@pbhamri/quartermaster-mcp 0.2.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 pbhamri
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,96 @@
+# quartermaster-mcp
+
+> **MCP server that seeds any repo with the Quartermaster PM kit.**
+> No folder dependency. No installer script. Callable from any Copilot / Claude / Cursor session against any cwd.
+
+Built in response to PM Architect input (2026-05-29):
+> *"It would be great if this can be an MCP server that seeds any repo. Then we are not tied to a folder or repo."*
+
+## What it does
+
+Exposes 5 tools over MCP stdio:
+
+| Tool | Purpose |
+|---|---|
+| `qm_list_profiles` | List the 6 Purview product profiles bundled in the package |
+| `qm_seed_repo` | Seed any repo path with AGENTS.md, copilot-instructions.md, `.quartermaster/profile.json`, `/npf` + `/cxe` prompts, command-center seed. **Idempotent.** Supports `dryRun: true`. |
+| `qm_audit_repo` | Score any repo /6 against the Quartermaster readiness checklist |
+| `qm_install_prompts` | Install `/npf` + `/cxe` to `~/.github/prompts` |
+| `qm_apply_profile` | Persist a profile to `~/.copilot/paved-path/profile.json` |
+
+## Install (local, from source)
+
+```powershell
+cd C:\Users\pbhamri\source\quartermaster-mcp
+npm install
+```
+
+Then register in `~\AppData\Roaming\Code\User\mcp.json` (or `.vscode/mcp.json`):
+
+```json
+{
+  "servers": {
+    "quartermaster": {
+      "type": "stdio",
+      "command": "node",
+      "args": ["C:\\Users\\pbhamri\\source\\quartermaster-mcp\\bin\\server.js"]
+    }
+  }
+}
+```
+
+Reload VS Code. Then in any chat: *"use quartermaster-mcp to seed this repo with purview-dlm"*.
+
+## Usage examples (natural language → MCP)
+
+```text
+# List what's available
+"List Quartermaster profiles."
+
+# Dry-run before writing
+"Use quartermaster-mcp to dry-run seed C:\repos\new-repo with purview-cc."
+
+# Real seed
+"Seed this repo with purview-ediscovery."
+
+# Audit any path
+"Audit C:\repos\billing-team-repo against Quartermaster readiness."
+```
+
+## What gets seeded
+
+In the target repo:
+- `AGENTS.md` (only if missing)
+- `.github/copilot-instructions.md` (only if missing)
+- `.quartermaster/profile.json` — full ADO/Kusto/IcM/directives/KPIs snapshot
+- `.quartermaster/command-center-seed.json` — KPIs + quick-links for dashboards
+- `.github/prompts/npf.prompt.md` — NPF self-score
+- `.github/prompts/cxe.prompt.md` — Hayete CXE pillar audit
+
+All file writes are idempotent. Existing files are **never overwritten** — they're reported as `skip (exists)`.
+
+## Why MCP, not a script
+
+| Old (install-wizard.ps1) | New (quartermaster-mcp) |
+|---|---|
+| Run from one folder | Callable from any cwd in any agent |
+| Windows PowerShell only | Any client speaking MCP (Copilot CLI, Claude Desktop, Cursor, VS Code) |
+| Manual re-run per repo | Agent calls it inline mid-conversation |
+| Updates require re-share | Single source of truth; bump version, peers pick up via mcp.json |
+
+## Source of truth
+
+Resources are bundled in `resources/` (profiles, prompts, mcp-server registry). To refresh from the live share-kit:
+
+```powershell
+Copy-Item C:\Users\pbhamri\share-kit\profiles\*.json resources\profiles\ -Force
+Copy-Item C:\Users\pbhamri\.github\prompts\*.prompt.md resources\prompts\ -Force
+```
+
+Then bump the version in `package.json`.
+
+## Roadmap (post-v0.1)
+
+- `qm_emit_pr` — open a PR against a seeded repo with the Quartermaster scaffolding
+- `qm_telemetry` — emit `paved-path-events.jsonl` entries per seed/audit so adoption is measurable
+- Publish to npm as `@pbhamri/quartermaster-mcp` for one-line `npx` install

