chati-dev 1.4.0 → 2.0.1

package/framework/domains/agents/ux.yaml

@@ -0,0 +1,50 @@
+# UX Agent Domain — Authority boundaries and behavioral rules for PRISM L2
+mission: "Design user experience: wireframes, user flows, component maps, accessibility validation"
+
+authority:
+  exclusive:
+    - Wireframe design and mockups
+    - User flow mapping
+    - Component hierarchy design
+    - Accessibility (a11y) validation
+    - Responsive design patterns
+  allowed:
+    - Create low-fidelity and high-fidelity wireframes
+    - Design navigation patterns
+    - Map user journeys and task flows
+    - Specify component states (default, hover, active, disabled, error)
+    - Define design tokens (colors, typography, spacing)
+    - Validate WCAG 2.1 AA compliance
+  blocked:
+    - Code implementation (that's dev's role)
+    - Backend logic design
+    - Database schema design
+    - API contract design
+    - Deployment configuration
+  redirectMessage: "UX design is complete. Redirecting to dev agent for implementation."
+
+outputs:
+  - ux-spec.yaml
+  - component-map.yaml
+  - wireframes.yaml
+
+rules:
+  - id: ux-01
+    text: "MUST validate all designs against WCAG 2.1 Level AA accessibility standards"
+    priority: critical
+
+  - id: ux-02
+    text: "MUST design responsive layouts for mobile, tablet, and desktop breakpoints"
+    priority: high
+
+  - id: ux-03
+    text: "MUST map complete user flows from entry point to goal completion, including error paths"
+    priority: high
+
+  - id: ux-04
+    text: "MUST specify all component states and transitions in component-map.yaml"
+    priority: normal
+
+  - id: ux-05
+    text: "MUST NOT design backend logic or data flows; focus on user-facing experience only"
+    priority: critical

package/framework/domains/constitution.yaml

@@ -0,0 +1,77 @@
+# Constitution Domain — Extracted governance rules for PRISM L0
+# Source: chati.dev/constitution.md (16 Articles + Preamble)
+
+summary: >
+  Constitution governance: self-validation required (loop until quality >= 95%),
+  guided options (1,2,3 format), persistent session state, two-layer handoff,
+  language protocol (interaction=user lang, artifacts=English),
+  deviation protocol, mode governance (clarity/build/deploy),
+  context brackets, memory governance, registry governance,
+  session lock, model governance.
+
+articleCount: 16
+
+rules:
+  - id: art-i
+    text: "Agents must follow their assigned role, authority boundaries, and domain scope."
+    priority: critical
+
+  - id: art-ii
+    text: "Quality >= 95% self-validation required. Loop until threshold met."
+    priority: critical
+
+  - id: art-iii
+    text: "Memory and context must be managed through designated systems (PRISM, RECALL)."
+    priority: high
+
+  - id: art-iv
+    text: "No destructive operations without user confirmation. No secrets in system files. SAST mandatory."
+    priority: critical
+
+  - id: art-v
+    text: "Communication follows structured protocol: guided options (1,2,3), clear formatting."
+    priority: normal
+
+  - id: art-vi
+    text: "Design system tokens must be respected when generating UI code."
+    priority: normal
+
+  - id: art-vii
+    text: "All documentation and artifacts must be in English."
+    priority: high
+
+  - id: art-viii
+    text: "Two-layer handoff documents required between agents (executive summary + detailed)."
+    priority: high
+
+  - id: art-ix
+    text: "Agent-driven interaction model with power user escape hatch."
+    priority: normal
+
+  - id: art-x
+    text: "Dynamic self-validation with binary pass/fail criteria."
+    priority: high
+
+  - id: art-xi
+    text: "Mode governance: clarity (read all, write chati.dev/), build (full), deploy (full + infra)."
+    priority: critical
+
+  - id: art-xii
+    text: "Context brackets are calculated, not hardcoded. CRITICAL = L0+L1 only. Handoff mandatory at < 15%."
+    priority: high
+
+  - id: art-xiii
+    text: "Memory capture is automatic. Never auto-modify user files. Proposals require explicit approval."
+    priority: high
+
+  - id: art-xiv
+    text: "Framework registry is source of truth. REUSE > ADAPT > CREATE preference."
+    priority: normal
+
+  - id: art-xv
+    text: "Session lock is mandatory when session is active. Exit requires explicit user intent."
+    priority: critical
+
+  - id: art-xvi
+    text: "Model governance: respect per-agent model assignments. No downgrade from assigned model."
+    priority: high

