chapterhouse 0.1.1

package/dist/wiki/team-sync.test.js

@@ -0,0 +1,185 @@
+import assert from "node:assert/strict";
+import { mkdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import test from "node:test";
+const tmpRoot = join(process.cwd(), ".test-work", `team-sync-${process.pid}`);
+process.env.CHAPTERHOUSE_HOME = tmpRoot;
+function makeWikiDir(name) {
+    const wikiDir = join(tmpRoot, name, ".chapterhouse", "wiki");
+    mkdirSync(wikiDir, { recursive: true });
+    return wikiDir;
+}
+async function loadTeamSyncModule() {
+    try {
+        return await import(new URL(`./team-sync.js?cachebust=${Date.now()}-${Math.random()}`, import.meta.url).href);
+    }
+    catch {
+        return null;
+    }
+}
+test.after(() => {
+    rmSync(tmpRoot, { recursive: true, force: true });
+});
+test("uses fresh cache when TTL has not expired", async () => {
+    const teamSyncModule = await loadTeamSyncModule();
+    assert.ok(teamSyncModule, "team sync module should exist");
+    const wikiDir = makeWikiDir("fresh-cache");
+    const cacheRoot = join(wikiDir, ".team-cache");
+    const pagePath = "pages/team/roadmap.md";
+    mkdirSync(join(cacheRoot, "pages", "team"), { recursive: true });
+    writeFileSync(join(cacheRoot, pagePath), "# Cached roadmap\n");
+    writeFileSync(join(cacheRoot, "manifest.json"), JSON.stringify({
+        [pagePath]: {
+            fetchedAt: new Date(Date.now() - 5 * 60 * 1000).toISOString(),
+            etag: '"fresh-etag"',
+        },
+    }));
+    let fetchCalls = 0;
+    const sync = new teamSyncModule.TeamWikiSync({
+        teamChapterhouseUrl: "https://team.example.com",
+        standaloneMode: false,
+        cacheTtlMinutes: 60,
+        teamWikiPaths: ["pages/team", "pages/okrs", "pages/kpis"],
+        wikiDir,
+        fetchImpl: async () => {
+            fetchCalls += 1;
+            throw new Error("network should not be used for fresh cache");
+        },
+    });
+    const content = await sync.fetchPage(pagePath);
+    assert.equal(content, "# Cached roadmap\n");
+    assert.equal(fetchCalls, 0);
+});
+test("re-fetches when cache is stale", async () => {
+    const teamSyncModule = await loadTeamSyncModule();
+    assert.ok(teamSyncModule, "team sync module should exist");
+    const wikiDir = makeWikiDir("stale-cache");
+    const cacheRoot = join(wikiDir, ".team-cache");
+    const pagePath = "pages/okrs/q2.md";
+    mkdirSync(join(cacheRoot, "pages", "okrs"), { recursive: true });
+    writeFileSync(join(cacheRoot, pagePath), "# Stale\n");
+    writeFileSync(join(cacheRoot, "manifest.json"), JSON.stringify({
+        [pagePath]: {
+            fetchedAt: new Date(Date.now() - 2 * 60 * 60 * 1000).toISOString(),
+        },
+    }));
+    const sync = new teamSyncModule.TeamWikiSync({
+        teamChapterhouseUrl: "https://team.example.com",
+        standaloneMode: false,
+        cacheTtlMinutes: 60,
+        teamWikiPaths: ["pages/team", "pages/okrs", "pages/kpis"],
+        wikiDir,
+        fetchImpl: async (input) => {
+            assert.equal(String(input), "https://team.example.com/api/team/wiki/pages%2Fokrs%2Fq2.md");
+            return new Response(JSON.stringify({
+                path: pagePath,
+                content: "# Fresh Q2\n",
+                exists: true,
+            }), {
+                status: 200,
+                headers: {
+                    "content-type": "application/json",
+                    etag: '"fresh-q2"',
+                },
+            });
+        },
+    });
+    const content = await sync.fetchPage(pagePath);
+    assert.equal(content, "# Fresh Q2\n");
+    assert.equal(readFileSync(join(cacheRoot, pagePath), "utf-8"), "# Fresh Q2\n");
+    const manifest = JSON.parse(readFileSync(join(cacheRoot, "manifest.json"), "utf-8"));
+    assert.equal(manifest[pagePath]?.etag, '"fresh-q2"');
+});
