@mmerterden/multi-agent-pipeline 8.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (817) hide show
  1. package/CHANGELOG.md +2623 -0
  2. package/LICENSE +21 -0
  3. package/README.md +852 -0
  4. package/docs/FIGMA_PIPELINE.md +138 -0
  5. package/docs/GENERICITY-REVIEW.md +277 -0
  6. package/docs/STABILITY-FIX-PLAN.md +168 -0
  7. package/docs/adr/0001-three-model-triage.md +81 -0
  8. package/docs/adr/0002-instruction-driven-flag.md +62 -0
  9. package/docs/adr/0003-unified-shared-skills.md +55 -0
  10. package/docs/adr/0004-zero-dependency-philosophy.md +60 -0
  11. package/docs/adr/0005-lazy-phase-docs.md +68 -0
  12. package/docs/adr/0006-skills-core-external-split.md +52 -0
  13. package/docs/adr/0007-multi-tool-adapter-framework.md +110 -0
  14. package/docs/adr/0008-installer-modularization-and-secret-leak-defense.md +98 -0
  15. package/docs/adr/README.md +33 -0
  16. package/docs/architecture.md +181 -0
  17. package/docs/best-practices.md +93 -0
  18. package/docs/features.md +274 -0
  19. package/docs/performance.md +116 -0
  20. package/docs/recovery-guide.md +479 -0
  21. package/index.js +76 -0
  22. package/install/_adapters.mjs +69 -0
  23. package/install/_common.mjs +150 -0
  24. package/install/_copilot-instructions.mjs +32 -0
  25. package/install/_dev-only-files.mjs +23 -0
  26. package/install/_platform-filter.mjs +132 -0
  27. package/install/_telemetry.mjs +79 -0
  28. package/install/claude.mjs +332 -0
  29. package/install/copilot.mjs +254 -0
  30. package/install/index.mjs +179 -0
  31. package/install/templates/copilot-instructions.md +319 -0
  32. package/install.js +24 -0
  33. package/package.json +78 -0
  34. package/pipeline/adapters/_base.mjs +288 -0
  35. package/pipeline/adapters/copilot-chat.mjs +158 -0
  36. package/pipeline/adapters/cursor.mjs +187 -0
  37. package/pipeline/agents/android-architect.md +42 -0
  38. package/pipeline/agents/backend-architect.md +43 -0
  39. package/pipeline/agents/code-reviewer.md +57 -0
  40. package/pipeline/agents/dev-critic.md +148 -0
  41. package/pipeline/agents/explorer.md +34 -0
  42. package/pipeline/agents/ios-architect.md +41 -0
  43. package/pipeline/agents/security-auditor.md +98 -0
  44. package/pipeline/agents/task-clarifier.md +113 -0
  45. package/pipeline/claude-md-template.md +55 -0
  46. package/pipeline/commands/archive-guard.md +45 -0
  47. package/pipeline/commands/deploy.md +54 -0
  48. package/pipeline/commands/figma-to-swiftui.md +295 -0
  49. package/pipeline/commands/multi-agent/_account-picker.md +90 -0
  50. package/pipeline/commands/multi-agent/_dev-context.md +111 -0
  51. package/pipeline/commands/multi-agent/_input-parser.md +43 -0
  52. package/pipeline/commands/multi-agent/_repo-picker.md +76 -0
  53. package/pipeline/commands/multi-agent/autopilot.md +116 -0
  54. package/pipeline/commands/multi-agent/channels.md +465 -0
  55. package/pipeline/commands/multi-agent/delete.md +66 -0
  56. package/pipeline/commands/multi-agent/dev-autopilot.md +120 -0
  57. package/pipeline/commands/multi-agent/dev-local-autopilot.md +110 -0
  58. package/pipeline/commands/multi-agent/dev-local.md +105 -0
  59. package/pipeline/commands/multi-agent/dev.md +246 -0
  60. package/pipeline/commands/multi-agent/diff-explain.md +68 -0
  61. package/pipeline/commands/multi-agent/help.md +422 -0
  62. package/pipeline/commands/multi-agent/issue.md +79 -0
  63. package/pipeline/commands/multi-agent/jira.md +132 -0
  64. package/pipeline/commands/multi-agent/kill.md +38 -0
  65. package/pipeline/commands/multi-agent/language.md +94 -0
  66. package/pipeline/commands/multi-agent/local-autopilot.md +139 -0
  67. package/pipeline/commands/multi-agent/local.md +117 -0
  68. package/pipeline/commands/multi-agent/log.md +25 -0
  69. package/pipeline/commands/multi-agent/manual-test.md +43 -0
  70. package/pipeline/commands/multi-agent/purge.md +39 -0
  71. package/pipeline/commands/multi-agent/refactor.md +188 -0
  72. package/pipeline/commands/multi-agent/refs/android-guide.md +250 -0
  73. package/pipeline/commands/multi-agent/refs/audit-guide.md +240 -0
  74. package/pipeline/commands/multi-agent/refs/backend-guide.md +135 -0
  75. package/pipeline/commands/multi-agent/refs/channels/confluence.md +153 -0
  76. package/pipeline/commands/multi-agent/refs/channels/issue-comment.md +141 -0
  77. package/pipeline/commands/multi-agent/refs/channels/jira.md +127 -0
  78. package/pipeline/commands/multi-agent/refs/channels/pr-review-actions.md +135 -0
  79. package/pipeline/commands/multi-agent/refs/channels/pr.md +139 -0
  80. package/pipeline/commands/multi-agent/refs/channels/wiki.md +66 -0
  81. package/pipeline/commands/multi-agent/refs/component-dispatch.md +92 -0
  82. package/pipeline/commands/multi-agent/refs/cross-cli-contract.md +326 -0
  83. package/pipeline/commands/multi-agent/refs/frontend-guide.md +136 -0
  84. package/pipeline/commands/multi-agent/refs/issue-jira-triad.md +104 -0
  85. package/pipeline/commands/multi-agent/refs/keychain.md +80 -0
  86. package/pipeline/commands/multi-agent/refs/knowledge.md +112 -0
  87. package/pipeline/commands/multi-agent/refs/multi-repo-integration-build.md +207 -0
  88. package/pipeline/commands/multi-agent/refs/phases/log-format.md +89 -0
  89. package/pipeline/commands/multi-agent/refs/phases/modes.md +156 -0
  90. package/pipeline/commands/multi-agent/refs/phases/operations.md +91 -0
  91. package/pipeline/commands/multi-agent/refs/phases/phase-0-init.md +481 -0
  92. package/pipeline/commands/multi-agent/refs/phases/phase-1-analysis.md +264 -0
  93. package/pipeline/commands/multi-agent/refs/phases/phase-2-planning.md +278 -0
  94. package/pipeline/commands/multi-agent/refs/phases/phase-3-dev.md +364 -0
  95. package/pipeline/commands/multi-agent/refs/phases/phase-4-review.md +378 -0
  96. package/pipeline/commands/multi-agent/refs/phases/phase-5-test.md +129 -0
  97. package/pipeline/commands/multi-agent/refs/phases/phase-6-commit.md +339 -0
  98. package/pipeline/commands/multi-agent/refs/phases/phase-7-report.md +361 -0
  99. package/pipeline/commands/multi-agent/refs/phases.md +187 -0
  100. package/pipeline/commands/multi-agent/refs/progress-contract.md +155 -0
  101. package/pipeline/commands/multi-agent/refs/rules.md +189 -0
  102. package/pipeline/commands/multi-agent/refs/swiftui-guide.md +254 -0
  103. package/pipeline/commands/multi-agent/refs/tracker-contract.md +256 -0
  104. package/pipeline/commands/multi-agent/refs/wiki-capture.md +109 -0
  105. package/pipeline/commands/multi-agent/resume.md +28 -0
  106. package/pipeline/commands/multi-agent/review.md +228 -0
  107. package/pipeline/commands/multi-agent/scan.md +74 -0
  108. package/pipeline/commands/multi-agent/search.md +97 -0
  109. package/pipeline/commands/multi-agent/setup.md +767 -0
  110. package/pipeline/commands/multi-agent/stack.md +48 -0
  111. package/pipeline/commands/multi-agent/status.md +38 -0
  112. package/pipeline/commands/multi-agent/sync.md +319 -0
  113. package/pipeline/commands/multi-agent/test.md +39 -0
  114. package/pipeline/commands/multi-agent/update.md +88 -0
  115. package/pipeline/commands/multi-agent.md +293 -0
  116. package/pipeline/commands/security-review.md +6 -0
  117. package/pipeline/commands/sim-test.md +256 -0
  118. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-1-analysis.json +25 -0
  119. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-2-plan.json +30 -0
  120. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-review.json +20 -0
  121. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-triage.json +15 -0
  122. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/metadata.json +14 -0
  123. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/task.json +12 -0
  124. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-1-analysis.json +29 -0
  125. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-2-plan.json +43 -0
  126. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-review.json +35 -0
  127. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-triage.json +35 -0
  128. package/pipeline/eval/golden-tasks/02-android-feature-compose/metadata.json +14 -0
  129. package/pipeline/eval/golden-tasks/02-android-feature-compose/task.json +12 -0
  130. package/pipeline/eval/golden-tasks/README.md +65 -0
  131. package/pipeline/eval/triage/01-empty-findings/expected.json +6 -0
  132. package/pipeline/eval/triage/01-empty-findings/input.json +5 -0
  133. package/pipeline/eval/triage/01-empty-findings/notes.md +7 -0
  134. package/pipeline/eval/triage/02-real-blocker/expected.json +15 -0
  135. package/pipeline/eval/triage/02-real-blocker/input.json +14 -0
  136. package/pipeline/eval/triage/02-real-blocker/notes.md +7 -0
  137. package/pipeline/eval/triage/03-out-of-scope-defer/expected.json +18 -0
  138. package/pipeline/eval/triage/03-out-of-scope-defer/input.json +14 -0
  139. package/pipeline/eval/triage/03-out-of-scope-defer/notes.md +10 -0
  140. package/pipeline/eval/triage/04-false-positive-reject/expected.json +18 -0
  141. package/pipeline/eval/triage/04-false-positive-reject/input.json +14 -0
  142. package/pipeline/eval/triage/04-false-positive-reject/notes.md +10 -0
  143. package/pipeline/eval/triage/05-mixed-classification/expected.json +43 -0
  144. package/pipeline/eval/triage/05-mixed-classification/input.json +38 -0
  145. package/pipeline/eval/triage/05-mixed-classification/notes.md +17 -0
  146. package/pipeline/eval/triage/06-severity-mismatch/expected.json +15 -0
  147. package/pipeline/eval/triage/06-severity-mismatch/input.json +14 -0
  148. package/pipeline/eval/triage/06-severity-mismatch/notes.md +9 -0
  149. package/pipeline/eval/triage/07-duplicate-reviewers/expected.json +27 -0
  150. package/pipeline/eval/triage/07-duplicate-reviewers/input.json +22 -0
  151. package/pipeline/eval/triage/07-duplicate-reviewers/notes.md +9 -0
  152. package/pipeline/eval/triage/08-style-misclassified/expected.json +18 -0
  153. package/pipeline/eval/triage/08-style-misclassified/input.json +14 -0
  154. package/pipeline/eval/triage/08-style-misclassified/notes.md +9 -0
  155. package/pipeline/eval/triage/09-cascading-finding/expected.json +23 -0
  156. package/pipeline/eval/triage/09-cascading-finding/input.json +22 -0
  157. package/pipeline/eval/triage/09-cascading-finding/notes.md +9 -0
  158. package/pipeline/eval/triage/10-deferred-crossref/expected.json +18 -0
  159. package/pipeline/eval/triage/10-deferred-crossref/input.json +14 -0
  160. package/pipeline/eval/triage/10-deferred-crossref/notes.md +9 -0
  161. package/pipeline/eval/triage/11-vercel-token-leak-blocker/expected.json +27 -0
  162. package/pipeline/eval/triage/11-vercel-token-leak-blocker/input.json +22 -0
  163. package/pipeline/eval/triage/11-vercel-token-leak-blocker/notes.md +14 -0
  164. package/pipeline/eval/triage/README.md +54 -0
  165. package/pipeline/lib/account-resolver.sh +204 -0
  166. package/pipeline/lib/channels-multi-repo.sh +218 -0
  167. package/pipeline/lib/context-link-extractor.sh +192 -0
  168. package/pipeline/lib/credential-store-resolver.sh +57 -0
  169. package/pipeline/lib/credential-store.sh +226 -0
  170. package/pipeline/lib/fetch-confluence.sh +358 -0
  171. package/pipeline/lib/fetch-crashlytics.sh +314 -0
  172. package/pipeline/lib/fetch-fortify.sh +321 -0
  173. package/pipeline/lib/fetch-swagger.sh +270 -0
  174. package/pipeline/lib/issue-fetcher.sh +333 -0
  175. package/pipeline/lib/multi-repo-pipeline.sh +252 -0
  176. package/pipeline/lib/plan-todos.sh +284 -0
  177. package/pipeline/lib/post-pr-review.sh +374 -0
  178. package/pipeline/lib/repo-cache.sh +231 -0
  179. package/pipeline/lib/review-watch.sh +244 -0
  180. package/pipeline/lib/shadow-git.sh +222 -0
  181. package/pipeline/lib/submodule-detector.sh +177 -0
  182. package/pipeline/lib/vercel-deploy.sh +170 -0
  183. package/pipeline/preferences-template.json +132 -0
  184. package/pipeline/rules/app-store-guidelines.md +59 -0
  185. package/pipeline/rules/code-review.md +27 -0
  186. package/pipeline/rules/code-style.md +37 -0
  187. package/pipeline/rules/debugging.md +24 -0
  188. package/pipeline/rules/figma-pipeline.md +190 -0
  189. package/pipeline/rules/git-conventions.md +29 -0
  190. package/pipeline/rules/kotlin-android.md +92 -0
  191. package/pipeline/rules/performance.md +23 -0
  192. package/pipeline/rules/security.md +39 -0
  193. package/pipeline/rules/swiftui-qa.md +32 -0
  194. package/pipeline/rules/tdd.md +25 -0
  195. package/pipeline/rules/testing.md +37 -0
  196. package/pipeline/schemas/agent-state.schema.json +273 -0
  197. package/pipeline/schemas/analysis-output.schema.json +59 -0
  198. package/pipeline/schemas/clarify-output.schema.json +74 -0
  199. package/pipeline/schemas/dev-critic-output.schema.json +104 -0
