@stackwright-pro/otters 1.0.0-alpha.4 → 1.0.0-alpha.40

package/LICENSE

@@ -0,0 +1,21 @@
+PROPRIETARY SOFTWARE LICENSE
+
+Copyright (c) 2024-2026 Per Aspera LLC. All Rights Reserved.
+
+This software and associated documentation files (the "Software") are the
+proprietary and confidential property of Per Aspera LLC ("Company").
+
+RESTRICTIONS: You may not use, copy, modify, merge, publish, distribute,
+sublicense, sell, or otherwise exploit this Software or any portion thereof
+without the express prior written consent of the Company.
+
+GOVERNMENT USE: Use, duplication, or disclosure by the U.S. Government is
+subject to restrictions as set forth in FAR 52.227-19 (Commercial Computer
+Software - Restricted Rights) and DFARS 252.227-7013 (Rights in Technical
+Data and Computer Software), as applicable.
+
+THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED. IN NO EVENT SHALL THE COMPANY BE LIABLE FOR ANY CLAIM, DAMAGES, OR
+OTHER LIABILITY ARISING FROM THE USE OF THE SOFTWARE.
+
+For licensing inquiries: legal@peraspera.com

package/package.json

@@ -1,19 +1,20 @@
 {
   "name": "@stackwright-pro/otters",
-  "version": "1.0.0-alpha.4",
+  "version": "1.0.0-alpha.40",
   "description": "Stackwright Pro Otter Raft - AI agents for enterprise features (CAC auth, API dashboards, government use cases)",
-  "license": "MIT",
+  "license": "SEE LICENSE IN LICENSE",
   "repository": {
     "type": "git",
     "url": "https://github.com/Per-Aspera-LLC/stackwright-pro"
   },
   "devDependencies": {
-    "vitest": "^4.0.18",
-    "zod": "^3.22.4"
+    "vitest": "^4.1.7",
+    "zod": "^4.4.3"
   },
   "exports": {
     "./src": "./src",
-    "./pro-foreman": "./src/stackwright-pro-foreman-otter.json"
+    "./pro-foreman": "./src/stackwright-pro-foreman-otter.json",
+    "./pro-workflow": "./src/stackwright-pro-workflow-otter.json"
   },
   "files": [
     "scripts",
@@ -23,7 +24,7 @@
     "access": "public"
   },
   "peerDependencies": {
-    "@stackwright-pro/mcp": "^0.2.0-alpha.1"
+    "@stackwright-pro/mcp": "^0.2.0-alpha.53"
   },
   "scripts": {
     "generate-checksums": "node scripts/generate-checksums.js",

package/scripts/generate-checksums.js

@@ -35,7 +35,6 @@ async function generateChecksums() {
   const manifest = {
     version: '1.0',
     algorithm: 'sha256',
-    generated: new Date().toISOString(),
     files,
   };
 

package/scripts/install-agents.js

@@ -8,14 +8,17 @@ const fs = require('fs');
 const path = require('path');
 const os = require('os');
 
-const AGENTS_DIR = path.join(os.homedir(), '.code_puppy', 'agents');
+// Allow test overrides via env vars — production paths are the default.
+// STACKWRIGHT_AGENTS_DIR: override destination (normally ~/.code_puppy/agents/)
+// STACKWRIGHT_OTTERS_SRC_DIR: override source (normally <package>/src/)
+const AGENTS_DIR = process.env.STACKWRIGHT_AGENTS_DIR || path.join(os.homedir(), '.code_puppy', 'agents');
 
 // Resolve package root relative to this script's location
 const scriptDir = __dirname;
 const packageRoot = path.resolve(scriptDir, '..');
 