+test("returns stale cache on network failure with warning", async () => {
+    const teamSyncModule = await loadTeamSyncModule();
+    assert.ok(teamSyncModule, "team sync module should exist");
+    const wikiDir = makeWikiDir("stale-fallback");
+    const cacheRoot = join(wikiDir, ".team-cache");
+    const pagePath = "pages/kpis/reliability.md";
+    mkdirSync(join(cacheRoot, "pages", "kpis"), { recursive: true });
+    writeFileSync(join(cacheRoot, pagePath), "# Cached KPI\n");
+    writeFileSync(join(cacheRoot, "manifest.json"), JSON.stringify({
+        [pagePath]: {
+            fetchedAt: new Date(Date.now() - 2 * 60 * 60 * 1000).toISOString(),
+        },
+    }));
+    const warnings = [];
+    const sync = new teamSyncModule.TeamWikiSync({
+        teamChapterhouseUrl: "https://team.example.com",
+        standaloneMode: false,
+        cacheTtlMinutes: 60,
+        teamWikiPaths: ["pages/team", "pages/okrs", "pages/kpis"],
+        wikiDir,
+        fetchImpl: async () => {
+            throw new Error("network unavailable");
+        },
+        warn: (message) => warnings.push(message),
+    });
+    const content = await sync.fetchPage(pagePath);
+    assert.equal(content, "# Cached KPI\n");
+    assert.equal(warnings.length, 1);
+    assert.match(warnings[0] ?? "", /stale cache/i);
+});
+test("returns null when no cache exists and network fails", async () => {
+    const teamSyncModule = await loadTeamSyncModule();
+    assert.ok(teamSyncModule, "team sync module should exist");
+    const wikiDir = makeWikiDir("cold-miss");
+    const sync = new teamSyncModule.TeamWikiSync({
+        teamChapterhouseUrl: "https://team.example.com",
+        standaloneMode: false,
+        cacheTtlMinutes: 60,
+        teamWikiPaths: ["pages/team", "pages/okrs", "pages/kpis"],
+        wikiDir,
+        fetchImpl: async () => {
+            throw new Error("offline");
+        },
+    });
+    const content = await sync.fetchPage("pages/team/vision.md");
+    assert.equal(content, null);
+});
+test("isTeamPath matches configured team wiki prefixes", async () => {
+    const teamSyncModule = await loadTeamSyncModule();
+    assert.ok(teamSyncModule, "team sync module should exist");
+    const sync = new teamSyncModule.TeamWikiSync({
+        teamChapterhouseUrl: "https://team.example.com",
+        standaloneMode: false,
+        teamWikiPaths: ["pages/team", "pages/okrs", "pages/kpis", "pages/shared"],
+        wikiDir: makeWikiDir("team-paths"),
+    });
+    assert.equal(sync.isTeamPath("pages/team/vision.md"), true);
+    assert.equal(sync.isTeamPath("pages/okrs/2026-q2.md"), true);
+    assert.equal(sync.isTeamPath("pages/kpis/reliability.md"), true);
+    assert.equal(sync.isTeamPath("pages/shared/runbooks/deploy.md"), true);
+    assert.equal(sync.isTeamPath("pages/private/notes.md"), false);
+});
+test("pushUpdate silently no-ops when team wiki sync is disabled", async () => {
+    const teamSyncModule = await loadTeamSyncModule();
+    assert.ok(teamSyncModule, "team sync module should exist");
+    let called = false;
+    const sync = new teamSyncModule.TeamWikiSync({
+        teamChapterhouseUrl: "",
+        standaloneMode: false,
+        wikiDir: makeWikiDir("disabled-push"),
+        fetchImpl: async () => {
+            called = true;
+            throw new Error("fetch should not run");
+        },
+    });
+    assert.deepEqual(await sync.pushUpdate({
+        engineerId: "eng-1",
+        activity: "shipped standalone mode",
+        krId: "O1-KR2",
+        delta: 5,
+    }), {
+        ok: false,
+        disabled: true,
+        payload: {
+            engineerId: "eng-1",
+            activity: "shipped standalone mode",
+            krId: "O1-KR2",
+            delta: 5,
+        },
+    });
+    assert.equal(called, false);
+});
+//# sourceMappingURL=team-sync.test.js.map

