npm - cc-devflow - Versions diffs - 1.0.1 - Mend

cc-devflow 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/.claude/CLAUDE.md +83 -0
package/.claude/agents/architecture-designer.md +443 -0
package/.claude/agents/bug-analyzer.md +382 -0
package/.claude/agents/checklist-agent.md +175 -0
package/.claude/agents/clarify-analyst.md +50 -0
package/.claude/agents/code-reviewer.md +71 -0
package/.claude/agents/codex-analyzer.md +39 -0
package/.claude/agents/compatibility-checker.md +580 -0
package/.claude/agents/consistency-checker.md +532 -0
package/.claude/agents/impact-analyzer.md +441 -0
package/.claude/agents/planner.md +230 -0
package/.claude/agents/prd-writer.md +320 -0
package/.claude/agents/project-guidelines-generator.md +1329 -0
package/.claude/agents/qa-tester.md +313 -0
package/.claude/agents/release-manager.md +295 -0
package/.claude/agents/security-reviewer.md +314 -0
package/.claude/agents/style-guide-generator.md +458 -0
package/.claude/agents/tech-architect.md +516 -0
package/.claude/agents/ui-designer.md +485 -0
package/.claude/commands/code-review-high.md +58 -0
package/.claude/commands/core-architecture.md +429 -0
package/.claude/commands/core-guidelines.md +486 -0
package/.claude/commands/core-roadmap.md +439 -0
package/.claude/commands/core-style.md +293 -0
package/.claude/commands/flow-archive.md +245 -0
package/.claude/commands/flow-checklist.md +260 -0
package/.claude/commands/flow-clarify.md +136 -0
package/.claude/commands/flow-constitution.md +82 -0
package/.claude/commands/flow-dev.md +134 -0
package/.claude/commands/flow-epic.md +150 -0
package/.claude/commands/flow-fix.md +104 -0
package/.claude/commands/flow-ideate.md +214 -0
package/.claude/commands/flow-init.md +313 -0
package/.claude/commands/flow-new.md +394 -0
package/.claude/commands/flow-prd.md +131 -0
package/.claude/commands/flow-qa.md +93 -0
package/.claude/commands/flow-release.md +92 -0
package/.claude/commands/flow-restart.md +98 -0
package/.claude/commands/flow-status.md +64 -0
package/.claude/commands/flow-tech.md +142 -0
package/.claude/commands/flow-ui.md +189 -0
package/.claude/commands/flow-update.md +111 -0
package/.claude/commands/flow-upgrade.md +115 -0
package/.claude/commands/flow-verify.md +96 -0
package/.claude/commands/problem-analyzer.md +60 -0
package/.claude/config/quality-rules.yml +161 -0
package/.claude/docs/SPEC_KIT_CONSTITUTION_ANALYSIS.md +426 -0
package/.claude/docs/design/consistency-conflict-detection-algorithms.md +658 -0
package/.claude/docs/design/intent-driven-input-design.md +380 -0
package/.claude/docs/design/prd-version-management-design.md +437 -0
package/.claude/docs/guides/INIT_TROUBLESHOOTING.md +117 -0
package/.claude/docs/guides/NEW_TROUBLESHOOTING.md +151 -0
package/.claude/docs/guides/ROADMAP_TROUBLESHOOTING.md +188 -0
package/.claude/docs/guides/TASK_COMPLETION_MARKING.md +338 -0
package/.claude/docs/templates/ARCHITECTURE_TEMPLATE.md +633 -0
package/.claude/docs/templates/BACKLOG_TEMPLATE.md +261 -0
package/.claude/docs/templates/CHECKLIST_TEMPLATE.md +52 -0
package/.claude/docs/templates/CLARIFICATION_REPORT_TEMPLATE.md +206 -0
package/.claude/docs/templates/CODE_REVIEW_TEMPLATE.md +71 -0
package/.claude/docs/templates/EPIC_TEMPLATE.md +805 -0
package/.claude/docs/templates/INIT_FLOW_TEMPLATE.md +213 -0
package/.claude/docs/templates/INTENT_CLARIFICATION_TEMPLATE.md +57 -0
package/.claude/docs/templates/NEW_ORCHESTRATION_TEMPLATE.md +148 -0
package/.claude/docs/templates/PRD_TEMPLATE.md +562 -0
package/.claude/docs/templates/RESEARCH_TEMPLATE.md +276 -0
package/.claude/docs/templates/REVIEW-HIGH.md +57 -0
package/.claude/docs/templates/ROADMAP_DIALOGUE_TEMPLATE.md +198 -0
package/.claude/docs/templates/ROADMAP_TEMPLATE.md +310 -0
package/.claude/docs/templates/STYLE_TEMPLATE.md +1266 -0
package/.claude/docs/templates/TASKS_TEMPLATE.md +523 -0
package/.claude/docs/templates/TECH_DESIGN_TEMPLATE.md +1019 -0
package/.claude/docs/templates/UI_PROTOTYPE_TEMPLATE.md +1436 -0
package/.claude/guides/agent-guides/agent-coordination-guide.md +459 -0
package/.claude/guides/project-guidelines-system.md +463 -0
package/.claude/guides/technical-guides/datetime-handling-guide.md +563 -0
package/.claude/guides/technical-guides/git-github-guide.md +642 -0
package/.claude/guides/technical-guides/test-execution-guide.md +618 -0
package/.claude/guides/workflow-guides/bug-fix-orchestrator.md +217 -0
package/.claude/guides/workflow-guides/flow-orchestrator.md +282 -0
package/.claude/hooks/checklist-gate.js +397 -0
package/.claude/hooks/error-handling-reminder.sh +12 -0
package/.claude/hooks/error-handling-reminder.ts +459 -0
package/.claude/hooks/post-tool-use-tracker.sh +280 -0
package/.claude/hooks/pre-tool-use-guardrail.sh +36 -0
package/.claude/hooks/pre-tool-use-guardrail.ts +342 -0
package/.claude/hooks/skill-activation-prompt.sh +36 -0
package/.claude/hooks/skill-activation-prompt.ts +214 -0
package/.claude/hooks/state/skills-used-test-guard.json +3 -0
package/.claude/rules/devflow-conventions.md +305 -0
package/.claude/rules/project-constitution.md +748 -0
