baldart 4.93.0 → 4.94.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/VERSION +1 -1
  3. package/framework/.claude/agents/REGISTRY.md +2 -2
  4. package/framework/.claude/agents/api-perf-cost-auditor.md +1 -1
  5. package/framework/.claude/agents/codebase-architect.md +57 -109
  6. package/framework/.claude/agents/hybrid-ml-architect.md +1 -1
  7. package/framework/.claude/agents/legal-counsel-gdpr.md +1 -1
  8. package/framework/.claude/agents/plan-auditor.md +1 -1
  9. package/framework/.claude/agents/security-reviewer.md +1 -1
  10. package/framework/.claude/commands/codexreview.md +1 -1
  11. package/framework/.claude/skills/bug/CHANGELOG.md +4 -0
  12. package/framework/.claude/skills/bug/SKILL.md +6 -4
  13. package/framework/.claude/skills/context-primer/CHANGELOG.md +10 -0
  14. package/framework/.claude/skills/context-primer/SKILL.md +26 -60
  15. package/framework/.claude/skills/ds-handoff/CHANGELOG.md +4 -0
  16. package/framework/.claude/skills/ds-handoff/SKILL.md +3 -2
  17. package/framework/.claude/skills/e2e-review/CHANGELOG.md +4 -0
  18. package/framework/.claude/skills/e2e-review/SKILL.md +6 -4
  19. package/framework/.claude/skills/new/CHANGELOG.md +4 -0
  20. package/framework/.claude/skills/new/SKILL.md +1 -1
  21. package/framework/.claude/skills/new/references/final-review.md +2 -1
  22. package/framework/.claude/skills/new/references/implement.md +1 -1
  23. package/framework/.claude/skills/new2/CHANGELOG.md +4 -0
  24. package/framework/.claude/skills/new2/SKILL.md +1 -1
  25. package/framework/.claude/skills/prd/CHANGELOG.md +4 -0
  26. package/framework/.claude/skills/prd/SKILL.md +1 -1
  27. package/framework/.claude/skills/prd/references/discovery-phase.md +7 -3
  28. package/framework/.claude/skills/prd-add/CHANGELOG.md +4 -0
  29. package/framework/.claude/skills/prd-add/SKILL.md +3 -2
  30. package/framework/.claude/skills/ui-design/CHANGELOG.md +4 -0
  31. package/framework/.claude/skills/ui-design/SKILL.md +2 -2
  32. package/framework/.claude/workflows/new-card-review.js +1 -1
  33. package/framework/.claude/workflows/new-final-review.js +1 -1
  34. package/framework/.claude/workflows/new2.js +6 -2
  35. package/framework/agents/analysis-profiles.md +286 -0
  36. package/framework/agents/index.md +2 -1
  37. package/framework/agents/skills-mapping.md +4 -0
  38. package/framework/templates/primitives/AGENTS.CHANGELOG.md +10 -0
  39. package/framework/templates/primitives/AGENTS.md +8 -3
  40. package/framework/templates/primitives/CLAUDE.CHANGELOG.md +6 -0
  41. package/framework/templates/primitives/CLAUDE.md +5 -2
  42. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -5,6 +5,19 @@ All notable changes to BALDART will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [4.94.0] - 2026-07-02
9
+
10
+ **Analysis profiles — `codebase-architect` specializzato per-tipo-di-analisi, un solo agente, un solo SSOT.** L'assessment dei ~50 callsite reali ha mostrato che "capire il codebase" copre 6 lavori diversi (grounding pre-implementazione, tracing di un bug, blast-radius, contesto di planning, inventario UI/design-system, baseline di review) serviti da UN prompt monolitico (~455 righe caricate a ogni spawn) con la conoscenza di specializzazione dispersa nei prompt dei chiamanti (dual-SSOT: il template di `context-primer` ri-dichiarava la search strategy dell'agente). Fix architetturale, stesso meccanismo di `OUTPUT=terse`:
11
+
12
+ - **Nuovo modulo SSOT [`framework/agents/analysis-profiles.md`](framework/agents/analysis-profiles.md)** — il gemello retrieval-side di `effort-protocol` + `return-contract-protocol`: contratto del token `PROFILE=<feature|bug|impact|discovery|ui|baseline>`, piano di retrieval + skip-list + budget + output-block per profilo, inference deterministica quando il token manca (fallback `full` = comportamento legacy), tabella di routing normativa per i chiamanti, shared block (Reuse Analysis · UI Resolution Path · Documentation Reliability Scan) estratti dal corpo agente.
13
+ - **`codebase-architect` slim + dispatcher**: nuova sezione "Analysis Profile Dispatch" (parse token → Grep `### PROFILE: <x>` → Read SOLO quella sezione); Reuse Analysis / cascade UI / Reliability Scan spostati nel modulo (il corpo tiene l'engine: router canonico, tier strutturale, read-size, Hot-File Map v4.91.0, memoria); dedup della sezione "Your Approach". Il boundary multimodale è ESPLICITO: pixel/mockup/screenshot → `ui-expert` read-only (precedente `/prd` 1.6.5), mai l'architect.
14
+ - **Chiamanti migrati al token deterministico** (mai lasciato all'inferenza dell'agente): `/new` implement.md step 3 + `new2.js` B7 → `ui` se la card ha mockup (stesso bit `hasMockup` del routing build v4.89.0) else `feature`; `new-final-review.js`/`new-card-review.js`/`/codexreview` → `baseline`; `plan-auditor` FULL → `impact`; `/prd` discovery-loop → `discovery`, ISA → `impact`; `/prd-add` PATCH → `impact`; `/bug` → `bug`; `/ui-design`/`/ds-handoff` → `ui`; `/e2e-review` reverse-lookup → `impact`; `context-primer` 1.1.0 mappa i task-type sui profili e il suo template smette di ri-dichiarare la strategia (dual-SSOT chiuso).
15
+ - **Primitivi root aggiornati**: skeleton `AGENTS.md` 1.4.0 (il MUST understand-before-implement nomina i 6 profili e cita il modulo) + `CLAUDE.md` 1.2.0 (Plan Mode passa il token, cita senza ripetere).
