npm - create-byan-agent - Versions diffs - 2.16.1 → 2.17.1 - Mend

create-byan-agent 2.16.1 → 2.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/install/templates/_byan/mcp/byan-mcp-server/lib/strict-sync.js ADDED Viewed

@@ -0,0 +1,140 @@
+// BYAN Strict Mode — API sync layer.
+//
+// The byan_web API is the authority for strict sessions; the local
+// .byan-strict/ state is a mirror. This module is the only place that talks to
+// the network on behalf of strict mode — strict-mode.js stays pure-local.
+//
+// Every push is best-effort: a missing token, an unreachable API, or a non-2xx
+// response degrades to { synced: false, reason } and never throws. The local
+// protocol must keep working whether or not the API answers. Reads
+// (fetchSession) are how the authority is consulted; callers decide how to
+// reconcile, with the local state as the offline fallback.
+const DEFAULT_TIMEOUT_MS = 4000;
+function apiBase() {
+  return (process.env.BYAN_API_URL || 'http://localhost:3737').replace(/\/+$/, '');
+}
+function apiToken() {
+  return process.env.BYAN_API_TOKEN || '';
+}
+function authHeader(token) {
+  if (!token) return {};
+  const scheme = token.startsWith('byan_') ? 'ApiKey' : 'Bearer';
+  return { Authorization: `${scheme} ${token}` };
+}
+export function syncEnabled({ token = apiToken() } = {}) {
+  return Boolean(token);
+}
+async function request(
+  method,
+  routePath,
+  { body, apiUrl = apiBase(), token = apiToken(), fetchImpl = globalThis.fetch, timeoutMs = DEFAULT_TIMEOUT_MS } = {}
+) {
+  if (!token) return { ok: false, synced: false, reason: 'no_token' };
+  if (typeof fetchImpl !== 'function') return { ok: false, synced: false, reason: 'no_fetch' };
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const res = await fetchImpl(`${apiUrl}${routePath}`, {
+      method,
+      headers: {
+        'Content-Type': 'application/json',
+        ...authHeader(token),
+      },
+      body: body ? JSON.stringify(body) : undefined,
+      signal: controller.signal,
+    });
+    let data = null;
+    try {
+      data = await res.json();
+    } catch {
+      data = null;
+    }
+    if (!res.ok) {
+      return { ok: false, synced: false, reason: `http_${res.status}`, status: res.status, data };
+    }
+    return { ok: true, synced: true, status: res.status, data: data ? data.data : null };
+  } catch (err) {
+    return { ok: false, synced: false, reason: err && err.name === 'AbortError' ? 'timeout' : 'network_error', error: err ? err.message : String(err) };
+  } finally {
+    clearTimeout(timer);
+  }
+}
+// POST /api/strict-sessions — create or upsert at scope-lock time.
+export function pushLock(
+  { sessionId, scopeLock, projectId = process.env.BYAN_PROJECT_ID || null, featureName = null },
+  opts = {}
+) {
+  if (!scopeLock) return Promise.resolve({ ok: false, synced: false, reason: 'no_scope_lock' });
+  return request('POST', '/api/strict-sessions', {
+    ...opts,
+    body: {
+      id: sessionId,
+      projectId,
+      featureName,
+      scopeText: scopeLock.scope_text,
+      scopeHash: scopeLock.scope_hash,
+      acceptanceCriteria: scopeLock.acceptance_criteria,
+      allowedPaths: scopeLock.allowed_paths,
+    },
+  });
+}
+// PATCH /api/strict-sessions/:id — append one verify pass.
+export function pushVerify({ sessionId, pass }, opts = {}) {
+  if (!sessionId || !pass) return Promise.resolve({ ok: false, synced: false, reason: 'missing_args' });
+  return request('PATCH', `/api/strict-sessions/${encodeURIComponent(sessionId)}`, {
+    ...opts,
+    body: {
+      verifyPass: {
+        pass: pass.pass,
+        verdict: pass.verdict,
+        findings: pass.findings || [],
+        completedAt: pass.completed_at,
+      },
+    },
+  });
+}
+// PATCH /api/strict-sessions/:id — mark completed, store the audit token.
+export function pushComplete({ sessionId, auditToken, completedAt }, opts = {}) {
+  if (!sessionId) return Promise.resolve({ ok: false, synced: false, reason: 'missing_args' });
+  return request('PATCH', `/api/strict-sessions/${encodeURIComponent(sessionId)}`, {
+    ...opts,
+    body: { complete: { auditToken, completedAt } },
+  });
+}
+// PATCH /api/strict-sessions/:id — deliberate abort.
