@r3dlex/ai-catapult 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (132) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +139 -0
  3. package/bin/ai-catapult.js +229 -0
  4. package/dist/claude-plugin/.claude-plugin/marketplace.json +28 -0
  5. package/dist/claude-plugin/.claude-plugin/plugin.json +21 -0
  6. package/dist/claude-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
  7. package/dist/claude-plugin/skills/ai-catapult-init/SKILL.md +79 -0
  8. package/dist/claude-plugin/skills/ai-catapult-init/modules/README.md +48 -0
  9. package/dist/claude-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
  10. package/dist/claude-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
  11. package/dist/claude-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
  12. package/dist/claude-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
  13. package/dist/claude-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
  14. package/dist/claude-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
  15. package/dist/claude-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
  16. package/dist/claude-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
  17. package/dist/claude-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
  18. package/dist/claude-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
  19. package/dist/claude-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
  20. package/dist/claude-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
  21. package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
  22. package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
  23. package/dist/claude-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
  24. package/dist/claude-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
  25. package/dist/claude-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
  26. package/dist/claude-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
  27. package/dist/claude-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
  28. package/dist/claude-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
  29. package/dist/claude-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
  30. package/dist/claude-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
  31. package/dist/claude-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
  32. package/dist/claude-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
  33. package/dist/claude-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
  34. package/dist/claude-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
  35. package/dist/claude-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
  36. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
  37. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
  38. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
  39. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
  40. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
  41. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
  42. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
  43. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
  44. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
  45. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
  46. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
  47. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
  48. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
  49. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
  50. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
  51. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
  52. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
  53. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
  54. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
  55. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
  56. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
  57. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
  58. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
  59. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
  60. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
  61. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
  62. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
  63. package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
  64. package/dist/claude-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
  65. package/dist/codex-plugin/.codex-plugin/plugin.json +11 -0
  66. package/dist/codex-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
  67. package/dist/codex-plugin/skills/ai-catapult-init/SKILL.md +79 -0
  68. package/dist/codex-plugin/skills/ai-catapult-init/modules/README.md +48 -0
  69. package/dist/codex-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
  70. package/dist/codex-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
  71. package/dist/codex-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
  72. package/dist/codex-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
  73. package/dist/codex-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
  74. package/dist/codex-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
  75. package/dist/codex-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
  76. package/dist/codex-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
  77. package/dist/codex-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
  78. package/dist/codex-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
  79. package/dist/codex-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
  80. package/dist/codex-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
  81. package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
  82. package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
  83. package/dist/codex-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
  84. package/dist/codex-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
  85. package/dist/codex-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
  86. package/dist/codex-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
  87. package/dist/codex-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
  88. package/dist/codex-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
  89. package/dist/codex-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
  90. package/dist/codex-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
  91. package/dist/codex-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
  92. package/dist/codex-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
  93. package/dist/codex-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
  94. package/dist/codex-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
  95. package/dist/codex-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
  96. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
  97. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
  98. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
  99. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
  100. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
  101. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
  102. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
  103. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
  104. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
  105. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
  106. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
  107. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
  108. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
  109. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
  110. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
  111. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
  112. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
  113. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
  114. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
  115. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
  116. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
  117. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
  118. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
  119. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
  120. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
  121. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
  122. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
  123. package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
  124. package/dist/codex-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
  125. package/package.json +51 -0
  126. package/scripts/build-claude-plugin.sh +179 -0
  127. package/scripts/build-codex-plugin.sh +104 -0
  128. package/scripts/snapshot-dist.sh +26 -0
  129. package/setup.sh +63 -0
  130. package/skills.lock.json +6 -0
  131. package/src/install.js +380 -0
  132. package/src/scaffold.js +220 -0
@@ -0,0 +1,276 @@
1
+ # Validation Module
2
+
3
+ Read when proving the scaffold matches the v3 baseline. v3 validation covers structural checks, depth validation, physical-copy sync semantics, host-policy safety wording, and the v3 fixture set.