16
+ - **Tripwire CI**: nuova regola `analysis-profile contract` in `scripts/check-new-parity.mjs` (modulo + dispatcher + implement.md ↔ new2.js ↔ review workflow ↔ context-primer come obbligazioni a locazione parallela).
17
+ - Routing aggiornato: `REGISTRY.md` (riga architect + decision tree), `agents/index.md` (regola + manifest), `skills-mapping.md` (context-primer = canale, non metodologia). Skill bumped: new 1.4.0, new2 1.3.0, prd 1.3.0, prd-add 1.1.0, bug 1.1.0, ui-design 1.1.0, ds-handoff 1.2.0, e2e-review 1.3.0, context-primer 1.1.0.
18
+
19
+ **MINOR** — nuova capability su agent/skill/protocol condivisi; nessun cambio di layout install. **No new `baldart.config.yml` key** (i profili gate-ano su flag esistenti) → la schema-change propagation rule NON si applica. **Codex parity: portable** (token prompt-level; il modulo viaggia nel payload `agents/` bulk-symlinkato letto da entrambi i runtime; il corpo agente transpila in TOML invariato).
20
+
8
21
  ## [4.93.0] - 2026-07-02
9
22
 
10
23
  **`/prd` gate-hygiene wave — dai driver misurati (forensics di una sessione reale: 61.6M token, 48% del costo in fasi meccaniche, una famiglia di card con zero audit-trail, 96% del wall-clock in attesa umana).** Sette interventi chirurgici, nessuna nuova chiave di config:
package/VERSION CHANGED
@@ -1 +1 @@
1
- 4.93.0
1
+ 4.94.0
@@ -14,7 +14,7 @@ Quick-reference for all custom agents. Use this to route tasks to the right spec
14
14
 
15
15
  | Agent | Category | When to Use | Specialization | Can Edit Code | Key Tools |
16
16
  |-------|----------|-------------|----------------|---------------|-----------|
17
- | **codebase-architect** | Architecture | **MANDATORY** before planning/implementing changes | Platform analysis, system design, canonical-source resolution via Linking Protocol v1, LSP symbol resolution (when `features.has_lsp_layer: true`), code-graph structural queries (when `features.has_code_graph: true`) | No | Code navigation, pattern tracing, LSP find-references / go-to-definition, Graphify query/path/affected |
17
+ | **codebase-architect** | Architecture | **MANDATORY** before planning/implementing changes — callers pass `PROFILE=<feature\|bug\|impact\|discovery\|ui\|baseline>` per `agents/analysis-profiles.md` to scope the investigation | Profile-scoped platform analysis, system design, canonical-source resolution via Linking Protocol v1, LSP symbol resolution (when `features.has_lsp_layer: true`), code-graph structural queries (when `features.has_code_graph: true`) | No | Code navigation, pattern tracing, LSP find-references / go-to-definition, Graphify query/path/affected |
18
18
  | **plan-auditor** | Architecture | Review implementation plans before coding begins | Risk assessment, gap detection | Yes | Multi-persona review (eng/security/SRE) |
19
19
  | **doc-reviewer** | Architecture | Audit/write docs after feature implementation | Macro feature identification, SSOT sync, linking-protocol resolution, doc debt tracking, gap analysis | Yes | Doc writing, TaskCreate (doc debt), token optimization |
20
20
  | **wiki-curator** | Documentation | Maintain the derived LLM wiki overlay under `${paths.wiki_dir}/` (concept pages, syntheses, dashboards, reading guides) without creating new canonicals. See `agents/llm-wiki-methodology.md`. | Synthesis candidates (from ADRs/PRDs + Graphify GRAPH_REPORT.md when `features.has_code_graph: true`), provenance hygiene, freshness, anchor + frontmatter validation | Yes | `${paths.wiki_dir}/`, wiki lint |
@@ -97,7 +97,7 @@ The `depends_on` gate keys off `DONE`. `/new` sets `IN_PROGRESS` on claim and
97
97
  scan should match "not DONE", not a hard-coded `READY`).
98
98
 
99
99
  ```
100
- Need to understand existing code? --> codebase-architect (MANDATORY)
100
+ Need to understand existing code? --> codebase-architect (MANDATORY — pass PROFILE=<feature|bug|impact|discovery|ui|baseline>, agents/analysis-profiles.md)
101
101
  Have a plan to review? --> plan-auditor
102
102
  Writing/modifying code? --> coder
103
103
  Code done, need review? --> code-reviewer
@@ -320,7 +320,7 @@ Already in the suppressed-findings collapsible block in § Detected Issues.
320
320
  ## Repo Expectations
321
321
 
322
322
  - Respect `AGENTS.md` authority.
323
- - Use `codebase-architect` when current architecture is not yet clear.
323
+ - Use `codebase-architect` (`PROFILE=feature` — `agents/analysis-profiles.md`) when current architecture is not yet clear.
324
324
  - API contract changes → note required `/api/v2/` versioning + RFC 8594 deprecation headers.
325
325
  - Architecture policy changes → call out ADR requirements explicitly.
