agentboot 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/README.md +9 -8
  2. package/agentboot.config.json +4 -1
  3. package/package.json +2 -2
  4. package/scripts/cli.ts +465 -18
  5. package/scripts/compile.ts +724 -75
  6. package/scripts/dev-sync.ts +1 -1
  7. package/scripts/lib/config.ts +259 -1
  8. package/scripts/lib/frontmatter.ts +3 -1
  9. package/scripts/validate.ts +12 -7
  10. package/website/docusaurus.config.ts +117 -0
  11. package/website/package-lock.json +18448 -0
  12. package/website/package.json +47 -0
  13. package/website/sidebars.ts +53 -0
  14. package/website/src/css/custom.css +23 -0
  15. package/website/src/pages/index.module.css +23 -0
  16. package/website/src/pages/index.tsx +125 -0
  17. package/website/static/.nojekyll +0 -0
  18. package/website/static/CNAME +1 -0
  19. package/website/static/img/favicon.ico +0 -0
  20. package/website/static/img/logo.svg +1 -0
  21. package/.github/ISSUE_TEMPLATE/persona-request.md +0 -62
  22. package/.github/ISSUE_TEMPLATE/quality-feedback.md +0 -67
  23. package/.github/workflows/cla.yml +0 -25
  24. package/.github/workflows/validate.yml +0 -49
  25. package/.idea/agentboot.iml +0 -9
  26. package/.idea/misc.xml +0 -6
  27. package/.idea/modules.xml +0 -8
  28. package/.idea/vcs.xml +0 -6
  29. package/CLAUDE.md +0 -230
  30. package/CONTRIBUTING.md +0 -168
  31. package/PERSONAS.md +0 -156
  32. package/core/instructions/baseline.instructions.md +0 -133
  33. package/core/instructions/security.instructions.md +0 -186
  34. package/core/personas/code-reviewer/SKILL.md +0 -175
  35. package/core/personas/security-reviewer/SKILL.md +0 -233
  36. package/core/personas/test-data-expert/SKILL.md +0 -234
  37. package/core/personas/test-generator/SKILL.md +0 -262
  38. package/core/traits/audit-trail.md +0 -182
  39. package/core/traits/confidence-signaling.md +0 -172
  40. package/core/traits/critical-thinking.md +0 -129
  41. package/core/traits/schema-awareness.md +0 -132
  42. package/core/traits/source-citation.md +0 -174
  43. package/core/traits/structured-output.md +0 -199
  44. package/docs/ci-cd-automation.md +0 -548
  45. package/docs/claude-code-reference/README.md +0 -21
  46. package/docs/claude-code-reference/agentboot-coverage.md +0 -484
  47. package/docs/claude-code-reference/feature-inventory.md +0 -906
  48. package/docs/cli-commands-audit.md +0 -112
  49. package/docs/cli-design.md +0 -924
  50. package/docs/concepts.md +0 -1117
  51. package/docs/config-schema-audit.md +0 -121
  52. package/docs/configuration.md +0 -645
  53. package/docs/delivery-methods.md +0 -758
  54. package/docs/developer-onboarding.md +0 -342
  55. package/docs/extending.md +0 -448
  56. package/docs/getting-started.md +0 -298
  57. package/docs/knowledge-layer.md +0 -464
  58. package/docs/marketplace.md +0 -822
  59. package/docs/org-connection.md +0 -570
  60. package/docs/plans/architecture.md +0 -2429
  61. package/docs/plans/design.md +0 -2018
  62. package/docs/plans/prd.md +0 -1862
  63. package/docs/plans/stack-rank.md +0 -261
  64. package/docs/plans/technical-spec.md +0 -2755
  65. package/docs/privacy-and-safety.md +0 -807
  66. package/docs/prompt-optimization.md +0 -1071
  67. package/docs/test-plan.md +0 -972
  68. package/docs/third-party-ecosystem.md +0 -496
  69. package/domains/compliance-template/README.md +0 -173
  70. package/domains/compliance-template/traits/compliance-aware.md +0 -228
  71. package/examples/enterprise/agentboot.config.json +0 -184
  72. package/examples/minimal/agentboot.config.json +0 -46
  73. package/tests/REGRESSION-PLAN.md +0 -705
  74. package/tests/TEST-PLAN.md +0 -111
  75. package/tests/cli.test.ts +0 -705
  76. package/tests/pipeline.test.ts +0 -608
  77. package/tests/validate.test.ts +0 -278
  78. package/tsconfig.json +0 -62
package/docs/plans/architecture.md DELETED
@@ -1,2429 +0,0 @@
1
- # AgentBoot Architecture Document
2
-
3
- Version: 1.0.0
4
- Status: Draft
5
- Last Updated: 2026-03-19
6
-
7
- ---
8
-
9
- ## Table of Contents
10
-
11
- 1. [Summary](#1-summary)
12
- 2. [System Context Diagram](#2-system-context-diagram)
13
- 3. [Component Architecture](#3-component-architecture)
14
- 4. [Data Architecture](#4-data-architecture)
15
- 5. [Scope Hierarchy & Merge Semantics](#5-scope-hierarchy--merge-semantics)
16
- 6. [Build Pipeline](#6-build-pipeline)
17
- 7. [Distribution Architecture](#7-distribution-architecture)
18
- 8. [Security Architecture](#8-security-architecture)
19
- 9. [Cross-Platform Strategy](#9-cross-platform-strategy)
20
- 10. [Key Architectural Decisions](#10-key-architectural-decisions)
21
- 11. [Open Questions](#11-open-questions)
22
-
23
- ---
24
-
25
- ## 1. Summary
26
-
27
- AgentBoot is a **build tool** for AI agent governance. It compiles reusable behavioral
28
- building blocks (traits) into deployable agent personas, then distributes them across
29
- an organization's repositories through a hub-and-spoke model. The system treats AI
30
- agent behavior as infrastructure: defined in files, stored in version control, reviewed
31
- in pull requests, and distributed through automated pipelines.
32
-
33
- ### Key Architectural Decisions
34
-
35
- - **Build-time composition, not runtime.** Traits are resolved and composed into
36
- personas at build time. The compiled output is complete and standalone. No runtime
37
- resolution, no dynamic includes, no agent-side file reading during sessions. This
38
- ensures portability across all agent platforms.
39
-
40
- - **Hub-and-spoke distribution.** A single personas repository (hub) is the source of
41
- truth. Target repositories (spokes) receive compiled output via sync. Spokes are
42
- passive recipients; they do not produce governance artifacts.
43
-
44
- - **Per-platform compilation targets.** The build produces one self-contained folder per
45
- platform under `dist/` (claude, copilot, cursor, skill, gemini). Each folder contains
46
- everything needed for that platform and nothing it doesn't. The same source definitions
47
- drive all platforms. Scope hierarchy is preserved within each platform folder.
48
-
49
- - **Scope hierarchy with deterministic merge.** Configuration merges across four
50
- levels (Org, Group, Team, Repo) with clear precedence rules: mandatory behaviors
51
- are top-down (org wins), optional behaviors are bottom-up (team wins).
52
-
53
- - **Privacy by design.** Raw prompts never leave the developer's machine. Telemetry
54
- captures structured metrics (persona ID, token counts, findings), never transcripts.
55
- This is a design invariant, not a configuration option.
56
-
57
- ### Major Components
58
-
59
- ```
60
- +-------------------+ +------------------+ +-------------------+
61
- | CLI | | Build System | | Output Generators |
62
- | (agentboot) |---->| validate/compile |---->| CC-native |
63
- | | | | | Cross-platform |
64
- +-------------------+ +------------------+ | Plugin |
65
- | | Managed settings |
66
- +-----+------+ +-------------------+
67
- | | |
68
- +-----v----+ +----v------+ +-------v---------+
69
- | Persona | | Knowledge | | Sync Engine |
70
- | Engine | | Server | | (distribution) |
71
- +----------+ +-----------+ +-----------------+
72
- ```
73
-
74
- The pipeline is linear: **source files** --> **validate** --> **compile** --> **output
75
- generation** --> **sync/distribute**. Each stage has well-defined inputs and outputs.
76
- No stage has runtime dependencies on another.
77
-
78
- ---
79
-
80
- ## 2. System Context Diagram
81
-
82
- ```
83
- +-----------------------------------+
84
- | Developer Machines |
85
- | |
86
- | +------------+ +-------------+ |
87
- | | Claude Code| | Copilot CLI | |
88
- | +------+-----+ +------+------+ |
89
- | | | |
90
- | +------+-----+ +------+------+ |
91
- | | Cursor | | Gemini CLI | |
92
- | +------+-----+ +------+------+ |
93
- | | | |
94
- +---------|---------------|─────────+
95
- | |
96
- +---------v---------------v---------+
97
- | |
98
- | Target Repositories (Spokes) |
99
- | |
100
- | .claude/ .github/ .cursor/ |
101
- | GEMINI.md SKILL.md .mcp.json |
102
- | |
103
- +-----------------^-----------------+
104
- |
105
- Sync (file write / PR)
106
- |
107
- +-------------------+ +---------+ +-------+--------+
108
- | | | | | |
109
- | MDM Systems | | GitHub | | AgentBoot |
110
- | (Jamf, Intune, |<------| API |<------+ Hub Repo |
111
- | JumpCloud) | | | | |
112
- | | +---------+ | agentboot. |
113
- +---------+---------+ | config.json |
114
- | | core/ |
115
- v | domains/ |
116
- +-------------------+ | extensions/ |
117
- | Managed Settings | | |
118
- | /Library/App... | +-------+--------+
119
- | /etc/claude-code/ | |
120
- +-------------------+ agentboot build
121
- |
122
- +------v-------+
123
- | |
124
- | dist/ |
125
- | (compiled |
126
- | output) |
127
- | |
128
- +------+-------+
129
- |
130
- +-----------+-----------+
131
- | | |
132
- +-----v---+ +----v----+ +----v--------+
133
- | CC | | Cross- | | Plugin |
134
- | Plugin | | Platform| | Marketplace |
135
- | Package | | Output | | (private/ |
136
- | | | | | public) |
137
- +---------+ +---------+ +-------------+
138
-
139
-
140
- +-------------------+ +-------------------+
141
- | MCP Clients | | Anthropic API |
142
- | (any platform) |<----->| (Claude models) |
143
- | | | |
144
- +--------+----------+ +-------------------+
145
- | ^
146
- v |
147
- +--------+----------+ |
148
- | AgentBoot | |
149
- | MCP Server | |
150
- | (@agentboot/ | Used by: behavioral tests,
151
- | mcp-server) | /insights analysis,
152
- | | prompt hooks (type: prompt)
153
- +-------------------+
154
- ```
155
-
156
- ### External System Interactions
157
-
158
- | External System | Interaction | Direction |
159
- |--------------------------|-------------------------------------------------------|---------------|
160
- | Claude Code | Reads .claude/ directory, agents, skills, rules | Consumes |
161
- | Copilot | Reads copilot-instructions.md, prompts, SKILL.md | Consumes |
162
- | Cursor | Reads .cursor/rules/, .cursorrules, SKILL.md | Consumes |
163
- | Gemini CLI | Reads GEMINI.md, SKILL.md | Consumes |
164
- | GitHub API | Sync creates PRs, reads repo metadata | Bidirectional |
165
- | MDM (Jamf/Intune/etc.) | Distributes managed-settings.json to endpoints | Consumes |
166
- | Anthropic API | Behavioral tests, /insights, prompt-type hooks | Bidirectional |
167
- | MCP Clients | Query personas, traits, knowledge via MCP protocol | Consumes |
168
- | CC Plugin Marketplace | Hosts plugin packages for discovery and installation | Consumes |
169
-
170
- ---
171
-
172
- ## 3. Component Architecture
173
-
174
- ### 3.1 Build System
175
-
176
- **Responsibility:** Transform source definitions (config, traits, personas, domains,
177
- instructions) into compiled output artifacts.
