@structor-dev/cli 0.1.0

package/template/ai/contracts/codex-hooks.contract.json.tpl

@@ -0,0 +1,15 @@
+{
+  "id": "codex-hooks",
+  "name": "Codex Hooks Contract",
+  "version": "1.0.0",
+  "owners": ["{{HARNESS_REPO_NAME}}"],
+  "affectedRepos": ["{{HARNESS_REPO_NAME}}"],
+  "requiredFiles": [
+    ".codex/hooks.json",
+    "scripts/hooks/codex-hook.mjs",
+    "scripts/hooks/lib/codex-hooks-core.mjs",
+    "ai/contracts/codex-hooks.md"
+  ],
+  "forbiddenTokens": ["fetch(", "writeFile(", "appendFile("],
+  "validation": ["node scripts/check-codex-hooks.mjs"]
+}

package/template/ai/contracts/codex-hooks.md.tpl

@@ -0,0 +1,18 @@
+# Codex Hooks Contract
+
+Codex hooks are local advisory guardrails.
+
+## Requirements
+
+- Hook config lives in `.codex/hooks.json`.
+- Hook code lives under `scripts/hooks/`.
+- Hooks are deterministic and local.
+- Deny rules must include remediation and policy references.
+- Hooks must not write files, call external services, or supervise long-running
+  processes.
+- Hooks are not a complete security boundary and do not replace sandboxing,
+  permission controls, code review, CI policy, or secret management.
+
+## Validation
+
+- `node scripts/check-codex-hooks.mjs`

package/template/ai/contracts/github-safety.contract.json.tpl

@@ -0,0 +1,11 @@
+{
+  "id": "github-safety",
+  "name": "GitHub Safety Contract",
+  "version": "1.0.0",
+  "owners": ["{{HARNESS_REPO_NAME}}"],
+  "affectedRepos": ["{{HARNESS_REPO_NAME}}"],
+  "requiredFiles": [
+    "ai/contracts/github-safety.md"
+  ],
+  "validation": ["node scripts/validate-governance.mjs"]
+}

package/template/ai/contracts/github-safety.md.tpl

@@ -0,0 +1,15 @@
+# GitHub Safety Contract
+
+GitHub and other remote development platforms are external systems.
+
+## Requirements
+
+- Inspect local state before remote mutation.
+- Do not push, force-push, merge, close issues, edit PRs, or change repository
+  settings unless explicitly requested.
+- Preserve user changes in dirty worktrees.
+- Prefer dry-run or read-only inspection before high-impact operations.
+
+## Validation
+
+- `node scripts/validate-governance.mjs`

package/template/ai/contracts/release-flow.contract.json.tpl

@@ -0,0 +1,12 @@
+{
+  "id": "release-flow",
+  "name": "Release Flow Contract",
+  "version": "1.0.0",
+  "owners": ["{{HARNESS_REPO_NAME}}"],
+  "affectedRepos": ["{{HARNESS_REPO_NAME}}"],
+  "requiredFiles": [
+    "ai/VERSIONING.md",
+    "ai/contracts/release-flow.md"
+  ],
+  "validation": ["node scripts/validate-governance.mjs"]
+}

package/template/ai/contracts/release-flow.md.tpl

@@ -0,0 +1,15 @@
+# Release Flow Contract
+
+This contract defines harness release safety for `{{PROJECT_NAME}}`.
+
+## Requirements
+
+- Keep release decisions human-reviewed.
+- Keep generated artifacts reproducible.
+- Run governance validation before marking harness changes ready.
+- Do not push, tag, publish, deploy, or mutate external services without
+  explicit approval in the current task.
+
+## Validation
+
+- `node scripts/validate-governance.mjs`

package/template/ai/contracts/repo-boundaries.contract.json.tpl

@@ -0,0 +1,12 @@
+{
+  "id": "repo-boundaries",
+  "name": "Repo Boundaries Contract",
+  "version": "1.0.0",
+  "owners": ["{{HARNESS_REPO_NAME}}"],
+  "affectedRepos": ["{{HARNESS_REPO_NAME}}"],
+  "requiredFiles": [
+    "ai/contracts/repo-boundaries.md",
+    "ai/workspace/REPOS.md"
+  ],
+  "validation": ["node scripts/check-workspace.mjs"]
+}

package/template/ai/contracts/repo-boundaries.md.tpl

@@ -0,0 +1,18 @@
+# Repo Boundaries
+
+This contract defines ownership boundaries for {{PROJECT_NAME}}.
+
+## Harness Repo
+
+Owns policy, context routing, contracts, task templates, review skills, quality
+tracking, and validation scripts.
+
+## Consumer Repos
+
+{{CONSUMER_REPOS_LIST}}
+
+Consumer repos own product implementation and local runtime checks.
+
+## Runner
+
+Any future runner owns execution runtime outside this harness.

