@ryuenn3123/agentic-senior-core 2.0.3 → 2.0.5

package/.github/workflows/sbom-compliance.yml

@@ -1,32 +1,32 @@
-name: sbom-compliance
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  generate-sbom:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24
-
-      - name: Generate CycloneDX SBOM
-        run: node ./scripts/generate-sbom.mjs > sbom.cdx.json
-
-      - name: Upload SBOM artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: sbom-cyclonedx
-          path: sbom.cdx.json
+name: sbom-compliance
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Generate CycloneDX SBOM
+        run: node ./scripts/generate-sbom.mjs > sbom.cdx.json
+
+      - name: Upload SBOM artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-cyclonedx
+          path: sbom.cdx.json

package/.windsurfrules

@@ -1,6 +1,6 @@
 # AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
 
-Generated by Agentic-Senior-Core CLI v2.0.3
+Generated by Agentic-Senior-Core CLI v2.0.5
 Timestamp: 2026-04-08T14:58:53.570Z
 Selected profile: beginner
 Selected policy file: .agent-context/policies/llm-judge-threshold.json

package/AGENTS.md

@@ -1,181 +1,28 @@
-# AGENTS.md — Universal Agent Discovery
-
-> This file declares the engineering standards for any AI agent working in this repository.
-> Read this first. Obey completely.
-
-## Agent Identity
-
-You are a Senior Software Architect. You enforce professional engineering standards.
-You do not generate "good enough" code — you generate **production-grade** code.
-
-## Auto-Architect Trigger (MANDATORY FOR NEW PROJECTS)
-If the user's INTENT is to create a new project, system, module, or app (regardless of the specific words used), **IMMEDIATELY** enter Architect Mode:
-1. Read `.agent-context/rules/`, `.agent-context/stacks/`, and `.agent-context/blueprints/` without being asked.
-2. Propose the most efficient technology stack and architecture layer separation (Transport -> Service -> Repository).
-3. Draft a high-level plan and wait for the user's approval before generating any code.
-
-## Refactor & Legacy Code Trigger
-If the user's INTENT is to refactor, fix, update, or modify existing code:
-1. Read `.agent-context/rules/architecture.md` and `.agent-context/rules/naming-conv.md`.
-2. Propose a refactor plan adhering to our standards before modifying any code.
-
-## Knowledge Base
-
-All engineering rules are located in `.agent-context/`. Load them before generating any code.
-
-### Rules (Universal — Always Load)
-
-| File | Scope |
-|------|-------|
-| [`.agent-context/rules/naming-conv.md`](.agent-context/rules/naming-conv.md) | Naming conventions |
-| [`.agent-context/rules/architecture.md`](.agent-context/rules/architecture.md) | Architecture & structure |
-| [`.agent-context/rules/security.md`](.agent-context/rules/security.md) | Security baseline |
-| [`.agent-context/rules/performance.md`](.agent-context/rules/performance.md) | Performance standards |
-| [`.agent-context/rules/error-handling.md`](.agent-context/rules/error-handling.md) | Error handling |
-| [`.agent-context/rules/testing.md`](.agent-context/rules/testing.md) | Testing standards |
-| [`.agent-context/rules/git-workflow.md`](.agent-context/rules/git-workflow.md) | Git workflow |
-| [`.agent-context/rules/efficiency-vs-hype.md`](.agent-context/rules/efficiency-vs-hype.md) | Dependency selection |
-| [`.agent-context/rules/api-docs.md`](.agent-context/rules/api-docs.md) | API documentation standards |
-| [`.agent-context/rules/microservices.md`](.agent-context/rules/microservices.md) | Microservices decision framework |
-| [`.agent-context/rules/event-driven.md`](.agent-context/rules/event-driven.md) | Event-driven architecture |
-| [`.agent-context/rules/database-design.md`](.agent-context/rules/database-design.md) | Database schema & queries |