package/bin/server.js

@@ -0,0 +1,375 @@
+#!/usr/bin/env node
+// Quartermaster MCP server — seeds any repo with the Quartermaster PM kit.
+// Transport: stdio. Tools: qm_list_profiles, qm_seed_repo, qm_audit_repo, qm_install_prompts, qm_apply_profile.
+
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+  ListResourcesRequestSchema,
+  ReadResourceRequestSchema,
+} from "@modelcontextprotocol/sdk/types.js";
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { execFileSync } from "node:child_process";
+import { createRequire } from "node:module";
+import { fileURLToPath } from "node:url";
+const require = createRequire(import.meta.url);
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const RES = path.join(__dirname, "..", "resources");
+const PKG = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));
+
+// ---- Telemetry (§9 paved-path contract: type, latency_ms, snake_case) ----
+const METRICS_FILE = process.env.QM_METRICS_FILE
+  || path.join(os.homedir(), ".copilot", "metrics", "paved-path-events.jsonl");
+
+function machineId() {
+  try {
+    const crypto = require("node:crypto");
+    const seed = `${os.platform()}:${os.arch()}:${os.cpus().length}:${os.totalmem()}`;
+    return crypto.createHash("sha256").update(seed).digest("hex").slice(0, 12);
+  } catch { return "unknown"; }
+}
+
+function emit(type, data = {}) {
+  if (process.env.QM_METRICS_OPT_OUT === "1") return;
+  try {
+    fs.mkdirSync(path.dirname(METRICS_FILE), { recursive: true });
+    const evt = {
+      ts: new Date().toISOString(),
+      type,
+      source: "quartermaster-mcp",
+      version: PKG.version,
+      machine: machineId(),
+      ...data,
+    };
+    fs.appendFileSync(METRICS_FILE, JSON.stringify(evt) + "\n", "utf8");
+  } catch (e) { process.stderr.write(`telemetry: ${e.message}\n`); }
+}
+
+async function timed(type, baseData, fn) {
+  const t0 = Date.now();
+  try {
+    const result = await fn();
+    emit(type, { ...baseData, success: true, latency_ms: Date.now() - t0 });
+    return result;
+  } catch (e) {
+    emit(type, { ...baseData, success: false, latency_ms: Date.now() - t0, error: e.message });
+    throw e;
+  }
+}
+
+const readJson = (p) => JSON.parse(fs.readFileSync(p, "utf8"));
+const writeText = (p, t) => { fs.mkdirSync(path.dirname(p), { recursive: true }); fs.writeFileSync(p, t, "utf8"); };
+const exists = (p) => fs.existsSync(p);
+
+function listProfiles() {
+  return fs.readdirSync(path.join(RES, "profiles"))
+    .filter(f => f.endsWith(".json") && !f.startsWith("_"))
+    .map(f => {
+      const j = readJson(path.join(RES, "profiles", f));
+      return { id: j.id, displayName: j.displayName, file: f, directives: (j.defaultDirectives||[]).length, kpis: Object.keys(j.defaultKpis||{}).length };
+    });
+}
+
+function seedRepo({ repoPath, profileId, includeCommandCenter = true, includePrompts = true, dryRun = false }) {
+  if (!repoPath || !exists(repoPath)) throw new Error(`repoPath does not exist: ${repoPath}`);
+  const profileFile = path.join(RES, "profiles", `${profileId}.json`);
+  if (!exists(profileFile)) throw new Error(`profile not found: ${profileId}. Use qm_list_profiles.`);
+  const profile = readJson(profileFile);
+
+  const actions = [];
+  const plan = (target, kind, bytes) => actions.push({ target, kind, bytes });
+
+  // 1. .quartermaster/profile.json (in target repo, not ~/.copilot — keeps it self-contained)
+  const profileTarget = path.join(repoPath, ".quartermaster", "profile.json");
+  const profileContent = JSON.stringify({
+    seededAt: new Date().toISOString(),
+    seededBy: "quartermaster-mcp@0.1.0",
+    profile: { id: profile.id, displayName: profile.displayName },
+    ado: profile.ado, kusto: profile.kusto, icm: profile.icm,
+    directives: profile.defaultDirectives, kpis: profile.defaultKpis,
+    recommendedMcp: profile.recommendedMcp, quickLinks: profile.quickLinks,
+  }, null, 2);
+  plan(profileTarget, "create", profileContent.length);
+
+  // 2. AGENTS.md stub (only if not present)
+  const agentsPath = path.join(repoPath, "AGENTS.md");
+  if (!exists(agentsPath)) {
+    const agents = `# AGENTS.md — ${path.basename(repoPath)}
+
+> Seeded by quartermaster-mcp on ${new Date().toISOString().slice(0,10)}.
+> Profile: **${profile.displayName}** (${profile.id})
+
+## Profile-driven defaults
+
+- **ADO**: \`${profile.ado.org}/${profile.ado.project}\` · area \`${profile.ado.areaPath}\`
+- **Kusto**: \`${profile.kusto.cluster}\` · db \`${profile.kusto.database}\`
+- **IcM**: ${profile.icm.serviceName}
+
+## Directives (from profile)
+
+${profile.defaultDirectives.map((d,i) => `${i+1}. **${d.id}** — ${d.title}`).join("\n")}
+
+## Verification
+
+Run \`pwsh scripts/verify.ps1\` (if present) before opening PRs.
+
+## Source
+This file was generated from the Quartermaster MCP server. To regenerate or
+re-seed, ask any agent: *"use quartermaster-mcp to re-seed this repo with profile ${profile.id}"*.
+`;
+    plan(agentsPath, "create", agents.length);
+  } else {
+    plan(agentsPath, "skip (exists)", 0);
+  }
+
+  // 3. .github/copilot-instructions.md stub (only if not present)
+  const ciPath = path.join(repoPath, ".github", "copilot-instructions.md");
+  if (!exists(ciPath)) {
+    const ci = `# Copilot Instructions — ${path.basename(repoPath)}
+
+Seeded by quartermaster-mcp · profile **${profile.displayName}**.
+
+## Operating model
+- Score every artefact against the **TRANSFORMATIVE** PM behaviors (AI-driven innovation, outcome-centric, shared leverage, decision velocity).
+- Close every response with a 2-line Transformative prompt-sharpening tip.
+
+## CXE pillars (Hayete, 2026-05-29)
+1. CXE = core priority
+2. Customers get value fast (TTV)
+3. Operate with confidence
+4. Support when it matters
+
+Run \`/cxe\` to audit any PRD/work-item against the 4 pillars. Run \`/npf\` for the maturity self-score.
+`;
+    plan(ciPath, "create", ci.length);
+  } else {
+    plan(ciPath, "skip (exists)", 0);
+  }
+
+  // 4. .github/prompts/{npf,cxe}.prompt.md
+  if (includePrompts) {
+    for (const name of ["npf.prompt.md", "cxe.prompt.md"]) {
+      const src = path.join(RES, "prompts", name);
+      const dst = path.join(repoPath, ".github", "prompts", name);
+      if (exists(src) && !exists(dst)) plan(dst, "create", fs.statSync(src).size);
+      else if (exists(dst)) plan(dst, "skip (exists)", 0);
+    }
+  }
+
+  // 5. Command Center starter
+  if (includeCommandCenter) {
+    const ccPath = path.join(repoPath, ".quartermaster", "command-center-seed.json");
+    const cc = JSON.stringify({
+      generatedAt: new Date().toISOString(),
+      product: profile.displayName,
+      directives: profile.defaultDirectives,
+      kpis: profile.defaultKpis,
+      quickLinks: profile.quickLinks,
+    }, null, 2);
+    plan(ccPath, "create", cc.length);
+  }
+
+  // Execute unless dryRun
+  if (!dryRun) {
+    for (const a of actions) {
+      if (a.kind === "create") {
+        const isProfile = a.target.endsWith("profile.json") && a.target.includes(".quartermaster");
+        const isSeed    = a.target.endsWith("command-center-seed.json");
+        const isPrompt  = a.target.includes(path.join(".github","prompts"));
+        if (isProfile)  writeText(a.target, profileContent);
+        else if (isSeed) writeText(a.target, JSON.stringify({
+            generatedAt: new Date().toISOString(), product: profile.displayName,
+            directives: profile.defaultDirectives, kpis: profile.defaultKpis, quickLinks: profile.quickLinks,
+          }, null, 2));
+        else if (isPrompt) {
+          const name = path.basename(a.target);
+          fs.mkdirSync(path.dirname(a.target), { recursive: true });
+          fs.copyFileSync(path.join(RES, "prompts", name), a.target);
+        }
+        else if (a.target.endsWith("AGENTS.md") || a.target.endsWith("copilot-instructions.md")) {
+          // Re-derive content (kept in plan() above is local-scope variables)
+          // To keep this simple, regenerate inline here
+          if (a.target.endsWith("AGENTS.md")) {
+            writeText(a.target, `# AGENTS.md — ${path.basename(repoPath)}\n\n> Seeded by quartermaster-mcp on ${new Date().toISOString().slice(0,10)}.\n> Profile: **${profile.displayName}** (${profile.id})\n\nSee \`.quartermaster/profile.json\` for ADO/Kusto/IcM/directives/KPIs.\n`);
+          } else {
+            writeText(a.target, `# Copilot Instructions — ${path.basename(repoPath)}\n\nSeeded by quartermaster-mcp · profile **${profile.displayName}**.\n\nCXE pillars (Hayete): CXE-first · Value fast · Confidence · Support when it matters.\nRun /cxe and /npf prompts.\n`);
+          }
+        }
+      }
+    }
+  }
+
+  return {
+    repoPath, profile: { id: profile.id, displayName: profile.displayName },
+    dryRun, actions,
+    summary: `${actions.filter(a=>a.kind==='create').length} files ${dryRun ? "would be created" : "created"}, ${actions.filter(a=>a.kind.startsWith('skip')).length} skipped`,
+  };
+}
+
+function auditRepo({ repoPath }) {
+  if (!repoPath || !exists(repoPath)) throw new Error(`repoPath does not exist: ${repoPath}`);
+  const checks = [
+    { id: "agents-md",        label: "AGENTS.md present",                    pass: exists(path.join(repoPath, "AGENTS.md")) },
+    { id: "copilot-instr",    label: ".github/copilot-instructions.md",      pass: exists(path.join(repoPath, ".github", "copilot-instructions.md")) },
+    { id: "qm-profile",       label: ".quartermaster/profile.json",          pass: exists(path.join(repoPath, ".quartermaster", "profile.json")) },
+    { id: "npf-prompt",       label: ".github/prompts/npf.prompt.md",        pass: exists(path.join(repoPath, ".github", "prompts", "npf.prompt.md")) },
