@wrongstack/core 0.250.0 → 0.256.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bridge-4gc0vfW2.d.ts → agent-bridge-BrxWHEOm.d.ts} +1 -1
- package/dist/{agent-subagent-runner-Dz-9kiE6.d.ts → agent-subagent-runner-US741uBH.d.ts} +17 -8
- package/dist/{brain-sCZ3lCjq.d.ts → brain-TjEEwSpw.d.ts} +18 -1
- package/dist/{compactor-BRfg3QPd.d.ts → compactor-C5sT4U7I.d.ts} +1 -1
- package/dist/{config-eSsrto5d.d.ts → config-DuAu23zm.d.ts} +16 -1
- package/dist/{context-CLz3z_E8.d.ts → context-CGdgA0q6.d.ts} +13 -0
- package/dist/coordination/index.d.ts +14 -14
- package/dist/coordination/index.js +153 -2
- package/dist/coordination/index.js.map +1 -1
- package/dist/defaults/index.d.ts +25 -25
- package/dist/defaults/index.js +238 -42
- package/dist/defaults/index.js.map +1 -1
- package/dist/execution/index.d.ts +15 -15
- package/dist/execution/index.js +121 -22
- package/dist/execution/index.js.map +1 -1
- package/dist/execution/prompt-enhancer.d.ts +1 -1
- package/dist/extension/index.d.ts +6 -6
- package/dist/{goal-preamble-BjJpnLW4.d.ts → goal-preamble-UiEkbNmW.d.ts} +21 -10
- package/dist/{index-Dy8OwfBD.d.ts → index-CC0Mcm05.d.ts} +9 -9
- package/dist/{index-IehiNryU.d.ts → index-CitPrI3a.d.ts} +20 -7
- package/dist/index.d.ts +112 -42
- package/dist/index.js +759 -114
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.d.ts +6 -6
- package/dist/infrastructure/index.js +12 -0
- package/dist/infrastructure/index.js.map +1 -1
- package/dist/kernel/index.d.ts +10 -10
- package/dist/kernel/index.js.map +1 -1
- package/dist/{llm-selector-D22R4AFz.d.ts → llm-selector-CJ4SyAFE.d.ts} +2 -2
- package/dist/{mcp-servers-DfXxCASH.d.ts → mcp-servers-D8YnLaEp.d.ts} +3 -3
- package/dist/models/index.d.ts +5 -5
- package/dist/{models-registry-DpanBg8D.d.ts → models-registry-ByZCdFuQ.d.ts} +1 -1
- package/dist/{multi-agent-coordinator-CnbEqpv0.d.ts → multi-agent-coordinator-DqTUEAeC.d.ts} +1 -1
- package/dist/{null-fleet-bus-Do1OLYpj.d.ts → null-fleet-bus-B5mfTJXT.d.ts} +17 -6
- package/dist/observability/index.d.ts +2 -2
- package/dist/{package-outdated-watcher-CA5GGB4C.d.ts → package-outdated-watcher-BSgR_kK-.d.ts} +24 -3
- package/dist/{parallel-eternal-engine-UZg1xOzE.d.ts → parallel-eternal-engine-C0juOszP.d.ts} +24 -10
- package/dist/{path-resolver-BaP06Owy.d.ts → path-resolver-CbkT-RMU.d.ts} +3 -3
- package/dist/{permission-DbWPbuoA.d.ts → permission-CwBBpCoF.d.ts} +1 -1
- package/dist/{permission-policy-AOk0LVsV.d.ts → permission-policy-B8rSu908.d.ts} +39 -2
- package/dist/{pipeline-D1n-gQI-.d.ts → pipeline-JG8XoudC.d.ts} +43 -3
- package/dist/{plan-templates-BUVRY0pU.d.ts → plan-templates-DPiQMkBz.d.ts} +5 -5
- package/dist/{provider-runner-D0HgUqwV.d.ts → provider-runner-hM7EXlLI.d.ts} +3 -3
- package/dist/{retry-policy-BVnkbMET.d.ts → retry-policy-Tg7LXkoK.d.ts} +1 -1
- package/dist/sdd/index.d.ts +8 -8
- package/dist/{secret-vault-CeVNiy_f.d.ts → secret-vault-BkYkJWQs.d.ts} +1 -1
- package/dist/security/index.d.ts +4 -4
- package/dist/security/index.js +89 -18
- package/dist/security/index.js.map +1 -1
- package/dist/{selector-Cb4_9-hf.d.ts → selector-DWsqVjGf.d.ts} +1 -1
- package/dist/{session-event-bridge-BhtkkFFy.d.ts → session-event-bridge-BAFWdgQ3.d.ts} +1 -1
- package/dist/{session-reader-CCOssnBS.d.ts → session-reader-CqRvaL5v.d.ts} +1 -1
- package/dist/{skill-Bj6Ezqb8.d.ts → skill-DGIXCtdv.d.ts} +6 -0
- package/dist/skills/index.d.ts +1 -1
- package/dist/storage/index.d.ts +10 -10
- package/dist/storage/index.js +8 -1
- package/dist/storage/index.js.map +1 -1
- package/dist/types/index.d.ts +19 -19
- package/dist/types/index.js +95 -25
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +2 -2
- package/dist/utils/index.js +5 -0
- package/dist/utils/index.js.map +1 -1
- package/package.json +2 -2
- package/skills/api-design/SKILL.md +1 -0
- package/skills/api-design/SKILL.save.md +26 -0
- package/skills/audit-log/SKILL.md +9 -2
- package/skills/audit-log/SKILL.save.md +22 -0
- package/skills/bug-hunter/SKILL.md +10 -2
- package/skills/bug-hunter/SKILL.save.md +33 -0
- package/skills/chimera/SKILL.md +12 -18
- package/skills/chimera/SKILL.save.md +26 -0
- package/skills/docker-deploy/SKILL.md +1 -0
