convene-cli 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/api.js +23 -0
  2. package/dist/cache.js +83 -1
  3. package/dist/catalog/catalog.generated.js +860 -0
  4. package/dist/catalog/index.js +26 -0
  5. package/dist/catalog/manifest.js +71 -0
  6. package/dist/catalog/materialize.js +516 -0
  7. package/dist/catalog/prompt.js +89 -0
  8. package/dist/catalog/report.js +45 -0
  9. package/dist/catalog/select.js +86 -0
  10. package/dist/catalog/types.js +14 -0
  11. package/dist/commands/auth.js +44 -0
  12. package/dist/commands/fetch.js +50 -0
  13. package/dist/commands/init.js +49 -0
  14. package/dist/commands/offboard.js +95 -10
  15. package/dist/commands/override.js +65 -0
  16. package/dist/commands/practice-guard.js +291 -0
  17. package/dist/commands/setup.js +11 -1
  18. package/dist/commands/update.js +249 -0
  19. package/dist/config.js +19 -1
  20. package/dist/index.js +43 -2
  21. package/package.json +1 -1
package/dist/catalog/catalog.generated.js ADDED
@@ -0,0 +1,860 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.CATALOG_VERSION = exports.CATALOG = void 0;
4
+ exports.CATALOG = {
5
+ "version": "1.0.0",
6
+ "tiers": [
7
+ {
8
+ "id": "essentials",
9
+ "name": "Essentials",
10
+ "description": "The tight consensus core every participating repo should adopt. Confirmed by Anthropic docs, practitioner consensus, and Convene’s own production experience. Low-friction, high-signal, mostly advisory-with-one-hard-gate. Default ON. If a repo adopts nothing else, it should adopt these."
11
+ },
12
+ {
13
+ "id": "recommended",
14
+ "name": "Recommended",
15
+ "description": "Strong consensus practices that materially improve reliability and team coordination but carry slightly more setup or behavioral cost (verification gates, worktree isolation, small rebased branches, subagent hygiene). Default ON for teams; opt-out per repo. These are where Convene’s coordination bus adds the most leverage."
16
+ },
17
+ {
18
+ "id": "advanced",
19
+ "name": "Advanced",
20
+ "description": "High-leverage but higher-variance or higher-overhead practices for mature teams running many concurrent agents (merge queues, sandboxed YOLO mode, headless fan-out, adversarial review subagents, policy-as-code enforcement). Default OFF; opt-in deliberately. Several are contested or context-dependent and are marked low-confidence where the research disagrees."
21
+ }
22
+ ],
23
+ "categories": [
24
+ "Instruction Files (CLAUDE.md / AGENTS.md)",
25
+ "Verification & Quality Gates",
26
+ "Workflow Discipline (Plan / Explore / Commit)",
27
+ "Context Management",
28
+ "Parallel & Multi-Session Coordination",
29
+ "Git & Integration Hygiene",
30
+ "Permissions & Sandboxing",
31
+ "Subagents & Delegation",
32
+ "Catalog Governance & Distribution"
33
+ ],
34
+ "practices": [
35
+ {
36
+ "id": "claude-md-lean",
37
+ "version": "1.0.0",
38
+ "title": "Keep CLAUDE.md short, specific, and pruned (< ~200 lines)",
39
+ "category": "Instruction Files (CLAUDE.md / AGENTS.md)",
40
+ "tier": "essentials",
41
+ "what": "Cap the always-loaded CLAUDE.md at ~200 lines (start nearer 60). For each line ask \"would removing this cause a mistake? if not, cut it.\" Keep only what the agent cannot infer from code (non-guessable commands, style deltas, test runners, gotchas); link out for API docs. Write verifiable rules, pair every prohibition with a positive alternative, and reserve IMPORTANT/YOU MUST for the rare load-bearing rule.",
42
+ "why": "CLAUDE.md loads in full every turn and instruction-following degrades as it fills — a bloated file buries the rules that matter and makes louder emphasis useless. Unnecessary requirements measurably harm agent performance (Gloaguen et al. 2026: >20% inference-cost increase). A tight file is the single highest-signal lever.",
43
+ "defaultLevel": "ci",
44
+ "availableLevels": [
45
+ "advisory",
46
+ "ci"
47
+ ],
48
+ "optInDefault": "on",
49
+ "artifacts": [
50
+ {
51
+ "kind": "claudeMd",
52
+ "body": "Keep this file under ~200 lines. Before adding a line, ask \"would removing it cause a mistake?\" — if not, cut it.\nWrite verifiable rules; reserve IMPORTANT/YOU MUST for the rare load-bearing one; link out for API docs instead of inlining."
53
+ },
54
+ {
55
+ "kind": "ci",
56
+ "body": "Warn when CLAUDE.md / CLAUDE.local.md exceeds the line/token budget; flag overuse of IMPORTANT/YOU MUST, vague verbs (properly/cleanly/appropriately), and negation-only rules for human review. Advisory by nature — warn, do not hard-fail by default."
57
+ }
58
+ ],
59
+ "sourceUrls": [
60
+ "https://code.claude.com/docs/en/best-practices",
61
+ "https://code.claude.com/docs/en/memory",
62
+ "https://arxiv.org/abs/2602.11988"
63
+ ]
64
+ },
65
+ {
66
+ "id": "hooks-for-must-haves",
67
+ "version": "1.0.0",
68
+ "title": "Use hooks (not CLAUDE.md prose) for anything that must happen every time",
69
+ "category": "Verification & Quality Gates",
70
+ "tier": "essentials",
71
+ "what": "Any rule that must run at a fixed point — lint after every edit, block writes to protected paths, gate turn-completion on a passing build — becomes a hook in .claude/settings.json, not a sentence in CLAUDE.md. PreToolUse blocks before an action (exit 2 / deny); PostToolUse runs linters after edits; Stop gates turn completion. If the agent keeps violating a rule despite emphasis, convert it to a hook.",
72
+ "why": "CLAUDE.md and auto-memory are advisory context with no guarantee of compliance; hooks are deterministic regardless of what the agent decides. Anthropic: \"to block an action regardless of what Claude decides, use a PreToolUse hook.\" Encoding each correction as durable tooling means the same error class can’t recur after a context reset.",
73
+ "defaultLevel": "hook-hard",
74
+ "availableLevels": [
75
+ "advisory",
76
+ "hook-soft",
77
+ "hook-hard"
78
+ ],
79
+ "optInDefault": "on",
80
+ "artifacts": [
81
+ {
82
+ "kind": "claudeMd",
83
+ "body": "If a rule must run every time (lint after edits, block a path, gate turn-end on a green build), wire it as a hook in .claude/settings.json — do not restate it as prose here.\nWhen the agent keeps violating a rule despite emphasis, convert the rule to a hook."
