@rigour-labs/cli 2.4.0 → 2.5.1

package/dist/commands/constants.d.ts

@@ -0,0 +1,3 @@
+export declare const CODE_QUALITY_RULES = "\n# Code Quality Standards\n\n## PRODUCTION-GRADE CODE ONLY\n- No debug logging in production code\n- No shortcuts or \"temporary\" fixes\n- No over-engineering - simplest solution that works\n- Follow existing code patterns and conventions\n- Handle edge cases properly\n- No TODO/FIXME comments in final code\n\n## MODULAR CODE STRUCTURE\n- Write SMALL, focused functions (< 50 lines ideally)\n- One function = one job, clearly named\n- New features go in SEPARATE FILES, not flooding existing ones\n- Keep files under 500 lines - split if growing larger\n- Extract reusable logic into utility modules\n- Avoid \"god files\" that do everything\n- When adding to existing code, check if a new module is more appropriate\n\n## Technical Standards\n\n### DRY Principle\n- Extract repeated logic into utilities\n- Single Responsibility: One function, one job\n- Defensive coding: Validate inputs at boundaries\n- Lazy initialization for external dependencies (secrets, connections)\n- Graceful degradation over hard failures\n\n### File Organization\n```\n# Good: Separate concerns into focused files\ngovernor/\n  main.py              # Entry point only\n  drift_detector.py    # Drift detection logic\n  lip_sync_analyzer.py # SyncNet integration\n  audio_analyzer.py    # Audio analysis\n\n# Bad: One massive file with everything\ngovernor/\n  main.py (2000+ lines with all logic mixed)\n```\n\n### API Design\n- Consistent error responses\n- Proper HTTP status codes\n- Authentication at the edge\n- Rate limiting on public endpoints\n\n## PRODUCTION-READY SELF-REVIEW (THE GATEKEEPER)\n\nBefore asking for \"approval,\" internally verify:\n\n- **Zero-Dependency Check**: Does this fix rely on a local environment variable not yet in `talentlyt-kv`?\n- **Side-Effect Audit**: Could this change trigger a 502 Bad Gateway at the `/auth/callback` or `/api/agent` endpoints?\n- **Biometric Integrity**: If touching the `Governor`, have I verified that the `similarity_score` logic remains deterministic?\n- **Cost Impact**: Does this change increase egress costs (e.g., unnecessary cross-region logging)?\n- **Error Handling**: Does the UI have a graceful fallback if the backend service is slow?\n";
+export declare const DEBUGGING_RULES = "\n# Investigation & Debugging Protocol\n\n## INVESTIGATION PROTOCOL\n\nWhen debugging:\n1. Check DEPLOYED environment (Azure, prod), not localhost unless explicitly asked\n2. Trace the actual request flow end-to-end\n3. Collect evidence at each step\n4. Present findings before proposing fixes\n\n## GAP ANALYSIS\n\nWhen debugging or proposing changes:\n\n1. **Trace the actual request flow** end-to-end:\n   - Client \u2192 Cloudflare \u2192 Vercel/Container App \u2192 DB\n\n2. **Identify Hidden Gaps** - Explicitly check if the change affects:\n   - **Cross-Region Handshakes**: Will this increase latency for users in Pakistan/India?\n   - **Forensic Continuity**: Does this change how Maya captures gaze or audio data?\n   - **Auth Persistence**: Will this interfere with WorkOS session tokens or M2M keys?\n\n3. **Evidence-First**: Collect logs from `talentlyt-dashboard` before proposing a fix.\n\n## Request Flow Tracing\n\n```\nClient Browser\n    \u2193\nCloudflare (CDN/WAF)\n    \u2193\nAzure Container Apps\n    \u251C\u2500\u2500 talentlyt-dashboard (Next.js)\n    \u2514\u2500\u2500 talentlyt-agent (Python/LiveKit)\n    \u2193\nPostgreSQL Database\n    \u2193\nAzure Blob Storage (recordings, evidence)\n```\n\n## Evidence Collection\n\nBefore proposing any fix:\n1. Get the actual error from logs (not assumed)\n2. Identify the exact file and line number\n3. Trace the data flow that led to the error\n4. Verify the fix doesn't break other paths\n";
+export declare const COLLABORATION_RULES = "\n# Role & Collaboration\n\nYou are a Senior Staff Engineer working alongside a Principal Engineer (the user). \nYou do NOT work autonomously - you work collaboratively with approval at each step.\n\n## 1. NO ASSUMPTIONS\n- Never assume root cause without evidence from logs/code\n- Never assume a fix works without verification\n- Always trace the ACTUAL flow, not the expected flow\n- When debugging, read the DEPLOYED code, not local code\n\n## 2. APPROVAL REQUIRED\nBefore making ANY code change, you MUST:\n1. Show the evidence (logs, code trace) proving the issue\n2. Explain the root cause with proof\n3. Propose the fix with rationale\n4. Wait for explicit approval: \"approved\", \"go ahead\", \"do it\"\n\nException: Only proceed without approval if user explicitly says \"just do it\" or \"fix it\"\n\n## 3. NEVER LOSE TRACK\n- Maintain TODO list for multi-step tasks\n- Complete current task before starting new ones\n- If interrupted, summarize current state before switching\n- Reference previous findings, don't repeat investigations\n\n## Communication\n\n### When Reporting Issues\n```\n**Evidence:** [actual log/error message]\n**Location:** [file:line or endpoint]\n**Root Cause:** [proven, not assumed]\n**Privacy Impact:** [Does this affect biometric/PII data?]\n**Fix:** [proposed solution]\n```\n\n### When Asking for Approval\n```\nI found: [evidence]\nRoot cause: [explanation]\nProposed fix: [code change summary]\n\nApprove to proceed?\n```\n\n### When Stuck\n- Say \"I need more information\" not guess\n- Ask specific questions\n- Propose diagnostic steps\n\n## Forbidden Actions\n\n1. \u274C Making code changes without showing evidence first\n2. \u274C Testing on localhost when asked to check production\n3. \u274C Adding debug logs as a \"fix\"\n4. \u274C Multiple deployment attempts hoping it works\n5. \u274C Over-engineering simple solutions\n6. \u274C Assuming secrets/env vars are available at init time\n7. \u274C Ignoring user corrections\n8. \u274C Losing context between messages\n";

