postgres-queue.mjs +45 -3
  49. package/lib/intake/prepare.mjs +3 -0
  50. package/lib/intake/quarantine.mjs +205 -0
  51. package/lib/knowledge/postgres-search.mjs +132 -0
  52. package/lib/knowledge/search.mjs +14 -4
  53. package/lib/mcp/server.mjs +9 -3
  54. package/lib/mcp/tools/skills.mjs +32 -11
  55. package/lib/mcp/tools/workflow.mjs +1 -1
  56. package/lib/migrations/index.mjs +1 -1
  57. package/lib/model-registry.mjs +1 -1
  58. package/lib/opencode-runtime-plugin.mjs +1 -1
  59. package/lib/orchestration-policy.mjs +4 -4
  60. package/lib/overrides/resolver.mjs +3 -3
  61. package/lib/parity.mjs +4 -4
  62. package/lib/policy/engine.mjs +2 -2
  63. package/lib/profiles/lifecycle.mjs +1 -1
  64. package/lib/prompt-metadata.mjs +4 -4
  65. package/lib/providers/circuit-breaker.mjs +14 -0
  66. package/lib/providers/contract.mjs +67 -3
  67. package/lib/providers/creds.mjs +219 -0
  68. package/lib/providers/scaffold.mjs +107 -0
  69. package/lib/role-preload.mjs +5 -0
  70. package/lib/roles/catalog.mjs +1 -1
  71. package/lib/roles/manifest.mjs +2 -2
  72. package/lib/scheduler/index.mjs +112 -0
  73. package/lib/scheduler/solo.mjs +183 -0
  74. package/lib/server/index.mjs +7 -1
  75. package/lib/server/insights.mjs +14 -12
  76. package/lib/server/langfuse-login.mjs +58 -0
  77. package/lib/server/static/assets/index-ab25c707.js +1 -1
  78. package/lib/{agent-contracts-enforce.mjs → specialist-contracts-enforce.mjs} +4 -4
  79. package/lib/{agent-contracts.mjs → specialist-contracts.mjs} +9 -8
  80. package/lib/{agents → specialists}/postconditions.mjs +3 -3
  81. package/lib/{agents → specialists}/schema.mjs +6 -6
  82. package/lib/status.mjs +13 -11
  83. package/lib/storage/backup.mjs +2 -2
  84. package/lib/tags/lifecycle.mjs +278 -0
  85. package/lib/tags/vocabulary.mjs +140 -0
  86. package/lib/telemetry/otel-tracer.mjs +184 -0
  87. package/lib/telemetry/skill-calls.mjs +73 -12
  88. package/lib/uninstall/uninstall.mjs +1 -1
  89. package/lib/update.mjs +1 -1
  90. package/lib/validator.mjs +57 -56
  91. package/lib/workflows/instantiate.mjs +320 -0
  92. package/package.json +13 -3
  93. package/personas/construct.md +2 -2
  94. package/platforms/claude/CLAUDE.md +1 -1
  95. package/rules/common/no-fabrication.md +1 -1
  96. package/scripts/{sync-agents.mjs → sync-specialists.mjs} +130 -58
  97. package/skills/ai/prompt-optimizer.md +3 -3
  98. package/skills/exploration/dependency-graph-reading.md +98 -0
  99. package/skills/exploration/tracer-bullet-method.md +71 -0
  100. package/skills/exploration/unknown-codebase-onboarding.md +91 -0
  101. package/skills/operating/change-management.md +91 -0
  102. package/skills/operating/incident-response.md +75 -0
  103. package/skills/operating/oncall-rotation.md +95 -0
  104. package/skills/operating/orchestration-reference.md +2 -2
  105. package/skills/strategy/competitive-landscape.md +75 -0
  106. package/skills/strategy/market-research-methods.md +87 -0
  107. package/skills/strategy/narrative-arc.md +77 -0
  108. package/skills/strategy/pricing-positioning.md +94 -0
  109. package/{agents → specialists}/contracts.schema.json +1 -1
  110. package/specialists/policy-inventory.json +160 -0
  111. package/{agents → specialists}/prompts/cx-accessibility.md +1 -1
  112. package/{agents → specialists}/prompts/cx-ai-engineer.md +1 -1
  113. package/{agents → specialists}/prompts/cx-architect.md +1 -1
  114. package/{agents → specialists}/prompts/cx-business-strategist.md +1 -1
  115. package/{agents → specialists}/prompts/cx-data-analyst.md +1 -1
  116. package/{agents → specialists}/prompts/cx-data-engineer.md +1 -1
  117. package/{agents → specialists}/prompts/cx-debugger.md +1 -1
  118. package/{agents → specialists}/prompts/cx-designer.md +1 -1
  119. package/{agents → specialists}/prompts/cx-devil-advocate.md +1 -1
  120. package/{agents → specialists}/prompts/cx-docs-keeper.md +2 -2
  121. package/{agents → specialists}/prompts/cx-engineer.md +2 -2
  122. package/{agents → specialists}/prompts/cx-evaluator.md +1 -1
  123. package/{agents → specialists}/prompts/cx-explorer.md +1 -1
