npm - agent-quality-police - Versions diffs - 0.2.9 → 0.2.11 - Mend

agent-quality-police 0.2.9 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.agents/skills/anti-bypass-audit/SKILL.md +1 -0
package/.agents/skills/typescript-zero-bypass/SKILL.md +10 -2
package/.claude/agents/bypass-auditor.md +1 -0
package/.claude/rules/typescript-zero-bypass.md +1 -0
package/.claude/skills/anti-bypass-audit/SKILL.md +1 -0
package/.claude/skills/typescript-zero-bypass/SKILL.md +10 -2
package/.claude-plugin/plugin.json +1 -1
package/.codex/agents/bypass-auditor.toml +1 -0
package/.codex-plugin/plugin.json +1 -1
package/.opencode/agents/bypass-auditor.md +1 -0
package/.opencode/skills/anti-bypass-audit/SKILL.md +1 -0
package/.opencode/skills/typescript-zero-bypass/SKILL.md +10 -2
package/docs/policy/quality-definition.md +3 -0
package/package.json +1 -1

package/.agents/skills/anti-bypass-audit/SKILL.md CHANGED Viewed

@@ -43,6 +43,7 @@ Find and report bypasses with short, evidence-based language. This skill is not
 - constructor bypass
 - prototype fabrication
 - internal field hydration that fakes a valid class instance
+- single-letter callback parameters or other meaningless abbreviations that hide domain meaning
 - helper or factory noise hiding test intent
 - mocks that replace the behavior under test

package/.agents/skills/typescript-zero-bypass/SKILL.md CHANGED Viewed

@@ -23,16 +23,20 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 2. Model the allowed states explicitly with interfaces and named unions.
 3. Keep absence explicit with `null` when the domain has “no value.”
 4. If external input is involved, validate it at the boundary instead of coercing it internally.
-5. If the compiler resists, redesign the model or the control flow. Do not cast.
+5. If the compiler resists, redesign the model or the control flow. Do not cast, fabricate instances, or hide meaning behind abbreviations.
 ## Quality Criteria
 - No `any`
 - No `as`, `as const`, chained assertions, angle-bracket assertions, or non-null assertions
 - No ts-comment bypasses
-- No inline structural types
+- No inline structural types, including private methods, local helpers, and return types
+- No inline structural object return types such as `(): { completed: number; total: number }`
 - No `Record` or index signatures as generic escape hatches
 - No `Map` used to avoid modeling a named input contract
+- No `Object.create(SomeClass.prototype)` or equivalent prototype fabrication to fake typed instances
+- No `Object.assign(...)` or direct internal field hydration to bypass constructors, factories, or invariants
+- No meaningless abbreviations in identifiers, including single-letter callback parameters such as `c`, `x`, or `i` when they do not carry real meaning
 - Named types instead of anonymous structural sprawl
 ## Anti-Patterns
@@ -40,6 +44,9 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 - Adding `if (!value) return fallback` only to narrow a type you modeled poorly
 - Smuggling domain uncertainty through `Record<string, string>`
 - Smuggling domain uncertainty through `Map<string, string>` in a public or domain-facing signature
+- Fabricating a typed instance with `Object.create(SomeClass.prototype)` and then hydrating internal fields
+- Returning inline structural objects from private methods or helpers instead of naming the concept
+- Writing `this.allChecklists.find((c) => c.id === checklistId)` instead of using a meaningful callback name
 - Using a test helper to hide an imprecise type instead of fixing the model
 ## Hard Cases
@@ -47,6 +54,7 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 - For external input, validate at the edge and convert into explicit internal types.
 - For collection lookups, model the input structure explicitly and translate `undefined` to a named result shape before it reaches the domain.
 - For literals, prefer explicit unions declared once instead of assertion-based narrowing.
+- For framework or class instances, use the real constructor or a real public factory. If the current API makes honest construction impossible, refactor the API instead of fabricating instances.
 ## Examples

package/.claude/agents/bypass-auditor.md CHANGED Viewed

@@ -36,6 +36,7 @@ You must actively hunt for:
 - constructor bypass
 - prototype fabrication such as `Object.create(SomeClass.prototype)`
 - internal field hydration such as `Object.assign(...)` into fabricated instances
+- meaningless abbreviations such as single-letter callback parameters with no real domain meaning
 - helper noise
 - mocks with no probative value

package/.claude/rules/typescript-zero-bypass.md CHANGED Viewed

@@ -11,6 +11,7 @@ paths:
 - Require named interfaces and named unions instead of inline structural types.
 - Prohibit `Object.create(SomeClass.prototype)` and equivalent prototype fabrication to fake typed instances.
 - Prohibit `Object.assign(...)` or direct internal field hydration when used to bypass constructors, factories, or invariants.
+- Prohibit meaningless abbreviations in identifiers, including single-letter callback parameters such as `c`, `x`, or `i` when they do not carry real meaning.
 - Reject `Record` and index signatures when they are used as generic escape hatches.
 - Do not add branches or fallback values solely to satisfy the compiler.
 - If the type system is resisting, remodel the data instead of coercing it.

