@hegemonart/get-design-done 1.42.0 → 1.43.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +2 -2
- package/.claude-plugin/plugin.json +1 -1
- package/CHANGELOG.md +1080 -1038
- package/README.md +157 -155
- package/SKILL.md +42 -42
- package/agents/README.md +53 -53
- package/agents/a11y-mapper.md +3 -3
- package/agents/component-benchmark-harvester.md +8 -8
- package/agents/component-benchmark-synthesizer.md +11 -11
- package/agents/component-taxonomy-mapper.md +5 -5
- package/agents/compose-executor.md +25 -25
- package/agents/conflict-resolver.md +8 -8
- package/agents/cost-forecaster.md +12 -12
- package/agents/decision-journal-exporter.md +5 -5
- package/agents/design-advisor.md +19 -19
- package/agents/design-assumptions-analyzer.md +16 -16
- package/agents/design-auditor.md +39 -39
- package/agents/design-authority-watcher.md +28 -28
- package/agents/design-component-generator.md +27 -27
- package/agents/design-context-builder.md +66 -66
- package/agents/design-context-checker-gate.md +5 -5
- package/agents/design-context-checker.md +20 -20
- package/agents/design-discussant.md +23 -23
- package/agents/design-doc-writer.md +12 -12
- package/agents/design-executor.md +38 -38
- package/agents/design-figma-writer.md +31 -31
- package/agents/design-fixer.md +27 -27
- package/agents/design-integration-checker-gate.md +5 -5
- package/agents/design-integration-checker.md +29 -29
- package/agents/design-paper-writer.md +14 -14
- package/agents/design-pattern-mapper.md +9 -9
- package/agents/design-pencil-writer.md +12 -12
- package/agents/design-phase-researcher.md +14 -14
- package/agents/design-plan-checker.md +13 -13
- package/agents/design-planner.md +24 -24
- package/agents/design-reflector.md +48 -48
- package/agents/design-research-synthesizer.md +21 -21
- package/agents/design-start-writer.md +7 -7
- package/agents/design-update-checker.md +8 -8
- package/agents/design-verifier-gate.md +5 -5
- package/agents/design-verifier.md +80 -80
- package/agents/ds-generator.md +14 -14
- package/agents/ds-migration-planner.md +12 -12
- package/agents/email-executor.md +26 -26
- package/agents/experiment-result-ingester.md +10 -10
- package/agents/flutter-executor.md +28 -28
- package/agents/gdd-graph-refresh.md +10 -10
- package/agents/gdd-intel-updater.md +11 -11
- package/agents/gdd-learnings-extractor.md +2 -2
- package/agents/motion-mapper.md +8 -8
- package/agents/motion-verifier.md +16 -16
- package/agents/pdf-executor.md +27 -27
- package/agents/perf-analyzer.md +20 -20
- package/agents/pr-commenter.md +24 -24
- package/agents/prototype-gate.md +29 -29
- package/agents/quality-gate-runner.md +21 -21
- package/agents/rollout-coordinator.md +8 -8
- package/agents/swift-executor.md +41 -41
- package/agents/ticket-sync-agent.md +19 -19
- package/agents/token-mapper.md +6 -6
- package/agents/user-research-synthesizer.md +13 -13
- package/agents/visual-hierarchy-mapper.md +2 -2
- package/dist/claude-code/.claude/skills/add-backlog/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/analyze-dependencies/SKILL.md +10 -10
- package/dist/claude-code/.claude/skills/apply-reflections/SKILL.md +13 -13
- package/dist/claude-code/.claude/skills/apply-reflections/apply-reflections-procedure.md +20 -20
- package/dist/claude-code/.claude/skills/audit/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/bandit-status/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/benchmark/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/bootstrap-ds/SKILL.md +10 -10
- package/dist/claude-code/.claude/skills/brief/SKILL.md +20 -20
- package/dist/claude-code/.claude/skills/budget/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/cache-manager/SKILL.md +6 -6
- package/dist/claude-code/.claude/skills/cache-manager/cache-policy.md +5 -5
- package/dist/claude-code/.claude/skills/check-update/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/compare/SKILL.md +15 -15
- package/dist/claude-code/.claude/skills/compare/compare-rubric.md +17 -17
- package/dist/claude-code/.claude/skills/complete-cycle/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/connections/SKILL.md +11 -11
- package/dist/claude-code/.claude/skills/connections/connections-onboarding.md +76 -76
- package/dist/claude-code/.claude/skills/continue/SKILL.md +2 -2
- package/dist/claude-code/.claude/skills/darkmode/SKILL.md +17 -17
- package/dist/claude-code/.claude/skills/darkmode/darkmode-audit-procedure.md +7 -7
- package/dist/claude-code/.claude/skills/debug/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/debug/debug-feedback-loops.md +12 -12
- package/dist/claude-code/.claude/skills/design/SKILL.md +12 -12
- package/dist/claude-code/.claude/skills/design/design-procedure.md +23 -23
- package/dist/claude-code/.claude/skills/discover/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/discover/discover-procedure.md +18 -18
- package/dist/claude-code/.claude/skills/discuss/SKILL.md +12 -12
- package/dist/claude-code/.claude/skills/do/SKILL.md +1 -1
- package/dist/claude-code/.claude/skills/explore/SKILL.md +21 -21
- package/dist/claude-code/.claude/skills/explore/explore-procedure.md +48 -48
- package/dist/claude-code/.claude/skills/export/SKILL.md +9 -9
- package/dist/claude-code/.claude/skills/extract-learnings/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/fast/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/figma-extract/SKILL.md +11 -11
- package/dist/claude-code/.claude/skills/figma-write/SKILL.md +6 -6
- package/dist/claude-code/.claude/skills/graphify/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/health/SKILL.md +16 -16
- package/dist/claude-code/.claude/skills/health/health-mcp-detection.md +3 -3
- package/dist/claude-code/.claude/skills/health/health-skill-length-report.md +6 -6
- package/dist/claude-code/.claude/skills/help/SKILL.md +1 -1
- package/dist/claude-code/.claude/skills/list-assumptions/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/map/SKILL.md +12 -12
- package/dist/claude-code/.claude/skills/migrate/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/new-cycle/SKILL.md +2 -2
- package/dist/claude-code/.claude/skills/new-cycle/milestone-completeness-rubric.md +16 -16
- package/dist/claude-code/.claude/skills/new-project/SKILL.md +1 -1
- package/dist/claude-code/.claude/skills/next/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/note/SKILL.md +1 -1
- package/dist/claude-code/.claude/skills/openrouter-status/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/optimize/SKILL.md +15 -15
- package/dist/claude-code/.claude/skills/pause/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/peer-cli-add/SKILL.md +11 -11
- package/dist/claude-code/.claude/skills/peer-cli-add/peer-cli-protocol.md +39 -39
- package/dist/claude-code/.claude/skills/peer-cli-customize/SKILL.md +14 -14
- package/dist/claude-code/.claude/skills/peers/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/plan/SKILL.md +13 -13
- package/dist/claude-code/.claude/skills/plan/plan-procedure.md +24 -24
- package/dist/claude-code/.claude/skills/plant-seed/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/pr-branch/SKILL.md +2 -2
- package/dist/claude-code/.claude/skills/progress/SKILL.md +15 -15
- package/dist/claude-code/.claude/skills/quality-gate/SKILL.md +22 -22
- package/dist/claude-code/.claude/skills/quality-gate/threat-modeling.md +19 -19
- package/dist/claude-code/.claude/skills/quick/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/reapply-patches/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/reflect/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/reflect/procedures/capability-gap-scan.md +11 -11
- package/dist/claude-code/.claude/skills/report-issue/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/report-issue/report-issue-procedure.md +27 -27
- package/dist/claude-code/.claude/skills/resume/SKILL.md +9 -9
