ai-catapult 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +139 -0
- package/bin/ai-catapult.js +229 -0
- package/dist/claude-plugin/.claude-plugin/marketplace.json +28 -0
- package/dist/claude-plugin/.claude-plugin/plugin.json +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/claude-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/dist/codex-plugin/.codex-plugin/plugin.json +11 -0
- package/dist/codex-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/codex-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/package.json +53 -0
- package/scripts/build-claude-plugin.sh +179 -0
- package/scripts/build-codex-plugin.sh +104 -0
- package/scripts/snapshot-dist.sh +26 -0
- package/setup.sh +63 -0
- package/skills.lock.json +6 -0
- package/src/install.js +380 -0
- package/src/scaffold.js +220 -0
|
@@ -0,0 +1,185 @@
|
|
|
1
|
+
# Documentation Blueprint Module
|
|
2
|
+
|
|
3
|
+
Read when generating the v3 canonical layout in a target repo. The blueprint defines the deterministic `.ai/`, `.memory/`, and `docs/` trees, and the human/agent entry files. Standalone and umbrella repos both use the same blueprint; umbrella repos only differ in the inherited-assets list and the managed repos.
|
|
4
|
+
|
|
5
|
+
## Tree shape
|
|
6
|
+
|
|
7
|
+
```
|
|
8
|
+
.
|
|
9
|
+
├── .ai/
|
|
10
|
+
│ ├── matrix.json
|
|
11
|
+
│ ├── system-prompts/
|
|
12
|
+
│ │ ├── architect.md
|
|
13
|
+
│ │ ├── developer.md
|
|
14
|
+
│ │ └── qa-engineer.md
|
|
15
|
+
│ ├── skills/ # target-repo tool injection definitions, not Codex skill packages
|
|
16
|
+
│ │ ├── git-ops.json
|
|
17
|
+
│ │ └── workspace-sync.json
|
|
18
|
+
│ ├── workflows/
|
|
19
|
+
│ │ ├── repo-workflow.md
|
|
20
|
+
│ │ └── repo-workflow.json
|
|
21
|
+
│ ├── phases/
|
|
22
|
+
│ │ ├── 01-discover-decide/status.json
|
|
23
|
+
│ │ ├── 02-govern-plan/status.json
|
|
24
|
+
│ │ ├── 03-configure-generate/status.json
|
|
25
|
+
│ │ └── 04-validate-handoff/status.json
|
|
26
|
+
│ ├── handoff/
|
|
27
|
+
│ │ └── init-ai-repo-handoff.md
|
|
28
|
+
│ ├── traceability/
|
|
29
|
+
│ │ ├── graph.json
|
|
30
|
+
│ │ ├── index.md
|
|
31
|
+
│ │ └── validation-report.md
|
|
32
|
+
│ ├── evals/
|
|
33
|
+
│ │ ├── coverage-exceptions.json
|
|
34
|
+
│ │ └── <set>/
|
|
35
|
+
│ │ ├── evalset.json
|
|
36
|
+
│ │ ├── rubric.md
|
|
37
|
+
│ │ └── judge-config.json
|
|
38
|
+
│ ├── policies/
|
|
39
|
+
│ │ └── model-routing.json
|
|
40
|
+
│ ├── observability/
|
|
41
|
+
│ │ ├── conventions.md
|
|
42
|
+
│ │ └── audit-checklist.md
|
|
43
|
+
│ ├── mcp/
|
|
44
|
+
│ │ ├── registry.json
|
|
45
|
+
│ │ └── a2a-handoff.md
|
|
46
|
+
│ ├── reviews/
|
|
47
|
+
│ │ └── ai-failure-modes.md
|
|
48
|
+
│ ├── rules/
|
|
49
|
+
│ │ ├── security.md
|
|
50
|
+
│ │ └── technical-bounds.md
|
|
51
|
+
│ └── drift/
|
|
52
|
+
│ ├── last-drift.json
|
|
53
|
+
│ └── backups/
|
|
54
|
+
├── .memory/
|
|
55
|
+
│ ├── human-override/ # terminal-priority; never silently rewritten
|
|
56
|
+
│ │ ├── custom-conventions.md
|
|
57
|
+
│ │ └── tribal-knowledge.md
|
|
58
|
+
│ └── self-learned/ # local machine-readable knowledge
|
|
59
|
+
│ ├── error-patterns.json
|
|
60
|
+
│ └── module-complexity.json
|
|
61
|
+
├── docs/
|
|
62
|
+
│ ├── architecture/
|
|
63
|
+
│ │ ├── adr/
|
|
64
|
+
│ │ │ └── 0001-init.md
|
|
65
|
+
│ │ └── data-contracts/
|
|
66
|
+
│ ├── specifications/
|
|
67
|
+
│ │ ├── ACTIVE/
|
|
68
|
+
│ │ └── ARCHIVED/
|
|
69
|
+
│ └── learning/
|
|
70
|
+
│ ├── concept-maps/
|
|
71
|
+
│ └── troubleshooting-matrix.md
|
|
72
|
+
├── AGENTS.md
|
|
73
|
+
├── CLAUDE.md # thin pointer to AGENTS.md
|
|
74
|
+
├── GEMINI.md # thin pointer to AGENTS.md
|
|
75
|
+
├── CONTRIBUTING.md
|
|
76
|
+
└── README.md
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## Layer rules
|
|
80
|
+
|
|
81
|
+
| Layer | Path | Audience | Mutable by sync? |
|
|
82
|
+
| --- | --- | --- | --- |
|
|
83
|
+
| Execution / policy | `.ai/` | Agents and CI | Inherited assets only. |
|
|
84
|
+
| Human override | `.memory/human-override/` | Humans | No; terminal priority. |
|
|
85
|
+
| Self-learned | `.memory/self-learned/` | Agents, local | No; written only by local agents, never by physical-copy sync. |
|
|
86
|
+
| Architecture | `docs/architecture/` | Humans | No; per-repo authorship. |
|
|
87
|
+
| Specifications | `docs/specifications/` | Humans | No; per-repo authorship. |
|
|
88
|
+
| Learning | `docs/learning/` | Humans | No; per-repo authorship. |
|
|
89
|
+
| Entry files | `AGENTS.md`, `CLAUDE.md`, `GEMINI.md`, `CONTRIBUTING.md`, `README.md` | Both | Inherited assets only when explicitly listed. |
|
|
90
|
+
|
|
91
|
+
## `.ai/`
|
|
92
|
+
|
|
93
|
+
- `system-prompts/` holds role-specific instructions for `architect`, `developer`, and `qa-engineer`. New roles are added with a clearly named `.md` file and a one-line description in the file's first paragraph.
|
|
94
|
+
- `skills/` holds target-repo tool injection definitions in JSON form. These are tool/MCP descriptors that the target repo exposes to agents; they are not the same as Codex skill packages under `skills/`.