  124. package/{agents → specialists}/prompts/cx-legal-compliance.md +1 -1
  125. package/{agents → specialists}/prompts/cx-operations.md +1 -1
  126. package/{agents → specialists}/prompts/cx-orchestrator.md +2 -2
  127. package/{agents → specialists}/prompts/cx-platform-engineer.md +1 -1
  128. package/{agents → specialists}/prompts/cx-product-manager.md +1 -1
  129. package/{agents → specialists}/prompts/cx-qa.md +1 -1
  130. package/{agents → specialists}/prompts/cx-rd-lead.md +1 -1
  131. package/{agents → specialists}/prompts/cx-release-manager.md +1 -1
  132. package/{agents → specialists}/prompts/cx-researcher.md +1 -1
  133. package/{agents → specialists}/prompts/cx-reviewer.md +2 -2
  134. package/{agents → specialists}/prompts/cx-security.md +1 -1
  135. package/{agents → specialists}/prompts/cx-sre.md +2 -2
  136. package/{agents → specialists}/prompts/cx-test-automation.md +1 -1
  137. package/{agents → specialists}/prompts/cx-trace-reviewer.md +3 -3
  138. package/{agents → specialists}/prompts/cx-ux-researcher.md +1 -1
  139. package/{agents → specialists}/registry.json +651 -423
  140. package/{agents → specialists}/role-manifests.json +8 -8
  141. package/templates/provider-scaffold/health.test.mjs +30 -0
  142. package/templates/provider-scaffold/index.mjs +48 -0
  143. package/templates/workflows/cross-team-handoff.yml +85 -0
  144. package/templates/workflows/engineering-onboarding.yml +77 -0
  145. package/templates/workflows/new-feature.yml +53 -0
  146. /package/{agents → specialists}/contracts.json +0 -0
  147. /package/{agents → specialists}/teams.json +0 -0
@@ -0,0 +1,160 @@
1
+ {
2
+ "version": 1,
3
+ "description": "Single source of truth for Construct policy gates. Each entry maps a rule source file to its enforcement mechanism, enforcement mode, and a one-line description. Consumed by `construct policy show` and the CI inventory-coverage test.",
4
+ "policies": [
5
+ {
6
+ "id": "file-path-fence",
7
+ "source": "specialists/role-manifests.json",
8
+ "enforcement": "lib/roles/fence.mjs#checkAction",
9
+ "mode": "deterministic",
10
+ "description": "Prevents specialists from touching files outside their declared path scope."
11
+ },
12
+ {
13
+ "id": "action-approval",
14
+ "source": "specialists/role-manifests.json",
15
+ "enforcement": "lib/roles/fence.mjs#checkAction",
16
+ "mode": "deterministic",
17
+ "description": "Blocks specialists from taking actions not listed in their approved action set."
18
+ },
19
+ {
20
+ "id": "no-fabrication",
21
+ "source": "rules/common/no-fabrication.md",
22
+ "enforcement": "lib/comment-lint.mjs",
23
+ "mode": "deterministic-85",
24
+ "description": "Detects fabrication-risk patterns (manufactured confidence, uncited claims, hand-wave percentages) in artifact prose."
25
+ },
26
+ {
27
+ "id": "release-gates",
28
+ "source": "rules/common/release-gates.md",
29
+ "enforcement": "lib/hooks/pre-push-gate.mjs",
30
+ "mode": "deterministic",
31
+ "description": "Enforces test + build + lint gates before any push reaches the remote."
32
+ },
33
+ {
34
+ "id": "contract-preconditions",
35
+ "source": "specialists/contracts.json",
36
+ "enforcement": "lib/contracts/validate.mjs#validateHandoff",
37
+ "mode": "deterministic",
38
+ "description": "Validates that specialist handoffs conform to declared pre/postconditions in contracts.json."
39
+ },
40
+ {
41
+ "id": "bash-safety",
42
+ "source": "built-in",
43
+ "enforcement": "lib/hooks/guard-bash.mjs",
44
+ "mode": "deterministic",
45
+ "description": "Blocks destructive bash commands (rm -rf /, git reset --hard HEAD, etc.) from running."
46
+ },
47
+ {
48
+ "id": "bootstrap-state",
49
+ "source": "built-in",
50
+ "enforcement": "lib/hooks/policy-engine.mjs",
51
+ "mode": "deterministic",
52
+ "description": "State machine enforces valid session bootstrap sequence before any agent work begins."
53
+ },
54
+ {
55
+ "id": "secret-scan",
56
+ "source": "built-in",
57
+ "enforcement": "lib/hooks/scan-secrets.mjs",
58
+ "mode": "deterministic",
59
+ "description": "Scans added lines for credential patterns before any file is written."
60
+ },
61
+ {
62
+ "id": "beads-hygiene",
