@r3dlex/ai-catapult 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +139 -0
- package/bin/ai-catapult.js +229 -0
- package/dist/claude-plugin/.claude-plugin/marketplace.json +28 -0
- package/dist/claude-plugin/.claude-plugin/plugin.json +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/claude-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/dist/codex-plugin/.codex-plugin/plugin.json +11 -0
- package/dist/codex-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/codex-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/package.json +51 -0
- package/scripts/build-claude-plugin.sh +179 -0
- package/scripts/build-codex-plugin.sh +104 -0
- package/scripts/snapshot-dist.sh +26 -0
- package/setup.sh +63 -0
- package/skills.lock.json +6 -0
- package/src/install.js +380 -0
- package/src/scaffold.js +220 -0
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# Memory Layer Module
|
|
2
|
+
|
|
3
|
+
Read when defining the `.memory/human-override/` and `.memory/self-learned/` schemas for a target repo. The memory layer is local machine-readable knowledge scoped to the repo. Human override is terminal priority and must never be silently rewritten.
|
|
4
|
+
|
|
5
|
+
## Two layers
|
|
6
|
+
|
|
7
|
+
| Layer | Path | Authority | Sync | Edit policy |
|
|
8
|
+
| --- | --- | --- | --- | --- |
|
|
9
|
+
| Human override | `.memory/human-override/` | Humans, terminal priority | Never propagated | Append-only by default; never silently rewritten |
|
|
10
|
+
| Self-learned | `.memory/self-learned/` | Agents, local | Per-repo only, never propagated | Append-only with `schema_version`; changelog required |
|
|
11
|
+
|
|
12
|
+
Both layers are local to the repo. Neither is pushed upstream and neither is inherited by managed sub-repos.
|
|
13
|
+
|
|
14
|
+
## `.memory/human-override/`
|
|
15
|
+
|
|
16
|
+
Holds human-authored content that the AI SDLC must respect. The directory is terminal priority: the scaffold never overwrites an existing file in this directory and never deletes a file without explicit confirmation.
|
|
17
|
+
|
|
18
|
+
Default files:
|
|
19
|
+
|
|
20
|
+
- `custom-conventions.md` — repo-specific naming, formatting, or commit conventions that override generic defaults.
|
|
21
|
+
- `tribal-knowledge.md` — undocumented but load-bearing facts about the repo, the team, or the build environment.
|
|
22
|
+
|
|
23
|
+
### Schema rules
|
|
24
|
+
|
|
25
|
+
- Plain Markdown; frontmatter is optional and only used for `id`, `last_reviewed`, and `owner` fields when present.
|
|
26
|
+
- Files are immutable from the agent's perspective unless the user explicitly asks to edit them.
|
|
27
|
+
- The validator must verify that any generated scaffold that would touch this directory emits a `present-not-overwritten` audit entry and skips the write.
|
|
28
|
+
|
|
29
|
+
## `.memory/self-learned/`
|
|
30
|
+
|
|
31
|
+
Holds machine-readable knowledge produced by the scaffold, the validator, or runtime agents. The directory is per-repo only and never propagated.
|
|
32
|
+
|
|
33
|
+
Default files:
|
|
34
|
+
|
|
35
|
+
- `error-patterns.json` — recurring error patterns and their fix hints.
|
|
36
|
+
- `module-complexity.json` — module-level complexity and coverage data.
|
|
37
|
+
- `CHANGELOG.md` — chronological list of schema or file changes.
|
|
38
|
+
|
|
39
|
+
### `error-patterns.json` schema (v1.0)
|
|
40
|
+
|
|
41
|
+
```json
|
|
42
|
+
{
|
|
43
|
+
"schema_version": "1.0",
|
|
44
|
+
"entries": [
|
|
45
|
+
{
|
|
46
|
+
"id": "ep-2026-001",
|
|
47
|
+
"pattern": "ModuleNotFoundError: No module named 'foo'",
|
|
48
|
+
"context": "Python module resolution failure after a refactor",
|
|
49
|
+
"detection": "ImportError raised in CI step 'unit-tests'",
|
|
50
|
+
"fix_hint": "Add 'foo' to pyproject.toml dependencies or pin via uv.lock",
|
|
51
|
+
"first_seen_at": "2026-05-12T00:00:00Z",
|
|
52
|
+
"last_seen_at": "2026-06-01T00:00:00Z",
|
|
53
|
+
"occurrences": 3,
|
|
54
|
+
"owner": "platform"
|
|
55
|
+
}
|
|
56
|
+
]
|
|
57
|
+
}
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
### `module-complexity.json` schema (v1.0)
|
|
61
|
+
|
|
62
|
+
```json
|
|
63
|
+
{
|
|
64
|
+
"schema_version": "1.0",
|
|
65
|
+
"entries": [
|
|
66
|
+
{
|
|
67
|
+
"path": "src/foo.py",
|
|
68
|
+
"language": "python",
|
|
69
|
+
"lines_of_code": 412,
|
|
70
|
+
"cyclomatic_complexity": 18,
|
|
71
|
+
"test_coverage": 0.62,
|
|
72
|
+
"owner": "team-foo",
|
|
73
|
+
"last_measured_at": "2026-06-01T00:00:00Z"
|
|
74
|
+
}
|
|
75
|
+
]
|
|
76
|
+
}
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### Schema rules
|
|
80
|
+
|
|
81
|
+
- Every self-learned file must declare `schema_version`. Bumping the version requires an entry in `CHANGELOG.md` and a migration note.
|
|
82
|
+
- `CHANGELOG.md` is the canonical change log; do not scatter date markers across individual files.
|
|
83
|
+
- Self-learned files are append-only. New entries are added; existing entries are not edited in place. If a fact becomes wrong, add a new entry with `superseded_by` pointing to the corrective entry.
|
|
84
|
+
- The validator must check that any new self-learned file declares `schema_version` and that the version is supported by the scaffold.
|
|
85
|
+
|
|
86
|
+
## Privacy and external integration
|
|
87
|
+
|
|
88
|
+
- The memory layer is local-only. The scaffold never uploads `.memory/` to a remote system.
|
|
89
|
+
- Any external integration (telemetry, dashboards) requires explicit confirmation and an opt-in flag in `.ai/matrix.json` under `memory.external_integration`.
|
|
90
|
+
- `.memory/human-override/` content is never included in external uploads even when integration is enabled.
|
|
91
|
+
- Credentials, secrets, and tokens are never stored in `.memory/`. The validator must reject writes that match credential patterns.
|
|
92
|
+
|
|
93
|
+
## Migration
|
|
94
|
+
|
|
95
|
+
When a target repo already has a `.memory/` directory under a different layout, the migration path is:
|
|
96
|
+
|
|
97
|
+
1. Classify each existing file as `human-override` or `self-learned` based on the migration rules in `modules/migration.md`.
|
|
98
|
+
2. Move or copy the file to the v3 path with a backup under `.ai/drift/backups/<timestamp>/`.
|
|
99
|
+
3. Emit a `present-not-overwritten` audit entry for any file that already exists in the v3 path.
|
|
100
|
+
4. Append a `CHANGELOG.md` entry describing the migration.
|
|
101
|
+
|
|
102
|
+
Destructive moves (delete-then-copy) require explicit confirmation. Copy-with-keep is the default.
