@stackmemoryai/stackmemory 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/dist/src/cli/claude-sm.js +65 -0
  2. package/dist/src/cli/commands/skills.js +123 -1
  3. package/dist/src/hooks/graphiti-hooks.js +149 -0
  4. package/dist/src/hooks/session-summary.js +30 -0
  5. package/dist/src/integrations/graphiti/linear-graphiti-bridge.js +115 -0
  6. package/dist/src/integrations/greptile/client.js +101 -0
  7. package/dist/src/integrations/greptile/config.js +14 -0
  8. package/dist/src/integrations/greptile/index.js +11 -0
  9. package/dist/src/integrations/greptile/types.js +4 -0
  10. package/dist/src/integrations/linear/webhook.js +16 -0
  11. package/dist/src/integrations/mcp/handlers/greptile-handlers.js +456 -0
  12. package/dist/src/integrations/mcp/server.js +136 -0
  13. package/dist/src/integrations/mcp/tool-definitions.js +53 -1
  14. package/dist/src/skills/claude-skills.js +46 -1
  15. package/dist/src/skills/parallel-agent-skill.js +514 -0
  16. package/dist/src/utils/hook-installer.js +155 -0
  17. package/package.json +2 -2
  18. package/scripts/gepa/.before-optimize.md +140 -0
  19. package/scripts/gepa/config.json +7 -1
  20. package/scripts/gepa/evals/fixtures/api-endpoint.ts +31 -0
  21. package/scripts/gepa/evals/fixtures/brittle-integration.ts +38 -0
  22. package/scripts/gepa/evals/fixtures/fts5-triggers.sql +23 -0
  23. package/scripts/gepa/evals/fixtures/leaky-service.ts +70 -0
  24. package/scripts/gepa/evals/fixtures/mcp-dispatch-stub.ts +39 -0
  25. package/scripts/gepa/evals/fixtures/pr-diff.txt +24 -0
  26. package/scripts/gepa/evals/fixtures/unsafe-webhook.ts +34 -0
  27. package/scripts/gepa/evals/fixtures/unwrapped-db-op.ts +42 -0
  28. package/scripts/gepa/evals/stackmemory-tasks.jsonl +8 -0
  29. package/scripts/gepa/generations/gen-000/baseline.md +48 -0
  30. package/scripts/gepa/generations/gen-001/baseline.md +172 -0
  31. package/scripts/gepa/generations/gen-001/variant-a.md +176 -0
  32. package/scripts/gepa/generations/gen-001/variant-b.md +266 -0
  33. package/scripts/gepa/generations/gen-001/variant-c.md +142 -0
  34. package/scripts/gepa/generations/gen-001/variant-d.md +172 -0
  35. package/scripts/gepa/hooks/reflect.js +44 -5
  36. package/scripts/gepa/optimize.js +281 -39
  37. package/scripts/gepa/results/eval-1-baseline.json +218 -0
  38. package/scripts/gepa/results/eval-1-variant-a.json +218 -0
  39. package/scripts/gepa/results/eval-1-variant-b.json +218 -0
  40. package/scripts/gepa/results/eval-1-variant-c.json +198 -0
  41. package/scripts/gepa/results/eval-1-variant-d.json +198 -0
  42. package/scripts/gepa/state.json +44 -5
  43. package/scripts/install-claude-hooks-auto.js +176 -44
  44. package/templates/claude-hooks/auto-checkpoint.js +174 -0
  45. package/templates/claude-hooks/chime-on-stop.sh +22 -0
  46. package/templates/claude-hooks/session-rescue.sh +15 -0
  47. package/templates/claude-hooks/stop-checkpoint.js +120 -0
@@ -114,6 +114,54 @@ Environment sources (check in order):
114
114
 
115
115
  Secret patterns to block: lin_api_* | lin_oauth_* | sk-* | npm_*
116
116
 
117
+ ## Deploy
118
+
119
+ ```bash
120
+ # npm publish (uses NPM_TOKEN from .env, no OTP needed)
121
+ git stash -- scripts/gepa/ # stash GEPA state (dirties working tree)
122
+ NPM_TOKEN=$(grep '^NPM_TOKEN=' .env | cut -d= -f2) \
123
+ npm publish --registry https://registry.npmjs.org/ \
124
+ --//registry.npmjs.org/:_authToken="$NPM_TOKEN"
125
+ git stash pop # restore GEPA state
126
+
127
+ # Railway
128
+ railway up
129
+
130
+ # Pre-publish checks require clean git status — stash GEPA files first
131
+ ```
132
+
133
