ai-catapult 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +139 -0
- package/bin/ai-catapult.js +229 -0
- package/dist/claude-plugin/.claude-plugin/marketplace.json +28 -0
- package/dist/claude-plugin/.claude-plugin/plugin.json +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/claude-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/dist/codex-plugin/.codex-plugin/plugin.json +11 -0
- package/dist/codex-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/codex-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/package.json +53 -0
- package/scripts/build-claude-plugin.sh +179 -0
- package/scripts/build-codex-plugin.sh +104 -0
- package/scripts/snapshot-dist.sh +26 -0
- package/setup.sh +63 -0
- package/skills.lock.json +6 -0
- package/src/install.js +380 -0
- package/src/scaffold.js +220 -0
|
@@ -0,0 +1,247 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"description": "Mechanical/judgment boundary manifest for the v3 .ai/ scaffold. Every path listed under 'mechanical' has a corresponding static template file in this directory. Paths listed under 'judgment_laden' are produced in-harness by the ai-catapult plugin and are NOT templated here. This manifest is consumed by Slice 3 parity fixtures.",
|
|
4
|
+
"classification_rules": {
|
|
5
|
+
"mechanical": "Path layout is deterministic and repo-agnostic; content is fixed or contains only well-typed placeholder tokens ({{REPO_ID}}, {{DATE}}, {{UPSTREAM_URL}}, {{UPSTREAM_REF}}). No domain knowledge or architecture judgment required.",
|
|
6
|
+
"judgment_laden": "Content requires interpretation of the specific repo's domain, architecture decisions, cascade topology, or AI-failure-mode analysis. Generated in-harness by the plugin after discovery."
|
|
7
|
+
},
|
|
8
|
+
"paths": [
|
|
9
|
+
{
|
|
10
|
+
"path": ".ai/matrix.json",
|
|
11
|
+
"classification": "mechanical",
|
|
12
|
+
"template": "dot-ai/matrix.json",
|
|
13
|
+
"rationale": "Template emits the STANDALONE matrix skeleton only (topology_type hardcoded to 'standalone', max_allowed_depth/current_depth fixed at 0, managed_repositories empty). The umbrella matrix — which requires populated managed_repositories and max_allowed_depth=3 — is judgment-laden and plugin-generated, consistent with cascade-plan.json classification."
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
"path": ".ai/system-prompts/architect.md",
|
|
17
|
+
"classification": "mechanical",
|
|
18
|
+
"template": "dot-ai/system-prompts/architect.md",
|
|
19
|
+
"rationale": "Role-specific instructions are fixed conventions, not repo-specific decisions."
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"path": ".ai/system-prompts/developer.md",
|
|
23
|
+
"classification": "mechanical",
|
|
24
|
+
"template": "dot-ai/system-prompts/developer.md",
|
|
25
|
+
"rationale": "Role-specific instructions are fixed conventions."
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"path": ".ai/system-prompts/qa-engineer.md",
|
|
29
|
+
"classification": "mechanical",
|
|
30
|
+
"template": "dot-ai/system-prompts/qa-engineer.md",
|
|
31
|
+
"rationale": "Role-specific instructions are fixed conventions."
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
"path": ".ai/skills/git-ops.json",
|
|
35
|
+
"classification": "mechanical",
|
|
36
|
+
"template": "dot-ai/skills/git-ops.json",
|
|
37
|
+
"rationale": "Tool injection descriptor; operations list and confirmation gates are fixed."
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
"path": ".ai/skills/workspace-sync.json",
|
|
41
|
+
"classification": "mechanical",
|
|
42
|
+
"template": "dot-ai/skills/workspace-sync.json",
|
|
43
|
+
"rationale": "Tool injection descriptor; fixed operations set."
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
"path": ".ai/workflows/repo-workflow.md",
|
|
47
|
+
"classification": "mechanical",
|
|
48
|
+
"template": "dot-ai/workflows/repo-workflow.md",
|
|
49
|
+
"rationale": "Workflow phase sequence is fixed and deterministic."
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
"path": ".ai/workflows/repo-workflow.json",
|
|
53
|
+
"classification": "mechanical",
|
|
54
|
+
"template": "dot-ai/workflows/repo-workflow.json",
|
|
55
|
+
"rationale": "Machine-readable workflow manifest; workflow_id and phase list are fixed."
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
"path": ".ai/phases/01-discover-decide/status.json",
|
|
59
|
+
"classification": "mechanical",
|
|
60
|
+
"template": "dot-ai/phases/01-discover-decide/status.json",
|
|
61
|
+
"rationale": "Phase schema is fixed (schema_version, workflow_id, phase_id, title, required, status scaffold). Initial status is 'pending'."