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
# Migration Module
|
|
2
|
+
|
|
3
|
+
Read when migrating a target repo from a legacy AI-SDLC scaffold to the v3 layout, or when classifying legacy artifacts. Migration is a one-time operation that must never silently delete user content.
|
|
4
|
+
|
|
5
|
+
## Action vocabulary
|
|
6
|
+
|
|
7
|
+
Each legacy artifact is classified into exactly one of the following actions:
|
|
8
|
+
|
|
9
|
+
| Action | Meaning | Destructive? |
|
|
10
|
+
| --- | --- | --- |
|
|
11
|
+
| `migrate` | Move the artifact to its v3 path; the source path is removed only after the move is verified. | Yes (removes the source path). |
|
|
12
|
+
| `copy` | Copy the artifact to its v3 path; the source path is left in place and marked deprecated in the migration manifest. | No (keeps the source path). |
|
|
13
|
+
| `deprecate` | Mark the artifact as deprecated at its existing path; do not move or copy. Add a "Deprecated by v3" header pointing to the v3 path. | No. |
|
|
14
|
+
| `supersede` | Replace the artifact at its existing path with a v3 pointer file that references the new location. The original content lives at the v3 path. | No (the pointer is content-preserving). |
|
|
15
|
+
|
|
16
|
+
`migrate` is the only destructive action. The other three are content-preserving. Destructive actions require explicit confirmation per the rules below.
|
|
17
|
+
|
|
18
|
+
## Legacy-to-v3 map
|
|
19
|
+
|
|
20
|
+
| Legacy path | v3 path | Default action | Confirmation? |
|
|
21
|
+
| --- | --- | --- | --- |
|
|
22
|
+
| `.agents/skills/<name>/SKILL.md` (role) | `.ai/system-prompts/<role>.md` | `copy` (default) or `migrate` (when `--destructive` is set) | Only for `migrate`. |
|
|
23
|
+
| `.agents/skills/<name>/REFERENCE.md` (role) | `docs/learning/concept-maps/<name>.md` or `docs/architecture/<...>.md` (depending on content) | `copy` (default) or `migrate` (when `--destructive` is set) | Only for `migrate`. |
|
|
24
|
+
| `.agents/skills/<name>/` (whole directory) | (none — directory contents are split per file) | `supersede` (replace with pointer file at the directory level) | No. |
|
|
25
|
+
| `.rules.ts` | `.ai/rules/technical-bounds.md` (Markdown summary) and `docs/architecture/adr/0001-init.md` (decision record) | `copy` (default) or `migrate` (when `--destructive` is set) | Only for `migrate`. |
|
|
26
|
+
| `docs/adr/<file>.md` | `docs/architecture/adr/<file>.md` | `copy` (default) or `migrate` (when `--destructive` is set) | Only for `migrate`. |
|
|
27
|
+
| AI SDLC marker block in `AGENTS.md` / `CLAUDE.md` / `README.md` | `AGENTS.md` / `CLAUDE.md` / `CONTRIBUTING.md` / `README.md` (entry files) | `supersede` (rewrite the block in v3 form; preserve human prose) | No. |
|
|
28
|
+
| `upstream.lock` | `upstream.lock` (top-level, unchanged) | `deprecate` (add a comment-only header if needed) | No. |
|
|
29
|
+
| `prek.toml` | `prek.toml` (top-level, unchanged) | `deprecate` (add a comment-only header if needed) | No. |
|
|
30
|
+
| `.github/workflows/ci-prek.yml` | `.github/workflows/ci-prek.yml` (unchanged) | `deprecate` (add a comment-only header if needed) | No. |
|
|
31
|
+
| `scripts/archgate.sh`, `scripts/validate-rules.sh`, `scripts/sync-upstream.sh` | (unchanged) | `deprecate` (add a comment-only header if needed) | No. |
|
|
32
|
+
| `.memory/` (any pre-existing content) | `.memory/human-override/` or `.memory/self-learned/` based on classification | `migrate` per file, with `present-not-overwritten` audit when the v3 path already exists | Only for `migrate`. |
|
|
33
|
+
| Legacy marker block `<!-- ai-sdlc-init:start --> ... <!-- ai-sdlc-init:end -->` | (rewrite in v3 form, preserving human prose) | `supersede` | No. |
|
|
34
|
+
| `setup-skills`, `publish-semver` (and other reference-only) legacy references | (unchanged; reference-only) | `deprecate` (add a comment-only header if needed) | No. |
|
|
35
|
+
| `graphify-out` and other deprecated references | (removed by owner-driven PR) | `supersede` (add a `Deprecated by v3` header) | No. |
|
|
36
|
+
|
|
37
|
+
## Destructive confirmation rule
|
|
38
|
+
|
|
39
|
+
A `migrate` action is destructive. The migration path requires an explicit confirmation that:
|
|
40
|
+
|
|
41
|
+
1. Names the legacy path being migrated.
|
|
42
|
+
2. Names the v3 destination path.
|
|
43
|
+
3. Asserts that a backup has been written under `.ai/drift/backups/<timestamp>/` for the legacy path.
|
|
44
|
+
4. Captures a confirmation token tied to the run.
|
|
45
|
+
|
|
46
|
+
A confirmation token is valid only for the run that produced it. Retrying the same migration plan after a failure requires a fresh confirmation.