178
-
179
- **Pipeline:**
180
-
181
- ```
182
- agentboot.config.json
183
- |
184
- +------------v-------------+
185
- | VALIDATION PHASE |
186
- | |
187
- | 1. Config schema check |
188
- | 2. Persona existence |
189
- | 3. Trait references |
190
- | 4. SKILL.md frontmatter |
191
- | 5. PERSONAS.md sync |
192
- | 6. Secret scanning |
193
- | |
194
- +------------+-------------+
195
- |
196
- pass / fail
197
- |
198
- +------------v-------------+
199
- | COMPILATION PHASE |
200
- | |
201
- | 1. Load config |
202
- | 2. Resolve scope chain |
203
- | 3. Compose traits |
204
- | 4. Generate frontmatter |
205
- | 5. Process @imports |
206
- | 6. Merge hooks |
207
- | 7. Generate MCP config |
208
- | |
209
- +------------+-------------+
210
- |
211
- +------------v-------------+
212
- | OUTPUT GENERATION |
213
- | |
214
- | +--> CC-native output |
215
- | +--> Cross-platform |
216
- | +--> Plugin package |
217
- | +--> Managed settings |
218
- | |
219
- +------------+-------------+
220
- |
221
- v
222
- dist/
223
- ```
224
-
225
- **Inputs:**
226
- - `agentboot.config.json` -- org config, group/team hierarchy, enabled personas/traits
227
- - `core/traits/*.md` -- trait definitions with weight configurations
228
- - `core/personas/{name}/SKILL.md` -- persona system prompts with frontmatter
229
- - `core/personas/{name}/persona.config.json` -- build metadata per persona
230
- - `core/instructions/*.md` -- always-on instruction fragments
231
- - `domains/{name}/` -- domain layer directories (traits, personas, instructions, hooks)
232
- - `extensions/` -- org-specific persona extensions
233
-
234
- **Outputs:**
235
- - `dist/claude/` -- self-contained Claude Code distribution (agents, skills, rules, traits, CLAUDE.md, settings.json)
236
- - `dist/copilot/` -- self-contained Copilot distribution (.github/copilot-instructions.md, prompts)
237
- - `dist/cursor/` -- self-contained Cursor distribution (.cursor/rules/*.md)
238
- - `dist/skill/` -- cross-platform SKILL.md output (agentskills.io, traits inlined)
239
- - `dist/gemini/` -- self-contained Gemini CLI distribution (GEMINI.md)
240
- - `dist/managed/` -- managed settings artifacts (when `output.managed: true`)
241
- - `dist/plugin/` -- CC plugin package (when export format is plugin)
242
-
243
- Each platform folder preserves scope hierarchy internally:
244
- - `dist/{platform}/core/` -- org-level compiled output
245
- - `dist/{platform}/groups/{group}/` -- group-level overrides
246
- - `dist/{platform}/teams/{group}/{team}/` -- team-level overrides
247
-
248
- **Key Interfaces:**
249
- - `scripts/validate.ts` -- validation entry point, returns pass/fail with diagnostics
250
- - `scripts/compile.ts` -- compilation entry point, reads config, writes to dist/{platform}/
251
- - `agentboot build` CLI command -- orchestrates validate + compile
252
- - `agentboot build --format <target>` -- selects output generator(s)
253
-
254
- ---
255
-
256
- ### 3.2 CLI
257
-
258
- **Responsibility:** Primary interface for all AgentBoot operations. Provides
259
- interactive onboarding, build orchestration, sync management, diagnostics, and
260
- content scaffolding.
261
-
262
- ```
263
- +------------------------------------------------------------------+
264
- | agentboot CLI |
265
- | |
266
- | +--------------+ +--------------+ +--------------+ |
267
- | | Command | | Setup | | Discovery | |
268
- | | Router | | Wizard | | Engine | |
269
- | | | | | | | |
270
- | | setup | | Role detect | | Repo scan | |
271
- | | build | | Tool detect | | Overlap | |
272
- | | sync | | Org detect | | analysis | |
273
- | | export | | Compliance | | Migration | |
274
- | | publish | | detect | | plan | |
275
- | | doctor | | Outcome | | Config | |
276
- | | status | | execution | | generation | |
277
- | | discover | | | | | |
278
- | | add | +--------------+ +--------------+ |
279
- | | validate | |
280
- | | connect | +--------------+ +--------------+ |
281
- | | upgrade | | Prompt | | Scaffold | |
282
- | | uninstall | | Classifier | | Engine | |
283
- | | lint | | | | | |
284
- | | test | | Raw text --> | | persona | |
285
- | | metrics | | trait / | | trait | |
286
- | | cost-estimate| | gotcha / | | domain | |
287
- | | search | | always-on / | | gotcha | |
288
- | | | | persona | | hook | |
289
- | +--------------+ +--------------+ +--------------+ |
290
- | |
291
- +------------------------------------------------------------------+
292
- ```
293
-
294
- **Key subsystems:**
295
-
296
- - **Command Router:** Maps CLI arguments to handler functions. Supports `--non-interactive`
297
- for CI. Auto-detects TTY for interactive vs. scripted mode.
298
-
299
- - **Setup Wizard:** Multi-path onboarding flow. Detects user role (developer, platform
300
- team, IT/security, explorer), agent tooling, org context, and compliance requirements.
301
- Executes the appropriate setup outcome (Quick Start, Standard Setup, Enterprise Setup).
302
-
303
- - **Discovery Engine:** Scans repos, local machine, and GitHub API for existing agentic
304
- content (CLAUDE.md, copilot-instructions, .cursorrules, agents, skills, rules, hooks,
305
- MCP servers). Produces overlap analysis, migration plan, and config scaffold. All
306
- operations are non-destructive -- discovery never modifies existing files.
307
-
308
- - **Prompt Classifier:** Used by `agentboot add prompt`. Takes raw text and classifies
309
- it as a trait, gotcha, always-on instruction, or persona rule. Supports batch mode
310
- for decomposing existing CLAUDE.md files.
311
-
312
- **Distribution:**
313
-
314
- | Channel | Method |
315
- |--------------------|---------------------------------------|
316
- | macOS | `brew install agentboot` (brew tap) |
317
- | Linux (Debian) | `sudo apt install agentboot` |
318
- | Linux (RHEL) | `sudo dnf install agentboot` |
319
- | Windows | `choco install agentboot` |
320
- | Fallback | `npx agentboot` |
321
-
322
- The CLI targets zero runtime dependencies when distributed via native package managers.
323
- The npm/npx fallback requires Node.js 18+.
324
-
325
- ---
326
-
327
- ### 3.3 Persona Engine
328
-
329
- **Responsibility:** Compose traits into personas according to weight configurations
330
- and scope hierarchy. Resolve trait references, apply calibration, and produce the
331
- effective system prompt for each persona.
332
-
333
- ```
334
- +------------------------------------------------------------------+
335
- | Persona Engine |
336
- | |
337
- | +------------------+ +-------------------+ |
338
- | | Trait Loader | | Weight Resolver | |
339
- | | | | | |
340
- | | core/traits/*.md | | HIGH --> 0.7 | |
341
- | | domain/traits/ |--->| MEDIUM --> 0.5 | |
342
- | | | | LOW --> 0.3 | |
343
- | +------------------+ | OFF --> 0.0 | |
344
- | | MAX --> 1.0 | |
345
- | | 0.0-1.0 passthru | |
346
- | +--------+----------+ |
347
- | | |
348
- | +------------------+ +--------v----------+ |
349
- | | persona.config | | Trait Compositor | |
350
- | | .json |--->| | |
351
- | | | | For each trait: | |
352
- | | traits: | | 1. Load content | |
353
- | | critical- | | 2. Select weight | |
354
- | | thinking: HIGH | | section | |
355
- | | structured- | | 3. Inline or | |
356
- | | output: true | | @import ref | |
357
- | +------------------+ +--------+----------+ |
358
- | | |
359
- | +------------------+ +--------v----------+ |
360
- | | SKILL.md | | Persona Assembler | |
361
- | | (template with |--->| | |
362
- | | injection | | 1. Parse SKILL.md | |
363
- | | markers) | | 2. Inject traits | |
364
- | | | | between markers | |
365
- | | <!-- traits: | | 3. Generate front- | |
366
- | | start --> | | matter | |
367
- | | <!-- traits: | | 4. Produce output | |
368
- | | end --> | | per format | |
369
- | +------------------+ +-------------------+ |
370
- | |
371
- +------------------------------------------------------------------+
372
- ```
373
-
374
- **Trait Composition Rules:**
375
-
376
- 1. Traits listed in `persona.config.json` are loaded from `core/traits/` or domain
377
- layer `traits/` directories.
378
- 2. Named weights (HIGH, MEDIUM, LOW) are resolved to numeric equivalents (0.7, 0.5, 0.3).
379
- 3. Boolean values (`true`) mean the trait is active at its default configuration.
380
- 4. The trait content for the resolved weight level is extracted.
381
- 5. Each platform gets its own self-contained output folder under `dist/{platform}/`.
382
- For `dist/skill/`: trait content is inlined between `<!-- traits:start -->`
383
- and `<!-- traits:end -->` markers in the SKILL.md.
384
- 6. For `dist/claude/`: trait files are written separately; CLAUDE.md uses `@import`
385
- references. Other platform folders receive platform-native formats.
386
-
387
- **Scope Merging in Persona Engine:**
388
-
389
- The Persona Engine applies scope-level overrides during trait composition:
390
-
391
- ```
392
- Org-level traits (always active)
393
- +
394
- Group-level traits (additive)
395
- +
396
- Team-level traits (additive)
397
- +
398
- Persona-specific traits (from persona.config.json)
399
- =
400
- Effective trait set for this persona in this scope
401
- ```
402
-
403
- **Interaction Effects:**
404
-
405
- Traits can declare interaction effects with other traits. For example:
406
- - `critical-thinking: HIGH` + `source-citation` --> at HIGH weight, every finding
407
- must cite the specific line where the issue occurs.
408
- - `creative-suggestion: LOW` + `critical-thinking: HIGH` --> suppresses proactive
409
- suggestions while maximizing scrutiny.
410
-
411
- The build system does not automatically resolve interaction effects. They are encoded
412
- in the trait prose and the model interprets them at runtime. Interaction effects are
413
- documented in each trait file.
414
-
415
- ---
416
-
417
- ### 3.4 Output Generators
418
-
419
- **Responsibility:** Transform compiled persona data into platform-specific file
420
- formats. Each generator understands the target platform's directory structure,
421
- frontmatter format, and feature surface.
422
-
423
- ```
424
- +------------------------------------------------------------------+
425
- | Output Generators |
426
- | |
427
- | Compiled Persona Data |
428
- | (traits resolved, weights applied, scope merged) |
429
- | | |
430
- | +----+----+----+----+ |
431
- | | | | | |
432
- | +----v--+ | +--v-+ | |
433
- | | | | | | | |
434
- | CC-Native Cross Plugin Managed |
435
- | Generator Plat. Gen. Settings |
436
- | | Gen. | Gen. |
437
- | | | | | |
438
- | v v v v |
439
- | |
440
- | .claude/ SKILL.md plugin/ managed/ |
441
- | agents/ copilot- .claude- managed- |
442
- | skills/ instr.md plugin/ settings.json |
443
- | rules/ GEMINI.md agents/ managed-mcp.json |
444
- | traits/ .cursor/ skills/ CLAUDE.md |
445
- | CLAUDE.md rules/ hooks/ |
446
- | settings. .mcp.json |
447
- | json settings. |
448
- | .mcp.json json |
449
- | |
450
- +------------------------------------------------------------------+
451
- ```
452
-
453
- #### 3.4.1 CC-Native Generator
454
-
455
- Produces the full Claude Code directory structure:
456
-
457
- | Output File | Source | Key Features |
458
- |----------------------------------------|-------------------------------------|--------------------------------------|
459
- | `.claude/agents/{name}/CLAUDE.md` | SKILL.md + persona.config.json | Full frontmatter: model, permissionMode, maxTurns, disallowedTools, tools, skills, mcpServers, hooks, memory, isolation |
460
- | `.claude/skills/{name}/SKILL.md` | SKILL.md | `context: fork`, `agent:` reference, `argument-hint`, dynamic context injection |
461
- | `.claude/rules/{topic}.md` | Gotchas, domain rules | `paths:` frontmatter for path-scoped activation |
462
- | `.claude/traits/{name}.md` | core/traits/*.md | Separate files for `@import` composition |
463
- | `.claude/CLAUDE.md` | Always-on instructions + @imports | `@.claude/traits/...` references, SME discoverability fragment |
464
- | `.claude/settings.json` | Domain hooks, compliance config | Hook entries, permission rules |
465
- | `.claude/.mcp.json` | Domain MCP servers | MCP server configurations |
466
-
467
- #### 3.4.2 Cross-Platform Generator
468
-
469
- Produces standalone files that work across agent platforms:
470
-
471
- | Output File | Format | Target Platforms |
472
- |-----------------------------------------|--------------------------|-------------------------------|
473
- | `skills/{name}/SKILL.md` | agentskills.io (traits inlined) | All 26+ compatible platforms |
474
- | `.github/copilot-instructions.md` | Copilot format | GitHub Copilot |
475
- | `.github/instructions/*.instructions.md` | Path-scoped instructions | Copilot (glob-scoped) |
476
- | `.github/prompts/*.prompt.md` | Copilot prompt files | VS Code Copilot Chat |
477
- | `.cursor/rules/*.md` | Cursor rules | Cursor |
478
- | `.cursorrules` | Flattened instructions | Cursor (legacy) |
479
- | `GEMINI.md` | Gemini instructions | Gemini CLI |
480
- | `CLAUDE.md` | Flattened (no @imports) | Claude Code (basic) |
481
-
482
- #### 3.4.3 Plugin Generator
483
-
484
- Packages compiled output as a Claude Code plugin:
485
-
486
- ```
487
- {plugin-name}/
488
- .claude-plugin/
489
- plugin.json # Plugin metadata (name, version, description)
490
- agents/
491
- {name}/CLAUDE.md # Agent definitions
492
- skills/
493
- {name}/SKILL.md # Skill definitions
494
- hooks/
495
- hooks.json # Compliance and audit hooks
496
- .mcp.json # MCP server configurations
497
- settings.json # Default agent, permissions
498
- README.md # Plugin documentation
499
- ```
500
-
501
- #### 3.4.4 Managed Settings Generator
502
-
503
- Produces artifacts for MDM deployment:
504
-
505
- ```
506
- dist/managed/
507
- managed-settings.json # Non-overridable hooks, permissions, lockdown flags
508
- managed-mcp.json # Non-overridable MCP servers
509
- CLAUDE.md # Non-overridable instructions
510
- ```
511
-
512
- These files deploy to system paths:
513
- - macOS: `/Library/Application Support/ClaudeCode/`
514
- - Linux: `/etc/claude-code/`
515
-
516
- Managed settings cannot be overridden by any user or project configuration.