+ ## Task Delegation Model
134
+
135
+ Route effort by task complexity — not all code changes deserve equal scrutiny:
136
+
137
+ **AUTOMATE** — Execute immediately, lint+test is sufficient:
138
+ - CRUD operations, boilerplate, formatting, simple transforms
139
+ - Adding a tool handler following existing switch/case pattern
140
+ - Config additions (new env var, feature flag)
141
+
142
+ **STANDARD** — Normal workflow, lint+test+build:
143
+ - Feature implementation, bug fixes, refactoring
144
+ - New test coverage, documentation updates
145
+ - Integration wiring (adding handler to server.ts dispatch)
146
+
147
+ **CAREFUL** — Review approach before implementation:
148
+ - API/schema changes, database migrations, auth flows
149
+ - New integration patterns (MCP tools, webhook handlers)
150
+ - Changes to frame-manager, sqlite-adapter, or daemon lifecycle
151
+ - Anything touching error handling chains
152
+
153
+ **ARCHITECT** — Plan mode required, explore existing patterns first:
154
+ - New service boundaries, system integrations
155
+ - Performance-critical paths (FTS5 queries, search scoring)
156
+ - Breaking changes to MCP protocol or CLI interface
157
+
158
+ **HUMAN** — Explicit user approval before any changes:
159
+ - Security-critical decisions, secret handling
160
+ - Irreversible operations (data migrations, schema drops)
161
+ - Publishing (npm publish, Railway deploy)
162
+
163
+ Quality gates scale with tier — don't over-engineer AUTOMATE tasks, don't under-review CAREFUL ones.
164
+
117
165
  ## Workflow
118
166
 
119
167
  - Check .env for API keys before asking
@@ -0,0 +1,172 @@
1
+ # StackMemory - Project Configuration
2
+
3
+ ## Project Structure
4
+
5
+ ```
6
+ src/
7
+ cli/ # CLI commands and entry point
8
+ core/ # Core business logic
9
+ context/ # Frame and context management
10
+ database/ # Database adapters (SQLite, ParadeDB)
11
+ digest/ # Digest generation
12
+ query/ # Query parsing and routing
13
+ integrations/ # External integrations (Linear, MCP)
14
+ services/ # Business services
15
+ skills/ # Claude Code skills
16
+ utils/ # Shared utilities
17
+ scripts/ # Build and utility scripts
18
+ config/ # Configuration files
19
+ docs/ # Documentation
20
+ ```
21
+
22
+ ## Key Files
23
+
24
+ - Entry: src/cli/index.ts
25
+ - MCP Server: src/integrations/mcp/server.ts
26
+ - Frame Manager: src/core/context/frame-manager.ts
27
+ - Database: src/core/database/sqlite-adapter.ts
28
+
29
+ ## Detailed Guides
30
+
31
+ Quick reference (agent_docs/):
32
+ - linear_integration.md - Linear sync
33
+ - mcp_server.md - MCP tools
34
+ - database_storage.md - Storage
35
+ - claude_hooks.md - Hooks
36
+
37
+ Full documentation (docs/):
38
+ - principles.md - Agent programming paradigm
39
+ - architecture.md - Extension model and browser sandbox
40
+ - SPEC.md - Technical specification
41
+ - API_REFERENCE.md - API docs
42
+ - DEVELOPMENT.md - Dev guide
43
+ - SETUP.md - Installation
44
+
45
+ ## Commands
46
+
47
+ ```bash
48
+ npm run build # Compile TypeScript (esbuild)
49
+ npm run lint # ESLint check
50
+ npm run lint:fix # Auto-fix lint issues
51
+ npm test # Run Vitest (watch)
52
+ npm run test:run # Run tests once
53
+ npm run linear:sync # Sync with Linear
54
+
55
+ # StackMemory CLI
56
+ stackmemory capture # Save session state for handoff
57
+ stackmemory restore # Restore from captured state
58
+ ```
59
+
60
+ ## Working Directory
61
+
62
+ - PRIMARY: /Users/jwu/Dev/stackmemory
63
+ - ALLOWED: All subdirectories
64
+ - TEMP: /tmp for temporary operations
65
+
66
+ ## Validation (MUST DO)
67
+
68
+ After code changes:
69
