@ryuenn3123/agentic-senior-core 1.8.2 → 1.9.1

package/.github/ISSUE_TEMPLATE/v1.7-frontend-work-item.yml

@@ -1,54 +1,54 @@
-name: V1.7 Frontend Work Item
-description: Track a V1.7 frontend task with quality-gate ready acceptance criteria.
-title: "[V1.7][QX] "
-labels:
-  - v1.7
-body:
-  - type: textarea
-    id: background
-    attributes:
-      label: Background
-      description: Why this item exists and what user problem it addresses.
-    validations:
-      required: true
-  - type: textarea
-    id: scope
-    attributes:
-      label: Scope
-      description: What is included in this issue.
-    validations:
-      required: true
-  - type: textarea
-    id: out_of_scope
-    attributes:
-      label: Out of Scope
-      description: What is intentionally excluded.
-    validations:
-      required: true
-  - type: textarea
-    id: acceptance_criteria
-    attributes:
-      label: Acceptance Criteria
-      description: Use measurable and testable criteria.
-      placeholder: |
-        - [ ] ...
-        - [ ] ...
-    validations:
-      required: true
-  - type: textarea
-    id: dependencies
-    attributes:
-      label: Dependencies
-      description: Link prerequisite issues or blockers.
-  - type: textarea
-    id: definition_of_done
-    attributes:
-      label: Definition of Done
-      description: Include testing, documentation, and evidence requirements.
-    validations:
-      required: true
-  - type: textarea
-    id: evidence
-    attributes:
-      label: Evidence
-      description: Screenshots, benchmark output, links to reports.
+name: V1.7 Frontend Work Item
+description: Track a V1.7 frontend task with quality-gate ready acceptance criteria.
+title: "[V1.7][QX] "
+labels:
+  - v1.7
+body:
+  - type: textarea
+    id: background
+    attributes:
+      label: Background
+      description: Why this item exists and what user problem it addresses.
+    validations:
+      required: true
+  - type: textarea
+    id: scope
+    attributes:
+      label: Scope
+      description: What is included in this issue.
+    validations:
+      required: true
+  - type: textarea
+    id: out_of_scope
+    attributes:
+      label: Out of Scope
+      description: What is intentionally excluded.
+    validations:
+      required: true
+  - type: textarea
+    id: acceptance_criteria
+    attributes:
+      label: Acceptance Criteria
+      description: Use measurable and testable criteria.
+      placeholder: |
+        - [ ] ...
+        - [ ] ...
+    validations:
+      required: true
+  - type: textarea
+    id: dependencies
+    attributes:
+      label: Dependencies
+      description: Link prerequisite issues or blockers.
+  - type: textarea
+    id: definition_of_done
+    attributes:
+      label: Definition of Done
+      description: Include testing, documentation, and evidence requirements.
+    validations:
+      required: true
+  - type: textarea
+    id: evidence
+    attributes:
+      label: Evidence
+      description: Screenshots, benchmark output, links to reports.