517
-
518
- ---
519
-
520
- ### 3.5 Sync Engine
521
-
522
- **Responsibility:** Distribute compiled output from the hub repository to target
523
- spoke repositories. Manage file writes, PR creation, manifest tracking, and
524
- platform-specific output selection.
525
-
526
- ```
527
- +------------------------------------------------------------------+
528
- | Sync Engine |
529
- | |
530
- | +-------------------+ |
531
- | | repos.json | For each repo: |
532
- | | | |
533
- | | [{ | +------------------+ |
534
- | | name: "org/a", |--->| Repo Targeter | |
535
- | | path: "/...", | | | |
536
- | | team: "api", | | 1. Resolve scope | |
537
- | | group:"platform"| | (org+group+ | |
538
- | | platform: "cc" | | team) | |
539
- | | }] | | 2. Select output | |
540
- | +-------------------+ | format | |
541
- | | 3. Merge layers | |
542
- | +--------+---------+ |
543
- | | |
544
- | +------------------------+-------------------+ |
545
- | | | | |
546
- | +-------v--------+ +---------v-------+ +-------v------+ |
547
- | | Local Writer | | GitHub API | | GitLab API | |
548
- | | | | Writer | | Writer | |
549
- | | Writes files | | | | | |
550
- | | to local path | | Creates branch | | Creates MR | |
551
- | | | | Commits files | | | |
552
- | | Optional: | | Opens PR | | | |
553
- | | git commit + | | | | | |
554
- | | open PR | | | | | |
555
- | +-------+--------+ +--------+--------+ +------+-------+ |
556
- | | | | |
557
- | +----------------------+--------------------+ |
558
- | | |
559
- | +------------v-----------+ |
560
- | | Manifest Writer | |
561
- | | | |
562
- | | Writes .agentboot- | |
563
- | | manifest.json to | |
564
- | | each target repo | |
565
- | | | |
566
- | | Tracks: managed files, | |
567
- | | hashes, version, | |
568
- | | sync timestamp | |
569
- | +------------------------+ |
570
- | |
571
- +------------------------------------------------------------------+
572
- ```
573
-
574
- **Inputs:**
575
- - `repos.json` -- array of repo entries with name, path, team, group, platform
576
- - `dist/{platform}/` -- compiled output from the build system, one self-contained folder per platform
577
- - `agentboot.config.json` -- sync mode, PR settings, output directory
578
-
579
- **Outputs:**
580
- - Files written to each target repo's output directory (default: `.claude/`)
581
- - `.agentboot-manifest.json` in each target repo (tracks managed files)
582
- - Pull requests (when `sync.pr.enabled: true` or `sync.mode: "github-api"`)
583
-
584
- **Key Behaviors:**
585
-
586
- 1. **Platform Selection:** Each repo's `platform` field determines which `dist/{platform}/`
587
- folder it reads from (e.g., `claude`, `copilot`, `cursor`, `skill`, `gemini`).
588
-
589
- 2. **Scope Resolution:** The sync engine looks up each repo's group and team in the
590
- config, then merges `dist/{platform}/core/` + `dist/{platform}/groups/{group}/` +
591
- `dist/{platform}/teams/{group}/{team}/` to produce the effective output for that repo.
592
-
593
- 3. **Manifest Tracking:** Every file written by sync is recorded in
594
- `.agentboot-manifest.json` with its content hash. This enables clean uninstall --
595
- only files managed by AgentBoot are removed.
596
-
597
- 4. **PR Creation:** When configured, the sync engine creates a branch
598
- (`agentboot/sync-{date}`), commits all changes, and opens a PR. The PR is the
599
- governance checkpoint -- a human reviews the persona changes before they reach
600
- the team.
601
-
602
- 5. **Idempotency:** Re-running sync with identical compiled output produces no changes
603
- (no new commits, no new PRs). Changed files are detected via hash comparison
604
- against the manifest.
605
-
606
- ---
607
-
608
- ### 3.6 Knowledge Server
609
-
610
- **Responsibility:** Provide structured and semantic access to organizational knowledge
611
- (gotchas, ADRs, incident learnings, standards, patterns) via MCP protocol. Supports
612
- a three-stage progression from flat files to vector/RAG.
613
-
614
- ```
615
- +------------------------------------------------------------------+
616
- | Knowledge Server |
617
- | |
618
- | +-------------------+ |
619
- | | Knowledge Sources | |
620
- | | | |
621
- | | gotchas/*.md | +-----------------+ |
622
- | | adrs/*.md |--->| Indexer | |
623
- | | incidents/*.md | | | |
624
- | | standards/*.md | | Reads frontmatter| |
625
- | | patterns/*.md | | Builds SQLite | |
626
- | +-------------------+ | index | |
627
- | | (agentboot build | |
628
- | | --index) | |
629
- | +--------+---------+ |
630
- | | |
631
- | +--------v---------+ |
632
- | | knowledge.db | |
633
- | | (SQLite) | |
634
- | | | |
635
- | | Structured index | |
636
- | | + (optional) | |
637
- | | vector embeddings| |
638
- | | via sqlite-vss | |
639
- | +--------+---------+ |
640
- | | |
641
- | +--------v---------+ |
642
- | | MCP Server | |
643
- | | (@agentboot/ | |
644
- | | knowledge- | |
645
- | | server) | |
646
- | | | |
647
- | | Tools: | |
648
- | | kb_search | |
649
- | | kb_get | |
650
- | | kb_related | |
651
- | | kb_list | |
652
- | | kb_semantic_ | |
653
- | | search (S3) | |
654
- | | kb_relevant_ | |
655
- | | to_diff (S3) | |
656
- | +------------------+ |
657
- | |
658
- +------------------------------------------------------------------+
659
- ```
660
-
661
- **Three-Stage Progression:**
662
-
663
- | Stage | Backing Store | Retrieval Method | Scale | Cost |
664
- |-------|---------------|------------------|-------------|-------|
665
- | 1 | Flat files | Path-scoped load | 5-50 items | Free |
666
- | 2 | SQLite index | Tag/category queries | 50-500 items | Free |
667
- | 3 | SQLite + sqlite-vss | Vector similarity | 500+ items | $ (embedding API) |
668
-
669
- **Critical Design Property:** The MCP interface is stable across all three stages.
670
- Personas call the same tools regardless of whether the backing store is flat files,
671
- SQLite, or vector embeddings. The MCP interface is the abstraction boundary.
672
-
673
- **MCP Tools:**
674
-
675
- | Tool | Stage | Description |
676
- |------------------------------|-------|--------------------------------------------|
677
- | `agentboot_kb_search` | 2+ | Query by tags, technology, severity |
678
- | `agentboot_kb_get` | 2+ | Retrieve a specific item by ID |
679
- | `agentboot_kb_related` | 2+ | Find items related to a given item |
680
- | `agentboot_kb_list` | 2+ | List items by type and filter |
681
- | `agentboot_kb_semantic_search` | 3 | Vector similarity search |
682
- | `agentboot_kb_relevant_to_diff` | 3 | Find knowledge relevant to a code diff |
683
-
684
- ---
685
-
686
- ### 3.7 Telemetry System
687
-
688
- **Responsibility:** Emit structured telemetry from persona invocations for cost
689
- optimization, coverage tracking, quality feedback, and adoption metrics.
690
-
691
- ```
692
- +------------------------------------------------------------------+
693
- | Telemetry System |
694
- | |
695
- | +-------------------+ |
696
- | | Hook Scripts | Generated by build system |
697
- | | | Deployed to .claude/hooks/ |
698
- | | audit-session- | |
699
- | | start.sh | |
700
- | | audit-persona- | |
701
- | | start.sh | |
702
- | | audit-persona- | |
703
- | | stop.sh | |
704
- | | audit-tool-use.sh | |
705
- | | audit-session- | |
706
- | | end.sh | |
707
- | +--------+----------+ |
708
- | | |
709
- | | (async -- non-blocking) |
710
- | | |
711
- | +--------v----------+ |
712
- | | NDJSON Writer | One JSON line per event |
713
- | | | |
714
- | | Writes to: | |
715
- | | .agentboot/ | |
716
- | | telemetry.ndjson| |
717
- | +--------+----------+ |
718
- | | |
719
- | +--------v----------+ |
720
- | | Metrics | agentboot metrics |
721
- | | Aggregator | |
722
- | | | Reads NDJSON, produces: |
723
- | | Per-persona stats | - Invocation counts |
724
- | | Per-team stats | - Token usage |
725
- | | Per-period stats | - Cost estimates |
726
- | | | - Finding distributions |
727
- | +-------------------+ - Adoption rates |
728
- | |
729
- +------------------------------------------------------------------+
730
- ```
731
-
732
- **Telemetry Event Schema (GELF/NDJSON):**
733
-
734
- ```json
735
- {
736
- "persona_id": "review-security",
737
- "model": "claude-sonnet-4-6",
738
- "scope": "team:platform/api",
739
- "product": "my-app",
740
- "session_id": "abc123",
741
- "input_tokens": 4200,
742
- "output_tokens": 1800,
743
- "outcome": "completed",
744
- "findings": { "CRITICAL": 0, "ERROR": 1, "WARN": 3, "INFO": 2 },
745
- "duration_ms": 12400,
746
- "timestamp": "2026-03-19T14:30:00Z"
747
- }
748
- ```
749
-
750
- **Key Properties:**
751
- - All hooks are async -- they do not block the developer workflow.
752
- - Output is NDJSON (one JSON object per line) -- queryable with `jq` from day one.
753
- - No dashboarding infrastructure required. `jq` and shell scripts are sufficient
754
- for initial analysis.
755
- - Raw prompts are never captured. Only structured metadata.
756
-
757
- **Hook Events Used:**
758
-
759
- | Hook Event | Telemetry Action | Async |
760
- |-------------------|-------------------------------------------|-------|
761
- | `SessionStart` | Log session initiation with env context | Yes |
762
- | `SubagentStart` | Log persona invocation | Yes |
763
- | `SubagentStop` | Log persona completion + token counts | Yes |
764
- | `PostToolUse` | Log tool usage (Edit, Write, Bash only) | Yes |
765
- | `SessionEnd` | Log session summary | Yes |
766
-
767
- ---
768
-
769
- ### 3.8 Plugin System
770
-
771
- **Responsibility:** Package AgentBoot compiled output as installable Claude Code
772
- plugins. Support private marketplace hosting, version management, and force-enable
773
- via managed settings.
774
-
775
- ```
776
- +------------------------------------------------------------------+
777
- | Plugin System |
778
- | |
779
- | +-------------------+ +-------------------+ |
780
- | | Plugin Packager | | Marketplace | |
781
- | | | | Publisher | |
782
- | | agentboot export | | | |
783
- | | --format plugin | | agentboot publish | |
784
- | | | | | |
785
- | | Reads:dist/claude/| | Reads: plugin/ | |
786
- | | Writes: plugin/ | | Writes: | |
787
- | | with plugin.json | | marketplace.json | |
788
- | | and proper CC | | in marketplace | |
789
- | | directory layout | | repo | |
790
- | +--------+----------+ +--------+----------+ |
791
- | | | |
792
- | +--------v----------+ +--------v----------+ |
793
- | | Plugin Package | | Marketplace Repo | |
794
- | | | | | |
795
- | | plugin.json | | .claude-plugin/ | |
796
- | | agents/ | | marketplace.json | |
797
- | | skills/ | | plugins/ | |
798
- | | hooks/ | | acme/ | |
799
- | | .mcp.json | | healthcare/ | |
800
- | | settings.json | | fintech/ | |
801
- | +-------------------+ +-------------------+ |
802
- | |
803
- | Installation: |
804
- | |
805
- | /plugin marketplace add {org}/{marketplace-repo} |
806
- | /plugin install {plugin-name} |
807
- | |
808
- | Force-enable via managed settings: |
809
- | { "enabledPlugins": { "acme@acme-personas": true } } |
810
- | |
811
- +------------------------------------------------------------------+
812
- ```
813
-
814
- **Marketplace Layers:**
815
-
816
- | Layer | Quality Bar | Governance |
817
- |-----------|---------------------------------|----------------------|
818
- | Core | Maintained by AgentBoot project | Apache 2.0, tested |
819
- | Verified | Reviewed by maintainer | License-compatible |
820
- | Community | Valid frontmatter only | Buyer beware |
821
-
822
- **Plugin Lifecycle:**
823
-
824
- 1. `agentboot build` -- compiles personas and traits
825
- 2. `agentboot export --format plugin` -- packages as CC plugin
826
- 3. `agentboot publish` -- pushes to marketplace repository
827
- 4. Developer: `/plugin install {name}` -- installs from marketplace
828
- 5. IT: managed settings force-enable -- zero developer action
829
- 6. `/reload-plugins` -- picks up updates without restart
830
-
831
- ---
832
-
833
- ## 4. Data Architecture
834
-
835
- ### 4.1 agentboot.config.json
836
-
837
- The root configuration file. JSONC format (comments allowed). Validated against
838
- JSON Schema on every build.