package/framework/domains/global.yaml

@@ -0,0 +1,64 @@
+# Global Domain — Coding standards, bracket behavior, mode constraints
+# Injected by PRISM L1 layer
+
+rules:
+  - id: code-english
+    text: "All code, comments, and variable names must be in English."
+    priority: high
+
+  - id: code-conventions
+    text: "Follow existing codebase conventions. Check patterns before creating new ones."
+    priority: normal
+
+  - id: artifacts-english
+    text: "All artifacts (PRD, architecture docs, task definitions) must be in English."
+    priority: high
+
+  - id: interaction-lang
+    text: "Interact with user in their preferred language. Artifacts stay in English."
+    priority: normal
+
+modes:
+  clarity:
+    writeScope: "chati.dev/"
+    allowedActions:
+      - read_any_file
+      - write_chati_dev_only
+      - create_artifacts
+      - run_analysis
+    blockedActions:
+      - modify_project_code
+      - run_destructive_commands
+      - deploy
+
+  build:
+    writeScope: "*"
+    allowedActions:
+      - read_any_file
+      - write_any_file
+      - run_tests
+      - run_linting
+      - git_operations
+    blockedActions:
+      - deploy_to_production
+      - modify_infrastructure
+
+  deploy:
+    writeScope: "*"
+    allowedActions:
+      - read_any_file
+      - write_any_file
+      - deploy_to_production
+      - modify_infrastructure
+      - run_tests
+    blockedActions: []
+
+brackets:
+  FRESH:
+    behavior: "Full context injection. All layers active. Include detailed rules and examples."
+  MODERATE:
+    behavior: "Standard injection. Skip task detail layer (L4). Summarize long rules."
+  DEPLETED:
+    behavior: "Minimal injection. Only L0+L1+L2. Use rule IDs instead of full text."
+  CRITICAL:
+    behavior: "Emergency. L0+L1 only. Trigger handoff advisory. Preserve essential state."

package/framework/domains/workflows/brownfield-discovery.yaml

@@ -0,0 +1,16 @@
+# Brownfield Discovery Workflow Domain — PRISM L3
+# Discovery-only pipeline (no implementation)
+
+steps:
+  - brownfield-wu
+  - brief
+  - detail
+  - architect
+
+rules:
+  - id: disc-deep
+    text: "Deep discovery is mandatory. Analyze full codebase before proceeding."
+    priority: critical
+  - id: disc-readonly
+    text: "Discovery workflow does not modify project code."
+    priority: high

package/framework/domains/workflows/brownfield-fullstack.yaml

@@ -0,0 +1,26 @@
+# Brownfield Fullstack Workflow Domain — PRISM L3
+# Full pipeline for existing projects (deep discovery required)
+
+steps:
+  - brownfield-wu
+  - brief
+  - detail
+  - architect
+  - ux
+  - phases
+  - tasks
+  - qa-planning
+  - dev
+  - qa-implementation
+  - devops
+
+rules:
+  - id: bf-deep
+    text: "Brownfield ALWAYS uses deep discovery. No Quick or Scout modes."
+    priority: critical
+  - id: bf-preserve
+    text: "Existing codebase conventions must be respected. REUSE > ADAPT > CREATE."
+    priority: high
+  - id: bf-risk
+    text: "Risk assessment from WU must be addressed in architecture decisions."
+    priority: high

package/framework/domains/workflows/brownfield-service.yaml

@@ -0,0 +1,22 @@
+# Brownfield Service Workflow Domain — PRISM L3
+# Backend/API-focused pipeline (skip UX)
+
+steps:
+  - brownfield-wu
+  - brief
+  - detail
+  - architect
+  - phases
+  - tasks
+  - qa-planning
+  - dev
+  - qa-implementation
+  - devops
+
+rules:
+  - id: svc-no-ux
+    text: "Service workflow skips UX agent. Focus on API and backend."
+    priority: high
+  - id: svc-api
+    text: "API design is mandatory in architect phase."
+    priority: high

package/framework/domains/workflows/brownfield-ui.yaml

@@ -0,0 +1,22 @@
+# Brownfield UI Workflow Domain — PRISM L3
+# Frontend/UI-focused pipeline
+
+steps:
+  - brownfield-wu
+  - brief
+  - detail
+  - ux
+  - phases
+  - tasks
+  - qa-planning
+  - dev
+  - qa-implementation
+  - devops
+
+rules:
+  - id: ui-ux-required
+    text: "UX phase is mandatory for UI workflows. Do not skip."
+    priority: high
+  - id: ui-a11y
+    text: "Accessibility validation (a11y) is required during UX phase."
+    priority: high