326
326
  - Multi-attribute index needed → flag the missing entry in the project's index
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: codebase-architect
3
- description: "MANDATORY: Use this agent whenever you need to understand codebase structure, existing patterns, or architecture before planning or implementing changes. Per AGENTS.md, you MUST invoke this agent before proceeding with any planning or implementation work. Examples:\\n\\n<example>\\nContext: Agent needs to plan a new feature but must understand existing code first.\\nuser: \"Add a new customer analytics dashboard\"\\nassistant: \"Before planning this feature, I must invoke the codebase-architect agent to understand the existing dashboard patterns, data flow architecture, and component structure.\"\\n<commentary>\\nPer AGENTS.md MUST rule: invoke codebase-architect before planning. This is mandatory, not optional.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User needs to understand how a specific feature works.\\nuser: \"How does the permission system work in this codebase?\"\\nassistant: \"I'm going to use the Task tool to launch the codebase-architect agent to provide a comprehensive explanation of the permission system.\"\\n<commentary>\\nThe user is asking about platform architecture and logic - this requires the codebase-architect agent's deep understanding of the system.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User is planning a new feature and needs to understand existing patterns.\\nuser: \"I want to add a new API endpoint for customer analytics. What's the best approach given our current architecture?\"\\nassistant: \"I'm going to use the Task tool to launch the codebase-architect agent to analyze the current API patterns and provide architectural guidance.\"\\n<commentary>\\nThis requires understanding of existing patterns, architectural decisions, and best practices - perfect for the codebase-architect agent.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User encounters complex code and needs explanation.\\nuser: \"I found this payment processing logic but I'm not sure how it integrates with the OCR system\"\\nassistant: \"I'm going to use the Task tool to launch the codebase-architect agent to explain the integration between payment processing and OCR.\"\\n<commentary>\\nThis requires deep understanding of multiple system components and their interactions - use the codebase-architect agent.\\n</commentary>\\n</example>"
3
+ description: "MANDATORY: Use this agent whenever you need to understand codebase structure, existing patterns, or architecture before planning or implementing changes. Per AGENTS.md, you MUST invoke this agent before proceeding with any planning or implementation work. Callers SHOULD pass an analysis profile token — PROFILE=<feature|bug|impact|discovery|ui|baseline> per agents/analysis-profiles.md — to scope the investigation deterministically. Examples:\\n\\n<example>\\nContext: Agent needs to plan a new feature but must understand existing code first.\\nuser: \"Add a new customer analytics dashboard\"\\nassistant: \"Before planning this feature, I must invoke the codebase-architect agent to understand the existing dashboard patterns, data flow architecture, and component structure.\"\\n<commentary>\\nPer AGENTS.md MUST rule: invoke codebase-architect before planning. This is mandatory, not optional.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User needs to understand how a specific feature works.\\nuser: \"How does the permission system work in this codebase?\"\\nassistant: \"I'm going to use the Task tool to launch the codebase-architect agent to provide a comprehensive explanation of the permission system.\"\\n<commentary>\\nThe user is asking about platform architecture and logic - this requires the codebase-architect agent's deep understanding of the system.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User is planning a new feature and needs to understand existing patterns.\\nuser: \"I want to add a new API endpoint for customer analytics. What's the best approach given our current architecture?\"\\nassistant: \"I'm going to use the Task tool to launch the codebase-architect agent to analyze the current API patterns and provide architectural guidance.\"\\n<commentary>\\nThis requires understanding of existing patterns, architectural decisions, and best practices - perfect for the codebase-architect agent.\\n</commentary>\\n</example>\\n\\n<example>\\nContext: User encounters complex code and needs explanation.\\nuser: \"I found this payment processing logic but I'm not sure how it integrates with the OCR system\"\\nassistant: \"I'm going to use the Task tool to launch the codebase-architect agent to explain the integration between payment processing and OCR.\"\\n<commentary>\\nThis requires deep understanding of multiple system components and their interactions - use the codebase-architect agent.\\n</commentary>\\n</example>"
4
4
  model: sonnet
5
5
  color: green
6
6
  memory: project
@@ -17,6 +17,26 @@ You are a Senior Full-Stack Architect with extensive experience in platform anal
17
17
 
18
18
  Per the project's AGENTS.md MUST rules, all agents must invoke you (codebase-architect) to understand codebase structure, existing patterns, or architecture before planning or implementing changes — they must not proceed without that analysis. (The frontmatter `description` examples above are the router-facing restatement of this same rule; this body block is the operative mandate.)
19
19
 
20
+ ## Analysis Profile Dispatch (MUST — your FIRST action)
21
+
22
+ "Understand the codebase" is not one job. Before investigating, resolve your **analysis
23
+ profile** — it scopes which protocols run, what you read/skip, your token budget, and the
24
+ output blocks you owe the caller. The SSOT is `agents/analysis-profiles.md`:
25
+
26
+ 1. **Parse the token**: the invoking prompt carries
27
+ `PROFILE=<feature|bug|impact|discovery|ui|baseline>` (same prompt-token style as
28
+ `OUTPUT=terse`).
29
+ 2. **Read ONLY your section**: Grep `agents/analysis-profiles.md` for
30
+ `### PROFILE: <name>`, Read that section plus any `§ Shared block` it cites
31
+ (Reuse Analysis · UI Resolution Path · Documentation Reliability Scan live there).
32
+ Never read the module end-to-end.
33
+ 3. **No token** → apply the module's § 1 deterministic inference order; no match →
34
+ `full` (run everything that applies, budget ≤ 20K).
35
+
36
+ A profile scopes your work; it never overrides the Role boundary above or the Return
37
+ Contract below. An explicit instruction in the invoking prompt (budget, extra output
38
+ field, output envelope) wins over the profile default.
39
+
20
40
  **Your Core Responsibilities:**
21
41
 
22
42
  1. **Codebase Navigation & Understanding**: Analyze and explain the platform's structure, patterns, and implementation details. Navigate complex codebases efficiently and identify key components, dependencies, and relationships.
@@ -76,23 +96,11 @@ When analyzing a feature, resolve documentation authority in this order:
76
96
  6. `${paths.wiki_dir}/` derived pages when the question is about synthesis, recurring
77
97
  documentation questions, or dashboard-style summaries
78
98
 
79
- **UI / design-system questions** follow a parallel resolution path (paths are
80
- project-specific; the convention below is recommended):
81
-
82
- 1. `${paths.design_system}/INDEX.md` thin router (name source purpose spec)
83
- 2. `${paths.design_system}/components/<Name>.md` read the **frontmatter HEAD**
84
- first (props/variants/composes/token_bindings/a11y — schema in
85
- `framework/agents/component-manifest-schema.md`); the prose body only if you
86
- must understand rationale. This is the on-demand discovery fast path — never
87
- read the source to learn a primitive's API when its HEAD has it.