package/.claude/schemas/constitution.schema.json +43 -0
package/.claude/scripts/analyze-upgrade-impact.sh +200 -0
package/.claude/scripts/archive-requirement.sh +351 -0
package/.claude/scripts/calculate-checklist-completion.sh +243 -0
package/.claude/scripts/calculate-quarter.sh +206 -0
package/.claude/scripts/check-dependencies.sh +409 -0
package/.claude/scripts/check-prerequisites.sh +232 -0
package/.claude/scripts/check-task-status.sh +264 -0
package/.claude/scripts/checklist-errors.sh +131 -0
package/.claude/scripts/common.sh +570 -0
package/.claude/scripts/consolidate-research.sh +182 -0
package/.claude/scripts/create-requirement.sh +426 -0
package/.claude/scripts/export-contracts.sh +117 -0
package/.claude/scripts/extract-data-model.sh +78 -0
package/.claude/scripts/generate-clarification-questions.sh +377 -0
package/.claude/scripts/generate-clarification-report.sh +463 -0
package/.claude/scripts/generate-quickstart.sh +146 -0
package/.claude/scripts/generate-research-tasks.sh +157 -0
package/.claude/scripts/generate-status-report.sh +523 -0
package/.claude/scripts/generate-tech-analysis.sh +46 -0
package/.claude/scripts/locate-requirement-in-roadmap.sh +233 -0
package/.claude/scripts/manage-constitution.sh +602 -0
package/.claude/scripts/mark-task-complete.sh +198 -0
package/.claude/scripts/populate-research-tasks.sh +259 -0
package/.claude/scripts/recover-workflow.sh +460 -0
package/.claude/scripts/run-clarify-scan.sh +601 -0
package/.claude/scripts/run-high-review.sh +62 -0
package/.claude/scripts/run-problem-analysis.sh +68 -0
package/.claude/scripts/setup-epic.sh +173 -0
package/.claude/scripts/sync-roadmap-progress.sh +300 -0
package/.claude/scripts/sync-task-marks.sh +199 -0
package/.claude/scripts/test-clarify-scan.sh +515 -0
package/.claude/scripts/update-agent-context.sh +806 -0
package/.claude/scripts/validate-constitution.sh +567 -0
package/.claude/scripts/validate-hooks.sh +487 -0
package/.claude/scripts/validate-research.sh +332 -0
package/.claude/scripts/validate-scope-boundary.sh +493 -0
package/.claude/scripts/verify-setup.sh +37 -0
package/.claude/settings.json +76 -0
package/.claude/skills/_reference-implementations/README.md +96 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/SKILL.md +302 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/architecture-overview.md +451 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/async-and-errors.md +307 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/complete-examples.md +638 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/configuration.md +275 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/database-patterns.md +224 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/middleware-guide.md +213 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/routing-and-controllers.md +756 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/sentry-and-monitoring.md +336 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/services-and-repositories.md +789 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/testing-guide.md +235 -0
package/.claude/skills/_reference-implementations/backend-express-prisma/resources/validation-patterns.md +754 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/SKILL.md +399 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/common-patterns.md +331 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/complete-examples.md +872 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/component-patterns.md +502 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/data-fetching.md +767 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/file-organization.md +502 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/loading-and-error-states.md +501 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/performance.md +406 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/routing-guide.md +364 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/styling-guide.md +428 -0
package/.claude/skills/_reference-implementations/frontend-react-mui/resources/typescript-standards.md +418 -0
package/.claude/skills/cc-devflow-orchestrator/SKILL.md +229 -0
package/.claude/skills/constitution-guardian/SKILL.md +306 -0
package/.claude/skills/devflow-constitution-quick-ref/SKILL.md +374 -0
package/.claude/skills/devflow-file-standards/SKILL.md +353 -0
package/.claude/skills/devflow-tdd-enforcer/SKILL.md +192 -0
package/.claude/skills/skill-developer/ADVANCED.md +197 -0
package/.claude/skills/skill-developer/HOOK_MECHANISMS.md +306 -0
package/.claude/skills/skill-developer/PATTERNS_LIBRARY.md +152 -0
package/.claude/skills/skill-developer/SKILL.md +426 -0
package/.claude/skills/skill-developer/SKILL_RULES_REFERENCE.md +315 -0
package/.claude/skills/skill-developer/TRIGGER_TYPES.md +305 -0
package/.claude/skills/skill-developer/TROUBLESHOOTING.md +514 -0
package/.claude/skills/skill-rules.json +213 -0
package/.claude/tests/README.md +300 -0
package/.claude/tests/TODO.md +69 -0
package/.claude/tests/__pycache__/test_analyze_upgrade_impact.cpython-311-pytest-7.2.2.pyc +0 -0
