codymaster 4.6.0 → 4.8.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codymaster",
-  "version": "4.6.0",
+  "version": "4.8.0",
   "description": "68+ Skills. Ship 10x faster. AI-powered coding skill kit for Claude, Cursor, Gemini & more.",
   "main": "dist/index.js",
   "repository": {
@@ -19,15 +19,23 @@
     "build": "tsc",
     "start": "ts-node src/index.ts",
     "test:gate": "vitest run --reporter=verbose",
+    "test:gate:kit": "npm run build && npm run validate:skills && npm run check:skills && vitest run --reporter=verbose",
     "gate:secrets": "node scripts/gate-0-secrets.js",
+    "gate:hygiene": "node scripts/gate-0-repo-hygiene.js",
     "gate:fix": "node scripts/security-fixer.js --fix",
     "gate:check": "node scripts/security-fixer.js",
     "gate:syntax": "node scripts/gate-1-syntax.js",
     "gate:dist": "node scripts/gate-5-dist-verify.js",
     "gate:smoke": "node scripts/gate-6-smoke-test.js",
-    "deploy": "npm run gate:secrets && npm run gate:syntax && npm run test:gate && npm run gate:dist && npm run gate:smoke",
-    "deploy:dry": "npm run gate:secrets && npm run gate:syntax && npm run test:gate && npm run gate:dist && echo '✅ All gates passed. Ready to deploy.'",
-    "postinstall": "node scripts/postinstall.js"
+    "deploy": "npm run gate:secrets && npm run gate:hygiene && npm run gate:syntax && npm run test:gate:kit && npm run gate:dist && npm run gate:smoke",
+    "deploy:dry": "npm run gate:secrets && npm run gate:hygiene && npm run gate:syntax && npm run test:gate:kit && npm run gate:dist && echo '✅ All gates passed. Ready to deploy.'",
+    "postinstall": "node scripts/postinstall.js",
+    "validate:skills": "node scripts/validate-skills.mjs",
+    "build:skills": "node scripts/build-skills.mjs",
+    "check:skills": "node scripts/build-skills.mjs --check",
+    "docs:dev": "vitepress dev docs",
+    "docs:build": "vitepress build docs",
+    "docs:preview": "vitepress preview docs"
   },
   "keywords": [
     "ai",
@@ -65,7 +73,8 @@
     "chokidar": "^5.0.0",
     "commander": "^14.0.3",
     "express": "^5.2.1",
-    "prompts": "^2.4.2"
+    "prompts": "^2.4.2",
+    "yaml": "^2.8.3"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.13",
@@ -74,8 +83,10 @@
     "@types/prompts": "^2.4.9",
     "acorn": "^8.16.0",
     "jsdom": "^29.0.1",
+    "playwright": "^1.50.0",
     "ts-node": "^10.9.2",
     "typescript": "^5.9.3",
+    "vitepress": "^1.6.4",
     "vitest": "^4.1.0"
   },
   "overrides": {

package/scripts/build-skills.mjs

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+/**
+ * Generate SKILL.md from SKILL.md.tmpl + meta.json when present.
+ * Usage: node scripts/build-skills.mjs [--check]
+ */
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const skillsRoot = path.join(__dirname, '..', 'skills');
+const check = process.argv.includes('--check');
+
+function render(tmpl, vars) {
+  return tmpl.replace(/\{\{(\w+)\}\}/g, (_, k) => (vars[k] != null ? String(vars[k]) : `{{${k}}}`));
+}
+
+let tmplCount = 0;
+if (!fs.existsSync(skillsRoot)) process.exit(0);
+
+for (const dir of fs.readdirSync(skillsRoot, { withFileTypes: true })) {
+  if (!dir.isDirectory()) continue;
+  const folder = path.join(skillsRoot, dir.name);
+  const tmplPath = path.join(folder, 'SKILL.md.tmpl');
+  const metaPath = path.join(folder, 'meta.json');
+  const outPath = path.join(folder, 'SKILL.md');
+  if (!fs.existsSync(tmplPath)) continue;
+
+  tmplCount++;
+  const tmpl = fs.readFileSync(tmplPath, 'utf8');
+  let meta = {};
+  if (fs.existsSync(metaPath)) {
+    meta = JSON.parse(fs.readFileSync(metaPath, 'utf8'));
+  }
+  const out = render(tmpl, meta);
+  if (check) {
+    const cur = fs.existsSync(outPath) ? fs.readFileSync(outPath, 'utf8') : '';
+    if (cur !== out) {
+      console.error(`check failed: ${outPath} out of date (run npm run build:skills)`);
+      process.exit(2);
+    }
+  } else {
+    fs.writeFileSync(outPath, out, 'utf8');
+  }
+}
+
+if (tmplCount === 0) {
+  console.log('build-skills: no SKILL.md.tmpl under skills/ (OK)');
+} else {
+  console.log(check ? `build-skills: --check OK (${tmplCount})` : `build-skills: wrote ${tmplCount} skill(s)`);
+}