+    { id: "cxe-prompt",       label: ".github/prompts/cxe.prompt.md",        pass: exists(path.join(repoPath, ".github", "prompts", "cxe.prompt.md")) },
+    { id: "verify-ps1",       label: "scripts/verify.ps1",                   pass: exists(path.join(repoPath, "scripts", "verify.ps1")) },
+  ];
+  const score = checks.filter(c => c.pass).length;
+  return { repoPath, score, max: checks.length, band: score>=5?"Strong":score>=3?"Acceptable":"Weak", checks };
+}
+
+function installPrompts({ targetDir = path.join(os.homedir(), ".github", "prompts") } = {}) {
+  fs.mkdirSync(targetDir, { recursive: true });
+  const installed = [];
+  for (const f of fs.readdirSync(path.join(RES, "prompts"))) {
+    const src = path.join(RES, "prompts", f);
+    const dst = path.join(targetDir, f);
+    fs.copyFileSync(src, dst);
+    installed.push(dst);
+  }
+  return { targetDir, installed };
+}
+
+function applyProfile({ profileId, targetPath = path.join(os.homedir(), ".copilot", "paved-path", "profile.json") }) {
+  const src = path.join(RES, "profiles", `${profileId}.json`);
+  if (!exists(src)) throw new Error(`profile not found: ${profileId}`);
+  const profile = readJson(src);
+  const persisted = {
+    installedAt: new Date().toISOString(),
+    wizardVersion: "mcp-0.1.0",
+    profile: { id: profile.id, displayName: profile.displayName },
+    ado: profile.ado, kusto: profile.kusto, icm: profile.icm,
+  };
+  writeText(targetPath, JSON.stringify(persisted, null, 2));
+  return { targetPath, profile: persisted.profile };
+}
+
+function readTelemetry({ limit = 50, typeFilter = null } = {}) {
+  if (!exists(METRICS_FILE)) return { file: METRICS_FILE, total: 0, events: [], summary: {} };
+  const lines = fs.readFileSync(METRICS_FILE, "utf8").split("\n").filter(Boolean);
+  const all = [];
+  for (const l of lines) { try { all.push(JSON.parse(l)); } catch {} }
+  const filtered = typeFilter ? all.filter(e => e.type === typeFilter) : all;
+  const summary = {};
+  for (const e of all) summary[e.type] = (summary[e.type] || 0) + 1;
+  return { file: METRICS_FILE, total: all.length, returned: Math.min(limit, filtered.length), events: filtered.slice(-limit), summary };
+}
+
+function emitPr({ repoPath, profileId, branch = null, title = null, body = null, base = "main", draft = false }) {
+  if (!repoPath || !exists(repoPath)) throw new Error(`repoPath does not exist: ${repoPath}`);
+  if (!exists(path.join(repoPath, ".git"))) throw new Error(`not a git repo: ${repoPath}`);
+  // Prerequisite: gh CLI on PATH
+  try { execFileSync("gh", ["--version"], { stdio: "pipe" }); }
+  catch { throw new Error("gh CLI not found on PATH. Install: https://cli.github.com/"); }
+
+  const stamp = new Date().toISOString().slice(0,10);
+  branch = branch || `quartermaster/seed-${profileId}-${stamp}`;
+  title  = title  || `Seed Quartermaster kit (${profileId})`;
+
+  const run = (args, opts = {}) => execFileSync("git", args, { cwd: repoPath, stdio: "pipe", ...opts }).toString().trim();
+  const runGh = (args, opts = {}) => execFileSync("gh", args, { cwd: repoPath, stdio: "pipe", ...opts }).toString().trim();
+
+  // Ensure clean for the files we'll create — we seed first, then commit
+  const seedResult = seedRepo({ repoPath, profileId, dryRun: false });
+  const created = seedResult.actions.filter(a => a.kind === "create").map(a => a.target);
+  if (created.length === 0) {
+    return { repoPath, branch, created: 0, message: "nothing to seed (all files already exist); no PR opened" };
+  }
+
+  // Branch + commit + push + PR
+  const baseBranch = (() => { try { return run(["rev-parse","--abbrev-ref","HEAD"]); } catch { return base; } })();
+  try { run(["checkout","-b", branch]); } catch { run(["checkout", branch]); }
+  for (const f of created) { try { run(["add", path.relative(repoPath, f)]); } catch {} }
+  const commitMsg = `Seed Quartermaster kit (${profileId})\n\n${created.length} files added by quartermaster-mcp@${PKG.version}.\n\n<!-- BEGIN pr-telemetry -->\nassistance: agentic-cli\ntype: infra\nagent-tool: copilot-cli\nagent-model: claude-opus-4.7\nwork-item: n/a\n<!-- END pr-telemetry -->\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>`;
+  run(["commit","-m", commitMsg]);
+  run(["push","-u","origin", branch]);
+
+  body = body || `Seeded by \`quartermaster-mcp@${PKG.version}\` with profile **${profileId}**.\n\nFiles added:\n${created.map(f => `- \`${path.relative(repoPath, f)}\``).join("\n")}\n\n<!-- BEGIN pr-telemetry -->\nassistance: agentic-cli\ntype: infra\nagent-tool: copilot-cli\nagent-model: claude-opus-4.7\nwork-item: n/a\n<!-- END pr-telemetry -->`;
+
+  const ghArgs = ["pr","create","--base", base, "--head", branch, "--title", title, "--body", body];
+  if (draft) ghArgs.push("--draft");
+  const prUrl = runGh(ghArgs);
+  return { repoPath, branch, baseBranch, base, prUrl, filesAdded: created.length };
+}
+
+
+// ---------------- MCP wiring ----------------
+const server = new Server(
+  { name: "quartermaster-mcp", version: "0.1.0" },
+  { capabilities: { tools: {}, resources: {} } }
+);
+
+const TOOLS = [
+  { name: "qm_list_profiles", description: "List all available Purview product profiles (DLM, Billing, CC, Records, eDiscovery, Insider Risk).",
+    inputSchema: { type: "object", properties: {} } },
+  { name: "qm_seed_repo", description: "Seed a target repo with the Quartermaster kit (AGENTS.md, copilot-instructions.md, .quartermaster/profile.json, /npf + /cxe prompts, command-center seed). Idempotent — skips existing files.",
+    inputSchema: { type: "object", required: ["repoPath","profileId"], properties: {
+      repoPath: { type:"string", description:"Absolute path to target repo root" },
+      profileId: { type:"string", description:"e.g. purview-dlm, purview-billing, purview-cc, purview-records, purview-ediscovery, purview-insider-risk" },
+      includeCommandCenter: { type:"boolean", default:true },
+      includePrompts: { type:"boolean", default:true },
+      dryRun: { type:"boolean", default:false, description:"Plan only; write nothing." },
+    } } },
+  { name: "qm_audit_repo", description: "Score a repo /6 against Quartermaster readiness (AGENTS.md, copilot-instructions, profile, /npf, /cxe, verify.ps1).",
+    inputSchema: { type:"object", required:["repoPath"], properties: { repoPath: { type:"string" } } } },
+  { name: "qm_install_prompts", description: "Install /npf and /cxe prompts to ~/.github/prompts (or override targetDir).",
+    inputSchema: { type:"object", properties: { targetDir: { type:"string" } } } },
+  { name: "qm_apply_profile", description: "Persist a Purview product profile to ~/.copilot/paved-path/profile.json (or override targetPath).",
+    inputSchema: { type:"object", required:["profileId"], properties: { profileId: { type:"string" }, targetPath: { type:"string" } } } },
+  { name: "qm_telemetry", description: "Read recent paved-path telemetry events emitted by this MCP server (and any other paved-path source writing to the same JSONL).",
+    inputSchema: { type:"object", properties: { limit: { type:"integer", default:50 }, typeFilter: { type:"string", description:"e.g. qm.seed_repo, qm.audit_repo" } } } },
+  { name: "qm_emit_pr", description: "Seed a repo with a profile AND open a labeled PR via gh CLI. Requires gh on PATH and a git repo at repoPath.",
+    inputSchema: { type:"object", required:["repoPath","profileId"], properties: {
+      repoPath: { type:"string" }, profileId: { type:"string" },
+      branch: { type:"string", description:"defaults to quartermaster/seed-<profile>-<date>" },
+      title: { type:"string" }, body: { type:"string" },
+      base: { type:"string", default:"main" }, draft: { type:"boolean", default:false }
+    } } },
+];
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));
+
+server.setRequestHandler(CallToolRequestSchema, async (req) => {
+  const { name, arguments: args = {} } = req.params;
+  try {
+    let result;
+    switch (name) {
+      case "qm_list_profiles":   result = await timed("qm.list_profiles",   {}, async () => listProfiles()); break;
+      case "qm_seed_repo":       result = await timed("qm.seed_repo",       { profileId: args.profileId, dryRun: !!args.dryRun }, async () => seedRepo(args)); break;
+      case "qm_audit_repo":      result = await timed("qm.audit_repo",      {}, async () => auditRepo(args)); break;
+      case "qm_install_prompts": result = await timed("qm.install_prompts", {}, async () => installPrompts(args)); break;
+      case "qm_apply_profile":   result = await timed("qm.apply_profile",   { profileId: args.profileId }, async () => applyProfile(args)); break;
+      case "qm_telemetry":       result = readTelemetry(args); break;
+      case "qm_emit_pr":         result = await timed("qm.emit_pr",         { profileId: args.profileId }, async () => emitPr(args)); break;
+      default: throw new Error(`unknown tool: ${name}`);
+    }
+    return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+  } catch (e) {
+    return { content: [{ type: "text", text: `ERROR: ${e.message}` }], isError: true };
+  }
+});
+
+server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+  resources: listProfiles().map(p => ({
+    uri: `quartermaster://profile/${p.id}`,
+    name: `Profile · ${p.displayName}`,
+    mimeType: "application/json",
+  })),
+}));
+
+server.setRequestHandler(ReadResourceRequestSchema, async (req) => {
+  const m = /^quartermaster:\/\/profile\/(.+)$/.exec(req.params.uri);
+  if (!m) throw new Error(`bad uri: ${req.params.uri}`);
+  const p = path.join(RES, "profiles", `${m[1]}.json`);
+  return { contents: [{ uri: req.params.uri, mimeType: "application/json", text: fs.readFileSync(p, "utf8") }] };
+});
+
+await server.connect(new StdioServerTransport());
+process.stderr.write(`quartermaster-mcp v${PKG.version} ready (stdio)\n`);

