@soleri/forge 9.3.1 → 9.4.0

package/src/scaffolder.ts

@@ -28,6 +28,7 @@ import { generateInjectClaudeMd } from './templates/inject-claude-md.js';
 import { generateActivate } from './templates/activate.js';
 import { generateReadme } from './templates/readme.js';
 import { generateSetupScript } from './templates/setup-script.js';
+import { generateCleanWorktreesScript } from './templates/clean-worktrees.js';
 import { generateAgentsMd } from './templates/agents-md.js';
 import { generateSkills } from './templates/skills.js';
 import { generateExtensionsIndex, generateExampleOp } from './templates/extensions.js';
@@ -354,6 +355,7 @@ export function scaffold(config: AgentConfig): ScaffoldResult {
     ['scripts/copy-assets.js', generateCopyAssetsScript()],
     ['README.md', generateReadme(config)],
     ['scripts/setup.sh', generateSetupScript(config)],
+    ['scripts/clean-worktrees.sh', generateCleanWorktreesScript()],
   ];
 
   if (opencodeSetup) {
@@ -394,8 +396,9 @@ export function scaffold(config: AgentConfig): ScaffoldResult {
     filesCreated.push(path);
   }
 
-  // Make setup script executable
+  // Make scripts executable
   chmodSync(join(agentDir, 'scripts', 'setup.sh'), 0o755);
+  chmodSync(join(agentDir, 'scripts', 'clean-worktrees.sh'), 0o755);
 
   // Write source files
   const sourceFiles: Array<[string, string]> = [
@@ -617,6 +620,43 @@ export function listAgents(parentDir: string): AgentInfo[] {
 
   for (const name of entries) {
     const dir = join(parentDir, name);
+
+    // File-tree (v7) agents have agent.yaml
+    const agentYamlPath = join(dir, 'agent.yaml');
+    if (existsSync(agentYamlPath)) {
+      try {
+        const yamlContent = readFileSync(agentYamlPath, 'utf-8');
+        // Simple YAML parsing for id/name/role — avoid adding a dependency
+        const idMatch = yamlContent.match(/^id:\s*(.+)$/m);
+        const nameMatch = yamlContent.match(/^name:\s*(.+)$/m);
+        const roleMatch = yamlContent.match(/^role:\s*(.+)$/m);
+
+        const knowledgeDir = join(dir, 'knowledge');
+        let domains: string[] = [];
+        try {
+          domains = readdirSync(knowledgeDir)
+            .filter((f) => f.endsWith('.json'))
+            .map((f) => f.replace('.json', ''));
+        } catch {
+          /* no knowledge dir */
+        }
+
+        agents.push({
+          id: idMatch?.[1]?.trim() ?? name,
+          name: nameMatch?.[1]?.trim() ?? name,
+          role: roleMatch?.[1]?.trim() ?? '',
+          path: dir,
+          domains,
+          hasNodeModules: false,
+          hasDistDir: false,
+        });
+        continue;
+      } catch {
+        /* skip malformed agent.yaml */
+      }
+    }
+
+    // Legacy (v6) agents have package.json
     const pkgPath = join(dir, 'package.json');
     if (!existsSync(pkgPath)) continue;
 

