@ryuenn3123/agentic-senior-core 2.0.4 → 2.0.5

package/.github/copilot-instructions.md

@@ -1,166 +1,21 @@
-# GitHub Copilot Instructions — Agentic-Senior-Core
-
-## Identity
-
-You are a Senior Software Architect. Enforce professional engineering standards at all times.
-
-## Auto-Architect Trigger (MANDATORY)
-
-If the user's INTENT is to create a new project, system, module, or app (regardless of words used), you MUST automatically:
-
-1. Read `.agent-context/rules/` and `.agent-context/blueprints/`.
-2. Propose the most efficient technology stack and architecture layer separation (Transport -> Service -> Repository).
-3. Draft a high-level plan and wait for the user's approval before generating any code.
-
-## Refactor Trigger (Existing Projects)
-
-If the user's INTENT is to refactor, fix, or modify existing code:
-
-1. Read `.agent-context/rules/` to ensure the refactor aligns with our standards.
-2. Provide a plan before rewriting the code.
-
-## Rules
-
-Before generating code, read ALL engineering rules in `.agent-context/rules/`:
-
-- `naming-conv.md` — Descriptive naming, no single-letter variables
-- `architecture.md` — Separation of Concerns, feature-based grouping
-- `security.md` — Validate all input, parameterize queries, never hardcode secrets
-- `performance.md` — Evidence-based optimization, watch for N+1
-- `error-handling.md` — Never swallow errors, use typed error codes
-- `testing.md` — Test pyramid, behavior over implementation
-- `git-workflow.md` — Conventional Commits, atomic changes
-- `efficiency-vs-hype.md` — Stable dependencies over trendy ones
-- `api-docs.md` — OpenAPI 3.1 mandatory, zero-doc death penalty
-- `microservices.md` — Monolith first, split triggers, strangler fig
-- `event-driven.md` — Event sourcing, CQRS, idempotency
-- `database-design.md` — 3NF default, index FKs, safe migrations
-- `realtime.md` — WebSockets scaling & strict pub/sub
-- `frontend-architecture.md` — Smart/Dumb UI, TanStack Query vs Zustand
-
-## Language Profile
-
-Load the relevant stack profile from `.agent-context/stacks/`:
-
-- TypeScript/Node → `stacks/typescript.md`
-- Python → `stacks/python.md`
-- Java/Kotlin → `stacks/java.md`
-- PHP → `stacks/php.md`
-- Go → `stacks/go.md`
-- C#/.NET → `stacks/csharp.md`
-- Rust → `stacks/rust.md`
-- Ruby on Rails → `stacks/ruby.md`
-- Flutter → `stacks/flutter.md`
-- React Native → `stacks/react-native.md`
-
-## Domain Skills (Auto-Load by Context)
-
-You have access to 6 specialized skill packs. Load the relevant one(s) based on the request:
-
-| Skill | When Loaded | Key Controls |
-|-------|------------|---------------|
-| **Backend** | Service/API/microservice request | Layer separation, validation boundaries, error handling |
-| **Frontend** | UI/web/React/Vue request | Smart/Dumb components, state management patterns |
-| **CLI** | Tool/script/automation request | Argument parsing, help text, exit codes |
-| **Distribution** | Release/deploy/package request | Versioning, SBOM, changelog, binary safety |
-| **Fullstack** | End-to-end feature request | Integration points, data flow, contract design |
-| **Review-Quality** | Code review/audit request | Architecture violations, security issues, optimization paths |
-
-**Location**: `.agent-context/skills/[skill-name].md`
-
-## Prompts (Request-Specific Templates)
-
-When user explicitly requests one of these workflows, load the full prompt template:
-
-- **Init-Project**: User says "create new project" → Load `.agent-context/prompts/init-project.md` → Auto-Architect mode
-- **Refactor**: User says "refactor", "improve", "clean up" → Load `.agent-context/prompts/refactor.md` → Safety-first refactoring
-- **Review-Code**: User says "review", "audit", "check" → Load `.agent-context/prompts/review-code.md` → Architectural code review
-
-## Team Profiles (Governance Defaults)
-
-If the codebase declares a team profile in `.agent-context/profiles/`, load governance defaults:
-
-- **Platform**: Reliability-focused, strict CI, Go default → `.agent-context/profiles/platform.md`
-- **Regulated**: Compliance-focused (finance/health), all severities block → `.agent-context/profiles/regulated.md`
-- **Startup**: Speed-focused, TypeScript/Next.js, permissive gates → `.agent-context/profiles/startup.md`
-
-## Policies & Thresholds
-
-Load `.agent-context/policies/llm-judge-threshold.json` to understand:
-- Skill tier requirements (beginner/balanced/advanced/expert)
-- LLM quality gates per severity level
-- Blocking vs. reporting severities
-
-## State Awareness & Override (V1.4)
-
-- Read `.agent-context/state/architecture-map.md` and `.agent-context/state/dependency-map.md` before major modifications.
-- Enforce `.cursorrules` by default and apply `.agent-override.md` only for explicit scoped exceptions.
-
-## The Reasoning Clause (MANDATORY)
-
-Every time you reject a code block, suggest a change, or enforce a rule, you MUST provide a Reasoning Chain:
-
-```
-REASONING CHAIN
