@jterrats/open-orchestra 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (116) hide show
  1. package/dist/autonomous-phase-lifecycle.js +19 -0
  2. package/dist/autonomous-phase-lifecycle.js.map +1 -1
  3. package/dist/autonomous-run-store.d.ts +2 -1
  4. package/dist/autonomous-run-store.js +4 -0
  5. package/dist/autonomous-run-store.js.map +1 -1
  6. package/dist/autonomous-workflow-constants.d.ts +1 -6
  7. package/dist/autonomous-workflow-constants.js +1 -33
  8. package/dist/autonomous-workflow-constants.js.map +1 -1
  9. package/dist/cli.js +7 -1
  10. package/dist/cli.js.map +1 -1
  11. package/dist/command-manifest.js +3 -1
  12. package/dist/command-manifest.js.map +1 -1
  13. package/dist/commands.d.ts +1 -1
  14. package/dist/commands.js +1 -1
  15. package/dist/commands.js.map +1 -1
  16. package/dist/constants.d.ts +2 -4
  17. package/dist/constants.js +7 -21
  18. package/dist/constants.js.map +1 -1
  19. package/dist/defaults.d.ts +1 -0
  20. package/dist/defaults.js +1 -0
  21. package/dist/defaults.js.map +1 -1
  22. package/dist/delegation-decision.js +4 -5
  23. package/dist/delegation-decision.js.map +1 -1
  24. package/dist/delivery-dashboard.js +2 -1
  25. package/dist/delivery-dashboard.js.map +1 -1
  26. package/dist/phase-playbooks.js +10 -32
  27. package/dist/phase-playbooks.js.map +1 -1
  28. package/dist/qa-readiness.js +2 -2
  29. package/dist/qa-readiness.js.map +1 -1
  30. package/dist/release-readiness.js +3 -6
  31. package/dist/release-readiness.js.map +1 -1
  32. package/dist/runtime-bootstrap.js +9 -1
  33. package/dist/runtime-bootstrap.js.map +1 -1
  34. package/dist/runtime-commands.d.ts +2 -0
  35. package/dist/runtime-commands.js +44 -1
  36. package/dist/runtime-commands.js.map +1 -1
  37. package/dist/runtime-execution-adapters.js +44 -4
  38. package/dist/runtime-execution-adapters.js.map +1 -1
  39. package/dist/runtime-execution-renderer.d.ts +7 -1
  40. package/dist/runtime-execution-renderer.js +63 -0
  41. package/dist/runtime-execution-renderer.js.map +1 -1
  42. package/dist/runtime-execution.d.ts +20 -1
  43. package/dist/runtime-execution.js +174 -0
  44. package/dist/runtime-execution.js.map +1 -1
  45. package/dist/runtime-guardrails.js +3 -0
  46. package/dist/runtime-guardrails.js.map +1 -1
  47. package/dist/runtime-spawn-bridge.d.ts +25 -0
  48. package/dist/runtime-spawn-bridge.js +172 -0
  49. package/dist/runtime-spawn-bridge.js.map +1 -0
  50. package/dist/runtime-spawn-guidance.d.ts +3 -0
  51. package/dist/runtime-spawn-guidance.js +52 -0
  52. package/dist/runtime-spawn-guidance.js.map +1 -0
  53. package/dist/skills-catalog.js +66 -0
  54. package/dist/skills-catalog.js.map +1 -1
  55. package/dist/skills-planning.js +6 -20
  56. package/dist/skills-planning.js.map +1 -1
  57. package/dist/subagent-protocol.js +6 -1
  58. package/dist/subagent-protocol.js.map +1 -1
  59. package/dist/task-graph-commands.js +3 -12
  60. package/dist/task-graph-commands.js.map +1 -1
  61. package/dist/task-split-assessment.d.ts +19 -0
  62. package/dist/task-split-assessment.js +190 -0
  63. package/dist/task-split-assessment.js.map +1 -0
  64. package/dist/task-status.d.ts +22 -0
  65. package/dist/task-status.js +83 -0
  66. package/dist/task-status.js.map +1 -0
  67. package/dist/telemetry-export.js +19 -24
  68. package/dist/telemetry-export.js.map +1 -1
  69. package/dist/telemetry-records.js +2 -1
  70. package/dist/telemetry-records.js.map +1 -1
  71. package/dist/tracker-commands.js +2 -2
  72. package/dist/tracker-commands.js.map +1 -1
  73. package/dist/types/model-config.d.ts +2 -0
  74. package/dist/types/runtime.d.ts +33 -1
  75. package/dist/types/tasks.d.ts +1 -0
  76. package/dist/types/workflow-run.d.ts +16 -0
  77. package/dist/types.d.ts +2 -2
  78. package/dist/types.js.map +1 -1
  79. package/dist/web-api.js +24 -2
  80. package/dist/web-api.js.map +1 -1
  81. package/dist/web-roles.js +2 -1
  82. package/dist/web-roles.js.map +1 -1
  83. package/dist/web-runtime-actions.d.ts +4 -0
  84. package/dist/web-runtime-actions.js +53 -0
