@jigyasudham/veto 0.8.0

package/dist/agents/development/backend.js

@@ -0,0 +1,82 @@
+function detectStyle(task, context) {
+    const combined = (task + ' ' + (context ?? '')).toLowerCase();
+    if (combined.includes('lambda') || combined.includes('serverless') || combined.includes('function') || combined.includes('faas'))
+        return 'serverless';
+    if (combined.includes('microservice') || combined.includes('service mesh') || combined.includes('kubernetes') || combined.includes('k8s'))
+        return 'microservice';
+    if (combined.includes('monolith') || combined.includes('mvc') || combined.includes('express') || combined.includes('nestjs') || combined.includes('rails'))
+        return 'monolith';
+    return 'general';
+}
+const styleApproach = {
+    monolith: 'Organise by feature module (not by layer). Each module owns its Controller → Service → Repository stack. Use dependency injection for testability. Enforce module boundaries — no cross-module direct imports.',
+    microservice: 'Define the service boundary around a bounded context. Use async messaging for cross-service communication. Implement the Saga pattern for distributed transactions. Each service owns its data store.',
+    serverless: 'Design for stateless execution — no in-memory state between invocations. Use environment variables for config. Cold start budget: keep the handler lean. Use SQS/EventBridge for async operations.',
+    general: 'Apply Clean Architecture: Controllers → Use Cases → Domain → Infrastructure. Dependencies point inward. The domain layer has no framework imports. Testable by definition.',
+};
+export function plan(task, context) {
+    const style = detectStyle(task, context);
+    return {
+        agent: 'backend',
+        task,
+        tier: 3,
+        approach: styleApproach[style],
+        steps: [
+            'Define the domain model: entities, value objects, and aggregate roots',
+            'Define use cases (application services) — each use case is a single public method',
+            'Design the repository interfaces in the domain layer (no DB imports)',
+            'Implement the controller layer: parse request → call use case → format response',
+            'Implement the service layer: orchestrate domain objects and repositories',
+            'Implement the repository layer: translate domain operations to DB queries',
+            'Wire dependency injection container (manual DI or a framework like tsyringe/inversify)',
+            'Add authentication middleware: verify JWT/session, attach user to request context',
+            'Add authorisation guards: check role/permission on each protected route',
+            'Add request validation middleware: validate body/query against schema before reaching controller',
+            'Implement structured error handling: domain errors → HTTP errors → error middleware',
+            'Add correlation ID middleware: generate and propagate request tracing ID',
+            'Add health check endpoint: /health returns 200 with DB and dependency status',
+            'Configure graceful shutdown: drain in-flight requests before stopping the process',
+            'Write unit tests for each service method with mocked repositories',
+            'Write integration tests for each controller route against a test database',
+        ],
+        checklist: [
+            '[ ] Domain layer has zero framework or DB imports',
+            '[ ] Each use case / service method has a single responsibility',
+            '[ ] All dependencies injected via constructor — no new SomeDependency() in methods',
+            '[ ] Repository interfaces defined in domain, implementations in infrastructure',
+            '[ ] Authentication middleware applied to all non-public routes',
+            '[ ] Authorisation checked inside the use case — not just at the route level',
+            '[ ] Request validation runs before the controller method executes',
+            '[ ] All async operations wrapped in try/catch with typed error handling',
+            '[ ] Structured logging with correlation ID on every log line',
+            '[ ] No sensitive data (passwords, tokens) in log output',
+            '[ ] Graceful shutdown implemented — SIGTERM drains in-flight requests',
+            '[ ] Health endpoint checks real DB connectivity, not just process liveness',
+            '[ ] Environment variables validated at startup — fail fast on missing config',
+            '[ ] Connection pools sized appropriately for the expected concurrency',
+            '[ ] Unit tests cover all service methods',
+            '[ ] Integration tests cover all controller routes',
+        ],
+        pitfalls: [
+            'Putting business logic in controllers — controllers should only parse input and format output',