+export function pushAbort({ sessionId, reason }, opts = {}) {
+  if (!sessionId) return Promise.resolve({ ok: false, synced: false, reason: 'missing_args' });
+  return request('PATCH', `/api/strict-sessions/${encodeURIComponent(sessionId)}`, {
+    ...opts,
+    body: { abort: { reason: reason || null } },
+  });
+}
+// GET /api/strict-sessions/:id — read the authoritative server record.
+export function fetchSession({ sessionId }, opts = {}) {
+  if (!sessionId) return Promise.resolve({ ok: false, synced: false, reason: 'missing_args' });
+  return request('GET', `/api/strict-sessions/${encodeURIComponent(sessionId)}`, opts);
+}
+// Resolve a byan_web project id from the active FD project_context (slug/name).
+// Best-effort: returns the id of the first match, or null when nothing matches.
+export async function resolveProjectId({ slug, name } = {}, opts = {}) {
+  const term = name || slug;
+  if (!term) return null;
+  const res = await request('GET', `/api/projects/search?slug=${encodeURIComponent(term)}`, opts);
+  if (res.ok && Array.isArray(res.data) && res.data.length > 0) {
+    return res.data[0].id;
+  }
+  return null;
+}

package/install/templates/_byan/mcp/byan-mcp-server/lib/sync-rules.js ADDED Viewed

@@ -0,0 +1,261 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import yaml from 'js-yaml';
+// byan-sync-rules generator.
+//
+// Reads the single source of truth (_byan/_config/strict-mode.yaml) and emits
+// the per-platform artifacts that enforce BYAN Strict Mode:
+//   - .claude/skills/byan-strict/SKILL.md            (owned, full-file)
+//   - .claude/hooks/lib/strict-config.json           (owned, full-file)
+//   - AGENTS.md                                       (upsert block, Codex)
+//   - .github/copilot-instructions.md                 (upsert block, Copilot)
+//
+// Owned files are rewritten wholesale (they carry a generated-by header).
+// Shared files get a block upserted between BYAN-STRICT markers, leaving the
+// rest of the file untouched.
+const BEGIN = 'BYAN-STRICT:BEGIN';
+const END = 'BYAN-STRICT:END';
+const DEFAULT_CONFIG_REL = path.join('_byan', '_config', 'strict-mode.yaml');
+export function resolveRoot(projectRoot) {
+  return projectRoot || process.env.CLAUDE_PROJECT_DIR || process.cwd();
+}
+export function loadConfig({ projectRoot, configPath } = {}) {
+  const root = resolveRoot(projectRoot);
+  const file = configPath || path.join(root, DEFAULT_CONFIG_REL);
+  if (!fs.existsSync(file)) {
+    throw new Error(`strict-mode config not found at ${file}`);
+  }
+  const cfg = yaml.load(fs.readFileSync(file, 'utf8'));
+  if (!cfg || typeof cfg !== 'object') {
+    throw new Error(`strict-mode config at ${file} did not parse to an object`);
+  }
+  if (!Array.isArray(cfg.mantras) || cfg.mantras.length === 0) {
+    throw new Error('strict-mode config must define a non-empty mantras list');
+  }
+  return cfg;
+}
+// ---------------------------------------------------------------------------
+// Renderers — pure functions config -> string.
+// ---------------------------------------------------------------------------
+const GENERATED_NOTE =
+  'Generated by byan-sync-rules from _byan/_config/strict-mode.yaml. Do not hand-edit.';
+export function renderStrictConfig(cfg) {
+  return {
+    _generated_by: 'byan-sync-rules',
+    version: cfg.version,
+    min_passes: cfg.self_verify.min_passes,
+    last_verdict_must_be: cfg.self_verify.last_verdict_must_be,
+    min_score: cfg.confidence.min_score,
+    auto_keywords: cfg.activation.auto_keywords,
+    completion_claim_markers: cfg.hooks.completion_claim_markers,
+    scope_guard: cfg.hooks.scope_guard,
+    freshness_window_seconds: cfg.hooks.freshness_window_seconds,
+    banners: {
+      context: cfg.injection.context_banner,
+      stop_block: cfg.injection.stop_block_reason,
+      scope_deny: cfg.injection.pretooluse_deny_reason,
+    },
+  };
+}
+function mantraLines(cfg) {
+  return cfg.mantras
+    .map((m) => `- **${m.id} ${m.name}** — ${m.rule.trim()}`)
+    .join('\n');
+}
+// Projects the strict mantras into the shape the MantraValidator consumes
+// (mirrors src/byan-v2/data/mantras.json). Lets the pre-commit mantra gate
+// score strict artifacts against the strict ruleset instead of the persona one.