package/dist/wiki/templates/okr.js

@@ -0,0 +1,98 @@
+function formatQuarterLabel(quarter) {
+    const match = quarter.match(/^(\d{4})-Q([1-4])$/);
+    if (!match) {
+        throw new Error(`Quarter must be in YYYY-QN format. Received: ${quarter}`);
+    }
+    return `${match[1]} Q${match[2]}`;
+}
+function getQuarterPeriod(quarter) {
+    const match = quarter.match(/^(\d{4})-Q([1-4])$/);
+    if (!match) {
+        throw new Error(`Quarter must be in YYYY-QN format. Received: ${quarter}`);
+    }
+    const year = Number(match[1]);
+    const quarterNumber = Number(match[2]);
+    const startMonth = (quarterNumber - 1) * 3;
+    const start = new Date(Date.UTC(year, startMonth, 1));
+    const end = new Date(Date.UTC(year, startMonth + 3, 0));
+    return {
+        start: start.toISOString().slice(0, 10),
+        end: end.toISOString().slice(0, 10),
+    };
+}
+function formatMetric(value, unit) {
+    return unit === "%" ? `${value}%` : `${value} ${unit}`;
+}
+export function generateOKRQuarterPage(quarter, objectives) {
+    const label = formatQuarterLabel(quarter);
+    const period = getQuarterPeriod(quarter);
+    const lines = [
+        `# OKRs — ${label}`,
+        "",
+        `> Period: ${period.start} to ${period.end}`,
+        "",
+    ];
+    objectives.forEach((objective, objectiveIndex) => {
+        lines.push(`## ${objective.id}: ${objective.title}`);
+        lines.push(`**Owner**: ${objective.owner}`);
+        lines.push("");
+        objective.keyResults.forEach((keyResult) => {
+            lines.push(`### ${keyResult.id}: ${keyResult.title}`);
+            lines.push(`- **Owner**: ${keyResult.owner}`);
+            lines.push(`- **Target**: ${formatMetric(keyResult.targetValue, keyResult.unit)}`);
+            lines.push(`- **Current**: ${formatMetric(keyResult.currentValue, keyResult.unit)}`);
+            lines.push(`- **Unit**: ${keyResult.unit}`);
+            lines.push(`- **Due**: ${keyResult.dueDate}`);
+            lines.push("- **ADO Work Item**: <!-- fill in after ADO setup -->");
+            lines.push("");
+        });
+        if (objectiveIndex < objectives.length - 1) {
+            lines.push("---");
+            lines.push("");
+        }
+    });
+    return `${lines.join("\n").trimEnd()}\n`;
+}
+export function generateKPIPage(kpis) {
+    const lines = [
+        "# Team KPIs",
+        "",
+        "| KPI | Owner | Target | Current | Unit | Frequency |",
+        "|-----|-------|--------|---------|------|-----------|",
+        ...kpis.map((kpi) => `| ${kpi.name} | ${kpi.owner} | ${kpi.target} | ${kpi.current} | ${kpi.unit} | ${kpi.frequency} |`),
+        "",
+    ];
+    return lines.join("\n");
+}
+export function generateTeamMemberPage(member) {
+    const ownership = member.okrOwnership.length > 0
+        ? member.okrOwnership.map((krId) => `- ${krId}`)
+        : ["- _No KR ownership assigned yet._"];
+    return [
+        `# ${member.name}`,
+        "",
+        `**Email**: ${member.email}`,
+        `**Role**: ${member.role}`,
+        `**Entra Object ID**: ${member.entraObjectId}`,
+        "",
+        "## OKR Ownership",
+        ...ownership,
+        "",
+    ].join("\n");
+}
+export function generateTeamIndexPage(members) {
+    return [
+        "# Team Directory",
+        "",
+        "| Name | Role | Email | Entra Object ID | OKR Ownership |",
+        "|------|------|-------|-----------------|---------------|",
+        ...members.map((member) => {
+            const ownership = member.okrOwnership.length > 0
+                ? member.okrOwnership.join(", ")
+                : "_Unassigned_";
+            return `| ${member.name} | ${member.role} | ${member.email} | ${member.entraObjectId} | ${ownership} |`;
+        }),
+        "",
+    ].join("\n");
+}
+//# sourceMappingURL=okr.js.map