88
- 3. `${paths.design_tokens}` (DTCG `.tokens.json`) — token SSOT; `tokens-reference.md` is a generated view
89
- 4. `${paths.design_system}/patterns/*` — theming, overlays, animations, platform quirks
90
- 5. `${paths.references_dir}/ui-guidelines.md` — brand philosophy and aesthetic rules
91
- 6. `${paths.references_dir}/component-registry.md` — inventory of shared components
92
-
93
- When a query concerns UI, styling, tokens, or shared components, resolve through the
94
- design-system path in addition to the main path. Adapt the paths to your project's
95
- documentation layout.
99
+ **UI / design-system questions** resolve through the design-system cascade
100
+ `agents/analysis-profiles.md` § "Shared block: UI Resolution Path" (INDEX.md thin
101
+ router → component spec frontmatter HEAD → DTCG tokens → patterns → guidelines).
102
+ Profile `ui` makes it the PRIMARY route; any other profile applies it in addition to
103
+ the main path when the query concerns UI, styling, tokens, or shared components.
96
104
 
97
105
  ### Source Taxonomy
98
106
 
@@ -114,40 +122,20 @@ Treat these as weak evidence and say so explicitly in your output:
114
122
  - index docs presented as canonicals when linked PRD/ADR/reference docs exist
115
123
  - derived docs that appear newer than the supposed canonical source
116
124
 
117
- ### Documentation Reliability Scan (MUST)
118
-
119
- When documentation is part of your evidence set, run a fast reliability scan before
120
- trusting it as authoritative:
125
+ ### Documentation Reliability Scan (profile-gated)
121
126
 
122
- 1. **Registry coverage** confirm the feature exists in
123
- `${paths.references_dir}/ssot-registry.md`; if the feature only exists in backlog/PRD, report
124
- `REGISTRY_GAP`
125
- 2. **Freshness markers** compare `Last updated`, `Last reviewed`, or explicit change-log
126
- markers against `git log -1` on the shared hub or canonical doc you rely on
127
- 3. **Link quality** — distinguish markdown links from raw repo paths; path-heavy PRDs and
128
- weak pointer blocks lower retrieval quality for agents
129
- 4. **Retrieval risk** — if a doc exceeds repo thresholds from `AGENTS.md` (for example:
130
- reference docs >400 lines, API docs >800 lines, PRDs/specs >800 lines), read headings
131
- and targeted sections first instead of defaulting to a full read
132
- 5. **Router fit** — when `ssot-registry.md` maps the feature to a canonical doc, prefer
133
- that route over ad hoc broad scans
134
-
135
- Include this block in every analysis that materially depends on docs:
136
-
137
- ```markdown
138
- ## Documentation Reliability Scan
139
-
140
- - Registry coverage: [ok | REGISTRY_GAP: ...]
141
- - Freshness status: [fresh | stale | unknown] (git evidence)
142
- - Link quality: [ok | PATH_HEAVY: ...]
143
- - Retrieval risk: [ok | OVERSIZE_DOC: ...]
144
- - Router fit: [ok | WEAK_ROUTER_MATCH: ...]
145
- ```
127
+ When your profile lists it AND documentation is part of your evidence set, run the fast
128
+ reliability scan defined in `agents/analysis-profiles.md` § "Shared block: Documentation
129
+ Reliability Scan" (registry coverage · freshness · link quality · retrieval risk ·
130
+ router fit) and emit its `## Documentation Reliability Scan` block in every analysis
131
+ that materially depends on docs.
146
132
 
147
133
  **Investigation Protocol (MUST follow before any analysis):**
148
134
 
149
135
  Before providing any architectural guidance or implementation advice, follow this
150
- **token-efficient** investigation sequence. Target: **under 20K tokens total**.
136
+ **token-efficient** investigation sequence it is the shared engine every analysis
137
+ profile scopes (your profile says which steps get emphasis and what to skip).
138
+ Target: **your profile's budget** (default under 20K tokens total).
151
139
 
152
140
  1. **Canonical router FIRST** — resolve the feature to its canonical source
153
141
  before reading code. Read `${paths.references_dir}/ssot-registry.md` (and the
@@ -220,48 +208,16 @@ Derived wiki overlay routing:
220
208
  - Never treat `${paths.wiki_dir}/` as canonical when a repo doc or ADR exists.
221
209
  - If the wiki and canonical docs disagree, report the drift explicitly.
222
210
 
223
- ## Reuse Analysis Protocol (CONDITIONAL)
211
+ ## Reuse Analysis Protocol (profile-gated)
224
212
 
225
- Run this protocol **only when the task involves building or changing code** (new-feature,
226
- refactor, bug-fix). **Skip entirely for query and doc-update tasks** they don't need
227
- component discovery.
213
+ Run the Reuse Analysis **only when your profile lists it** (`feature`, `ui`, and `full`
214
+ when the task builds or changes code). Steps, classification vocabulary (Direct reuse /
215
+ Refactor & reuse / Extract & share / No match), and the `## Reuse Analysis` output
216
+ format are defined ONCE in `agents/analysis-profiles.md` § "Shared block: Reuse
217
+ Analysis" — follow it verbatim; if nothing is reusable, emit the section saying so and
218
+ why.
228
219
 
229
- **Steps:**
230
-
231
- 1. **Identify what the feature needs**: List the UI components, hooks, utilities, API patterns, and data flows the feature will require.
232
- 2. **Search for existing matches**:
233
- - When `features.has_design_system: true`, the **fastest reuse signal is the
234
- spec HEADs**: scan `${paths.design_system}/INDEX.md` (thin router) then the
235
- frontmatter HEAD of the candidate `components/<Name>.md` — structured
236
- props/variants/purpose without reading source. Prefer this over Grep.
237
- - Else check `${paths.references_dir}/component-registry.md` (relevant table
238
- section only).
239
- - Grep only for 2-3 specific component names, not broad semantic sweeps.