|
|
47
|
+
|
|
48
|
+
## Migration manifest
|
|
49
|
+
|
|
50
|
+
The migration path writes a manifest to `.ai/drift/migration-manifest.json` with this shape:
|
|
51
|
+
|
|
52
|
+
```json
|
|
53
|
+
{
|
|
54
|
+
"schema_version": "1.0",
|
|
55
|
+
"generated_at": "2026-06-07T00:00:00Z",
|
|
56
|
+
"actor": "init-ai-repo",
|
|
57
|
+
"umbrella_root": ".",
|
|
58
|
+
"actions": [
|
|
59
|
+
{
|
|
60
|
+
"source_path": ".agents/skills/karpathy-guidelines/SKILL.md",
|
|
61
|
+
"destination_path": ".ai/system-prompts/architect.md",
|
|
62
|
+
"action": "copy",
|
|
63
|
+
"destructive": false,
|
|
64
|
+
"confirmation_token": null,
|
|
65
|
+
"status": "completed"
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
"source_path": ".rules.ts",
|
|
69
|
+
"destination_path": ".ai/rules/technical-bounds.md",
|
|
70
|
+
"action": "migrate",
|
|
71
|
+
"destructive": true,
|
|
72
|
+
"confirmation_token": "ct-2026-06-07-001",
|
|
73
|
+
"status": "completed",
|
|
74
|
+
"backup_path": ".ai/drift/backups/2026-06-07T00-00-00Z/.rules.ts"
|
|
75
|
+
}
|
|
76
|
+
],
|
|
77
|
+
"summary": {
|
|
78
|
+
"copy": 5,
|
|
79
|
+
"migrate": 1,
|
|
80
|
+
"deprecate": 3,
|
|
81
|
+
"supersede": 2,
|
|
82
|
+
"skipped": 0,
|
|
83
|
+
"failed": 0
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
`status` is one of `pending`, `in_progress`, `completed`, `failed`, or `skipped`. A `failed` action is rolled back from the backup when one exists; the manifest records the rollback outcome under `rollback`.
|
|
89
|
+
|
|
90
|
+
## Audit trail
|
|
91
|
+
|
|
92
|
+
Every migration run appends one JSON object per line to `.ai/drift/migration-audit.jsonl`. The shape mirrors the host-policy audit format in `modules/host-policy-automation.md`, with fields `ts`, `actor`, `mode` (`apply` or `dry-run`), `confirmation_token`, `manifest_sha256`, and a per-action results list.
|
|
93
|
+
|
|
94
|
+
## Idempotency
|
|
95
|
+
|
|
96
|
+
Re-running the migration against a target that already has v3 paths is a no-op. The validator emits a `present-not-overwritten` audit entry for any v3 path that already exists and skips the write. The migration manifest is regenerated with `status: skipped` for the affected actions.
|
|
97
|
+
|
|
98
|
+
## Rollback
|
|
99
|
+
|
|
100
|
+
A full migration run can be rolled back from `.ai/drift/migration-manifest.json` plus `.ai/drift/backups/<timestamp>/` when the destructive actions are limited to `migrate`. `deprecate` and `supersede` are content-preserving and do not need rollback. `copy` does not remove the source path, so rollback is also unnecessary.
|
|
101
|
+
|
|
102
|
+
## Safety rules
|
|
103
|
+
|
|
104
|
+
- The migration path never deletes a file that is not classified `migrate`.
|
|
105
|
+
- The migration path never deletes a file outside the action vocabulary above. There is no `--unsafe-destinations` flag; the migration manifest is the only allowed bypass, and a `migrate` action on a path outside the legacy map requires both the action to be added to the manifest under `exceptions` and a fresh confirmation token.
|
|
106
|
+
- The migration path never writes into `.memory/human-override/` if the file already exists. The path is `present-not-overwritten` and the migration skips the write.
|
|
107
|
+
- The migration path is always confirmation-gated for `migrate` actions. There is no `auto-apply` mode.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# Phase 1 — Discover & Decide
|
|
2
|
+
|
|
3
|
+
## Purpose
|
|
4
|
+
|
|
5
|
+
Discover the repository's real current state and choose the smallest safe AI-SDLC adoption lane before generating governance or implementation artifacts. This phase is intentionally read-mostly and should be safe to rerun.
|
|
6
|
+
|
|
7
|
+
## Inputs
|
|
8
|
+
|
|
9
|
+
- Repository metadata, remotes, branch state, existing CI, package manifests, and language/runtime conventions.
|
|
10
|
+
- Existing `.ai/`, `.memory/`, `AGENTS.md`, `RULES.md`, `PLANS.md`, `CONTRIBUTING.md`, specs, ADRs, and issue tracker configuration.
|
|
11
|
+
- User-selected posture for hosted tickets versus local fallback.
|
|
12
|
+
|
|
13
|
+
## Outputs
|
|
14
|
+
|
|
15
|
+
- `.ai/matrix.json`
|
|
16
|
+
- `.ai/init/repo-profile.json`
|
|
17
|
+
- `.ai/init/sdlc-path.md`
|
|
18
|
+
- `.ai/phases/01-discover-decide/README.md` or equivalent phase notes
|
|
19
|
+
|
|
20
|
+
## Command surfaces
|
|
21
|
+
|
|
22
|
+
- OMX: `$deep-interview` for ambiguity, `$plan` for straightforward planning, `$ralplan` for consensus planning.
|
|
23
|
+
- OMC: equivalent aliases/commands should call into the same generated artifact contract and must not duplicate semantics.
|
|
24
|
+
|
|
25
|
+
## Gates
|
|
26
|
+
|
|
27
|
+
- Do not begin coding until the lane, source of truth, and required planning artifacts are known.
|
|
28
|
+
- If a hosted tracker is configured and authorized, issue/ticket discovery is fail-closed.
|
|
29
|
+
- If hosted tracking is unavailable, local fallback is allowed before coding, but it must be reconciled before final PR merge.
|
|
30
|
+
|
|
31
|
+
## Idempotence
|
|
32
|
+
|
|
33
|
+
Reruns update generated discovery files non-destructively and preserve human-owned notes outside managed blocks.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# ai-catapult-init Phase Modules
|
|
2
|
+
|
|
3
|
+
The canonical `ai-catapult-init` workflow exposes four optimized phases so agents and humans can move quickly while still preserving traceability. Each phase writes durable state under `.ai/phases/<phase>/` and links command output back to specs, plans, and validation evidence.