- package/dist/claude-code/.claude/skills/review-backlog/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/review-decisions/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/roi/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/rollout-status/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/router/SKILL.md +11 -11
- package/dist/claude-code/.claude/skills/router/capability-gap-emitter.md +6 -6
- package/dist/claude-code/.claude/skills/router/router-pick-emitter.md +9 -9
- package/dist/claude-code/.claude/skills/router/router-rules.md +7 -7
- package/dist/claude-code/.claude/skills/scan/SKILL.md +16 -16
- package/dist/claude-code/.claude/skills/scan/scan-procedure.md +42 -42
- package/dist/claude-code/.claude/skills/settings/SKILL.md +2 -2
- package/dist/claude-code/.claude/skills/ship/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/sketch/SKILL.md +10 -10
- package/dist/claude-code/.claude/skills/sketch-wrap-up/SKILL.md +12 -12
- package/dist/claude-code/.claude/skills/skill-manifest/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/spike/SKILL.md +7 -7
- package/dist/claude-code/.claude/skills/spike-wrap-up/SKILL.md +13 -13
- package/dist/claude-code/.claude/skills/start/SKILL.md +8 -8
- package/dist/claude-code/.claude/skills/start/start-procedure.md +9 -9
- package/dist/claude-code/.claude/skills/stats/SKILL.md +5 -5
- package/dist/claude-code/.claude/skills/style/SKILL.md +12 -12
- package/dist/claude-code/.claude/skills/style/style-doc-procedure.md +12 -12
- package/dist/claude-code/.claude/skills/synthesize/SKILL.md +10 -10
- package/dist/claude-code/.claude/skills/timeline/SKILL.md +4 -4
- package/dist/claude-code/.claude/skills/todo/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/turn-closeout/SKILL.md +10 -10
- package/dist/claude-code/.claude/skills/unlock-decision/SKILL.md +3 -3
- package/dist/claude-code/.claude/skills/update/SKILL.md +9 -9
- package/dist/claude-code/.claude/skills/using-gdd/SKILL.md +17 -17
- package/dist/claude-code/.claude/skills/verify/SKILL.md +13 -13
- package/dist/claude-code/.claude/skills/verify/verify-procedure.md +34 -34
- package/dist/claude-code/.claude/skills/warm-cache/SKILL.md +8 -8
- package/dist/claude-code/.claude/skills/watch-authorities/SKILL.md +9 -9
- package/dist/claude-code/.claude/skills/zoom-out/SKILL.md +4 -4
- package/package.json +5 -2
- package/reference/DEPRECATIONS.md +10 -10
- package/reference/STATE-TEMPLATE.md +26 -26
- package/reference/accessibility.md +13 -13
- package/reference/adr-format.md +13 -13
- package/reference/ai-native-tool-interface.md +5 -5
- package/reference/anti-patterns.md +9 -9
- package/reference/architecture-vocabulary.md +31 -31
- package/reference/audit-scoring.md +13 -13
- package/reference/authority-feeds.md +36 -36
- package/reference/bandit-integration.md +25 -25
- package/reference/brand-voice.md +36 -36
- package/reference/capability-gap-stage-gate.md +20 -20
- package/reference/checklists.md +26 -26
- package/reference/cli-localization.md +13 -13
- package/reference/codex-tools.md +2 -2
- package/reference/color-theory.md +28 -28
- package/reference/component-authoring.md +4 -4
- package/reference/components/README.md +13 -13
- package/reference/components/TEMPLATE.md +13 -13
- package/reference/components/accordion.md +15 -15
- package/reference/components/alert.md +25 -25
- package/reference/components/badge.md +18 -18
- package/reference/components/breadcrumbs.md +24 -24
- package/reference/components/button.md +21 -21
- package/reference/components/card.md +13 -13
- package/reference/components/checkbox.md +20 -20
- package/reference/components/chip.md +20 -20
- package/reference/components/command-palette.md +15 -15
- package/reference/components/date-picker.md +22 -22
- package/reference/components/drawer.md +13 -13
- package/reference/components/file-upload.md +22 -22
- package/reference/components/input.md +18 -18
- package/reference/components/label.md +25 -25
- package/reference/components/link.md +19 -19
- package/reference/components/list.md +17 -17
- package/reference/components/menu.md +19 -19
- package/reference/components/modal-dialog.md +16 -16
- package/reference/components/navbar.md +19 -19
- package/reference/components/pagination.md +18 -18
- package/reference/components/popover.md +12 -12
- package/reference/components/progress.md +18 -18
- package/reference/components/radio.md +17 -17
- package/reference/components/rich-text-editor.md +24 -24
- package/reference/components/select-combobox.md +16 -16
- package/reference/components/sidebar.md +15 -15
- package/reference/components/skeleton.md +20 -20
- package/reference/components/slider.md +20 -20
- package/reference/components/stepper.md +24 -24
- package/reference/components/switch.md +19 -19
- package/reference/components/table.md +21 -21
- package/reference/components/tabs.md +11 -11
- package/reference/components/toast.md +19 -19
- package/reference/components/tooltip.md +19 -19
- package/reference/components/tree.md +17 -17
- package/reference/composition.md +38 -38
- package/reference/config-schema.md +37 -37
- package/reference/context-md-format.md +9 -9
- package/reference/contrast-advanced.md +29 -29
- package/reference/conversational-ui.md +17 -17
- package/reference/cost-governance.md +14 -14
- package/reference/css-grid-layout.md +8 -8
- package/reference/cycle-handoff-preamble.md +3 -3
- package/reference/data-visualization.md +67 -67
- package/reference/debugger-philosophy.md +5 -5
- package/reference/design-system-guidance.md +21 -21
- package/reference/design-systems-catalog.md +20 -20
- package/reference/design-variants.md +11 -11
- package/reference/domains/civic-patterns.md +10 -10
- package/reference/domains/finance-patterns.md +9 -9
- package/reference/domains/gaming-patterns.md +9 -9
- package/reference/domains/healthcare-patterns.md +11 -11
- package/reference/ds-bootstrap-rubric.md +13 -13
- package/reference/email-design.md +22 -22
- package/reference/emotional-design.md +10 -10
- package/reference/error-recovery.md +11 -11
- package/reference/export-formats.md +7 -7
- package/reference/figma-sandbox.md +6 -6
- package/reference/first-principles.md +10 -10
- package/reference/form-patterns.md +26 -26
- package/reference/framer-motion-patterns.md +49 -49
- package/reference/gdd-runtime-audit.md +17 -17
- package/reference/gdd-threat-model.md +44 -44
- package/reference/gemini-tools.md +3 -3
- package/reference/gestalt.md +24 -24
- package/reference/heuristics.md +32 -32
- package/reference/i18n.md +44 -44
- package/reference/iconography.md +24 -24
- package/reference/image-optimization.md +14 -14
- package/reference/information-architecture.md +47 -47
- package/reference/intel-schema.md +1 -1
- package/reference/known-failure-modes.md +37 -37
- package/reference/meta-rules.md +5 -5
- package/reference/migrations/material-3-to-4.md +17 -17
- package/reference/migrations/mui-v6.md +16 -16
- package/reference/migrations/shadcn-v2.md +25 -25
- package/reference/migrations/tailwind-v4.md +21 -21
- package/reference/model-prices.md +3 -3
- package/reference/model-tiers.md +40 -40
- package/reference/motion-advanced.md +21 -21
- package/reference/motion-easings.md +29 -29
- package/reference/motion-interpolate.md +1 -1
- package/reference/motion-spring.md +13 -13
- package/reference/motion-transition-taxonomy.md +34 -34
- package/reference/motion.md +31 -31
- package/reference/multi-author-model.md +13 -13
- package/reference/native-platforms.md +28 -28
- package/reference/notification-routing.md +6 -6
- package/reference/onboarding-progressive-disclosure.md +32 -32
- package/reference/openrouter-tier-mapping.md +8 -8
- package/reference/palette-catalog.md +37 -37
- package/reference/parallelism-rules.md +20 -20
- package/reference/peer-cli-capabilities.md +14 -14
- package/reference/peer-protocols.md +21 -21
- package/reference/perf-budget.md +21 -21
- package/reference/performance.md +22 -22
