@jigyasudham/veto 0.8.0

package/.claude/settings.local.json

@@ -0,0 +1,9 @@
+{
+  "permissions": {
+    "allow": [
+      "PowerShell(Get-ChildItem D:\\\\Veto\\\\src -Recurse -File | Where-Object { $_.FullName -notmatch \"node_modules\" } | Select-Object FullName | ForEach-Object { $_.FullName.Replace\\(\"D:\\\\Veto\\\\\", \"\"\\) })",
+      "PowerShell(cd D:\\\\Veto; npm run build 2>&1; Write-Host \"Exit: $LASTEXITCODE\")",
+      "PowerShell(Get-ChildItem D:\\\\Veto\\\\docs -File | Select-Object FullName; Get-ChildItem D:\\\\Veto -File | Where-Object { $_.Extension -eq \".md\" } | Select-Object FullName)"
+    ]
+  }
+}

package/README.md

@@ -0,0 +1,190 @@
+# veto
+
+> **50 agents. 28 skills. 3 AIs. Self-learning. Zero extra cost.**
+
+An MCP server that runs locally on your machine, plugs into Claude Code, Codex CLI, and Gemini CLI using your existing subscriptions — giving every AI a council of specialist agents, persistent cross-platform memory, a self-learning router, and the ability to say no to bad decisions.
+
+---
+
+## Prerequisites
+
+| Requirement | Version | Notes |
+|---|---|---|
+| **Node.js** | 22.5.0 or higher | Required — uses the built-in `node:sqlite` module (no native compilation). Download at [nodejs.org](https://nodejs.org). |
+| **At least one AI CLI** | Latest | Claude Code, Gemini CLI, or Codex CLI — whichever you use. Veto works with all three. See below. |
+
+**Check your Node version:**
+```bash
+node --version   # must be v22.5.0 or higher
+```
+
+If you're on an older version, update Node before continuing — Veto will fail silently on Node 18 or 20 because `node:sqlite` does not exist in those versions.
+
+**Install whichever AI CLI(s) you use — Veto works with all of them:**
+
+| Platform | Install | Auth |
+|---|---|---|
+| **Claude Code** | [claude.ai/code](https://claude.ai/code) | Sign in via browser |
+| **Gemini CLI** | `npm install -g @google/gemini-cli` | `gemini auth` |
+| **Codex CLI** | `npm install -g @openai/codex` | `export OPENAI_API_KEY=your-key` |
+
+You only need one to get started. Install more to enable cross-platform handoff.
+
+---
+
+## Quick Start
+
+```bash
+npx @jigyasudham/veto@latest init
+```
+
+The `init` command prints the exact config snippet for your platform. Paste it into your MCP config file:
+
+| Platform | Config file |
+|---|---|
+| **Claude Code** | `~/.claude/mcp_servers.json` |
+| **Gemini CLI** | `~/.gemini/settings.json` |
+| **Codex CLI** | `~/.codex/config.json` |
+| **Cursor** | `~/.cursor/mcp.json` |
+| **Windsurf** | `~/.codeium/windsurf/mcp_config.json` |
+| **VS Code** | `.vscode/mcp.json` |
+
+Claude Code, Gemini, Codex, Cursor, and Windsurf all use `"mcpServers"`. VS Code uses `"servers"` with `"type": "stdio"`:
+
+```json
+{
+  "servers": {
+    "veto": {
+      "type": "stdio",
+      "command": "node",
+      "args": ["/path/to/dist/server.js"]
+    }
+  }
+}
+```
+
+---
+
+## What Veto Does
+
+**Council** — Before any significant task, 7 specialist agents debate it in parallel and return a GREEN / YELLOW / RED / DEADLOCK verdict. Bad decisions get blocked before any code is written.
+
+**Router** — Every task is scored locally (zero tokens) and sent to the right model tier. Rate limits are tracked across all 3 platforms. The router self-adjusts over time from recorded outcomes.
+
+**50 Agents** — Domain experts for every task type. Each agent knows when it is the right tool and when to defer to another.
+
+**Memory** — Sessions, decisions, knowledge, and coding patterns persist across every conversation and every platform.
+
+**Cross-platform handoff** — Claude hitting its rate limit? Call `veto_handoff`, open Gemini or Codex, call `veto_continue`. Full context restored in seconds. Nothing re-explained.