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
"path": ".ai/phases/02-govern-plan/status.json",
|
|
65
|
+
"classification": "mechanical",
|
|
66
|
+
"template": "dot-ai/phases/02-govern-plan/status.json",
|
|
67
|
+
"rationale": "Phase schema is fixed."
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
"path": ".ai/phases/03-configure-generate/status.json",
|
|
71
|
+
"classification": "mechanical",
|
|
72
|
+
"template": "dot-ai/phases/03-configure-generate/status.json",
|
|
73
|
+
"rationale": "Phase schema is fixed."
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
"path": ".ai/phases/04-validate-handoff/status.json",
|
|
77
|
+
"classification": "mechanical",
|
|
78
|
+
"template": "dot-ai/phases/04-validate-handoff/status.json",
|
|
79
|
+
"rationale": "Phase schema is fixed."
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
"path": ".ai/policies/model-routing.json",
|
|
83
|
+
"classification": "mechanical",
|
|
84
|
+
"template": "dot-ai/policies/model-routing.json",
|
|
85
|
+
"rationale": "Provider-neutral tier table (ADR-0003) is fixed. host_aliases are illustrative examples included as an optional deployment convenience; teams may replace or extend them — replacing host aliases requires no architecture judgment about the repo itself."
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
"path": ".ai/mcp/registry.json",
|
|
89
|
+
"classification": "mechanical",
|
|
90
|
+
"template": "dot-ai/mcp/registry.json",
|
|
91
|
+
"rationale": "MCP registry stub (ADR-0005) is fixed; all servers carry status:stub and no live endpoint."
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
"path": ".ai/mcp/a2a-handoff.md",
|
|
95
|
+
"classification": "mechanical",
|
|
96
|
+
"template": "dot-ai/mcp/a2a-handoff.md",
|
|
97
|
+
"rationale": "A2A cross-agent handoff convention (ADR-0005) is fixed prose, not repo-specific."
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
"path": ".ai/evals/coverage-exceptions.json",
|
|
101
|
+
"classification": "mechanical",
|
|
102
|
+
"template": "dot-ai/evals/coverage-exceptions.json",
|
|
103
|
+
"rationale": "Empty array at scaffold time; shape is fixed."
|
|
104
|
+
},
|
|
105
|
+
{
|
|
106
|
+
"path": ".ai/rules/security.md",
|
|
107
|
+
"classification": "mechanical",
|
|
108
|
+
"template": "dot-ai/rules/security.md",
|
|
109
|
+
"rationale": "Baseline security guardrails are fixed conventions applicable to any repo."
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
"path": ".ai/rules/technical-bounds.md",
|
|
113
|
+
"classification": "mechanical",
|
|
114
|
+
"template": "dot-ai/rules/technical-bounds.md",
|
|
115
|
+
"rationale": "Baseline technical-bounds are fixed placeholder rules; teams extend post-scaffold."
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
"path": ".ai/drift/last-drift.json",
|
|
119
|
+
"classification": "mechanical",
|
|
120
|
+
"template": "dot-ai/drift/last-drift.json",
|
|
121
|
+
"rationale": "Empty/null initial drift record; shape is fixed."
|
|
122
|
+
},
|
|
123
|
+
{
|
|
124
|
+
"path": ".ai/observability/conventions.md",
|
|
125
|
+
"classification": "mechanical",
|
|
126
|
+
"template": "dot-ai/observability/conventions.md",
|
|
127
|
+
"rationale": "Logging and trace conventions (ADR-0005) are fixed scaffold prose."
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
"path": ".ai/observability/audit-checklist.md",
|
|
131
|
+
"classification": "mechanical",
|
|
132
|
+
"template": "dot-ai/observability/audit-checklist.md",
|
|
133
|
+
"rationale": "Token-cost and trajectory-audit checklist (ADR-0005) is fixed."
