buildwithnexus 0.10.4 → 0.10.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +1 -0
  2. package/harness/Cargo.lock +6 -5
  3. package/harness/Cargo.toml +2 -8
  4. package/harness/src/agent.rs +2665 -246
  5. package/harness/src/bundled_skills/code-review.md +17 -0
  6. package/harness/src/bundled_skills/codebase-repair.md +32 -0
  7. package/harness/src/bundled_skills/data-analysis.md +16 -0
  8. package/harness/src/bundled_skills/decision_support.md +59 -0
  9. package/harness/src/bundled_skills/document-generation.md +29 -0
  10. package/harness/src/bundled_skills/frontend-ux.md +18 -0
  11. package/harness/src/bundled_skills/git-release.md +23 -0
  12. package/harness/src/bundled_skills/release-notes.md +17 -0
  13. package/harness/src/bundled_skills/research.md +17 -0
  14. package/harness/src/bundled_skills/rust-cli.md +26 -0
  15. package/harness/src/bundled_skills/security-review.md +19 -0
  16. package/harness/src/bundled_skills/self-knowledge.md +104 -0
  17. package/harness/src/bundled_skills/spec-writing.md +19 -0
  18. package/harness/src/bundled_skills/static-app.md +36 -0
  19. package/harness/src/bundled_skills/test-engineering.md +18 -0
  20. package/harness/src/bundled_skills/tool-use.md +52 -0
  21. package/harness/src/bundled_skills/verification_workflow.md +62 -0
  22. package/harness/src/checkpoint.rs +105 -8
  23. package/harness/src/config.rs +533 -88
  24. package/harness/src/hooks.rs +306 -52
  25. package/harness/src/knowledge.rs +433 -0
  26. package/harness/src/lib.rs +2127 -249
  27. package/harness/src/local.rs +13 -4
  28. package/harness/src/onboarding.rs +91 -21
  29. package/harness/src/provider.rs +346 -79
  30. package/harness/src/report.rs +37 -13
  31. package/harness/src/rules.rs +467 -0
  32. package/harness/src/session.rs +36 -9
  33. package/harness/src/tools.rs +3021 -114
  34. package/harness/src/trace.rs +218 -0
  35. package/harness/src/tui.rs +2174 -237
  36. package/harness/src/verifier.rs +375 -0
  37. package/harness/src/workflow.rs +72 -32
  38. package/package.json +1 -1
  39. package/scripts/postinstall.js +4 -1
  40. package/scripts/resolve-binary.js +2 -0
@@ -0,0 +1,17 @@
1
+ # Code Review
2
+
3
+ Use this skill when reviewing changes, auditing a PR, or checking for regressions.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `run_command` with `git status`, `git diff`, and `git diff --staged`.
8
+ 2. Use `read_file` for files where line context matters.
9
+ 3. Prioritize findings by severity.
10
+ 4. Mention tests that were not run or risk that remains.
11
+
12
+ ## Findings standard
13
+
14
+ - Lead with bugs, security risks, data loss risks, broken UX, or missing tests.
15
+ - Cite file paths and exact behavior.
16
+ - Do not pad the review with style preferences.
17
+ - If no issues are found, say that clearly and list residual test gaps.
@@ -0,0 +1,32 @@
1
+ # Codebase Repair
2
+
3
+ Use this skill when the user asks to fix a bug, implement a feature, clean up a regression, or investigate failing behavior in a repository.
4
+
5
+ ## Tool workflow
6
+
7
+ 1. Start with `list_dir`, `find_files`, and `grep_files` to understand the codebase shape.
8
+ 2. Use `read_file` before `edit_file` or `write_file`; edits to existing files are expected to be read first.
9
+ 3. Prefer `grep_files` and `find_files` over shell search when they are enough.
10
+ 4. Use `run_command` for project-native checks such as `cargo test`, `cargo clippy`, `npm test`, `npm run build`, `git diff`, and package-specific scripts.
11
+ 5. Use `finish` only after implementation and verification are complete, or after explaining a real blocker.