240
- 3. **Classify each candidate**:
241
- - **Direct reuse**: Component works as-is, just import it
242
- - **Refactor & reuse**: Component does 70%+ of what's needed; refactor to accept props/config to generalize it
243
- - **Extract & share**: Logic is duplicated across 2+ places; extract into a shared component/hook/utility
244
- - **No match**: Nothing exists; must build new (document why)
245
- 4. **Check your agent memory**: Read `.claude/agent-memory/codebase-architect/shared-components.md` **only if the task involves UI components**. Skip for API-only or backend changes. Update it with any new discoveries.
246
-
247
- **Output format** (include in every architectural analysis):
248
-
249
- ```markdown
250
- ## Reuse Analysis
251
-
252
- ### Reusable Components Found
253
- | Need | Existing Component | Path | Classification | Action |
254
- |------|-------------------|------|----------------|--------|
255
- | [what's needed] | [component name] | [file:line] | Direct reuse / Refactor & reuse / Extract & share | [what to do] |
256
-
257
- ### No Match (Must Build New)
258
- - [component/pattern]: [why nothing existing fits]
259
-
260
- ### Refactoring Opportunities
261
- - [description of duplication found that should be consolidated, even if not directly related to this feature]
262
- ```
263
-
264
- Also include this evidence block in every analysis:
220
+ Include this evidence block in **every** analysis, whatever the profile:
265
221
 
266
222
  ```markdown
267
223
  ## Canonical Evidence
@@ -274,38 +230,28 @@ Also include this evidence block in every analysis:
274
230
  - Ambiguities or drift: [none or explicit list]
275
231
  ```
276
232
 
277
- If no reuse candidates exist, output the section with "No reusable components found — all new code required" and explain why.
278
-
279
233
  **Your Approach:**
280
234
 
281
- **Token budget awareness**: aim for under 20K tokens per invocation. Targeted
282
- reads off the canonical router replace broad file scans — don't re-read what a
283
- canonical doc already told you.
284
-
285
- 1. **Router First**: Start from `ssot-registry.md` and the matched canonical
286
- doc/ADR. Trust the canonical contract for architectural summaries and only
287
- read specific source files to verify claims you need to act on. Do NOT
288
- re-read files a canonical doc already summarized.
289
-
290
- 2. **Targeted reads**: For oversized docs (>400 lines), read headings and routing
291
- sections first, then exact subsections. NEVER read agent memory files >20KB in
292
- full — scan the filename and first 30 lines to decide relevance.
293
- Say explicitly when you sampled instead of reading end-to-end.
235
+ **Token budget awareness**: your profile sets the budget (default ≤ 20K tokens per
236
+ invocation). Targeted reads off the canonical router replace broad file scans — don't
237
+ re-read what a canonical doc already told you, and don't re-read files the Investigation
238
+ Protocol's read-size rules told you to sample. Say explicitly when you sampled instead
239
+ of reading end-to-end.
294
240
 
295
- 3. **Multi-Layer Analysis**: Consider all layers of the stack:
241
+ 1. **Multi-Layer Analysis**: Consider all layers of the stack:
296
242
  - Data Model: How is data structured and persisted?
297
243
  - Backend Logic: What business rules and processing occur?
298
244
  - API Layer: How do systems communicate?
299
245
  - Frontend: How is the UI structured and how does it consume data?
300
246
  - Integration Points: How do external services fit in?
301
247
 
302
- 3. **ADR Awareness**: When architectural decisions are involved, reference relevant ADRs. If you discover undocumented architectural patterns that should be ADRs, note this.
248
+ 2. **ADR Awareness**: When architectural decisions are involved, reference relevant ADRs. If you discover undocumented architectural patterns that should be ADRs, note this.
303
249
 
304
- 4. **Trace Data Flows**: When explaining features, trace the complete flow: user action → frontend → API → backend logic → database → response.
250
+ 3. **Trace Data Flows**: When explaining features, trace the complete flow: user action → frontend → API → backend logic → database → response.
305
251
 
306
- 5. **Identify Dependencies**: Highlight component dependencies, external services, and integration points that affect the functionality being discussed.
252
+ 4. **Identify Dependencies**: Highlight component dependencies, external services, and integration points that affect the functionality being discussed.
307
253
 
308
- 6. **Security & Permissions**: Always consider the permission model when explaining features. Flag deprecated permission patterns documented in the project's MEMORY.md or AGENTS.md.
254
+ 5. **Security & Permissions**: Always consider the permission model when explaining features. Flag deprecated permission patterns documented in the project's MEMORY.md or AGENTS.md.
309
255
 
310
256
  **Common Patterns to Capture (adapt to your project):**
311
257
 
@@ -322,8 +268,10 @@ emit the structured substance ONLY, no narrative. Brain big, mouth small. Your
322
268
  return value is injected verbatim into the caller's context, so every word of
323
269
  prose costs them context budget on every subsequent turn.
324
270
 
325
- - **Emit, unchanged (these ARE the contract):** the `## Reuse Analysis` table and
326
- the `## Canonical Evidence` block.
271
+ - **Emit, unchanged (these ARE the contract):** the `## Canonical Evidence` block,
272
+ plus the `## Reuse Analysis` table and any profile-specific block
273
+ (code-path map / affected-surface table / component-binding notes — see
274
+ `agents/analysis-profiles.md`) when your profile runs them.
327
275
  - **Affected code as rows, not paragraphs:** `path:line — symbol — pattern/role`.
328
276
  - **High-risk paths / integration points, one line each:** `path:line — risk`.
329
277
  - **Hot-File Map (MANDATORY for every in-scope file > 800 lines):** a
@@ -125,7 +125,7 @@ You MUST run as a state machine. Always label your current state at the top of e
125
125
  - Restate problem in 3–6 bullets.
126
126
  - Identify objective function / KPI.
127
127
  - Identify constraints (privacy, latency, cost, cold start).
128
- - Invoke `codebase-architect` agent to understand existing system structure.
128
+ - Invoke `codebase-architect` agent (`PROFILE=feature` — `agents/analysis-profiles.md`) to understand existing system structure.
129
129
 
130
130
  ### STATE 1 — RESEARCH CHECK
131
131
  - Locate and summarize "Research Inputs Used".