package/template/ai/contracts/security-boundary.contract.json.tpl

@@ -0,0 +1,11 @@
+{
+  "id": "security-boundary",
+  "name": "Security Boundary Contract",
+  "version": "1.0.0",
+  "owners": ["{{HARNESS_REPO_NAME}}"],
+  "affectedRepos": {{CONSUMER_REPO_NAMES_JSON}},
+  "requiredFiles": [
+    "ai/contracts/security-boundary.md"
+  ],
+  "validation": ["node scripts/validate-governance.mjs"]
+}

package/template/ai/contracts/security-boundary.md.tpl

@@ -0,0 +1,19 @@
+# Security Boundary
+
+Security-sensitive changes require explicit scope and human review.
+
+## Protected Surfaces
+
+- authentication
+- authorization
+- secrets
+- payment or billing behavior
+- production data
+- infrastructure
+- deployment configuration
+- database migrations
+
+## Rule
+
+Tasks that touch protected surfaces must state approval requirements,
+validation, rollback, and review routing.

package/template/ai/knowledge-manifest.json.tpl

@@ -0,0 +1,149 @@
+{
+  "version": 1,
+  "canonicalDocs": [
+    {
+      "path": "ai/AGENTS.md",
+      "status": "active",
+      "purpose": "Canonical agent operating policy.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/HUB.md",
+      "status": "active",
+      "purpose": "Routing index for harness guidance.",
+      "linkedFrom": ["ai/AGENTS.md"]
+    },
+    {
+      "path": "ai/context.md",
+      "status": "active",
+      "purpose": "Always-loaded project and repo context.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/HARNESS.md",
+      "status": "active",
+      "purpose": "Harness scope and non-goals.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/PRODUCT-SUMMARY.md",
+      "status": "active",
+      "purpose": "Compact product context for consumer repo work.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/PRODUCT.md",
+      "status": "active",
+      "purpose": "Product context gathered from consumer repos.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/ARCHITECTURE.md",
+      "status": "active",
+      "purpose": "Architecture map and ownership guidance.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/DESIGN.md",
+      "status": "active",
+      "purpose": "Design context and UI direction.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/HARNESS-ENGINEERING.md",
+      "status": "active",
+      "purpose": "Engineering practices for harness changes.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/READINESS.md",
+      "status": "active",
+      "purpose": "Post-generation readiness verdicts, gates, and manual review domains.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/QUALITY.md",
+      "status": "active",
+      "purpose": "Quality bar and validation evidence expectations.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/WORKFLOW.md",
+      "status": "active",
+      "purpose": "Human and agent workflow boundaries.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/RUNNER-SAFETY.md",
+      "status": "active",
+      "purpose": "Runner safety boundaries and non-goals.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/RUNNER-READINESS.md",
+      "status": "active",
+      "purpose": "Future runner readiness criteria.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/AGENT-GARBAGE-COLLECTION.md",
+      "status": "active",
+      "purpose": "Repeated mistake capture and cleanup guidance.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/DECISIONS.md",
+      "status": "active",
+      "purpose": "Harness decisions and rationale.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/VERSIONING.md",
+      "status": "active",
+      "purpose": "Harness release and compatibility policy.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/CODEX-HOOKS.md",
+      "status": "active",
+      "purpose": "Codex hook behavior and safety constraints.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/workspace/REPOS.md",
+      "status": "active",
+      "purpose": "Workspace repo map and ownership.",
+      "linkedFrom": ["ai/HUB.md", "ai/workspace/SESSION-BOOTSTRAP.md"]
+    },
+    {
+      "path": "ai/workspace/SYSTEM-MAP.md",
+      "status": "active",
+      "purpose": "System relationship map across harness and consumer repos.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/workspace/SESSION-BOOTSTRAP.md",
+      "status": "active",
+      "purpose": "Session-start checks for agents.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/workspace/LOCAL-STACK.md",
+      "status": "active",
+      "purpose": "Local setup assumptions and validation ownership.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/workspace/TEST-STRATEGY.md",
+      "status": "active",
+      "purpose": "Harness-owned and consumer-owned validation split.",
+      "linkedFrom": ["ai/HUB.md"]
+    },
+    {
+      "path": "ai/views/index.html",
+      "status": "generated",
+      "purpose": "Generated human review index.",
+      "linkedFrom": ["ai/HUB.md"]
+    }
+  ]
+}