package/scripts/gate-0-repo-hygiene.js

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+/**
+ * Gate 0b: Repo Hygiene
+ * Ensures tracked files and git remote URLs are safe before push/deploy.
+ */
+const { execFileSync } = require('child_process');
+
+const FORBIDDEN_TRACKED_PATTERNS = [
+  /^\.DS_Store$/,
+  /^\.env(\..+)?$/,
+  /^\.dev\.vars(\..+)?$/,
+  /^.*\.(pem|key|p12|pfx)$/i,
+  /^.*\.(log|tmp|bak|swp)$/i,
+];
+
+function run(command, args) {
+  return execFileSync(command, args, { encoding: 'utf-8' }).trim();
+}
+
+function hasEmbeddedCredentials(remoteUrl) {
+  return /^https?:\/\/[^/\s]+@/i.test(remoteUrl);
+}
+
+function getTrackedFiles() {
+  const out = run('git', ['ls-files']);
+  if (!out) return [];
+  return out.split('\n').filter(Boolean);
+}
+
+function checkTrackedFiles() {
+  const tracked = getTrackedFiles();
+  return tracked.filter((file) =>
+    !file.endsWith('.example') &&
+    FORBIDDEN_TRACKED_PATTERNS.some((pattern) => pattern.test(file)),
+  );
+}
+
+function checkOriginRemote() {
+  try {
+    return run('git', ['remote', 'get-url', 'origin']);
+  } catch (_error) {
+    return '';
+  }
+}
+
+function main() {
+  const failures = [];
+
+  const originUrl = checkOriginRemote();
+  if (originUrl && hasEmbeddedCredentials(originUrl)) {
+    failures.push(
+      [
+        'origin remote URL has embedded credentials.',
+        'Fix: git remote set-url origin https://github.com/<owner>/<repo>.git',
+      ].join(' '),
+    );
+  }
+
+  const badTrackedFiles = checkTrackedFiles();
+  if (badTrackedFiles.length > 0) {
+    failures.push(
+      `forbidden files are tracked by git: ${badTrackedFiles.join(', ')}`,
+    );
+  }
+
+  if (failures.length > 0) {
+    console.error('❌ Repo hygiene check failed:');
+    failures.forEach((failure) => console.error(`  - ${failure}`));
+    process.exit(1);
+  }
+
+  console.log('✅ Repo hygiene check passed');
+}
+
+main();

package/scripts/postinstall.js

@@ -11,6 +11,8 @@ const NC = '\x1b[0m';
 
 const fs = require('fs');
 const path = require('path');
+const { execSync, execFileSync } = require('child_process');
+
 let skillCount = 60;
 try {
   const skillsDir = path.join(__dirname, '..', 'skills');
@@ -285,7 +287,60 @@ const printMenu = () => {
   console.log('');
 };
 
