buildwithnexus 0.10.4 → 0.10.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/harness/Cargo.lock +6 -5
- package/harness/Cargo.toml +2 -8
- package/harness/src/agent.rs +2665 -246
- package/harness/src/bundled_skills/code-review.md +17 -0
- package/harness/src/bundled_skills/codebase-repair.md +32 -0
- package/harness/src/bundled_skills/data-analysis.md +16 -0
- package/harness/src/bundled_skills/decision_support.md +59 -0
- package/harness/src/bundled_skills/document-generation.md +29 -0
- package/harness/src/bundled_skills/frontend-ux.md +18 -0
- package/harness/src/bundled_skills/git-release.md +23 -0
- package/harness/src/bundled_skills/release-notes.md +17 -0
- package/harness/src/bundled_skills/research.md +17 -0
- package/harness/src/bundled_skills/rust-cli.md +26 -0
- package/harness/src/bundled_skills/security-review.md +19 -0
- package/harness/src/bundled_skills/self-knowledge.md +104 -0
- package/harness/src/bundled_skills/spec-writing.md +19 -0
- package/harness/src/bundled_skills/static-app.md +36 -0
- package/harness/src/bundled_skills/test-engineering.md +18 -0
- package/harness/src/bundled_skills/tool-use.md +52 -0
- package/harness/src/bundled_skills/verification_workflow.md +62 -0
- package/harness/src/checkpoint.rs +105 -8
- package/harness/src/config.rs +533 -88
- package/harness/src/hooks.rs +306 -52
- package/harness/src/knowledge.rs +433 -0
- package/harness/src/lib.rs +2127 -249
- package/harness/src/local.rs +13 -4
- package/harness/src/onboarding.rs +91 -21
- package/harness/src/provider.rs +346 -79
- package/harness/src/report.rs +37 -13
- package/harness/src/rules.rs +467 -0
- package/harness/src/session.rs +36 -9
- package/harness/src/tools.rs +3021 -114
- package/harness/src/trace.rs +218 -0
- package/harness/src/tui.rs +2174 -237
- package/harness/src/verifier.rs +375 -0
- package/harness/src/workflow.rs +72 -32
- package/package.json +1 -1
- package/scripts/postinstall.js +4 -1
- package/scripts/resolve-binary.js +2 -0
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# Code Review
|
|
2
|
+
|
|
3
|
+
Use this skill when reviewing changes, auditing a PR, or checking for regressions.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `run_command` with `git status`, `git diff`, and `git diff --staged`.
|
|
8
|
+
2. Use `read_file` for files where line context matters.
|
|
9
|
+
3. Prioritize findings by severity.
|
|
10
|
+
4. Mention tests that were not run or risk that remains.
|
|
11
|
+
|
|
12
|
+
## Findings standard
|
|
13
|
+
|
|
14
|
+
- Lead with bugs, security risks, data loss risks, broken UX, or missing tests.
|
|
15
|
+
- Cite file paths and exact behavior.
|
|
16
|
+
- Do not pad the review with style preferences.
|
|
17
|
+
- If no issues are found, say that clearly and list residual test gaps.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Codebase Repair
|
|
2
|
+
|
|
3
|
+
Use this skill when the user asks to fix a bug, implement a feature, clean up a regression, or investigate failing behavior in a repository.
|
|
4
|
+
|
|
5
|
+
## Tool workflow
|
|
6
|
+
|
|
7
|
+
1. Start with `list_dir`, `find_files`, and `grep_files` to understand the codebase shape.
|
|
8
|
+
2. Use `read_file` before `edit_file` or `write_file`; edits to existing files are expected to be read first.
|
|
9
|
+
3. Prefer `grep_files` and `find_files` over shell search when they are enough.
|
|
10
|
+
4. Use `run_command` for project-native checks such as `cargo test`, `cargo clippy`, `npm test`, `npm run build`, `git diff`, and package-specific scripts.
|
|
11
|
+
5. Use `finish` only after implementation and verification are complete, or after explaining a real blocker.
|
|
12
|
+
|
|
13
|
+
## Repair discipline
|
|
14
|
+
|
|
15
|
+
- Keep changes scoped to the reported behavior.
|
|
16
|
+
- Match existing style before adding abstractions.
|
|
17
|
+
- Add or update tests when behavior changes.
|
|
18
|
+
- If a check fails, inspect the error and fix the cause rather than masking it.
|
|
19
|
+
- When a terminal/TUI bug is involved, use a PTY or real terminal path for validation where possible.
|
|
20
|
+
- If Computer Use cannot operate the Terminal app, say so plainly and provide local terminal commands for manual verification.