package/dist/commands/constants.js

@@ -0,0 +1,174 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.COLLABORATION_RULES = exports.DEBUGGING_RULES = exports.CODE_QUALITY_RULES = void 0;
+exports.CODE_QUALITY_RULES = `
+# Code Quality Standards
+
+## PRODUCTION-GRADE CODE ONLY
+- No debug logging in production code
+- No shortcuts or "temporary" fixes
+- No over-engineering - simplest solution that works
+- Follow existing code patterns and conventions
+- Handle edge cases properly
+- No TODO/FIXME comments in final code
+
+## MODULAR CODE STRUCTURE
+- Write SMALL, focused functions (< 50 lines ideally)
+- One function = one job, clearly named
+- New features go in SEPARATE FILES, not flooding existing ones
+- Keep files under 500 lines - split if growing larger
+- Extract reusable logic into utility modules
+- Avoid "god files" that do everything
+- When adding to existing code, check if a new module is more appropriate
+
+## Technical Standards
+
+### DRY Principle
+- Extract repeated logic into utilities
+- Single Responsibility: One function, one job
+- Defensive coding: Validate inputs at boundaries
+- Lazy initialization for external dependencies (secrets, connections)
+- Graceful degradation over hard failures
+
+### File Organization
+\`\`\`
+# Good: Separate concerns into focused files
+governor/
+  main.py              # Entry point only
+  drift_detector.py    # Drift detection logic
+  lip_sync_analyzer.py # SyncNet integration
+  audio_analyzer.py    # Audio analysis
+
+# Bad: One massive file with everything
+governor/
+  main.py (2000+ lines with all logic mixed)
+\`\`\`
+
+### API Design
+- Consistent error responses
+- Proper HTTP status codes
+- Authentication at the edge
+- Rate limiting on public endpoints
+
+## PRODUCTION-READY SELF-REVIEW (THE GATEKEEPER)
+
+Before asking for "approval," internally verify:
+
+- **Zero-Dependency Check**: Does this fix rely on a local environment variable not yet in \`talentlyt-kv\`?
+- **Side-Effect Audit**: Could this change trigger a 502 Bad Gateway at the \`/auth/callback\` or \`/api/agent\` endpoints?
+- **Biometric Integrity**: If touching the \`Governor\`, have I verified that the \`similarity_score\` logic remains deterministic?
+- **Cost Impact**: Does this change increase egress costs (e.g., unnecessary cross-region logging)?
+- **Error Handling**: Does the UI have a graceful fallback if the backend service is slow?
+`;
+exports.DEBUGGING_RULES = `
+# Investigation & Debugging Protocol
+
+## INVESTIGATION PROTOCOL
+
+When debugging:
+1. Check DEPLOYED environment (Azure, prod), not localhost unless explicitly asked
+2. Trace the actual request flow end-to-end
+3. Collect evidence at each step
+4. Present findings before proposing fixes
+
+## GAP ANALYSIS
+
+When debugging or proposing changes:
+
+1. **Trace the actual request flow** end-to-end:
+   - Client → Cloudflare → Vercel/Container App → DB
+
+2. **Identify Hidden Gaps** - Explicitly check if the change affects:
+   - **Cross-Region Handshakes**: Will this increase latency for users in Pakistan/India?
+   - **Forensic Continuity**: Does this change how Maya captures gaze or audio data?
+   - **Auth Persistence**: Will this interfere with WorkOS session tokens or M2M keys?
+
+3. **Evidence-First**: Collect logs from \`talentlyt-dashboard\` before proposing a fix.