package/src/skills/agent-dev/SKILL.md

@@ -0,0 +1,122 @@
+---
+name: agent-dev
+description: >
+  Use when extending the agent itself — adding facades, tools, vault operations,
+  brain features, new skills, or modifying agent internals. Triggers on "add a facade",
+  "new tool", "extend vault", "add brain feature", "new skill", "add operation",
+  "extend agent", or when the work target is the agent's own codebase rather than
+  a project the agent assists with. Enforces vault-first knowledge gathering before
+  any code reading or planning.
+---
+
+# Agent Dev — Vault-First Internal Development
+
+Develop the agent's own internals with the vault as the primary source of truth. The vault knows more about the agent than any code scan or model training data. Always search the vault first, extract maximum context, and only then touch code.
+
+## When to Use
+
+Any time the work target is the agent's own codebase: adding tools, extending facades, modifying vault operations, brain features, skills, or transport. Not for projects that merely _use_ the agent.
+
+## Core Principle
+
+**Vault first. Before code. Before training data. Always.**
+
+The vault is the authoritative source for how the agent works. Do not rely on general knowledge from training data — it is outdated and lacks project-specific decisions. Do not scan the codebase to understand architecture — the vault already has it.
+
+## Orchestration Sequence
+
+### Step 1: Search the Vault (MANDATORY — before anything else)
+
+Before reading any source file, before making any plan, before offering any advice:
+
+```
+YOUR_AGENT_core op:search_vault_intelligent
+  params: { query: "<description of planned work>", options: { intent: "pattern" } }
+```
+
+Search again with architecture-specific terms: the facade name, tool name, or subsystem being modified.
+
+```
+YOUR_AGENT_core op:query_vault_knowledge
+  params: { type: "workflow", category: "<relevant category>" }
+```
+
+If initial results are sparse, search again with broader terms — synonyms, related subsystem names, parent concepts. Exhaust the vault before moving on.
+
+Review all results. Extract file paths, module names, function references, conventions, and constraints. These become the foundation for every step that follows.
+
+### Step 2: Check Brain for Proven Patterns
+
+```
+YOUR_AGENT_core op:strengths
+  params: { days: 30, minStrength: 60 }
+```
+
+```
+YOUR_AGENT_core op:recommend
+  params: { projectPath: "." }
+```
+
+Check if the brain has learned anything relevant from recent sessions.
+
+### Step 3: Targeted Code Reading (Only What Vault Pointed To)
+
+By now the vault has provided architecture context, file paths, and module references. Only read code when the vault describes the subsystem but lacks implementation detail (e.g., method signatures, exact line numbers).
+
+**Read only what the vault pointed to.** Open the specific files referenced in vault results — not the surrounding codebase, not the parent directory, not "let me explore the project structure."
+
+**Fallback: Codebase scan.** Only when vault search returned zero relevant results for the subsystem — meaning the vault genuinely has no knowledge about it — fall back to `Grep` with targeted terms. This is the last resort, not the default.
+
+### Step 4: Plan with Vault Context
+
+Create the implementation plan referencing vault findings explicitly:
+
+- Which patterns apply (cite vault entry titles)
+- Which anti-patterns to avoid (cite the specific anti-pattern)
+- Which conventions to follow (naming, facade structure, tool registration)
+
+Every plan must trace its decisions back to vault knowledge. If a decision has no vault backing, flag it as a new architectural choice that should be captured after implementation (Step 7).
+
+### Step 5: Implement
+
+Follow the plan. Key conventions for agent internals:
+
+- **Facades**: Thin routing layer — delegate to domain modules. No business logic in facades.
+- **Tools**: Follow `op:operation_name` naming, return structured responses.
+- **Vault writes**: All writes go through the vault intelligence layer.
+- **Tests**: Colocated test files. Run with vitest.
+- **Build**: Must compile without errors before considering done.
+
+### Step 6: Validate and Self-Correct
+
+Run the relevant test suite. Rebuild — must complete without errors.
+
+**Self-correction loop:** If tests fail or build breaks, do NOT ask the user what to do. Read the error, trace the cause in the code just written, fix it, and re-run. Repeat until green. The agent owns the code it wrote — if something fails, the agent fixes its own implementation. Only escalate to the user when the failure is outside the agent's control (missing infrastructure, permissions, unclear requirements).
+
+### Step 7: Capture What Was Learned
+
+If this work revealed new architectural knowledge, a useful pattern, or a surprising anti-pattern:
+
+```
+YOUR_AGENT_core op:capture_knowledge
+  params: {
+    title: "<what was learned>",
+    description: "<the pattern or anti-pattern>",
+    type: "pattern",
+    tags: ["<relevant-tags>"]
+  }
+```
+
+This ensures future sessions benefit from today's discovery — making the vault smarter for the next developer.
+
+## Anti-Patterns to Avoid
+
+- **Code-first exploration**: Reading source files before searching the vault. The vault already has the architecture — scanning code is slower and gives less context.
+- **Training-data advice**: Offering general guidance from model training data instead of searching the vault for project-specific knowledge.
+- **Skipping vault search**: The vault contains all architecture knowledge. Not searching it means reinventing knowledge that already exists.
+- **Planning without vault context**: Plans created without vault knowledge miss conventions, duplicate existing patterns, or violate architectural boundaries.
+- **Broad codebase scanning**: Exploring directories and reading files "to understand the project" instead of using vault results as a targeted map.
+
+## Exit Criteria
+
+Development is complete when: vault was searched exhaustively first (Step 1), implementation follows discovered patterns, tests pass, build succeeds, and any new learning is captured back to vault (Step 7).

