@ryuenn3123/agentic-senior-core 1.9.0 → 1.9.2

package/.agent-context/blueprints/mobile-app.md

@@ -1,21 +1,21 @@
-# Mobile App Blueprint
-
-This blueprint defines the starter shape for a mobile product that needs a clean separation between UI, device integration, and backend contracts.
-
-## Structure
-
-- Transport: device events, navigation entry points, push notifications, and platform channels.
-- Service: orchestration, screen-level state, validation, and user-facing workflows.
-- Repository: remote API clients, local storage adapters, and persistence abstractions.
-
-## Starter Rules
-
-- Keep screens focused on rendering and user interaction only.
-- Move API access, caching, and serialization into adapter layers.
-- Use consistent error handling for offline, permission, and platform failures.
-- Add release checks for signing, packaging, and crash telemetry before shipping.
-
-## Recommended Stack Pairings
-
-- React Native for teams that want JavaScript or TypeScript alignment.
-- Flutter for teams that want a strongly structured UI toolkit.
+# Mobile App Blueprint
+
+This blueprint defines the starter shape for a mobile product that needs a clean separation between UI, device integration, and backend contracts.
+
+## Structure
+
+- Transport: device events, navigation entry points, push notifications, and platform channels.
+- Service: orchestration, screen-level state, validation, and user-facing workflows.
+- Repository: remote API clients, local storage adapters, and persistence abstractions.
+
+## Starter Rules
+
+- Keep screens focused on rendering and user interaction only.
+- Move API access, caching, and serialization into adapter layers.
+- Use consistent error handling for offline, permission, and platform failures.
+- Add release checks for signing, packaging, and crash telemetry before shipping.
+
+## Recommended Stack Pairings
+
+- React Native for teams that want JavaScript or TypeScript alignment.
+- Flutter for teams that want a strongly structured UI toolkit.

package/.agent-context/policies/llm-judge-threshold.json

@@ -1,20 +1,29 @@
-{
-  "selectedProfile": "balanced",
-  "profileThresholds": {
-    "beginner": {
-      "blockingSeverities": ["critical"],
-      "failOnMalformedResponse": false,
-      "failOnProviderError": false
-    },
-    "balanced": {
-      "blockingSeverities": ["critical", "high"],
-      "failOnMalformedResponse": true,
-      "failOnProviderError": false
-    },
-    "strict": {
-      "blockingSeverities": ["critical", "high", "medium"],
-      "failOnMalformedResponse": true,
-      "failOnProviderError": true
-    }
-  }
-}
+{
+  "selectedProfile": "beginner",
+  "profileThresholds": {
+    "beginner": {
+      "blockingSeverities": [
+        "critical"
+      ],
+      "failOnMalformedResponse": false,
+      "failOnProviderError": false
+    },
+    "balanced": {
+      "blockingSeverities": [
+        "critical",
+        "high"
+      ],
+      "failOnMalformedResponse": true,
+      "failOnProviderError": false
+    },
+    "strict": {
+      "blockingSeverities": [
+        "critical",
+        "high",
+        "medium"
+      ],
+      "failOnMalformedResponse": true,
+      "failOnProviderError": true
+    }
+  }
+}

package/.agent-context/profiles/platform.md

@@ -1,13 +1,13 @@
-# Team Profile Pack: Platform
-
-slug: platform
-displayName: Platform Team
-description: Reliability-oriented defaults for shared platform modules across teams.
-defaultProfile: balanced
-defaultStack: go.md
-defaultBlueprint: go-service.md
-ciGuardrails: true
-lockCi: false
-blockingSeverities: critical, high
-owner: platform-foundation
-lastUpdated: 2026-03-19
+# Team Profile Pack: Platform
+
+slug: platform
+displayName: Platform Team
+description: Reliability-oriented defaults for shared platform modules across teams.
+defaultProfile: balanced
+defaultStack: go.md
+defaultBlueprint: go-service.md
+ciGuardrails: true
+lockCi: false
+blockingSeverities: critical, high
+owner: platform-foundation
+lastUpdated: 2026-03-19