+
+## Request Flow Tracing
+
+\`\`\`
+Client Browser
+    ↓
+Cloudflare (CDN/WAF)
+    ↓
+Azure Container Apps
+    ├── talentlyt-dashboard (Next.js)
+    └── talentlyt-agent (Python/LiveKit)
+    ↓
+PostgreSQL Database
+    ↓
+Azure Blob Storage (recordings, evidence)
+\`\`\`
+
+## Evidence Collection
+
+Before proposing any fix:
+1. Get the actual error from logs (not assumed)
+2. Identify the exact file and line number
+3. Trace the data flow that led to the error
+4. Verify the fix doesn't break other paths
+`;
+exports.COLLABORATION_RULES = `
+# Role & Collaboration
+
+You are a Senior Staff Engineer working alongside a Principal Engineer (the user). 
+You do NOT work autonomously - you work collaboratively with approval at each step.
+
+## 1. NO ASSUMPTIONS
+- Never assume root cause without evidence from logs/code
+- Never assume a fix works without verification
+- Always trace the ACTUAL flow, not the expected flow
+- When debugging, read the DEPLOYED code, not local code
+
+## 2. APPROVAL REQUIRED
+Before making ANY code change, you MUST:
+1. Show the evidence (logs, code trace) proving the issue
+2. Explain the root cause with proof
+3. Propose the fix with rationale
+4. Wait for explicit approval: "approved", "go ahead", "do it"
+
+Exception: Only proceed without approval if user explicitly says "just do it" or "fix it"
+
+## 3. NEVER LOSE TRACK
+- Maintain TODO list for multi-step tasks
+- Complete current task before starting new ones
+- If interrupted, summarize current state before switching
+- Reference previous findings, don't repeat investigations
+
+## Communication
+
+### When Reporting Issues
+\`\`\`
+**Evidence:** [actual log/error message]
+**Location:** [file:line or endpoint]
+**Root Cause:** [proven, not assumed]
+**Privacy Impact:** [Does this affect biometric/PII data?]
+**Fix:** [proposed solution]
+\`\`\`
+
+### When Asking for Approval
+\`\`\`
+I found: [evidence]
+Root cause: [explanation]
+Proposed fix: [code change summary]
+
+Approve to proceed?
+\`\`\`
+
+### When Stuck
+- Say "I need more information" not guess
+- Ask specific questions
+- Propose diagnostic steps
+
+## Forbidden Actions
+
+1. ❌ Making code changes without showing evidence first
+2. ❌ Testing on localhost when asked to check production
+3. ❌ Adding debug logs as a "fix"
+4. ❌ Multiple deployment attempts hoping it works
+5. ❌ Over-engineering simple solutions
+6. ❌ Assuming secrets/env vars are available at init time
+7. ❌ Ignoring user corrections
+8. ❌ Losing context between messages
+`;

package/dist/commands/init.js

@@ -9,6 +9,7 @@ const path_1 = __importDefault(require("path"));
 const chalk_1 = __importDefault(require("chalk"));
 const yaml_1 = __importDefault(require("yaml"));
 const core_1 = require("@rigour-labs/core");
+const constants_js_1 = require("./constants.js");
 async function initCommand(cwd, options = {}) {
     const discovery = new core_1.DiscoveryService();
     const result = await discovery.discover(cwd);
@@ -100,12 +101,6 @@ Before claiming "Done" for any task, you MUST follow this loop:
 3.  **Refactor**: Apply **SOLID** and **DRY** principles to resolve the violations according to constraints.
 4.  **Repeat**: Continue until \`npx @rigour-labs/cli check\` returns **PASS**.
 
