agents-templated 2.2.18 → 2.2.20

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agents-templated",
-  "version": "2.2.18",
+  "version": "2.2.20",
   "description": "Technology-agnostic development template with multi-AI agent support (Cursor, Copilot, VSCode, Gemini), security-first patterns, and comprehensive testing guidelines",
   "main": "index.js",
   "bin": {

package/templates/agents/commands/arch-check.md

@@ -1,58 +1,58 @@
-# /arch-check
-
-## A. Intent
-Validate architecture readiness and implementation constraints before build begins.
-
-## B. When to Use
-- Use after scope lock and before implementation starts.
-- Do not use for post-release retrospectives.
-
-## C. Context Assumptions
-- Scope is frozen for current increment.
-- Architecture options are documented.
-- Test strategy can be defined.
-
-## D. Required Inputs
-| Input | Type | Example |
-|---------------------|------------|----------------------------------|
-| `architecture_goal` | string | "multi-tenant API isolation" |
-| `design_options` | string[] | ["shared schema", "schema-per-tenant"] |
-| `design_artifact` | artifact | ADR doc, sequence diagram |
-
-## E. Pre-Execution Guards <- fail fast, check ALL before running
-- [ ] design options are comparable
-- [ ] key edge cases are identified
-- [ ] test strategy exists for selected design
-
-## F. Execution Flow
-1. Review architecture options and constraints.
-2. Evaluate edge cases and failure modes.
-3. Validate selected option against requirements.
-4. Decision point ->
-   - condition A -> critical gap found -> block readiness
-   - condition B ->  no critical gaps -> continue.
-5. Build architecture decision and test implications.
-6. Emit architecture readiness report.
-
-## G. Output Schema
-
-```json
-{
-  "architecture_id": "string",
-  "decisions": ["array","of","strings"],
-  "risk_level": "low | medium | high",
-  "blocker": "string | null"
-}
-```
-
-## H. Output Target
-- Default delivery: stdout
-- Override flag: --output=<target>
-
-## I. Stop Conditions <- abort with error message, never emit partial output
-- selected architecture lacks testable validation path
-- critical edge case has no mitigation
-
-## J. Safety Constraints
-- Hard block: hard block on architecture with unresolved critical failure modes
-- Warn only: warn when non-critical tradeoffs are accepted
+# /arch-check
+
+## A. Intent
+Validate architecture readiness and implementation constraints before build begins.
+
+## B. When to Use
+- Use after scope lock and before implementation starts.
+- Do not use for post-release retrospectives.
+
+## C. Context Assumptions
+- Scope is frozen for current increment.
+- Architecture options are documented.
+- Test strategy can be defined.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `architecture_goal` | string | "multi-tenant API isolation" |
+| `design_options` | string[] | ["shared schema", "schema-per-tenant"] |
+| `design_artifact` | artifact | ADR doc, sequence diagram |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] design options are comparable
+- [ ] key edge cases are identified
+- [ ] test strategy exists for selected design
+
+## F. Execution Flow
+1. Review architecture options and constraints.
+2. Evaluate edge cases and failure modes.
+3. Validate selected option against requirements.
+4. Decision point ->
+   - condition A -> critical gap found -> block readiness
+   - condition B ->  no critical gaps -> continue.
+5. Build architecture decision and test implications.
+6. Emit architecture readiness report.
+
+## G. Output Schema
+
+```json
+{
+  "architecture_id": "string",
+  "decisions": ["array","of","strings"],
+  "risk_level": "low | medium | high",
+  "blocker": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: stdout
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- selected architecture lacks testable validation path
+- critical edge case has no mitigation
+
+## J. Safety Constraints
+- Hard block: hard block on architecture with unresolved critical failure modes
+- Warn only: warn when non-critical tradeoffs are accepted