84
+ },
85
+ {
86
+ "kind": "settingsHook",
87
+ "event": "PreToolUse",
88
+ "matcher": "Write|Edit",
89
+ "command": "convene practice-guard hooks-for-must-haves",
90
+ "verb": "practice-guard"
91
+ }
92
+ ],
93
+ "sourceUrls": [
94
+ "https://code.claude.com/docs/en/hooks",
95
+ "https://code.claude.com/docs/en/best-practices"
96
+ ]
97
+ },
98
+ {
99
+ "id": "verify-before-ship",
100
+ "version": "1.0.0",
101
+ "title": "Always give the agent a runnable way to verify its own work",
102
+ "category": "Verification & Quality Gates",
103
+ "tier": "essentials",
104
+ "what": "Provide a machine-checkable pass/fail gate the agent can run and read: test suite, build exit code, linter, a fixture diff, or a screenshot compared to a design. State concrete success criteria, require the agent to run the check and iterate until green, and show evidence (command + output) rather than asserting success. Keep the verify command prominent in the instruction file; escalate the gate (in-prompt → Stop hook → CI) to fit the task.",
105
+ "why": "Claude stops when work \"looks done\"; without a check it can run, \"looks done\" is the only signal and you become the verification loop. This trust-then-verify gap is the most mechanically enforceable, highest-impact practice in the set — the single biggest factor in whether a session can run unattended.",
106
+ "defaultLevel": "hook-hard",
107
+ "availableLevels": [
108
+ "advisory",
109
+ "hook-soft",
110
+ "hook-hard",
111
+ "ci"
112
+ ],
113
+ "optInDefault": "on",
114
+ "artifacts": [
115
+ {
116
+ "kind": "claudeMd",
117
+ "body": "Before claiming work done, run the repo’s verify gate (test/build/lint) and iterate until green; show the command and its output as evidence.\nState concrete success criteria up front — do not rely on \"looks done\"."
118
+ },
119
+ {
120
+ "kind": "settingsHook",
121
+ "event": "Stop",
122
+ "matcher": ".*",
123
+ "command": "convene practice-guard verify-before-ship",
124
+ "verb": "practice-guard"
125
+ }
126
+ ],
127
+ "sourceUrls": [
128
+ "https://code.claude.com/docs/en/best-practices",
129
+ "https://code.claude.com/docs/en/hooks",
130
+ "https://simonwillison.net/2026/Feb/23/agentic-engineering-patterns/"
131
+ ]
132
+ },
133
+ {
134
+ "id": "plan-mode-before-edits",
135
+ "version": "1.0.0",
136
+ "title": "Plan mode before edits (Explore → Plan → Implement → Commit)",
137
+ "category": "Workflow Discipline (Plan / Explore / Commit)",
138
+ "tier": "essentials",
139
+ "what": "For any non-trivial change, work read-only first: explore in plan mode (write tools blocked), produce a reviewable numbered plan, get it approved, then implement against the plan and commit with a descriptive message + PR. Skip planning only for one-sentence diffs. Plan most when the approach is uncertain, the change spans files, or the code is unfamiliar. In a multi-agent repo, post the plan to the bus before mutating the tree.",
140
+ "why": "Letting Claude jump straight to coding can solve the wrong problem — the costliest agentic failure is the wrong approach executed at scale. A read-only plan eliminates it cheaply and, in multi-session repos, makes intent legible to peers before any tree mutates. Production-learned at the BrightAI Opportunity Explorer; confirmed by Anthropic’s documented workflow.",
141
+ "defaultLevel": "hook-soft",
142
+ "availableLevels": [
143
+ "advisory",
144
+ "hook-soft"
145
+ ],
146
+ "optInDefault": "on",
147
+ "productionLearned": true,
148
+ "artifacts": [
149
+ {
150
+ "kind": "claudeMd",
151
+ "body": "For any multi-file or unfamiliar change, work read-only in plan mode first and get a numbered plan approved before editing.\nIn a multi-agent repo, post the plan with `convene post status` before mutating the tree."
152
+ },
153
+ {
154
+ "kind": "settingsHook",
155
+ "event": "PreToolUse",
156
+ "matcher": "Write|Edit",
157
+ "command": "convene practice-guard plan-mode-before-edits",
158
+ "verb": "practice-guard"
159
+ }
160
+ ],
161
+ "sourceUrls": [
162
+ "https://code.claude.com/docs/en/best-practices",
163
+ "https://www.datacamp.com/tutorial/claude-code-plan-mode",
164
+ "https://harper.blog/2025/02/16/my-llm-codegen-workflow-atm/"
165
+ ]
166
+ },
167
+ {
168
+ "id": "manage-context-clear",
169
+ "version": "1.0.0",
170
+ "title": "Manage context aggressively: /clear between tasks; after 2 failed corrections, reset",
171
+ "category": "Context Management",
172
+ "tier": "essentials",
173
+ "what": "Treat the context window as the scarce resource. /clear between unrelated tasks (avoid the kitchen-sink session). If you’ve corrected the agent more than twice on the same issue, /clear and restart with a sharper prompt rather than piling corrections onto a polluted context. Use /compact or rewind for partial trims; preserve the modified-file list and test commands across compaction.",
174
+ "why": "Most agentic failures reduce to one constraint: context fills fast and performance degrades as it fills. A clean session with a better prompt almost always outperforms a long session with accumulated corrections.",
175
+ "defaultLevel": "advisory",
176
+ "availableLevels": [
177
+ "advisory"
178
+ ],
179
+ "optInDefault": "on",
180
+ "artifacts": [
181
+ {
182
+ "kind": "claudeMd",
183
+ "body": "Run /clear between unrelated tasks. After correcting the same issue twice, /clear and restart with a sharper prompt instead of piling on corrections."
184
+ }
185
+ ],
186
+ "sourceUrls": [
187
+ "https://code.claude.com/docs/en/best-practices",
188
+ "https://lucumr.pocoo.org/2025/6/12/agentic-coding/"
189
+ ]
190
+ },
191
+ {
192
+ "id": "catalog-marker-block-distribution",
193
+ "version": "1.0.0",
194
+ "title": "Distribute the catalog inside marker blocks, never via git add -A",
195
+ "category": "Catalog Governance & Distribution",
196
+ "tier": "essentials",
197
+ "what": "Write all catalog-managed content ONLY between stable markers (<!-- convene:begin --> … <!-- convene:end -->, with TOML/JSON equivalents) and stage ONLY the known CONVENE_PATHS in an isolated commit — never `git add -A`. Local edits outside the managed region always win; the updater edits only within markers. The protocol doc is written only if absent, never overwritten.",
198
+ "why": "If the updater overwrites whole files, local customizations are lost and teams stop adopting updates — the exact init-clobber footgun Convene already hit (clobbered .gitignore + protocol doc). Marked managed-regions with local-wins precedence are what make repeated automated updates safe and trusted. A hard prerequisite for everything else in the catalog.",
199
+ "defaultLevel": "ci",
200
+ "availableLevels": [
201
+ "advisory",
202
+ "ci"
203
+ ],
204
+ "optInDefault": "on",
205
+ "artifacts": [
206
+ {
207
+ "kind": "ci",
208
+ "body": "Fail if a catalog push would modify content outside the convene marker blocks, or stage any file not in CONVENE_PATHS. Implemented today by upsertMarkerBlock/removeMarkerBlock + the isolated CONVENE_PATHS commit; assert it in `convene doctor`."