- package/reference/platforms.md +51 -51
- package/reference/pr-review-integration.md +7 -7
- package/reference/prices/antigravity.md +3 -3
- package/reference/prices/augment.md +3 -3
- package/reference/prices/claude.md +2 -2
- package/reference/prices/cline.md +4 -4
- package/reference/prices/codebuddy.md +3 -3
- package/reference/prices/codex.md +2 -2
- package/reference/prices/copilot.md +3 -3
- package/reference/prices/cursor.md +3 -3
- package/reference/prices/gemini.md +2 -2
- package/reference/prices/kilo.md +3 -3
- package/reference/prices/opencode.md +4 -4
- package/reference/prices/qwen.md +2 -2
- package/reference/prices/trae.md +3 -3
- package/reference/prices/windsurf.md +3 -3
- package/reference/prices.openrouter.md +5 -5
- package/reference/print-design.md +36 -36
- package/reference/priority-matrix.md +2 -2
- package/reference/project-skills-guide.md +3 -3
- package/reference/proportion-systems.md +23 -23
- package/reference/pseudonymization-rules.md +30 -30
- package/reference/retrieval-contract.md +14 -14
- package/reference/review-format.md +7 -7
- package/reference/rollout-coordination.md +10 -10
- package/reference/rtl-cjk-cultural.md +39 -39
- package/reference/runtime-models.md +28 -28
- package/reference/shared-preamble.md +26 -26
- package/reference/skill-authoring-contract.md +16 -16
- package/reference/skill-placeholders.md +3 -3
- package/reference/start-interview.md +10 -10
- package/reference/style-vocabulary.md +25 -25
- package/reference/surfaces.md +4 -4
- package/reference/ticket-sync.md +9 -9
- package/reference/typography.md +64 -64
- package/reference/user-research.md +54 -54
- package/reference/variable-fonts-loading.md +15 -15
- package/reference/visual-hierarchy-layout.md +41 -41
- package/scripts/lib/manifest/prose-denylist.json +1 -1
- package/skills/add-backlog/SKILL.md +3 -3
- package/skills/analyze-dependencies/SKILL.md +10 -10
- package/skills/apply-reflections/SKILL.md +13 -13
- package/skills/apply-reflections/apply-reflections-procedure.md +20 -20
- package/skills/audit/SKILL.md +7 -7
- package/skills/bandit-status/SKILL.md +7 -7
- package/skills/benchmark/SKILL.md +7 -7
- package/skills/bootstrap-ds/SKILL.md +10 -10
- package/skills/brief/SKILL.md +20 -20
- package/skills/budget/SKILL.md +4 -4
- package/skills/cache-manager/SKILL.md +6 -6
- package/skills/cache-manager/cache-policy.md +5 -5
- package/skills/check-update/SKILL.md +5 -5
- package/skills/compare/SKILL.md +15 -15
- package/skills/compare/compare-rubric.md +17 -17
- package/skills/complete-cycle/SKILL.md +5 -5
- package/skills/connections/SKILL.md +11 -11
- package/skills/connections/connections-onboarding.md +76 -76
- package/skills/continue/SKILL.md +2 -2
- package/skills/darkmode/SKILL.md +17 -17
- package/skills/darkmode/darkmode-audit-procedure.md +7 -7
- package/skills/debug/SKILL.md +3 -3
- package/skills/debug/debug-feedback-loops.md +12 -12
- package/skills/design/SKILL.md +12 -12
- package/skills/design/design-procedure.md +23 -23
- package/skills/discover/SKILL.md +7 -7
- package/skills/discover/discover-procedure.md +18 -18
- package/skills/discuss/SKILL.md +12 -12
- package/skills/do/SKILL.md +1 -1
- package/skills/explore/SKILL.md +21 -21
- package/skills/explore/explore-procedure.md +48 -48
- package/skills/export/SKILL.md +9 -9
- package/skills/extract-learnings/SKILL.md +5 -5
- package/skills/fast/SKILL.md +7 -7
- package/skills/figma-extract/SKILL.md +11 -11
- package/skills/figma-write/SKILL.md +6 -6
- package/skills/graphify/SKILL.md +4 -4
- package/skills/health/SKILL.md +16 -16
- package/skills/health/health-mcp-detection.md +3 -3
- package/skills/health/health-skill-length-report.md +6 -6
- package/skills/help/SKILL.md +1 -1
- package/skills/list-assumptions/SKILL.md +4 -4
- package/skills/map/SKILL.md +12 -12
- package/skills/migrate/SKILL.md +5 -5
- package/skills/new-cycle/SKILL.md +2 -2
- package/skills/new-cycle/milestone-completeness-rubric.md +16 -16
- package/skills/new-project/SKILL.md +1 -1
- package/skills/next/SKILL.md +5 -5
- package/skills/note/SKILL.md +1 -1
- package/skills/openrouter-status/SKILL.md +4 -4
- package/skills/optimize/SKILL.md +15 -15
- package/skills/pause/SKILL.md +5 -5
- package/skills/peer-cli-add/SKILL.md +11 -11
- package/skills/peer-cli-add/peer-cli-protocol.md +39 -39
- package/skills/peer-cli-customize/SKILL.md +14 -14
- package/skills/peers/SKILL.md +4 -4
- package/skills/plan/SKILL.md +13 -13
- package/skills/plan/plan-procedure.md +24 -24
- package/skills/plant-seed/SKILL.md +4 -4
- package/skills/pr-branch/SKILL.md +2 -2
- package/skills/progress/SKILL.md +15 -15
- package/skills/quality-gate/SKILL.md +22 -22
- package/skills/quality-gate/threat-modeling.md +19 -19
- package/skills/quick/SKILL.md +5 -5
- package/skills/reapply-patches/SKILL.md +7 -7
- package/skills/reflect/SKILL.md +3 -3
- package/skills/reflect/procedures/capability-gap-scan.md +11 -11
- package/skills/report-issue/SKILL.md +5 -5
- package/skills/report-issue/report-issue-procedure.md +27 -27
- package/skills/resume/SKILL.md +9 -9
- package/skills/review-backlog/SKILL.md +3 -3
- package/skills/review-decisions/SKILL.md +3 -3
- package/skills/roi/SKILL.md +5 -5
- package/skills/rollout-status/SKILL.md +4 -4
- package/skills/router/SKILL.md +11 -11
- package/skills/router/capability-gap-emitter.md +6 -6
- package/skills/router/router-pick-emitter.md +9 -9
- package/skills/router/router-rules.md +7 -7
- package/skills/scan/SKILL.md +16 -16
- package/skills/scan/scan-procedure.md +42 -42
- package/skills/settings/SKILL.md +2 -2
- package/skills/ship/SKILL.md +7 -7
- package/skills/sketch/SKILL.md +10 -10
- package/skills/sketch-wrap-up/SKILL.md +12 -12
- package/skills/skill-manifest/SKILL.md +5 -5
- package/skills/spike/SKILL.md +7 -7
- package/skills/spike-wrap-up/SKILL.md +13 -13
- package/skills/start/SKILL.md +8 -8
- package/skills/start/start-procedure.md +9 -9
- package/skills/stats/SKILL.md +5 -5
- package/skills/style/SKILL.md +12 -12
- package/skills/style/style-doc-procedure.md +12 -12
- package/skills/synthesize/SKILL.md +10 -10
- package/skills/timeline/SKILL.md +4 -4
- package/skills/todo/SKILL.md +3 -3
- package/skills/turn-closeout/SKILL.md +10 -10
- package/skills/unlock-decision/SKILL.md +3 -3
- package/skills/update/SKILL.md +9 -9
- package/skills/using-gdd/SKILL.md +17 -17
- package/skills/verify/SKILL.md +13 -13
- package/skills/verify/verify-procedure.md +34 -34
- package/skills/warm-cache/SKILL.md +8 -8
- package/skills/watch-authorities/SKILL.md +9 -9
- package/skills/zoom-out/SKILL.md +4 -4
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
## Scope
|
|
7
7
|
|
|
8
|
-
This document models the security posture of **GDD's own runtime**
|
|
8
|
+
This document models the security posture of **GDD's own runtime** - the
|
|
9
9
|
multi-MCP-server, peer-CLI-spawning, WebSocket-emitting SDK that grew across
|
|
10
10
|
Phases 20–27 without a formalized security model. It does **NOT** model the
|
|
11
11
|
user code that GDD audits; the safety floor for *audited user code* is Phase
|
|
@@ -25,10 +25,10 @@ audit trail), **I**nformation disclosure (leaking data to the wrong party),
|
|
|
25
25
|
Each of the five in-scope components below gets a fixed five-part treatment:
|
|
26
26
|
**Assets** (what an attacker wants), **Entry points** (the untrusted-input
|
|
27
27
|
boundary), **STRIDE threats** (which categories apply), **Current mitigations**
|
|
28
|
-
(citing **real shipped code**
|
|
28
|
+
(citing **real shipped code** - file + line + behavior), and **Residual risks**
|
|
29
29
|
(threats current code does **not** fully cover, each routed to the Phase 33.5
|
|
30
30
|
plan that closes it). Out of scope per CONTEXT: rewriting the issue-reporter
|
|
31
|
-
network model
|
|
31
|
+
network model - it is **documented** here as already-mitigated, not
|
|
32
32
|
re-engineered.
