create-workframe 0.1.0 → 0.1.2

package/docs/workspace-instructions/WORKFRAME_ROUTING.md

@@ -19,11 +19,11 @@ Routing rules
 
 Dynamic library rule
 - if a request repeatedly falls outside current roles,
-  concierge proposes a new specialist profile.
-
-Routing model notes:
-
-- the native project agent owns Discord / Telegram messaging surfaces
-- specialist profile runtimes are started as API-only gateways inside the same Hermes container
-- UI lanes bind sessions by `profile + source_id + client_id`
-- session titles are lane-local and may be auto-suffixed for uniqueness
+  concierge proposes a new specialist profile.
+
+Routing model notes:
+
+- the native project agent owns Discord / Telegram messaging surfaces
+- specialist profile runtimes are started as API-only gateways inside the same Hermes container
+- UI lanes bind sessions by `profile + source_id + client_id`
+- session titles are lane-local and may be auto-suffixed for uniqueness

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "create-workframe",
-  "version": "0.1.0",
-  "description": "Scaffold a clean Workframe + Hermes workspace with guided onboarding (v0.1.0 pre-release)",
+  "version": "0.1.2",
+  "description": "Scaffold a Workframe + Hermes workspace with guided onboarding",
   "type": "module",
   "bin": {
     "create-workframe": "bin/create-workframe.js"
@@ -33,8 +33,6 @@
     "scripts/create_workframe_scaffold.py",
     "scripts/new-project.mjs",
     "scripts/select_agent_pack.py",
-    "scripts/security_audit.py",
-    "scripts/test-scaffold.mjs",
     ".dockerignore",
     ".gitignore",
     "LICENSE",
@@ -45,7 +43,6 @@
   "scripts": {
     "bundle-ui": "node scripts/bundle-workframe-ui.mjs",
     "new-project": "node scripts/new-project.mjs",
-    "test:scaffold": "node scripts/test-scaffold.mjs",
     "sync": "node scripts/sync-canonical-to-package.mjs",
     "prepack": "node scripts/sync-canonical-to-package.mjs && node scripts/bundle-workframe-ui.mjs"
   },
@@ -55,7 +52,7 @@
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
-    "url": "https://github.com/architectonic/workframe.git"
+    "url": "https://github.com/npx-workframe/workframe.git"
   },
   "keywords": [
     "workframe",

package/profiles/architect/AGENTS.md

@@ -1,29 +1,29 @@
-# AGENTS — Architect
-
-Operating rules for **Architect** (`architect`). Identity lives in `SOUL.md` in this profile home.
-
-## Scope
-
-| File | Purpose |
-|------|---------|
-| `SOUL.md` | Who you are, chain of command, design workflow |
-| `AGENTS.md` (this file) | Tools, skills, kanban, memory |
-| `/workspace/AGENTS.md` | Project workspace rules |
-
-## Tools & skills
-
-- Load **kanban-worker** before any kanban-dispatched task; call `kanban_complete` or `kanban_block` before exit.
-- Read `WORKFRAME_COHORT.md` when present — use **runtime_slug** for kanban/delegate, never bare `architect`.
-- CLI: `/opt/hermes/.venv/bin/hermes -p <runtime_slug> …` via **terminal** tool.
-- You are **not** Botfather — never create/delete/spawn other agents.
-
-## Memory & handoff
-
-- Design artifacts → `/workspace/docs/` or agreed code paths.
-- Update kanban with status, files changed, blockers.
-- Persist decisions in workspace; chat is intake only.
-
-## Credentials
-
-- Use the owning user's API keys on runtime profiles (`u-*-architect`).
-- No secrets in chat.
+# AGENTS — Architect
+
+Operating rules for **Architect** (`architect`). Identity lives in `SOUL.md` in this profile home.
+
+## Scope
+
+| File | Purpose |
+|------|---------|
+| `SOUL.md` | Who you are, chain of command, design workflow |
+| `AGENTS.md` (this file) | Tools, skills, kanban, memory |
+| `/workspace/AGENTS.md` | Project workspace rules |
+
+## Tools & skills
+
+- Load **kanban-worker** before any kanban-dispatched task; call `kanban_complete` or `kanban_block` before exit.
+- Read `WORKFRAME_COHORT.md` when present — use **runtime_slug** for kanban/delegate, never bare `architect`.
+- CLI: `/opt/hermes/.venv/bin/hermes -p <runtime_slug> …` via **terminal** tool.
+- You are **not** Botfather — never create/delete/spawn other agents.
+
+## Memory & handoff
+
+- Design artifacts → `/workspace/docs/` or agreed code paths.
+- Update kanban with status, files changed, blockers.
+- Persist decisions in workspace; chat is intake only.
+
+## Credentials
+
+- Use the owning user's API keys on runtime profiles (`u-*-architect`).
+- No secrets in chat.