  200. package/pipeline/schemas/diff-risk.schema.json +78 -0
  201. package/pipeline/schemas/figma-project-config.schema.json +372 -0
  202. package/pipeline/schemas/migrations/README.md +73 -0
  203. package/pipeline/schemas/migrations/figma-config-1.0.0-to-2.0.0.mjs +112 -0
  204. package/pipeline/schemas/migrations/prefs-2.0.0-to-2.1.0.mjs +75 -0
  205. package/pipeline/schemas/migrations/prefs-2.1.0-to-2.2.0.mjs +64 -0
  206. package/pipeline/schemas/migrations/prefs-2.2.0-to-2.3.0.mjs +36 -0
  207. package/pipeline/schemas/migrations/state-2.0.0-to-2.1.0.mjs +34 -0
  208. package/pipeline/schemas/plan-todos.schema.json +62 -0
  209. package/pipeline/schemas/planning-output.schema.json +57 -0
  210. package/pipeline/schemas/prefs.schema.json +1137 -0
  211. package/pipeline/schemas/reviewer-output.schema.json +55 -0
  212. package/pipeline/schemas/test-gap.schema.json +64 -0
  213. package/pipeline/schemas/token-budget.json +17 -0
  214. package/pipeline/schemas/triage-corpus.schema.json +31 -0
  215. package/pipeline/schemas/triage-output.schema.json +115 -0
  216. package/pipeline/scripts/.last-figma-sync-plan.json +23 -0
  217. package/pipeline/scripts/README-figma-smokes.md +34 -0
  218. package/pipeline/scripts/README.md +104 -0
  219. package/pipeline/scripts/aggregate-metrics.mjs +310 -0
  220. package/pipeline/scripts/audit-log-rotate.sh +61 -0
  221. package/pipeline/scripts/audit-log.sh +69 -0
  222. package/pipeline/scripts/benchmark-phase-0.sh +128 -0
  223. package/pipeline/scripts/build-skills-index.mjs +139 -0
  224. package/pipeline/scripts/classify-plan-safety.mjs +177 -0
  225. package/pipeline/scripts/cost-table.json +27 -0
  226. package/pipeline/scripts/diff-explain.mjs +276 -0
  227. package/pipeline/scripts/diff-risk-score.mjs +328 -0
  228. package/pipeline/scripts/eval-golden-tasks-live.mjs +294 -0
  229. package/pipeline/scripts/eval-golden-tasks.mjs +223 -0
  230. package/pipeline/scripts/eval-triage.mjs +171 -0
  231. package/pipeline/scripts/figma-placeholder-map.json +191 -0
  232. package/pipeline/scripts/fixtures/diff-risk-android.diff +40 -0
  233. package/pipeline/scripts/fixtures/diff-risk-ios.diff +48 -0
  234. package/pipeline/scripts/fixtures/install-layout.tsv +16 -0
  235. package/pipeline/scripts/fixtures/test-gap-node.diff +30 -0
  236. package/pipeline/scripts/fixtures/test-gap-python.diff +32 -0
  237. package/pipeline/scripts/gen-mode-dispatch.mjs +170 -0
  238. package/pipeline/scripts/gen-skills-index.mjs +90 -0
  239. package/pipeline/scripts/github-ssh-setup.sh +103 -0
  240. package/pipeline/scripts/import-figma-skills.sh +253 -0
  241. package/pipeline/scripts/keychain-save.sh +74 -0
  242. package/pipeline/scripts/keychain.py +294 -0
  243. package/pipeline/scripts/log-metric.sh +98 -0
  244. package/pipeline/scripts/match-skills.mjs +167 -0
  245. package/pipeline/scripts/memory-load.sh +46 -0
  246. package/pipeline/scripts/memory-save.sh +76 -0
  247. package/pipeline/scripts/migrate-prefs.mjs +390 -0
  248. package/pipeline/scripts/migrate-state.mjs +215 -0
  249. package/pipeline/scripts/output-quality-check.sh +125 -0
  250. package/pipeline/scripts/phase-banner.sh +158 -0
  251. package/pipeline/scripts/phase-tracker.sh +548 -0
  252. package/pipeline/scripts/pre-commit-check.sh +69 -0
  253. package/pipeline/scripts/pre-push-check.sh +77 -0
  254. package/pipeline/scripts/render-agent-log-cost.sh +149 -0
  255. package/pipeline/scripts/render-cost-summary.sh +137 -0
  256. package/pipeline/scripts/render-work-summary.sh +195 -0
  257. package/pipeline/scripts/repo-map.mjs +367 -0
  258. package/pipeline/scripts/run-aggregator.mjs +298 -0
  259. package/pipeline/scripts/scan-skills.sh +332 -0
  260. package/pipeline/scripts/search-logs.sh +291 -0
  261. package/pipeline/scripts/sign-skills.sh +67 -0
  262. package/pipeline/scripts/smoke-adapters.sh +207 -0
  263. package/pipeline/scripts/smoke-add-detail.sh +137 -0
  264. package/pipeline/scripts/smoke-agent-log-cost.sh +183 -0
  265. package/pipeline/scripts/smoke-agent-model-routing.sh +87 -0
  266. package/pipeline/scripts/smoke-bitbucket-contract.sh +223 -0
  267. package/pipeline/scripts/smoke-channels-flow.sh +130 -0
  268. package/pipeline/scripts/smoke-ci-workflows.sh +88 -0
  269. package/pipeline/scripts/smoke-clarify.sh +148 -0
  270. package/pipeline/scripts/smoke-commands-skills-parity.sh +87 -0
  271. package/pipeline/scripts/smoke-compliance-skills.sh +119 -0
  272. package/pipeline/scripts/smoke-cost-summary.sh +139 -0
  273. package/pipeline/scripts/smoke-cross-cli-behavior.sh +198 -0
  274. package/pipeline/scripts/smoke-cross-phase-cohesion.sh +128 -0
  275. package/pipeline/scripts/smoke-delete-flow.sh +151 -0
  276. package/pipeline/scripts/smoke-dev-critic.sh +144 -0
  277. package/pipeline/scripts/smoke-diff-explain.sh +128 -0
  278. package/pipeline/scripts/smoke-diff-risk.sh +161 -0
  279. package/pipeline/scripts/smoke-dynamic-skill-loading.sh +160 -0
  280. package/pipeline/scripts/smoke-eval-live.sh +136 -0
  281. package/pipeline/scripts/smoke-existing-discovery-gate.sh +71 -0
  282. package/pipeline/scripts/smoke-figma-android-parity.sh +148 -0
  283. package/pipeline/scripts/smoke-figma-config-schema.sh +144 -0
  284. package/pipeline/scripts/smoke-figma-credential-store.sh +105 -0
  285. package/pipeline/scripts/smoke-figma-cross-cli-inventory.sh +177 -0
  286. package/pipeline/scripts/smoke-figma-dispatch.sh +123 -0
  287. package/pipeline/scripts/smoke-figma-skill-import.sh +174 -0
  288. package/pipeline/scripts/smoke-figma-sync.sh +149 -0
  289. package/pipeline/scripts/smoke-identity-isolation.sh +70 -0
  290. package/pipeline/scripts/smoke-install-layout.sh +241 -0
  291. package/pipeline/scripts/smoke-install-leak-gate.sh +125 -0
  292. package/pipeline/scripts/smoke-issue-comment-template.sh +86 -0
  293. package/pipeline/scripts/smoke-issue-jira-triad.sh +120 -0
  294. package/pipeline/scripts/smoke-keychain.sh +158 -0
  295. package/pipeline/scripts/smoke-language-axis.sh +109 -0
  296. package/pipeline/scripts/smoke-lib-scripts.sh +395 -0
  297. package/pipeline/scripts/smoke-migrate-state.sh +102 -0
  298. package/pipeline/scripts/smoke-mode-dispatch-drift.sh +158 -0
  299. package/pipeline/scripts/smoke-multi-repo-integration.sh +116 -0
  300. package/pipeline/scripts/smoke-multi-repo-worktree.sh +61 -0
  301. package/pipeline/scripts/smoke-no-token-prompt.sh +69 -0
  302. package/pipeline/scripts/smoke-pat-audit.sh +107 -0
  303. package/pipeline/scripts/smoke-per-repo-memory.sh +156 -0
  304. package/pipeline/scripts/smoke-personal-data.sh +82 -0
  305. package/pipeline/scripts/smoke-phase-0-multi-repo.sh +170 -0
  306. package/pipeline/scripts/smoke-phase-6-multi.sh +79 -0
  307. package/pipeline/scripts/smoke-phase-banner.sh +101 -0
  308. package/pipeline/scripts/smoke-phase-tracker.sh +255 -0
  309. package/pipeline/scripts/smoke-phase0-bridge-contract.sh +241 -0
  310. package/pipeline/scripts/smoke-phase4-triage.sh +142 -0
  311. package/pipeline/scripts/smoke-plan-approval-gate.sh +71 -0
  312. package/pipeline/scripts/smoke-plan-safety.sh +139 -0
  313. package/pipeline/scripts/smoke-plan-todos.sh +193 -0
  314. package/pipeline/scripts/smoke-pr-review-actions.sh +152 -0
  315. package/pipeline/scripts/smoke-pre-commit.sh +138 -0
  316. package/pipeline/scripts/smoke-pref-migration.sh +224 -0
  317. package/pipeline/scripts/smoke-prefs-language.sh +134 -0
  318. package/pipeline/scripts/smoke-progress-contract.sh +118 -0
  319. package/pipeline/scripts/smoke-push-retry.sh +75 -0
  320. package/pipeline/scripts/smoke-readme-counts.sh +120 -0
  321. package/pipeline/scripts/smoke-repo-map.sh +300 -0
  322. package/pipeline/scripts/smoke-review-watch.sh +134 -0
  323. package/pipeline/scripts/smoke-run-aggregator.sh +216 -0
  324. package/pipeline/scripts/smoke-schema-validation.sh +173 -0
  325. package/pipeline/scripts/smoke-search.sh +187 -0
  326. package/pipeline/scripts/smoke-shadow-git.sh +175 -0
  327. package/pipeline/scripts/smoke-skill-authoring.sh +142 -0
  328. package/pipeline/scripts/smoke-skill-language.sh +83 -0
  329. package/pipeline/scripts/smoke-skill-manifest.sh +138 -0
  330. package/pipeline/scripts/smoke-skill-scan.sh +198 -0
  331. package/pipeline/scripts/smoke-stack-swap.sh +132 -0
  332. package/pipeline/scripts/smoke-subagent-validators.sh +105 -0
  333. package/pipeline/scripts/smoke-sync-delegation.sh +74 -0
  334. package/pipeline/scripts/smoke-sync-parity.sh +92 -0
  335. package/pipeline/scripts/smoke-tasklist-ordering.sh +111 -0
  336. package/pipeline/scripts/smoke-telemetry.sh +147 -0
  337. package/pipeline/scripts/smoke-test-gap.sh +183 -0
  338. package/pipeline/scripts/smoke-token-budget.sh +67 -0
  339. package/pipeline/scripts/smoke-tracker-contract.sh +129 -0
  340. package/pipeline/scripts/smoke-tracker-tokens-invocation.sh +65 -0
  341. package/pipeline/scripts/smoke-triage-memory.sh +174 -0
  342. package/pipeline/scripts/smoke-url-enrichment.sh +70 -0
  343. package/pipeline/scripts/smoke-validator-contradiction.sh +67 -0
  344. package/pipeline/scripts/smoke-vercel-deploy-redact.sh +129 -0
  345. package/pipeline/scripts/smoke-wiki-integration.sh +146 -0
  346. package/pipeline/scripts/smoke-work-summary.sh +163 -0
  347. package/pipeline/scripts/smoke-worktree-path-convention.sh +86 -0
  348. package/pipeline/scripts/smoke-write-state.sh +115 -0
  349. package/pipeline/scripts/stack-swap.sh +182 -0
  350. package/pipeline/scripts/sync-figma-source.sh +228 -0
  351. package/pipeline/scripts/sync-parity-check.sh +135 -0
  352. package/pipeline/scripts/test-gap-rules/android.json +25 -0
  353. package/pipeline/scripts/test-gap-rules/ios.json +29 -0
  354. package/pipeline/scripts/test-gap-rules/node.json +17 -0
  355. package/pipeline/scripts/test-gap-rules/python.json +19 -0
  356. package/pipeline/scripts/test-gap-scan.mjs +343 -0
  357. package/pipeline/scripts/token-budget-report.mjs +145 -0
  358. package/pipeline/scripts/triage-memory.mjs +258 -0
  359. package/pipeline/scripts/ui-tree-dumper.swift +122 -0
  360. package/pipeline/scripts/uninstall.mjs +331 -0
  361. package/pipeline/scripts/update-issue-progress.sh +146 -0
  362. package/pipeline/scripts/validate-analysis.mjs +132 -0
  363. package/pipeline/scripts/validate-diff-risk.mjs +117 -0
  364. package/pipeline/scripts/validate-planning.mjs +180 -0
  365. package/pipeline/scripts/validate-reviewer.mjs +131 -0
  366. package/pipeline/scripts/validate-schemas.mjs +88 -0
  367. package/pipeline/scripts/validate-test-gap.mjs +90 -0
  368. package/pipeline/scripts/validate-triage.mjs +175 -0
  369. package/pipeline/scripts/verify-skills.sh +126 -0
  370. package/pipeline/scripts/write-state.mjs +175 -0
  371. package/pipeline/skills/.skill-manifest.json +779 -0
  372. package/pipeline/skills/.skills-index.json +1771 -0
  373. package/pipeline/skills/figma-android/README.md +36 -0
  374. package/pipeline/skills/figma-android/figma-component-code-connect/SKILL.md +62 -0
  375. package/pipeline/skills/figma-android/figma-component-implement/SKILL.md +158 -0
  376. package/pipeline/skills/figma-android/figma-component-test/SKILL.md +120 -0
  377. package/pipeline/skills/figma-android/figma-component-wiki/SKILL.md +35 -0
  378. package/pipeline/skills/figma-android/figma-to-component/SKILL.md +124 -0
  379. package/pipeline/skills/figma-common/README.md +57 -0
  380. package/pipeline/skills/figma-common/figma-cli-iterate/SKILL.md +277 -0
  381. package/pipeline/skills/figma-common/figma-cli-iterate-mend/SKILL.md +498 -0
  382. package/pipeline/skills/figma-common/figma-cli-lean-iterate/SKILL.md +283 -0
  383. package/pipeline/skills/figma-common/figma-cli-skip/SKILL.md +362 -0
  384. package/pipeline/skills/figma-common/figma-commit/COMMON_REBASE.md +206 -0
  385. package/pipeline/skills/figma-common/figma-commit/REVIEW.md +337 -0
  386. package/pipeline/skills/figma-common/figma-commit/SKILL.md +211 -0
  387. package/pipeline/skills/figma-common/figma-component-confluence-sync/SKILL.md +218 -0
  388. package/pipeline/skills/figma-common/figma-component-start/SKILL.md +246 -0
  389. package/pipeline/skills/figma-common/figma-component-status-update/SKILL.md +73 -0
  390. package/pipeline/skills/figma-common/figma-fix/SKILL.md +316 -0
  391. package/pipeline/skills/figma-common/figma-form-integration/SKILL.md +542 -0
  392. package/pipeline/skills/figma-common/figma-issue/SKILL.md +745 -0
  393. package/pipeline/skills/figma-common/figma-iterate/SKILL.md +203 -0
  394. package/pipeline/skills/figma-common/figma-iteration-commit/SKILL.md +1015 -0
  395. package/pipeline/skills/figma-common/figma-mend/SKILL.md +331 -0
  396. package/pipeline/skills/figma-common/figma-price-integration/SKILL.md +398 -0