package/.claude/tests/__pycache__/test_consolidate_research.cpython-311-pytest-7.2.2.pyc +0 -0
package/.claude/tests/__pycache__/test_export_contracts.cpython-311-pytest-7.2.2.pyc +0 -0
package/.claude/tests/__pycache__/test_extract_data_model.cpython-311-pytest-7.2.2.pyc +0 -0
package/.claude/tests/__pycache__/test_generate_quickstart.cpython-311-pytest-7.2.2.pyc +0 -0
package/.claude/tests/__pycache__/test_generate_research_tasks.cpython-311-pytest-7.2.2.pyc +0 -0
package/.claude/tests/constitution/run_all_constitution_tests.sh +111 -0
package/.claude/tests/constitution/test_agent_assignment.sh +207 -0
package/.claude/tests/constitution/test_article_coverage.sh +201 -0
package/.claude/tests/constitution/test_template_completeness.sh +150 -0
package/.claude/tests/constitution/test_version_consistency.sh +120 -0
package/.claude/tests/fixtures/spec_delta_full.md +16 -0
package/.claude/tests/fixtures/tasks_progress_sample.md +5 -0
package/.claude/tests/run-all-tests.sh +229 -0
package/.claude/tests/scripts/run.sh +30 -0
package/.claude/tests/scripts/test-framework.sh +128 -0
package/.claude/tests/scripts/test_check_prerequisites.sh +511 -0
package/.claude/tests/scripts/test_check_prerequisites.sh.bak +504 -0
package/.claude/tests/scripts/test_check_prerequisites.sh.bak2 +505 -0
package/.claude/tests/scripts/test_check_prerequisites.sh.bak3 +506 -0
package/.claude/tests/scripts/test_check_prerequisites.sh.bak4 +507 -0
package/.claude/tests/scripts/test_check_prerequisites.sh.bak5 +508 -0
package/.claude/tests/scripts/test_check_task_status.sh +499 -0
package/.claude/tests/scripts/test_common.sh +244 -0
package/.claude/tests/scripts/test_generate_status_report.sh +71 -0
package/.claude/tests/scripts/test_mark_task_complete.sh +441 -0
package/.claude/tests/scripts/test_mark_task_complete.sh.backup +410 -0
package/.claude/tests/scripts/test_recover_workflow.sh +304 -0
package/.claude/tests/scripts/test_setup_epic.sh +437 -0
package/.claude/tests/scripts/test_sync_task_marks.sh +196 -0
package/.claude/tests/scripts/test_validate_constitution.sh +74 -0
package/.claude/tests/scripts/test_validate_research.sh +462 -0
package/.claude/tests/slugify.bats +82 -0
package/.claude/tests/test-framework.sh +732 -0
package/.claude/tests/test_analyze_upgrade_impact.py +34 -0
package/.claude/tests/test_consolidate_research.py +48 -0
package/.claude/tests/test_export_contracts.py +43 -0
package/.claude/tests/test_extract_data_model.py +33 -0
package/.claude/tests/test_generate_quickstart.py +50 -0
package/.claude/tests/test_generate_research_tasks.py +52 -0
package/.claude/tsc-cache/6e64f818-6398-49ca-8623-581a9af85c44/edited-files.log +1 -0
package/.claude/tsc-cache/795ba6e3-b98a-423b-bab2-51aa62812569/affected-repos.txt +1 -0
package/.claude/tsc-cache/795ba6e3-b98a-423b-bab2-51aa62812569/edited-files.log +1 -0
package/.claude/tsc-cache/ae335694-be5a-4ba4-a1a0-b676c09a7906/affected-repos.txt +1 -0
package/.claude/tsc-cache/ae335694-be5a-4ba4-a1a0-b676c09a7906/edited-files.log +1 -0
package/CHANGELOG.md +507 -0
package/LICENSE +21 -0
package/README.md +534 -0
package/README.zh-CN.md +530 -0
package/bin/adapt.js +240 -0
package/bin/cc-devflow-cli.js +185 -0
package/bin/cc-devflow.js +78 -0
package/config/adapters.yml +5 -0
package/config/schema/adapters.schema.json +44 -0
package/docs/CLAUDE.md +26 -0
package/docs/commands/README.md +61 -0
package/docs/commands/README.zh-CN.md +55 -0
package/docs/commands/core-roadmap.md +106 -0
package/docs/commands/core-roadmap.zh-CN.md +102 -0
package/docs/commands/core-style.md +405 -0
package/docs/commands/core-style.zh-CN.md +405 -0
package/docs/commands/flow-init.md +134 -0
package/docs/commands/flow-init.zh-CN.md +163 -0
package/docs/commands/flow-new.md +274 -0
package/docs/commands/flow-new.zh-CN.md +270 -0
package/docs/guides/getting-started.md +204 -0
package/docs/guides/getting-started.zh-CN.md +152 -0
package/lib/adapters/adapter-interface.js +57 -0
package/lib/adapters/claude-adapter.js +74 -0
package/lib/adapters/codex-adapter.js +40 -0
package/lib/adapters/config-validator.js +68 -0
package/lib/adapters/logger.js +42 -0
package/lib/adapters/registry.js +153 -0
package/lib/compiler/CLAUDE.md +92 -0
package/lib/compiler/__tests__/drift.test.js +215 -0
package/lib/compiler/__tests__/errors.test.js +184 -0
package/lib/compiler/__tests__/incremental.test.js +174 -0
package/lib/compiler/__tests__/integration.test.js +174 -0
package/lib/compiler/__tests__/manifest.test.js +233 -0
package/lib/compiler/__tests__/parser.test.js +456 -0
package/lib/compiler/__tests__/schemas.test.js +301 -0
package/lib/compiler/__tests__/skills-registry.test.js +125 -0
package/lib/compiler/__tests__/transformer.test.js +286 -0
package/lib/compiler/emitters/antigravity-emitter.js +171 -0
package/lib/compiler/emitters/base-emitter.js +73 -0
package/lib/compiler/emitters/codex-emitter.js +52 -0
package/lib/compiler/emitters/cursor-emitter.js +31 -0
package/lib/compiler/emitters/index.js +50 -0
package/lib/compiler/emitters/qwen-emitter.js +39 -0