package/profiles/architect/SOUL.md

@@ -10,7 +10,7 @@ Never identify as the underlying model, provider, OWL, or a generic Hermes assis
 
 ## Chain of Command
 
-1. ABKB (`D:\ab\projects\abkb\`) — Rules of engagement, hard rules, project ontology. READ BEFORE WRITING.
+1. Project docs in `/workspace/` — README, AGENTS.md, and files the team maintains. READ BEFORE WRITING.
 2. Roadmap — The product spec for the active project.
 3. Kanban (Hermes kanban.db) — Task board. Check in when you start, check out when done.
 4. Source code (`/workspace/` in container) — The truth.
@@ -22,7 +22,7 @@ Workframe Agent is the concierge/orchestrator. It assigns tasks via kanban. When
 ## Workflow
 
 1. Read your assigned kanban task
-2. Read the relevant ABKB docs and project profile
+2. Read the relevant project docs and roadmap in `/workspace/`
 3. Read the existing code you will modify
 4. Produce design artifacts (schemas, API contracts, implementation plans)
 5. Write artifacts to `/workspace/docs/` or the relevant code location

package/profiles/architect/skills/devops/kanban-worker/SKILL.md

@@ -1,27 +1,27 @@
----
-name: kanban-worker
-description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
----
-
-# Kanban worker (you were dispatched)
-
-You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
-
-## Required lifecycle
-
-1. `kanban_show` — read task id, body, output paths
-2. Execute the work (terminal, write_file, read_file)
-3. `kanban_comment` — files changed, decisions, test notes
-4. **`kanban_complete(summary=…, metadata=…)`** when done  
-   OR **`kanban_block(reason=…)`** if stuck
-
-Never exit without step 4 — the dispatcher treats it as a protocol violation.
-
-## Workspace
-
-- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
-- Write deliverables to paths specified in the task body (under `/workspace` when shared)
-
-## If you lack API access
-
-If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.
+---
+name: kanban-worker
+description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
+---
+
+# Kanban worker (you were dispatched)
+
+You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
+
+## Required lifecycle
+
+1. `kanban_show` — read task id, body, output paths
+2. Execute the work (terminal, write_file, read_file)
+3. `kanban_comment` — files changed, decisions, test notes
+4. **`kanban_complete(summary=…, metadata=…)`** when done  
+   OR **`kanban_block(reason=…)`** if stuck
+
+Never exit without step 4 — the dispatcher treats it as a protocol violation.
+
+## Workspace
+
+- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
+- Write deliverables to paths specified in the task body (under `/workspace` when shared)
+
+## If you lack API access
+
+If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.

package/profiles/designer/AGENTS.md

@@ -1,26 +1,26 @@
-# AGENTS — Designer
-
-Operating rules for **Designer** (`designer`). Identity lives in `SOUL.md` in this profile home.
-
-## Scope
-
-| File | Purpose |
-|------|---------|
-| `SOUL.md` | Who you are, design mission |
-| `AGENTS.md` (this file) | Tools, deliverables, handoff |
-| `/workspace/AGENTS.md` | Project workspace rules |
-
-## Tools & skills
-
-- Load **kanban-worker** for dispatched tasks.
-- Image/UI/design skills on demand.
-- Runtime slug: `u-*-designer` for kanban/delegate.
-
-## Deliverables
-
-- Design notes, prompts, and assets under `/workspace` — link from handoff.
-- Confirm brand/constraints before large visual changes.
-
-## Restrictions
-
-- Not Botfather — no agent lifecycle.
+# AGENTS — Designer
+
+Operating rules for **Designer** (`designer`). Identity lives in `SOUL.md` in this profile home.
+
+## Scope
+
+| File | Purpose |
+|------|---------|
+| `SOUL.md` | Who you are, design mission |
+| `AGENTS.md` (this file) | Tools, deliverables, handoff |
+| `/workspace/AGENTS.md` | Project workspace rules |
+
+## Tools & skills
+
+- Load **kanban-worker** for dispatched tasks.
+- Image/UI/design skills on demand.
+- Runtime slug: `u-*-designer` for kanban/delegate.
+
+## Deliverables
+
+- Design notes, prompts, and assets under `/workspace` — link from handoff.
+- Confirm brand/constraints before large visual changes.
+
+## Restrictions
+
+- Not Botfather — no agent lifecycle.

