avorelo 0.1.0

package/scripts/lib/capability-packs.js

@@ -0,0 +1,314 @@
+"use strict";
+
+const { getCapability: getPlanCapability, CAPABILITIES } = require("./plans");
+
+const CAPABILITY_PACKS = Object.freeze([
+  {
+    id: "install_intake_risk",
+    name: "Install / Intake Risk",
+    description: "See what tools, packages, MCP servers, extensions, guidance, and skill sources are entering the workspace before they become trusted runtime surfaces.",
+    outcomes: [
+      "Local intake items are classified as reviewed, known, unknown, deferred, or blocked.",
+      "Risky install/runtime characteristics are surfaced for packages, MCP, extensions, connectors, skills, and guidance.",
+      "Governance and Safe Path receive bounded intake reason codes and safe next actions.",
+      "Compact local receipts keep intake evidence without registry lookups or cloud scanning.",
+    ],
+    capabilityIds: [
+      "install_intake_risk_basic",
+      "mcp_intake_visibility_basic",
+      "package_intake_visibility_basic",
+      "extension_intake_visibility_basic",
+      "connector_intake_visibility_basic",
+      "skill_source_intake_risk_basic",
+      "intake_safe_next_action_basic",
+      "intake_receipt_basic",
+    ],
+    defaultEntitlement: "free",
+    recommendationSignals: ["package_manifest_present", "source_catalog_present", "skills_present", "security_signals", "safe_path_receipt_present"],
+    statusCopy: "Install / Intake Risk: local intake visibility, classification, and compact receipts are available.",
+    dashboardCopy: "Avorelo can classify local intake items, surface risky install/runtime characteristics, and feed governance and Safe Path without registry lookups or malware claims.",
+    userFacingCopy: "Know what is entering the workspace before it becomes trusted runtime access. Avorelo scans local intake surfaces, classifies reviewed versus unknown sources, explains risky characteristics, and suggests the next safe step.",
+  },
+  {
+    id: "source_backed_skills",
+    name: "Source-Backed Skills",
+    description: "Review, parse, bind, and route local or reviewed external skills without turning Avorelo into a marketplace.",
+    outcomes: [
+      "Reviewed and deferred sources are visible locally.",
+      "SKILL.md files are parsed into deterministic routing metadata.",
+      "Tasks route to relevant skills with compact summaries and evidence expectations.",
+      "Thin adapter guidance is generated from local source truth instead of duplicated prompt bodies.",
+    ],
+    capabilityIds: [
+      "reference_source_intake_basic",
+      "skill_md_parser_basic",
+      "skill_pattern_extraction_basic",
+      "skill_trust_scan_basic",
+      "capability_binding_basic",
+      "source_backed_skill_router_basic",
+      "thin_adapter_guidance_sync_basic",
+    ],
+    defaultEntitlement: "free",
+    recommendationSignals: ["source_catalog_present", "skills_present", "reference_backed_task"],
+    statusCopy: "Source-Backed Skills: reviewed sources, parsed skills, and deterministic routing are available.",
+    dashboardCopy: "Avorelo can review sources, parse skills, route tasks to selected skill paths, and generate thin adapter guidance without broad prompt dumps.",
+    userFacingCopy: "Use strong skill systems safely. Avorelo reviews source metadata, parses relevant skills, binds them to capabilities, routes only the needed guidance, and keeps adapters thin.",
+  },
+  {
+    id: "agent_readiness",
+    name: "Agent Readiness",
+    description: "Start safely and effectively in a repo with the right context, checks, and next actions.",
+    outcomes: [
+      "Avorelo is activated and ready in the current repo.",
+      "Readiness gaps are surfaced before AI work begins.",
+      "Agent has the right context to start effectively.",
+      "Next best action is clear.",
+    ],
+    capabilityIds: ["local_activation", "ai_coding_readiness", "session_handoff_basic"],
+    defaultEntitlement: "free",
+    recommendationSignals: ["no_activation_state", "first_run", "doctor_not_run"],
+    statusCopy: "Agent Readiness: activation, readiness, and carry-forward checks are available.",