12
+
13
+ ## Repair discipline
14
+
15
+ - Keep changes scoped to the reported behavior.
16
+ - Match existing style before adding abstractions.
17
+ - Add or update tests when behavior changes.
18
+ - If a check fails, inspect the error and fix the cause rather than masking it.
19
+ - When a terminal/TUI bug is involved, use a PTY or real terminal path for validation where possible.
20
+ - If Computer Use cannot operate the Terminal app, say so plainly and provide local terminal commands for manual verification.
21
+
22
+ ## Standard verification
23
+
24
+ For Rust CLI work, prefer:
25
+
26
+ - `cargo test --manifest-path harness/Cargo.toml`
27
+ - `cargo clippy --manifest-path harness/Cargo.toml --all-targets --locked -- -D warnings`
28
+
29
+ For npm package work, prefer:
30
+
31
+ - `npm pack --dry-run`
32
+ - installing from the local tarball in a temporary directory when package contents matter.
@@ -0,0 +1,16 @@
1
+ # Data Analysis
2
+
3
+ Use this skill for CSV/JSON/log analysis, metrics summaries, benchmark interpretation, or report generation.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `file_info`, `read_file`, and `read_many_files` to inspect inputs.
8
+ 2. Use `run_command` with existing tools such as `jq`, `awk`, `python3`, or project scripts when available.
9
+ 3. Use `write_file` for derived CSV/JSON/Markdown outputs.
10
+ 4. Use `create_docx` for a Word-ready summary when requested.
11
+
12
+ ## Standards
13
+
14
+ - Preserve raw data; write derived outputs separately.
15
+ - Explain assumptions and missing data.
16
+ - Include reproducible commands or scripts when analysis is non-trivial.
@@ -0,0 +1,59 @@
1
+ # Decision Support
2
+
3
+ When asked to evaluate a design decision, architecture choice, or strategic question, follow this structured workflow. Do NOT answer from intuition alone.
4
+
5
+ ## Workflow
6
+
7
+ 1. **Classify the decision**
8
+ - What type? (architecture, implementation, deployment, security, data model, dependency, process)
9
+ - What scope? (single file, module, service, system-wide)
10
+ - What urgency? (blocking, important, can-defer)
11
+
12
+ 2. **Gather evidence** — call these tools BEFORE forming an opinion:
13
+ - `search` / `grep`: Find relevant code, configs, and docs
14
+ - `read_file`: Read architecture decisions, README, existing implementations
15
+ - `glob`: Map the affected file/module structure
16
+ - `bash`: Run `git log` for history, check CI status, list dependencies
17
+
18
+ 3. **Identify constraints** — document what limits the decision:
19
+ - Existing API contracts
20
+ - Database schema dependencies
21
+ - Team capacity and operational maturity
22
+ - Security and compliance requirements
23
+ - Performance requirements
24
+ - Timeline pressures
25
+
26
+ 4. **Evaluate options** — for each option:
27
+ - Describe the approach
28
+ - List evidence supporting it
29
+ - List evidence against it
30
+ - Assess: risk, cost, reversibility, blast radius
31
+ - Note assumptions made
32
+
33
+ 5. **Apply decision rules**:
34
+ - If the change shares lifecycle, data, and failure domain → prefer extending existing
35
+ - If different scaling, security, or release needs → consider separation
36
+ - If team lacks operational maturity → avoid fragmentation
37
+ - If critical path → require feature flags and staged rollout
38
+ - If dependency is unmaintained → avoid adding
39
+ - If data is destructive → require rollback plan
40
+
41
+ 6. **Produce a decision memo** with these sections:
42
+ - **Recommendation**: clear, actionable statement
43
+ - **Rationale**: why this option, grounded in evidence
44
+ - **Evidence**: what was inspected (files, tests, docs, history)
45
+ - **Tradeoffs**: what you gain and what you give up
46
+ - **Risks**: what could go wrong and mitigations
47
+ - **Assumptions**: what you assumed but couldn't verify
48
+ - **Confidence**: high/medium/low with explanation
49
+ - **Next actions**: concrete steps to implement the decision
50
+
51
+ ## Rules
52
+
53
+ - Never recommend without inspecting relevant code and docs first
54
+ - Always state your confidence level
55
+ - Always list assumptions
56
+ - If evidence is missing, say so explicitly
57
+ - Prefer reversible decisions when confidence is medium or low
58
+ - If the decision could cause data loss, require a rollback plan
59
+ - If the decision affects security boundaries, flag for security review
@@ -0,0 +1,29 @@
1
+ # Document Generation
2
+
3
+ Use this skill when creating `.docx`, Markdown reports, user guides, runbooks, handoff docs, release notes, or executive summaries.