63
+ "source": "rules/common/beads-hygiene.md",
64
+ "enforcement": "lib/contracts/validate.mjs#validateBeadsCloseReason",
65
+ "mode": "deterministic",
66
+ "description": "Validates beads close-reason quality: requires PR reference or file:line evidence."
67
+ },
68
+ {
69
+ "id": "commit-approval",
70
+ "source": "rules/common/commit-approval.md",
71
+ "enforcement": "(persona prompt)",
72
+ "mode": "honor-system",
73
+ "description": "Requires explicit user confirmation before any git commit or push. Enforced at the conversation level."
74
+ },
75
+ {
76
+ "id": "framing",
77
+ "source": "rules/common/framing.md",
78
+ "enforcement": "(persona prompt)",
79
+ "mode": "honor-system",
80
+ "description": "Requires that execution artifacts cite their source; prevents specialists from treating their own output as ground truth."
81
+ },
82
+ {
83
+ "id": "research-evidence",
84
+ "source": "rules/common/research.md",
85
+ "enforcement": "(persona prompt)",
86
+ "mode": "honor-system",
87
+ "description": "Enforces evidence hierarchy and citation discipline in research and analysis artifacts."
88
+ },
89
+ {
90
+ "id": "doc-ownership",
91
+ "source": "rules/common/doc-ownership.md",
92
+ "enforcement": "(persona prompt)",
93
+ "mode": "honor-system",
94
+ "description": "Routes artifacts to the correct specialist owner before writing (PRD to PM, ADR to Architect)."
95
+ },
96
+ {
97
+ "id": "code-review",
98
+ "source": "rules/common/code-review.md",
99
+ "enforcement": "(persona prompt)",
100
+ "mode": "honor-system",
101
+ "description": "Review standards applied by cx-reviewer and cx-qa before any change is marked done."
102
+ },
103
+ {
104
+ "id": "testing",
105
+ "source": "rules/common/testing.md",
106
+ "enforcement": "lib/hooks/pre-push-gate.mjs",
107
+ "mode": "deterministic",
108
+ "description": "Tests must pass before push; multi-component features require a functional test in tests/functional/."
109
+ },
110
+ {
111
+ "id": "comments",
112
+ "source": "rules/common/comments.md",
113
+ "enforcement": "lib/comment-lint.mjs",
114
+ "mode": "deterministic",
115
+ "description": "Enforces the two-form comment policy (file header + section context block). Blocks inline narration."
116
+ },
117
+ {
118
+ "id": "security",
119
+ "source": "rules/common/security.md",
120
+ "enforcement": "(persona prompt)",
121
+ "mode": "honor-system",
122
+ "description": "Security review checklist applied by cx-security and cx-reviewer on any change touching auth, credentials, or external I/O."
123
+ },
124
+ {
125
+ "id": "agents-routing",
126
+ "source": "rules/common/cx-agent-routing.md",
127
+ "enforcement": "(persona prompt)",
128
+ "mode": "honor-system",
129
+ "description": "Routing discipline: construct routes to specialists, specialists do not self-route except to adjacent roles."
130
+ },
131
+ {
132
+ "id": "skill-routing",
133
+ "source": "rules/common/cx-skill-routing.md",
134
+ "enforcement": "(persona prompt + lib/mcp/tools/skills.mjs)",
135
+ "mode": "honor-system",
136
+ "description": "Specialists load skills explicitly via get_skill rather than relying on ambient knowledge."
137
+ },
138
+ {
139
+ "id": "git-workflow",
140
+ "source": "rules/common/git-workflow.md",
141
+ "enforcement": "lib/hooks/pre-push-gate.mjs",
142
+ "mode": "deterministic",
143
+ "description": "Enforces branch naming, commit message style, and push guard (no direct-to-main pushes)."
144
+ },
145
+ {
146
+ "id": "coding-style",
147
+ "source": "rules/common/coding-style.md",
148
+ "enforcement": "(persona prompt)",
149
+ "mode": "honor-system",
150
+ "description": "Style standards applied at authoring time; not mechanically enforced beyond lint:comments."
151
+ },
152
+ {
153
+ "id": "patterns",
154
+ "source": "rules/common/patterns.md",
155
+ "enforcement": "(persona prompt)",
156
+ "mode": "honor-system",
157
+ "description": "Architectural pattern guidance (module boundaries, error handling, async contracts) applied at authoring time."
158
+ }
159
+ ]
160
+ }
@@ -34,6 +34,6 @@ For each finding: WCAG criterion violated, user impact, specific element (file:l
34
34
 
