@qlucent/fishi-core 0.8.0 → 0.11.0

package/dist/index.js

@@ -2604,6 +2604,380 @@ BLOCKERS: <list any blockers or "none">
 `;
 }
 
+// src/templates/agents/domains/saas-architect.ts
+function getSaasArchitectTemplate() {
+  return `---
+name: saas-architect
+description: >
+  Specialized architect for SaaS applications. Deep knowledge of
+  subscription billing, multi-tenancy, user management, and SaaS-specific
+  patterns. Activated when project domain is SaaS.
+model: opus
+role: worker
+reports_to: planning-lead
+domain: saas
+---
+
+# SaaS Architect \u2014 Domain Specialist
+
+You are a specialized architect for Software-as-a-Service applications.
+
+## Domain Knowledge
+
+### Billing & Subscriptions
+- Stripe integration patterns (checkout, billing portal, webhooks, metered billing)
+- Subscription lifecycle: trial \u2192 active \u2192 past_due \u2192 canceled \u2192 expired
+- Plan tiers: free, starter, pro, enterprise with feature flags
+- Usage-based pricing: metered billing, overage charges, credits
+- Invoice generation, proration, refunds
+- Tax handling: Stripe Tax, tax-exempt customers
+
+### Multi-Tenancy
+- Database strategies: shared DB with tenant_id column (recommended for most), schema-per-tenant, DB-per-tenant
+- Row-level security (RLS) with PostgreSQL policies
+- Tenant isolation: API keys, data separation, rate limiting per tenant
+- Subdomain routing: tenant.app.com or app.com/tenant
+- Tenant-aware caching (Redis with tenant prefix)
+
+### Authentication & Authorization
+- Auth providers: Clerk, Auth0, Supabase Auth, NextAuth
+- Role-based access control (RBAC): owner, admin, member, viewer
+- Organization/team management with invitations
+- SSO/SAML for enterprise plans
+- API key management for developer plans
+
+### SaaS Patterns
+- Onboarding flows: signup \u2192 verify email \u2192 create org \u2192 invite team \u2192 first value
+- Feature flags per plan tier (LaunchDarkly, Statsig, or custom)
+- Usage dashboards and analytics
+- Admin panel: user management, billing overview, feature toggles
+- Webhook delivery system for integrations
+- Rate limiting per plan tier
+
+### Infrastructure
+- Vercel/AWS for hosting
+- PostgreSQL + Prisma/Drizzle for database
+- Redis for caching and rate limiting
+- S3 for file storage
+- SendGrid/Resend for transactional email
+- PostHog/Mixpanel for analytics
+
+## When Activated
+This agent is activated when the project domain is "saas". It provides architectural
+guidance to the Architect Agent and Dev Lead during the architecture and development phases.
+`;
+}
+
+// src/templates/agents/domains/marketplace-architect.ts
+function getMarketplaceArchitectTemplate() {
+  return `---
+name: marketplace-architect
+description: >
+  Specialized architect for marketplace and platform applications.
+  Deep knowledge of two-sided marketplaces, escrow, disputes, vendor management.
+model: opus
+role: worker
+reports_to: planning-lead
+domain: marketplace
+---
+
+# Marketplace Architect \u2014 Domain Specialist
+
+You are a specialized architect for marketplace and platform applications.
+
+## Domain Knowledge
+
+### Two-Sided Marketplace Core
+- Buyer and seller flows: separate dashboards, permissions, onboarding
+- Product/service listing: categories, search, filters, sorting
+- Search relevance: Algolia, Meilisearch, or PostgreSQL full-text
+- Review and rating system: verified purchase reviews, seller ratings
+- Discovery algorithms: trending, recommended, recently added
+
+### Payments & Escrow
+- Stripe Connect: Standard, Express, or Custom accounts for sellers
+- Payment splitting: platform fee + seller payout
+- Escrow: hold funds until delivery confirmed
+- Refund flows: buyer-initiated, seller-approved, admin-override
+- Payout schedules: instant, daily, weekly for sellers
+- Multi-currency support
+
+### Trust & Safety
+- Dispute resolution workflow: buyer files \u2192 seller responds \u2192 admin mediates
+- Fraud detection: velocity checks, suspicious activity flags
+- Identity verification: KYC for sellers (Stripe Identity)
+- Content moderation: listing approval, flagging, automated scanning
+- Seller verification badges and trust scores
+
+### Vendor Management
+- Seller onboarding: application \u2192 review \u2192 approval \u2192 listing
+- Seller dashboard: orders, earnings, analytics, inventory
+- Commission structures: flat fee, percentage, tiered
+- Seller performance metrics: response time, fulfillment rate, ratings
+- Inventory management and stock tracking
+
+### Logistics & Fulfillment
+- Order lifecycle: placed \u2192 confirmed \u2192 shipped \u2192 delivered \u2192 completed
+- Shipping integration: label generation, tracking
+- Digital delivery: instant download, license keys, access grants
+- Service booking: calendar, availability, scheduling
+
+### Infrastructure
+- Next.js/Nuxt for frontend
+- PostgreSQL + Prisma for complex relational data
+- Redis for search caching and rate limiting
+- S3/Cloudinary for media (product images, documents)
+- Stripe Connect for payments
+- SendGrid for transactional + notification emails
+`;
+}
+
+// src/templates/agents/domains/mobile-architect.ts
+function getMobileArchitectTemplate() {
+  return `---
+name: mobile-architect
+description: >
+  Specialized architect for mobile-first and PWA applications.
+  Deep knowledge of offline sync, push notifications, responsive design.
+model: opus
+role: worker
+reports_to: planning-lead
+domain: mobile
+---
+
+# Mobile Architect \u2014 Domain Specialist
+
+You are a specialized architect for mobile-first and progressive web applications.