4
+
5
+ ## Commands
6
+
7
+ Run from `skills/` when validating this repository:
8
+
9
+ ```sh
10
+ tests/test-skills.sh
11
+ tests/test-scripts.sh
12
+ tests/run-tests.sh
13
+ tests/final-validation-gate_test.sh
14
+ python3 scripts/validate-final-package.py
15
+ bash scripts/archgate.sh --mode structural --rules .rules.ts --format json
16
+ ./scripts/verify-golden-dir.sh . reference/golden-root
17
+ ./scripts/verify-golden-dir.sh . reference/golden-skills
18
+ ```
19
+
20
+ In addition, the v3 check set is exercised against `reference/fixtures/v3/`:
21
+
22
+ ```sh
23
+ ./scripts/verify-golden-dir.sh . reference/golden-root
24
+ ./scripts/verify-golden-dir.sh . reference/golden-skills
25
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/matrix.json >/dev/null
26
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/skills/git-ops.json >/dev/null
27
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/skills/workspace-sync.json >/dev/null
28
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/workflows/repo-workflow.json >/dev/null
29
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/traceability/graph.json >/dev/null
30
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/evals/example-output-eval/evalset.json >/dev/null
31
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/evals/example-output-eval/judge-config.json >/dev/null
32
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/evals/example-output-eval/evalset.json >/dev/null
33
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/evals/example-output-eval/judge-config.json >/dev/null
34
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/policies/model-routing.json >/dev/null
35
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/policies/model-routing.json >/dev/null
36
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/matrix.json >/dev/null
37
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/drift/last-drift.json >/dev/null
38
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/workflows/repo-workflow.json >/dev/null
39
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/traceability/graph.json >/dev/null
40
+ python3 - <<'PY'
41
+ import copy, json, pathlib
42
+
43
+ def rejects_invalid_topology(candidate):
44
+ if candidate["topology_type"] == "standalone":
45
+ return candidate["max_allowed_depth"] != 0 or candidate["current_depth"] != 0
46
+ if candidate["topology_type"] == "umbrella":
47
+ return (
48
+ candidate["max_allowed_depth"] != 3
49
+ or candidate["current_depth"] > candidate["max_allowed_depth"]
50
+ or any(repo["depth"] > candidate["max_allowed_depth"] for repo in candidate.get("managed_repositories", []))
51
+ )
52
+ return True
53
+
54
+ m = json.load(open("reference/fixtures/v3/standalone/.ai/matrix.json"))
55
+ assert m["topology_type"] == "standalone"
56
+ assert m["max_allowed_depth"] == 0
57
+ assert m["current_depth"] == 0
58
+ invalid = copy.deepcopy(m)
59
+ invalid["max_allowed_depth"] = 1
60
+ assert rejects_invalid_topology(invalid)
61
+ invalid = copy.deepcopy(m)
62
+ invalid["current_depth"] = 1
63
+ assert rejects_invalid_topology(invalid)
64
+ for rel in [
65
+ "reference/fixtures/v3/standalone/.ai/skills/git-ops.json",
66
+ "reference/fixtures/v3/standalone/.ai/skills/workspace-sync.json",
67
+ ]:
68
+ data = json.loads(pathlib.Path(rel).read_text())
69
+ assert data["sync_strategy"] == "physical-copy"
70
+ assert data["topology"]["topology_type"] == "standalone"
71
+ assert data["topology"]["max_allowed_depth"] == 0
72
+ assert data["topology"]["current_depth"] == 0
73
+ assert data["validation"]["reject_canonical_symlink"] is True
74
+ assert data["validation"]["reject_canonical_git_submodule"] is True
75
+ PY
76
+ python3 - <<'PY'
77
+ import copy, json
78
+
79
+ def rejects_invalid_topology(candidate):
80
+ if candidate["topology_type"] == "standalone":
81
+ return candidate["max_allowed_depth"] != 0 or candidate["current_depth"] != 0
82
+ if candidate["topology_type"] == "umbrella":
83
+ return (
84
+ candidate["max_allowed_depth"] != 3
85
+ or candidate["current_depth"] > candidate["max_allowed_depth"]
86
+ or any(repo["depth"] > candidate["max_allowed_depth"] for repo in candidate.get("managed_repositories", []))
87
+ )
88
+ return True
89
+
90
+ m = json.load(open("reference/fixtures/v3/umbrella/.ai/matrix.json"))
91
+ assert m["topology_type"] == "umbrella"
92
+ assert m["max_allowed_depth"] == 3
93
+ assert m["current_depth"] <= m["max_allowed_depth"]
94
+ for repo in m["managed_repositories"]:
95
+ assert repo["depth"] <= m["max_allowed_depth"]
96
+ invalid = copy.deepcopy(m)