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@pbhamri/quartermaster-mcp",
+  "version": "0.2.0",
+  "description": "MCP server that seeds any repo with the Quartermaster PM kit (profiles, prompts, AGENTS.md, command center). No folder dependency — callable from any Copilot/Claude/Cursor session.",
+  "type": "module",
+  "bin": {
+    "quartermaster-mcp": "bin/server.js"
+  },
+  "files": [
+    "bin/",
+    "resources/",
+    "LICENSE",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pbhamri_microsoft/Quartermaster.git",
+    "directory": "source/quartermaster-mcp"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": ["mcp", "pm", "purview", "quartermaster", "copilot"],
+  "author": "pbhamri",
+  "license": "MIT"
+}

package/resources/mcp-servers/README.md

@@ -0,0 +1,41 @@
+# MCP server registry
+
+Each `*.json` file is a paste-ready Model Context Protocol server config. The wizard installer (`install/install-wizard.ps1`) reads these, substitutes profile-specific tokens (`{{KUSTO_CLUSTER}}`, `{{ADO_ORG}}`, etc.), and merges the result into:
+
+- **VS Code**: `~/AppData/Roaming/Code/User/mcp.json` (workspace-agnostic) and/or `.vscode/mcp.json` (per-project)
+- **Copilot CLI**: `~/.copilot/mcp.json`
+
+## Available servers
+
+| ID | Server | Public? | Notes |
+|---|---|---|---|
+| `kusto`      | Azure Kusto (Data Explorer) | yes (`uvx azure-kusto-mcp`) | Profile-driven default cluster |
+| `icm`        | IcM (Incident Manager) — Microsoft internal | no | Install from internal feed; wizard drops a TODO file if package not found |
+| `playwright` | Playwright browser automation | yes (`@playwright/mcp`) | Used by `emailer.js` and `pm-share-kit` |
+| `workiq`     | WorkIQ — M365 productivity data | yes (`@microsoft/workiq`) | Pulls meeting/email/Teams context |
+| `ado`        | Azure DevOps (work items + repos) | yes (`@azure-devops/mcp`) | Pre-fills org/project from profile |
+
+## Token substitution
+
+The wizard replaces these tokens at install time using the selected profile:
+
+| Token | Source field in profile JSON |
+|---|---|
+| `{{KUSTO_CLUSTER}}`     | `kusto.cluster` |
+| `{{KUSTO_DATABASE}}`    | `kusto.database` |
+| `{{ICM_SERVICE_NAME}}`  | `icm.serviceName` |
+| `{{ICM_TEAM_PUBLIC_ID}}`| `icm.teamPublicId` |
+| `{{ADO_ORG}}`           | `ado.org` |
+| `{{ADO_PROJECT}}`       | `ado.project` |
+
+## Adding a new MCP server
+
+1. Drop a new `<id>.json` here matching the existing schema (`id`, `displayName`, `description`, `requires`, `config`, `validation`).
+2. Add the new `<id>` to `share-kit/profiles/_schema.json` under `recommendedMcp.items.enum`.
+3. Reference the new `<id>` in any product profile's `recommendedMcp` array that should pre-select it.
+
+That's it — the wizard auto-discovers `*.json` files in this folder. No code change to the installer required.
+
+## §7.5 safety rule
+
+The wizard **snapshots** the current VS Code MCP config to `~/.copilot/session-state/mcp-snapshot-<timestamp>.json` before any edit, and prompts you to **close VS Code first**. If MCP setup spans more than 5 turns, the wizard stops and asks you to verify the snapshot before continuing — VS Code silently overwrites these files on save/reload.

package/resources/mcp-servers/ado.json

@@ -0,0 +1,20 @@
+{
+  "id": "ado",
+  "displayName": "Azure DevOps (work items + repos)",
+  "description": "Read/write ADO work items, query backlogs, link PRs to work items — across the org/project from the active profile.",
+  "requires": ["Azure CLI signed in: az login", "az devops extension: az extension add --name azure-devops"],
+  "config": {
+    "type": "stdio",
+    "command": "npx",
+    "args": ["-y", "@azure-devops/mcp@latest"],
+    "env": {
+      "ADO_DEFAULT_ORG": "{{ADO_ORG}}",
+      "ADO_DEFAULT_PROJECT": "{{ADO_PROJECT}}"
+    }
+  },
+  "validation": "After install: in Copilot CLI, ask 'use ado-mcp to list my active work items'.",
+  "notes": [
+    "Wizard pre-fills ADO_DEFAULT_ORG and ADO_DEFAULT_PROJECT from the selected profile (e.g., o365exchange / O365 Core for DLM).",
+    "az rest against dev.azure.com requires --resource 499b84ac-1321-427f-aa17-267ca6975798 — the MCP server handles this internally."
+  ]
+}

package/resources/mcp-servers/icm.json

@@ -0,0 +1,29 @@
+{
+  "id": "icm",
+  "displayName": "IcM (Incident Manager) — Microsoft internal",
+  "description": "Query IcM incidents and create new ones from Copilot. Requires the Microsoft-internal IcM MCP server (no public package — install from internal feed).",
+  "requires": [
+    "Microsoft corp network or AzureVPN",
+    "Internal IcM MCP server: ask in #icm-mcp-users Teams channel or see https://aka.ms/icm-mcp for install steps",
+    "IcM bearer token via 'icm-cli login' (or use device-code flow on first run)"
+  ],
+  "config": {
+    "type": "stdio",
+    "command": "npx",
+    "args": ["-y", "@microsoft-internal/icm-mcp@latest"],
+    "env": {
+      "ICM_TENANT": "PROD",
+      "ICM_DEFAULT_SERVICE": "{{ICM_SERVICE_NAME}}",
+      "ICM_TEAM_PUBLIC_ID": "{{ICM_TEAM_PUBLIC_ID}}"
+    }
+  },
+  "validation": "After install: in Copilot CLI, ask 'use icm-mcp to show my active incidents'. On first run, complete the device-code auth in the browser.",
+  "fallbackIfPackageMissing": {
+    "note": "If @microsoft-internal/icm-mcp is not yet published to your npm scope, the wizard installs a stub that lists the manual steps in ~/.copilot/icm-mcp-todo.md. The Copilot CLI will still work — just no IcM tools until you complete the manual install.",
+    "manualSteps": [
+      "1. Visit https://aka.ms/icm-mcp for the latest install instructions",
+      "2. Authenticate: icm-cli login (uses device code)",
+      "3. Re-run the wizard with -SkipMcpInstall to refresh the config"
+    ]
+  }
+}

package/resources/mcp-servers/kusto.json

@@ -0,0 +1,16 @@
+{
+  "id": "kusto",
+  "displayName": "Azure Kusto (Data Explorer)",
+  "description": "Query Kusto clusters from Copilot. Profile-driven default cluster; peer can swap KUSTO_SERVICE_URI to their own.",
+  "requires": ["uv (https://docs.astral.sh/uv/) or uvx on PATH", "Azure CLI signed in: az login"],
+  "config": {
+    "type": "stdio",
+    "command": "uvx",
+    "args": ["azure-kusto-mcp"],
+    "env": {
+      "KUSTO_SERVICE_URI": "{{KUSTO_CLUSTER}}",
+      "PATH": "C:\\Program Files\\Microsoft SDKs\\Azure\\CLI2\\wbin;${env:PATH}"
+    }
+  },
+  "validation": "After install: in Copilot CLI, ask 'use kusto-mcp to list databases on the default cluster'."
+}