|
|
21
|
+
|
|
22
|
+
## Standard verification
|
|
23
|
+
|
|
24
|
+
For Rust CLI work, prefer:
|
|
25
|
+
|
|
26
|
+
- `cargo test --manifest-path harness/Cargo.toml`
|
|
27
|
+
- `cargo clippy --manifest-path harness/Cargo.toml --all-targets --locked -- -D warnings`
|
|
28
|
+
|
|
29
|
+
For npm package work, prefer:
|
|
30
|
+
|
|
31
|
+
- `npm pack --dry-run`
|
|
32
|
+
- installing from the local tarball in a temporary directory when package contents matter.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Data Analysis
|
|
2
|
+
|
|
3
|
+
Use this skill for CSV/JSON/log analysis, metrics summaries, benchmark interpretation, or report generation.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `file_info`, `read_file`, and `read_many_files` to inspect inputs.
|
|
8
|
+
2. Use `run_command` with existing tools such as `jq`, `awk`, `python3`, or project scripts when available.
|
|
9
|
+
3. Use `write_file` for derived CSV/JSON/Markdown outputs.
|
|
10
|
+
4. Use `create_docx` for a Word-ready summary when requested.
|
|
11
|
+
|
|
12
|
+
## Standards
|
|
13
|
+
|
|
14
|
+
- Preserve raw data; write derived outputs separately.
|
|
15
|
+
- Explain assumptions and missing data.
|
|
16
|
+
- Include reproducible commands or scripts when analysis is non-trivial.
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
# Decision Support
|
|
2
|
+
|
|
3
|
+
When asked to evaluate a design decision, architecture choice, or strategic question, follow this structured workflow. Do NOT answer from intuition alone.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. **Classify the decision**
|
|
8
|
+
- What type? (architecture, implementation, deployment, security, data model, dependency, process)
|
|
9
|
+
- What scope? (single file, module, service, system-wide)
|
|
10
|
+
- What urgency? (blocking, important, can-defer)
|
|
11
|
+
|
|
12
|
+
2. **Gather evidence** — call these tools BEFORE forming an opinion:
|
|
13
|
+
- `search` / `grep`: Find relevant code, configs, and docs
|
|
14
|
+
- `read_file`: Read architecture decisions, README, existing implementations
|
|
15
|
+
- `glob`: Map the affected file/module structure
|
|
16
|
+
- `bash`: Run `git log` for history, check CI status, list dependencies
|
|
17
|
+
|
|
18
|
+
3. **Identify constraints** — document what limits the decision:
|
|
19
|
+
- Existing API contracts
|
|
20
|
+
- Database schema dependencies
|
|
21
|
+
- Team capacity and operational maturity
|
|
22
|
+
- Security and compliance requirements
|
|
23
|
+
- Performance requirements
|
|
24
|
+
- Timeline pressures
|
|
25
|
+
|
|
26
|
+
4. **Evaluate options** — for each option:
|
|
27
|
+
- Describe the approach
|
|
28
|
+
- List evidence supporting it
|
|
29
|
+
- List evidence against it
|
|
30
|
+
- Assess: risk, cost, reversibility, blast radius
|
|
31
|
+
- Note assumptions made
|
|
32
|
+
|
|
33
|
+
5. **Apply decision rules**:
|
|
34
|
+
- If the change shares lifecycle, data, and failure domain → prefer extending existing
|
|
35
|
+
- If different scaling, security, or release needs → consider separation
|
|
36
|
+
- If team lacks operational maturity → avoid fragmentation
|
|
37
|
+
- If critical path → require feature flags and staged rollout
|
|
38
|
+
- If dependency is unmaintained → avoid adding
|
|
39
|
+
- If data is destructive → require rollback plan
|
|
40
|
+
|
|
41
|
+
6. **Produce a decision memo** with these sections:
|
|
42
|
+
- **Recommendation**: clear, actionable statement
|
|
43
|
+
- **Rationale**: why this option, grounded in evidence
|
|
44
|
+
- **Evidence**: what was inspected (files, tests, docs, history)
|
|
45
|
+
- **Tradeoffs**: what you gain and what you give up
|
|
46
|
+
- **Risks**: what could go wrong and mitigations
|
|
47
|
+
- **Assumptions**: what you assumed but couldn't verify
|
|
48
|
+
- **Confidence**: high/medium/low with explanation
|
|
49
|
+
- **Next actions**: concrete steps to implement the decision
|
|
50
|
+
|
|
51
|
+
## Rules
|
|
52
|
+
|
|
53
|
+
- Never recommend without inspecting relevant code and docs first
|
|
54
|
+
- Always state your confidence level
|
|
55
|
+
- Always list assumptions
|
|
56
|
+
- If evidence is missing, say so explicitly
|
|
57
|
+
- Prefer reversible decisions when confidence is medium or low
|
|
58
|
+
- If the decision could cause data loss, require a rollback plan
|
|
59
|
+
- If the decision affects security boundaries, flag for security review
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Document Generation
|
|
2
|
+
|
|
3
|
+
Use this skill when creating `.docx`, Markdown reports, user guides, runbooks, handoff docs, release notes, or executive summaries.