839
-
840
- ```
841
- agentboot.config.json
842
- |
843
- +-- org: string (required)
844
- | Organization identifier. Lowercase alphanumeric + hyphens.
845
- | Pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$
846
- |
847
- +-- groups: object
848
- | |
849
- | +-- {group-name}: GroupConfig
850
- | |
851
- | +-- teams: string[] (required)
852
- | +-- personas: PersonasConfig
853
- | +-- traits: TraitsConfig
854
- | +-- extend: string (path to group extensions)
855
- |
856
- +-- personas: PersonasConfig
857
- | |
858
- | +-- enabled: string[]
859
- | | Default: ["code-reviewer", "security-reviewer",
860
- | | "test-generator", "test-data-expert"]
861
- | +-- extend: string | null
862
- | Path to org-specific persona directory.
863
- |
864
- +-- traits: TraitsConfig
865
- | |
866
- | +-- enabled: string[]
867
- | Default: all traits in core/traits/
868
- |
869
- +-- sync: SyncConfig
870
- | |
871
- | +-- repos: string | RepoConfig[]
872
- | | Default: "./repos.json"
873
- | +-- mode: "local" | "github-api"
874
- | | Default: "local"
875
- | +-- pr: SyncPrConfig
876
- | |
877
- | +-- enabled: boolean (default: false)
878
- | +-- branch_prefix: string (default: "agentboot/sync-")
879
- | +-- title_template: string
880
- |
881
- +-- output: OutputConfig
882
- | |
883
- | +-- dir: string (default: ".claude")
884
- | +-- format: "claude-code" | "cross-platform" | "both"
885
- | | Default: "both"
886
- | +-- personas_registry: boolean (default: true)
887
- | +-- hooks: boolean (default: true)
888
- | +-- mcp: boolean (default: true)
889
- | +-- managed: boolean (default: false)
890
- |
891
- +-- extend: ExtendConfig
892
- |
893
- +-- domains: string[]
894
- | Default: []
895
- +-- instructions: string | null
896
- Path to org-level always-on instructions.
897
- ```
898
-
899
- **Full JSON Schema:** Defined in `docs/configuration.md` with `$id:
900
- https://agentboot.dev/schema/config/v1`.
901
-
902
- ---
903
-
904
- ### 4.2 persona.config.json
905
-
906
- Per-persona build metadata. Lives at `core/personas/{name}/persona.config.json`.
907
-
908
- > **Note:** The formal schema for this file is defined in technical-spec.md Section 5.
909
- > The schema below summarizes the structure.
910
-
911
- ```
912
- persona.config.json
913
- |
914
- +-- id: string (required)
915
- | Must match the persona directory name.
916
- |
917
- +-- name: string
918
- | Human-readable display name.
919
- |
920
- +-- description: string
921
- | One-line description for SME discoverability fragment.
922
- |
923
- +-- traits: object (required)
924
- | |
925
- | +-- {trait-id}: string | number | boolean
926
- | string: "HIGH" | "MEDIUM" | "LOW" | "OFF" | "MAX"
927
- | number: 0.0 - 1.0
928
- | boolean: true (default weight) / false (disabled)
929
- |
930
- +-- model: string
931
- | Recommended model. "opus" | "sonnet" | "haiku"
932
- |
933
- +-- permissionMode: string
934
- | "default" | "plan" | "acceptEdits" | "bypassPermissions"
935
- | Review personas should use "plan" (read-only).
936
- |
937
- +-- maxTurns: number
938
- | Agentic turn limit.
939
- |
940
- +-- tools: string[]
941
- | Tool allowlist (alternative to disallowedTools).
942
- |
943
- +-- disallowedTools: string[]
944
- | Tool denylist. E.g., ["Edit", "Write", "Agent"]
945
- |
946
- +-- skills: string[]
947
- | Skills to preload into agent context.
948
- |
949
- +-- mcpServers: string[]
950
- | MCP server references (must exist in .mcp.json).
951
- |
952
- +-- hooks: object
953
- | Agent-specific hooks (merged with domain hooks).
954
- |
955
- +-- memory: string
956
- | "project" | "local" | null
957
- |
958
- +-- isolation: string
959
- | "worktree" | null
960
- |
961
- +-- autonomy: string
962
- | "advisory" | "auto-approve" | "autonomous"
963
- | Default: "advisory"
964
- |
965
- +-- context: string
966
- | "fork" | null (for skills that delegate to this agent)
967
- ```
968
-
969
- ---
970
-
971
- ### 4.3 repos.json
972
-
973
- Repository registry. Defines the spoke repos that receive compiled output.
974
-
975
- ```json
976
- [
977
- {
978
- "name": "org/api-service",
979
- "path": "/absolute/path/to/api-service",
980
- "team": "api",
981
- "group": "platform",
982
- "platform": "claude-code"
983
- },
984
- {
985
- "name": "org/web-app",
986
- "path": "/absolute/path/to/web-app",
987
- "team": "web",
988
- "group": "product",
989
- "platform": "copilot"
990
- }
991
- ]
992
- ```
993
-
994
- | Field | Type | Required | Description |
995
- |------------|--------|----------|--------------------------------------------|
996
- | `name` | string | Yes | GitHub repo slug (org/repo) |
997
- | `path` | string | Yes* | Absolute local path (* for local mode) |
998
- | `team` | string | No | Team name (must match config) |
999
- | `group` | string | No | Group name (must match config) |
1000
- | `platform` | string | No | `claude-code` (default), `copilot`, `cursor`, `cross-platform` |
1001
-
1002
- ---
1003
-
1004
- ### 4.4 SKILL.md Frontmatter (agentskills.io Format)
1005
-
1006
- The cross-platform persona definition format. Supported by 26+ agent platforms.
1007
-
1008
- ```yaml
1009
- ---
1010
- id: review-code
1011
- name: Code Reviewer
1012
- version: 1.0.0
1013
- traits:
1014
- critical-thinking: MEDIUM
1015
- structured-output: true
1016
- source-citation: true
1017
- confidence-signaling: true
1018
- scope: pr
1019
- output_format: structured
1020
- ---
1021
-
1022
- [Persona system prompt in prose]
1023
- ```
1024
-
1025
- | Field | Type | Description |
1026
- |-----------------|----------------|--------------------------------------------|
1027
- | `id` | string | Machine-readable identifier |
1028
- | `name` | string | Human-readable name |
1029
- | `version` | semver string | Persona version |
1030
- | `traits` | object | Trait references with weight config |
1031
- | `scope` | string | `pr`, `file`, `project` |
1032
- | `output_format` | string | `structured`, `prose`, `json` |
1033
-
1034
- ---
1035
-
1036
- ### 4.5 Agent CLAUDE.md Frontmatter (CC-Native Format)
1037
-
1038
- Extended frontmatter for Claude Code agents. Superset of SKILL.md capabilities.
1039
-
1040
- ```yaml
1041
- ---
1042
- name: review-security
1043
- description: Deep security review -- OWASP, auth, data handling, PHI
1044
- model: opus
1045
- permissionMode: plan
1046
- maxTurns: 25
1047
- disallowedTools: Edit, Write, Agent
1048
- tools: Read, Grep, Glob, Bash
1049
- skills:
1050
- - hipaa-check
1051
- - review-security
1052
- mcpServers:
1053
- - compliance-kb
1054
- hooks:
1055
- PreToolUse:
1056
- - matcher: "Bash"
1057
- hooks:
1058
- - type: command
1059
- command: "./hooks/validate-no-phi.sh"
1060
- memory: project
1061
- isolation: worktree
1062
- ---
1063
- ```
1064
-
1065
- This format is CC-only. The build system generates it from `persona.config.json` and
1066
- includes all CC-specific fields that the agentskills.io SKILL.md format cannot express.
1067
-
1068
- ---
1069
-
1070
- ### 4.6 Telemetry Event Schema
1071
-
1072
- GELF/NDJSON format. One JSON object per line. Written by async hook scripts.
1073
-
1074
- ```json
1075
- {
1076
- "event_type": "persona_invocation",
1077
- "persona_id": "review-security",
1078
- "model": "claude-sonnet-4-6",
1079
- "scope": "team:platform/api",
1080
- "product": "my-app",
1081
- "session_id": "abc123",
1082
- "input_tokens": 4200,
1083
- "output_tokens": 1800,
1084
- "outcome": "completed",
1085
- "findings": {
1086
- "CRITICAL": 0,
1087
- "ERROR": 1,
1088
- "WARN": 3,
1089
- "INFO": 2
1090
- },
1091
- "duration_ms": 12400,
1092
- "timestamp": "2026-03-19T14:30:00Z"
1093
- }
1094
- ```
1095
-
1096
- | Field | Type | Description |
1097
- |----------------|---------|----------------------------------------------------|
1098
- | `event_type` | string | `session_start`, `persona_invocation`, `tool_use`, `session_end` |
1099
- | `persona_id` | string | Which persona was invoked |
1100
- | `model` | string | LLM model used |
1101
- | `scope` | string | Scope context (org, group:name, team:group/name) |
1102
- | `product` | string | Target repo or product name |
1103
- | `session_id` | string | Unique session identifier |
1104
- | `input_tokens` | number | Input token count |
1105
- | `output_tokens`| number | Output token count |
1106
- | `outcome` | string | `completed`, `error`, `timeout`, `cancelled` |
1107
- | `findings` | object | Severity distribution of findings |
1108
- | `duration_ms` | number | Total wall-clock duration |
1109
- | `timestamp` | ISO8601 | Event timestamp |
1110
-
1111
- **Privacy invariant:** No field in the telemetry schema captures raw prompts,
1112
- conversation content, or code snippets. Only structured metadata.
1113
-
1114
- ---
1115
-
1116
- ### 4.7 Knowledge Item Schema
1117
-
1118
- Knowledge items are markdown files with optional frontmatter for structured
1119
- queryability (Stage 2+).
1120
-
1121
- ```yaml
1122
- ---
1123
- type: gotcha
1124
- technology: postgres
1125
- tags: [rls, partitions, security]
1126
- severity: high
1127
- learned_from: incident-2025-Q3
1128
- domain: database
1129
- applies_to: [api-service, auth-service]
1130
- last_validated: 2026-01-15
1131
- ---
1132
-
1133
- # PostgreSQL RLS on Partitions
1134
-
1135
- Partitions do NOT inherit `relrowsecurity`...
1136
- ```
1137
-
1138
- | Field | Type | Required | Stage | Description |
1139
- |------------------|----------|----------|-------|---------------------------------|
1140
- | `type` | string | Yes (S2) | 2+ | `gotcha`, `adr`, `incident`, `standard`, `pattern` |
1141
- | `technology` | string | No | 2+ | Primary technology |
1142
- | `tags` | string[] | No | 2+ | Searchable tags |
1143
- | `severity` | string | No | 2+ | `critical`, `high`, `medium`, `low` |
1144
- | `learned_from` | string | No | 2+ | Source event (incident ID, etc.)|
1145
- | `domain` | string | No | 2+ | Business domain |
1146
- | `applies_to` | string[] | No | 2+ | Affected services/repos |
1147
- | `last_validated` | date | No | 2+ | When the knowledge was last confirmed |
1148
-
1149
- Files without frontmatter degrade gracefully to Stage 1 behavior (full context load).
1150
-
1151
- ---
1152
-
1153
- ### 4.8 .agentboot-manifest.json
1154
-
1155
- Tracks all files managed by AgentBoot in a target repo. Written by the sync engine.
1156
- Used by uninstall to identify which files to remove.
