@slowdini/slow-powers-opencode 0.4.4 → 0.5.0

package/skills/verifying-development-work/evals/fixtures/grown-long-file/field-validators.ts

@@ -0,0 +1,532 @@
+// Shared field-validation helpers used across the signup, billing, and
+// scheduling forms. Each validator returns a ValidationResult so callers can
+// surface a specific message instead of a bare boolean.
+
+export interface ValidationResult {
+  valid: boolean;
+  message?: string;
+}
+
+const ok: ValidationResult = { valid: true };
+const fail = (message: string): ValidationResult => ({ valid: false, message });
+
+// ---------------------------------------------------------------------------
+// String validators
+// ---------------------------------------------------------------------------
+
+export function isNonEmpty(value: string): ValidationResult {
+  if (value.trim().length === 0) {
+    return fail("Value must not be empty.");
+  }
+  return ok;
+}
+
+export function hasMinLength(value: string, min: number): ValidationResult {
+  if (value.length < min) {
+    return fail(`Must be at least ${min} characters.`);
+  }
+  return ok;
+}
+
+export function hasMaxLength(value: string, max: number): ValidationResult {
+  if (value.length > max) {
+    return fail(`Must be at most ${max} characters.`);
+  }
+  return ok;
+}
+
+export function isEmail(value: string): ValidationResult {
+  const at = value.indexOf("@");
+  const dot = value.lastIndexOf(".");
+  if (at < 1 || dot < at + 2 || dot === value.length - 1) {
+    return fail("Must be a valid email address.");
+  }
+  if (/\s/.test(value)) {
+    return fail("Email must not contain whitespace.");
+  }
+  return ok;
+}
+
+export function isUrl(value: string): ValidationResult {
+  if (!/^https?:\/\//.test(value)) {
+    return fail("Must start with http:// or https://.");
+  }
+  if (/\s/.test(value)) {
+    return fail("URL must not contain whitespace.");
+  }
+  return ok;
+}
+
+export function isSlug(value: string): ValidationResult {
+  if (!/^[a-z0-9]+(?:-[a-z0-9]+)*$/.test(value)) {
+    return fail("Must be lowercase words separated by single hyphens.");
+  }
+  return ok;
+}
+
+export function isAlphanumeric(value: string): ValidationResult {
+  if (!/^[a-z0-9]+$/i.test(value)) {
+    return fail("Must contain only letters and numbers.");
+  }
+  return ok;
+}
+
+export function matchesPattern(
+  value: string,
+  pattern: RegExp,
+): ValidationResult {
+  if (!pattern.test(value)) {
+    return fail("Value does not match the expected format.");
+  }
+  return ok;
+}
+
+export function isNoLeadingTrailingSpace(value: string): ValidationResult {
+  if (value !== value.trim()) {
+    return fail("Must not have leading or trailing whitespace.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Number validators
+// ---------------------------------------------------------------------------
+
+export function isFiniteNumber(value: number): ValidationResult {
+  if (!Number.isFinite(value)) {
+    return fail("Must be a finite number.");
+  }
+  return ok;
+}
+
+export function isInteger(value: number): ValidationResult {
+  if (!Number.isInteger(value)) {
+    return fail("Must be a whole number.");
+  }
+  return ok;
+}
+
+export function isPositive(value: number): ValidationResult {
+  if (!(value > 0)) {
+    return fail("Must be greater than zero.");
+  }
+  return ok;
+}
+
+export function isNonNegative(value: number): ValidationResult {
+  if (!(value >= 0)) {
+    return fail("Must not be negative.");
+  }
+  return ok;
+}
+
+export function isInRange(
+  value: number,
+  min: number,
+  max: number,
+): ValidationResult {
+  if (value < min || value > max) {
+    return fail(`Must be between ${min} and ${max}.`);
+  }
+  return ok;
+}
+