97
+ invalid["max_allowed_depth"] = 2
98
+ assert rejects_invalid_topology(invalid)
99
+ invalid = copy.deepcopy(m)
100
+ invalid["current_depth"] = 4
101
+ assert rejects_invalid_topology(invalid)
102
+ PY
103
+ python3 - <<'PY'
104
+ import json
105
+ m = json.load(open("reference/fixtures/v3/depth-violation/.ai/matrix.json"))
106
+ assert m["current_depth"] > m["max_allowed_depth"]
107
+ assert any(repo["depth"] > m["max_allowed_depth"] for repo in m["managed_repositories"])
108
+ PY
109
+ python3 - <<'PY'
110
+ import json
111
+
112
+ TIERS = {"frontier", "mid", "cheap"}
113
+ for variant in ("standalone", "umbrella"):
114
+ p = f"reference/fixtures/v3/{variant}/.ai/policies/model-routing.json"
115
+ data = json.load(open(p))
116
+ assert data.get("schema_version"), f"{p}: schema_version missing"
117
+ task_classes = data["task_classes"]
118
+ assert task_classes, f"{p}: task_classes empty"
119
+ # forward: every task-class maps to a known tier
120
+ for tc, tier in task_classes.items():
121
+ assert tier in TIERS, f"{p}: task-class {tc} -> unknown tier {tier}"
122
+ # reverse coverage: every tier has >=1 host alias; no alias outside the set
123
+ covered = set()
124
+ for host, aliases in data["host_aliases"].items():
125
+ assert aliases, f"{p}: host {host} has no aliases"
126
+ for tier, model in aliases.items():
127
+ assert tier in TIERS, f"{p}: host {host} aliases unknown tier {tier}"
128
+ assert model, f"{p}: host {host} tier {tier} empty model"
129
+ covered.add(tier)
130
+ assert covered == TIERS, f"{p}: tiers without a host alias: {sorted(TIERS - covered)}"
131
+ PY
132
+ python3 -m json.tool reference/fixtures/v3/legacy-migration/migration-manifest.json >/dev/null
133
+ test -s reference/fixtures/v3/standalone/.ai/observability/conventions.md
134
+ test -s reference/fixtures/v3/standalone/.ai/observability/audit-checklist.md
135
+ test -s reference/fixtures/v3/umbrella/.ai/observability/conventions.md
136
+ test -s reference/fixtures/v3/umbrella/.ai/observability/audit-checklist.md
137
+ python3 -m json.tool reference/fixtures/v3/standalone/.ai/mcp/registry.json >/dev/null
138
+ python3 -m json.tool reference/fixtures/v3/umbrella/.ai/mcp/registry.json >/dev/null
139
+ test -s reference/fixtures/v3/standalone/.ai/mcp/a2a-handoff.md
140
+ test -s reference/fixtures/v3/umbrella/.ai/mcp/a2a-handoff.md
141
+ python3 - <<'PY'
142
+ import json
143
+ for variant in ("standalone", "umbrella"):
144
+ p = f"reference/fixtures/v3/{variant}/.ai/mcp/registry.json"
145
+ data = json.load(open(p))
146
+ assert data.get("schema_version"), f"{p}: schema_version missing"
147
+ assert isinstance(data.get("servers"), list), f"{p}: servers array missing"
148
+ a2a = data.get("a2a")
149
+ assert isinstance(a2a, dict), f"{p}: a2a block missing"
150
+ assert a2a.get("protocol"), f"{p}: a2a.protocol missing"
151
+ assert a2a.get("handoff_convention"), f"{p}: a2a.handoff_convention missing"
152
+ for s in data["servers"]:
153
+ for key in ("name", "transport", "status", "tools"):
154
+ assert key in s, f"{p}: server entry missing key {key}"
155
+ assert s["status"] == "stub", f"{p}: server {s.get('name')} status must be 'stub'"
156
+ assert isinstance(s["tools"], list), f"{p}: server {s.get('name')} tools not a list"
157
+ PY
158
+ test -s reference/fixtures/v3/standalone/.ai/reviews/ai-failure-modes.md
159
+ test -s reference/fixtures/v3/umbrella/.ai/reviews/ai-failure-modes.md
160
+ python3 - <<'PY'
161
+ import pathlib
162
+ MODES = ("hallucinated", "slopsquat", "error handling", "looks-right")
163
+ for variant in ("standalone", "umbrella"):
164
+ p = f"reference/fixtures/v3/{variant}/.ai/reviews/ai-failure-modes.md"
165
+ text = pathlib.Path(p).read_text().lower()
166
+ for mode in MODES:
167
+ assert mode in text, f"{p}: missing failure mode keyword {mode!r}"
168
+ assert "- [ ]" in pathlib.Path(p).read_text(), f"{p}: no actionable checklist items"
169
+ PY
170
+ ```
171
+
172
+ ## Expected interpretation
173
+
174
+ - `tests/test-skills.sh` is authoritative only after its frontmatter-aware body-line parser passes focused regression fixtures.
175
+ - Corrected line-count failures identify progressive-disclosure cleanup targets; do not hide them by weakening the validator.
176
+ - Golden verification compares scaffolded files and marker presence; `upstream.lock` SHA content is intentionally structure-checked, not byte-compared.
177
+ - v3 fixtures are reference outputs. They must parse as JSON, obey the matrix schema, demonstrate the depth rule, and prove workflow/traceability links have no dangling references.