- package/skills/docker-deploy/SKILL.save.md +23 -0
- package/skills/git-flow/SKILL.md +23 -2
- package/skills/git-flow/SKILL.save.md +25 -0
- package/skills/multi-agent/SKILL.md +23 -2
- package/skills/multi-agent/SKILL.save.md +26 -0
- package/skills/node-modern/SKILL.md +2 -1
- package/skills/node-modern/SKILL.save.md +21 -0
- package/skills/observability/SKILL.md +1 -0
- package/skills/observability/SKILL.save.md +34 -0
- package/skills/output-standards/SKILL.md +133 -0
- package/skills/output-standards/SKILL.save.md +21 -0
- package/skills/prompt-engineering/SKILL.md +2 -1
- package/skills/prompt-engineering/SKILL.save.md +29 -0
- package/skills/react-modern/SKILL.md +2 -1
- package/skills/react-modern/SKILL.save.md +24 -0
- package/skills/refactor-planner/SKILL.md +9 -2
- package/skills/refactor-planner/SKILL.save.md +26 -0
- package/skills/research-web/SKILL.md +1 -0
- package/skills/research-web/SKILL.save.md +25 -0
- package/skills/sdd/SKILL.md +2 -1
- package/skills/sdd/SKILL.save.md +19 -0
- package/skills/security-scanner/SKILL.md +10 -3
- package/skills/security-scanner/SKILL.save.md +23 -0
- package/skills/skill-creator/SKILL.md +2 -1
- package/skills/skill-creator/SKILL.save.md +20 -0
- package/skills/tech-stack/SKILL.md +13 -226
- package/skills/tech-stack/SKILL.save.md +25 -0
- package/skills/testing/SKILL.md +1 -0
- package/skills/testing/SKILL.save.md +22 -0
- package/skills/typescript-strict/SKILL.md +2 -1
- package/skills/typescript-strict/SKILL.save.md +19 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@wrongstack/core",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.256.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"description": "WrongStack core: kernel, types, defaults, and shared utilities for the WrongStack CLI agent.",
|
|
6
6
|
"repository": {
|
|
@@ -97,7 +97,7 @@
|
|
|
97
97
|
],
|
|
98
98
|
"wrongstackApiVersion": "0.1.10",
|
|
99
99
|
"devDependencies": {
|
|
100
|
-
"@types/node": "^25.9.
|
|
100
|
+
"@types/node": "^25.9.3",
|
|
101
101
|
"tsup": "^8.5.1",
|
|
102
102
|
"typescript": "^6.0.3"
|
|
103
103
|
},
|
|
@@ -137,3 +137,4 @@ Body: { "status": "paused" }
|
|
|
137
137
|
- `typescript-strict` — for type-safe request/response types
|
|
138
138
|
- `security-scanner` — for scanning API implementations for injection, auth, and secrets
|
|
139
139
|
- `testing` — for writing integration tests against API endpoints
|
|
140
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# API Design — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Designs and reviews REST APIs for WrongStack services. JSON over HTTPS, conventional HTTP status codes, cursor-based pagination.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Use conventional HTTP status codes: 200 (ok), 201 (created), 400 (bad request), 401 (unauthorized), 403 (forbidden), 404 (not found), 500 (server error).
|
|
8
|
+
2. Always return consistent error shape: `{ "error": { "code": "ERROR_CODE", "message": "Human readable" } }`.
|
|
9
|
+
3. Use plural nouns for resource names: `/sessions` not `/session`.
|
|
10
|
+
4. Pagination: cursor-based for large datasets, not offset-based.
|
|
11
|
+
5. Request validation: validate on server, return 400 with field-level errors.
|
|
12
|
+
6. Idempotency: POST to /resources creates; PUT to /resources/:id replaces.
|
|
13
|
+
7. No secrets in URLs — put auth in headers, not query params.
|
|
14
|
+
8. Versioning: prefix with `/v1/` when breaking changes are inevitable.
|
|
15
|
+
|
|
16
|
+
## Error codes
|
|
17
|
+
|
|
18
|
+
| Code | HTTP | When |
|
|
19
|
+
|------|------|------|
|
|
20
|
+
| VALIDATION_ERROR | 400 | Request invalid |
|
|
21
|
+
| UNAUTHORIZED | 401 | Missing/invalid auth |
|
|
22
|
+
| FORBIDDEN | 403 | No permission |
|
|
23
|
+
| NOT_FOUND | 404 | Resource missing |
|
|
24
|
+
| CONFLICT | 409 | Duplicate |
|
|
25
|
+
| RATE_LIMITED | 429 | Too many requests |
|
|
26
|
+
| INTERNAL_ERROR | 500 | Server failure |
|
|
@@ -4,7 +4,7 @@ description: |
|
|
|
4
4
|
Use this skill when analyzing WrongStack session logs, event streams, or
|
|
5
5
|
system traces to surface patterns, anomalies, or operational insights.