package/.agent-context/profiles/regulated.md

@@ -1,13 +1,13 @@
-# Team Profile Pack: Regulated
-
-slug: regulated
-displayName: Regulated Team
-description: Compliance-first defaults with strict policy and locked CI guardrails.
-defaultProfile: strict
-defaultStack: typescript.md
-defaultBlueprint: api-nextjs.md
-ciGuardrails: true
-lockCi: true
-blockingSeverities: critical, high, medium
-owner: governance-office
-lastUpdated: 2026-03-19
+# Team Profile Pack: Regulated
+
+slug: regulated
+displayName: Regulated Team
+description: Compliance-first defaults with strict policy and locked CI guardrails.
+defaultProfile: strict
+defaultStack: typescript.md
+defaultBlueprint: api-nextjs.md
+ciGuardrails: true
+lockCi: true
+blockingSeverities: critical, high, medium
+owner: governance-office
+lastUpdated: 2026-03-19

package/.agent-context/profiles/startup.md

@@ -1,13 +1,13 @@
-# Team Profile Pack: Startup
-
-slug: startup
-displayName: Startup Team
-description: Fast iteration with balanced guardrails and quick onboarding defaults.
-defaultProfile: balanced
-defaultStack: typescript.md
-defaultBlueprint: api-nextjs.md
-ciGuardrails: true
-lockCi: false
-blockingSeverities: critical, high
-owner: product-engineering
-lastUpdated: 2026-03-19
+# Team Profile Pack: Startup
+
+slug: startup
+displayName: Startup Team
+description: Fast iteration with balanced guardrails and quick onboarding defaults.
+defaultProfile: balanced
+defaultStack: typescript.md
+defaultBlueprint: api-nextjs.md
+ciGuardrails: true
+lockCi: false
+blockingSeverities: critical, high
+owner: product-engineering
+lastUpdated: 2026-03-19

package/.agent-context/review-checklists/frontend-skill-parity.md

@@ -1,28 +1,28 @@
-# Frontend Skill Parity Checklist
-
-Use this checklist to enforce mandatory frontend parity aligned with benchmark-driven standards from `MiniMax-AI/skills` `frontend-dev` profile.
-
-## Architecture and Composition
-- [ ] Frontend structure follows feature-driven organization.
-- [ ] Smart and dumb component separation is explicit and documented.
-- [ ] Server state and client state boundaries are documented and enforced.
-
-## Interaction and Motion
-- [ ] Primary user journey includes intentional animation without motion overload.
-- [ ] Reduced-motion fallback behavior is implemented and documented.
-- [ ] Transition timing and easing are consistent across key screens.
-
-## Accessibility and Responsiveness
-- [ ] Keyboard navigation works on all critical flows.
-- [ ] Contrast, typography scale, and focus visibility pass baseline checks.
-- [ ] Layout behavior is validated across mobile and desktop breakpoints.
-
-## UX Narrative and Conversion Clarity
-- [ ] Page hierarchy communicates value proposition within first viewport.
-- [ ] Primary calls to action are explicit and consistently placed.
-- [ ] Error and empty states contain actionable guidance.
-
-## Release Evidence
-- [ ] Frontend parity checklist artifact is attached to release evidence.
-- [ ] Frontend usability audit report is attached to release evidence.
-- [ ] Any parity waiver includes owner, expiry, and risk statement.
+# Frontend Skill Parity Checklist
+
+Use this checklist to enforce mandatory frontend parity aligned with benchmark-driven standards from `MiniMax-AI/skills` `frontend-dev` profile.
+
+## Architecture and Composition
+- [ ] Frontend structure follows feature-driven organization.
+- [ ] Smart and dumb component separation is explicit and documented.
+- [ ] Server state and client state boundaries are documented and enforced.
+
+## Interaction and Motion
+- [ ] Primary user journey includes intentional animation without motion overload.
+- [ ] Reduced-motion fallback behavior is implemented and documented.
+- [ ] Transition timing and easing are consistent across key screens.
+
+## Accessibility and Responsiveness
+- [ ] Keyboard navigation works on all critical flows.
+- [ ] Contrast, typography scale, and focus visibility pass baseline checks.
+- [ ] Layout behavior is validated across mobile and desktop breakpoints.
+
+## UX Narrative and Conversion Clarity
+- [ ] Page hierarchy communicates value proposition within first viewport.
+- [ ] Primary calls to action are explicit and consistently placed.
+- [ ] Error and empty states contain actionable guidance.
+
+## Release Evidence
+- [ ] Frontend parity checklist artifact is attached to release evidence.
+- [ ] Frontend usability audit report is attached to release evidence.
+- [ ] Any parity waiver includes owner, expiry, and risk statement.