package/resources/mcp-servers/playwright.json

@@ -0,0 +1,13 @@
+{
+  "id": "playwright",
+  "displayName": "Playwright (browser automation)",
+  "description": "Drive a real browser from Copilot — for Outlook web sends, Teams DMs, dashboard screenshots, IcM portal scraping.",
+  "requires": ["Node 20+", "npx on PATH"],
+  "config": {
+    "command": "npx",
+    "args": ["-y", "@playwright/mcp@latest"],
+    "tools": ["*"],
+    "type": "stdio"
+  },
+  "validation": "After install: in Copilot CLI, ask 'use playwright-mcp to open bing.com and screenshot the page'."
+}

package/resources/mcp-servers/workiq.json

@@ -0,0 +1,12 @@
+{
+  "id": "workiq",
+  "displayName": "WorkIQ — Microsoft 365 productivity data",
+  "description": "Pull meeting transcripts, emails, Teams messages, and calendar events from M365 directly into Copilot context.",
+  "requires": ["Node 20+", "Microsoft 365 account signed into M365 apps (Teams desktop)"],
+  "config": {
+    "type": "stdio",
+    "command": "npx",
+    "args": ["-y", "@microsoft/workiq", "mcp"]
+  },
+  "validation": "After install: in Copilot CLI, ask 'use workiq to show my last 3 meetings'. First run will pop a Microsoft consent dialog — approve."
+}

package/resources/profiles/_schema.json

@@ -0,0 +1,77 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema#",
+  "title": "Purview PM Profile",
+  "type": "object",
+  "required": ["id", "displayName", "ado", "kusto", "icm", "personas", "defaultDirectives", "defaultKpis", "recommendedMcp"],
+  "properties": {
+    "id":          { "type": "string", "description": "Slug — also the filename" },
+    "displayName": { "type": "string" },
+    "tagline":     { "type": "string", "description": "1-line product summary for the dashboard header" },
+    "ado": {
+      "type": "object",
+      "required": ["org", "project"],
+      "properties": {
+        "org":          { "type": "string", "examples": ["o365exchange", "msazure"] },
+        "project":      { "type": "string", "examples": ["M365 Security", "O365 Core"] },
+        "areaPath":     { "type": "string" },
+        "iterationPath":{ "type": "string" }
+      }
+    },
+    "kusto": {
+      "type": "object",
+      "required": ["cluster", "database"],
+      "properties": {
+        "cluster":  { "type": "string", "format": "uri" },
+        "database": { "type": "string" },
+        "starterQueries": {
+          "type": "array",
+          "items": { "type": "object", "required": ["name", "kql"], "properties": { "name": {"type":"string"}, "kql": {"type":"string"} } }
+        }
+      }
+    },
+    "icm": {
+      "type": "object",
+      "properties": {
+        "tenant":         { "type": "string", "default": "PROD" },
+        "serviceName":    { "type": "string" },
+        "teamPublicId":   { "type": "string", "description": "GUID of the on-call team" },
+        "routingId":      { "type": "string" }
+      }
+    },
+    "github": {
+      "type": "object",
+      "properties": {
+        "primaryRepo":   { "type": "string", "description": "owner/repo for PR + ADO linking" },
+        "fallbackRepos": { "type": "array", "items": { "type": "string" } }
+      }
+    },
+    "personas": {
+      "type": "array",
+      "description": "Key stakeholder roles to pre-seed in people/",
+      "items": { "type": "object", "required": ["role"], "properties": { "role": {"type":"string"}, "exampleName": {"type":"string"}, "exampleEmail": {"type":"string"} } }
+    },
+    "defaultDirectives": {
+      "type": "array",
+      "description": "Pre-seeded directives for connect-db.json — peer can edit",
+      "items": { "type": "object", "required": ["id", "title"], "properties": { "id": {"type":"string"}, "title": {"type":"string"}, "successSignal": {"type":"string"}, "cadence": {"type":"string"} } }
+    },
+    "defaultKpis": {
+      "type": "object",
+      "description": "Pre-seeded KPIs for the dashboard — peer fills in real numbers",
+      "additionalProperties": {
+        "type": "object",
+        "properties": { "label": {"type":"string"}, "unit": {"type":"string"}, "target": {"type":"string"}, "owner": {"type":"string"} }
+      }
+    },
+    "recommendedMcp": {
+      "type": "array",
+      "description": "MCP servers preselected for this product",
+      "items": { "type": "string", "enum": ["kusto", "icm", "playwright", "workiq", "ado"] }
+    },
+    "quickLinks": {
+      "type": "array",
+      "items": { "type": "object", "required": ["label", "url"], "properties": { "label": {"type":"string"}, "url": {"type":"string"} } }
+    },
+    "notes": { "type": "array", "items": { "type": "string" } }
+  }
+}

package/resources/profiles/purview-billing.json

@@ -0,0 +1,55 @@
+{
+  "id": "purview-billing",
+  "displayName": "Purview Billing & Metering",
+  "tagline": "Consumption metering, SKU mapping, invoice telemetry, cost-attribution across Purview SKUs.",
+  "ado": {
+    "org": "o365exchange",
+    "project": "O365 Core",
+    "areaPath": "O365 Core\\Compliance\\Billing"
+  },
+  "kusto": {
+    "cluster": "https://cxedataplatformcluster.westus2.kusto.windows.net/",
+    "database": "PurviewBilling",
+    "starterQueries": [
+      { "name": "Daily metering rows per tenant (28d)",  "kql": "MeteringEvents | where Timestamp > ago(28d) | summarize Rows = count() by bin(Timestamp,1d), TenantId" },
+      { "name": "SKU mix MoM",                            "kql": "BillingSnapshots | where Timestamp > ago(60d) | summarize ARR = sum(MonthlyARR) by SkuName, bin(Timestamp,30d)" },
+      { "name": "Top 10 cost drivers this month",         "kql": "CostAttribution | where Month == startofmonth(now()) | top 10 by AttributedCostUSD desc" }
+    ]
+  },
+  "icm": {
+    "tenant": "PROD",
+    "serviceName": "Microsoft Purview / Billing & Metering",
+    "teamPublicId": "TBD-fill-from-IcM-portal",
+    "routingId": "Purview-Billing-Oncall"
+  },
+  "github": {
+    "primaryRepo": "microsoft/m365-purview-billing",
+    "fallbackRepos": ["microsoft/m365-purview"]
+  },
+  "personas": [
+    { "role": "Finance Partner" },
+    { "role": "Engineering Manager — Metering" },
+    { "role": "Pricing PM" },
+    { "role": "CSS — Billing escalations" }
+  ],
+  "defaultDirectives": [
+    { "id": "D1", "title": "Cost-attribution accuracy: close 95% reconciliation gap",        "successSignal": "Variance vs invoice < 1% for 4 consecutive weeks",  "cadence": "Weekly" },
+    { "id": "D2", "title": "SKU-mapping coverage: 100% Purview SKUs mapped to features",     "successSignal": "Map file in repo, signed off by Finance",          "cadence": "30 days" },
+    { "id": "D3", "title": "Invoice anomaly alerts: ship 2 AI-driven alert types",           "successSignal": "Alert fires + cost saved per fire logged",         "cadence": "Monthly" },
+    { "id": "D4", "title": "Self-serve cost dashboard for FieldCxO",                         "successSignal": "10 internal users / week",                          "cadence": "60 days" }
+  ],
+  "defaultKpis": {
+    "reconciliationGap": { "label": "Reconciliation gap (invoice vs metering)", "unit": "%",        "target": "< 1%",  "owner": "self" },
+    "skuCoverage":       { "label": "SKUs mapped to features",                  "unit": "% of SKUs","target": "100%",  "owner": "self" },
+    "anomalyAlertsShipped":{"label": "AI anomaly-alert types live",              "unit": "/2",      "target": "2 by Q+1", "owner": "self" },
+    "fieldDashboardUsers":{ "label": "Field-CxO dashboard weekly users",         "unit": "users/wk","target": "10",     "owner": "self" }
+  },
+  "recommendedMcp": ["kusto", "icm", "workiq", "ado"],
+  "quickLinks": [
+    { "label": "Purview Billing wiki", "url": "https://aka.ms/purview-billing-wiki" },
+    { "label": "Commerce Operations",  "url": "https://aka.ms/commerce-ops" }
+  ],
+  "notes": [
+    "Reconciliation gap must be measured against the same Commerce invoice cut — pull both from the same Kusto snapshot timestamp."
+  ]
+}