|
|
4
|
+
|
|
5
|
+
## Tools
|
|
6
|
+
|
|
7
|
+
- Use `create_docx` for simple Word documents.
|
|
8
|
+
- Use `write_file` for Markdown, plain text, JSON, or CSV artifacts.
|
|
9
|
+
- Use `read_many_files` to gather source material.
|
|
10
|
+
- Use `fetch_url` or `web_search` only when the document needs current external facts.
|
|
11
|
+
|
|
12
|
+
## DOCX guidance
|
|
13
|
+
|
|
14
|
+
The built-in `create_docx` tool supports a title and markdown-like body:
|
|
15
|
+
|
|
16
|
+
- `# Heading`
|
|
17
|
+
- `## Heading`
|
|
18
|
+
- `### Heading`
|
|
19
|
+
- `- bullet`
|
|
20
|
+
- blank lines
|
|
21
|
+
- paragraphs
|
|
22
|
+
|
|
23
|
+
For complex layout, tables, images, tracked changes, or strict corporate templates, say that native output is basic and generate a Markdown source plus DOCX if useful.
|
|
24
|
+
|
|
25
|
+
## Writing standard
|
|
26
|
+
|
|
27
|
+
- Lead with the answer.
|
|
28
|
+
- Use short sections and concrete headings.
|
|
29
|
+
- Avoid invented citations. If factual claims depend on current information, use web tools and cite URLs in the document text.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Frontend UX
|
|
2
|
+
|
|
3
|
+
Use this skill for web UI, TUI, CLI UX, onboarding, forms, dashboards, and user-facing flows.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `list_tree`, `grep_files`, and `read_many_files` to identify framework and design conventions.
|
|
8
|
+
2. Prefer existing components and styles.
|
|
9
|
+
3. For CLI/TUI UX, verify key handling, resize behavior, scrollback, alternate screen, and visible feedback.
|
|
10
|
+
4. For standalone browser games, canvas demos, prototypes, or simple static pages, load `/static-app` and publish a runnable HTML artifact.
|
|
11
|
+
5. Use `start_server` for local dev servers; call `wait_for_url` to prove readiness; inspect `read_server_log` for failures; use `open_browser` when a preview is useful.
|
|
12
|
+
|
|
13
|
+
## Standards
|
|
14
|
+
|
|
15
|
+
- Build the actual usable workflow, not a placeholder page.
|
|
16
|
+
- For static browser deliverables, ship a runnable artifact rather than code pasted into chat.
|
|
17
|
+
- Keep controls predictable and dense enough for repeated use.
|
|
18
|
+
- Avoid hidden state: important hooks, tools, subagents, errors, and queued input need visible evidence.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Git And Release
|
|
2
|
+
|
|
3
|
+
Use this skill for commit hygiene, npm package release prep, GitHub CI repair, and deployment-oriented changes.
|
|
4
|
+
|
|
5
|
+
## Git discipline
|
|
6
|
+
|
|
7
|
+
- Inspect `git status` before staging.
|
|
8
|
+
- Do not revert unrelated user changes.
|
|
9
|
+
- Keep commits scoped and authored with the configured repository identity.
|
|
10
|
+
- For this project, release commits should use `geaglin09 <geaglin09@gmail.com>`.
|
|
11
|
+
|
|
12
|
+
## Version discipline
|
|
13
|
+
|
|
14
|
+
- Do not ask users to retest a version they already reported as broken.
|
|
15
|
+
- Bump `package.json`, `harness/Cargo.toml`, and `harness/Cargo.lock` together.
|
|
16
|
+
- Verify the npm package does not include unrelated build artifacts.
|
|
17
|
+
- Next.js is not a CLI dependency.
|
|
18
|
+
|
|
19
|
+
## Verification
|
|
20
|
+
|
|
21
|
+
- Use `cargo test --manifest-path harness/Cargo.toml`.
|
|
22
|
+
- Use `cargo clippy --manifest-path harness/Cargo.toml --all-targets --locked -- -D warnings`.
|
|
23
|
+
- Use `npm pack --dry-run` to inspect package contents before publishing.
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# Release Notes
|
|
2
|
+
|
|
3
|
+
Use this skill when writing changelogs, release notes, migration notes, npm package descriptions, or PR summaries.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `run_command` with `git log`, `git diff`, and `git status`.
|
|
8
|
+
2. Use `read_file` for package metadata and README changes.
|
|
9
|
+
3. Group notes by user-visible areas: Added, Changed, Fixed, Removed, Security.
|
|
10
|
+
4. Include upgrade notes and compatibility warnings.
|
|
11
|
+
5. Use `write_file` to update changelog/release artifacts when asked.
|
|
12
|
+
|
|
13
|
+
## Standard
|
|
14
|
+
|
|
15
|
+
- Do not list internal refactors unless they matter to users.
|
|
16
|
+
- Mention version numbers and package names exactly.
|
|
17
|
+
- Include verification commands that passed.