178
+
179
+ ## v3 structural checks
180
+
181
+ The validator runs the following v3 checks on the v3 fixtures and any candidate v3 repo:
182
+
183
+ 1. **Traceability graph** — `.ai/traceability/graph.json`, `.ai/traceability/index.md`, and `.ai/traceability/validation-report.md` exist; graph node IDs are stable, every edge endpoint resolves, and backlinks have no dangling node IDs. The validator accepts schema `>= 1.1` graphs whose `type` enum additively includes `eval-result` and `trajectory-trace`; `1.0` graphs and fixtures stay valid (back-compat), and a node `type` outside the known enum still fails (`modules/traceability.md`, D4). The discoverable runner is `tests/traceability-schema-v11_test.sh`.
184
+ 2. **Workflow surfaces** — `.ai/workflows/repo-workflow.md`, `.ai/workflows/repo-workflow.json`, `.ai/phases/<phase>/status.json`, and `.ai/handoff/init-ai-repo-handoff.md` exist; generated `AGENTS.md` and `README.md` link to both workflow files. `CLAUDE.md` and `GEMINI.md` are thin pointers to `AGENTS.md` and are not workflow-linking surfaces.
185
+ 3. **Cascade contract** — `.ai/cascade/cascade-plan.json`, `.ai/cascade/audit.jsonl`, `.ai/cascade/reconciliation-report.md`, and `.ai/cascade/host-adapters/<host>.json` exist when multi-repo cascade is available; configured hosts are GitHub, Azure DevOps, GitLab, Jira, and Local Markdown; first hosted apply without confirmation is blocked; confirmed apply creates links once; subsequent update is idempotent and creates no duplicate child items. Each `host-adapters/<host>.json` conforms to the cascade host-adapter JSON schema (`modules/cascade.md`, D8): exactly the 10 logical operations, a stable `second_run.idempotency_key`, required `readback` link fields, and no credentials. The idempotency guarantee is proven offline by a mocked re-run that produces no duplicate child. The discoverable runners are `tests/cascade-fixtures_test.sh` and `tests/cascade-host-adapter-schema_test.sh`.
186
+ 4. **Skill catalog modernization** — `.ai/skills/catalog-audit.json`, `.ai/skills/description-exceptions.json`, and `.ai/skills/modernization-report.md` exist when the target repo owns skills; target descriptions are `<=180` characters, hard-fail budget is `>280` without audited exceptions, and first-class skills preserve progressive disclosure, trigger/non-trigger/fallback boundaries, link/alias/referenced-file/script validity, cross-skill workflow links, and AI-SDLC compatibility (`modules/skill-modernization.md`). The discoverable runner is `tests/skill-modernization-audit_test.sh`.
187
+ 5. **Final validation package** — `scripts/validate-final-package.py` and `tests/final-validation-gate_test.sh` bundle workflow, traceability, cascade, catalog, golden, CI-wiring, archgate, and no-secret/static checks for the final review gate.
188
+ 6. **Top-level layout** — required entry files (`AGENTS.md`, `CLAUDE.md`, `GEMINI.md`, `CONTRIBUTING.md`, `README.md`) and required directories (`.ai/`, `.memory/`, `docs/architecture/`, `docs/specifications/ACTIVE/`, `docs/specifications/ARCHIVED/`, `docs/learning/`) are present for a standalone repo.
189
+ 7. **Topology matrix** — `.ai/matrix.json` exists, parses as JSON, declares `schema_version: "1.0"`, has a valid `topology_type` (`standalone` or `umbrella`), and uses `sync_strategy: "physical-copy"`.
190
+ 8. **Depth rule** — for `standalone` topology, `max_allowed_depth` and `current_depth` are exactly `0`; any other values fail or block before apply. For `umbrella` topology, `max_allowed_depth` is exactly `3`, `current_depth` is `<= max_allowed_depth`, and every managed repository depth is `<= max_allowed_depth`; any other maximum or exceeded depth fails or blocks before apply.
191
+ 9. **Sync-strategy rule** — `sync_strategy` is `physical-copy`. The validator rejects `symlink` and `git-submodule` as canonical.
192
+ 10. **Memory layer** — `.memory/human-override/` exists and is treated as terminal priority (validator never overwrites files there). `.memory/self-learned/` declares `schema_version` on every JSON file.
193
+ 11. **Host-policy safety wording** — host-policy documentation contains the dry-run / confirmation / audit / negative-test language and the non-admin auto-approval prohibition. See `modules/host-policy-automation.md`.
194
+ 12. **Migration audit** — when migrating from a legacy scaffold, `.ai/drift/migration-manifest.json` exists with the action vocabulary (`migrate`, `copy`, `deprecate`, `supersede`) and a confirmation token for every `migrate` action.