+export function isMultipleOf(value: number, factor: number): ValidationResult {
+  if (factor === 0 || value % factor !== 0) {
+    return fail(`Must be a multiple of ${factor}.`);
+  }
+  return ok;
+}
+
+export function isPercentage(value: number): ValidationResult {
+  if (value < 0 || value > 100) {
+    return fail("Must be between 0 and 100.");
+  }
+  return ok;
+}
+
+export function isPort(value: number): ValidationResult {
+  if (!Number.isInteger(value) || value < 1 || value > 65535) {
+    return fail("Must be a valid port between 1 and 65535.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Date validators
+// ---------------------------------------------------------------------------
+
+export function isIsoDate(value: string): ValidationResult {
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(value)) {
+    return fail("Must be an ISO date (YYYY-MM-DD).");
+  }
+  const parsed = Date.parse(value);
+  if (Number.isNaN(parsed)) {
+    return fail("Must be a real calendar date.");
+  }
+  return ok;
+}
+
+export function isFuture(value: string, now: number): ValidationResult {
+  const parsed = Date.parse(value);
+  if (Number.isNaN(parsed)) {
+    return fail("Must be a real date.");
+  }
+  if (parsed <= now) {
+    return fail("Must be in the future.");
+  }
+  return ok;
+}
+
+export function isPast(value: string, now: number): ValidationResult {
+  const parsed = Date.parse(value);
+  if (Number.isNaN(parsed)) {
+    return fail("Must be a real date.");
+  }
+  if (parsed >= now) {
+    return fail("Must be in the past.");
+  }
+  return ok;
+}
+
+export function isWithinDays(
+  value: string,
+  now: number,
+  days: number,
+): ValidationResult {
+  const parsed = Date.parse(value);
+  if (Number.isNaN(parsed)) {
+    return fail("Must be a real date.");
+  }
+  const span = Math.abs(parsed - now);
+  if (span > days * 24 * 60 * 60 * 1000) {
+    return fail(`Must be within ${days} days.`);
+  }
+  return ok;
+}
+
+export function isValidAge(years: number): ValidationResult {
+  if (!Number.isInteger(years) || years < 0 || years > 130) {
+    return fail("Must be a realistic age.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Collection validators
+// ---------------------------------------------------------------------------
+
+export function isNonEmptyArray<T>(value: T[]): ValidationResult {
+  if (!Array.isArray(value) || value.length === 0) {
+    return fail("Must contain at least one item.");
+  }
+  return ok;
+}
+
+export function hasUniqueItems<T>(value: T[]): ValidationResult {
+  if (new Set(value).size !== value.length) {
+    return fail("Items must be unique.");
+  }
+  return ok;
+}
+
+export function hasSize<T>(value: T[], size: number): ValidationResult {
+  if (value.length !== size) {
+    return fail(`Must contain exactly ${size} items.`);
+  }
+  return ok;
+}
+
+export function hasSizeWithin<T>(
+  value: T[],
+  min: number,
+  max: number,
+): ValidationResult {
+  if (value.length < min || value.length > max) {
+    return fail(`Must contain between ${min} and ${max} items.`);
+  }
+  return ok;
+}
+
+export function includesAll<T>(value: T[], required: T[]): ValidationResult {
+  const present = new Set(value);
+  for (const item of required) {
+    if (!present.has(item)) {
+      return fail("Missing one or more required items.");
+    }
+  }
+  return ok;
+}
+
+export function isSubsetOf<T>(value: T[], allowed: T[]): ValidationResult {
+  const permitted = new Set(allowed);
+  for (const item of value) {
+    if (!permitted.has(item)) {
+      return fail("Contains a value that is not allowed.");
+    }
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Identity and web-format validators
+// ---------------------------------------------------------------------------