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# Research
|
|
2
|
+
|
|
3
|
+
Use this skill when answering questions that require current facts, comparing tools, investigating docs, or grounding a recommendation.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `web_search` to find candidate sources.
|
|
8
|
+
2. Use `fetch_url` for primary sources and official documentation.
|
|
9
|
+
3. Use `read_file` for local repo context before applying external guidance.
|
|
10
|
+
4. Summarize what is known, what is inferred, and what remains uncertain.
|
|
11
|
+
|
|
12
|
+
## Standards
|
|
13
|
+
|
|
14
|
+
- Prefer official docs, source repositories, standards, and primary research.
|
|
15
|
+
- Do not overquote sources.
|
|
16
|
+
- If the answer could be outdated, use web tools.
|
|
17
|
+
- For implementation work, translate findings into concrete repo changes.
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Rust CLI Engineering
|
|
2
|
+
|
|
3
|
+
Use this skill for Rust command-line, TUI, process, filesystem, packaging, or cross-platform terminal work.
|
|
4
|
+
|
|
5
|
+
## Tool workflow
|
|
6
|
+
|
|
7
|
+
- Use `read_file` on `Cargo.toml`, relevant modules, and tests before editing.
|
|
8
|
+
- Use `grep_files` for symbol discovery and `find_files` for module layout.
|
|
9
|
+
- Use `run_command` for `cargo fmt`, `cargo test`, `cargo check`, and `cargo clippy`.
|
|
10
|
+
- Use `edit_file` for surgical changes; use `write_file` for new modules or tests.
|
|
11
|
+
|
|
12
|
+
## TUI rules
|
|
13
|
+
|
|
14
|
+
- Alternate screen behavior must emit enter and leave sequences in interactive mode.
|
|
15
|
+
- Raw mode must be restored on exit, including error paths.
|
|
16
|
+
- Composer rendering must not steal the output cursor from streaming assistant text.
|
|
17
|
+
- Key handling should use terminal events, not line-buffered stdin, when raw mode is active.
|
|
18
|
+
- Shift+Tab is commonly reported as backtab; handle it separately from Tab completion.
|
|
19
|
+
- PTY tests are preferred for alternate screen and raw input behavior.
|
|
20
|
+
|
|
21
|
+
## Rust quality
|
|
22
|
+
|
|
23
|
+
- Avoid panics on user-controlled input and terminal dimensions.
|
|
24
|
+
- Keep JSON payloads structured with `serde_json::json!`.
|
|
25
|
+
- Clip or truncate large tool/hook outputs before storing or rendering them.
|
|
26
|
+
- Make clippy happy under `-D warnings`.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Security Review
|
|
2
|
+
|
|
3
|
+
Use this skill for threat modeling, dependency risk, command execution risk, hook/plugin safety, credential handling, and prompt-injection-sensitive workflows.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `grep_files` for risky patterns: secrets, shell execution, network fetches, deserialization, path traversal, auth, permissions.
|
|
8
|
+
2. Use `read_many_files` for security-critical flows.
|
|
9
|
+
3. Use `run_command` for native scanners only if already installed or configured by the repo.
|
|
10
|
+
4. Use `todo_write` to track threat model areas.
|
|
11
|
+
|
|
12
|
+
## Review checklist
|
|
13
|
+
|
|
14
|
+
- Inputs are validated before filesystem, shell, or network actions.
|
|
15
|
+
- Paths are normalized and sensitive locations are protected.
|
|
16
|
+
- Hooks and commands are visible/auditable.
|
|
17
|
+
- Credentials are not logged, traced, or sent to non-HTTPS endpoints.
|
|
18
|
+
- Permission gates cover mutating and destructive operations.
|
|
19
|
+
- External content cannot silently instruct the agent to run unsafe commands.