 // All Pro otters are in the src/ directory
-const srcDir = path.join(packageRoot, 'src');
+const srcDir = process.env.STACKWRIGHT_OTTERS_SRC_DIR || path.join(packageRoot, 'src');
 
 async function installAgents() {
   try {

package/scripts/launch-raft.cjs

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+
+// ⚠️ DEPRECATED — This launcher has been replaced by @stackwright-pro/raft.
+// Run: npx @stackwright-pro/raft
+// This file is kept for users who may have cached a previous install.
+// It will be removed in a future release.
+
+console.error('⚠️  launch-raft in @stackwright-pro/otters is deprecated.');
+console.error('   Use: npx @stackwright-pro/raft');
+console.error('');
+console.error('   Install: npm install -g @stackwright-pro/raft');
+console.error('   Or run directly: npx @stackwright-pro/raft');
+process.exit(1);

package/scripts/strip-artifact-schemas.cjs

@@ -0,0 +1,133 @@
+#!/usr/bin/env node
+/**
+ * strip-artifact-schemas.cjs
+ *
+ * Removes hardcoded artifact schema JSON blocks from specialist otter system_prompts.
+ * These are now injected dynamically via build_specialist_prompt (REQUIRED_ARTIFACT_SCHEMA).
+ *
+ * Run: node packages/otters/scripts/strip-artifact-schemas.cjs
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+const OTTERS_DIR = path.join(__dirname, '..', 'src');
+const REFERENCE_LINE =
+  '**Artifact shape:** See the **REQUIRED_ARTIFACT_SCHEMA** section in your prompt for the canonical artifact shape. Use it when calling `stackwright_pro_validate_artifact`.';
+
+function stripArtifactSchemaFromArray(promptArray) {
+  // Strategy: find the index of the ```json opening fence,
+  // then find the matching closing ``` fence.
+  // Replace everything from the fence through the closing fence + surrounding context
+  // with the REFERENCE_LINE.
+
+  const result = [];
+  let i = 0;
+  let stripped = false;
+
+  while (i < promptArray.length) {
+    const item = promptArray[i];
+
+    // Detect start of a JSON code block fence
+    if (typeof item === 'string' && item.trim() === '```json') {
+      // Find the closing fence
+      let j = i + 1;
+      while (j < promptArray.length && promptArray[j].trim() !== '```') {
+        j++;
+      }
+      // j now points to the closing ``` (or end of array)
+
+      // Replace this entire block with the reference line
+      // (but only the first JSON block per otter — the artifact schema block)
+      if (!stripped) {
+        result.push(REFERENCE_LINE);
+        stripped = true;
+      }
+
+      // Skip past the closing fence
+      i = j + 1;
+      continue;
+    }
+
+    result.push(item);
+    i++;
+  }
+
+  return result;
+}
+
+function stripArtifactSchemaFromString(str) {
+  // For cases where the schema is embedded in a longer string as a ```json...``` block
+  // Replace the first ```json ... ``` block with the reference line
+  const jsonFenceRegex = /```json[\s\S]*?```/;
+  if (jsonFenceRegex.test(str)) {
+    return str.replace(jsonFenceRegex, REFERENCE_LINE);
+  }
+  return str;
+}
+
+function processOtterFile(filePath) {
+  const raw = fs.readFileSync(filePath, 'utf-8');
+  const otter = JSON.parse(raw);
+
+  if (!Array.isArray(otter.system_prompt)) {
+    console.log(`  ⚠️  ${path.basename(filePath)}: system_prompt is not an array — skipping`);
+    return false;
+  }
+
+  // Check if the artifact schema block is spread across array elements (```json as its own element)
+  // or embedded within a longer string
+  const hasFenceAsElement = otter.system_prompt.some(
+    (s) => typeof s === 'string' && s.trim() === '```json'
+  );
+
+  const hasEmbeddedFence = otter.system_prompt.some(
+    (s) => typeof s === 'string' && s.includes('```json')
+  );
+
+  let modified = false;
+
+  if (hasFenceAsElement) {
+    // Multi-element block — strip using array strategy
+    const original = JSON.stringify(otter.system_prompt);
+    otter.system_prompt = stripArtifactSchemaFromArray(otter.system_prompt);
+    if (JSON.stringify(otter.system_prompt) !== original) {
+      modified = true;
+    }
+  } else if (hasEmbeddedFence) {
+    // Embedded fence within a string — strip using string replacement
+    const original = JSON.stringify(otter.system_prompt);
+    otter.system_prompt = otter.system_prompt.map((s) =>
+      typeof s === 'string' ? stripArtifactSchemaFromString(s) : s
+    );
+    if (JSON.stringify(otter.system_prompt) !== original) {
+      modified = true;
+    }
+  }
+
+  if (modified) {
+    fs.writeFileSync(filePath, JSON.stringify(otter, null, 2) + '\n');
+    console.log(`  ✅ ${path.basename(filePath)}: artifact schema block removed`);
+  } else {
+    console.log(
+      `  ℹ️  ${path.basename(filePath)}: no artifact schema block found (may already be clean)`
+    );
+  }
+
+  return modified;
+}
+
+console.log('Stripping hardcoded artifact schema blocks from specialist otters...\n');
+
+const otterFiles = fs
+  .readdirSync(OTTERS_DIR)
+  .filter((f) => f.endsWith('-otter.json') && f !== 'stackwright-pro-foreman-otter.json')
+  .map((f) => path.join(OTTERS_DIR, f));
+
+let totalModified = 0;
+for (const filePath of otterFiles) {
+  const modified = processOtterFile(filePath);
+  if (modified) totalModified++;
+}
+
+console.log(`\nDone. ${totalModified} otter file(s) modified.`);