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
"path": ".ai/reviews/ai-failure-modes.md",
|
|
137
|
+
"classification": "mechanical",
|
|
138
|
+
"template": "dot-ai/reviews/ai-failure-modes.md",
|
|
139
|
+
"rationale": "AI-failure-mode review checklist (spec §4.B) is fixed; failure mode categories are invariant."
|
|
140
|
+
},
|
|
141
|
+
{
|
|
142
|
+
"path": "AGENTS.md",
|
|
143
|
+
"classification": "mechanical",
|
|
144
|
+
"template": "AGENTS.md",
|
|
145
|
+
"rationale": "Skeleton with Harness Map section and placeholder tokens is fixed; actual workflow decisions (ADRs, cascade list) are judgment-laden and filled in-harness."
|
|
146
|
+
},
|
|
147
|
+
{
|
|
148
|
+
"path": "CLAUDE.md",
|
|
149
|
+
"classification": "mechanical",
|
|
150
|
+
"template": "CLAUDE.md",
|
|
151
|
+
"rationale": "Thin pointer to AGENTS.md (ADR-0004). No content-bearing sections."
|
|
152
|
+
},
|
|
153
|
+
{
|
|
154
|
+
"path": "GEMINI.md",
|
|
155
|
+
"classification": "mechanical",
|
|
156
|
+
"template": "GEMINI.md",
|
|
157
|
+
"rationale": "Thin pointer to AGENTS.md (ADR-0004). No content-bearing sections."
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
"path": ".rules.ts",
|
|
161
|
+
"classification": "mechanical",
|
|
162
|
+
"template": "dot-rules.ts",
|
|
163
|
+
"rationale": "Five-domain Archgate rules file with standard placeholder rules. Teams customize rule entries post-scaffold."
|
|
164
|
+
},
|
|
165
|
+
{
|
|
166
|
+
"path": "prek.toml",
|
|
167
|
+
"classification": "mechanical",
|
|
168
|
+
"template": "prek.toml",
|
|
169
|
+
"rationale": "Hook configuration is fixed schema (validate-rules local hook)."
|
|
170
|
+
},
|
|
171
|
+
{
|
|
172
|
+
"path": ".github/workflows/ci-prek.yml",
|
|
173
|
+
"classification": "mechanical",
|
|
174
|
+
"template": "dot-github/workflows/ci-prek.yml",
|
|
175
|
+
"rationale": "CI workflow for prek is fixed (j178/prek-action@v2 with --all-files)."
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
"path": ".ai/handoff/init-ai-repo-handoff.md",
|
|
179
|
+
"classification": "judgment_laden",
|
|
180
|
+
"template": null,
|
|
181
|
+
"rationale": "Handoff document summarises what the plugin discovered and decided about the specific repo. Generated in-harness after all four phases complete."
|
|
182
|
+
},
|
|
183
|
+
{
|
|
184
|
+
"path": ".ai/traceability/graph.json",
|
|
185
|
+
"classification": "judgment_laden",
|
|
186
|
+
"template": null,
|
|
187
|
+
"rationale": "Traceability graph nodes reference actual BRD/PRD/issue IDs specific to the repo."
|
|
188
|
+
},
|
|
189
|
+
{
|
|
190
|
+
"path": ".ai/traceability/index.md",
|
|
191
|
+
"classification": "judgment_laden",
|
|
192
|
+
"template": null,
|
|
193
|
+
"rationale": "Human-readable index of traceability links; content is per-repo."
|
|
194
|
+
},
|
|
195
|
+
{
|
|
196
|
+
"path": ".ai/traceability/validation-report.md",
|
|
197
|
+
"classification": "judgment_laden",
|
|
198
|
+
"template": null,
|
|
199
|
+
"rationale": "Validation report reflects discovered coverage gaps for this specific repo."
|
|
200
|
+
},
|
|
201
|
+
{
|
|
202
|
+
"path": "docs/architecture/adr/0001-init.md",
|
|
203
|
+
"classification": "judgment_laden",
|
|
204
|
+
"template": null,
|
|
205
|
+
"rationale": "ADR body captures the specific architectural decision context of this repo. Cannot be templated without losing meaning."
|
|
206
|
+
},
|
|
207
|
+
{
|
|
208
|
+
"path": ".ai/cascade/cascade-plan.json",
|
|
209
|
+
"classification": "judgment_laden",
|
|
210
|
+
"template": null,
|
|
211
|
+
"rationale": "Cascade plan lists specific managed repositories and host adapters discovered during phase 1. Per-repo topology judgment."
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
"path": ".memory/human-override/custom-conventions.md",
|
|
215
|
+
"classification": "judgment_laden",
|
|
216
|
+
"template": null,
|
|
217
|
+
"rationale": "Terminal-priority human-override content is never generated; only written by humans."
|
|
218
|
+
},
|
|
219
|
+
{
|
|
220
|
+
"path": ".memory/human-override/tribal-knowledge.md",
|
|
221
|
+
"classification": "judgment_laden",
|
|
222
|
+
"template": null,
|
|
223
|
+
"rationale": "Terminal-priority human-override content. Same rationale."