package/framework/domains/workflows/greenfield-fullstack.yaml

@@ -0,0 +1,26 @@
+# Greenfield Fullstack Workflow Domain — PRISM L3
+# Full pipeline for new projects
+
+steps:
+  - greenfield-wu
+  - brief
+  - detail
+  - architect
+  - ux
+  - phases
+  - tasks
+  - qa-planning
+  - dev
+  - qa-implementation
+  - devops
+
+rules:
+  - id: gf-order
+    text: "Follow pipeline order strictly. WU must complete before Brief."
+    priority: high
+  - id: gf-parallel
+    text: "Detail, Architect, and UX can run in parallel after Brief."
+    priority: normal
+  - id: gf-gate
+    text: "QA-Planning gate must pass before entering BUILD phase."
+    priority: critical

package/framework/hooks/constitution-guard.js

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+/**
+ * Constitution Guard Hook — PreToolUse (Write/Edit/Bash)
+ *
+ * BLOCKS operations that violate Constitution Article IV:
+ * - Writing files that contain secrets/credentials
+ * - Destructive operations without explicit user confirmation
+ *
+ * Also enforces Article XV: Session lock awareness.
+ */
+
+const SECRET_PATTERNS = [
+  /(?:api[_-]?key|apikey)\s*[:=]\s*["']?[A-Za-z0-9_\-]{20,}/i,
+  /(?:secret|password|passwd|pwd)\s*[:=]\s*["']?[^\s"']{8,}/i,
+  /(?:token)\s*[:=]\s*["']?[A-Za-z0-9_\-]{20,}/i,
+  /(?:AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY)\s*[:=]/i,
+  /(?:PRIVATE[_-]?KEY|-----BEGIN (?:RSA |EC )?PRIVATE KEY)/i,
+  /(?:Bearer\s+)[A-Za-z0-9_\-./]{20,}/,
+];
+
+const DESTRUCTIVE_COMMANDS = [
+  /rm\s+-rf\s+[/~]/,
+  /git\s+reset\s+--hard/,
+  /git\s+push\s+--force/,
+  /drop\s+(?:table|database)/i,
+  /truncate\s+table/i,
+  /DELETE\s+FROM\s+\w+\s*(?:;|$)/i,
+];
+
+/**
+ * Check if content contains potential secrets.
+ */
+function containsSecrets(content) {
+  if (!content || typeof content !== 'string') return [];
+  const found = [];
+  for (const pattern of SECRET_PATTERNS) {
+    if (pattern.test(content)) {
+      found.push(pattern.source.slice(0, 40));
+    }
+  }
+  return found;
+}
+
+/**
+ * Check if a bash command is destructive.
+ */
+function isDestructiveCommand(command) {
+  if (!command || typeof command !== 'string') return false;
+  return DESTRUCTIVE_COMMANDS.some(pattern => pattern.test(command));
+}
+
+async function main() {
+  let input = '';
+  for await (const chunk of process.stdin) {
+    input += chunk;
+  }
+
+  try {
+    const event = JSON.parse(input);
+    const toolName = event.tool_name || '';
+    const toolInput = event.tool_input || {};
+
+    // Check Write/Edit operations for secrets
+    if (toolName === 'Write' || toolName === 'Edit') {
+      const content = toolInput.content || toolInput.new_string || '';
+      const secrets = containsSecrets(content);
+
+      if (secrets.length > 0) {
+        process.stdout.write(JSON.stringify({
+          decision: 'block',
+          reason: `[Article IV] Potential secret detected in file content. Pattern: ${secrets[0]}. Use environment variables instead.`,
+        }));
+        return;
+      }
+    }
+
+    // Check Bash operations for destructive commands
+    if (toolName === 'Bash') {
+      const command = toolInput.command || '';
+      if (isDestructiveCommand(command)) {
+        process.stdout.write(JSON.stringify({
+          decision: 'block',
+          reason: `[Article IV] Destructive command detected: "${command.slice(0, 60)}...". This requires explicit user confirmation.`,
+        }));
+        return;
+      }
+    }
+
+    process.stdout.write(JSON.stringify({ decision: 'allow' }));
+  } catch {
+    process.stdout.write(JSON.stringify({ decision: 'allow' }));
+  }
+}
+
+export { containsSecrets, isDestructiveCommand, SECRET_PATTERNS, DESTRUCTIVE_COMMANDS };
+
+// Only run main when executed directly (not imported by tests)
+import { fileURLToPath } from 'url';
+if (process.argv[1] === fileURLToPath(import.meta.url)) {
+  main();
+}