+ 1. `npm run lint` - fix any errors AND warnings
70
+ 2. `npm run test:run` - verify no regressions
71
+ 3. `npm run build` - ensure compilation
72
+ 4. Run code to verify it works
73
+
74
+ Test coverage:
75
+ - New features require tests in `src/**/__tests__/`
76
+ - Maintain or improve coverage (no untested code paths)
77
+ - Critical paths: context management, handoff, Linear sync
78
+
79
+ Never: Assume success | Skip testing | Use mock data as fallback
80
+
81
+ ## Git Rules (CRITICAL)
82
+
83
+ - NEVER use `--no-verify` on git push or commit
84
+ - ALWAYS fix lint/test errors before pushing
85
+ - If pre-push hooks fail, fix the underlying issue
86
+ - Run `npm run lint && npm run test:run` before pushing
87
+ - Commit message format: `type(scope): message`
88
+ - Branch naming: `feature/STA-XXX-description` | `fix/STA-XXX-description` | `chore/description`
89
+
90
+ ## Task Management
91
+
92
+ - Use TodoWrite for 3+ steps or multiple requests
93
+ - Keep one task in_progress at a time
94
+ - Update task status immediately on completion
95
+
96
+ ## Security
97
+
98
+ NEVER hardcode secrets - use process.env with dotenv/config
99
+
100
+ ```javascript
101
+ import 'dotenv/config';
102
+ const API_KEY = process.env.LINEAR_API_KEY;
103
+ if (!API_KEY) {
104
+ console.error('LINEAR_API_KEY not set');
105
+ process.exit(1);
106
+ }
107
+ ```
108
+
109
+ Environment sources (check in order):
110
+ 1. .env file
111
+ 2. .env.local
112
+ 3. ~/.zshrc
113
+ 4. Process environment
114
+
115
+ Secret patterns to block: lin_api_* | lin_oauth_* | sk-* | npm_*
116
+
117
+ ## Deploy
118
+
119
+ ```bash
120
+ # npm publish (uses NPM_TOKEN from .env, no OTP needed)
121
+ git stash -- scripts/gepa/ # stash GEPA state (dirties working tree)
122
+ NPM_TOKEN=$(grep '^NPM_TOKEN=' .env | cut -d= -f2) \
123
+ npm publish --registry https://registry.npmjs.org/ \
124
+ --//registry.npmjs.org/:_authToken="$NPM_TOKEN"
125
+ git stash pop # restore GEPA state
126
+
127
+ # Railway
128
+ railway up
129
+
130
+ # Pre-publish checks require clean git status — stash GEPA files first
131
+ ```
132
+
133
+ ## Task Delegation Model
134
+
135
+ Route effort by task complexity — not all code changes deserve equal scrutiny:
136
+
137
+ **AUTOMATE** — Execute immediately, lint+test is sufficient:
138
+ - CRUD operations, boilerplate, formatting, simple transforms
139
+ - Adding a tool handler following existing switch/case pattern
140
+ - Config additions (new env var, feature flag)
141
+
142
+ **STANDARD** — Normal workflow, lint+test+build:
143
+ - Feature implementation, bug fixes, refactoring
144
+ - New test coverage, documentation updates
145
+ - Integration wiring (adding handler to server.ts dispatch)
146
+
147
+ **CAREFUL** — Review approach before implementation:
148
+ - API/schema changes, database migrations, auth flows
149
+ - New integration patterns (MCP tools, webhook handlers)
150
+ - Changes to frame-manager, sqlite-adapter, or daemon lifecycle
151
+ - Anything touching error handling chains
152
+
153
+ **ARCHITECT** — Plan mode required, explore existing patterns first:
154
+ - New service boundaries, system integrations
155
+ - Performance-critical paths (FTS5 queries, search scoring)
156
+ - Breaking changes to MCP protocol or CLI interface
157
+
158
+ **HUMAN** — Explicit user approval before any changes:
159
+ - Security-critical decisions, secret handling
160
+ - Irreversible operations (data migrations, schema drops)
161
+ - Publishing (npm publish, Railway deploy)
162
+
163
+ Quality gates scale with tier — don't over-engineer AUTOMATE tasks, don't under-review CAREFUL ones.