|
|
33
33
|
|
|
34
34
|
## Trust boundaries
|
|
@@ -46,13 +46,13 @@ controls; the table names what crosses the line.
|
|
|
46
46
|
| OpenRouter catalog fetch `→` openrouter.ai | The OpenRouter `/models` API host (and any MITM on the path) | The `Authorization: Bearer <OPENROUTER_API_KEY>` request header + the untrusted `/models` JSON the host returns |
|
|
47
47
|
|
|
48
48
|
The event payloads that traverse the bus (and therefore the WS transport and
|
|
49
|
-
any persisted JSONL) are scrubbed at serialize time
|
|
49
|
+
any persisted JSONL) are scrubbed at serialize time - see Component 4's
|
|
50
50
|
`redact.cjs` mitigation, which is the cross-cutting information-disclosure
|
|
51
51
|
control for the whole bus.
|
|
52
52
|
|
|
53
53
|
---
|
|
54
54
|
|
|
55
|
-
## Component 1
|
|
55
|
+
## Component 1 - Hooks (SessionStart update-check + budget/context-monitor)
|
|
56
56
|
|
|
57
57
|
The hooks run automatically: `SessionStart` fires the update-check on every
|
|
58
58
|
session, and the budget / context-monitor hook runs on tool-use to enforce
|
|
@@ -71,16 +71,16 @@ inside the user's repo, with no sandbox.
|
|
|
71
71
|
"latest version" response to the update-check.
|
|
72
72
|
- **Tampering:** A malformed `.design/config.json` could try to corrupt the
|
|
73
73
|
budget/context accounting or flip the monitor's thresholds.
|
|
74
|
-
- **Repudiation:** Hook actions are largely silent
|
|
74
|
+
- **Repudiation:** Hook actions are largely silent - limited audit trail of
|
|
75
75
|
what a SessionStart hook did or why a budget veto fired.
|
|
76
76
|
- **Information disclosure:** The update-check's User-Agent / outbound
|
|
77
77
|
request reveals that GDD is in use; a verbose hook could echo env into logs.
|
|
78
78
|
- **Denial of service:** A hung or slow update endpoint could stall session
|
|
79
79
|
start if the fetch were unbounded.
|
|
80
|
-
- **Elevation of privilege:** The hook already runs at full user privilege
|
|
80
|
+
- **Elevation of privilege:** The hook already runs at full user privilege -
|
|
81
81
|
the residual concern is a config-driven path or command injection lifting
|
|
82
82
|
*attacker* input to that privilege level.
|
|
83
|
-
- **Current mitigations:** The update-check is **advisory**
|
|
83
|
+
- **Current mitigations:** The update-check is **advisory** - it informs of a
|
|
84
84
|
newer version and never auto-installs or executes downloaded code, so a
|
|
85
85
|
spoofed version string cannot achieve code execution. The budget /
|
|
86
86
|
context-monitor reads config defensively (missing file / malformed JSON /
|
|
@@ -98,13 +98,13 @@ inside the user's repo, with no sandbox.
|
|
|
98
98
|
|
|
99
99
|
---
|
|
100
100
|
|
|
101
|
-
## Component 2
|
|
101
|
+
## Component 2 - MCP servers (gdd-state: 11 mutating tools / gdd-mcp: read)
|
|
102
102
|
|
|
103
103
|
Two MCP servers expose GDD state to an MCP client: **gdd-state**
|
|
104
|
-
(`sdk/mcp/gdd-state/`) with **11 mutating tools**
|
|
104
|
+
(`sdk/mcp/gdd-state/`) with **11 mutating tools** - `add_blocker`,
|
|
105
105
|
`add_decision`, `add_must_have`, `checkpoint`, `frontmatter_update`, `get`,
|
|
106
106
|
`probe_connections`, `resolve_blocker`, `set_status`, `transition_stage`,
|
|
107
|
-
`update_progress`
|
|
107
|
+
`update_progress` - and **gdd-mcp** (`sdk/mcp/gdd-mcp/`) with read tools. The
|
|
108
108
|
mutating server is the higher-value target because it writes `STATE.md`.
|
|
109
109
|
|
|
110
110
|
- **Assets:** The integrity of `STATE.md` (the project's source of truth for
|
|
@@ -120,7 +120,7 @@ mutating server is the higher-value target because it writes `STATE.md`.
|
|
|
120
120
|
`STATE.md`, or `GDD_STATE_PATH` could redirect writes onto an unintended
|
|
121
121
|
file (path traversal).
|
|
122
122
|
- **Repudiation:** Without a complete mutation audit trail, a hostile or
|
|
123
|
-
buggy mutation is hard to attribute
|
|
123
|
+
buggy mutation is hard to attribute - partly addressed by the event
|
|
124
124
|
emissions below.
|
|
125
125
|
- **Information disclosure:** A `get` against a traversed path could read a
|
|
126
126
|
file outside the intended `.design/` boundary.
|
|
@@ -132,14 +132,14 @@ mutating server is the higher-value target because it writes `STATE.md`.
|
|
|
132
132
|
- **Current mitigations:** Every mutation emits a `state.mutation` /
|
|
133
133
|
`state.transition` event through `emitStateMutation()` / `emitStateTransition()`
|
|
134
134
|
(`sdk/mcp/gdd-state/tools/shared.ts` lines 91–140), giving a partial audit
|
|
135
|
-
trail (anti-repudiation). Handlers **never throw to the harness**
|
|
135
|
+
trail (anti-repudiation). Handlers **never throw to the harness** - every
|
|
136
136
|
error funnels through `errorResponse()` → `toToolError()` into a structured
|
|
137
137
|
`{success:false,error}` (shared.ts lines 28–31, 148–151), so a malformed
|
|
138
138
|
input degrades to a clean error instead of a crash. Each of the 11 tools
|
|
139
139
|
already ships a JSON input schema under `sdk/mcp/gdd-state/schemas/`. State
|
|
140
140
|
events are redacted by `redact.cjs` at serialize time (Component 4).
|
|
141
141
|
- **Residual risks:** `resolveStatePath()` (`sdk/mcp/gdd-state/tools/shared.ts`
|
|
142
|
-
lines 60–64) honors `GDD_STATE_PATH` with **no path-traversal guard**
|
|
142
|
+
lines 60–64) honors `GDD_STATE_PATH` with **no path-traversal guard** - it
|
|
143
143
|
returns the override verbatim, so `..` escape / absolute-outside / symlink
|
|
144
144
|
escape are unchecked. The tool schemas exist but carry **no payload-size cap**
|
|
145
145
|
(no JSON-bomb guard) and are not uniformly tightened
|
|
@@ -149,15 +149,15 @@ mutating server is the higher-value target because it writes `STATE.md`.
|
|
|
149
149
|
|
|
150
150
|
---
|
|
151
151
|
|
|
152
|
-
## Component 3
|
|
152
|
+
## Component 3 - Peer-CLI broker (acp-client + asp-client child spawn)
|
|
153
153
|
|
|
154
154
|
The broker spawns peer CLIs over stdio: `scripts/lib/peer-cli/acp-client.cjs`
|
|
155
155
|
(ACP-protocol peers) and `scripts/lib/peer-cli/asp-client.cjs` (Codex
|
|
156
156
|
app-server protocol). Both fork a local child process and exchange
|
|
157
|
-
line-delimited JSON over its stdio. The child is **untrusted**
|
|
157
|
+
line-delimited JSON over its stdio. The child is **untrusted** - it is a
|
|
158
158
|
third-party CLI whose stdout the broker parses.
|
|
159
159
|
|
|
160
|
-
- **Assets:** GDD's process environment
|
|
160
|
+
- **Assets:** GDD's process environment - specifically `ANTHROPIC_API_KEY`,
|
|
161
161
|
`GH_TOKEN`, and any `GDD_*` / provider secret in `process.env`; the broker's
|
|
162
162
|
memory/availability; the integrity of the JSON protocol exchange.
|
|
163
163
|
- **Entry points:** The child's **stdout** (untrusted JSON frames the broker
|
|
@@ -170,23 +170,23 @@ third-party CLI whose stdout the broker parses.
|
|
|
170
170
|
the broker's line-buffer / pending-request state.
|
|
171
171
|
- **Repudiation:** Limited record of exactly what env a given child was
|
|
172
172
|
handed at spawn.