|
|
224
|
+
},
|
|
225
|
+
{
|
|
226
|
+
"path": ".memory/self-learned/error-patterns.json",
|
|
227
|
+
"classification": "judgment_laden",
|
|
228
|
+
"template": null,
|
|
229
|
+
"rationale": "Written only by local agents at runtime, not scaffolded."
|
|
230
|
+
},
|
|
231
|
+
{
|
|
232
|
+
"path": ".memory/self-learned/module-complexity.json",
|
|
233
|
+
"classification": "judgment_laden",
|
|
234
|
+
"template": null,
|
|
235
|
+
"rationale": "Written only by local agents at runtime, not scaffolded."
|
|
236
|
+
}
|
|
237
|
+
],
|
|
238
|
+
"mechanical_count": 28,
|
|
239
|
+
"judgment_laden_count": 10,
|
|
240
|
+
"notes": [
|
|
241
|
+
"Dirs without a named file get a .gitkeep in the template tree so the directory is tracked by git.",
|
|
242
|
+
"The .ai/evals/<set>/ evalset files (evalset.json, rubric.md, judge-config.json) are judgment_laden — the eval set name and rubric content are per-repo.",
|
|
243
|
+
"The .ai/drift/backups/ dir is runtime-only (written by sync path), not scaffolded.",
|
|
244
|
+
"The .ai/skills/catalog-audit.json and description-exceptions.json are generated by the skill-catalog branch, not the base scaffold.",
|
|
245
|
+
"upstream.lock is omitted: it requires resolving a live git SHA at scaffold time and is written by foundation.md artifacts, not the .ai/ tree."
|
|
246
|
+
]
|
|
247
|
+
}
|
|
File without changes
|
|
File without changes
|
package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
[]
|
|
File without changes
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"topology_type": "standalone",
|
|
4
|
+
"max_allowed_depth": 0,
|
|
5
|
+
"current_depth": 0,
|
|
6
|
+
"sync_strategy": "physical-copy",
|
|
7
|
+
"upstream_authority": {
|
|
8
|
+
"type": "git",
|
|
9
|
+
"url": "{{UPSTREAM_URL}}",
|
|
10
|
+
"ref": "{{UPSTREAM_REF}}"
|
|
11
|
+
},
|
|
12
|
+
"managed_repositories": [],
|
|
13
|
+
"inherited_assets": [],
|
|
14
|
+
"sync_status": {
|
|
15
|
+
"last_synced_at": "{{DATE}}",
|
|
16
|
+
"drift_detected": false,
|
|
17
|
+
"last_drift_report": ".ai/drift/last-drift.json"
|
|
18
|
+
}
|
|
19
|
+
}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
# A2A Cross-Agent Handoff Convention
|
|
2
|
+
|
|
3
|
+
**ADR:** ADR-0005
|
|
4
|
+
**Generated by:** ai-catapult-init
|
|
5
|
+
|
|
6
|
+
This document defines the cross-agent handoff convention for this repository.
|
|
7
|
+
All agent-to-agent transfers must include a correlation ID so task chains remain
|
|
8
|
+
auditable.
|
|
9
|
+
|
|
10
|
+
## Required handoff fields
|
|
11
|
+
|
|
12
|
+
Every A2A handoff payload must carry:
|
|
13
|
+
|
|
14
|
+
| Field | Type | Description |
|
|
15
|
+
|-------|------|-------------|
|
|
16
|
+
| `correlation_id` | string (UUID) | Shared across all agents in a task chain. |
|
|
17
|
+
| `from_agent` | string | Identifier of the handing-off agent. |
|
|
18
|
+
| `to_agent` | string | Identifier of the receiving agent. |
|
|
19
|
+
| `task_summary` | string | One-sentence description of what was completed. |
|
|
20
|
+
| `next_action` | string | One-sentence description of what the receiving agent must do. |
|
|
21
|
+
| `artifacts` | array | List of file paths or artifact references produced. |
|
|
22
|
+
| `timestamp` | string (ISO-8601) | Handoff time in UTC. |
|
|
23
|
+
|
|
24
|
+
## Example
|
|
25
|
+
|
|
26
|
+
```json
|
|
27
|
+
{
|
|
28
|
+
"correlation_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
|
|
29
|
+
"from_agent": "planner",
|
|
30
|
+
"to_agent": "executor",
|
|
31
|
+
"task_summary": "Architecture decisions recorded in docs/architecture/adr/.",
|
|
32
|
+
"next_action": "Generate the v3 scaffold from the confirmed matrix and ADRs.",
|
|
33
|
+
"artifacts": [
|
|
34
|
+
"docs/architecture/adr/0001-init.md",
|
|
35
|
+
".ai/matrix.json"
|
|
36
|
+
],
|
|
37
|
+
"timestamp": "{{DATE}}"
|
|
38
|
+
}
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## Correlation ID lifecycle
|
|
42
|
+
|
|
43
|
+
- The first agent in a task chain generates the `correlation_id`.
