fraim 2.0.109 → 2.0.116

package/README.md

@@ -1,5 +1,5 @@
-# 🚀 FRAIM: Framework for Rigor-based AI Management
-**"FRAIM is a step towards the future of how we work."** - Transforming ideas into production code by converting you into an AI manager orchestrating multiple agents with enterprise-grade discipline.
+# 🚀 FRAIM — AI Workforce Infrastructure
+**"Brilliant AI isn't how industries get built. Organizations are."** — FRAIM transforms every layer of the AI-powered company at once: **AI agents** become an accountable, improving workforce; **their operators** become capable AI managers who hold the line on quality, delegation, and evidence; and **executives** gain clear optics on AI proficiency across the entire organization.
 
 
 🚀 **The Problem with AI Coding Today**
@@ -36,7 +36,7 @@ R - Retrospectives: Continuous learning from experience
 
 🤖 **Works with any AI agent** (Cursor, Claude, Windsurf) - no vendor lock-in.
 
-**The bottom line:** FRAIM isn't just about using AI—it's about managing AI teams with the same discipline you'd apply to human developers.
+**The bottom line:** FRAIM isn't just about using AI — it transforms every layer of your AI-powered company: agents become an accountable workforce, operators become capable AI managers, and executives gain clear optics on AI proficiency across the whole org.
 
 
 
@@ -448,9 +448,9 @@ gh issue edit 123 --remove-label "phase:impl" --add-label "phase:tests"
 
 ## 🎯 **The Bottom Line**
 
-**FRAIM isn't just about using AI—it's about managing AI teams with the same discipline you'd apply to human teams.**
+**FRAIM isn't just about using AI — it transforms every layer of your AI-powered company: agents become an accountable workforce, operators become capable AI managers, and executives gain clear optics on AI proficiency across the whole org.**
 
-Stop fighting with AI agents. Start orchestrating them.
+Stop fighting with AI agents. Start building your AI organization.
 
 **This is the future of how we work.**
 

package/dist/src/cli/commands/setup.js

@@ -637,10 +637,10 @@ const runSetup = async (options) => {
     console.log(chalk_1.default.green('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
     console.log(chalk_1.default.green('  FRAIM is ready!'));
     console.log(chalk_1.default.green('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'));
-    console.log(chalk_1.default.white('\n  FRAIM is an AI management layer that turns you into'));
-    console.log(chalk_1.default.white('  a manager of AI agents. Run multiple agents through'));
-    console.log(chalk_1.default.white('  structured jobs, get manager-style coaching, and build'));
-    console.log(chalk_1.default.white('  a learning loop where agents improve over time.'));
+    console.log(chalk_1.default.white('\n  FRAIM is AI Workforce Infrastructure. It transforms every'));
+    console.log(chalk_1.default.white('  layer of your AI-powered work at once: AI agents become an'));
+    console.log(chalk_1.default.white('  accountable workforce, you become a capable AI manager, and'));
+    console.log(chalk_1.default.white('  your leadership gains clear optics on AI proficiency.'));
     console.log(chalk_1.default.gray('\n  60+ jobs across engineering, marketing, fundraising,'));
     console.log(chalk_1.default.gray('  legal, product, hiring, customer development, and more.'));
     // Show which IDEs were configured and how to use FRAIM in each