4
+
5
+ ## Tools
6
+
7
+ - Use `create_docx` for simple Word documents.
8
+ - Use `write_file` for Markdown, plain text, JSON, or CSV artifacts.
9
+ - Use `read_many_files` to gather source material.
10
+ - Use `fetch_url` or `web_search` only when the document needs current external facts.
11
+
12
+ ## DOCX guidance
13
+
14
+ The built-in `create_docx` tool supports a title and markdown-like body:
15
+
16
+ - `# Heading`
17
+ - `## Heading`
18
+ - `### Heading`
19
+ - `- bullet`
20
+ - blank lines
21
+ - paragraphs
22
+
23
+ For complex layout, tables, images, tracked changes, or strict corporate templates, say that native output is basic and generate a Markdown source plus DOCX if useful.
24
+
25
+ ## Writing standard
26
+
27
+ - Lead with the answer.
28
+ - Use short sections and concrete headings.
29
+ - Avoid invented citations. If factual claims depend on current information, use web tools and cite URLs in the document text.
@@ -0,0 +1,18 @@
1
+ # Frontend UX
2
+
3
+ Use this skill for web UI, TUI, CLI UX, onboarding, forms, dashboards, and user-facing flows.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `list_tree`, `grep_files`, and `read_many_files` to identify framework and design conventions.
8
+ 2. Prefer existing components and styles.
9
+ 3. For CLI/TUI UX, verify key handling, resize behavior, scrollback, alternate screen, and visible feedback.
10
+ 4. For standalone browser games, canvas demos, prototypes, or simple static pages, load `/static-app` and publish a runnable HTML artifact.
11
+ 5. Use `start_server` for local dev servers; call `wait_for_url` to prove readiness; inspect `read_server_log` for failures; use `open_browser` when a preview is useful.
12
+
13
+ ## Standards
14
+
15
+ - Build the actual usable workflow, not a placeholder page.
16
+ - For static browser deliverables, ship a runnable artifact rather than code pasted into chat.
17
+ - Keep controls predictable and dense enough for repeated use.
18
+ - Avoid hidden state: important hooks, tools, subagents, errors, and queued input need visible evidence.
@@ -0,0 +1,23 @@
1
+ # Git And Release
2
+
3
+ Use this skill for commit hygiene, npm package release prep, GitHub CI repair, and deployment-oriented changes.
4
+
5
+ ## Git discipline
6
+
7
+ - Inspect `git status` before staging.
8
+ - Do not revert unrelated user changes.
9
+ - Keep commits scoped and authored with the configured repository identity.
10
+ - For this project, release commits should use `geaglin09 <geaglin09@gmail.com>`.
11
+
12
+ ## Version discipline
13
+
14
+ - Do not ask users to retest a version they already reported as broken.
15
+ - Bump `package.json`, `harness/Cargo.toml`, and `harness/Cargo.lock` together.
16
+ - Verify the npm package does not include unrelated build artifacts.
17
+ - Next.js is not a CLI dependency.
18
+
19
+ ## Verification
20
+
21
+ - Use `cargo test --manifest-path harness/Cargo.toml`.
22
+ - Use `cargo clippy --manifest-path harness/Cargo.toml --all-targets --locked -- -D warnings`.
23
+ - Use `npm pack --dry-run` to inspect package contents before publishing.