package/templates/agents/commands/audit.md

@@ -1,58 +1,58 @@
-# /audit
-
-## A. Intent
-Produce a deterministic risk and compliance audit with prioritized findings.
-
-## B. When to Use
-- Use before release or for targeted quality/security reviews.
-- Do not use as a substitute for implementation planning.
-
-## C. Context Assumptions
-- Audit scope is defined.
-- Relevant artifacts are available.
-- Severity rubric is agreed.
-
-## D. Required Inputs
-| Input | Type | Example |
-|---------------------|------------|----------------------------------|
-| `audit_scope` | string | "authentication flows" |
-| `checklist` | string[] | ["security", "tests", "rollback"] |
-| `evidence_set` | artifact | PR diff, logs, reports |
-
-## E. Pre-Execution Guards <- fail fast, check ALL before running
-- [ ] scope is explicit
-- [ ] evidence artifacts are accessible
-- [ ] severity model is available
-
-## F. Execution Flow
-1. Collect scoped evidence and standards.
-2. Evaluate checks against evidence.
-3. Classify findings by severity.
-4. Decision point ->
-   - condition A -> critical unresolved finding -> block recommendation
-   - condition B ->  no critical blocker -> continue.
-5. Assemble remediation actions and owners.
-6. Emit audit report.
-
-## G. Output Schema
-
-```json
-{
-  "audit_id": "string",
-  "findings": ["array","of","strings"],
-  "severity": "low | medium | high",
-  "blocker": "string | null"
-}
-```
-
-## H. Output Target
-- Default delivery: stdout
-- Override flag: --output=<target>
-
-## I. Stop Conditions <- abort with error message, never emit partial output
-- scope cannot be determined
-- critical evidence is missing
-
-## J. Safety Constraints
-- Hard block: hard block when critical finding lacks mitigation
-- Warn only: warn when medium findings are deferred
+# /audit
+
+## A. Intent
+Produce a deterministic risk and compliance audit with prioritized findings.
+
+## B. When to Use
+- Use before release or for targeted quality/security reviews.
+- Do not use as a substitute for implementation planning.
+
+## C. Context Assumptions
+- Audit scope is defined.
+- Relevant artifacts are available.
+- Severity rubric is agreed.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `audit_scope` | string | "authentication flows" |
+| `checklist` | string[] | ["security", "tests", "rollback"] |
+| `evidence_set` | artifact | PR diff, logs, reports |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] scope is explicit
+- [ ] evidence artifacts are accessible
+- [ ] severity model is available
+
+## F. Execution Flow
+1. Collect scoped evidence and standards.
+2. Evaluate checks against evidence.
+3. Classify findings by severity.
+4. Decision point ->
+   - condition A -> critical unresolved finding -> block recommendation
+   - condition B ->  no critical blocker -> continue.
+5. Assemble remediation actions and owners.
+6. Emit audit report.
+
+## G. Output Schema
+
+```json
+{
+  "audit_id": "string",
+  "findings": ["array","of","strings"],
+  "severity": "low | medium | high",
+  "blocker": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: stdout
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- scope cannot be determined
+- critical evidence is missing
+
+## J. Safety Constraints
+- Hard block: hard block when critical finding lacks mitigation
+- Warn only: warn when medium findings are deferred