35
35
  Construct may dispatch you in response to a `handoff.received` or `a11y.violation` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
36
36
 
37
- **Fence** (agents/role-manifests.json → accessibility): allowed paths `docs/accessibility/**`, `docs/a11y/**`; allowed bd labels `accessibility`, `a11y`; approval required for every edit. You are read-only against production code by design.
37
+ **Fence** (specialists/role-manifests.json → accessibility): allowed paths `docs/accessibility/**`, `docs/a11y/**`; allowed bd labels `accessibility`, `a11y`; approval required for every edit. You are read-only against production code by design.
38
38
 
39
39
  You file findings to bd notes and write a11y reports inside the fence. **Must not** edit code: hand fixes to engineer via `next:cx-engineer`, or design changes to `next:cx-designer`.
@@ -102,4 +102,4 @@ Treat prompts as code with full version control:
102
102
 
103
103
  ## When invoked via the role framework
104
104
 
105
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → ai-engineer`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
105
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → ai-engineer`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
@@ -46,6 +46,6 @@ When producing an implementation plan, use the canonical task format:
46
46
 
47
47
  Construct may dispatch you in response to a `handoff.received`, `adr.requested`, or `arch.boundary.violated` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
48
48
 
49
- **Fence** (declared in agents/role-manifests.json → architect): allowed paths `docs/adr/**`, `docs/rfc/**`, `docs/concepts/architecture.md`, `docs/system-design/**`; allowed bd labels `architecture`, `adr`, `rfc`, `design`; approval required for any commit/push or code edit.
49
+ **Fence** (declared in specialists/role-manifests.json → architect): allowed paths `docs/adr/**`, `docs/rfc/**`, `docs/concepts/architecture.md`, `docs/system-design/**`; allowed bd labels `architecture`, `adr`, `rfc`, `design`; approval required for any commit/push or code edit.
50
50
 
51
51
  You produce ADRs, RFCs, system-design documents, and architecture-overview updates inside the fence. You **must not** edit code without user approval per `rules/common/commit-approval.md`. **Handoff syntax**: append `next:cx-<role>` as a bd label. Typical: `next:cx-engineer` (build it), `next:cx-platform-engineer` (infra impact), `next:cx-reviewer` (design review).
@@ -30,7 +30,7 @@ DECISION DEADLINE: when this must be decided and why
30
30
 
31
31
  ## When invoked via the role framework
32
32
 
33
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → business-strategist`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
33
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → business-strategist`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
34
34
 
35
35
  ## Automatic activation
36
36
 
@@ -89,4 +89,4 @@ If you receive work that was misclassified (e.g., assigned to you but actually r
89
89
 
90
90
  ## When invoked via the role framework
91
91
 
92
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → data-analyst`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
92
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → data-analyst`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
@@ -35,4 +35,4 @@ When given a task:
35
35
 
36
36
  ## When invoked via the role framework
37
37
 
38
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → data-engineer`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
38
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → data-engineer`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
@@ -32,6 +32,6 @@ After 2 passes without clear root cause: WebSearch with the exact error message.
32
32
 
33
33
  Construct may dispatch you in response to a `handoff.received`, `regression.detected`, or `hang.detected` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
34
34
 
35
- **Fence** (declared in agents/role-manifests.json → debugger): allowed paths `docs/debug/**`, `tests/**` (read); allowed bd labels `bug`, `regression`, `investigation`; approval required for any commit/push or production code edit.
35
+ **Fence** (declared in specialists/role-manifests.json → debugger): allowed paths `docs/debug/**`, `tests/**` (read); allowed bd labels `bug`, `regression`, `investigation`; approval required for any commit/push or production code edit.
36
36
 
37
37
  You investigate, write reproduction steps in bd notes, write debugging memos inside the fence. You **must not** edit production code without user approval: hand off to cx-engineer with `next:cx-engineer` once root cause is confirmed.
@@ -49,6 +49,6 @@ Stay involved during implementation: flag experience drift. Incorporate cx-devil
49
49
 