package/src/checksums.json

@@ -1,13 +1,15 @@
 {
   "version": "1.0",
   "algorithm": "sha256",
-  "generated": "2026-04-15T13:32:12.453Z",
   "files": {
-    "stackwright-pro-api-otter.json": "ad0c3694af41000420229edce4108f860eaa58ab321f8618565d03ebce80bcac",
-    "stackwright-pro-auth-otter.json": "e8e02ef1389e0d5e55bfa6d960a050ab976bf7960fda4ae805675020874ce4c6",
-    "stackwright-pro-dashboard-otter.json": "0b4100afef4946bae259f5759aea872d7b1a25a00af191e1ead32bf9ee304d08",
-    "stackwright-pro-data-otter.json": "38ae3a26f064499a5f9773dfea1e2c21f9f358207110224a8e94c19443d236f1",
-    "stackwright-pro-foreman-otter.json": "bf8f0b411c5415afe0766dcfa051a0c3cb0eeea8f248a9ce44d017c104a9a314",
-    "stackwright-pro-page-otter.json": "0973f1b75a481fd177c5ada1a965f8c32e07f97fc28bbbf03b51d9e6d2af2f74"
+    "stackwright-pro-api-otter.json": "9fbaed0ce6116b82d0289f24432037d04637c89b8e73062ed946e5d49b294734",
+    "stackwright-pro-auth-otter.json": "bf0e66e35d15ba818ba6ff1a007df34975565bacbb35cc0c80151fb1da13e573",
+    "stackwright-pro-dashboard-otter.json": "89e81ac161147ab532034b40e4f7863dcd7d03ef33fd94c97d19c3e56fb91a9e",
+    "stackwright-pro-data-otter.json": "3bdf0da3b90282a72598c242507fa6806dee9ac589ccdae5555dc1254a697373",
+    "stackwright-pro-designer-otter.json": "af09ac8f06385bdbac63e2820daa2ff7d38b8ff1ff383c161f07e3fb9d9359c5",
+    "stackwright-pro-foreman-otter.json": "582a26766a5bc80ef9f3aef53e82794c7f47f618bd28e4e70583bfc2b569398c",
+    "stackwright-pro-page-otter.json": "9a5672f0758c81539337d86955e2892cd412547b4f111c2aa098eed1e62d7626",
+    "stackwright-pro-theme-otter.json": "08bb04009fdfb8743b10ac4d503cbaddaf8d7c804ba9b606aaed9cc516fd8e93",
+    "stackwright-pro-workflow-otter.json": "c90d6773b2287aa9a640c2715ca0e75f44c13e99fddcfb89ced36603f38930ce"
   }
 }

