claude-code-pilot 3.2.0 → 3.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/CHANGELOG.md +57 -0
  2. package/README.md +14 -9
  3. package/bin/install.js +113 -15
  4. package/manifest.json +18 -3
  5. package/package.json +3 -2
  6. package/src/agents/django-build-resolver.md +252 -0
  7. package/src/agents/django-reviewer.md +169 -0
  8. package/src/agents/fastapi-reviewer.md +79 -0
  9. package/src/agents/fsharp-reviewer.md +109 -0
  10. package/src/agents/swift-build-resolver.md +170 -0
  11. package/src/agents/swift-reviewer.md +116 -0
  12. package/src/commands/ccp/cost-report.md +107 -0
  13. package/src/commands/ccp/intel.md +3 -3
  14. package/src/commands/ccp/mvp-phase.md +45 -0
  15. package/src/commands/ccp/plan-prd.md +160 -0
  16. package/src/commands/ccp/pr-ecc.md +184 -0
  17. package/src/commands/ccp/security-scan.md +74 -0
  18. package/src/hooks/ccp-bash-hook-dispatcher.js +96 -0
  19. package/src/hooks/ccp-context-monitor.js +23 -0
  20. package/src/hooks/ccp-doc-file-warning.js +93 -0
  21. package/src/hooks/ccp-pre-bash-dispatcher.js +24 -0
  22. package/src/hooks/ccp-write-gateguard.js +868 -0
  23. package/src/lib/project-detect.js +0 -2
  24. package/src/lib/shell-substitution.js +499 -0
  25. package/src/pilot/references/execute-mvp-tdd.md +81 -0
  26. package/src/pilot/references/mvp-concepts.md +49 -0
  27. package/src/pilot/references/planner-graphify-auto-update.md +67 -0
  28. package/src/pilot/references/planner-human-verify-mode.md +57 -0
  29. package/src/pilot/references/planner-mvp-mode.md +53 -0
  30. package/src/pilot/references/skeleton-template.md +48 -0
  31. package/src/pilot/references/spidr-splitting.md +69 -0
  32. package/src/pilot/references/user-story-template.md +58 -0
  33. package/src/pilot/references/verify-mvp-mode.md +85 -0
  34. package/src/pilot/references/worktree-path-safety.md +89 -0
  35. package/src/pilot/workflows/help.md +5 -0
  36. package/src/pilot/workflows/mvp-phase.md +199 -0
  37. package/src/skills/agent-architecture-audit/SKILL.md +256 -0
  38. package/src/skills/agent-harness-design/SKILL.md +73 -0
  39. package/src/skills/angular-developer/SKILL.md +154 -0
  40. package/src/skills/angular-developer/references/angular-animations.md +160 -0
  41. package/src/skills/angular-developer/references/angular-aria.md +410 -0
  42. package/src/skills/angular-developer/references/cli.md +86 -0
  43. package/src/skills/angular-developer/references/component-harnesses.md +59 -0
  44. package/src/skills/angular-developer/references/component-styling.md +91 -0
  45. package/src/skills/angular-developer/references/components.md +117 -0
  46. package/src/skills/angular-developer/references/creating-services.md +97 -0
  47. package/src/skills/angular-developer/references/data-resolvers.md +69 -0
  48. package/src/skills/angular-developer/references/define-routes.md +67 -0
  49. package/src/skills/angular-developer/references/defining-providers.md +72 -0
  50. package/src/skills/angular-developer/references/di-fundamentals.md +120 -0
  51. package/src/skills/angular-developer/references/e2e-testing.md +56 -0
  52. package/src/skills/angular-developer/references/effects.md +83 -0
  53. package/src/skills/angular-developer/references/hierarchical-injectors.md +43 -0
  54. package/src/skills/angular-developer/references/host-elements.md +80 -0
  55. package/src/skills/angular-developer/references/injection-context.md +63 -0
  56. package/src/skills/angular-developer/references/inputs.md +101 -0
  57. package/src/skills/angular-developer/references/linked-signal.md +59 -0
  58. package/src/skills/angular-developer/references/loading-strategies.md +61 -0
  59. package/src/skills/angular-developer/references/mcp.md +108 -0
  60. package/src/skills/angular-developer/references/navigate-to-routes.md +69 -0
  61. package/src/skills/angular-developer/references/outputs.md +86 -0
  62. package/src/skills/angular-developer/references/reactive-forms.md +122 -0
  63. package/src/skills/angular-developer/references/rendering-strategies.md +44 -0
  64. package/src/skills/angular-developer/references/resource.md +77 -0
  65. package/src/skills/angular-developer/references/route-animations.md +56 -0
  66. package/src/skills/angular-developer/references/route-guards.md +52 -0
  67. package/src/skills/angular-developer/references/router-lifecycle.md +45 -0
  68. package/src/skills/angular-developer/references/router-testing.md +87 -0
  69. package/src/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
  70. package/src/skills/angular-developer/references/signal-forms.md +795 -0
  71. package/src/skills/angular-developer/references/signals-overview.md +94 -0
  72. package/src/skills/angular-developer/references/tailwind-css.md +69 -0
  73. package/src/skills/angular-developer/references/template-driven-forms.md +114 -0
  74. package/src/skills/angular-developer/references/testing-fundamentals.md +65 -0
  75. package/src/skills/error-handling/SKILL.md +376 -0
  76. package/src/skills/fastapi-patterns/SKILL.md +327 -0
  77. package/src/skills/flox-environments/SKILL.md +496 -0
  78. package/src/skills/fsharp-testing/SKILL.md +280 -0
  79. package/src/skills/ios-icon-gen/SKILL.md +157 -0
  80. package/src/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
  81. package/src/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
  82. package/src/skills/make-interfaces-feel-better/SKILL.md +151 -0
  83. package/src/skills/mysql-patterns/SKILL.md +412 -0
  84. package/src/skills/plan-orchestrate/SKILL.md +220 -0
  85. package/src/skills/prisma-patterns/SKILL.md +371 -0
  86. package/src/skills/production-audit/SKILL.md +206 -0
  87. package/src/skills/security-scan/references/agentshield-policy-exception/candidate-playbook.md +49 -0
  88. package/src/skills/security-scan/references/agentshield-policy-exception/report.json +35 -0
  89. package/src/skills/security-scan/references/agentshield-policy-exception/scenario.json +62 -0
  90. package/src/skills/security-scan/references/agentshield-policy-exception/trace.json +45 -0
  91. package/src/skills/security-scan/references/agentshield-policy-exception/verifier-result.json +35 -0
  92. package/src/skills/vite-patterns/SKILL.md +449 -0
  93. package/src/skills/windows-desktop-e2e/SKILL.md +887 -0
@@ -0,0 +1,199 @@
1
+ <purpose>
2
+ Guide the user through MVP-mode planning for a phase. Prompts for an "As a / I want to / So that" user story, runs SPIDR splitting check on the story, writes the result to ROADMAP.md, and delegates to `/ccp:plan-phase` (which auto-detects MVP via the roadmap mode field shipped in PRD Phase 1).