+
+---
+
+## The 50 Agents
+
+### Council Layer (8) — runs before any code is written
+`Lead Developer` · `Product Manager` · `System Architect` · `UX Designer` · `Devil's Advocate` · `Legal & Compliance` · `Security` · `Decision Engine`
+
+### Development (12)
+`Coder` · `Code Reviewer` · `Tester` · `Debugger` · `Refactor` · `Database` · `API` · `Frontend` · `Backend` · `DevOps` · `Performance` · `Migration`
+
+### Security (6)
+`Security Scanner` · `Auth Agent` · `Data Privacy` · `Secrets Agent` · `Dependency Audit` · `Penetration Tester`
+
+### Memory (5)
+`Context Manager` · `Decision Logger` · `Project Mapper` · `Pattern Learner` · `Knowledge Base`
+
+### Research (7)
+`Researcher` · `Tech Advisor` · `Cost Analyzer` · `Competitor Analyzer` · `Risk Assessor` · `Estimator` · `Ethics & Bias`
+
+### Quality (5)
+`Code Quality` · `Documentation` · `Accessibility` · `Compatibility` · `Error Handling`
+
+### Workflow (7)
+`Task Planner` · `Task Coordinator` · `File Manager` · `Git Agent` · `Search Agent` · `Reporter` · `Automation`
+
+---
+
+## MCP Tools (29)
+
+| Category | Tools |
+|---|---|
+| Session | `veto_status` · `veto_session_save` · `veto_session_restore` · `veto_sessions_list` |
+| Router | `veto_route_task` · `veto_rate_status` |
+| Council | `veto_council_debate` |
+| Agents | `veto_agent_plan` · `veto_code_review` · `veto_security_scan` · `veto_secrets_scan` · `veto_execute_parallel` |
+| Memory | `veto_memory_store` · `veto_memory_search` · `veto_memory_delete` · `veto_project_map_update` · `veto_project_map_get` · `veto_pattern_store` · `veto_patterns_list` · `veto_memory_export` · `veto_memory_import` |
+| Learning | `veto_record_outcome` · `veto_learning_stats` · `veto_learning_apply` |
+| Handoff | `veto_handoff` · `veto_continue` · `veto_platform_setup` |
+
+---
+
+## Cross-Platform Handoff
+
+No accounts. No cloud services. Works on the same machine or across machines.
+
+**Rate limit mid-task:**
+```
+Claude at 90%  →  veto_handoff { summary, context }
+Open Gemini    →  veto_continue
+Full context restored. Continue exactly where you stopped.
+```
+
+**Switch machines:**
+```
+Machine A  →  veto_memory_export  →  veto-export.json
+               copy file any way (Dropbox, USB, scp)
+Machine B  →  veto_memory_import
+               veto_session_restore  →  resume instantly
+```
+
+**Platform support:**
+
+| Platform | Works with Veto |
+|---|---|
+| Claude Code | ✅ Native MCP |
+| Gemini CLI | ✅ MCP support |
+| Codex CLI | ✅ MCP support |
+| Cursor | ✅ MCP support |
+| Windsurf | ✅ MCP support |
+| VS Code | ✅ MCP support |
+
+---
+
+## Self-Learning Router
+
+The router gets smarter as you use it:
+
+1. Complete a task → `veto_record_outcome` with quality score (0–100)
+2. After 20+ outcomes → `veto_learning_apply`
+3. Tier thresholds adjust — over-routed tasks self-correct over time
+
+---
+
+## Roadmap
+
+| Phase | Status | Version |
+|---|---|---|
+| 1 — Foundation | ✅ Complete | v0.1.0 |
+| 2 — Router | ✅ Complete | v0.2.0 |
+| 3 — Council | ✅ Complete | v0.3.0 |
+| 4 — Core Agents | ✅ Complete | v0.4.0 |
+| 5 — Memory System | ✅ Complete | v0.5.0 |
+| 6 — Self-Learning | ✅ Complete | v0.6.0 |
+| 7 — Cross-Platform | ✅ Complete | v0.7.0 |
+| 8 — All 50 Agents | ✅ Complete | v0.8.0 |
+
+---
+
+## Tech Stack
+
+- **Language:** TypeScript (strict mode)
+- **Runtime:** Node.js 22.5+ (required — uses built-in `node:sqlite`)
+- **Dependencies:** `@modelcontextprotocol/sdk` only — one package, no native addons
+- **Memory:** SQLite via `node:sqlite` — zero native compilation, zero configuration, works offline
+- **Cross-machine:** File-based JSON export/import — no external services, no accounts
+
+---
+
+## License
+
+MIT © 2026 Jigyasu Dham