1157
-
1158
- ```json
1159
- {
1160
- "managed_by": "agentboot",
1161
- "version": "1.2.0",
1162
- "synced_at": "2026-03-19T14:30:00Z",
1163
- "hub_repo": "org/org-personas",
1164
- "scope": {
1165
- "group": "platform",
1166
- "team": "api"
1167
- },
1168
- "files": [
1169
- {
1170
- "path": "agents/code-reviewer/CLAUDE.md",
1171
- "hash": "a3f2e8c1d4b9..."
1172
- },
1173
- {
1174
- "path": "skills/review-code/SKILL.md",
1175
- "hash": "7b1c3e9f2a6d..."
1176
- },
1177
- {
1178
- "path": "traits/critical-thinking.md",
1179
- "hash": "e4d8a1b7c3f5..."
1180
- }
1181
- ]
1182
- }
1183
- ```
1184
-
1185
- | Field | Type | Description |
1186
- |-------------|----------|----------------------------------------------------|
1187
- | `managed_by`| string | Always `"agentboot"` |
1188
- | `version` | semver | AgentBoot version that performed the sync |
1189
- | `synced_at` | ISO8601 | Timestamp of the sync |
1190
- | `hub_repo` | string | GitHub slug of the source hub repo |
1191
- | `scope` | object | Group and team scope for this repo |
1192
- | `files` | array | List of managed file paths (relative to output dir) and content hashes |
1193
-
1194
- **Key behaviors:**
1195
- - If a managed file's hash no longer matches on disk, uninstall warns that the file
1196
- was modified locally.
1197
- - Files NOT in the manifest are never touched by uninstall.
1198
- - The manifest itself is a managed file.
1199
-
1200
- ---
1201
-
1202
- ### 4.9 marketplace.json
1203
-
1204
- Plugin marketplace catalog. Lives in the marketplace repository at
1205
- `.claude-plugin/marketplace.json`.
1206
-
1207
- ```json
1208
- {
1209
- "name": "acme-personas",
1210
- "displayName": "Acme Corp AI Personas",
1211
- "owner": {
1212
- "name": "Acme Platform Team"
1213
- },
1214
- "plugins": [
1215
- {
1216
- "name": "acme",
1217
- "source": "./plugins/acme",
1218
- "description": "Acme-customized AgentBoot with compliance",
1219
- "version": "1.0.0"
1220
- }
1221
- ]
1222
- }
1223
- ```
1224
-
1225
- | Field | Type | Description |
1226
- |---------------|--------|-------------------------------------------------|
1227
- | `name` | string | Marketplace identifier |
1228
- | `displayName` | string | Human-readable marketplace name |
1229
- | `owner` | object | Marketplace owner info |
1230
- | `plugins` | array | List of available plugins with name, source, description, version |
1231
-
1232
- ---
1233
-
1234
- ### 4.10 plugin.json
1235
-
1236
- Individual plugin metadata. Lives at `{plugin}/.claude-plugin/plugin.json`.
1237
-
1238
- ```json
1239
- {
1240
- "name": "acme",
1241
- "version": "1.2.0",
1242
- "description": "Acme Corp AI persona governance plugin",
1243
- "author": "Acme Platform Team",
1244
- "license": "Apache-2.0",
1245
- "agentboot_version": ">=1.0.0",
1246
- "personas": ["code-reviewer", "security-reviewer", "test-generator"],
1247
- "traits": ["critical-thinking", "structured-output", "source-citation"]
1248
- }
1249
- ```
1250
-
1251
- ---
1252
-
1253
- ### 4.11 agentboot.domain.json
1254
-
1255
- Domain layer manifest. Registers domain content with the build system.
1256
-
1257
- ```json
1258
- {
1259
- "name": "healthcare-compliance",
1260
- "version": "1.0.0",
1261
- "description": "Healthcare compliance domain (HIPAA, PHI, FHIR)",
1262
- "traits": ["phi-awareness", "hipaa-enforcement", "fhir-awareness"],
1263
- "personas": ["hipaa-reviewer", "compliance-checker"],
1264
- "requires_core_version": ">=1.0.0",
1265
- "license": "Apache-2.0"
1266
- }
1267
- ```
1268
-
1269
- ---
1270
-
1271
- ## 5. Scope Hierarchy & Merge Semantics
1272
-
1273
- ### 5.1 The Four Levels
1274
-
1275
- ```
1276
- +--------------------------------------------------------------+
1277
- | ORG |
1278
- | Universal rules. Active in every repo. Cannot be disabled |
1279
- | by any lower scope. |
1280
- | |
1281
- | +---------------------------------------------------------+ |
1282
- | | GROUP | |
1283
- | | Horizontal concerns that cross teams. E.g., "platform" | |
1284
- | | group adds API contract review for all platform teams. | |
1285
- | | | |
1286
- | | +----------------------------------------------------+ | |
1287
- | | | TEAM | | |
1288
- | | | Team-specific customization. Framework-specific | | |
1289
- | | | traits, team standards, domain knowledge. | | |
1290
- | | | | | |
1291
- | | | +-----------------------------------------------+ | | |
1292
- | | | | REPO | | | |
1293
- | | | | Path-scoped instructions. Activate only when | | | |
1294
- | | | | specific file types or directories are | | | |
1295
- | | | | touched. | | | |
1296
- | | | +-----------------------------------------------+ | | |
1297
- | | +----------------------------------------------------+ | |
1298
- | +---------------------------------------------------------+ |
1299
- +--------------------------------------------------------------+
1300
- ```
1301
-
1302
- ### 5.2 What Each Level Controls
1303
-
1304
- | Level | Controls | Storage Location |
1305
- |-------|------------------------------------------------|-------------------------------|
1306
- | Org | Enabled personas, enabled traits, always-on instructions, compliance hooks, managed settings | `agentboot.config.json` (root), `core/` |
1307
- | Group | Additional personas, additional traits, group extensions | `agentboot.config.json` (`groups.{name}`) |
1308
- | Team | Team-level trait overrides, team-specific gotchas | `repos.json` (team field), team extensions |
1309
- | Repo | Path-scoped rules (activated by file pattern) | `.claude/rules/` with `paths:` frontmatter |
1310
-
1311
- ### 5.3 Merge Algorithm
1312
-
1313
- The sync engine performs scope merging when determining the effective configuration
1314
- for a target repo:
1315
-
1316
- ```
1317
- function resolveEffectiveConfig(repo: RepoConfig): EffectiveConfig {
1318
- // Step 1: Start with org-level configuration
1319
- let effective = loadOrgConfig()
1320
-
1321
- // Step 2: If repo belongs to a group, merge group config
1322
- if (repo.group) {
1323
- const groupConfig = loadGroupConfig(repo.group)
1324
- effective = mergeScopes(effective, groupConfig)
1325
- }
1326
-
1327
- // Step 3: If repo belongs to a team, merge team config
1328
- if (repo.team && repo.group) {
1329
- const teamConfig = loadTeamConfig(repo.group, repo.team)
1330
- effective = mergeScopes(effective, teamConfig)
1331
- }
1332
-
1333
- return effective
1334
- }
1335
- ```
1336
-
1337
- ### 5.4 Merge Rules
1338
-
1339
- The `mergeScopes` function follows these rules:
1340
-
1341
- #### Rule 1: Personas -- Additive Union
1342
-
1343
- ```
1344
- Org: [code-reviewer, security-reviewer]
1345
- Group: [code-reviewer, security-reviewer, api-contract-reviewer]
1346
- Team: (no override)
1347
-
1348
- Result: [code-reviewer, security-reviewer, api-contract-reviewer]
1349
- ```
1350
-
1351
- Lower scopes can ADD personas. They cannot REMOVE org-level personas.
1352
-
1353
- #### Rule 2: Traits -- Additive Union (with weight override)
1354
-
1355
- ```
1356
- Org: { critical-thinking: MEDIUM, structured-output: true }
1357
- Group: { critical-thinking: HIGH, schema-awareness: true }
1358
- Team: (no override)
1359
-
1360
- Result: { critical-thinking: HIGH, structured-output: true, schema-awareness: true }
1361
- ```
1362
-
1363
- Lower scopes can ADD traits and OVERRIDE weights of existing traits. They cannot
1364
- remove org-level traits.
1365
-
1366
- #### Rule 3: Instructions -- Concatenation
1367
-
1368
- ```
1369
- Org: [no-secrets.md, code-style.md]
1370
- Group: [api-standards.md]
1371
- Team: [team-conventions.md]
1372
-
1373
- Result: [no-secrets.md, code-style.md, api-standards.md, team-conventions.md]
1374
- ```
1375
-
1376
- Instructions from all scopes are concatenated. No removal, no override.
1377
-
1378
- #### Rule 4: Hooks -- Merge with Event-Level Override
1379
-
1380
- ```
1381
- Org: { UserPromptSubmit: [phi-scan] }
1382
- Group: { PreToolUse: [block-dangerous-commands] }
1383
- Team: { UserPromptSubmit: [phi-scan, team-specific-scan] }
1384
-
1385
- Result: { UserPromptSubmit: [phi-scan, team-specific-scan],
1386
- PreToolUse: [block-dangerous-commands] }
1387
- ```
1388
-
1389
- Hooks merge by event type. Within an event type, the most specific scope's hook
1390
- list wins entirely (not merged at the individual hook level).
1391
-
1392
- ### 5.5 Mandatory vs. Optional
1393
-
1394
- The distinction between mandatory and optional determines conflict resolution:
1395
-
1396
- **Mandatory** (org wins):
1397
- - Traits or personas marked `required: true` in org config
1398
- - HARD guardrails (compliance hooks in managed settings)
1399
- - Always-on instructions from org scope
1400
- - Any configuration deployed via MDM
1401
-
1402
- A team-level config that attempts to disable a mandatory trait or persona causes a
1403
- **build failure**. This is an error, not a silent override.
1404
-
1405
- **Optional** (team wins):
1406
- - Trait weight adjustments (team sets critical-thinking to HIGH vs. org default MEDIUM)
1407
- - Additional personas added at team level
1408
- - Team-specific gotchas and path-scoped rules
1409
- - Soft guardrail configurations
1410
-
1411
- ```
1412
- Mandatory: Org ──────────────────────────> All scopes (cannot be overridden)
1413
- propagates downward
1414
-
1415
- Optional: Org <── Group <── Team <── Repo (most specific wins)
1416
- most specific wins
1417
- ```
1418
-
1419
- ### 5.6 Conflict Detection
1420
-
1421
- The build system detects and reports scope conflicts:
1422
-
1423
- | Conflict Type | Behavior |
1424
- |----------------------------------------|--------------------|
1425
- | Team disables required org persona | **Build error** |
1426
- | Team disables required org trait | **Build error** |
1427
- | Team overrides optional trait weight | Allowed (team wins)|
1428
- | Group and team both set same trait weight | Team wins |
1429
- | Domain extension conflicts with base rule | Extension ignored, logged |
1430
- | Two domains define same trait ID | **Build error** |
1431
-
1432
- ---
1433
-
1434
- ## 6. Build Pipeline
1435
-
1436
- ### 6.1 Detailed Flow
1437
-
1438
- ```
1439
- SOURCE FILES VALIDATION COMPILATION
1440
- ──────────── ────────── ───────────
1441
-
1442
- agentboot.config.json ─────┐
1443
-
1444
- core/ │ +──────────────────────+
1445
- traits/ │ │ │
1446
- critical-thinking.md ├────>│ 1. Config Schema │
1447
- structured-output.md │ │ Validate against │
1448
- source-citation.md │ │ JSON Schema │
1449
- ... │ │ │
1450
- │ │ 2. Persona Check │
1451
- personas/ │ │ Every enabled │
1452
- code-reviewer/ │ │ persona exists │
1453
- SKILL.md │ │ in core/ or │
1454
- persona.config.json ├────>│ extension dir │
1455
- security-reviewer/ │ │ │
1456
- SKILL.md │ │ 3. Trait References │
1457
- persona.config.json │ │ Every trait ref'd │
1458
- ... │ │ in persona.config │
1459
- │ │ exists in traits/ │
1460
- instructions/ │ │ │
1461
- no-secrets.md ├────>│ 4. Frontmatter │
1462
- code-style.md │ │ SKILL.md has │
1463
- ... │ │ required fields │
1464
- │ │ │
1465
- domains/ │ │ 5. PERSONAS.md Sync │
1466
- healthcare/ ├────>│ Registry matches │
1467
- agentboot.domain.json │ │ compiled personas │
1468
- traits/ │ │ │
1469
- personas/ │ │ 6. Secret Scanning │
1470
- instructions/ │ │ No credentials │
1471
- hooks/ │ │ in any source file│
1472
- │ │ │
1473
- repos.json ─────────────────┘ +──────────+───────────+
1474
-
1475
- pass │ fail
1476
-
1477
- +──────────v───────────+
1478
- │ │
1479
- │ COMPILATION │
1480
- │ │
1481
- │ For each persona: │
1482
- │ │
1483
- │ 1. Load SKILL.md │
1484
- │ 2. Load persona. │
1485
- │ config.json │
1486
- │ 3. Resolve traits: │
1487
- │ a. Find trait │
1488
- │ file │
1489
- │ b. Resolve weight │
1490
- │ (named->num) │
1491
- │ c. Extract │
1492
- │ weight section │
1493
- │ 4. Apply domain │
1494
- │ extensions │
1495
- │ 5. Generate output: │
1496
- │ │
1497
- +──────────+───────────+
1498
-
1499
- +────────────────+────────────────+
1500
- │ │ │
1501
- +---------v------+ +------v-------+ +----v---------+
1502
- | CC-Native | | Cross-Plat. | | Plugin |
1503
- | | | | | |
1504
- | @import CLAUDE | | Inline SKILL | | plugin.json |
1505
- | agent CLAUDE | | copilot- | | agents/ |
1506
- | skill SKILL | | instr.md | | skills/ |
1507
- | rules w/paths | | cursor rules | | hooks.json |
1508
- | traits (sep.) | | GEMINI.md | | .mcp.json |
1509
- | settings.json | | | | |
1510
- | .mcp.json | | | | |
1511
- +-------+--------+ +------+-------+ +------+-------+
1512
- | | |
1513
- v v v
1514
- dist/claude/ dist/skill/ dist/plugin/
1515
- dist/copilot/ dist/gemini/
1516
- dist/cursor/
1517
- ```
1518
-
1519
- ### 6.2 Validation Phase
1520
-
1521
- Six checks, executed in order. Any failure blocks the build.