3
+ </purpose>
4
+
5
+ <required_reading>
6
+ @~/.claude/pilot/references/user-story-template.md
7
+ @~/.claude/pilot/references/spidr-splitting.md
8
+ @~/.claude/pilot/references/planner-mvp-mode.md
9
+ </required_reading>
10
+
11
+ <runtime_note>
12
+ **Copilot (VS Code):** Use `vscode_askquestions` wherever this workflow calls `AskUserQuestion`. They are equivalent.
13
+
14
+ **TEXT_MODE fallback:** Set TEXT_MODE=true if `--text` is present in `$ARGUMENTS` OR `text_mode` from init JSON is true. When TEXT_MODE is active, replace every AskUserQuestion call with a plain-text numbered list and ask the user to type their choice number.
15
+ </runtime_note>
16
+
17
+ <process>
18
+
19
+ ## 1. Parse and validate phase argument
20
+
21
+ Extract the phase number from `$ARGUMENTS` (integer or decimal like `2.1`). Optional flag: `--force` (allow operating on `in_progress` / `completed` phases).
22
+
23
+ If no argument:
24
+ ```
25
+ ERROR: Phase number required
26
+ Usage: /ccp:mvp-phase <phase-number>
27
+ Example: /ccp:mvp-phase 1
28
+ Example: /ccp:mvp-phase 2.1
29
+ ```
30
+ Exit.
31
+
32
+ Normalize per `@~/.claude/pilot/references/phase-argument-parsing.md` (zero-pad integer phases to two digits).
33
+
34
+ ## 2. Validate phase exists and check status
35
+
36
+ Read `.planning/ROADMAP.md` and extract the Phase `${PHASE}` block: locate the `### Phase ${PHASE}:` heading, then capture the `**Goal**:`, `**Mode**:` (if present), `**Depends on**:`, and `**Requirements**:` lines that follow. Record the phase name from the heading, the goal text, and the mode (empty string if no `**Mode**:` line exists).
37
+
38
+ To compute disk status, list the contents of `.planning/phases/` and check whether a directory matching `${PHASE}-*` exists, and whether it contains an `XX-SUMMARY.md` summary file alongside `XX-PLAN.md` files. Apply this mapping:
39
+
40
+ - If a `phase-complete` summary or all plan summaries are present, treat status as `completed`.
41
+ - If any `XX-PLAN.md` file exists for the phase but the phase is not complete, treat status as `in_progress`.
42
+ - Otherwise, treat status as `not_started`.
43
+
44
+ If the phase was not found in ROADMAP.md: error and exit. Suggest `/ccp:add-phase` or `/ccp:insert-phase` to create the phase first.
45
+
46
+ **Status guard.** If the phase is `in_progress` (has plans but not complete) or `completed`, refuse unless `--force` is in `$ARGUMENTS`:
47
+
48
+ ```text
49
+ ERROR: Phase ${PHASE} is currently ${STATUS}.
50
+ Converting an active or completed phase to MVP mode mid-flight will
51
+ invalidate any existing plans and summaries.
52
+
53
+ To proceed anyway: /ccp:mvp-phase ${PHASE} --force
54
+ ```
55
+
56
+ **Already-MVP guard.** If `PHASE_MODE` is already `mvp`, surface this and ask whether to re-prompt the user story or abort:
57
+
58
+ > "Phase ${PHASE} is already in MVP mode with goal: «${PHASE_GOAL}». Re-run user-story prompts and SPIDR check?"
59
+
60
+ Use `AskUserQuestion` with options [Re-prompt / Abort]. On Abort, exit cleanly. On Re-prompt, proceed.
61
+
62
+ ## 3. User story prompts
63
+
64
+ Run three sequential `AskUserQuestion` calls. Each is free-text. After all three, assemble into the canonical sentence per `@~/.claude/pilot/references/user-story-template.md`:
65
+
66
+ **Prompt 1 — As a:**
67
+ > "As a [user role]?"