package/dist/adapters/claude.js

@@ -0,0 +1,57 @@
+// Claude Code adapter — connection config, rate signal detection, handoff format
+export const PLATFORM = 'claude';
+export function getSetup(vetoServerPath) {
+    return {
+        platform: 'claude',
+        mcp_config: {
+            mcpServers: {
+                veto: {
+                    command: 'node',
+                    args: [vetoServerPath],
+                },
+            },
+        },
+        setup_steps: [
+            `1. Build veto: npm run build`,
+            `2. Add to ~/.claude/mcp_servers.json:\n${JSON.stringify({ mcpServers: { veto: { command: 'node', args: [vetoServerPath] } } }, null, 2)}`,
+            `3. Restart Claude Code`,
+            `4. Verify: call veto_status — should return { "status": "running", "version": "0.7.0" }`,
+        ],
+        rate_limit_signals: [
+            'rate limit exceeded',
+            'too many requests',
+            '429',
+            'overloaded',
+            'capacity',
+            'quota exceeded',
+        ],
+        continue_command: 'veto_continue',
+        notes: [
+            'Claude Code connects to Veto via stdio MCP — the server runs as a child process',
+            'All veto_* tools are available natively in Claude Code once connected',
+            'Rate limits are tracked by Veto per day — call veto_rate_status to check headroom',
+            'Before hitting the limit: call veto_handoff to get a session ID and switch instructions',
+        ],
+    };
+}
+export function detectRateLimit(errorText) {
+    const signals = ['rate limit', 'too many requests', '429', 'overloaded', 'quota'];
+    return signals.some(s => errorText.toLowerCase().includes(s));
+}
+export function formatHandoffMessage(sessionId, targetPlatform) {
+    const target = targetPlatform === 'gemini' ? 'Gemini CLI' : 'Codex CLI';
+    return [
+        `Claude is approaching its rate limit. Switching to ${target}.`,
+        ``,
+        `Session saved. ID: ${sessionId}`,
+        ``,
+        `On ${target}, run:`,
+        `  veto_continue`,
+        ``,
+        `Veto will restore full context automatically. Nothing needs to be re-explained.`,
+    ].join('\n');
+}
+export function formatSwitchPrompt(sessionId) {
+    return `Rate limit approaching. Session saved (ID: ${sessionId}). Call veto_continue on the next platform to resume instantly.`;
+}
+//# sourceMappingURL=claude.js.map