1522
-
1523
- | Check | What It Validates | Error Behavior |
1524
- |--------------------------|------------------------------------------------|----------------|
1525
- | **Config Schema** | `agentboot.config.json` matches JSON Schema | Build fails with schema violation details |
1526
- | **Persona Existence** | Every persona in `personas.enabled` exists as a directory | Build fails listing missing personas |
1527
- | **Trait References** | Every trait referenced in any `persona.config.json` exists in `core/traits/` or domain layers | Build fails listing unresolvable traits |
1528
- | **SKILL.md Frontmatter** | Every persona's SKILL.md has required frontmatter fields (id, name, version) | Build fails listing invalid files |
1529
- | **PERSONAS.md Sync** | Generated PERSONAS.md matches current persona inventory | Warning (or error in strict mode) |
1530
- | **Secret Scanning** | No source file contains patterns matching `validation.secretPatterns` | Build fails listing offending files/lines |
1531
-
1532
- **Error handling:**
1533
- - Errors are printed with the exact file and line number.
1534
- - Every error includes a suggested fix command.
1535
- - `--strict` mode treats warnings as errors.
1536
- - `--validate-only` runs validation without proceeding to compilation.
1537
-
1538
- ### 6.3 Compilation Phase
1539
-
1540
- For each enabled persona:
1541
-
1542
- 1. **Load SKILL.md:** Parse frontmatter and prose body.
1543
-
1544
- 2. **Load persona.config.json:** Extract trait references with weights.
1545
-
1546
- 3. **Resolve trait references:**
1547
- - Look up each trait in `core/traits/`, then domain layers (in order).
1548
- - If a named weight (HIGH/MEDIUM/LOW), map to numeric (0.7/0.5/0.3).
1549
- - Extract the section of the trait file corresponding to the weight level.
1550
-
1551
- 4. **Apply domain extensions:**
1552
- - Load `domains/{domain}/extensions/{persona-name}.md` if it exists.
1553
- - Extension content adds to the persona; it does not replace base content.
1554
-
1555
- 5. **Process always-on instructions:**
1556
- - Load all enabled instruction fragments from `core/instructions/`.
1557
- - Load domain-level always-on instructions.
1558
-
1559
- 6. **Generate output per format:**
1560
-
1561
- **CC-Native:**
1562
- - Write trait files to `.claude/traits/{name}.md`
1563
- - Generate CLAUDE.md with `@.claude/traits/{name}.md` imports
1564
- - Generate `.claude/agents/{name}/CLAUDE.md` with full frontmatter from
1565
- persona.config.json (model, permissionMode, maxTurns, tools, etc.)
1566
- - Generate `.claude/skills/{name}/SKILL.md` with `context: fork` and `agent:` ref
1567
- - Generate `.claude/rules/{topic}.md` with `paths:` frontmatter
1568
- - Generate `.claude/settings.json` with hook entries and permission rules
1569
- - Generate `.claude/.mcp.json` with MCP server configurations
1570
- - Generate SME discoverability fragment (list of available personas)
1571
-
1572
- **Cross-Platform:**
1573
- - Inline all trait content between `<!-- traits:start -->` and `<!-- traits:end -->`
1574
- markers in SKILL.md
1575
- - Generate `copilot-instructions.md` from flattened instructions
1576
- - Generate Copilot prompt files from personas
1577
- - Generate `.cursor/rules/` from gotchas and instructions
1578
- - Generate `GEMINI.md` from flattened instructions
1579
-
1580
- 7. **Generate PERSONAS.md registry:**
1581
- - Auto-generated persona inventory with ID, name, description, invocation command.
1582
-
1583
- ### 6.4 Frontmatter Generation
1584
-
1585
- The build system generates different frontmatter for each output format:
1586
-
1587
- **SKILL.md (agentskills.io -- cross-platform):**
1588
- ```yaml
1589
- ---
1590
- id: review-code
1591
- name: Code Reviewer
1592
- version: 1.2.0
1593
- traits:
1594
- critical-thinking: MEDIUM
1595
- structured-output: true
1596
- source-citation: true
1597
- scope: pr
1598
- output_format: structured
1599
- ---
1600
- ```
1601
-
1602
- **Agent CLAUDE.md (CC-native):**
1603
- ```yaml
1604
- ---
1605
- name: review-code
1606
- description: Code review against team standards
1607
- model: sonnet
1608
- permissionMode: plan
1609
- maxTurns: 25
1610
- disallowedTools: Edit, Write, Agent
1611
- skills:
1612
- - review-code
1613
- mcpServers:
1614
- - compliance-kb
1615
- hooks:
1616
- PreToolUse:
1617
- - matcher: "Bash"
1618
- hooks:
1619
- - type: command
1620
- command: ".claude/hooks/block-dangerous-commands.sh"
1621
- memory: project
1622
- ---
1623
- ```
1624
-
1625
- The CC-native frontmatter is a superset. Fields not supported by SKILL.md are
1626
- only included in CC-native output.
1627
-
1628
- ### 6.5 @import Generation
1629
-
1630
- For CC-native output, the generated CLAUDE.md uses `@import` syntax:
1631
-
1632
- ```markdown
1633
- # Project Instructions
1634
-
1635
- @.claude/traits/critical-thinking.md
1636
- @.claude/traits/structured-output.md
1637
- @.claude/traits/source-citation.md
1638
-
1639
- ## Always-On Instructions
1640
-
1641
- @.claude/instructions/no-secrets.md
1642
- @.claude/instructions/code-style.md
1643
-
1644
- ## Available Personas
1645
-
1646
- | Command | What it does |
1647
- |--------------------|---------------------------------------|
1648
- | /review-code | Code review against team standards |
1649
- | /review-security | Security-focused review |
1650
- | /gen-tests | Generate unit and integration tests |
1651
- ```
1652
-
1653
- ### 6.6 Plugin Packaging
1654
-
1655
- When `agentboot export --format plugin` is invoked:
1656
-
1657
- 1. Read compiled CC-native output from `dist/claude/`
1658
- 2. Generate `plugin.json` with metadata from `agentboot.config.json`
1659
- 3. Copy agents, skills, hooks, MCP config into plugin directory structure
1660
- 4. Generate settings.json with default agent and permissions
1661
- 5. Generate README.md from persona registry
1662
-
1663
- The plugin directory structure matches the Claude Code plugin specification exactly.
1664
-
1665
- ---
1666
-
1667
- ## 7. Distribution Architecture
1668
-
1669
- ### 7.1 Distribution Channels
1670
-
1671
- ```
1672
- agentboot build
1673
- |
1674
- +------+------+------+------+------+
1675
- | | | | | |
1676
- v v v v v v
1677
- dist/ dist/ dist/ dist/ dist/ dist/
1678
- claude copilot cursor skill gemini plugin
1679
- | | | | | |
1680
- v v v v v v
1681
- Channel: Direct Sync Channel:
1682
- (each platform folder is Marketplace
1683
- self-contained; sync reads
1684
- dist/{platform}/ and writes Private or
1685
- to repos in platform-native public CC
1686
- locations) marketplace
1687
- | | | | | |
1688
- v v v v v v
1689
- CC Copilot Cursor Any Gemini CC users
1690
- repos repos repos plat repos
1691
- Gemini repos install via
1692
- /plugin install
1693
-
1694
- +------------------+ +-------------------+
1695
- | Channel: | | Channel: |
1696
- | Managed Settings | | MCP Server |
1697
- | | | |
1698
- | MDM deploys to | | Live persona |
1699
- | system paths | | serving to any |
1700
- | HARD guardrails | | MCP client |
1701
- | only | | Cross-platform |
1702
- +------------------+ +-------------------+
1703
- ```
1704
-
1705
- ### 7.2 Channel Comparison
1706
-
1707
- | Channel | Target | Update Mechanism | Enforcement | Effort |
1708
- |-------------------|-------------|---------------------|---------------|--------|
1709
- | Direct Sync | Any repo | `agentboot sync` + PR | PR review | Low |
1710
- | CC Plugin | CC users | `/reload-plugins` | Namespace | Medium |
1711
- | Managed Settings | All CC on machine | MDM push | OS-level | High |
1712
- | MCP Server | Any MCP client | Server restart | None (advisory)| High |
1713
-
1714
- ### 7.3 Direct Sync Flow
1715
-
1716
- ```
1717
- Hub Repo Target Repo
1718
- ──────── ───────────
1719
-
1720
- agentboot.config.json
1721
- core/
1722
- domains/
1723
-
1724
- │ agentboot build
1725
-
1726
- dist/
1727
-
1728
- │ agentboot sync
1729
-
1730
- │ For each repo in repos.json:
1731
- │ 1. Resolve scope (org + group + team)
1732
- │ 2. Select platform folder (from repo.platform → dist/{platform}/)
1733
- │ 3. Merge dist/{platform}/core/ + groups/ + teams/ + public-repos/{repo}/
1734
- │ 4. If repo.public: verify .gitignore includes .claude/, skip PR
1735
- │ 5. Write files to repo.path in platform-native locations
1736
- │ 6. Write .agentboot-manifest.json
1737
- │ 7. (Private repos only) git commit + open PR
1738
-
1739
- .claude/
1740
- agents/
1741
- skills/
1742
- rules/
1743
- traits/
1744
- CLAUDE.md
1745
- settings.json
1746
- .mcp.json
1747
- .agentboot-manifest.json
1748
- ```
1749
-
1750
- ### 7.4 Plugin Marketplace Flow
1751
-
1752
- ```
1753
- Hub Repo Marketplace Repo Developer Machine
1754
- ──────── ──────────────── ─────────────────
1755
-
1756
- agentboot build
1757
-
1758
- │ agentboot export
1759
- │ --format plugin
1760
-
1761
- dist/plugin/
1762
-
1763
- │ agentboot publish
1764
- │ --marketplace
1765
- │ org/org-personas
1766
-
1767
- marketplace.json
1768
- plugins/
1769
- acme/
1770
- .claude-plugin/
1771
- plugin.json
1772
- agents/
1773
- skills/
1774
- ...
1775
- /plugin marketplace add
1776
- org/org-personas
1777
- /plugin install acme
1778
-
1779
-
1780
- ~/.claude/plugins/
1781
- acme/
1782
- agents/
1783
- skills/
1784
- ...
1785
- ```
1786
-
1787
- ### 7.5 Managed Settings Flow
1788
-
1789
- ```
1790
- Hub Repo IT / MDM Console Developer Machine
1791
- ──────── ──────────────── ─────────────────
1792
-
1793
- agentboot build
1794
-
1795
- │ agentboot export
1796
- │ --format managed
1797
-
1798
- dist/managed/
1799
- managed-settings.json
1800
- managed-mcp.json Upload to Jamf /
1801
- CLAUDE.md Intune / JumpCloud
1802
-
1803
- │ MDM push
1804
-
1805
- /Library/Application Support/
1806
- ClaudeCode/
1807
- managed-settings.json
1808
- managed-mcp.json
1809
- CLAUDE.md
1810
-
1811
- (Cannot be overridden by
1812
- any user or project config)
1813
- ```
1814
-
1815
- ### 7.6 MCP Server Flow
1816
-
1817
- ```
1818
- Hub Repo MCP Server Agent (any platform)
1819
- ──────── ────────── ────────────────────
1820
-
1821
- agentboot build
1822
-
1823
- │ agentboot export
1824
- │ --format mcp-server
1825
-
1826
- MCP server package
1827
- (@agentboot/mcp-server)
1828
- npx @agentboot/mcp-server
1829
- --config agentboot.config.json
1830
-
1831
- │ stdio / HTTP
1832
-
1833
- MCP Tools: .mcp.json:
1834
- agentboot_review { "mcpServers": {
1835
- agentboot_list_personas "agentboot": {
1836
- agentboot_get_trait "type": "stdio",
1837
- agentboot_check_compliance "command": "npx",
1838
- agentboot_kb_search "args": [...]
