@wwjd/pi-graphify 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/docs/DESIGN.md ADDED
@@ -0,0 +1,288 @@
1
+ # Design Document: pi-graphify
2
+
3
+ ## Executive summary
4
+
5
+ `pi-graphify` integrates the [Graphify](https://github.com/Graphify-Labs/graphify) knowledge graph ecosystem into [Pi](https://pi.dev) as a native extension. It exposes Graphify capabilities through Pi tools, slash commands, and session lifecycle hooks, and it abstracts over multiple Graphify interfaces (CLI and MCP) so that the Pi agent can use Graphify without caring how it is installed.
6
+
7
+ The design is intentionally ecosystem-aware: it works alongside memory extensions like `pi-hermes-memory`, code intelligence extensions like `pi-fallow`, and any other Pi package without duplicating their responsibilities.
8
+
9
+ For deeper detail, see:
10
+ - [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) — backend abstraction, component design, and data flow
11
+ - [docs/ECOSYSTEM.md](docs/ECOSYSTEM.md) — integration with other Pi extensions
12
+ - [docs/VERSIONING.md](docs/VERSIONING.md) — Graphify dependency and compatibility strategy
13
+
14
+ ---
15
+
16
+ ## Vision
17
+
18
+ Make Graphify a first-class Pi citizen. A user should be able to open a Pi session in a project that has Graphify installed, ask codebase questions, and have the agent automatically use the knowledge graph when it is the right tool. Manual Graphify commands should still be available, but they should not be the default path for common questions.
19
+
20
+ The experience should feel similar to how `pi-hermes-memory` makes persistent memory feel native: present in the background, available through tools, and surfaced automatically when relevant.
21
+
22
+ ---
23
+
24
+ ## Design principles
25
+
26
+ 1. **Agent-first**
27
+ The LLM should discover and call Graphify capabilities through typed tools. The user should not have to remember command syntax.
28
+
29
+ 2. **Backend abstraction**
30
+ The extension supports both the Graphify CLI and the Graphify MCP server behind a single interface. Callers do not choose the backend; the extension picks the best available one.
31
+
32
+ 3. **Defensive compatibility**
33
+ Graphify is an external tool with its own release cycle. The extension detects the installed version, compares it to a supported range, and degrades gracefully when there is a mismatch.
34
+
35
+ 4. **Progressive automation**
36
+ Start with manual tools, then add context hints, then background rebuilds, then optional interception. Each layer is configurable and can be disabled.
37
+
38
+ 5. **Safe defaults**
39
+ Do not auto-run expensive operations. Code-only incremental rebuilds are safe; LLM-based semantic extraction is explicit. Do not auto-update Graphify without user confirmation.
40
+
41
+ 6. **Ecosystem composable**
42
+ Work with, not against, other Pi extensions. Store durable lessons in memory extensions. Coexist with code intelligence extensions. Respect project trust and provider settings.
43
+
44
+ 7. **Integration-ready**
45
+ Third-party integrations (e.g., with `pi-hermes-memory`) are optional and not part of the core implementation. The extension exposes well-defined hooks so that other extensions can integrate with it without tight coupling.
46
+
47
+ 8. **Full ecosystem coverage**
48
+ Expose the useful Graphify surface: build, query, path, explain, affected, add, watch, reflect, and diagnostics. Do not build a thin wrapper around only `query`.
49
+
50
+ ---
51
+
52
+ ## User experience
53
+
54
+ ### Ideal flow
55
+
56
+ 1. User opens a project in Pi.
57
+ 2. `pi-graphify` detects `graphify-out/graph.json` and the installed Graphify version.
58
+ 3. If a graph exists, the system prompt gets a hint to prefer graph tools for codebase questions.
59
+ 4. User asks: “How does auth flow to the database?”
60
+ 5. The agent calls `graphify_query` and receives a scoped subgraph.
61
+ 6. While the user edits code, the graph is incrementally rebuilt in the background (if enabled).
62
+ 7. The user rarely types `/graphify`.
63
+
64
+ ### Fallback flow
65
+
66
+ 1. User opens a project with no graph or an outdated Graphify version.
67
+ 2. The extension explains the situation and offers `/graphify-build` or `/graphify-status`.
68
+ 3. The agent or user triggers the build.
69
+ 4. The extension reports success or failure clearly.
70
+
71
+ ### Version mismatch flow
72
+
73
+ 1. Extension detects Graphify 1.x when 2.x is expected.