+export function renderMantrasData(cfg) {
+  return {
+    metadata: {
+      source: 'byan-sync-rules',
+      generated_from: '_byan/_config/strict-mode.yaml',
+      count: cfg.mantras.length,
+    },
+    mantras: cfg.mantras.map((m) => ({
+      id: m.id,
+      title: m.name,
+      description: m.rule.trim(),
+      validation: {
+        type: 'keyword',
+        keywords: m.validation_keywords || [m.name.toLowerCase()],
+        required: true,
+      },
+      priority: m.priority || 'high',
+    })),
+  };
+}
+export function renderSkill(cfg) {
+  const triggers = cfg.activation.auto_keywords
+    .map((k) => `\`${k}\``)
+    .join(', ');
+  return `---
+name: byan-strict
+description: >-
+  ${cfg.description.trim()} Invoke when the user asks for a production
+  deliverable, a complete app, a filled contract from a template, or uses
+  any activation keyword (${triggers}). Enforces scope-lock, N>=${cfg.self_verify.min_passes}
+  self-verify passes, and a 95% confidence floor on hard claims.
+allowed-tools:
+  - mcp__byan__byan_strict_lock_scope
+  - mcp__byan__byan_strict_self_verify
+  - mcp__byan__byan_strict_complete
+  - mcp__byan__byan_strict_status
+  - mcp__byan__byan_strict_abort
+---
+<!-- ${GENERATED_NOTE} -->
+# BYAN Strict Mode
+You are operating under BYAN Strict Mode. The user asked for something
+complete. Downgrading the scope is the failure this mode exists to prevent.
+## Protocol
+1. **Lock the scope** with \`byan_strict_lock_scope\` before building. Provide a
+   verbatim restatement of the request and testable \`acceptanceCriteria\`. The
+   locked scope is the contract.
+2. **Build the full scope.** Do not substitute an MVP, a stub, or a simplified
+   version. If a part cannot be done, surface it as a gap — do not cut silently.
+3. **Self-verify at least ${cfg.self_verify.min_passes} times** with
+   \`byan_strict_self_verify\`, re-reading the original request each pass. The
+   last pass must report verdict \`ok\`.
+4. **Complete** with \`byan_strict_complete\` to earn the audit token. Without it,
+   the pre-commit gate blocks the commit.
+## Hard claims
+Claims in security, performance, or compliance need LEVEL-1 sourcing
+(${cfg.confidence.min_score}%) or they are BLOCKED.
+## Mantras
+${mantraLines(cfg)}
+`;
+}
+export function renderAgentsBlock(cfg) {
+  return `## BYAN Strict Mode
+${cfg.injection.context_banner.trim()}
+The strict tools (\`byan_strict_lock_scope\`, \`byan_strict_self_verify\`,
+\`byan_strict_complete\`, \`byan_strict_status\`, \`byan_strict_abort\`) are exposed
+by the \`byan\` MCP server. A commit without a fresh, matching audit token is
+blocked by the pre-commit gate.
+Hard mantras:
+${mantraLines(cfg)}`;
+}
+export function renderCopilotBlock(cfg) {
+  // Copilot has no blocking mechanism; this is injection-only guidance.
+  return `## BYAN Strict Mode
+${cfg.injection.context_banner.trim()}
+Use the \`byan\` MCP strict tools to lock scope, self-verify (>= ${cfg.self_verify.min_passes} passes),
+and complete. The pre-commit gate is the final net: a commit without a fresh,
+matching audit token is rejected.
+Hard mantras:
+${mantraLines(cfg)}`;
+}
+// ---------------------------------------------------------------------------
+// File operations.
+// ---------------------------------------------------------------------------
+function ensureDir(filePath) {
+  fs.mkdirSync(path.dirname(filePath), { recursive: true });
+}
+function writeIfChanged(filePath, content) {
+  const existing = fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf8') : null;
+  if (existing === content) return 'unchanged';
+  ensureDir(filePath);
+  fs.writeFileSync(filePath, content);
+  return existing === null ? 'created' : 'updated';
+}
+// Insert or replace a block delimited by HTML-comment markers. Preserves
+// everything outside the markers. If the file does not exist, creates it with
+// just the block.