|
|
173
|
-
- **Information disclosure:** **The headline risk**
|
|
173
|
+
- **Information disclosure:** **The headline risk** - the child inherits
|
|
174
174
|
GDD's full environment, so a hostile or compromised peer reads
|
|
175
175
|
`ANTHROPIC_API_KEY` / `GH_TOKEN` straight out of `process.env`.
|
|
176
176
|
- **Denial of service:** A peer that never emits a newline could force the
|
|
177
177
|
broker to buffer unbounded stdout until memory exhaustion.
|
|
178
178
|
- **Elevation of privilege:** Inherited secrets let a peer act *as GDD*
|
|
179
|
-
against GDD's providers
|
|
179
|
+
against GDD's providers - using GDD's keys for the peer's own ends.
|
|
180
180
|
- **Current mitigations:** `acp-client.cjs` caps an un-terminated stdout line
|
|
181
181
|
at **`MAX_LINE_BYTES = 16 * 1024 * 1024`** (16 MiB; defined line 62, enforced
|
|
182
|
-
lines 166–176
|
|
182
|
+
lines 166–176 - a peer that emits 16 MiB without a newline gets its active
|
|
183
183
|
prompt rejected as a protocol violation). This is a real **DoS guard** on the
|
|
184
184
|
untrusted stdout channel. The broker uses plain `spawn` with **no shell**
|
|
185
185
|
(acp-client.cjs lines 106–113, `windowsHide: true`), avoiding shell-injection
|
|
186
186
|
on the command path. Per-request correlation via a pending-id map bounds the
|
|
187
187
|
protocol state machine.
|
|
188
188
|
- **Residual risks:** Both clients default the child's environment to the
|
|
189
|
-
**full `process.env`** when `opts.env` is absent
|
|
189
|
+
**full `process.env`** when `opts.env` is absent - `acp-client.cjs` line 102
|
|
190
190
|
(`const env = opts.env && typeof opts.env === 'object' ? opts.env :
|
|
191
191
|
process.env;`) and `asp-client.cjs` line 122 (when `opts.env` is absent no
|
|
192
192
|
`spawnOptions.env` is set, so the child inherits the parent's `process.env` by
|
|
@@ -197,11 +197,11 @@ third-party CLI whose stdout the broker parses.
|
|
|
197
197
|
|
|
198
198
|
---
|
|
199
199
|
|
|
200
|
-
## Component 4
|
|
200
|
+
## Component 4 - WebSocket event-stream transport (scripts/lib/transports/ws.cjs)
|
|
201
201
|
|
|
202
202
|
`scripts/lib/transports/ws.cjs` exposes the event-stream bus over WebSocket:
|
|
203
203
|
one JSON event per text frame, with optional replay of a tail file to each new
|
|
204
|
-
connection. It is an **optional dependency** (`ws`)
|
|
204
|
+
connection. It is an **optional dependency** (`ws`) - absent installs render an
|
|
205
205
|
install hint instead of starting. When running, it is a network listener.
|
|
206
206
|
|
|
207
207
|
- **Assets:** The **event stream itself** (every `state.mutation` /
|
|
@@ -213,11 +213,11 @@ install hint instead of starting. When running, it is a network listener.
|
|
|
213
213
|
- **STRIDE threats:**
|
|
214
214
|
- **Spoofing:** A client without the token attempting to subscribe to the
|
|
215
215
|
live event stream.
|
|
216
|
-
- **Tampering:** N/A for inbound (the transport is push-only to clients)
|
|
216
|
+
- **Tampering:** N/A for inbound (the transport is push-only to clients) -
|
|
217
217
|
the concern is read access, not write.
|
|
218
218
|
- **Repudiation:** No per-connection identity beyond the shared token, so
|
|
219
219
|
individual subscribers are not distinguishable in an audit.
|
|
220
|
-
- **Information disclosure:** **The headline risk**
|
|
220
|
+
- **Information disclosure:** **The headline risk** - an unauthorized
|
|
221
221
|
subscriber would receive the entire live event stream, including any
|
|
222
222
|
sensitive payload detail, if it could reach the socket and pass auth.
|
|
223
223
|
- **Denial of service:** Many connections / a slow consumer could pressure
|
|
@@ -227,12 +227,12 @@ install hint instead of starting. When running, it is a network listener.
|
|
|
227
227
|
- **Current mitigations:** **Bearer-token auth is enforced on every upgrade**:
|
|
228
228
|
`ws.cjs` lines 110–116 reject any upgrade whose header is missing or where
|
|
229
229
|
the supplied token does not match the expected `Bearer` value, returning an `HTTP/1.1 401 Unauthorized` and a
|
|
230
|
-
socket destroy. The token **must be ≥8 chars**
|
|
230
|
+
socket destroy. The token **must be ≥8 chars** - `startServer` throws a
|
|
231
231
|
`TypeError` if `opts.token.length < 8` (line 74), preventing trivially weak
|
|
232
232
|
tokens. Backpressure is **fire-and-forget with no queue** (lines 91–108):
|
|
233
233
|
events for a non-OPEN socket are dropped, bounding memory under a slow
|
|
234
234
|
consumer. Cross-cutting for the whole bus: **`redact.cjs`** deep-walks every
|
|
235
|
-
event payload at serialize time (`scripts/lib/redact.cjs`
|
|
235
|
+
event payload at serialize time (`scripts/lib/redact.cjs` - `redact()` lines
|
|
236
236
|
95–116, `redactString()` lines 75–83) and scrubs **8 secret patterns** (pem,
|
|
237
237
|
jwt, anthropic `sk-ant-`, stripe `sk_live_`, slack `xox[baprs]`, github_pat
|
|
238
238
|
`ghp_`, aws `AKIA`, generic `sk-`), so secrets in event payloads are masked
|
|
@@ -240,7 +240,7 @@ install hint instead of starting. When running, it is a network listener.
|
|
|
240
240
|
the runtime's primary information-disclosure control across **all** components
|
|
241
241
|
that emit events.
|
|
242
242
|
- **Residual risks:**
|
|
243
|
-
- The server binds to **all interfaces (`0.0.0.0`)** by default
|
|
243
|
+
- The server binds to **all interfaces (`0.0.0.0`)** by default -
|
|
244
244
|
`httpServer.listen(opts.port, ...)` (line 145) passes **no host argument**,
|
|
245
245
|
so on a multi-homed / LAN host the token-protected stream is reachable
|
|
246
246
|
off-box. The token compare uses `!==` (line 112), which is
|
|
@@ -256,7 +256,7 @@ install hint instead of starting. When running, it is a network listener.
|
|
|
256
256
|
|
|
257
257
|
---
|
|
258
258
|
|
|
259
|
-
## Component 5
|
|
259
|
+
## Component 5 - Issue-reporter outbound (gh CLI only)
|
|
260
260
|
|
|
261
261
|
`scripts/lib/issue-reporter/` is the only first-party feature that intentionally
|
|
262
262
|
reaches the network. It assembles a bug report and submits it through the user's
|
|
@@ -271,25 +271,25 @@ model).
|
|
|
271
271
|
from local state); the `.design/config.json` and the env that gate whether the
|
|
272
272
|
reporter runs at all.
|
|
273
273
|
- **STRIDE threats:**
|
|
274
|
-
- **Spoofing:** A forged destination could try to receive reports
|
|
274
|
+
- **Spoofing:** A forged destination could try to receive reports - mitigated
|
|
275
275
|
by the frozen destination below.
|
|
276
276
|
- **Tampering:** Attempting to redirect submissions to an attacker repo by
|
|
277
277
|
injecting a destination override.
|
|
278
278
|
- **Repudiation:** Submissions flow through `gh` under the user's identity,
|
|
279
279
|
which is itself the attribution record.
|
|
280
|
-
- **Information disclosure:** **The headline risk**
|
|
280
|
+
- **Information disclosure:** **The headline risk** - a report could exfiltrate
|
|
281
281
|
secrets / PII embedded in local state if the payload were not scrubbed.
|
|
282
|
-
- **Denial of service:** Not a meaningful vector
|
|
282
|
+
- **Denial of service:** Not a meaningful vector - submission is a
|
|
283
283
|
user-initiated, one-shot CLI call.
|
|
284
284
|
- **Elevation of privilege:** Using the user's `gh` credentials beyond the
|
|
285
285
|
single sanctioned submit.