195
+ 13. **Marker blocks** — `<!-- ai-sdlc-init:start -->` ... `<!-- ai-sdlc-init:end -->` markers are present in the entry files when the v3 marker format is in use.
196
+ 14. **Eval coverage** — for every `.ai/evals/<set>/` directory, `evalset.json`, `rubric.md`, and `judge-config.json` exist; `evalset.json` parses and declares `schema_version`, `set_id`, and a non-empty `cases` array; `judge-config.json` parses and declares `schema_version` and a `judge` block; `rubric.md` is non-empty. The eval-coverage gate (`modules/evals.md`, ADR-0002) is offline and structural only; no LM-judge or network call runs in CI. A skill changed in the PR diff that declares an `eval:` key must reference a structurally valid evalset unless an audited exception is recorded in `.ai/evals/coverage-exceptions.json`.
197
+ 15. **Model-routing policy** — `.ai/policies/model-routing.json` exists, parses as JSON, and declares `schema_version` (ADR-0003, `modules/documentation-blueprint.md`). Tiers are provider-neutral: `{frontier, mid, cheap}`. **Forward:** every entry in the `task_classes` map points to a tier in that set. **Reverse coverage:** the `host_aliases` table maps each host (e.g. `claude`, `codex`) to per-tier model names; every tier in `{frontier, mid, cheap}` has at least one alias entry, and no alias points to a tier outside that set. The check is offline-structural only; it never resolves a provider model ID over the network.
198
+ 16. **Observability surface** — `.ai/observability/conventions.md` and `.ai/observability/audit-checklist.md` exist and are non-empty (ADR-0005, `modules/documentation-blueprint.md`). The conventions doc covers logging and trace conventions; the checklist carries the token-cost and trajectory-audit checklist items. `modules/ci-policy.md` and `modules/validation.md` carry the token-cost and trajectory-audit checklist keywords. The check is offline-structural only: observability here is generated conventions plus a checklist; token-cost and trajectory metering execute out-of-band, never as a model or network call in CI.
199
+ 17. **MCP/A2A surface** — `.ai/mcp/registry.json` and `.ai/mcp/a2a-handoff.md` exist (ADR-0005, `modules/documentation-blueprint.md`, `modules/mcp-a2a.md`). `registry.json` parses as JSON and declares `schema_version`, a `servers` array whose entries each carry `name`, `transport`, `status`, and a `tools` array, and an `a2a` block with `protocol` and a `handoff_convention` pointer. Every server `status` is `"stub"` — the registry resolves no live endpoint. `a2a-handoff.md` is non-empty and carries the handoff-envelope and `correlation_id` keywords. The check is offline-structural only: the registry is a stub and the handoff doc is a convention; generation makes no model or network call. The discoverable runner is `tests/mcp_a2a_test.sh`.
200
+ 18. **AI-failure-mode review checklist** — `.ai/reviews/ai-failure-modes.md` exists, is non-empty, and carries actionable review items (Markdown checkboxes) covering the four named AI-authored-code failure modes (spec §4.B, `modules/documentation-blueprint.md`): hallucinated dependencies, slopsquatting, inadequate error handling, and "looks-right" / subtle correctness gaps. The check is offline-structural only — it asserts the checklist exists and names the failure modes (keyword + non-empty), never running a model or network call. The `modules/ci-policy.md` PR merge gate references the checklist for PRs containing AI-authored code. The discoverable runner is `tests/ai_failure_modes_test.sh`.
201
+ 19. **Out-of-band LM-judge demonstration** — `reference/fixtures/v3/standalone/.ai/evals/example-output-eval/judgment-demo.json` exists, parses as JSON, and references the real fixture evalset (`evalset.json`) and rubric (`rubric.md`) by paths that resolve on disk, with a `skill_under_test` matching the evalset. It carries a numeric `aggregate_score` and `passing_threshold` in `[0,1]` and a `pass`/`fail` `verdict` consistent with the score-vs-threshold comparison; one per-criterion judgment (criterion name + numeric score + non-empty rationale) for **every** rubric criterion, with judged criteria names matching the rubric's criteria and `aggregate_score` equal to the rubric-weighted sum of per-criterion scores; an illustrative `judge_model` and a `recorded_at` timestamp placeholder; and the explicit "recorded out-of-band demonstration, not a CI gate" disclaimer. `modules/evals.md` references the artifact as the worked example. The check is offline-structural only — it asserts the recorded evidence shape and disclaimer, never running a model or network call. The discoverable runner is `tests/lm_judge_demo_test.sh`.