|
|
4
|
+
|
|
5
|
+
## Four optimized phases
|
|
6
|
+
|
|
7
|
+
| Phase | Name | Primary outputs |
|
|
8
|
+
|-------|------|-----------------|
|
|
9
|
+
| 1 | Discover & Decide | `.ai/matrix.json`, `.ai/init/repo-profile.json`, `.ai/init/sdlc-path.md`, `.ai/phases/01-discover-decide/` |
|
|
10
|
+
| 2 | Govern & Plan | `AGENTS.md`, `RULES.md`, `PLANS.md`, `CONTRIBUTING.md`, specs, ADRs, `.ai/work-intake/`, `.ai/plans/`, `.ai/phases/02-govern-plan/` |
|
|
11
|
+
| 3 | Configure & Generate | `.ai/bin/`, `.ai/policies/`, `.ai/commands/omx/`, `.ai/commands/omc/`, `.ai/language-packs/`, `.ai/phases/03-configure-generate/` |
|
|
12
|
+
| 4 | Validate & Handoff | `.ai/validation/report.md`, `.ai/drift/migration-manifest.json`, `.ai/handoff/init-ai-repo-handoff.md`, `.ai/phases/04-validate-handoff/` |
|
|
13
|
+
|
|
14
|
+
## Eight internal checkpoints
|
|
15
|
+
|
|
16
|
+
The old eight-step model remains as internal checkpoint metadata, not as the public workflow surface:
|
|
17
|
+
|
|
18
|
+
1. Detect repo state → Phase 1
|
|
19
|
+
2. Choose SDLC path → Phase 1
|
|
20
|
+
3. Scaffold foundation → Phase 2
|
|
21
|
+
4. Scaffold work intake → Phase 2
|
|
22
|
+
5. Configure host adapters → Phase 3
|
|
23
|
+
6. Configure CI and policy → Phase 3
|
|
24
|
+
7. Select language packs → Phase 3
|
|
25
|
+
8. Validate and emit handoff → Phase 4
|
|
26
|
+
|
|
27
|
+
## Command-surface schema
|
|
28
|
+
|
|
29
|
+
Phase 3 generates `.ai/commands/omx/` and `.ai/commands/omc/` entries. The
|
|
30
|
+
shared command-surface schema (fields, `.json` extension, and the omx `$name`
|
|
31
|
+
vs omc `/oh-my-claudecode:name` invocation forms) is defined once in
|
|
32
|
+
[`northstar/modules/command-surface.md`](../../../northstar/modules/command-surface.md);
|
|
33
|
+
this generator and the catalog skills emit identical shapes.
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
# README Documentation Module
|
|
2
|
+
|
|
3
|
+
Read when initializing, augmenting, or rewriting a repo's `README.md` so the result is user-focused GitHub documentation rather than an internal governance dump. The module applies a both-by-mode strategy: a full template for new or sparse repos, and a safe augmentation/rewrite for existing READMEs.
|
|
4
|
+
|
|
5
|
+
## Both-by-mode
|
|
6
|
+
|
|
7
|
+
| Mode | Trigger | Behavior |
|
|
8
|
+
| --- | --- | --- |
|
|
9
|
+
| Template | Repo is new, empty, or the existing `README.md` is sparse/stub. | Generate a full GitHub-style README from the section catalogue below. |
|
|
10
|
+
| Augmentation | Repo already has a meaningful `README.md` (one or more populated sections matching the catalogue). | Preserve project-specific facts, augment gaps with template sections, never overwrite existing content without backup/audit. |
|
|
11
|
+
|
|
12
|
+
Sparseness classification MUST run before any write. Do not pick a mode from vibes.
|
|
13
|
+
|
|
14
|
+
## Sparse-vs-existing classification
|
|
15
|
+
|
|
16
|
+
Classify the existing `README.md` as **sparse** if any of the following are true, otherwise treat it as **existing**:
|
|
17
|
+
|
|
18
|
+
- File does not exist, or
|
|
19
|
+
- File size is below the size threshold (default 600 bytes), or
|
|
20
|
+
- File contains only a top-level heading plus a placeholder line (e.g. `# project-name`, `WIP`, `TBD`, `Coming soon`, `TODO: write README`), or
|
|
21
|
+
- File lacks every required template section listed below (after case-insensitive heading match).
|
|
22
|
+
|
|
23
|
+
Classify as **existing** if it has at least one of: real quick start code block, real feature list, real installation instructions, real usage example, real project description beyond a placeholder.
|
|
24
|
+
|
|
25
|
+
## Required template sections (template mode)
|
|
26
|
+
|
|
27
|
+
A full template README contains, in order:
|
|
28
|
+
|
|
29
|
+
1. **Hero / title / tagline** — repo name, one-sentence value proposition, optional one-line audience.
|
|
30
|
+
2. **Real applicable badges** — license, build/CI, release/version, package registry, code coverage, downloads/stars when public and applicable. Badges must come from real host/package/license data; never invent.
|
|
31
|
+
3. **Quick start** — install, configure, run the first success path. Keep it copy-paste runnable.
|
|
32
|
+
4. **Requirements** — runtime, language, OS, network or credentials needed.
|
|
33
|
+
5. **Setup and first success path** — minimum steps to verify a working install.
|
|
34
|
+
6. **Update path** — how to upgrade, migrate, or pull latest without losing state.
|
|
35
|
+
7. **Why / who / features / workflows / mental model** — explain the problem, audience, key features, and how the pieces fit.
|
|
36
|
+
8. **Community** — maintainers, contributors, code of conduct, contributing link, support channels.
|
|
37
|
+
9. **License / support** — license file link, support policy, sponsorship or commercial support if applicable.
|
|
38
|
+
10. **Real star history (when applicable)** — link to public star history (e.g. star-history.com) only when the repo is public and the link resolves; do not fabricate.
|
|
39
|
+
11. **Concise AI-SDLC governance block** — one short block linking to `AGENTS.md`, `CONTRIBUTING.md`, ADRs, and the BRD/PRD traceability chain. Do not dump the entire governance payload into the README.
|
|
40
|
+
|
|
41
|
+
Sections 1, 3, 7, 8, 9, and 11 are mandatory in template mode. Sections 2, 4, 5, 6, and 10 are mandatory when their prerequisites are met (e.g. real star history only when public).
|
|
42
|
+
|
|
43
|
+
## Augmentation behavior (existing mode)
|
|
44
|
+
|
|
45
|
+
- Run a backup step before any rewrite. See "Backup and audit manifest" below.
|
|
46
|
+
- Preserve every existing section verbatim unless the user explicitly asks for reorganization.