package/template/ai/model-overlays/anthropic/CLAUDE.md.tpl

@@ -0,0 +1,14 @@
+# Anthropic/Claude Overlay
+
+This file is a thin compatibility pointer for Anthropic/Claude-compatible
+agents.
+
+Canonical policy lives in:
+
+1. `../../../CLAUDE.md`
+2. `../../CLAUDE.md`
+3. `../../HUB.md`
+4. `../../context.md`
+
+Use Claude-specific tool conventions according to the active runtime
+environment, but do not add model-specific policy here.

package/template/ai/model-overlays/openai/AGENTS.md.tpl

@@ -0,0 +1,13 @@
+# OpenAI/Codex Overlay
+
+This file is a thin compatibility pointer for OpenAI/Codex-compatible agents.
+
+Canonical policy lives in:
+
+1. `../../../AGENTS.md`
+2. `../../AGENTS.md`
+3. `../../HUB.md`
+4. `../../context.md`
+
+Use Codex tools according to the active runtime environment, but do not add
+model-specific policy here.

package/template/ai/plans/README.md.tpl

@@ -0,0 +1,10 @@
+# Plans
+
+Plans hold multi-step governance work. Do not store runtime state here.
+
+## Rules
+
+- Active plans live in `ai/plans/active/`.
+- Active plans must include status, goal, next step, and validation plan.
+- Completed plans should move out of active work surfaces with evidence.
+- Runtime logs, worktree state, and runner artifacts do not belong here.

package/template/ai/plans/tech-debt.md.tpl

@@ -0,0 +1,7 @@
+# Tech Debt
+
+Track harness debt here.
+
+## Open Items
+
+- None yet.

package/template/ai/skills/README.md.tpl

@@ -0,0 +1,15 @@
+# Review Skills
+
+Review skills define repeatable review workflows.
+
+## Index
+
+- `review-architecture.md`
+- `review-security.md`
+- `review-contract-drift.md`
+- `review-governance-drift.md`
+
+## Rule
+
+Report blocking findings first. Keep non-blocking observations separate from
+defects.

package/template/ai/skills/review-architecture.md.tpl

@@ -0,0 +1,41 @@
+# Architecture Review
+
+## Purpose
+
+Find boundary, ownership, and change-amplification risks.
+
+## Required Inputs
+
+- task brief
+- relevant contract docs
+- changed files
+
+## When to Use
+
+Use when changes affect ownership, routing, repo boundaries, data flow, or
+shared abstractions.
+
+## Blocking Findings
+
+Report behavior regressions, boundary violations, missing validation, and
+changes that make future work harder to reason about.
+
+## Non-Blocking Observations
+
+Report style, naming, or organization improvements only after blocking findings.
+
+## Output Format
+
+- Blocking Findings
+- Non-Blocking Observations
+- Validation Or Evidence
+- Verdict: `Pass`, `Block`, or `Needs follow-up`
+
+## Escalation Rules
+
+Escalate protected surfaces, cross-repo contracts, and remote mutations to
+human review.
+
+## Validation Or Evidence
+
+Name the exact files, commands, and evidence used for the review.

package/template/ai/skills/review-contract-drift.md.tpl

@@ -0,0 +1,41 @@
+# Contract Drift Review
+
+## Purpose
+
+Find mismatches between contracts and implementation.
+
+## Required Inputs
+
+- relevant contract docs
+- changed files
+- validation output
+
+## When to Use
+
+Use when code, docs, generated files, or validation may disagree with canonical
+contracts.
+
+## Blocking Findings
+
+Report missing contract updates, stale generated artifacts, contradictory path
+contracts, and unvalidated contract changes.
+
+## Non-Blocking Observations
+
+Report wording or discoverability improvements only after blocking findings.
+
+## Output Format
+
+- Blocking Findings
+- Non-Blocking Observations
+- Validation Or Evidence
+- Verdict: `Pass`, `Block`, or `Needs follow-up`
+
+## Escalation Rules
+
+Escalate shared contract changes that affect consumer repos or protected
+surfaces.
+
+## Validation Or Evidence
+
+Name the contract source, generated artifacts, and validation commands checked.