+export function upsertBlock({ filePath, block }) {
+  const wrapped = `<!-- ${BEGIN} (${GENERATED_NOTE}) -->\n${block}\n<!-- ${END} -->`;
+  const existing = fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf8') : null;
+  if (existing === null) {
+    ensureDir(filePath);
+    fs.writeFileSync(filePath, wrapped + '\n');
+    return 'created';
+  }
+  const re = new RegExp(
+    `<!-- ${BEGIN}[\\s\\S]*?${END} -->`,
+    'm'
+  );
+  let next;
+  if (re.test(existing)) {
+    next = existing.replace(re, wrapped);
+  } else {
+    next = existing.replace(/\s*$/, '') + '\n\n' + wrapped + '\n';
+  }
+  if (next === existing) return 'unchanged';
+  fs.writeFileSync(filePath, next);
+  return existing.includes(BEGIN) ? 'updated' : 'appended';
+}
+// ---------------------------------------------------------------------------
+// Orchestration.
+// ---------------------------------------------------------------------------
+export function syncRules({ projectRoot, configPath } = {}) {
+  const root = resolveRoot(projectRoot);
+  const cfg = loadConfig({ projectRoot: root, configPath });
+  const report = {};
+  const skillPath = path.join(root, '.claude', 'skills', 'byan-strict', 'SKILL.md');
+  report['.claude/skills/byan-strict/SKILL.md'] = writeIfChanged(skillPath, renderSkill(cfg));
+  const cfgJsonPath = path.join(root, '.claude', 'hooks', 'lib', 'strict-config.json');
+  report['.claude/hooks/lib/strict-config.json'] = writeIfChanged(
+    cfgJsonPath,
+    JSON.stringify(renderStrictConfig(cfg), null, 2) + '\n'
+  );
+  const agentsPath = path.join(root, 'AGENTS.md');
+  report['AGENTS.md'] = upsertBlock({ filePath: agentsPath, block: renderAgentsBlock(cfg) });
+  const copilotPath = path.join(root, '.github', 'copilot-instructions.md');
+  report['.github/copilot-instructions.md'] = upsertBlock({
+    filePath: copilotPath,
+    block: renderCopilotBlock(cfg),
+  });
+  const mantrasPath = path.join(root, 'src', 'byan-v2', 'data', 'strict-mantras.json');
+  if (fs.existsSync(path.dirname(mantrasPath))) {
+    report['src/byan-v2/data/strict-mantras.json'] = writeIfChanged(
+      mantrasPath,
+      JSON.stringify(renderMantrasData(cfg), null, 2) + '\n'
+    );
+  }
+  return report;
+}
+export const MARKERS = { BEGIN, END };

package/install/templates/_byan/mcp/byan-mcp-server/server.js CHANGED Viewed

@@ -46,6 +46,30 @@ import {
   fcParse,
 } from './lib/cli.js';
 import { checkForUpdate, formatApplyInstructions } from './lib/update.js';
+import {
+  lockScope as strictLockScope,
+  selfVerify as strictSelfVerify,
+  complete as strictComplete,
+  getStatus as strictGetStatus,
+  abort as strictAbort,
+  checkAuditTrail as strictCheckAuditTrail,
+} from './lib/strict-mode.js';
+import { detectActivation as strictDetectActivation } from './lib/strict-activation.js';
+import {
+  pushLock as strictPushLock,
+  pushVerify as strictPushVerify,
+  pushComplete as strictPushComplete,
+  pushAbort as strictPushAbort,
+  fetchSession as strictFetchSession,
+  syncEnabled as strictSyncEnabled,
+  resolveProjectId as strictResolveProjectId,
+} from './lib/strict-sync.js';
+// Compact view of a best-effort strict-sync result for tool responses.