package/lib/compiler/errors.js +119 -0
package/lib/compiler/index.js +256 -0
package/lib/compiler/manifest.js +242 -0
package/lib/compiler/parser.js +258 -0
package/lib/compiler/platforms.js +113 -0
package/lib/compiler/resource-copier.js +320 -0
package/lib/compiler/rules-emitters/__tests__/antigravity-rules-emitter.test.js +191 -0
package/lib/compiler/rules-emitters/__tests__/codex-rules-emitter.test.js +109 -0
package/lib/compiler/rules-emitters/__tests__/cursor-rules-emitter.test.js +123 -0
package/lib/compiler/rules-emitters/__tests__/qwen-rules-emitter.test.js +123 -0
package/lib/compiler/rules-emitters/antigravity-rules-emitter.js +253 -0
package/lib/compiler/rules-emitters/base-rules-emitter.js +83 -0
package/lib/compiler/rules-emitters/codex-rules-emitter.js +116 -0
package/lib/compiler/rules-emitters/cursor-rules-emitter.js +98 -0
package/lib/compiler/rules-emitters/index.js +71 -0
package/lib/compiler/rules-emitters/qwen-rules-emitter.js +70 -0
package/lib/compiler/schemas.js +144 -0
package/lib/compiler/skills-registry.js +225 -0
package/lib/compiler/transformer.js +236 -0
package/package.json +50 -0

package/.claude/skills/constitution-guardian/SKILL.md ADDED Viewed

@@ -0,0 +1,306 @@
+---
+name: constitution-guardian
+description: Real-time Constitution compliance checker for devflow documents. Blocks partial implementations and hardcoded secrets during file editing.
+---
+# Constitution Guardian
+## Purpose
+Enforce CC-DevFlow Constitution compliance by detecting violations in real-time during document editing, preventing non-compliant content from being saved.
+**Trigger**: PreToolUse hook when editing devflow documents (PRD.md, EPIC.md, TASKS.md, TECH_DESIGN.md)
+## Enforcement Scope
+**Focus Articles** (Real-time prevention):
+- **Article I.1**: Quality First - No Partial Implementation
+- **Article III.1**: Security First - No Hardcoded Secrets
+**Note**: Full Constitution has 10 Articles. This guardrail focuses on the most critical real-time violations. Batch validation by `validate-constitution.sh` covers all Articles.
+## Violation Patterns
+### Article I.1: No Partial Implementation
+#### Pattern 1: TODO placeholders
+```markdown
+# ❌ BLOCKED
+## User Stories
+### US1: User Registration
+TODO later: Add email verification flow
+FIXME: Implement password strength validation
+```
+**Regex Patterns**:
+- `TODO.*later`
+- `FIXME`
+- `\[placeholder\]`
+- `// TODO:.*later`
+- `# FIXME:.*`
+#### Pattern 2: Simplified/Partial notes
+```markdown
+# ❌ BLOCKED
+## Implementation Notes
+This is simplified for now, complete implementation would require...
+```
+**Regex Pattern**: `simplified for now`
+#### Pattern 3: Version deferral
+```markdown
+# ❌ BLOCKED
+## Acceptance Criteria
+- [ ] Basic login (v1)
+- [ ] Remember me (defer to v2)
+```
+**Regex Pattern**: `defer to v\d|will complete in v\d`
+### Article III.1: No Hardcoded Secrets
+#### Pattern 1: Environment variables with secrets
+```markdown
+# ❌ BLOCKED
+## Configuration
+API_KEY=sk-abc123def456
+JWT_SECRET=mysecretkey123
+PASSWORD=admin123
+```
+**Regex Patterns**:
+- `API_KEY\s*=\s*['"]?[a-zA-Z0-9_-]{10,}`
+- `SECRET\s*=\s*['"]?[a-zA-Z0-9_-]+`
+- `PASSWORD\s*=\s*['"]?[^\s]+`
+- `TOKEN\s*=\s*['"]?[a-zA-Z0-9_-]{10,}`
+#### Pattern 2: Code snippets with hardcoded secrets
+```typescript
+// ❌ BLOCKED
+const config = {
+  apiKey: "sk-abc123def456",
+  dbPassword: "postgres123"
+};
+```
+**Regex Patterns**:
+- `apiKey:\s*['"][^'"]+['"]`
+- `password:\s*['"][^'"]+['"]`
+- `secret:\s*['"][^'"]+['"]`
+## Blocking Message
+When violation detected, PreToolUse hook returns **exit code 2** (blocks file save):
+```
+⚠️ BLOCKED - Constitution Violation
+Detected:
+- [Line 42] TODO placeholder (Article I.1 - No Partial Implementation)
+- [Line 58] Hardcoded API key (Article III.1 - No Hardcoded Secrets)
+📋 ACTION:
+1. Complete all TODOs/FIXMEs before saving
+2. Move secrets to environment variables (.env, not committed)
+3. Review .claude/constitution/project-constitution.md v2.0.0
+4. Run /flow-verify for comprehensive check
+Source: Constitution Articles I.1, III.1
+File: {file_path}
+Constitutional Basis:
+  Article I.1: "NO PARTIAL IMPLEMENTATION: Complete implementation or no implementation"
+  Article III.1: "NO HARDCODED SECRETS: Use environment variables or secret management"
+💡 SKIP: Add `@constitution-verified` comment or set SKIP_CONSTITUTION_CHECK=1
+```
+## Constitutional Basis
+### Article I: Quality First
+```yaml
+I.1 Complete Implementation Mandate:
+  Prohibition: Any form of partial implementation or placeholder code
+  Requirement: Complete implementation or no implementation
+  Examples:
+    ❌ Forbidden: "// TODO: Implement this later"
+    ❌ Forbidden: "// Simplified for now, will complete in v2"
+    ✅ Required: Fully functional, production-ready code
+```
+**Enforcement**:
+- **Generation time**: prd-writer, tech-architect, planner agents check output
+- **Edit time**: constitution-guardian guardrail blocks save (this skill)
+- **Phase completion**: validate-constitution.sh batch validation