68
+ > (Examples: "new user", "admin", "signed-in customer", "API consumer")
69
+
70
+ **Prompt 2 — I want to:**
71
+ > "I want to [capability]?"
72
+ > (Examples: "register and log in", "upload a CSV", "see my dashboard")
73
+
74
+ **Prompt 3 — So that:**
75
+ > "So that [outcome]?"
76
+ > (Examples: "I can access my account", "I can bulk-import contacts", "I can see at a glance what needs attention")
77
+
78
+ Assemble:
79
+
80
+ ```
81
+ USER_STORY="As a ${ROLE}, I want to ${CAPABILITY}, so that ${OUTCOME}."
82
+ ```
83
+
84
+ If any of the three answers is empty or whitespace-only, error and re-prompt that single field. Do NOT proceed with a partial story.
85
+
86
+ **Validate the assembled story against the canonical regex** `/^As a .+, I want to .+, so that .+\.$/`. The verb owns this regex and surfaces per-error guidance:
87
+
88
+ - If the story does not match, identify which clause is missing or malformed (`As a ...`, `I want to ...`, `so that ...`, trailing period) and re-prompt only the offending field(s).
89
+ - Rebuild `USER_STORY` and re-validate before continuing.
90
+ - Do not abort the workflow on first invalid draft.
91
+
92
+ This guarantees the goal stored in ROADMAP.md will satisfy the same guard the verifier applies later.
93
+
94
+ ## 4. SPIDR splitting check
95
+
96
+ Run the SPIDR rules from `@~/.claude/pilot/references/spidr-splitting.md`. Briefly:
97
+
98
+ **Trigger evaluation.** Check the assembled `USER_STORY` against the four size signals from the reference (compound capabilities, multi-actor, length > 120 chars, vague capability). If none fire, **skip SPIDR** entirely — go to step 5.
99
+
100
+ **If SPIDR triggers.**
101
+
102
+ a) Restate the story to the user:
103
+
104
+ > "Your story: «${USER_STORY}»
105
+ >
106
+ > This story has [signal description, e.g., 'two compound capabilities joined by and']. Splitting it into multiple phases will produce a cleaner Walking Skeleton and reduce the risk of mid-phase scope creep.
107
+ >
108
+ > Want to walk through SPIDR splitting?"
109
+
110
+ Use `AskUserQuestion` with options [Yes, walk through SPIDR / No, proceed with the story as-is].
111
+
112
+ If "No": skip SPIDR, go to step 5.
113
+
114
+ If "Yes": continue to (b).
115
+
116
+ b) Ask which SPIDR axis fits best:
117
+
118
+ > "Which axis best fits how to split this story?"
119
+
120
+ Use `AskUserQuestion` with the five options from `spidr-splitting.md` (Spike / Paths / Interfaces / Data / Rules). Each option includes its targeted question as the description so the user can pick by understanding what each axis means.
121
+
122
+ c) Walk through the chosen axis with **one** targeted question (not all five). For example, if the user picked "Paths":
123
+
124
+ > "Does this feature have a happy path and one or more error/edge paths?"
125
+
126
+ Free-text response. Workflow parses to identify the split.
127
+
128
+ d) Produce a split proposal. Example:
129
+
130
+ > "Proposed split (Paths axis):
131
+ > - **Phase ${PHASE} (this one):** Happy path — ${HAPPY_STORY}
132
+ > - **Phase ${PHASE+1} (new):** Edge case — ${EDGE_STORY}
133
+ >
134
+ > Accept this split?"
135
+
136
+ Use `AskUserQuestion` [Accept / Modify / Reject].
137
+
138
+ - **Accept**: `USER_STORY` becomes the first split's story (`${HAPPY_STORY}` in the example). Surface the remaining splits as a list of `/ccp:add-phase` invocations the user can run after this command completes — do NOT auto-create the new phases (preserve user control over numbering).
139
+ - **Modify**: re-prompt the splits one more time, then accept or reject.
140
+ - **Reject**: revert `USER_STORY` to the original, proceed without splitting.
141
+
142
+ ## 5. Update ROADMAP.md
143
+
144
+ Read `ROADMAP.md`. Find the section for `Phase ${PHASE}`. Apply two edits:
145
+
146
+ **Edit 1 — Update Goal line.**
147
+
148
+ Find: `**Goal:** ${OLD_GOAL_TEXT}`
149
+ Replace with: `**Goal:** ${USER_STORY}`
150
+
151
+ **Edit 2 — Insert Mode line.**
152
+
153
+ If `**Mode:**` already exists in the section (replacing or re-running), update it to `**Mode:** mvp`.
154
+ If `**Mode:**` does not exist, insert `**Mode:** mvp` on the line immediately after `**Goal:**`.
155
+
156
+ Show the user a unified diff (lines being changed) and ask:
157
+
158
+ > "Apply these changes to ROADMAP.md?"
159
+
160
+ Use `AskUserQuestion` [Apply / Cancel]. On Cancel, exit without writing.
161
+
162
+ On Apply, write the updated `ROADMAP.md` atomically (read-edit-write).
163
+
164
+ ## 6. Verify the write
165
+
166
+ Re-read `.planning/ROADMAP.md` and re-extract the Phase `${PHASE}` block: locate the `### Phase ${PHASE}:` heading and capture the `**Goal**:` and `**Mode**:` lines that follow.
167
+
168
+ Assert:
169
+ - The new `**Mode**:` value equals `mvp`
170
+ - The new `**Goal**:` value equals the assembled user story
171
+
172
+ If either assertion fails, surface the discrepancy to the user and exit. Do not proceed to plan-phase delegation with a half-applied write.