+    dashboardCopy: "Avorelo checks activation state, readiness gaps, and session carry-forward before broad work begins.",
+    userFacingCopy: "Give your agent the right starting context. Avorelo checks that your repo is ready for AI work, surfaces gaps, and carries forward useful recent state.",
+  },
+  {
+    id: "agent_security",
+    name: "Agent Security",
+    description: "Keep agents useful without giving them unlimited power. Detect risk, apply guardrails, and produce evidence.",
+    outcomes: [
+      "Risky instructions and prompts are flagged before harm.",
+      "Untrusted sources and risky tools are classified.",
+      "Sensitive actions require approval or are blocked.",
+      "Local evidence is kept for evaluated actions.",
+    ],
+    capabilityIds: [
+      "skills_security_basic",
+      "instruction_risk_basic",
+      "prompt_injection_basic",
+      "source_trust_basic",
+      "tool_risk_basic",
+      "mcp_tool_risk_basic",
+      "sensitive_file_guard",
+      "secret_exposure_guard",
+      "destructive_command_guard",
+      "scoped_action_guard_basic",
+      "enforcement_evidence",
+    ],
+    defaultEntitlement: "free",
+    recommendationSignals: ["risky_intercepts_detected", "high_risk_level", "trust_alerts_detected", "security_signals"],
+    statusCopy: "Agent Security: risky instructions, tools, source trust, and action guardrails are active.",
+    dashboardCopy: "Avorelo guards against risky agent behavior by flagging unsafe instructions, risky tools, and sensitive actions before they cause harm.",
+    userFacingCopy: "Keep your agent useful without giving it unlimited power. Avorelo detects risky instructions, untrusted sources, and sensitive actions, then keeps local evidence of what was allowed, warned, or blocked.",
+  },
+  {
+    id: "safe_path_engine",
+    name: "Safe Path Engine",
+    description: "Turn risky requests into bounded safer alternatives with reduced scope, approval boundaries, and local evidence.",
+    outcomes: [
+      "Risky actions get a deterministic Safe Path recommendation instead of only risky or blocked.",
+      "Least-privilege scope reductions are suggested for paths, domains, tools, and access mode.",
+      "Approval boundaries and JIT-style temporary scope fields are visible where supported.",
+      "Skill evidence requirements and context-safety warnings can flow into the final recommendation.",
+    ],
+    capabilityIds: [
+      "safe_path_recommendation_basic",
+      "least_privilege_scope_reduction_basic",
+      "jit_temporary_scope_fields_basic",
+      "approval_boundary_safe_path_basic",
+      "safe_path_receipt_basic",
+      "skills_security_dogfood_basic",
+      "skill_route_context_safety_basic",
+    ],
+    defaultEntitlement: "free",
+    recommendationSignals: ["approval_boundary_present", "guard_receipt_present", "safe_path_receipt_present", "security_signals"],
+    statusCopy: "Safe Path Engine: reduced-scope recommendations, approval boundaries, and local receipts are available.",
+    dashboardCopy: "Avorelo can preserve blocks, recommend smaller safer scope, and keep evidence-backed approval boundaries without claiming universal enforcement.",
+    userFacingCopy: "Do the smallest safe thing that still works. Avorelo turns risky requests into bounded safer alternatives, reduced-scope recommendations, and local evidence-backed approval paths.",
+  },
+  {
+    id: "workflow_efficiency",
+    name: "Workflow Efficiency",
+    description: "Reduce wasted AI work, context pressure, retries, and unclear tasks.",
+    outcomes: [
+      "Context pressure is visible before it causes wasted work.",
+      "Sessions resume with carry-forward state rather than starting cold.",
+      "Rough instructions are compiled into structured tasks.",
+      "Next action is clear and bounded.",
+    ],
+    capabilityIds: ["prompt_compiler_basic", "context_cost_basic", "session_handoff_basic"],
+    defaultEntitlement: "free",
+    recommendationSignals: ["context_pressure_critical", "context_pressure_warn", "reentry_state_available", "workflow_signals"],
+    statusCopy: "Workflow Efficiency: context budget, carry-forward, and prompt compiler are available.",