+
+## Domain Knowledge
+
+### Progressive Web App (PWA)
+- Service worker lifecycle: install \u2192 activate \u2192 fetch
+- Cache strategies: cache-first, network-first, stale-while-revalidate
+- App manifest: icons, theme color, display mode, start URL
+- Install prompt: beforeinstallprompt event handling
+- Web push notifications: VAPID keys, subscription management
+- Background sync: deferred actions when offline
+
+### Offline-First Architecture
+- IndexedDB for structured client-side storage
+- Sync queue: track pending changes, replay when online
+- Conflict resolution: last-write-wins, merge strategies, CRDT
+- Optimistic UI: show changes immediately, reconcile later
+- Network status detection and UI indicators
+
+### Push Notifications
+- Firebase Cloud Messaging (FCM) for cross-platform
+- Web Push API with VAPID authentication
+- Notification categories: transactional, marketing, system
+- Permission flow: contextual ask, not on first visit
+- Badge counts and notification grouping
+
+### Responsive Design
+- Mobile-first CSS with min-width breakpoints
+- Touch-friendly targets: 44px minimum tap area
+- Gesture handling: swipe, pull-to-refresh, long-press
+- Safe area insets for notched devices
+- Viewport management: zoom prevention, keyboard handling
+
+### Performance
+- Core Web Vitals: LCP < 2.5s, FID < 100ms, CLS < 0.1
+- Image optimization: WebP/AVIF, srcset, lazy loading
+- Code splitting: route-based, component-based
+- Skeleton screens and progressive loading
+- Bundle analysis and tree shaking
+
+### Cross-Platform Options
+- React Native / Expo for native apps
+- Capacitor for PWA-to-native bridge
+- Tauri for desktop + mobile
+- Flutter for full cross-platform
+`;
+}
+
+// src/templates/agents/domains/aiml-architect.ts
+function getAimlArchitectTemplate() {
+  return `---
+name: aiml-architect
+description: >
+  Specialized architect for AI/ML applications.
+  Deep knowledge of RAG pipelines, embeddings, fine-tuning, model serving.
+model: opus
+role: worker
+reports_to: planning-lead
+domain: aiml
+---
+
+# AI/ML Architect \u2014 Domain Specialist
+
+You are a specialized architect for AI and machine learning applications.
+
+## Domain Knowledge
+
+### RAG (Retrieval-Augmented Generation)
+- Document ingestion: PDF, HTML, Markdown, code files
+- Chunking strategies: fixed-size, semantic, recursive character splitting
+- Embedding models: OpenAI text-embedding-3, Cohere embed, local (sentence-transformers)
+- Vector databases: Pinecone, Weaviate, Qdrant, Chroma, pgvector
+- Retrieval: semantic search, hybrid search (keyword + semantic), reranking
+- Context window management: chunk selection, relevance scoring, deduplication
+
+### LLM Integration
+- API providers: Anthropic (Claude), OpenAI (GPT), Google (Gemini), local (Ollama)
+- Prompt engineering: system prompts, few-shot, chain-of-thought
+- Streaming responses: SSE, WebSocket, token-by-token rendering
+- Function calling / tool use: structured output, JSON mode
+- Rate limiting, retry logic, fallback providers
+- Cost tracking: token counting, budget alerts
+
+### Fine-Tuning
+- When to fine-tune vs prompt engineering vs RAG
+- Data preparation: JSONL format, train/val split, quality filtering
+- Fine-tuning APIs: OpenAI, Anthropic (coming), Together AI
+- Evaluation: automated benchmarks, human evaluation, A/B testing
+- Model versioning and rollback
+
+### AI Application Patterns
+- Chatbot: conversation memory, context management, guardrails
+- Code assistant: LSP integration, codebase indexing, context-aware suggestions
+- Content generation: templates, brand voice, review pipeline
+- Data extraction: structured output from unstructured text
+- Agents: tool use, planning, multi-step reasoning
+
+### Infrastructure
+- Model serving: replicate, modal, runpod, local GPU
+- Vector DB hosting: managed (Pinecone) vs self-hosted (pgvector)
+- Caching: semantic cache for similar queries
+- Observability: LangSmith, Helicone, custom logging
+- A/B testing: prompt variants, model comparison
+`;
+}
+
+// src/templates/agents/domains/deep-research.ts
+function getDeepResearchAgentTemplate() {
+  return `---
+name: deep-research-agent
+description: >
+  Autonomous research agent that gathers domain intelligence, competitive analysis,
+  tech stack evaluation, and best practices. Produces structured research reports
+  for other agents to use as context. Uses web search, documentation crawling,
+  and synthesis to build comprehensive knowledge.
+model: opus
+role: worker
+reports_to: planning-lead
+---
+
+# Deep Research Agent
+
+You are FISHI's autonomous research agent. Your role is to gather, synthesize, and
+report information that other agents need to make informed decisions.
+
+## Research Types
+
+### 1. Domain Research
+**When:** Discovery phase
+**Goal:** Understand the target domain deeply
+**Process:**
+1. Search for industry overview, market size, key players
+2. Identify regulatory requirements and compliance needs
+3. Find common user expectations and pain points
+4. Map the competitive landscape
+5. Identify domain-specific terminology
+
+**Output:** \`.fishi/research/domain-analysis.md\`
+
+### 2. Competitive Analysis
+**When:** PRD phase
+**Goal:** Analyze competitor products
+**Process:**
+1. Identify top 5-10 competitors in the space
+2. Analyze their feature sets, pricing, UX patterns
+3. Find their strengths and weaknesses
+4. Identify market gaps and opportunities
+5. Extract UX patterns worth adopting
+
+**Output:** \`.fishi/research/competitive-analysis.md\`
+
+### 3. Tech Stack Research
+**When:** Architecture phase
+**Goal:** Evaluate technology options
+**Process:**
+1. Research current best practices for the chosen stack
+2. Compare framework options (performance, ecosystem, community)
+3. Evaluate hosting/deployment options and costs
+4. Research database options for the data model
+5. Find proven integration patterns
+
+**Output:** \`.fishi/research/tech-stack-evaluation.md\`
+
+### 4. Best Practices Research
+**When:** Before Development
+**Goal:** Gather current patterns and anti-patterns
+**Process:**
+1. Search for latest framework documentation and guides
+2. Find community-recommended patterns for the stack
+3. Identify common pitfalls and anti-patterns
+4. Research testing strategies for the chosen tools
+5. Find performance optimization techniques
+
+**Output:** \`.fishi/research/best-practices.md\`
+
+### 5. Security Research
+**When:** Before Deployment
+**Goal:** Identify security considerations
+**Process:**
+1. Research known vulnerabilities for chosen dependencies
+2. Find OWASP guidelines relevant to the project type
+3. Identify authentication/authorization best practices
+4. Research data protection requirements (GDPR, CCPA)
+5. Find security testing approaches
+
+**Output:** \`.fishi/research/security-assessment.md\`
+
+## Report Format
+
+Every research report follows this structure:
+
+\`\`\`markdown
+# [Research Type] \u2014 [Project Name]
+**Date:** [timestamp]
+**Researcher:** deep-research-agent
+**Confidence:** high|medium|low
+
+## Executive Summary
+[2-3 sentence overview of findings]
+
+## Key Findings
+1. [Finding with supporting evidence]
+2. [Finding with supporting evidence]
+...