209
+ }
210
+ ],
211
+ "sourceUrls": [
212
+ "https://docs.renovatebot.com/config-presets/",
213
+ "https://editorconfig.org/"
214
+ ]
215
+ },
216
+ {
217
+ "id": "worktree-per-session",
218
+ "version": "1.0.0",
219
+ "title": "One git worktree per concurrent session/agent",
220
+ "category": "Parallel & Multi-Session Coordination",
221
+ "tier": "recommended",
222
+ "what": "Run every concurrent agent session in its own git worktree (private HEAD/index/working files, shared object store), one per task. In Claude Code use `claude --worktree <name>`; gitignore .claude/worktrees/. Branch each worktree from fresh origin/HEAD. Copy gitignored config (.env, secrets) via a .worktreeinclude file and initialize deps/ports/test DB per worktree. Assign each session non-overlapping file boundaries before work begins.",
223
+ "why": "Without isolation, parallel agents in one checkout silently overwrite each other’s uncommitted edits, suffer context contamination, and hit .git/index.lock contention (confirmed work-loss in Claude Code #55724). Worktrees convert invisible runtime corruption into ordinary git conflicts. Production-learned at the BrightAI Opportunity Explorer; Convene’s session identity (member/<worktree-basename>) is built around it.",
224
+ "defaultLevel": "hook-soft",
225
+ "availableLevels": [
226
+ "advisory",
227
+ "hook-soft"
228
+ ],
229
+ "optInDefault": "on",
230
+ "productionLearned": true,
231
+ "artifacts": [
232
+ {
233
+ "kind": "claudeMd",
234
+ "body": "Run each concurrent session in its own git worktree (`convene worktree <branch>`), branched from fresh origin/HEAD, with non-overlapping file ownership.\nCopy gitignored config (.env) via .worktreeinclude; never run two agents in one checkout."
235
+ },
236
+ {
237
+ "kind": "gitignore",
238
+ "lines": [
239
+ ".claude/worktrees/"
240
+ ]
241
+ },
242
+ {
243
+ "kind": "settingsHook",
244
+ "event": "PreToolUse",
245
+ "matcher": "Write|Edit",
246
+ "command": "convene practice-guard worktree-per-session",
247
+ "verb": "practice-guard"
248
+ }
249
+ ],
250
+ "sourceUrls": [
251
+ "https://code.claude.com/docs/en/worktrees",
252
+ "https://www.augmentcode.com/guides/git-worktrees-parallel-ai-agent-execution",
253
+ "https://github.com/anthropics/claude-code/issues/55724"
254
+ ]
255
+ },
256
+ {
257
+ "id": "pull-main-before-execution",
258
+ "version": "1.0.0",
259
+ "title": "Pull latest main after planning, before executing, then re-confirm the plan",
260
+ "category": "Git & Integration Hygiene",
261
+ "tier": "recommended",
262
+ "what": "Insert a re-sync step between Plan and Implement: once the plan exists but before the first edit, fetch and rebase onto latest origin/main (in the feature worktree, so main stays untouched), then re-validate the plan against the new HEAD — a concurrent session may have changed the files or interfaces it assumed. Re-validate again after any later sync/rebase.",
263
+ "why": "A plan is only valid against the tree it was formed on, and in multi-session repos that tree moves between plan and execution. Working at fresh HEAD and rebasing early converts a future merge/semantic conflict into a cheap pre-flight check. Production-learned at the BrightAI Opportunity Explorer.",
264
+ "defaultLevel": "hook-soft",
265
+ "availableLevels": [
266
+ "advisory",
267
+ "hook-soft"
268
+ ],
269
+ "optInDefault": "on",
270
+ "productionLearned": true,
271
+ "artifacts": [
272
+ {
273
+ "kind": "claudeMd",
274
+ "body": "After the plan is set but before the first edit, fetch and rebase onto origin/main, then re-validate the plan against the new HEAD.\nRe-validate again after any later rebase — the tree may have moved."
275
+ },
276
+ {
277
+ "kind": "settingsHook",
278
+ "event": "PreToolUse",
279
+ "matcher": "Write|Edit",
280
+ "command": "convene practice-guard pull-main-before-execution",
281
+ "verb": "practice-guard"
282
+ }
283
+ ],
284
+ "sourceUrls": [
285
+ "https://code.claude.com/docs/en/worktrees",
286
+ "https://trunkbaseddevelopment.com/short-lived-feature-branches/"
287
+ ]
288
+ },
289
+ {
290
+ "id": "recheck-main-before-deploy-lane",
291
+ "version": "1.0.0",
292
+ "title": "Re-check main and reconfirm compatibility before claiming a deploy/merge lane",
293
+ "category": "Git & Integration Hygiene",
294
+ "tier": "recommended",
295
+ "what": "Right before merge or deploy, re-verify against current mainline and test the combined result — the change rebased onto current HEAD plus anything already ahead in the lane — not the branch in isolation. If behind, rebase (or pull --rebase) and re-run the check. In Convene, claim the deploy lane and let the gate compat-check fast-forwardability; if the bus health line says DEGRADED, re-fetch before acting.",
296
+ "why": "Two changes can each pass CI alone yet break main when landed back-to-back, because the second was tested against a base that no longer exists — a semantic conflict per-branch CI misses (\"A plus B can still be red\"). Rebasing repairs text but not architectural sense, so the combined state must be re-validated at claim time. Production-learned; maps onto Convene’s gate-push deploy-lane CAS + compat check.",
297
+ "defaultLevel": "hook-hard",
298
+ "availableLevels": [
299
+ "advisory",
300
+ "hook-soft",
301
+ "hook-hard"
302
+ ],
303
+ "optInDefault": "on",
304
+ "productionLearned": true,
305
+ "artifacts": [
306
+ {
307
+ "kind": "claudeMd",
308
+ "body": "Before merge/deploy, rebase onto current origin/main and re-run the verify gate on the combined result — not the branch in isolation.\nClaim the deploy lane via `convene deploy`; if the health line reads DEGRADED, re-fetch before acting."