@@ -0,0 +1,17 @@
1
+ # Release Notes
2
+
3
+ Use this skill when writing changelogs, release notes, migration notes, npm package descriptions, or PR summaries.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `run_command` with `git log`, `git diff`, and `git status`.
8
+ 2. Use `read_file` for package metadata and README changes.
9
+ 3. Group notes by user-visible areas: Added, Changed, Fixed, Removed, Security.
10
+ 4. Include upgrade notes and compatibility warnings.
11
+ 5. Use `write_file` to update changelog/release artifacts when asked.
12
+
13
+ ## Standard
14
+
15
+ - Do not list internal refactors unless they matter to users.
16
+ - Mention version numbers and package names exactly.
17
+ - Include verification commands that passed.
@@ -0,0 +1,17 @@
1
+ # Research
2
+
3
+ Use this skill when answering questions that require current facts, comparing tools, investigating docs, or grounding a recommendation.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `web_search` to find candidate sources.
8
+ 2. Use `fetch_url` for primary sources and official documentation.
9
+ 3. Use `read_file` for local repo context before applying external guidance.
10
+ 4. Summarize what is known, what is inferred, and what remains uncertain.
11
+
12
+ ## Standards
13
+
14
+ - Prefer official docs, source repositories, standards, and primary research.
15
+ - Do not overquote sources.
16
+ - If the answer could be outdated, use web tools.
17
+ - For implementation work, translate findings into concrete repo changes.
@@ -0,0 +1,26 @@
1
+ # Rust CLI Engineering
2
+
3
+ Use this skill for Rust command-line, TUI, process, filesystem, packaging, or cross-platform terminal work.
4
+
5
+ ## Tool workflow
6
+
7
+ - Use `read_file` on `Cargo.toml`, relevant modules, and tests before editing.
8
+ - Use `grep_files` for symbol discovery and `find_files` for module layout.
9
+ - Use `run_command` for `cargo fmt`, `cargo test`, `cargo check`, and `cargo clippy`.
10
+ - Use `edit_file` for surgical changes; use `write_file` for new modules or tests.
11
+
12
+ ## TUI rules
13
+
14
+ - Alternate screen behavior must emit enter and leave sequences in interactive mode.
15
+ - Raw mode must be restored on exit, including error paths.
16
+ - Composer rendering must not steal the output cursor from streaming assistant text.
17
+ - Key handling should use terminal events, not line-buffered stdin, when raw mode is active.
18
+ - Shift+Tab is commonly reported as backtab; handle it separately from Tab completion.
19
+ - PTY tests are preferred for alternate screen and raw input behavior.
20
+
21
+ ## Rust quality
22
+
23
+ - Avoid panics on user-controlled input and terminal dimensions.
24
+ - Keep JSON payloads structured with `serde_json::json!`.
25
+ - Clip or truncate large tool/hook outputs before storing or rendering them.
26
+ - Make clippy happy under `-D warnings`.
@@ -0,0 +1,19 @@
1
+ # Security Review
2
+
3
+ Use this skill for threat modeling, dependency risk, command execution risk, hook/plugin safety, credential handling, and prompt-injection-sensitive workflows.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `grep_files` for risky patterns: secrets, shell execution, network fetches, deserialization, path traversal, auth, permissions.
8
+ 2. Use `read_many_files` for security-critical flows.
9
+ 3. Use `run_command` for native scanners only if already installed or configured by the repo.
10
+ 4. Use `todo_write` to track threat model areas.
11
+
12
+ ## Review checklist
13
+
14
+ - Inputs are validated before filesystem, shell, or network actions.
15
+ - Paths are normalized and sensitive locations are protected.
16
+ - Hooks and commands are visible/auditable.
17
+ - Credentials are not logged, traced, or sent to non-HTTPS endpoints.
18
+ - Permission gates cover mutating and destructive operations.
19
+ - External content cannot silently instruct the agent to run unsafe commands.