  85. package/dist/web-runtime-actions.js.map +1 -0
  86. package/dist/workflow-approval-service.js +14 -18
  87. package/dist/workflow-approval-service.js.map +1 -1
  88. package/dist/workflow-background-subagents.d.ts +13 -0
  89. package/dist/workflow-background-subagents.js +80 -0
  90. package/dist/workflow-background-subagents.js.map +1 -0
  91. package/dist/workflow-phase-planner.d.ts +4 -2
  92. package/dist/workflow-phase-planner.js +31 -43
  93. package/dist/workflow-phase-planner.js.map +1 -1
  94. package/dist/workflow-phases.d.ts +15 -0
  95. package/dist/workflow-phases.js +86 -0
  96. package/dist/workflow-phases.js.map +1 -0
  97. package/dist/workflow-run-commands.js +127 -2
  98. package/dist/workflow-run-commands.js.map +1 -1
  99. package/dist/workflow-services.js +4 -2
  100. package/dist/workflow-services.js.map +1 -1
  101. package/dist/workflow-task-service.js +15 -20
  102. package/dist/workflow-task-service.js.map +1 -1
  103. package/docs/autonomous-workflow.md +34 -0
  104. package/docs/duplicate-code-enforcement.md +60 -0
  105. package/docs/release-test-matrix.md +14 -0
  106. package/docs/reports/duplicate-code-baseline-20260518.md +41 -0
  107. package/docs/runtime-adapters.md +96 -4
  108. package/docs/runtime-llm-flow.md +4 -2
  109. package/docs/secret-scanning-gitleaks.md +53 -0
  110. package/docs/site-manifest.json +5 -0
  111. package/docs/sonar-architecture-model.md +178 -0
  112. package/docs/sonar-quality-gates.md +178 -0
  113. package/docs/task-split-assessment.md +34 -0
  114. package/package.json +5 -1
  115. package/skills/oclif-plugin-development/SKILL.md +118 -0
  116. package/skills/oclif-plugin-development/manifest.json +58 -0
@@ -0,0 +1,118 @@
1
+ # Oclif Plugin Development
2
+
3
+ Use this skill when a task designs, implements, tests, packages, or reviews an
4
+ Open Orchestra plugin based on oclif, TypeScript, React, Vite, hooks, manifests,
5
+ or CLI command extensions.
6
+
7
+ ## When To Load
8
+
9
+ - Trigger: `oclif`
10
+ - Trigger: `plugin`
11
+ - Trigger: `cli plugin`
12
+ - Trigger: `command plugin`
13
+ - Trigger: `hook`
14
+ - Trigger: `manifest`
15
+ - Trigger: `package exports`
16
+ - Trigger: `npm plugin`
17
+ - Trigger: `React/Vite plugin UI`
18
+ - Trigger: `TypeScript plugin package`
19
+
20
+ ## Architecture
21
+
22
+ - Treat plugin specialization as an on-demand skill, not as a permanent role
23
+ profile. Developer, Architect, QA, Security, DevOps, UX, or Tech Lead can use
24
+ this skill when the task requires plugin work.
25
+ - Keep command classes or command modules nearly logicless: parse flags/args,
26
+ call one service/use-case, format output, and map expected errors to
27
+ user-safe messages.
28
+ - Put business rules, workflow policy, persistence, batching, retries, plugin
29
+ discovery, and registry mutations in domain services or use-cases.
30
+ - Define public plugin contracts before implementation: plugin id, supported
31
+ host version, commands, hooks, capabilities, permissions, configuration,
32
+ outputs, evidence expectations, and compatibility constraints.
33
+ - Prefer typed registries and manifest-derived metadata over hardcoded command
34
+ or hook lists. Load `collection-standards` when plugin work repeats commands,
35
+ hooks, providers, roles, statuses, selectors, fixtures, or validators.
36
+
37
+ ## Oclif CLI Standards
38
+
39
+ - Use TypeScript and typed flags/args.
40
+ - Keep stdout, stderr, exit code, and JSON output stable and testable.
41
+ - Provide JSON output for machine consumers when a command returns structured
42
+ data.
43
+ - Keep help, examples, aliases, deprecations, and hidden/internal command status
44
+ explicit.
45
+ - Treat hooks as integration points with clear ordering, idempotency, timeout,
46
+ failure, and observability behavior.
47
+ - Do not hide network calls, filesystem writes, shell execution, or destructive
48
+ actions inside command parsing.
49
+
50
+ ## Package Standards
51
+
52
+ - Prefer ESM-first package structure unless compatibility requires otherwise.