package/dist/adapters/codex.js

@@ -0,0 +1,58 @@
+// Codex CLI adapter — connection config, rate signal detection, handoff format
+// Codex CLI: https://github.com/openai/codex
+export const PLATFORM = 'codex';
+export function getSetup(vetoServerPath) {
+    return {
+        platform: 'codex',
+        mcp_config: {
+            mcpServers: {
+                veto: {
+                    command: 'node',
+                    args: [vetoServerPath],
+                },
+            },
+        },
+        setup_steps: [
+            `1. Install Codex CLI: npm install -g @openai/codex`,
+            `2. Set API key: export OPENAI_API_KEY=your-key`,
+            `3. Add to ~/.codex/config.json:\n${JSON.stringify({ mcpServers: { veto: { command: 'node', args: [vetoServerPath] } } }, null, 2)}`,
+            `4. Restart Codex CLI`,
+            `5. Verify: call veto_status — should return { "status": "running", "version": "0.7.0" }`,
+        ],
+        rate_limit_signals: [
+            'rate limit reached',
+            'too many requests',
+            '429',
+            'insufficient quota',
+            'rate_limit_exceeded',
+            'quota_exceeded',
+        ],
+        continue_command: 'veto_continue',
+        notes: [
+            'Codex CLI connects to Veto via stdio MCP — same server instance as Claude and Gemini',
+            'Config path: ~/.codex/config.json (created automatically on first run)',
+            'All veto_* tools work identically on Codex as on Claude and Gemini',
+            'Codex is the Tier 1/2 overflow when both Claude and Gemini are rate-limited',
+            'Uses GPT-4o / o4-mini depending on the tier assigned by the Veto router',
+            'ChatGPT web app does NOT support MCP — Codex CLI is the only OpenAI option',
+        ],
+    };
+}
+export function detectRateLimit(errorText) {
+    const signals = ['rate limit', 'too many requests', '429', 'insufficient quota', 'rate_limit_exceeded'];
+    return signals.some(s => errorText.toLowerCase().includes(s.toLowerCase()));
+}
+export function formatHandoffMessage(sessionId, fromPlatform) {
+    const from = fromPlatform === 'claude' ? 'Claude' : 'Gemini';
+    return [
+        `${from} handed off to Codex. Session restored.`,
+        ``,
+        `Session ID: ${sessionId}`,
+        ``,
+        `Codex has full context. Continue the task as if nothing interrupted.`,
+    ].join('\n');
+}
+export function formatContinueInstructions() {
+    return 'Run: veto_continue\nVeto will restore the most recent session automatically.';
+}
+//# sourceMappingURL=codex.js.map

package/dist/adapters/gemini.js

@@ -0,0 +1,58 @@
+// Gemini CLI adapter — connection config, rate signal detection, handoff format
+// Gemini CLI MCP support: https://github.com/google-gemini/gemini-cli
+export const PLATFORM = 'gemini';
+export function getSetup(vetoServerPath) {
+    return {
+        platform: 'gemini',
+        mcp_config: {
+            mcpServers: {
+                veto: {
+                    command: 'node',
+                    args: [vetoServerPath],
+                },
+            },
+        },
+        setup_steps: [
+            `1. Install Gemini CLI: npm install -g @google/gemini-cli`,
+            `2. Authenticate: gemini auth`,
+            `3. Add to ~/.gemini/settings.json:\n${JSON.stringify({ mcpServers: { veto: { command: 'node', args: [vetoServerPath] } } }, null, 2)}`,
+            `4. Restart Gemini CLI`,
+            `5. Verify: call veto_status — should return { "status": "running", "version": "0.7.0" }`,
+        ],
+        rate_limit_signals: [
+            'quota exceeded',
+            'resource exhausted',
+            '429',
+            'rate limit',
+            'too many requests',
+            'RESOURCE_EXHAUSTED',
+        ],
+        continue_command: 'veto_continue',
+        notes: [
+            'Gemini CLI connects to Veto via stdio MCP — same server instance as Claude',
+            'Gemini CLI uses the same ~/.gemini/settings.json for MCP server config',
+            'All veto_* tools work identically on Gemini as on Claude',
+            'Gemini Flash is the default Tier 1/2 overflow platform when Claude is rate-limited',
+            'Free tier: 1,500 requests/day (15 RPM) — Veto tracks this in rate_usage table',
+        ],
+    };
+}
+export function detectRateLimit(errorText) {
+    const signals = ['quota exceeded', 'resource exhausted', '429', 'rate limit', 'RESOURCE_EXHAUSTED'];
+    return signals.some(s => errorText.toLowerCase().includes(s.toLowerCase()));
+}
+export function formatHandoffMessage(sessionId, fromPlatform) {
+    const from = fromPlatform === 'claude' ? 'Claude' : 'Codex';
+    return [
+        `${from} handed off to Gemini. Session restored.`,
+        ``,
+        `Session ID: ${sessionId}`,
+        ``,
+        `Gemini has full context. Continue the task as if nothing interrupted.`,
+        `Call veto_session_restore { "session_id": "${sessionId}" } if context needs refreshing.`,
+    ].join('\n');
+}
+export function formatContinueInstructions() {
+    return 'Run: veto_continue\nVeto will restore the most recent session automatically.';
+}
+//# sourceMappingURL=gemini.js.map

