agent-quality-police 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-quality-police",
3
- "version": "0.2.5",
3
+ "version": "0.2.7",
4
4
  "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
5
5
  "author": {
6
6
  "name": "Davy Massoneto",
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-quality-police",
3
- "version": "0.2.5",
3
+ "version": "0.2.7",
4
4
  "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
5
5
  "author": {
6
6
  "name": "Davy Massoneto",
package/AGENTS.md CHANGED
@@ -15,7 +15,7 @@
15
15
  4. Execute with TDD when tests are viable.
16
16
  5. Run the matching audit agents before final approval.
17
17
 
18
- ## Mandatory Skill Routing
18
+ ## Skill Routing
19
19
 
20
20
  - Use [quality-index](.claude/skills/quality-index/SKILL.md) first when the task spans multiple concerns.
21
21
  - Use [typescript-zero-bypass](.claude/skills/typescript-zero-bypass/SKILL.md) for any `.ts` or `.tsx` change.
@@ -25,7 +25,7 @@
25
25
  - Use [refactoring-with-safety](.claude/skills/refactoring-with-safety/SKILL.md) for refactors that are not pure bug fixes.
26
26
  - Use [governance-installation](.claude/skills/governance-installation/SKILL.md) when installing or updating this framework in another repository.
27
27
 
28
- ## Non-Negotiables
28
+ ## Quality Rules
29
29
 
30
30
  - TDD is mandatory when tests are technically viable.
31
31
  - A passing test suite without behavior proof is not a green build.
@@ -38,7 +38,7 @@
38
38
  - Inline structural types are prohibited.
39
39
  - Reviewers must reject suspicious diffs instead of “accepting with caveats.”
40
40
 
41
- ## Execution Contract
41
+ ## Review Flow
42
42
 
43
43
  - Fix the root problem, not the symptom.
44
44
  - Keep tests direct, short, and behavior-based.
@@ -46,26 +46,6 @@
46
46
  - Keep policy text severe and actionable; do not soften language to preserve agent comfort.
47
47
  - After any change to canonical framework sources such as `framework/skills/`, `framework/rules/`, `docs/policy/`, or `framework/agents/specs/`, run `python3 scripts/build_framework.py` before claiming the repository is consistent.
48
48
  - After the build step, run `python3 scripts/validate_framework.py`. If scripts changed, run `python3 -m unittest tests/test_framework_tools.py` and `node --test tests/node/install.test.mjs`.
49
-
50
- ## Audit Flow
51
-
52
- - `implementer`: execution agent, allowed to write, never allowed to weaken rules.
53
- - `tdd-warden`: verifies there was a real RED phase and that tests prove behavior.
54
- - `bypass-auditor`: hunts bypasses, fake narrowing, config weakening, helper noise, and non-probative mocks.
55
- - `pr-gatekeeper`: final verdict, does not rewrite code.
56
-
57
- ## Output Expectations
58
-
59
- - Implementation output should state what behavior is covered, what tests were run, and what remains blocked.
60
- - Audit output should list concrete findings with file evidence and required correction.
61
- - Gate output should end with `APPROVED` or `REJECTED`.
62
-
63
- ## Repository Layout
64
-
65
- - [system-layout](docs/policy/system-layout.md)
66
-
67
- ## Tool-Specific Notes
68
-
69
- - Claude Code should enter through `CLAUDE.md` and `.claude/rules/`.
70
- - Codex should enter through this file and use `.agents/skills/` plus `.codex/agents/`.
71
- - OpenCode should enter through this file and load extra instructions from `opencode.json`.
49
+ - Use `bypass-auditor` for typing, config, mocks, helpers, or suspicious diffs.
50
+ - Use `tdd-warden` when behavior or tests changed or should have changed.
51
+ - Use `pr-gatekeeper` only for final approve-or-reject review.
package/CLAUDE.md CHANGED
@@ -6,6 +6,19 @@
6
6
  - Prefer current local code and current official documentation over memory.
7
7
  - Load only the smallest relevant skill set for the task.
8
8
 
9
+ ## Startup Sequence
10
+
11
+ 1. Read [quality-definition](docs/policy/quality-definition.md) when the task needs repository policy context.
12
+ 2. Read [workflow](docs/policy/workflow.md) when the repository defines one.
13
+ 3. Load only the relevant skill set from `.claude/skills/`.
14
+
15
+ ## Skill Routing
16
+
17
+ - Use [quality-index](.claude/skills/quality-index/SKILL.md) when the task spans multiple concerns.
18
+ - Use [typescript-zero-bypass](.claude/skills/typescript-zero-bypass/SKILL.md) for `.ts` or `.tsx` changes.
19
+ - Use [vite-vitest-tdd](.claude/skills/vite-vitest-tdd/SKILL.md) for Vite or Vitest TDD.
20
+ - Use [react-public-api-testing](.claude/skills/react-public-api-testing/SKILL.md) for React behavior tests.
21
+
9
22
  ## Quality Rules
10
23
 