202
+ 20. **Codex parity P2 verification evidence** — `docs/learning/codex-verification.md` (the out-of-band verification procedure) exists and names `scripts/install-codex.sh`, what to record, the pass criteria, and the "recorded out-of-band verification, not a CI gate" disclaimer; and `reference/fixtures/v3/standalone/.ai/evals/codex-verification/` holds at least one `<skill>.transcript.json` recorded-evidence artifact (ADR-0004 P2, `modules/skill-modernization.md`). Each artifact parses as JSON, references a real skill (the skill directory and its `SKILL.md` exist on disk), records the `codex_command` + `codex_model` + an `outcome`, and carries the explicit "recorded out-of-band verification, not a CI gate" disclaimer plus a statement that no live Codex run happened in CI. The mechanical P0/P1 bar is enforced in CI by `scripts/check-codex-parity.sh`; this P2 layer is the human-run verified bar, never a live Codex run in CI. The check is offline-structural only — it asserts the procedure and recorded-evidence shape, never running Codex or any model or network call. The discoverable runner is `tests/codex_verification_test.sh`.
203
+
204
+ ## v3 fixture set
205
+
206
+ The v3 fixture set lives under `reference/fixtures/v3/`. Each fixture documents the expected v3 output for one scenario.
207
+
208
+ ### Fixture A — standalone repo
209
+
210
+ `reference/fixtures/v3/standalone/.ai/matrix.json` declares `topology_type: "standalone"`, `max_allowed_depth: 0`, `current_depth: 0`, and `sync_strategy: "physical-copy"`. No `managed_repositories` are required. The fixture is a reference for the standalone tree under `.ai/`, `.memory/`, and `docs/`.
211
+
212
+ ### Fixture B — umbrella repo
213
+
214
+ `reference/fixtures/v3/umbrella/.ai/matrix.json` declares `topology_type: "umbrella"`, `max_allowed_depth: 3`, and at least one entry in `managed_repositories` with a path and depth. The fixture demonstrates physical-copy inheritance, workflow docs/manifests, per-phase status files, traceability graph/index/report files, cascade plan/audit/reconciliation artifacts, and the audit log format under `.ai/drift/`.
215
+
216
+ ### Fixture C — depth violation
217
+
218
+ `reference/fixtures/v3/depth-violation/.ai/matrix.json` declares `topology_type: "umbrella"`, `max_allowed_depth: 3`, and `current_depth: 4`. The validator must detect the violation and return a non-zero exit code. The error message names the offending repo path and the offending depth.
219
+
220
+ ### Fixture D — legacy migration
221
+
222
+ `reference/fixtures/v3/legacy-migration/migration-manifest.json` documents the migration of a legacy scaffold to v3, including at least one `migrate` action with a `confirmation_token` and a `backup_path` under `.ai/drift/backups/<timestamp>/`. The fixture also includes a `migration-audit.jsonl` snippet that demonstrates the audit format.
223
+
224
+ ## Host-policy negative tests
225
+
226
+ The v3 regression suite asserts:
227
+
228
+ - `apply-blocked-no-confirmation` is recorded when admin credentials are present without confirmation.
229
+ - `apply-rejected-non-admin` is recorded when the actor is not an admin and the host does not support a non-admin bypass.
230
+ - `apply-rejected-dry-run-mismatch` is recorded when the readback differs from the intended shape.
231
+ - `apply-rejected-gitlab-tier-restriction` is recorded when GitLab discovery reports a Free/Core tier for an intended Premium/Ultimate-only approval-rule mutation.
232
+
233
+ These negative tests are documented in `modules/host-policy-automation.md`; the live assertions are scoped to mocked host adapters in the regression suite.
234
+
235
+ ## Static safety checks
236
+
237
+ The validator also runs a static check pass on the documentation modules:
238
+
239
+ - `modules/host-policy-automation.md` contains the keywords `dry-run`, `confirmation`, `audit`, `Negative test`, and `Non-admin auto-approval is disallowed`.
240
+ - `modules/sync.md` contains the keywords `physical-copy`, `max_allowed_depth`, and `current_depth`, and never mentions `symlink` or `git-submodule` as a canonical `mode` value.
241
+ - `modules/migration.md` contains the action vocabulary (`migrate`, `copy`, `deprecate`, `supersede`) and the manifest path `migration-manifest.json`.
242
+ - `modules/memory.md` declares `.memory/human-override/` as terminal priority and never lists it as inherited or syncable.
243
+ - `modules/topology.md` defines the matrix schema and the depth rule.
244
+ - `modules/language-packs.md` covers .NET Core / EF Core and legacy .NET / EF in the pack matrix.
245
+ - `modules/ci-policy.md` and this module (`modules/validation.md`) contain the observability checklist keywords `token-cost` and `trajectory-audit`, and the generated `.ai/observability/` tree (conventions + audit checklist) is named in check #16 above. Observability metering is out-of-band; CI verifies only the generated conventions and checklist, never a live model or network call.