50
50
  Construct may dispatch you in response to a `handoff.received` or `design.requested` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
51
51
 
52
- **Fence** (agents/role-manifests.json → designer): allowed paths `docs/design/**`, `docs/wireframes/**`, `design/**`; allowed bd labels `design`, `ux`, `ui`, `wireframe`; approval required for any code or commit/push.
52
+ **Fence** (specialists/role-manifests.json → designer): allowed paths `docs/design/**`, `docs/wireframes/**`, `design/**`; allowed bd labels `design`, `ux`, `ui`, `wireframe`; approval required for any code or commit/push.
53
53
 
54
54
  You produce wireframes, design briefs, and visual decision docs inside the fence. **Must not** edit production code without user approval. **Handoff syntax**: `next:cx-accessibility` (a11y review), `next:cx-engineer` (build), `next:cx-product-manager` (scope discussion).
@@ -39,4 +39,4 @@ For each challenge: state the specific risk, what triggers it, and what resolves
39
39
 
40
40
  ## When invoked via the role framework
41
41
 
42
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → devil-advocate`. You are read-only by design; **must not** commit or edit any code. Hand findings off via `next:cx-<role>` bd label.
42
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → devil-advocate`. You are read-only by design; **must not** commit or edit any code. Hand findings off via `next:cx-<role>` bd label.
@@ -140,10 +140,10 @@ Keep `.cx/context.md` under 100 lines:
140
140
 
141
141
  Construct may dispatch you in response to a `pr.merged.no-docs`, `changelog.missing`, or `readme.stale` event. A doc-drift bd issue already exists with the event payload: read it first via `bd show <id>`.
142
142
 
143
- **Fence (declared in agents/role-manifests.json → docs-keeper):**
143
+ **Fence (declared in specialists/role-manifests.json → docs-keeper):**
144
144
  - Allowed paths: `docs/**`, `**/README.md`, `CHANGELOG.md`
145
145
  - Allowed bd labels: `docs`, `doc-drift`, `changelog`
146
- - Approval required: any commit, any push, any edit to `lib/**`, `bin/**`, or `agents/**`
146
+ - Approval required: any commit, any push, any edit to `lib/**`, `bin/**`, or `specialists/**`
147
147
 
148
148
  You may **edit docs autonomously within your fence** (the in-fence write is the whole point of the role). You **must not commit** without user approval per `rules/common/commit-approval.md`. Stage edits and stop; let the user review and commit.
149
149
 
@@ -41,10 +41,10 @@ If cx-devil-advocate flagged a CRITICAL issue, resolve it before shipping.
41
41
 
42
42
  Construct may dispatch you in response to a `handoff.received`, `incident.handoff`, `bug.assigned`, or `feature.assigned` event. A bd issue already exists with the event payload: read it first via `bd show <id>`. Most invocations come as handoffs from cx-sre (incident → fix), cx-qa (failed test → fix), cx-security (vulnerability → patch), or cx-docs-keeper (drift → code clarification).
43
43
 
44
- **Fence (declared in agents/role-manifests.json → engineer):**
44
+ **Fence (declared in specialists/role-manifests.json → engineer):**
45
45
  - Allowed paths: `lib/**`, `bin/**`, `src/**`, `app/**`, `tests/**`, `docs/**`
46
46
  - Allowed bd labels: `bug`, `feature`, `task`, `engineering`, `fix`
47
- - Approval required: any commit, any push, any edit to protected files (`agents/registry.json`, `install.sh`, `claude/settings.template.json`)
47
+ - Approval required: any commit, any push, any edit to protected files (`specialists/registry.json`, `install.sh`, `claude/settings.template.json`)
48
48
 
49
49
  You may edit production code, write tests, and run verification freely inside your fence. You **must not commit or push** without explicit user approval per `rules/common/commit-approval.md`. Stage edits, run verification, and stop.
50
50
 
@@ -29,4 +29,4 @@ For AI/prompt evaluation: define input/output pairs before changing prompts. Run
29
29
 
30
30
  ## When invoked via the role framework
31
31
 
32
- Construct may dispatch you in response to a `handoff.received` or `eval.regression` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → evaluator`. **Must not** commit, push, or edit production code without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
32
+ Construct may dispatch you in response to a `handoff.received` or `eval.regression` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → evaluator`. **Must not** commit, push, or edit production code without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
@@ -42,7 +42,7 @@ Do not propose solutions unless asked.
42
42
 
43
43
  ## When invoked via the role framework
44
44
 
45
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → explorer`. You are read-only by design; **must not** commit or edit any code. Hand findings off via `next:cx-<role>` bd label.
45
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → explorer`. You are read-only by design; **must not** commit or edit any code. Hand findings off via `next:cx-<role>` bd label.
46
46
 