package/.claude/skills/anti-bypass-audit/SKILL.md CHANGED Viewed

@@ -43,6 +43,7 @@ Find and report bypasses with short, evidence-based language. This skill is not
 - constructor bypass
 - prototype fabrication
 - internal field hydration that fakes a valid class instance
+- single-letter callback parameters or other meaningless abbreviations that hide domain meaning
 - helper or factory noise hiding test intent
 - mocks that replace the behavior under test

package/.claude/skills/typescript-zero-bypass/SKILL.md CHANGED Viewed

@@ -23,16 +23,20 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 2. Model the allowed states explicitly with interfaces and named unions.
 3. Keep absence explicit with `null` when the domain has “no value.”
 4. If external input is involved, validate it at the boundary instead of coercing it internally.
-5. If the compiler resists, redesign the model or the control flow. Do not cast.
+5. If the compiler resists, redesign the model or the control flow. Do not cast, fabricate instances, or hide meaning behind abbreviations.
 ## Quality Criteria
 - No `any`
 - No `as`, `as const`, chained assertions, angle-bracket assertions, or non-null assertions
 - No ts-comment bypasses
-- No inline structural types
+- No inline structural types, including private methods, local helpers, and return types
+- No inline structural object return types such as `(): { completed: number; total: number }`
 - No `Record` or index signatures as generic escape hatches
 - No `Map` used to avoid modeling a named input contract
+- No `Object.create(SomeClass.prototype)` or equivalent prototype fabrication to fake typed instances
+- No `Object.assign(...)` or direct internal field hydration to bypass constructors, factories, or invariants
+- No meaningless abbreviations in identifiers, including single-letter callback parameters such as `c`, `x`, or `i` when they do not carry real meaning
 - Named types instead of anonymous structural sprawl
 ## Anti-Patterns
@@ -40,6 +44,9 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 - Adding `if (!value) return fallback` only to narrow a type you modeled poorly
 - Smuggling domain uncertainty through `Record<string, string>`
 - Smuggling domain uncertainty through `Map<string, string>` in a public or domain-facing signature
+- Fabricating a typed instance with `Object.create(SomeClass.prototype)` and then hydrating internal fields
+- Returning inline structural objects from private methods or helpers instead of naming the concept
+- Writing `this.allChecklists.find((c) => c.id === checklistId)` instead of using a meaningful callback name
 - Using a test helper to hide an imprecise type instead of fixing the model
 ## Hard Cases
@@ -47,6 +54,7 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 - For external input, validate at the edge and convert into explicit internal types.
 - For collection lookups, model the input structure explicitly and translate `undefined` to a named result shape before it reaches the domain.
 - For literals, prefer explicit unions declared once instead of assertion-based narrowing.
+- For framework or class instances, use the real constructor or a real public factory. If the current API makes honest construction impossible, refactor the API instead of fabricating instances.
 ## Examples

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-quality-police",
-  "version": "0.2.9",
+  "version": "0.2.11",
   "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
   "author": {
     "name": "Davy Massoneto",

package/.codex/agents/bypass-auditor.toml CHANGED Viewed

@@ -30,6 +30,7 @@ You must actively hunt for:
 - constructor bypass
 - prototype fabrication such as `Object.create(SomeClass.prototype)`
 - internal field hydration such as `Object.assign(...)` into fabricated instances
+- meaningless abbreviations such as single-letter callback parameters with no real domain meaning
 - helper noise
 - mocks with no probative value

package/.codex-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-quality-police",
-  "version": "0.2.9",
+  "version": "0.2.11",
   "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
   "author": {
     "name": "Davy Massoneto",

package/.opencode/agents/bypass-auditor.md CHANGED Viewed

@@ -34,6 +34,7 @@ You must actively hunt for:
 - constructor bypass
 - prototype fabrication such as `Object.create(SomeClass.prototype)`
 - internal field hydration such as `Object.assign(...)` into fabricated instances
+- meaningless abbreviations such as single-letter callback parameters with no real domain meaning
 - helper noise
 - mocks with no probative value