+const installOpenViking = () => {
+  console.log('');
+  console.log(`${G}${BOLD}OpenViking — Installing Core Feature${NC}`);
+  try {
+    console.log(`  ${W}Running: pip install openviking${NC}`);
+    execSync('pip install openviking', { stdio: 'inherit' });
+    console.log(`  ${G}✅ OpenViking installed.${NC}`);
+  } catch (e) {
+    try {
+      console.log(`  ${W}Running: pip3 install openviking${NC}`);
+      execSync('pip3 install openviking', { stdio: 'inherit' });
+      console.log(`  ${G}✅ OpenViking installed.${NC}`);
+    } catch (err) {
+      console.log(`  ${O}⚠️  Could not install OpenViking automatically. Please run 'pip install openviking' manually.${NC}`);
+    }
+  }
+  console.log('');
+};
+
+const isInstalledAsNpmDependency = () => {
+  const root = path.resolve(__dirname, '..').replace(/\\/g, '/');
+  return /[/\\]node_modules[/\\]codymaster$/i.test(root);
+};
+
+const npmCmd = () => (process.platform === 'win32' ? 'npm.cmd' : 'npm');
+
+const activateCli = () => {
+  const pkgRoot = path.join(__dirname, '..');
+
+  if (isInstalledAsNpmDependency()) {
+    console.log(`  ${C}CodyMaster CLI (per-project install — official path):${NC}`);
+    console.log(`    ${W}npx cm${NC}   or   ${W}npx codymaster${NC}`);
+    console.log(
+      `  ${DIM}Optional — bare ${W}cm${DIM} in any terminal: ${W}npm install -g codymaster${NC}`,
+    );
+    return;
+  }
+
+  if (fs.existsSync(path.join(pkgRoot, 'package.json'))) {
+    try {
+      const pkg = require(path.join(pkgRoot, 'package.json'));
+      if (pkg.name === 'codymaster') {
+        console.log(`  ${W}Linking ${C}cm${W} for local repo development (npm link)...${NC}`);
+        execFileSync(npmCmd(), ['link'], { stdio: 'inherit', cwd: pkgRoot });
+      }
+    } catch (e) {
+      // Ignore if npm link fails
+    }
+  }
+};
+
 const main = () => {
+  installOpenViking();
+  activateCli();
   printMenu();
 };
 

package/scripts/security-scan.js

@@ -6,7 +6,7 @@ const DANGEROUS_PATTERNS = [
   { name: 'Anon Key Variable', regex: /ANON_KEY\s*[=:]\s*['\"][a-zA-Z0-9._\/-]{20,}/g },
   { name: 'Private Key Block', regex: /-----BEGIN\s+(RSA|EC|DSA|OPENSSH)?\s*PRIVATE KEY-----/g },
   { name: 'JWT Token', regex: /eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/g },
-  { name: 'Generic API Key', regex: /(?:api[_-]?key|api[_-]?secret|access[_-]?token)\s*[=:]\s*['\"][a-zA-Z0-9\/+=]{20,}['\"/]/gi },
+  { name: 'Generic API Key', regex: /(?:api[_-]?key|api[_-]?secret|access[_-]?token)\s*[=:]\s*['\"][a-zA-Z0-9\/+=]{20,}['\"]/gi },
   { name: 'AWS Key', regex: /AKIA[0-9A-Z]{16}/g },
   { name: 'Slack Token', regex: /xox[baprs]-[0-9a-zA-Z-]{10,}/g },
   { name: 'GitHub Token', regex: /gh[ps]_[a-zA-Z0-9]{36,}/g },

package/scripts/validate-skills.mjs

@@ -0,0 +1,42 @@
+#!/usr/bin/env node
+/**
+ * Ensures each skill folder under skills/ has SKILL.md with a title line.
+ */
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const root = path.join(__dirname, '..', 'skills');
+
+/** Directories under skills/ that are not standalone skills (assets, packs). */
+const SKIP_DIRS = new Set(['profiles', 'extensions', 'scripts']);
+
+let errors = 0;
+if (!fs.existsSync(root)) {
+  console.error('No skills/ directory');
+  process.exit(1);
+}
+
+for (const name of fs.readdirSync(root, { withFileTypes: true })) {
+  if (!name.isDirectory()) continue;
+  if (name.name.startsWith('_') || name.name.startsWith('.')) continue;
+  if (SKIP_DIRS.has(name.name)) continue;
+  const md = path.join(root, name.name, 'SKILL.md');
+  if (!fs.existsSync(md)) {
+    console.error(`Missing SKILL.md: ${name.name}`);
+    errors++;
+    continue;
+  }
+  const text = fs.readFileSync(md, 'utf8');
+  if (!/^#\s+\S/m.test(text)) {
+    console.error(`SKILL.md missing H1 title: ${name.name}`);
+    errors++;
+  }
+}
+
+if (errors) {
+  console.error(`validate-skills: ${errors} error(s)`);
+  process.exit(1);
+}
+console.log('validate-skills: OK');