+            'Accessing the database directly from controllers — bypasses the service/repository abstraction',
+            'Using global state (singletons with mutable fields) — breaks in clustered/concurrent environments',
+            'Swallowing exceptions in middleware — downstream handlers receive undefined instead of an error',
+            'Not validating environment variables at startup — the service starts, runs for hours, then crashes on first DB access',
+            'Building a distributed monolith — microservices that share a DB defeat the purpose of the architecture',
+            'Forgetting graceful shutdown — in-flight requests are killed on deploy, causing user-visible errors',
+        ],
+        patterns: [
+            'Clean Architecture (Controllers → Use Cases → Domain → Infrastructure)',
+            'Repository pattern (abstract DB access behind an interface)',
+            'Dependency Injection (constructor injection for testability)',
+            'Middleware chain (Chain of Responsibility for cross-cutting concerns)',
+            'Command / Query Responsibility Segregation (CQRS)',
+            'Domain Events (decouple side effects from core logic)',
+            'Circuit Breaker (for resilient outbound calls)',
+            'Saga pattern (coordinate distributed transactions)',
+        ],
+        duration_estimate: '1-3 days',
+    };
+}
+//# sourceMappingURL=backend.js.map

package/dist/agents/development/coder.js

@@ -0,0 +1,207 @@
+function detectCategory(task) {
+    const t = task.toLowerCase();
+    if (t.includes('endpoint') || t.includes('route') || t.includes('controller') || t.includes('rest') || t.includes('graphql'))
+        return 'api-endpoint';
+    if (t.includes('component') || t.includes('ui') || t.includes('button') || t.includes('form') || t.includes('modal') || t.includes('page'))
+        return 'ui-component';
+    if (t.includes('util') || t.includes('helper') || t.includes('format') || t.includes('parse') || t.includes('transform'))
+        return 'utility';
+    if (t.includes('service') || t.includes('manager') || t.includes('handler') || t.includes('processor') || t.includes('worker'))
+        return 'service';
+    return 'general';
+}
+const categoryApproach = {
+    'api-endpoint': 'Design the contract first (request/response types), implement handler with validation, wire middleware chain, write integration tests.',
+    'ui-component': 'Define props interface, sketch component tree, implement stateless core first then add state/effects, ensure accessibility, write render tests.',
+    'utility': 'Write pure functions with explicit input/output types, cover all edge cases including null/undefined/empty, optimise for readability over cleverness.',
+    'service': 'Apply Dependency Injection, define interface before class, implement with repository abstraction, propagate typed errors, add unit tests for each method.',
+    'general': 'Define types first, implement incrementally, handle all error paths explicitly, add JSDoc for public APIs, write tests in parallel with implementation.',
+};
+const categorySteps = {
+    'api-endpoint': [
+        'Define TypeScript interfaces for request body, query params, and response payload',
+        'Write input validation schema (zod or class-validator)',
+        'Stub out the route handler and wire it in the router',
+        'Implement business logic in a dedicated service class',
+        'Add authentication/authorisation middleware as required',
+        'Implement error handling — map domain errors to HTTP status codes',
+        'Add request logging and correlation ID propagation',
+        'Write integration tests hitting the endpoint directly',
+        'Document the endpoint with OpenAPI/JSDoc annotations',
+        'Test error paths: missing fields, invalid types, unauthorised access',
+    ],
+    'ui-component': [
+        'Define the Props interface with JSDoc on each prop',
+        'Sketch the component tree — identify sub-components to extract',
+        'Implement the purely presentational render first with hardcoded data',
+        'Replace hardcoded data with props, add PropTypes/TypeScript narrowing',
+        'Add local state and effects only after the static render is correct',
+        'Implement loading and error states',
+        'Add keyboard navigation and ARIA attributes',
+        'Test with screen reader using browser dev tools',
+        'Add responsive CSS — mobile first with breakpoints',
+        'Write render tests covering each significant prop combination',
+    ],
+    'utility': [
+        'Write function signature with explicit parameter and return types',
+        'Document expected input/output with JSDoc examples',
+        'Handle null, undefined, and empty inputs explicitly',
+        'Handle boundary conditions (zero, negative, overflow, max-length)',
+        'Implement the happy-path logic',