11
24
  - Use behavior-first tests when tests are viable.
@@ -19,12 +32,6 @@
19
32
  - Use `tdd-warden` when behavior or tests changed or should have changed.
20
33
  - Use `pr-gatekeeper` only for final approve-or-reject review.
21
34
 
22
- ## Tool-Specific Notes
23
-
24
- - Claude Code should enter through `CLAUDE.md` and `.claude/rules/`.
25
- - Codex should enter through this file and use `.agents/skills/` plus `.codex/agents/`.
26
- - OpenCode should enter through this file and load extra instructions from `opencode.json`.
27
-
28
35
  ## Claude Code
29
36
 
30
37
  - Always-on rules live under `.claude/rules/`.
@@ -0,0 +1,19 @@
1
+ ## Priority
2
+
3
+ {{priority_body}}
4
+
5
+ ## Startup Sequence
6
+
7
+ {{startup_sequence_body}}
8
+
9
+ ## Skill Routing
10
+
11
+ {{skill_routing_body}}
12
+
13
+ ## Quality Rules
14
+
15
+ {{quality_rules_body}}
16
+
17
+ ## Review Flow
18
+
19
+ {{review_flow_body}}
package/lib/install.mjs CHANGED
@@ -35,15 +35,21 @@ export function supportedTargets() {
35
35
  }
36
36
 
37
37
  async function loadEntrypointPolicy(packageRoot) {
38
- return (await readFile(packagePath(packageRoot, "framework", "entrypoints", "global-policy.md"), "utf8")).trimEnd();
38
+ return (await readFile(packagePath(packageRoot, "framework", "entrypoints", "policy.md"), "utf8")).trimEnd();
39
39
  }
40
40
 
41
41
  function renderTemplate(content, replacements) {
42
42
  let rendered = content;
43
- for (const [key, value] of Object.entries(replacements)) {
44
- rendered = rendered.replaceAll(`{{${key}}}`, value);
43
+ while (true) {
44
+ let updated = rendered;
45
+ for (const [key, value] of Object.entries(replacements)) {
46
+ updated = updated.replaceAll(`{{${key}}}`, value);
47
+ }
48
+ if (updated === rendered) {
49
+ return updated;
50
+ }
51
+ rendered = updated;
45
52
  }
46
- return rendered;
47
53
  }
48
54
 
49
55
  function entrypointReplacements({
@@ -52,11 +58,11 @@ function entrypointReplacements({
52
58
  primarySkillRoot,
53
59
  skillRoot,
54
60
  systemLayoutPath,
55
- claudeEntrypointLabel,
56
- claudeRulesRoot,
57
- codexSkillsRoot,
58
- codexAgentsRoot,
59
- opencodeConfigPath
61
+ priorityBody,
62
+ startupSequenceBody,
63
+ skillRoutingBody,
64
+ qualityRulesBody,
65
+ reviewFlowBody
60
66
  }) {
61
67
  return {
62
68
  quality_definition_path: qualityDefinitionPath,
@@ -70,11 +76,43 @@ function entrypointReplacements({
70
76
  refactoring_with_safety_skill_path: `${skillRoot}/refactoring-with-safety/SKILL.md`,
71
77
  governance_installation_skill_path: `${skillRoot}/governance-installation/SKILL.md`,
72
78
  system_layout_path: systemLayoutPath,
73
- claude_entrypoint_label: claudeEntrypointLabel,
74
- claude_rules_root: claudeRulesRoot,
75
- codex_skills_root: codexSkillsRoot,
76
- codex_agents_root: codexAgentsRoot,
77
- opencode_config_path: opencodeConfigPath
79
+ priority_body: priorityBody,
80
+ startup_sequence_body: startupSequenceBody,
81
+ skill_routing_body: skillRoutingBody,
82
+ quality_rules_body: qualityRulesBody,
83
+ review_flow_body: reviewFlowBody
84
+ };
85
+ }
86
+
87
+ function globalPolicySections() {
88
+ return {
89
+ priorityBody: [
90
+ "- Direct system, developer, and user instructions override this file.",
91
+ "- Prefer current local code and current official documentation over memory.",
92
+ "- Load only the smallest relevant skill set for the task."
93
+ ].join("\n"),
94
+ startupSequenceBody: [
95
+ "1. Read [quality-definition]({{quality_definition_path}}) when the task needs repository policy context.",
96
+ "2. Read [workflow]({{workflow_path}}) when the repository defines one.",
97
+ "3. Load only the relevant skill set from `{{primary_skill_root}}`."
98
+ ].join("\n"),
99
+ skillRoutingBody: [
100
+ "- Use [quality-index]({{quality_index_skill_path}}) when the task spans multiple concerns.",
101
+ "- Use [typescript-zero-bypass]({{typescript_zero_bypass_skill_path}}) for `.ts` or `.tsx` changes.",
102
+ "- Use [vite-vitest-tdd]({{vite_vitest_tdd_skill_path}}) for Vite or Vitest TDD.",
103
+ "- Use [react-public-api-testing]({{react_public_api_testing_skill_path}}) for React behavior tests."
104
+ ].join("\n"),
105
+ qualityRulesBody: [
106
+ "- Use behavior-first tests when tests are viable.",
107
+ "- Avoid type bypasses, comment bypasses, config weakening, and fake greens.",
108
+ "- Prefer named types and explicit models over inline structural shortcuts."
109
+ ].join("\n"),
110
+ reviewFlowBody: [
111
+ "- Before final approval, run the relevant auditors for the actual risk surface.",
112
+ "- Use `bypass-auditor` for typing, config, mocks, helpers, or suspicious diffs.",
113
+ "- Use `tdd-warden` when behavior or tests changed or should have changed.",
114
+ "- Use `pr-gatekeeper` only for final approve-or-reject review."
115
+ ].join("\n")
78
116
  };
79
117
  }
80
118
 