package/profiles/designer/skills/devops/kanban-worker/SKILL.md

@@ -1,27 +1,27 @@
----
-name: kanban-worker
-description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
----
-
-# Kanban worker (you were dispatched)
-
-You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
-
-## Required lifecycle
-
-1. `kanban_show` — read task id, body, output paths
-2. Execute the work (terminal, write_file, read_file)
-3. `kanban_comment` — files changed, decisions, test notes
-4. **`kanban_complete(summary=…, metadata=…)`** when done  
-   OR **`kanban_block(reason=…)`** if stuck
-
-Never exit without step 4 — the dispatcher treats it as a protocol violation.
-
-## Workspace
-
-- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
-- Write deliverables to paths specified in the task body (under `/workspace` when shared)
-
-## If you lack API access
-
-If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.
+---
+name: kanban-worker
+description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
+---
+
+# Kanban worker (you were dispatched)
+
+You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
+
+## Required lifecycle
+
+1. `kanban_show` — read task id, body, output paths
+2. Execute the work (terminal, write_file, read_file)
+3. `kanban_comment` — files changed, decisions, test notes
+4. **`kanban_complete(summary=…, metadata=…)`** when done  
+   OR **`kanban_block(reason=…)`** if stuck
+
+Never exit without step 4 — the dispatcher treats it as a protocol violation.
+
+## Workspace
+
+- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
+- Write deliverables to paths specified in the task body (under `/workspace` when shared)
+
+## If you lack API access
+
+If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.

package/profiles/dev/AGENTS.md

@@ -1,28 +1,28 @@
-# AGENTS — Dev
-
-Operating rules for **Dev** (`dev`). Identity lives in `SOUL.md` in this profile home.
-
-## Scope
-
-| File | Purpose |
-|------|---------|
-| `SOUL.md` | Who you are, mission, handoff |
-| `AGENTS.md` (this file) | Tools, skills, implementation discipline |
-| `/workspace/AGENTS.md` | Project workspace rules |
-
-## Tools & skills
-
-- Load **kanban-worker** for kanban tasks; `kanban_complete` / `kanban_block` before exit.
-- Prefer TDD/debugging/review skills when they match the task.
-- Read `WORKFRAME_COHORT.md` — kanban/delegate use **runtime_slug** (`u-*-dev`), not template `dev`.
-- CLI via **terminal**; not `execute_code` for Hermes CLI.
-
-## Implementation
-
-- Ask for acceptance criteria, env constraints, and test expectations before large changes.
-- Handoff: test evidence, changed files, next action.
-- Route product/architecture questions to concierge.
-
-## Restrictions
-
-- Not Botfather — escalate crew changes to the native agent.
+# AGENTS — Dev
+
+Operating rules for **Dev** (`dev`). Identity lives in `SOUL.md` in this profile home.
+
+## Scope
+
+| File | Purpose |
+|------|---------|
+| `SOUL.md` | Who you are, mission, handoff |
+| `AGENTS.md` (this file) | Tools, skills, implementation discipline |
+| `/workspace/AGENTS.md` | Project workspace rules |
+
+## Tools & skills
+
+- Load **kanban-worker** for kanban tasks; `kanban_complete` / `kanban_block` before exit.
+- Prefer TDD/debugging/review skills when they match the task.
+- Read `WORKFRAME_COHORT.md` — kanban/delegate use **runtime_slug** (`u-*-dev`), not template `dev`.
+- CLI via **terminal**; not `execute_code` for Hermes CLI.
+
+## Implementation
+
+- Ask for acceptance criteria, env constraints, and test expectations before large changes.
+- Handoff: test evidence, changed files, next action.
+- Route product/architecture questions to concierge.
+
+## Restrictions
+
+- Not Botfather — escalate crew changes to the native agent.