  397. package/pipeline/skills/figma-common/figma-remote-mcp-auth/SKILL.md +104 -0
  398. package/pipeline/skills/figma-common/figma-review/SKILL.md +395 -0
  399. package/pipeline/skills/figma-common/figma-setup/SKILL.md +514 -0
  400. package/pipeline/skills/figma-common/figma-setup/scripts/fetch-mcp-token.py +592 -0
  401. package/pipeline/skills/figma-common/figma-skip/SKILL.md +129 -0
  402. package/pipeline/skills/figma-common/figma-ui-patterns/SKILL.md +104 -0
  403. package/pipeline/skills/figma-common/figma-utility/SKILL.md +274 -0
  404. package/pipeline/skills/figma-common/figma-utility/scripts/figma-utility.py +808 -0
  405. package/pipeline/skills/figma-common/figma-validate/SKILL.md +633 -0
  406. package/pipeline/skills/figma-common/performance-iteration-commit-all/SKILL.md +711 -0
  407. package/pipeline/skills/figma-common/performance-review-next/SKILL.md +233 -0
  408. package/pipeline/skills/figma-common/performance-start/SKILL.md +425 -0
  409. package/pipeline/skills/figma-common/performance-swiftui/SKILL.md +706 -0
  410. package/pipeline/skills/figma-common/performance-tour/SKILL.md +418 -0
  411. package/pipeline/skills/figma-ios/REVIEW_CHECKLIST.md +67 -0
  412. package/pipeline/skills/figma-ios/figma-component-code-connect/SKILL.md +178 -0
  413. package/pipeline/skills/figma-ios/figma-component-implement/SKILL.md +184 -0
  414. package/pipeline/skills/figma-ios/figma-component-test/SKILL.md +219 -0
  415. package/pipeline/skills/figma-ios/figma-component-wiki/SKILL.md +274 -0
  416. package/pipeline/skills/figma-ios/figma-to-component/SKILL.md +401 -0
  417. package/pipeline/skills/figma-ios/figma-to-component/halt-return-protocol.md +57 -0
  418. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-0-init.md +307 -0
  419. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1-gathering.md +119 -0
  420. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1.5-existing-discovery.md +174 -0
  421. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2-orchestrator.md +333 -0
  422. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2a-testing-identifiers.md +368 -0
  423. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2b-localization.md +393 -0
  424. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2c-accessibility.md +617 -0
  425. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2d-analytics.md +352 -0
  426. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3-orchestrator.md +337 -0
  427. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3a-location.md +206 -0
  428. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3b-tokens.md +235 -0
  429. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3c-nested.md +214 -0
  430. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3d-patterns.md +871 -0
  431. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3e-assets.md +156 -0
  432. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3f-utilities.md +175 -0
  433. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3g-property-coverage.md +176 -0
  434. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3h-variant-config.md +333 -0
  435. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4-orchestrator.md +412 -0
  436. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4a-configuration.md +336 -0
  437. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4b-view.md +695 -0
  438. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4c-documentation.md +332 -0
  439. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4d-preview.md +380 -0
  440. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4e-modifiers.md +262 -0
  441. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5-orchestrator.md +482 -0
  442. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5a-viewinspector.md +274 -0
  443. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5b-snapshot.md +636 -0
  444. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5c-unit.md +142 -0
  445. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-6-code-connect.md +547 -0
  446. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7-wiki.md +39 -0
  447. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-confluence-generate.md +659 -0
  448. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-wiki-generate.md +580 -0
  449. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-8-cleanup.md +51 -0
  450. package/pipeline/skills/figma-ios/figma-to-component/reference/accessibility.md +129 -0
  451. package/pipeline/skills/figma-ios/figma-to-component/reference/analytics-events.md +64 -0
  452. package/pipeline/skills/figma-ios/figma-to-component/reference/code-connect.md +531 -0
  453. package/pipeline/skills/figma-ios/figma-to-component/reference/confluence-api.md +89 -0
  454. package/pipeline/skills/figma-ios/figma-to-component/reference/confluence-xhtml.md +155 -0
  455. package/pipeline/skills/figma-ios/figma-to-component/reference/figma-to-swiftui-effects.md +196 -0
  456. package/pipeline/skills/figma-ios/figma-to-component/reference/halt-return-protocol.md +57 -0
  457. package/pipeline/skills/figma-ios/figma-to-component/reference/localization-naming.md +89 -0
  458. package/pipeline/skills/figma-ios/figma-to-component/reference/macros.md +227 -0
  459. package/pipeline/skills/figma-ios/figma-to-component/reference/missing-tokens.md +157 -0
  460. package/pipeline/skills/figma-ios/figma-to-component/reference/orchestrator-discipline.md +90 -0
  461. package/pipeline/skills/figma-ios/figma-to-component/reference/registry.md +116 -0
  462. package/pipeline/skills/figma-ios/figma-to-component/reference/remote-mcp-script.md +153 -0
  463. package/pipeline/skills/figma-ios/figma-to-component/reference/rest-api-script.md +130 -0
  464. package/pipeline/skills/figma-ios/figma-to-component/reference/scripts-inventory.md +218 -0
  465. package/pipeline/skills/figma-ios/figma-to-component/reference/snapshot-testing.md +188 -0
  466. package/pipeline/skills/figma-ios/figma-to-component/reference/subcomponent-graph.md +93 -0
  467. package/pipeline/skills/figma-ios/figma-to-component/reference/testing-identifiers-naming.md +98 -0
  468. package/pipeline/skills/figma-ios/figma-to-component/reference/tools.md +261 -0
  469. package/pipeline/skills/figma-ios/figma-to-component/reference/viewinspector.md +147 -0
  470. package/pipeline/skills/figma-ios/figma-to-component/reference/wiki-to-confluence-mapping.md +182 -0
  471. package/pipeline/skills/figma-ios/figma-to-component/scripts/apply-author-login-map.py +185 -0
  472. package/pipeline/skills/figma-ios/figma-to-component/scripts/backfill-status.py +609 -0
  473. package/pipeline/skills/figma-ios/figma-to-component/scripts/build-author-registry.py +332 -0
  474. package/pipeline/skills/figma-ios/figma-to-component/scripts/bulk-sync-issues.py +261 -0
  475. package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-data-gather.py +184 -0
  476. package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-publish.sh +188 -0
  477. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status-upload.py +768 -0
  478. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status.py +191 -0
  479. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-data-gather.py +420 -0
  480. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-page-ids.json +94 -0
  481. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-publish.py +336 -0
  482. package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-subcomponent-graph.py +391 -0
  483. package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-update.py +292 -0
  484. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/__init__.py +1 -0
  485. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/issue_sync_propagate.py +93 -0
  486. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/registry_writer.py +299 -0
  487. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_backfill_status.py +343 -0
  488. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_figma_update.py +206 -0
  489. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_figma_update_http.py +149 -0
  490. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_phase_clis.py +281 -0
  491. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_registry_writer.py +332 -0
  492. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_skill_figma_issue.py +176 -0
  493. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_skill_figma_review.py +98 -0
  494. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_update_issue.py +298 -0
  495. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_update_issue_gh.py +195 -0
  496. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase1-gather.py +1298 -0
  497. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase2-finalize.py +228 -0
  498. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase3-scripts.py +1089 -0
  499. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase4-finalize.py +141 -0
  500. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase5-finalize.py +106 -0
  501. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase6-finalize.py +162 -0
  502. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase7-finalize.py +105 -0
  503. package/pipeline/skills/figma-ios/figma-to-component/scripts/register-icons-codeconnect.py +179 -0
  504. package/pipeline/skills/figma-ios/figma-to-component/scripts/remote-mcp-fetch.py +260 -0
  505. package/pipeline/skills/figma-ios/figma-to-component/scripts/resolve-author-logins.py +260 -0
  506. package/pipeline/skills/figma-ios/figma-to-component/scripts/run-uicomponents-tests.sh +86 -0
  507. package/pipeline/skills/figma-ios/figma-to-component/scripts/sidebar-generator.py +321 -0
  508. package/pipeline/skills/figma-ios/figma-to-component/scripts/update-issue-from-registry.py +1470 -0
  509. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase4.sh +176 -0
  510. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase6.sh +147 -0
  511. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase7a.py +629 -0
  512. package/pipeline/skills/shared/README.md +212 -0
  513. package/pipeline/skills/shared/core/apple-archive-compliance/SKILL.md +315 -0
  514. package/pipeline/skills/shared/core/google-play-compliance/SKILL.md +348 -0
  515. package/pipeline/skills/shared/core/multi-agent/SKILL.md +944 -0
  516. package/pipeline/skills/shared/core/multi-agent-autopilot/SKILL.md +51 -0
  517. package/pipeline/skills/shared/core/multi-agent-channels/SKILL.md +300 -0
  518. package/pipeline/skills/shared/core/multi-agent-delete/SKILL.md +63 -0
  519. package/pipeline/skills/shared/core/multi-agent-dev/SKILL.md +64 -0
  520. package/pipeline/skills/shared/core/multi-agent-dev-autopilot/SKILL.md +56 -0
  521. package/pipeline/skills/shared/core/multi-agent-dev-local/SKILL.md +36 -0
  522. package/pipeline/skills/shared/core/multi-agent-dev-local-autopilot/SKILL.md +42 -0
  523. package/pipeline/skills/shared/core/multi-agent-diff-explain/SKILL.md +66 -0
  524. package/pipeline/skills/shared/core/multi-agent-help/SKILL.md +292 -0
  525. package/pipeline/skills/shared/core/multi-agent-issue/SKILL.md +35 -0
  526. package/pipeline/skills/shared/core/multi-agent-jira/SKILL.md +38 -0
  527. package/pipeline/skills/shared/core/multi-agent-kill/SKILL.md +41 -0
  528. package/pipeline/skills/shared/core/multi-agent-language/SKILL.md +87 -0
  529. package/pipeline/skills/shared/core/multi-agent-local/SKILL.md +37 -0
  530. package/pipeline/skills/shared/core/multi-agent-local-autopilot/SKILL.md +53 -0
  531. package/pipeline/skills/shared/core/multi-agent-log/SKILL.md +28 -0
  532. package/pipeline/skills/shared/core/multi-agent-manual-test/SKILL.md +47 -0
  533. package/pipeline/skills/shared/core/multi-agent-purge/SKILL.md +42 -0
  534. package/pipeline/skills/shared/core/multi-agent-refactor/SKILL.md +191 -0
  535. package/pipeline/skills/shared/core/multi-agent-resume/SKILL.md +31 -0
  536. package/pipeline/skills/shared/core/multi-agent-review/SKILL.md +61 -0
  537. package/pipeline/skills/shared/core/multi-agent-scan/SKILL.md +61 -0
  538. package/pipeline/skills/shared/core/multi-agent-search/SKILL.md +62 -0
  539. package/pipeline/skills/shared/core/multi-agent-setup/SKILL.md +309 -0
  540. package/pipeline/skills/shared/core/multi-agent-stack/SKILL.md +55 -0
  541. package/pipeline/skills/shared/core/multi-agent-status/SKILL.md +41 -0
  542. package/pipeline/skills/shared/core/multi-agent-sync/SKILL.md +184 -0
  543. package/pipeline/skills/shared/core/multi-agent-test/SKILL.md +44 -0
  544. package/pipeline/skills/shared/core/multi-agent-update/SKILL.md +34 -0
  545. package/pipeline/skills/shared/external/accessibility-compliance-accessibility-audit/SKILL.md +45 -0
  546. package/pipeline/skills/shared/external/agentflow/SKILL.md +199 -0