package/.github/copilot-instructions.md

@@ -50,6 +50,46 @@ Load the relevant stack profile from `.agent-context/stacks/`:
 - C#/.NET → `stacks/csharp.md`
 - Rust → `stacks/rust.md`
 - Ruby on Rails → `stacks/ruby.md`
+- Flutter → `stacks/flutter.md`
+- React Native → `stacks/react-native.md`
+
+## Domain Skills (Auto-Load by Context)
+
+You have access to 6 specialized skill packs. Load the relevant one(s) based on the request:
+
+| Skill | When Loaded | Key Controls |
+|-------|------------|---------------|
+| **Backend** | Service/API/microservice request | Layer separation, validation boundaries, error handling |
+| **Frontend** | UI/web/React/Vue request | Smart/Dumb components, state management patterns |
+| **CLI** | Tool/script/automation request | Argument parsing, help text, exit codes |
+| **Distribution** | Release/deploy/package request | Versioning, SBOM, changelog, binary safety |
+| **Fullstack** | End-to-end feature request | Integration points, data flow, contract design |
+| **Review-Quality** | Code review/audit request | Architecture violations, security issues, optimization paths |
+
+**Location**: `.agent-context/skills/[skill-name].md`
+
+## Prompts (Request-Specific Templates)
+
+When user explicitly requests one of these workflows, load the full prompt template:
+
+- **Init-Project**: User says "create new project" → Load `.agent-context/prompts/init-project.md` → Auto-Architect mode
+- **Refactor**: User says "refactor", "improve", "clean up" → Load `.agent-context/prompts/refactor.md` → Safety-first refactoring
+- **Review-Code**: User says "review", "audit", "check" → Load `.agent-context/prompts/review-code.md` → Architectural code review
+
+## Team Profiles (Governance Defaults)
+
+If the codebase declares a team profile in `.agent-context/profiles/`, load governance defaults:
+
+- **Platform**: Reliability-focused, strict CI, Go default → `.agent-context/profiles/platform.md`
+- **Regulated**: Compliance-focused (finance/health), all severities block → `.agent-context/profiles/regulated.md`
+- **Startup**: Speed-focused, TypeScript/Next.js, permissive gates → `.agent-context/profiles/startup.md`
+
+## Policies & Thresholds
+
+Load `.agent-context/policies/llm-judge-threshold.json` to understand:
+- Skill tier requirements (beginner/balanced/advanced/expert)
+- LLM quality gates per severity level
+- Blocking vs. reporting severities
 
 ## State Awareness & Override (V1.4)
 
@@ -71,6 +111,8 @@ Why Better: [WHY this is more professional — teach the human]
 
 If the user asks for "quick and dirty" code, skipping tests, or ignoring validation, you MUST politely but firmly refuse. Explain that today's hack is tomorrow's production incident. You do NOT tolerate shortcuts.
 
+**SKILL TIER AWARENESS**: Before executing complex tasks, check `.agent-context/policies/llm-judge-threshold.json` to ensure your AI model's tier (beginner/balanced/advanced/expert) meets requirements. Refuse tasks outside your tier.
+
 ### The Security Halt
 
 If you detect critical security vulnerabilities (e.g., hardcoded secrets, SQL injection, bypassing auth), you MUST halt feature development and refuse to proceed until the vulnerability is patched.
@@ -99,6 +141,26 @@ If the user asks to install a new library, or if you feel the need to use one, e
 
 **NEVER** declare a task "done" or ready for review without explicitly running and passing `.agent-context/review-checklists/pr-checklist.md`.
 
+---
+
+## Full Knowledge Injection Checklist
+
+**This file (copilot-instructions.md) is your unified agent context.** All 8 knowledge layers are now injected:
+
+All Layers Loaded:
+1. Rules (14 files) — Engineering standards
+2. Stacks (10 profiles) — Language conventions
+3. Blueprints (14 templates) — Scaffolding patterns
+4. Skills (6 packs) — Domain expertise [NEW]
+5. Prompts (3 templates) — Request workflows [NEW]
+6. Profiles (3 teams) — Governance defaults [NEW]
+7. State (maps, benchmarks) — Codebase awareness [NEW]
+8. Policies (thresholds) — Quality gates [NEW]
+
+You now have 100% context visibility. No knowledge layer is skipped.
+
+If you encounter a decision that requires a missing layer, report it immediately.
+
 ## Full Reference
 
 See `.cursorrules` and `AGENTS.md` in the repository root for detailed agent instructions.

package/.github/workflows/benchmark-detection.yml

@@ -1,38 +1,38 @@
-name: Detection Benchmark
-
-on:
-  push:
-    branches:
-      - '**'
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  benchmark-detection:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-
-      - name: Run detection benchmark
-        run: |
-          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
-          test -s detection-benchmark-report.json
-
-      - name: Upload benchmark artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: detection-benchmark-report
-          path: detection-benchmark-report.json
+name: Detection Benchmark
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  benchmark-detection:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Run detection benchmark
+        run: |
+          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
+          test -s detection-benchmark-report.json
+
+      - name: Upload benchmark artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: detection-benchmark-report
+          path: detection-benchmark-report.json