309
+ },
310
+ {
311
+ "kind": "settingsHook",
312
+ "event": "PreToolUse",
313
+ "matcher": "Bash",
314
+ "command": "convene practice-guard recheck-main-before-deploy-lane",
315
+ "verb": "practice-guard"
316
+ }
317
+ ],
318
+ "sourceUrls": [
319
+ "https://www.aviator.co/blog/what-is-a-merge-queue/",
320
+ "https://ctx.rs/blog/merge-queue-for-agents/"
321
+ ]
322
+ },
323
+ {
324
+ "id": "small-rebased-branches",
325
+ "version": "1.0.0",
326
+ "title": "Small, single-purpose, frequently-rebased branches",
327
+ "category": "Git & Integration Hygiene",
328
+ "tier": "recommended",
329
+ "what": "One logical change per branch, alive ~1–2 days, rebased onto trunk early and often; split larger work into a stack of small dependent diffs reviewed and merged independently. Keep trunk always-green: integrate small changes frequently, test after every commit, revert breakage immediately. Enable git rerere to auto-reapply recurring conflict resolutions.",
330
+ "why": "Smaller changes are lower-risk and review/integrate far faster; frequent rebasing keeps divergence small and shrinks the multi-agent conflict window. Because agents make it cheaper to produce overlapping work than to reconcile it, short-lived branches are the single best conflict-prevention lever. Production-learned at the BrightAI Opportunity Explorer, corroborated by trunk-based development.",
331
+ "defaultLevel": "ci",
332
+ "availableLevels": [
333
+ "advisory",
334
+ "ci"
335
+ ],
336
+ "optInDefault": "on",
337
+ "productionLearned": true,
338
+ "artifacts": [
339
+ {
340
+ "kind": "claudeMd",
341
+ "body": "One logical change per branch, alive ~1–2 days, rebased onto trunk often; split big work into a stack of small dependent diffs.\nKeep trunk green: test after every commit and revert breakage immediately."
342
+ },
343
+ {
344
+ "kind": "ci",
345
+ "body": "Require an up-to-date base + fast review; a PR-size linter warns on large diffs; a stale-branch report flags branches older than the agreed age. Set rerere.enabled in the repo. Mostly norm + CI nudge, not a hard block."
346
+ }
347
+ ],
348
+ "sourceUrls": [
349
+ "https://trunkbaseddevelopment.com/short-lived-feature-branches/",
350
+ "https://newsletter.pragmaticengineer.com/p/stacked-diffs"
351
+ ]
352
+ },
353
+ {
354
+ "id": "protect-shared-files",
355
+ "version": "1.0.0",
356
+ "title": "Protect shared/global files from concurrent edits; sequence dependent work",
357
+ "category": "Parallel & Multi-Session Coordination",
358
+ "tier": "recommended",
359
+ "what": "Treat lockfiles, migrations, root configs, and shared contracts as off-limits unless explicitly assigned to exactly one session — no concurrent dependency changes across worktrees. Sequence genuinely dependent work instead of parallelizing it: establish shared contracts (endpoint signatures, schemas) first, merge the shared utility, then fan out dependents.",
360
+ "why": "Worktree isolation prevents file clobbering during work but not logical/dependency conflicts. Lockfiles and migration sequences edited in parallel reliably break integration; dependent tasks run in parallel guarantee rework. Clear ownership boundaries and dependency ordering are what keep \"green individually, red together\" from happening.",
361
+ "defaultLevel": "hook-soft",
362
+ "availableLevels": [
363
+ "advisory",
364
+ "hook-soft",
365
+ "hook-hard"
366
+ ],
367
+ "optInDefault": "on",
368
+ "artifacts": [
369
+ {
370
+ "kind": "claudeMd",
371
+ "body": "Do not edit lockfiles, migrations, root configs, or shared contracts unless this session is the assigned owner.\nSequence dependent work: land the shared contract/utility first, then fan out dependents."
372
+ },
373
+ {
374
+ "kind": "settingsHook",
375
+ "event": "PreToolUse",
376
+ "matcher": "Write|Edit",
377
+ "command": "convene practice-guard protect-shared-files",
378
+ "verb": "practice-guard"
379
+ }
380
+ ],
381
+ "sourceUrls": [
382
+ "https://www.aakashx.com/blog/parallel-claude-code-agents/",
383
+ "https://www.augmentcode.com/guides/git-worktrees-parallel-ai-agent-execution"
384
+ ]
385
+ },
386
+ {
387
+ "id": "right-scope-instruction-files",
388
+ "version": "1.0.0",
389
+ "title": "Right-scope instruction files; bridge AGENTS.md to CLAUDE.md; move sometimes-rules to skills",
390
+ "category": "Instruction Files (CLAUDE.md / AGENTS.md)",
391
+ "tier": "recommended",
392
+ "what": "Place instructions by scope (managed org policy > user ~/.claude > project ./CLAUDE.md committed > ./CLAUDE.local.md gitignored). Commit the project file; keep personal notes in CLAUDE.local.md. Bridge multi-tool repos by importing AGENTS.md into CLAUDE.md (@AGENTS.md) or symlinking rather than duplicating. Move only-sometimes-relevant domain knowledge to skills and file-specific rules to .claude/rules/ with paths frontmatter, keeping the root file lean.",
393
+ "why": "Right-scoping prevents personal preferences leaking to the team, keeps org policy enforceable, and keeps the per-turn budget small while making deep context available on demand. A single bridged source of truth keeps multi-tool repos (Convene already writes Cursor/Cline/Codex/Gemini configs) from drifting.",
394
+ "defaultLevel": "ci",
395
+ "availableLevels": [
396
+ "advisory",
397
+ "ci"
398
+ ],
399
+ "optInDefault": "on",
400
+ "artifacts": [
401
+ {
402
+ "kind": "claudeMd",
403
+ "body": "Commit project CLAUDE.md; keep personal notes in CLAUDE.local.md (gitignored). Bridge multi-tool repos with @AGENTS.md, don’t duplicate.\nMove sometimes-relevant knowledge to skills and file-specific rules to .claude/rules/ to keep this file lean."
404
+ },
405
+ {
406
+ "kind": "ci",
407
+ "body": "Assert CLAUDE.local.md is gitignored and project CLAUDE.md is committed; flag large @-imports and oversized always-loaded files."