|
|
95
|
+
- `rules/` holds repo-specific safety and technical-bounds rules in Markdown. Cross-reference these from `.rules.ts` when present.
|
|
96
|
+
- `matrix.json` holds the topology matrix; see `modules/topology.md`.
|
|
97
|
+
- `workflows/` holds the human repo workflow and machine-readable workflow manifest.
|
|
98
|
+
- `phases/` holds per-phase status JSON for mandatory workflow steps.
|
|
99
|
+
- `handoff/` holds the generated initialization handoff index.
|
|
100
|
+
- `traceability/` holds graph.json, index.md, and validation-report.md for BRD/PRD/work artifact links.
|
|
101
|
+
- `evals/` holds one directory per evalset (`evalset.json`, `rubric.md`, `judge-config.json`) plus `coverage-exceptions.json`. Both output and trajectory evaluation are representable; see `modules/evals.md`. The eval-coverage gate is offline-structural only.
|
|
102
|
+
- `policies/` holds machine-readable routing/config policy. `model-routing.json` (ADR-0003) declares a `schema_version`, provider-neutral tiers `{frontier, mid, cheap}`, a `task_classes` map (task-class → tier), and a `host_aliases` table binding each host (e.g. `claude`, `codex`) to per-tier model names. Frontier covers requirements/architecture/initial-implementation/hard-verification; mid covers standard implementation/planning; cheap covers test generation/first-pass code review/CI monitoring/lookups. Tier aliases — not provider IDs — keep the policy portable; routing is validated offline-structurally (`modules/validation.md` check #15) with no network model resolution.
|
|
103
|
+
- `observability/` holds the generated observability surface (ADR-0005): `conventions.md` (logging and trace conventions) and `audit-checklist.md` (the token-cost and trajectory-audit checklist). Observability is non-optional harness surface — without it agent drift, cost, and trajectory are not auditable. These are generated conventions and a checklist, not live metering: token-cost and trajectory metering execute out-of-band and are recorded as evidence; CI validates only that the conventions and checklist exist (`modules/validation.md` check #16). The PR merge gate in `modules/ci-policy.md` references the audit checklist for behavior-changing PRs.
|
|
104
|
+
- `mcp/` holds the generated MCP/A2A surface (ADR-0005) under `.ai/mcp/`: `registry.json` (the MCP-server registry stub) and `a2a-handoff.md` (the A2A cross-agent handoff convention). Promoting MCP/A2A from a mention to a real surface adopts the open standards now and preserves multi-vendor optionality. The registry is a stub — declared servers carry `status: "stub"` and no resolved endpoint — and the handoff doc is a convention, not a live router; generation makes no network or model call. CI validates only that the registry parses with the expected shape and the handoff convention exists (`modules/validation.md` check #17). See `modules/mcp-a2a.md`.
|
|
105
|
+
- `reviews/` (`.ai/reviews/`) holds the generated AI-failure-mode review checklist (`ai-failure-modes.md`, spec §4.B) plus per-PR review records. The checklist gives reviewers actionable items for the failure modes common to AI-authored code — hallucinated dependencies, slopsquatting, inadequate error handling, and "looks-right" / subtle correctness gaps — so they are caught in review rather than relied on to surface in tests. It is a generated review convention, not a live CI gate; the PR merge gate in `modules/ci-policy.md` references it for AI-authored PRs. CI validates only that the checklist exists and covers the named failure modes (`modules/validation.md` check #18).
|
|
106
|
+
|
|
107
|
+
## `.memory/`
|
|
108
|
+
|
|
109
|
+
- `human-override/` is terminal priority. The scaffold never overwrites existing files in this directory; new files are only created with explicit opt-in.
|
|
110
|
+
- `self-learned/` holds machine-readable knowledge such as `error-patterns.json` and `module-complexity.json`. Schemas are versioned with a `schema_version` field and a changelog under `.memory/self-learned/CHANGELOG.md`. See `modules/memory.md` for the full schema rules.
|
|
111
|
+
|
|
112
|
+
## `docs/`
|
|
113
|
+
|
|
114
|
+
- `architecture/adr/` holds ADR files numbered as `NNNN-title.md`, starting at `0001-init.md`.
|
|
115
|
+
- `architecture/data-contracts/` holds shared data contract definitions referenced by ADRs and code.
|
|
116
|
+
- `specifications/ACTIVE/` holds current specs; `ARCHIVED/` holds retired specs with a `superseded_by` pointer in their first paragraph.
|
|
117
|
+
- `learning/concept-maps/` holds concept-map diagrams or Markdown summaries; `troubleshooting-matrix.md` is the canonical index for known-issue → fix pairs.
|
|
118
|
+
|
|
119
|
+
## Entry files
|
|
120
|
+
|
|
121
|
+
- `AGENTS.md` — agent-facing operating contract and single source of truth for rule-file/static context.
|
|
122
|
+
- `CLAUDE.md` — thin pointer to `AGENTS.md` with no content-bearing sections (ADR-0004).
|
|
123
|
+
- `GEMINI.md` — thin pointer to `AGENTS.md` with no content-bearing sections (ADR-0004).
|
|
124
|
+
- `CONTRIBUTING.md` — human contributor guide.
|
|
125
|
+
- `README.md` — top-level human entry point.
|
|
126
|
+
|
|
127
|
+
`AGENTS.md`, `CLAUDE.md`, `GEMINI.md`, `CONTRIBUTING.md`, and `README.md` are required for standalone repos. Umbrella repos include them as inherited assets; managed sub-repos may have a thin local override that references the umbrella. Generated `AGENTS.md` and `README.md` link to `.ai/workflows/repo-workflow.md` and `.ai/workflows/repo-workflow.json`. `CLAUDE.md` and `GEMINI.md` carry only a single pointer to `AGENTS.md` and are emitted as thin pointers, not workflow-linking surfaces.
|
|
128
|
+
|
|
129
|
+
## Harness Map
|
|
130
|
+
|
|
131
|
+
Generated `AGENTS.md` carries a `## Harness Map` section enumerating the six context types and documenting the static-vs-dynamic context boundary (ADR-0005). The Harness Map is non-optional AGENTS.md surface: it makes the agent's context inputs explicit and reviewable rather than implicit.