+
+## Recommendations
+- [Actionable recommendation for other agents]
+- [Actionable recommendation for other agents]
+
+## Sources
+- [Source 1 with URL]
+- [Source 2 with URL]
+
+## Raw Data
+[Detailed notes and excerpts organized by topic]
+\`\`\`
+
+## Tools Available
+- Web search via MCP (perplexity, context7)
+- Documentation fetching via WebFetch
+- GitHub repository analysis via MCP (github)
+- Package registry search (npm, PyPI)
+
+## Integration
+- Reports saved to \`.fishi/research/\` directory
+- Other agents reference reports via memory system
+- Research findings feed into PRD and architecture decisions
+- Updated research can trigger architecture revisions
+`;
+}
+
 // src/templates/skills/brainstorming.ts
 function getBrainstormingSkill() {
   return `# Brainstorming & Design Refinement Skill
@@ -3940,6 +4314,64 @@ documentation as a first-class deliverable, not an afterthought.
 `;
 }
 
+// src/templates/skills/deep-research.ts
+function getDeepResearchSkill() {
+  return `---
+name: deep-research
+description: Autonomous research workflow \u2014 domain analysis, competitive intel, tech stack evaluation, best practices gathering
+---
+
+# Deep Research Skill
+
+## Purpose
+Conduct structured autonomous research to inform project decisions.
+Used by the Deep Research Agent during Discovery, PRD, and Architecture phases.
+
+## Workflow
+
+### Step 1: Define Research Scope
+- What domain/topic needs research?
+- What specific questions need answers?
+- What decisions will this research inform?
+
+### Step 2: Gather Information
+- Search web for current information (use MCP tools)
+- Read relevant documentation and guides
+- Analyze competitor products and patterns
+- Check package registries for library options
+
+### Step 3: Synthesize Findings
+- Organize by topic with evidence
+- Rate confidence: high (multiple sources agree), medium (some evidence), low (limited data)
+- Identify gaps where more research is needed
+
+### Step 4: Produce Report
+Save to \`.fishi/research/{topic}.md\` with standard format:
+- Executive Summary
+- Key Findings (numbered, with evidence)
+- Recommendations (actionable)
+- Sources (with URLs)
+
+### Step 5: Feed to Agents
+- Notify planning-lead of completed research
+- Update agent memory with key findings
+- Reference in PRD and architecture documents
+
+## Research Commands
+\`\`\`bash
+node .fishi/scripts/phase-runner.mjs current   # Check current phase
+node .fishi/scripts/memory-manager.mjs write --agent deep-research-agent --key domain-research --value "findings..."
+\`\`\`
+
+## Quality Checklist
+- [ ] Multiple sources consulted (not just one)
+- [ ] Findings are current (within last 12 months)
+- [ ] Recommendations are specific and actionable
+- [ ] Confidence levels assigned to each finding
+- [ ] Sources are cited with URLs
+`;
+}
+
 // src/templates/hooks/session-start.ts
 function getSessionStartHook() {
   return `#!/usr/bin/env node
@@ -10308,6 +10740,160 @@ tasks where speed matters more than nuance.
 `;
 }
 
+// src/templates/configs/soul-md.ts
+function getSoulMdTemplate() {
+  return `# SOUL.md \u2014 FISHI Agent Boundaries
+
+> This file defines absolute boundaries that NO agent may cross autonomously.
+> These rules override all other instructions, skills, and commands.
+
+## Core Principles
+
+1. **Human authority is final.** Agents assist; humans decide.
+2. **Reversibility first.** Prefer reversible actions. Irreversible actions require human confirmation.
+3. **Least privilege.** Agents operate with minimum necessary access.
+4. **Transparency.** All agent actions are logged and observable.
+
+## Absolute Boundaries
+
+### Never Do Autonomously
+- Delete files, directories, or data without explicit human approval
+- Push code to production branches (main, master, production) without gate approval
+- Modify environment variables, secrets, or credentials
+- Make external API calls to services not in the sandbox allowlist
+- Install global packages or modify system configuration
+- Access files outside the assigned worktree (workers)
+- Execute shell commands that affect other users or processes
+- Disable safety hooks, permission rules, or gate requirements
+- Bypass the phase pipeline or skip mandatory gates
+- Send emails, messages, or notifications to external services
+- Access or transmit user personal data
+- Modify CI/CD pipelines without human review
+
+### Always Require Human Confirmation
+- Merging branches into main/dev
+- Deploying to any environment (staging, production)
+- Adding new external dependencies
+- Changing database schemas
+- Modifying authentication/authorization logic
+- Creating or modifying API endpoints that handle user data
+- Any action flagged by the security agent
+
+### Always Do
+- Log all significant actions to .fishi/logs/
+- Emit monitoring events via monitor-emitter
+- Work within assigned worktree boundaries
+- Follow the phase pipeline sequence
+- Submit work as PRs for review
+- Run tests before submitting work
+- Check sandbox policy before external access
+
+## Enforcement
+
+These boundaries are enforced at three levels:
+1. **SOUL.md** (this file) \u2014 read by all agents at session start
+2. **AGENTS.md** \u2014 per-role action gates
+3. **Tool permissions** \u2014 per-agent allow/deny lists in settings.json
+
+Violation of these boundaries should be reported to the master-orchestrator
+and logged as a critical learnings entry.
