agent-quality-police 0.2.6 → 0.2.8

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-quality-police",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
   "author": {
     "name": "Davy Massoneto",

package/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-quality-police",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
   "author": {
     "name": "Davy Massoneto",

package/AGENTS.md

@@ -49,7 +49,3 @@
 - Use `bypass-auditor` for typing, config, mocks, helpers, or suspicious diffs.
 - Use `tdd-warden` when behavior or tests changed or should have changed.
 - Use `pr-gatekeeper` only for final approve-or-reject review.
-
-## Tool-Specific Notes
-
-- AGENTS-aware tools should load only their local tool-specific skills and agents.

package/CLAUDE.md

@@ -4,37 +4,40 @@
 
 - Direct system, developer, and user instructions override this file.
 - Prefer current local code and current official documentation over memory.
-- Load only the smallest relevant skill set for the task.
+- Treat the required skills and auditors in this file as mandatory workflow requirements.
 
 ## Startup Sequence
 
 1. Read [quality-definition](docs/policy/quality-definition.md) when the task needs repository policy context.
 2. Read [workflow](docs/policy/workflow.md) when the repository defines one.
-3. Load only the relevant skill set from `.claude/skills/`.
+3. Load the smallest required skill set from `.claude/skills/` before proposing edits or writing code.
 
 ## Skill Routing
 
-- Use [quality-index](.claude/skills/quality-index/SKILL.md) when the task spans multiple concerns.
+- Use [quality-index](.claude/skills/quality-index/SKILL.md) when the task spans multiple concerns or when you are unsure which validators apply.
 - Use [typescript-zero-bypass](.claude/skills/typescript-zero-bypass/SKILL.md) for `.ts` or `.tsx` changes.
 - Use [vite-vitest-tdd](.claude/skills/vite-vitest-tdd/SKILL.md) for Vite or Vitest TDD.
 - Use [react-public-api-testing](.claude/skills/react-public-api-testing/SKILL.md) for React behavior tests.
+- Use [anti-bypass-audit](.claude/skills/anti-bypass-audit/SKILL.md) when reviewing diffs, suspicious helpers, weakened configs, or type/config-heavy changes.
+- Use [refactoring-with-safety](.claude/skills/refactoring-with-safety/SKILL.md) for refactors that are not pure bug fixes.
+- Use [governance-installation](.claude/skills/governance-installation/SKILL.md) when installing or updating this governance package.
 
 ## Quality Rules
 
+- Load the required skills before proposing edits or writing code.
+- If a required skill is unavailable in the current runtime, stop and report `BLOCKED`.
 - Use behavior-first tests when tests are viable.
 - Avoid type bypasses, comment bypasses, config weakening, and fake greens.
 - Prefer named types and explicit models over inline structural shortcuts.
 
 ## Review Flow
 
-- Before final approval, run the relevant auditors for the actual risk surface.
-- Use `bypass-auditor` for typing, config, mocks, helpers, or suspicious diffs.
-- Use `tdd-warden` when behavior or tests changed or should have changed.
-- Use `pr-gatekeeper` only for final approve-or-reject review.
-
-## Tool-Specific Notes
-
-- Claude Code should enter through `CLAUDE.md` and `.claude/rules/`.
+- For code changes, explicitly invoke the required auditors before final approval.
+- For code changes, do not finalize until the required auditors have run and their results were reviewed.
+- For typing, config, mocks, helpers, or suspicious diffs, run `bypass-auditor`.
+- For behavior changes or bug fixes, run `tdd-warden` and `bypass-auditor`.
+- For final approval, release, or merge decisions, run `pr-gatekeeper` after the other required auditors.
+- If a required skill or auditor cannot run in the current runtime, stop and report `BLOCKED`.
 
 ## Claude Code
 

package/framework/entrypoints/policy.md

@@ -17,7 +17,3 @@
 ## Review Flow
 
 {{review_flow_body}}
-
-## Tool-Specific Notes
-
-{{tool_specific_notes}}

package/lib/install.mjs

@@ -62,8 +62,7 @@ function entrypointReplacements({
   startupSequenceBody,
   skillRoutingBody,
   qualityRulesBody,
-  reviewFlowBody,
-  toolSpecificNotes
+  reviewFlowBody
 }) {
   return {
     quality_definition_path: qualityDefinitionPath,
@@ -81,8 +80,7 @@ function entrypointReplacements({
     startup_sequence_body: startupSequenceBody,
     skill_routing_body: skillRoutingBody,
     quality_rules_body: qualityRulesBody,
-    review_flow_body: reviewFlowBody,
-    tool_specific_notes: toolSpecificNotes
+    review_flow_body: reviewFlowBody
   };
 }
 