1839
- }
1840
- MCP Resources: }}
1841
- persona://code-reviewer
1842
- trait://critical-thinking
1843
- knowledge://compliance/...
1844
- ```
1845
-
1846
- ---
1847
-
1848
- ## 8. Security Architecture
1849
-
1850
- ### 8.1 Three-Layer Defense-in-Depth
1851
-
1852
- ```
1853
- +------------------------------------------------------------------+
1854
- | LAYER 1: Input Hooks |
1855
- | (Deterministic) |
1856
- | |
1857
- | UserPromptSubmit hook |
1858
- | - Regex-based pattern matching |
1859
- | - Runs BEFORE the model sees the input |
1860
- | - Exit code 2 = block request |
1861
- | - Catches: PHI, credentials, SSNs, API keys, internal URLs |
1862
- | - Latency: < 100ms |
1863
- | - Cost: $0 |
1864
- | - Reliability: 100% for known patterns |
1865
- | |
1866
- | Limitation: regex cannot catch paraphrased or novel patterns |
1867
- +------------------------------------------------------------------+
1868
- |
1869
- pass | block
1870
- |
1871
- +------------------------------------------------------------------+
1872
- | LAYER 2: Instruction-Based Refusal |
1873
- | (Advisory) |
1874
- | |
1875
- | Always-on instruction in CLAUDE.md / copilot-instructions.md |
1876
- | - Model-level guidance: "refuse to process sensitive content" |
1877
- | - Active in every interaction |
1878
- | - Cost: ~50 tokens per session (negligible) |
1879
- | - Catches: semantic violations that regex misses |
1880
- | - Works on ALL platforms (CC, Copilot, Cursor, Gemini) |
1881
- | |
1882
- | Limitation: model may not recognize all violations |
1883
- +------------------------------------------------------------------+
1884
- |
1885
- pass | refuse
1886
- |
1887
- +------------------------------------------------------------------+
1888
- | LAYER 3: Output Hooks |
1889
- | (Advisory / Audit) |
1890
- | |
1891
- | Stop hook |
1892
- | - Scans model output for violations |
1893
- | - Fires AFTER the response has rendered |
1894
- | - CANNOT block (architectural constraint of Stop hook timing) |
1895
- | - Logs violations for audit trail |
1896
- | - Catches: leakage that Layers 1 and 2 missed |
1897
- | |
1898
- | Limitation: post-hoc -- the developer already saw the output |
1899
- +------------------------------------------------------------------+
1900
- ```
1901
-
1902
- **No single layer is sufficient alone.** The three layers are complementary:
1903
- - Layer 1 catches known patterns deterministically.
1904
- - Layer 2 catches semantic violations the model recognizes.
1905
- - Layer 3 provides audit evidence and catches leakage.
1906
-
1907
- ### 8.2 HARD vs. SOFT Guardrails
1908
-
1909
- ```
1910
- HARD Guardrails SOFT Guardrails
1911
- ─────────────── ───────────────
1912
-
1913
- Deployed via MDM Deployed via hub repo sync
1914
- (managed-settings.json) (.claude/settings.json)
1915
-
1916
- Cannot be overridden by ANY Can be temporarily elevated
1917
- user or project config by developer with reason
1918
-
1919
- OS-level file protection Git-level file protection
1920
-
1921
- For: compliance incidents For: engineering best practices
1922
- (PHI leakage, credential (code review standards,
1923
- exposure, audit logging) output formatting, testing)
1924
-
1925
- Build error if team tries Team can override weight
1926
- to disable or add exceptions (ADRs)
1927
-
1928
- Examples: Examples:
1929
- - PHI input scanning hook - critical-thinking weight
1930
- - Credential blocking - structured-output format
1931
- - Audit trail logging - reviewer selection rules
1932
- - disableBypassPermissionsMode - creative-suggestion level
1933
- ```
1934
-
1935
- ### 8.3 Managed Settings Lockdown
1936
-
1937
- For enterprise HARD guardrails, the managed settings generator produces:
1938
-
1939
- ```json
1940
- {
1941
- "disableBypassPermissionsMode": "disable",
1942
- "allowManagedHooksOnly": true,
1943
- "allowManagedMcpServersOnly": true,
1944
- "allowManagedPermissionRulesOnly": true,
1945
- "hooks": {
1946
- "UserPromptSubmit": [
1947
- {
1948
- "matcher": "",
1949
- "hooks": [
1950
- {
1951
- "type": "command",
1952
- "command": "/usr/local/bin/agentboot-compliance-scan",
1953
- "timeout": 5000
1954
- }
1955
- ]
1956
- }
1957
- ]
1958
- }
1959
- }
1960
- ```
1961
-
1962
- When these flags are set:
1963
- - Developers cannot add their own hooks (only managed hooks run)
1964
- - Developers cannot add unauthorized MCP servers
1965
- - Developers cannot override permission rules
1966
- - Developers cannot bypass permissions mode
1967
-
1968
- This is the strongest enforcement available in the Claude Code platform.
1969
-
1970
- ### 8.4 Guardrail Elevation (SOFT only)
1971
-
1972
- ```
1973
- Developer invokes /elevate {guardrail-name}
1974
-
1975
- │ Reason required
1976
-
1977
- Skill grants time-bounded bypass (default TTL: 30 minutes)
1978
-
1979
- │ Audit log entry created:
1980
- │ who, what, why, when, TTL
1981
-
1982
- Guardrail suppressed for TTL duration
1983
-
1984
- │ All actions during window logged
1985
-
1986
- TTL expires → guardrail automatically re-engages
1987
- ```
1988
-
1989
- For organizations where automated elevation creates audit risk, a manual escalation
1990
- model is also supported: developer files GitHub issue, designated approver reviews,
1991
- decision recorded.
1992
-
1993
- ### 8.5 Permanent Exceptions (ADRs)
1994
-
1995
- ```
1996
- Persona flags finding during review
1997
-
1998
-
1999
- Developer: /propose-exception "rationale for deviation"
2000
-
2001
-
2002
- ADR created in hub repo (adrs/ directory)
2003
-
2004
-
2005
- Designated reviewer approves or rejects (via PR review)
2006
-
2007
- ├── Approved: ADR committed, persona learns to accept deviation
2008
-
2009
- └── Rejected: Developer must address the finding
2010
- ```
2011
-
2012
- ADRs live in the hub repo (governance artifacts, not code artifacts). They are
2013
- permanent, approved deviations -- distinct from temporary elevation.
2014
-
2015
- ### 8.6 Platform Compliance Matrix
2016
-
2017
- | Enforcement Layer | Claude Code | Copilot CLI | IDE (VS Code) | Cursor |
2018
- |--------------------------------|-------------|-------------|---------------|--------|
2019
- | Input hook (deterministic) | `UserPromptSubmit` | Pre-prompt hook | N/A | N/A |
2020
- | Instruction refusal (advisory) | CLAUDE.md | copilot-instructions.md | copilot-instructions.md | .cursor/rules/ |
2021
- | Output hook (advisory) | `Stop` | N/A | N/A | N/A |
2022
- | Managed settings (HARD) | MDM paths | N/A | N/A | N/A |
2023
- | Tool restrictions | `disallowedTools`, permissions | N/A | N/A | N/A |
2024
- | Permission lockdown | `disableBypassPermissionsMode` | N/A | N/A | N/A |
2025
-
2026
- **Honest assessment:** Full defense-in-depth is only achievable on Claude Code. All
2027
- other platforms are limited to instruction-based advisory controls plus MCP-level
2028
- integration. AgentBoot documents these gaps per platform rather than promising
2029
- universal enforcement.
2030
-
2031
- ---
2032
-
2033
- ## 9. Cross-Platform Strategy
2034
-
2035
- ### 9.1 Architecture Principle
2036
-
2037
- **Content is agent-agnostic; delivery is CC-first.**
2038
-
2039
- The same source definitions (traits, personas, instructions, gotchas) produce output
2040
- for every supported platform. But the output fidelity varies significantly:
2041
-
2042
- ```
2043
- Feature Richness
2044
- ────────────────
2045
-
2046
- Claude Code ████████████████████████████████ 100%
2047
- Full: agents, skills, rules, hooks, MCP,
2048
- managed settings, @imports, worktrees,
2049
- memory, plugins, subagent isolation
2050
-
2051
- Copilot ██████████████████░░░░░░░░░░░░░░ 55%
2052
- Have: instructions, path-scoped rules,
2053
- prompt files, SKILL.md, MCP
2054
- Missing: hooks, managed settings, memory,
2055
- agent model, isolation
2056
-
2057
- Cursor ████████████░░░░░░░░░░░░░░░░░░░░ 40%
2058
- Have: rules, SKILL.md, MCP
2059
- Missing: hooks, managed settings, memory,
2060
- agent model, isolation, org distribution
2061
-
2062
- Gemini CLI ████████░░░░░░░░░░░░░░░░░░░░░░░░ 30%
2063
- Have: GEMINI.md, SKILL.md, MCP
2064
- Missing: nearly everything else
2065
- ```
2066
-
2067
- ### 9.2 What's Portable
2068
-
2069
- | Content Type | Format | Works On |
2070
- |----------------------|---------------------------|-----------------------------|
2071
- | Traits (behavioral) | Markdown prose | All platforms (via instruction files) |
2072
- | Personas (SKILL.md) | agentskills.io standard | 26+ platforms |
2073
- | Gotchas rules | Markdown with glob patterns | All platforms (path-scoped) |
2074
- | Always-on instructions | Markdown prose | All platforms (instruction files) |
2075
- | MCP servers | `.mcp.json` | CC, Copilot, Cursor, Gemini CLI |
2076
- | Domain layers | Directory structure | All (via different output formats) |
2077
-
2078
- ### 9.3 What's CC-Only
2079
-
2080
- | Feature | CC Mechanism | Non-CC Alternative |
2081
- |--------------------------------|-----------------------------|---------------------------|
2082
- | Agent CLAUDE.md (rich frontmatter) | `.claude/agents/` | SKILL.md (subset) |
2083
- | Hooks (deterministic enforcement) | `settings.json` | None |
2084
- | Managed settings | MDM system paths | None |
2085
- | `context: fork` (isolation) | Skills with subagent fork | None |
2086
- | `permissionMode: plan` | Agent frontmatter | None |
2087
- | `@import` composition | CLAUDE.md native | Inlined traits |
2088
- | Plugin marketplace | CC plugin system | None (file sync only) |
2089
- | Agent memory | `memory: project` | None |
2090
- | Worktree isolation | `isolation: worktree` | None |
2091
-
2092
- ### 9.4 Per-Platform Output Generation
2093
-
2094
- Each platform gets its own self-contained folder under `dist/`. Zip any one and it has
2095
- everything needed for that platform, nothing it doesn't. Scope hierarchy (core → groups
2096
- → teams) is preserved within each platform folder. Duplication across platforms is
2097
- intentional — generated files are cattle not pets. Diffing across platforms (e.g.,
2098
- `diff dist/claude/ dist/copilot/`) shows exactly what's different between distributions.
2099
-
2100
- ```
2101
- agentboot build --format all
2102
-
2103
- dist/
2104
- ├── claude/ # Self-contained Claude Code distribution
2105
- │ ├── core/
2106
- │ │ ├── agents/code-reviewer.md
2107
- │ │ ├── skills/review-code.md
2108
- │ │ ├── traits/critical-thinking.md
2109
- │ │ ├── rules/baseline.md
2110
- │ │ ├── CLAUDE.md (with @imports)
2111
- │ │ └── settings.json (hooks)
2112
- │ ├── groups/{group}/
2113
- │ └── teams/{group}/{team}/
2114
-
2115
- ├── copilot/ # Self-contained Copilot distribution
2116
- │ ├── core/
2117
- │ │ ├── .github/copilot-instructions.md
2118
- │ │ └── .github/prompts/review-code.md
2119
- │ ├── groups/...
2120
- │ └── teams/...
2121
-
2122
- ├── cursor/ # Self-contained Cursor distribution
2123
- │ ├── core/
2124
- │ │ └── .cursor/rules/*.md
2125
- │ ├── groups/...
2126
- │ └── teams/...
2127
-
2128
- ├── skill/ # Cross-platform SKILL.md (agentskills.io)
2129
- │ ├── core/
2130
- │ │ ├── code-reviewer/SKILL.md (traits inlined)
2131
- │ │ └── PERSONAS.md
2132
- │ ├── groups/...