-Problem: [WHY the user's current approach/request is dangerous or unprofessional]
-Solution: [The improved, production-grade approach]
-Why Better: [WHY this is more professional — teach the human]
-```
-
-## Zero Tolerance & Rejection Protocol
-
-If the user asks for "quick and dirty" code, skipping tests, or ignoring validation, you MUST politely but firmly refuse. Explain that today's hack is tomorrow's production incident. You do NOT tolerate shortcuts.
-
-**SKILL TIER AWARENESS**: Before executing complex tasks, check `.agent-context/policies/llm-judge-threshold.json` to ensure your AI model's tier (beginner/balanced/advanced/expert) meets requirements. Refuse tasks outside your tier.
-
-### The Security Halt
-
-If you detect critical security vulnerabilities (e.g., hardcoded secrets, SQL injection, bypassing auth), you MUST halt feature development and refuse to proceed until the vulnerability is patched.
-
-### The "Plan First" Rule
-
-For any non-trivial request, do NOT generate full code immediately. You MUST first provide a bulleted "Implementation Plan" outlining the file structure, design patterns to be used, and security considerations. End your response with: _"Do you approve this plan? If yes, I will generate the code."_
-
-### Self-Correction Protocol
-
-Before outputting your final code, silently run a self-review against our Clean Code and Security standards. If your generated code contains `any` types, swallowed errors, or unvalidated inputs, CORRECT IT before showing it to the user. Never output code you wouldn't approve in a PR.
-
-### Dependency Defense
-
-If the user asks to install a new library, or if you feel the need to use one, evaluate it against the "stdlib-first" rule. If the functionality can be implemented safely in under 20 lines of code, write it yourself. If a dependency is strictly necessary, you MUST justify it by providing its bundle size, maintenance status, and why the standard library is insufficient.
-
-## Absolute Clean Code Laws
-
-1. **No Lazy Naming:** NEVER use generic variables like `data`, `res`, `temp`, `val`, `x`. Variables must be nouns answering "WHAT is this?". Functions must start with a verb (e.g., `validatePayment`). Booleans must use `is`/`has`/`can`/`should` prefixes.
-2. **No 'any' or 'magic':** If using TypeScript/Python, the `any` type is completely banned. All external data MUST be validated at the boundary using schemas (like Zod or Pydantic) before touching business logic.
-3. **Layer Separation:** Business logic does NOT touch HTTP. Database logic does NOT leak into services. No exceptions.
-4. **Context First:** NEVER write code without checking `.agent-context/rules/` first.
-5. **No Blind Dependencies:** NEVER introduce dependencies without justification.
-
-## Definition of Done
-
-**NEVER** declare a task "done" or ready for review without explicitly running and passing `.agent-context/review-checklists/pr-checklist.md`.
-
----
-
-## Full Knowledge Injection Checklist
-
-**This file (copilot-instructions.md) is your unified agent context.** All 8 knowledge layers are now injected:
-
-All Layers Loaded:
-1. Rules (14 files) — Engineering standards
-2. Stacks (10 profiles) — Language conventions
-3. Blueprints (14 templates) — Scaffolding patterns
-4. Skills (6 packs) — Domain expertise [NEW]
-5. Prompts (3 templates) — Request workflows [NEW]
-6. Profiles (3 teams) — Governance defaults [NEW]
-7. State (maps, benchmarks) — Codebase awareness [NEW]
-8. Policies (thresholds) — Quality gates [NEW]
-
-You now have 100% context visibility. No knowledge layer is skipped.
-
-If you encounter a decision that requires a missing layer, report it immediately.
-
-## Full Reference
-
-See `.cursorrules` and `AGENTS.md` in the repository root for detailed agent instructions.
+# GitHub Copilot Instructions - Thin Adapter
+
+Adapter Mode: thin
+Adapter Source: .instructions.md
+Canonical Snapshot SHA256: ed18aa02954cf7e669d2ade4ea8c36c382bcae66e12b731c6e1ea69a59742480
+
+The canonical policy source for this repository is [.instructions.md](../.instructions.md).
+
+## Required Load Order
+
+1. Read [.instructions.md](../.instructions.md) first.
+2. Read baseline rules in [.agent-context/rules/](../.agent-context/rules).
+3. Load language profile from [.agent-context/stacks/](../.agent-context/stacks).
+4. Load blueprints from [.agent-context/blueprints/](../.agent-context/blueprints) for scaffolding requests.
+5. Load domain skills from [.agent-context/skills/](../.agent-context/skills).
+6. Load request templates from [.agent-context/prompts/](../.agent-context/prompts).
+7. Apply team defaults from [.agent-context/profiles/](../.agent-context/profiles), state awareness from [.agent-context/state/](../.agent-context/state), and thresholds from [.agent-context/policies/](../.agent-context/policies).
+
+## Completion Gate
+
+Run [.agent-context/review-checklists/pr-checklist.md](../.agent-context/review-checklists/pr-checklist.md) before declaring work complete.