|
|
44
|
+
- Every subsequent agent in the chain preserves and forwards the same ID.
|
|
45
|
+
- The final agent records the ID in `.ai/handoff/init-ai-repo-handoff.md`.
|
|
46
|
+
|
|
47
|
+
## MCP registry
|
|
48
|
+
|
|
49
|
+
The MCP server registry stub lives at `.ai/mcp/registry.json`. Stubs have
|
|
50
|
+
`status: "stub"` and no resolved endpoint; promotion to live requires an ADR
|
|
51
|
+
update and a registry entry update.
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"generated_by": "ai-catapult-init",
|
|
4
|
+
"adr": "ADR-0005",
|
|
5
|
+
"description": "MCP-server registry stub. Offline/deterministic: declared servers are stubs; ai-catapult-init resolves no live endpoint and makes no network call.",
|
|
6
|
+
"servers": [
|
|
7
|
+
{
|
|
8
|
+
"name": "filesystem",
|
|
9
|
+
"transport": "stdio",
|
|
10
|
+
"status": "stub",
|
|
11
|
+
"endpoint": null,
|
|
12
|
+
"tools": ["read_file", "write_file", "list_directory"]
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
"name": "git",
|
|
16
|
+
"transport": "stdio",
|
|
17
|
+
"status": "stub",
|
|
18
|
+
"endpoint": null,
|
|
19
|
+
"tools": ["git_status", "git_diff", "git_log"]
|
|
20
|
+
}
|
|
21
|
+
],
|
|
22
|
+
"a2a": {
|
|
23
|
+
"protocol": "A2A",
|
|
24
|
+
"handoff_convention": ".ai/mcp/a2a-handoff.md",
|
|
25
|
+
"correlation_id_required": true
|
|
26
|
+
}
|
|
27
|
+
}
|
package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Observability Audit Checklist
|
|
2
|
+
|
|
3
|
+
**ADR:** ADR-0005
|
|
4
|
+
**Generated by:** ai-catapult-init
|
|
5
|
+
|
|
6
|
+
Use this checklist when reviewing a behavior-changing PR. Check each item
|
|
7
|
+
that applies. Record the checklist results in the PR description or review comment.
|
|
8
|
+
|
|
9
|
+
## Token-cost audit
|
|
10
|
+
|
|
11
|
+
- [ ] Total token count for this PR's AI-assisted work is recorded in the PR description.
|
|
12
|
+
- [ ] No single agent turn exceeded 100k input tokens without a documented reason.
|
|
13
|
+
- [ ] Caching was used where available (e.g. prompt prefix caching for repeated context).
|
|
14
|
+
|
|
15
|
+
## Trajectory audit
|
|
16
|
+
|
|
17
|
+
- [ ] Agent action sequence is summarized in the PR description (what agent did what, in order).
|
|
18
|
+
- [ ] No agent self-approved its own output without a separate review pass.
|
|
19
|
+
- [ ] The `correlation_id` chain is present for multi-agent task chains.
|
|
20
|
+
|
|
21
|
+
## Drift audit
|
|
22
|
+
|
|
23
|
+
- [ ] `.ai/drift/last-generation.json` was updated if scaffold files were regenerated.
|
|
24
|
+
- [ ] No inherited asset was overwritten without a prior backup under `.ai/drift/backups/`.
|
|
25
|
+
- [ ] Drift report (`.ai/drift/last-drift.json`) reflects the current sync state.
|
|
26
|
+
|
|
27
|
+
## Coverage
|
|
28
|
+
|
|
29
|
+
- [ ] All modified `.ai/` files are covered by a validation check
|
|
30
|
+
(see `modules/validation.md`).
|
|
31
|
+
- [ ] No new `.ai/` path was added without a corresponding entry in the
|
|
32
|
+
boundary manifest (`ai-catapult-init/templates/boundary-manifest.json`).
|
package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# Observability Conventions
|
|
2
|
+
|
|
3
|
+
**ADR:** ADR-0005
|
|
4
|
+
**Generated by:** ai-catapult-init
|
|
5
|
+
|
|
6
|
+
These conventions define how logging and tracing are recorded for AI-assisted
|
|
7
|
+
work in this repository. They are generated conventions, not live metering:
|
|
8
|
+
token-cost and trajectory metering execute out-of-band and results are recorded
|
|
9
|
+
as evidence; CI validates only that this file and the audit checklist exist.