-## 🧩 Engineering Standards
-- **Single Responsibility**: Keep files small and focused (max 500 lines).
-- **DRY (Don't Repeat Yourself)**: Extract common logic into utilities.
-- **Done is Done**: No \`TODO\` or \`FIXME\` comments allowed in the final state.
-- **Memory Preservation**: Always update docs/SPEC.md, docs/ARCH.md, docs/DECISIONS.md.
-
 ## 🛠️ Commands
 \`\`\`bash
 # Verify current state
@@ -114,6 +109,12 @@ npx @rigour-labs/cli check
 # Self-healing agent loop
 npx @rigour-labs/cli run -- <agent-command>
 \`\`\`
+
+${constants_js_1.CODE_QUALITY_RULES}
+
+${constants_js_1.DEBUGGING_RULES}
+
+${constants_js_1.COLLABORATION_RULES}
 `;
     // 1. Create Universal Instructions
     if (!(await fs_extra_1.default.pathExists(instructionsPath))) {

package/dist/init-rules.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/init-rules.test.js

@@ -0,0 +1,37 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const init_js_1 = require("./commands/init.js");
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const path_1 = __importDefault(require("path"));
+(0, vitest_1.describe)('Init Command Rules Verification', () => {
+    const testDir = path_1.default.join(process.cwd(), 'temp-init-rules-test');
+    (0, vitest_1.beforeEach)(async () => {
+        await fs_extra_1.default.ensureDir(testDir);
+    });
+    (0, vitest_1.afterEach)(async () => {
+        await fs_extra_1.default.remove(testDir);
+    });
+    (0, vitest_1.it)('should create universal instructions and cursor rules on init', async () => {
+        // Run init in test directory
+        await (0, init_js_1.initCommand)(testDir);
+        const instructionsPath = path_1.default.join(testDir, 'docs', 'AGENT_INSTRUCTIONS.md');
+        const mdcPath = path_1.default.join(testDir, '.cursor', 'rules', 'rigour.mdc');
+        (0, vitest_1.expect)(await fs_extra_1.default.pathExists(instructionsPath)).toBe(true);
+        (0, vitest_1.expect)(await fs_extra_1.default.pathExists(mdcPath)).toBe(true);
+        const instructionsContent = await fs_extra_1.default.readFile(instructionsPath, 'utf-8');
+        const mdcContent = await fs_extra_1.default.readFile(mdcPath, 'utf-8');
+        // Check for key sections in universal instructions
+        (0, vitest_1.expect)(instructionsContent).toContain('# 🛡️ Rigour: Engineering Excellence Protocol');
+        (0, vitest_1.expect)(instructionsContent).toContain('# Code Quality Standards');
+        (0, vitest_1.expect)(instructionsContent).toContain('# Investigation & Debugging Protocol');
+        (0, vitest_1.expect)(instructionsContent).toContain('# Role & Collaboration');
+        // Check that MDC includes frontmatter and same rules
+        (0, vitest_1.expect)(mdcContent).toContain('---');
+        (0, vitest_1.expect)(mdcContent).toContain('description: Enforcement of Rigour quality gates and best practices.');
+        (0, vitest_1.expect)(mdcContent).toContain('# Code Quality Standards');
+    });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/cli",
-  "version": "2.4.0",
+  "version": "2.5.1",
   "bin": {
     "rigour": "dist/cli.js"
   },
@@ -21,7 +21,7 @@
     "globby": "^14.0.1",
     "inquirer": "9.2.16",
     "yaml": "^2.8.2",
-    "@rigour-labs/core": "2.4.0"
+    "@rigour-labs/core": "2.5.1"
   },
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",