package/dist/adapters/index.js

@@ -0,0 +1,156 @@
+// Handoff engine — platform detection, session save+switch, continue restore
+import { getRateStatus } from '../router/rate-monitor.js';
+import { saveSession, listSessions, restoreSession } from '../memory/local.js';
+import * as claude from './claude.js';
+import * as gemini from './gemini.js';
+import * as codex from './codex.js';
+// ─── Handoff ──────────────────────────────────────────────────────────────────
+export function handoff(options) {
+    const rateStatus = getRateStatus();
+    const from = options.from_platform ?? 'claude';
+    // Pick the best available target platform
+    const to = options.to_platform ?? selectTarget(from, rateStatus);
+    const reason = rateStatus[from].status === 'critical'
+        ? `${from} is at ${rateStatus[from].used_percent}% of daily limit`
+        : rateStatus[from].status === 'warning'
+            ? `${from} is at ${rateStatus[from].used_percent}% — switching proactively`
+            : 'Manual platform switch requested';
+    const { session_id, saved_at } = saveSession({
+        platform: from,
+        summary: options.summary ?? `Session handed off from ${from} to ${to}`,
+        context: options.context,
+        task_state: options.task_state,
+        token_count: options.token_count ?? 0,
+        project_dir: options.project_dir,
+    });
+    const instructions = buildInstructions(session_id, from, to, rateStatus);
+    const one_liner = `Session saved (${session_id.slice(0, 8)}…). On ${to}: call veto_continue`;
+    return {
+        session_id,
+        saved_at,
+        from_platform: from,
+        to_platform: to,
+        reason,
+        rate_status: rateStatus,
+        instructions,
+        one_liner,
+    };
+}
+// ─── Continue ─────────────────────────────────────────────────────────────────
+export function continueSession(sessionId) {
+    const now = new Date().toISOString();
+    if (sessionId) {
+        const result = restoreSession(sessionId);
+        if (!result.found || !result.session) {
+            return { found: false, message: `No session found with ID: ${sessionId}`, restored_at: now };
+        }
+        return buildContinueResult(result.session, now);
+    }
+    // No ID given — find the most recent session
+    const sessions = listSessions(1);
+    if (sessions.length === 0) {
+        return {
+            found: false,
+            message: 'No saved sessions found. Save a session first with veto_handoff or veto_session_save.',
+            restored_at: now,
+        };
+    }
+    const result = restoreSession(sessions[0].id);
+    if (!result.found || !result.session) {
+        return { found: false, message: 'Could not restore the most recent session.', restored_at: now };
+    }
+    return buildContinueResult(result.session, now);
+}
+function buildContinueResult(session, now) {
+    let context = null;
+    let task_state = null;
+    let next_action;
+    try {
+        context = session.context ? JSON.parse(session.context) : null;
+    }
+    catch {
+        context = session.context;
+    }
+    try {
+        let ts = session.task_state ? JSON.parse(session.task_state) : null;
+        // saveSession double-stringifies when given a pre-serialised string — unwrap if needed
+        if (typeof ts === 'string') {
+            try {
+                ts = JSON.parse(ts);
+            }
+            catch { /* keep as string */ }
+        }
+        task_state = ts;
+        if (ts && typeof ts === 'object' && 'nextAction' in ts) {
+            next_action = String(ts['nextAction']);
+        }
+    }
+    catch {
+        task_state = session.task_state;
+    }
+    const message = [
+        `Session restored from ${session.platform} (saved ${session.started_at.slice(0, 16)}).`,
+        session.summary ? `\nSummary: ${session.summary}` : '',
+        next_action ? `\nNext action: ${next_action}` : '',
+        `\nContinue exactly where you left off. Nothing needs to be re-explained.`,
+    ].filter(Boolean).join('');
+    return {
+        found: true,
+        session_id: session.id,
+        platform: session.platform,
+        summary: session.summary ?? undefined,
+        context,
+        task_state,
+        next_action,
+        project_dir: session.project_dir ?? undefined,
+        token_count: session.token_count,
+        message,
+        restored_at: now,
+    };
+}
+// ─── Platform Setup ───────────────────────────────────────────────────────────
+export function getPlatformSetup(platform, vetoServerPath) {
+    if (platform === 'claude')
+        return claude.getSetup(vetoServerPath);
+    if (platform === 'gemini')
+        return gemini.getSetup(vetoServerPath);
+    return codex.getSetup(vetoServerPath);
+}
+// ─── Helpers ──────────────────────────────────────────────────────────────────
+function selectTarget(from, rateStatus) {
+    const order = from === 'claude'
+        ? ['gemini', 'codex']
+        : from === 'gemini'
+            ? ['codex', 'claude']
+            : ['claude', 'gemini'];
+    for (const p of order) {
+        if (rateStatus[p].status !== 'critical')
+            return p;
+    }
+    // All critical — pick the one with most headroom remaining
+    return order.reduce((best, p) => rateStatus[p].used_percent < rateStatus[best].used_percent ? p : best, order[0]);
+}
+function buildInstructions(sessionId, from, to, rateStatus) {
+    const toStatus = rateStatus[to];
+    const lines = [
+        `── Veto Handoff ──────────────────────────────────────────`,
+        `From:     ${from.padEnd(8)} (${rateStatus[from].used_percent}% used)`,
+        `To:       ${to.padEnd(8)} (${toStatus.used_percent}% used)`,
+        `Session:  ${sessionId}`,
+        ``,
+        `On ${to}:`,
+        `  1. Open a new terminal with ${to} CLI`,
+        `  2. Veto is already running — same server, same memory`,
+        `  3. Call:  veto_continue`,
+        `     Veto restores full context automatically.`,
+        `     Nothing needs to be re-explained.`,
+        ``,
+        `Or if you have the session ID:`,
+        `  veto_continue { "session_id": "${sessionId}" }`,
+        ``,
+        `Rate resets at: ${rateStatus[from].resets_at.slice(0, 16)} UTC`,
+        `─────────────────────────────────────────────────────────`,
+    ];
+    return lines.join('\n');
+}
+//# sourceMappingURL=index.js.map