164
+
165
+ ## Workflow
166
+
167
+ - Check .env for API keys before asking
168
+ - Run npm run linear:sync after task completion
169
+ - Use browser MCP for visual testing
170
+ - Review recent commits and stackmemory.json on session start
171
+ - Use subagents for multi-step tasks
172
+ - Ask 1-3 clarifying questions for complex commands (one at a time)
@@ -0,0 +1,176 @@
1
+ # StackMemory - Project Configuration
2
+
3
+ ## Project Structure
4
+
5
+ ```
6
+ src/
7
+ cli/ # CLI commands and entry point
8
+ core/ # Core business logic
9
+ context/ # Frame and context management
10
+ database/ # Database adapters (SQLite, ParadeDB)
11
+ digest/ # Digest generation
12
+ query/ # Query parsing and routing
13
+ integrations/ # External integrations (Linear, MCP)
14
+ services/ # Business services
15
+ skills/ # Claude Code skills
16
+ utils/ # Shared utilities
17
+ scripts/ # Build and utility scripts
18
+ config/ # Configuration files
19
+ docs/ # Documentation
20
+ ```
21
+
22
+ ## Key Files
23
+
24
+ - Entry: src/cli/index.ts
25
+ - MCP Server: src/integrations/mcp/server.ts
26
+ - Frame Manager: src/core/context/frame-manager.ts
27
+ - Database: src/core/database/sqlite-adapter.ts
28
+
29
+ ## Documentation
30
+
31
+ Quick reference (agent_docs/):
32
+ - linear_integration.md - Linear sync
33
+ - mcp_server.md - MCP tools
34
+ - database_storage.md - Storage
35
+ - claude_hooks.md - Hooks
36
+
37
+ Full docs (docs/):
38
+ - principles.md - Agent programming paradigm
39
+ - architecture.md - Extension model and browser sandbox
40
+ - SPEC.md - Technical specification
41
+ - API_REFERENCE.md - API docs
42
+ - DEVELOPMENT.md - Dev guide
43
+ - SETUP.md - Installation
44
+
45
+ ## Commands
46
+
47
+ ```bash
48
+ npm run build # Compile TypeScript (esbuild)
49
+ npm run lint # ESLint check
50
+ npm run lint:fix # Auto-fix lint issues
51
+ npm test # Run Vitest (watch)
52
+ npm run test:run # Run tests once
53
+ npm run linear:sync # Sync with Linear
54
+
55
+ # StackMemory CLI
56
+ stackmemory capture # Save session state for handoff
57
+ stackmemory restore # Restore from captured state
58
+ ```
59
+
60
+ ## Working Directory
61
+
62
+ - PRIMARY: /Users/jwu/Dev/stackmemory
63
+ - ALLOWED: All subdirectories
64
+ - TEMP: /tmp for temporary operations
65
+
66
+ ## Required Validation
67
+
68
+ After every code change:
69
+ 1. `npm run lint` - fix all errors AND warnings
70
+ 2. `npm run test:run` - verify no regressions
71
+ 3. `npm run build` - confirm compilation succeeds
72
+ 4. Execute code to confirm functionality
73
+
74
+ Test coverage requirements:
75
+ - Write tests in `src/**/__tests__/` for all new features
76
+ - Maintain or improve coverage - no untested code paths
77
+ - Critical paths require tests: context management, handoff, Linear sync
78
+
79
+ Do NOT: assume success | skip testing | use mock data as fallback
80
+
81
+ ## Git Rules (CRITICAL)
82
+
83
+ NEVER:
84
+ - Use `--no-verify` on git push or commit
85
+ - Push without fixing lint/test errors