+function syncResult(sync) {
+  if (!sync) return { synced: false, reason: 'no_result' };
+  return sync.synced ? { synced: true } : { synced: false, reason: sync.reason || 'unknown' };
+}
 import { fileURLToPath } from 'node:url';
 const __filename = fileURLToPath(import.meta.url);
@@ -412,6 +436,11 @@ const tools = [
       properties: {
         featureName: { type: 'string', description: 'Short slug for the feature.' },
         force: { type: 'boolean', description: 'Overwrite an existing in-progress FD.' },
+        strict: {
+          type: 'boolean',
+          description:
+            'Start the FD under BYAN Strict Mode. Records strict_mode=true and signals that the scope must be locked (byan_strict_lock_scope) before BUILD.',
+        },
       },
       required: ['featureName'],
       additionalProperties: false,
@@ -475,6 +504,98 @@ const tools = [
       additionalProperties: false,
     },
   },
+  {
+    name: 'byan_strict_lock_scope',
+    description:
+      'Lock a scope for a BYAN Strict Mode session. Records explicit acceptance criteria and allowed paths. Subsequent work is gated against this scope hash. Pass force=true to relock with a different scope (resets self-verify passes).',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        scopeText: {
+          type: 'string',
+          description: 'Description of the scope (≥ 10 chars). Required.',
+        },
+        acceptanceCriteria: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Non-empty array of explicit deliverable criteria.',
+        },
+        allowedPaths: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Glob patterns of paths the agent may modify.',
+        },
+        force: { type: 'boolean', description: 'Relock with different scope.' },
+        projectId: {
+          type: 'string',
+          description: 'byan_web project id to attach this session to (authority side). Optional; falls back to BYAN_PROJECT_ID env.',
+        },
+        featureName: {
+          type: 'string',
+          description: 'Short feature name for the session (e.g. the FD feature slug). Optional.',
+        },
+      },
+      required: ['scopeText', 'acceptanceCriteria'],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: 'byan_strict_self_verify',
+    description:
+      'Record one self-verify pass against the locked scope. verdict="ok" (zero gaps) or "gap" (findings required). Strict mode requires ≥ 3 passes with the final pass returning "ok" before byan_strict_complete can succeed.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        verdict: {
+          type: 'string',
+          enum: ['ok', 'gap'],
+          description: '"ok" = no gap found ; "gap" = gap found, findings required.',
+        },
+        findings: {
+          type: 'array',
+          items: { type: 'string' },
+          description: 'Array of gap descriptions. Required when verdict="gap".',
+        },
+      },
+      required: ['verdict'],
+      additionalProperties: false,
+    },
+  },
+  {
+    name: 'byan_strict_complete',
+    description:
+      'Mark the strict session complete. Requires scope locked, ≥ 3 self-verify passes, last pass verdict="ok". Returns audit_token used by the pre-commit hook to authorize the commit.',
+    inputSchema: { type: 'object', properties: {}, additionalProperties: false },
+  },
+  {
+    name: 'byan_strict_status',
+    description:
+      'Return current strict mode state : scope_locked, scope_hash, acceptance_criteria, pass_count, min_passes, completed, audit_token.',
+    inputSchema: { type: 'object', properties: {}, additionalProperties: false },
+  },
+  {
+    name: 'byan_strict_abort',
+    description:
+      'Abort the current strict session. Marks inactive in state.json and appends abort entry to audit.log. State preserved for inspection.',
+    inputSchema: {
+      type: 'object',
+      properties: { reason: { type: 'string' } },
+      additionalProperties: false,
+    },
+  },
+  {
+    name: 'byan_strict_suggest',
+    description:
+      'Check whether a piece of text (user request, feature name) signals a production-grade deliverable that should be built under strict mode. Reads activation keywords from _byan/_config/strict-mode.yaml. Returns { suggested, matched, message }. Use on any platform (Codex/Copilot have no in-session hook) to decide whether to lock strict mode.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        text: { type: 'string', description: 'The request or feature description to scan.' },
+      },
+      required: ['text'],
+      additionalProperties: false,
+    },
+  },
   {
     name: 'byan_review_request',
     description:
@@ -1175,7 +1296,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     }
     if (name === 'byan_fd_start') {
-      const state = fdStart({ featureName: args.featureName, force: args.force });
+      const state = fdStart({ featureName: args.featureName, force: args.force, strict: args.strict });
       return { content: [{ type: 'text', text: JSON.stringify(state, null, 2) }] };
     }
@@ -1199,6 +1320,91 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       return { content: [{ type: 'text', text: JSON.stringify(state, null, 2) }] };
     }
+    if (name === 'byan_strict_lock_scope') {
+      const r = strictLockScope({
+        scopeText: args.scopeText,
+        acceptanceCriteria: args.acceptanceCriteria,
+        allowedPaths: args.allowedPaths,
+        force: args.force,
+      });
+      const st = strictGetStatus();
+      // Attach to a byan_web project: explicit arg, else env, else resolve from
+      // the active FD project_context (best-effort; null degrades to user-scoped).