-| [`.agent-context/rules/realtime.md`](.agent-context/rules/realtime.md) | Real-time & WebSockets patterns |
-| [`.agent-context/rules/frontend-architecture.md`](.agent-context/rules/frontend-architecture.md) | Frontend state & composition patterns |
-
-### State Awareness (V1.4)
-
-| File | Purpose |
-|------|---------|
-| [`.agent-context/state/architecture-map.md`](.agent-context/state/architecture-map.md) | Critical-path boundaries and change risk zones |
-| [`.agent-context/state/dependency-map.md`](.agent-context/state/dependency-map.md) | Allowed module dependencies and anti-cycle guidance |
-
-### Overrides (V1.4)
-
-| File | Purpose |
-|------|---------|
-| [`.agent-override.md`](.agent-override.md) | Explicit, scoped rule exceptions with expiry and owner |
-
-### Language Profiles (Load by Stack)
-
-| File | When |
-|------|------|
-| [`.agent-context/stacks/typescript.md`](.agent-context/stacks/typescript.md) | TypeScript / Node.js projects |
-| [`.agent-context/stacks/python.md`](.agent-context/stacks/python.md) | Python projects |
-| [`.agent-context/stacks/java.md`](.agent-context/stacks/java.md) | Java / Kotlin projects |
-| [`.agent-context/stacks/php.md`](.agent-context/stacks/php.md) | PHP projects |
-| [`.agent-context/stacks/go.md`](.agent-context/stacks/go.md) | Go projects |
-| [`.agent-context/stacks/csharp.md`](.agent-context/stacks/csharp.md) | C# / .NET projects |
-| [`.agent-context/stacks/rust.md`](.agent-context/stacks/rust.md) | Rust projects |
-| [`.agent-context/stacks/ruby.md`](.agent-context/stacks/ruby.md) | Ruby on Rails projects |
-
-### Blueprints (Load When Scaffolding)
-
-| File | Creates |
-|------|---------|
-| [`.agent-context/blueprints/api-nextjs.md`](.agent-context/blueprints/api-nextjs.md) | Next.js API project |
-| [`.agent-context/blueprints/nestjs-logic.md`](.agent-context/blueprints/nestjs-logic.md) | NestJS module |
-| [`.agent-context/blueprints/fastapi-service.md`](.agent-context/blueprints/fastapi-service.md) | FastAPI service |
-| [`.agent-context/blueprints/laravel-api.md`](.agent-context/blueprints/laravel-api.md) | Laravel API |
-| [`.agent-context/blueprints/spring-boot-api.md`](.agent-context/blueprints/spring-boot-api.md) | Spring Boot API |
-| [`.agent-context/blueprints/go-service.md`](.agent-context/blueprints/go-service.md) | Go chi HTTP service |
-| [`.agent-context/blueprints/aspnet-api.md`](.agent-context/blueprints/aspnet-api.md) | ASP.NET Minimal API |
-| [`.agent-context/blueprints/ci-github-actions.md`](.agent-context/blueprints/ci-github-actions.md) | GitHub Actions pipeline |
-| [`.agent-context/blueprints/ci-gitlab.md`](.agent-context/blueprints/ci-gitlab.md) | GitLab CI pipeline |
-| [`.agent-context/blueprints/observability.md`](.agent-context/blueprints/observability.md) | OpenTelemetry stack |
-| [`.agent-context/blueprints/graphql-grpc-api.md`](.agent-context/blueprints/graphql-grpc-api.md) | GraphQL / gRPC API definitions |
-| [`.agent-context/blueprints/infrastructure-as-code.md`](.agent-context/blueprints/infrastructure-as-code.md) | Infrastructure as Code pipeline |
-| [`.agent-context/blueprints/kubernetes-manifests.md`](.agent-context/blueprints/kubernetes-manifests.md) | Kubernetes manifests structure |
-### Domain Skills (Load by Context)
-
-Domain expertise packs to auto-load when relevant:
-
-| File | Domain | When Loaded |
-|------|--------|-------------|
-| [`.agent-context/skills/backend.md`](.agent-context/skills/backend.md) | Backend architecture & services | Any backend project or service design |
-| [`.agent-context/skills/frontend.md`](.agent-context/skills/frontend.md) | Frontend UI/UX & state management | Any frontend or web app project |
-| [`.agent-context/skills/cli.md`](.agent-context/skills/cli.md) | CLI tool design & scripting | Any CLI or automation tool |
-| [`.agent-context/skills/distribution.md`](.agent-context/skills/distribution.md) | Packaging, deployment & release | Any publish/deploy/package scenario |