|
|
286
|
-
- **Current mitigations (ALREADY shipped
|
|
286
|
+
- **Current mitigations (ALREADY shipped - documented, no change here):**
|
|
287
287
|
- **Outbound is via the `gh` CLI ONLY.** `gh-submit.cjs` wraps
|
|
288
288
|
`gh issue create --repo <DESTINATION_REPO> --title … --body-file …` and is
|
|
289
289
|
explicit that "the user's gh CLI is the sole outbound primitive. No HTTP-S
|
|
290
290
|
URL literals, no global fetch primitive, no plugin-side credentials" (D-05).
|
|
291
291
|
There is no raw HTTP egress in this subtree.
|
|
292
|
-
- **Frozen destination.** `destination.cjs` is an `Object.freeze`-d module
|
|
292
|
+
- **Frozen destination.** `destination.cjs` is an `Object.freeze`-d module -
|
|
293
293
|
the single source of truth for the destination repo, with **no env-var
|
|
294
294
|
lookup, no config override, no flag override**. A static CI gate asserts it
|
|
295
295
|
is the only file under the report-issue tree that contains the destination
|
|
@@ -302,7 +302,7 @@ model).
|
|
|
302
302
|
- Payloads pass through privacy-diff / consent-prompt machinery before
|
|
303
303
|
submission, and event telemetry is redacted by `redact.cjs` (Component 4).
|
|
304
304
|
- **Residual risks:** The issue-reporter's **own** network model has no residual
|
|
305
|
-
this phase changes
|
|
305
|
+
this phase changes - it is intentionally documented as complete. The only
|
|
306
306
|
cross-cutting residual touching it is the **lack of a machine-readable
|
|
307
307
|
outbound allowlist + CI gate** that proves `gh-submit` is the sole egress in
|
|
308
308
|
this subtree at a tree-wide level: closed by **33.5-02** (the canonical
|
|
@@ -312,10 +312,10 @@ model).
|
|
|
312
312
|
|
|
313
313
|
---
|
|
314
314
|
|
|
315
|
-
## Component 6
|
|
315
|
+
## Component 6 - OpenRouter catalog fetcher (scripts/lib/openrouter/catalog-fetcher.cjs)
|
|
316
316
|
|
|
317
317
|
> Added in Phase 33.6 (OR-01, CONTEXT D-06). This is the runtime's **first
|
|
318
|
-
> plugin-side outbound REST client**
|
|
318
|
+
> plugin-side outbound REST client** - the issue-reporter (Component 5) reaches
|
|
319
319
|
> the network only through the user's `gh` CLI, and the WS transport (Component
|
|
320
320
|
> 4) is a *server*, not an outbound client. The catalog fetcher is the first
|
|
321
321
|
> first-party code to open an outbound HTTP request to a third-party host
|
|
@@ -326,7 +326,7 @@ model).
|
|
|
326
326
|
OpenRouter model catalog (`https://openrouter.ai/api/v1/models`) through an
|
|
327
327
|
**injectable `fetchImpl`** (default global `fetch`), maps the response into the
|
|
328
328
|
`.design/cache/openrouter-models.json` cache shape, and writes it atomically.
|
|
329
|
-
The live fetch is opt-in
|
|
329
|
+
The live fetch is opt-in - gated on `OPENROUTER_API_KEY` being present at
|
|
330
330
|
runtime; absent it, the fetcher returns cached-if-any-else-null and tier
|
|
331
331
|
resolution falls back to the native provider.
|
|
332
332
|
|
|
@@ -340,7 +340,7 @@ resolution falls back to the native provider.
|
|
|
340
340
|
`OPENROUTER_BASE_URL`) could feed a forged catalog.
|
|
341
341
|
- **Tampering:** A malformed/oversized `/models` body could try to corrupt the
|
|
342
342
|
cache the resolver reads, or smuggle unexpected fields downstream.
|
|
343
|
-
- **Information disclosure:** **The headline risk**
|
|
343
|
+
- **Information disclosure:** **The headline risk** - leaking the
|
|
344
344
|
`OPENROUTER_API_KEY` by persisting it to the cache, logging it, or sending it
|
|
345
345
|
to an unintended host.
|
|
346
346
|
- **Denial of service:** A hung or slow host could stall the fetch; a giant
|
|
@@ -349,7 +349,7 @@ resolution falls back to the native provider.
|
|
|
349
349
|
an attacker-chosen model id.
|
|
350
350
|
- **Current mitigations:** The key is read from **`OPENROUTER_API_KEY` env only**,
|
|
351
351
|
sent **solely** as an `Authorization: Bearer` request header, and is **never
|
|
352
|
-
persisted to the cache nor written to any log seam**
|
|
352
|
+
persisted to the cache nor written to any log seam** - the cache shape carries
|
|
353
353
|
only `id`/`name`/`context_length`/`pricing`, and the mapper keeps **only** those
|
|
354
354
|
fields, dropping everything else (the `/models` body is **mapped, never
|
|
355
355
|
eval'd**). The cache write is **atomic** (per-pid temp + rename) into the
|
|
@@ -359,11 +359,11 @@ resolution falls back to the native provider.
|
|
|
359
359
|
cached-if-any-else-null, bounding the DoS surface, and retries are **bounded**
|
|
360
360
|
(max 3 attempts) on a jittered-backoff curve with `rate-guard` awareness.
|
|
361
361
|
Egress is **allowlisted** via `scripts/lib/openrouter/**` in
|
|
362
|
-
`scripts/security/outbound-allowlist.json`
|
|
363
|
-
in that subtree
|
|
362
|
+
`scripts/security/outbound-allowlist.json` - the only sanctioned outbound site
|
|
363
|
+
in that subtree - so the 33.5 `scan:outbound` gate proves no un-approved egress
|
|
364
364
|
crept in. The **injectable `fetchImpl`** keeps the default `npm test` suite
|
|
365
|
-
hermetic (D-07)
|
|
366
|
-
(global `fetch` + `sdk/primitives` only
|
|
365
|
+
hermetic (D-07) - no live network - and there is **no new HTTP dependency**
|
|
366
|
+
(global `fetch` + `sdk/primitives` only - D-10), avoiding both a new supply-chain
|
|
367
367
|
surface and the gate's `axios`/`node-fetch`/`undici` package patterns.
|
|
368
368
|
- **Residual risks:** None this phase leaves open. The catalog is advisory data
|
|
369
369
|
consumed by the tier-resolver heuristic (33.6-02), which already clamps to
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Last verified: 2026-04-24
|
|
4
4
|
|
|
5
5
|
When a GDD skill references a Claude Code tool name, the Gemini runtime
|
|
6
|
-
translates to the equivalent below. Skills do NOT need to branch
|
|
6
|
+
translates to the equivalent below. Skills do NOT need to branch - the tool
|
|
7
7
|
name in prose is authoritative; Gemini resolves via this map.
|
|
8
8
|
|
|
9
9
|
## Tool-name mapping
|
|
@@ -40,7 +40,7 @@ All 11 tools exposed by the server appear as `mcp__gdd_state__*` in Gemini.
|
|
|
40
40
|
|
|
41
41
|
## Known gaps
|
|
42
42
|
|
|
43
|
-
- `Task` spawning: same as Codex
|
|
43
|
+
- `Task` spawning: same as Codex - prefer `run_shell_command("npx gdd-sdk stage ...")`.
|
|
44
44
|
See GEMINI.md for invocation details.
|
|
45
45
|
- Gemini's `replace` has stricter uniqueness requirements than CC's Edit;
|
|
46
46
|
when `old_string` appears more than once, Gemini requires context lines.
|
|
@@ -49,5 +49,5 @@ All 11 tools exposed by the server appear as `mcp__gdd_state__*` in Gemini.
|
|
|
49
49
|
|
|
50
50
|
---
|
|
51
51
|
|
|
52
|
-
Last verified: 2026-04-24
|
|
52
|
+
Last verified: 2026-04-24 - tool surface re-checked against Gemini CLI docs
|
|
53
53
|
current to this date. Revisit whenever Gemini ships a tool-vocabulary change.
|
package/reference/gestalt.md
CHANGED
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
<!-- UUPM ux-guidelines.csv rows deduped into this file and heuristics.md/anti-patterns.md/priority-matrix.md — see .planning/research/uupm-import/ux-guidelines-reconciliation.md -->
|
|
4
4
|
<!-- Source: nextlevelbuilder/ui-ux-pro-max-skill (MIT) — data/ux-guidelines.csv (deduped) -->
|
|
5
5
|
|
|
6
|
-
Gestalt psychology explains how the human visual system automatically organizes individual elements into coherent wholes. Designers who understand Gestalt principles can use them intentionally
|
|
6
|
+
Gestalt psychology explains how the human visual system automatically organizes individual elements into coherent wholes. Designers who understand Gestalt principles can use them intentionally - grouping what belongs together, separating what is distinct, directing attention flow, and reducing cognitive effort. Designers who ignore these principles will inadvertently create layouts that confuse perception, because the visual system will apply Gestalt organization regardless of the designer's intent.