|
|
10
|
+
|
|
11
|
+
## Logging conventions
|
|
12
|
+
|
|
13
|
+
- **Structured JSON** for all agent-emitted log entries.
|
|
14
|
+
- **Required fields per log entry:** `timestamp` (ISO-8601), `agent_id`,
|
|
15
|
+
`correlation_id`, `level` (`info` | `warn` | `error`), `message`.
|
|
16
|
+
- **Optional fields:** `task_id`, `file_path`, `token_count`, `model_id`.
|
|
17
|
+
- Log files are written to `.ai/drift/` (drift/audit logs) or to the
|
|
18
|
+
calling host's log sink. Never committed to the repository.
|
|
19
|
+
|
|
20
|
+
## Trace conventions
|
|
21
|
+
|
|
22
|
+
- Each task chain carries a single `correlation_id` (UUID v4) from first
|
|
23
|
+
agent to last.
|
|
24
|
+
- Trace entries are appended to `.ai/drift/last-generation.json` during
|
|
25
|
+
scaffold generation.
|
|
26
|
+
- Trajectory audits (sequence of agent actions) are recorded per-PR as
|
|
27
|
+
evidence in the PR description, not as committed artifacts.
|
|
28
|
+
|
|
29
|
+
## Token-cost conventions
|
|
30
|
+
|
|
31
|
+
- Token counts are recorded as `token_count` in log entries when available.
|
|
32
|
+
- The audit checklist (`.ai/observability/audit-checklist.md`) is the
|
|
33
|
+
canonical reference for what must be measured and where results land.
|
|
34
|
+
- No CI gate enforces token budgets in this iteration; the gate enforces
|
|
35
|
+
only that conventions and checklist files exist.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"workflow_id": "init-ai-repo",
|
|
4
|
+
"phase_id": "01-discover-decide",
|
|
5
|
+
"title": "Discover & Decide",
|
|
6
|
+
"required": true,
|
|
7
|
+
"status": "pending",
|
|
8
|
+
"inputs": [".ai/matrix.json"],
|
|
9
|
+
"outputs": [
|
|
10
|
+
".ai/matrix.json",
|
|
11
|
+
".ai/init/repo-profile.json",
|
|
12
|
+
".ai/init/sdlc-path.md"
|
|
13
|
+
],
|
|
14
|
+
"evidence": null,
|
|
15
|
+
"next_actions": ["Run ai-catapult-init phase 01 to profile this repo."]
|
|
16
|
+
}
|
package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"workflow_id": "init-ai-repo",
|
|
4
|
+
"phase_id": "02-govern-plan",
|
|
5
|
+
"title": "Govern & Plan",
|
|
6
|
+
"required": true,
|
|
7
|
+
"status": "pending",
|
|
8
|
+
"inputs": [".ai/init/repo-profile.json", ".ai/init/sdlc-path.md"],
|
|
9
|
+
"outputs": [
|
|
10
|
+
"docs/architecture/adr/",
|
|
11
|
+
".ai/policies/model-routing.json"
|
|
12
|
+
],
|
|
13
|
+
"evidence": null,
|
|
14
|
+
"next_actions": ["Complete phase 01 first."]
|
|
15
|
+
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"workflow_id": "init-ai-repo",
|
|
4
|
+
"phase_id": "03-configure-generate",
|
|
5
|
+
"title": "Configure & Generate",
|
|
6
|
+
"required": true,
|
|
7
|
+
"status": "pending",
|
|
8
|
+
"inputs": [
|
|
9
|
+
".ai/matrix.json",
|
|
10
|
+
".ai/policies/model-routing.json",
|
|
11
|
+
"docs/architecture/adr/"
|
|
12
|
+
],
|
|
13
|
+
"outputs": [
|
|
14
|
+
".ai/traceability/graph.json",
|
|
15
|
+
".ai/workflows/repo-workflow.json",
|
|
16
|
+
"AGENTS.md",
|
|
17
|
+
".rules.ts",
|
|
18
|
+
"prek.toml"
|
|
19
|
+
],
|
|
20
|
+
"evidence": null,
|
|
21
|
+
"next_actions": ["Complete phases 01 and 02 first."]