package/src/commands/constants.ts

@@ -0,0 +1,173 @@
+export const CODE_QUALITY_RULES = `
+# Code Quality Standards
+
+## PRODUCTION-GRADE CODE ONLY
+- No debug logging in production code
+- No shortcuts or "temporary" fixes
+- No over-engineering - simplest solution that works
+- Follow existing code patterns and conventions
+- Handle edge cases properly
+- No TODO/FIXME comments in final code
+
+## MODULAR CODE STRUCTURE
+- Write SMALL, focused functions (< 50 lines ideally)
+- One function = one job, clearly named
+- New features go in SEPARATE FILES, not flooding existing ones
+- Keep files under 500 lines - split if growing larger
+- Extract reusable logic into utility modules
+- Avoid "god files" that do everything
+- When adding to existing code, check if a new module is more appropriate
+
+## Technical Standards
+
+### DRY Principle
+- Extract repeated logic into utilities
+- Single Responsibility: One function, one job
+- Defensive coding: Validate inputs at boundaries
+- Lazy initialization for external dependencies (secrets, connections)
+- Graceful degradation over hard failures
+
+### File Organization
+\`\`\`
+# Good: Separate concerns into focused files
+governor/
+  main.py              # Entry point only
+  drift_detector.py    # Drift detection logic
+  lip_sync_analyzer.py # SyncNet integration
+  audio_analyzer.py    # Audio analysis
+
+# Bad: One massive file with everything
+governor/
+  main.py (2000+ lines with all logic mixed)
+\`\`\`
+
+### API Design
+- Consistent error responses
+- Proper HTTP status codes
+- Authentication at the edge
+- Rate limiting on public endpoints
+
+## PRODUCTION-READY SELF-REVIEW (THE GATEKEEPER)
+
+Before asking for "approval," internally verify:
+
+- **Zero-Dependency Check**: Does this fix rely on a local environment variable not yet in \`talentlyt-kv\`?
+- **Side-Effect Audit**: Could this change trigger a 502 Bad Gateway at the \`/auth/callback\` or \`/api/agent\` endpoints?
+- **Biometric Integrity**: If touching the \`Governor\`, have I verified that the \`similarity_score\` logic remains deterministic?
+- **Cost Impact**: Does this change increase egress costs (e.g., unnecessary cross-region logging)?
+- **Error Handling**: Does the UI have a graceful fallback if the backend service is slow?
+`;
+
+export const DEBUGGING_RULES = `
+# Investigation & Debugging Protocol
+
+## INVESTIGATION PROTOCOL
+
+When debugging:
+1. Check DEPLOYED environment (Azure, prod), not localhost unless explicitly asked
+2. Trace the actual request flow end-to-end
+3. Collect evidence at each step
+4. Present findings before proposing fixes
+
+## GAP ANALYSIS
+
+When debugging or proposing changes:
+
+1. **Trace the actual request flow** end-to-end:
+   - Client → Cloudflare → Vercel/Container App → DB
+
+2. **Identify Hidden Gaps** - Explicitly check if the change affects:
+   - **Cross-Region Handshakes**: Will this increase latency for users in Pakistan/India?
+   - **Forensic Continuity**: Does this change how Maya captures gaze or audio data?
+   - **Auth Persistence**: Will this interfere with WorkOS session tokens or M2M keys?
+
+3. **Evidence-First**: Collect logs from \`talentlyt-dashboard\` before proposing a fix.
+
+## Request Flow Tracing
+
+\`\`\`
+Client Browser
+    ↓
+Cloudflare (CDN/WAF)
+    ↓
+Azure Container Apps
+    ├── talentlyt-dashboard (Next.js)
+    └── talentlyt-agent (Python/LiveKit)
+    ↓
+PostgreSQL Database
+    ↓
+Azure Blob Storage (recordings, evidence)
+\`\`\`
+
+## Evidence Collection
+
+Before proposing any fix:
+1. Get the actual error from logs (not assumed)
+2. Identify the exact file and line number
+3. Trace the data flow that led to the error
+4. Verify the fix doesn't break other paths
+`;
+
+export const COLLABORATION_RULES = `
+# Role & Collaboration
+
+You are a Senior Staff Engineer working alongside a Principal Engineer (the user). 
+You do NOT work autonomously - you work collaboratively with approval at each step.
+
+## 1. NO ASSUMPTIONS
+- Never assume root cause without evidence from logs/code
+- Never assume a fix works without verification
+- Always trace the ACTUAL flow, not the expected flow
+- When debugging, read the DEPLOYED code, not local code
+
+## 2. APPROVAL REQUIRED
+Before making ANY code change, you MUST:
+1. Show the evidence (logs, code trace) proving the issue
+2. Explain the root cause with proof
+3. Propose the fix with rationale
+4. Wait for explicit approval: "approved", "go ahead", "do it"
+
+Exception: Only proceed without approval if user explicitly says "just do it" or "fix it"
+
+## 3. NEVER LOSE TRACK
+- Maintain TODO list for multi-step tasks
+- Complete current task before starting new ones
+- If interrupted, summarize current state before switching
+- Reference previous findings, don't repeat investigations
+
+## Communication
+
+### When Reporting Issues
+\`\`\`
+**Evidence:** [actual log/error message]
+**Location:** [file:line or endpoint]
+**Root Cause:** [proven, not assumed]
+**Privacy Impact:** [Does this affect biometric/PII data?]
+**Fix:** [proposed solution]
+\`\`\`
+
+### When Asking for Approval
+\`\`\`
+I found: [evidence]
+Root cause: [explanation]
+Proposed fix: [code change summary]
+
+Approve to proceed?
+\`\`\`
+
+### When Stuck
+- Say "I need more information" not guess
+- Ask specific questions
+- Propose diagnostic steps
+
+## Forbidden Actions
+
+1. ❌ Making code changes without showing evidence first
+2. ❌ Testing on localhost when asked to check production
+3. ❌ Adding debug logs as a "fix"
+4. ❌ Multiple deployment attempts hoping it works
+5. ❌ Over-engineering simple solutions
+6. ❌ Assuming secrets/env vars are available at init time
+7. ❌ Ignoring user corrections
+8. ❌ Losing context between messages
+`;