246
+
247
+ A missing or weakened wording fails the static check pass; the validator never re-words the safety rules to satisfy a missing match.
248
+
249
+ ## Regression commands
250
+
251
+ Run these commands from the repository root that contains `tests/`, `scripts/`,
252
+ and `reference/` for the installed AI-SDLC skill package. If validating from an
253
+ umbrella workspace, first `cd <target-repo>` once, then run the commands without
254
+ embedding the repository name in each command.
255
+
256
+ ```sh
257
+ tests/test-skills.sh
258
+ tests/test-scripts.sh
259
+ tests/run-tests.sh
260
+ tests/final-validation-gate_test.sh
261
+ python3 scripts/validate-final-package.py
262
+ bash scripts/archgate.sh --mode structural --rules .rules.ts --format json
263
+ ./scripts/verify-golden-dir.sh . reference/golden-root
264
+ ./scripts/verify-golden-dir.sh . reference/golden-skills
265
+ ```
266
+
267
+ ## E2E acceptance
268
+
269
+ - A clean standalone fixture can be initialized and validated.
270
+ - A clean umbrella fixture can be initialized, sync inherited assets by physical copy, and detect drift.
271
+ - A legacy fixture can migrate with backups/audit logs.
272
+ - A depth-violation fixture blocks the apply path with a clear error.
273
+ - Invalid standalone or umbrella `max_allowed_depth` values are rejected before apply.
274
+ - Host-policy dry-run shows exact intended changes and required confirmations.
275
+ - Host-policy apply without explicit confirmation is rejected, including for admin credentials.
276
+ - All skills repo tests pass.
@@ -0,0 +1,45 @@
1
+ # Workflow Surfaces Module
2
+
3
+ Read when generating the repo workflow documentation, machine-readable workflow manifest, per-phase status files, or handoff links for an `init-ai-repo` target repository.
4
+
5
+ ## Generated outputs
6
+
7
+ | Output | Purpose |
8
+ | --- | --- |
9
+ | `.ai/workflows/repo-workflow.md` | Human-readable workflow with mandatory and optional steps. |
10
+ | `.ai/workflows/repo-workflow.json` | Machine-readable phase, status, surface-link, and handoff manifest. |
11
+ | `.ai/phases/<phase>/status.json` | Per-phase status record for agent/human progress tracking. |
12
+ | `.ai/handoff/init-ai-repo-handoff.md` | Final handoff index linking workflow, validation, and remaining work. |
13
+
14
+ Generated `AGENTS.md` and `README.md` surfaces must link to both the workflow doc and the manifest so humans and agents can find the same source of truth. `CLAUDE.md` and `GEMINI.md` are thin pointers to `AGENTS.md` (ADR-0004) and carry no workflow links of their own.
15
+
16
+ ## Mandatory repo initialization workflow
17
+
18
+ 1. **Discover & Decide** — classify topology, host/tracker posture, current governance, and first-run safety constraints.
19
+ 2. **Govern & Plan** — generate governance docs, active specification placeholders, ADR baseline, work intake, and branch-policy checklist.
20
+ 3. **Configure & Generate** — generate `.ai/`, `.memory/`, commands, language-pack checks, host-policy dry-run artifacts, and CI/policy templates.
21
+ 4. **Validate & Handoff** — run local checks, fixture/static validation, hosted/local reconciliation, drift report, and handoff.
22
+
23
+ Every mandatory phase writes a status JSON with `phase_id`, `required`, `status`, `inputs`, `outputs`, and `next_actions`.
24
+
25
+ ## Optional workflow branches
26
+
27
+ - **Multi-repo cascade** — enabled only for umbrella topology or explicit multi-repo selection; see `cascade.md` for orchestration, confirmation, idempotency, audit, and reconciliation semantics.
28
+ - **Hosted tracker first** — enabled when a configured tracker is authorized; otherwise local markdown fallback is recorded and reconciled before final merge.
29
+ - **Legacy migration** — enabled when legacy `.agents`/`.rules.ts`/marker-block artifacts are present; destructive actions remain confirmation-gated.
30
+ - **Skill modernization** — enabled when the target repo owns a skill catalog; see `skill-modernization.md` for description budgets, audit gates, and cross-skill workflow links.
31
+
32
+ ## Manifest contract
33
+
34
+ `repo-workflow.json` uses schema version `1.0` and must include:
35
+
36
+ - `workflow_id`: stable workflow name, normally `init-ai-repo`.
37
+ - `topology_type`: `standalone` or `umbrella` from `.ai/matrix.json`.