@@ -0,0 +1,104 @@
1
+ # Self-Knowledge
2
+
3
+ Use this skill whenever the user asks how buildwithnexus works, reports a bug in buildwithnexus, asks you to repair or extend buildwithnexus itself, or asks about TUI behavior, hooks, tool calls, subagents, skills, memory, sessions, npm packaging, or local model setup.
4
+
5
+ ## What buildwithnexus is
6
+
7
+ buildwithnexus is a Rust CLI agent harness. The npm package is a thin Node launcher that resolves or builds the Rust binary; Next.js is not part of the CLI runtime.
8
+
9
+ Core Rust modules:
10
+
11
+ - `src/lib.rs`: CLI routing, interactive REPL, slash commands, session lifecycle.
12
+ - `src/tui.rs`: alternate screen, raw-mode input, persistent composer, Shift+Tab mode cycling, typeahead, streaming renderer.
13
+ - `src/agent.rs`: PLAN, BUILD, and BRAINSTORM orchestration, tool loops, subagents, context compaction, permission gates.
14
+ - `src/tools.rs`: built-in tool definitions and implementations.
15
+ - `src/hooks.rs`: Claude Code-compatible lifecycle hooks.
16
+ - `src/trace.rs`: navigable trace ledger for hooks, tools, skills, and subagents.
17
+ - `src/config.rs`: settings, memory, skills, commands, hooks discovery, provider presets.
18
+ - `src/provider.rs`: provider protocols, completions, streaming, tool-call parsing.
19
+ - `src/session.rs`: saved session history, resume, continue.
20
+ - `src/checkpoint.rs`: edit checkpoints and undo.
21
+ - `src/onboarding.rs`: init/setup flow, including local model choices.
22
+ - `src/report.rs`: human and JSON event reporting.
23
+
24
+ ## Actual built-in tools
25
+
26
+ The agent can call these tools through model tool calls:
27
+
28
+ - `read_file`
29
+ - `read_many_files`
30
+ - `list_dir`
31
+ - `list_tree`
32
+ - `file_info`
33
+ - `find_files`
34
+ - `grep_files`
35
+ - `write_file`
36
+ - `edit_file`
37
+ - `multi_edit`
38
+ - `apply_patch`
39
+ - `create_dir`
40
+ - `move_path`
41
+ - `remove_path`
42
+ - `run_command`
43
+ - `todo_write`
44
+ - `todo_read`
45
+ - `create_docx`
46
+ - `finish`
47
+ - `save_memory`
48
+ - `fetch_url`
49
+ - `web_search`
50
+ - `spawn_subagent` in BUILD mode
51
+
52
+ The model should use these tools directly. It should not claim access to unavailable external tools unless it invokes them through `run_command` and verifies they exist.
53
+
54
+ ## Repair workflow
55
+
56
+ When fixing buildwithnexus itself:
57
+
58
+ 1. Reproduce with the local Rust binary first:
59
+ `cargo run --manifest-path harness/Cargo.toml -- <args>`
60
+ 2. Prefer PTY tests for TUI behavior because alternate-screen, raw mode, cursor save/restore, Shift+Tab, and composer behavior require a terminal.
61
+ 3. If Computer Use cannot operate the Terminal app, say that explicitly. Do not claim a visual Terminal E2E was completed.
62
+ 4. Keep fixes in Rust unless the issue is specifically the npm launcher or docs.
63
+ 5. Run:
64
+ `cargo test --manifest-path harness/Cargo.toml`
65
+ `cargo clippy --manifest-path harness/Cargo.toml --all-targets --locked -- -D warnings`
66
+ 6. For npm install issues, verify the package contents with:
67
+ `npm pack --dry-run`
68
+
69
+ ## TUI expectations
70
+
71
+ The interactive UI should:
72
+
73
+ - Enter the terminal alternate screen on launch and leave it on exit.
74
+ - Keep shell scrollback hidden while the TUI is active.
75
+ - Use raw-mode key handling for Shift+Tab, Tab completion, history, editor shortcuts, and multiline input.