  547. package/pipeline/skills/shared/external/alarmkit/SKILL.md +438 -0
  548. package/pipeline/skills/shared/external/alarmkit/references/alarmkit-patterns.md +584 -0
  549. package/pipeline/skills/shared/external/android-architecture/SKILL.md +407 -0
  550. package/pipeline/skills/shared/external/android-jetpack-compose-expert/SKILL.md +153 -0
  551. package/pipeline/skills/shared/external/android-performance/SKILL.md +736 -0
  552. package/pipeline/skills/shared/external/android-security/SKILL.md +577 -0
  553. package/pipeline/skills/shared/external/android_ui_verification/SKILL.md +66 -0
  554. package/pipeline/skills/shared/external/api-patterns/SKILL.md +85 -0
  555. package/pipeline/skills/shared/external/api-security-best-practices/SKILL.md +910 -0
  556. package/pipeline/skills/shared/external/app-clips/SKILL.md +436 -0
  557. package/pipeline/skills/shared/external/app-intents/SKILL.md +489 -0
  558. package/pipeline/skills/shared/external/app-intents/references/appintents-advanced.md +1076 -0
  559. package/pipeline/skills/shared/external/app-store-changelog/SKILL.md +75 -0
  560. package/pipeline/skills/shared/external/app-store-optimization/SKILL.md +409 -0
  561. package/pipeline/skills/shared/external/app-store-review/SKILL.md +411 -0
  562. package/pipeline/skills/shared/external/app-store-review/references/code-signing.md +259 -0
  563. package/pipeline/skills/shared/external/app-store-review/references/privacy-manifest.md +90 -0
  564. package/pipeline/skills/shared/external/app-store-review/references/rejection-patterns.md +152 -0
  565. package/pipeline/skills/shared/external/app-store-review/references/review-checklists.md +118 -0
  566. package/pipeline/skills/shared/external/apple-on-device-ai/SKILL.md +500 -0
  567. package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-conversion.md +425 -0
  568. package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-optimization.md +344 -0
  569. package/pipeline/skills/shared/external/apple-on-device-ai/references/foundation-models.md +508 -0
  570. package/pipeline/skills/shared/external/apple-on-device-ai/references/mlx-swift.md +285 -0
  571. package/pipeline/skills/shared/external/architecture/SKILL.md +60 -0
  572. package/pipeline/skills/shared/external/authentication/SKILL.md +496 -0
  573. package/pipeline/skills/shared/external/authentication/references/keychain-biometric.md +211 -0
  574. package/pipeline/skills/shared/external/background-processing/SKILL.md +499 -0
  575. package/pipeline/skills/shared/external/background-processing/references/background-task-patterns.md +390 -0
  576. package/pipeline/skills/shared/external/callkit-voip/SKILL.md +461 -0
  577. package/pipeline/skills/shared/external/callkit-voip/references/callkit-patterns.md +425 -0
  578. package/pipeline/skills/shared/external/ci-cd-pipelines/SKILL.md +462 -0
  579. package/pipeline/skills/shared/external/clean-code/SKILL.md +94 -0
  580. package/pipeline/skills/shared/external/closed-loop-delivery/SKILL.md +116 -0
  581. package/pipeline/skills/shared/external/cloudkit-sync/SKILL.md +492 -0
  582. package/pipeline/skills/shared/external/cloudkit-sync/references/cloudkit-patterns.md +461 -0
  583. package/pipeline/skills/shared/external/compose-components/SKILL.md +441 -0
  584. package/pipeline/skills/shared/external/compose-navigation/SKILL.md +436 -0
  585. package/pipeline/skills/shared/external/compose-testing/SKILL.md +527 -0
  586. package/pipeline/skills/shared/external/contacts-framework/SKILL.md +425 -0
  587. package/pipeline/skills/shared/external/contacts-framework/references/contacts-patterns.md +409 -0
  588. package/pipeline/skills/shared/external/context-compression/SKILL.md +266 -0
  589. package/pipeline/skills/shared/external/core-bluetooth/SKILL.md +491 -0
  590. package/pipeline/skills/shared/external/core-bluetooth/references/ble-patterns.md +435 -0
  591. package/pipeline/skills/shared/external/core-motion/SKILL.md +388 -0
  592. package/pipeline/skills/shared/external/core-motion/references/motion-patterns.md +405 -0
  593. package/pipeline/skills/shared/external/core-nfc/SKILL.md +495 -0
  594. package/pipeline/skills/shared/external/core-nfc/references/nfc-patterns.md +420 -0
  595. package/pipeline/skills/shared/external/coreml/SKILL.md +458 -0
  596. package/pipeline/skills/shared/external/coreml/references/coreml-swift-integration.md +765 -0
  597. package/pipeline/skills/shared/external/css-modern/SKILL.md +467 -0
  598. package/pipeline/skills/shared/external/database-patterns/SKILL.md +335 -0
  599. package/pipeline/skills/shared/external/debugging-instruments/SKILL.md +422 -0
  600. package/pipeline/skills/shared/external/debugging-instruments/references/instruments-guide.md +387 -0
  601. package/pipeline/skills/shared/external/debugging-instruments/references/lldb-patterns.md +298 -0
  602. package/pipeline/skills/shared/external/debugging-strategies/SKILL.md +37 -0
  603. package/pipeline/skills/shared/external/device-integrity/SKILL.md +477 -0
  604. package/pipeline/skills/shared/external/docker-expert/SKILL.md +413 -0
  605. package/pipeline/skills/shared/external/energykit/SKILL.md +460 -0
  606. package/pipeline/skills/shared/external/energykit/references/energykit-patterns.md +541 -0
  607. package/pipeline/skills/shared/external/eventkit-calendar/SKILL.md +483 -0
  608. package/pipeline/skills/shared/external/eventkit-calendar/references/eventkit-patterns.md +326 -0
  609. package/pipeline/skills/shared/external/fastapi-pro/SKILL.md +190 -0
  610. package/pipeline/skills/shared/external/firebase/SKILL.md +61 -0
  611. package/pipeline/skills/shared/external/github-actions-templates/SKILL.md +348 -0
  612. package/pipeline/skills/shared/external/gradle-kotlin-dsl/SKILL.md +552 -0
  613. package/pipeline/skills/shared/external/healthkit/SKILL.md +498 -0
  614. package/pipeline/skills/shared/external/healthkit/references/healthkit-patterns.md +602 -0
  615. package/pipeline/skills/shared/external/help-skills/SKILL.md +166 -0
  616. package/pipeline/skills/shared/external/hig-components-content/SKILL.md +81 -0
  617. package/pipeline/skills/shared/external/hig-components-layout/SKILL.md +95 -0
  618. package/pipeline/skills/shared/external/hig-components-status/SKILL.md +82 -0
  619. package/pipeline/skills/shared/external/hig-components-system/SKILL.md +101 -0
  620. package/pipeline/skills/shared/external/hig-foundations/SKILL.md +94 -0
  621. package/pipeline/skills/shared/external/hig-inputs/SKILL.md +110 -0
  622. package/pipeline/skills/shared/external/hig-patterns/SKILL.md +99 -0
  623. package/pipeline/skills/shared/external/hig-platforms/SKILL.md +81 -0
  624. package/pipeline/skills/shared/external/hig-technologies/SKILL.md +125 -0
  625. package/pipeline/skills/shared/external/homekit-matter/SKILL.md +496 -0
  626. package/pipeline/skills/shared/external/homekit-matter/references/matter-commissioning.md +455 -0
  627. package/pipeline/skills/shared/external/html-semantic/SKILL.md +301 -0
  628. package/pipeline/skills/shared/external/humanizer/SKILL.md +118 -0
  629. package/pipeline/skills/shared/external/ios-accessibility/SKILL.md +301 -0
  630. package/pipeline/skills/shared/external/ios-accessibility/references/a11y-patterns.md +140 -0
  631. package/pipeline/skills/shared/external/ios-debugger-agent/SKILL.md +59 -0
  632. package/pipeline/skills/shared/external/ios-developer/SKILL.md +217 -0
  633. package/pipeline/skills/shared/external/ios-localization/SKILL.md +418 -0
  634. package/pipeline/skills/shared/external/ios-localization/references/formatstyle-locale.md +627 -0
  635. package/pipeline/skills/shared/external/ios-localization/references/string-catalogs.md +462 -0
  636. package/pipeline/skills/shared/external/ios-networking/SKILL.md +441 -0
  637. package/pipeline/skills/shared/external/ios-networking/references/background-websocket.md +862 -0
  638. package/pipeline/skills/shared/external/ios-networking/references/lightweight-clients.md +93 -0
  639. package/pipeline/skills/shared/external/ios-networking/references/network-framework.md +563 -0
  640. package/pipeline/skills/shared/external/ios-networking/references/urlsession-patterns.md +1116 -0
  641. package/pipeline/skills/shared/external/ios-security/SKILL.md +496 -0
  642. package/pipeline/skills/shared/external/ios-security/references/app-review-guidelines.md +174 -0
  643. package/pipeline/skills/shared/external/ios-security/references/cryptokit-advanced.md +297 -0
  644. package/pipeline/skills/shared/external/ios-security/references/file-storage-patterns.md +354 -0
  645. package/pipeline/skills/shared/external/ios-security/references/privacy-manifest.md +117 -0
  646. package/pipeline/skills/shared/external/kotlin-coroutines-expert/SKILL.md +101 -0
  647. package/pipeline/skills/shared/external/live-activities/SKILL.md +500 -0
  648. package/pipeline/skills/shared/external/live-activities/references/live-activity-patterns.md +868 -0
  649. package/pipeline/skills/shared/external/macos-menubar-tuist-app/SKILL.md +109 -0
  650. package/pipeline/skills/shared/external/macos-spm-app-packaging/SKILL.md +110 -0
  651. package/pipeline/skills/shared/external/mapkit-location/SKILL.md +485 -0
  652. package/pipeline/skills/shared/external/mapkit-location/references/corelocation-patterns.md +730 -0
  653. package/pipeline/skills/shared/external/mapkit-location/references/mapkit-patterns.md +748 -0
  654. package/pipeline/skills/shared/external/metrickit-diagnostics/SKILL.md +479 -0
  655. package/pipeline/skills/shared/external/monorepo-architect/SKILL.md +64 -0
  656. package/pipeline/skills/shared/external/musickit-audio/SKILL.md +395 -0
  657. package/pipeline/skills/shared/external/musickit-audio/references/musickit-patterns.md +363 -0
  658. package/pipeline/skills/shared/external/natural-language/SKILL.md +412 -0
  659. package/pipeline/skills/shared/external/natural-language/references/translation-patterns.md +311 -0
  660. package/pipeline/skills/shared/external/nextjs-app-router/SKILL.md +418 -0
  661. package/pipeline/skills/shared/external/nodejs-backend-patterns/SKILL.md +38 -0
  662. package/pipeline/skills/shared/external/observability-engineer/SKILL.md +235 -0
  663. package/pipeline/skills/shared/external/passkit-wallet/SKILL.md +398 -0
  664. package/pipeline/skills/shared/external/passkit-wallet/references/wallet-passes.md +254 -0
  665. package/pipeline/skills/shared/external/pencilkit-drawing/SKILL.md +387 -0
  666. package/pipeline/skills/shared/external/pencilkit-drawing/references/paperkit-integration.md +376 -0
  667. package/pipeline/skills/shared/external/pencilkit-drawing/references/pencilkit-patterns.md +302 -0
  668. package/pipeline/skills/shared/external/permissionkit/SKILL.md +446 -0
  669. package/pipeline/skills/shared/external/permissionkit/references/permissionkit-patterns.md +435 -0
  670. package/pipeline/skills/shared/external/photos-camera-media/SKILL.md +501 -0
  671. package/pipeline/skills/shared/external/photos-camera-media/references/av-playback.md +701 -0
  672. package/pipeline/skills/shared/external/photos-camera-media/references/camera-capture.md +774 -0
  673. package/pipeline/skills/shared/external/photos-camera-media/references/image-loading-caching.md +869 -0
  674. package/pipeline/skills/shared/external/photos-camera-media/references/photospicker-patterns.md +597 -0
  675. package/pipeline/skills/shared/external/play-store-review/SKILL.md +350 -0
  676. package/pipeline/skills/shared/external/push-notifications/SKILL.md +501 -0
  677. package/pipeline/skills/shared/external/push-notifications/references/notification-patterns.md +677 -0
  678. package/pipeline/skills/shared/external/push-notifications/references/rich-notifications.md +745 -0
  679. package/pipeline/skills/shared/external/python-patterns/SKILL.md +383 -0
  680. package/pipeline/skills/shared/external/react-best-practices/SKILL.md +290 -0
  681. package/pipeline/skills/shared/external/realitykit-ar/SKILL.md +479 -0
  682. package/pipeline/skills/shared/external/realitykit-ar/references/realitykit-patterns.md +480 -0
  683. package/pipeline/skills/shared/external/rest-api-design/SKILL.md +386 -0
  684. package/pipeline/skills/shared/external/retrofit-networking/SKILL.md +506 -0
  685. package/pipeline/skills/shared/external/room-database/SKILL.md +564 -0
  686. package/pipeline/skills/shared/external/shareplay-activities/SKILL.md +483 -0
  687. package/pipeline/skills/shared/external/shareplay-activities/references/shareplay-patterns.md +544 -0
  688. package/pipeline/skills/shared/external/speech-recognition/SKILL.md +485 -0
  689. package/pipeline/skills/shared/external/storekit/SKILL.md +478 -0
  690. package/pipeline/skills/shared/external/storekit/references/app-review-guidelines.md +58 -0