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
# Self-Knowledge
|
|
2
|
+
|
|
3
|
+
Use this skill whenever the user asks how buildwithnexus works, reports a bug in buildwithnexus, asks you to repair or extend buildwithnexus itself, or asks about TUI behavior, hooks, tool calls, subagents, skills, memory, sessions, npm packaging, or local model setup.
|
|
4
|
+
|
|
5
|
+
## What buildwithnexus is
|
|
6
|
+
|
|
7
|
+
buildwithnexus is a Rust CLI agent harness. The npm package is a thin Node launcher that resolves or builds the Rust binary; Next.js is not part of the CLI runtime.
|
|
8
|
+
|
|
9
|
+
Core Rust modules:
|
|
10
|
+
|
|
11
|
+
- `src/lib.rs`: CLI routing, interactive REPL, slash commands, session lifecycle.
|
|
12
|
+
- `src/tui.rs`: alternate screen, raw-mode input, persistent composer, Shift+Tab mode cycling, typeahead, streaming renderer.
|
|
13
|
+
- `src/agent.rs`: PLAN, BUILD, and BRAINSTORM orchestration, tool loops, subagents, context compaction, permission gates.
|
|
14
|
+
- `src/tools.rs`: built-in tool definitions and implementations.
|
|
15
|
+
- `src/hooks.rs`: Claude Code-compatible lifecycle hooks.
|
|
16
|
+
- `src/trace.rs`: navigable trace ledger for hooks, tools, skills, and subagents.
|
|
17
|
+
- `src/config.rs`: settings, memory, skills, commands, hooks discovery, provider presets.
|
|
18
|
+
- `src/provider.rs`: provider protocols, completions, streaming, tool-call parsing.
|
|
19
|
+
- `src/session.rs`: saved session history, resume, continue.
|
|
20
|
+
- `src/checkpoint.rs`: edit checkpoints and undo.
|
|
21
|
+
- `src/onboarding.rs`: init/setup flow, including local model choices.
|
|
22
|
+
- `src/report.rs`: human and JSON event reporting.
|
|
23
|
+
|
|
24
|
+
## Actual built-in tools
|
|
25
|
+
|
|
26
|
+
The agent can call these tools through model tool calls:
|
|
27
|
+
|
|
28
|
+
- `read_file`
|
|
29
|
+
- `read_many_files`
|
|
30
|
+
- `list_dir`
|
|
31
|
+
- `list_tree`
|
|
32
|
+
- `file_info`
|
|
33
|
+
- `find_files`
|
|
34
|
+
- `grep_files`
|
|
35
|
+
- `write_file`
|
|
36
|
+
- `edit_file`
|
|
37
|
+
- `multi_edit`
|
|
38
|
+
- `apply_patch`
|
|
39
|
+
- `create_dir`
|
|
40
|
+
- `move_path`
|
|
41
|
+
- `remove_path`
|
|
42
|
+
- `run_command`
|
|
43
|
+
- `todo_write`
|
|
44
|
+
- `todo_read`
|
|
45
|
+
- `create_docx`
|
|
46
|
+
- `finish`
|
|
47
|
+
- `save_memory`
|
|
48
|
+
- `fetch_url`
|
|
49
|
+
- `web_search`
|
|
50
|
+
- `spawn_subagent` in BUILD mode
|
|
51
|
+
|
|
52
|
+
The model should use these tools directly. It should not claim access to unavailable external tools unless it invokes them through `run_command` and verifies they exist.
|
|
53
|
+
|
|
54
|
+
## Repair workflow
|
|
55
|
+
|
|
56
|
+
When fixing buildwithnexus itself:
|
|
57
|
+
|
|
58
|
+
1. Reproduce with the local Rust binary first:
|
|
59
|
+
`cargo run --manifest-path harness/Cargo.toml -- <args>`
|
|
60
|
+
2. Prefer PTY tests for TUI behavior because alternate-screen, raw mode, cursor save/restore, Shift+Tab, and composer behavior require a terminal.
|
|
61
|
+
3. If Computer Use cannot operate the Terminal app, say that explicitly. Do not claim a visual Terminal E2E was completed.
|
|
62
|
+
4. Keep fixes in Rust unless the issue is specifically the npm launcher or docs.
|
|
63
|
+
5. Run:
|
|
64
|
+
`cargo test --manifest-path harness/Cargo.toml`
|
|
65
|
+
`cargo clippy --manifest-path harness/Cargo.toml --all-targets --locked -- -D warnings`
|
|
66
|
+
6. For npm install issues, verify the package contents with:
|
|
67
|
+
`npm pack --dry-run`
|
|
68
|
+
|
|
69
|
+
## TUI expectations
|
|
70
|
+
|
|
71
|
+
The interactive UI should:
|
|
72
|
+
|
|
73
|
+
- Enter the terminal alternate screen on launch and leave it on exit.
|
|
74
|
+
- Keep shell scrollback hidden while the TUI is active.
|
|
75
|
+
- Use raw-mode key handling for Shift+Tab, Tab completion, history, editor shortcuts, and multiline input.
|
|
76
|
+
- Keep a persistent composer at the bottom row.
|
|
77
|
+
- Preserve output cursor position when rendering queued typeahead into the composer.
|
|
78
|
+
- Surface trace rows when tools, hooks, skills, and subagents are used.
|
|
79
|
+
- Let the user inspect trace details with `/trace` and `/trace <id>`.