74
+ 2. It notifies the user and disables features that require 2.x.
75
+ 3. It provides the exact command to update Graphify.
76
+ 4. Basic query/explain still work if the CLI contract is compatible.
77
+
78
+ ---
79
+
80
+ ## Feature surface
81
+
82
+ ### Tools
83
+
84
+ | Tool | Purpose |
85
+ |---|---|
86
+ | `graphify_status` | Check whether a graph exists and whether the CLI is compatible. |
87
+ | `graphify_build` | Build or incrementally update the graph. |
88
+ | `graphify_query` | Natural-language graph traversal. |
89
+ | `graphify_path` | Shortest path between two concepts. |
90
+ | `graphify_explain` | Explain a node and its connections. |
91
+ | `graphify_affected` | Show blast radius of a change. |
92
+ | `graphify_add` | Add a URL or document to the corpus. |
93
+ | `graphify_watch` | Start or stop the background file watcher. |
94
+ | `graphify_reflect` | Refresh LESSONS.md from saved query results. |
95
+ | `graphify_version` | Report installed Graphify version and compatibility status. |
96
+
97
+ ### Commands
98
+
99
+ | Command | Purpose |
100
+ |---|---|
101
+ | `/graphify-status` | Show graph status and compatibility. |
102
+ | `/graphify-build` | Build or update the graph. |
103
+ | `/graphify-query` | Run a query. |
104
+ | `/graphify-path` | Trace a path. |
105
+ | `/graphify-explain` | Explain a node. |
106
+ | `/graphify-affected` | Show affected nodes. |
107
+ | `/graphify-watch` | Toggle file watcher. |
108
+ | `/graphify-install-hook` | Install a post-commit rebuild hook. |
109
+ | `/graphify-diagnose` | Run graph health / extension diagnostics. |
110
+ | `/graphify-version` | Show Graphify version and backend details. |
111
+
112
+ ### Events
113
+
114
+ | Event | Behavior |
115
+ |---|---|
116
+ | `session_start` | Detect graph, detect Graphify version, start watcher if configured. |
117
+ | `before_agent_start` | Inject graph hint if a graph exists. |
118
+ | `session_shutdown` | Stop watcher, close MCP connection. |
119
+ | `tool_call` (optional future) | Nudge read/grep toward graph query when appropriate. |
120
+
121
+ ---
122
+
123
+ ## Architecture
124
+
125
+ See [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) for the full component design.
126
+
127
+ At a high level, the extension is layered:
128
+
129
+ ```
130
+ Pi Agent
131
+
132
+
133
+ Extensions API (extensions/index.ts)
134
+
135
+ ├─ Tool registration
136
+ ├─ Command registration
137
+ └─ Event handlers
138
+
139
+ Coordinator (src/coordinator.ts)
140
+
141
+ ├─ Backend selector (CLI vs MCP)
142
+ ├─ Version manager
143
+ ├─ State manager
144
+ └─ Feature capability map
145
+
146
+ Graphify Backend
147
+ ├─ CliBackend (src/backends/cli.ts)
148
+ └─ McpBackend (src/backends/mcp.ts)
149
+ ```
150
+
151
+ All Graphify operations go through the coordinator, which picks the backend, checks capabilities, and normalizes results. No tool or command talks directly to the CLI or MCP server.
152
+
153
+ ---
154
+
155
+ ## Graphify dependency
156
+
157
+ See [docs/VERSIONING.md](docs/VERSIONING.md) for the detailed compatibility strategy.
158
+
159
+ ### Supported range
160
+
161
+ The extension declares a supported Graphify version range (e.g., `>= 2.100.0`). This range is checked at session start and before each operation if the version is unknown.
162
+
163
+ ### Detection
164
+
165
+ The extension finds Graphify by:
166
+ 1. Checking the `GRAPHIFY_PATH` environment variable.
167
+ 2. Searching `PATH` for the `graphify` executable (`which` / `where`).
168
+ 3. Checking common installation locations (uv tool, pipx, pip user bin).
169
+
170
+ ### Version command
171
+
172
+ `graphify --version` or `graphify version` is used to determine the installed version. If the command fails, the extension falls back to trying CLI operations in compatibility mode.