package/.opencode/skills/anti-bypass-audit/SKILL.md CHANGED Viewed

@@ -43,6 +43,7 @@ Find and report bypasses with short, evidence-based language. This skill is not
 - constructor bypass
 - prototype fabrication
 - internal field hydration that fakes a valid class instance
+- single-letter callback parameters or other meaningless abbreviations that hide domain meaning
 - helper or factory noise hiding test intent
 - mocks that replace the behavior under test

package/.opencode/skills/typescript-zero-bypass/SKILL.md CHANGED Viewed

@@ -23,16 +23,20 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 2. Model the allowed states explicitly with interfaces and named unions.
 3. Keep absence explicit with `null` when the domain has “no value.”
 4. If external input is involved, validate it at the boundary instead of coercing it internally.
-5. If the compiler resists, redesign the model or the control flow. Do not cast.
+5. If the compiler resists, redesign the model or the control flow. Do not cast, fabricate instances, or hide meaning behind abbreviations.
 ## Quality Criteria
 - No `any`
 - No `as`, `as const`, chained assertions, angle-bracket assertions, or non-null assertions
 - No ts-comment bypasses
-- No inline structural types
+- No inline structural types, including private methods, local helpers, and return types
+- No inline structural object return types such as `(): { completed: number; total: number }`
 - No `Record` or index signatures as generic escape hatches
 - No `Map` used to avoid modeling a named input contract
+- No `Object.create(SomeClass.prototype)` or equivalent prototype fabrication to fake typed instances
+- No `Object.assign(...)` or direct internal field hydration to bypass constructors, factories, or invariants
+- No meaningless abbreviations in identifiers, including single-letter callback parameters such as `c`, `x`, or `i` when they do not carry real meaning
 - Named types instead of anonymous structural sprawl
 ## Anti-Patterns
@@ -40,6 +44,9 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 - Adding `if (!value) return fallback` only to narrow a type you modeled poorly
 - Smuggling domain uncertainty through `Record<string, string>`
 - Smuggling domain uncertainty through `Map<string, string>` in a public or domain-facing signature
+- Fabricating a typed instance with `Object.create(SomeClass.prototype)` and then hydrating internal fields
+- Returning inline structural objects from private methods or helpers instead of naming the concept
+- Writing `this.allChecklists.find((c) => c.id === checklistId)` instead of using a meaningful callback name
 - Using a test helper to hide an imprecise type instead of fixing the model
 ## Hard Cases
@@ -47,6 +54,7 @@ Define what acceptable TypeScript looks like in this framework. The compiler is
 - For external input, validate at the edge and convert into explicit internal types.
 - For collection lookups, model the input structure explicitly and translate `undefined` to a named result shape before it reaches the domain.
 - For literals, prefer explicit unions declared once instead of assertion-based narrowing.
+- For framework or class instances, use the real constructor or a real public factory. If the current API makes honest construction impossible, refactor the API instead of fabricating instances.
 ## Examples

package/docs/policy/quality-definition.md CHANGED Viewed

@@ -53,6 +53,7 @@ Fraud includes:
 - adding impossible fallback branches, fake narrowing, or defensive code only to satisfy TypeScript
 - constructor bypass through `Object.create(SomeClass.prototype)` or equivalent prototype fabrication
 - internal field hydration through `Object.assign(...)` or direct assignment to simulate a valid instance without using the real constructor or public factory
+- meaningless abbreviations in identifiers that hide domain meaning
 - using `Map` in public or domain-facing contracts to avoid explicit named input modeling
 - helper layers that hide what the test is proving
 - mocks that replace the exact behavior under test
@@ -67,6 +68,7 @@ Reject immediately when a diff introduces any of the following without an explic
 - config weakening
 - unproven tests
 - suspicious helper noise
+- meaningless abbreviations in newly introduced identifiers, including single-letter callback parameters such as `c`, `x`, or `i` when they do not carry real meaning
 - narrowing that exists only to appease the compiler
 - constructor bypasses, prototype fabrication, or internal field hydration that fabricate class instances without their real invariants
 - branching that changes runtime semantics without product or domain justification
@@ -116,6 +118,7 @@ Acceptable typing:
 - keeps narrowing honest and evidence-based
 - keeps imported types and values coherent
 - lets the compiler confirm the model instead of being tricked into silence
+- uses names that preserve domain meaning instead of meaningless abbreviations
 Unacceptable typing:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agent-quality-police",
-  "version": "0.2.9",
+  "version": "0.2.11",
   "description": "Strict governance framework for coding agents that blocks testing and typing bypasses.",
   "type": "module",
   "license": "MIT",