|
|
80
|
+
|
|
81
|
+
## Hook and trace expectations
|
|
82
|
+
|
|
83
|
+
Hooks should capture:
|
|
84
|
+
|
|
85
|
+
- Event name: `SessionStart`, `SessionEnd`, `UserPromptSubmit`, `PreToolUse`, `PostToolUse`, `Stop`.
|
|
86
|
+
- Trigger payload, including tool name/input where applicable.
|
|
87
|
+
- Hook source: home or project.
|
|
88
|
+
- Matcher.
|
|
89
|
+
- Command or script path.
|
|
90
|
+
- Exit code, stdout, stderr.
|
|
91
|
+
- Deny/allow decisions when present.
|
|
92
|
+
|
|
93
|
+
Tools and subagents should capture:
|
|
94
|
+
|
|
95
|
+
- Tool name, input, result, error state, phase, and depth.
|
|
96
|
+
- Subagent task, role, isolate setting, working directory, and result.
|
|
97
|
+
- Loaded skills and Agents.md context with enough preview to debug why the model had that context.
|
|
98
|
+
|
|
99
|
+
## Packaging rules
|
|
100
|
+
|
|
101
|
+
- Bump `package.json`, `harness/Cargo.toml`, and `harness/Cargo.lock` together for a release.
|
|
102
|
+
- Ensure commits are authored as `geaglin09 <geaglin09@gmail.com>`.
|
|
103
|
+
- The npm package should not depend on Next.js.
|
|
104
|
+
- Do not ask users to retest a version they already reported as broken; cut a new version.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Spec Writing
|
|
2
|
+
|
|
3
|
+
Use this skill when the user asks for a product spec, implementation plan, technical design, PRD, RFC, acceptance criteria, or issue-ready task breakdown.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `read_file`, `read_many_files`, `list_tree`, and `grep_files` to understand the existing product and architecture.
|
|
8
|
+
2. Use `todo_write` for multi-section specs.
|
|
9
|
+
3. Write specs with clear sections: problem, goals, non-goals, users, behavior, UX/API contract, data model, rollout, risks, tests, open questions.
|
|
10
|
+
4. Use `write_file` for Markdown specs in `docs/`, `.buildwithnexus/`, or the repo’s established planning location.
|
|
11
|
+
5. Use `create_docx` when the user asks for Word/docx output.
|
|
12
|
+
|
|
13
|
+
## Quality bar
|
|
14
|
+
|
|
15
|
+
- Make requirements testable.
|
|
16
|
+
- Separate decisions from open questions.
|
|
17
|
+
- Include concrete acceptance criteria.
|
|
18
|
+
- Name migration and compatibility risks.
|
|
19
|
+
- Keep implementation details aligned with the codebase, not generic architecture advice.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
# Static App and Canvas Game
|
|
2
|
+
|
|
3
|
+
Use this skill when the user asks for a small website, standalone browser app, canvas game, playable demo, visualization, animation, or prototype that can run without a build step.
|
|
4
|
+
|
|
5
|
+
## Output Contract
|
|
6
|
+
|
|
7
|
+
- Build the actual runnable thing, not an explanation.
|
|
8
|
+
- Prefer a single self-contained HTML file with embedded CSS and JavaScript unless the user explicitly asks for a framework.
|
|
9
|
+
- Use `Artifact` or `publish_artifact` with `type: "html"` for standalone deliverables.
|
|
10
|
+
- After publishing, use `open_browser` when possible so the user can try it immediately.
|
|
11
|
+
- Never respond with source code only in markdown when the task asks you to build the app.
|
|
12
|
+
|
|
13
|
+
## Canvas Game Standard
|
|
14
|
+
|
|
15
|
+
A canvas game should include:
|
|
16
|
+
|
|
17
|
+
- A visible play field that resizes to the viewport without clipping.
|
|
18
|
+
- Keyboard controls and touch/mobile controls when practical.
|
|
19
|
+
- A start or ready state, active play state, pause state, game-over state, and restart path.
|
|
20
|
+
- Score/progress feedback and clear collision or failure feedback.
|
|
21
|
+
- A real animation loop using `requestAnimationFrame`.
|
|
22
|
+
- No placeholder art or unimplemented TODO sections.
|
|
23
|
+
|
|
24
|
+
## Quality Bar
|
|
25
|
+
|
|
26
|
+
- Use cohesive visual styling, not a plain default canvas on a white page.
|
|
27
|
+
- Keep all text readable on mobile and desktop.
|
|
28
|
+
- Avoid external CDN dependencies for simple games and demos.
|
|
29
|
+
- If the user names a theme loosely, choose a good one and build immediately.
|
|
30
|
+
- Include concise usage instructions inside the artifact only when they help the user play or operate it.
|
|
31
|
+
|
|
32
|
+
## Verification
|
|
33
|
+
|
|
34
|
+
- If a browser opener is available, call `open_browser` on the artifact path.
|
|
35
|
+
- If the app needs a local server, call `start_server`, call `wait_for_url` to prove the URL responds, inspect `read_server_log` on failure, then call `open_browser` with the local URL.
|
|
36
|
+
- If browser launch fails because the environment has no GUI, report the artifact path and the exact command to open or serve it.