|
|
6
6
|
Triggers: user says "audit", "session analysis", "log analysis", "usage patterns".
|
|
7
|
-
version: 1.
|
|
7
|
+
version: 1.2.0
|
|
8
8
|
---
|
|
9
9
|
|
|
10
10
|
# Audit Log Agent — WrongStack
|
|
@@ -152,6 +152,12 @@ When reading a session file:
|
|
|
152
152
|
### Cost Trend
|
|
153
153
|
- Iteration 1-10: avg $0.04/iteration
|
|
154
154
|
- Iteration 11-20: avg $0.11/iteration (context growth)
|
|
155
|
+
|
|
156
|
+
<next_steps>
|
|
157
|
+
1. Investigate bash failures — command timeout pattern in iterations 14-20
|
|
158
|
+
2. Review tool call count in iteration 14 — 50+ tool calls suggests loop
|
|
159
|
+
3. Run `pnpm test` to verify fixes for identified issues
|
|
160
|
+
</next_steps>
|
|
155
161
|
```
|
|
156
162
|
|
|
157
163
|
## Anti-patterns
|
|
@@ -166,4 +172,5 @@ When reading a session file:
|
|
|
166
172
|
|
|
167
173
|
- `bug-hunter` — for turning audit findings into concrete bugs to fix
|
|
168
174
|
- `refactor-planner` — for addressing systemic issues found in logs
|
|
169
|
-
- `security-scanner` — for security-adjacent findings (leaked keys, injection patterns in logs)
|
|
175
|
+
- `security-scanner` — for security-adjacent findings (leaked keys, injection patterns in logs)
|
|
176
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Audit Log Agent — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Analyzes session logs, event streams, and system traces to surface patterns, anomalies, and actionable insights.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Always parse from the source JSONL — never summarize what you didn't read.
|
|
8
|
+
2. Analyze one session at a time, or aggregate with clear labeling.
|
|
9
|
+
3. Cite specific data in reports: iteration numbers, tool names, error messages.
|
|
10
|
+
4. Flag repeated failures (same tool, 5+ times) as a real issue.
|
|
11
|
+
5. Report cost trends in context of iteration count.
|
|
12
|
+
|
|
13
|
+
## What to look for
|
|
14
|
+
|
|
15
|
+
- **Tool usage**: 100+ calls to same tool = possible loop. Same tool failing 5x+ = bug.
|
|
16
|
+
- **Cost**: Tokens/iteration trending up = context bloat. Sudden 3x increase = large file reads.
|
|
17
|
+
- **Context**: >50 tool calls per iteration = unfocused. Compaction 3x+ = too much context.
|
|
18
|
+
- **Errors**: All errors in one tool = command timeout pattern. Same error 47x = systemic.
|
|
19
|
+
|
|
20
|
+
## Session file structure
|
|
21
|
+
|
|
22
|
+
JSONL with events: iteration_start, tool_call, tool_result, error, compaction, cost, iteration_end.
|
|
@@ -4,7 +4,7 @@ description: |
|
|
|
4
4
|
Use this skill when scanning source code for bugs, anti-patterns, code smells,
|
|
5
5
|
or quality issues in a WrongStack project. Triggers: user says "bug", "bug hunt",
|
|
6
6
|
"scan for issues", "find problems", "anti-pattern", "code smell", "static analysis".
|
|
7
|
-
version: 1.
|
|
7
|
+
version: 1.2.0
|
|
8
8
|
---
|
|
9
9
|
|
|
10
10
|
# Bug Hunter — WrongStack
|
|
@@ -125,10 +125,18 @@ const data: any = response.json();
|
|
|
125
125
|
| Low | 3 |
|
|
126
126
|
|
|
127
127
|
Total: 16 findings in 12 files
|
|
128
|
+
|
|
129
|
+
<next_steps>
|
|
130
|
+
1. [SHELL-INJ] `tools/shell.ts:42` — replace exec() with execFile()
|
|
131
|
+
2. [SECRET] `lib/config.ts:8` — move API key to environment variable
|
|
132
|
+
3. [MEMORY] `tools/pool.ts:89` — add cleanup in component unmount
|
|
133
|
+
4. [TYPE] `core/agent.ts:103` — replace `as any` with proper type
|
|
134
|
+
</next_steps>
|
|
128
135
|
```
|
|
129
136
|
|
|
130
137
|
## Skills in scope
|
|
131
138
|
|
|
132
139
|
- `security-scanner` — for hardcoded secrets and injection vectors
|
|
133
140
|
- `refactor-planner` — for fixing findings across multiple files
|
|
134
|
-
- `typescript-strict` — for type
|
|
141
|
+
- `typescript-strict` — for TypeScript type safety rules
|
|
142
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# Bug Hunter — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Scans code for bugs and code smells. Outputs a prioritized hit list with file:line references.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Always include `file:line` in every finding — no line reference = can't be fixed.