package/.github/workflows/benchmark-intelligence.yml

@@ -1,50 +1,50 @@
-name: Benchmark Intelligence
-
-on:
-  schedule:
-    - cron: '0 2 * * 1'
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  benchmark-intelligence:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-
-      - name: Run benchmark detection report
-        run: |
-          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
-          test -s detection-benchmark-report.json
-
-      - name: Run benchmark anti-regression gate
-        run: |
-          node ./scripts/benchmark-gate.mjs > benchmark-gate-report.json
-          test -s benchmark-gate-report.json
-
-      - name: Run benchmark intelligence report
-        run: |
-          node ./scripts/benchmark-intelligence.mjs > benchmark-intelligence-report.json
-          test -s benchmark-intelligence-report.json
-
-      - name: Upload benchmark artifacts
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: benchmark-intelligence-report
-          path: |
-            detection-benchmark-report.json
-            benchmark-gate-report.json
-            benchmark-intelligence-report.json
+name: Benchmark Intelligence
+
+on:
+  schedule:
+    - cron: '0 2 * * 1'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  benchmark-intelligence:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Run benchmark detection report
+        run: |
+          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
+          test -s detection-benchmark-report.json
+
+      - name: Run benchmark anti-regression gate
+        run: |
+          node ./scripts/benchmark-gate.mjs > benchmark-gate-report.json
+          test -s benchmark-gate-report.json
+
+      - name: Run benchmark intelligence report
+        run: |
+          node ./scripts/benchmark-intelligence.mjs > benchmark-intelligence-report.json
+          test -s benchmark-intelligence-report.json
+
+      - name: Upload benchmark artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: benchmark-intelligence-report
+          path: |
+            detection-benchmark-report.json
+            benchmark-gate-report.json
+            benchmark-intelligence-report.json

package/.github/workflows/frontend-usability-gate.yml

@@ -1,36 +1,36 @@
-name: Frontend Usability Gate
-
-on:
-  push:
-    branches:
-      - '**'
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  frontend-usability-audit:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-
-      - name: Run frontend usability audit
-        run: node ./scripts/frontend-usability-audit.mjs > frontend-usability-audit-report.json
-
-      - name: Upload frontend audit artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: frontend-usability-audit-report
-          path: frontend-usability-audit-report.json
+name: Frontend Usability Gate
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  frontend-usability-audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Run frontend usability audit
+        run: node ./scripts/frontend-usability-audit.mjs > frontend-usability-audit-report.json
+
+      - name: Upload frontend audit artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend-usability-audit-report
+          path: frontend-usability-audit-report.json

package/.github/workflows/publish.yml

@@ -0,0 +1,32 @@
+name: publish-to-npm
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Run verification
+        run: |
+          npm run validate
+          npm test
+
+      - name: Publish to NPM
+        run: npm publish --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.github/workflows/release-gate.yml

@@ -1,32 +1,32 @@
-name: release-gate
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  release-gate:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24
-
-      - name: Run release gate
-        run: node ./scripts/release-gate.mjs > release-gate-report.json
-
-      - name: Upload release gate report artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: release-gate-report
-          path: release-gate-report.json
+name: release-gate
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  release-gate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Run release gate
+        run: node ./scripts/release-gate.mjs > release-gate-report.json
+
+      - name: Upload release gate report artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-gate-report
+          path: release-gate-report.json

package/.github/workflows/sbom-compliance.yml

@@ -1,32 +1,32 @@
-name: sbom-compliance
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  generate-sbom:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24
-
-      - name: Generate CycloneDX SBOM
-        run: node ./scripts/generate-sbom.mjs > sbom.cdx.json
-
-      - name: Upload SBOM artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: sbom-cyclonedx
-          path: sbom.cdx.json
+name: sbom-compliance
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Generate CycloneDX SBOM
+        run: node ./scripts/generate-sbom.mjs > sbom.cdx.json
+
+      - name: Upload SBOM artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-cyclonedx
+          path: sbom.cdx.json