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# Test Engineering
|
|
2
|
+
|
|
3
|
+
Use this skill for adding tests, debugging failing checks, designing test plans, or improving coverage.
|
|
4
|
+
|
|
5
|
+
## Workflow
|
|
6
|
+
|
|
7
|
+
1. Use `grep_files` to find existing tests for the affected behavior.
|
|
8
|
+
2. Use `read_many_files` to compare implementation and nearby tests.
|
|
9
|
+
3. Add focused regression tests before or with the fix.
|
|
10
|
+
4. Use `run_command` to run the narrowest relevant test first, then the broader suite.
|
|
11
|
+
5. Record multi-step test work with `todo_write`.
|
|
12
|
+
|
|
13
|
+
## Test strategy
|
|
14
|
+
|
|
15
|
+
- Cover the behavior that failed, not incidental implementation.
|
|
16
|
+
- Prefer deterministic tests over sleeps and network calls.
|
|
17
|
+
- For TUI behavior, use PTY tests when possible.
|
|
18
|
+
- For package/deployment behavior, test package contents or build output, not just source state.
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# Tool Use
|
|
2
|
+
|
|
3
|
+
Use this skill whenever the task requires acting through buildwithnexus tools.
|
|
4
|
+
|
|
5
|
+
## Available tools
|
|
6
|
+
|
|
7
|
+
- `read_file`: read UTF-8 files, optionally with `start_line` and `end_line`.
|
|
8
|
+
- `read_many_files`: read several related text files in one call.
|
|
9
|
+
- `list_dir`: list directory entries.
|
|
10
|
+
- `list_tree`: recursively list a bounded tree.
|
|
11
|
+
- `file_info`: inspect file or directory metadata.
|
|
12
|
+
- `find_files`: recursively find files by simple glob pattern.
|
|
13
|
+
- `grep_files`: literal text search with optional file pattern.
|
|
14
|
+
- `write_file`: create or overwrite a file.
|
|
15
|
+
- `edit_file`: replace one unique text occurrence in a file.
|
|
16
|
+
- `multi_edit`: apply several exact replacements to one file.
|
|
17
|
+
- `Artifact` / `publish_artifact`: Publish a structured document, webpage, SVG, diagram, or dataset.
|
|
18
|
+
- `str_replace_editor` / `text_editor_20241022` / `text_editor_20250124`: A unified tool for viewing, creating, and editing files natively.
|
|
19
|
+
- `AskUserQuestion`: Present the user with an interactive multiple-choice or written question.
|
|
20
|
+
- `apply_patch`: apply a unified diff through `git apply`.
|
|
21
|
+
- `create_dir`, `move_path`, `remove_path`: basic filesystem mutation.
|
|
22
|
+
- `run_command`: run shell commands and return output.
|
|
23
|
+
- `todo_write`, `todo_read`: maintain a structured task list.
|
|
24
|
+
- `create_docx`: create a simple Word Document (.docx) from title and body. Do NOT use for HTML or code.
|
|
25
|
+
- `fetch_url`: HTTP GET for a specific URL.
|
|
26
|
+
- `web_search`: DuckDuckGo-backed web search.
|
|
27
|
+
- `headless_browser`: fetch and extract readable page text and links.
|
|
28
|
+
- `start_server`, `list_servers`, `wait_for_url`, `read_server_log`, `stop_server`: manage and verify long-running local dev servers. Use these instead of `run_command` for `npm run dev`, Vite, Next, Python, Rails, Cargo web servers, and similar watch/dev processes.
|
|
29
|
+
- `open_browser`: open a local URL or generated HTML artifact in the user's default browser.
|
|
30
|
+
- `save_memory`: persist durable user preferences or facts.
|
|
31
|
+
- `spawn_subagent`: delegate a self-contained task to a fresh agent context.
|
|
32
|
+
- `finish`: complete the task with a short summary.
|
|
33
|
+
|
|
34
|
+
## Tool Discipline
|
|
35
|
+
|
|
36
|
+
- **Mandatory Tool Usage:** Whenever generating or editing code, HTML, or any file contents, you MUST use the appropriate tool (e.g., `Artifact`, `str_replace_editor`, `write_file`). NEVER just write the code in plain markdown as your text response.
|
|
37
|
+
- **Runnable Artifacts:** For canvas games, standalone browser apps, demos, and simple web pages, publish a complete static HTML artifact with `Artifact` / `publish_artifact`; then use `open_browser` when possible.