@@ -139,11 +177,7 @@ function rootReplacements(target) {
139
177
  primarySkillRoot: "skills/",
140
178
  skillRoot: "skills",
141
179
  systemLayoutPath: "docs/policy/system-layout.md",
142
- claudeEntrypointLabel: "CLAUDE.md",
143
- claudeRulesRoot: "rules/",
144
- codexSkillsRoot: "../.agents/skills/",
145
- codexAgentsRoot: "../.codex/agents/",
146
- opencodeConfigPath: "../.config/opencode/opencode.json"
180
+ ...globalPolicySections()
147
181
  });
148
182
  }
149
183
  if (target === "codex") {
@@ -153,11 +187,7 @@ function rootReplacements(target) {
153
187
  primarySkillRoot: "../.agents/skills/",
154
188
  skillRoot: "../.agents/skills",
155
189
  systemLayoutPath: "docs/policy/system-layout.md",
156
- claudeEntrypointLabel: "../.claude/CLAUDE.md",
157
- claudeRulesRoot: "../.claude/rules/",
158
- codexSkillsRoot: "../.agents/skills/",
159
- codexAgentsRoot: "agents/",
160
- opencodeConfigPath: "../.config/opencode/opencode.json"
190
+ ...globalPolicySections()
161
191
  });
162
192
  }
163
193
  if (target === "opencode") {
@@ -167,11 +197,7 @@ function rootReplacements(target) {
167
197
  primarySkillRoot: "skills/",
168
198
  skillRoot: "skills",
169
199
  systemLayoutPath: "docs/policy/system-layout.md",
170
- claudeEntrypointLabel: "../../.claude/CLAUDE.md",
171
- claudeRulesRoot: "../../.claude/rules/",
172
- codexSkillsRoot: "../../.agents/skills/",
173
- codexAgentsRoot: "../../.codex/agents/",
174
- opencodeConfigPath: "opencode.json"
200
+ ...globalPolicySections()
175
201
  });
176
202
  }
177
203
  throw new Error(`Unsupported target: ${target}`);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-quality-police",
3
- "version": "0.2.5",
3
+ "version": "0.2.7",
4
4
  "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -1,24 +0,0 @@
1
- ## Priority
2
-
3
- - Direct system, developer, and user instructions override this file.
4
- - Prefer current local code and current official documentation over memory.
5
- - Load only the smallest relevant skill set for the task.
6
-
7
- ## Quality Rules
8
-
9
- - Use behavior-first tests when tests are viable.
10
- - Avoid type bypasses, comment bypasses, config weakening, and fake greens.
11
- - Prefer named types and explicit models over inline structural shortcuts.
12
-
13
- ## Review Flow
14
-
15
- - Before final approval, run the relevant auditors for the actual risk surface.
16
- - Use `bypass-auditor` for typing, config, mocks, helpers, or suspicious diffs.
17
- - Use `tdd-warden` when behavior or tests changed or should have changed.
18
- - Use `pr-gatekeeper` only for final approve-or-reject review.
19
-
20
- ## Tool-Specific Notes
21
-
22
- - Claude Code should enter through `{{claude_entrypoint_label}}` and `{{claude_rules_root}}`.
23
- - Codex should enter through this file and use `{{codex_skills_root}}` plus `{{codex_agents_root}}`.
24
- - OpenCode should enter through this file and load extra instructions from `{{opencode_config_path}}`.
@@ -1,69 +0,0 @@
1
- ## Priority
2
-
3
- - Direct system, developer, and user instructions override this file.
4
- - [`docs/policy/quality-definition.md`]({{quality_definition_path}}) is the canonical definition of quality in this repository.
5
- - If any skill, rule, example, or agent prompt contradicts the quality definition, the quality definition wins.
6
- - Generated projections must not become the source of truth.
7
-
8
- ## Startup Sequence
9
-
10
- 1. Read [quality-definition]({{quality_definition_path}}).
11
- 2. Read [workflow]({{workflow_path}}).
12
- 3. Load the smallest relevant skill set from `{{primary_skill_root}}`.
13
- 4. Execute with TDD when tests are viable.
14