86
+ - Skip validation when pre-push hooks fail
87
+
88
+ ALWAYS:
89
+ - Fix underlying issues when hooks fail
90
+ - Run `npm run lint && npm run test:run` before pushing
91
+ - Use commit format: `type(scope): message`
92
+ - Use branch naming: `feature/STA-XXX-description` | `fix/STA-XXX-description` | `chore/description`
93
+
94
+ ## Task Management
95
+
96
+ - Create TodoWrite for 3+ steps or multiple requests
97
+ - Work on one task at a time (keep one in_progress)
98
+ - Update task status immediately on completion
99
+
100
+ ## Security
101
+
102
+ NEVER hardcode secrets. Use process.env with dotenv/config:
103
+
104
+ ```javascript
105
+ import 'dotenv/config';
106
+ const API_KEY = process.env.LINEAR_API_KEY;
107
+ if (!API_KEY) {
108
+ console.error('LINEAR_API_KEY not set');
109
+ process.exit(1);
110
+ }
111
+ ```
112
+
113
+ Environment sources (check in order):
114
+ 1. .env file
115
+ 2. .env.local
116
+ 3. ~/.zshrc
117
+ 4. Process environment
118
+
119
+ Block secret patterns: lin_api_* | lin_oauth_* | sk-* | npm_*
120
+
121
+ ## Deploy
122
+
123
+ ```bash
124
+ # npm publish (uses NPM_TOKEN from .env, no OTP needed)
125
+ git stash -- scripts/gepa/ # stash GEPA state (dirties working tree)
126
+ NPM_TOKEN=$(grep '^NPM_TOKEN=' .env | cut -d= -f2) \
127
+ npm publish --registry https://registry.npmjs.org/ \
128
+ --//registry.npmjs.org/:_authToken="$NPM_TOKEN"
129
+ git stash pop # restore GEPA state
130
+
131
+ # Railway
132
+ railway up
133
+
134
+ # Pre-publish checks require clean git status — stash GEPA files first
135
+ ```
136
+
137
+ ## Task Delegation Model
138
+
139
+ Match effort to complexity:
140
+
141
+ **AUTOMATE** — Execute immediately, lint+test only:
142
+ - CRUD operations, boilerplate, formatting, simple transforms
143
+ - Adding tool handler following existing switch/case pattern
144
+ - Config additions (env var, feature flag)
145
+
146
+ **STANDARD** — Normal workflow, lint+test+build:
147
+ - Feature implementation, bug fixes, refactoring
148
+ - New test coverage, documentation updates
149
+ - Integration wiring (adding handler to server.ts dispatch)
150
+
151
+ **CAREFUL** — Review approach before coding:
152
+ - API/schema changes, database migrations, auth flows
153
+ - New integration patterns (MCP tools, webhook handlers)
154
+ - Changes to frame-manager, sqlite-adapter, daemon lifecycle
155
+ - Error handling chain modifications
156
+
157
+ **ARCHITECT** — Plan mode required, explore patterns first:
158
+ - New service boundaries, system integrations
159
+ - Performance-critical paths (FTS5 queries, search scoring)
160
+ - Breaking changes to MCP protocol or CLI interface
161
+
162
+ **HUMAN** — Explicit user approval required:
163
+ - Security-critical decisions, secret handling
164
+ - Irreversible operations (data migrations, schema drops)
165
+ - Publishing (npm publish, Railway deploy)
166
+
167
+ Scale quality gates to tier. Don't over-engineer AUTOMATE tasks or under-review CAREFUL ones.