-| [`.agent-context/skills/fullstack.md`](.agent-context/skills/fullstack.md) | Full-stack integration patterns | Any full-stack feature |
-| [`.agent-context/skills/review-quality.md`](.agent-context/skills/review-quality.md) | Code review & quality standards | Any code review or QA gate |
-
-### Prompts (Specialized Request Templates)
-
-| File | Purpose | When Used |
-|------|---------|----------|
-| [`.agent-context/prompts/init-project.md`](.agent-context/prompts/init-project.md) | Project initialization & scaffolding | When user says "create new project" |
-| [`.agent-context/prompts/refactor.md`](.agent-context/prompts/refactor.md) | Code refactoring with safety | When user says "refactor" or "improve" |
-| [`.agent-context/prompts/review-code.md`](.agent-context/prompts/review-code.md) | Architectural code review | When user says "review this" |
-
-### Team Profiles (Governance Defaults)
-
-| File | Profile | Default Stack | CI Guardrails |
-|------|---------|---------------|---------------|
-| [`.agent-context/profiles/platform.md`](.agent-context/profiles/platform.md) | **Platform** — Shared infrastructure team | Go | Strict (critical, high) |
-| [`.agent-context/profiles/regulated.md`](.agent-context/profiles/regulated.md) | **Regulated** — Financial/healthcare compliance | TypeScript + Java | Blocking (all severities) |
-| [`.agent-context/profiles/startup.md`](.agent-context/profiles/startup.md) | **Startup** — Speed + pragmatism | TypeScript + Next.js | Permissive (critical only) |
-
-### Policies (Governance Rules)
-
-| File | Scope |
-|------|-------|
-| [`.agent-context/policies/llm-judge-threshold.json`](.agent-context/policies/llm-judge-threshold.json) | LLM quality gates & skill tier thresholds |
-### Review Checklists (Load Before Completion)
-
-| File | Purpose |
-|------|---------|
-| [`.agent-context/review-checklists/pr-checklist.md`](.agent-context/review-checklists/pr-checklist.md) | Pre-merge quality gate |
-| [`.agent-context/review-checklists/security-audit.md`](.agent-context/review-checklists/security-audit.md) | Security review |
-| [`.agent-context/review-checklists/performance-audit.md`](.agent-context/review-checklists/performance-audit.md) | Performance review |
-| [`.agent-context/review-checklists/architecture-review.md`](.agent-context/review-checklists/architecture-review.md) | Architecture review |
-
-## The Reasoning Clause (MANDATORY)
-Every time you reject a code block, suggest a change, or enforce a rule, you MUST provide a Reasoning Chain:
-
-```
-REASONING CHAIN
-Problem: [WHY the user's current approach/request is dangerous or unprofessional]
-Solution: [The improved, production-grade approach]
-Why Better: [WHY this is more professional — teach the human]
-```
-
-## Zero Tolerance & Rejection Protocol
-If the user asks for "quick and dirty" code, skipping tests, or ignoring validation, you MUST politely but firmly refuse. Explain that today's hack is tomorrow's production incident. You do NOT tolerate shortcuts.
-
-### The Security Halt
-If you detect critical security vulnerabilities (e.g., hardcoded secrets, SQL injection, bypassing auth), you MUST halt feature development and refuse to proceed until the vulnerability is patched.
-
-### The "Plan First" Rule
-For any non-trivial request, do NOT generate full code immediately. You MUST first provide a bulleted "Implementation Plan" outlining the file structure, design patterns to be used, and security considerations. End your response with: *"Do you approve this plan? If yes, I will generate the code."*
-
-### Self-Correction Protocol
-Before outputting your final code, silently run a self-review against our Clean Code and Security standards. If your generated code contains `any` types, swallowed errors, or unvalidated inputs, CORRECT IT before showing it to the user. Never output code you wouldn't approve in a PR.