package/framework/hooks/mode-governance.js

@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+/**
+ * Mode Governance Hook — PreToolUse (Write/Edit)
+ *
+ * BLOCKS write operations outside the scope of the current mode:
+ * - clarity mode: can only write to chati.dev/ and .chati/
+ * - build mode: can write anywhere
+ * - deploy mode: can write anywhere + infra
+ *
+ * Constitution Article XI enforcement.
+ */
+
+import { existsSync, readFileSync } from 'fs';
+import { join, relative, isAbsolute } from 'path';
+
+const MODE_SCOPES = {
+  clarity: {
+    allowed: ['chati.dev/', '.chati/', 'chati.dev/artifacts/'],
+    description: 'Clarity mode: write only to chati.dev/ and .chati/',
+  },
+  build: {
+    allowed: ['*'],
+    description: 'Build mode: full write access',
+  },
+  deploy: {
+    allowed: ['*'],
+    description: 'Deploy mode: full write access including infrastructure',
+  },
+};
+
+function getCurrentMode(projectDir) {
+  const sessionPath = join(projectDir, '.chati', 'session.yaml');
+  if (!existsSync(sessionPath)) return 'clarity'; // Default to most restrictive
+
+  const raw = readFileSync(sessionPath, 'utf-8');
+  const match = raw.match(/^\s*mode:\s*(.+)$/m);
+  return match ? match[1].trim().replace(/^["']|["']$/g, '') : 'clarity';
+}
+
+function isPathAllowed(filePath, projectDir, mode) {
+  const scope = MODE_SCOPES[mode];
+  if (!scope) return false;
+
+  const rel = isAbsolute(filePath) ? relative(projectDir, filePath) : filePath;
+  // Block paths that escape the project — regardless of mode
+  if (rel.startsWith('..')) return false;
+
+  if (scope.allowed.includes('*')) return true;
+  return scope.allowed.some(prefix => rel.startsWith(prefix));
+}
+
+async function main() {
+  let input = '';
+  for await (const chunk of process.stdin) {
+    input += chunk;
+  }
+
+  try {
+    const event = JSON.parse(input);
+    const projectDir = event.cwd || process.cwd();
+    const toolInput = event.tool_input || {};
+    const filePath = toolInput.file_path || toolInput.path || '';
+
+    if (!filePath) {
+      process.stdout.write(JSON.stringify({ decision: 'allow' }));
+      return;
+    }
+
+    const mode = getCurrentMode(projectDir);
+
+    if (isPathAllowed(filePath, projectDir, mode)) {
+      process.stdout.write(JSON.stringify({ decision: 'allow' }));
+    } else {
+      const scope = MODE_SCOPES[mode];
+      process.stdout.write(JSON.stringify({
+        decision: 'block',
+        reason: `[Article XI] ${scope.description}. Cannot write to "${filePath}" in ${mode} mode.`,
+      }));
+    }
+  } catch {
+    // On error, allow (fail-open to avoid blocking legitimate work)
+    process.stdout.write(JSON.stringify({ decision: 'allow' }));
+  }
+}
+
+export { getCurrentMode, isPathAllowed, MODE_SCOPES };
+
+// Only run main when executed directly (not imported by tests)
+import { fileURLToPath } from 'url';
+if (process.argv[1] === fileURLToPath(import.meta.url)) {
+  main();
+}