+
+export function isUuid(value: string): ValidationResult {
+  const pattern =
+    /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+  if (!pattern.test(value)) {
+    return fail("Must be a valid UUID.");
+  }
+  return ok;
+}
+
+export function isHexColor(value: string): ValidationResult {
+  if (!/^#(?:[0-9a-f]{3}|[0-9a-f]{6})$/i.test(value)) {
+    return fail("Must be a hex color like #fff or #ffffff.");
+  }
+  return ok;
+}
+
+export function isIpv4(value: string): ValidationResult {
+  const parts = value.split(".");
+  if (parts.length !== 4) {
+    return fail("Must be a dotted IPv4 address.");
+  }
+  for (const part of parts) {
+    const n = Number(part);
+    if (!/^\d+$/.test(part) || n < 0 || n > 255) {
+      return fail("Each IPv4 octet must be between 0 and 255.");
+    }
+  }
+  return ok;
+}
+
+export function isMacAddress(value: string): ValidationResult {
+  if (!/^(?:[0-9a-f]{2}:){5}[0-9a-f]{2}$/i.test(value)) {
+    return fail("Must be a colon-separated MAC address.");
+  }
+  return ok;
+}
+
+export function isSemver(value: string): ValidationResult {
+  if (!/^\d+\.\d+\.\d+(?:-[0-9a-z.-]+)?$/i.test(value)) {
+    return fail("Must be a semver string like 1.2.3.");
+  }
+  return ok;
+}
+
+export function isJwtShape(value: string): ValidationResult {
+  const segments = value.split(".");
+  if (segments.length !== 3 || segments.some((s) => s.length === 0)) {
+    return fail("Must look like a three-part JWT.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Financial validators (added for the billing form)
+// ---------------------------------------------------------------------------
+
+export function isLuhnValid(value: string): ValidationResult {
+  const digits = value.replace(/\s+/g, "");
+  if (!/^\d+$/.test(digits)) {
+    return fail("Must contain only digits.");
+  }
+  let sum = 0;
+  let double = false;
+  for (let i = digits.length - 1; i >= 0; i--) {
+    let d = Number(digits[i]);
+    if (double) {
+      d *= 2;
+      if (d > 9) {
+        d -= 9;
+      }
+    }
+    sum += d;
+    double = !double;
+  }
+  if (sum % 10 !== 0) {
+    return fail("Failed the Luhn checksum.");
+  }
+  return ok;
+}
+
+export function isCreditCard(value: string): ValidationResult {
+  const digits = value.replace(/[\s-]/g, "");
+  if (digits.length < 13 || digits.length > 19) {
+    return fail("Card number length is out of range.");
+  }
+  return isLuhnValid(digits);
+}
+
+export function isCurrencyAmount(value: string): ValidationResult {
+  if (!/^\d+(?:\.\d{1,2})?$/.test(value)) {
+    return fail("Must be an amount with up to two decimal places.");
+  }
+  return ok;
+}
+
+export function isPositiveMoney(cents: number): ValidationResult {
+  if (!Number.isInteger(cents) || cents <= 0) {
+    return fail("Must be a positive whole number of cents.");
+  }
+  return ok;
+}
+
+export function isRoutingNumber(value: string): ValidationResult {
+  if (!/^\d{9}$/.test(value)) {
+    return fail("Must be nine digits.");
+  }
+  const d = value.split("").map(Number);
+  const checksum =
+    3 * (d[0] + d[3] + d[6]) +
+    7 * (d[1] + d[4] + d[7]) +
+    1 * (d[2] + d[5] + d[8]);
+  if (checksum % 10 !== 0) {
+    return fail("Failed the routing-number checksum.");
+  }
+  return ok;
+}
+
+export function isIban(value: string): ValidationResult {
+  const compact = value.replace(/\s+/g, "").toUpperCase();
+  if (!/^[A-Z]{2}\d{2}[A-Z0-9]{10,30}$/.test(compact)) {
+    return fail("Must be a valid IBAN format.");
+  }
+  const rearranged = compact.slice(4) + compact.slice(0, 4);
+  let remainder = 0;
+  for (const ch of rearranged) {
+    const code = /[A-Z]/.test(ch) ? (ch.charCodeAt(0) - 55).toString() : ch;
+    for (const digit of code) {