package/templates/agents/commands/debug-track.md

@@ -1,58 +1,58 @@
-# /debug-track
-
-## A. Intent
-Run root-cause-first debugging workflow and guarantee evidence-backed defect diagnosis.
-
-## B. When to Use
-- Use when behavior is broken, failing, or regressing in runtime.
-- Do not use to apply speculative patches without diagnosis.
-
-## C. Context Assumptions
-- Defect symptom is captured.
-- A reproduction path is available or can be derived.
-- Runtime context is accessible.
-
-## D. Required Inputs
-| Input | Type | Example |
-|---------------------|------------|----------------------------------|
-| `defect_symptom` | string | "payment retries loop forever" |
-| `repro_steps` | string[] | ["submit order", "disconnect network"] |
-| `runtime_artifact` | artifact | error logs, trace screenshot, failing test |
-
-## E. Pre-Execution Guards <- fail fast, check ALL before running
-- [ ] reproduction path is actionable
-- [ ] evidence can be collected at runtime
-- [ ] investigation scope is bounded
-
-## F. Execution Flow
-1. Reproduce issue and capture trace.
-2. Follow execution and state transitions.
-3. Confirm root cause with evidence.
-4. Decision point ->
-   - condition A -> root cause unverified -> continue investigation
-   - condition B ->  verified -> continue.
-5. Draft minimal patch strategy and checks.
-6. Emit debug investigation report.
-
-## G. Output Schema
-
-```json
-{
-  "debug_id": "string",
-  "evidence": ["array","of","strings"],
-  "certainty": "low | medium | high",
-  "root_cause": "string | null"
-}
-```
-
-## H. Output Target
-- Default delivery: stdout
-- Override flag: --output=<target>
-
-## I. Stop Conditions <- abort with error message, never emit partial output
-- issue cannot be reproduced with available context
-- root cause cannot be evidenced
-
-## J. Safety Constraints
-- Hard block: hard block on symptom-only fixes without diagnosis
-- Warn only: warn when reproduction is intermittent
+# /debug-track
+
+## A. Intent
+Run root-cause-first debugging workflow and guarantee evidence-backed defect diagnosis.
+
+## B. When to Use
+- Use when behavior is broken, failing, or regressing in runtime.
+- Do not use to apply speculative patches without diagnosis.
+
+## C. Context Assumptions
+- Defect symptom is captured.
+- A reproduction path is available or can be derived.
+- Runtime context is accessible.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `defect_symptom` | string | "payment retries loop forever" |
+| `repro_steps` | string[] | ["submit order", "disconnect network"] |
+| `runtime_artifact` | artifact | error logs, trace screenshot, failing test |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] reproduction path is actionable
+- [ ] evidence can be collected at runtime
+- [ ] investigation scope is bounded
+
+## F. Execution Flow
+1. Reproduce issue and capture trace.
+2. Follow execution and state transitions.
+3. Confirm root cause with evidence.
+4. Decision point ->
+   - condition A -> root cause unverified -> continue investigation
+   - condition B ->  verified -> continue.
+5. Draft minimal patch strategy and checks.
+6. Emit debug investigation report.
+
+## G. Output Schema
+
+```json
+{
+  "debug_id": "string",
+  "evidence": ["array","of","strings"],
+  "certainty": "low | medium | high",
+  "root_cause": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: stdout
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- issue cannot be reproduced with available context
+- root cause cannot be evidenced
+
+## J. Safety Constraints
+- Hard block: hard block on symptom-only fixes without diagnosis
+- Warn only: warn when reproduction is intermittent

package/templates/agents/commands/docs.md

@@ -1,58 +1,58 @@
-# /docs
-
-## A. Intent
-Create deterministic documentation outputs aligned with current implementation behavior.
-
-## B. When to Use
-- Use when generating or updating docs as a direct deliverable.
-- Do not use for release decision making.
-
-## C. Context Assumptions
-- Source behavior is known.
-- Target audience is defined.
-- Doc destination is available.
-
-## D. Required Inputs
-| Input | Type | Example |
-|---------------------|------------|----------------------------------|
-| `doc_scope` | string | "API auth endpoints" |
-| `source_refs` | string[] | ["src/auth.ts", "openapi.yaml"] |
-| `doc_artifact` | artifact | existing README path or docs URL |
-
-## E. Pre-Execution Guards <- fail fast, check ALL before running
-- [ ] scope is explicit
-- [ ] source refs are accessible
-- [ ] destination path is writable
-
-## F. Execution Flow
-1. Collect implementation references.
-2. Draft structured documentation content.
-3. Validate examples and references.
-4. Decision point ->
-   - condition A -> mismatch with implementation -> revise doc content
-   - condition B ->  aligned -> continue.
-5. Assemble final documentation package.
-6. Emit documentation output.
-
-## G. Output Schema
-
-```json
-{
-  "doc_id": "string",
-  "updated_sections": ["array","of","strings"],
-  "confidence": "low | medium | high",
-  "gap": "string | null"
-}
-```
-
-## H. Output Target
-- Default delivery: file
-- Override flag: --output=<target>
-
-## I. Stop Conditions <- abort with error message, never emit partial output
-- source references are unavailable
-- critical behavior cannot be documented accurately
-
-## J. Safety Constraints
-- Hard block: hard block on knowingly incorrect implementation claims
-- Warn only: warn when sections remain TODO with owner
+# /docs
+
+## A. Intent
+Create deterministic documentation outputs aligned with current implementation behavior.
+
+## B. When to Use
+- Use when generating or updating docs as a direct deliverable.
+- Do not use for release decision making.
+
+## C. Context Assumptions
+- Source behavior is known.
+- Target audience is defined.
+- Doc destination is available.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `doc_scope` | string | "API auth endpoints" |
+| `source_refs` | string[] | ["src/auth.ts", "openapi.yaml"] |
+| `doc_artifact` | artifact | existing README path or docs URL |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] scope is explicit
+- [ ] source refs are accessible
+- [ ] destination path is writable
+
+## F. Execution Flow
+1. Collect implementation references.
+2. Draft structured documentation content.
+3. Validate examples and references.
+4. Decision point ->
+   - condition A -> mismatch with implementation -> revise doc content
+   - condition B ->  aligned -> continue.
+5. Assemble final documentation package.
+6. Emit documentation output.
+
+## G. Output Schema
+
+```json
+{
+  "doc_id": "string",
+  "updated_sections": ["array","of","strings"],
+  "confidence": "low | medium | high",
+  "gap": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: file
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- source references are unavailable
+- critical behavior cannot be documented accurately
+
+## J. Safety Constraints
+- Hard block: hard block on knowingly incorrect implementation claims
+- Warn only: warn when sections remain TODO with owner