+        'Add guards and early returns for invalid inputs',
+        'Write unit tests for each distinct input category',
+        'Benchmark if the utility is on a hot path',
+        'Export from an index barrel so imports stay clean',
+    ],
+    'service': [
+        'Define the service interface (IMyService) with all public methods',
+        'List constructor dependencies — inject via interface not concrete class',
+        'Write method stubs with return types before implementing',
+        'Implement each method with a single clear responsibility',
+        'Use typed Result or throw typed domain errors — no raw Error strings',
+        'Log structured data (not plain strings) at appropriate log levels',
+        'Write unit tests with mocked dependencies for each method',
+        'Write integration test against a real dependency (DB, API) if applicable',
+        'Document retry / circuit-breaker strategy for external calls',
+        'Add health-check method if the service wraps an external resource',
+    ],
+    'general': [
+        'Clarify and write down acceptance criteria before touching code',
+        'Define all TypeScript types/interfaces needed',
+        'Break the work into small independently testable functions',
+        'Implement incrementally — make it work, then make it right',
+        'Handle all error paths explicitly with typed errors',
+        'Add JSDoc to every exported symbol',
+        'Write unit tests alongside implementation',
+        'Run the linter and fix all warnings',
+        'Review the diff for accidental debug code or console.log statements',
+        'Update relevant documentation or README if the public API changes',
+    ],
+};
+const categoryChecklist = {
+    'api-endpoint': [
+        '[ ] Request DTO fully typed with validation annotations',
+        '[ ] Response DTO typed — no raw any or unknown leaking out',
+        '[ ] HTTP status codes are semantically correct (201 vs 200, 422 vs 400)',
+        '[ ] Auth middleware applied where required',
+        '[ ] Rate limiting considered',
+        '[ ] Input sanitisation prevents injection',
+        '[ ] Async handler wrapped to forward errors to Express error middleware',
+        '[ ] Pagination implemented for list endpoints',
+        '[ ] Integration test covers 200, 400, 401, 404, 500 paths',
+        '[ ] OpenAPI annotation added',
+        '[ ] No secrets or PII logged',
+        '[ ] Idempotency considered for mutating endpoints',
+    ],
+    'ui-component': [
+        '[ ] Props interface exported and all props documented',
+        '[ ] No inline styles — use CSS modules or styled components',
+        '[ ] Loading state renders a skeleton or spinner',
+        '[ ] Error state renders a user-friendly message',
+        '[ ] Empty state renders a meaningful prompt',
+        '[ ] ARIA roles and labels present on interactive elements',
+        '[ ] Tab order is logical',
+        '[ ] Component is keyboard-operable without mouse',
+        '[ ] Works at 320 px (mobile) and 1440 px (desktop)',
+        '[ ] No useEffect with missing dependency array entries',
+        '[ ] Memoisation applied only where profiling justifies it',
+        '[ ] Render test covers loading, error, and data states',
+    ],
+    'utility': [
+        '[ ] Function is pure — no hidden side effects',
+        '[ ] Returns typed result, not any',
+        '[ ] Handles null and undefined inputs without throwing',
+        '[ ] Handles empty string and empty array inputs',
+        '[ ] Handles numeric edge cases (NaN, Infinity, 0, negative)',
+        '[ ] Unit test for each distinct input category',
+        '[ ] Exported from barrel index',
+        '[ ] JSDoc with @param, @returns, and @example',
+    ],
+    'service': [
+        '[ ] Interface defined before implementation class',
+        '[ ] All dependencies injected — no new SomeDependency() in methods',
+        '[ ] Each public method has a single responsibility',
+        '[ ] Typed errors thrown — no throw new Error("raw string")',
+        '[ ] External calls have timeout configured',
+        '[ ] Unit tests mock all external dependencies',
+        '[ ] Integration test covers the real dependency path',
+        '[ ] Logs structured objects, not string concatenation',
+        '[ ] No business logic in the constructor',
+        '[ ] Service registered in the DI container',
+    ],
+    'general': [
+        '[ ] Acceptance criteria written before coding',
+        '[ ] All types explicit — no implicit any',
+        '[ ] All error paths handled',
+        '[ ] JSDoc on every exported symbol',
+        '[ ] Unit tests written alongside implementation',
+        '[ ] No console.log left in committed code',
+        '[ ] Linter passes with zero warnings',
+        '[ ] No TODO comments without a linked issue number',