|
|
7
7
|
|
|
8
|
-
The eight principles below are not rules to follow in isolation
|
|
8
|
+
The eight principles below are not rules to follow in isolation - they interact. A single design decision often activates multiple principles simultaneously. The audit checklist at the end of this file helps identify where principles are being violated or underutilized.
|
|
9
9
|
|
|
10
10
|
---
|
|
11
11
|
|
|
@@ -13,11 +13,11 @@ The eight principles below are not rules to follow in isolation — they interac
|
|
|
13
13
|
|
|
14
14
|
**Definition:** Elements that are physically close to each other are perceived as belonging to the same group, regardless of their visual appearance. Distance communicates separation; closeness communicates relationship.
|
|
15
15
|
|
|
16
|
-
**Design application:** Related controls
|
|
16
|
+
**Design application:** Related controls - a label and its input, an action button and its target, a heading and its body text - should be separated by no more than 8px. Unrelated elements should be separated by at least 32px. When this discipline is applied consistently, users read the layout's meaning before reading its content: the structure itself communicates relationships. Proximity is the most fundamental grouping tool available, and it costs nothing but intentionality.
|
|
17
17
|
|
|
18
18
|
Proximity violations are among the most common layout defects. The symptom is a layout where users do not immediately know which label belongs to which input, or which button acts on which content area. The fix is almost always to increase the distance between unrelated groups and decrease the distance within groups.
|
|
19
19
|
|
|
20
|
-
**Scoring rubric
|
|
20
|
+
**Scoring rubric - audit by looking for:**
|
|
21
21
|
- Label-to-input gap: should be ≤8px; flag anything ≥16px
|
|
22
22
|
- Button-to-target gap: a button that acts on a specific element should be adjacent to it, not floating at a distance
|
|
23
23
|
- Section separation: distinct content sections should be separated by ≥32px; flag sections that bleed into each other
|
|
@@ -35,13 +35,13 @@ p-0 # elements with no internal padding may create proximity confusion at bo
|
|
|
35
35
|
|
|
36
36
|
## 2. Similarity
|
|
37
37
|
|
|
38
|
-
**Definition:** Elements that share visual properties
|
|
38
|
+
**Definition:** Elements that share visual properties - color, shape, size, texture, or orientation - are perceived as belonging to the same category. The visual system uses similarity as a shortcut for classification: if it looks the same, it is the same kind of thing.
|
|
39
39
|
|
|
40
|
-
**Design application:** Consistency in visual treatment is not merely an aesthetic preference
|
|
40
|
+
**Design application:** Consistency in visual treatment is not merely an aesthetic preference - it communicates semantic meaning. All primary buttons should look identical: same size, same color, same weight. All destructive actions should look identical: same red, same border treatment, same position relative to the confirm/cancel pair. All secondary navigation items should be visually indistinguishable from each other. When similar-role elements look different, users assume they are different kinds of things, which creates confusion and erodes trust in the interface's logic.
|
|
41
41
|
|
|
42
|
-
Icon weight is one of the most commonly violated similarity contexts. Mixing outline icons with filled icons signals two different visual registers that users will try to interpret as meaningful
|
|
42
|
+
Icon weight is one of the most commonly violated similarity contexts. Mixing outline icons with filled icons signals two different visual registers that users will try to interpret as meaningful - even when the mixing is accidental.
|
|
43
43
|
|
|
44
|
-
**Scoring rubric
|
|
44
|
+
**Scoring rubric - audit by looking for:**
|
|
45
45
|
- Button variants: are all primary buttons identical? Are all secondary buttons identical? Flag mixed variants on the same screen.
|
|
46
46
|
- Icon weight: are all icons from the same weight family (all outline or all filled)? Flag mixing.
|
|
47
47
|
- List items: do all items in a list have identical visual treatment? Flag items that are visually distinct without a semantic reason.
|
|
@@ -60,11 +60,11 @@ variant="primary" # audit all variant prop usages for consistency
|
|
|
60
60
|
|
|
61
61
|
**Definition:** The eye naturally follows lines, curves, and paths in the direction they are already moving. When elements are aligned along an invisible axis, the eye connects them into a continuous flow and expects the line to continue.
|
|
62
62
|
|
|
63
|
-
**Design application:** Use alignment to create invisible flow lines that direct the eye through the layout in the intended sequence. Left-aligned content columns create a strong left-edge flow line that the eye tracks downward. A row of icons creates a horizontal flow line. A step indicator with connected segments creates a continuous path that the eye follows from start to finish. Carousels and horizontal scrollers
|
|
63
|
+
**Design application:** Use alignment to create invisible flow lines that direct the eye through the layout in the intended sequence. Left-aligned content columns create a strong left-edge flow line that the eye tracks downward. A row of icons creates a horizontal flow line. A step indicator with connected segments creates a continuous path that the eye follows from start to finish. Carousels and horizontal scrollers use continuity by partially revealing the next item - the visible edge implies that more content continues in the same direction.
|
|
64
64
|
|
|
65
|
-
Continuity is disrupted when elements break expected alignment without a purposeful reason. An element that juts out of an otherwise aligned column creates a visual interrupt
|
|
65
|
+
Continuity is disrupted when elements break expected alignment without a purposeful reason. An element that juts out of an otherwise aligned column creates a visual interrupt - which can be used intentionally to draw attention, or accidentally to create confusion.
|
|
66
66
|
|
|
67
|
-
**Scoring rubric
|
|
67
|
+
**Scoring rubric - audit by looking for:**
|
|
68
68
|
- Alignment consistency: are all left-aligned elements aligned to the same grid column? Flag arbitrary left-offset elements.
|
|
69
69
|
- Step indicators: does the visual path between steps flow clearly? Flag broken or visually interrupted step flows.
|
|
70
70
|
- Carousel edge reveals: does the last visible item partially reveal the next? Flag carousels that do not imply continuation.
|
|
@@ -83,11 +83,11 @@ translate-x # horizontal animation — verify it implies continuity, not arbitra
|
|
|
83
83
|
|
|
84
84
|
**Definition:** The human visual system actively completes incomplete shapes, filling in missing information to perceive a whole. Users will "see" a rectangle even if its corners are open, or a circle even if its arc is broken, because the mind prefers complete, recognizable forms over fragments.
|
|
85
85
|
|
|
86
|
-
**Design application:** Closure is widely used in logos and icons to create forms that feel complete while being visually light. In UI, closure explains why partial borders can suggest containment without a full rectangle: a top border on a card, or a left border on a quoted text block, implies a region even without three additional sides. Progress indicators with open ends imply continuation; closed rings imply completion. Skeleton loading states use closure
|
|
86
|
+
**Design application:** Closure is widely used in logos and icons to create forms that feel complete while being visually light. In UI, closure explains why partial borders can suggest containment without a full rectangle: a top border on a card, or a left border on a quoted text block, implies a region even without three additional sides. Progress indicators with open ends imply continuation; closed rings imply completion. Skeleton loading states use closure - partial shapes that the user's mind completes as content - to make loading feel purposeful rather than empty.
|
|
87
87
|
|
|
88
88
|
Closure can also be violated: a progress bar that ends before reaching the container's right edge correctly communicates incompletion, but if it ends at an arbitrary position with no visual context, users may perceive a broken UI rather than a progress state.
|
|
89
89
|
|
|
90
|
-
**Scoring rubric
|
|
90
|
+
**Scoring rubric - audit by looking for:**
|
|
91
91
|
- Progress indicators: does the fill/track relationship clearly communicate completion percentage? Flag indicators where progress direction is ambiguous.
|
|
92
92
|
- Partial borders: do partial borders clearly imply the group they define? Flag partial borders that could be mistaken for decorative rules.
|
|
93
93
|
- Skeleton states: do skeleton shapes meaningfully correspond to the content they represent? Flag skeletons that are too abstract to prime recognition.