|
|
132
|
+
|
|
133
|
+
The six context types, each emitted as a code-fenced cell pointing at its canonical source in the v3 tree:
|
|
134
|
+
|
|
135
|
+
| Context type | Canonical source | Static or dynamic |
|
|
136
|
+
| --- | --- | --- |
|
|
137
|
+
| `Instructions` | `AGENTS.md`, `.ai/system-prompts/`, `.ai/rules/` | Static |
|
|
138
|
+
| `Knowledge` | `docs/architecture/`, `docs/specifications/`, `docs/learning/` | Static |
|
|
139
|
+
| `Memory` | `.memory/human-override/`, `.memory/self-learned/` | Dynamic |
|
|
140
|
+
| `Examples` | `.ai/evals/<set>/`, `docs/learning/concept-maps/` | Static |
|
|
141
|
+
| `Tools` | `.ai/skills/`, `.ai/mcp/registry.json` | Dynamic |
|
|
142
|
+
| `Guardrails` | `.ai/rules/security.md`, `.ai/rules/technical-bounds.md`, `.ai/policies/` | Static |
|
|
143
|
+
|
|
144
|
+
**Static-vs-dynamic boundary.** Static context is fixed at the start of a task (instructions, knowledge, examples, guardrails) and is reviewed and versioned in-repo; dynamic context is assembled per-run (memory written by local agents, tool/MCP results resolved at call time). The boundary is a reviewed, versioned architectural decision (ADR-0005), not an implicit one: moving a context type across the boundary requires an ADR update.
|
|
145
|
+
|
|
146
|
+
## Mechanical scaffold templates
|
|
147
|
+
|
|
148
|
+
The static, deterministic subset of this tree is pre-authored in
|
|
149
|
+
`ai-catapult-init/templates/` and is the SSOT the ai-catapult CLI vendors and
|
|
150
|
+
emits. The boundary between mechanical (templated, deterministic) and
|
|
151
|
+
judgment-laden (generated in-harness after discovery) paths is recorded in
|
|
152
|
+
`ai-catapult-init/templates/boundary-manifest.json`.
|
|
153
|
+
|
|
154
|
+
- **Mechanical** — directory layout, matrix.json skeleton, phase status stubs,
|
|
155
|
+
policy/rules stubs, MCP registry stub, observability/review checklists,
|
|
156
|
+
system-prompt skeletons, entry-file pointers (AGENTS.md/CLAUDE.md/GEMINI.md),
|
|
157
|
+
Archgate rules (.rules.ts), CI hook config (prek.toml, ci-prek.yml).
|
|
158
|
+
Template files use `{{TOKEN}}` placeholders for repo-specific values
|
|
159
|
+
(REPO_ID, TOPOLOGY_TYPE, DATE, UPSTREAM_URL, UPSTREAM_REF).
|
|
160
|
+
- **Judgment-laden** — handoff document, traceability graph and index,
|
|
161
|
+
ADR bodies, cascade plan, .memory/ human-override content. These are
|
|
162
|
+
produced in-harness by the plugin after the four discovery phases.
|
|
163
|
+
|
|
164
|
+
When adding a new `.ai/` path to this blueprint, update
|
|
165
|
+
`ai-catapult-init/templates/boundary-manifest.json` to classify it and, if
|
|
166
|
+
mechanical, add the corresponding template file under `ai-catapult-init/templates/`.
|
|
167
|
+
|
|
168
|
+
## Generation rules
|
|
169
|
+
|
|
170
|
+
1. Existing files are never overwritten silently. If a target path exists, the generator emits a `present-not-overwritten` audit entry and skips the write.
|
|
171
|
+
2. The first generation writes a `migration` block to `.ai/matrix.json` referencing the legacy-to-v3 migration manifest; see `modules/validation.md`.
|
|
172
|
+
3. Destructive operations (deleting a legacy artifact) require explicit confirmation; see `modules/host-policy-automation.md` and `modules/validation.md`.
|
|
173
|
+
4. Generation emits an audit log under `.ai/drift/last-generation.json` listing per-path action (`created`, `present-not-overwritten`, `skipped-conflict`).
|
|
174
|
+
|
|
175
|
+
## Migration from legacy scaffold
|
|
176
|
+
|
|
177
|
+
Migration rules, the action vocabulary, and the migration-manifest schema are owned by `modules/migration.md`. The blueprint does not duplicate them; consumers must read `modules/migration.md` for the authoritative classification of `.agents/`, `.rules.ts`, `docs/adr/`, marker blocks, and any pre-existing `.memory/` content.
|
|
178
|
+
|
|
179
|
+
## Cascade outputs
|
|
180
|
+
|
|
181
|
+
When the cascade branch is enabled, generate `.ai/cascade/cascade-plan.json`, `.ai/cascade/audit.jsonl`, `.ai/cascade/reconciliation-report.md`, and `.ai/cascade/host-adapters/<host>.json` for each configured host. These outputs are validation artifacts; hosted mutation remains confirmation-gated.
|
|
182
|
+
|
|
183
|
+
## Skill catalog outputs
|
|
184
|
+
|
|
185
|
+
When the target repo owns a skill catalog, generate `.ai/skills/catalog-audit.json`, `.ai/skills/description-exceptions.json`, and `.ai/skills/modernization-report.md`. These artifacts enforce compact descriptions, progressive disclosure, trigger boundaries, cross-skill links, and AI-SDLC compatibility.
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
# Evals Module
|
|
2
|
+
|
|
3
|
+
Read when generating the `.ai/evals/` scaffold or wiring the offline eval-coverage gate. Evals are the verification surface for non-deterministic behavior; tests verify deterministic parts, evals verify the rest. See ADR-0002.
|
|
4
|
+
|
|
5
|
+
## Principle
|
|
6
|
+
|
|
7
|
+
"Set the bar at the eval, not the demo." A shippable capability is not complete without an eval carrying an explicit rubric. In CI the bar is **structural** (schema + rubric + judge-config present and well-formed) and **offline** — no model or network call. Eval **quality** is verified out-of-band via an LM-judge run, recorded as evidence, not as a CI gate.
|
|
8
|
+
|
|
9
|
+
## Generated outputs
|
|
10
|
+
|
|
11
|
+
| Output | Purpose |
|
|
12
|
+
| --- | --- |
|
|
13
|
+
| `.ai/evals/<set>/evalset.json` | Labelled cases for one evalset: inputs, expected behavior, and reference trajectories. |
|
|
14
|
+
| `.ai/evals/<set>/rubric.md` | Scoring rubric. Required. Criteria, weights summing to `1.0`, and a passing threshold. |
|
|
15
|
+
| `.ai/evals/<set>/judge-config.json` | LM-judge harness configuration (stub by default): judge tier, mode, evaluated dimensions, and threshold. |
|
|
16
|
+
| `.ai/evals/coverage-exceptions.json` | Audited exceptions for changes that bypass the coverage gate; owner, reason, expiry. Default is no exceptions. |
|
|
17
|
+
|
|
18
|
+
## Evalset structure
|
|
19
|
+
|
|
20
|
+
`evalset.json` declares `schema_version`, a stable `set_id`, a `kind`
|
|
21
|
+
(`output` or `trajectory`), an optional `skill_under_test`, and a non-empty
|
|
22
|
+
`cases` array. Each case carries a stable `case_id`, an `input`, an
|
|
23
|
+
`expected_behavior`, and a reference `trajectory` (the expected tool-call
|
|
24
|
+
sequence).