package/framework/hooks/model-governance.js

@@ -0,0 +1,76 @@
+#!/usr/bin/env node
+/**
+ * Model Governance Hook — UserPromptSubmit
+ *
+ * Validates that the model being used matches the agent's assignment.
+ * Constitution Article XVI enforcement.
+ *
+ * Model assignments (from agent definitions):
+ * - orchestrator: opus
+ * - brief, detail, phases, tasks: sonnet
+ * - architect, dev: sonnet | upgrade: opus if complex
+ * - ux: sonnet
+ * - qa-planning, qa-implementation: sonnet
+ * - devops: sonnet
+ * - greenfield-wu, brownfield-wu: sonnet
+ *
+ * This hook is advisory — it warns but does not block.
+ */
+
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+
+const AGENT_MODELS = {
+  orchestrator: 'opus',
+  'greenfield-wu': 'sonnet',
+  'brownfield-wu': 'sonnet',
+  brief: 'sonnet',
+  detail: 'sonnet',
+  architect: 'sonnet',
+  ux: 'sonnet',
+  phases: 'sonnet',
+  tasks: 'sonnet',
+  'qa-planning': 'sonnet',
+  'qa-implementation': 'sonnet',
+  dev: 'sonnet',
+  devops: 'sonnet',
+};
+
+function getCurrentAgent(projectDir) {
+  const sessionPath = join(projectDir, '.chati', 'session.yaml');
+  if (!existsSync(sessionPath)) return null;
+
+  const raw = readFileSync(sessionPath, 'utf-8');
+  const match = raw.match(/^\s*current_agent:\s*(.+)$/m);
+  return match ? match[1].trim().replace(/^["']|["']$/g, '') : null;
+}
+
+async function main() {
+  let input = '';
+  for await (const chunk of process.stdin) {
+    input += chunk;
+  }
+
+  try {
+    const event = JSON.parse(input);
+    const projectDir = event.cwd || process.cwd();
+    const agent = getCurrentAgent(projectDir);
+
+    if (agent && AGENT_MODELS[agent]) {
+      const expected = AGENT_MODELS[agent];
+      // Advisory note — appended to context
+      process.stdout.write(JSON.stringify({
+        result: 'allow',
+        prefix: `<!-- [Article XVI] Agent "${agent}" assigned model: ${expected} -->`,
+      }));
+    } else {
+      process.stdout.write(JSON.stringify({ result: 'allow' }));
+    }
+  } catch {
+    process.stdout.write(JSON.stringify({ result: 'allow' }));
+  }
+}
+
+export { AGENT_MODELS, getCurrentAgent };
+
+main();

package/framework/hooks/prism-engine.js

@@ -0,0 +1,89 @@
+#!/usr/bin/env node
+/**
+ * PRISM Engine Hook — UserPromptSubmit
+ *
+ * Injects PRISM context block into every user prompt.
+ * Reads session state to determine bracket, agent, and mode,
+ * then runs the PRISM pipeline to produce XML context.
+ *
+ * Claude Code Hook: triggers on every user message submission.
+ */
+
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+
+/**
+ * Read session.yaml and extract key fields for PRISM.
+ */
+function readSessionState(projectDir) {
+  const sessionPath = join(projectDir, '.chati', 'session.yaml');
+  if (!existsSync(sessionPath)) return null;
+
+  const raw = readFileSync(sessionPath, 'utf-8');
+  // Lightweight YAML extraction (avoid dependency)
+  const extract = (key) => {
+    const match = raw.match(new RegExp(`^\\s*${key}:\\s*(.+)$`, 'm'));
+    return match ? match[1].trim().replace(/^["']|["']$/g, '') : null;
+  };
+
+  return {
+    mode: extract('mode') || 'clarity',
+    currentAgent: extract('current_agent') || null,
+    workflow: extract('workflow') || null,
+    pipelinePosition: extract('pipeline_position') || null,
+    turnCount: parseInt(extract('turn_count') || '0', 10),
+  };
+}
+
+/**
+ * Main hook handler.
+ * Reads stdin for hook event, outputs context to inject.
+ */
+async function main() {
+  let input = '';
+  for await (const chunk of process.stdin) {
+    input += chunk;
+  }
+
+  try {
+    const event = JSON.parse(input);
+    const projectDir = event.cwd || process.cwd();
+    const session = readSessionState(projectDir);
+
+    if (!session) {
+      // No active session — don't inject anything
+      process.stdout.write(JSON.stringify({ result: 'allow' }));
+      return;
+    }
+
+    // Estimate remaining context from turn count
+    const maxTurns = 40;
+    const remainingPercent = Math.max(0, Math.round((1 - session.turnCount / maxTurns) * 100));
+
+    // Determine bracket
+    let bracket = 'FRESH';
+    if (remainingPercent < 25) bracket = 'CRITICAL';
+    else if (remainingPercent < 40) bracket = 'DEPLETED';
+    else if (remainingPercent < 60) bracket = 'MODERATE';
+
+    // Build minimal context block (full PRISM pipeline is used by orchestrator internally)
+    const contextBlock = [
+      `<chati-context bracket="${bracket}">`,
+      `  <mode>${session.mode}</mode>`,
+      session.currentAgent ? `  <agent>${session.currentAgent}</agent>` : '',
+      session.pipelinePosition ? `  <pipeline-position>${session.pipelinePosition}</pipeline-position>` : '',
+      bracket === 'CRITICAL' ? '  <advisory>Context running low. Consider handoff or summary.</advisory>' : '',
+      '</chati-context>',
+    ].filter(Boolean).join('\n');
+
+    process.stdout.write(JSON.stringify({
+      result: 'allow',
+      prefix: contextBlock,
+    }));
+  } catch {
+    // On error, allow without injection
+    process.stdout.write(JSON.stringify({ result: 'allow' }));
+  }
+}
+
+main();