package/resources/profiles/purview-cc.json

@@ -0,0 +1,53 @@
+{
+  "id": "purview-cc",
+  "displayName": "Purview Communication Compliance (CC)",
+  "tagline": "Detect, triage, and remediate inappropriate or risky communications across Teams, Exchange, Copilot, and third-party connectors.",
+  "ado": {
+    "org": "o365exchange",
+    "project": "M365 Security",
+    "areaPath": "M365 Security\\Compliance\\CommunicationCompliance"
+  },
+  "kusto": {
+    "cluster": "https://cxedataplatformcluster.westus2.kusto.windows.net/",
+    "database": "PurviewCC",
+    "starterQueries": [
+      { "name": "Alert volume by policy (28d)",        "kql": "CCPolicyAlerts | where Timestamp > ago(28d) | summarize Alerts = count() by PolicyName, bin(Timestamp,1d)" },
+      { "name": "Investigator MTTR by tenant",         "kql": "CCInvestigations | where ClosedAt > ago(30d) | summarize MTTRhrs = avg(datetime_diff('hour', ClosedAt, OpenedAt)) by TenantId" },
+      { "name": "False-positive rate by classifier",   "kql": "CCClassifierFeedback | where Timestamp > ago(28d) | summarize FpRate = countif(Label == 'FP') * 1.0 / count() by ClassifierName" }
+    ]
+  },
+  "icm": {
+    "tenant": "PROD",
+    "serviceName": "Microsoft Purview / Communication Compliance",
+    "teamPublicId": "TBD-fill-from-IcM-portal"
+  },
+  "github": {
+    "primaryRepo": "microsoft/m365-purview-cc"
+  },
+  "personas": [
+    { "role": "Engineering Manager" },
+    { "role": "Classifier ML Lead" },
+    { "role": "CELA / Privacy partner" },
+    { "role": "Regulator-facing Field Specialist" }
+  ],
+  "defaultDirectives": [
+    { "id": "D1", "title": "Classifier false-positive rate: drive below 8%",                  "successSignal": "4 consecutive weeks of < 8% FP", "cadence": "Weekly" },
+    { "id": "D2", "title": "Copilot interactions in scope: ship coverage GA",                 "successSignal": "GA blog + 5 named customers live", "cadence": "Quarterly" },
+    { "id": "D3", "title": "Investigator MTTR: cut by 30% via AI-summarized threads",         "successSignal": "Median MTTR < 4h",                   "cadence": "Monthly" },
+    { "id": "D4", "title": "Regulator-ready audit pack: one-click export",                    "successSignal": "Top-5 regulated customers using",    "cadence": "60 days" }
+  ],
+  "defaultKpis": {
+    "fpRate":           { "label": "Classifier false-positive rate",  "unit": "%",       "target": "< 8%",   "owner": "self" },
+    "copilotCoverageGa":{ "label": "Copilot-in-scope coverage",       "unit": "GA y/n",  "target": "GA",     "owner": "self" },
+    "investigatorMttr": { "label": "Investigator MTTR (median)",      "unit": "hours",   "target": "< 4h",   "owner": "self" },
+    "auditPackUsers":   { "label": "Regulator audit-pack adopters",   "unit": "tenants", "target": "5",      "owner": "self" }
+  },
+  "recommendedMcp": ["kusto", "icm", "workiq", "ado"],
+  "quickLinks": [
+    { "label": "CC PM workspace", "url": "https://aka.ms/purview-cc-pm" },
+    { "label": "CC docs",         "url": "https://learn.microsoft.com/purview/communication-compliance" }
+  ],
+  "notes": [
+    "FP rate measurement requires investigator feedback signal — ensure UI-instrumentation is shipping events to PurviewCC.CCClassifierFeedback before measuring."
+  ]
+}

package/resources/profiles/purview-dlm.json

@@ -0,0 +1,60 @@
+{
+  "id": "purview-dlm",
+  "displayName": "Purview Data Lifecycle Management (DLM)",
+  "tagline": "Retention labels, retention policies, records, disposition — across SharePoint, OneDrive, Exchange, Teams.",
+  "ado": {
+    "org": "o365exchange",
+    "project": "O365 Core",
+    "areaPath": "O365 Core\\Compliance\\DLM",
+    "iterationPath": "O365 Core"
+  },
+  "kusto": {
+    "cluster": "https://cxedataplatformcluster.westus2.kusto.windows.net/",
+    "database": "PurviewTelemetry",
+    "starterQueries": [
+      { "name": "DLM 28d retention-label apply rate",      "kql": "RetentionLabelEvents | where Timestamp > ago(28d) | summarize Applied = count() by bin(Timestamp, 1d)" },
+      { "name": "Disposition review queue depth",          "kql": "DispositionReviewEvents | where State == 'PendingReview' | summarize Pending = count() by Workload" },
+      { "name": "E5 vs E3 active-tenant DLM feature usage","kql": "DlmFeatureUsage | where Timestamp > ago(30d) | summarize ActiveTenants = dcount(TenantId) by Sku, FeatureName" }
+    ]
+  },
+  "icm": {
+    "tenant": "PROD",
+    "serviceName": "Microsoft Purview / Data Lifecycle Management",
+    "teamPublicId": "TBD-fill-from-IcM-portal",
+    "routingId": "DLM-PM-Onсall"
+  },
+  "github": {
+    "primaryRepo": "microsoft/m365-purview-dlm",
+    "fallbackRepos": ["microsoft/m365-purview"]
+  },
+  "personas": [
+    { "role": "Engineering Manager",         "exampleName": "TBD" },
+    { "role": "Design Partner — Enterprise", "exampleName": "TBD" },
+    { "role": "Compliance Marketing PMM",    "exampleName": "TBD" },
+    { "role": "Copilot Compliance PM",       "exampleName": "TBD" }
+  ],
+  "defaultDirectives": [
+    { "id": "D1", "title": "Ramp-up: convert insights into 2-3 backlog wins with named customer evidence", "successSignal": "3 ADO items filed with customer quote + tenant ID",         "cadence": "30 days" },
+    { "id": "D2", "title": "E3 → E5 adoption: 25% lift target",                                            "successSignal": "30-day baseline read, then weekly trend",                       "cadence": "Weekly Mon" },
+    { "id": "D3", "title": "AI in DLM: ship 1-2 surfaces with value metrics",                              "successSignal": "Minutes saved + queue collapse + false-positive reduction",     "cadence": "Monthly readout" },
+    { "id": "D4", "title": "Safe AI battlecard: co-own with Copilot + Compliance marketing",               "successSignal": "Battlecard published + sales-enabled",                          "cadence": "60 days" },
+    { "id": "D5", "title": "Cross-functional 1:1s evolve from info-gathering to joint problem-solving",    "successSignal": "Each 1:1 brings a specific hypothesis",                         "cadence": "Weekly" }
+  ],
+  "defaultKpis": {
+    "e5BaselineLift":      { "label": "E3 → E5 lift",                  "unit": "% MoM",     "target": "+25% in 90d", "owner": "self" },
+    "aiSurfacesShipped":   { "label": "AI surfaces shipped",           "unit": "/2 chosen", "target": "2 by 2026-06-13", "owner": "self" },
+    "backlogWinsFiled":    { "label": "ADO backlog wins from ramp-up", "unit": "/3",        "target": "3 by 2026-06-10", "owner": "self" },
+    "dispositionTimeBefore":{ "label": "Disposition time — baseline", "unit": "minutes",   "target": "capture by 2026-06-05", "owner": "self" },
+    "dispositionTimeAfter": { "label": "Disposition time — with AI",  "unit": "minutes",   "target": "-50% vs baseline", "owner": "self" }
+  },
+  "recommendedMcp": ["kusto", "icm", "workiq", "ado", "playwright"],
+  "quickLinks": [
+    { "label": "DLM PM workspace",      "url": "https://aka.ms/purview-dlm-pm" },
+    { "label": "DLM ADO board",         "url": "https://dev.azure.com/o365exchange/O365%20Core/_boards/board/t/DLM" },
+    { "label": "Retention docs (M365)", "url": "https://learn.microsoft.com/purview/retention" }
+  ],
+  "notes": [
+    "Fill teamPublicId from icmportal → Service Tree → 'Microsoft Purview / Data Lifecycle Management' → 'Team' tab.",
+    "Disposition KPI baseline must be captured BEFORE AI-in-DLM ships — otherwise no proof of value metric."
+  ]
+}