+      let projectId = args.projectId || process.env.BYAN_PROJECT_ID || null;
+      let featureName = args.featureName || null;
+      if (strictSyncEnabled()) {
+        try {
+          const fd = fdStatus();
+          const pc = fd && fd.project_context;
+          if (pc) {
+            if (!projectId && (pc.slug || pc.name)) {
+              projectId = await strictResolveProjectId({ slug: pc.slug, name: pc.name });
+            }
+            if (!featureName && fd.feature_name) featureName = fd.feature_name;
+          }
+        } catch {
+          // FD context unavailable — stay user-scoped.
+        }
+      }
+      const sync = await strictPushLock({
+        sessionId: st.strict_session_id,
+        scopeLock: r,
+        projectId,
+        featureName,
+      });
+      return { content: [{ type: 'text', text: JSON.stringify({ ...r, project_id: projectId, sync: syncResult(sync) }, null, 2) }] };
+    }
+    if (name === 'byan_strict_self_verify') {
+      const r = strictSelfVerify({
+        verdict: args.verdict,
+        findings: args.findings || [],
+      });
+      const st = strictGetStatus();
+      const lastPass = (st.passes || [])[st.passes.length - 1];
+      const sync = await strictPushVerify({ sessionId: st.strict_session_id, pass: lastPass });
+      return { content: [{ type: 'text', text: JSON.stringify({ ...r, sync: syncResult(sync) }, null, 2) }] };
+    }
+    if (name === 'byan_strict_complete') {
+      const r = strictComplete();
+      const st = strictGetStatus();
+      const sync = await strictPushComplete({
+        sessionId: st.strict_session_id,
+        auditToken: r.audit_token,
+        completedAt: r.completed_at,
+      });
+      return { content: [{ type: 'text', text: JSON.stringify({ ...r, sync: syncResult(sync) }, null, 2) }] };
+    }
+    if (name === 'byan_strict_status') {
+      const local = strictGetStatus();
+      // The API is the authority. When a session exists and the API answers,
+      // surface its record; otherwise fall back to the local mirror (offline).
+      let authority = 'local';
+      let r = local;
+      if (local.strict_session_id && strictSyncEnabled()) {
+        const remote = await strictFetchSession({ sessionId: local.strict_session_id });
+        if (remote.ok && remote.data) {
+          authority = 'api';
+          r = { ...local, api: remote.data };
+        }
+      }
+      return { content: [{ type: 'text', text: JSON.stringify({ ...r, authority }, null, 2) }] };
+    }
+    if (name === 'byan_strict_abort') {
+      const st = strictGetStatus();
+      const r = strictAbort({ reason: args.reason });
+      const sync = await strictPushAbort({ sessionId: st.strict_session_id, reason: args.reason });
+      return { content: [{ type: 'text', text: JSON.stringify({ ...r, sync: syncResult(sync) }, null, 2) }] };
+    }
+    if (name === 'byan_strict_suggest') {
+      const r = strictDetectActivation({ text: args.text });
+      return { content: [{ type: 'text', text: JSON.stringify(r, null, 2) }] };
+    }
     if (name === 'byan_review_request') {
       const r = requestReview({
         task_id: args.task_id,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-byan-agent",
-  "version": "2.16.1",
+  "version": "2.17.1",
   "description": "BYAN v2.8 - Intelligent AI agent creator with ELO trust system + scientific fact-check + Hermes universal dispatcher + native Claude Code integration (hooks, skills, MCP server). Multi-platform (Copilot CLI, Claude Code, Codex). Merise Agile + TDD + 64 Mantras. ~54% LLM cost savings.",
   "main": "src/index.js",
   "bin": {
@@ -18,7 +18,11 @@
     "test:e2e": "jest __tests__/e2e-install-update.test.js",
     "setup-turbo-whisper": "node install/setup-turbo-whisper.js",
     "byan": "echo \"BYAN agent installed. Use: copilot and type /agent\"",
-    "version": "node scripts/sync-install-version.js && git add install/package.json"
+    "version": "node scripts/sync-install-version.js && git add install/package.json",
+    "app:dev": "npm --prefix app run dev",
+    "app:build": "npm --prefix app run build",
+    "app:typecheck": "npm --prefix app run typecheck",
+    "app:install": "npm --prefix app install"
   },
   "keywords": [
     "byan",