408
+ }
409
+ ],
410
+ "sourceUrls": [
411
+ "https://code.claude.com/docs/en/memory",
412
+ "https://cursor.com/docs/rules",
413
+ "https://agentpatterns.ai/workflows/central-repo-shared-agent-standards/"
414
+ ]
415
+ },
416
+ {
417
+ "id": "push-rules-to-tools",
418
+ "version": "1.0.0",
419
+ "title": "Push deterministic rules down to tools (linters/formatters/config), don’t restate them",
420
+ "category": "Instruction Files (CLAUDE.md / AGENTS.md)",
421
+ "tier": "recommended",
422
+ "what": "If a constraint can be enforced deterministically by a tool already in the repo (ESLint, Prettier, tsconfig, Ruff, Biome, a hook, a CI gate), enforce it there and do NOT restate it in CLAUDE.md. Replace \"copy the style guide\" with a linter; replace \"always run X\" prose with a hook. The instruction file just points at these tools.",
423
+ "why": "Instruction files are probabilistic; linters/formatters/hooks are deterministic. A rule the tool already enforces is dead weight that bloats the file and is less reliable than the tool. This shrinks the always-loaded context AND makes the constraint actually hold.",
424
+ "defaultLevel": "ci",
425
+ "availableLevels": [
426
+ "advisory",
427
+ "ci"
428
+ ],
429
+ "optInDefault": "on",
430
+ "artifacts": [
431
+ {
432
+ "kind": "claudeMd",
433
+ "body": "If a linter, formatter, tsconfig, hook, or CI gate can enforce a rule deterministically, enforce it there and do not restate it here — just point at the tool."
434
+ },
435
+ {
436
+ "kind": "ci",
437
+ "body": "Run lint/format/typecheck in CI and as PostToolUse hooks. A reviewer/linter flags CLAUDE.md content that duplicates a linter-enforceable rule."
438
+ }
439
+ ],
440
+ "sourceUrls": [
441
+ "https://cursor.com/docs/rules",
442
+ "https://asdlc.io/practices/agents-md-spec/",
443
+ "https://code.claude.com/docs/en/best-practices"
444
+ ]
445
+ },
446
+ {
447
+ "id": "specific-source-grounded-prompts",
448
+ "version": "1.0.0",
449
+ "title": "Give specific, source-grounded prompts; hand over reference implementations",
450
+ "category": "Workflow Discipline (Plan / Explore / Commit)",
451
+ "tier": "recommended",
452
+ "what": "Scope each task (which file, which scenario, testing prefs) and point the agent at the source that answers it (@-reference files, git history, doc URLs, piped data). Prefer handing the agent an existing example to follow (\"look at HotDogWidget.php and follow the pattern\") over describing the pattern in prose. For approach-uncertain work, ask for 2–3 high-level approaches with tradeoffs before any code.",
453
+ "why": "Claude can infer intent but can’t read your mind. Specific context prevents solving the wrong problem and reduces the correction loop that pollutes context. Concrete reference code carries far more reliable signal than prose and keeps new code consistent with existing conventions.",
454
+ "defaultLevel": "advisory",
455
+ "availableLevels": [
456
+ "advisory"
457
+ ],
458
+ "optInDefault": "on",
459
+ "artifacts": [
460
+ {
461
+ "kind": "claudeMd",
462
+ "body": "Scope each task (file, scenario, test prefs) and @-reference the source that answers it. Hand over an existing example to follow over describing a pattern in prose.\nWhen the approach is uncertain, ask for 2–3 options with tradeoffs before any code."
463
+ }
464
+ ],
465
+ "sourceUrls": [
466
+ "https://code.claude.com/docs/en/best-practices",
467
+ "https://simonwillison.net/2026/Feb/23/agentic-engineering-patterns/"
468
+ ]
469
+ },
470
+ {
471
+ "id": "permissions-deny-secrets",
472
+ "version": "1.0.0",
473
+ "title": "Configure permission allowlists and a hard denylist for secrets/credentials",
474
+ "category": "Permissions & Sandboxing",
475
+ "tier": "recommended",
476
+ "what": "Replace click-through approval fatigue with explicit allowlists for known-safe commands (npm run lint, git commit) and hard deny rules for secrets and dangerous operations (Read(./.env), Read(./secrets/**), Bash(curl *)). Use deny for hard blocks that cannot be overridden; scope unattended/headless runs with --allowedTools.",
477
+ "why": "After the tenth approval you’re not really reviewing. Allowlists cut interruptions while keeping control; deny rules are hard blocks that merge across scopes and take precedence over allows — the right place for credential protection, client-enforced regardless of what the agent decides.",
478
+ "defaultLevel": "hook-hard",
479
+ "availableLevels": [
480
+ "advisory",
481
+ "hook-hard"
482
+ ],
483
+ "optInDefault": "on",
484
+ "artifacts": [
485
+ {
486
+ "kind": "claudeMd",
487
+ "body": "Secrets are hard-denied in .claude/settings.json (.env, .env.*, secrets/**). Allowlist known-safe commands instead of click-through approval.\nFor unattended/headless runs, scope tools with --allowedTools."
488
+ },
489
+ {
490
+ "kind": "settingsJson",
491
+ "merge": {
492
+ "permissions": {
493
+ "deny": [
494
+ "Read(./.env)",
495
+ "Read(./.env.*)",
496
+ "Read(./**/.env)",
497
+ "Read(./secrets/**)",
498
+ "Read(./**/*.pem)",
499
+ "Read(./**/*.key)",
500
+ "Read(./**/id_rsa)",
501
+ "Read(./**/credentials)",
502
+ "Read(./**/*.p12)"
503
+ ]
504
+ }
505
+ }
506
+ }
507
+ ],
508
+ "sourceUrls": [
509
+ "https://code.claude.com/docs/en/settings",
510
+ "https://code.claude.com/docs/en/best-practices"
511
+ ]
512
+ },
513
+ {
514
+ "id": "focused-subagents-least-privilege",
515
+ "version": "1.0.0",
516
+ "title": "Design focused, least-privilege subagents; delegate verbose work to protect context",
517
+ "category": "Subagents & Delegation",
518
+ "tier": "recommended",
519
+ "what": "Delegate research, high-volume output (report only the failing tests), and parallel investigations to subagents that run in isolated context and return summaries. Design each subagent for one task, write a detailed description (the delegation signal; add \"use proactively\"), and grant least-privilege tools via the tools allowlist / disallowedTools (e.g. a reviewer gets Read/Grep/Glob/Bash but no Edit/Write). Commit subagents in .claude/agents/ so the team inherits them.",
520
+ "why": "Context is the fundamental constraint, so subagents that explore in a separate window and return only a summary are among the most powerful tools available. Focused agents with limited tools improve security and focus; vague descriptions cause missed or wrong delegation. Frontmatter tools/disallowedTools is mechanically enforced — the subagent literally cannot use omitted tools.",
521
+ "defaultLevel": "hook-soft",
522
+ "availableLevels": [
523
+ "advisory",
524
+ "hook-soft"
525
+ ],
526
+ "optInDefault": "on",
527
+ "artifacts": [
528
+ {
529
+ "kind": "claudeMd",
530
+ "body": "Delegate research and high-volume output to subagents that return summaries (e.g. \"report only failing tests\"). One task per agent.\nGrant least-privilege tools via frontmatter (a reviewer gets Read/Grep/Glob, no Edit/Write); commit agents in .claude/agents/."