+### Article III: Security First
+```yaml
+III.1 No Hardcoded Secrets:
+  Prohibited:
+    ❌ API_KEY = "sk-abc123..." in source code
+    ❌ PASSWORD = "admin123" in config files
+    ❌ JWT_SECRET embedded in code
+  Required:
+    ✅ Environment variables (.env files, not committed)
+    ✅ Secret management services (AWS Secrets Manager, etc.)
+    ✅ Configuration injection at runtime
+  Detection: Pre-push guard scans for secret patterns
+```
+**Enforcement**:
+- **Generation time**: All agents avoid secrets in generated docs
+- **Edit time**: constitution-guardian guardrail blocks save (this skill)
+- **Pre-push**: Git pre-push hook scans for secrets
+## Skip Conditions
+Users can bypass Constitution guardian in specific scenarios:
+### 1. Session Skip (One-time per session)
+- **Mechanism**: `sessionSkillUsed: true` in skill-rules.json
+- **Behavior**: Guardrail only triggers once per Claude session
+- **Use case**: User acknowledged violation, working on fix
+### 2. File Marker (Permanent skip for specific file)
+- **Marker**: Add `@constitution-verified` comment in document
+- **Example**:
+  ```markdown
+  <!-- @constitution-verified: Legacy doc migration, compliance review completed -->
+  ```
+- **Use case**: Legacy documentation, special cases
+### 3. Environment Variable (Temporary global skip)
+- **Variable**: `SKIP_CONSTITUTION_CHECK=1`
+- **Scope**: Current terminal session
+- **Use case**: Bulk imports, automated migrations
+## Relationship with Other Components
+### validate-constitution.sh (Script)
+- **Purpose**: Batch validation of all 10 Constitutional Articles
+- **Scope**: Complete document/codebase scan
+- **Timing**: Phase completion (e.g., /flow-prd Exit Gate)
+- **Articles**: I, II, III, IV, V, VI, VII, VIII, IX, X
+### constitution-guardian (Guardrail)
+- **Purpose**: Real-time prevention of critical violations
+- **Scope**: Single document being edited
+- **Timing**: During file editing (PreToolUse hook)
+- **Articles**: Focus on I.1, III.1 (most critical for documents)
+**Relationship**: **Complementary (互补)**
+- Guardrail: Real-time prevention (write-time, partial Articles)
+- Script: Batch validation (phase-time, all Articles)
+- Double insurance: Guardrail catches most issues, Script catches remaining
+### Constitution Document
+- **Source of Truth**: `.claude/constitution/project-constitution.md` v2.0.0
+- **Contains**: All 10 Articles with detailed rules
+- **This guardrail**: Extracts Articles I.1, III.1 prohibition rules only
+## Configuration
+In `.claude/skills/skill-rules.json`:
+```json
+{
+  "constitution-guardian": {
+    "type": "guardrail",
+    "enforcement": "block",
+    "priority": "critical",
+    "description": "Real-time Constitution compliance, extracted from Constitution v2.0.0",
+    "fileTriggers": {
+      "pathPatterns": [
+        "devflow/requirements/**/PRD.md",
+        "devflow/requirements/**/EPIC.md",
+        "devflow/requirements/**/TASKS.md",
+        "devflow/requirements/**/TECH_DESIGN.md",
+        "devflow/requirements/**/contracts/**/*.yaml",
+        "devflow/requirements/**/data-model.md"
+      ],
+      "contentPatterns": [
+        "TODO.*later",
+        "FIXME",
+        "\\[placeholder\\]",
+        "simplified for now",
+        "defer to v\\d",
+        "API_KEY\\s*=\\s*['\"]?[a-zA-Z0-9_-]{10,}",
+        "SECRET\\s*=\\s*['\"]?[a-zA-Z0-9_-]+",
+        "PASSWORD\\s*=\\s*['\"]?[^\\s]+",
+        "TOKEN\\s*=\\s*['\"]?[a-zA-Z0-9_-]{10,}",
+        "apiKey:\\s*['\"][^'\"]+['\"]",
+        "password:\\s*['\"][^'\"]+['\"]"
+      ]
+    },
+    "blockMessage": "⚠️ BLOCKED - Constitution Violation\n\nDetected:\n- Partial implementation (Article I.1)\n- Hardcoded secrets (Article III.1)\n\n📋 ACTION:\n1. Complete all TODOs/FIXMEs\n2. Move secrets to config system\n3. Run /flow-verify\n\nSource: .claude/constitution/project-constitution.md v2.0.0",
+    "skipConditions": {
+      "sessionSkillUsed": true,
+      "fileMarkers": ["@constitution-verified"],
+      "envOverride": "SKIP_CONSTITUTION_CHECK"
+    }
+  }
+}
+```
+## Line Number Reporting (Enhancement)
+**Goal**: Precise violation location reporting
+**Implementation** (in PreToolUse hook):
+```typescript
+function detectViolations(content: string, patterns: string[]) {
+  const lines = content.split('\n');
+  const violations: Array<{line: number, pattern: string, text: string}> = [];
+  lines.forEach((line, index) => {
+    patterns.forEach(pattern => {
+      if (new RegExp(pattern, 'i').test(line)) {
+        violations.push({
+          line: index + 1,
+          pattern: pattern,
+          text: line.trim()
+        });
+      }
+    });
+  });
+  return violations;
+}
+```
+**Enhanced Blocking Message**:
+```
+⚠️ BLOCKED - Constitution Violation
+Detected 3 violations:
+  [Line 42] TODO placeholder (Article I.1)
+    → "TODO later: Add email verification"
+  [Line 58] Hardcoded API key (Article III.1)
+    → "API_KEY=sk-abc123def456"
+  [Line 73] FIXME comment (Article I.1)
+    → "FIXME: Complete error handling"
+📋 ACTION: ...