package/src/skills/agent-guide/SKILL.md

@@ -0,0 +1,116 @@
+---
+name: agent-guide
+description: >
+  Use when the user asks "what can you do", "help me", "how do I use this",
+  "what features do you have", "what tools are available", "how does this work",
+  "show me your capabilities", "what are you", "who are you", or any question
+  about the agent's identity, capabilities, available tools, or how to use them.
+  Not needed for proactive tool suggestions — those are handled by engine rules.
+---
+
+# Agent Guide — Capability Discovery
+
+Help users understand what this agent can do, how to use it effectively, and what makes it different from a raw LLM. This skill handles the deep discovery flow — proactive tool suggestions during normal work are handled by the engine rules (Tool Advocacy section).
+
+## When to Use
+
+- "What can you do?" / "What are your capabilities?"
+- "How do I search for X?" / "How do I capture knowledge?"
+- "What tools do you have?" / "Show me your features"
+- "Who are you?" / "What is this agent?"
+- "Help" / "I'm stuck" / "How does this work?"
+- First-time users, onboarding, or anyone unfamiliar with the agent
+
+## Capability Discovery Sequence
+
+### Step 1: Identity
+
+```
+YOUR_AGENT_core op:activate
+  params: { projectPath: "." }
+```
+
+This returns the agent's persona: name, role, description, tone, principles, and domains. Present the identity first — who the agent is and what it specializes in.
+
+### Step 2: Health & Status
+
+```
+YOUR_AGENT_core op:admin_health
+```
+
+Shows what subsystems are active: vault (how many entries), brain (vocabulary size), LLM availability, cognee status. This tells the user what the agent currently has to work with.
+
+### Step 3: Available Tools
+
+```
+YOUR_AGENT_core op:admin_tool_list
+```
+
+Lists all facades and operations. Present them grouped by category with plain-language descriptions.
+
+### Step 4: Present by What Users Can DO
+
+Organize capabilities by user goals, not technical names:
+
+**Knowledge & Memory**
+
+- Search the vault for patterns, anti-patterns, and architectural decisions
+- Capture new knowledge from the current session
+- Search across sessions and projects for relevant context
+- Curate: deduplicate, groom, resolve contradictions
+
+**Planning & Execution**
+
+- Create structured plans with vault context and brain recommendations
+- Split plans into tasks with complexity estimates
+- Track execution with drift detection
+- Complete with knowledge capture and session recording
+
+**Intelligence & Learning**
+
+- Brain learns from every session — patterns get stronger with use
+- Recommendations based on similar past work
+- Strength tracking: which patterns are proven vs experimental
+- Feedback loop: brain improves based on what works
+
+**Quality & Validation**
+
+- Health checks across all subsystems
+- Iterative validation loops with configurable targets
+- Governance: policies, proposals, quotas
+
+**Identity & Control**
+
+- Persona activation and deactivation
+- Intent routing: the agent classifies what you want and routes to the right workflow
+- Project registration and cross-project linking
+
+**Domain Knowledge** (varies by agent)
+
+- Each domain has: `get_patterns`, `search`, `get_entry`, `capture`, `remove`
+- Call `op:activate` to discover which domains are configured
+
+## Common Questions
+
+### "What makes you different from regular Claude?"
+
+You have persistent knowledge (vault), learned patterns (brain), structured planning with grading, iterative validation loops, and domain-specific intelligence. Regular Claude starts fresh every conversation — this agent accumulates knowledge and gets smarter over time.
+
+### "How do I get the most out of you?"
+
+1. **Use the vault** — search before deciding, capture after learning
+2. **Use planning** — structured plans beat ad-hoc work for anything non-trivial
+3. **Trust the brain** — pattern recommendations come from real usage data
+4. **Capture everything** — every bug fix, every pattern, every anti-pattern. The vault grows smarter with use.
+5. **Use loops for quality** — iterative validation catches issues that single-pass work misses
+
+### "How do I add new capabilities?"
+
+Extensions can add new ops, facades, middleware, and hooks. Domain packs add domain-specific knowledge and validation. Use `soleri pack install <name>` or `soleri extend add-op <name>`.
+
+## Anti-Patterns
+
+- **Listing raw op names without context** — always explain what the op does in plain language
+- **Claiming capabilities that do not exist** — only reference ops the agent actually has. When unsure, call `op:admin_tool_list` first
+- **Dumping the entire tool catalog** — answer the specific question, show relevant tools, not all tools
+- **Repeating what the user already knows** — if they ask about a specific feature, answer that, don't give the full tour