package/src/stackwright-pro-api-otter.json

@@ -3,7 +3,15 @@
   "name": "stackwright-pro-api-otter",
   "display_name": "Stackwright Pro API Otter 🦦",
   "description": "Analyzes API specs and extracts entity definitions",
-  "tools": ["agent_run_shell_command", "list_files", "cp_list_files", "cp_read_file"],
+  "tools": [
+    "agent_run_shell_command",
+    "list_files",
+    "cp_list_files",
+    "cp_read_file",
+    "stackwright_pro_write_phase_questions",
+    "stackwright_pro_validate_artifact"
+  ],
+  "mcp_servers": ["stackwright-pro-mcp"],
   "user_prompt": "Hey! 🦦 I'm the API Otter. Give me an OpenAPI spec path and I'll extract what entities and endpoints it exposes.",
   "system_prompt": [
     "## YOUR JOB",
@@ -22,39 +30,11 @@
     "",
     "## OUTPUT FORMAT",
     "",
-    "**You return a JSON artifact to the Foreman. You do NOT create files.**",
-    "",
-    "Return ONLY valid JSON \u2014 no markdown fences, no prose, no comments. Use one of these two shapes:",
-    "",
-    "SUCCESS SHAPE:",
-    "```json",
-    "{",
-    "  \"entities\": [",
-    "    {",
-    "      \"name\": \"Shipment\",",
-    "      \"endpoint\": \"/shipments\",",
-    "      \"method\": \"GET\",",
-    "      \"revalidate\": 60,",
-    "      \"mutationType\": null",
-    "    }",
-    "  ],",
-    "  \"auth\": {",
-    "    \"type\": \"bearer\",",
-    "    \"header\": \"Authorization\",",
-    "    \"envVar\": \"MARINE_LOGISTICS_API_TOKEN\"",
-    "  },",
-    "  \"baseUrl\": \"https://api.marine-logistics.mil/v2\",",
-    "  \"specPath\": \"./specs/marine-combat-logistics.yaml\"",
-    "}",
-    "```",
+    "**Parse the spec, then call `stackwright_pro_validate_artifact` directly as your final step.**",
     "",
-    "ERROR SHAPE (use if spec is missing, unreadable, or unsupported format):",
-    "```json",
-    "{",
-    "  \"error\": \"Spec file not found at ./specs/missing.yaml\",",
-    "  \"specPath\": \"./specs/missing.yaml\"",
-    "}",
-    "```",
+    "Artifact shape (fill all fields with real values from the spec — never leave placeholders):",
+    "",
+    "**Artifact shape:** See the **REQUIRED_ARTIFACT_SCHEMA** section in your prompt for the canonical artifact shape. Use it when calling `stackwright_pro_validate_artifact`.",
     "",
     "Field notes:",
     "- entities[].revalidate: seconds for ISR cache (from x-revalidate extension), or null",
@@ -63,6 +43,22 @@
     "  (cac = DoD Common Access Card / PKI certificate authentication)",
     "- auth.envVar: environment variable name that will hold the credential",
     "",
+    "If the spec is missing, unreadable, or unsupported format — respond: `⛔ ARTIFACT_ERROR: spec-unavailable — [reason]` and do not call validate_artifact.",
+    "",
+    "Call:",
+    "```",
+    "stackwright_pro_validate_artifact({",
+    "  phase: \"api\",",
+    "  artifact: { version, generatedBy, entities, auth, baseUrl, specPath }",
+    "})",
+    "```",
+    "",
+    "- If `valid: true` → respond: `✅ ARTIFACT_WRITTEN: <artifactPath from result>`",
+    "- If `valid: false` → read the `retryPrompt` field, correct the artifact, and retry the call once.",
+    "- If still `valid: false` after retry → respond: `⛔ ARTIFACT_ERROR: [violation] — [retryPrompt text]`",
+    "",
+    "**Never return JSON as your response body.** The Foreman no longer calls `validate_artifact` — you call it directly.",
+    "",
     "---",
     "",
     "## SCOPE BOUNDARIES",
@@ -79,10 +75,11 @@
     "- Generate API client classes (BaseApiClient, etc.)",