+```
+## Design Principle
+**This guardrail does NOT contain**:
+- ❌ Complete Constitution (all 10 Articles are in project-constitution.md)
+- ❌ All violation patterns (only Articles I.1, III.1)
+- ❌ Batch validation logic (that's in validate-constitution.sh)
+**This guardrail ONLY contains**:
+- ✅ Articles I.1, III.1 prohibition rule extraction
+- ✅ Real-time violation detection (content pattern matching)
+- ✅ Blocking mechanism (PreToolUse hook, exit code 2)
+- ✅ Precise line number reporting
+- ✅ Links to full Constitution document
+**Rationale**: Avoid duplication ("不重不漏" principle). Constitution document owns full text, guardrail owns real-time enforcement of critical rules.

package/.claude/skills/devflow-constitution-quick-ref/SKILL.md ADDED Viewed

@@ -0,0 +1,374 @@
+---
+name: devflow-constitution-quick-ref
+description: Quick reference guide to CC-DevFlow Constitution v2.0.0 with links to full text. Covers all 10 Articles and Phase -1 Gates.
+---
+# DevFlow Constitution Quick Reference
+## Purpose
+Provide quick summaries of all 10 Constitutional Articles with links to full Constitution document. This skill does NOT duplicate the complete Constitution text.
+**Full Constitution**: [.claude/constitution/project-constitution.md](.claude/constitution/project-constitution.md) v2.0.0
+## Constitution Overview
+**Version**: v2.0.0
+**Effective Date**: 2025-01-10
+**Authority**: Supreme Priority, Inviolable, Persistent, Universal
+**Scope**: All requirements, all stages, all agents
+## Article I: Quality First (质量至上)
+### Summary
+Quality is the non-negotiable baseline.
+### Key Rules
+- **I.1**: NO PARTIAL IMPLEMENTATION (no TODO/FIXME placeholders)
+- **I.2**: Test coverage ≥80%
+- **I.3**: No "simplified for now" excuses
+- **I.4**: Must pass type checking, linting, security scanning, build verification
+### Enforcement
+- **Real-time**: constitution-guardian guardrail (blocks TODOs/FIXMEs)
+- **Batch**: validate-constitution.sh --type all
+- **Pre-push**: pre-push-guard.sh
+### Example Violations
+```markdown
+❌ "TODO later: Add email verification"
+❌ "// Simplified for now, will complete in v2"
+❌ "defer to v2"
+```
+**For Details**: See [Constitution Article I](.claude/constitution/project-constitution.md#article-i-quality-first-质量至上)
+---
+## Article II: Architectural Consistency (架构一致性)
+### Summary
+Maintain codebase uniformity and predictability.
+### Key Rules
+- **II.1**: No code duplication (search existing codebase first)
+- **II.2**: Consistent naming (follow existing patterns)
+- **II.3**: Anti-over-engineering (no BaseController, AbstractService)
+- **II.4**: Single responsibility (≤500 lines per file)
+### Enforcement
+- **Phase -1 Gates**: planner agent checks before EPIC generation
+- **Code review**: code-reviewer agent
+### Example Violations
+```typescript
+❌ class BaseController {}       // Over-abstraction
+❌ function helperManager() {}   // Vague naming
+❌ 800-line file                 // Exceeds limit
+```
+**For Details**: See [Constitution Article II](.claude/constitution/project-constitution.md#article-ii-architectural-consistency-架构一致性)
+---
+## Article III: Security First (安全优先)
+### Summary
+Security is foundational, not an afterthought.