168
+
169
+ ## Workflow
170
+
171
+ - Check .env for API keys before asking user
172
+ - Run `npm run linear:sync` after task completion
173
+ - Use browser MCP for visual testing
174
+ - Review recent commits and stackmemory.json at session start
175
+ - Use subagents for multi-step tasks
176
+ - Ask 1-3 clarifying questions for complex commands (one at a time)
@@ -0,0 +1,266 @@
1
+ # StackMemory - Project Configuration
2
+
3
+ ## Project Structure
4
+
5
+ ```
6
+ src/
7
+ cli/ # CLI commands and entry point
8
+ core/ # Core business logic
9
+ context/ # Frame and context management
10
+ database/ # Database adapters (SQLite, ParadeDB)
11
+ digest/ # Digest generation
12
+ query/ # Query parsing and routing
13
+ integrations/ # External integrations (Linear, MCP)
14
+ services/ # Business services
15
+ skills/ # Claude Code skills
16
+ utils/ # Shared utilities
17
+ scripts/ # Build and utility scripts
18
+ config/ # Configuration files
19
+ docs/ # Documentation
20
+ ```
21
+
22
+ ## Key Files
23
+
24
+ - Entry: src/cli/index.ts
25
+ - MCP Server: src/integrations/mcp/server.ts
26
+ - Frame Manager: src/core/context/frame-manager.ts
27
+ - Database: src/core/database/sqlite-adapter.ts
28
+
29
+ ## Detailed Guides
30
+
31
+ Quick reference (agent_docs/):
32
+ - linear_integration.md - Linear sync
33
+ - mcp_server.md - MCP tools
34
+ - database_storage.md - Storage
35
+ - claude_hooks.md - Hooks
36
+
37
+ Full documentation (docs/):
38
+ - principles.md - Agent programming paradigm
39
+ - architecture.md - Extension model and browser sandbox
40
+ - SPEC.md - Technical specification
41
+ - API_REFERENCE.md - API docs
42
+ - DEVELOPMENT.md - Dev guide
43
+ - SETUP.md - Installation
44
+
45
+ ## Commands
46
+
47
+ ```bash
48
+ npm run build # Compile TypeScript (esbuild)
49
+ npm run lint # ESLint check
50
+ npm run lint:fix # Auto-fix lint issues
51
+ npm test # Run Vitest (watch)
52
+ npm run test:run # Run tests once
53
+ npm run linear:sync # Sync with Linear
54
+
55
+ # StackMemory CLI
56
+ stackmemory capture # Save session state for handoff
57
+ stackmemory restore # Restore from captured state
58
+ ```
59
+
60
+ ## Working Directory
61
+
62
+ - PRIMARY: /Users/jwu/Dev/stackmemory
63
+ - ALLOWED: All subdirectories
64
+ - TEMP: /tmp for temporary operations
65
+
66
+ ## Validation (MUST DO)
67
+
68
+ After code changes:
69
+ 1. `npm run lint` - fix any errors AND warnings
70
+ 2. `npm run test:run` - verify no regressions
71
+ 3. `npm run build` - ensure compilation
72
+ 4. Run code to verify it works
73
+
74
+ <example>
75
+ # After adding a new MCP tool handler
76
+ npm run lint && npm run test:run && npm run build
77
+ # Then test the tool:
78
+ echo '{"method":"tools/call","params":{"name":"your_tool"}}' | node dist/integrations/mcp/server.js
79
+ </example>
80
+
81
+ Test coverage:
82
+ - New features require tests in `src/**/__tests__/`
83
+ - Maintain or improve coverage (no untested code paths)
84
+ - Critical paths: context management, handoff, Linear sync
85
+
86
+ <example>
87
+ # New feature: src/core/context/frame-deduplicator.ts
88
+ # Required: src/core/context/__tests__/frame-deduplicator.test.ts
89
+ # Test both happy path and edge cases (empty input, duplicates, conflicts)