531
+ },
532
+ {
533
+ "kind": "settingsHook",
534
+ "event": "PreToolUse",
535
+ "matcher": "Task",
536
+ "command": "convene practice-guard focused-subagents-least-privilege",
537
+ "verb": "practice-guard"
538
+ }
539
+ ],
540
+ "sourceUrls": [
541
+ "https://code.claude.com/docs/en/sub-agents",
542
+ "https://code.claude.com/docs/en/best-practices"
543
+ ]
544
+ },
545
+ {
546
+ "id": "capture-workflows-as-skills",
547
+ "version": "1.0.0",
548
+ "title": "Capture repeatable workflows as committed slash commands / skills",
549
+ "category": "Workflow Discipline (Plan / Explore / Commit)",
550
+ "tier": "recommended",
551
+ "what": "Store reusable workflows (issue-fixing, migration loops, debugging routines) as skills (SKILL.md in .claude/skills/) invoked by name or applied when relevant; use disable-model-invocation:true for side-effecting workflows you want triggered manually. Check skills/commands into git so the team gets consistent, shareable workflows.",
552
+ "why": "Keeps the always-loaded context lean while giving the agent deep on-demand knowledge, and standardizes team workflows so they’re reproducible. Committed skills are loaded deterministically by the harness; disable-model-invocation keeps side-effecting workflows manual-only.",
553
+ "defaultLevel": "advisory",
554
+ "availableLevels": [
555
+ "advisory"
556
+ ],
557
+ "optInDefault": "on",
558
+ "artifacts": [
559
+ {
560
+ "kind": "claudeMd",
561
+ "body": "Store reusable workflows as committed skills in .claude/skills/ so the team shares them. Use disable-model-invocation:true for side-effecting ones."
562
+ }
563
+ ],
564
+ "sourceUrls": [
565
+ "https://code.claude.com/docs/en/best-practices",
566
+ "https://code.claude.com/docs/en/memory"
567
+ ]
568
+ },
569
+ {
570
+ "id": "catalog-versioned-staged-rollout",
571
+ "version": "1.0.0",
572
+ "title": "Version the catalog (SemVer), let repos pin/float, and stage enforcement rollout",
573
+ "category": "Catalog Governance & Distribution",
574
+ "tier": "recommended",
575
+ "what": "Attach a SemVer version to each practice and let a repo’s .convene/project.json declare its update channel (pinned, minor-floating, or @latest). Communicate bump level on the bus so a session knows whether an update is auto-takeable (patch) or needs review (major). Introduce every new or tightened practice at the lowest tier (advisory) and ratchet up (advisory → hook-soft → hook-hard/ci) only as conformance data justifies it.",
576
+ "why": "Without a version + bump-level signal every update looks equally risky, so teams take nothing (drift) or everything (breakage). Pinning gives reproducibility; floating gives auto-propagation of fixes; staged enforcement surfaces the cost of compliance before it’s mandatory and makes the eventual hard-fail a non-event.",
577
+ "defaultLevel": "advisory",
578
+ "availableLevels": [
579
+ "advisory",
580
+ "manual"
581
+ ],
582
+ "optInDefault": "on",
583
+ "artifacts": [
584
+ {
585
+ "kind": "claudeMd",
586
+ "body": "Each practice is SemVer-versioned; .convene/project.json pins the (practice, version, level) it adopted. New/tightened practices land advisory-first and ratchet up only as conformance justifies."
587
+ }
588
+ ],
589
+ "sourceUrls": [
590
+ "https://developer.hashicorp.com/sentinel/docs/concepts/enforcement-levels",
591
+ "https://pre-commit.com/"
592
+ ]
593
+ },
594
+ {
595
+ "id": "catalog-opt-in-overridable",
596
+ "version": "1.0.0",
597
+ "title": "Per-practice opt-in with repo-level overrides and documented escape hatches",
598
+ "category": "Catalog Governance & Distribution",
599
+ "tier": "recommended",
600
+ "what": "Make every practice individually adoptable and individually tunable (advisory vs blocking) per repo, with org defaults a repo can extend or override (local wins, recorded in version control). Provide an explicit, attributed, sparingly-used override for soft-mandatory gates (e.g. `convene override --reason`) that the bus logs, rather than a silent bypass. Surface adoption + override frequency on the dashboard.",
601
+ "why": "Bundling standards as one indivisible pack forces teams to accept the strictest least-relevant rule to get the valuable one — the surest route to wholesale rejection and shadow workarounds. Per-practice opt-in + documented, attributed overrides keep deviation inside the governance framework (auditable) instead of in the shadows.",
602
+ "defaultLevel": "manual",
603
+ "availableLevels": [
604
+ "advisory",
605
+ "manual"
606
+ ],
607
+ "optInDefault": "on",
608
+ "artifacts": [
609
+ {
610
+ "kind": "claudeMd",
611
+ "body": "Every practice is opt-in and tunable per repo; org defaults apply unless overridden (local wins, in version control).\nBypass a soft gate only via an attributed `convene override --reason` — never a silent skip."
612
+ }
613
+ ],
614
+ "sourceUrls": [
615
+ "https://developer.hashicorp.com/sentinel/docs/concepts/enforcement-levels",
616
+ "https://mia-platform.eu/blog/paved-roads-golden-paths-guardrails-railroads/"
617
+ ]
618
+ },
619
+ {
620
+ "id": "adversarial-review-step",
621
+ "version": "1.0.0",
622
+ "title": "Adversarial / fresh-context review before counting work done",
623
+ "category": "Verification & Quality Gates",
624
+ "tier": "advanced",
625
+ "what": "Before treating a task complete, have a subagent review the diff in a fresh context seeing only the change and the criteria — not the reasoning that produced it. Use the bundled /code-review skill or a committed reviewer subagent (read-only tools). Constrain it: \"flag only gaps affecting correctness or stated requirements,\" because a reviewer asked to find gaps will report some even when the work is sound.",
626
+ "why": "A fresh context improves code review since Claude won’t be biased toward code it just wrote. An independent grader catches edge cases the author model rationalized away — especially valuable the longer a session runs unattended. The correctness/requirements constraint is essential to avoid the over-engineering failure mode the docs warn about.",
627
+ "defaultLevel": "ci",
628
+ "availableLevels": [
629
+ "advisory",
630
+ "ci"
631
+ ],
632
+ "optInDefault": "off",
633
+ "artifacts": [
634
+ {
635
+ "kind": "claudeMd",
636
+ "body": "Before counting work done, run a fresh-context reviewer (the /code-review skill or a read-only reviewer subagent) on the diff.\nConstrain it to gaps affecting correctness or stated requirements."
637
+ },
638
+ {
639
+ "kind": "ci",
640
+ "body": "Run /code-review or a read-only reviewer subagent (claude -p) on the diff as a CI step. Acting on findings stays advisory; default OFF (higher cost, best for mature/unattended workflows)."