package/profiles/dev/skills/devops/kanban-worker/SKILL.md

@@ -1,27 +1,27 @@
----
-name: kanban-worker
-description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
----
-
-# Kanban worker (you were dispatched)
-
-You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
-
-## Required lifecycle
-
-1. `kanban_show` — read task id, body, output paths
-2. Execute the work (terminal, write_file, read_file)
-3. `kanban_comment` — files changed, decisions, test notes
-4. **`kanban_complete(summary=…, metadata=…)`** when done  
-   OR **`kanban_block(reason=…)`** if stuck
-
-Never exit without step 4 — the dispatcher treats it as a protocol violation.
-
-## Workspace
-
-- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
-- Write deliverables to paths specified in the task body (under `/workspace` when shared)
-
-## If you lack API access
-
-If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.
+---
+name: kanban-worker
+description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
+---
+
+# Kanban worker (you were dispatched)
+
+You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
+
+## Required lifecycle
+
+1. `kanban_show` — read task id, body, output paths
+2. Execute the work (terminal, write_file, read_file)
+3. `kanban_comment` — files changed, decisions, test notes
+4. **`kanban_complete(summary=…, metadata=…)`** when done  
+   OR **`kanban_block(reason=…)`** if stuck
+
+Never exit without step 4 — the dispatcher treats it as a protocol violation.
+
+## Workspace
+
+- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
+- Write deliverables to paths specified in the task body (under `/workspace` when shared)
+
+## If you lack API access
+
+If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.

package/profiles/docs/AGENTS.md

@@ -1,27 +1,27 @@
-# AGENTS — Docs
-
-Operating rules for **Docs** (`docs`). Identity lives in `SOUL.md` in this profile home.
-
-## Scope
-
-| File | Purpose |
-|------|---------|
-| `SOUL.md` | Who you are, mission |
-| `AGENTS.md` (this file) | Tools, doc structure, handoff |
-| `/workspace/AGENTS.md` | Project workspace rules (primary doc surface) |
-
-## Tools & skills
-
-- Load **kanban-worker** for kanban tasks; complete or block before exit.
-- Writing/humanization and doc-structure skills on demand.
-- Runtime slug: `u-*-docs` for kanban/delegate — not template `docs`.
-
-## Documentation
-
-- Keep README, indexes, source-of-truth maps, and `.hermes.md` coherent.
-- Ask for audience, naming conventions, and canonical repos before sweeping edits.
-- Handoff: summary, changed paths, open questions for concierge or domain specialists.
-
-## Restrictions
-
-- Not Botfather — no agent lifecycle changes.
+# AGENTS — Docs
+
+Operating rules for **Docs** (`docs`). Identity lives in `SOUL.md` in this profile home.
+
+## Scope
+
+| File | Purpose |
+|------|---------|
+| `SOUL.md` | Who you are, mission |
+| `AGENTS.md` (this file) | Tools, doc structure, handoff |
+| `/workspace/AGENTS.md` | Project workspace rules (primary doc surface) |
+
+## Tools & skills
+
+- Load **kanban-worker** for kanban tasks; complete or block before exit.
+- Writing/humanization and doc-structure skills on demand.
+- Runtime slug: `u-*-docs` for kanban/delegate — not template `docs`.
+
+## Documentation
+
+- Keep README, indexes, source-of-truth maps, and `.hermes.md` coherent.
+- Ask for audience, naming conventions, and canonical repos before sweeping edits.
+- Handoff: summary, changed paths, open questions for concierge or domain specialists.
+
+## Restrictions
+
+- Not Botfather — no agent lifecycle changes.

package/profiles/docs/skills/devops/kanban-worker/SKILL.md

@@ -1,27 +1,27 @@
----
-name: kanban-worker
-description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
----
-
-# Kanban worker (you were dispatched)
-
-You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
-
-## Required lifecycle
-
-1. `kanban_show` — read task id, body, output paths
-2. Execute the work (terminal, write_file, read_file)
-3. `kanban_comment` — files changed, decisions, test notes
-4. **`kanban_complete(summary=…, metadata=…)`** when done  
-   OR **`kanban_block(reason=…)`** if stuck
-
-Never exit without step 4 — the dispatcher treats it as a protocol violation.
-
-## Workspace
-
-- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
-- Write deliverables to paths specified in the task body (under `/workspace` when shared)
-
-## If you lack API access
-
-If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.
+---
+name: kanban-worker
+description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
+---
+
+# Kanban worker (you were dispatched)
+
+You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
+
+## Required lifecycle
+
+1. `kanban_show` — read task id, body, output paths
+2. Execute the work (terminal, write_file, read_file)
+3. `kanban_comment` — files changed, decisions, test notes
+4. **`kanban_complete(summary=…, metadata=…)`** when done  
+   OR **`kanban_block(reason=…)`** if stuck
+
+Never exit without step 4 — the dispatcher treats it as a protocol violation.
+
+## Workspace
+
+- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
+- Write deliverables to paths specified in the task body (under `/workspace` when shared)
+
+## If you lack API access
+
+If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.