package/templates/agents/commands/fix.md

@@ -1,58 +1,58 @@
-# /fix
-
-## A. Intent
-Apply the smallest safe code fix with regression evidence and bounded impact.
-
-## B. When to Use
-- Use after root cause is confirmed and a targeted fix is required.
-- Do not use when defect cause is still speculative.
-
-## C. Context Assumptions
-- Issue is reproducible or sufficiently evidenced.
-- Root cause has been identified.
-- Regression checks are available.
-
-## D. Required Inputs
-| Input | Type | Example |
-|---------------------|------------|----------------------------------|
-| `defect_id` | string | "BUG-142" |
-| `affected_paths` | string[] | ["src/auth.ts", "tests/auth.test.ts"] |
-| `evidence` | artifact | stack trace, failing test output, screenshot |
-
-## E. Pre-Execution Guards <- fail fast, check ALL before running
-- [ ] root cause evidence is present
-- [ ] fix scope is bounded
-- [ ] regression checks are defined
-
-## F. Execution Flow
-1. Read defect evidence and failing paths.
-2. Implement minimal change set.
-3. Run targeted validations.
-4. Decision point ->
-   - condition A -> validation fails -> iterate fix or abort
-   - condition B ->  validation passes -> continue.
-5. Prepare change rationale and impact summary.
-6. Emit fix package with evidence.
-
-## G. Output Schema
-
-```json
-{
-  "fix_id": "string",
-  "changed_files": ["array","of","strings"],
-  "risk": "low | medium | high",
-  "rollback_note": "string | null"
-}
-```
-
-## H. Output Target
-- Default delivery: stdout
-- Override flag: --output=<target>
-
-## I. Stop Conditions <- abort with error message, never emit partial output
-- no verified root-cause evidence
-- regression validation unavailable for critical path
-
-## J. Safety Constraints
-- Hard block: no broad refactor inside fix-only workflow
-- Warn only: warn when temporary workaround is used
+# /fix
+
+## A. Intent
+Apply the smallest safe code fix with regression evidence and bounded impact.
+
+## B. When to Use
+- Use after root cause is confirmed and a targeted fix is required.
+- Do not use when defect cause is still speculative.
+
+## C. Context Assumptions
+- Issue is reproducible or sufficiently evidenced.
+- Root cause has been identified.
+- Regression checks are available.
+
+## D. Required Inputs
+| Input | Type | Example |
+|---------------------|------------|----------------------------------|
+| `defect_id` | string | "BUG-142" |
+| `affected_paths` | string[] | ["src/auth.ts", "tests/auth.test.ts"] |
+| `evidence` | artifact | stack trace, failing test output, screenshot |
+
+## E. Pre-Execution Guards <- fail fast, check ALL before running
+- [ ] root cause evidence is present
+- [ ] fix scope is bounded
+- [ ] regression checks are defined
+
+## F. Execution Flow
+1. Read defect evidence and failing paths.
+2. Implement minimal change set.
+3. Run targeted validations.
+4. Decision point ->
+   - condition A -> validation fails -> iterate fix or abort
+   - condition B ->  validation passes -> continue.
+5. Prepare change rationale and impact summary.
+6. Emit fix package with evidence.
+
+## G. Output Schema
+
+```json
+{
+  "fix_id": "string",
+  "changed_files": ["array","of","strings"],
+  "risk": "low | medium | high",
+  "rollback_note": "string | null"
+}
+```
+
+## H. Output Target
+- Default delivery: stdout
+- Override flag: --output=<target>
+
+## I. Stop Conditions <- abort with error message, never emit partial output
+- no verified root-cause evidence
+- regression validation unavailable for critical path
+
+## J. Safety Constraints
+- Hard block: no broad refactor inside fix-only workflow
+- Warn only: warn when temporary workaround is used