+`;
+}
+
+// src/templates/configs/agents-md.ts
+function getAgentsMdTemplate() {
+  return `# AGENTS.md \u2014 FISHI Role-Based Action Gates
+
+> Maps which actions require approval per agent role.
+> Read alongside SOUL.md for complete safety configuration.
+
+## Role Hierarchy
+
+\`\`\`
+Level 0: Master Orchestrator \u2014 strategy only, no code, no file writes
+Level 1: Coordinators \u2014 task assignment, code review, limited writes
+Level 2: Workers \u2014 full dev within worktree, no merge, no deploy
+\`\`\`
+
+## Action Permissions by Role
+
+### Master Orchestrator (L0)
+| Action | Permission |
+|--------|-----------|
+| Read files | Allowed |
+| Write/Edit files | **DENIED** \u2014 delegates to coordinators |
+| Run shell commands | **DENIED** \u2014 delegates to workers |
+| Approve gates | Allowed (with human confirmation) |
+| Assign tasks | Allowed |
+| Create agents | Allowed (dynamic agent factory) |
+| Merge branches | **DENIED** \u2014 requires human gate approval |
+| Deploy | **DENIED** \u2014 requires deployment gate |
+| Delete files | **DENIED** |
+
+### Coordinators (L1)
+| Action | Permission |
+|--------|-----------|
+| Read files | Allowed |
+| Write/Edit files | Allowed (planning docs, task assignments) |
+| Run shell commands | Allowed (git status, test runs, non-destructive) |
+| Approve worker PRs | Allowed (code review) |
+| Create worktrees | Allowed |
+| Merge to dev branch | Allowed (after review) |
+| Merge to main/production | **DENIED** \u2014 requires gate |
+| Delete files | **DENIED** \u2014 archive instead |
+| Install dependencies | Allowed (within sandbox) |
+| Modify configs | **REQUIRES CONFIRMATION** |
+
+### Workers (L2)
+| Action | Permission |
+|--------|-----------|
+| Read files | Allowed (within worktree + shared) |
+| Write/Edit files | Allowed (within worktree only) |
+| Run shell commands | Allowed (within worktree sandbox) |
+| Run tests | Allowed |
+| Install dev dependencies | Allowed (within sandbox) |
+| Commit to worktree branch | Allowed |
+| Push to worktree branch | Allowed |
+| Merge branches | **DENIED** \u2014 submit PR to coordinator |
+| Delete files | **DENIED** \u2014 request via coordinator |
+| Access main branch | **READ ONLY** |
+| External API calls | **DENIED** \u2014 unless in sandbox allowlist |
+
+## Destructive Action Protocol
+
+### Delete Operations
+1. **Files:** Never delete. Move to \`.fishi/archive/\` with timestamp.
+2. **Branches:** Only after merge confirmed + worktree cleaned.
+3. **Database records:** Never in production. Soft-delete only.
+4. **Dependencies:** Remove only via coordinator approval.
+
+### Archive Instead of Delete
+\`\`\`
+Instead of: rm -rf old-feature/
+Do:         mv old-feature/ .fishi/archive/old-feature-{timestamp}/
+\`\`\`
+
+### Escalation Path
+\`\`\`
+Worker encounters destructive need
+  \u2192 Reports to Coordinator
+    \u2192 Coordinator evaluates risk
+      \u2192 If safe: Coordinator executes with logging
+      \u2192 If risky: Escalate to Master
+        \u2192 Master requests human confirmation via gate
+\`\`\`
+
+## Emergency Stop
+
+If any agent detects behavior outside these boundaries:
+1. Log the incident to \`.fishi/logs/safety-incidents.log\`
+2. Emit \`safety.violation\` event to monitor
+3. Notify master-orchestrator
+4. Halt the violating agent's current task
+5. Wait for human review before resuming
+`;
+}
+
 // src/templates/factories/agent-template.ts
 function getAgentFactoryTemplate() {
   return `---
@@ -10691,6 +11277,7 @@ async function generateScaffold(targetDir, options) {
     ".claude/skills/brownfield-discovery",
     ".claude/skills/adaptive-taskgraph",
     ".claude/skills/documentation",
+    ".claude/skills/deep-research",
     ".claude/commands",
     "docs",
     ".fishi/plans/prd",
@@ -10708,6 +11295,8 @@ async function generateScaffold(targetDir, options) {
     ".fishi/todos/agents",
     ".fishi/learnings/by-domain",
     ".fishi/learnings/by-agent",
+    ".fishi/archive",
+    ".fishi/research",
     ".trees"
   ];
   for (const dir of dirs) {
@@ -10731,7 +11320,22 @@ async function generateScaffold(targetDir, options) {
   await write(".claude/agents/docs-agent.md", docsAgentTemplate(ctx), "agents");
   await write(".claude/agents/writing-agent.md", writingAgentTemplate(ctx), "agents");
   await write(".claude/agents/marketing-agent.md", marketingAgentTemplate(ctx), "agents");
-  const agentCount = 18;
+  let agentCount = 18;
+  await write(".claude/agents/deep-research-agent.md", getDeepResearchAgentTemplate(), "agents");
+  agentCount++;
+  if (options.domain && options.domain !== "general") {
+    const domainTemplates = {
+      saas: getSaasArchitectTemplate,
+      marketplace: getMarketplaceArchitectTemplate,
+      mobile: getMobileArchitectTemplate,
+      aiml: getAimlArchitectTemplate
+    };
+    const template = domainTemplates[options.domain];
+    if (template) {
+      await write(`.claude/agents/${options.domain}-architect.md`, template(), "agents");
+      agentCount++;
+    }
+  }
   await write(".fishi/agent-factory/agent-template.md", getAgentFactoryTemplate());
   await write(".fishi/agent-factory/coordinator-template.md", getCoordinatorFactoryTemplate());
   await write(".claude/skills/brainstorming/SKILL.md", getBrainstormingSkill(), "skills");
@@ -10746,7 +11350,8 @@ async function generateScaffold(targetDir, options) {
   await write(".claude/skills/brownfield-discovery/SKILL.md", getBrownfieldDiscoverySkill(), "skills");
   await write(".claude/skills/adaptive-taskgraph/SKILL.md", getAdaptiveTaskGraphSkill(), "skills");