|
|
38
|
+
- **No Placeholders:** When using file modification tools or `Artifact`, the contents MUST be fully implemented code or text. DO NOT use placeholders like `// canvas game logic here`.
|
|
39
|
+
|
|
40
|
+
- **No Permission Seeking:** DO NOT ask the user for permission, themes, or layout choices. If instructions are open-ended, make a reasonable decision and just build it.
|
|
41
|
+
## Choosing tools
|
|
42
|
+
|
|
43
|
+
- Read/search/list tools are the default first step.
|
|
44
|
+
- Use `run_command` for native project commands and checks.
|
|
45
|
+
- Use `start_server` for long-running dev servers; use `wait_for_url` to prove readiness, and `read_server_log` to diagnose failures.
|
|
46
|
+
- Use `fetch_url` for a known page and `web_search` when the target page is unknown or current information is needed.
|
|
47
|
+
- Use `spawn_subagent` only for clearly separable work, such as independent research or a parallel audit.
|
|
48
|
+
- Use mutating tools only after understanding the current file contents.
|
|
49
|
+
|
|
50
|
+
## Evidence
|
|
51
|
+
|
|
52
|
+
Tool calls, results, hook executions, skills, and subagents are visible in the TUI trace. Use `/trace` to list events and `/trace <id>` to inspect inputs, triggers, outputs, and decisions.
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
# Verification Workflow
|
|
2
|
+
|
|
3
|
+
When implementing code changes (bug fixes, features, refactors), follow this constrained workflow. Do NOT edit files immediately.
|
|
4
|
+
|
|
5
|
+
## Before Writing Code
|
|
6
|
+
|
|
7
|
+
1. **Understand the scope**
|
|
8
|
+
- Search the repo for relevant files: `search` for keywords
|
|
9
|
+
- Read the affected code: `read_file` on key files
|
|
10
|
+
- Map the call graph: `grep` for callers of affected functions
|
|
11
|
+
- Check existing tests: `glob` for test files, `read_file` to review them
|
|
12
|
+
|
|
13
|
+
2. **Identify constraints**
|
|
14
|
+
- Check for public API contracts that must not break
|
|
15
|
+
- Check for database schema dependencies
|
|
16
|
+
- Check for naming and error-handling conventions
|
|
17
|
+
- Check for existing CI configuration
|
|
18
|
+
- Check git history for related changes: `bash git log --oneline -10 -- <file>`
|
|
19
|
+
|
|
20
|
+
3. **Reproduce the issue** (for bug fixes)
|
|
21
|
+
- Read the test suite for the affected area
|
|
22
|
+
- If possible, write a failing test first
|
|
23
|
+
- Confirm the failure before fixing
|
|
24
|
+
|
|
25
|
+
## Writing Code
|
|
26
|
+
|
|
27
|
+
4. **Apply the smallest safe fix**
|
|
28
|
+
- Do not change public API behavior unless required
|
|
29
|
+
- Prefer narrow patches over broad rewrites
|
|
30
|
+
- Do not weaken validation to fix parsing bugs
|
|
31
|
+
- Respect existing naming and error-handling conventions
|
|
32
|
+
- Do not introduce new runtime dependencies unless justified
|
|
33
|
+
|
|
34
|
+
5. **Add or update tests**
|
|
35
|
+
- Every bug fix MUST include a regression test
|
|
36
|
+
- Every new feature MUST include unit tests
|
|
37
|
+
- Tests should cover the happy path AND edge cases
|
|
38
|
+
|
|
39
|
+
## After Writing Code
|
|
40
|
+
|
|
41
|
+
6. **Verify the change**
|
|
42
|
+
- Run the relevant test suite: `bash` with the project's test command
|
|
43
|
+
- Check for lint/format issues if a linter is configured
|
|
44
|
+
- Review the diff for unintended changes
|
|
45
|
+
|
|
46
|
+
7. **Summarize the change**
|
|
47
|
+
- Root cause (for bugs)
|
|
48
|
+
- Files affected
|
|
49
|
+
- Fix strategy
|
|
50
|
+
- Tests added or changed
|
|
51
|
+
- Validation result (tests pass/fail)
|
|
52
|
+
- Residual risk (what could still go wrong)
|
|
53
|
+
|
|
54
|
+
## Rules
|
|
55
|
+
|
|
56
|
+
- A bug fix without a regression test is INCOMPLETE
|
|
57
|
+
- Do not claim a fix is complete until tests pass
|
|
58
|
+
- If a change touches authentication, flag for security review
|
|
59
|
+
- If a migration is destructive, require a rollback strategy
|
|
60
|
+
- If a function is public, search for all callers before changing its contract
|
|
61
|
+
- If logs might contain secrets, block the change
|
|
62
|
+
- If the change adds a dependency, check license and maintenance status
|