173
+
174
+ ## 7. Delegate to /ccp:plan-phase
175
+
176
+ Invoke `/ccp:plan-phase ${PHASE}` (no flags). Phase 1's MVP_MODE resolution chain (CLI flag → roadmap mode → config → false) will detect the new `**Mode:** mvp` line and run plan-phase in vertical-slice mode automatically.
177
+
178
+ The Walking Skeleton gate (also from Phase 1) will fire automatically if `${PHASE} == "01"` and there are zero prior phase summaries.
179
+
180
+ ## 8. Surface deferred phase splits (if any)
181
+
182
+ If SPIDR produced a split in step 4, append a final user-facing message:
183
+
184
+ > "**SPIDR split deferred phases.**
185
+ >
186
+ > Your original story was split. The first slice is now planned via plan-phase.
187
+ > To create the remaining slice(s) as new phases, run:
188
+ >
189
+ > - `/ccp:add-phase` — for the next slice: «${SPLIT_2_STORY}»
190
+ > - `/ccp:add-phase` — for the next slice: «${SPLIT_3_STORY}»
191
+ >
192
+ > Each will be added to the end of the current milestone. You can then run
193
+ > `/ccp:mvp-phase <new-phase-number>` on each to plan them as MVP slices."
194
+
195
+ ## 9. Exit
196
+
197
+ Workflow ends. The phase is now in MVP mode with a planned PLAN.md, optionally with deferred follow-up phases surfaced for the user.
198
+
199
+ </process>
@@ -0,0 +1,256 @@
1
+ ---
2
+ name: agent-architecture-audit
3
+ description: Full-stack diagnostic for agent and LLM applications. Audits the 12-layer agent stack for wrapper regression, memory pollution, tool discipline failures, hidden repair loops, and rendering corruption. Produces severity-ranked findings with code-first fixes. Essential for developers building agent applications, autonomous loops, or any LLM-powered feature.
4
+ origin: oh-my-agent-check
5
+ tools: Read, Write, Edit, Bash, Grep, Glob
6
+ ---
7
+
8
+ # Agent Architecture Audit
9
+
10
+ A diagnostic workflow for agent systems that hide failures behind wrapper layers, stale memory, retry loops, or transport/rendering mutations.
11
+
12
+ ## When to Activate
13
+
14
+ **MANDATORY for:**
15
+ - Releasing any agent or LLM-powered application to production
16
+ - Shipping features with tool calling, memory, or multi-step workflows
17
+ - Agent behavior degrades after adding wrapper layers
18
+ - User reports "the agent is getting worse" or "tools are flaky"
19
+ - Same model works in playground but breaks inside your wrapper
20
+ - Debugging agent behavior for more than 15 minutes without finding root cause
21
+
22
+ **Especially critical when:**
23
+ - You've added new prompt layers, tool definitions, or memory systems
24
+ - Different agents in your system behave inconsistently
25
+ - The model was fine yesterday but is hallucinating today
26
+ - You suspect hidden repair/retry loops silently mutating responses
27
+
28
+ **Do not use for:**
29
+ - General code debugging — use `agent-introspection-debugging`
30
+ - Code review — use language-specific reviewer agents
31
+ - Security scanning — use `security-review` or `security-review/scan`
32
+ - Agent performance benchmarking — use `agent-eval`
33
+ - Writing new features — use the appropriate workflow skill
34
+
35
+ ## The 12-Layer Stack
36
+
37
+ Every agent system has these layers. Any of them can corrupt the answer:
38
+
39
+ | # | Layer | What Goes Wrong |
40
+ |---|-------|----------------|
41
+ | 1 | System prompt | Conflicting instructions, instruction bloat |
42
+ | 2 | Session history | Stale context injection from previous turns |
43
+ | 3 | Long-term memory | Pollution across sessions, old topics in new conversations |
44
+ | 4 | Distillation | Compressed artifacts re-entering as pseudo-facts |
45
+ | 5 | Active recall | Redundant re-summary layers wasting context |
46
+ | 6 | Tool selection | Wrong tool routing, model skips required tools |
47
+ | 7 | Tool execution | Hallucinated execution — claims to call but doesn't |
48
+ | 8 | Tool interpretation | Misread or ignored tool output |
49
+ | 9 | Answer shaping | Format corruption in final response |
50
+ | 10 | Platform rendering | Transport-layer mutation (UI, API, CLI mutates valid answers) |
51
+ | 11 | Hidden repair loops | Silent fallback/retry agents running second LLM pass |
52
+ | 12 | Persistence | Expired state or cached artifacts reused as live evidence |
53
+
54
+ ## Common Failure Patterns
55
+
56
+ ### 1. Wrapper Regression
57
+
58
+ The base model produces correct answers, but the wrapper layers make it worse.
59
+
60
+ **Symptoms:**
61
+ - Model works fine in playground or direct API call, breaks in your agent
62
+ - Added a new prompt layer, existing behavior degraded
63
+ - Agent sounds confident but is confidently wrong
64
+ - "It was working before the last update"
65
+
66
+ ### 2. Memory Contamination
67
+
68
+ Old topics leak into new conversations through history, memory retrieval, or distillation.
69
+
70
+ **Symptoms:**
71
+ - Agent brings up unrelated past topics
72
+ - User corrections don't stick (old memory overwrites new)
73
+ - Same-session artifacts re-enter as pseudo-facts
74
+ - Memory grows without bound, degrading response quality over time
75
+
76
+ ### 3. Tool Discipline Failure
77
+
78
+ Tools are declared in the prompt but not enforced in code. The model skips them or hallucinates execution.