package/dist/agents/development/api.js

@@ -0,0 +1,116 @@
+function detectApiStyle(task, context) {
+    const combined = (task + ' ' + (context ?? '')).toLowerCase();
+    if (combined.includes('graphql') || combined.includes('query') || combined.includes('mutation') || combined.includes('resolver'))
+        return 'graphql';
+    if (combined.includes('grpc') || combined.includes('protobuf') || combined.includes('proto'))
+        return 'grpc';
+    if (combined.includes('rest') || combined.includes('http') || combined.includes('endpoint') || combined.includes('route'))
+        return 'rest';
+    return 'general';
+}
+const styleApproach = {
+    rest: 'Design resource-oriented URLs, assign correct HTTP verbs, define request/response DTOs with validation, implement versioning strategy, document with OpenAPI, secure with JWT/OAuth.',
+    graphql: 'Define the schema first (SDL-first approach), design resolvers to avoid N+1 (DataLoader), implement mutations with input types, add field-level authorisation, paginate list queries.',
+    grpc: 'Write the .proto file first (contract-first), generate server and client stubs, implement unary and streaming RPCs as needed, add interceptors for auth/logging, define error codes.',
+    general: 'Choose REST for CRUD resource APIs, GraphQL for flexible client-driven queries, gRPC for high-performance internal services. Design the contract before writing implementation code.',
+};
+const styleSteps = {
+    rest: [
+        'Identify the resources (nouns) the API exposes — e.g., /users, /orders, /products',
+        'Map CRUD operations to HTTP verbs: GET (read), POST (create), PUT/PATCH (update), DELETE',
+        'Design the URL structure: /api/v1/resources/{id}/sub-resources',
+        'Define the request body DTO with all required and optional fields',
+        'Define the response body DTO — never return the raw DB row',
+        'Define error response shape: { code, message, details } for all 4xx/5xx',
+        'Choose the pagination strategy: cursor-based for large datasets, offset for small',
+        'Implement versioning: URL path versioning (/v1/) or header versioning',
+        'Secure the endpoint: add authentication middleware and role-based guards',
+        'Add rate limiting to prevent abuse',
+        'Write OpenAPI/Swagger annotation for each endpoint',
+        'Write integration tests covering happy path and all error conditions',
+    ],
+    graphql: [
+        'Write the GraphQL schema (SDL) before writing any resolver code',
+        'Define types for all entities, input types for mutations, and enums for fixed values',
+        'Design query fields with pagination arguments (first, after, last, before)',
+        'Implement DataLoader for all one-to-many and many-to-many relations to batch DB queries',
+        'Implement resolvers using the service layer — no direct DB queries in resolvers',
+        'Add field-level authorisation using resolver guards',
+        'Add query depth limiting (max depth 10) and query complexity limits',
+        'Implement subscriptions only for truly real-time use cases',
+        'Add persisted queries for production performance',
+        'Write tests using graphql-tester or supertest against the schema',
+        'Document each type and field with SDL description strings',
+    ],
+    grpc: [
+        'Write the .proto file defining all messages and services',
+        'Generate TypeScript server and client stubs from the proto',
+        'Implement each RPC method in the service implementation class',
+        'Add server interceptors for authentication, logging, and tracing',
+        'Implement unary RPCs for simple request/response patterns',