+      remainder = (remainder * 10 + Number(digit)) % 97;
+    }
+  }
+  if (remainder !== 1) {
+    return fail("Failed the IBAN checksum.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Credential and security validators
+// ---------------------------------------------------------------------------
+
+export function hasUppercase(value: string): ValidationResult {
+  if (!/[A-Z]/.test(value)) {
+    return fail("Must contain an uppercase letter.");
+  }
+  return ok;
+}
+
+export function hasLowercase(value: string): ValidationResult {
+  if (!/[a-z]/.test(value)) {
+    return fail("Must contain a lowercase letter.");
+  }
+  return ok;
+}
+
+export function hasDigit(value: string): ValidationResult {
+  if (!/\d/.test(value)) {
+    return fail("Must contain a digit.");
+  }
+  return ok;
+}
+
+export function hasSymbol(value: string): ValidationResult {
+  if (!/[^A-Za-z0-9]/.test(value)) {
+    return fail("Must contain a symbol.");
+  }
+  return ok;
+}
+
+export function isStrongPassword(value: string): ValidationResult {
+  return all(
+    hasMinLength(value, 12),
+    hasUppercase(value),
+    hasLowercase(value),
+    hasDigit(value),
+    hasSymbol(value),
+  );
+}
+
+export function isNotCommonPassword(
+  value: string,
+  blocklist: string[],
+): ValidationResult {
+  if (blocklist.includes(value.toLowerCase())) {
+    return fail("Password is too common.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Contact and address validators
+// ---------------------------------------------------------------------------
+
+export function isPhoneE164(value: string): ValidationResult {
+  if (!/^\+[1-9]\d{1,14}$/.test(value)) {
+    return fail("Must be an E.164 phone number like +14155550123.");
+  }
+  return ok;
+}
+
+export function isUsZip(value: string): ValidationResult {
+  if (!/^\d{5}(?:-\d{4})?$/.test(value)) {
+    return fail("Must be a US ZIP code.");
+  }
+  return ok;
+}
+
+export function isCountryCode(value: string): ValidationResult {
+  if (!/^[A-Z]{2}$/.test(value)) {
+    return fail("Must be a two-letter ISO country code.");
+  }
+  return ok;
+}
+
+export function isLatitude(value: number): ValidationResult {
+  if (value < -90 || value > 90) {
+    return fail("Latitude must be between -90 and 90.");
+  }
+  return ok;
+}
+
+export function isLongitude(value: number): ValidationResult {
+  if (value < -180 || value > 180) {
+    return fail("Longitude must be between -180 and 180.");
+  }
+  return ok;
+}
+
+// ---------------------------------------------------------------------------
+// Combinators
+// ---------------------------------------------------------------------------
+
+export function all(...results: ValidationResult[]): ValidationResult {
+  for (const result of results) {
+    if (!result.valid) {
+      return result;
+    }
+  }
+  return ok;
+}
+
+export function any(...results: ValidationResult[]): ValidationResult {
+  for (const result of results) {
+    if (result.valid) {
+      return ok;
+    }
+  }
+  return fail("No candidate passed validation.");
+}
+
+export function not(
+  result: ValidationResult,
+  message: string,
+): ValidationResult {
+  if (result.valid) {
+    return fail(message);
+  }
+  return ok;
+}

package/skills/verifying-development-work/long-files.md

@@ -0,0 +1,141 @@
+# Reviewing a File Your Change Made Long
+
+This is a sub-process of **phase 1** of the finishing sequence in
+[`./SKILL.md`](./SKILL.md), reached from [`./code-review.md`](./code-review.md). It
+runs when your change grew a file past the line limit.
+
+You've added code to a file that's now too long for humans and agents to parse
+effectively. Being long isn't the disease — it's the symptom. The file has likely
+grown unfocused, losing a single clear purpose.