|
|
25
|
+
|
|
26
|
+
Both evaluation modes are representable in one scaffold:
|
|
27
|
+
|
|
28
|
+
- **Output evaluation** scores the final artifact against `expected_behavior`
|
|
29
|
+
using the rubric's output criteria.
|
|
30
|
+
- **Trajectory evaluation** scores the recorded tool-call sequence against the
|
|
31
|
+
case `trajectory` using the rubric's trajectory criteria. The recorded
|
|
32
|
+
sequence is represented by the `trajectory_trace` block in `judge-config.json`
|
|
33
|
+
and surfaces in the traceability graph as a `trajectory-trace` node.
|
|
34
|
+
|
|
35
|
+
## Rubric template
|
|
36
|
+
|
|
37
|
+
`rubric.md` is a required Markdown table. Each row names a criterion, the
|
|
38
|
+
dimension it scores (`output` or `trajectory`), a weight, and the passing bar.
|
|
39
|
+
Weights sum to `1.0`; the file declares a passing threshold. A missing or empty
|
|
40
|
+
rubric fails the coverage gate.
|
|
41
|
+
|
|
42
|
+
## LM-judge harness stub
|
|
43
|
+
|
|
44
|
+
`judge-config.json` declares the judge `tier` (a provider-neutral routing tier;
|
|
45
|
+
see `modules/documentation-blueprint.md` policy outputs), `mode`
|
|
46
|
+
(`lm-judge`), the `harness` (`stub` by default), the `evaluates` dimensions
|
|
47
|
+
(`output`, `trajectory`, or both), a `passing_threshold`, and `execution`
|
|
48
|
+
(`out-of-band`). The stub is intentionally non-executing: it documents the
|
|
49
|
+
shape an out-of-band runner consumes. CI never invokes it.
|
|
50
|
+
|
|
51
|
+
## Worked example: out-of-band LM-judge demonstration
|
|
52
|
+
|
|
53
|
+
`reference/fixtures/v3/standalone/.ai/evals/example-output-eval/judgment-demo.json`
|
|
54
|
+
is a recorded out-of-band LM-judge judgment for the `example-output-eval`
|
|
55
|
+
fixture, committed as evidence. It shows the shape an out-of-band runner
|
|
56
|
+
produces end-to-end: which evalset and rubric were judged, the illustrative
|
|
57
|
+
judge model and a timestamp placeholder, one per-criterion score and rationale
|
|
58
|
+
for every rubric criterion, and an aggregate score (the rubric-weighted sum)
|
|
59
|
+
checked against the rubric's passing threshold.
|
|
60
|
+
|
|
61
|
+
It is a demonstration, not a CI gate — it carries an explicit "recorded
|
|
62
|
+
out-of-band demonstration, not a CI gate" disclaimer, was authored without any
|
|
63
|
+
live model or network call, and CI never invokes it. It is the in-repo proof
|
|
64
|
+
that the structural-in-CI + quality-out-of-band split works. The discoverable
|
|
65
|
+
offline runner is `tests/lm_judge_demo_test.sh`.
|
|
66
|
+
|
|
67
|
+
## Eval-coverage gate (D1/D2)
|
|
68
|
+
|
|
69
|
+
The gate is diff-aware and offline:
|
|
70
|
+
|
|
71
|
+
1. **Trigger (D1).** A skill changed in the PR diff that declares a non-empty
|
|
72
|
+
`eval:` key in its frontmatter is a shippable capability. Doc-only or
|
|
73
|
+
unchanged skills are exempt.
|
|
74
|
+
2. **Structural check (D2).** The declared evalset directory must exist and be
|
|
75
|
+
structurally valid: `evalset.json` and `judge-config.json` parse and carry
|
|
76
|
+
their required keys; `rubric.md` exists and is non-empty.
|
|
77
|
+
3. **Audited exception.** A token in `.ai/evals/coverage-exceptions.json`
|
|
78
|
+
(owner, reason, expiry) bypasses the gate for a non-shippable change. This
|
|
79
|
+
mirrors the `> 280`-character description-exception escape hatch in
|
|
80
|
+
`modules/skill-modernization.md`.
|
|
81
|
+
|
|
82
|
+
The gate exits non-zero only when a changed shippable skill references a missing
|
|
83
|
+
or malformed evalset with no audited exception. It performs no model or network
|
|
84
|
+
call. The generated PR-merge-gate text (see `modules/ci-policy.md`) carries the
|
|
85
|
+
honest caveat: eval coverage is enforced structurally in CI; eval quality is
|
|
86
|
+
verified via an out-of-band LM-judge run.
|
|
87
|
+
|
|
88
|
+
## Safety rules
|
|
89
|
+
|
|
90
|
+
- Do not weaken the structural validator to make a missing evalset pass; author
|
|
91
|
+
the evalset or record an audited exception.
|
|
92
|
+
- Do not add a model or network dependency to the CI eval path.
|
|
93
|
+
- Do not claim a passing eval in CI; CI proves declaration, not quality.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Foundation Module
|
|
2
|
+
|
|
3
|
+
Read when writing the current base scaffold artifacts. This module names the artifact set; use `../REFERENCE.md` for full legacy template bodies until the templates are split further.
|
|
4
|
+
|
|
5
|
+
## Artifacts
|
|
6
|
+
|
|
7
|
+
- `.agents/skills/karpathy-guidelines/SKILL.md` and `REFERENCE.md`
|
|
8
|
+
- `upstream.lock` with source, via, pinned SHA, update date, and sync script
|
|
9
|
+
- `.gitignore` marker block plus `upstream-pocock/.gitkeep`
|
|
10
|
+
- `raw/docs/incident-template.md`
|
|
11
|
+
- `scripts/sync-upstream.sh` as a documented sync scaffold
|
|
12
|
+
- `.github/workflows/ci-prek.yml`, `prek.toml`, `scripts/validate-rules.sh`, and `scripts/archgate.sh`
|
|
13
|
+
- `.rules.ts` with backend, frontend, data, architecture, and general rule domains
|
|
14
|
+
- `AGENTS.md` and `README.md` AI SDLC marker blocks (`CLAUDE.md`/`GEMINI.md` are thin pointers to `AGENTS.md` and carry no marker block)
|
|
15
|
+
- `docs/adr/ADR-TEMPLATE.md` and `ADR-0001-record-architecture-decisions.md`
|
|
16
|
+
|
|
17
|
+
## Idempotency
|
|
18
|
+
|
|
19
|
+
Before writing marker blocks, check both the marker and the `AI SDLC Methodology` header. If the header exists without the marker, warn and skip rather than duplicating content.