|
|
8
|
+
2. Never scan `node_modules`.
|
|
9
|
+
3. Don't report style issues as bugs — those are lint findings.
|
|
10
|
+
4. If >30% of findings are noise, note the false positive rate.
|
|
11
|
+
5. Sort output: critical > high > medium > low.
|
|
12
|
+
6. Don't flag deprecated APIs without severity.
|
|
13
|
+
|
|
14
|
+
## Severity levels
|
|
15
|
+
|
|
16
|
+
| Level | Meaning | Action |
|
|
17
|
+
|-------|---------|--------|
|
|
18
|
+
| **Critical** | Security breach, data loss, crash | Fix immediately |
|
|
19
|
+
| **High** | Logic bug, race condition, memory leak | Fix before release |
|
|
20
|
+
| **Medium** | Error handling gap, type unsafety | Fix soon |
|
|
21
|
+
| **Low** | Style, minor code smell | Consider fixing |
|
|
22
|
+
|
|
23
|
+
## Key patterns to find
|
|
24
|
+
|
|
25
|
+
| Pattern | Severity |
|
|
26
|
+
|---------|----------|
|
|
27
|
+
| Uncaught promise `.then(` without `.catch` | high |
|
|
28
|
+
| Hardcoded secret `[A-Za-z0-9/+=]{40}` | critical |
|
|
29
|
+
| unsafe any `: any` or `as any` | medium |
|
|
30
|
+
| innerHTML assignment | high |
|
|
31
|
+
| Missing await | high |
|
|
32
|
+
| SQL concatenation `"SELECT * FROM " + table` | critical |
|
|
33
|
+
| Shell injection `exec(\`cmd ${input}\`)` | critical |
|
package/skills/chimera/SKILL.md
CHANGED
|
@@ -1,11 +1,10 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: chimera
|
|
3
3
|
description: |
|
|
4
|
-
Use this skill
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
version: 1.0.0
|
|
4
|
+
Use this skill for post-session code quality review of files changed during
|
|
5
|
+
a WrongStack session. Triggers: user says "review", "code review", "quality check",
|
|
6
|
+
"post-session review", "chimeric review".
|
|
7
|
+
version: 1.2.0
|
|
9
8
|
---
|
|
10
9
|
|
|
11
10
|
# Chimera — Post-Session Code Guardian
|
|
@@ -33,19 +32,7 @@ issues the session agent may have missed.
|
|
|
33
32
|
6. **One finding per line.** Each finding must have: severity, file:line, and a
|
|
34
33
|
one-sentence fix.
|
|
35
34
|
|
|
36
|
-
##
|
|
37
|
-
|
|
38
|
-
| Category | Examples | Severity |
|
|
39
|
-
|----------|----------|----------|
|
|
40
|
-
| **Logic bugs** | Off-by-one, inverted condition, null deref without guard | Critical / High |
|
|
41
|
-
| **Type safety** | `as any`, missing return type on export, `!` assertion | Medium |
|
|
42
|
-
| **Error handling** | Missing try/catch on async, swallowed errors | High |
|
|
43
|
-
| **Security** | Hardcoded secret, shell injection, innerHTML XSS | Critical |
|
|
44
|
-
| **Resource leaks** | Event listener not removed, file handle not closed | Medium |
|
|
45
|
-
| **Test gaps** | New logic without corresponding test | Medium |
|
|
46
|
-
| **API design** | Wrong status code, missing validation, secrets in URL | High |
|
|
47
|
-
|
|
48
|
-
## Report format
|
|
35
|
+
## Output format
|
|
49
36
|
|
|
50
37
|
Write your report as a single message appended to the chat. Use this structure:
|
|
51
38
|
|
|
@@ -68,6 +55,12 @@ Write your report as a single message appended to the chat. Use this structure:
|
|
|
68
55
|
- Files reviewed: N
|
|
69
56
|
- Findings: C critical, H high, M medium
|
|
70
57
|
- Clean files: N
|
|
58
|
+
|
|
59
|
+
<next_steps>
|
|
60
|
+
1. [CRITICAL] `path/file.ts:42` — add null guard for `user`
|
|
61
|
+
2. [HIGH] `path/config.ts:8` — move API key to environment variable
|
|
62
|
+
3. [MEDIUM] `path/helper.ts:15` — replace `as any` with `as unknown as T`
|
|
63
|
+
</next_steps>
|
|
71
64
|
```
|
|
72
65
|
|
|
73
66
|
If you find **nothing** worth flagging: write a single line.
|
|
@@ -103,3 +96,4 @@ likely missed, not decisions it explicitly made.
|
|
|
103
96
|
- `typescript-strict` — for TypeScript type safety rules
|
|
104
97
|
- `api-design` — for API design review patterns
|
|
105
98
|
- `testing` — for test coverage assessment
|
|
99
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Chimera — Post-Session Code Guardian (Compact)
|
|
2
|
+
|
|
3
|
+
Post-session code quality agent. Reviews files changed during the session.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Only review changed files.
|
|
8
|
+
2. Read before judging — always read the file before flagging.
|
|
9
|
+
3. Be surgical — flag real bugs, not style preferences.
|
|
10
|
+
4. No re-litigation — don't re-raise issues already discussed.
|
|
11
|
+
5. Severity-ranked: Critical > High > Medium > Low.
|
|
12
|
+
6. One finding per line: severity, file:line, one-sentence fix.
|
|
13
|
+
|
|
14
|
+
## Output format
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
## 🦂 Chimera Review
|
|
18
|
+
|
|
19
|
+
### Critical (N)
|
|
20
|
+
1. [BUG] path/file.ts:42 — null deref on user.name
|
|
21
|
+
→ Add guard: if (!user) throw new NotFoundError()
|
|
22
|
+
|
|
23
|
+
### Summary
|
|
24
|
+
- Files reviewed: N
|
|
25
|
+
- Clean files: N
|
|
26
|
+
```
|
|
@@ -153,3 +153,4 @@ trivy image --exit-code 1 --ignore-unfixed --severity HIGH,CRITICAL wrongstack:$
|
|
|
153
153
|
- `git-flow` — for tagging releases and managing Docker image versions
|
|
154
154
|
- `node-modern` — for Node.js-specific containerization patterns
|
|
155
155
|
- `observability` — for logging and tracing in containerized environments
|
|
156
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Docker Deploy — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Containerizes and deploys WrongStack with Docker.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Multi-stage build: build stage + runtime stage (production deps only).