   await write(".claude/skills/documentation/SKILL.md", getDocumentationSkill(), "skills");
-  const skillCount = 12;
+  await write(".claude/skills/deep-research/SKILL.md", getDeepResearchSkill(), "skills");
+  const skillCount = 13;
   await write(".fishi/scripts/session-start.mjs", getSessionStartHook());
   await write(".fishi/scripts/auto-checkpoint.mjs", getAutoCheckpointHook());
   await write(".fishi/scripts/agent-complete.mjs", getAgentCompleteHook());
@@ -10788,6 +11393,8 @@ async function generateScaffold(targetDir, options) {
   await write(".claude/commands/fishi-reset.md", getResetCommand(), "commands");
   await write(".claude/commands/fishi-prd.md", getPrdCommand(), "commands");
   const commandCount = 8;
+  await write("SOUL.md", getSoulMdTemplate());
+  await write("AGENTS.md", getAgentsMdTemplate());
   await write(".fishi/fishi.yaml", getFishiYamlTemplate({
     projectName: options.projectName,
     projectDescription: ctx.projectDescription,
@@ -11111,7 +11718,7 @@ async function createBackup(targetDir, conflictingFiles) {
       manifestFiles.push({ path: relPath, size: stat.size });
     }
   }
-  const fishiVersion = "0.8.0";
+  const fishiVersion = "0.11.0";
   const manifest = {
     timestamp: now.toISOString(),
     fishi_version: fishiVersion,
@@ -11466,6 +12073,537 @@ vibe_mode:
 `;
 }
 
+// src/generators/design-system.ts
+import { existsSync as existsSync7, readFileSync as readFileSync4, readdirSync } from "fs";
+import { join as join7 } from "path";
+function detectDesignTokens(projectDir) {
+  const tokens = {
+    colors: {},
+    typography: { fontFamilies: [], scale: {} },
+    spacing: {},
+    borderRadius: {},
+    shadows: {},
+    darkMode: false
+  };
+  const tailwindFiles = ["tailwind.config.js", "tailwind.config.ts", "tailwind.config.mjs", "tailwind.config.cjs"];
+  for (const file of tailwindFiles) {
+    const p = join7(projectDir, file);
+    if (existsSync7(p)) {
+      const content = readFileSync4(p, "utf-8");
+      const colorMatches = content.matchAll(/['"]?([\w-]+)['"]?\s*:\s*['"]?(#[0-9a-fA-F]{3,8})['"]?/g);
+      for (const m of colorMatches) {
+        tokens.colors[m[1]] = m[2];
+      }
+      if (content.includes("darkMode")) tokens.darkMode = true;
+      break;
+    }
+  }
+  const cssFiles = findFiles(projectDir, ["src", "styles", "app"], [".css"]);
+  for (const file of cssFiles.slice(0, 10)) {
+    try {
+      const content = readFileSync4(file, "utf-8");
+      const varMatches = content.matchAll(/--(\w[\w-]*)\s*:\s*([^;]+)/g);
+      for (const m of varMatches) {
+        const name = m[1];
+        const value = m[2].trim();
+        if (name.includes("color") || name.includes("bg") || value.startsWith("#") || value.startsWith("rgb") || value.startsWith("hsl")) {
+          tokens.colors[name] = value;
+        } else if (name.includes("font")) {
+          if (name.includes("size")) tokens.typography.scale[name] = value;
+          else if (name.includes("family")) tokens.typography.fontFamilies.push(value);
+        } else if (name.includes("spacing") || name.includes("gap") || name.includes("padding") || name.includes("margin")) {
+          tokens.spacing[name] = value;
+        } else if (name.includes("radius")) {
+          tokens.borderRadius[name] = value;
+        } else if (name.includes("shadow")) {
+          tokens.shadows[name] = value;
+        }
+      }
+      if (content.includes("prefers-color-scheme: dark") || content.includes(".dark")) {
+        tokens.darkMode = true;
+      }
+    } catch {
+    }
+  }
+  const themeFiles = ["theme.ts", "theme.js", "theme.json", "src/theme.ts", "src/theme.js", "src/styles/theme.ts"];
+  for (const file of themeFiles) {
+    if (existsSync7(join7(projectDir, file))) {
+      try {
+        const content = readFileSync4(join7(projectDir, file), "utf-8");
+        const colorMatches = content.matchAll(/['"]?([\w-]+)['"]?\s*:\s*['"]?(#[0-9a-fA-F]{3,8})['"]?/g);
+        for (const m of colorMatches) {
+          tokens.colors[m[1]] = m[2];
+        }
+      } catch {
+      }
+      break;
+    }
+  }
+  return tokens;
+}
+function generateDefaultTokens() {
+  return {
+    colors: {
+      "brand-50": "#f0f7ff",
+      "brand-100": "#e0efff",
+      "brand-200": "#b8d9ff",
+      "brand-500": "#0066cc",
+      "brand-600": "#0052a3",
+      "brand-700": "#003d7a",
+      "brand-900": "#001f3f",
+      "gray-50": "#f9fafb",
+      "gray-100": "#f3f4f6",
+      "gray-200": "#e5e7eb",
+      "gray-500": "#6b7280",
+      "gray-700": "#374151",
+      "gray-900": "#111827",
+      "success": "#22c55e",
+      "warning": "#f59e0b",
+      "error": "#ef4444"
+    },
+    typography: {
+      fontFamilies: ['-apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif'],
+      scale: {
+        "xs": "0.75rem",
+        "sm": "0.875rem",
+        "base": "1rem",
+        "lg": "1.125rem",
+        "xl": "1.25rem",
+        "2xl": "1.5rem",
+        "3xl": "1.875rem",
+        "4xl": "2.25rem"
+      }
+    },
+    spacing: {
+      "xs": "0.25rem",
+      "sm": "0.5rem",
+      "md": "1rem",
+      "lg": "1.5rem",
+      "xl": "2rem",
+      "2xl": "3rem",
+      "3xl": "4rem"
+    },
+    borderRadius: {
+      "sm": "0.25rem",
+      "md": "0.375rem",
+      "lg": "0.5rem",
+      "xl": "0.75rem",
+      "full": "9999px"
+    },
+    shadows: {
+      "sm": "0 1px 2px rgba(0,0,0,0.05)",
+      "md": "0 4px 6px rgba(0,0,0,0.1)",
+      "lg": "0 10px 15px rgba(0,0,0,0.1)"
+    },
+    darkMode: true
+  };
+}