|
|
47
|
+
- Detect missing catalogue sections and append them in the right order, separated by horizontal rules, without disturbing existing content.
|
|
48
|
+
- Detect duplicate or near-duplicate sections (e.g. two installation blocks); consolidate by adding a pointer to the canonical section, but do not delete user content without an explicit confirmation step.
|
|
49
|
+
- Reject augmentation when the existing README contains private/internal markers unless the host is private; surface a confirmation prompt before any rewrite.
|
|
50
|
+
|
|
51
|
+
## Real proof-signal gating
|
|
52
|
+
|
|
53
|
+
A proof signal is any badge, count, link, or claim that depends on external state (host stars, package downloads, license file, build status, release version). All proof signals MUST satisfy these rules:
|
|
54
|
+
|
|
55
|
+
- **Real data only.** Pull badges and counts from real, currently resolving sources. Reject hardcoded badge URLs, fake star counts, fabricated downloads, or invented release versions.
|
|
56
|
+
- **Public-only leakage guard.** Star history, downloads, public contributors, and social links appear only when the repo is public. Private/internal repos get a neutral version badge at most.
|
|
57
|
+
- **License accuracy.** The license badge must match the actual `LICENSE` file in the repo. Do not assume a default.
|
|
58
|
+
- **No marketing tone for internal or library-only repos.** Internal tooling and small libraries get accurate, restrained documentation; no "blazing fast", "production ready", or other unverified adjectives.
|
|
59
|
+
- **Validation.** Tests MUST reject invented claims, fake badges, fake star history, and any private/internal marker that leaks into a public README.
|
|
60
|
+
|
|
61
|
+
## Public/private host awareness
|
|
62
|
+
|
|
63
|
+
- Detect host visibility from the host API or explicit user input. Default to private if the host cannot be reached.
|
|
64
|
+
- Public repos: full template, real star history, public contributors, social links allowed.
|
|
65
|
+
- Private/internal repos: suppress star history, downloads counts, public contributor lists, and any social proof; keep license, build, and version badges only when real and applicable.
|
|
66
|
+
- Non-GitHub hosts: gracefully degrade. Use the host's own badge/CI mechanisms or omit the section with a comment that the host does not provide it.
|
|
67
|
+
|
|
68
|
+
## Backup and audit manifest
|
|
69
|
+
|
|
70
|
+
Before any augmentation or rewrite:
|
|
71
|
+
|
|
72
|
+
1. Copy the existing `README.md` (and any related doc snippets) to a timestamped backup path. Default pattern: `.ai/drift/readme-backups/README-<ISO8601-timestamp>.bak`.
|
|
73
|
+
2. Emit an audit manifest at `.ai/drift/readme-backups/audit-<ISO8601-timestamp>.json` with:
|
|
74
|
+
- Source path, source SHA, byte size, line count, section heading list.
|
|
75
|
+
- Detected mode (template or augmentation), reason.
|
|
76
|
+
- Planned additions (section title, intended content summary).
|
|
77
|
+
- Planned modifications (section title, before/after summary).
|
|
78
|
+
- Planned deletions (none in v1; the augmenter never deletes without explicit confirmation).
|
|
79
|
+
- Operator-visible confirmation prompt and the user's response.
|
|
80
|
+
3. Refuse to write when the audit manifest is missing or when the source SHA changed between backup and write.
|
|
81
|
+
4. Tests MUST assert that a backup path and audit manifest both exist for every augmentation/rewrite and that the audit manifest's section list matches the actual pre-write README.
|
|
82
|
+
|
|
83
|
+
## Concise AI-SDLC governance block
|
|
84
|
+
|
|
85
|
+
Append a short, link-only block at the end of the README. The block must:
|
|
86
|
+
|
|
87
|
+
- Link to `AGENTS.md` (or `CLAUDE.md` when only that exists), `CONTRIBUTING.md`, `docs/architecture/adr/`, and any BRD/PRD traceability doc that exists.
|
|
88
|
+
- Stay under 10 lines.
|
|
89
|
+
- Use neutral wording: "This repository follows the AI-SDLC methodology. See [AGENTS.md] for the operating contract, [docs/architecture/adr/] for architectural decisions, and [BRD/PRD] for traceability."
|
|
90
|
+
- Never inline `.rules.ts`, ADR bodies, BRD/PRD bodies, or full governance payloads.
|
|
91
|
+
|
|
92
|
+
## Safety rules
|
|
93
|
+
|
|
94
|
+
- Truth preservation. No invented claims, fake badges, fake star history, fake contributor counts, or private/internal leakage.
|
|
95
|
+
- Backup before rewrite. Augmentation and template-over-existing flows MUST produce a backup and audit manifest before any write.
|
|
96
|
+
- Idempotent marker writes. The AI-SDLC block is keyed on a marker comment; do not duplicate when the marker is already present.
|
|
97
|
+
- Do not delete user content. The augmenter never removes user-written content without explicit confirmation. The pointer/merge strategy above is the default.
|
|
98
|
+
- Validation runs after every write. The `validation.md` module's `tests/test-skills.sh` and `scripts/verify-golden-dir.sh` commands must pass for the affected fixtures.
|
|
99
|
+
|
|
100
|
+
## Verification commands
|
|
101
|
+
|
|
102
|
+
Run from `skills/` after touching the module, the module map, the SKILL, or the README fixtures:
|
|
103
|
+
|
|
104
|
+
```sh
|
|
105
|
+
tests/test-skills.sh
|
|
106
|
+
tests/test-scripts.sh
|
|
107
|
+
tests/run-tests.sh
|
|
108
|
+
bash scripts/archgate.sh --mode structural --rules .rules.ts --format json
|
|
109
|
+
./scripts/verify-golden-dir.sh . reference/golden-root
|
|
110
|
+
./scripts/verify-golden-dir.sh . reference/golden-skills
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
The README-specific golden fixtures live under `reference/fixtures/readme/` and cover:
|
|
114
|
+
|
|
115
|
+
- `sparse-repo/` — empty repo triggers template mode.
|
|
116
|
+
- `existing-repo/` — populated README triggers augmentation mode.
|
|
117
|
+
- `private-repo/` — host visibility is private, public proof signals are suppressed.
|
|
118
|
+
- `fake-badges/` — invented claims and fake badges are rejected.
|
|
119
|
+
- `private-leak/` — private/internal markers are rejected in public READMEs.
|
|
120
|
+
- `fact-retention/` — augmentation preserves project-specific facts and emits a backup/audit manifest.