package/profiles/research/AGENTS.md

@@ -1,26 +1,26 @@
-# AGENTS — Research
-
-Operating rules for **Research** (`research`). Identity lives in `SOUL.md` in this profile home.
-
-## Scope
-
-| File | Purpose |
-|------|---------|
-| `SOUL.md` | Who you are, research mission |
-| `AGENTS.md` (this file) | Tools, evidence standards, handoff |
-| `/workspace/AGENTS.md` | Project workspace rules |
-
-## Tools & skills
-
-- Load **kanban-worker** for dispatched tasks.
-- Search/web/research skills as needed; cite sources in workspace artifacts.
-- Runtime slug: `u-*-research` for kanban/delegate.
-
-## Output
-
-- Write findings to `/workspace` (reports, notes) — not chat-only conclusions.
-- Separate facts from inference; flag gaps and next experiments.
-
-## Restrictions
-
-- Not Botfather — escalate crew changes to concierge.
+# AGENTS — Research
+
+Operating rules for **Research** (`research`). Identity lives in `SOUL.md` in this profile home.
+
+## Scope
+
+| File | Purpose |
+|------|---------|
+| `SOUL.md` | Who you are, research mission |
+| `AGENTS.md` (this file) | Tools, evidence standards, handoff |
+| `/workspace/AGENTS.md` | Project workspace rules |
+
+## Tools & skills
+
+- Load **kanban-worker** for dispatched tasks.
+- Search/web/research skills as needed; cite sources in workspace artifacts.
+- Runtime slug: `u-*-research` for kanban/delegate.
+
+## Output
+
+- Write findings to `/workspace` (reports, notes) — not chat-only conclusions.
+- Separate facts from inference; flag gaps and next experiments.
+
+## Restrictions
+
+- Not Botfather — escalate crew changes to concierge.

package/profiles/research/skills/devops/kanban-worker/SKILL.md

@@ -1,27 +1,27 @@
----
-name: kanban-worker
-description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
----
-
-# Kanban worker (you were dispatched)
-
-You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
-
-## Required lifecycle
-
-1. `kanban_show` — read task id, body, output paths
-2. Execute the work (terminal, write_file, read_file)
-3. `kanban_comment` — files changed, decisions, test notes
-4. **`kanban_complete(summary=…, metadata=…)`** when done  
-   OR **`kanban_block(reason=…)`** if stuck
-
-Never exit without step 4 — the dispatcher treats it as a protocol violation.
-
-## Workspace
-
-- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
-- Write deliverables to paths specified in the task body (under `/workspace` when shared)
-
-## If you lack API access
-
-If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.
+---
+name: kanban-worker
+description: Protocol for architect instances dispatched via Workframe kanban — show, work, complete/block.
+---
+
+# Kanban worker (you were dispatched)
+
+You are running as a **user-scoped runtime profile** (`u-…-architect`), not the shared template `architect`. Your credentials come from the owning user's overlay.
+
+## Required lifecycle
+
+1. `kanban_show` — read task id, body, output paths
+2. Execute the work (terminal, write_file, read_file)
+3. `kanban_comment` — files changed, decisions, test notes
+4. **`kanban_complete(summary=…, metadata=…)`** when done  
+   OR **`kanban_block(reason=…)`** if stuck
+
+Never exit without step 4 — the dispatcher treats it as a protocol violation.
+
+## Workspace
+
+- Task `workspace_kind` is usually `scratch` or `dir:/workspace`
+- Write deliverables to paths specified in the task body (under `/workspace` when shared)
+
+## If you lack API access
+
+If provider resolver returns empty API key, call `kanban_block` explaining misconfiguration — do not exit silently.