|
|
8
|
+
2. Use `node:*` base image with pinned version — not `node:latest`.
|
|
9
|
+
3. Never run as root in the container — use a non-root user.
|
|
10
|
+
4. Pass secrets via environment variables, not baked into the image.
|
|
11
|
+
5. Tag images with git SHA: `wrongstack:$GIT_SHA`.
|
|
12
|
+
6. Scan images for vulnerabilities: `trivy image` or `docker scout` before push.
|
|
13
|
+
7. Use `.dockerignore` to exclude `node_modules`, `dist`, `.git`, `*.test.ts`.
|
|
14
|
+
|
|
15
|
+
## Key best practices
|
|
16
|
+
|
|
17
|
+
| Practice | Why |
|
|
18
|
+
|----------|-----|
|
|
19
|
+
| Pin base image version | Reproducibility |
|
|
20
|
+
| Multi-stage build | 1GB → ~150MB |
|
|
21
|
+
| Non-root user | Security: container compromise ≠ host root |
|
|
22
|
+
| `.dockerignore` | Smaller image, faster builds |
|
|
23
|
+
| No `latest` tag | You always know which SHA |
|
package/skills/git-flow/SKILL.md
CHANGED
|
@@ -4,7 +4,7 @@ description: |
|
|
|
4
4
|
Use this skill when proposing, reviewing, or troubleshooting git commits,
|
|
5
5
|
branches, pull requests, or merge strategies in a WrongStack project session.
|
|
6
6
|
Triggers: user mentions "commit", "branch", "PR", "merge", "rebase", "stash", "diff".
|
|
7
|
-
version: 1.
|
|
7
|
+
version: 1.2.0
|
|
8
8
|
---
|
|
9
9
|
|
|
10
10
|
# Git Workflow — WrongStack
|
|
@@ -132,8 +132,29 @@ git rebase main && git merge --ff-only feature
|
|
|
132
132
|
- **Committing lockfile with logic changes**: Keep them separate for easier rollbacks
|
|
133
133
|
- **Branching from branches**: Always branch from `main` or a stable release tag
|
|
134
134
|
|
|
135
|
+
## Output format
|
|
136
|
+
|
|
137
|
+
```
|
|
138
|
+
## Git Workflow Report — <task>
|
|
139
|
+
|
|
140
|
+
### Changes Summary
|
|
141
|
+
[What files changed, how many commits, what the impact is]
|
|
142
|
+
|
|
143
|
+
### Recommended Actions
|
|
144
|
+
1. Create branch `feature-name` from `main`
|
|
145
|
+
2. Commit changes with conventional commit format
|
|
146
|
+
3. Open PR with description linking to issue
|
|
147
|
+
|
|
148
|
+
<next_steps>
|
|
149
|
+
1. `git checkout -b fix/session-leak` from `main`
|
|
150
|
+
2. Commit with: `fix: correct race condition in token refresh`
|
|
151
|
+
3. Open PR with description linking to issue #123
|
|
152
|
+
</next_steps>
|
|
153
|
+
```
|
|
154
|
+
|
|
135
155
|
## Skills in scope
|
|
136
156
|
|
|
137
157
|
- `refactor-planner` — when a refactor involves multiple git-managed changes
|
|
138
158
|
- `multi-agent` — for fleet-wide version audits across packages
|
|
139
|
-
- `bug-hunter` — for spotting bugs at commit time before they reach main
|
|
159
|
+
- `bug-hunter` — for spotting bugs at commit time before they reach main
|
|
160
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Git Workflow — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Guides commit messages, branch hygiene, PR strategy, and merge decisions. WrongStack uses pnpm workspaces.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. One concern per commit — never mix logic changes with lockfile updates.
|
|
8
|
+
2. Never force-push shared branches — use `--force-with-lease` on own branches only.
|
|
9
|
+
3. Always branch from `main` or a stable release tag.
|
|
10
|
+
4. Small, frequent commits with clear messages beat large, vague ones.
|
|
11
|
+
5. Rebase onto `main` before PR when safe for cleaner history.
|
|
12
|
+
6. Delete branches after merge unless shared or releasing.
|
|
13
|
+
|
|
14
|
+
## Commit format
|
|
15
|
+
|
|
16
|
+
`type: short description` — types: `fix`, `feat`, `docs`, `refactor`, `test`, `chore`, `perf`, `ci`
|
|
17
|
+
|
|
18
|
+
- Subject ≤ 72 chars, imperative mood, no trailing period.
|
|
19
|
+
- Body: explain **why**, not what (the diff shows what).
|
|
20
|
+
- Reference issues: `Fix #123` or `Closes GH-456`.
|
|
21
|
+
|
|
22
|
+
## Branch strategy
|
|
23
|
+
|
|
24
|
+
- One topic per branch: `feat/login`, `fix/session-leak`, `refactor/auth-layer`
|
|
25
|
+
- Delete after merge, rebase onto main before PR
|
|
@@ -4,7 +4,7 @@ description: |
|
|
|
4
4
|
Use this skill when a task would benefit from parallel execution across
|
|
5
5
|
multiple AI agents, or when orchestrating leader/worker patterns in WrongStack.