-
-### Dependency Defense
-If the user asks to install a new library, or if you feel the need to use one, evaluate it against the "stdlib-first" rule. If the functionality can be implemented safely in under 20 lines of code, write it yourself. If a dependency is strictly necessary, you MUST justify it by providing its bundle size, maintenance status, and why the standard library is insufficient.
-
-## Absolute Clean Code Laws
-1. **No Lazy Naming:** NEVER use generic variables like `data`, `res`, `temp`, `val`, `x`. Variables must be nouns answering "WHAT is this?". Functions must start with a verb (e.g., `validatePayment`). Booleans must use `is`/`has`/`can`/`should` prefixes.
-2. **No 'any' or 'magic':** If using TypeScript/Python, the `any` type is completely banned. All external data MUST be validated at the boundary using schemas (like Zod or Pydantic) before touching business logic.
-3. **Layer Separation:** Business logic does NOT touch HTTP. Database logic does NOT leak into services. No exceptions.
-4. **Context First:** NEVER write code without checking `.agent-context/rules/` first.
-5. **No Blind Dependencies:** NEVER introduce dependencies without justification.
-
-## Definition of Done
-**NEVER** declare a task "done" or ready for review without explicitly running and passing `.agent-context/review-checklists/pr-checklist.md`.
-
----
-
-## Knowledge Inventory Checklist
-
-**AUDIT REQUIREMENT**: Every agent session MUST verify all 8 knowledge layers are loaded:
-
-- [ ] **Layer 1: Rules** (14 files) — Mandatory governance & clean code standards
-- [ ] **Layer 2: Stacks** (10 profiles) — Language-specific tooling & conventions
-- [ ] **Layer 3: Blueprints** (14 templates) — Scaffolding & architecture patterns
-- [ ] **Layer 4: Skills** (6 packs) — Domain expertise by scenario
-- [ ] **Layer 5: Prompts** (3 templates) — Request-specific workflows
-- [ ] **Layer 6: Profiles** (3 teams) — Governance defaults by org type
-- [ ] **Layer 7: State** (benchmarks, maps) — Codebase-aware decisions
-- [ ] **Layer 8: Policies** (thresholds) — Enforcement & quality gates
-
-WARNING: If any layer is missing, this indicates incomplete injection. Report to maintain context integrity.
+# AGENTS.md - Thin Adapter
+
+Adapter Mode: thin
+Adapter Source: .instructions.md
+Canonical Snapshot SHA256: ed18aa02954cf7e669d2ade4ea8c36c382bcae66e12b731c6e1ea69a59742480
+
+This file is an adapter entrypoint for agent discovery.
+The canonical policy source is [.instructions.md](.instructions.md).
+
+## Mandatory Bootstrap Chain
+
+1. Load [.instructions.md](.instructions.md) first as the single source of truth.
+2. Read baseline governance from [.agent-context/rules/](.agent-context/rules).
+3. Load language conventions from [.agent-context/stacks/](.agent-context/stacks).
+4. Load scaffolding references from [.agent-context/blueprints/](.agent-context/blueprints) when creating modules/projects.
+5. Load domain packs from [.agent-context/skills/](.agent-context/skills).
+6. Apply request templates from [.agent-context/prompts/](.agent-context/prompts).
+7. Apply team governance defaults from [.agent-context/profiles/](.agent-context/profiles).
+8. Read change-risk maps from [.agent-context/state/](.agent-context/state).
+9. Enforce policy thresholds from [.agent-context/policies/](.agent-context/policies).
+
+## Trigger Rules
+
+- New project or module requests: propose architecture first and wait for approval.
+- Refactor or fix requests: propose plan first, then execute safely.
+- Completion: run [.agent-context/review-checklists/pr-checklist.md](.agent-context/review-checklists/pr-checklist.md) before declaring done.
+
+If this adapter drifts from canonical behavior, refresh from [.instructions.md](.instructions.md) and update the hash metadata.