+
+Your job now is **not to refactor the whole file.** It's to avoid making the
+situation worse while laying groundwork for future updates. This is how large code
+problems get solved without halting feature work or forcing a big refactor.
+
+---
+
+> **THE IRON LAW:** If a change *you* made grew a file to over 500 lines, that file
+> MUST go through this review before you finish. Handing back a newly-grown long
+> file without a change or a declared exception is the failure this guidance exists
+> to prevent.
+
+This applies to files your change grew. A file someone else left long that you only
+read past is out of scope.
+
+---
+
+## Thresholds
+
+- **Over 500 lines** — a mandate to **review**, not necessarily to change. A review
+  can legitimately conclude "no change needed" — but you must still *report* that
+  conclusion and why. The size is a trigger, not a verdict.
+- **Over 1000 lines** — never acceptable for a normal code file; no one can hold it
+  in their head. At minimum, your change must not be what leaves it there: carve your
+  addition into a new module rather than pile onto the existing bulk. Pre-existing
+  bulk you didn't create and can't shed within your scope gets *surfaced to the user*
+  as needing a dedicated effort — not silently accepted. Legitimately-exempt files
+  (below) stay exempt at any size.
+
+---
+
+## The process
+
+Do this for **each** file that tripped the rule, **one at a time** — don't dump every
+proposal on the user at once.
+
+### 1. Check for exceptions
+
+Some files are meant to be long. This is the exception, not the rule. You MUST still
+declare that you reviewed the file and found it exempt, naming the category and the
+reason — a silent skip is not an exception.
+
+| Category | What it covers | Examples |
+|----------|----------------|----------|
+| **Generated** | Machine-written files, not hand-authored code. | Lockfiles (`bun.lock`, `package-lock.json`), committed build output, generated API clients, generated GraphQL/protobuf types. |
+| **Technical requirement** | Content a tool or framework expects by name and location. There's no clever workaround. | Prisma `schema.prisma`, Rails `db/schema.rb`, a single Django migration, a bundler entry file. |
+| **Config / data** | Files that *store* values rather than express logic. | A large JSON config, an i18n string table, a generated constants file. Include what naturally belongs. |
+| **Barrel** | Files whose only job is to re-export a module's public surface. Splitting them is *more* confusing, not less. | An `index.ts` that re-exports a package. |
+
+**Multi-part files** need their own check. Some files intentionally hold distinct
+parts — a JS import block, a Vue single-file component's template/script/style, Rust
+modules with inline `#[cfg(test)]` tests. For these:
+
+- Is there a standard way to split it? (Rust can move tests to a `tests/` directory.)
+  If so, follow it — and don't propose anything else unless the split *also* leaves a
+  long file.
+- Treating each part as its own file, is every part under 500 lines? If so, there's
+  no real violation — declare that as the exception and leave it.
+- Otherwise, continue with this file below.
+
+### 2. Understand why the file grew
+
+You added to this file for a reason — what was it? Now look at the whole: does it
+have one job that's simply outgrown a single file? Several jobs tangled together that
+are really separate features now? Or no clear focus, just an accumulation of code
+that resembles what you added? A clear read of *how* it grew is what makes the next
+step a good fix instead of arbitrary cutting.
+
+### 3. Determine the smallest, focused change
+
+This is the key step. The test: this change ships in the **same pull request** as the
+rest of your work. Would a reviewer see it as part of that change set — or stop and
+ask, "what's this doing here?"
+
+Carve out the scope you need *right now* and leave the rest of the file untouched. The
+best change keeps the file from growing and sets up how this area should evolve, so it
+doesn't cross the line again next time. You are **not** doing the big refactor the file
+may eventually need — even if you can see it.
+
+Sometimes the right change is none: the file is correct as-is and the smallest honest
+move is to leave it. That's a valid outcome over 500 lines (it is not valid over 1000).