+    dashboardCopy: "Avorelo reduces wasted AI work by keeping context pressure visible, carrying forward useful state, and helping you write clearer tasks.",
+    userFacingCopy: "Stop wasting AI work on context pressure, cold restarts, and unclear instructions. Avorelo keeps your agent focused, carries forward useful state, and compiles rough instructions into structured tasks.",
+  },
+  {
+    id: "frontend_readiness",
+    name: "Frontend Readiness",
+    description: "Prepare AI-generated UI and pages for release with local checks and evidence.",
+    outcomes: [
+      "AI-generated UI changes are verified with local screenshots when configured.",
+      "Browser scope is classified before agent uses browser tooling.",
+      "Frontend readiness gaps are surfaced with next actions.",
+    ],
+    capabilityIds: ["visual_qa_weekly", "browser_capability_basic"],
+    defaultEntitlement: "free",
+    recommendationSignals: ["frontend_detected", "playwright_config_exists", "browser_work_detected"],
+    statusCopy: "Frontend Readiness: Visual QA and browser capability checks are available.",
+    dashboardCopy: "Avorelo prepares AI-generated UI for release with screenshot-backed Visual QA, browser scope classification, and local evidence.",
+    userFacingCopy: "Prepare AI-generated pages and features for release. Avorelo can run local screenshot-backed Visual QA when configured, classify browser scope, and keep evidence of what was checked.",
+    productNotes: "Visual QA is one capability in this pack, not the product identity.",
+  },
+  {
+    id: "workspace_navigation",
+    name: "Workspace Navigation",
+    description: "Create compact repo navigation context so agents stop rediscovering the same surfaces.",
+    outcomes: [
+      "Workspace surfaces are mapped into one local artifact.",
+      "Agents get likely files, tests, docs, and safety boundaries without broad scans.",
+      "Top gaps and next actions are clear.",
+    ],
+    capabilityIds: ["workspace_map_basic", "context_cost_basic"],
+    defaultEntitlement: "free",
+    recommendationSignals: ["large_repo", "reentry_state_available", "context_pressure_warn"],
+    statusCopy: "Workspace Navigation: a compact Workspace Map can be generated for repo-aware work.",
+    dashboardCopy: "Avorelo can generate a compact Workspace Map so agents navigate with less rediscovery and less context waste.",
+    userFacingCopy: "Stop making agents rediscover the repo. Avorelo can generate a compact Workspace Map with the files, tests, docs, safety boundaries, and next actions that matter.",
+  },
+  {
+    id: "release_readiness",
+    name: "Release Readiness",
+    description: "Verify that a change is ready to ship with proof and next actions.",
+    outcomes: [
+      "Release decisions are backed by local proof of what changed.",
+      "Remaining risks and gaps are surfaced before shipping.",
+      "Evidence is available for review.",
+    ],
+    capabilityIds: ["evidence_latest", "enforcement_evidence"],
+    defaultEntitlement: "free",
+    recommendationSignals: ["staged_changes", "validation_passed", "has_staged_changes", "validation_state_partial"],
+    statusCopy: "Release Readiness: local evidence and proof summary are available for review.",
+    dashboardCopy: "Avorelo verifies release readiness with local proof of what changed, what was checked, and what remains.",
+    userFacingCopy: "Know whether it is ready to ship. Avorelo surfaces your local proof, what changed, what was checked, what remains, and a clear next action.",
+  },
+  {
+    id: "context_intelligence",
+    name: "Context Intelligence",
+    description: "Give every AI session exactly what matters: current state, relevant project brain, recommended capability, exact commands, what not to repeat, and the safest next action.",
+    outcomes: [
+      "Session context includes a compact Brain Pack with stable project/repo/user context.",
+      "Relevant commands vary by task and target instead of being a static list.",
+      "Session context is tailored for Claude, Codex, local model, or generic targets.",