package/.agent-context/review-checklists/frontend-usability.md

@@ -1,33 +1,33 @@
-# Frontend Usability Checklist — V1.7 Gate
-
-Run this checklist before claiming frontend work is production-ready.
-
-## 1. Visual System
-- [ ] Typography scale is consistent and tokenized.
-- [ ] Color usage follows design tokens and avoids ad-hoc values.
-- [ ] Spacing and layout rhythm is coherent across pages.
-
-## 2. Responsiveness
-- [ ] Core pages are usable at mobile, tablet, and desktop breakpoints.
-- [ ] Navigation remains accessible and understandable on small screens.
-- [ ] No content overlap, clipped text, or horizontal scroll regressions.
-
-## 3. Accessibility
-- [ ] Keyboard-only navigation covers all critical user paths.
-- [ ] Primary text and actionable controls meet WCAG AA contrast.
-- [ ] Reduced-motion mode is respected for non-essential animations.
-
-## 4. Interaction Quality
-- [ ] Motion is meaningful, not decorative noise.
-- [ ] Loading, empty, and error states are explicitly designed.
-- [ ] CTA hierarchy is clear and supports user intent.
-
-## 5. Performance and Stability
-- [ ] Lighthouse mobile performance target is met on core pages.
-- [ ] No severe layout shift during load and transition.
-- [ ] Visual regression checks cover protected pages.
-
-## 6. Documentation and Release Evidence
-- [ ] Frontend architecture decision is documented.
-- [ ] Visual baseline update process is documented.
-- [ ] Release note includes usability and responsiveness evidence.
+# Frontend Usability Checklist — V1.7 Gate
+
+Run this checklist before claiming frontend work is production-ready.
+
+## 1. Visual System
+- [ ] Typography scale is consistent and tokenized.
+- [ ] Color usage follows design tokens and avoids ad-hoc values.
+- [ ] Spacing and layout rhythm is coherent across pages.
+
+## 2. Responsiveness
+- [ ] Core pages are usable at mobile, tablet, and desktop breakpoints.
+- [ ] Navigation remains accessible and understandable on small screens.
+- [ ] No content overlap, clipped text, or horizontal scroll regressions.
+
+## 3. Accessibility
+- [ ] Keyboard-only navigation covers all critical user paths.
+- [ ] Primary text and actionable controls meet WCAG AA contrast.
+- [ ] Reduced-motion mode is respected for non-essential animations.
+
+## 4. Interaction Quality
+- [ ] Motion is meaningful, not decorative noise.
+- [ ] Loading, empty, and error states are explicitly designed.
+- [ ] CTA hierarchy is clear and supports user intent.
+
+## 5. Performance and Stability
+- [ ] Lighthouse mobile performance target is met on core pages.
+- [ ] No severe layout shift during load and transition.
+- [ ] Visual regression checks cover protected pages.
+
+## 6. Documentation and Release Evidence
+- [ ] Frontend architecture decision is documented.
+- [ ] Visual baseline update process is documented.
+- [ ] Release note includes usability and responsiveness evidence.