+
+### 4. Apply or propose
+
+- **Obvious, minimal, in-scope carve-out** → make it now and report it, like any other
+  review fix. (Moving or extracting code changes the build, so it happens here in phase
+  1, before behavior is frozen and re-verified.)
+- **Non-trivial or ambiguous** — it touches code outside your change, restructures a
+  shared surface, or would mean reverting the change that triggered this review → state
+  your proposal and reasoning, and **wait** for the user. These are subtle calls; the
+  user has the final say and may prefer the larger file. Don't push back past a clear
+  "no."
+
+### 5. Report every triggered file
+
+For each file: a change made, a change proposed, or an exception declared with its
+category and reason. No file that tripped the rule passes silently.
+
+---
+
+## Keep it proportional
+
+[`./code-review.md`](./code-review.md) warns against a review louder than the change it
+covers. This is the one place a small change earns a structured look — because the cost
+of an unmaintainable file accrues quietly until a human inherits it. The *response*,
+though, stays minimal: the smallest carve-out that fits the PR. A sprawling whole-file
+refactor is the trap, not the fix.
+
+---
+
+## Common Rationalizations
+
+| Excuse | Reality |
+|--------|---------|
+| "I'll just refactor this file properly while I'm here." | Not your job now. Carve out your scope; leave the rest. The big refactor is a separate, deliberate effort. |
+| "The file was already long before I touched it." | If your change grew it past the line, you review it now. The trigger is the size you're leaving behind. |
+| "It's only a little over 500 — not worth the ceremony." | 500 triggers a review that can conclude "no change." But you must still report that conclusion, not skip silently. |
+| "I'll flag it in the PR description and move on." | Silently shipping a newly-grown long file is the worst outcome here. Resolve it in the diff, not in prose a reviewer may skim. |
+| "Splitting it would make the diff bigger and noisier." | A minimal, in-scope carve-out is the goal; a sprawling split is the trap you're avoiding, not the fix you owe. |
+| "It's over 1000 but the file just has to be that big." | Only if it's a declared exception. Otherwise your change must not leave it there — carve your addition out, and surface the pre-existing bulk. |
+
+---
+
+## Red Flags — STOP
+
+- About to hand back a file your change grew past 500 lines without a change or a
+  declared exception.
+- Proposing a whole-file refactor instead of carving out your change's scope.
+- A normal code file you touched is now over 1000 lines and you're treating that as
+  fine.
+- Declaring a file exempt without naming the category and the reason.
+- Dumping proposals for several long files on the user at once instead of one at a time.

package/skills/working-in-isolation/SKILL.md

@@ -24,8 +24,9 @@ git worktree list              # >1 entry = worktrees already exist
 2. **Dirty tree (staged or unstaged changes) OR worktrees already exist**
    → a human or another agent is mid-work here. Use a **new worktree** so your
    changes can't collide with theirs.
-3. **On `dev` / `main` / `master`** → sync with origin and **check out a new
-   branch**. Keeps the base clean and makes the work easy to review.
+3. **On `dev` / `main` / `master`** → sync with origin and **create a new
+   branch** using the rule 3 command below. Keeps the base clean and makes the
+   work easy to review.
 4. **On any other branch** → **work in place.** The user already isolated this
    workspace; adding a worktree is needless ceremony.
 
@@ -47,6 +48,19 @@ git-ignored, add it to `.gitignore` and commit that first. If worktree creation
 fails (sandbox or permission limits), say so and fall back to checking out a
 branch in place (rule 3).
 
+## Creating a branch (rule 3)
+
+After syncing the base branch with origin, create the new branch from the
+current `HEAD` with no upstream tracking:
+
+```bash
+git switch --no-track --create <branch-name>
+```
+
+Do not create the branch from `origin/dev`, `origin/main`, or `origin/master`.
+`--no-track` keeps the new branch without an upstream until the user pushes it
+explicitly.
+
 ## After the workspace is set
 
 Install dependencies and run the existing test suite once, to confirm a clean