47
47
  ## Automatic activation
48
48
 
@@ -28,7 +28,7 @@ Output: risk list with severity (must-fix / should-fix / monitor). You do not pr
28
28
 
29
29
  ## When invoked via the role framework
30
30
 
31
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → legal-compliance`. You are advisory-only by design; **must not** commit or edit any code. Hand findings off via `next:cx-<role>` bd label.
31
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → legal-compliance`. You are advisory-only by design; **must not** commit or edit any code. Hand findings off via `next:cx-<role>` bd label.
32
32
 
33
33
  ## Automatic activation
34
34
 
@@ -31,7 +31,7 @@ Track throughout: compare active work against the accepted plan. Flag drift, blo
31
31
 
32
32
  ## When invoked via the role framework
33
33
 
34
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → operations`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
34
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → operations`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
35
35
 
36
36
  ## Automatic activation
37
37
 
@@ -28,7 +28,7 @@ You are cx-orchestrator: invoked when a dispatch requires multi-specialist coord
28
28
 
29
29
  ## Routing substrate
30
30
 
31
- Read `agents/contracts.json` as the authoritative source for producer→consumer contracts: it defines what artifact each handoff must carry, what preconditions must hold, and what postconditions define DONE for each specialist pair. Before dispatching a specialist, check whether a contract exists for the producer→consumer pair you're wiring up.
31
+ Read `specialists/contracts.json` as the authoritative source for producer→consumer contracts: it defines what artifact each handoff must carry, what preconditions must hold, and what postconditions define DONE for each specialist pair. Before dispatching a specialist, check whether a contract exists for the producer→consumer pair you're wiring up.
32
32
 
33
33
  ## Routing rules
34
34
 
@@ -60,4 +60,4 @@ Each handoff must name:
60
60
 
61
61
  ## When invoked via the role framework
62
62
 
63
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → orchestrator`. Must not commit, push, or edit code without user approval per `rules/common/commit-approval.md`.
63
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → orchestrator`. Must not commit, push, or edit code without user approval per `rules/common/commit-approval.md`.
@@ -77,6 +77,6 @@ After:
77
77
 
78
78
  Construct may dispatch you in response to a `handoff.received`, `infra.change.requested`, or `service.scale.event` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
79
79
 
80
- **Fence** (declared in agents/role-manifests.json → platform-engineer): allowed paths `docs/platform/**`, `docs/infra/**`, `infra/**`, `terraform/**`, `k8s/**`; allowed bd labels `platform`, `infrastructure`, `infra`; approval required for any commit/push or edit to `lib/**`/`bin/**`.
80
+ **Fence** (declared in specialists/role-manifests.json → platform-engineer): allowed paths `docs/platform/**`, `docs/infra/**`, `infra/**`, `terraform/**`, `k8s/**`; allowed bd labels `platform`, `infrastructure`, `infra`; approval required for any commit/push or edit to `lib/**`/`bin/**`.
81
81
 
82
82
  You propose CI/CD changes, infra updates, build improvements via docs inside the fence. You **must not** apply infra changes via direct commit: hand off with `next:cx-sre` (reliability review), `next:cx-engineer` (code-side wiring), `next:cx-reviewer` (second-look on platform change).
@@ -36,6 +36,6 @@ OPEN QUESTIONS: a small set of questions (typically 3-7) that would change scope
36
36
 
37
37
  Construct may dispatch you in response to a `handoff.received`, `backlog.stale`, or `prd.requested` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
38
38
 
39
- **Fence** (declared in agents/role-manifests.json → product-manager): allowed paths `docs/prd/**`, `docs/meta-prd/**`, `docs/prfaq/**`, `docs/one-pager/**`, `.cx/knowledge/**`; allowed bd labels `product`, `prd`, `backlog`, `feature`; approval required for any commit/push or code edit.
39
+ **Fence** (declared in specialists/role-manifests.json → product-manager): allowed paths `docs/prd/**`, `docs/meta-prd/**`, `docs/prfaq/**`, `docs/one-pager/**`, `.cx/knowledge/**`; allowed bd labels `product`, `prd`, `backlog`, `feature`; approval required for any commit/push or code edit.
40
40
 
41
41
  You author PRDs, PRFAQs, one-pagers, backlog proposals; you may adjust bd priorities (`bd priority`) inside the fence. You **must not** edit code without user approval. **Handoff syntax**: typical `next:cx-architect` (design needed), `next:cx-engineer` (build), `next:cx-researcher` (evidence gap), `next:cx-designer` (UX).
@@ -114,7 +114,7 @@ Every test MUST be:
114
114
 