|
|
6
6
|
Triggers: user says "fan out", "parallel", "delegate", "subagent", "fleet", "coordinator".
|
|
7
|
-
version: 1.
|
|
7
|
+
version: 1.2.0
|
|
8
8
|
---
|
|
9
9
|
|
|
10
10
|
# Multi-Agent Coordination — WrongStack
|
|
@@ -113,6 +113,26 @@ For each worker result:
|
|
|
113
113
|
- Present as unified report
|
|
114
114
|
```
|
|
115
115
|
|
|
116
|
+
## Leader output format
|
|
117
|
+
|
|
118
|
+
When a leader synthesizes results from subagents:
|
|
119
|
+
|
|
120
|
+
```
|
|
121
|
+
## Synthesis Report — <task>
|
|
122
|
+
|
|
123
|
+
### Summary
|
|
124
|
+
[Unified summary of all findings]
|
|
125
|
+
|
|
126
|
+
### Unified Next Steps
|
|
127
|
+
[Deduplicated and prioritized action items]
|
|
128
|
+
|
|
129
|
+
<next_steps>
|
|
130
|
+
1. [Priority] Action item 1 — file:line reference
|
|
131
|
+
2. [Priority] Action item 2 — file:line reference
|
|
132
|
+
3. [Priority] Action item 3 — file:line reference
|
|
133
|
+
</next_steps>
|
|
134
|
+
```
|
|
135
|
+
|
|
116
136
|
## Anti-patterns
|
|
117
137
|
|
|
118
138
|
- **Over-delegation**: Firing 50 subagents in one turn — model context explodes, nothing gets done
|
|
@@ -131,6 +151,7 @@ Subagents share **nothing** — no memory, no session state, no variable scope.
|
|
|
131
151
|
- `security-scanner` — parallel security scans
|
|
132
152
|
- `refactor-planner` — parallel module analysis
|
|
133
153
|
- `audit-log` — aggregating multiple session analyses
|
|
154
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
134
155
|
|
|
135
156
|
---
|
|
136
157
|
|
|
@@ -184,4 +205,4 @@ collab_debug(["packages/**/src/**/*.ts"])
|
|
|
184
205
|
|
|
185
206
|
### For large codebases
|
|
186
207
|
|
|
187
|
-
Run **package-by-package** or **module-by-module** sessions. Target only the area under review, not the whole repo.
|
|
208
|
+
Run **package-by-package** or **module-by-module** sessions. Target only the area under review, not the whole repo.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Multi-Agent Coordination — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Coordinates parallel AI agent execution for tasks that benefit from fanning out.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Subagents share nothing — no memory, no session state.
|
|
8
|
+
2. Leader must aggregate results.
|
|
9
|
+
3. Narrow task scope per subagent — broad tasks exhaust budget.
|
|
10
|
+
4. Role must match task — don't use bug-hunter to write docs.
|
|
11
|
+
5. Check `stopReason`: end_turn (clean), budget_exhausted (retry), error (surface), aborted (don't retry).
|
|
12
|
+
6. Don't fan out single atomic tasks under 5 tool calls.
|
|
13
|
+
|
|
14
|
+
## When to fan out
|
|
15
|
+
|
|
16
|
+
✅ Good: "Audit 50 files" — one subagent per 5-10 files. "Run tests in 12 packages" — parallel.
|
|
17
|
+
❌ Avoid: Single atomic task under 5 calls. Tasks requiring shared state.
|
|
18
|
+
|
|
19
|
+
## Roles
|
|
20
|
+
|
|
21
|
+
| Role | Responsibility |
|
|
22
|
+
|------|---------------|
|
|
23
|
+
| **Leader** | Coordinates, delegates, synthesizes |
|
|
24
|
+
| **Worker** | Executes a narrow subtask |
|
|
25
|
+
| **Reviewer** | Validates worker output |
|
|
26
|
+
| **Architect** | Design decisions when workers hit ambiguity |
|
|
@@ -186,4 +186,5 @@ while (true) {
|
|
|
186
186
|
- `typescript-strict` — strict TypeScript patterns
|
|
187
187
|
- `react-modern` — React Server Components with Node.js
|
|
188
188
|
- `bug-hunter` — catching async/await bugs, unhandled rejections
|
|
189
|
-
- `sdd` — for setting up new Node.js features with a spec first
|
|
189
|
+
- `sdd` — for setting up new Node.js features with a spec first
|
|
190
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# Modern Node.js (>= 22) — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Node.js >= 22 patterns: ESM-only, native fetch with AbortSignal, Web Streams.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Always use ESM (`import` with `.js` extension) — never `require()`.