package/src/skills/agent-issues/SKILL.md

@@ -0,0 +1,268 @@
+---
+name: agent-issues
+description: >
+  Use when creating GitHub issues, bugs, tasks, or milestones that will be
+  worked on by AI coding agents. Triggers on: "create issue", "file bug",
+  "gh issue", "add milestone", "create task", "report bug", "gh tasks",
+  "create tasks", "create tickets", "file tickets", or when generating
+  structured work items from conversation context.
+---
+
+
+# Agent-Optimized Issue Creation
+
+Create GitHub issues that AI agents can parse, execute, and verify without ambiguity. Every issue is a self-contained work order — an agent reading it has everything needed to start, execute, and prove completion.
+
+## Core Principle
+
+**Human issues describe problems. Agent issues describe solutions as testable outcomes.**
+
+An agent cannot act on "improve avatar handling." It can act on: "Add PNG upload to `POST /v1/avatar` in `apps/api/src/routes/avatar.ts`, return `{ avatarUrl }`, reject files > 2MB with 413."
+
+## When to Use
+
+- Creating any GitHub issue via `gh issue create`
+- Filing bugs from conversation context or error logs
+- Breaking plans into trackable work items
+- Creating milestones with sub-issues
+- Converting vault patterns or anti-patterns into actionable fixes
+
+## Issue Template by Type
+
+### Bug
+
+```markdown
+# Objective
+<one sentence: what's broken and what "fixed" looks like>
+
+## Type: bug
+## Component: <package or module name>
+## Priority: P0 | P1 | P2 | P3
+
+## Context
+- Impact: <who/what is affected>
+- Related: <links to issues, PRs, vault entries>
+- First seen: <date or commit>
+
+## Steps to Reproduce
+1. <exact command or action>
+2. <exact command or action>
+3. Observe: <what happens>
+
+## Expected vs Actual
+| | Behavior |
+|--|----------|
+| **Expected** | <correct behavior> |
+| **Actual** | <broken behavior> |
+
+## Error Output
+```
+<paste exact error, stack trace, or log output>
+```
+
+## Root Cause (if known)
+- File: `path/to/file.ts` — `functionName()` or line reference
+- Why: <brief technical explanation>
+
+## Scope
+| In | Out |
+|----|-----|
+| Fix the specific bug | Refactoring surrounding code |
+| Add regression test | Performance optimization |
+
+## Code Locations
+- Bug site: `path/to/file.ts` — `symbolName`
+- Test file: `path/to/file.test.ts`
+- Related: `path/to/related.ts` — `relatedSymbol`
+
+## Acceptance Criteria
+- [ ] Bug no longer reproduces with steps above
+- [ ] Regression test added that fails without fix, passes with fix
+- [ ] No new lint/type errors
+- [ ] Existing tests pass
+
+## Verification
+```bash
+<exact test command>
+<exact build/lint command>
+```
+```
+
+### Feature
+
+```markdown
+# Objective
+<one sentence: what capability is added and why>
+
+## Type: feature
+## Component: <package or module name>
+## Priority: P0 | P1 | P2 | P3
+
+## Context
+- Why: <user need or business reason>
+- Related: <links to issues, PRs, vault entries, specs>
+
+## Scope
+| In | Out |
+|----|-----|
+| <specific deliverable> | <what NOT to touch> |
+
+## Constraints
+- Backward compatibility: <requirements>
+- Dependencies: <allowed/forbidden>
+- Performance: <budgets if any>
+- Security: <requirements if any>
+
+## Code Locations
+- Entry point: `path/to/file.ts` — `functionOrClass`
+- Integration point: `path/to/other.ts` — `symbol`
+- Test location: `path/to/test.ts`
+
+## Proposed Approach (optional)
+1. <step>
+2. <step>
+
+## Acceptance Criteria
+- [ ] Given <precondition>, when <action>, then <result>
+- [ ] Given <precondition>, when <action>, then <result>
+- [ ] Tests added for new behavior
+- [ ] Types exported if public API
+
+## Verification
+```bash
+<exact test command>
+<exact build command>
+```
+
+## Definition of Done
+- [ ] Acceptance criteria satisfied
+- [ ] `npm test` passes
+- [ ] `npm run typecheck` passes
+- [ ] Changes scoped to "In Scope" only
+```
+
+### Milestone
+