641
+ }
642
+ ],
643
+ "sourceUrls": [
644
+ "https://code.claude.com/docs/en/best-practices",
645
+ "https://code.claude.com/docs/en/sub-agents"
646
+ ]
647
+ },
648
+ {
649
+ "id": "merge-queue-serialize-landings",
650
+ "version": "1.0.0",
651
+ "title": "Serialize landings through a merge queue (claim an integration slot)",
652
+ "category": "Parallel & Multi-Session Coordination",
653
+ "tier": "advanced",
654
+ "what": "Land agent branches through a FIFO merge queue rather than racing pushes to main. The queue rebases each PR onto latest main plus PRs ahead of it, runs CI against that combined (speculative) state, merges only if green, and sends entries back for revision when they no longer apply. Re-validate the integrated branch (full suite) before declaring parallel work complete.",
655
+ "why": "Each branch can be individually green yet collectively red; a merge queue makes integration deterministic and prevents a broken main even with many branches in flight. It is the scaled-up form of Convene’s deploy-lane discipline for high-concurrency teams.",
656
+ "defaultLevel": "ci",
657
+ "availableLevels": [
658
+ "advisory",
659
+ "ci"
660
+ ],
661
+ "optInDefault": "off",
662
+ "artifacts": [
663
+ {
664
+ "kind": "ci",
665
+ "body": "GitHub merge queue / Mergify with required checks on the rebased combined state. Complements Convene’s deploy-lane gate (which serializes a single deploy ref). Default OFF — only valuable at higher concurrency."
666
+ }
667
+ ],
668
+ "sourceUrls": [
669
+ "https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue",
670
+ "https://mergify.com/merge-queue"
671
+ ]
672
+ },
673
+ {
674
+ "id": "yolo-in-sandbox",
675
+ "version": "1.0.0",
676
+ "title": "Run auto-approval (YOLO) mode only inside a sandbox",
677
+ "category": "Permissions & Sandboxing",
678
+ "tier": "advanced",
679
+ "what": "If you run with broad auto-approval for throughput, do it only inside a container/VM that restricts files, secrets, and network egress, with test/staging-only credentials and budget caps. Anthropic recommends --dangerously-skip-permissions only in a container without internet; practitioners run it aliased inside Docker or Codespaces. permissions.deny still applies.",
680
+ "why": "Auto-approving every action is key to maximum throughput but dangerous: it exposes destructive shell commands, source/secret exfiltration (including via prompt injection), and use of your machine as a proxy to attack other targets. Sandboxing limits the blast radius so productivity gains don’t carry catastrophic downside.",
681
+ "defaultLevel": "manual",
682
+ "availableLevels": [
683
+ "advisory",
684
+ "manual"
685
+ ],
686
+ "optInDefault": "off",
687
+ "artifacts": [
688
+ {
689
+ "kind": "claudeMd",
690
+ "body": "Only run broad auto-approval (--dangerously-skip-permissions) inside a container/VM with no internet egress, scoped test credentials, and spend caps. permissions.deny still applies."
691
+ },
692
+ {
693
+ "kind": "doc",
694
+ "path": ".convene/practices/yolo-in-sandbox.md",
695
+ "body": "# YOLO-in-sandbox\n\nBroad auto-approval is throughput at the cost of safety. Run it ONLY in an isolated sandbox:\n\n- Container/VM with restricted filesystem and **no network egress** (or a strict egress allowlist).\n- Test/staging-only credentials — never production secrets in scope.\n- Budget/spend caps on the session.\n- Keep `permissions.deny` (it still applies even with --dangerously-skip-permissions).\n\nConvene ships this as guidance — it cannot mechanically force a sandbox from inside the repo."
696
+ }
697
+ ],
698
+ "sourceUrls": [
699
+ "https://simonwillison.net/2025/Sep/30/designing-agentic-loops/",
700
+ "https://lucumr.pocoo.org/2025/6/12/agentic-coding/",
701
+ "https://code.claude.com/docs/en/best-practices"
702
+ ]
703
+ },
704
+ {
705
+ "id": "headless-fanout-scoped",
706
+ "version": "1.0.0",
707
+ "title": "Use headless mode (claude -p) for CI and fan-out, scoped tightly",
708
+ "category": "Subagents & Delegation",
709
+ "tier": "advanced",
710
+ "what": "Use claude -p non-interactively in CI, pre-commit/pre-push hooks, and large mechanical migrations (loop over a file list calling claude -p per file). Restrict capability with --allowedTools and --permission-mode auto; parse with --output-format json. Test the prompt on 2–3 files before running at scale.",
711
+ "why": "Headless mode is how agents integrate into automation and scale horizontally; --allowedTools bounding what the agent can do matters when running unattended, and refining the prompt on a few files first prevents costly large-scale mistakes. permissions.deny still applies in headless mode.",
712
+ "defaultLevel": "ci",
713
+ "availableLevels": [
714
+ "advisory",
715
+ "ci"
716
+ ],
717
+ "optInDefault": "off",
718
+ "artifacts": [
719
+ {
720
+ "kind": "claudeMd",
721
+ "body": "For CI and large mechanical migrations, drive claude -p with --allowedTools + --permission-mode auto and --output-format json. Test the prompt on 2–3 files before running at scale."
722
+ },
723
+ {
724
+ "kind": "ci",
725
+ "body": "Wire claude -p into CI/pre-commit as the enforcement point, bounded by --allowedTools, with structured JSON output for programmatic gating. Default OFF — for teams automating at scale."
726
+ }
727
+ ],
728
+ "sourceUrls": [
729
+ "https://code.claude.com/docs/en/best-practices"
730
+ ]
731
+ },
732
+ {
733
+ "id": "prefer-cli-over-mcp",
734
+ "version": "1.0.0",
735
+ "title": "Prefer CLI tools and scripts over MCP servers for external services",
736
+ "category": "Workflow Discipline (Plan / Explore / Commit)",
737
+ "tier": "advanced",
738
+ "what": "Give the agent plain command-line tools (gh, psql, aws, plain SQL) documented in AGENTS.md/CLAUDE.md rather than wrapping everything in MCP. Keep the MCP surface minimal (e.g. one for browser automation); pre-install the CLIs the agent should use in the dev image.",
739
+ "why": "CLI tools are the most context-efficient way to interact with external services, embed in scripts, and agents already know a huge array of them; MCP servers are an extra moving part that can be unreliable. Contested — Anthropic also promotes select MCP servers — so treat this as a default-lean preference, not an absolute.",
740
+ "defaultLevel": "advisory",
741
+ "availableLevels": [
742
+ "advisory"
743
+ ],
744
+ "optInDefault": "off",
745
+ "artifacts": [
746
+ {
747
+ "kind": "claudeMd",
748
+ "body": "Prefer documented CLI tools (gh, psql, aws, plain SQL) over wrapping external services in MCP; keep the MCP surface minimal. Pre-install those CLIs in the dev image."