79
+
80
+ **Symptoms:**
81
+ - "Must use tool X" in prompt, but model answers without calling it
82
+ - Tool results look correct but were never actually executed
83
+ - Different tools fight over the same responsibility
84
+ - Model uses tool when it shouldn't, or skips it when it must
85
+
86
+ ### 4. Rendering/Transport Corruption
87
+
88
+ The agent's internal answer is correct, but the platform layer mutates it during delivery.
89
+
90
+ **Symptoms:**
91
+ - Logs show correct answer, user sees broken output
92
+ - Markdown rendering, JSON parsing, or streaming fragments corrupt valid responses
93
+ - Hidden fallback agent quietly replaces the answer before delivery
94
+ - Output differs between terminal and UI
95
+
96
+ ### 5. Hidden Agent Layers
97
+
98
+ Silent repair, retry, summarization, or recall agents run without explicit contracts.
99
+
100
+ **Symptoms:**
101
+ - Output changes between internal generation and user delivery
102
+ - "Auto-fix" loops run a second LLM pass the user doesn't know about
103
+ - Multiple agents modify the same output without coordination
104
+ - Answers get "smoothed" or "corrected" by invisible layers
105
+
106
+ ## Audit Workflow
107
+
108
+ ### Phase 1: Scope
109
+
110
+ Define what you're auditing:
111
+
112
+ - **Target system** — what agent application?
113
+ - **Entrypoints** — how do users interact with it?
114
+ - **Model stack** — which LLM(s) and providers?
115
+ - **Symptoms** — what does the user report?
116
+ - **Time window** — when did it start?
117
+ - **Layers to audit** — which of the 12 layers apply?
118
+
119
+ ### Phase 2: Evidence Collection
120
+
121
+ Gather evidence from the codebase:
122
+
123
+ - **Source code** — agent loop, tool router, memory admission, prompt assembly
124
+ - **Logs** — historical session traces, tool call records
125
+ - **Config** — prompt templates, tool schemas, provider settings
126
+ - **Memory files** — SOPs, knowledge bases, session archives
127
+
128
+ Use `rg` to search for anti-patterns:
129
+
130
+ ```bash
131
+ # Tool requirements expressed only in prompt text (not code)
132
+ rg "must.*tool|必须.*工具|required.*call" --type md
133
+
134
+ # Tool execution without validation
135
+ rg "tool_call|toolCall|tool_use" --type py --type ts
136
+
137
+ # Hidden LLM calls outside main agent loop
138
+ rg "completion|chat\.create|messages\.create|llm\.invoke"
139
+
140
+ # Memory admission without user-correction priority
141
+ rg "memory.*admit|long.*term.*update|persist.*memory" --type py --type ts
142
+
143
+ # Fallback loops that run additional LLM calls
144
+ rg "fallback|retry.*llm|repair.*prompt|re-?prompt" --type py --type ts
145
+
146
+ # Silent output mutation
147
+ rg "mutate|rewrite.*response|transform.*output|shap" --type py --type ts
148
+ ```
149
+
150
+ ### Phase 3: Failure Mapping
151
+
152
+ For each finding, document:
153
+
154
+ - **Symptom** — what the user sees
155
+ - **Mechanism** — how the wrapper causes it
156
+ - **Source layer** — which of the 12 layers
157
+ - **Root cause** — the deepest cause
158
+ - **Evidence** — file:line or log:row reference
159
+ - **Confidence** — 0.0 to 1.0
160
+
161
+ ### Phase 4: Fix Strategy
162
+
163
+ Default fix order (code-first, not prompt-first):
164
+
165
+ 1. **Code-gate tool requirements** — enforce in code, not just prompt text
166
+ 2. **Remove or narrow hidden repair agents** — make fallback explicit with contracts
167
+ 3. **Reduce context duplication** — same info through prompt + history + memory + distillation
168
+ 4. **Tighten memory admission** — user corrections > agent assertions
169
+ 5. **Tighten distillation triggers** — don't compress what shouldn't be compressed
170
+ 6. **Reduce rendering mutation** — pass-through, don't transform
171
+ 7. **Convert to typed JSON envelopes** — structured internal flow, not freeform prose
172
+
173
+ ## Severity Model
174
+
175
+ | Level | Meaning | Action |
176
+ |-------|---------|--------|
177
+ | `critical` | Agent can confidently produce wrong operational behavior | Fix before next release |
178
+ | `high` | Agent frequently degrades correctness or stability | Fix this sprint |
179
+ | `medium` | Correctness usually survives but output is fragile or wasteful | Plan for next cycle |
180
+ | `low` | Mostly cosmetic or maintainability issues | Backlog |
181
+
182
+ ## Output Format
183
+
184
+ Present findings to the user in this order:
185
+
186
+ 1. **Severity-ranked findings** (most critical first)
187
+ 2. **Architecture diagnosis** (which layer corrupted what, and why)
188
+ 3. **Ordered fix plan** (code-first, not prompt-first)
189
+
190
+ Do not lead with compliments or summaries. If the system is broken, say so directly.