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "chapterhouse",
+  "version": "0.1.1",
+  "description": "Chapterhouse — a team-level AI assistant for engineering teams, built on the GitHub Copilot SDK. Web UI only.",
+  "bin": {
+    "chapterhouse": "dist/cli.js"
+  },
+  "files": [
+    "dist/**/*.js",
+    "agents/",
+    "skills/",
+    "web/dist/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc && npm --prefix web run build",
+    "build:server": "tsc",
+    "build:web": "npm --prefix web run build",
+    "clean": "rm -rf dist",
+    "daemon": "tsx src/daemon.ts",
+    "dev:server": "tsx --watch src/daemon.ts",
+    "dev:web": "npm --prefix web run dev",
+    "dev": "tsx --watch src/daemon.ts",
+    "test": "npm run clean && npm run build:server && node --experimental-test-module-mocks --import ./dist/test/setup-env.js --test 'dist/**/*.test.js'",
+    "prepublishOnly": "npm run build"
+  },
+  "engines": {
+    "node": ">=22.5.0"
+  },
+  "keywords": [
+    "copilot",
+    "orchestrator",
+    "ai",
+    "cli",
+    "web"
+  ],
+  "author": "Brian Ketelsen",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bketelsen/chapterhouse.git"
+  },
+  "homepage": "https://github.com/bketelsen/chapterhouse#readme",
+  "bugs": {
+    "url": "https://github.com/bketelsen/chapterhouse/issues"
+  },
+  "type": "module",
+  "dependencies": {
+    "@bradygaster/squad-sdk": "0.9.4",
+    "@github/copilot-sdk": "^0.3.0",
+    "azure-devops-node-api": "^15.1.2",
+    "better-sqlite3": "^12.6.2",
+    "cors": "^2.8.6",
+    "dotenv": "^17.3.1",
+    "express": "^5.2.1",
+    "helmet": "^8.1.0",
+    "jsonwebtoken": "^9.0.3",
+    "jwks-rsa": "^4.0.1",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@bradygaster/squad-cli": "^0.9.4",
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/cors": "^2.8.19",
+    "@types/express": "^5.0.6",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "^25.6.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  }
+}