  691. package/pipeline/skills/shared/external/storekit/references/storekit-advanced.md +755 -0
  692. package/pipeline/skills/shared/external/swift-charts/SKILL.md +487 -0
  693. package/pipeline/skills/shared/external/swift-charts/references/charts-patterns.md +895 -0
  694. package/pipeline/skills/shared/external/swift-codable/SKILL.md +467 -0
  695. package/pipeline/skills/shared/external/swift-concurrency/SKILL.md +408 -0
  696. package/pipeline/skills/shared/external/swift-concurrency/references/approachable-concurrency.md +80 -0
  697. package/pipeline/skills/shared/external/swift-concurrency/references/swift-6-2-concurrency.md +233 -0
  698. package/pipeline/skills/shared/external/swift-concurrency/references/swiftui-concurrency.md +187 -0
  699. package/pipeline/skills/shared/external/swift-concurrency/references/synchronization-primitives.md +341 -0
  700. package/pipeline/skills/shared/external/swift-concurrency-expert/SKILL.md +113 -0
  701. package/pipeline/skills/shared/external/swift-concurrency-pro/SKILL.md +124 -0
  702. package/pipeline/skills/shared/external/swift-concurrency-pro/references/actors.md +155 -0
  703. package/pipeline/skills/shared/external/swift-concurrency-pro/references/async-streams.md +67 -0
  704. package/pipeline/skills/shared/external/swift-concurrency-pro/references/bridging.md +52 -0
  705. package/pipeline/skills/shared/external/swift-concurrency-pro/references/bug-patterns.md +100 -0
  706. package/pipeline/skills/shared/external/swift-concurrency-pro/references/cancellation.md +107 -0
  707. package/pipeline/skills/shared/external/swift-concurrency-pro/references/diagnostics.md +70 -0
  708. package/pipeline/skills/shared/external/swift-concurrency-pro/references/hotspots.md +47 -0
  709. package/pipeline/skills/shared/external/swift-concurrency-pro/references/interop.md +129 -0
  710. package/pipeline/skills/shared/external/swift-concurrency-pro/references/new-features.md +224 -0
  711. package/pipeline/skills/shared/external/swift-concurrency-pro/references/structured.md +101 -0
  712. package/pipeline/skills/shared/external/swift-concurrency-pro/references/testing.md +218 -0
  713. package/pipeline/skills/shared/external/swift-concurrency-pro/references/unstructured.md +61 -0
  714. package/pipeline/skills/shared/external/swift-language/SKILL.md +498 -0
  715. package/pipeline/skills/shared/external/swift-language/references/swift-patterns-extended.md +505 -0
  716. package/pipeline/skills/shared/external/swift-testing/SKILL.md +462 -0
  717. package/pipeline/skills/shared/external/swift-testing/references/testing-patterns.md +504 -0
  718. package/pipeline/skills/shared/external/swift-testing-pro/SKILL.md +97 -0
  719. package/pipeline/skills/shared/external/swift-testing-pro/references/async-tests.md +252 -0
  720. package/pipeline/skills/shared/external/swift-testing-pro/references/core-rules.md +52 -0
  721. package/pipeline/skills/shared/external/swift-testing-pro/references/migrating-from-xctest.md +34 -0
  722. package/pipeline/skills/shared/external/swift-testing-pro/references/new-features.md +318 -0
  723. package/pipeline/skills/shared/external/swift-testing-pro/references/writing-better-tests.md +254 -0
  724. package/pipeline/skills/shared/external/swiftdata/SKILL.md +334 -0
  725. package/pipeline/skills/shared/external/swiftdata/references/core-data-coexistence.md +504 -0
  726. package/pipeline/skills/shared/external/swiftdata/references/swiftdata-advanced.md +975 -0
  727. package/pipeline/skills/shared/external/swiftdata/references/swiftdata-queries.md +675 -0
  728. package/pipeline/skills/shared/external/swiftdata-pro/SKILL.md +102 -0
  729. package/pipeline/skills/shared/external/swiftdata-pro/references/class-inheritance.md +104 -0
  730. package/pipeline/skills/shared/external/swiftdata-pro/references/cloudkit.md +10 -0
  731. package/pipeline/skills/shared/external/swiftdata-pro/references/core-rules.md +20 -0
  732. package/pipeline/skills/shared/external/swiftdata-pro/references/indexing.md +27 -0
  733. package/pipeline/skills/shared/external/swiftdata-pro/references/predicates.md +73 -0
  734. package/pipeline/skills/shared/external/swiftui-animation/SKILL.md +503 -0
  735. package/pipeline/skills/shared/external/swiftui-animation/references/animation-advanced.md +821 -0
  736. package/pipeline/skills/shared/external/swiftui-animation/references/core-animation-bridge.md +553 -0
  737. package/pipeline/skills/shared/external/swiftui-expert-skill/SKILL.md +102 -0
  738. package/pipeline/skills/shared/external/swiftui-expert-skill/references/accessibility-patterns.md +215 -0
  739. package/pipeline/skills/shared/external/swiftui-expert-skill/references/animation-advanced.md +403 -0
  740. package/pipeline/skills/shared/external/swiftui-expert-skill/references/animation-basics.md +284 -0
  741. package/pipeline/skills/shared/external/swiftui-expert-skill/references/animation-transitions.md +326 -0
  742. package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts-accessibility.md +135 -0
  743. package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts.md +602 -0
  744. package/pipeline/skills/shared/external/swiftui-expert-skill/references/image-optimization.md +203 -0
  745. package/pipeline/skills/shared/external/swiftui-expert-skill/references/latest-apis.md +464 -0
  746. package/pipeline/skills/shared/external/swiftui-expert-skill/references/layout-best-practices.md +266 -0
  747. package/pipeline/skills/shared/external/swiftui-expert-skill/references/liquid-glass.md +416 -0
  748. package/pipeline/skills/shared/external/swiftui-expert-skill/references/list-patterns.md +394 -0
  749. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-scenes.md +318 -0
  750. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-views.md +357 -0
  751. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-window-styling.md +303 -0
  752. package/pipeline/skills/shared/external/swiftui-expert-skill/references/performance-patterns.md +403 -0
  753. package/pipeline/skills/shared/external/swiftui-expert-skill/references/scroll-patterns.md +293 -0
  754. package/pipeline/skills/shared/external/swiftui-expert-skill/references/sheet-navigation-patterns.md +363 -0
  755. package/pipeline/skills/shared/external/swiftui-expert-skill/references/state-management.md +417 -0
  756. package/pipeline/skills/shared/external/swiftui-expert-skill/references/view-structure.md +389 -0
  757. package/pipeline/skills/shared/external/swiftui-gestures/SKILL.md +450 -0
  758. package/pipeline/skills/shared/external/swiftui-gestures/references/gesture-patterns.md +425 -0
  759. package/pipeline/skills/shared/external/swiftui-layout-components/SKILL.md +336 -0
  760. package/pipeline/skills/shared/external/swiftui-layout-components/references/form.md +97 -0
  761. package/pipeline/skills/shared/external/swiftui-layout-components/references/grids.md +69 -0
  762. package/pipeline/skills/shared/external/swiftui-layout-components/references/list.md +99 -0
  763. package/pipeline/skills/shared/external/swiftui-layout-components/references/scrollview.md +147 -0
  764. package/pipeline/skills/shared/external/swiftui-liquid-glass/SKILL.md +98 -0
  765. package/pipeline/skills/shared/external/swiftui-navigation/SKILL.md +262 -0
  766. package/pipeline/skills/shared/external/swiftui-navigation/references/deeplinks.md +207 -0
  767. package/pipeline/skills/shared/external/swiftui-navigation/references/navigationstack.md +177 -0
  768. package/pipeline/skills/shared/external/swiftui-navigation/references/sheets.md +169 -0
  769. package/pipeline/skills/shared/external/swiftui-navigation/references/tabview.md +178 -0
  770. package/pipeline/skills/shared/external/swiftui-patterns/SKILL.md +371 -0
  771. package/pipeline/skills/shared/external/swiftui-patterns/references/architecture-patterns.md +486 -0
  772. package/pipeline/skills/shared/external/swiftui-patterns/references/deprecated-migration.md +1097 -0
  773. package/pipeline/skills/shared/external/swiftui-patterns/references/design-polish.md +780 -0
  774. package/pipeline/skills/shared/external/swiftui-patterns/references/platform-and-sharing.md +696 -0
  775. package/pipeline/skills/shared/external/swiftui-performance/SKILL.md +487 -0
  776. package/pipeline/skills/shared/external/swiftui-performance/references/demystify-swiftui-performance-wwdc23.md +46 -0
  777. package/pipeline/skills/shared/external/swiftui-performance/references/optimizing-swiftui-performance-instruments.md +29 -0
  778. package/pipeline/skills/shared/external/swiftui-performance/references/understanding-hangs-in-your-app.md +33 -0
  779. package/pipeline/skills/shared/external/swiftui-performance/references/understanding-improving-swiftui-performance.md +52 -0
  780. package/pipeline/skills/shared/external/swiftui-performance-audit/SKILL.md +114 -0
  781. package/pipeline/skills/shared/external/swiftui-pro/SKILL.md +108 -0
  782. package/pipeline/skills/shared/external/swiftui-pro/references/accessibility.md +13 -0
  783. package/pipeline/skills/shared/external/swiftui-pro/references/api.md +39 -0
  784. package/pipeline/skills/shared/external/swiftui-pro/references/data.md +43 -0
  785. package/pipeline/skills/shared/external/swiftui-pro/references/design.md +31 -0
  786. package/pipeline/skills/shared/external/swiftui-pro/references/hygiene.md +9 -0
  787. package/pipeline/skills/shared/external/swiftui-pro/references/navigation.md +14 -0
  788. package/pipeline/skills/shared/external/swiftui-pro/references/performance.md +46 -0
  789. package/pipeline/skills/shared/external/swiftui-pro/references/swift.md +56 -0
  790. package/pipeline/skills/shared/external/swiftui-pro/references/views.md +35 -0
  791. package/pipeline/skills/shared/external/swiftui-ui-patterns/SKILL.md +103 -0
  792. package/pipeline/skills/shared/external/swiftui-uikit-interop/SKILL.md +428 -0
  793. package/pipeline/skills/shared/external/swiftui-uikit-interop/references/hosting-migration.md +534 -0
  794. package/pipeline/skills/shared/external/swiftui-uikit-interop/references/representable-recipes.md +948 -0
  795. package/pipeline/skills/shared/external/swiftui-view-refactor/SKILL.md +210 -0
  796. package/pipeline/skills/shared/external/swiftui-webkit/SKILL.md +273 -0
  797. package/pipeline/skills/shared/external/swiftui-webkit/references/loading-and-observation.md +151 -0
  798. package/pipeline/skills/shared/external/swiftui-webkit/references/local-content-and-custom-schemes.md +95 -0
  799. package/pipeline/skills/shared/external/swiftui-webkit/references/migration-and-fallbacks.md +51 -0
  800. package/pipeline/skills/shared/external/swiftui-webkit/references/navigation-and-javascript.md +111 -0
  801. package/pipeline/skills/shared/external/tailwind-css/SKILL.md +309 -0
  802. package/pipeline/skills/shared/external/testing-backend/SKILL.md +393 -0
  803. package/pipeline/skills/shared/external/tipkit/SKILL.md +494 -0
  804. package/pipeline/skills/shared/external/tipkit/references/tipkit-patterns.md +782 -0
  805. package/pipeline/skills/shared/external/typescript-patterns/SKILL.md +336 -0
  806. package/pipeline/skills/shared/external/vision-framework/SKILL.md +475 -0
  807. package/pipeline/skills/shared/external/vision-framework/references/vision-requests.md +736 -0
  808. package/pipeline/skills/shared/external/vision-framework/references/visionkit-scanner.md +738 -0
  809. package/pipeline/skills/shared/external/vue-composition/SKILL.md +371 -0
  810. package/pipeline/skills/shared/external/weatherkit/SKILL.md +410 -0
  811. package/pipeline/skills/shared/external/weatherkit/references/weatherkit-patterns.md +567 -0
  812. package/pipeline/skills/shared/external/web-accessibility/SKILL.md +373 -0
  813. package/pipeline/skills/shared/external/web-performance/SKILL.md +345 -0
  814. package/pipeline/skills/shared/external/web-testing/SKILL.md +385 -0
  815. package/pipeline/skills/shared/external/widgetkit/SKILL.md +497 -0
  816. package/pipeline/skills/shared/external/widgetkit/references/widgetkit-advanced.md +871 -0
  817. package/pipeline/skills/skills-index.md +205 -0
@@ -0,0 +1,332 @@
1
+ #!/usr/bin/env bash
2
+ # scan-skills.sh — skill security scanner (v5.1.0)
3
+ #
4
+ # Scans skill directories (pipeline/skills/ OR ~/.claude/skills/ OR ~/.copilot/skills/)
5
+ # for known-bad patterns. Multi-tier severity:
6
+ # critical: shell-pipe exec, eval with curl, unicode bidi override, known malicious hosts
7
+ # high: eval/new Function/exec on dynamic content, hardcoded API credentials,
8
+ # pastebin/gist raw URLs, chmod+exec sequences
9
+ # medium: long base64 blobs (>200 chars), unknown network endpoints
10
+ # low: missing frontmatter, skills without description
11
+ #
12
+ # Defaults to WARN-ONLY (always exits 0 so install.js never halts from a scan).