|
|
22
|
+
}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"workflow_id": "init-ai-repo",
|
|
4
|
+
"phase_id": "04-validate-handoff",
|
|
5
|
+
"title": "Validate & Handoff",
|
|
6
|
+
"required": true,
|
|
7
|
+
"status": "pending",
|
|
8
|
+
"inputs": [
|
|
9
|
+
".ai/traceability/graph.json",
|
|
10
|
+
".ai/workflows/repo-workflow.json"
|
|
11
|
+
],
|
|
12
|
+
"outputs": [
|
|
13
|
+
".ai/handoff/init-ai-repo-handoff.md",
|
|
14
|
+
".ai/traceability/validation-report.md"
|
|
15
|
+
],
|
|
16
|
+
"evidence": null,
|
|
17
|
+
"next_actions": ["Complete phases 01, 02, and 03 first."]
|
|
18
|
+
}
|
package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
{
|
|
2
|
+
"schema_version": "1.0",
|
|
3
|
+
"description": "Provider-neutral model-routing policy (ADR-0003). Task classes map to portable tiers; host_aliases bind tiers to host model names per provider. Host model names are illustrative examples — replace them with the model IDs your provider/CLI exposes at deployment time.",
|
|
4
|
+
"tiers": ["frontier", "mid", "cheap"],
|
|
5
|
+
"task_classes": {
|
|
6
|
+
"requirements": "frontier",
|
|
7
|
+
"architecture": "frontier",
|
|
8
|
+
"initial-implementation": "frontier",
|
|
9
|
+
"hard-verification": "frontier",
|
|
10
|
+
"standard-implementation": "mid",
|
|
11
|
+
"planning": "mid",
|
|
12
|
+
"test-generation": "cheap",
|
|
13
|
+
"first-pass-code-review": "cheap",
|
|
14
|
+
"ci-monitoring": "cheap",
|
|
15
|
+
"lookups": "cheap"
|
|
16
|
+
},
|
|
17
|
+
"host_aliases": {
|
|
18
|
+
"claude": {
|
|
19
|
+
"frontier": "opus",
|
|
20
|
+
"mid": "sonnet",
|
|
21
|
+
"cheap": "haiku"
|
|
22
|
+
},
|
|
23
|
+
"codex": {
|
|
24
|
+
"frontier": "o3",
|
|
25
|
+
"mid": "o4-mini",
|
|
26
|
+
"cheap": "gpt-4o-mini"
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# AI Failure-Mode Review Checklist
|
|
2
|
+
|
|
3
|
+
**Spec:** §4.B
|
|
4
|
+
**Generated by:** ai-catapult-init
|
|
5
|
+
|
|
6
|
+
Use this checklist when reviewing any PR that contains AI-authored code.
|
|
7
|
+
Mark each item as addressed or N/A before approving.
|
|
8
|
+
|
|
9
|
+
## Hallucinated dependencies
|
|
10
|
+
|
|
11
|
+
- [ ] All imported packages/modules exist in the package manifest (package.json,
|
|
12
|
+
pyproject.toml, Cargo.toml, etc.).
|
|
13
|
+
- [ ] No import references a package name that looks plausible but is not
|
|
14
|
+
declared — verify with the lock file.
|
|
15
|
+
|
|
16
|
+
## Slopsquatting / typosquatting
|
|
17
|
+
|
|
18
|
+
- [ ] Package names match official registries exactly (check npm, PyPI, crates.io).
|
|
19
|
+
- [ ] No package name is a one-character-off variant of a popular package.
|
|
20
|
+
|
|
21
|
+
## Inadequate error handling
|
|
22
|
+
|
|
23
|
+
- [ ] Every external call (network, filesystem, subprocess) has explicit error
|
|
24
|
+
handling or is documented as intentionally fail-fast.
|
|
25
|
+
- [ ] Error messages include enough context to diagnose the failure without
|
|
26
|
+
reading source code.
|
|
27
|
+
- [ ] No bare `catch` / `except Exception` / `recover()` swallows errors silently.
|
|
28
|
+
|
|
29
|
+
## "Looks-right" / subtle correctness gaps
|
|
30
|
+
|
|
31
|
+
- [ ] Off-by-one boundaries (array indices, pagination cursors, date ranges)
|
|
32
|
+
are covered by at least one test.
|
|
33
|
+
- [ ] Concurrency assumptions (shared state, ordering guarantees) are documented
|
|
34
|
+
or guarded by a test.
|
|
35
|
+
- [ ] Any cryptographic or security-sensitive code was reviewed by a human, not
|
|
36
|
+
only by an agent.
|
|
37
|
+
|
|
38
|
+
## Scope creep
|
|
39
|
+
|
|
40
|
+
- [ ] The PR diff touches only files named in the task description or acceptance
|
|
41
|
+
criteria (Karpathy Rule 3 — Surgical Changes).