+function detectComponentRegistry(projectDir) {
+  const registry = {
+    components: [],
+    library: null,
+    framework: null
+  };
+  const pkgPath = join7(projectDir, "package.json");
+  if (existsSync7(pkgPath)) {
+    const pkg = JSON.parse(readFileSync4(pkgPath, "utf-8"));
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    if (deps["@shadcn/ui"] || existsSync7(join7(projectDir, "components.json"))) registry.library = "shadcn";
+    else if (deps["@radix-ui/react-dialog"] || deps["@radix-ui/themes"]) registry.library = "radix";
+    else if (deps["@mui/material"]) registry.library = "mui";
+    else if (deps["antd"]) registry.library = "antd";
+    else if (deps["@chakra-ui/react"]) registry.library = "chakra";
+    else if (deps["@headlessui/react"]) registry.library = "headlessui";
+    if (deps["react"] || deps["react-dom"]) registry.framework = "react";
+    else if (deps["vue"]) registry.framework = "vue";
+    else if (deps["svelte"]) registry.framework = "svelte";
+    else if (deps["@angular/core"]) registry.framework = "angular";
+  }
+  const componentDirs = ["src/components", "components", "src/ui", "app/components", "src/components/ui"];
+  for (const dir of componentDirs) {
+    const fullDir = join7(projectDir, dir);
+    if (existsSync7(fullDir)) {
+      try {
+        scanComponents(fullDir, dir, registry.components);
+      } catch {
+      }
+    }
+  }
+  return registry;
+}
+function scanComponents(dir, relBase, components) {
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.isDirectory()) {
+        scanComponents(join7(dir, entry.name), `${relBase}/${entry.name}`, components);
+      } else if (entry.name.match(/\.(tsx|jsx|vue|svelte)$/)) {
+        const name = entry.name.replace(/\.(tsx|jsx|vue|svelte)$/, "");
+        if (name === "index") continue;
+        const type = classifyComponent(name);
+        components.push({ name, path: `${relBase}/${entry.name}`, type });
+      }
+    }
+  } catch {
+  }
+}
+function classifyComponent(name) {
+  const lower = name.toLowerCase();
+  if (/button|badge|avatar|icon|tag|chip|tooltip/i.test(lower)) return "ui";
+  if (/layout|header|footer|sidebar|menu/i.test(lower)) return "layout";
+  if (/input|form|select|checkbox|radio|textarea|switch|slider/i.test(lower)) return "form";
+  if (/table|list|card|grid|chart|graph|stat/i.test(lower)) return "data";
+  if (/link|breadcrumb|tab|pagination|stepper|nav|navbar/i.test(lower)) return "navigation";
+  return "other";
+}
+function runBrandGuardian(projectDir, tokens) {
+  const issues = [];
+  let filesScanned = 0;
+  const files = findFiles(projectDir, ["src", "app", "pages", "components"], [".tsx", ".jsx", ".vue", ".svelte", ".css"]);
+  for (const file of files.slice(0, 100)) {
+    try {
+      const content = readFileSync4(file, "utf-8");
+      const lines = content.split("\n");
+      const relPath = file.replace(projectDir, "").replace(/\\/g, "/").replace(/^\//, "");
+      filesScanned++;
+      for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const lineNum = i + 1;
+        if (file.match(/\.(tsx|jsx|vue|svelte)$/)) {
+          const hexMatches = line.matchAll(/#[0-9a-fA-F]{3,8}\b/g);
+          for (const m of hexMatches) {
+            if (line.trimStart().startsWith("//") || line.trimStart().startsWith("*")) continue;
+            if (line.includes("--")) continue;
+            issues.push({
+              file: relPath,
+              line: lineNum,
+              severity: "warning",
+              rule: "no-hardcoded-colors",
+              message: `Hardcoded color ${m[0]} \u2014 use design tokens instead`,
+              fix: "Replace with a CSS variable or Tailwind class from your design system"
+            });
+          }
+        }
+        if (line.includes("style=") && line.match(/\d+px/)) {
+          issues.push({
+            file: relPath,
+            line: lineNum,
+            severity: "warning",
+            rule: "no-inline-px",
+            message: "Inline px values \u2014 use spacing tokens or Tailwind classes",
+            fix: "Replace px values with spacing scale (xs, sm, md, lg, xl)"
+          });
+        }
+        if (line.match(/<img\b/) && !line.includes("alt=") && !line.includes("alt =")) {
+          issues.push({
+            file: relPath,
+            line: lineNum,
+            severity: "error",
+            rule: "img-alt-text",
+            message: "Image missing alt attribute \u2014 accessibility violation",
+            fix: 'Add alt="descriptive text" or alt="" for decorative images'
+          });
+        }
+        if (line.includes("onClick") && !line.includes("onKeyDown") && !line.includes("onKeyUp") && !line.includes("onKeyPress")) {
+          if (line.includes("<div") || line.includes("<span")) {
+            issues.push({
+              file: relPath,
+              line: lineNum,
+              severity: "warning",
+              rule: "keyboard-accessible",
+              message: "Click handler on non-interactive element without keyboard support",
+              fix: 'Add onKeyDown handler and role="button" tabIndex={0}, or use <button>'
+            });
+          }
+        }
+        if (line.match(/font-size:\s*\d+px/) && !line.includes("--")) {
+          issues.push({
+            file: relPath,
+            line: lineNum,
+            severity: "info",
+            rule: "use-typography-scale",
+            message: "Hardcoded font-size \u2014 use typography scale tokens",
+            fix: "Replace with typography scale class (text-xs, text-sm, text-base, etc.)"