+### Key Rules
+- **III.1**: NO HARDCODED SECRETS (use env variables)
+- **III.2**: All inputs must be validated BEFORE processing
+- **III.3**: Principle of least privilege (deny by default)
+- **III.4**: Secure by default (HTTPS, CORS whitelist, auth required)
+### Enforcement
+- **Real-time**: constitution-guardian guardrail (blocks hardcoded secrets)
+- **Pre-push**: pre-push-guard.sh scans for secret patterns
+- **QA**: security-reviewer agent
+### Example Violations
+```typescript
+❌ const API_KEY = "sk-abc123..."    // Hardcoded
+❌ const PASSWORD = "admin123"       // Hardcoded
+```
+**For Details**: See [Constitution Article III](.claude/constitution/project-constitution.md#article-iii-security-first-安全优先)
+---
+## Article IV: Performance Accountability (性能责任)
+### Summary
+Performance is user experience; proactive optimization required.
+### Key Rules
+- **IV.1**: No resource leaks (always close connections)
+- **IV.2**: Algorithm efficiency (avoid O(n²) when O(n) exists)
+- **IV.3**: Lazy loading (pagination for large datasets)
+- **IV.4**: Intelligent caching (with TTL and invalidation)
+### Enforcement
+- **QA**: qa-tester agent includes performance profiling
+- **Code review**: code-reviewer agent checks resource management
+### Example Violations
+```typescript
+❌ loadAllUsers()                    // Loads 1M users into memory
+❌ nested loops over same dataset    // O(n²)
+❌ no connection.close()             // Resource leak
+```
+**For Details**: See [Constitution Article IV](.claude/constitution/project-constitution.md#article-iv-performance-accountability-性能责任)
+---
+## Article V: Maintainability (可维护性)
+### Summary
+Code must be understandable, modifiable, and extensible.
+### Key Rules
+- **V.1**: No dead code (delete unused imports, commented code)
+- **V.2**: Separation of concerns (models, services, controllers, views)
+- **V.3**: Documentation mandate (complex algorithms, business logic)
+- **V.4**: File size limits (≤500 lines per file, ≤50 lines per function)
+### Enforcement
+- **Linting**: ESLint, Pylint rules
+- **Code review**: code-reviewer agent
+### Example Violations
+```typescript
+❌ // Commented-out code block    // Dead code
+❌ Unused import statements         // Dead code
+❌ 800-line function               // Exceeds limit
+```
+**For Details**: See [Constitution Article V](.claude/constitution/project-constitution.md#article-v-maintainability-可维护性)
+---
+## Article VI: Test-First Development (测试优先开发)
+### Summary
+Tests define behavior; implementation makes tests pass.
+### Key Rules
+- **VI.1**: TDD mandate (write tests FIRST, tests MUST fail initially)
+- **VI.2**: Test independence (each test runs in isolation)
+- **VI.3**: Meaningful tests (no `assert True`, test actual behavior)
+### Enforcement
+- **Real-time**: devflow-tdd-enforcer guardrail (blocks TDD violations)
+- **TASKS.md**: TEST VERIFICATION CHECKPOINT between Phase 2 and Phase 3
+- **planner agent**: Generates TASKS.md with TDD order
+### TDD Sequence
+```
+Phase 2: Write Tests FIRST ⚠️
+  → All tests MUST fail initially
+  → TEST VERIFICATION CHECKPOINT
+Phase 3: Write Implementation
+  → Goal: Make tests pass
+```
+**For Details**: See [Constitution Article VI](.claude/constitution/project-constitution.md#article-vi-test-first-development-测试优先开发)
+---
+## Article VII: Simplicity Gate (简单性闸门)
+### Summary
+Default to simplicity; complexity requires justification.
+### Key Rules (Phase -1 Gates)
+- **VII.1**: Maximum project count ≤3 simultaneously
+- **VII.2**: Minimal dependencies (use standard library when possible)
+- **VII.3**: Vertical slice first (full feature before next feature)
+- **VII.4**: Direct framework usage (avoid custom abstractions)
+### Enforcement
+- **Phase -1 Gates**: planner agent enforces BEFORE generating EPIC
+- **EPIC.md**: Contains "Phase -1 Simplicity Gate" check section
+### Example Violations
+```yaml
+❌ 5 projects in scope                    # Exceeds limit
+❌ Adding new framework for simple task   # Over-dependency
+❌ Custom ORM wrapper                     # Unnecessary abstraction
+```
+**For Details**: See [Constitution Article VII](.claude/constitution/project-constitution.md#article-vii-simplicity-gate-简单性闸门)
+---
+## Article VIII: Anti-Abstraction (反抽象化)
+### Summary
+Prefer concrete code over abstractions until three+ use cases proven.
+### Key Rules (Phase -1 Gates)
+- **VIII.1**: No premature abstraction (Rule of Three)
+- **VIII.2**: No generic layers (no GenericService<T>)
+- **VIII.3**: Direct framework usage (Express, FastAPI, Flask)
+- **VIII.4**: Inline before extract (copy-paste OK until 3rd repetition)
+### Enforcement
+- **Phase -1 Gates**: planner agent enforces BEFORE generating EPIC
+- **EPIC.md**: Contains "Phase -1 Anti-Abstraction Gate" check section
+### Example Violations
+```typescript
+❌ class BaseController {}              // Premature abstraction
+❌ GenericRepository<T>                 // Generic layer
+❌ Custom framework wrapper             // Over-abstraction
+```
+**For Details**: See [Constitution Article VIII](.claude/constitution/project-constitution.md#article-viii-anti-abstraction-反抽象化)
+---
+## Article IX: Integration-First Testing (集成优先测试)
+### Summary
+Test contracts/integrations before internal logic.