90
+ </example>
91
+
92
+ Never: Assume success | Skip testing | Use mock data as fallback
93
+
94
+ ## Git Rules (CRITICAL)
95
+
96
+ - NEVER use `--no-verify` on git push or commit
97
+ - ALWAYS fix lint/test errors before pushing
98
+ - If pre-push hooks fail, fix the underlying issue
99
+ - Run `npm run lint && npm run test:run` before pushing
100
+ - Commit message format: `type(scope): message`
101
+ - Branch naming: `feature/STA-XXX-description` | `fix/STA-XXX-description` | `chore/description`
102
+
103
+ <example>
104
+ # Good commits:
105
+ feat(mcp): add search_frames tool for context retrieval
106
+ fix(linear): handle null assignee in webhook handler
107
+ chore(deps): upgrade better-sqlite3 to 11.8.0
108
+
109
+ # Good branches:
110
+ feature/STA-123-add-digest-export
111
+ fix/STA-456-frame-timestamp-parsing
112
+ chore/upgrade-typescript-5.3
113
+ </example>
114
+
115
+ ## Task Management
116
+
117
+ - Use TodoWrite for 3+ steps or multiple requests
118
+ - Keep one task in_progress at a time
119
+ - Update task status immediately on completion
120
+
121
+ <example>
122
+ # Multi-step task requires TodoWrite:
123
+ User: "Add Graphiti integration with Linear bridge"
124
+ 1. Create TodoWrite with 4 tasks:
125
+ - Research Graphiti API patterns
126
+ - Implement LinearGraphitiBridge class
127
+ - Add webhook handler for Linear events
128
+ - Write integration tests
129
+ 2. Mark task 1 in_progress, complete it
130
+ 3. Mark task 2 in_progress, etc.
131
+ </example>
132
+
133
+ ## Security
134
+
135
+ NEVER hardcode secrets - use process.env with dotenv/config
136
+
137
+ <example>
138
+ // ✓ CORRECT
139
+ import 'dotenv/config';
140
+ const API_KEY = process.env.LINEAR_API_KEY;
141
+ if (!API_KEY) {
142
+ console.error('LINEAR_API_KEY not set');
143
+ process.exit(1);
144
+ }
145
+
146
+ // ✗ WRONG
147
+ const API_KEY = 'lin_api_abc123def456';
148
+ </example>
149
+
150
+ Environment sources (check in order):
151
+ 1. .env file
152
+ 2. .env.local
153
+ 3. ~/.zshrc
154
+ 4. Process environment
155
+
156
+ Secret patterns to block: lin_api_* | lin_oauth_* | sk-* | npm_*
157
+
158
+ <example>
159
+ # If you see this pattern, STOP and use env vars:
160
+ const token = 'lin_api_...';
161
+ const apiKey = 'sk-...';
162
+ const npmToken = 'npm_...';
163
+ </example>
164
+
165
+ ## Deploy
166
+
167
+ ```bash
168
+ # npm publish (uses NPM_TOKEN from .env, no OTP needed)
169
+ git stash -- scripts/gepa/ # stash GEPA state (dirties working tree)
170
+ NPM_TOKEN=$(grep '^NPM_TOKEN=' .env | cut -d= -f2) \
171
+ npm publish --registry https://registry.npmjs.org/ \
172
+ --//registry.npmjs.org/:_authToken="$NPM_TOKEN"
173
+ git stash pop # restore GEPA state
174
+
175
+ # Railway
176
+ railway up
177
+
178
+ # Pre-publish checks require clean git status — stash GEPA files first
179
+ ```
180
+
181
+ ## Task Delegation Model
182
+
183
+ Route effort by task complexity — not all code changes deserve equal scrutiny:
184
+
185
+ **AUTOMATE** — Execute immediately, lint+test is sufficient:
186
+ - CRUD operations, boilerplate, formatting, simple transforms
187
+ - Adding a tool handler following existing switch/case pattern
188