+          });
+        }
+        if (line.match(/<html\b/) && !line.includes("lang=")) {
+          issues.push({
+            file: relPath,
+            line: lineNum,
+            severity: "error",
+            rule: "html-lang",
+            message: "HTML element missing lang attribute \u2014 accessibility violation",
+            fix: 'Add lang="en" (or appropriate language code) to <html>'
+          });
+        }
+      }
+    } catch {
+    }
+  }
+  const errors = issues.filter((i) => i.severity === "error").length;
+  const warnings = issues.filter((i) => i.severity === "warning").length;
+  const infos = issues.filter((i) => i.severity === "info").length;
+  return {
+    issues,
+    passed: errors === 0,
+    stats: { errors, warnings, infos, filesScanned }
+  };
+}
+function generateDesignSystemConfig(tokens, registry) {
+  return JSON.stringify({
+    version: "1.0",
+    tokens,
+    components: {
+      library: registry.library,
+      framework: registry.framework,
+      count: registry.components.length,
+      entries: registry.components
+    }
+  }, null, 2) + "\n";
+}
+function findFiles(base, dirs, extensions) {
+  const files = [];
+  for (const dir of dirs) {
+    const fullDir = join7(base, dir);
+    if (existsSync7(fullDir)) {
+      walkDir(fullDir, extensions, files);
+    }
+  }
+  return files;
+}
+function walkDir(dir, extensions, result) {
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const full = join7(dir, entry.name);
+      if (entry.isDirectory()) {
+        if (entry.name === "node_modules" || entry.name === ".next" || entry.name === "dist" || entry.name === ".git") continue;
+        walkDir(full, extensions, result);
+      } else if (extensions.some((ext) => entry.name.endsWith(ext))) {
+        result.push(full);
+      }
+    }
+  } catch {
+  }
+}
+
+// src/generators/domain-manager.ts
+import { existsSync as existsSync8, readFileSync as readFileSync5 } from "fs";
+import { join as join8 } from "path";
+var DOMAIN_INFO = {
+  saas: {
+    label: "SaaS",
+    description: "Subscription billing, multi-tenancy, user management (Stripe, Auth0)",
+    agent: "saas-architect"
+  },
+  marketplace: {
+    label: "Marketplace",
+    description: "Two-sided platform, escrow, disputes, vendor management (Stripe Connect)",
+    agent: "marketplace-architect"
+  },
+  mobile: {
+    label: "Mobile / PWA",
+    description: "Progressive web app, offline sync, push notifications, responsive design",
+    agent: "mobile-architect"
+  },
+  aiml: {
+    label: "AI / ML",
+    description: "RAG pipelines, embeddings, fine-tuning, model serving, LLM integration",
+    agent: "aiml-architect"
+  },
+  general: {
+    label: "General",
+    description: "No domain specialization \u2014 use base agents only",
+    agent: null
+  }
+};
+function getAvailableDomains() {
+  return Object.entries(DOMAIN_INFO).map(([key, info]) => ({
+    value: key,
+    name: `${info.label} \u2014 ${info.description}`
+  }));
+}
+function readDomainConfig(projectDir) {
+  const yamlPath = join8(projectDir, ".fishi", "fishi.yaml");
+  if (!existsSync8(yamlPath)) {
+    return { domain: "general", domainAgent: null, researchEnabled: false };
+  }
+  const content = readFileSync5(yamlPath, "utf-8");
+  const domainMatch = content.match(/^\s*type:\s*(\w+)/m);
+  const researchMatch = content.match(/^\s*research_enabled:\s*(true|false)/m);
+  const domain = domainMatch?.[1] || "general";
+  return {
+    domain,
+    domainAgent: DOMAIN_INFO[domain]?.agent || null,
+    researchEnabled: researchMatch?.[1] === "true"
+  };
+}
+function getDomainConfigYaml(domain) {
+  const info = DOMAIN_INFO[domain];
+  return `
+domain:
+  type: ${domain}
+  label: "${info.label}"
+  specialist_agent: ${info.agent || "none"}
+  research_enabled: true
+`;
+}
+
+// src/generators/agent-permissions.ts
+function getPermissionsForRole(role) {
+  switch (role) {
+    case "master":
+      return {
+        role: "master",
+        allow: [
+          "Read",
+          "Glob",
+          "Grep",
+          "Agent",
+          "TodoRead",
+          "TodoWrite",
+          "WebFetch",
+          "WebSearch"
+        ],
+        deny: [
+          "Write",
+          "Edit",
+          "Bash(*)",
+          "NotebookEdit",
+          "Bash(rm *)",
+          "Bash(git push *)",
+          "Bash(git merge *)",
+          "Bash(npm *)",
+          "Bash(pnpm *)"
+        ]
+      };
+    case "coordinator":
+      return {
+        role: "coordinator",
+        allow: [
+          "Read",
+          "Write",
+          "Edit",
+          "Glob",
+          "Grep",
+          "Agent",
+          "TodoRead",
+          "TodoWrite",
+          "WebFetch",
+          "WebSearch",
+          "Bash(git status *)",
+          "Bash(git log *)",
+          "Bash(git diff *)",
+          "Bash(git branch *)",
+          "Bash(git checkout *)",
+          "Bash(git worktree *)",
+          "Bash(node *)",
+          "Bash(npx vitest *)",
+          "Bash(npx tsc *)",
+          "Bash(pnpm install *)",
+          "Bash(pnpm add *)",