+        '[ ] Public API is backwards-compatible or version-bumped',
+        '[ ] Documentation updated if the public API changed',
+    ],
+};
+const categoryPitfalls = {
+    'api-endpoint': [
+        'Forgetting to await async middleware — silently skips auth checks',
+        'Returning 200 for operations that create resources — use 201',
+        'Leaking internal stack traces to the client in production',
+        'Not validating Content-Type header before parsing body',
+        'Using req.body directly without validation — injection risk',
+    ],
+    'ui-component': [
+        'Calling setState inside useEffect without a dependency array — infinite loop',
+        'Forgetting key prop on list items — causes subtle reconciliation bugs',
+        'Storing derived data in state instead of computing it on render',
+        'Leaving event listeners without cleanup in useEffect return',
+        'Assuming controlled and uncontrolled prop modes cannot conflict',
+    ],
+    'utility': [
+        'Using == instead of === for null checks — misses undefined',
+        'Mutating the input array or object instead of returning a new one',
+        'Assuming parseInt always returns a number — it returns NaN on bad input',
+        'Using Date arithmetic without accounting for timezone offsets',
+    ],
+    'service': [
+        'Catching and swallowing errors silently — log and rethrow or return Result',
+        'Doing database work in the constructor — blocks DI container startup',
+        'Sharing mutable state across concurrent requests — use per-request scope',
+        'Not configuring timeout on external HTTP calls — hangs indefinitely',
+    ],
+    'general': [
+        'Premature optimisation before profiling — adds complexity with no gain',
+        'Mixing abstraction levels in a single function — extract sub-functions',
+        'Returning null instead of throwing when the contract is violated',
+        'Copy-pasting similar blocks instead of extracting a parameterised function',
+    ],
+};
+const categoryPatterns = {
+    'api-endpoint': ['Command pattern', 'Chain of Responsibility (middleware)', 'DTO pattern', 'Repository pattern', 'Decorator pattern (route guards)'],
+    'ui-component': ['Compound component pattern', 'Render props', 'Custom hook extraction', 'Container / Presenter split', 'Controlled component pattern'],
+    'utility': ['Pure function', 'Pipe / compose', 'Guard clause early return', 'Option/Result type', 'Memoisation'],
+    'service': ['Dependency Injection', 'Repository pattern', 'Strategy pattern', 'Result type', 'Façade pattern'],
+    'general': ['Single Responsibility Principle', 'Dependency Inversion', 'Guard clauses', 'Factory function', 'Module pattern'],
+};
+const categoryDuration = {
+    'api-endpoint': '2-4 hours',
+    'ui-component': '3-6 hours',
+    'utility': '1-2 hours',
+    'service': '4-8 hours',
+    'general': '2-4 hours',
+};
+export function plan(task, context) {
+    const category = detectCategory(task + ' ' + (context ?? ''));
+    return {
+        agent: 'coder',
+        task,
+        tier: 2,
+        approach: categoryApproach[category],
+        steps: categorySteps[category],
+        checklist: categoryChecklist[category],
+        pitfalls: categoryPitfalls[category],
+        patterns: categoryPatterns[category],
+        duration_estimate: categoryDuration[category],
+    };
+}
+//# sourceMappingURL=coder.js.map

package/dist/agents/development/database.js

@@ -0,0 +1,81 @@
+function detectDbType(task, context) {
+    const combined = (task + ' ' + (context ?? '')).toLowerCase();
+    if (combined.includes('mongo') || combined.includes('document') || combined.includes('dynamodb') || combined.includes('firestore') || combined.includes('nosql'))
+        return 'nosql';
+    if (combined.includes('timeseries') || combined.includes('influx') || combined.includes('prometheus') || combined.includes('clickhouse') || combined.includes('time series'))
+        return 'timeseries';
+    if (combined.includes('graph') || combined.includes('neo4j') || combined.includes('relationship'))
+        return 'graph';
+    if (combined.includes('postgres') || combined.includes('mysql') || combined.includes('sqlite') || combined.includes('sql') || combined.includes('relational'))
+        return 'rdbms';
+    return 'general';
+}
+const dbApproach = {
+    rdbms: 'Design a normalised schema first (3NF), add indexes for every foreign key and frequent filter column, use transactions for multi-table mutations, plan migration scripts with backward compatibility.',
+    nosql: 'Design around access patterns — denormalise to serve queries in one round trip. Choose partition keys that distribute load evenly. Model for reads, use references sparingly for writes.',