|
|
8
|
+
2. Always use `node:` protocol for built-in modules.
|
|
9
|
+
3. Always use `AbortSignal.timeout()` for long-running operations.
|
|
10
|
+
4. Never use axios, node-fetch, or got — native fetch is sufficient.
|
|
11
|
+
5. Always handle `ENOENT` on file reads — use try/catch or `access` first.
|
|
12
|
+
6. Use `Promise.allSettled` when partial failure is acceptable.
|
|
13
|
+
|
|
14
|
+
## Key patterns
|
|
15
|
+
|
|
16
|
+
- **ESM**: `import * as fs from 'node:fs/promises'`, `import { helper } from './helper.js'`
|
|
17
|
+
- **fetch**: `const res = await fetch(url, { signal: AbortSignal.timeout(5000) })`
|
|
18
|
+
- **Atomic write**: write to `.tmp`, then `rename(tmp, target)`
|
|
19
|
+
- **Parallel**: `const results = await Promise.allSettled(tasks.map(t => t.run()))`
|
|
20
|
+
- **Streams**: `response.body.getReader()` with `TextDecoder`
|
|
21
|
+
- **AbortSignal**: Combine signals with `AbortSignal.any([userSignal, timeoutSignal])`
|
|
@@ -132,3 +132,4 @@ Every log should include:
|
|
|
132
132
|
- `bug-hunter` — for finding bugs via error trace patterns
|
|
133
133
|
- `security-scanner` — for ensuring no secrets leak into logs
|
|
134
134
|
- `node-modern` — for async tracing patterns with AbortSignal
|
|
135
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# Observability — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Instruments WrongStack code with structured logs, traces, and metrics.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Log at the right level: DEBUG (dev), INFO (normal), WARN (recoverable), ERROR (needs attention).
|
|
8
|
+
2. Structured logs only — JSON to stdout, not plain text to files.
|
|
9
|
+
3. Every significant event needs a `traceId`.
|
|
10
|
+
4. Never log secrets, tokens, or PII — redact before logging.
|
|
11
|
+
5. Logs must answer: what happened, what context, what was the outcome.
|
|
12
|
+
|
|
13
|
+
## Log schema
|
|
14
|
+
|
|
15
|
+
```json
|
|
16
|
+
{
|
|
17
|
+
"level": "info|warn|error",
|
|
18
|
+
"traceId": "uuid",
|
|
19
|
+
"event": "event_name",
|
|
20
|
+
"timestamp": "ISO8601",
|
|
21
|
+
"duration_ms": 12,
|
|
22
|
+
"outcome": "success|failure|timeout"
|
|
23
|
+
}
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
## Metrics
|
|
27
|
+
|
|
28
|
+
| Metric | Type | Why |
|
|
29
|
+
|--------|------|-----|
|
|
30
|
+
| `tool.executions` | Counter | How often each tool runs |
|
|
31
|
+
| `tool.duration_ms` | Histogram | Latency per tool |
|
|
32
|
+
| `session.iterations` | Gauge | Active iterations |
|
|
33
|
+
| `error.count` | Counter | Errors by type |
|
|
34
|
+
| `context.tokens` | Gauge | Context size |
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: output-standards
|
|
3
|
+
description: |
|
|
4
|
+
Use this skill when defining or enforcing output formatting standards for agent
|
|
5
|
+
responses in WrongStack. Triggers: user says "next steps format", "output standard",
|
|
6
|
+
"response format", "final message format", "standardize next steps".
|
|
7
|
+
version: 1.0.0
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Output Standards — WrongStack
|
|
11
|
+
|
|
12
|
+
Standardizes the format of agent output, particularly the `next_steps` section
|
|
13
|
+
in final messages. This ensures system-level parsing and automation can reliably
|
|
14
|
+
extract structured data from agent responses.
|
|
15
|
+
|
|
16
|
+
## Rules
|
|
17
|
+
|
|
18
|
+
1. **Every final message MUST include `<next_steps>` tag** — no exceptions for completed tasks.
|
|
19
|
+
2. **Tags must be properly closed** — `<next_steps>...</next_steps>` with exact tag names.
|
|
20
|
+
3. **No markdown inside tags** — plain text only, one action per line.
|
|
21
|
+
4. **Use imperative mood** — "Fix X", "Run Y", not "Fixed X" or "Running Y".
|
|
22
|
+
5. **Be specific** — mention file paths, tool names, or exact commands.
|
|
23
|
+
6. **Keep concise** — max 5 items unless the task genuinely requires more.
|
|
24
|
+
|
|
25
|
+
## Output Format
|
|
26
|
+
|
|
27
|
+
Every agent's final message MUST end with this structure:
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
[... task results ...]
|
|
31
|
+
|
|
32
|
+
<next_steps>
|
|
33
|
+
1. First actionable next step — imperative, specific
|
|
34
|
+
2. Second actionable next step
|
|
35
|
+
3. Third actionable next step (if needed)
|
|
36
|
+
</next_steps>
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
### Format Requirements
|
|
40
|
+
|
|
41
|
+
| Element | Rule | Example |
|
|
42
|
+
|---------|------|---------|
|
|
43
|
+
| Opening tag | `<next_steps>` on its own line | `<next_steps>` |
|
|
44
|
+
| Numbered items | `1. ` prefix, one per line | `1. Fix auth bug in core/session.ts` |
|
|
45
|
+
| Closing tag | `</next_steps>` on its own line | `</next_steps>` |
|
|
46
|
+
| Blank line before | Optional but recommended | Improves readability |
|
|
47
|
+
| Blank line after | Not required | — |
|
|
48
|
+
|
|
49
|
+
### ✅ Correct Examples
|
|
50
|
+
|
|
51
|
+
```
|
|
52
|
+
Task completed successfully.
|
|
53
|
+
|
|
54
|
+
<next_steps>
|
|
55
|
+
1. Fix shell injection in packages/cli/src/slash-commands/dev.ts:15
|
|
56
|
+
2. Replace Math.random() with randomUUID() in 4 files
|
|
57
|
+
3. Run pnpm run typecheck to verify fixes
|
|
58
|
+
</next_steps>
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
```
|
|
62
|
+
Analysis finished. Found 3 critical issues.