+      "Skills route fallback appears when no receipt exists and the task is suitable.",
+      "Capability recommender output is embedded — no duplicate routing table.",
+      "Dogfood feedback is captured as structured product-learning events.",
+    ],
+    capabilityIds: [
+      "brain_pack_basic",
+      "recipe_detection_basic",
+      "target_specific_handoff_basic",
+      "dynamic_session_commands_basic",
+      "capability_recommender_context_bridge_basic",
+      "skills_route_fallback_basic",
+      "dogfood_feedback_loop_basic",
+      "task_context_pack_basic",
+      "compact_session_context_basic",
+      "continuation_packet_basic",
+      "context_budget_guard_basic",
+    ],
+    defaultEntitlement: "free",
+    recommendationSignals: ["session_context_missing", "brain_pack_missing", "context_pressure_warn", "reentry_state_available"],
+    statusCopy: "Context Intelligence: Brain Pack, dynamic commands, target-specific handoff, and capability bridge are available.",
+    dashboardCopy: "Avorelo starts every session with exactly what matters: current state, project brain, recommended capability, and exact commands — no broad rediscovery.",
+    userFacingCopy: "Start every AI session with the right context. Avorelo generates a compact brain pack, recommends the right capability, adapts commands to the task and target, and keeps agents from rediscovering the repo.",
+  },
+]);
+
+const PACK_MAP = new Map(CAPABILITY_PACKS.map((pack) => [pack.id, pack]));
+const PLAN_CAPABILITY_IDS = new Set(CAPABILITIES.map((capability) => capability.id));
+const REQUIRED_PACK_IDS = ["agent_readiness", "agent_security", "safe_path_engine", "install_intake_risk", "workflow_efficiency", "frontend_readiness", "release_readiness", "source_backed_skills", "context_intelligence"];
+const REQUIRED_PACK_FIELDS = [
+  "id",
+  "name",
+  "description",
+  "outcomes",
+  "capabilityIds",
+  "defaultEntitlement",
+  "recommendationSignals",
+  "statusCopy",
+  "dashboardCopy",
+  "userFacingCopy",
+];
+
+function validatePack(pack) {
+  const errors = [];
+  for (const field of REQUIRED_PACK_FIELDS) {
+    if (pack[field] === undefined || pack[field] === null) {
+      errors.push(`Missing required field: ${field}`);
+    }
+  }
+  if (!Array.isArray(pack.outcomes) || pack.outcomes.length === 0) {
+    errors.push("Pack must have at least one outcome");
+  }
+  if (!Array.isArray(pack.capabilityIds) || pack.capabilityIds.length === 0) {
+    errors.push("Pack must reference at least one capability ID");
+  } else {
+    const seenCapabilityIds = new Set();
+    pack.capabilityIds.forEach((capabilityId) => {
+      if (seenCapabilityIds.has(capabilityId)) {
+        errors.push(`Duplicate capability ID in pack: ${capabilityId}`);
+      }
+      seenCapabilityIds.add(capabilityId);
+      if (!PLAN_CAPABILITY_IDS.has(capabilityId) || !getPlanCapability(capabilityId)) {
+        errors.push(`Unknown capability ID: ${capabilityId}`);
+      }
+    });
+  }
+  if (!Array.isArray(pack.recommendationSignals) || pack.recommendationSignals.length === 0) {
+    errors.push("Pack.recommendationSignals must be a non-empty array");
+  }
+  return { valid: errors.length === 0, errors };
+}
+
+function validateAllPacks() {
+  const errors = [];
+  const seenIds = new Set();
+
+  for (const pack of CAPABILITY_PACKS) {
+    if (seenIds.has(pack.id)) {
+      errors.push(`Duplicate pack ID: ${pack.id}`);
+    }
+    seenIds.add(pack.id);
+    const result = validatePack(pack);
+    result.errors.forEach((error) => errors.push(`[${pack.id}] ${error}`));
+  }
+
+  for (const requiredId of REQUIRED_PACK_IDS) {
+    if (!seenIds.has(requiredId)) {
+      errors.push(`Required pack missing: ${requiredId}`);
+    }
+  }
+
+  return { valid: errors.length === 0, errors };
+}
+
+function getPack(id) {
+  return PACK_MAP.get(String(id || "").trim()) || null;
+}
+
+function listPacks() {
+  return Array.from(CAPABILITY_PACKS);
+}
+
+function getPacksForSignal(signal) {
+  return CAPABILITY_PACKS.filter((pack) => pack.recommendationSignals.includes(signal));
+}
+
+module.exports = {
+  CAPABILITY_PACKS,
+  validatePack,
+  validateAllPacks,
+  getPack,
+  listPacks,
+  getPacksForSignal,
+};