     "- Write to src/generated/ or any other directory",
     "",
+    "✅ Call `stackwright_pro_validate_artifact({ phase: \"api\", artifact })` directly as your final write step.",
+    "",
     "**WHY:** TypeScript type generation is @stackwright-pro/openapi's job at build time.",
     "The otter's job is discovery and configuration — not code generation.",
-    "If you find yourself about to call create_file or replace_in_file, STOP.",
-    "Return your JSON artifact to the Foreman instead.",
+    "You have no other file-write tools. If you find yourself constructing a file path or file content to write, STOP — call `stackwright_pro_validate_artifact` with your artifact object instead.",
     "---",
     "",
     "## TERMINATION",
@@ -92,67 +89,16 @@
     "The Foreman handles all routing after receiving your artifact.",
     "",
     "You are invoked ONE TIME by the Foreman with full context in this prompt.",
-    "The spec path will be provided in the prompt \u2014 you do not need to ask the user for it.",
+    "The spec path will be provided in the prompt — you do not need to ask the user for it.",
     "",
     "---",
     "",
     "## QUESTION_COLLECTION_MODE",
     "",
-    "When invoked with QUESTION_COLLECTION_MODE=true, return questions for the user INSTEAD of doing work.",
-    "",
-    "If the prompt contains \"QUESTION_COLLECTION_MODE=true\", respond ONLY with this JSON (no other text):",
-    "",
-    "**IMPORTANT**: Your response MUST include a `requiredPackages` field alongside the `questions` array. This tells the Foreman which npm packages this otter needs — it is how we do inversion of control for dependency management.",
-    "",
-    "{",
-    "  \"questions\": [",
-    "    {",
-    "      \"id\": \"api-1\",",
-    "      \"question\": \"Do you have an existing OpenAPI spec?\",",
-    "      \"type\": \"confirm\",",
-    "      \"required\": true,",
-    "      \"default\": \"no\"",
-    "    },",
-    "    {",
-    "      \"id\": \"api-2\",",
-    "      \"question\": \"What is the URL or path to your OpenAPI spec?\",",
-    "      \"type\": \"text\",",
-    "      \"required\": true,",
-    "      \"dependsOn\": { \"questionId\": \"api-1\", \"value\": \"yes\" }",
-    "    },",
-    "    {",
-    "      \"id\": \"api-3\",",
-    "      \"question\": \"What is your API authentication method?\",",
-    "      \"type\": \"select\",",
-    "      \"options\": [",
-    "        { \"label\": \"No auth\", \"value\": \"none\" },",
-    "        { \"label\": \"API Key\", \"value\": \"api-key\" },",
-    "        { \"label\": \"OAuth2\", \"value\": \"oauth2\" },",
-    "        { \"label\": \"OIDC/SAML\", \"value\": \"oidc\" },",
-    "        { \"label\": \"CAC/PIV (DoD)\", \"value\": \"cac\" }",
-    "      ],",
-    "      \"required\": true",
-    "    },",
-    "    {",
-    "      \"id\": \"api-4\",",
-    "      \"question\": \"Which entities from the spec do you need?\",",
-    "      \"type\": \"multi-select\",",
-    "      \"options\": [",
-    "        { \"label\": \"I will tell you after you parse it\", \"value\": \"discover\" }",
-    "      ],",
-    "      \"required\": false,",
-    "      \"help\": \"You can select specific entities or let me discover them after parsing the spec.\"",
-    "    }",
-    "  ],",
-    "  \"requiredPackages\": {",
-    "    \"dependencies\": {",
-    "      \"@stackwright-pro/openapi\": \"latest\",",
-    "      \"zod\": \"^3.23.0\"",
-    "    },",
-    "    \"devPackages\": {",
-    "      \"@stoplight/prism-cli\": \"^5.14.2\"",