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# Release Versioning Module
|
|
2
|
+
|
|
3
|
+
Read when initializing, configuring, or auditing a repo's release tagging, versioning, and CI/CD release workflows. This module covers strategy selection (Hybrid default, with SemVer and CalVer variants), provider-specific release workflows (GitHub Actions, Azure Pipelines, GitLab CI), tag guardrails, and the release metadata manifest. It is scaffold guidance only; the CI/CD release workflows it emits assume protected main and PR-only delivery, default to active-on-main after PR merge, and keep tag creation guardrail-gated. **No production deploys or history rewrites** are included in the first pass.
|
|
4
|
+
|
|
5
|
+
## Strategy selection
|
|
6
|
+
|
|
7
|
+
The default strategy is **Hybrid**: a semantic base (SemVer-derived or CalVer-derived) plus a timestamp/trace metadata envelope recorded in a release manifest. Pure SemVer and pure CalVer are still supported strategy variants. Every strategy records a `version_impact` audit decision inferred from trusted sources before tag creation is considered.
|
|
8
|
+
|
|
9
|
+
| Strategy | When to read |
|
|
10
|
+
| --- | --- |
|
|
11
|
+
| **Hybrid (default)** | Use for AI-assisted delivery where every release needs an auditable trace to the source commit, CI run, and tag-creation decision. |
|
|
12
|
+
| **SemVer** | Use when the project follows strict semantic versioning with conventional commits and a single source of truth for breaking-change signaling. |
|
|
13
|
+
| **CalVer** | Use when the project is date-driven and version communicates release cadence rather than compatibility. |
|
|
14
|
+
|
|
15
|
+
The strategy selector writes a `release.json` manifest at the repo root (or `.ai/release.json` if the project prefers hidden). The manifest is the audit anchor; the tag is derived from the manifest strategy and the version-impact decision is recorded alongside the guardrails.
|
|
16
|
+
|
|
17
|
+
## Version-impact decision rule
|
|
18
|
+
|
|
19
|
+
When BRD/PRD, product spec, acceptance criteria, ADRs, tickets, commits, or operator input disagree about release impact, use **highest-signal-wins**:
|
|
20
|
+
|
|
21
|
+
1. Explicit PRD/spec/acceptance-criteria/ADR compatibility statements.
|
|
22
|
+
2. Ticket or work-item `Version impact` fields copied from the PRD/spec chain.
|
|
23
|
+
3. Conventional-commit or diff inference.
|
|
24
|
+
4. Operator defaults or unknown impact.
|
|
25
|
+
|
|
26
|
+
Record the selected signal and rationale in the manifest audit fields. Never downgrade a PRD/spec breaking-change signal because commit messages look non-breaking.
|
|
27
|
+
|
|
28
|
+
## Release manifest (`release.json`)
|
|
29
|
+
|
|
30
|
+
A complete release manifest contains, at minimum:
|
|
31
|
+
|
|
32
|
+
```json
|
|
33
|
+
{
|
|
34
|
+
"schema_version": "1.0",
|
|
35
|
+
"strategy": "hybrid|semver|calver",
|
|
36
|
+
"tag": "v1.4.0+2026.06.08.trace-7f3a",
|
|
37
|
+
"base_version": "1.4.0",
|
|
38
|
+
"base_sha": "<full 40-char git SHA>",
|
|
39
|
+
"timestamp_utc": "2026-06-08T12:34:56Z",
|
|
40
|
+
"trace_id": "<CI run id or local UUIDv4>",
|
|
41
|
+
"provider": "github-actions|azure-pipelines|gitlab-ci",
|
|
42
|
+
"delivery_policy": {
|
|
43
|
+
"protected_main": "required",
|
|
44
|
+
"pr_before_main": "required",
|
|
45
|
+
"pr_review_loop": "required",
|
|
46
|
+
"actionable_comments_resolved": "required",
|
|
47
|
+
"local_ci": "required",
|
|
48
|
+
"host_ci": "required",
|
|
49
|
+
"provider_policy_mutation": "checklist_only"
|
|
50
|
+
},
|
|
51
|
+
"guardrails": {
|
|
52
|
+
"green_ci": "pass|fail|skipped",
|
|
53
|
+
"conventional_commits": "pass|fail|skipped",
|
|
54
|
+
"secrets_permissions_preflight": "pass|fail|skipped",
|
|
55
|
+
"no_dirty_generated_state": "pass|fail|skipped",
|
|
56
|
+
"protected_tag_policy": "pass|fail|skipped"
|
|
57
|
+
},
|
|
58
|
+
"guardrail_reasons": {
|
|
59
|
+
"<key>": "<one-line explanation on fail; empty on pass>"
|
|
60
|
+
},
|
|
61
|
+
"tag_creation": "blocked|allowed",
|
|
62
|
+
"tag_creation_reason": "<one-line explanation>"
|
|
63
|
+
}
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
For Hybrid, the tag format is `<base>+<utc-date>.<trace-token>`. For SemVer, the tag format is `v<MAJOR>.<MINOR>.<PATCH>`. For CalVer, the tag format is `v<YYYY>.<MM>.<DD>` or `v<YYYY>.<0X>` depending on cadence.
|
|
67
|
+
|
|
68
|
+
The manifest is the only authoritative record. Tag creation is a derived provider-API action that happens only when every guardrail is `pass` or `skipped`, `tag_creation` is `allowed`, protected main is in force, the change reached main through a PR, the architect/reviewer/executor review loop resolved actionable comments, and local CI plus host CI are green. Provider branch/ruleset/tag policy mutation remains checklist-only unless the user explicitly authorizes an admin action.
|
|
69
|
+
|
|
70
|
+
## Version-impact source matrix
|
|
71
|
+
|
|
72
|
+
Automatic inference is allowed and expected: explicit `versionImpact` metadata in a PRD/spec is optional, not required. The selector records every source it can inspect and chooses the highest trusted signal using this precedence: `major > minor > patch > none`.