|
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
# Host Policy Automation Module
|
|
2
|
+
|
|
3
|
+
Read when applying hosted branch, pull-request, or policy mutations to GitHub, Azure DevOps, GitLab, or Jira, or when emitting dry-run diffs and confirmation gates. This module governs the apply path. The default is dry-run; an externally visible or policy-altering apply requires explicit confirmation even when admin credentials are present.
|
|
4
|
+
|
|
5
|
+
## Default behavior: dry-run first
|
|
6
|
+
|
|
7
|
+
The default run is `dry-run`. The output is a diff that lists every setting that would change, added, or removed. The apply path is gated by:
|
|
8
|
+
|
|
9
|
+
1. **Discovery** — read current host settings via the official REST/GraphQL APIs and cache them in `.ai/host-policy/<host>/discovery.json`.
|
|
10
|
+
2. **Dry-run diff** — compute the diff between current and intended settings and write it to `.ai/host-policy/<host>/dry-run.json`. The diff includes `path`, `current_value`, `intended_value`, and `change_kind` (`add`, `update`, `remove`).
|
|
11
|
+
3. **Confirmation gate** — stop and require an explicit user confirmation. The confirmation is recorded as a `confirmation_token` in the audit log; see `## Audit log` below.
|
|
12
|
+
4. **Apply** — call the official APIs to apply the intended settings. Capture every API response and the resulting `etag` or version.
|
|
13
|
+
5. **Readback** — re-read the host settings after the apply and assert they match the intended values. Write the readback to `.ai/host-policy/<host>/readback.json`.
|
|
14
|
+
6. **Audit** — append an entry to `.ai/host-policy/audit.jsonl` with timestamp, host, plan, diff SHA-256, confirmation token, apply results, and readback status.
|
|
15
|
+
|
|
16
|
+
Apply is rejected if any of discovery, dry-run, confirmation, or readback fails. A failed apply is rolled back to the values recorded at discovery time when the host supports it; otherwise the audit log records the partial state and emits a `rollback-skipped` entry with the host's response.
|
|
17
|
+
|
|
18
|
+
## Confirmation boundary
|
|
19
|
+
|
|
20
|
+
The confirmation gate is mandatory for every apply, including when admin credentials are present. The user's confirmation must:
|
|
21
|
+
|
|
22
|
+
- name the host (e.g., `github.com/example/repo`),
|
|
23
|
+
- name the protected branch or project (e.g., `main`, `services/auth`),
|
|
24
|
+
- summarize the dry-run diff (number of adds, updates, removes),
|
|
25
|
+
- capture the timestamp and the actor identity, and
|
|
26
|
+
- be recorded in the audit log as a `confirmation_token` tied to the run.
|
|
27
|
+
|
|
28
|
+
A confirmation token is valid only for the run that produced it. Retrying the same plan after a failure requires a fresh confirmation.
|
|
29
|
+
|
|
30
|
+
### Token format
|
|
31
|
+
|
|
32
|
+
Confirmation tokens follow the pattern `ct-YYYY-MM-DD-NNN` where `YYYY-MM-DD` is the run date and `NNN` is a zero-padded sequence number scoped to the run date. Tokens are unique per run date; a token is consumed by the first apply that uses it and is invalid for any subsequent apply, even on retry of the same plan.
|
|
33
|
+
|
|
34
|
+
Implementations validate the format with the regex `^ct-[0-9]{4}-[0-9]{2}-[0-9]{2}-[0-9]{3}$` and reject tokens that do not match. The format is intentionally human-readable so audit entries are auditable without a separate format decoder.
|
|
35
|
+
|
|
36
|
+
## Admin exception and auto-approval
|
|
37
|
+
|
|
38
|
+
Admins may use host-supported mechanisms to bypass or auto-merge when policy permits. The module never fabricates approvals on top of a host that does not support them. Concretely:
|
|
39
|
+
|
|
40
|
+
- **GitHub** — admins may use the host's bypass / auto-merge / admin-enforcement features. The module records the bypass as a `host-supported-bypass` audit entry and does not invent a separate approval layer.
|
|
41
|
+
- **Azure DevOps** — admins may use the host's policy override or allowed-author bypass. The module records the override and does not invent a separate approval.
|
|
42
|
+
- **GitLab** — admins may use the host's allowed-to-merge / allowed-to-push bypass. The module records the bypass and does not invent a separate approval.
|
|
43
|
+
- **Jira** — admins may use the host's project-level permissions to bypass workflow transitions. The module records the bypass and does not invent a separate approval.
|
|
44
|
+
|
|
45
|
+
**Non-admin auto-approval is disallowed.** The module never marks a pull request, merge request, or work item as approved on behalf of a non-admin actor. If the user is not an admin and the host does not support a non-admin bypass, the apply path is rejected and the dry-run plan is returned for explicit human follow-up.
|
|
46
|
+
|
|
47
|
+
## Provider matrix
|
|
48
|
+
|
|
49
|
+
### GitHub
|
|
50
|
+
|
|
51
|
+
- **Discovery** — REST API: `GET /repos/{owner}/{repo}/branches/{branch}/protection` and `GET /repos/{owner}/{repo}/rulesets`. See [GitHub REST branch protection](https://docs.github.com/en/rest/branches/branch-protection) and [GitHub rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
|
|
52
|
+
- **Dry-run diff** — compares current protection and rulesets against the intended shape (required status checks, required review count, dismiss stale reviews, required linear history, signed commits, merge queue).
|
|
53
|
+
- **Apply** — `PUT /repos/{owner}/{repo}/branches/{branch}/protection` and the rulesets endpoints. Capture the response `etag` per change.
|
|
54
|
+
- **Readback** — re-fetch the protection and rulesets; assert equality with the intended shape; record in `.ai/host-policy/github/readback.json`.
|
|
55
|
+
- **Admin exception** — host-supported bypass / auto-merge / admin enforcement only; non-admin auto-approval is disallowed.
|
|
56
|
+
- **Negative test** — when admin credentials are present but no confirmation is captured, the apply path emits the dry-run diff and refuses to call the mutation endpoints. The audit log records `apply-blocked-no-confirmation`.
|
|
57
|
+
|
|
58
|
+
Official documentation anchors:
|
|
59
|
+
|
|
60
|
+
- [GitHub branch protection](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches)
|
|
61
|
+
- [GitHub rulesets](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets)
|
|
62
|
+
- [GitHub REST branch protection](https://docs.github.com/en/rest/branches/branch-protection)
|
|
63
|
+
|
|
64
|
+
### Azure DevOps
|
|
65
|
+
|
|
66
|
+
- **Discovery** — REST API: `GET https://dev.azure.com/{org}/{project}/_apis/git/policy/configurations?repositoryId={repoId}&refName=refs/heads/{branch}`. See [Azure Repos branch policies](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies-overview?view=azure-devops) and [Azure Repos branch policies settings](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops).