+    timeseries: 'Optimise for append-heavy write patterns. Use time-bucketed partitioning. Compress old data with downsampling. Design queries around time ranges, not individual rows.',
+    graph: 'Model entities as nodes and relationships as edges with properties. Index node labels and edge types. Design traversal patterns and bound depth of recursive queries.',
+    general: 'Evaluate RDBMS vs NoSQL based on data structure, access patterns, and consistency requirements. Design schema to serve the most frequent query without joins if possible.',
+};
+export function plan(task, context) {
+    const dbType = detectDbType(task, context);
+    return {
+        agent: 'database',
+        task,
+        tier: 3,
+        approach: dbApproach[dbType],
+        steps: [
+            'List all entities and their relationships — draw an ER diagram',
+            'Identify the top 5 most frequent query patterns (what will be read most?)',
+            'Design the schema to serve those queries with minimal joins/lookups',
+            'Add primary keys and unique constraints first',
+            'Add foreign key constraints for relational integrity',
+            'Identify every column used in WHERE, ORDER BY, or JOIN — add indexes',
+            'Choose composite index column order by selectivity (most selective first)',
+            'Design the migration script: additive changes first (new tables, new nullable columns)',
+            'Write seed / fixture data for the development environment',
+            'Write query tests that assert on execution plan (EXPLAIN ANALYZE)',
+            'Set up connection pooling with appropriate pool size for the workload',
+            'Configure statement_timeout and lock_timeout to prevent runaway queries',
+            'Plan archival strategy for old data — partitioning or archival table',
+            'Document the schema with comments on each table and non-obvious column',
+        ],
+        checklist: [
+            '[ ] Every table has a primary key',
+            '[ ] Foreign keys are declared and indexed',
+            '[ ] Every JOIN column on the many-side has an index',
+            '[ ] Every column used in frequent WHERE clauses has an index',
+            '[ ] No SELECT * in production queries — enumerate columns',
+            '[ ] Multi-table mutations wrapped in transactions',
+            '[ ] Migrations are reversible (down migration written)',
+            '[ ] Migration tested on a copy of production data volume',
+            '[ ] Connection pool size calculated: connections = (core_count * 2) + effective_spindle_count',
+            '[ ] statement_timeout configured to prevent runaway queries',
+            '[ ] EXPLAIN ANALYZE run on all slow query candidates',
+            '[ ] Sensitive columns (PII, passwords) identified and encrypted at rest',
+            '[ ] Backup and point-in-time recovery tested',
+            '[ ] Schema documented with table and column comments',
+        ],
+        pitfalls: [
+            'Using SELECT * in application queries — sends unnecessary data over the wire and breaks when columns are added/removed',
+            'Forgetting to index foreign keys — causes full table scans on every JOIN',
+            'Storing JSON blobs in relational databases to avoid schema work — kills query performance and integrity',
+            'Not wrapping multi-step mutations in a transaction — leaves the database in a partially updated state on failure',
+            'Using ORM-generated schemas without reviewing the SQL — ORMs frequently generate non-optimal index choices',
+            'Choosing UUID as a clustered primary key in PostgreSQL without understanding write amplification from random page splits',
+            'Ignoring VACUUM in PostgreSQL — table bloat degrades read performance over time',
+            'Testing migrations only on an empty database — schema changes that work on empty DBs may lock production tables for minutes',
+        ],
+        patterns: [
+            'Repository pattern (abstract DB access behind an interface)',
+            'Unit of Work pattern (group related DB operations into a transaction)',
+            'CQRS (separate read and write models for high-throughput systems)',
+            'Event Sourcing (store events, derive state — for audit-heavy domains)',
+            'Optimistic locking (version column for concurrent update detection)',
+            'Soft delete pattern (deleted_at timestamp instead of hard DELETE)',
+            'Temporal tables (track history of row changes)',
+        ],
+        duration_estimate: '1-2 days',
+    };
+}
+//# sourceMappingURL=database.js.map

package/dist/agents/development/debugger.js

@@ -0,0 +1,234 @@
+function detectErrorCategory(task, context) {
+    const combined = (task + ' ' + (context ?? '')).toLowerCase();
+    if (combined.includes('memory') || combined.includes('leak') || combined.includes('heap') || combined.includes('oom'))