191
+
192
+ ## Quick Diagnostic Questions
193
+
194
+ When auditing an agent system, answer these:
195
+
196
+ | # | Question | If Yes → |
197
+ |---|----------|----------|
198
+ | 1 | Can the model skip a required tool and still answer? | Tool not code-gated |
199
+ | 2 | Does old conversation content appear in new turns? | Memory contamination |
200
+ | 3 | Is the same info in system prompt AND memory AND history? | Context duplication |
201
+ | 4 | Does the platform run a second LLM pass before delivery? | Hidden repair loop |
202
+ | 5 | Does the output differ between internal generation and user delivery? | Rendering corruption |
203
+ | 6 | Are "must use tool X" rules only in prompt text? | Tool discipline failure |
204
+ | 7 | Can the agent's own monologue become persistent memory? | Memory poisoning |
205
+
206
+ ## Anti-Patterns to Avoid
207
+
208
+ - Avoid blaming the model before falsifying wrapper-layer regressions.
209
+ - Avoid blaming memory without showing the contamination path.
210
+ - Do not let a clean current state erase a dirty historical incident.
211
+ - Do not treat markdown prose as a trustworthy internal protocol.
212
+ - Do not accept "must use tool" in prompt text when code never enforces it.
213
+ - Keep findings direct, evidence-backed, and severity-ranked.
214
+
215
+ ## Report Schema
216
+
217
+ Audits should produce structured reports following this shape:
218
+
219
+ ```json
220
+ {
221
+ "schema_version": "ecc.agent-architecture-audit.report.v1",
222
+ "executive_verdict": {
223
+ "overall_health": "high_risk",
224
+ "primary_failure_mode": "string",
225
+ "most_urgent_fix": "string"
226
+ },
227
+ "scope": {
228
+ "target_name": "string",
229
+ "model_stack": ["string"],
230
+ "layers_to_audit": ["string"]
231
+ },
232
+ "findings": [
233
+ {
234
+ "severity": "critical|high|medium|low",
235
+ "title": "string",
236
+ "mechanism": "string",
237
+ "source_layer": "string",
238
+ "root_cause": "string",
239
+ "evidence_refs": ["file:line"],
240
+ "confidence": 0.0,
241
+ "recommended_fix": "string"
242
+ }
243
+ ],
244
+ "ordered_fix_plan": [
245
+ { "order": 1, "goal": "string", "why_now": "string", "expected_effect": "string" }
246
+ ]
247
+ }
248
+ ```
249
+
250
+ ## Related Skills
251
+
252
+ - `agent-introspection-debugging` — Debug agent runtime failures (loops, timeouts, state errors)
253
+ - `agent-eval` — Benchmark agent performance head-to-head
254
+ - `security-review` — Security audit for code and configuration
255
+ - `autonomous-agent-harness` — Set up autonomous agent operations
256
+ - `agent-harness-construction` — Build agent harnesses from scratch
@@ -0,0 +1,73 @@
1
+ ---
2
+ name: agent-harness-design
3
+ description: Design and optimize AI agent action spaces, tool definitions, and observation formatting for higher completion rates.
4
+ origin: ECC
5
+ ---
6
+
7
+ # Agent Harness Construction
8
+
9
+ Use this skill when you are improving how an agent plans, calls tools, recovers from errors, and converges on completion.
10
+
11
+ ## Core Model
12
+
13
+ Agent output quality is constrained by:
14
+ 1. Action space quality
15
+ 2. Observation quality
16
+ 3. Recovery quality
17
+ 4. Context budget quality
18
+
19
+ ## Action Space Design
20
+
21
+ 1. Use stable, explicit tool names.
22
+ 2. Keep inputs schema-first and narrow.
23
+ 3. Return deterministic output shapes.
24
+ 4. Avoid catch-all tools unless isolation is impossible.
25
+
26
+ ## Granularity Rules
27
+
28
+ - Use micro-tools for high-risk operations (deploy, migration, permissions).
29
+ - Use medium tools for common edit/read/search loops.
30
+ - Use macro-tools only when round-trip overhead is the dominant cost.
31
+
32
+ ## Observation Design
33
+
34
+ Every tool response should include:
35
+ - `status`: success|warning|error
36
+ - `summary`: one-line result
37
+ - `next_actions`: actionable follow-ups
38
+ - `artifacts`: file paths / IDs
39
+
40
+ ## Error Recovery Contract
41
+
42
+ For every error path, include:
43
+ - root cause hint
44
+ - safe retry instruction
45
+ - explicit stop condition
46
+
47
+ ## Context Budgeting
48
+
49
+ 1. Keep system prompt minimal and invariant.
50
+ 2. Move large guidance into skills loaded on demand.
51
+ 3. Prefer references to files over inlining long documents.
52
+ 4. Compact at phase boundaries, not arbitrary token thresholds.
53
+
54
+ ## Architecture Pattern Guidance
55
+
56
+ - ReAct: best for exploratory tasks with uncertain path.
57
+ - Function-calling: best for structured deterministic flows.
58
+ - Hybrid (recommended): ReAct planning + typed tool execution.
59
+
60
+ ## Benchmarking
61
+
62
+ Track:
63
+ - completion rate
64
+ - retries per task
65
+ - pass@1 and pass@3
66
+ - cost per successful task
67
+
68
+ ## Anti-Patterns
69
+
70
+ - Too many tools with overlapping semantics.
71
+ - Opaque tool output with no recovery hints.
72
+ - Error-only output without next steps.
73
+ - Context overloading with irrelevant references.
@@ -0,0 +1,154 @@
1
+ ---
2
+ name: angular-developer
3
+ description: Generates Angular code and provides architectural guidance. Trigger when creating projects, components, or services, or for best practices on reactivity (signals, linkedSignal, resource), forms, dependency injection, routing, SSR, accessibility (ARIA), animations, styling (component styles, Tailwind CSS), testing, or CLI tooling.