- 5. Run the matching audit agents before final approval.
15
-
16
- ## Mandatory Skill Routing
17
-
18
- - Use [quality-index]({{quality_index_skill_path}}) first when the task spans multiple concerns.
19
- - Use [typescript-zero-bypass]({{typescript_zero_bypass_skill_path}}) for any `.ts` or `.tsx` change.
20
- - Use [vite-vitest-tdd]({{vite_vitest_tdd_skill_path}}) when working with Vite, Vitest, or unit/component TDD.
21
- - Use [react-public-api-testing]({{react_public_api_testing_skill_path}}) for React component behavior tests.
22
- - Use [anti-bypass-audit]({{anti_bypass_audit_skill_path}}) when reviewing diffs, suspicious helpers, or weakened configs.
23
- - Use [refactoring-with-safety]({{refactoring_with_safety_skill_path}}) for refactors that are not pure bug fixes.
24
- - Use [governance-installation]({{governance_installation_skill_path}}) when installing or updating this framework in another repository.
25
-
26
- ## Non-Negotiables
27
-
28
- - TDD is mandatory when tests are technically viable.
29
- - A passing test suite without behavior proof is not a green build.
30
- - `any`, type assertions, non-null assertions, ts-comment bypasses, and lint/config weakening are automatic failures.
31
- - `Map` in public or domain-facing contracts is suspicious by default and must be treated as a modeling bypass unless a stronger repository rule explicitly allows it.
32
- - Helpers, factories, mocks, branches, or narrowing added only to silence the type system or to make tests easier are automatic failures.
33
- - Zod is allowed only at external input boundaries.
34
- - Joi is allowed only for environment validation when it is genuinely needed.
35
- - Strong named types are required.
36
- - Inline structural types are prohibited.
37
- - Reviewers must reject suspicious diffs instead of “accepting with caveats.”
38
-
39
- ## Execution Contract
40
-
41
- - Fix the root problem, not the symptom.
42
- - Keep tests direct, short, and behavior-based.
43
- - Prefer explicit domain names over generic utilities.
44
- - Keep policy text severe and actionable; do not soften language to preserve agent comfort.
45
- - After any change to canonical framework sources such as `framework/skills/`, `framework/rules/`, `docs/policy/`, or `framework/agents/specs/`, run `python3 scripts/build_framework.py` before claiming the repository is consistent.
46
- - After the build step, run `python3 scripts/validate_framework.py`. If scripts changed, run `python3 -m unittest tests/test_framework_tools.py` and `node --test tests/node/install.test.mjs`.
47
-
48
- ## Audit Flow
49
-
50
- - `implementer`: execution agent, allowed to write, never allowed to weaken rules.
51
- - `tdd-warden`: verifies there was a real RED phase and that tests prove behavior.
52
- - `bypass-auditor`: hunts bypasses, fake narrowing, config weakening, helper noise, and non-probative mocks.
53
- - `pr-gatekeeper`: final verdict, does not rewrite code.
54
-
55
- ## Output Expectations
56
-
57
- - Implementation output should state what behavior is covered, what tests were run, and what remains blocked.
58
- - Audit output should list concrete findings with file evidence and required correction.
59
- - Gate output should end with `APPROVED` or `REJECTED`.
60
-
61
- ## Repository Layout
62
-
63
- - [system-layout]({{system_layout_path}})
64
-
65
- ## Tool-Specific Notes
66
-
67
- - Claude Code should enter through `{{claude_entrypoint_label}}` and `{{claude_rules_root}}`.
68
- - Codex should enter through this file and use `{{codex_skills_root}}` plus `{{codex_agents_root}}`.
69
- - OpenCode should enter through this file and load extra instructions from `{{opencode_config_path}}`.