+        return 'memory';
+    if (combined.includes('slow') || combined.includes('latency') || combined.includes('timeout') || combined.includes('performance'))
+        return 'performance';
+    if (combined.includes('network') || combined.includes('fetch') || combined.includes('http') || combined.includes('cors') || combined.includes('socket'))
+        return 'network';
+    if (combined.includes('promise') || combined.includes('async') || combined.includes('await') || combined.includes('callback') || combined.includes('race'))
+        return 'async';
+    if (combined.includes('type') || combined.includes('undefined') || combined.includes('null') || combined.includes('cannot read'))
+        return 'type';
+    if (combined.includes('wrong') || combined.includes('incorrect') || combined.includes('unexpected') || combined.includes('logic'))
+        return 'logic';
+    return 'runtime';
+}
+const categoryApproach = {
+    runtime: 'Reproduce reliably → isolate to smallest failing case → read the full stack trace → form one hypothesis → add targeted logging → verify fix does not break other paths.',
+    type: 'Trace the data flow from origin to crash site — find where the wrong type enters. Use TypeScript strict mode findings as a guide. Fix the source, not the symptom.',
+    async: 'Map the Promise chain or async call graph. Look for missing awaits, race conditions, unhandled rejections, and event-loop blocking. Add sequential logging to trace execution order.',
+    performance: 'Measure first — use profiling tools to identify the actual bottleneck before touching code. Focus on the 80/20 hotspot. Validate improvement with benchmarks before and after.',
+    network: 'Inspect actual requests in browser DevTools or a proxy (Wireshark/mitmproxy). Verify headers, CORS policy, TLS, DNS, and connection reuse. Distinguish client bugs from server bugs.',
+    memory: 'Take heap snapshots before and after suspected operations. Compare retained objects. Look for closures holding large references, event listener accumulation, and growing caches without eviction.',
+    logic: 'Write a minimal reproducing test. Step through with a debugger or add assertion-style logging at each decision point. State the expected vs actual output explicitly before investigating.',
+};
+const categorySteps = {
+    runtime: [
+        'Read the full stack trace — note the exact file, line number, and error message',
+        'Reproduce the error in isolation — create the smallest possible reproduction',
+        'Check if the error is deterministic or intermittent',
+        'Identify the last working state using git bisect or recent commits',
+        'Form a single specific hypothesis about the root cause',
+        'Add targeted logging around the hypothesis — do NOT log everything',
+        'Verify the hypothesis by temporarily modifying the suspected code',
+        'Fix at the root cause, not at the point where the error surfaces',
+        'Write a regression test that would have caught this bug',
+        'Review related code paths that could have the same defect',
+        'Document the root cause in the fix commit message',
+    ],
+    type: [
+        'Find the exact line where the TypeError / undefined access occurs',
+        'Trace the variable backwards to where it is assigned',
+        'Check if the data source (API, DB, config) can return null/undefined',
+        'Enable TypeScript strict mode and check for new red squiggles',
+        'Fix the type at the origin — add correct types or validation at the boundary',
+        'Add runtime validation (zod, guard function) at the data entry point',
+        'Remove any type assertions (as Type, as any) that hide the real type',
+        'Test with null, undefined, empty string, and unexpected types',
+        'Add null checks or optional chaining where appropriate',
+        'Write a unit test that exercises the null/undefined path',
+    ],
+    async: [
+        'Map the full async call graph for the failing operation',
+        'Check every await — ensure no async function is called without await',
+        'Look for missing error propagation — catch blocks that do not rethrow',
+        'Check for race conditions — operations that depend on execution order',
+        'Look for event-loop blocking (synchronous heavy computation in an async context)',
+        'Verify Promise.all vs Promise.allSettled — unhandled rejection vs partial failure',
+        'Add sequential timestamps to log statements to trace actual execution order',
+        'Use AsyncLocalStorage or correlation IDs to trace concurrent requests',
+        'Check for multiple competing setInterval/setTimeout that interfere',
+        'Write a test that exercises the async failure path explicitly',
+    ],
+    performance: [