38
+ - `human_doc`: path to `.ai/workflows/repo-workflow.md`.
39
+ - `manifest`: path to `.ai/workflows/repo-workflow.json`.
40
+ - `entry_surfaces`: generated surfaces that link to both workflow files — `AGENTS.md` and `README.md` only. `CLAUDE.md`/`GEMINI.md` are thin pointers to `AGENTS.md` and are never entry surfaces.
41
+ - `phases`: ordered phase records with `id`, `title`, `required`, `status_path`, and `outputs`.
42
+ - `optional_branches`: optional branch records with `id`, `enabled_when`, and `status`.
43
+ - `handoff`: path to `.ai/handoff/init-ai-repo-handoff.md`.
44
+
45
+ Validation fails when any manifest phase lacks a matching status file or when any generated entry surface omits either workflow link.
@@ -0,0 +1,69 @@
1
+ ---
2
+ name: agents
3
+ description: Agent-facing operating contract for {{REPO_ID}}
4
+ ---
5
+
6
+ # {{REPO_ID}}
7
+
8
+ See `.ai/workflows/repo-workflow.md` for the full initialization workflow.
9
+
10
+ ## Harness Map
11
+
12
+ The six context types available to agents in this repository:
13
+
14
+ | Context type | Canonical source | Static or dynamic |
15
+ |---|---|---|
16
+ | `Instructions` | `AGENTS.md`, `.ai/system-prompts/`, `.ai/rules/` | Static |
17
+ | `Knowledge` | `docs/architecture/`, `docs/specifications/`, `docs/learning/` | Static |
18
+ | `Memory` | `.memory/human-override/`, `.memory/self-learned/` | Dynamic |
19
+ | `Examples` | `.ai/evals/<set>/`, `docs/learning/concept-maps/` | Static |
20
+ | `Tools` | `.ai/skills/`, `.ai/mcp/registry.json` | Dynamic |
21
+ | `Guardrails` | `.ai/rules/security.md`, `.ai/rules/technical-bounds.md`, `.ai/policies/` | Static |
22
+
23
+ Static context is fixed at task start (instructions, knowledge, examples,
24
+ guardrails) and is reviewed and versioned in-repo. Dynamic context is assembled
25
+ per-run (memory written by local agents, tool/MCP results resolved at call
26
+ time). Moving a context type across the boundary requires an ADR update
27
+ (ADR-0005).
28
+
29
+ ## Quick Start
30
+
31
+ Before starting any task:
32
+
33
+ 1. Read the relevant ADRs in `docs/architecture/adr/`.
34
+ 2. Load `.ai/rules/security.md` and `.ai/rules/technical-bounds.md`.
35
+ 3. Check `.ai/phases/` for the current workflow phase status.
36
+ 4. Apply the four Karpathy rules: Think Before Coding, Simplicity First,
37
+ Surgical Changes, Goal-Driven Execution.
38
+
39
+ ## Architecture Decision Records
40
+
41
+ Significant architectural decisions are recorded in `docs/architecture/adr/`.
42
+ Before making a change that affects module boundaries, API contracts, data
43
+ schemas, or dependency direction, check whether a relevant ADR exists.
44
+
45
+ ## Archgate Rules
46
+
47
+ Code quality rules are defined in `.rules.ts` across five domains: `backend`,
48
+ `frontend`, `data`, `architecture`, `general`. Structural validation runs in
49
+ CI via the `validate-rules` prek hook. Semantic enforcement is an agent
50
+ behavior at PR review time.
51
+
52
+ ## Drift Verification Protocol
53
+
54
+ At PR review time, the reviewing agent:
55
+ 1. Loads the PR diff alongside the BRD, PRD, acceptance criteria, and any ADRs
56
+ whose scope overlaps with the changed files.
57
+ 2. Produces a drift report identifying AC coverage, ADR conflicts, and
58
+ `.rules.ts` violations.
59
+ 3. Leaves the drift report as a PR comment or review summary.
60
+
61
+ The reviewing agent must be a separate context from the implementation agent.
62
+
63
+ ## Circuit Breaker Protocol
64
+
65
+ Before starting work on an issue:
66
+ 1. Check whether 3 or more prior attempts exist without resolution.
67
+ 2. If the circuit is tripped, escalate to a human with a written summary of
68
+ what was tried and what blocked each attempt.
69
+ 3. Do not make a fourth attempt without human acknowledgement.
@@ -0,0 +1,3 @@
1
+ # CLAUDE
2
+
3
+ See [AGENTS.md](AGENTS.md) for the agent-facing operating contract and workflow.
@@ -0,0 +1,3 @@
1
+ # GEMINI
2
+
3
+ See [AGENTS.md](AGENTS.md) for the agent-facing operating contract and workflow.