173
+
174
+ ### Mismatch handling
175
+
176
+ | Scenario | Behavior |
177
+ |---|---|
178
+ | Graphify missing | Disable tools, show install instructions, keep session alive. |
179
+ | Version below minimum | Disable advanced features, warn user, suggest update command. |
180
+ | Version above maximum | Disable features with known breaking changes, warn user, log telemetry. |
181
+ | Version unknown | Run in best-effort mode; assume basic CLI compatibility. |
182
+ | Feature missing | Disable that specific feature; other tools continue working. |
183
+
184
+ ### Updates
185
+
186
+ The extension never auto-updates Graphify. It can:
187
+ - Detect that an update is available.
188
+ - Show the exact update command for the detected installation method.
189
+ - Let the agent or user run the update via a tool/command if they choose.
190
+
191
+ For the hybrid version-detection strategy (hardcoded minimum + runtime capability probes), see [docs/VERSIONING.md](docs/VERSIONING.md).
192
+
193
+ ---
194
+
195
+ ## Ecosystem integration
196
+
197
+ See [docs/ECOSYSTEM.md](docs/ECOSYSTEM.md) for detailed integration points.
198
+
199
+ ### With `pi-hermes-memory`
200
+
201
+ Complementary. Graphify provides project structure context; Hermes provides durable agent/user memory. The extension may write durable lessons to Hermes memory when graph queries produce reusable insights or corrections.
202
+
203
+ This integration is **not part of the initial implementation**. It will be added later via the integration hook architecture described in [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md).
204
+
205
+ ### With `pi-fallow`
206
+
207
+ Coexistence. Fallow is useful for TypeScript/JavaScript code intelligence; Graphify is useful for project-wide structural knowledge. Both can run in the same session without conflict.
208
+
209
+ ### With provider/auth extensions
210
+
211
+ The extension does not manage API keys or providers. It relies on Graphify to read `GEMINI_API_KEY` / `GOOGLE_API_KEY` for semantic extraction, and on Pi to manage LLM provider auth for the agent itself.
212
+
213
+ ---
214
+
215
+ ## Security model
216
+
217
+ 1. **Path validation** — All paths resolved relative to project root; no traversal.
218
+ 2. **No shell injection** — Use `execFile` with argument arrays.
219
+ 3. **User confirmation for expensive ops** — Full builds and semantic extraction require explicit action.
220
+ 4. **Output sanitization** — Graphify output is treated as text; never re-executed.
221
+ 5. **Project trust** — Project-local config and auto-watch only on trusted projects.
222
+ 6. **URL validation** — URLs are validated before `graphify add`.
223
+
224
+ ---
225
+
226
+ ## Error handling
227
+
228
+ | Scenario | Behavior |
229
+ |---|---|
230
+ | Graphify missing | Clear install instructions; extension stays loaded. |
231
+ | Version incompatible | Feature matrix adjusted; user notified. |
232
+ | Graph missing | Offer to build; do not crash. |
233
+ | Build fails | Return error to agent with stderr. |
234
+ | Watcher fails | Log warning; disable watcher; continue. |
235
+ | MCP connection fails | Fall back to CLI automatically. |
236
+ | Query no results | Clear message; agent can try other tools. |
237
+
238
+ ---
239
+
240
+ ## Out of scope (for v1)
241
+
242
+ - Rewriting Graphify in TypeScript.
243
+ - Bundling Python or graphify dependencies.
244
+ - Auto-running LLM-based semantic extraction on every save.
245
+ - Auto-updating Graphify without user confirmation.
246
+ - Replacing other memory or intelligence extensions.
247
+ - Hosting a persistent public MCP server.
248
+ - Cross-repo graph customization beyond what Graphify already supports.
249
+
250
+ ---
251
+
252
+ ## Roadmap
253
+
254
+ ### Phase 1 — Foundation ✅
255
+ - Project setup, config loader, CLI discovery, status tool, version detection.
256
+
257
+ ### Phase 2 — Backend abstraction
258
+ - Coordinator, `CliBackend`, backend interface, capability matrix.
259
+
260
+ ### Phase 3 — Core tools
261
+ - Build, query, path, explain, affected, version tools.
262
+
263
+ ### Phase 4 — Commands
264
+ - Slash commands for all core tools.
265
+
266
+ ### Phase 5 — Automation
267
+ - File watcher, staleness detection, git hook helper, auto-hints.
268
+
269
+ ### Phase 6 — Advanced features
270
+ - MCP backend, `add`, `watch`, `reflect`, optional read interception.
271
+
272
+ ### Phase 7 — Ecosystem polish
273
+ - Hermes memory integration, telemetry/logging, diagnostics.
274
+
275
+ ### Phase 8 — 1.0 readiness
276
+ - Tests, README, security review, stable config, npm publish, gallery.