package/resources/profiles/purview-ediscovery.json

@@ -0,0 +1,53 @@
+{
+  "id": "purview-ediscovery",
+  "displayName": "Purview eDiscovery (Premium)",
+  "tagline": "Identify, collect, review, and produce ESI for legal matters. Custodian holds, search, review-set, predictive coding.",
+  "ado": {
+    "org": "o365exchange",
+    "project": "M365 Security",
+    "areaPath": "M365 Security\\Compliance\\eDiscovery"
+  },
+  "kusto": {
+    "cluster": "https://cxedataplatformcluster.westus2.kusto.windows.net/",
+    "database": "PurviewEDiscovery",
+    "starterQueries": [
+      { "name": "Active matters by tenant (28d)",       "kql": "Matters | where Status == 'Active' and Timestamp > ago(28d) | summarize Active = count() by TenantId" },
+      { "name": "Search latency P95 (review-set build)","kql": "SearchOps | where Op == 'BuildReviewSet' and Timestamp > ago(7d) | summarize P95s = percentile(LatencySec, 95) by bin(Timestamp,1h)" },
+      { "name": "Predictive-coding accuracy by matter", "kql": "PredictiveCodingResults | where MatterCreatedAt > ago(30d) | summarize avg(F1Score) by MatterId" }
+    ]
+  },
+  "icm": {
+    "tenant": "PROD",
+    "serviceName": "Microsoft Purview / eDiscovery",
+    "teamPublicId": "TBD-fill-from-IcM-portal"
+  },
+  "github": {
+    "primaryRepo": "microsoft/m365-purview-ediscovery"
+  },
+  "personas": [
+    { "role": "Outside counsel / litigation lead" },
+    { "role": "In-house Legal Ops" },
+    { "role": "Engineering Manager" },
+    { "role": "Premier support — Legal escalations" }
+  ],
+  "defaultDirectives": [
+    { "id": "D1", "title": "Review-set build P95 latency under 2 minutes",                 "successSignal": "P95 < 120s for 30 consecutive days", "cadence": "Weekly" },
+    { "id": "D2", "title": "Predictive coding F1 > 0.85 on 5 customer matters",            "successSignal": "5 matters validated by counsel",      "cadence": "Quarterly" },
+    { "id": "D3", "title": "AI deposition-prep assistant: ship preview",                   "successSignal": "10 firms in preview + NPS > 40",      "cadence": "60 days" },
+    { "id": "D4", "title": "Custodian hold notice automation",                             "successSignal": "Median notice cycle < 1 hour",        "cadence": "Quarterly" }
+  ],
+  "defaultKpis": {
+    "reviewSetP95":      { "label": "Review-set build P95",       "unit": "seconds", "target": "< 120", "owner": "self" },
+    "predictiveCodingF1":{ "label": "Predictive coding F1",       "unit": "score",   "target": "> 0.85","owner": "self" },
+    "depositionPreviewFirms":{"label": "Deposition-prep preview firms","unit": "firms","target":"10","owner":"self" },
+    "holdNoticeCycle":   { "label": "Custodian hold notice cycle","unit": "hours",   "target": "< 1",   "owner": "self" }
+  },
+  "recommendedMcp": ["kusto", "icm", "workiq", "ado", "playwright"],
+  "quickLinks": [
+    { "label": "eDiscovery PM workspace", "url": "https://aka.ms/purview-ediscovery-pm" },
+    { "label": "Legal Hold docs",         "url": "https://learn.microsoft.com/purview/ediscovery-holds" }
+  ],
+  "notes": [
+    "Predictive-coding accuracy must be validated by outside counsel before being used as a marketed metric — never publish self-reported F1."
+  ]
+}

package/resources/profiles/purview-insider-risk.json

@@ -0,0 +1,53 @@
+{
+  "id": "purview-insider-risk",
+  "displayName": "Purview Insider Risk Management (IRM)",
+  "tagline": "ML-driven detection of risky insider activity — data theft, departures, IP exfil — with privacy-by-design.",
+  "ado": {
+    "org": "o365exchange",
+    "project": "M365 Security",
+    "areaPath": "M365 Security\\Compliance\\InsiderRisk"
+  },
+  "kusto": {
+    "cluster": "https://cxedataplatformcluster.westus2.kusto.windows.net/",
+    "database": "PurviewIRM",
+    "starterQueries": [
+      { "name": "Active risk-policy alerts (28d)",      "kql": "IRMAlerts | where Timestamp > ago(28d) | summarize Alerts = count() by PolicyName, bin(Timestamp,1d)" },
+      { "name": "Analyst MTTR by alert severity",        "kql": "IRMInvestigations | where ClosedAt > ago(30d) | summarize MTTRhrs = avg(datetime_diff('hour', ClosedAt, OpenedAt)) by Severity" },
+      { "name": "Departure-risk model precision",        "kql": "DepartureModelFeedback | where Timestamp > ago(28d) | summarize Precision = countif(Label == 'TruePositive') * 1.0 / count() by ModelVersion" }
+    ]
+  },
+  "icm": {
+    "tenant": "PROD",
+    "serviceName": "Microsoft Purview / Insider Risk Management",
+    "teamPublicId": "TBD-fill-from-IcM-portal"
+  },
+  "github": {
+    "primaryRepo": "microsoft/m365-purview-irm"
+  },
+  "personas": [
+    { "role": "CISO / Insider Risk lead (customer)" },
+    { "role": "Privacy Officer / Works Council partner" },
+    { "role": "ML Engineering Manager" },
+    { "role": "CELA — Insider Risk" }
+  ],
+  "defaultDirectives": [
+    { "id": "D1", "title": "Departure-risk model precision > 75%",                    "successSignal": "4 consecutive weeks > 75%",   "cadence": "Weekly" },
+    { "id": "D2", "title": "Privacy-by-design: pseudonymization GA by EU region",     "successSignal": "GA + 3 EU customers live",     "cadence": "Quarterly" },
+    { "id": "D3", "title": "Copilot risk-summary: cut analyst triage time by 40%",    "successSignal": "Median triage < 6 min",        "cadence": "60 days" },
+    { "id": "D4", "title": "Adaptive Protection: 5 customers in production",          "successSignal": "5 named tenants live",          "cadence": "Quarterly" }
+  ],
+  "defaultKpis": {
+    "departureModelPrecision":{ "label": "Departure-risk model precision","unit": "%",       "target": "> 75%",     "owner": "self" },
+    "pseudonymizationGa":     { "label": "Pseudonymization GA (EU)",      "unit": "GA y/n",  "target": "GA",        "owner": "self" },
+    "analystTriageTime":      { "label": "Analyst triage time (median)",  "unit": "minutes", "target": "< 6",       "owner": "self" },
+    "adaptiveProtectionAdopters":{"label":"Adaptive Protection adopters", "unit": "tenants", "target": "5",         "owner": "self" }
+  },
+  "recommendedMcp": ["kusto", "icm", "workiq", "ado"],
+  "quickLinks": [
+    { "label": "IRM PM workspace", "url": "https://aka.ms/purview-irm-pm" },
+    { "label": "IRM privacy guidance","url": "https://aka.ms/irm-privacy" }
+  ],
+  "notes": [
+    "Any model-precision number shared externally MUST be reviewed by CELA + Privacy — IRM operates under stricter regulatory scrutiny (BetrVG in DE, equivalents in JP/FR)."
+  ]
+}