+          "Bash(cat *)",
+          "Bash(ls *)",
+          "Bash(find *)"
+        ],
+        deny: [
+          "Bash(rm -rf *)",
+          "Bash(git push --force *)",
+          "Bash(git push * main)",
+          "Bash(git push * master)",
+          "Bash(git push * production)",
+          "Bash(git merge * main)",
+          "Bash(git merge * master)",
+          "Bash(sudo *)",
+          "Bash(chmod *)",
+          "Bash(shutdown *)",
+          "Bash(mkfs *)",
+          "Bash(dd *)",
+          "Bash(npm *)"
+        ]
+      };
+    case "worker":
+      return {
+        role: "worker",
+        allow: [
+          "Read",
+          "Write",
+          "Edit",
+          "Glob",
+          "Grep",
+          "Agent",
+          "TodoRead",
+          "TodoWrite",
+          "WebFetch",
+          "WebSearch",
+          "Bash(node *)",
+          "Bash(npx *)",
+          "Bash(pnpm *)",
+          "Bash(git add *)",
+          "Bash(git commit *)",
+          "Bash(git status *)",
+          "Bash(git log *)",
+          "Bash(git diff *)",
+          "Bash(tsc *)",
+          "Bash(eslint *)",
+          "Bash(prettier *)",
+          "Bash(cat *)",
+          "Bash(ls *)",
+          "Bash(find *)",
+          "Bash(grep *)",
+          "Bash(wc *)",
+          "Bash(head *)",
+          "Bash(tail *)",
+          "Bash(sort *)",
+          "Bash(mkdir *)",
+          "Bash(cp *)",
+          "Bash(mv *)"
+        ],
+        deny: [
+          "Bash(rm -rf *)",
+          "Bash(rm -r /)",
+          "Bash(git push --force *)",
+          "Bash(git push * main)",
+          "Bash(git push * master)",
+          "Bash(git push * production)",
+          "Bash(git merge *)",
+          "Bash(git branch -D *)",
+          "Bash(sudo *)",
+          "Bash(chmod 777 *)",
+          "Bash(shutdown *)",
+          "Bash(reboot *)",
+          "Bash(mkfs *)",
+          "Bash(dd *)",
+          "Bash(kill -9 *)",
+          "Bash(pkill *)",
+          "Bash(npm *)",
+          "Bash(curl * | sh)",
+          "Bash(wget * | sh)"
+        ]
+      };
+  }
+}
+function getAllPermissionSummary() {
+  const roles = ["master", "coordinator", "worker"];
+  const result = {};
+  for (const role of roles) {
+    const perms = getPermissionsForRole(role);
+    result[role] = { allowCount: perms.allow.length, denyCount: perms.deny.length };
+  }
+  return result;
+}
+function generatePermissionBlock(role) {
+  const perms = getPermissionsForRole(role);
+  const allowLines = perms.allow.map((r) => `    - "${r}"`).join("\n");
+  const denyLines = perms.deny.map((r) => `    - "${r}"`).join("\n");
+  return `permissions:
+  role: ${role}
+  allow:
+${allowLines}
+  deny:
+${denyLines}`;
+}
+
 // src/templates/configs/sandbox-policy.ts
 function getSandboxPolicyTemplate() {
   return `# FISHI Sandbox Policy
@@ -11858,11 +12996,14 @@ function getDashboardHtml() {
 </html>`;
 }
 export {
+  DOMAIN_INFO,
   architectAgentTemplate,
   backendAgentTemplate,
   buildSandboxEnv,
   createBackup,
+  detectComponentRegistry,
   detectConflicts,
+  detectDesignTokens,
   detectDevServer,
   detectDocker,
   devLeadTemplate,
@@ -11871,14 +13012,21 @@ export {
   emitEvent,
   frontendAgentTemplate,
   fullstackAgentTemplate,
+  generateDefaultTokens,
+  generateDesignSystemConfig,
+  generatePermissionBlock,
   generateScaffold,
   getAdaptiveTaskGraphSkill,
   getAgentCompleteHook,
   getAgentFactoryTemplate,
   getAgentRegistryTemplate,
   getAgentSummary,
+  getAgentsMdTemplate,
+  getAimlArchitectTemplate,
+  getAllPermissionSummary,
   getApiDesignSkill,
   getAutoCheckpointHook,
+  getAvailableDomains,
   getBoardCommand,
   getBrainstormingSkill,
   getBrownfieldAnalysisSkill,
@@ -11888,21 +13036,27 @@ export {
   getCoordinatorFactoryTemplate,
   getDashboardHtml,
   getDebuggingSkill,
+  getDeepResearchAgentTemplate,
+  getDeepResearchSkill,
   getDeploymentSkill,
   getDocCheckerScript,
   getDockerfileTemplate,
   getDocumentationSkill,
+  getDomainConfigYaml,
   getFishiYamlTemplate,
   getGateCommand,
   getGateManagerScript,
   getGitignoreAdditions,
   getInitCommand,
   getLearningsManagerScript,
+  getMarketplaceArchitectTemplate,
   getMasterOrchestratorTemplate,
   getMcpJsonTemplate,
   getMemoryManagerScript,
+  getMobileArchitectTemplate,
   getModelRoutingReference,
   getMonitorEmitterScript,
+  getPermissionsForRole,
   getPhaseRunnerScript,
   getPostEditHook,
   getPrdCommand,
@@ -11910,10 +13064,12 @@ export {
   getProjectYamlTemplate,
   getResetCommand,
   getResumeCommand,
+  getSaasArchitectTemplate,
   getSafetyCheckHook,
   getSandboxPolicyTemplate,
   getSessionStartHook,
   getSettingsJsonTemplate,
+  getSoulMdTemplate,
   getSprintCommand,
   getStatusCommand,
   getTaskboardOpsSkill,
@@ -11934,10 +13090,12 @@ export {
   planningAgentTemplate,
   planningLeadTemplate,
   qualityLeadTemplate,
+  readDomainConfig,
   readMonitorState,
   readSandboxConfig,
   readSandboxPolicy,
   researchAgentTemplate,
+  runBrandGuardian,
   runInDockerSandbox,
   runInProcessSandbox,
   runInSandbox,