package/skills/find-skills/SKILL.md

@@ -0,0 +1,161 @@
+---
+name: find-skills
+description: Helps users discover agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. Always ask the user for permission before installing any skill, and flag security risks.
+---
+
+# Find Skills
+
+Discover and install skills from the open agent skills ecosystem at https://skills.sh/.
+
+## When to Use
+
+Use this skill when the user:
+
+- Asks "how do I do X" where X might be a common task with an existing skill
+- Says "find a skill for X" or "is there a skill for X"
+- Asks "can you do X" where X is a specialized capability
+- Expresses interest in extending agent capabilities
+- Wants to search for tools, templates, or workflows
+
+## Search & Present
+
+Do these two steps in a worker session — they can run in parallel:
+
+### 1. Search the API
+
+```bash
+curl -s "https://skills.sh/api/search?q=QUERY"
+```
+
+Replace `QUERY` with a URL-encoded search term (e.g., `react`, `email`, `pr+review`). The response is JSON with skills sorted by installs (most popular first):
+
+```json
+{
+  "skills": [
+    {
+      "id": "vercel-labs/agent-skills/vercel-react-best-practices",
+      "skillId": "vercel-react-best-practices",
+      "name": "vercel-react-best-practices",
+      "installs": 174847,
+      "source": "vercel-labs/agent-skills"
+    }
+  ]
+}
+```
+
+### 2. Fetch Security Audits
+
+**Required — do not skip.** Use the `web_fetch` tool to get the audits page:
+
+```
+web_fetch url="https://skills.sh/audits"
+```
+
+If `web_fetch` fails or returns unexpected content, still present the search results but show "⚠️ Audit unavailable" for all security columns and include a link to https://skills.sh/audits so the user can check manually.
+
+This returns markdown where each skill has a heading (`### skill-name`) followed by its source, then three security scores:
+
+- **Gen Agent Trust Hub**: Safe / Med Risk / Critical
+- **Socket**: Number of alerts (0 is best)
+- **Snyk**: Low Risk / Med Risk / High Risk / Critical
+
+Scan the returned markdown to find scores for each skill from your search results. Match by both **skill name** and **full source** (`owner/repo`) to avoid misattribution — different repos can have skills with the same name.
+
+### 3. Present Combined Results
+
+Cross-reference the search results with the audit data and format as a numbered table. Show the top 6-8 results sorted by installs:
+
+```
+#  Skill                         Publisher      Installs   Gen    Socket  Snyk
+─  ─────────────────────────────  ─────────────  ────────   ─────  ──────  ────────
+1  vercel-react-best-practices   vercel-labs     175.3K    ✅Safe  ✅ 0    ✅Low
+2  web-design-guidelines         vercel-labs     135.8K    ✅Safe  ✅ 0    ⚠️Med
+3  frontend-design               anthropics      122.6K    ✅Safe  ✅ 0    ✅Low
+4  remotion-best-practices       remotion-dev    125.2K    ✅Safe  ✅ 0    ⚠️Med
+5  browser-use                   browser-use      45.0K    ⚠️Med  🔴 1    🔴High
+```
+
+**Formatting:**
+- Sort by installs descending
+- Format counts: 1000+ → "1.0K", 1000000+ → "1.0M"
+- ✅ for Safe / Low Risk / 0 alerts, ⚠️ for Med Risk, 🔴 for High Risk / Critical / 1+ alerts
+- If a skill has no audit data, show "⚠️ N/A" — never leave security blank
+- Publisher = first part of `source` field (before `/`)
+
+After the table:
+
+```
+🔗 Browse all: https://skills.sh/
+
+Pick a number to install (or "none")
+```
+
+## Install
+
+**NEVER install without the user picking a number first.**
+
+When the user picks a skill:
+
+### Security Gate
+
+If ANY of its three audit scores is not green (Safe / 0 alerts / Low Risk), warn before proceeding:
+
+```
+⚠️ "{skill-name}" has security concerns:
+  • Gen Agent Trust Hub: {score}
+  • Socket: {count} alerts
+  • Snyk: {score}
+
+Want to proceed anyway, or pick a different skill?
+```
+
+Wait for explicit confirmation. Do not install if the user says no.
+
+### Fetch & Install
+
+1. **Fetch the SKILL.md** from GitHub. The `source` field is `owner/repo` and `skillId` is the directory:
+
+```bash
+curl -fsSL "https://raw.githubusercontent.com/{source}/main/{skillId}/SKILL.md" || \
+curl -fsSL "https://raw.githubusercontent.com/{source}/master/{skillId}/SKILL.md"
+```
+
+If both fail, tell the user and link to `https://github.com/{source}`.
+
+2. **Validate** the fetched content: it must not be empty and should contain meaningful instructions (more than just a title). If the content is empty, an HTML error page, or clearly not a SKILL.md, do NOT install — tell the user it couldn't be fetched properly.
+
+3. **Install** using the `learn_skill` tool:
+   - `slug`: the `skillId` from the API
+   - `name`: from the SKILL.md frontmatter `name:` field (between `---` markers). If no frontmatter, use `skillId`.
+   - `description`: from the SKILL.md frontmatter `description:` field. If none, use the first sentence.
+   - `instructions`: if frontmatter exists, use the content after the closing `---`. If no frontmatter, use the full fetched content as instructions.
+
+**Always install to ~/.chapterhouse/skills/ via learn_skill. Never install globally.**
+
+## Behavioral Security Review
+
+In addition to audit scores, review the fetched SKILL.md content before installing. Flag concerns if the skill:
+
+- **Runs arbitrary shell commands** or executes code on the user's machine
+- **Accesses sensitive data** — credentials, API keys, SSH keys, personal files
+- **Makes network requests** to external services (data exfiltration risk)
+- **Comes from an unknown or unverified source** with no audit data
+
+If any of these apply, warn the user with specifics even if audit scores are green:
+
+```
+⚠️ Note: "{skill-name}" requests shell access and reads files from your home directory.
+This is common for CLI-integration skills, but worth knowing. Proceed?
+```
+
+## When No Skills Are Found
+
+If the API returns no results:
+
+1. Tell the user no existing skill was found
+2. Offer to help directly with your general capabilities
+3. Suggest building a custom skill if the task is worth automating
+
+## Uninstalling
+
+Use the `uninstall_skill` tool with the skill's slug to remove it from `~/.chapterhouse/skills/`.

package/skills/find-skills/_meta.json

@@ -0,0 +1,4 @@
+{
+  "slug": "find-skills",
+  "version": "1.0.0"
+}