53
+ - Define `exports`, `types`, files included in the package, and supported Node
54
+ versions.
55
+ - Keep package metadata, command metadata, plugin manifest data, and docs
56
+ derived from one source where possible.
57
+ - Validate install/link/package smoke behavior before release.
58
+ - Use semantic versioning and document host compatibility or migration needs.
59
+
60
+ ## Plugin Capability Manifest
61
+
62
+ A plugin capability contract should declare:
63
+
64
+ - plugin id and display name;
65
+ - commands and command surfaces;
66
+ - hooks and lifecycle events;
67
+ - capabilities and activation triggers;
68
+ - required permissions;
69
+ - configuration schema and defaults;
70
+ - UI contributions, if any;
71
+ - evidence types expected for QA/release;
72
+ - compatibility with host Open Orchestra version;
73
+ - security constraints and tenant/regulatory limitations;
74
+ - ownership, support, and deprecation policy.
75
+
76
+ ## React/Vite UI Contributions
77
+
78
+ - Use React + TypeScript conventions for UI plugin surfaces.
79
+ - Use Vite for local dev/build when the host package supports it.
80
+ - Separate presentation, state, API access, and domain logic.
81
+ - Keep UI mobile-first, accessible, and covered with loading, empty, error,
82
+ success, and recovery states.
83
+ - Add Playwright evidence for user-visible plugin UI flows.
84
+
85
+ ## QA Evidence
86
+
87
+ Plugin QA should prove:
88
+
89
+ - command exit code, stdout, stderr, and JSON contract;
90
+ - flags/args validation and help output;
91
+ - generated files or workflow events;
92
+ - hook invocation, ordering, idempotency, and failure behavior;
93
+ - install/link/package smoke;
94
+ - compatibility with the declared host version;
95
+ - Playwright screenshots/traces when UI is involved;
96
+ - API side effects or external integration outcomes when the plugin triggers
97
+ them.
98
+
99
+ ## Security
100
+
101
+ - Use `spawn`/`execFile` with args arrays for shell execution. Never interpolate
102
+ shell strings.
103
+ - Validate file paths and reject traversal.
104
+ - Validate URLs before network calls.
105
+ - Do not hardcode secrets or write credentials to plugin manifests.
106
+ - Define least-privilege plugin permissions and review them before release.
107
+ - Treat third-party plugins and plugin-provided config as untrusted input.
108
+ - Run secret scanning, dependency audit, static analysis, duplicate-code checks,
109
+ and package provenance checks before release.
110
+
111
+ ## Handoff Checklist
112
+
113
+ - Plugin contract or manifest updated.
114
+ - Command/hook behavior covered by tests.
115
+ - Security-sensitive surfaces reviewed.
116
+ - Evidence attached for CLI/API/UI behavior.
117
+ - Package/install smoke completed or explicitly deferred.
118
+ - Compatibility and release notes updated when user-facing behavior changes.
@@ -0,0 +1,58 @@
1
+ {
2
+ "id": "oclif-plugin-development",
3
+ "name": "Oclif Plugin Development",
4
+ "summary": "Build Open Orchestra plugins with oclif, TypeScript, command contracts, hooks, manifests, QA evidence, and secure package boundaries.",
5
+ "triggers": [
6
+ "oclif",
7
+ "plugin",
8
+ "plugins",
9
+ "cli plugin",
10
+ "command plugin",
11
+ "hook",
12
+ "hooks",
13
+ "manifest",
14
+ "plugin manifest",
15
+ "package exports",
16
+ "npm plugin",
17
+ "cli extension",
18
+ "react plugin ui",
19
+ "vite plugin ui",
20
+ "typescript plugin package"
21
+ ],
22
+ "roles": [
23
+ "developer",
24
+ "tech_lead",
25
+ "architect",
26
+ "qa",
27
+ "sdet",
28
+ "security",
29
+ "devops",
30
+ "platform_engineer",
31
+ "frontend_specialist"
32
+ ],
33
+ "capabilities": [
34
+ "plugin-development",
35
+ "cli-command-contracts",
36
+ "typescript-package-architecture",
37
+ "plugin-security",
38
+ "plugin-qa-evidence"
39
+ ],
40
+ "riskAreas": [
41
+ "maintainability",
42
+ "security",
43
+ "release",
44
+ "devops",
45
+ "integration",
46
+ "ux"
47
+ ],
48
+ "sourceGroups": [
49
+ "codebase",
50
+ "architecture",
51
+ "quality-security",
52
+ "devops-runtime",
53
+ "product-backlog"
54
+ ],
55
+ "evidence": ["command", "file", "report", "screenshot", "trace"],
56
+ "loadBudget": "normal",
57
+ "entry": "skills/oclif-plugin-development/SKILL.md"
58
+ }