2133
- │ └── teams/...
2134
-
2135
- └── gemini/ # Self-contained Gemini CLI distribution
2136
- ├── core/
2137
- │ └── GEMINI.md
2138
- ├── groups/...
2139
- └── teams/...
2140
- ```
2141
-
2142
- ### 9.5 Per-Repo Platform Selection
2143
-
2144
- The sync engine uses each repo's `platform` field to select which `dist/{platform}/`
2145
- folder to read from:
2146
-
2147
- ```json
2148
- // repos.json
2149
- [
2150
- { "name": "org/api-service", "platform": "claude" },
2151
- { "name": "org/web-app", "platform": "copilot" },
2152
- { "name": "org/ml-pipeline", "platform": "cursor" },
2153
- { "name": "org/data-service", "platform": "skill" },
2154
- { "name": "org/infra-tools", "platform": "gemini" }
2155
- ]
2156
- ```
2157
-
2158
- When `platform` is not specified, the default is `claude`.
2159
-
2160
- ### 9.6 The MCP Bridge
2161
-
2162
- For organizations with mixed tooling, the MCP server provides uniform governance
2163
- across all platforms:
2164
-
2165
- ```
2166
- MCP Server
2167
- (@agentboot/mcp-server)
2168
- |
2169
- +───────────────+───────────────+
2170
- | | |
2171
- Claude Code Copilot Cursor
2172
- (.mcp.json) (.mcp.json) (.mcp.json)
2173
-
2174
- Same MCP tools, same persona definitions,
2175
- same invocation, same output format.
2176
- ```
2177
-
2178
- The MCP server is the only delivery channel where all platforms receive identical
2179
- capabilities. However, it requires a running process and adds latency compared to
2180
- static file delivery.
2181
-
2182
- ### 9.7 Honest Limitations
2183
-
2184
- 1. **Compliance enforcement degrades significantly on non-CC platforms.** Without
2185
- hooks, managed settings, and tool restrictions, compliance is advisory-only.
2186
- Organizations with strict compliance requirements should prioritize Claude Code.
2187
-
2188
- 2. **Agent isolation is CC-only.** `context: fork` and worktree isolation have no
2189
- equivalent on other platforms. Review personas on non-CC platforms share context
2190
- with the generation conversation.
2191
-
2192
- 3. **The plugin ecosystem is CC-only.** Copilot, Cursor, and Gemini CLI users must
2193
- use file sync or MCP. There is no marketplace experience for non-CC platforms.
2194
-
2195
- 4. **Self-improvement reflections require CC agent memory.** The reflection system
2196
- (`memory: project`) is CC-specific. Non-CC personas cannot maintain persistent
2197
- memory across sessions.
2198
-
2199
- ---
2200
-
2201
- ## 10. Key Architectural Decisions
2202
-
2203
- ### AD-01: Build-Time Composition (Not Runtime)
2204
-
2205
- **Decision:** Traits are composed into personas at build time. The compiled output is
2206
- complete and standalone. No runtime resolution, no dynamic includes.
2207
-
2208
- **Rationale:** Runtime trait inclusion (e.g., `@include` directives resolved during
2209
- sessions) breaks on platforms that don't support file inclusion (Copilot, Cursor) and
2210
- wastes tokens re-reading trait files on every invocation. Build-time composition
2211
- ensures portability and efficiency.
2212
-
2213
- **Exception:** CC-native output uses `@import` syntax, which is resolved by Claude
2214
- Code at load time (not during the session). This is a CC-specific optimization that
2215
- provides live-editability while maintaining the "compiled output" model for all other
2216
- platforms.
2217
-
2218
- **Status:** Locked.
2219
-
2220
- ---
2221
-
2222
- ### AD-02: agentskills.io as Format Standard
2223
-
2224
- **Decision:** SKILL.md (agentskills.io format) is the canonical persona definition
2225
- format. Vendor-specific formats are generated as secondary output.
2226
-
2227
- **Rationale:** agentskills.io is supported by 26+ agent platforms. Vendor-specific
2228
- formats (Copilot `.prompt.md`, Cursor `.cursorrules`) are platform-locked and cannot
2229
- serve as the authoritative definition. Using an open standard ensures that the persona
2230
- source of truth is portable.
2231
-
2232
- **Status:** Locked.
2233
-
2234
- ---
2235
-
2236
- ### AD-03: CC-First, Agent-Agnostic Content
2237
-
2238
- **Decision:** Claude Code is the primary target platform. Content (traits, personas,
2239
- instructions) is authored in agent-agnostic formats. CC-specific features (hooks,
2240
- managed settings, agent memory) are declared in metadata, not in content.
2241
-
2242
- **Rationale:** The richest governance capabilities exist in Claude Code today. But
2243
- content should not be locked to CC. An organization that writes a `critical-thinking`
2244
- trait should be able to use it in Copilot and Cursor without modification. CC-specific
2245
- enhancements are layered on top during output generation.
2246
-
2247
- **Status:** Locked.
2248
-
2249
- ---
2250
-
2251
- ### AD-04: Hub-and-Spoke Distribution
2252
-
2253
- **Decision:** A single personas repository (hub) is the source of truth. Target
2254
- repositories (spokes) receive compiled output via sync. Spokes do not hold source
2255
- of truth and do not produce governance artifacts.
2256
-
2257
- **Rationale:** Centralized governance prevents drift. Without a hub, each team would
2258
- maintain its own persona definitions, diverging over time. The hub model ensures that
2259
- improvements propagate automatically and that governance is reviewable in a single
2260
- location.
2261
-
2262
- **Status:** Locked.
2263
-
2264
- ---
2265
-
2266
- ### AD-05: Privacy -- Raw Prompts Never Collected
2267
-
2268
- **Decision:** Raw prompts are never collected, transmitted, or exfiltrated. This is a
2269
- design invariant, not a configuration option. Telemetry captures structured metadata
2270
- (persona ID, token counts, findings). The `/insights` feature sends transcripts to
2271
- the Claude API (same trust boundary) but extracts patterns, not transcripts.
2272
-
2273
- **Rationale:** Collecting raw prompts would violate developer trust and create a
2274
- compliance liability. The three-tier privacy model (Private, Privileged,
2275
- Organizational) ensures that data stays at the appropriate trust level.
2276
-
2277
- **Status:** Locked.
2278
-
2279
- ---
2280
-
2281
- ### AD-06: Apache 2.0 Licensing
2282
-
2283
- **Decision:** AgentBoot core is licensed under Apache 2.0. Domain layers carry their
2284
- own licenses but must be Apache 2.0 or MIT compatible for Verified marketplace
2285
- listing.
2286
-
2287
- **Rationale:** Apache 2.0 is permissive, enterprise-friendly, and compatible with
2288
- corporate contribution policies. It allows organizations to create private
2289
- extensions without open-sourcing them. GPL-family licenses were rejected because
2290
- they would prevent private domain layers.
2291
-
2292
- **Status:** Locked.
2293
-
2294
- ---
2295
-
2296
- ### AD-07: MCP as the Cross-Platform Bridge
2297
-
2298
- **Decision:** MCP (Model Context Protocol) is the recommended integration mechanism
2299
- for tool access, knowledge bases, and cross-platform persona serving. AgentBoot
2300
- builds MCP servers, not platform-specific tool integrations.
2301
-
2302
- **Rationale:** MCP is supported by Claude Code, Copilot (VS Code), Cursor, and
2303
- Gemini CLI. An MCP server built once works on all supporting platforms. The MCP
2304
- interface also provides a clean abstraction boundary -- the backing store can change
2305
- (flat files to SQLite to vector DB) without changing the persona definitions.
2306
-
2307
- **Status:** Locked.
2308
-
2309
- ---
2310
-
2311
- ### AD-08: SQLite for Structured Knowledge (Not Postgres)
2312
-
2313
- **Decision:** The Stage 2 knowledge store uses SQLite (local file). Not PostgreSQL,
2314
- not a hosted database.
2315
-
2316
- **Rationale:** Zero infrastructure. SQLite ships with the MCP server as a single
2317
- file. It handles thousands of knowledge items with sub-millisecond queries. No
2318
- server to run, no connection to configure, no credentials to manage. Stage 3
2319
- extends SQLite with sqlite-vss for vector search. Migration to PostgreSQL/pgvector
2320
- is available if the organization outgrows SQLite, but most will never need it.
2321
-
2322
- **Status:** Locked for Stage 2. Revisable for Stage 3.
2323
-
2324
- ---
2325
-
2326
- ### AD-09: Composition Over Inheritance
2327
-
2328
- **Decision:** Personas compose traits. They do not inherit from each other. No
2329
- persona extends another persona. Shared behavior belongs in traits.
2330
-
2331
- **Rationale:** Object-oriented inheritance applied to personas creates fragile chains
2332
- where changes to a parent have unpredictable effects on children. This was rejected
2333
- as Design Principle #1. Composition is explicit, predictable, and independently
2334
- testable.
2335
-
2336
- **Status:** Locked.
2337
-
2338
- ---
2339
-
2340
- ### AD-10: Managed Settings for Compliance, Not Convenience
2341
-
2342
- **Decision:** Managed settings (deployed via MDM) carry HARD guardrails only --
2343
- compliance hooks, credential blocking, audit logging. Personas and skills are
2344
- delivered via plugin or sync, not managed settings.
2345
-
2346
- **Rationale:** Mixing governance and convenience in managed settings makes both
2347
- harder to manage. Managed settings should change rarely (compliance regime changes).
2348
- Personas and skills change frequently (calibration, new features). Keeping them in
2349
- separate channels reduces IT burden and governance friction.
2350
-
2351
- **Status:** Locked.
2352
-
2353
- ---
2354
-
2355
- ### AD-11: Plugin as Primary CC Delivery, Sync as Fallback
2356
-
2357
- **Decision:** The Claude Code plugin is the primary delivery method for CC users.
2358
- Direct `.claude/` sync is the fallback for repos that can't use plugins or for
2359
- cross-platform output.
2360
-
2361
- **Rationale:** Plugins use the native CC distribution mechanism, support force-enable
2362
- via managed settings, get updates via `/reload-plugins`, and isolate via namespace.
2363
- Sync is simpler but lacks polish, creates noise in target repos, and can drift.
2364
-
2365
- **Status:** Locked.
2366
-
2367
- ---
2368
-
2369
- ### AD-12: Structured Telemetry From Day One
2370
-
2371
- **Decision:** Persona invocations emit structured JSON (GELF/NDJSON) from day one.
2372
- No plain text logs.
2373
-
2374
- **Rationale:** Plain text logs cannot be queried, aggregated, or analyzed without
2375
- custom parsing. Structured JSON is queryable with `jq` immediately, and can be
2376
- ingested into any log aggregation system without transformation. The upfront cost
2377
- is trivial; the analysis benefit is permanent.
2378
-
2379
- **Status:** Locked.
2380
-
2381
- ---
2382
-
2383
- ### AD-13: Non-Destructive Discovery and Uninstall
2384
-
2385
- **Decision:** `agentboot discover` never modifies existing files. `agentboot uninstall`
2386
- removes only files tracked in `.agentboot-manifest.json`. Both operations are
2387
- reversible.
2388
-
2389
- **Rationale:** Easy exit builds trust for easy entry. Organizations evaluating
2390
- AgentBoot need confidence that trying it cannot break their existing setup and that
2391
- removing it is a one-command operation. The manifest tracking system ensures
2392
- precision.
2393
-
2394
- **Status:** Locked.
2395
-
2396
- ---
2397
-
2398
- ### AD-14: Four-Level Scope Hierarchy
2399
-
2400
- **Decision:** Configuration follows a four-level hierarchy: Org > Group > Team > Repo.
2401
- Mandatory behaviors propagate top-down (org wins). Optional behaviors resolve
2402
- bottom-up (team wins).
2403
-
2404
- **Rationale:** Mirrors real organizational structure and governance. The org enforces
2405
- compliance universally. Groups manage horizontal concerns. Teams customize for their
2406
- domain. Repos add path-scoped context. Without this hierarchy, governance would
2407
- either be too rigid (org-level only) or too fragmented (per-repo only).
2408
-
2409
- **Status:** Locked.
2410
-
2411
- ---
2412
-
2413
- ### AD-15: Async Telemetry Hooks
2414
-
2415
- **Decision:** All telemetry hooks run asynchronously. They do not block the developer
2416
- workflow.
2417
-
2418
- **Rationale:** Telemetry that slows down the developer experience will be disabled.
2419
- Async hooks ensure zero performance impact. The tradeoff is that telemetry may be
2420
- slightly delayed, but this is acceptable for aggregate metrics.
2421
-
2422
- **Status:** Locked.
2423
-
2424
- ---
2425
-
2426
- ## 11. Open Questions
2427
-
2428
- Open questions discovered during architecture design have been resolved or deferred.
2429
- See the internal tracking document for remaining items.