+```markdown
+# Milestone: <short title>
+
+## Objective
+<one sentence: what this milestone achieves>
+
+## Timeline
+- Target: <date>
+- Depends on: <blocking milestones or external factors>
+
+## Sub-Issues
+
+| # | Type | Title | Priority | Depends On |
+|---|------|-------|----------|------------|
+| 1 | feature | <title> | P1 | — |
+| 2 | feature | <title> | P1 | #1 |
+| 3 | bug | <title> | P2 | — |
+
+## Completion Criteria
+- [ ] All sub-issues closed
+- [ ] Integration test passes end-to-end
+- [ ] <milestone-level verification>
+```
+
+## Field Guide
+
+### Writing Good Objectives
+
+| Bad | Good |
+|-----|------|
+| "Fix the login" | "Login returns 401 instead of session token when OAuth callback has valid code" |
+| "Add dark mode" | "Add `prefers-color-scheme` media query support to all semantic color tokens" |
+| "Improve performance" | "Reduce cold-start vault search from 800ms to <200ms by lazy-loading FTS index" |
+
+### Writing Good Acceptance Criteria
+
+Use Given/When/Then for behavioral criteria. Use plain checkboxes for structural criteria.
+
+**Behavioral:**
+- [ ] Given a user with valid OAuth code, when POST /auth/callback, then returns 200 with session token
+
+**Structural:**
+- [ ] Unit test covers happy path + error case
+- [ ] No new `any` types introduced
+- [ ] Public API documented in JSDoc
+
+### Writing Good Code Locations
+
+Always include:
+1. **File path** — repo-root relative
+2. **Anchor** — function name, class name, route, or config key
+3. **Context** — what the agent should look at there
+
+```
+- Handler: `packages/core/src/auth/callback.ts` — `handleOAuthCallback()`
+- Token logic: `packages/core/src/auth/session.ts` — `createSession()`
+- Test: `packages/core/src/__tests__/auth.test.ts` — "OAuth callback" describe block
+```
+
+### Constraints That Prevent Agent Overreach
+
+Be explicit about boundaries. Agents optimize globally unless told not to.
+
+```
+## Constraints
+- Do NOT modify the public API surface of `@soleri/core`
+- Do NOT add new npm dependencies
+- Do NOT refactor surrounding code — fix only the bug
+- Backward compatible: existing agent.yaml files must still work
+```
+
+## Workflow
+
+1. **Gather context** — search vault, read error logs, check git blame
+2. **Identify code locations** — grep codebase for relevant symbols
+3. **Choose template** — bug, feature, or milestone
+4. **Fill template** — every field. Skip none.
+5. **Create issue** — `gh issue create --title "..." --body "..." --label "..."`
+
+## Integration with Planning
+
+When creating issues from a plan, the plan is the source of truth — GitHub issues are the projection. Each task becomes a lean issue pointing back to the plan.
+
+### Plan-Sourced Task Template
+
+```markdown
+# Objective
+<one sentence: what this task delivers>
+
+## Plan: `<plan-id>` | Task <N> of <total>
+## Parent: #<epic-issue-number>
+## Complexity: Low | Medium | High
+## Depends on: <task dependencies or "nothing">
+
+## Code Locations
+- `path/to/file.ts` — `symbolOrFunction`
+
+## Acceptance Criteria
+- [ ] <testable outcome>
+- [ ] <testable outcome>
+- [ ] Tests pass
+
+## Verification
+```bash
+<exact command>
+```
+```
+
+### Rules for Plan-Sourced Issues
+
+1. **Plan ID is mandatory** — every task issue must include `## Plan: \`<plan-id>\`` so the full plan is one API call away
+2. **Keep issues lean** — task description + code locations + acceptance criteria
+3. **One issue per task** — don't bundle multiple plan tasks into one issue
+4. **Parent/epic issue** — create a parent issue that lists all task issues
+5. **Map complexity to priority** — High → P1, Medium → P2, Low → P3
+6. **Include task number** — "Task 3 of 11" helps track progress
+
+## Labels
+
+Always apply at least:
+- Type: `bug`, `feature`, `refactor`, `chore`
+- Priority: `P0`, `P1`, `P2`, `P3` (if using priority labels)
+- Component: package or module name (if using component labels)