13
+ # Use --strict to let severity drive exit code (for CI).
14
+ #
15
+ # Usage:
16
+ # scan-skills.sh [--root PATH] [--strict] [--json] [--threshold SEV] [--help]
17
+ #
18
+ # Flags:
19
+ # --root PATH Root to scan. Default: pipeline/skills/ inside the pipeline repo.
20
+ # --strict Non-zero exit on findings at/above threshold (default: warn-only, always exit 0).
21
+ # --json Emit JSON instead of text report.
22
+ # --threshold SEV Minimum severity to report: critical|high|medium|low. Default: medium.
23
+ # --help Show this help.
24
+
25
+ set -uo pipefail
26
+
27
+ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
28
+ REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
29
+
30
+ ROOT="$REPO_ROOT/pipeline/skills"
31
+ STRICT=0
32
+ JSON=0
33
+ THRESHOLD="medium"
34
+
35
+ while [ $# -gt 0 ]; do
36
+ case "$1" in
37
+ --root) ROOT="$2"; shift 2 ;;
38
+ --strict) STRICT=1; shift ;;
39
+ --json) JSON=1; shift ;;
40
+ --threshold) THRESHOLD="$2"; shift 2 ;;
41
+ --help|-h)
42
+ sed -n '1,30p' "$0" | sed 's/^# \{0,1\}//'
43
+ exit 0
44
+ ;;
45
+ *) echo "unknown flag: $1" >&2; exit 64 ;;
46
+ esac
47
+ done
48
+
49
+ if [ ! -d "$ROOT" ]; then
50
+ echo "scan-skills: root not found: $ROOT" >&2
51
+ exit 64
52
+ fi
53
+
54
+ # Severity rank — lower = more severe. Used for threshold comparison.
55
+ sev_rank() {
56
+ case "$1" in
57
+ critical) echo 0 ;;
58
+ high) echo 1 ;;
59
+ medium) echo 2 ;;
60
+ low) echo 3 ;;
61
+ *) echo 9 ;;
62
+ esac
63
+ }
64
+ THRESHOLD_RANK=$(sev_rank "$THRESHOLD")
65
+
66
+ # Network endpoint allow-list — domains we expect to see in skills.
67
+ # Anything else flagged as medium (unknown endpoint).
68
+ ALLOW_DOMAINS='(github\.com|raw\.githubusercontent\.com|api\.github\.com|codeload\.github\.com|githubusercontent\.com|anthropic\.com|claude\.ai|api\.anthropic\.com|api\.figma\.com|figma\.com|jira\.example\.com|confluence\.example\.com|bitbucket\.example\.com|example\.com|mmerterden\.vercel\.app|localhost|127\.0\.0\.1|npmjs\.org|npmjs\.com|registry\.npmjs\.org|vercel\.com|api\.vercel\.com|pkg\.github\.com|googleapis\.com|firebase\.google\.com|apple\.com|developer\.apple\.com|google\.com|atlassian\.com|atlassian\.net|openai\.com|api\.openai\.com)'
69
+
70
+ FINDINGS=()
71
+ CRIT=0; HIGH=0; MED=0; LOW=0
72
+
73
+ add_finding() {
74
+ local sev="$1" file="$2" line="$3" pattern="$4" message="$5"
75
+ local rank
76
+ rank=$(sev_rank "$sev")
77
+ [ "$rank" -gt "$THRESHOLD_RANK" ] && return 0
78
+ case "$sev" in
79
+ critical) CRIT=$((CRIT+1)) ;;
80
+ high) HIGH=$((HIGH+1)) ;;
81
+ medium) MED=$((MED+1)) ;;
82
+ low) LOW=$((LOW+1)) ;;
83
+ esac
84
+ # pipe-delimit for compact transport between shell and reporters
85
+ FINDINGS+=("$sev|$file|$line|$pattern|$message")
86
+ }
87
+
88
+ # --- Pattern scanning ---------------------------------------------------
89
+
90
+ # Files to consider: *.md, *.sh, *.py, *.mjs, *.js, *.ts (skill content)
91
+ # Exclude: binary, images, large fixtures, hidden
92
+ SCAN_LIST=$(mktemp)
93
+ trap 'rm -f "$SCAN_LIST"' EXIT
94
+
95
+ find "$ROOT" -type f \
96
+ \( -name "*.md" -o -name "*.sh" -o -name "*.py" -o -name "*.mjs" -o -name "*.js" -o -name "*.ts" \) \
97
+ -not -path "*/node_modules/*" \
98
+ -not -path "*/.git/*" \
99
+ 2>/dev/null > "$SCAN_LIST"
100
+
101
+ scan_critical() {
102
+ local f="$1"
103
+ # curl|wget piping to shell
104
+ while IFS= read -r hit; do
105
+ [ -z "$hit" ] && continue
106
+ local ln="${hit%%:*}"
107
+ add_finding critical "$f" "$ln" "shell-pipe-exec" "curl/wget piped to shell interpreter"
108
+ done < <(grep -nE '(curl|wget)[^|]*\|[[:space:]]*(sh|bash|zsh|ksh|ash|dash)([[:space:]]|$)' "$f" 2>/dev/null)
109
+
110
+ # base64 -d | shell
111
+ while IFS= read -r hit; do
112
+ [ -z "$hit" ] && continue
113
+ local ln="${hit%%:*}"
114
+ add_finding critical "$f" "$ln" "base64-pipe-exec" "base64 decoded output piped to shell"
115
+ done < <(grep -nE '(base64|openssl[[:space:]]+base64)[^|]*-d[^|]*\|[[:space:]]*(sh|bash|zsh|eval|sudo)' "$f" 2>/dev/null)
116
+
117
+ # eval $(curl|wget ...) or eval `curl ...`
118
+ while IFS= read -r hit; do
119
+ [ -z "$hit" ] && continue
120
+ local ln="${hit%%:*}"
121
+ add_finding critical "$f" "$ln" "eval-of-network" "eval of network-fetched content"
122
+ done < <(grep -nE 'eval[[:space:]]+(\$\([[:space:]]*(curl|wget|fetch)|`[[:space:]]*(curl|wget|fetch))' "$f" 2>/dev/null)
123
+
124
+ # Unicode bidi override characters — invisible injection attack
125
+ if LC_ALL=C grep -l $'\xe2\x80\xad\|\xe2\x80\xae\|\xe2\x81\xa6\|\xe2\x81\xa7\|\xe2\x81\xa8\|\xe2\x81\xa9' "$f" 2>/dev/null >/dev/null; then
126
+ add_finding critical "$f" "0" "unicode-bidi" "bidirectional control chars (U+202D-202E, U+2066-2069) — trojan source risk"
127
+ fi
128
+ }
129
+
130
+ scan_high() {
131
+ local f="$1"
132
+ local ext="${f##*.}"
133
+
134
+ # JavaScript/TypeScript: eval(, new Function(, Function(
135
+ if [ "$ext" = "js" ] || [ "$ext" = "mjs" ] || [ "$ext" = "ts" ]; then
136
+ while IFS= read -r hit; do
137
+ [ -z "$hit" ] && continue
138
+ local ln="${hit%%:*}"
139
+ add_finding high "$f" "$ln" "js-dynamic-eval" "JavaScript dynamic code execution"
140
+ done < <(grep -nE '\b(eval|new[[:space:]]+Function|Function)\s*\(' "$f" 2>/dev/null)
141
+ fi
142
+
143
+ # Python: exec(, eval( on non-literal — exclude re.compile (regex) and subprocess
144
+ if [ "$ext" = "py" ]; then
145
+ while IFS= read -r hit; do
146
+ [ -z "$hit" ] && continue
147
+ local ln="${hit%%:*}"
148
+ local content="${hit#*:}"
149
+ # Skip re.compile (standard regex) and subprocess.* (legitimate process invocation)
150
+ echo "$content" | grep -qE '(\bre\.compile|\bre2\.compile|subprocess\.|typing\.)' && continue
151
+ add_finding high "$f" "$ln" "py-dynamic-exec" "Python dynamic code execution"
152
+ done < <(grep -nE '(^|[^a-zA-Z0-9_.])(exec|eval)[[:space:]]*\(' "$f" 2>/dev/null)
153
+ fi
154
+
155
+ # Hardcoded API keys — AWS, OpenAI, GitHub, generic sk-* with length
156
+ # Skip lines in FORBIDDEN/NEVER/example blocks (false positives from docs)
157
+ while IFS= read -r hit; do
158
+ [ -z "$hit" ] && continue
159
+ local ln="${hit%%:*}"
160
+ # Check ±3 lines around match for documentation context markers
161
+ local ctx_start=$((ln - 3))
162
+ [ "$ctx_start" -lt 1 ] && ctx_start=1
163
+ local ctx_end=$((ln + 3))
164
+ local ctx
165
+ ctx=$(sed -n "${ctx_start},${ctx_end}p" "$f" 2>/dev/null)
166
+ if echo "$ctx" | grep -qiE '(FORBIDDEN|NEVER do|don.t do|example:|placeholder|sample credential|DO NOT|✗|XXX|YYY|dummy|fake.?key)'; then
167
+ continue
168
+ fi
169
+ add_finding high "$f" "$ln" "hardcoded-credential" "possible hardcoded API credential"
170
+ done < <(grep -nE '(AKIA[0-9A-Z]{16}|sk-(live|test|proj|ant|or)-[A-Za-z0-9_-]{20,}|ghp_[A-Za-z0-9]{36}|github_pat_[A-Za-z0-9_]{82}|gho_[A-Za-z0-9]{36}|xox[bp]-[A-Za-z0-9-]{10,})' "$f" 2>/dev/null)
171
+
172
+ # Pastebin / URL shortener raw content fetching
173
+ while IFS= read -r hit; do
174
+ [ -z "$hit" ] && continue
175
+ local ln="${hit%%:*}"
176
+ add_finding high "$f" "$ln" "pastebin-fetch" "fetch from ephemeral/obscured content host"
177
+ done < <(grep -nE 'https?://(pastebin\.com/raw|paste\.ee|ghostbin|hastebin|bit\.ly|tinyurl\.com|goo\.gl|t\.co|is\.gd|ow\.ly|rebrand\.ly|gist\.github\.com/[^/]+/[a-f0-9]+/raw)' "$f" 2>/dev/null)
178
+
179
+ # chmod +x followed by execution on same file in same block
180
+ while IFS= read -r hit; do
181
+ [ -z "$hit" ] && continue
182
+ local ln="${hit%%:*}"
183
+ add_finding high "$f" "$ln" "chmod-then-exec" "script made executable and immediately invoked"
184
+ done < <(grep -nE 'chmod[[:space:]]+\+x[[:space:]]+[^&;]+[[:space:]]*(&&|;)[[:space:]]*\./' "$f" 2>/dev/null)
185
+ }
186
+
187
+ scan_medium() {
188
+ local f="$1"
189
+
190
+ # Long base64 blobs — obfuscation indicator.