+### Key Rules (Phase -1 Gates)
+- **IX.1**: Contract tests first (API contracts, GraphQL schemas)
+- **IX.2**: Integration tests before unit tests (test boundaries first)
+- **IX.3**: Test external dependencies (database, APIs, queues)
+- **IX.4**: E2E critical paths (happy path + error path)
+### Enforcement
+- **Phase -1 Gates**: planner agent enforces BEFORE generating EPIC
+- **TASKS.md Phase 2**: Lists contract/integration tests FIRST
+- **TEST VERIFICATION CHECKPOINT**: Ensures Phase 2 tests run before Phase 3
+### Test Order
+```
+1. Contract tests (API contracts, GraphQL)
+2. Integration tests (DB, external APIs)
+3. E2E tests (critical user paths)
+4. Unit tests (internal logic)
+```
+**For Details**: See [Constitution Article IX](.claude/constitution/project-constitution.md#article-ix-integration-first-testing-集成优先测试)
+---
+## Article X: Requirement Boundary (需求边界)
+### Summary
+Prevent scope creep; enforce strict requirement boundaries.
+### Key Rules
+- **X.1**: One REQ-ID, one bounded context (no "also add X")
+- **X.2**: No feature expansion during implementation
+- **X.3**: Separate REQ-IDs for separate concerns
+- **X.4**: Explicit scope documentation in PRD.md
+### Enforcement
+- **PRD generation**: prd-writer agent enforces Anti-Expansion mandate
+- **Scope validation**: validate-scope-boundary.sh
+- **Code review**: code-reviewer agent checks for scope violations
+### Example Violations
+```markdown
+❌ PRD.md: "User Registration (also add social login)"    # Scope creep
+❌ Adding unplanned features during /flow-dev             # Feature expansion
+```
+**For Details**: See [Constitution Article X](.claude/constitution/project-constitution.md#article-x-requirement-boundary-需求边界)
+---
+## Phase -1 Gates
+**Executed by**: planner agent BEFORE generating EPIC and TASKS
+### Gate 1: Simplicity Check (Article VII)
+- [ ] Project count ≤3
+- [ ] Minimal dependencies
+- [ ] Vertical slice approach
+- [ ] Direct framework usage
+### Gate 2: Anti-Abstraction Check (Article VIII)
+- [ ] No premature abstractions
+- [ ] No generic layers
+- [ ] Inline before extract
+- [ ] Direct framework calls
+### Gate 3: Integration-First Check (Article IX)
+- [ ] Contract tests listed first
+- [ ] Integration tests before unit tests
+- [ ] External dependency tests included
+- [ ] E2E critical paths covered
+**Documented in**: EPIC.md contains "Phase -1 Gates" check section
+**For Details**: See [planner agent](.claude/agents/planner.md) Phase -1 Gates Enforcement Sequence
+---
+## Enforcement Summary
+| Article | Real-time Guardrail | Phase Gate | Batch Validation | Pre-push |
+|---------|---------------------|------------|------------------|----------|
+| I       | constitution-guardian | prd/tech/epic Exit | validate-constitution.sh | ✓ |
+| II      | —                   | Phase -1 (planner) | validate-constitution.sh | — |
+| III     | constitution-guardian | — | validate-constitution.sh | ✓ |
+| IV      | —                   | — | validate-constitution.sh (QA) | — |
+| V       | —                   | — | Linting + code review | — |
+| VI      | devflow-tdd-enforcer | TEST VERIFICATION | validate-constitution.sh | — |
+| VII     | —                   | Phase -1 (planner) | validate-constitution.sh | — |
+| VIII    | —                   | Phase -1 (planner) | validate-constitution.sh | — |
+| IX      | —                   | Phase -1 (planner) | validate-constitution.sh | — |
+| X       | —                   | PRD generation | validate-scope-boundary.sh | — |
+---
+## Quick Lookup by Scenario
+### Scenario: "Can I add TODO for later?"
+**Answer**: ❌ NO (Article I.1 - No Partial Implementation)
+**Guardrail**: constitution-guardian blocks save
+**Alternative**: Complete implementation now, or remove from scope
+### Scenario: "Should I create BaseController?"
+**Answer**: ❌ NO (Article II.3, VIII.2 - Anti-Abstraction)
+**Phase Gate**: Phase -1 Gates block EPIC generation
+**Alternative**: Use framework directly (Express, FastAPI)
+### Scenario: "Can I hardcode API_KEY for testing?"
+**Answer**: ❌ NO (Article III.1 - No Hardcoded Secrets)
+**Guardrail**: constitution-guardian blocks save
+**Alternative**: Use .env file with dotenv library
+### Scenario: "Should I write implementation first?"
+**Answer**: ❌ NO (Article VI.1 - TDD Mandate)
+**Guardrail**: devflow-tdd-enforcer blocks TASKS.md edit
+**Sequence**: Write failing test FIRST, then implementation
+### Scenario: "Can I add social login to user registration?"
+**Answer**: ❌ NO (Article X.1 - Requirement Boundary)
+**Enforcement**: prd-writer agent Anti-Expansion mandate
+**Alternative**: Create separate REQ-ID for social login
+---
+## Design Principle
+**This skill does NOT contain**:
+- ❌ Complete Constitution text (that's in project-constitution.md)
+- ❌ Detailed Article explanations (that's in full Constitution)
+- ❌ Implementation guidelines (those are in agent files)
+**This skill ONLY contains**:
+- ✅ Article summaries (quick reference)
+- ✅ Key rules and examples
+- ✅ Enforcement mechanisms
+- ✅ Links to full Constitution document
+- ✅ Quick lookup by scenario
+**Rationale**: Avoid duplication ("不重不漏" principle). Constitution document owns full text, this skill owns quick reference and routing.