4
+ origin: ECC
5
+ ---
6
+
7
+ # Angular Developer Guidelines
8
+
9
+ ## When to Activate
10
+
11
+ - Working in any Angular project or codebase
12
+ - Creating or scaffolding a new Angular project, application, or library
13
+ - Generating components, services, directives, pipes, guards, or resolvers
14
+ - Implementing reactivity with Angular Signals, `linkedSignal`, or `resource`
15
+ - Working with Angular forms (signal forms, reactive forms, or template-driven)
16
+ - Setting up dependency injection, routing, lazy loading, or route guards
17
+ - Adding accessibility (ARIA), animations, or component styling
18
+ - Writing or debugging Angular-specific tests (unit, component harness, E2E)
19
+ - Configuring Angular CLI tooling or the Angular MCP server
20
+
21
+ 1. Always analyze the project's Angular version before providing guidance, as best practices and available features can vary significantly between versions. If creating a new project with Angular CLI, do not specify a version unless prompted by the user.
22
+
23
+ 2. When generating code, follow Angular's style guide and best practices for maintainability and performance. Use the Angular CLI for scaffolding components, services, directives, pipes, and routes to ensure consistency.
24
+
25
+ 3. Once you finish generating code, run `ng build` to ensure there are no build errors. If there are errors, analyze the error messages and fix them before proceeding. Do not skip this step, as it is critical for ensuring the generated code is correct and functional.
26
+
27
+ ## Creating New Projects
28
+
29
+ If no guidelines are provided by the user, use these defaults when creating a new Angular project:
30
+
31
+ 1. Use the latest stable version of Angular unless the user specifies otherwise.
32
+ 2. Prefer Signal Forms for new projects only when the target Angular version supports them. [Find out more](references/signal-forms.md).
33
+
34
+ **Execution Rules for `ng new`:**
35
+ When asked to create a new Angular project, you must determine the correct execution command by following these strict steps:
36
+
37
+ **Step 1: Check for an explicit user version.**
38
+
39
+ - **IF** the user requests a specific version (e.g., Angular 15), bypass local installations and strictly use `npx`.
40
+ - **Command:** `npx @angular/cli@<requested_version> new <project-name>`
41
+
42
+ **Step 2: Check for an existing Angular installation.**
43
+
44
+ - **IF** no specific version is requested, run `ng version` in the terminal to check if the Angular CLI is already installed on the system.
45
+ - **IF** the command succeeds and returns an installed version, use the local/global installation directly.
46
+ - **Command:** `ng new <project-name>`
47
+
48
+ **Step 3: Fallback to Latest.**
49
+
50
+ - **IF** no specific version is requested AND the `ng version` command fails (indicating no Angular installation exists), you must use `npx` to fetch the latest version.
51
+ - **Command:** `npx @angular/cli@latest new <project-name>`
52
+
53
+ ## Components
54
+
55
+ When working with Angular components, consult the following references based on the task:
56
+
57
+ - **Fundamentals**: Anatomy, metadata, core concepts, and template control flow (@if, @for, @switch). Read [components.md](references/components.md)
58
+ - **Inputs**: Signal-based inputs, transforms, and model inputs. Read [inputs.md](references/inputs.md)
59
+ - **Outputs**: Signal-based outputs and custom event best practices. Read [outputs.md](references/outputs.md)
60
+ - **Host Elements**: Host bindings and attribute injection. Read [host-elements.md](references/host-elements.md)
61
+
62
+ If you require deeper documentation not found in the references above, read the documentation at `https://angular.dev/guide/components`.
63
+
64
+ ## Reactivity and Data Management
65
+
66
+ When managing state and data reactivity, use Angular Signals and consult the following references:
67
+
68
+ - **Signals Overview**: Core signal concepts (`signal`, `computed`), reactive contexts, and `untracked`. Read [signals-overview.md](references/signals-overview.md)
69
+ - **Dependent State (`linkedSignal`)**: Creating writable state linked to source signals. Read [linked-signal.md](references/linked-signal.md)
70
+ - **Async Reactivity (`resource`)**: Fetching asynchronous data directly into signal state. Read [resource.md](references/resource.md)
71
+ - **Side Effects (`effect`)**: Logging, third-party DOM manipulation (`afterRenderEffect`), and when NOT to use effects. Read [effects.md](references/effects.md)
72
+
73
+ ## Forms
74
+
75
+ In most cases for new apps, **prefer signal forms**. When making a forms decision, analyze the project and consider the following guidelines:
76
+
77
+ - If the application version supports Signal Forms and this is a new form, **prefer signal forms**.
78
+ - For older applications or existing forms, match the application's current form strategy.