package/.agent-context/review-checklists/release-operations.md

@@ -1,29 +1,29 @@
-# Release Operations Checklist (V1.8)
-
-Use this checklist before promoting any release tag or package publish operation.
-
-## 1) Versioning and Changelog Integrity
-- `package.json` version is valid semantic version (`x.y.z`).
-- `CHANGELOG.md` has a matching release header for the package version.
-- `docs/roadmap.md` reflects release status and scope for the current milestone.
-
-## 2) Quality Gates and Test Evidence
-- `npm run validate` passes with zero failures.
-- `npm run test` passes on the full suite.
-- Frontend governance gate (`npm run audit:frontend-usability`) passes.
-- Release governance gate (`npm run gate:release`) passes.
-
-## 3) Supply Chain and Compliance Evidence
-- SBOM is generated with `npm run sbom:generate`.
-- CI uploads SBOM artifact for retention and audit traceability.
-- CI uploads release-gate report artifact for each run.
-
-## 4) Security and Override Governance
-- `.agent-override.md` entries have valid `Owner` and `Expiry` metadata.
-- No expired overrides remain active.
-- Any temporary exception has explicit rollback owner and date.
-
-## 5) Publish Readiness
-- Release notes summarize scope, risks, and rollback steps.
-- Required GitHub workflows are green on target commit.
-- Tag and publish command are executed only after all checks pass.
+# Release Operations Checklist (V1.8)
+
+Use this checklist before promoting any release tag or package publish operation.
+
+## 1) Versioning and Changelog Integrity
+- `package.json` version is valid semantic version (`x.y.z`).
+- `CHANGELOG.md` has a matching release header for the package version.
+- `docs/roadmap.md` reflects release status and scope for the current milestone.
+
+## 2) Quality Gates and Test Evidence
+- `npm run validate` passes with zero failures.
+- `npm run test` passes on the full suite.
+- Frontend governance gate (`npm run audit:frontend-usability`) passes.
+- Release governance gate (`npm run gate:release`) passes.
+
+## 3) Supply Chain and Compliance Evidence
+- SBOM is generated with `npm run sbom:generate`.
+- CI uploads SBOM artifact for retention and audit traceability.
+- CI uploads release-gate report artifact for each run.
+
+## 4) Security and Override Governance
+- `.agent-override.md` entries have valid `Owner` and `Expiry` metadata.
+- No expired overrides remain active.
+- Any temporary exception has explicit rollback owner and date.
+
+## 5) Publish Readiness
+- Release notes summarize scope, risks, and rollback steps.
+- Required GitHub workflows are green on target commit.
+- Tag and publish command are executed only after all checks pass.

package/.agent-context/rules/security.md

@@ -177,6 +177,96 @@ Permissions-Policy: camera=(), microphone=(), geolocation=()
 
 ---
 
+## .gitignore Enforcement (Mandatory)
+
+**If the user's INTENT is to create a new project, push to GitHub, or initialize source control, you MUST generate or verify a `.gitignore` file exists.**
+
+### Minimum Required Entries
+```gitignore
+# ── Secrets & Environment ──
+.env
+.env.local
+.env.*.local
+.env.production
+.env.staging
+
+# ── Dependencies ──
+node_modules/
+vendor/
+venv/
+.venv/
+__pycache__/
+.gradle/
+target/
+bin/  # Go binaries
+pkg/
+
+# ── Build Output ──
+dist/
+build/
+out/
+*.min.js
+*.min.css
+.next/
+.nuxt/
+.output/
+
+# ── IDE & Editor ──
+.idea/
+.vscode/settings.json
+.vscode/launch.json
+*.swp
+*.swo
+*~
+
+# ── OS Artifacts ──
+.DS_Store
+Thumbs.db
+Desktop.ini
+*.lnk
+
+# ── Logs ──
+*.log
+npm-debug.log*
+yarn-debug.log*
+pnpm-debug.log*
+
+# ── Testing & Coverage ──
+coverage/
+.nyc_output/
+*.lcov
+
+# ── Runtime Data ──
+*.pid
+*.seed
+*.pid.lock
+
+# ── Secrets & Keys ──
+*.pem
+*.key
+*.p12
+*.jks
+*.keystore
+```
+
+### Rules
+1. **NEVER commit `.env`** — only `.env.example` with placeholder values
+2. **Check for leaks before push** — `git diff --cached --name-only | grep -E '\.(env|pem|key)$'` should return empty
+3. **If the project has NO `.gitignore`**, create one immediately before any `git add`
+4. **Extend per-stack** — add language-specific patterns (e.g., `__pycache__/` for Python, `target/` for Java/Rust, `.gradle/` for Kotlin)
+5. **Reference**: See `.agent-context/rules/git-workflow.md` for the full `.gitignore Standards` section
+
+### MUST Commit (Whitelist)
+```
+.env.example           # Template with placeholder values ONLY
+.editorconfig          # Consistent formatting across IDEs
+.gitignore             # This file itself
+docker-compose.yml     # Dev environment definition
+Makefile / Taskfile    # Standard dev commands
+```
+
+---
+
 ## The Security Checklist (Quick Reference)
 