@@ -171,7 +171,7 @@ When first invoked on a project, before doing anything else:
171
171
  ## AGENTS.md Compliance
172
172
 
173
173
  You MUST follow all rules in AGENTS.md, including:
174
- - Invoke `codebase-architect` agent (via Task tool) before planning or implementing changes to understand existing patterns
174
+ - Invoke `codebase-architect` agent (via Task tool, `PROFILE=feature` — `agents/analysis-profiles.md`) before planning or implementing changes to understand existing patterns
175
175
  - Update `${paths.references_dir}/project-status.md` Active Code Context before work
176
176
  - Pick a backlog card, set IN_PROGRESS, and assign yourself before work
177
177
  - Keep docs and code in sync
@@ -84,7 +84,7 @@ When auditing plans for a specific project, replace the bullets above with proje
84
84
  - List the exact missing inputs as "Blocking Questions"
85
85
  - Propose safe defaults / options and explain trade-offs for each
86
86
  6. **Produce outputs that are directly actionable** by engineers. No fluff, no generic advice, no motivational language.
87
- 7. **FULL mode only**: before starting your audit, invoke the `codebase-architect` agent (via Task tool) to understand the current codebase structure, existing patterns, and architecture relevant to the plan being reviewed. Do not audit without this context. In **QUICK** mode the caller has already supplied this grounding — do NOT re-spawn codebase-architect.
87
+ 7. **FULL mode only**: before starting your audit, invoke the `codebase-architect` agent (via Task tool) to understand the current codebase structure, existing patterns, and architecture relevant to the plan being reviewed — pass `PROFILE=impact OUTPUT=terse` (the plan's blast radius is what your audit needs; contract in `agents/analysis-profiles.md`). Do not audit without this context. In **QUICK** mode the caller has already supplied this grounding — do NOT re-spawn codebase-architect.
88
88
 
89
89
  ## PROMPT INJECTION GUARD (MUST — read first)
90
90
 
@@ -284,7 +284,7 @@ When you need to examine code, use Glob/Grep to find actual file paths before re
284
284
  ## Repo Workflow Expectations
285
285
 
286
286
  - Respect `AGENTS.md` as authoritative.
287
- - Use `codebase-architect` for architecture discovery before broad security recommendations that depend on current structure.
287
+ - Use `codebase-architect` (`PROFILE=feature` — `agents/analysis-profiles.md`) for architecture discovery before broad security recommendations that depend on current structure.
288
288
  - Treat `${paths.references_dir}/project-status.md` as transient coordination context, not canonical feature truth.
289
289
  - When you find a security issue that implies doc or ADR drift, flag the required follow-up explicitly.
290
290
 
@@ -117,7 +117,7 @@ If a card cannot be found, mark it as `UNKNOWN` and ask the user before continui
117
117
  > (plus the attached `diff_summary_path`) as the mandatory context for downstream agents, and go to
118
118
  > Step 2. In full mode (no contract file), run this step as written.
119
119
 
120
- Before running any review agents, invoke `codebase-architect` (via Task tool) for each card scope to map:
120
+ Before running any review agents, invoke `codebase-architect` (via Task tool) for each card scope — pass `PROFILE=baseline OUTPUT=terse` (diff-scoped review grounding; contract in `agents/analysis-profiles.md`) — to map:
121
121
 
122
122
  - Existing architecture and critical patterns
123
123
  - High-risk code paths for regressions
@@ -2,6 +2,10 @@
2
2
 
3
3
  Formato: [Keep a Changelog](https://keepachangelog.com/) · [SemVer](https://semver.org/).
4
4
 
5
+ ## 1.1.0 — 2026-07-02
6
+
7
+ - **Analysis-profile contract (framework v4.94.0)**: Phase 0 code-path mapping passes `PROFILE=bug` — the profile returns the entry→failure code-path map + the recent-change suspect list and skips reuse/architecture noise. SSOT: `framework/agents/analysis-profiles.md`.
8
+
5
9
  ## 1.0.0 — 2026-07-01
6
10
 
7
11
  - Baseline: versioning per-skill introdotto al framework v4.82.0.
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: bug
3
3
  effort: medium
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  description: >
6
6
  Structured bug investigation and resolution workflow (framework-agnostic; project-specific entry points are loaded from `.baldart/overlays/bug.md`).
7
7
  Use when: the user says /bug, 'debug', 'c e un bug', 'non funziona', 'errore', 'broken',
@@ -60,9 +60,11 @@ See [framework/docs/MCP-INTEGRATION.md](../../../docs/MCP-INTEGRATION.md) for th
60
60
  - **Auth** → the project's auth middleware/guard + auth error codes (per `stack.auth_provider`)
61
61
  - **Build/Deploy** → the deploy platform's logs + build output (per `stack.deployment`, e.g. Vercel)
62
62
  3. Launch `codebase-architect` agent to map the affected code paths — do NOT start debugging blind.
63
- Pass `OUTPUT=terse` (since v4.49.0): you want the structured map (`path:linesymbol` rows,
64
- high-risk paths, `totals:`), not a narrative essay its return is injected verbatim into this
65
- investigation context, so keep it lean.
63
+ Pass `PROFILE=bug OUTPUT=terse` (profile contract: `agents/analysis-profiles.md`the
64
+ `bug` profile returns the code-path map entry→failure + the recent-change suspect list
65
+ and skips reuse/architecture noise; since v4.94.0). You want the structured map
66
+ (`path:line — symbol` rows, high-risk paths, `totals:`), not a narrative essay — its
67
+ return is injected verbatim into this investigation context, so keep it lean.
66
68
  When `features.has_lsp_layer: true` and the symptom names a concrete symbol
67
69
  (function/type/handler), `codebase-architect` will use LSP find-references /
68
70
  go-to-definition to locate the exact callsites instead of grepping. See
@@ -2,6 +2,16 @@
2
2
 
3
3
  Formato: [Keep a Changelog](https://keepachangelog.com/) · [SemVer](https://semver.org/).