|
|
73
|
+
|
|
74
|
+
| Source | Major signal | Minor signal | Patch signal | None signal |
|
|
75
|
+
| --- | --- | --- | --- | --- |
|
|
76
|
+
| PRD/spec prose | breaking change, incompatible behavior, required migration, removed public API | new user-visible capability or feature | bug fix, regression fix, compatibility fix | docs-only, no release impact |
|
|
77
|
+
| Optional explicit metadata | `versionImpact: major` | `versionImpact: minor` | `versionImpact: patch` | `versionImpact: none` |
|
|
78
|
+
| Conventional commits | `BREAKING CHANGE:` footer or `type!:` marker | `feat:` | `fix:` | `docs:`, `chore:`, `test:` |
|
|
79
|
+
| PR labels | `release:major`, `breaking-change` | `release:minor`, `feature` | `release:patch`, `bugfix` | `release:none`, `no-release` |
|
|
80
|
+
| Breaking-change markers | Migration required, compatibility break marker | n/a | n/a | n/a |
|
|
81
|
+
| Linked issue/ticket type | epic/breaking/migration | feature/story | bug/defect | docs/task |
|
|
82
|
+
|
|
83
|
+
Lower/higher ordinary signals are not conflicts; the highest signal wins and lower signals are retained in `version_impact_sources`. Explicit incompatible claims are conflicts: for example, an explicit `versionImpact: none` with PRD prose that says a breaking migration is required must populate `version_impact_conflicts` and block tag creation or require manual review before a tag is created.
|
|
84
|
+
|
|
85
|
+
## Tag guardrails
|
|
86
|
+
|
|
87
|
+
Five guardrails gate every tag-creation attempt. All five must pass (or be `skipped` with a documented reason) before any tag is created.
|
|
88
|
+
|
|
89
|
+
1. **Green CI required** — the latest CI run on the candidate SHA must report `success`. The release workflow must not bypass or override the CI status.
|
|
90
|
+
2. **Conventional commits required** — every commit in the candidate range must match the conventional commit grammar (`feat:`, `fix:`, `BREAKING CHANGE:`, etc.). Non-conventional commits block the tag.
|
|
91
|
+
3. **Secrets/permissions preflight required** — required secrets/registry tokens must be present and the workflow's `permissions` block must be explicit (no default broad grants). The preflight must not log secret values; it logs only the key names and presence/absence.
|
|
92
|
+
4. **No dirty generated state required** — the working tree must not contain uncommitted changes to generated artifacts (e.g. `dist/`, `build/`, golden fixtures). Generated files must be either committed or gitignored.
|
|
93
|
+
5. **Protected tag policy required** — the tag must be created via the CI-controlled release identity, not via a local push. The provider must reject local tag pushes for protected tag patterns (`v*`, `release/*`).
|
|
94
|
+
|
|
95
|
+
A guardrail that fails produces a `guardrail_reasons` entry naming the failure. The release workflow must surface the failed guardrail to the operator and exit non-zero without creating the tag.
|
|
96
|
+
|
|
97
|
+
Version-impact conflicts are an additional fail-closed gate. They do not replace the five guardrails above; if conflicts are present, `tag_creation` is `blocked` even when the five guardrails pass or are skipped.
|
|
98
|
+
|
|
99
|
+
## Provider release workflows
|
|
100
|
+
|
|
101
|
+
The module emits provider-specific executable templates. Each template implements the same strategy contract (Hybrid default; SemVer/CalVer variants), the same five guardrails, and the canonical protected main / PR-only delivery policy. Templates default to **active on main after PR merge** (the release workflow runs on push to `main` and manual dispatch, with tag handling provider-specific), but tag creation is blocked by the guardrail gate. Release CI must not replace validation CI; PR validation and comment resolution happen before merge.
|
|
102
|
+
|
|
103
|
+
### GitHub Actions (`.github/workflows/release.yml`)
|
|
104
|
+
|
|
105
|
+
- Triggers: `push` to `main`, `workflow_dispatch`; no `pull_request` release trigger.
|
|
106
|
+
- Permissions: explicit `permissions:` block scoped to the minimum needed for tag creation and publishing (`contents: write` for protected-tag API refs, `id-token: write` for OIDC, and any package-specific scopes such as `packages: write`). No default broad `write-all`.
|
|
107
|
+
- Steps: checkout → setup language toolchain → install publish-semver-derived helpers → run guardrail preflight → run strategy selector → emit `release.json` → compute tag → push tag via GH API (not local) → optionally publish via publish-semver.
|
|
108
|
+
- Reuses `publish-semver` for ecosystem-specific publishing semantics (npm, PyPI, crates.io, Maven Central, etc.).
|
|
109
|
+
- Fails closed on any guardrail failure.
|
|
110
|
+
|
|
111
|
+
### Azure Pipelines (`azure-pipelines-release.yml`)
|
|
112
|
+
|
|
113
|
+
- Triggers: `trigger` on `main`, `pr: none` for release (validation PR checks are separate), manual via `parameters`.
|
|
114
|
+
- Variables: explicit `variables:` block; sensitive values from an Azure DevOps variable group (linked secret store). `secrets/permissions` preflight runs as the first task.
|
|
115
|
+
- Steps: checkout → use Node/Python/Rust task → install publish-semver helpers → run guardrail preflight → run strategy selector → emit `release.json` → create tag via Azure Repos API with the CI identity, not a local push or personal access token → optionally publish.
|
|
116
|
+
- Fails closed on any guardrail failure.
|
|
117
|
+
|
|
118
|
+
### GitLab CI (`.gitlab-ci-release.yml`)
|
|
119
|
+
|
|
120
|
+
- Stages: `validate` → `release`.
|
|
121
|
+
- Triggers: `rules:` on push to `main`, on tag pipeline, manual via `when: manual`; no merge-request release trigger.
|
|
122
|
+
- Variables: explicit; protected CI/CD variables masked; `secrets/permissions` preflight runs first.
|
|
123
|
+
- Steps: checkout → install toolchain → install publish-semver helpers → run guardrail preflight → run strategy selector → emit `release.json` → create protected tag via the GitLab Releases API (not a local push) → optionally publish.
|
|
124
|
+
- Fails closed on any guardrail failure.
|
|
125
|
+
|
|
126
|
+
The provider release templates are checked in but do not run unless the user explicitly enables them. Enabling is a checklist/decision, not a hidden mutation.
|
|
127
|
+
|
|
128
|
+
## Protected main and PR-only delivery
|
|
129
|
+
|
|
130
|
+
Every repo initialized with this release module assumes protected main and PR-only delivery:
|
|
131
|
+
|
|
132
|
+
- Branch/ruleset/tag protection is emitted as checklist-only provider configuration unless the user explicitly authorizes host admin mutation.