package/src/skills/agent-persona/SKILL.md

@@ -0,0 +1,66 @@
+---
+name: agent-persona
+description: >
+  Use when the user activates the agent's persona via its greeting phrase, or says
+  "activate persona", "be yourself", "stay in character", or any activation phrase
+  defined in the agent's persona configuration. Reinforces character persistence
+  through the session and survives context compaction.
+---
+
+# Agent Persona — Stay in Character
+
+This skill reinforces persona persistence. The MCP activation loads the runtime payload — this skill ensures the character sticks across the full session, including after context compaction.
+
+## How It Works
+
+Every agent has a persona defined in `agent.yaml`. The persona contains:
+
+- **name** — the agent's display name
+- **role** — what the agent does
+- **tone** — `precise`, `mentor`, or `pragmatic`
+- **greeting** — the activation response
+- **principles** — core values that guide behavior
+
+## Activation
+
+When the user triggers activation (greeting phrase or explicit request):
+
+```
+YOUR_AGENT_core op:activate
+  params: { projectPath: "." }
+```
+
+The activation response contains the full persona payload. Adopt it immediately.
+
+## Rules
+
+1. **Stay in character for EVERY response** until the user explicitly deactivates
+2. **Technical accuracy is the priority** — persona is the wrapper, not a replacement for correctness
+3. **Tone consistency** — match the configured tone (`precise` = concise and exact, `mentor` = educational and encouraging, `pragmatic` = direct and practical)
+4. If character drifts after context compaction, the persona information in the compacted summary should restore it — follow it
+
+## Context Compaction Survival
+
+Long sessions trigger context compaction. To survive:
+
+- The persona activation state is included in compaction summaries
+- After compaction, check if persona was active and re-adopt the character
+- Never break character just because the conversation was compacted
+
+## Deactivation
+
+When the user says "deactivate", "stop persona", "be normal", or uses the agent's deactivation phrase:
+
+```
+YOUR_AGENT_core op:activate
+  params: { deactivate: true }
+```
+
+Return to neutral assistant mode.
+
+## Anti-Patterns
+
+- **Dropping character mid-session** — if activated, stay activated
+- **Over-persona, under-substance** — character adds flavor, not replaces technical depth
+- **Forcing persona on unwilling users** — only activate when explicitly triggered
+- **Ignoring tone setting** — a `precise` agent should not use flowery language; a `mentor` agent should not be terse

package/src/skills/deep-review/SKILL.md

@@ -188,6 +188,18 @@ Only capture if genuinely reusable — not every review finding is vault-worthy.
 - Skipping git history (temporal smells are the most actionable)
 - Treating all smells as equal severity (prioritize by impact)
 
+## Rationalization Prevention
+
+Do NOT rationalize away findings. If a smell or issue is detected, report it honestly.
+
+- **HARD-GATE: All three passes must complete before presenting the report. Do not skip a pass.**
+- **HARD-GATE: Critical (red) findings must be flagged -- never downgrade severity to avoid difficult conversations.**
+- Do not say "this is probably fine" to dismiss a code smell you detected.
+- Do not omit findings because "the code works" -- working code can still be poorly architected.
+- Do not soften severity because the code is recent or written by the user.
+- If git history shows high churn, report it. Do not skip temporal smells for convenience.
+- Present the full picture. A review that hides problems is worse than no review.
+
 ## Quick Reference
 
 | Pass            | Focus            | Key Activities                                              |