277
+
278
+ ---
279
+
280
+ ## Success criteria for 1.0
281
+
282
+ - [ ] User can install `pi-graphify` and use graph tools against an existing graph.
283
+ - [ ] Agent automatically prefers graph tools for codebase questions when a graph exists.
284
+ - [ ] Extension handles missing or outdated Graphify gracefully.
285
+ - [ ] Graph can be rebuilt and queried without leaving Pi.
286
+ - [ ] File watcher can optionally auto-update code-only graphs.
287
+ - [ ] Backend abstraction supports CLI and MCP.
288
+ - [ ] Full test coverage and passing CI.
@@ -0,0 +1,130 @@
1
+ # Ecosystem Integration Document: pi-graphify
2
+
3
+ `pi-graphify` is designed to live in a Pi session alongside other extensions. **Direct third-party integrations are not the main focus of the initial implementation**, but the architecture is intentionally open so that integrations can be added later by us or by other extension authors.
4
+
5
+ This document explains the design philosophy and the integration points that are planned for the future. For the technical hook design, see [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md).
6
+
7
+ ---
8
+
9
+ ## Core philosophy
10
+
11
+ - **Do not duplicate.** If another extension already solves a problem, `pi-graphify` should interoperate with it rather than reimplement.
12
+ - **Add project context.** Graphify’s unique value is structural knowledge of the current project. It should feed that context into the agent.
13
+ - **Export durable lessons.** When graph queries produce reusable insights, those lessons can be stored in memory extensions.
14
+ - **Stay out of the way.** If another extension is better suited for a task, `pi-graphify` should not interfere.
15
+
16
+ ---
17
+
18
+ ## pi-hermes-memory
19
+
20
+ ### Status
21
+
22
+ This integration is **planned but not part of the initial implementation**. The hook architecture in [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) makes it straightforward to add later without coupling the core extension to Hermes.
23
+
24
+ ### Relationship
25
+
26
+ `pi-hermes-memory` stores durable facts, preferences, corrections, failures, and procedural skills across sessions. `pi-graphify` provides structural knowledge of the current project.
27
+
28
+ They are **complementary**.
29
+
30
+ ### Integration points
31
+
32
+ 1. **Memory entries from graph lessons**
33
+ When a graph query reveals a durable fact (e.g., “The auth flow goes through `AuthMiddleware` → `TokenService` → `UserRepository`), `pi-graphify` can save that as a convention or insight memory if the user confirms it is useful.
34
+
35
+ 2. **Graphify conventions**
36
+ If the user consistently prefers `--directed` graphs or `--mode deep`, Hermes memory can store that preference, and `pi-graphify` can read it from `USER.md` or the `memory_search` tool.
37
+
38
+ 3. **Failure memory**
39
+ If a graph query gives a wrong answer and the user corrects it, the correction can be written to Hermes failure/correction memory so the agent does not repeat the mistake.
40
+
41
+ ### Implementation note
42
+
43
+ Direct integration with Hermes memory will be optional. If `pi-graphify` detects that Hermes memory tools are available, it can use them. If not, it skips the integration silently.
44
+
45
+ ---
46
+
47
+ ## pi-fallow
48
+
49
+ ### Relationship
50
+
51
+ `pi-fallow` provides deterministic TypeScript/JavaScript code intelligence: dead code, duplication, complexity, and architecture drift. `pi-graphify` provides project-wide structural knowledge across languages and file types.
52
+
53
+ They are **complementary** and can coexist in the same session.
54
+
55
+ ### When to use which
56
+
57
+ | Use case | Best tool |
58
+ |---|---|
59
+ | “Is this export used?” | Fallow |
60
+ | “How does this function relate to files across the repo?” | Graphify |
61
+ | “Where is code duplicated?” | Fallow |
62
+ | “What is the shortest path from `AuthModule` to `Database`?” | Graphify |
63
+ | “Is this component imported correctly?” | Fallow |
64
+ | “What communities exist in this codebase?” | Graphify |
65
+
66
+ ### Integration points
67
+
68
+ 1. **Coexistence**
69
+ Both extensions register tools. The agent decides which to use based on the question. `pi-graphify` should not intercept Fallow tool calls or vice versa.
70
+
71
+ 2. **Shared project context**
72
+ If both extensions detect a project, they may both inject context hints. The system prompt should remain coherent. `pi-graphify` will use a clearly delimited `<graphify-context>` block to avoid clashing with Fallow’s hints.