+        'Establish a baseline measurement — latency p50/p95/p99, throughput, CPU, memory',
+        'Use a profiler (clinic.js, Chrome DevTools, py-spy) — identify the top hotspot',
+        'Check for N+1 query patterns — count DB queries per request',
+        'Check for synchronous blocking operations in async code',
+        'Review algorithm complexity — O(n²) loops over large datasets',
+        'Check caching — are expensive results being recomputed unnecessarily?',
+        'Profile memory — look for unnecessary object allocation in hot paths',
+        'Fix the single biggest bottleneck and measure again before moving on',
+        'Add performance regression tests (benchmarks) to CI',
+        'Document the performance improvement with before/after numbers',
+    ],
+    network: [
+        'Capture the raw request and response with browser DevTools or curl',
+        'Check CORS headers — Access-Control-Allow-Origin must match the origin',
+        'Verify the TLS certificate is valid and not expired',
+        'Check DNS resolution — nslookup or dig the hostname',
+        'Verify the correct HTTP method and Content-Type are being sent',
+        'Look for redirect loops (301/302 cycles)',
+        'Check keep-alive and connection pool settings on the client',
+        'Test from multiple networks to distinguish ISP / firewall issues',
+        'Inspect retry logic — are retries causing duplicate side effects?',
+        'Add request/response logging middleware to trace the full exchange',
+    ],
+    memory: [
+        'Take a heap snapshot before the suspected operation',
+        'Perform the operation that causes the leak',
+        'Take a second heap snapshot and compare with the first',
+        'Identify the object type and retention path in the diff',
+        'Look for event listeners added without removeEventListener',
+        'Check for closures that hold references to large objects',
+        'Review caches and collections that grow without eviction',
+        'Look for circular references that prevent garbage collection',
+        'Fix the retention path and verify with a third heap snapshot',
+        'Add a memory usage metric to monitoring to detect future regressions',
+    ],
+    logic: [
+        'Write down the exact expected output and the actual output',
+        'Identify the decision points (conditionals, loops, function calls) on the code path',
+        'Write a minimal unit test that reproduces the wrong output',
+        'Step through the code with a debugger, verifying state at each step',
+        'Check boundary conditions: off-by-one errors, inclusive vs exclusive ranges',
+        'Check date/time logic: timezone assumptions, DST transitions, epoch offsets',
+        'Verify sort/comparison functions return correct negative/zero/positive values',
+        'Trace the state mutation — check for accidental shared mutable state',
+        'Fix the logic and run all related tests',
+        'Add an assertion comment explaining the invariant being enforced',
+    ],
+};
+const categoryChecklist = {
+    runtime: [
+        '[ ] Full stack trace captured and read carefully',
+        '[ ] Minimal reproduction created',
+        '[ ] Root cause identified (not just symptom fixed)',
+        '[ ] Fix applied at root cause location',
+        '[ ] Regression test written',
+        '[ ] Related code paths reviewed for same defect',
+        '[ ] Fix verified in the same environment where the bug occurred',
+    ],
+    type: [
+        '[ ] TypeScript strict mode enabled',
+        '[ ] No type assertions (as Type) hiding the bug',
+        '[ ] Runtime validation added at data boundary',
+        '[ ] Null/undefined paths tested explicitly',
+        '[ ] No any types introduced to silence the compiler',
+    ],
+    async: [
+        '[ ] Every async call is properly awaited',
+        '[ ] Unhandled rejection handler in place',
+        '[ ] Race conditions analysed and eliminated',
+        '[ ] Error propagation tested in failure paths',
+        '[ ] Async test uses proper done/async-await, not callbacks',
+    ],
+    performance: [
+        '[ ] Baseline benchmark recorded before fix',
+        '[ ] Fix targets the profiled hotspot, not guesswork',
+        '[ ] No N+1 query patterns remain',
+        '[ ] Improvement verified with post-fix benchmark',
+        '[ ] Performance regression test added to CI',
+    ],
+    network: [
+        '[ ] Raw request/response captured and inspected',
+        '[ ] CORS headers correct',
+        '[ ] TLS certificate valid',
+        '[ ] Retry logic does not cause duplicate side effects',
+        '[ ] Error handling for network timeouts in place',
+    ],
+    memory: [
+        '[ ] Heap snapshots taken before and after fix',
+        '[ ] All event listeners have corresponding removeEventListener',