package/scripts/viking-demo.ts

@@ -0,0 +1,105 @@
+import express from 'express';
+import { VikingBackend } from '../src/backends/viking-backend';
+import { DEFAULT_VIKING_CONFIG } from '../src/backends/viking-http-client';
+import chalk from 'chalk';
+
+/**
+ * Viking Demo — Hamster-Powered Semantic Search
+ * 
+ * This script demonstrates the CodyMaster v4.6 integration with OpenViking.
+ * It starts a mock OpenViking REST API and then uses CodyMaster's VikingBackend 
+ * to perform a semantic search query.
+ */
+
+async function runDemo() {
+  const PORT = 1933;
+  const app = express();
+  app.use(express.json());
+
+  console.log(chalk.bold.cyan('\n🐹 CodyMaster v4.6 — OpenViking Integration Demo\n'));
+
+  // ─── Phase 1: Mock OpenViking Server ───────────────────────────────────────
+  
+  console.log(chalk.dim('  [1/3] Starting Mock OpenViking Server...'));
+
+  // Mock /health endpoint
+  app.get('/health', (req, res) => res.json({ status: 'ok', version: '1.2.0' }));
+
+  // Mock /search endpoint (the core of Viking)
+  app.post('/search', (req, res) => {
+    const { query, limit, workspace } = req.body;
+    console.log(chalk.yellow(`        ☁️  Viking Server received search: "${query}" (limit: ${limit}, ws: ${workspace})`));
+    
+    const mockResults = [
+      {
+        uri: 'ov://demo-vibe/learnings/lear-882.json',
+        score: 0.98,
+        content: JSON.stringify({
+          what_failed: 'Async fetch timeout on slow networks',
+          why_failed: 'Default timeout too short for 3G/4G high-latency spikes',
+          how_to_prevent: 'Increase timeout to 30s + implement exponential backoff retry'
+        })
+      },
+      {
+        uri: 'ov://demo-vibe/learnings/lear-451.json',
+        score: 0.72,
+        content: JSON.stringify({
+          what_failed: 'Database connection leak in long-running loops',
+          why_failed: 'await missing in cleanup block',
+          how_to_prevent: 'Use try-finally with await client.close()'
+        })
+      }
+    ];
+    
+    res.json({ items: mockResults });
+  });
+
+  const server = app.listen(PORT);
+
+  // ─── Phase 2: CodyMaster Viking Backend ────────────────────────────────────
+  
+  console.log(chalk.dim('  [2/3] Initializing CodyMaster VikingBackend...'));
+  
+  const backend = new VikingBackend({
+    host: 'localhost',
+    port: PORT,
+    workspace: 'demo-vibe',
+    timeout: 5000
+  });
+
+  // ─── Phase 3: Perform Semantic Search ──────────────────────────────────────
+  
+  console.log(chalk.bold('  [3/3] Performing Semantic Search Query (Async Pipeline)...\n'));
+  
+  const query = 'network latency issues';
+  console.log(chalk.white(`        Query: "${query}"`));
+  
+  // Use the native ASYNC extra searchAll instead of the SYNC wrapper
+  // This bypasses the blockUntil spin-loop for a clean demo.
+  const results = await backend.searchAll(query, 5);
+
+  if (results.length > 0) {
+    console.log(chalk.green(`\n    ✅ FOUND ${results.length} RELEVANT MEMORIES VIA VIKING:\n`));
+    
+    results.forEach((r, idx) => {
+      const content = JSON.parse(r.content || '{}');
+      console.log(chalk.bold(`    ${idx + 1}. ${chalk.cyan(content.what_failed)}`));
+      console.log(chalk.dim(`       Why: ${content.why_failed}`));
+      console.log(chalk.dim(`       Fix: ${chalk.white(content.how_to_prevent)}`));
+      console.log(chalk.italic.magenta(`       Vector Similarity: ${Math.round((r.score || 0) * 100)}%\n`));
+    });
+  } else {
+    console.log(chalk.red('    ❌ No results found.'));
+  }
+
+  // ─── Cleanup ───────────────────────────────────────────────────────────────
+  
+  console.log(chalk.dim('  Demo complete. Shutting down...'));
+  server.close();
+  process.exit(0);
+}
+
+runDemo().catch(err => {
+  console.error(chalk.red('\n  🛑 Demo Failed:'), err);
+  process.exit(1);
+});