76
+ - Keep a persistent composer at the bottom row.
77
+ - Preserve output cursor position when rendering queued typeahead into the composer.
78
+ - Surface trace rows when tools, hooks, skills, and subagents are used.
79
+ - Let the user inspect trace details with `/trace` and `/trace <id>`.
80
+
81
+ ## Hook and trace expectations
82
+
83
+ Hooks should capture:
84
+
85
+ - Event name: `SessionStart`, `SessionEnd`, `UserPromptSubmit`, `PreToolUse`, `PostToolUse`, `Stop`.
86
+ - Trigger payload, including tool name/input where applicable.
87
+ - Hook source: home or project.
88
+ - Matcher.
89
+ - Command or script path.
90
+ - Exit code, stdout, stderr.
91
+ - Deny/allow decisions when present.
92
+
93
+ Tools and subagents should capture:
94
+
95
+ - Tool name, input, result, error state, phase, and depth.
96
+ - Subagent task, role, isolate setting, working directory, and result.
97
+ - Loaded skills and Agents.md context with enough preview to debug why the model had that context.
98
+
99
+ ## Packaging rules
100
+
101
+ - Bump `package.json`, `harness/Cargo.toml`, and `harness/Cargo.lock` together for a release.
102
+ - Ensure commits are authored as `geaglin09 <geaglin09@gmail.com>`.
103
+ - The npm package should not depend on Next.js.
104
+ - Do not ask users to retest a version they already reported as broken; cut a new version.
@@ -0,0 +1,19 @@
1
+ # Spec Writing
2
+
3
+ Use this skill when the user asks for a product spec, implementation plan, technical design, PRD, RFC, acceptance criteria, or issue-ready task breakdown.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `read_file`, `read_many_files`, `list_tree`, and `grep_files` to understand the existing product and architecture.
8
+ 2. Use `todo_write` for multi-section specs.
9
+ 3. Write specs with clear sections: problem, goals, non-goals, users, behavior, UX/API contract, data model, rollout, risks, tests, open questions.
10
+ 4. Use `write_file` for Markdown specs in `docs/`, `.buildwithnexus/`, or the repo’s established planning location.
11
+ 5. Use `create_docx` when the user asks for Word/docx output.
12
+
13
+ ## Quality bar
14
+
15
+ - Make requirements testable.
16
+ - Separate decisions from open questions.
17
+ - Include concrete acceptance criteria.
18
+ - Name migration and compatibility risks.
19
+ - Keep implementation details aligned with the codebase, not generic architecture advice.
@@ -0,0 +1,36 @@
1
+ # Static App and Canvas Game
2
+
3
+ Use this skill when the user asks for a small website, standalone browser app, canvas game, playable demo, visualization, animation, or prototype that can run without a build step.
4
+
5
+ ## Output Contract
6
+
7
+ - Build the actual runnable thing, not an explanation.
8
+ - Prefer a single self-contained HTML file with embedded CSS and JavaScript unless the user explicitly asks for a framework.
9
+ - Use `Artifact` or `publish_artifact` with `type: "html"` for standalone deliverables.
10
+ - After publishing, use `open_browser` when possible so the user can try it immediately.
11
+ - Never respond with source code only in markdown when the task asks you to build the app.
12
+
13
+ ## Canvas Game Standard
14
+
15
+ A canvas game should include:
16
+
17
+ - A visible play field that resizes to the viewport without clipping.
18
+ - Keyboard controls and touch/mobile controls when practical.
19
+ - A start or ready state, active play state, pause state, game-over state, and restart path.
20
+ - Score/progress feedback and clear collision or failure feedback.
21
+ - A real animation loop using `requestAnimationFrame`.
22
+ - No placeholder art or unimplemented TODO sections.
23
+
24
+ ## Quality Bar
25
+
26
+ - Use cohesive visual styling, not a plain default canvas on a white page.
27
+ - Keep all text readable on mobile and desktop.
28
+ - Avoid external CDN dependencies for simple games and demos.
29
+ - If the user names a theme loosely, choose a good one and build immediately.