+        '[ ] Caches have maximum size and eviction policy',
+        '[ ] No circular references between large objects',
+        '[ ] Memory metric added to monitoring dashboard',
+    ],
+    logic: [
+        '[ ] Expected vs actual output documented',
+        '[ ] Minimal reproducing test written before fix',
+        '[ ] All boundary conditions tested',
+        '[ ] Off-by-one conditions verified',
+        '[ ] Shared mutable state eliminated from the bug path',
+    ],
+};
+const categoryPitfalls = {
+    runtime: [
+        'Fixing the symptom (adding a null check at the crash site) without fixing the root cause (why null got there)',
+        'Changing multiple things at once — makes it impossible to know which change fixed the bug',
+        'Not writing a regression test — the bug will return',
+        'Ignoring the stack trace and guessing at the cause',
+    ],
+    type: [
+        'Using "as any" or "as Type" to silence TypeScript — masks the real bug',
+        'Checking for null in the wrong place — check where the data enters, not where it crashes',
+        'Conflating undefined (not set) with null (intentionally empty)',
+    ],
+    async: [
+        'Adding await to a non-Promise — causes subtle bugs when the value becomes a resolved Promise accidentally',
+        'Using Promise.all when one rejection should not cancel the others — use Promise.allSettled',
+        'Catching errors in middleware and not rethrowing — downstream code sees undefined instead of an error',
+    ],
+    performance: [
+        'Optimising without measuring first — wastes time on non-bottlenecks',
+        'Caching without an eviction strategy — trades performance for a memory leak',
+        'Parallelising I/O without limiting concurrency — causes resource exhaustion',
+    ],
+    network: [
+        'Debugging CORS on the client — CORS is a server-side configuration problem',
+        'Trusting browser error messages for network issues — use curl/mitmproxy for ground truth',
+        'Ignoring timeout configuration — 30-second default timeouts hide slow endpoint bugs',
+    ],
+    memory: [
+        'Using WeakMap/WeakRef without understanding the GC implications — not a guaranteed fix',
+        'Adding .off() listeners in cleanup without matching the exact listener reference — listener remains attached',
+        'Assuming garbage collection will clean up large arrays that are still reachable via closure',
+    ],
+    logic: [
+        'Fixing the wrong layer — UI shows wrong data because the API returns wrong data, not because the UI is broken',
+        'Not isolating the bug with a test before fixing — leads to over-engineering the fix',
+        'Trusting console.log output order in async code — use timestamps',
+    ],
+};
+const categoryRootCauses = {
+    runtime: ['Null/undefined dereference', 'Index out of bounds', 'Missing module export', 'Incorrect function signature', 'Environment variable not set'],
+    type: ['API returning different shape than expected', 'Optional field treated as required', 'Union type not narrowed before use', 'JSON.parse result not validated'],
+    async: ['Missing await on async function', 'Unhandled Promise rejection', 'Race condition between concurrent operations', 'Event listener attached multiple times'],
+    performance: ['N+1 database query', 'Unbounded loop over large dataset', 'Synchronous blocking in event loop', 'Missing index on queried column', 'Large objects allocated in hot path'],
+    network: ['CORS misconfiguration', 'Expired TLS certificate', 'DNS resolution failure', 'Firewall blocking the port', 'Incorrect Content-Type header'],
+    memory: ['Event listeners not removed on component unmount', 'Closure retaining large object', 'Unbounded cache', 'Circular reference in object graph'],
+    logic: ['Off-by-one error in loop bounds', 'Timezone-naive date comparison', 'Wrong operator precedence', 'Mutating shared state across requests', 'Short-circuit evaluation misunderstood'],
+};
+export function plan(task, context) {
+    const category = detectErrorCategory(task, context);
+    const rootCauses = categoryRootCauses[category];
+    return {
+        agent: 'debugger',
+        task,
+        tier: 2,
+        approach: categoryApproach[category],
+        steps: categorySteps[category],
+        checklist: categoryChecklist[category],
+        pitfalls: categoryPitfalls[category],
+        patterns: [
+            'Reproduce-Isolate-Fix loop',
+            'Scientific method (hypothesis → test → conclusion)',
+            'Rubber duck debugging',
+            'Binary search debugging (git bisect)',
+            ...rootCauses.map(c => `Root cause: ${c}`),
+        ],
+        duration_estimate: category === 'performance' || category === 'memory' ? '2-6 hours' : '30 minutes - 3 hours',
+    };
+}
+//# sourceMappingURL=debugger.js.map