package/template/ai/skills/review-governance-drift.md.tpl

@@ -0,0 +1,42 @@
+# Governance Drift Review
+
+## Purpose
+
+Find duplicated policy, stale routing, missing validation, and runner boundary
+drift.
+
+## Required Inputs
+
+- harness docs
+- changed governance files
+- validation output
+
+## When to Use
+
+Use for harness policy, routing, templates, generated views, and validation
+script changes.
+
+## Blocking Findings
+
+Report stale routing, missing manifest entries, duplicated policy, invalid
+templates, and runner behavior that moved into the harness.
+
+## Non-Blocking Observations
+
+Report clarity and organization improvements only after blocking findings.
+
+## Output Format
+
+- Blocking Findings
+- Non-Blocking Observations
+- Validation Or Evidence
+- Verdict: `Pass`, `Block`, or `Needs follow-up`
+
+## Escalation Rules
+
+Escalate remote mutation, generated policy source changes, and broad validation
+changes to human review.
+
+## Validation Or Evidence
+
+Name the docs, manifest entries, generated files, and commands checked.

package/template/ai/skills/review-security.md.tpl

@@ -0,0 +1,40 @@
+# Security Review
+
+## Purpose
+
+Find security-sensitive behavior changes and missing approval gates.
+
+## Required Inputs
+
+- task brief
+- security boundary contract
+- changed files
+
+## When to Use
+
+Use when changes mention secrets, auth, permissions, tenant boundaries,
+external services, infrastructure, or data handling.
+
+## Blocking Findings
+
+Report missing approval gates, unsafe secret handling, auth bypass risk,
+external mutation, or unvalidated security-sensitive behavior.
+
+## Non-Blocking Observations
+
+Report hardening ideas that do not block the requested change.
+
+## Output Format
+
+- Blocking Findings
+- Non-Blocking Observations
+- Validation Or Evidence
+- Verdict: `Pass`, `Block`, or `Needs follow-up`
+
+## Escalation Rules
+
+Escalate protected surfaces and any real external mutation request.
+
+## Validation Or Evidence
+
+Name the security boundary, affected files, and commands checked.

package/template/ai/specs/README.md.tpl

@@ -0,0 +1,14 @@
+# Specs
+
+Use this folder for durable shared specs that do not belong exclusively to one
+consumer repo.
+
+Good candidates:
+
+- cross-repo feature specs
+- shared API or event contracts
+- product language that multiple repos must preserve
+- migration plans that require coordinated consumer repo changes
+
+Avoid storing runtime state or transient task notes here.
+

package/template/ai/templates/README.md.tpl

@@ -0,0 +1,13 @@
+# Templates
+
+Templates define reusable task and planning shapes.
+
+## Index
+
+- `task-brief-template.md`: canonical task brief shape
+- `issue-template.md`: issue-ready implementation brief shape
+- `fixtures/issues/`: validator fixtures for valid and invalid briefs
+
+## Rule
+
+Templates may contain placeholders. Ready task briefs must use concrete values.

package/template/ai/templates/fixtures/issues/invalid-placeholder.md.tpl

@@ -0,0 +1,20 @@
+---
+id: <ISSUE-ID>
+status: Ready for Agent
+risk: medium
+autonomy: pr_ready
+model_policy: standard
+repos:
+  - {{HARNESS_REPO_NAME}}
+allowed_paths:
+  - <path>
+forbidden_paths:
+  - workspace/**
+requires_human_approval: false
+---
+
+# Invalid Placeholder Fixture
+
+## Summary
+
+This fixture intentionally contains placeholder text.

package/template/ai/templates/fixtures/issues/invalid-protected-surface.md.tpl

@@ -0,0 +1,21 @@
+---
+id: HARNESS-FIXTURE-002
+status: Ready for Agent
+risk: medium
+autonomy: pr_ready
+model_policy: standard
+repos:
+  - {{HARNESS_REPO_NAME}}
+allowed_paths:
+  - ai/RUNNER-SAFETY.md
+forbidden_paths:
+  - workspace/**
+requires_human_approval: false
+---
+
+# Invalid Protected Surface Fixture
+
+## Summary
+
+This fixture mentions auth, billing, secrets, and database migration work
+without requiring human approval.