73
+
74
+ ### Implementation note
75
+
76
+ No direct code coupling. Integration is purely at the agent level: both tools are available, and the agent chooses.
77
+
78
+ ---
79
+
80
+ ## Other memory extensions
81
+
82
+ Any Pi extension that provides a `memory` or `memory_search` tool can, in principle, receive durable lessons from `pi-graphify`. The integration is generic:
83
+
84
+ 1. Detect if a memory tool is registered.
85
+ 2. If a graph query produces a lesson, format it as a memory entry.
86
+ 3. Call the memory tool with the lesson.
87
+
88
+ This is future work and will be configurable.
89
+
90
+ ---
91
+
92
+ ## Provider and auth extensions
93
+
94
+ Extensions like `pi-claude-oauth-adapter` or custom provider packages manage how Pi talks to LLMs. `pi-graphify` does not interact with them directly.
95
+
96
+ However, if the Graphify semantic extraction uses the user’s configured LLM provider (e.g., Gemini), the extension should respect the same environment variables Graphify already uses (`GEMINI_API_KEY`, `GOOGLE_API_KEY`). It should not attempt to read or manage those keys itself.
97
+
98
+ ---
99
+
100
+ ## Project trust extensions
101
+
102
+ If a Pi extension customizes the project trust flow, `pi-graphify` should respect the final trust decision. Project-local config and auto-watch are only honored when the project is trusted.
103
+
104
+ ---
105
+
106
+ ## Ecosystem behavior rules
107
+
108
+ 1. **Use namespaced tool names.** All tools are `graphify_*` to avoid collisions.
109
+ 2. **Use namespaced commands.** All commands are `/graphify-*` to avoid collisions.
110
+ 3. **Do not intercept other extensions.** `pi-graphify` may intercept read/grep only when explicitly enabled and only to suggest graph tools, not block the original tool.
111
+ 4. **Export, do not import.** `pi-graphify` may write lessons to memory extensions, but it should not read their private state.
112
+ 5. **Respect user config.** If another extension stores a preference that affects Graphify (e.g., “use directed graphs”), read it through Pi’s normal channels if available.
113
+
114
+ ---
115
+
116
+ ## Future ecosystem integrations
117
+
118
+ - **Skill extensions:** A Pi skill could teach the agent how to combine Fallow and Graphify for deep code reviews.
119
+ - **Prompt template extensions:** A prompt template could provide a pre-canned “Graphify-assisted refactor” workflow.
120
+ - **Theme extensions:** Not relevant to `pi-graphify` unless we want a custom TUI theme.
121
+
122
+ ---
123
+
124
+ ## Open questions
125
+
126
+ 1. Should `pi-graphify` explicitly detect `pi-hermes-memory` and offer to write graph lessons into it?
127
+ 2. Should `pi-graphify` read `USER.md` to discover user preferences like `--directed` graphs?
128
+ 3. Should there be a shared convention for “project context” blocks so multiple extensions can inject hints without clashing?
129
+
130
+ These will be answered as we implement and test alongside other extensions.
@@ -0,0 +1,155 @@
1
+ # Project Standards
2
+
3
+ This document defines project-level standards for `pi-graphify`. It is public and tracked in the repo. User-specific conventions should go in an untracked [`AGENTS.local.md`](AGENTS.local.md) file.
4
+
5
+ ---
6
+
7
+ ## Project structure
8
+
9
+ ```
10
+ extensions/ # Pi registration code only
11
+ src/ # Core implementation
12
+ backends/ # Graphify CLI and MCP backends
13
+ commands/ # Slash command definitions
14
+ tools/ # LLM tool definitions
15
+ coordinator.ts # Backend routing and normalization
16
+ config.ts # Configuration loading
17
+ graphify.ts # Graphify CLI helpers
18
+ state.ts # Session state
19
+ version.ts # Version detection and compatibility
20
+ watcher.ts # File watcher
21
+ .github/workflows/ # CI/CD
22
+ ```
23
+
24
+ No build step is required. Pi loads TypeScript directly via jiti.
25
+
26
+ ---
27
+
28
+ ## Coding standards
29
+
30
+ ### TypeScript
31
+
32
+ - Use strict TypeScript.
33
+ - Prefer `type` imports for types.
34
+ - Use `.js` extensions in imports (NodeNext module resolution).
35
+ - Avoid `any`. Use `unknown` when the type is genuinely unknown.
36
+ - Keep functions small and focused.