package/resources/profiles/purview-records.json

@@ -0,0 +1,53 @@
+{
+  "id": "purview-records",
+  "displayName": "Purview Records Management",
+  "tagline": "Regulatory recordkeeping — declare, manage, dispose. SEC 17a-4, FINRA, GDPR, data-residency.",
+  "ado": {
+    "org": "o365exchange",
+    "project": "O365 Core",
+    "areaPath": "O365 Core\\Compliance\\RecordsManagement"
+  },
+  "kusto": {
+    "cluster": "https://cxedataplatformcluster.westus2.kusto.windows.net/",
+    "database": "PurviewRecords",
+    "starterQueries": [
+      { "name": "Records declared / day (28d)",         "kql": "RecordEvents | where EventType == 'Declare' and Timestamp > ago(28d) | summarize Declared = count() by bin(Timestamp,1d)" },
+      { "name": "Disposition aging (P95)",              "kql": "DispositionQueue | summarize P95days = percentile(AgeDays, 95) by Workload" },
+      { "name": "Hold conflicts (open)",                 "kql": "HoldConflicts | where Status == 'Open' | summarize Open = count() by HoldType" }
+    ]
+  },
+  "icm": {
+    "tenant": "PROD",
+    "serviceName": "Microsoft Purview / Records Management",
+    "teamPublicId": "TBD-fill-from-IcM-portal"
+  },
+  "github": {
+    "primaryRepo": "microsoft/m365-purview-records"
+  },
+  "personas": [
+    { "role": "Records Compliance Officer (customer)" },
+    { "role": "CELA — Records & Retention" },
+    { "role": "Engineering Manager" },
+    { "role": "FINRA / SEC field specialist" }
+  ],
+  "defaultDirectives": [
+    { "id": "D1", "title": "SEC 17a-4 (f) compliance audit ready",        "successSignal": "Third-party assessment passes",      "cadence": "Quarterly" },
+    { "id": "D2", "title": "Disposition P95 aging under 14 days",          "successSignal": "P95 < 14d for 4 consecutive weeks",  "cadence": "Weekly" },
+    { "id": "D3", "title": "AI auto-classify regulated records (pilot)",   "successSignal": "10 customers + > 80% accuracy",       "cadence": "60 days" },
+    { "id": "D4", "title": "Hold-conflict UX overhaul",                    "successSignal": "Conflicts cleared 50% faster",        "cadence": "Quarterly" }
+  ],
+  "defaultKpis": {
+    "secAuditStatus":    { "label": "SEC 17a-4 (f) audit status",      "unit": "pass/fail", "target": "pass",  "owner": "CELA" },
+    "dispositionP95":    { "label": "Disposition P95 aging",           "unit": "days",      "target": "< 14",  "owner": "self" },
+    "aiClassifyAccuracy":{ "label": "AI classifier accuracy",          "unit": "%",         "target": "> 80%", "owner": "self" },
+    "holdConflictMttr":  { "label": "Hold-conflict MTTR",              "unit": "days",      "target": "-50%",  "owner": "self" }
+  },
+  "recommendedMcp": ["kusto", "icm", "workiq", "ado"],
+  "quickLinks": [
+    { "label": "Records PM workspace", "url": "https://aka.ms/purview-records-pm" },
+    { "label": "SEC 17a-4 guidance",   "url": "https://aka.ms/sec17a4" }
+  ],
+  "notes": [
+    "Regulator-facing KPIs must be reviewed by CELA before being externalized — keep target language conservative."
+  ]
+}

package/resources/prompts/cxe.prompt.md

@@ -0,0 +1,56 @@
+---
+description: One-word trigger — audit any PRD, work-item, or shipped surface against Hayete's 4 CXE pillars (CXE-first / Value-fast / Confidence / Support-when-it-matters).
+---
+# /cxe — Hayete CXE pillar audit
+
+When the user types `/cxe` (alone, or `/cxe <id-or-path>`), run a 4-pillar audit.
+
+## Inputs
+- If no arg: audit the most recent PRD in `competitive-intel-agent/prd-store.json` and the top 3 active directives from `~/Documents/Connect/db/connect-db.json`.
+- If `<id>`: audit that PRD id.
+- If `<path>`: audit the file at that path (PRD .md / .docx / .html or ADO work-item .json export).
+
+## Pillars (verbatim from Hayete, 2026-05-29)
+
+| # | Pillar | The lens |
+|---|---|---|
+| **P1** | CXE = core priority | Is the customer experience the lead, not a follow-up? |
+| **P2** | Value fast (TTV) | Median time from install/enable → first measurable customer value? |
+| **P3** | Operate with confidence | Can the customer predict what the product will do next? Reversible? Auditable? |
+| **P4** | Support when it matters | Right help at the right place at the right moment — in-product, contextual, not a doc link. |
+
+## Scoring rubric
+
+Each pillar: 0 / 1 / 2.
+- **0** = not addressed (or worse, contradicted)
+- **1** = acknowledged but no measurable target / no shipping plan
+- **2** = explicit, measurable target with owner + by-when
+
+Total /8. Bands: 7-8 *Strong* · 5-6 *Acceptable* · 3-4 *Weak* · 0-2 *Reject*.
+
+## Hard rule
+
+Any artefact scoring 0 on P1 (CXE not the lead) cannot proceed regardless of total — flag for rewrite.
+
+## Output format
+
+```
+CXE Audit · <artefact-name> · <total>/8 · <band>
+
+Pillar                       Score   Evidence / Gap
+P1  CXE = core priority      x/2     <one-line proof or gap>
+P2  Value fast (TTV)         x/2     <TTV measured or "no baseline">
+P3  Operate with confidence  x/2     <reversibility/auditability proof or gap>
+P4  Support when it matters  x/2     <in-product help mechanism or gap>
+
+Hard-rule status: <pass | REJECT — P1=0>
+Biggest gap:      <one sentence>
+Next move:        <one specific edit + owner + by-when>
+```
+
+Then close with the standard 3-block (Transformative tip / Hayete AMA / NPF Reach Expansion) — the **Hayete AMA line must now reference whichever pillar the audit found weakest**, so the rubric drives the close, not generic alignment.
+
+## Notes
+- This is candid, not flattering. A 3/8 is a real signal that the artefact needs a CXE rewrite, not a re-edit.
+- TTV (P2) cannot be scored 2 without a *measured* baseline number — "TTV is fast" doesn't count.
+- Support (P4) must be **in-product**. A docs link is P4=1, not P4=2.

package/resources/prompts/npf.prompt.md

@@ -0,0 +1,45 @@
+---
+description: One-word trigger — assess current NPF (Net Productivity Factor) performance from connect-db.json + recent CI reports, score against L3 Transformative band, and recommend the single highest-leverage next move.
+---
+# /npf — Net Productivity Factor assessment
+
+When the user types `/npf` (or just "npf"), run this assessment.
+
+## Steps
+
+1. Read `C:\Users\pbhamri\Documents\Connect\db\connect-db.json` → extract `npfHistory[]`, `kpis`, `goals`, `directives`, `todos`.
+2. Compute:
+   - **Current NPF**: latest `npfHistory[].index` + band
+   - **Week-over-week delta**: latest − snapshot from 7 days ago
+   - **Trend**: rising / flat / falling
+   - **L3 band proof**: count of evidence in last 7 days (skills shipped, §7 rules, frameworks added, paved-path artefacts, ADO/PR telemetry-tagged work)
+3. Score against the four TRANSFORMATIVE behaviors (each 0–25, total /100):
+   - **Leverage** — shared assets built (skills, agents, paved paths, templates)
+   - **Reach** — peers / workloads who can reuse this week's output
+   - **Cycle-time collapse** — weeks→days or days→minutes proof
+   - **Outcome focus** — customer/business metric movement vs activity counts
+4. Identify the **single biggest NPF leak** (KPI stuck at 0 / blocker on a directive / overdue todo / no real NPF capture).
+5. Recommend **one move** that would lift NPF by ≥5 points before the next refresh.
+
+## Output format
+
+```
+NPF: <score>/100 · <band> · <trend arrow> <delta> wk/wk
+
+Behavior          Score   Evidence
+Leverage          xx/25   <1-line proof>
+Reach             xx/25   <1-line proof>
+Cycle-time        xx/25   <1-line proof>
+Outcome focus     xx/25   <1-line proof>
+
+Biggest leak:     <one sentence>
+Next move (≥+5):  <one specific action with owner + by-when>
+```
+
+Then close with the standard 3-block (Transformative tip / Hayete AMA / NPF Reach Expansion).
+
+## Notes
+
+- The carried-forward NPF (note contains "auto-carried") is a placeholder, not a real score — call it out and *overwrite* it as part of this assessment by editing `connect-db.json` directly with your real computed score.
+- Never score above 80 without at least one shipped artefact a *peer PM has actually consumed* (proof of reach, not just availability).
+- This is a self-assessment for the user's growth — be candid, not flattering.