package/skills/CLAUDE.md

@@ -91,14 +91,14 @@ See: [references/file.md](references/file.md)
 
 ### Required Fields
 - `name`: Unique identifier (lowercase, hyphens for spaces, max 64 chars)
-- `description`: What the skill does and when to use it (max 1024 chars). Use numbered use cases: `(1) ..., (2) ..., (3) ...`
+- `description`: What the skill does and when to use it (max 1024 chars). Prefer **one or two sentences (~80–120 words / under ~800 chars)** so Google Antigravity, Windsurf, and other hosts do not burn customization token budget on discovery. Put long trigger lists in the markdown body (e.g. a short "Triggers" line under the title), not in YAML. Use numbered use cases when helpful: `(1) ..., (2) ..., (3) ...`
 
 ### Recommended Fields (for marketplace)
 - `license`: License name (we use MIT)
 - `metadata.author`: Author/organization name (we use `wondelai`)
 - `metadata.version`: Semantic version
 
-The YAML frontmatter `description` field is critical for skill discovery - it should include keywords and trigger phrases that help match user requests to the skill. Single quotes in YAML values must be escaped by doubling them (`''`).
+The YAML frontmatter `description` field is critical for skill discovery: include the **minimum** keywords needed to route tasks; avoid duplicating every synonym in YAML. For **low token budget** installs, use `bash install.sh --gemini --profile core` and see `skills/profiles/README.md`. Single quotes in YAML values must be escaped by doubling them (`''`).
 
 ## Adding New Skills
 

package/skills/cm-ads-tracker/SKILL.md

@@ -1,15 +1,12 @@
 ---
 name: cm-ads-tracker
-description: |
-  Expert CRO conversion tracking strategist. From a single chat message, generates a COMPLETE tracking setup: Facebook/Meta Pixel + CAPI, TikTok Pixel + Events API, Google Ads Enhanced Conversions, GTM container architecture, first-touch/last-touch attribution, and cross-channel deduplication.
-
-  AUTO-DETECTS industry and maps correct standard events per platform specs. Outputs a full implementation document developers can use immediately — GTM tags, triggers, variables, dataLayer schema, UTM conventions, CAPI specs — all with the user's exact tracking IDs.
-
-  ALWAYS trigger for: pixel, tracking code, GTM, tag manager, Facebook pixel, Meta pixel, CAPI, Conversions API, TikTok pixel, Events API, Google Ads conversion, Enhanced Conversions, UTM, attribution, first-touch, last-touch, "setup tracking", "install tracking", "install pixel", "measure conversions", "tracking ads", "measure ROAS", "optimize conversions", conversion event, lead tracking, purchase tracking, ROAS measurement. Use even with partial information.
+description: "End-to-end ad conversion tracking: Meta Pixel+CAPI, TikTok Events API, Google Ads Enhanced Conversions, GTM, attribution. Auto-detects industry, maps standard events, outputs a developer-ready implementation doc. Use for pixels, GTM, CAPI, ROAS, or 'set up tracking' requests."
 ---
 
 # CM Ads Tracker v2
 
+**Triggers (non-exhaustive):** pixel, GTM, Meta/Facebook CAPI, TikTok Events API, Google Ads conversions, UTM, first/last-touch attribution, install tracking, lead/purchase events, ROAS.
+
 You are the world's best conversion tracking architect. Your mission: from **a single chat message**, produce a complete, platform-specific, attribution-aware tracking setup that any developer or marketer can implement immediately.
 