30
+ - Include concise usage instructions inside the artifact only when they help the user play or operate it.
31
+
32
+ ## Verification
33
+
34
+ - If a browser opener is available, call `open_browser` on the artifact path.
35
+ - If the app needs a local server, call `start_server`, call `wait_for_url` to prove the URL responds, inspect `read_server_log` on failure, then call `open_browser` with the local URL.
36
+ - If browser launch fails because the environment has no GUI, report the artifact path and the exact command to open or serve it.
@@ -0,0 +1,18 @@
1
+ # Test Engineering
2
+
3
+ Use this skill for adding tests, debugging failing checks, designing test plans, or improving coverage.
4
+
5
+ ## Workflow
6
+
7
+ 1. Use `grep_files` to find existing tests for the affected behavior.
8
+ 2. Use `read_many_files` to compare implementation and nearby tests.
9
+ 3. Add focused regression tests before or with the fix.
10
+ 4. Use `run_command` to run the narrowest relevant test first, then the broader suite.
11
+ 5. Record multi-step test work with `todo_write`.
12
+
13
+ ## Test strategy
14
+
15
+ - Cover the behavior that failed, not incidental implementation.
16
+ - Prefer deterministic tests over sleeps and network calls.
17
+ - For TUI behavior, use PTY tests when possible.
18
+ - For package/deployment behavior, test package contents or build output, not just source state.
@@ -0,0 +1,52 @@
1
+ # Tool Use
2
+
3
+ Use this skill whenever the task requires acting through buildwithnexus tools.
4
+
5
+ ## Available tools
6
+
7
+ - `read_file`: read UTF-8 files, optionally with `start_line` and `end_line`.
8
+ - `read_many_files`: read several related text files in one call.
9
+ - `list_dir`: list directory entries.
10
+ - `list_tree`: recursively list a bounded tree.
11
+ - `file_info`: inspect file or directory metadata.
12
+ - `find_files`: recursively find files by simple glob pattern.
13
+ - `grep_files`: literal text search with optional file pattern.
14
+ - `write_file`: create or overwrite a file.
15
+ - `edit_file`: replace one unique text occurrence in a file.
16
+ - `multi_edit`: apply several exact replacements to one file.
17
+ - `Artifact` / `publish_artifact`: Publish a structured document, webpage, SVG, diagram, or dataset.
18
+ - `str_replace_editor` / `text_editor_20241022` / `text_editor_20250124`: A unified tool for viewing, creating, and editing files natively.
19
+ - `AskUserQuestion`: Present the user with an interactive multiple-choice or written question.
20
+ - `apply_patch`: apply a unified diff through `git apply`.
21
+ - `create_dir`, `move_path`, `remove_path`: basic filesystem mutation.
22
+ - `run_command`: run shell commands and return output.
23
+ - `todo_write`, `todo_read`: maintain a structured task list.
24
+ - `create_docx`: create a simple Word Document (.docx) from title and body. Do NOT use for HTML or code.
25
+ - `fetch_url`: HTTP GET for a specific URL.
26
+ - `web_search`: DuckDuckGo-backed web search.
27
+ - `headless_browser`: fetch and extract readable page text and links.
28
+ - `start_server`, `list_servers`, `wait_for_url`, `read_server_log`, `stop_server`: manage and verify long-running local dev servers. Use these instead of `run_command` for `npm run dev`, Vite, Next, Python, Rails, Cargo web servers, and similar watch/dev processes.
29
+ - `open_browser`: open a local URL or generated HTML artifact in the user's default browser.
30
+ - `save_memory`: persist durable user preferences or facts.
31
+ - `spawn_subagent`: delegate a self-contained task to a fresh agent context.
32
+ - `finish`: complete the task with a short summary.
33
+
34
+ ## Tool Discipline
35
+
36
+ - **Mandatory Tool Usage:** Whenever generating or editing code, HTML, or any file contents, you MUST use the appropriate tool (e.g., `Artifact`, `str_replace_editor`, `write_file`). NEVER just write the code in plain markdown as your text response.