|
|
67
|
+
- **Dry-run diff** — compares existing policies (build validation, required reviewers, comment resolution, work-item linking) against the intended shape.
|
|
68
|
+
- **Apply** — `POST` and `PUT /_apis/git/policy/configurations` for each policy type. Capture the response status and policy id.
|
|
69
|
+
- **Readback** — re-fetch the policy configurations; assert equality; record in `.ai/host-policy/ado/readback.json`.
|
|
70
|
+
- **Admin exception** — host-supported policy override / allowed-author bypass only; non-admin auto-approval is disallowed.
|
|
71
|
+
- **Negative test** — when admin credentials are present but no confirmation is captured, the apply path emits the dry-run diff and refuses to call the mutation endpoints. The audit log records `apply-blocked-no-confirmation`.
|
|
72
|
+
|
|
73
|
+
Official documentation anchors:
|
|
74
|
+
|
|
75
|
+
- [Azure Repos branch policies overview](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies-overview?view=azure-devops)
|
|
76
|
+
- [Azure Repos branch policies settings and build validation](https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops)
|
|
77
|
+
- [Azure Pipelines triggers (YAML `pr:` triggers vs branch-policy build validation)](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/triggers?view=azure-devops)
|
|
78
|
+
|
|
79
|
+
### GitLab
|
|
80
|
+
|
|
81
|
+
- **Discovery** — REST API: `GET /api/v4/projects/{id}/protected_branches` and `GET /api/v4/projects/{id}/merge_request_approval_rules`. See [GitLab protected branches](https://docs.gitlab.com/ee/user/project/protected_branches.html) and [GitLab merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/).
|
|
82
|
+
- **Dry-run diff** — compares current protected-branch shape and approval rules against the intended shape. Note GitLab tier differences: some approval-rule features require Premium or higher; blocked or unsupported features are reported in the dry-run and require tier-appropriate configuration. If discovery reports a Free/Core tier for a Premium/Ultimate-only approval-rule mutation, apply refuses mutation endpoints and records `apply-rejected-gitlab-tier-restriction`.
|
|
83
|
+
- **Apply** — `POST /api/v4/projects/{id}/protected_branches` and the approval-rule endpoints. Capture the response status and rule id.
|
|
84
|
+
- **Readback** — re-fetch the protected branches and approval rules; assert equality; record in `.ai/host-policy/gitlab/readback.json`.
|
|
85
|
+
- **Admin exception** — host-supported allowed-to-merge / allowed-to-push bypass only; non-admin auto-approval is disallowed.
|
|
86
|
+
- **Negative test** — when admin credentials are present but no confirmation is captured, the apply path emits the dry-run diff and refuses to call the mutation endpoints. The audit log records `apply-blocked-no-confirmation`.
|
|
87
|
+
|
|
88
|
+
Official documentation anchors:
|
|
89
|
+
|
|
90
|
+
- [GitLab protected branches](https://docs.gitlab.com/ee/user/project/protected_branches.html)
|
|
91
|
+
- [GitLab merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
|
|
92
|
+
|
|
93
|
+
### Jira
|
|
94
|
+
|
|
95
|
+
- **Discovery** — REST API: `GET /rest/api/3/project/{projectIdOrKey}` and `GET /rest/api/3/issue/{issueIdOrKey}`. See [Jira Cloud REST API v3 introduction](https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/).
|
|
96
|
+
- **Dry-run diff** — compares the project metadata, workflow scheme, and issue fields against the intended shape.
|
|
97
|
+
- **Apply** — Jira mutations are externally visible. The apply path requires an explicit confirmation that names the project key, the workflow scheme id, and the list of affected issues. See [Jira Cloud REST API v3 projects](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-projects/) and [Jira Cloud REST API v3 workflows](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-workflows/).
|
|
98
|
+
- **Readback** — re-fetch the project and workflow configuration; assert equality; record in `.ai/host-policy/jira/readback.json`.
|
|
99
|
+
- **Admin exception** — host-supported project-permission bypass only; non-admin auto-approval is disallowed.
|
|
100
|
+
- **Negative test** — when admin credentials are present but no confirmation is captured, the apply path emits the dry-run diff and refuses to call the mutation endpoints. The audit log records `apply-blocked-no-confirmation`.
|
|
101
|
+
|
|
102
|
+
Official documentation anchors:
|
|
103
|
+
|
|
104
|
+
- [Jira Cloud REST API v3 introduction](https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/)
|
|
105
|
+
- [Jira Cloud REST API v3 projects](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-projects/)
|
|
106
|
+
- [Jira Cloud REST API v3 workflows](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-workflows/)
|
|
107
|
+
|
|
108
|
+
## Mocked and live modes
|
|
109
|
+
|
|
110
|
+
Tests use mocked host adapters. Live host mutations require explicit credentials and an explicit confirmation token recorded in the run directory. The module does not silently fall back from mocked to live mode. The skill's regression suite asserts:
|
|
111
|
+
|
|
112
|
+
- `apply-blocked-no-confirmation` is recorded when admin credentials are present without confirmation.
|
|
113
|
+
- `apply-rejected-non-admin` is recorded when the actor is not an admin and the host does not support a non-admin bypass.
|
|
114
|
+
- `apply-rejected-dry-run-mismatch` is recorded when the readback differs from the intended shape.
|
|
115
|
+
- `apply-rejected-gitlab-tier-restriction` is recorded when GitLab discovery reports a Free/Core tier for an intended Premium/Ultimate-only approval-rule mutation.
|
|
116
|
+
|
|
117
|
+
## Audit log
|
|
118
|
+
|
|
119
|
+
Every run appends one JSON object per line to `.ai/host-policy/<host>/audit.jsonl`, where `<host>` is `github`, `ado`, `gitlab`, or `jira`:
|
|
120
|
+
|
|
121
|
+
```json
|
|
122
|
+
{
|
|
123
|
+
"ts": "2026-06-07T00:00:00Z",
|
|
124
|
+
"host": "github.com/example/repo",
|
|
125
|
+
"audit_path": ".ai/host-policy/github/audit.jsonl",
|
|
126
|
+
"actor": "init-ai-repo",
|
|
127
|
+
"mode": "apply",
|
|
128
|
+
"confirmation_token": "ct-2026-06-07-001",
|
|
129
|
+
"diff_sha256": "...",
|
|
130
|
+
"apply_results": [
|
|
131
|
+
{"path": "branch_protection.required_status_checks", "status": "ok", "etag": "..."}
|
|
132
|
+
],
|
|
133
|
+
"readback_status": "match",
|
|
134
|
+
"rollback": "not-needed"
|
|
135
|
+
}
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
Dry-run entries set `mode: "dry-run"` and omit `apply_results` and `confirmation_token`. Blocked entries set `mode: "blocked"` and include the reason in `apply_results[].status`.