37
+
38
+ ### Formatting
39
+
40
+ - 2-space indentation (enforced by Biome).
41
+ - No trailing whitespace.
42
+ - LF line endings in the repo (Git handles CRLF on Windows via `core.autocrlf`).
43
+
44
+ ### Linting
45
+
46
+ - All code must pass `npm run lint`.
47
+ - Prefer auto-fixing with `npm run lint:fix`.
48
+
49
+ ---
50
+
51
+ ## Dependencies
52
+
53
+ ### Pi core packages
54
+
55
+ Pi core packages are `peerDependencies` with `"*"` range. They are provided by Pi at runtime.
56
+
57
+ ```json
58
+ "peerDependencies": {
59
+ "@earendil-works/pi-agent-core": "*",
60
+ "@earendil-works/pi-ai": "*",
61
+ "@earendil-works/pi-coding-agent": "*",
62
+ "@earendil-works/pi-tui": "*",
63
+ "typebox": "*"
64
+ }
65
+ ```
66
+
67
+ They must be listed as optional peers:
68
+
69
+ ```json
70
+ "peerDependenciesMeta": {
71
+ "@earendil-works/pi-coding-agent": { "optional": true }
72
+ }
73
+ ```
74
+
75
+ ### Runtime dependencies
76
+
77
+ Third-party packages used at runtime belong in `dependencies`.
78
+
79
+ ### Dev dependencies
80
+
81
+ Type definitions, linters, and type-checking tools belong in `devDependencies`.
82
+
83
+ ---
84
+
85
+ ## Module boundaries
86
+
87
+ - `extensions/` — Only Pi registration code. No business logic.
88
+ - `src/coordinator.ts` — The only place backend selection happens.
89
+ - `src/backends/` — Backend-specific code. No Pi imports.
90
+ - `src/tools/` — Tool definitions. Each calls the coordinator.
91
+ - `src/commands/` — Command definitions. Each calls the coordinator.
92
+ - `src/config.ts` — Pure config loading. No Pi imports.
93
+ - `src/state.ts` — Session state.
94
+ - `src/watcher.ts` — File watcher.
95
+ - `src/version.ts` — Version detection and compatibility.
96
+
97
+ ---
98
+
99
+ ## Conventional commits
100
+
101
+ All commits must follow the standards defined in [RELEASE.md](../RELEASE.md). In summary, use [Conventional Commits](https://www.conventionalcommits.org/) with one of these prefixes:
102
+
103
+ | Prefix | Use for |
104
+ |---|---|
105
+ | `feat:` | New user-facing tool, command, or feature |
106
+ | `fix:` | Bug fix |
107
+ | `docs:` | Documentation changes |
108
+ | `refactor:` | Code restructuring with no behavior change |
109
+ | `test:` | Tests |
110
+ | `chore:` | Maintenance, dependency updates, cleanup |
111
+ | `ci:` | CI/CD changes |
112
+
113
+ Breaking changes use `!` or `BREAKING CHANGE:` in the body.
114
+
115
+ ---
116
+
117
+ ## Testing
118
+
119
+ - All new tools and commands should have tests where practical.
120
+ - Run `npm run typecheck` and `npm run lint` before committing.
121
+ - Integration tests should use the `CliBackend` with a mock or stubbed CLI.
122
+
123
+ ---
124
+
125
+ ## Security
126
+
127
+ - Use `execFile` with argument arrays, never `exec` with shell strings.
128
+ - Validate all paths relative to the project root.
129
+ - Do not auto-run expensive operations (full builds, semantic extraction).
130
+ - Treat Graphify output as text; never re-execute it.
131
+ - Respect project trust for project-local config and watchers.
132
+
133
+ ---
134
+
135
+ ## Documentation
136
+
137
+ - Design docs live in [`docs/`](./).
138
+ - Release standards live in [`RELEASE.md`](../RELEASE.md).
139
+ - Agent context lives in [`AGENTS.md`](../AGENTS.md).
140
+ - User-specific conventions live in untracked [`AGENTS.local.md`](../AGENTS.local.md).
141
+
142
+ All public docs should be clear, accurate, and maintained as the project changes.
143
+
144
+ ---
145
+
146
+ ## Verification commands
147
+
148
+ ```bash
149
+ npm run typecheck
150
+ npm run lint
151
+ npm run lint:fix
152
+ npm audit --audit-level=moderate
153
+ ```
154
+
155
+ Run all of them before opening a pull request or pushing to `main`.