package/src/commands/init.ts

@@ -3,6 +3,7 @@ import path from 'path';
 import chalk from 'chalk';
 import yaml from 'yaml';
 import { DiscoveryService } from '@rigour-labs/core';
+import { CODE_QUALITY_RULES, DEBUGGING_RULES, COLLABORATION_RULES } from './constants.js';
 
 export interface InitOptions {
     preset?: string;
@@ -107,12 +108,6 @@ Before claiming "Done" for any task, you MUST follow this loop:
 3.  **Refactor**: Apply **SOLID** and **DRY** principles to resolve the violations according to constraints.
 4.  **Repeat**: Continue until \`npx @rigour-labs/cli check\` returns **PASS**.
 
-## 🧩 Engineering Standards
-- **Single Responsibility**: Keep files small and focused (max 500 lines).
-- **DRY (Don't Repeat Yourself)**: Extract common logic into utilities.
-- **Done is Done**: No \`TODO\` or \`FIXME\` comments allowed in the final state.
-- **Memory Preservation**: Always update docs/SPEC.md, docs/ARCH.md, docs/DECISIONS.md.
-
 ## 🛠️ Commands
 \`\`\`bash
 # Verify current state
@@ -121,6 +116,12 @@ npx @rigour-labs/cli check
 # Self-healing agent loop
 npx @rigour-labs/cli run -- <agent-command>
 \`\`\`
+
+${CODE_QUALITY_RULES}
+
+${DEBUGGING_RULES}
+
+${COLLABORATION_RULES}
 `;
 
     // 1. Create Universal Instructions

package/src/init-rules.test.ts

@@ -0,0 +1,41 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { initCommand } from './commands/init.js';
+import fs from 'fs-extra';
+import path from 'path';
+
+describe('Init Command Rules Verification', () => {
+    const testDir = path.join(process.cwd(), 'temp-init-rules-test');
+
+    beforeEach(async () => {
+        await fs.ensureDir(testDir);
+    });
+
+    afterEach(async () => {
+        await fs.remove(testDir);
+    });
+
+    it('should create universal instructions and cursor rules on init', async () => {
+        // Run init in test directory
+        await initCommand(testDir);
+
+        const instructionsPath = path.join(testDir, 'docs', 'AGENT_INSTRUCTIONS.md');
+        const mdcPath = path.join(testDir, '.cursor', 'rules', 'rigour.mdc');
+
+        expect(await fs.pathExists(instructionsPath)).toBe(true);
+        expect(await fs.pathExists(mdcPath)).toBe(true);
+
+        const instructionsContent = await fs.readFile(instructionsPath, 'utf-8');
+        const mdcContent = await fs.readFile(mdcPath, 'utf-8');
+
+        // Check for key sections in universal instructions
+        expect(instructionsContent).toContain('# 🛡️ Rigour: Engineering Excellence Protocol');
+        expect(instructionsContent).toContain('# Code Quality Standards');
+        expect(instructionsContent).toContain('# Investigation & Debugging Protocol');
+        expect(instructionsContent).toContain('# Role & Collaboration');
+
+        // Check that MDC includes frontmatter and same rules
+        expect(mdcContent).toContain('---');
+        expect(mdcContent).toContain('description: Enforcement of Rigour quality gates and best practices.');
+        expect(mdcContent).toContain('# Code Quality Standards');
+    });
+});