191
+ # Skip .md files (documentation often shows example b64) — only scan executable content types.
192
+ case "$f" in
193
+ *.md) ;;
194
+ *)
195
+ while IFS= read -r hit; do
196
+ [ -z "$hit" ] && continue
197
+ local ln="${hit%%:*}"
198
+ add_finding medium "$f" "$ln" "long-base64" "base64-looking blob >200 chars (possible obfuscation)"
199
+ done < <(grep -nE '[A-Za-z0-9+/]{200,}={0,2}' "$f" 2>/dev/null)
200
+ ;;
201
+ esac
202
+ }
203
+
204
+ scan_info() {
205
+ local f="$1"
206
+
207
+ # Unknown network endpoints — LOW severity (informational). URLs in skills
208
+ # are usually doc references, not exfil channels. Only the critical
209
+ # shell-pipe-exec patterns detect active network abuse.
210
+ while IFS= read -r hit; do
211
+ [ -z "$hit" ] && continue
212
+ local ln="${hit%%:*}"
213
+ local url_line="${hit#*:}"
214
+ local url
215
+ url=$(echo "$url_line" | grep -oE 'https?://[a-zA-Z0-9._-]+' | head -1)
216
+ [ -z "$url" ] && continue
217
+ local host="${url#*://}"
218
+ host="${host%%/*}"
219
+ if ! echo "$host" | grep -qE "^${ALLOW_DOMAINS}$" 2>/dev/null; then
220
+ add_finding low "$f" "$ln" "unknown-endpoint" "network endpoint not in allow-list: $host"
221
+ fi
222
+ done < <(grep -nE 'https?://[a-zA-Z0-9._-]+' "$f" 2>/dev/null | head -20)
223
+ }
224
+
225
+ scan_low() {
226
+ local f="$1"
227
+ # Missing SKILL.md frontmatter (only check files named SKILL.md)
228
+ case "$f" in
229
+ */SKILL.md)
230
+ if ! head -1 "$f" | grep -Fxq -- "---"; then
231
+ add_finding low "$f" "1" "missing-frontmatter" "SKILL.md without YAML frontmatter"
232
+ elif ! grep -qE '^description:' "$f"; then
233
+ add_finding low "$f" "0" "missing-description" "SKILL.md frontmatter missing 'description'"
234
+ fi
235
+ ;;
236
+ esac
237
+ }
238
+
239
+ # --- Run scan -----------------------------------------------------------
240
+
241
+ FILE_COUNT=0
242
+ while IFS= read -r file; do
243
+ [ -z "$file" ] && continue
244
+ FILE_COUNT=$((FILE_COUNT+1))
245
+ scan_critical "$file"
246
+ scan_high "$file"
247
+ scan_medium "$file"
248
+ scan_info "$file"
249
+ scan_low "$file"
250
+ done < "$SCAN_LIST"
251
+
252
+ # --- Report -------------------------------------------------------------
253
+
254
+ if [ "$JSON" -eq 1 ]; then
255
+ printf '{\n'
256
+ printf ' "root": %s,\n' "$(printf '%s' "$ROOT" | sed 's/"/\\"/g; s/.*/"&"/')"
257
+ printf ' "scanned_files": %d,\n' "$FILE_COUNT"
258
+ printf ' "threshold": "%s",\n' "$THRESHOLD"
259
+ printf ' "strict": %s,\n' "$( [ "$STRICT" -eq 1 ] && echo true || echo false )"
260
+ printf ' "counts": { "critical": %d, "high": %d, "medium": %d, "low": %d },\n' "$CRIT" "$HIGH" "$MED" "$LOW"
261
+ printf ' "findings": [\n'
262
+ local_i=0
263
+ total=${#FINDINGS[@]}
264
+ for f in "${FINDINGS[@]:-}"; do
265
+ local_i=$((local_i+1))
266
+ sev="${f%%|*}"; rest="${f#*|}"
267
+ file="${rest%%|*}"; rest="${rest#*|}"
268
+ line="${rest%%|*}"; rest="${rest#*|}"
269
+ pat="${rest%%|*}"; msg="${rest#*|}"
270
+ # json-escape file/msg minimally
271
+ jf=$(printf '%s' "$file" | sed 's/"/\\"/g')
272
+ jm=$(printf '%s' "$msg" | sed 's/"/\\"/g')
273
+ printf ' { "severity": "%s", "file": "%s", "line": "%s", "pattern": "%s", "message": "%s" }' \
274
+ "$sev" "$jf" "$line" "$pat" "$jm"
275
+ [ "$local_i" -lt "$total" ] && printf ','
276
+ printf '\n'
277
+ done
278
+ printf ' ]\n}\n'
279
+ else
280
+ # Colored text report
281
+ if [ -t 1 ] && command -v tput >/dev/null 2>&1; then
282
+ C_RED=$(tput setaf 1)
283
+ C_YEL=$(tput setaf 3)
284
+ C_CYN=$(tput setaf 6)
285
+ C_DIM=$(tput dim)
286
+ C_RST=$(tput sgr0)
287
+ C_BLD=$(tput bold)
288
+ else
289
+ C_RED=""; C_YEL=""; C_CYN=""; C_DIM=""; C_RST=""; C_BLD=""
290
+ fi
291
+
292
+ total=${#FINDINGS[@]}
293
+ printf '%sscan-skills%s · %d files · threshold=%s%s%s\n' "$C_BLD" "$C_RST" "$FILE_COUNT" "$C_CYN" "$THRESHOLD" "$C_RST"
294
+ if [ "$total" -eq 0 ]; then
295
+ printf ' ✓ clean (0 findings)\n'
296
+ else
297
+ printf ' %sfound %d%s: critical=%d high=%d medium=%d low=%d\n\n' "$C_BLD" "$total" "$C_RST" "$CRIT" "$HIGH" "$MED" "$LOW"
298
+ for f in "${FINDINGS[@]:-}"; do
299
+ sev="${f%%|*}"; rest="${f#*|}"
300
+ file="${rest%%|*}"; rest="${rest#*|}"
301
+ line="${rest%%|*}"; rest="${rest#*|}"
302
+ pat="${rest%%|*}"; msg="${rest#*|}"
303
+ case "$sev" in
304
+ critical) ico="🚨"; col="$C_RED" ;;
305
+ high) ico="⚠ "; col="$C_RED" ;;
306
+ medium) ico="ⓘ "; col="$C_YEL" ;;
307
+ low) ico="· "; col="$C_DIM" ;;
308
+ *) ico="? "; col="" ;;
309
+ esac
310
+ rel="${file#$REPO_ROOT/}"
311
+ printf ' %s%s%s %-8s %s:%s [%s]\n' "$col" "$ico" "$C_RST" "$sev" "$rel" "$line" "$pat"
312
+ printf ' %s%s%s\n' "$C_DIM" "$msg" "$C_RST"
313
+ done
314
+ fi
315
+
316
+ if [ "$STRICT" -eq 0 ]; then
317
+ printf '\n %s(warn-only mode — exit 0 regardless of findings; use --strict to halt on findings)%s\n' "$C_DIM" "$C_RST"
318
+ fi
319
+ fi
320
+
321
+ # --- Exit code ----------------------------------------------------------
322
+
323
+ if [ "$STRICT" -eq 0 ]; then
324
+ exit 0
325
+ fi
326
+
327
+ # Strict: exit code maps to highest severity found at/above threshold
328
+ [ "$CRIT" -gt 0 ] && exit 1
329
+ [ "$HIGH" -gt 0 ] && exit 2
330
+ [ "$MED" -gt 0 ] && exit 3
331
+ [ "$LOW" -gt 0 ] && exit 4
332
+ exit 0
@@ -0,0 +1,291 @@
1
+ #!/usr/bin/env bash
2
+ # search-logs.sh — cross-project search across multi-agent agent-log.md files.
3
+ #
4
+ # Greps ~/.claude/logs/multi-agent/**/agent-log.md (or --root PATH) for a query,
5
+ # groups results by task, and ranks by (match_count × recency_weight).
6
+ #
7
+ # Prefers ripgrep (rg) for speed + sane defaults; falls back to GNU grep -rE.
8
+ #
9
+ # Usage:
10
+ # search-logs.sh "query" [flags]
11
+ #
12
+ # Flags:
13
+ # --root PATH Override log root. Default: $HOME/.claude/logs/multi-agent
14
+ # --project NAME Filter to tasks under this project dir
15
+ # --since SPEC 7d | 30d | 2026-04-01 — drop tasks older than this
16
+ # --phase N Only match inside "## Phase N" sections
17
+ # --semantic v8.3+: query the per-repo triage corpus instead of
18
+ # agent-log.md grep. Returns past triage findings
19
+ # ranked by token overlap (token-based recall, no LLM).
20
+ # Honors --project as the repo-slug; --since/--phase ignored.
21
+ # --json JSON output (for automation)
22
+ # --tsv Tab-separated output (for pipelines)
23
+ # --limit N Max tasks to return (default 20)
24
+ # --help Show this help
25
+ #
26
+ # Exit codes:
27
+ # 0 at least one match
28
+ # 1 no matches
29
+ # 64 bad arguments
30
+
31
+ set -uo pipefail
32
+
33
+ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
34
+
35
+ ROOT="$HOME/.claude/logs/multi-agent"
36
+ PROJECT=""
37
+ SINCE=""
38
+ PHASE=""
39
+ JSON=0
40
+ TSV=0
41
+ LIMIT=20
42
+ QUERY=""
43
+ SEMANTIC=0
44
+
45
+ while [ $# -gt 0 ]; do
46
+ case "$1" in
47
+ --root) ROOT="$2"; shift 2 ;;
48
+ --project) PROJECT="$2"; shift 2 ;;
49
+ --since) SINCE="$2"; shift 2 ;;
50
+ --phase) PHASE="$2"; shift 2 ;;
51
+ --json) JSON=1; shift ;;
52
+ --tsv) TSV=1; shift ;;
53
+ --semantic) SEMANTIC=1; shift ;;
54
+ --limit) LIMIT="$2"; shift 2 ;;
55
+ --help|-h)
56
+ awk 'NR==1{next} /^[^#]/{exit} {sub(/^# ?/,""); print}' "$0"
57
+ exit 0
58
+ ;;
59
+ --*) echo "unknown flag: $1" >&2; exit 64 ;;
60
+ *)
61
+ if [ -z "$QUERY" ]; then
62
+ QUERY="$1"
63
+ else
64
+ QUERY="$QUERY $1"
65
+ fi
66
+ shift
67
+ ;;
68
+ esac
69
+ done
70
+
71
+ if [ -z "$QUERY" ]; then
72
+ echo "usage: search-logs.sh \"query\" [flags]" >&2
73
+ exit 64
74
+ fi
75
+
76
+ # v8.3+ — semantic mode: dispatch to triage-memory.mjs corpus query and exit.
77
+ # Honors --project as the repo-slug, --json (default off → human table),
78
+ # --limit (passed as --top N). --since/--phase have no meaning here.