@@ -91,46 +89,40 @@ function globalPolicySections() {
     priorityBody: [
       "- Direct system, developer, and user instructions override this file.",
       "- Prefer current local code and current official documentation over memory.",
-      "- Load only the smallest relevant skill set for the task."
+      "- Treat the required skills and auditors in this file as mandatory workflow requirements."
     ].join("\n"),
     startupSequenceBody: [
       "1. Read [quality-definition]({{quality_definition_path}}) when the task needs repository policy context.",
       "2. Read [workflow]({{workflow_path}}) when the repository defines one.",
-      "3. Load only the relevant skill set from `{{primary_skill_root}}`."
+      "3. Load the smallest required skill set from `{{primary_skill_root}}` before proposing edits or writing code."
     ].join("\n"),
     skillRoutingBody: [
-      "- Use [quality-index]({{quality_index_skill_path}}) when the task spans multiple concerns.",
+      "- Use [quality-index]({{quality_index_skill_path}}) when the task spans multiple concerns or when you are unsure which validators apply.",
       "- Use [typescript-zero-bypass]({{typescript_zero_bypass_skill_path}}) for `.ts` or `.tsx` changes.",
       "- Use [vite-vitest-tdd]({{vite_vitest_tdd_skill_path}}) for Vite or Vitest TDD.",
-      "- Use [react-public-api-testing]({{react_public_api_testing_skill_path}}) for React behavior tests."
+      "- Use [react-public-api-testing]({{react_public_api_testing_skill_path}}) for React behavior tests.",
+      "- Use [anti-bypass-audit]({{anti_bypass_audit_skill_path}}) when reviewing diffs, suspicious helpers, weakened configs, or type/config-heavy changes.",
+      "- Use [refactoring-with-safety]({{refactoring_with_safety_skill_path}}) for refactors that are not pure bug fixes.",
+      "- Use [governance-installation]({{governance_installation_skill_path}}) when installing or updating this governance package."
     ].join("\n"),
     qualityRulesBody: [
+      "- Load the required skills before proposing edits or writing code.",
+      "- If a required skill is unavailable in the current runtime, stop and report `BLOCKED`.",
       "- Use behavior-first tests when tests are viable.",
       "- Avoid type bypasses, comment bypasses, config weakening, and fake greens.",
       "- Prefer named types and explicit models over inline structural shortcuts."
     ].join("\n"),
     reviewFlowBody: [
-      "- Before final approval, run the relevant auditors for the actual risk surface.",
-      "- Use `bypass-auditor` for typing, config, mocks, helpers, or suspicious diffs.",
-      "- Use `tdd-warden` when behavior or tests changed or should have changed.",
-      "- Use `pr-gatekeeper` only for final approve-or-reject review."
+      "- For code changes, explicitly invoke the required auditors before final approval.",
+      "- For code changes, do not finalize until the required auditors have run and their results were reviewed.",
+      "- For typing, config, mocks, helpers, or suspicious diffs, run `bypass-auditor`.",
+      "- For behavior changes or bug fixes, run `tdd-warden` and `bypass-auditor`.",
+      "- For final approval, release, or merge decisions, run `pr-gatekeeper` after the other required auditors.",
+      "- If a required skill or auditor cannot run in the current runtime, stop and report `BLOCKED`."
     ].join("\n")
   };
 }
 
-function toolNotesFor(target, { claudeEntrypointLabel = "CLAUDE.md", claudeRulesRoot = "rules/", codexSkillsRoot = "skills/", codexAgentsRoot = "agents/", opencodeConfigPath = "opencode.json" } = {}) {
-  if (target === "claude") {
-    return `- Claude Code should enter through \`${claudeEntrypointLabel}\` and \`${claudeRulesRoot}\`.`;
-  }
-  if (target === "codex") {
-    return `- Codex should enter through this file and use \`${codexSkillsRoot}\` plus \`${codexAgentsRoot}\`.`;
-  }
-  if (target === "opencode") {
-    return `- OpenCode should enter through this file and load extra instructions from \`${opencodeConfigPath}\`.`;
-  }
-  return "";
-}
-
 function renderAgentsRoot(policy, replacements) {
   return `# AGENTS.md\n\n${renderTemplate(policy, replacements).trimEnd()}\n`;
 }
@@ -192,8 +184,7 @@ function rootReplacements(target) {
       primarySkillRoot: "skills/",
       skillRoot: "skills",
       systemLayoutPath: "docs/policy/system-layout.md",
-      ...globalPolicySections(),
-      toolSpecificNotes: toolNotesFor("claude", { claudeEntrypointLabel: "CLAUDE.md", claudeRulesRoot: "rules/" })
+      ...globalPolicySections()
     });
   }
   if (target === "codex") {
@@ -203,8 +194,7 @@ function rootReplacements(target) {
       primarySkillRoot: "../.agents/skills/",
       skillRoot: "../.agents/skills",
       systemLayoutPath: "docs/policy/system-layout.md",
-      ...globalPolicySections(),
-      toolSpecificNotes: toolNotesFor("codex", { codexSkillsRoot: "../.agents/skills/", codexAgentsRoot: "agents/" })
+      ...globalPolicySections()
     });
   }
   if (target === "opencode") {
@@ -214,8 +204,7 @@ function rootReplacements(target) {
       primarySkillRoot: "skills/",
       skillRoot: "skills",
       systemLayoutPath: "docs/policy/system-layout.md",
-      ...globalPolicySections(),
-      toolSpecificNotes: toolNotesFor("opencode", { opencodeConfigPath: "opencode.json" })
+      ...globalPolicySections()
     });
   }
   throw new Error(`Unsupported target: ${target}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-quality-police",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
   "type": "module",
   "license": "MIT",