|
|
42
|
+
- [ ] No new abstraction was introduced for a pattern that exists exactly once.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Security Guardrails
|
|
2
|
+
|
|
3
|
+
**Generated by:** ai-catapult-init
|
|
4
|
+
**Scope:** All agents operating in this repository.
|
|
5
|
+
|
|
6
|
+
These are baseline security rules. Extend this file with repo-specific constraints
|
|
7
|
+
after scaffolding.
|
|
8
|
+
|
|
9
|
+
## Secrets and credentials
|
|
10
|
+
|
|
11
|
+
- Never commit secrets, API keys, tokens, or credentials to the repository.
|
|
12
|
+
- Never log secret values, even at debug level.
|
|
13
|
+
- Use environment variables or a secrets manager for all credentials.
|
|
14
|
+
- Patterns that must trigger a hard stop: `sk-`, `ghp_`, `github_pat_`,
|
|
15
|
+
PEM private-key headers (BEGIN … PRIVATE KEY), `AKIA` (AWS access key prefix).
|
|
16
|
+
|
|
17
|
+
## Input validation
|
|
18
|
+
|
|
19
|
+
- All external inputs (HTTP request bodies, CLI args, environment variables,
|
|
20
|
+
file contents) must be validated before use.
|
|
21
|
+
- String inputs used in SQL, shell commands, or file paths must be sanitised
|
|
22
|
+
or parameterised — never interpolated directly.
|
|
23
|
+
|
|
24
|
+
## Dependency hygiene
|
|
25
|
+
|
|
26
|
+
- New dependencies must be pinned to an exact version in the lock file.
|
|
27
|
+
- Dependencies must be sourced from official registries only.
|
|
28
|
+
- Before adding a new dependency, verify the package name matches the official
|
|
29
|
+
registry exactly (guard against typosquatting).
|
|
30
|
+
|
|
31
|
+
## Agent-specific rules
|
|
32
|
+
|
|
33
|
+
- Agents must not execute shell commands that were constructed from
|
|
34
|
+
unvalidated external input.
|
|
35
|
+
- Agents must not write files outside the repository root without explicit
|
|
36
|
+
user confirmation.
|
|
37
|
+
- Agents must not make outbound network calls to undeclared hosts; declared
|
|
38
|
+
hosts are listed in `.ai/mcp/registry.json`.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Technical Bounds
|
|
2
|
+
|
|
3
|
+
**Generated by:** ai-catapult-init
|
|
4
|
+
**Scope:** All agents operating in this repository.
|
|
5
|
+
|
|
6
|
+
These are baseline technical-bounds rules. Extend this file with repo-specific
|
|
7
|
+
constraints (language versions, framework choices, architectural boundaries)
|
|
8
|
+
after scaffolding.
|
|
9
|
+
|
|
10
|
+
## Architectural boundaries
|
|
11
|
+
|
|
12
|
+
- Dependencies must only flow inward: domain ← application ← infrastructure.
|
|
13
|
+
Infrastructure layers must not import from the domain layer directly.
|
|
14
|
+
- Route handlers must not import from the data layer directly; all data access
|
|
15
|
+
goes through a service layer.
|
|
16
|
+
- Circular imports between modules are prohibited.
|
|
17
|
+
|
|
18
|
+
## Code quality floor
|
|
19
|
+
|
|
20
|
+
- Functions must not exceed 40 lines. Extract logical sections into named helpers.
|
|
21
|
+
- Tests must follow Arrange-Act-Assert with one assertion group per test.
|
|
22
|
+
- Source files must use kebab-case. Test files must end in `.test.ts` or `.spec.ts`.
|
|
23
|
+
|
|
24
|
+
## AI scaffold integrity
|
|
25
|
+
|
|
26
|
+
- The `.ai/` directory is agent-managed governance surface. Do not edit files
|
|
27
|
+
under `.ai/` manually unless you are updating a human-override file under
|
|
28
|
+
`.memory/human-override/`.
|
|
29
|
+
- `.memory/human-override/` is terminal priority. Its contents are never
|
|
30
|
+
overwritten by sync or scaffold runs.
|
|
31
|
+
- `inherited_assets` listed in `.ai/matrix.json` are propagated by physical
|
|
32
|
+
copy only; symlinks and git submodules are not permitted as sync modes.
|
|
33
|
+
|
|
34
|
+
## Language and runtime (placeholder — fill in post-scaffold)
|
|
35
|
+
|
|
36
|
+
- **Language version:** (e.g. Node 20 LTS, Python 3.12, Go 1.22)
|
|
37
|
+
- **Framework:** (e.g. Express 4, FastAPI 0.111, Gin 1.9)
|
|
38
|
+
- **Test runner:** (e.g. Vitest, pytest, go test)
|