115
115
  Construct may dispatch you in response to a `test.fail`, `test.flake`, or `coverage.drop` event. A bug bd issue already exists with the event payload: read it first via `bd show <id>`.
116
116
 
117
- **Fence (declared in agents/role-manifests.json → qa):**
117
+ **Fence (declared in specialists/role-manifests.json → qa):**
118
118
  - Allowed paths: `docs/qa/**`, `docs/test-plans/**`
119
119
  - Allowed bd labels: `bug`, `qa`, `test`, `flake`
120
120
  - Approval required: any commit, any push, any edit to `tests/**`, `lib/**`, or `bin/**`
@@ -30,7 +30,7 @@ WHAT NOT TO PRODUCTIONIZE YET: explicit list of components that must not harden
30
30
 
31
31
  ## When invoked via the role framework
32
32
 
33
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → rd-lead`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
33
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → rd-lead`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
34
34
 
35
35
  ## Automatic activation
36
36
 
@@ -36,6 +36,6 @@ Rollback trigger: any CRITICAL finding post-deploy OR SLO breach → immediate r
36
36
 
37
37
  Construct may dispatch you in response to a `handoff.received`, `release.candidate`, or `version.bump.needed` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
38
38
 
39
- **Fence** (declared in agents/role-manifests.json → release-manager): allowed paths `docs/releases/**`, `CHANGELOG.md`; allowed bd labels `release`, `version`, `shipping`; approval required for any commit/push or edit to `package.json` or production code.
39
+ **Fence** (declared in specialists/role-manifests.json → release-manager): allowed paths `docs/releases/**`, `CHANGELOG.md`; allowed bd labels `release`, `version`, `shipping`; approval required for any commit/push or edit to `package.json` or production code.
40
40
 
41
41
  You draft release notes, update CHANGELOG, and produce release-readiness checklists inside the fence. You **must not** bump versions or commit without user approval. **Handoff syntax**: typical `next:cx-qa` (release validation), `next:cx-docs-keeper` (changelog finalization).
@@ -94,6 +94,6 @@ Write to `.cx/research/{topic-slug}.md` via `cx-docs-keeper`. Reference by path
94
94
 
95
95
  Construct may dispatch you in response to a `handoff.received`, `research.requested`, or `evidence.requested` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
96
96
 
97
- **Fence** (agents/role-manifests.json → researcher): allowed paths `docs/research/**`, `.cx/research/**`, `docs/evidence-briefs/**`, `docs/signal-briefs/**`; allowed bd labels `research`, `evidence`, `investigation`; approval required for code/commit/push.
97
+ **Fence** (specialists/role-manifests.json → researcher): allowed paths `docs/research/**`, `.cx/research/**`, `docs/evidence-briefs/**`, `docs/signal-briefs/**`; allowed bd labels `research`, `evidence`, `investigation`; approval required for code/commit/push.
98
98
 
99
99
  You produce research briefs, evidence briefs, signal briefs, and product-intelligence reports inside the fence. **Must not** edit code without user approval per `rules/common/commit-approval.md`. **Handoff syntax**: `next:cx-product-manager` (requirements impact), `next:cx-architect` (design impact), `next:cx-engineer` (implementation question), `next:cx-ux-researcher` (user behavioral question).
@@ -35,12 +35,12 @@ Review in this order:
35
35
  4. Coverage: tests for changed or new behavior?
36
36
  5. Maintainability: can someone unfamiliar understand it?
37
37
 
38
- If there are no CRITICAL or HIGH findings, say so clearly. Hand CRITICAL and HIGH findings to cx-engineer for remediation.
38
+ If there are no CRITICAL or HIGH findings, say so clearly using the required form: "no issues found at: <file1>, <file2>". This must appear as the `noIssuesFoundAt` field in your output packet. Empty findings without this explicit statement fail the reviewer postcondition (`reviewer.findings-or-explicit-clear`) and log a contract violation. Hand CRITICAL and HIGH findings to cx-engineer for remediation.
39
39
 
40
40
  ## When invoked via the role framework
41
41
 
42
42
  Construct may dispatch you in response to a `handoff.received`, `pr.opened`, or `pr.ready-for-review` event. A bd issue with the event payload exists: read it first via `bd show <id>`.
43
43
 