4
4
 
5
+ ## 1.1.0 — 2026-07-02
6
+
7
+ - **Analysis-profile contract**: the embedded architect prompt no longer restates the
8
+ search strategy (canonical-router steps, task-adaptive rules, UI cascade, wiki
9
+ routing — a dual-SSOT with the agent body). It now passes
10
+ `PROFILE=<bug|impact|discovery|ui>` mapped deterministically from the detected task
11
+ type (new step 2b) and cites `framework/agents/analysis-profiles.md` as the single
12
+ SSOT of the retrieval plan. Skill-specific inputs (overlay must-include docs, git
13
+ recency signal) and the XML output envelope are unchanged.
14
+
5
15
  ## 1.0.0 — 2026-07-01
6
16
 
7
17
  - Baseline: versioning per-skill introdotto al framework v4.82.0.
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: cont
3
3
  effort: medium
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  description: >
6
6
  Load codebase context silently before starting work, optimized for LLM
7
7
  comprehension using research-backed structured formatting.
@@ -56,72 +56,38 @@ precedence caveats: `framework/agents/effort-protocol.md`.
56
56
 
57
57
  Default to `query` if ambiguous.
58
58
 
59
+ 2b. **Map the task type to an analysis profile** (the mapping SSOT is
60
+ `framework/agents/analysis-profiles.md` § 3 — do not restate search strategy here):
61
+
62
+ | Task type | PROFILE |
63
+ |-----------|---------|
64
+ | `bug-fix` | `bug` |
65
+ | `refactor` | `impact` |
66
+ | `new-feature`, `query`, `doc-update` | `discovery` (pass the task type through — the profile has per-task-type deltas) |
67
+ | any type + UI/component/token keywords when `features.has_design_system: true` | `ui` |
68
+
59
69
  3. Launch `codebase-architect` agent with this prompt template:
60
70
 
61
71
  ```
62
72
  Load context about: {keywords}
63
73
  Task type: {task_type}
64
74
 
75
+ PROFILE={profile} — resolve your analysis profile per `agents/analysis-profiles.md`
76
+ (Grep `### PROFILE: {profile}`, Read ONLY that section + the shared blocks it cites).
77
+ It defines your retrieval plan, what to skip, and your output blocks. Your system
78
+ prompt's Investigation Protocol is the engine; the profile scopes it.
79
+
65
80
  OUTPUT=terse — you are a silent loader's machine consumer, not a human Q&A. Return the
66
- structured contract (reuse table + canonical evidence + `path:line — symbol` rows + `totals:`)
67
- with no narrative prose; the loader condenses this into the XML context block.
68
-
69
- TOKEN BUDGET: stay under 15K tokens total. Prefer the canonical router + targeted reads over broad file scans.
70
-
71
- SEARCH STRATEGY — canonical-router-first, verify-only-if-needed:
72
-
73
- 1. Resolve the topic to its canonical source. Read `${paths.references_dir}/ssot-registry.md`
74
- to route `{keywords}` to the owning reference doc / ADR, then read only the matched
75
- section(s). If the topic is documentation-heavy and `features.has_wiki_overlay: true`,
76
- also consult `${paths.wiki_dir}/index.md` and any must-include docs listed in
77
- `.baldart/overlays/context-primer.md` (verify wiki claims against canonical docs).
78
-
79
- 2. Targeted searches:
80
- a. Agent memory: grep MEMORY.md index for topic match, read ONLY
81
- matching files (skip files >20KB unless filename matches keywords).
82
- b. Backlog (when `features.has_backlog: true`): grep `${paths.backlog_dir}/*.yml` for card titles matching keywords.
83
- Read only the matching cards, not all cards.
84
- c. Git: `git log --oneline -10 --grep="{keywords}"` (10 results max).
85
-
86
- 3. Broader search (when steps 1-2 are thin):
87
- a. Search for 2-3 specific identifiers from steps 1-2, routing by query shape
88
- per `framework/agents/code-search-protocol.md` (symbols → LSP when
89
- `has_lsp_layer`) and `framework/agents/code-graph-protocol.md` (structural /
90
- relational → Graphify when `has_code_graph`); grep is the fallback for textual
91
- patterns. Follow those modules' tier order, budgets, and anti-flail rule —
92
- don't restate them here.
93
- a-bis. **UI / component keywords when `has_design_system: true`**: route via the
94
- design-system layer, NOT source scans — read `${paths.design_system}/INDEX.md`
95
- (thin router) then the **frontmatter HEAD** of the matched
96
- `components/<Name>.md` (props/variants/token_bindings; schema
97
- `framework/agents/component-manifest-schema.md`). Read a spec's prose / the
98
- source only to verify a runtime-sensitive claim. This is the cheap on-demand
99
- path that replaces reading a monolithic INDEX or component sources.
100
- b. Read key file headers (first 50 lines) to identify structure.
101
- DO NOT read `${paths.prd_dir}/` or `${paths.references_dir}/` files in full —
102
- route via the registry and read only the specific section you need.
103
-
104
- 4. Targeted verification (ALL cases):
105
- - Verify ONLY runtime-sensitive claims (auth patterns, API contracts,
106
- current schema) against actual code.
107
- - Files <200 lines: read in full.
108
- - Files 200-500 lines: read first 50 lines + specific section.
109
- - Files >500 lines: grep for key exports/functions, read only those.
110
- - NEVER read agent memory files >20KB in full.
111
-
112
- TASK-ADAPTIVE RULES:
113
- - "query": canonical docs + memory only. Skip source code unless code-specific.
114
- - "bug-fix": canonical docs + recent git changes + error-related code. Skip arch docs.
115
- - "new-feature": canonical docs + patterns in same domain + ADRs. Skip unrelated areas.
116
- - "refactor": canonical docs + affected files + dependency refs. Skip design rationale.
117
- - "doc-update": SSOT registry. Skip source code.
118
-
119
- WIKI OVERLAY ROUTING:
120
- - If the topic is about synthesized knowledge, dashboards, reading guides, or
121
- recurring documentation questions, prefer the derived wiki overlay as a
122
- compression layer.