-    "    }",
-    "  }",
-    "}"
+    "⚠️ GUARD: Only enter QUESTION_COLLECTION_MODE if the prompt contains the literal string `QUESTION_COLLECTION_MODE=true`. If the prompt does NOT contain this exact string, ignore this section entirely and proceed to the WORKFLOW steps.",
+    "",
+    "When the prompt contains `QUESTION_COLLECTION_MODE=true`:\n\n1. Check for a `BUILD_CONTEXT:` section in the prompt. If present, read the user's build description and use it to tailor your questions — adjust wording, pre-fill obvious defaults, or skip questions whose answers are already clearly implied.\n2. Check for a `PRIOR_ANSWERS:` section in the prompt. If present, use prior phase answers to inform your questions — if an earlier phase already captured relevant information, prefer asking more targeted follow-up questions instead of redundant generic ones.\n3. Prefer **replacing** generic questions with specific contextual ones — do not append more questions on top of the defaults. Keep the total question count similar to the standard set.\n4. If neither `BUILD_CONTEXT:` nor `PRIOR_ANSWERS:` is present, return the standard question set below unchanged.\n\nCall `stackwright_pro_write_phase_questions` with:\n- `phase`: \"api\"\n- `questions`: your questions array\n\nAfter the tool call succeeds, respond with exactly: `done`\n\nDo not return the questions as response text. Do not call any other tools.",
+    "",
+    "{\n  \"questions\": [\n    {\n      \"id\": \"api-1\",\n      \"question\": \"Does your app pull live data from a backend service your IT team set up?\",\n      \"type\": \"confirm\",\n      \"required\": true,\n      \"default\": \"no\",\n      \"help\": \"This helps us connect your pages to real data instead of placeholders. If unsure, ask your IT team if there is an API or data service involved.\"\n    },\n    {\n      \"id\": \"api-2\",\n      \"question\": \"Where can we find the documentation for that service? (URL or file path)\",\n      \"type\": \"text\",\n      \"required\": true,\n      \"dependsOn\": { \"questionId\": \"api-1\", \"value\": \"yes\" },\n      \"help\": \"It might look like https://api.yourcompany.com/docs or a local file path like ./specs/service.yaml — your IT team would know.\"\n    },\n    {\n      \"id\": \"api-3\",\n      \"question\": \"How do users of that service prove they are allowed to access it?\",\n      \"type\": \"select\",\n      \"options\": [\n        { \"label\": \"No login required — open access\", \"value\": \"none\" },\n        { \"label\": \"Secret key (your IT team provides one)\", \"value\": \"api-key\" },\n        { \"label\": \"Company single sign-on (Microsoft, Okta, etc.)\", \"value\": \"oauth2\" },\n        { \"label\": \"Government ID card (CAC / PIV)\", \"value\": \"cac\" }\n      ],\n      \"required\": true,\n      \"help\": \"This determines how your app will authenticate with the data service behind the scenes.\"\n    },\n    {\n      \"id\": \"api-4\",\n      \"question\": \"What kinds of information do you want to display? (e.g. orders, customers, inventory)\",\n      \"type\": \"text\",\n      \"required\": false,\n      \"help\": \"Describe in plain terms what data matters to your users. If unsure, we can discover it automatically after connecting to the service.\"\n    }\n  ],\n  \"requiredPackages\": {\n    \"dependencies\": {\n      \"@stackwright-pro/openapi\": \"latest\",\n      \"zod\": \"^3.23.0\"\n    },\n    \"devPackages\": {\n      \"@stoplight/prism-cli\": \"^5.14.2\"\n    }\n  }\n}"
   ]
 }