|
|
63
|
+
|
|
64
|
+
<next_steps>
|
|
65
|
+
1. [CRITICAL] packages/cli/src/slash-commands/dev.ts:15 — exec() → execFile()
|
|
66
|
+
2. [HIGH] packages/core/src/session-registry.ts:145 — remove ! assertion
|
|
67
|
+
3. [HIGH] packages/core/src/session-registry.ts:169 — remove ! assertion
|
|
68
|
+
</next_steps>
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
### ❌ Incorrect Examples
|
|
72
|
+
|
|
73
|
+
```
|
|
74
|
+
Task done. Next steps: 1) fix bug 2) run tests
|
|
75
|
+
|
|
76
|
+
# ❌ No tags — not parseable
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
```
|
|
80
|
+
<next_steps>
|
|
81
|
+
- Fix the bug in auth.ts # ❌ Dash, not number
|
|
82
|
+
- Run tests
|
|
83
|
+
</next_steps>
|
|
84
|
+
|
|
85
|
+
# ❌ Wrong bullet character
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
```
|
|
89
|
+
<next_steps>
|
|
90
|
+
1. **Fix the bug** — use execFile instead # ❌ Markdown inside tags
|
|
91
|
+
2. Run `pnpm test`
|
|
92
|
+
</next_steps>
|
|
93
|
+
|
|
94
|
+
# ❌ Markdown formatting not allowed inside tags
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
```
|
|
98
|
+
Next steps:
|
|
99
|
+
1. Fix auth.ts
|
|
100
|
+
|
|
101
|
+
# ❌ Missing opening/closing tags
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
## Subagent Requirements
|
|
105
|
+
|
|
106
|
+
When a **leader agent** synthesizes output from **subagents**, the leader MUST:
|
|
107
|
+
|
|
108
|
+
1. Aggregate all subagent `next_steps` into a unified `<next_steps>` section
|
|
109
|
+
2. Remove duplicates (dedupe by file path + action)
|
|
110
|
+
3. Re-prioritize if needed (critical > high > medium > low)
|
|
111
|
+
4. Keep the unified list within the 5-item guideline, but no hard cap
|
|
112
|
+
|
|
113
|
+
When a **subagent** completes its task, it MUST:
|
|
114
|
+
|
|
115
|
+
1. Include its own `<next_steps>` section in the final message
|
|
116
|
+
2. Report what it found/achieved, not what the leader should do
|
|
117
|
+
3. Leader will aggregate and decide on overall next steps
|
|
118
|
+
|
|
119
|
+
## Anti-patterns
|
|
120
|
+
|
|
121
|
+
- **Don't use markdown inside `<next_steps>`** — plain text only
|
|
122
|
+
- **Don't skip the tag** — even if next steps are obvious, include them
|
|
123
|
+
- **Don't use dashes or asterisks** — use `1.`, `2.`, `3.` numbering
|
|
124
|
+
- **Don't be vague** — "fix bugs" is useless, "fix auth/session.ts:42" is actionable
|
|
125
|
+
- **Don't exceed 5 items without reason** — if >5, it's probably not a single task
|
|
126
|
+
|
|
127
|
+
## Skills in scope
|
|
128
|
+
|
|
129
|
+
- `bug-hunter` — inherits output-standards for bug reports
|
|
130
|
+
- `security-scanner` — inherits output-standards for security findings
|
|
131
|
+
- `refactor-planner` — inherits output-standards for refactoring plans
|
|
132
|
+
- `architect` — inherits output-standards for architecture analysis
|
|
133
|
+
- `tech-stack` — inherits output-standards for dependency reports
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# Output Standards — WrongStack (Compact)
|
|
2
|
+
|
|
3
|
+
Standardizes the format of agent output, particularly the `<next_steps>` section in final messages.
|
|
4
|
+
|
|
5
|
+
## Rules
|
|
6
|
+
|
|
7
|
+
1. Every final message MUST include `<next_steps>` tag — no exceptions.
|
|
8
|
+
2. Tags must be properly closed — `<next_steps>...</next_steps>`.
|
|
9
|
+
3. No markdown inside tags — plain text only, one action per line.
|
|
10
|
+
4. Use imperative mood — "Fix X", not "Fixed X".
|
|
11
|
+
5. Be specific — mention file paths, tool names, or exact commands.
|
|
12
|
+
6. Keep concise — max 5 items unless the task genuinely requires more.
|
|
13
|
+
|
|
14
|
+
## Format
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
<next_steps>
|
|
18
|
+
1. [Priority] Action item with file:line reference
|
|
19
|
+
2. [Priority] Second action item
|
|
20
|
+
</next_steps>
|
|
21
|
+
```
|
|
@@ -133,4 +133,5 @@ See `skill-creator` skill for the format. Key points:
|
|
|
133
133
|
|
|
134
134
|
- `skill-creator` — for creating new skills (primary — prompt-engineering feeds into skill creation)
|
|
135
135
|
- `typescript-strict` — for TypeScript-specific prompt typing
|
|
136
|
-
- `react-modern` — for React component prompt conventions
|
|
136
|
+
- `react-modern` — for React component prompt conventions
|
|
137
|
+
- `output-standards` — for standardized `<next_steps>` formatting
|