 You know by heart every standard event spec for Meta, TikTok, and Google Ads. You think in dataLayer-first architecture, where GTM is the intelligent orchestration layer between the website and all ad platforms.

package/skills/cm-browse/SKILL.md

@@ -0,0 +1,28 @@
+# cm-browse — local Playwright daemon
+
+## When to use
+
+- Visual QA, screenshots, post-deploy smoke through a **real browser** (not only Stitch/Pencil).
+- Before claiming “UI works”, drive `cm browse` + `cm qa-visual`.
+
+## CLI
+
+```bash
+export CM_BROWSE_TOKEN="$(openssl rand -hex 24)"
+cm browse start --port 17395 --token "$CM_BROWSE_TOKEN"
+```
+
+## HTTP API (Bearer token)
+
+- `POST /session/start` body `{ "headless": true }`
+- `POST /navigate` `{ "url": "https://…" }`
+- `POST /refs/refresh` — assigns `data-cm-ref` to interactive nodes; use `@e1` style refs.
+- `POST /click` `{ "ref": "e1" }`
+- `POST /fill` `{ "ref": "e2", "value": "text" }`
+- `GET /screenshot` — PNG
+- `GET /console` / `GET /network` — ring buffers
+
+## Integrations
+
+- `cm qa-visual --url …` calls the daemon locally.
+- Pair with `cm-canary` / `cm-safe-deploy` for ship verification.

package/skills/cm-conductor-worktrees/SKILL.md

@@ -0,0 +1,24 @@
+# cm-conductor-worktrees — parallel worktrees
+
+## CLI
+
+```bash
+cm conductor add --at ../my-feature-wt --branch feat/my-feature --base main
+cm conductor list
+```
+
+## Practice
+
+- One **branch + worktree** per parallel agent/session.
+- Reconcile with `git merge` / PR; avoid two agents editing the same files without coordination.
+
+## ELI16 (3+ sessions)
+
+When running **three or more** parallel sessions, re-ground each session with:
+
+- Current branch name + worktree path.
+- Last artifact from `cm sprint status` or `.cm/context-bus.json`.
+
+## Future
+
+Dashboard UI for active sprints is **not** in CLI yet — use `cm dashboard` / Hamster UI where available.

package/skills/cm-content-factory/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: cm-content-factory
-description: "AI Content Factory v2.0 — Self-learning content engine with real-time dashboard, multi-agent support, token management, and Content Mastery framework (StoryBrand, Cialdini, SUCCESs, STEPPS, Hook Model, JTBD, CRO, Grand Slam Offers). Interactive onboarding → auto-research → generate → audit → deploy. Config-driven, niche-agnostic, self-improving."
+description: "Self-learning SEO content pipeline: dashboard, multi-agent queue, token budgets, research → write → audit → publish. StoryBrand/Cialdini/JTBD-style frameworks; config-driven. Use for content factory, batch articles, or scaled publishing."
 ---
 