79
+
80
+ - **Signal Forms**: Use signals for form state management. Read [signal-forms.md](references/signal-forms.md)
81
+ - **Template-driven forms**: Use for simple forms. Read [template-driven-forms.md](references/template-driven-forms.md)
82
+ - **Reactive forms**: Use for complex forms. Read [reactive-forms.md](references/reactive-forms.md)
83
+
84
+ ## Dependency Injection
85
+
86
+ When implementing dependency injection in Angular, follow these guidelines:
87
+
88
+ - **Fundamentals**: Overview of Dependency Injection, services, and the `inject()` function. Read [di-fundamentals.md](references/di-fundamentals.md)
89
+ - **Creating and Using Services**: Creating services, the `providedIn: 'root'` option, and injecting into components or other services. Read [creating-services.md](references/creating-services.md)
90
+ - **Defining Dependency Providers**: Automatic vs manual provision, `InjectionToken`, `useClass`, `useValue`, `useFactory`, and scopes. Read [defining-providers.md](references/defining-providers.md)
91
+ - **Injection Context**: Where `inject()` is allowed, `runInInjectionContext`, and `assertInInjectionContext`. Read [injection-context.md](references/injection-context.md)
92
+ - **Hierarchical Injectors**: The `EnvironmentInjector` vs `ElementInjector`, resolution rules, modifiers (`optional`, `skipSelf`), and `providers` vs `viewProviders`. Read [hierarchical-injectors.md](references/hierarchical-injectors.md)
93
+
94
+ ## Angular Aria
95
+
96
+ When building accessible custom components for any of the following patterns: Accordion, Listbox, Combobox, Menu, Tabs, Toolbar, Tree, Grid, consult the following reference:
97
+
98
+ - **Angular Aria Components**: Building headless, accessible components (Accordion, Listbox, Combobox, Menu, Tabs, Toolbar, Tree, Grid) and styling ARIA attributes. Read [angular-aria.md](references/angular-aria.md)
99
+
100
+ ## Routing
101
+
102
+ When implementing navigation in Angular, consult the following references:
103
+
104
+ - **Define Routes**: URL paths, static vs dynamic segments, wildcards, and redirects. Read [define-routes.md](references/define-routes.md)
105
+ - **Route Loading Strategies**: Eager vs lazy loading, and context-aware loading. Read [loading-strategies.md](references/loading-strategies.md)
106
+ - **Show Routes with Outlets**: Using `<router-outlet>`, nested outlets, and named outlets. Read [show-routes-with-outlets.md](references/show-routes-with-outlets.md)
107
+ - **Navigate to Routes**: Declarative navigation with `RouterLink` and programmatic navigation with `Router`. Read [navigate-to-routes.md](references/navigate-to-routes.md)
108
+ - **Control Route Access with Guards**: Implementing `CanActivate`, `CanMatch`, and other guards for security. Read [route-guards.md](references/route-guards.md)
109
+ - **Data Resolvers**: Pre-fetching data before route activation with `ResolveFn`. Read [data-resolvers.md](references/data-resolvers.md)
110
+ - **Router Lifecycle and Events**: Chronological order of navigation events and debugging. Read [router-lifecycle.md](references/router-lifecycle.md)
111
+ - **Rendering Strategies**: CSR, SSG (Prerendering), and SSR with hydration. Read [rendering-strategies.md](references/rendering-strategies.md)
112
+ - **Route Transition Animations**: Enabling and customizing the View Transitions API. Read [route-animations.md](references/route-animations.md)
113
+
114
+ If you require deeper documentation or more context, visit the [official Angular Routing guide](https://angular.dev/guide/routing).
115
+
116
+ ## Styling and Animations
117
+
118
+ When implementing styling and animations in Angular, consult the following references:
119
+
120
+ - **Using Tailwind CSS with Angular**: Integrating Tailwind CSS into Angular projects. Read [tailwind-css.md](references/tailwind-css.md)
121
+ - **Angular Animations**: Using native CSS (recommended) or the legacy DSL for dynamic effects. Read [angular-animations.md](references/angular-animations.md)
122
+ - **Styling components**: Best practices for component styles and encapsulation. Read [component-styling.md](references/component-styling.md)
123
+
124
+ ## Testing
125
+
126
+ When writing or updating tests, consult the following references based on the task:
127
+
128
+ - **Fundamentals**: Best practices for unit testing, async patterns, and `TestBed`. Read [testing-fundamentals.md](references/testing-fundamentals.md)
129
+ - **Component Harnesses**: Standard patterns for robust component interaction. Read [component-harnesses.md](references/component-harnesses.md)
130
+ - **Router Testing**: Using `RouterTestingHarness` for reliable navigation tests. Read [router-testing.md](references/router-testing.md)
131
+ - **End-to-End (E2E) Testing**: Best practices for E2E tests with Cypress or Playwright. Read [e2e-testing.md](references/e2e-testing.md)
132
+
133
+ ## Tooling
134
+
135
+ When working with Angular tooling, consult the following references:
136
+
137
+ - **Angular CLI**: Creating applications, generating code (components, routes, services), serving, and building. Read [cli.md](references/cli.md)
138
+ - **Angular MCP Server**: Available tools, configuration, and experimental features. Read [mcp.md](references/mcp.md)
139
+
140
+ ## Anti-Patterns
141
+
142
+ - Using `null` or `undefined` as initial signal form field values — use `''`, `0`, or `[]` instead
143
+ - Accessing form field state flags without calling the field first: `form.field.valid()` — use `form.field().valid()`
144
+ - Starting new forms with older form APIs when the target Angular version supports Signal Forms
145
+ - Setting `min`, `max`, `value`, `disabled`, or `readonly` HTML attributes on `[formField]` inputs — define these as schema rules instead
146
+ - Calling `inject()` outside an injection context — use `runInInjectionContext` when needed
147
+ - Using `effect()` for derived state that should use `computed()`
148
+ - Referencing `$parent.$index` in nested `@for` loops — Angular does not support `$parent`; use `let outerIdx = $index` instead
149
+
150
+ ## Related Skills
151
+
152
+ - `tdd-workflow` — test-driven development workflow applicable to Angular components and services
153
+ - `security-review` — security checklist for web applications including Angular-specific concerns
154
+ - `frontend-patterns` — general frontend patterns for context on React/Next.js approaches