123
- - Always verify wiki claims against canonical repo docs before using them as
124
- working truth.
81
+ structured contract (the profile's blocks + canonical evidence + `path:line — symbol`
82
+ rows + `totals:`) with no narrative prose; the loader condenses this into the XML
83
+ context block.
84
+
85
+ TOKEN BUDGET: stay under 15K tokens total (this caps the profile default).
86
+
87
+ SKILL-SPECIFIC INPUTS (on top of the profile plan):
88
+ - Must-include canonical docs listed in `.baldart/overlays/context-primer.md` (if the
89
+ overlay is present) read their matched sections.
90
+ - Recency signal: `git log --oneline -10 --grep="{keywords}"` (10 results max).
125
91
 
126
92
  Return output in this EXACT XML format (30-50 lines max):
127
93
 
@@ -2,6 +2,10 @@
2
2
 
3
3
  Formato: [Keep a Changelog](https://keepachangelog.com/) · [SemVer](https://semver.org/).
4
4
 
5
+ ## 1.2.0 — 2026-07-02
6
+
7
+ - **Analysis-profile contract (framework v4.94.0)**: the standalone screen-resolution probe passes `PROFILE=ui` to `codebase-architect` per `framework/agents/analysis-profiles.md`. The Step 3 field-extraction retrieval order is unchanged.
8
+
5
9
  ## 1.1.0 — 2026-07-01
6
10
 
7
11
  - **Decision & preference pass (Step 5.5)** — nuovo `references/decision-pass.md`.
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: ds-handoff
3
3
  effort: medium
4
- version: 1.1.0
4
+ version: 1.2.0
5
5
  description: >
6
6
  Produce a FIELD-LEVEL, 1:1, interaction-complete handoff brief for Claude Design
7
7
  — every screen's real fields (label, control type, required, validation, default,
@@ -89,7 +89,8 @@ Each step is a delegation. Read the cited SSOT; do not paraphrase it.
89
89
  `mockup_analysis` from the `/prd` state file `## UI Design` (reuse the caller's
90
90
  collection — do NOT re-derive). *Standalone* → derive screens from the arg;
91
91
  on ambiguity, ONE `AskUserQuestion` listing route/page candidates from a
92
- `codebase-architect` probe. Never proceed on silence.
92
+ `codebase-architect` probe (pass `PROFILE=ui` `agents/analysis-profiles.md`).
93
+ Never proceed on silence.
93
94
 
94
95
  2. **Identify backing entities per screen.** Name the entity/entities each screen
95
96
  reads or writes. A screen may legitimately have **zero** entities (pure
@@ -2,6 +2,10 @@
2
2
 
3
3
  Formato: [Keep a Changelog](https://keepachangelog.com/) · [SemVer](https://semver.org/).
4
4
 
5
+ ## 1.3.0 — 2026-07-02
6
+
7
+ - **Analysis-profile contract (framework v4.94.0)**: the two `codebase-architect` reverse-dependency lookups (routes importing a changed component; primitives used by a route in compliance-only mode) pass `PROFILE=impact` per `framework/agents/analysis-profiles.md`.
8
+
5
9
  ## 1.2.1 — 2026-07-02
6
10
 
7
11
  - Phase 3.8: la lane visual del route non renderizzabile con mockup code-form viene
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: e2e-review
3
3
  effort: medium
4
- version: 1.2.1
4
+ version: 1.3.0
5
5
  description: >
6
6
  Deterministic, BLOCKING end-to-end review run after a feature is implemented.
7
7
  Combines functional E2E (Playwright spec written by `coder`, executed via
@@ -140,8 +140,9 @@ system constraints into a machine-readable verification plan.
140
140
  route, SvelteKit `routes/...` → route). If the framework is unknown,
141
141
  ask the user.
142
142
  - For each changed component under `${paths.components_primitives}`,
143
- identify the routes that import it via the `codebase-architect` agent
144
- (fallback to grep when LSP is unavailable).
143
+ identify the routes that import it via the `codebase-architect` agent
144
+ pass `PROFILE=impact` (reverse-dependency lookup per
145
+ `agents/analysis-profiles.md`; fallback to grep when LSP is unavailable).
145
146
  3. **Synthesize verification plan** as Gherkin scenarios. Format:
146
147
 
147
148
  ```gherkin
@@ -260,7 +261,8 @@ If no mockup image is available BUT `features.has_design_system: true`:
260
261
  specs (cascade detailed in
261
262
  [`framework/agents/design-system-protocol.md`](../../../agents/design-system-protocol.md)).
262
263
  - Identify which primitives the route uses via the `codebase-architect`
263
- agent (or grep on imports under `${paths.components_primitives}`).
264
+ agent with `PROFILE=impact` (or grep on imports under
265
+ `${paths.components_primitives}`).
264
266
  - Record `mockup_source.level = "compliance-only"` and the list of components
265
267
  in scope.
266
268
 
@@ -2,6 +2,10 @@
2
2
 
3
3
  Formato: [Keep a Changelog](https://keepachangelog.com/) · [SemVer](https://semver.org/).
4
4
 
5
+ ## 1.4.0 — 2026-07-02
6
+
7
+ - **Analysis-profile contract (framework v4.94.0)**: `implement.md` Phase 1 step 3 now passes a deterministic `PROFILE=` token to the `codebase-architect` spawn — `ui` when the card has a non-empty `links.design`/`links.design_src` (the same mockup bit as step 6a), else `feature`. Contract SSOT: `framework/agents/analysis-profiles.md`; guarded by the `check-new-parity.mjs` tripwire.
8
+
5
9
  ## 1.3.0 — 2026-07-02
6
10
 
7
11
  - **Hot-file economy (T2.A)**: il briefing "Codebase Context" passa il baseline
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: new
3
3
  effort: medium
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  description: >
6
6
  Orchestrate a team of specialized agents to implement one or more backlog cards
7
7
  end-to-end inside a dedicated worktree, with code review, doc review, QA, and