749
+ }
750
+ ],
751
+ "sourceUrls": [
752
+ "https://lucumr.pocoo.org/2025/6/12/agentic-coding/",
753
+ "https://simonwillison.net/2025/Sep/30/designing-agentic-loops/"
754
+ ]
755
+ },
756
+ {
757
+ "id": "test-first-tdd",
758
+ "version": "1.0.0",
759
+ "title": "Test-first / Red-Green TDD for agents",
760
+ "category": "Verification & Quality Gates",
761
+ "tier": "advanced",
762
+ "what": "Establish test specifications before implementation: have one agent (or session) write failing tests, then write code to make them pass — optionally separating the test-writer and code-writer roles across sessions. Anthropic suggests one Claude writes tests, another writes code to pass them.",
763
+ "why": "A failing test is a precise, machine-checkable success criterion that constrains output and closes the verification loop, helping agents write more succinct and reliable code with minimal extra prompting. It operationalizes verify-before-ship for greenfield/feature work.",
764
+ "defaultLevel": "ci",
765
+ "availableLevels": [
766
+ "advisory",
767
+ "ci"
768
+ ],
769
+ "optInDefault": "off",
770
+ "artifacts": [
771
+ {
772
+ "kind": "claudeMd",
773
+ "body": "For feature work, write failing tests first, then code to make them pass; optionally split test-writer and code-writer across sessions."
774
+ },
775
+ {
776
+ "kind": "ci",
777
+ "body": "CI requires tests + a Stop hook gating on green; optional writer/tester session separation. Default OFF — a strong discipline but a workflow choice not every change needs (overlaps with verify-before-ship)."
778
+ }
779
+ ],
780
+ "sourceUrls": [
781
+ "https://simonwillison.net/2026/Feb/23/agentic-engineering-patterns/",
782
+ "https://harper.blog/2025/02/16/my-llm-codegen-workflow-atm/"
783
+ ]
784
+ },
785
+ {
786
+ "id": "cap-concurrency-to-review",
787
+ "version": "1.0.0",
788
+ "title": "Cap concurrency to review/merge capacity",
789
+ "category": "Parallel & Multi-Session Coordination",
790
+ "tier": "advanced",
791
+ "what": "Match the number of concurrent sessions to human review + integration bandwidth — start with two or three and scale only as review capacity allows. Don’t parallelize sub-5-minute tasks, subtle bugs with unknown root cause, architecture redesigns, or single-file refactors.",
792
+ "why": "Throughput is bounded by review and integration, not by how many agents you can launch; over-fanning turns a short task into long review-and-cleanup and inflates the conflict surface. (Specific tier numbers are heuristic; the bounded-by-review-capacity principle is the durable part.)",
793
+ "defaultLevel": "advisory",
794
+ "availableLevels": [
795
+ "advisory"
796
+ ],
797
+ "optInDefault": "off",
798
+ "artifacts": [
799
+ {
800
+ "kind": "claudeMd",
801
+ "body": "Run only as many concurrent sessions as you can review and integrate (start with 2–3). Don’t parallelize sub-5-minute tasks, single-file refactors, or unknown-root-cause bugs."
802
+ }
803
+ ],
804
+ "sourceUrls": [
805
+ "https://nimbalyst.com/blog/git-worktrees-for-ai-coding-agents-complete-guide/",
806
+ "https://www.aakashx.com/blog/parallel-claude-code-agents/"
807
+ ]
808
+ },
809
+ {
810
+ "id": "course-correct-checkpoints",
811
+ "version": "1.0.0",
812
+ "title": "Course-correct early; use cheap reversibility (checkpoints + frequent commits)",
813
+ "category": "Context Management",
814
+ "tier": "advanced",
815
+ "what": "Interrupt the moment the agent goes off track (Esc to stop with context preserved; Esc-Esc/rewind to restore prior state). Because every prompt is a checkpoint and files are snapshotted before edits, you can tell the agent to try something risky and rewind if it fails. Combine with frequent git commits as save-points. Caveat: checkpoints track only the agent’s changes, not external processes — not a git replacement.",
816
+ "why": "The best results come from tight feedback loops. Correcting quickly beats letting a flawed trajectory compound; cheap reversibility changes the cost calculus so you can explore aggressively. Frequent commits make experiments cheap to abandon.",
817
+ "defaultLevel": "advisory",
818
+ "availableLevels": [
819
+ "advisory"
820
+ ],
821
+ "optInDefault": "off",
822
+ "artifacts": [
823
+ {
824
+ "kind": "claudeMd",
825
+ "body": "Interrupt early when the agent drifts (Esc; Esc-Esc to rewind). Commit often as save-points so risky attempts are cheap to abandon."
826
+ }
827
+ ],
828
+ "sourceUrls": [
829
+ "https://code.claude.com/docs/en/best-practices",
830
+ "https://www.samuelliedtke.com/blog/notes-on-agentic-engineering-in-action-with-mitchell-hashimoto/"
831
+ ]
832
+ },
833
+ {
834
+ "id": "catalog-drift-detection",
835
+ "version": "1.0.0",
836
+ "title": "Detect catalog drift and surface it; evolve standards via expand→migrate→contract",
837
+ "category": "Catalog Governance & Distribution",
838
+ "tier": "advanced",
839
+ "what": "Add a drift check (extend `convene doctor`) that hashes each repo’s catalog-managed marker regions and compares against the declared catalog version, reporting \"N versions behind / local drift\" on the dashboard and in the fetch block — surface, don’t auto-correct. When changing or retiring a practice, use expand→migrate→contract: ship the new version advisory-first alongside the old, instrument who still uses the old, and hard-remove only after a real deprecation window.",
840
+ "why": "Drift is silent and cumulative — a \"fleet on latest best practices\" claim becomes false within weeks without detection; a dashboard turns invisible drift into a prioritizable backlog. Instantly failing repos that complied with the old version punishes your most compliant teams; a deprecation window lets them migrate on their own schedule.",
841
+ "defaultLevel": "ci",
842
+ "availableLevels": [
843
+ "advisory",
844
+ "ci"
845
+ ],
846
+ "optInDefault": "off",
847
+ "artifacts": [
848
+ {
849
+ "kind": "ci",
850
+ "body": "`convene doctor` / a CI check computes marker-region hashes vs the declared catalog version; the fetch health line reports behind/drift. Deprecate via expand→migrate→contract with instrumentation of who’s on the old version. Default OFF until catalog-versioned-staged-rollout is in place."
851
+ }
852
+ ],
853
+ "sourceUrls": [
854
+ "https://roadie.io/backstage/plugins/tech-insights/",
855
+ "https://docs.renovatebot.com/configuration-options/"
856
+ ]
857
+ }
858
+ ]
859
+ };
860
+ exports.CATALOG_VERSION = "1.0.0";