|
|
139
|
+
|
|
140
|
+
## Safety rules
|
|
141
|
+
|
|
142
|
+
- The apply path is always confirmation-gated. There is no `auto-apply` mode.
|
|
143
|
+
- Backups of pre-apply host settings live under `.ai/host-policy/<host>/discovery.json` and are kept for at least the audit retention window.
|
|
144
|
+
- The module never reads or writes credentials to disk. Credentials are passed via environment variables or the host CLI's secret store.
|
|
145
|
+
- The module never publishes a `confirmation_token` to the audit log when the run was a dry-run.
|
|
146
|
+
|
|
147
|
+
## Cross-references
|
|
148
|
+
|
|
149
|
+
- `modules/ci-policy.md` — CI files and branch-policy/ruleset checklist artifacts. Host-policy-automation is the apply path; ci-policy is the checklist path.
|
|
150
|
+
- `modules/tracker-adapters.md` — tracker adapter choice; Jira adapter is added in v3.
|
|
151
|
+
- `modules/validation.md` — host-policy negative tests, regression commands, and the audit-format check.
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# Language Packs Module
|
|
2
|
+
|
|
3
|
+
Read when selecting local and CI checks for a repo. Packs are modular: detect manifests first, then ask or require explicit opt-in before assuming missing tools/dependencies. Each pack is opt-in and never adds dependencies on its own.
|
|
4
|
+
|
|
5
|
+
## Selection rules
|
|
6
|
+
|
|
7
|
+
1. Detect manifests and lockfiles.
|
|
8
|
+
2. Prefer existing package manager commands over inventing new ones.
|
|
9
|
+
3. Add CI steps only for tools already present or explicitly selected.
|
|
10
|
+
4. In polyglot repos, run each detected pack independently and keep failures attributable to the pack.
|
|
11
|
+
5. Do not add dependencies as part of `ai-catapult-init` unless the user explicitly asks.
|
|
12
|
+
|
|
13
|
+
## Pack matrix
|
|
14
|
+
|
|
15
|
+
| Pack | Detection signals | Local checks | CI notes |
|
|
16
|
+
| --- | --- | --- | --- |
|
|
17
|
+
| TypeScript/Node | `package.json`, `pnpm-lock.yaml`, `yarn.lock`, `package-lock.json`, `tsconfig.json` | package-manager test/lint/typecheck scripts when present | Use detected package manager; do not assume npm if pnpm/yarn lock exists. |
|
|
18
|
+
| Python | `pyproject.toml`, `requirements.txt`, `uv.lock`, `poetry.lock`, `setup.py` | existing pytest/ruff/mypy scripts or documented commands | Prefer uv/poetry when lockfile exists; do not install tools implicitly. |
|
|
19
|
+
| Rust | `Cargo.toml`, `Cargo.lock` | `cargo test`, `cargo clippy`, `cargo fmt --check` when configured | Use stable toolchain unless repo pins another toolchain. |
|
|
20
|
+
| Go | `go.mod`, `go.sum` | `go test ./...`, `go vet ./...`, configured linters | Respect module/workspace layout and existing Make targets. |
|
|
21
|
+
| JVM | `pom.xml`, `build.gradle`, `settings.gradle`, `gradlew`, `mvnw` | Maven/Gradle wrapper test/check tasks | Prefer checked-in wrapper over system Maven/Gradle. |
|
|
22
|
+
| .NET Core / EF Core | `*.csproj` with `TargetFramework` `net6.0`+ or `netstandard2.1`+; `*.sln`; `global.json`; `appsettings*.json`; `Program.cs` using `Host.CreateDefaultBuilder` or `WebApplication.CreateBuilder`; `*.DbContext` and `*ModelBuilder*.cs` for EF Core | `dotnet test`, `dotnet build`, `dotnet format --verify-no-changes`, `dotnet ef migrations script` (when EF Core present) | Respect SDK pinned by `global.json`. CI must use the same SDK; do not run `dotnet --list-sdks` from a system install. |
|
|
23
|
+
| Legacy .NET / EF (Framework) | `*.csproj` with `TargetFrameworkVersion` v4.x; `packages.config`; `App.config` / `Web.config`; `*.edmx` under `Models\\` or `DAL\\`; presence of `EntityFramework` 6.x package reference | `msbuild /t:Build` (when present) plus `nuget restore`; legacy `EF` migrations via `migrate.exe` only if configured | Do not assume the host has .NET Framework SDK installed; run on a Windows agent or in a self-hosted runner with the legacy toolchain. Surface legacy checks as opt-in until the toolchain is verified. |
|
|
24
|
+
| Polyglot | Multiple pack signals | Run each pack's existing commands separately | Name CI jobs per pack to keep required checks unambiguous. |
|
|
25
|
+
|
|
26
|
+
## .NET Core / EF Core specifics
|
|
27
|
+
|
|
28
|
+
- Detection: parse `*.csproj` for `<TargetFramework>net6.0</TargetFramework>` or newer, or for `<PackageReference Include="Microsoft.EntityFrameworkCore" ...>`. EF Core is implied by `Microsoft.EntityFrameworkCore.*` package references.
|
|
29
|
+
- Toolchain pin: respect `global.json`. If `global.json` is missing, record a `toolchain-not-pinned` note in the scaffold output; do not assume a default SDK.
|
|
30
|
+
- Local checks: `dotnet restore` (when lockfile missing), `dotnet build -c Release`, `dotnet test`, `dotnet format --verify-no-changes`, and `dotnet ef migrations script --idempotent` only when EF Core is present.
|
|
31
|
+
- CI matrix: run on `ubuntu-latest` and `windows-latest` only when the repo contains Windows-only code paths. Do not silently add a Windows job to a Linux-only repo.
|
|
32
|
+
- Analyzers: when `Microsoft.CodeAnalysis.NetAnalyzers` is referenced, add `<EnableNETAnalyzers>true</EnableNETAnalyzers>` and `<AnalysisLevel>latest</AnalysisLevel>` checks; surface them as opt-in when not present.
|
|
33
|
+
- Migrations: `dotnet ef migrations script` is a build-time artifact, not a runtime test. The pack does not run migrations against a live database in CI.
|
|
34
|
+
|
|
35
|
+
## Legacy .NET / EF specifics
|
|
36
|
+
|
|
37
|
+
- Detection: parse `*.csproj` for `<TargetFrameworkVersion>v4.</TargetFrameworkVersion>` (4.x) or for `packages.config` alongside `App.config` / `Web.config`. EF 6.x is implied by `<package id="EntityFramework" version="6.x" />` in `packages.config`.