|
|
@@ -109,9 +109,9 @@ w-1/2 # partial fill — verify progress context is established by contai
|
|
|
109
109
|
|
|
110
110
|
**Design application:** Every interactive element, content region, and overlay depends on successful figure-ground separation. Modal dialogs work because the scrim pushes the page content to ground and the dialog to figure. Buttons work because their filled background distinguishes them from the text-on-ground surrounding them. Navigation bars work because their elevated background separates them from the page content they sit above.
|
|
111
111
|
|
|
112
|
-
The practical rule: foreground elements must have at least 3:1 contrast ratio against their background, and for text, 4.5:1 for body text (WCAG AA). But figure-ground extends beyond contrast
|
|
112
|
+
The practical rule: foreground elements must have at least 3:1 contrast ratio against their background, and for text, 4.5:1 for body text (WCAG AA). But figure-ground extends beyond contrast - blur, shadow, and opacity all contribute. A high-contrast element on a cluttered background may still fail to read as figure if the background is too visually active.
|
|
113
113
|
|
|
114
|
-
**Scoring rubric
|
|
114
|
+
**Scoring rubric - audit by looking for:**
|
|
115
115
|
- Modal scrim: is the background content pushed to ground with sufficient opacity or blur? Flag modals where the page behind is at full visibility and full saturation.
|
|
116
116
|
- Button states: do buttons clearly read as figure against all surface colors they appear on? Flag buttons with insufficient background contrast.
|
|
117
117
|
- Active navigation items: are selected/active states clearly distinguished from non-selected? Flag flat navigation with only a color difference.
|
|
@@ -129,13 +129,13 @@ opacity-0.*opacity-100 # transition — verify figure emerges cleanly from grou
|
|
|
129
129
|
|
|
130
130
|
## 6. Common Fate
|
|
131
131
|
|
|
132
|
-
**Definition:** Elements that move together
|
|
132
|
+
**Definition:** Elements that move together - in the same direction, at the same speed, and with the same timing - are perceived as belonging to the same group, even if they are spatially separated. Movement is a powerful grouping signal precisely because it overrides static proximity and similarity cues.
|
|
133
133
|
|
|
134
|
-
**Design application:** When a group of elements should be perceived as a unit, animate them with shared timing. A card that expands while its child elements simultaneously rearrange communicates that the card and its contents are one object. A list that reorders with synchronized item movement communicates that the list is a coherent set. Conversely, animating elements at different speeds signals that they are independent objects
|
|
134
|
+
**Design application:** When a group of elements should be perceived as a unit, animate them with shared timing. A card that expands while its child elements simultaneously rearrange communicates that the card and its contents are one object. A list that reorders with synchronized item movement communicates that the list is a coherent set. Conversely, animating elements at different speeds signals that they are independent objects - which can be used to establish hierarchy (parent first, then children) by staggering their entrance timing.
|
|
135
135
|
|
|
136
136
|
Staggered animation (where sub-elements enter sequentially with a small delay) is a specific application of common fate that establishes a visual hierarchy within a group: the first element that moves is perceived as most important, and the trailing elements are perceived as its dependents.
|
|
137
137
|
|
|
138
|
-
**Scoring rubric
|
|
138
|
+
**Scoring rubric - audit by looking for:**
|
|
139
139
|
- Group animations: when a container appears or changes, do its children animate with it or independently? Flag children that animate on unrelated timings.
|
|
140
140
|
- List reorder: when items reorder, do they move with shared timing that communicates the reorder as one operation? Flag lists where individual items move asynchronously.
|
|
141
141
|
- Exit animations: when a group exits, do all elements leave together? Flag cases where parts of a group exit before the container.
|
|
@@ -152,13 +152,13 @@ delay-[0-9] # stagger implementation — verify delay communicates h
|
|
|
152
152
|
|
|
153
153
|
## 7. Common Region
|
|
154
154
|
|
|
155
|
-
**Definition:** Elements enclosed within a clearly defined boundary
|
|
155
|
+
**Definition:** Elements enclosed within a clearly defined boundary - a border, a background color, a shadow, or any other perceptual container - are perceived as belonging to the same group, even if they are not close to each other. Common region overrides proximity: two elements far apart within the same bounded region are perceived as more related than two elements close together on either side of a region boundary.
|
|
156
156
|
|
|
157
|
-
**Design application:** Cards, panels, table rows, form field groups, and toolbars all
|
|
157
|
+
**Design application:** Cards, panels, table rows, form field groups, and toolbars all use common region by using visual boundaries to say "these things go together." The boundary does not need to be a literal border - a distinct background color works equally well. This is why alternating row colors in a data table immediately communicate that each row is a distinct unit, and why a card with a white background on a grey page surface reads as a contained group without needing a border.
|
|
158
158
|
|
|
159
159
|
Common region is also useful for communicating hierarchy: nested regions (a card within a page, a sub-section within a card) communicate nested relationships. The visual boundary at each level tells the eye exactly how far a group extends.
|
|
160
160
|
|
|
161
|
-
**Scoring rubric
|
|
161
|
+
**Scoring rubric - audit by looking for:**
|
|
162
162
|
- Card boundaries: do cards have a visible boundary (shadow, border, or background) that clearly separates them from their surroundings? Flag cards that blend into the page surface.
|
|
163
163
|
- Form groups: are related form fields visually grouped within a shared container? Flag forms where field groups are separated only by vertical spacing without a region signal.
|
|
164
164
|
- Table rows: are table rows distinguishable as individual regions? Flag tables with no row separation signal.
|
|
@@ -178,11 +178,11 @@ divide-y # table row divider — check if combined with sufficien
|
|
|
178
178
|
|
|
179
179
|
**Definition:** The visual system always interprets ambiguous inputs in the simplest possible way. When multiple interpretations of a visual input are possible, the mind chooses the interpretation that requires the least cognitive work. Complexity is resolved toward simplicity automatically.
|
|
180
180
|
|
|
181
|
-
**Design application:** Prefer simple, recognizable shapes over complex, irregular ones. Remove any visual element that does not communicate something. Every decoration that does not carry meaning adds to the cognitive load the user must process before reaching the content that actually matters. This is the principle behind minimalism in UI design
|
|
181
|
+
**Design application:** Prefer simple, recognizable shapes over complex, irregular ones. Remove any visual element that does not communicate something. Every decoration that does not carry meaning adds to the cognitive load the user must process before reaching the content that actually matters. This is the principle behind minimalism in UI design - not because minimalism is aesthetically superior, but because unnecessary visual complexity consumes perceptual resources that should be directed at the interface's actual purpose.
|
|
182
182
|
|
|
183
183
|
Prägnanz also implies that when two layouts can communicate the same information, the simpler one is better. A three-color palette is simpler to parse than a seven-color palette, even if the seven-color palette is "more interesting." A consistent component structure is simpler to navigate than a varied one, even if the variation is intentional.
|
|
184
184
|
|
|
185
|
-
**Scoring rubric
|
|
185
|
+
**Scoring rubric - audit by looking for:**
|
|
186
186
|
- Decorative elements: identify any visual element that serves no communicative purpose. Flag gradients, textures, and ornamental icons that do not carry semantic meaning.
|
|
187
187
|
- Color count: how many distinct colors appear on a single screen? Flag screens with more than 4–5 distinct colors where the additional colors are not semantically required.
|
|
188
188
|
- Shadow and border redundancy: are both shadow and border used simultaneously on the same element without a reason? Flag redundant depth cues.
|
|
@@ -206,7 +206,7 @@ Use this checklist when auditing a screen for Gestalt compliance. Each item maps
|
|
|
206
206
|
|
|
207
207
|
2. **Similarity check:** Do all elements of the same semantic role share identical visual treatment? Primary buttons match primary buttons. Destructive actions match destructive actions. Icons use consistent weight. Flag any visual inconsistency that users might interpret as a semantic difference.
|
|
208
208
|
|
|
209
|
-
3. **Continuity check:** Does the layout create a clear reading path through its most important content? Can you trace an invisible line
|
|
209
|
+
3. **Continuity check:** Does the layout create a clear reading path through its most important content? Can you trace an invisible line - horizontal, vertical, or diagonal - that connects the primary focal points in intended viewing order? Flag layouts where the reading path requires backtracking.
|
|
210
210
|
|
|
211
211
|
4. **Closure check:** Are any incomplete shapes used? If so, do they close convincingly at the display size and resolution? Do progress indicators clearly communicate fill direction and completion scale? Flag ambiguous incomplete shapes.
|
|
212
212
|
|