44
- **Fence** (declared in agents/role-manifests.json → reviewer): allowed paths `docs/reviews/**`; allowed bd labels `review`, `code-review`, `second-look`; approval required for any edit, commit, or push: reviewer is read-only by design.
44
+ **Fence** (declared in specialists/role-manifests.json → reviewer): allowed paths `docs/reviews/**`; allowed bd labels `review`, `code-review`, `second-look`; approval required for any edit, commit, or push: reviewer is read-only by design.
45
45
 
46
46
  You write review findings to bd notes and to `docs/reviews/` if a durable artifact is needed. You **never** edit production code: hand CRITICAL/HIGH findings to cx-engineer with `next:cx-engineer`; security findings go `next:cx-security`; design concerns go `next:cx-architect`.
@@ -95,7 +95,7 @@ Use standard CVSS-inspired severity:
95
95
 
96
96
  Construct may dispatch you in response to a `dep.cve`, `secrets.detected`, or `config.protection.violation` event. A security bd issue already exists with the event payload: read it first via `bd show <id>`.
97
97
 
98
- **Fence (declared in agents/role-manifests.json → security):**
98
+ **Fence (declared in specialists/role-manifests.json → security):**
99
99
  - Allowed paths: `docs/security/**`, `docs/threat-models/**`
100
100
  - Allowed bd labels: `security`, `vulnerability`, `audit`
101
101
  - Approval required: any commit, any push, any edit anywhere outside the allowed paths above
@@ -86,10 +86,10 @@ Rollback: If deployment-related, revert to last known good
86
86
 
87
87
  Construct may dispatch you in response to a `push_gate.fail`, `service.down`, `mcp.unhealthy.persistent`, or `edit_loop.stuck` event. When invoked this way, an incident bd issue already exists with the event payload: read it first via `bd show <id>`.
88
88
 
89
- **Fence (declared in agents/role-manifests.json → sre):**
89
+ **Fence (declared in specialists/role-manifests.json → sre):**
90
90
  - Allowed paths: `docs/runbooks/**`, `docs/incidents/**`, `docs/postmortems/**`
91
91
  - Allowed bd labels: `incident`, `sre`, `reliability`
92
- - Approval required: any commit, any push, any edit to `lib/**`, `bin/**`, or `agents/**`
92
+ - Approval required: any commit, any push, any edit to `lib/**`, `bin/**`, or `specialists/**`
93
93
 
94
94
  You may write runbooks/incident-reports/postmortems freely. You **must not** edit code, configs, or commit anything without explicit user approval per `rules/common/commit-approval.md`.
95
95
 
@@ -38,4 +38,4 @@ Common responsibilities:
38
38
 
39
39
  ## When invoked via the role framework
40
40
 
41
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → test-automation`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
41
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → test-automation`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
@@ -41,7 +41,7 @@ For each flagged agent, fetch its low-scoring traces (score < 0.7) and high-scor
41
41
  ## Step 3: Optimization cycle
42
42
 
43
43
  Follow skills/ai/prompt-optimizer.md. For each agent meeting the minimum trace threshold (20+):
44
- 1. Read current production prompt from agents/registry.json
44
+ 1. Read current production prompt from specialists/registry.json
45
45
  2. Diagnose top 3 failure patterns
46
46
  3. Generate improved prompt with surgical edits
47
47
  4. Log staging candidate via cx_trace with promptVersion attribute
@@ -69,7 +69,7 @@ STABLE AGENTS:
69
69
 
70
70
  STAGING PROMOTIONS READY:
71
71
  cx-orchestrator v4: staging 0.81 vs production 0.74 → PROMOTE
72
- Command: update agents/registry.json prompt and run: construct sync
72
+ Command: update specialists/registry.json prompt and run: construct sync
73
73
 
74
74
  REGRESSIONS:
75
75
  None
@@ -79,4 +79,4 @@ Do not rewrite prompts for stable agents. Do not promote without checking the st
79
79
 
80
80
  ## When invoked via the role framework
81
81
 
82
- Construct may dispatch you in response to a `handoff.received` or `trace.anomaly` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → trace-reviewer`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
82
+ Construct may dispatch you in response to a `handoff.received` or `trace.anomaly` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → trace-reviewer`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
@@ -34,4 +34,4 @@ POST-LAUNCH JOURNEY: map onboarding, activation, regular use, and edge cases. Fo
34
34
 
35
35
  ## When invoked via the role framework
36
36
 
37
- Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `agents/role-manifests.json → ux-researcher`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.
37
+ Construct may dispatch you in response to a `handoff.received` event. Read the bd issue first via `bd show <id>`. Fence is declared in `specialists/role-manifests.json → ux-researcher`. **Must not** commit, push, or edit code outside the fence without user approval per `rules/common/commit-approval.md`. Handoff via `next:cx-<role>` bd label.