79
+ if [ "$SEMANTIC" -eq 1 ]; then
80
+ TM_SCRIPT="$SCRIPT_DIR/triage-memory.mjs"
81
+ if [ ! -x "$TM_SCRIPT" ] && ! command -v node >/dev/null 2>&1; then
82
+ echo "search-logs: --semantic requires node + triage-memory.mjs" >&2
83
+ exit 1
84
+ fi
85
+ TM_ARGS=(query --issue "$QUERY" --top "$LIMIT")
86
+ if [ -n "$PROJECT" ]; then TM_ARGS+=(--repo-slug "$PROJECT"); fi
87
+ RESPONSE=$(node "$TM_SCRIPT" "${TM_ARGS[@]}" 2>/dev/null)
88
+ RC=$?
89
+ if [ "$JSON" -eq 1 ]; then
90
+ printf '%s\n' "$RESPONSE"
91
+ exit "$RC"
92
+ fi
93
+ # Human render
94
+ hits=$(echo "$RESPONSE" | jq -r '.hits | length' 2>/dev/null || echo 0)
95
+ if [ "$hits" = "0" ] || [ "$hits" = "" ]; then
96
+ echo "no semantic hits"
97
+ exit 1
98
+ fi
99
+ printf '%-12s %-10s %-10s %-40s %-6s\n' "TASK" "VERDICT" "SEV" "FILE" "SCORE"
100
+ printf '%-12s %-10s %-10s %-40s %-6s\n' "----" "-------" "---" "----" "-----"
101
+ echo "$RESPONSE" | jq -r '.hits[] | [.taskId, .classification, .severity, .file, .score] | @tsv' | \
102
+ awk -F'\t' '{ printf "%-12s %-10s %-10s %-40s %-6s\n", $1, $2, $3, substr($4,1,40), $5 }'
103
+ exit 0
104
+ fi
105
+
106
+ if [ ! -d "$ROOT" ]; then
107
+ if [ "$JSON" -eq 1 ]; then
108
+ printf '{ "query": "%s", "root": "%s", "matches": 0, "tasks": [] }\n' "$QUERY" "$ROOT"
109
+ exit 1
110
+ fi
111
+ echo "search-logs: log root not found: $ROOT" >&2
112
+ exit 1
113
+ fi
114
+
115
+ # --- Time filter resolution ----------------------------------------------
116
+
117
+ since_epoch=0
118
+ if [ -n "$SINCE" ]; then
119
+ case "$SINCE" in
120
+ *d)
121
+ days="${SINCE%d}"
122
+ since_epoch=$(date -v-"${days}"d +%s 2>/dev/null || date -d "-${days} days" +%s 2>/dev/null || echo 0)
123
+ ;;
124
+ *-*-*)
125
+ since_epoch=$(date -j -f "%Y-%m-%d" "$SINCE" +%s 2>/dev/null || date -d "$SINCE" +%s 2>/dev/null || echo 0)
126
+ ;;
127
+ *)
128
+ echo "search-logs: --since accepts '7d', '30d', or 'YYYY-MM-DD'" >&2
129
+ exit 64
130
+ ;;
131
+ esac
132
+ fi
133
+
134
+ # --- Candidate file discovery --------------------------------------------
135
+
136
+ CANDIDATES=$(mktemp)
137
+ trap 'rm -f "$CANDIDATES" "$FILTERED" "$RESULTS"' EXIT
138
+
139
+ find "$ROOT" -type f -name "agent-log.md" 2>/dev/null > "$CANDIDATES"
140
+
141
+ FILTERED=$(mktemp)
142
+ while IFS= read -r f; do
143
+ [ -z "$f" ] && continue
144
+ # Project filter: path must contain /$PROJECT/
145
+ if [ -n "$PROJECT" ] && ! echo "$f" | grep -qF "/$PROJECT/"; then
146
+ continue
147
+ fi
148
+ # Since filter: drop files with mtime older than since_epoch
149
+ if [ "$since_epoch" -gt 0 ]; then
150
+ m=$(stat -f %m "$f" 2>/dev/null || stat -c %Y "$f" 2>/dev/null || echo 0)
151
+ [ "$m" -lt "$since_epoch" ] && continue
152
+ fi
153
+ echo "$f" >> "$FILTERED"
154
+ done < "$CANDIDATES"
155
+
156
+ # --- Search executor -----------------------------------------------------
157
+
158
+ has_rg=0
159
+ command -v rg >/dev/null 2>&1 && has_rg=1
160
+
161
+ RESULTS=$(mktemp)
162
+ NOW=$(date +%s)
163
+
164
+ while IFS= read -r f; do
165
+ [ -z "$f" ] && continue
166
+
167
+ # If --phase N is set, extract only the "## Phase N" section and grep inside
168
+ if [ -n "$PHASE" ]; then
169
+ section=$(awk -v n="$PHASE" '
170
+ BEGIN { inside = 0 }
171
+ /^##[[:space:]]+Phase[[:space:]]+/ {
172
+ if ($0 ~ "Phase[[:space:]]+" n "[^0-9]") { inside = 1 } else { inside = 0 }
173
+ }
174
+ inside { print }
175
+ ' "$f")
176
+ if [ -z "$section" ]; then continue; fi
177
+ count=$(printf '%s\n' "$section" | grep -ciE "$QUERY" 2>/dev/null)
178
+ first_match=$(printf '%s\n' "$section" | grep -iE "$QUERY" 2>/dev/null | head -1)
179
+ else
180
+ if [ "$has_rg" -eq 1 ]; then
181
+ count=$(rg -c -i "$QUERY" "$f" 2>/dev/null)
182
+ first_match=$(rg -i -m1 "$QUERY" "$f" 2>/dev/null | head -1)
183
+ else
184
+ count=$(grep -ciE "$QUERY" "$f" 2>/dev/null)
185
+ first_match=$(grep -iE "$QUERY" "$f" 2>/dev/null | head -1)
186
+ fi
187
+ fi
188
+
189
+ # Normalise count: empty (rg no-match) or non-numeric → 0
190
+ [ -z "$count" ] && count=0
191
+ case "$count" in
192
+ ''|*[!0-9]*) count=0 ;;
193
+ esac
194
+
195
+ [ "$count" -eq 0 ] && continue
196
+
197
+ # Task metadata
198
+ task_id=$(basename "$(dirname "$f")")
199
+ project=$(basename "$(dirname "$(dirname "$f")")")
200
+ title=$(head -1 "$f" | sed 's/^# *//' | cut -c1-80)
201
+ branch=$(grep -m1 -iE '^\*\*Branch\*\*' "$f" 2>/dev/null | sed -E 's/.*Branch\*\*: *([^ |]+).*/\1/' | head -c60)
202
+ [ -z "$branch" ] && branch="(unknown)"
203
+ mtime=$(stat -f %m "$f" 2>/dev/null || stat -c %Y "$f" 2>/dev/null || echo "$NOW")
204
+
205
+ # Recency weight: 1.0 for last 7d, 0.5 for 7-30d, 0.2 older
206
+ age_days=$(( (NOW - mtime) / 86400 ))
207
+ if [ "$age_days" -le 7 ]; then
208
+ weight=100
209
+ elif [ "$age_days" -le 30 ]; then
210
+ weight=50
211
+ else
212
+ weight=20
213
+ fi
214
+ score=$(( count * weight ))
215
+
216
+ # Pack into single tab-delimited line: score task_id project branch mtime count title snippet
217
+ printf '%d\t%s\t%s\t%s\t%d\t%d\t%s\t%s\n' \
218
+ "$score" "$task_id" "$project" "$branch" "$mtime" "$count" "$title" "$first_match" >> "$RESULTS"
219
+
220
+ done < "$FILTERED"
221
+
222
+ # Sort by score desc, limit
223
+ sort -t$'\t' -k1,1nr "$RESULTS" | head -n "$LIMIT" > "${RESULTS}.sorted"
224
+ mv "${RESULTS}.sorted" "$RESULTS"
225
+
226
+ TOTAL_TASKS=$(wc -l < "$RESULTS" | tr -d ' ')
227
+
228
+ # --- Report ---------------------------------------------------------------
229
+
230
+ if [ "$JSON" -eq 1 ]; then
231
+ printf '{\n "query": %s,\n' "$(printf '%s' "$QUERY" | sed 's/\\/\\\\/g; s/"/\\"/g; s/.*/"&"/')"
232
+ printf ' "root": "%s",\n' "$ROOT"
233
+ [ -n "$PROJECT" ] && printf ' "project": "%s",\n' "$PROJECT"
234
+ [ -n "$SINCE" ] && printf ' "since": "%s",\n' "$SINCE"
235
+ [ -n "$PHASE" ] && printf ' "phase": "%s",\n' "$PHASE"
236
+ printf ' "ripgrep": %s,\n' "$( [ "$has_rg" -eq 1 ] && echo true || echo false )"
237
+ printf ' "matched_tasks": %d,\n' "$TOTAL_TASKS"
238
+ printf ' "tasks": [\n'
239
+ i=0
240
+ while IFS=$'\t' read -r score task_id project branch mtime count title snippet; do
241
+ i=$((i+1))
242
+ jt=$(printf '%s' "$title" | sed 's/\\/\\\\/g; s/"/\\"/g')
243
+ js=$(printf '%s' "$snippet" | sed 's/\\/\\\\/g; s/"/\\"/g')
244
+ date=$(date -r "$mtime" "+%Y-%m-%d" 2>/dev/null || echo "")
245
+ printf ' { "task_id": "%s", "project": "%s", "branch": "%s", "date": "%s", "matches": %d, "score": %d, "title": "%s", "snippet": "%s" }' \
246
+ "$task_id" "$project" "$branch" "$date" "$count" "$score" "$jt" "$js"
247
+ [ "$i" -lt "$TOTAL_TASKS" ] && printf ','
248
+ printf '\n'
249
+ done < "$RESULTS"
250
+ printf ' ]\n}\n'
251
+ elif [ "$TSV" -eq 1 ]; then
252
+ printf 'score\ttask_id\tproject\tbranch\tdate\tmatches\ttitle\tsnippet\n'
253
+ while IFS=$'\t' read -r score task_id project branch mtime count title snippet; do
254
+ date=$(date -r "$mtime" "+%Y-%m-%d" 2>/dev/null || echo "")
255
+ printf '%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\n' "$score" "$task_id" "$project" "$branch" "$date" "$count" "$title" "$snippet"
256
+ done < "$RESULTS"
257
+ else
258
+ # Colored text report
259
+ if [ -t 1 ] && command -v tput >/dev/null 2>&1; then
260
+ C_BLD=$(tput bold); C_DIM=$(tput dim); C_CYN=$(tput setaf 6); C_YEL=$(tput setaf 3); C_GRN=$(tput setaf 2); C_RST=$(tput sgr0)
261
+ else
262
+ C_BLD=""; C_DIM=""; C_CYN=""; C_YEL=""; C_GRN=""; C_RST=""
263
+ fi
264
+
265
+ if [ "$TOTAL_TASKS" -eq 0 ]; then
266
+ printf '%ssearch-logs%s · query=%s\n' "$C_BLD" "$C_RST" "$QUERY"
267
+ [ -n "$PROJECT" ] && printf ' project=%s' "$PROJECT"
268
+ [ -n "$SINCE" ] && printf ' since=%s' "$SINCE"
269
+ [ -n "$PHASE" ] && printf ' phase=%s' "$PHASE"
270
+ printf '\n ⓘ no matches\n'
271
+ exit 1
272
+ fi
273
+
274
+ printf '%ssearch-logs%s · %d task%s · query=%s%s%s\n' \
275
+ "$C_BLD" "$C_RST" "$TOTAL_TASKS" "$([ "$TOTAL_TASKS" -eq 1 ] || echo s)" "$C_CYN" "$QUERY" "$C_RST"
276
+ [ -n "$PROJECT" ] && printf ' %sproject=%s%s\n' "$C_DIM" "$PROJECT" "$C_RST"
277
+ [ -n "$SINCE" ] && printf ' %ssince=%s%s\n' "$C_DIM" "$SINCE" "$C_RST"
278
+ [ -n "$PHASE" ] && printf ' %sphase=%s%s\n' "$C_DIM" "$PHASE" "$C_RST"
279
+ [ "$has_rg" -eq 0 ] && printf ' %s(ripgrep not found, using grep)%s\n' "$C_DIM" "$C_RST"
280
+ printf '\n'
281
+
282
+ while IFS=$'\t' read -r score task_id project branch mtime count title snippet; do
283
+ date=$(date -r "$mtime" "+%Y-%m-%d" 2>/dev/null || echo "")
284
+ printf '%s%s%s · %s%s%s · %s%s%s · %s%d match%s%s\n' \
285
+ "$C_YEL" "$task_id" "$C_RST" "$C_DIM" "$project" "$C_RST" "$C_DIM" "$branch" "$C_RST" "$C_GRN" "$count" "$([ "$count" -eq 1 ] || echo es)" "$C_RST"
286
+ [ -n "$title" ] && printf ' %s%s%s\n' "$C_BLD" "$title" "$C_RST"
287
+ printf ' %s%s · %s%s\n\n' "$C_DIM" "$date" "$(echo "$snippet" | head -c 140)" "$C_RST"
288
+ done < "$RESULTS"
289
+ fi
290
+
291
+ [ "$TOTAL_TASKS" -gt 0 ] && exit 0 || exit 1