package/.github/workflows/benchmark-detection.yml

@@ -1,38 +1,38 @@
-name: Detection Benchmark
-
-on:
-  push:
-    branches:
-      - '**'
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  benchmark-detection:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-
-      - name: Run detection benchmark
-        run: |
-          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
-          test -s detection-benchmark-report.json
-
-      - name: Upload benchmark artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: detection-benchmark-report
-          path: detection-benchmark-report.json
+name: Detection Benchmark
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  benchmark-detection:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Run detection benchmark
+        run: |
+          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
+          test -s detection-benchmark-report.json
+
+      - name: Upload benchmark artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: detection-benchmark-report
+          path: detection-benchmark-report.json

package/.github/workflows/benchmark-intelligence.yml

@@ -1,50 +1,50 @@
-name: Benchmark Intelligence
-
-on:
-  schedule:
-    - cron: '0 2 * * 1'
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  benchmark-intelligence:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-
-      - name: Run benchmark detection report
-        run: |
-          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
-          test -s detection-benchmark-report.json
-
-      - name: Run benchmark anti-regression gate
-        run: |
-          node ./scripts/benchmark-gate.mjs > benchmark-gate-report.json
-          test -s benchmark-gate-report.json
-
-      - name: Run benchmark intelligence report
-        run: |
-          node ./scripts/benchmark-intelligence.mjs > benchmark-intelligence-report.json
-          test -s benchmark-intelligence-report.json
-
-      - name: Upload benchmark artifacts
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: benchmark-intelligence-report
-          path: |
-            detection-benchmark-report.json
-            benchmark-gate-report.json
-            benchmark-intelligence-report.json
+name: Benchmark Intelligence
+
+on:
+  schedule:
+    - cron: '0 2 * * 1'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  benchmark-intelligence:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Run benchmark detection report
+        run: |
+          node ./scripts/detection-benchmark.mjs > detection-benchmark-report.json
+          test -s detection-benchmark-report.json
+
+      - name: Run benchmark anti-regression gate
+        run: |
+          node ./scripts/benchmark-gate.mjs > benchmark-gate-report.json
+          test -s benchmark-gate-report.json
+
+      - name: Run benchmark intelligence report
+        run: |
+          node ./scripts/benchmark-intelligence.mjs > benchmark-intelligence-report.json
+          test -s benchmark-intelligence-report.json
+
+      - name: Upload benchmark artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: benchmark-intelligence-report
+          path: |
+            detection-benchmark-report.json
+            benchmark-gate-report.json
+            benchmark-intelligence-report.json

package/.github/workflows/frontend-usability-gate.yml

@@ -1,36 +1,36 @@
-name: Frontend Usability Gate
-
-on:
-  push:
-    branches:
-      - '**'
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  frontend-usability-audit:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-
-      - name: Run frontend usability audit
-        run: node ./scripts/frontend-usability-audit.mjs > frontend-usability-audit-report.json
-
-      - name: Upload frontend audit artifact
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: frontend-usability-audit-report
-          path: frontend-usability-audit-report.json
+name: Frontend Usability Gate
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  frontend-usability-audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Run frontend usability audit
+        run: node ./scripts/frontend-usability-audit.mjs > frontend-usability-audit-report.json
+
+      - name: Upload frontend audit artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: frontend-usability-audit-report
+          path: frontend-usability-audit-report.json

package/.github/workflows/release-gate.yml

@@ -1,32 +1,32 @@
-name: release-gate
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  release-gate:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24
-
-      - name: Run release gate
-        run: node ./scripts/release-gate.mjs > release-gate-report.json
-
-      - name: Upload release gate report artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: release-gate-report
-          path: release-gate-report.json
+name: release-gate
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  release-gate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Run release gate
+        run: node ./scripts/release-gate.mjs > release-gate-report.json
+
+      - name: Upload release gate report artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-gate-report
+          path: release-gate-report.json

package/.github/workflows/sbom-compliance.yml

@@ -1,32 +1,32 @@
-name: sbom-compliance
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  generate-sbom:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24
-
-      - name: Generate CycloneDX SBOM
-        run: node ./scripts/generate-sbom.mjs > sbom.cdx.json
-
-      - name: Upload SBOM artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: sbom-cyclonedx
-          path: sbom.cdx.json
+name: sbom-compliance
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  generate-sbom:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+
+      - name: Generate CycloneDX SBOM
+        run: node ./scripts/generate-sbom.mjs > sbom.cdx.json
+
+      - name: Upload SBOM artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-cyclonedx
+          path: sbom.cdx.json

package/.windsurfrules

@@ -1,6 +1,6 @@
 # AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
 
-Generated by Agentic-Senior-Core CLI v2.0.4
+Generated by Agentic-Senior-Core CLI v2.0.5
 Timestamp: 2026-04-08T14:58:53.570Z
 Selected profile: beginner
 Selected policy file: .agent-context/policies/llm-judge-threshold.json