 # CM Content Factory v2.0 — AI Content Machine Platform

package/skills/cm-content-factory/landing/docs/content/changelog.md

@@ -0,0 +1,36 @@
+# Changelog & What's New in v5
+
+Welcome to the **"Neural Spine"** era! Version 5 is a massive milestone that transitions CodyMaster from a specialized "Content Factory" tool into a full-fledged **Senior AI-Native Engineering Workspace**. 
+
+We achieved this paradigm shift by deeply studying and integrating the architectural breakthroughs from two external frameworks: **OpenViking** and **OpenSpace**.
+
+---
+
+## 🚀 Key Architectural Shifts
+
+### 1. Replaced "Dumb" RAG with OpenViking (Semantic Memory)
+**The Problem in v4**: AI agents suffered from "code amnesia." Standard Retrieval-Augmented Generation (RAG) relied on chunking text indiscriminately. Agents hallucinated imports and forgot how system components linked together.
+**The v5 Upgrade**:
+By adopting OpenViking concepts, CodyMaster v5 introduces an **AST (Abstract Syntax Tree)** and **Vector-based Memory Engine**. 
+- It creates a **L0 Skeleton Index** of your entire system's structure instantly.
+- It provides a **L1 Symbol Index** to grasp function signatures perfectly without bogging down the LLM context window with implementation details.
+- Your AI agent now acts like a senior dev who inherently "knows" your monolith's entire structure before typing a single line.
+
+### 2. Upgraded to OpenSpace (The Autonomous Executor)
+**The Problem in v4**: Agents were essentially advanced type-writers. They wrote code, but you had to physically run the terminal commands, test the code, read the errors, and paste the errors back to the AI.
+**The v5 Upgrade**:
+We introduced **OpenSpace**—a secure sandbox and execution container. 
+- Agents can now natively execute Bash commands (`npm test`, `git pull`) within a safe holding environment. 
+- The framework auto-captures standard-error (stderr) logs and creates a self-healing loop. If the AI writes a bug, the test suite catches it, and the AI fixes itself autonomously *before* presenting the final code to you.
+
+---
+
+## 🌟 New Features at a Glance
+
+* **100% Zero-Regression Deployments**: Through TDD-first gates in OpenSpace, no commit is permitted unless tests successfully pass.
+* **Context Bus**: An infrastructure pipeline allowing parallel sub-agents (e.g., a "Backend Database" agent and a "Frontend React" agent) to exchange variables and context natively without losing vital token budgets.
+* **Vision & UI Auto-Healing**: Equipped with frontend Playwright capture mechanisms, agents can take screenshots of their code results, run Vision Models to spot CSS un-alignments, and natively fix visual bugs.
+* **Completely Self-Evolving Skills**: The Skill Chain Engine analyzes repeated commands in your workflow and dynamically builds *new* automation skills specifically tailored to your unique codebase.
+
+> [!TIP]
+> **To Experience It Directly:** Try assigning a task requiring multi-file context tracking, such as *"Migrate our authentication endpoints across the monolith to use the new JWT standard."* and watch OpenViking automatically pull the precise 7 files needed.

package/skills/cm-content-factory/landing/docs/content/deployment.md

@@ -0,0 +1,46 @@
+# Deployment Guide
+
+Setting up CodyMaster v5 for your engineering team is straightforward. Follow this guide to initialize the Neural Spine architecture.
+
+## 1. Prerequisites
+
+Ensure your environment meets the following requirements:
+- Node.js v18.0.0 or higher
+- Git
+- SQLite (for local OpenViking memory limits, pre-packaged)
+
+## 2. Installation
+
+Install the framework globally via npm to make the `cm` CLI available anywhere on your machine:
+
+```bash
+npm install -g @codymaster/cli@next
+```
+
+## 3. Initializing a Workspace
+
+Navigate to your existing Next.js, React, or Python repository and initialize the OpenSpace environment:
+
+```bash
+cd my-enterprise-project
+cm init
+```
+
+This will automatically:
+1. Generate the `.agent/` folder structure to house specialized skills.
+2. Spin up the **OpenViking** indexer, which will immediately begin mapping your project's Abstract Syntax Trees (AST) and caching semantic vectors.
+
+## 4. Bootstrapping Agents
+
+You can dispatch your first agent task utilizing the full memory and execution layer:
+
+```bash
+cm do "Refactor the user dashboard to utilize Tailwind CSS dark mode variants, ensuring all current unit tests still pass."
+```
+
+- Watch the terminal to see OpenViking extract relevant context without filling the token window with unnecessary `.json` configs.
+- Watch OpenSpace dynamically spin up `npm run test` immediately after the code generation completes, self-correcting any errors before offering a Git commit.
+
+## Continuous CI/CD (Founders Edition)
+
+For teams on the Founders Edition, CodyMaster integrates directly into your GitHub Actions or GitLab CI pipelines. The agent intercepts failed PRs, pushes self-healing commits, and verifies visual integrity entirely autonomously. 