37
+ - **Runnable Artifacts:** For canvas games, standalone browser apps, demos, and simple web pages, publish a complete static HTML artifact with `Artifact` / `publish_artifact`; then use `open_browser` when possible.
38
+ - **No Placeholders:** When using file modification tools or `Artifact`, the contents MUST be fully implemented code or text. DO NOT use placeholders like `// canvas game logic here`.
39
+
40
+ - **No Permission Seeking:** DO NOT ask the user for permission, themes, or layout choices. If instructions are open-ended, make a reasonable decision and just build it.
41
+ ## Choosing tools
42
+
43
+ - Read/search/list tools are the default first step.
44
+ - Use `run_command` for native project commands and checks.
45
+ - Use `start_server` for long-running dev servers; use `wait_for_url` to prove readiness, and `read_server_log` to diagnose failures.
46
+ - Use `fetch_url` for a known page and `web_search` when the target page is unknown or current information is needed.
47
+ - Use `spawn_subagent` only for clearly separable work, such as independent research or a parallel audit.
48
+ - Use mutating tools only after understanding the current file contents.
49
+
50
+ ## Evidence
51
+
52
+ Tool calls, results, hook executions, skills, and subagents are visible in the TUI trace. Use `/trace` to list events and `/trace <id>` to inspect inputs, triggers, outputs, and decisions.
@@ -0,0 +1,62 @@
1
+ # Verification Workflow
2
+
3
+ When implementing code changes (bug fixes, features, refactors), follow this constrained workflow. Do NOT edit files immediately.
4
+
5
+ ## Before Writing Code
6
+
7
+ 1. **Understand the scope**
8
+ - Search the repo for relevant files: `search` for keywords
9
+ - Read the affected code: `read_file` on key files
10
+ - Map the call graph: `grep` for callers of affected functions
11
+ - Check existing tests: `glob` for test files, `read_file` to review them
12
+
13
+ 2. **Identify constraints**
14
+ - Check for public API contracts that must not break
15
+ - Check for database schema dependencies
16
+ - Check for naming and error-handling conventions
17
+ - Check for existing CI configuration
18
+ - Check git history for related changes: `bash git log --oneline -10 -- <file>`
19
+
20
+ 3. **Reproduce the issue** (for bug fixes)
21
+ - Read the test suite for the affected area
22
+ - If possible, write a failing test first
23
+ - Confirm the failure before fixing
24
+
25
+ ## Writing Code
26
+
27
+ 4. **Apply the smallest safe fix**
28
+ - Do not change public API behavior unless required
29
+ - Prefer narrow patches over broad rewrites
30
+ - Do not weaken validation to fix parsing bugs
31
+ - Respect existing naming and error-handling conventions
32
+ - Do not introduce new runtime dependencies unless justified
33
+
34
+ 5. **Add or update tests**
35
+ - Every bug fix MUST include a regression test
36
+ - Every new feature MUST include unit tests
37
+ - Tests should cover the happy path AND edge cases
38
+
39
+ ## After Writing Code
40
+
41
+ 6. **Verify the change**
42
+ - Run the relevant test suite: `bash` with the project's test command
43
+ - Check for lint/format issues if a linter is configured
44
+ - Review the diff for unintended changes
45
+
46
+ 7. **Summarize the change**
47
+ - Root cause (for bugs)
48
+ - Files affected
49
+ - Fix strategy
50
+ - Tests added or changed
51
+ - Validation result (tests pass/fail)
52
+ - Residual risk (what could still go wrong)
53
+
54
+ ## Rules
55
+
56
+ - A bug fix without a regression test is INCOMPLETE
57
+ - Do not claim a fix is complete until tests pass
58
+ - If a change touches authentication, flag for security review
59
+ - If a migration is destructive, require a rollback strategy
60
+ - If a function is public, search for all callers before changing its contract
61
+ - If logs might contain secrets, block the change
62
+ - If the change adds a dependency, check license and maintenance status