+ - Config additions (new env var, feature flag)
189
+
190
+ <example>
191
+ # AUTOMATE tier example:
192
+ User: "Add a new MCP tool for listing frames by tag"
193
+ Action: Add case to server.ts switch, follow existing pattern, lint+test
194
+ </example>
195
+
196
+ **STANDARD** — Normal workflow, lint+test+build:
197
+ - Feature implementation, bug fixes, refactoring
198
+ - New test coverage, documentation updates
199
+ - Integration wiring (adding handler to server.ts dispatch)
200
+
201
+ <example>
202
+ # STANDARD tier example:
203
+ User: "Fix the digest generation to include frame metadata"
204
+ Action: Modify digest-generator.ts, add tests, lint+test+build, verify output
205
+ </example>
206
+
207
+ **CAREFUL** — Review approach before implementation:
208
+ - API/schema changes, database migrations, auth flows
209
+ - New integration patterns (MCP tools, webhook handlers)
210
+ - Changes to frame-manager, sqlite-adapter, or daemon lifecycle
211
+ - Anything touching error handling chains
212
+
213
+ <example>
214
+ # CAREFUL tier example:
215
+ User: "Add a new column to frames table for priority scoring"
216
+ Action: Read schema, check migrations, discuss ALTER TABLE vs rebuild, plan rollback
217
+ </example>
218
+
219
+ **ARCHITECT** — Plan mode required, explore existing patterns first:
220
+ - New service boundaries, system integrations
221
+ - Performance-critical paths (FTS5 queries, search scoring)
222
+ - Breaking changes to MCP protocol or CLI interface
223
+
224
+ <example>
225
+ # ARCHITECT tier example:
226
+ User: "Integrate Graphiti knowledge graph with existing frame storage"
227
+ Action: EnterPlanMode, explore frame-manager.ts, research Graphiti API, design bridge layer
228
+ </example>
229
+
230
+ **HUMAN** — Explicit user approval before any changes:
231
+ - Security-critical decisions, secret handling
232
+ - Irreversible operations (data migrations, schema drops)
233
+ - Publishing (npm publish, Railway deploy)
234
+
235
+ <example>
236
+ # HUMAN tier example:
237
+ User: "Publish v1.3.0 to npm"
238
+ Action: Ask "Ready to publish? This will run npm publish with NPM_TOKEN." Wait for approval.
239
+ </example>
240
+
241
+ Quality gates scale with tier — don't over-engineer AUTOMATE tasks, don't under-review CAREFUL ones.
242
+
243
+ ## Workflow
244
+
245
+ - Check .env for API keys before asking
246
+ - Run npm run linear:sync after task completion
247
+ - Use browser MCP for visual testing
248
+ - Review recent commits and stackmemory.json on session start
249
+ - Use subagents for multi-step tasks
250
+ - Ask 1-3 clarifying questions for complex commands (one at a time)
251
+
252
+ <example>
253
+ # Session start workflow:
254
+ 1. Read stackmemory.json for project state
255
+ 2. Run: git log --oneline -5
256
+ 3. Check git status for uncommitted work
257
+ 4. If user mentions Linear task, run: npm run linear:sync
258
+ 5. Proceed with user request
259
+ </example>
260
+
261
+ <example>
262
+ # Complex command clarification:
263
+ User: "Optimize the search performance"
264
+ Response: "Which search path should I focus on? (1) FTS5 queries, (2) Hybrid search scoring, or (3) Database indexes?"
265
+ # Wait for answer before proceeding
266
+ </example>