package/skills/cm-content-factory/landing/docs/content/execution-flow.md

@@ -0,0 +1,67 @@
+# Architecture & Execution Flow
+
+Understanding how the **Neural Spine** processes a command helps you write better instructions and harness the true autonomous power of CodyMaster v5.
+
+When you dispatch a command to the system, it doesn't just blindly pass your text to an LLM. It routes the instruction through a multi-stage **Agent Lifecyle**.
+
+## The High-Level Flow
+
+Here is a visual breakdown of how the OpenViking and OpenSpace integrations handle an incoming task:
+
+```mermaid
+graph TD
+    User([User Prompt: "Refactor Authentication"]) ==> Router
+    
+    subgraph "Phase 1: Knowledge Gathering"
+        Router[Task Router] --> OViking{OpenViking Engine}
+        OViking --> L0[L0: Skeleton Directory Map]
+        OViking --> L1[L1: Symbol Headers]
+        OViking --> L2[L2: Semantic Vectors]
+        L0 --> Compiler[Context Builder]
+        L1 --> Compiler
+        L2 --> Compiler
+    end
+
+    Compiler ==> SubAgent
+    
+    subgraph "Phase 2: Execution (OpenSpace)"
+        SubAgent[AI Sub-Agent] --> Coding[Writes Code / Logic]
+        Coding --> Sandbox[OpenSpace Container]
+        Sandbox --> Bash[Excecutes Terminal/Tests]
+        Bash -- "Fails ❌" --> Feedback[Stderr Log Reader]
+        Feedback --> SubAgent
+    end
+    
+    Bash -- "Passes ✅" --> Review[Frontend Integrity Gate]
+    Review --> Ship((Complete: Ready to Git Push))
+    
+    style User fill:#3b82f6,stroke:#fff,stroke-width:2px,color:#fff
+    style Ship fill:#10b981,stroke:#fff,stroke-width:2px,color:#fff
+    style OViking fill:#8b5cf6,stroke:#fff,stroke-width:2px,color:#fff
+    style Sandbox fill:#f59e0b,stroke:#fff,stroke-width:2px,color:#111
+```
+
+---
+
+## Step-by-Step Walkthrough
+
+### 1. Task Routing & Context Building
+The moment you hit enter, your command is sent to the **Task Router**. Before connecting to an external AI model (like Claude 3.5 or GPT-4o), the router queries **OpenViking**. 
+- OpenViking executes a rapid vector search over the local SQLite cache to find all functionally related files. 
+- It bundles the `L0` (Project Structure), `L1` (Function Interfaces), and `L2` (Implementation Logic) to create a highly compressed, precisely targeted knowledge package.
+
+### 2. Autonomous Execution
+The heavily enriched context is sent to the **AI Sub-Agent**, which formulates the new code. This code is immediately sent into **OpenSpace**. 
+- OpenSpace spins up an isolated sandbox. 
+- It forces the system to run immediate syntax linters (`eslint`, `mypy`) and your existing Unit Tests (`jest`, `pytest`).
+
+### 3. The Self-Healing Loop
+If the execution environment (OpenSpace) returns an error or a failed test:
+- The exact failure trace (`stderr`) is siphoned off and sent *back* to the Sub-Agent. 
+- The AI autonomously rewrites the logic to resolve the bug, attempting again. **You are never interrupted to solve syntax errors.**
+
+### 4. Integrity and Shipping
+Once unit tests cleanly pass, the final validation stage evaluates Frontend Integrity (e.g. no missing padding, proper CSS compilation). Once confirmed, the result is packaged directly into a pristine, working commit for you to review or deploy.
+
+> [!NOTE]
+> All phases within the Execution Flow are entirely handled by the background Neural Spine mechanisms. You are simply engaging with a "Senior Developer" that solves the problem perfectly.