|
|
133
|
+
- Every implementation change reaches main through a PR. Admin users may self-approve where policy permits only through an explicit admin approve/admin bypass lane that the host/runtime supports; otherwise use a distinct approver. The PR still exists and remains auditable, and the merge record captures actor, authority, reason, checks, and approval mode.
|
|
134
|
+
- The PR review loop must resolve all actionable comments using architect, reviewer, and executor roles before merge.
|
|
135
|
+
- Local CI and host SCM CI must be green before merge. Release CI then runs from the protected main SHA and may create tags only through provider APIs.
|
|
136
|
+
|
|
137
|
+
## Tag creation, protected tags, and audit
|
|
138
|
+
|
|
139
|
+
- **Protected tags.** Each provider has a tag-protection mechanism: GitHub `rulesets` for tag patterns, Azure DevOps branch/tag policies, GitLab `protected tags`. The module emits a checklist for tag protection per provider but does not call provider APIs to apply it.
|
|
140
|
+
- **CI-controlled release identity.** Tag creation runs inside the CI job with the CI-provided identity through provider APIs, not from a developer machine and not via local `git push`. The audit trail in the `release.json` manifest records the CI run id as `trace_id`, the runner provider as `provider`, and the protected-main / PR-only `delivery_policy`.
|
|
141
|
+
- **No history rewrites.** The module does not include tag deletion, force-push, or commit-history rewriting. If a bad tag is pushed, the recovery path is to push a new tag (e.g. `v1.4.1`) and emit a manifest entry explaining the prior tag's retirement; the prior tag is not deleted.
|
|
142
|
+
- **No production deploys.** The release workflows stop at tag creation and (optional) package publish. They do not deploy to production environments, run database migrations, or invoke cloud provisioning. Production deployment is a separate downstream concern.
|
|
143
|
+
|
|
144
|
+
## Credential and registry boundary
|
|
145
|
+
|
|
146
|
+
- **Package/registry publishing is conditional.** The release workflow only attempts to publish when (a) the project has a recognized package manifest (e.g. `package.json`, `pyproject.toml`, `Cargo.toml`, `pom.xml`) and (b) the required publishing credentials are present and scoped.
|
|
147
|
+
- **Full automation allowed when permissions allow.** If the host and registry permit and the operator has confirmed the scope, the release workflow may publish automatically after tag creation. If the host rejects or the scope is missing, the workflow stops after tag creation and surfaces a clear next-step message.
|
|
148
|
+
- **No secret value logging.** Preflight logs only the names of the secrets it found and the scopes it detected. Secret values are never echoed to logs.
|
|
149
|
+
|
|
150
|
+
## Reuse of `publish-semver`
|
|
151
|
+
|
|
152
|
+
This module reuses the `publish-semver` skill (installed under `~/.codex/skills/publish-semver/`) for ecosystem-specific publishing semantics — npm, PyPI, crates.io, Maven Central, NuGet, pub.dev, Hex, Erlang Hex, and Gradle/Maven Central via Azure DevOps. The release workflow invokes `publish-semver` to do the actual publish step; this module owns the strategy, manifest, version-impact source selection, and guardrails, not the publish semantics. The `publish-semver` conventional-commit mapping (`fix` patch, `feat` minor, breaking major) is one input source in the matrix, not the only authority.
|
|
153
|
+
|
|
154
|
+
## Safety rules
|
|
155
|
+
|
|
156
|
+
- **Truth preservation.** The `release.json` manifest is the only authoritative record. Provider APIs may tag; the manifest is what auditors read.
|
|
157
|
+
- **No fake tags.** Tags must come from a real guardrail-passed release run. No manual tag pushes for protected tag patterns.
|
|
158
|
+
- **No production deploys in this module.** Production deploys are out of scope and live in a downstream module.
|
|
159
|
+
- **No history rewrites.** Tag retirement is forward-only; the prior tag is recorded as retired, not deleted.
|
|
160
|
+
- **Idempotent manifest writes.** A re-run with the same input must produce a byte-identical manifest (timestamps and trace ids come from the CI run, not the wall clock; the CI run id is stable per run).
|
|
161
|
+
- **Verification commands run after every provider-template change.** See the verification section below.
|
|
162
|
+
|
|
163
|
+
## Verification commands
|
|
164
|
+
|
|
165
|
+
Run from `skills/` after touching this module, the module map, the SKILL, `ci-policy.md`, or any provider release template:
|
|
166
|
+
|
|
167
|
+
```sh
|
|
168
|
+
tests/test-skills.sh
|
|
169
|
+
tests/test-scripts.sh
|
|
170
|
+
tests/run-tests.sh
|
|
171
|
+
bash scripts/archgate.sh --mode structural --rules .rules.ts --format json
|
|
172
|
+
./scripts/verify-golden-dir.sh . reference/golden-root
|
|
173
|
+
./scripts/verify-golden-dir.sh . reference/golden-skills
|
|
174
|
+
```
|
|
175
|
+
|
|
176
|
+
The release-versioning-specific golden fixtures live under `reference/fixtures/release/` and cover:
|
|
177
|
+
|
|
178
|
+
- `hybrid-default/` — Hybrid strategy selector emits a Hybrid-shaped manifest with base+timestamp+trace.
|
|
179
|
+
- `semver-only/` — SemVer strategy selector emits a pure-SemVer manifest.
|
|
180
|
+
- `calver-only/` — CalVer strategy selector emits a CalVer-shaped manifest.
|
|
181
|
+
- `guardrail-fail/` — at least one guardrail fails; the manifest records the failure and `tag_creation: "blocked"`.
|
|
182
|
+
- `protected-tag/` — the provider template declares protected-tag semantics; local-push paths are explicitly rejected.
|
|
183
|
+
- `version-impact/` — PRD/spec version-impact signals are recorded and win over lower-priority inferred signals.
|
|
184
|
+
- `no-history-rewrite/` — the template contains no `git push --force`, no tag deletion, no commit-history rewrite.
|
|
185
|
+
- `no-production-deploy/` — the template contains no `azure webapp deploy`, no `kubectl apply`, no `aws s3 sync` style production steps.
|
|
186
|
+
- `secrets-preflight/` — the preflight logs key names only, never values.
|
|
187
|
+
- `version-impact-highest-signal/` — PRD/spec prose can raise a fix-only commit to major or minor by highest-signal precedence.
|
|
188
|
+
- `version-impact-conflict/` — explicit incompatible claims are recorded in `version_impact_conflicts` and block tag creation/review.
|