 Before any code is "done", verify:
@@ -184,6 +274,7 @@ Before any code is "done", verify:
 - [ ] All inputs validated at boundaries with schemas
 - [ ] No string concatenation in queries/commands
 - [ ] No secrets in source code
+- [ ] `.gitignore` exists and covers `.env`, `node_modules/`, build output, and IDE files
 - [ ] Authentication uses established libraries
 - [ ] Password hashing uses argon2id (or bcrypt for legacy)
 - [ ] Authorization enforced server-side
@@ -193,3 +284,4 @@ Before any code is "done", verify:
 - [ ] Error responses don't leak internal details
 - [ ] Logging includes security events (login failures, permission denials)
 - [ ] Dependencies audited for known vulnerabilities
+

package/.agent-context/skills/README.md

@@ -1,63 +1,63 @@
-# Skill Platform
-
-The skill platform is the internal skill system for Agentic-Senior-Core.
-
-## Design Goals
-- Unify skill content from benchmark repositories into one governed platform.
-- Make `advance` the default operating tier.
-- Keep `standard` only as a compatibility fallback.
-- Require evidence, validation, and release gates for every skill pack.
-
-## Tier Model
-
-### standard
-- Compatibility mode only.
-- Minimal guidance.
-- No default status for new work.
-
-### advance
-- Default operating tier.
-- Efficient, opinionated, and production-aware.
-- Used for normal feature delivery.
-
-### expert
-- For complex architecture, integration, and critical refactors.
-- Requires stronger evidence and review depth.
-
-### above
-- For release-critical, cross-domain, or enterprise governance work.
-- Requires full evidence bundle and explicit owner signoff.
-
-## Domain Packs
-- [Frontend](frontend/README.md)
-- [Backend](backend/README.md)
-- [Fullstack](fullstack/README.md)
-- [CLI](cli/README.md)
-- [Distribution](distribution/README.md)
-- [Review Quality](review-quality/README.md)
-
-## Folder Structure
-```text
-.agent-context/skills/
-├── README.md
-├── index.json
-├── frontend/
-├── backend/
-├── fullstack/
-├── cli/
-├── distribution/
-└── review-quality/
-```
-
-Each domain folder has its own README plus topic-level docs so the platform can scale like a curated skills library.
-
-## Benchmark Sources
-- sickn33/antigravity-awesome-skills
-- github/awesome-copilot
-- MiniMax-AI/skills
-
-## Platform Rules
-- Every skill pack must define purpose, inputs, outputs, validation, evidence, and fallback.
-- Every skill pack must state the default tier it targets.
-- Every release must include a skill parity check for the configured tiers.
+# Skill Platform
+
+The skill platform is the internal skill system for Agentic-Senior-Core.
+
+## Design Goals
+- Unify skill content from benchmark repositories into one governed platform.
+- Make `advance` the default operating tier.
+- Keep `standard` only as a compatibility fallback.
+- Require evidence, validation, and release gates for every skill pack.
+
+## Tier Model
+
+### standard
+- Compatibility mode only.
+- Minimal guidance.
+- No default status for new work.
+
+### advance
+- Default operating tier.
+- Efficient, opinionated, and production-aware.
+- Used for normal feature delivery.
+
+### expert
+- For complex architecture, integration, and critical refactors.
+- Requires stronger evidence and review depth.
+
+### above
+- For release-critical, cross-domain, or enterprise governance work.
+- Requires full evidence bundle and explicit owner signoff.
+
+## Domain Packs
+- [Frontend](frontend/README.md)
+- [Backend](backend/README.md)
+- [Fullstack](fullstack/README.md)
+- [CLI](cli/README.md)
+- [Distribution](distribution/README.md)
+- [Review Quality](review-quality/README.md)
+
+## Folder Structure
+```text
+.agent-context/skills/
+├── README.md
+├── index.json
+├── frontend/
+├── backend/
+├── fullstack/
+├── cli/
+├── distribution/
+└── review-quality/
+```
+
+Each domain folder has its own README plus topic-level docs so the platform can scale like a curated skills library.
+
+## Benchmark Sources
+- sickn33/antigravity-awesome-skills
+- github/awesome-copilot
+- MiniMax-AI/skills
+
+## Platform Rules
+- Every skill pack must define purpose, inputs, outputs, validation, evidence, and fallback.
+- Every skill pack must state the default tier it targets.
+- Every release must include a skill parity check for the configured tiers.
 - Every deviation from the default tier must be justified in the evidence bundle.