|
|
38
|
+
- Toolchain pin: legacy projects pin the .NET Framework target version in the project file. The pack must not assume the agent has the matching reference assemblies. Surface a `legacy-toolchain-required` note and require explicit opt-in.
|
|
39
|
+
- Local checks: prefer `msbuild` from a self-hosted runner or a Windows agent. Do not run `dotnet test` against a legacy project; it is not supported.
|
|
40
|
+
- Migrations: EF 6.x migrations are produced via `migrate.exe` and may require a startup project. The pack documents the path but does not run migrations in CI by default.
|
|
41
|
+
- Supersession: when a legacy project is migrating to .NET Core / EF Core, the pack records both states in `language-packs-snapshot.json` and tracks the migration in `docs/architecture/adr/`. See `modules/migration.md` for the full migration classification rules.
|
|
42
|
+
|
|
43
|
+
## Scaffold output
|
|
44
|
+
|
|
45
|
+
When a pack is selected, record:
|
|
46
|
+
|
|
47
|
+
- detection evidence (which file matched and which line was the signal)
|
|
48
|
+
- selected commands and their rationale
|
|
49
|
+
- commands intentionally skipped and why (e.g., `dotnet ef migrations script` skipped because EF Core is not present)
|
|
50
|
+
- CI job/check names per pack
|
|
51
|
+
- required environment variables or services
|
|
52
|
+
- owner for maintaining the pack
|
|
53
|
+
- toolchain pin (or `toolchain-not-pinned` note)
|
|
54
|
+
|
|
55
|
+
## Golden fixture expectations
|
|
56
|
+
|
|
57
|
+
At minimum, fixture coverage should demonstrate:
|
|
58
|
+
|
|
59
|
+
- one TypeScript/Node repo with `pnpm-lock.yaml` resolved to pnpm, not npm
|
|
60
|
+
- one Python repo with `uv.lock` resolved to uv
|
|
61
|
+
- one .NET Core / EF Core repo with `global.json` and EF Core migrations
|
|
62
|
+
- one legacy .NET / EF Framework repo marked as opt-in and surfaced via the legacy supersession rules
|
|
63
|
+
- one polyglot repo where each pack's checks run independently
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# MCP/A2A Module
|
|
2
|
+
|
|
3
|
+
Read when generating the `.ai/mcp/` scaffold: the MCP-server registry stub and
|
|
4
|
+
the A2A cross-agent handoff convention. This promotes the single passing MCP/A2A
|
|
5
|
+
mention into a real, reviewed surface. See ADR-0005.
|
|
6
|
+
|
|
7
|
+
## Principle
|
|
8
|
+
|
|
9
|
+
Adopt open standards now: **MCP** (Model Context Protocol) for tool access and
|
|
10
|
+
**A2A** (Agent2Agent) for cross-agent delegation. Choosing them at init time
|
|
11
|
+
preserves multi-vendor/framework optionality and avoids re-platforming later.
|
|
12
|
+
The generated surface is **offline and deterministic** — a registry stub plus a
|
|
13
|
+
convention doc. `ai-catapult-init` resolves no live endpoint and makes no network or
|
|
14
|
+
model call at generation time.
|
|
15
|
+
|
|
16
|
+
## Generated outputs
|
|
17
|
+
|
|
18
|
+
| Output | Purpose |
|
|
19
|
+
| --- | --- |
|
|
20
|
+
| `.ai/mcp/registry.json` | MCP-server registry stub: declared servers, their transport, advertised tools, and an `a2a` block pointing at the handoff convention. |
|
|
21
|
+
| `.ai/mcp/a2a-handoff.md` | A2A cross-agent handoff convention: the handoff envelope, its fields, and the rules that keep delegation auditable. |
|
|
22
|
+
|
|
23
|
+
## Registry stub shape
|
|
24
|
+
|
|
25
|
+
`registry.json` declares `schema_version`, a `servers` array, and an `a2a`
|
|
26
|
+
block. Each server entry carries `name`, `transport`, `status`, `endpoint`, and
|
|
27
|
+
a `tools` array. Every server `status` is `"stub"` and `endpoint` is `null`: the
|
|
28
|
+
registry documents the shape an out-of-band runner consumes, never a resolved
|
|
29
|
+
live connection. The `a2a` block declares the `protocol`, a `handoff_convention`
|
|
30
|
+
pointer to `.ai/mcp/a2a-handoff.md`, and `correlation_id_required`. Umbrella
|
|
31
|
+
repos additionally set `a2a.cross_repo: true` and may register a workspace-sync
|
|
32
|
+
server for managed-repository operations.
|
|
33
|
+
|
|
34
|
+
## A2A handoff convention
|
|
35
|
+
|
|
36
|
+
`a2a-handoff.md` defines a single JSON handoff envelope carried on every
|
|
37
|
+
cross-agent delegation. Required fields: `correlation_id` (preserved end-to-end
|
|
38
|
+
so the trajectory stays one trace), `from_agent`, `to_agent`, `task` (with an
|
|
39
|
+
acceptance check), `context_refs` (pointers, not copied context), and
|
|
40
|
+
`constraints` (offline-only, no hosted mutation). The receiving agent opens a
|
|
41
|
+
child span linked by `correlation_id`, mirroring the trace conventions in
|
|
42
|
+
`.ai/observability/conventions.md`. Envelopes never inline secrets; large
|
|
43
|
+
context is referenced by pointer. In an umbrella, cross-repo handoffs reference
|
|
44
|
+
the managed repository by its matrix path and never bypass the physical-copy
|
|
45
|
+
sync boundary.
|
|
46
|
+
|
|
47
|
+
## Validation
|
|
48
|
+
|
|
49
|
+
The MCP/A2A surface is validated offline and structurally by
|
|
50
|
+
`modules/validation.md` check #17: for both v3 fixtures, `.ai/mcp/registry.json`
|
|
51
|
+
parses, declares `schema_version`, a `servers` array of stub entries, and an
|
|
52
|
+
`a2a` block with a `handoff_convention` pointer; `.ai/mcp/a2a-handoff.md` exists,
|
|
53
|
+
is non-empty, and carries the handoff-envelope and `correlation_id` keywords.
|
|
54
|
+
The discoverable runner is `tests/mcp_a2a_test.sh`.
|
|
55
|
+
|
|
56
|
+
## Safety rules
|
|
57
|
+
|
|
58
|
+
- Do not add a model or network dependency to the generated MCP/A2A path; the
|
|
59
|
+
registry is a stub and the handoff doc is a convention.
|
|
60
|
+
- Do not record a resolved live `endpoint`; servers stay `status: "stub"` until
|
|
61
|
+
an out-of-band operator wires them.
|
|
62
|
+
- Do not drop `correlation_id` from the handoff envelope; the trace and the
|
|
63
|
+
cross-agent trajectory depend on it.
|