+        'Implement server-streaming for large result sets',
+        'Implement bidirectional streaming for real-time communication',
+        'Define a standard error model using google.rpc.Status',
+        'Add health checking via the gRPC health protocol',
+        'Write integration tests using the generated client stubs',
+        'Document each service and RPC with proto comments',
+    ],
+    general: [
+        'Choose the API style based on use case (REST/GraphQL/gRPC)',
+        'Write the API contract (OpenAPI, SDL, or .proto) before implementation',
+        'Define all data types for requests and responses',
+        'Design error handling and error response shapes',
+        'Plan authentication and authorisation strategy',
+        'Design versioning strategy',
+        'Add rate limiting and throttling',
+        'Write API documentation',
+        'Write integration tests',
+        'Set up monitoring for error rates and latency',
+    ],
+};
+export function plan(task, context) {
+    const style = detectApiStyle(task, context);
+    return {
+        agent: 'api',
+        task,
+        tier: 2,
+        approach: styleApproach[style],
+        steps: styleSteps[style],
+        checklist: [
+            '[ ] API contract (OpenAPI/SDL/proto) written before implementation',
+            '[ ] All request inputs validated and sanitised',
+            '[ ] Response DTOs never expose internal DB columns or secrets',
+            '[ ] HTTP status codes semantically correct (201 for creation, 422 for validation errors)',
+            '[ ] Authentication required on all non-public endpoints',
+            '[ ] Authorisation checked — user can only access their own resources',
+            '[ ] Rate limiting applied to prevent abuse',
+            '[ ] Pagination implemented for all list endpoints',
+            '[ ] Error responses follow a consistent shape with error code and message',
+            '[ ] Idempotency key supported on create/update endpoints',
+            '[ ] API versioning strategy documented and implemented',
+            '[ ] CORS configured correctly for the intended client origins',
+            '[ ] No internal error details (stack traces) exposed in production responses',
+            '[ ] Integration tests cover 200, 400, 401, 403, 404, 422, 500 paths',
+            '[ ] API documentation complete and accurate',
+        ],
+        pitfalls: [
+            'Returning 200 OK with an error body — use the correct HTTP status code',
+            'Exposing database IDs directly — use UUIDs or opaque tokens to prevent enumeration',
+            'Not validating Content-Type — body parsers silently fail on wrong content type',
+            'Returning the full DB row in the response — exposes internal fields and breaks encapsulation',
+            'Using GET requests for operations with side effects — browsers and caches will replay them',
+            'Not implementing idempotency for payment or order endpoints — duplicate requests cause duplicate charges',
+            'Omitting pagination on list endpoints — a single request can return millions of rows',
+        ],
+        patterns: [
+            'Command pattern (map HTTP requests to command objects)',
+            'DTO pattern (request and response data transfer objects)',
+            'Decorator pattern (middleware as route decorators)',
+            'Repository pattern (abstract data access from controllers)',
+            'API Gateway pattern (single entry point with cross-cutting concerns)',
+            'Circuit Breaker pattern (for outbound calls to other services)',
+        ],
+        duration_estimate: '4-8 hours',
+    };
+}
+//# sourceMappingURL=api.js.map