package/dist/src/core/quality-evidence.js

@@ -20,23 +20,70 @@
  * seekMentoring handler (e.g., when the local AIMentor errors).
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.REQUIRED_QUALITY_FIELDS = exports.QUALITY_PRODUCING_JOBS = void 0;
+exports.REQUIRED_QUALITY_FIELDS = exports.ALL_STAGE_CATEGORIES = exports.STAGE_DISPLAY_NAMES = exports.STAGE_CATEGORY_MAP = exports.QUALITY_PRODUCING_JOBS = exports.QUALITY_REGISTRY = void 0;
+exports.getRequiredFieldsForJob = getRequiredFieldsForJob;
 exports.validateQualityEvidence = validateQualityEvidence;
 exports.buildQualityRejectionMessage = buildQualityRejectionMessage;
 /**
- * Jobs that produce a quality assessment and MUST emit a quality score
- * via `evidence.quality` on their final seekMentoring completion.
+ * Central registry of FRAIM jobs that interact with the quality telemetry system.
+ * This is the SINGLE SOURCE OF TRUTH for:
+ *   1. Stage mapping (where it appears on the dashboard).
+ *   2. Enforcement (whether it MUST emit a quality score to complete).
  */
-exports.QUALITY_PRODUCING_JOBS = [
-    'process-interview-notes',
-    'triage-customer-needs'
+exports.QUALITY_REGISTRY = {
+    // Customer Development
+    'process-interview-notes': { stage: 'customer-development', enforced: true },
+    'triage-customer-needs': { stage: 'customer-development', enforced: true },
+    'interview-preparation': { stage: 'customer-discovery', enforced: false },
+    // Business Strategy
+    'review-business-strategy': { stage: 'business-strategy', enforced: true },
+    'business-plan-creation': { stage: 'business-strategy', enforced: false },
+    // Product Quality
+    'code-quality-assessment': { stage: 'product-quality', enforced: true },
+    // Test Quality
+    'test-quality-assessment': { stage: 'test-quality', enforced: true },
+    // Fundraising
+    'investor-pitch-preparation': { stage: 'fundraising', enforced: false },
+    // Go-to-Market
+    'marketing-strategy-definition': { stage: 'go-to-market', enforced: false },
+};
+/**
+ * @deprecated Use QUALITY_REGISTRY for new code.
+ * Derived enforcement list for backward compatibility.
+ */
+exports.QUALITY_PRODUCING_JOBS = Object.keys(exports.QUALITY_REGISTRY).filter((job) => exports.QUALITY_REGISTRY[job].enforced);
+/**
+ * @deprecated Use QUALITY_REGISTRY for new code.
+ * Derived stage mappings for backward compatibility.
+ */
+exports.STAGE_CATEGORY_MAP = Object.keys(exports.QUALITY_REGISTRY).reduce((acc, job) => ({ ...acc, [job]: exports.QUALITY_REGISTRY[job].stage }), {});
+/**
+ * Human-readable stage names for dashboard display.
+ */
+exports.STAGE_DISPLAY_NAMES = {
+    'customer-development': 'Customer Development',
+    'business-strategy': 'Business Strategy',
+    'product-quality': 'Product Quality',
+    'test-quality': 'Test Quality',
+    'fundraising': 'Fundraising',
+    'go-to-market': 'Go-to-Market',
+};
+/**
+ * All known stage categories, in display order for the tile grid.
+ */
+exports.ALL_STAGE_CATEGORIES = [
+    'customer-development',
+    'business-strategy',
+    'product-quality',
+    'test-quality',
+    'fundraising',
+    'go-to-market',
 ];
 /**
- * Required numeric fields inside `evidence.quality` for QUALITY_PRODUCING_JOBS.
- * The schema is intentionally lenient beyond these — extra fields are
- * allowed so per-job assessment can evolve — but these five gate completion.
+ * Required fields for customer-development jobs (legacy V1 schema).
+ * These jobs require participant and evidence sub-dimensions.
  */
-exports.REQUIRED_QUALITY_FIELDS = [
+const CUSTOMER_DEV_REQUIRED_FIELDS = [
     { path: 'composite', type: 'number' },
     { path: 'participant.fit', type: 'number' },
     { path: 'participant.urgency', type: 'number' },
@@ -44,15 +91,38 @@ exports.REQUIRED_QUALITY_FIELDS = [
     { path: 'evidence.quoteSpecificityAvg', type: 'number' }
 ];
 /**
- * Validate an `evidence.quality` object against REQUIRED_QUALITY_FIELDS.
- * Returns null if valid, or an array of human-readable error strings.
+ * Required fields for all other quality-producing jobs.
+ * Only composite and coaching are universally required — sub-dimensions
+ * vary by stage and are validated holistically, not mechanically.
+ */
+const UNIVERSAL_REQUIRED_FIELDS = [
+    { path: 'composite', type: 'number' },
+];
+/**
+ * Returns the required quality fields for a given job.
+ * Customer-development jobs retain the strict V1 schema.
+ * All other jobs require only a composite score (principle-based, not prescriptive).
+ */
+function getRequiredFieldsForJob(jobName) {
+    const entry = exports.QUALITY_REGISTRY[jobName];
+    if (entry?.stage === 'customer-development') {
+        return CUSTOMER_DEV_REQUIRED_FIELDS;
+    }
+    return UNIVERSAL_REQUIRED_FIELDS;
+}
+/**
+ * @deprecated Use getRequiredFieldsForJob() for stage-aware validation.
+ * Kept for backward compatibility with existing imports.
+ */
+exports.REQUIRED_QUALITY_FIELDS = CUSTOMER_DEV_REQUIRED_FIELDS;
+/**
+ * Validate an `evidence.quality` object against the required fields for
+ * a given job. If no jobName is provided, falls back to the universal
+ * schema (composite only).
  *
- * Design note: when `quality` is entirely missing we still walk every
- * required field and emit a per-field error, so the agent sees the
- * complete schema in one round rather than being told only that
- * `quality` itself is missing.
+ * Returns null if valid, or an array of human-readable error strings.
  */
-function validateQualityEvidence(quality) {
+function validateQualityEvidence(quality, jobName) {
     const errors = [];
     const isMissing = quality === undefined || quality === null;
     if (isMissing) {
@@ -64,7 +134,8 @@ function validateQualityEvidence(quality) {
     const effective = isMissing || typeof quality !== 'object' || Array.isArray(quality)
         ? undefined
         : quality;
-    for (const { path, type } of exports.REQUIRED_QUALITY_FIELDS) {
+    const requiredFields = jobName ? getRequiredFieldsForJob(jobName) : UNIVERSAL_REQUIRED_FIELDS;
+    for (const { path, type } of requiredFields) {
         const parts = path.split('.');
         let cursor = effective;
         for (const part of parts) {
@@ -81,6 +152,10 @@ function validateQualityEvidence(quality) {
             errors.push(`evidence.quality.${path} must be a ${type} (got ${got})`);
         }
     }
+    // Strict schema enforcement: No nested wrappers (Issue 255)
+    if (effective && effective.dimensions) {
+        errors.push('evidence.quality.dimensions is forbidden. Use a flat schema where all scores are direct properties of the quality object.');
+    }
     return errors.length > 0 ? errors : null;
 }
 /**
@@ -91,31 +166,56 @@ function validateQualityEvidence(quality) {
  */
 function buildQualityRejectionMessage(jobName, currentPhase, errors) {
     const errorBullets = errors.map(e => `- ${e}`).join('\n');
+    const entry = exports.QUALITY_REGISTRY[jobName];
+    const isCustomerDev = entry?.stage === 'customer-development';
+    const schemaExample = isCustomerDev
+        ? [
+            '```javascript',
+            'evidence: {',
+            '  quality: {',
+            '    composite: <number 0-10>,',
+            '    participant: { fit: <number 1-10>, urgency: <number 1-10>, authority: <number 1-10> },',
+            '    evidence: {',
+            '      quoteSpecificityAvg: <number 1-10>',
+            '      // other fields are allowed and encouraged but not required',
+            '    },',
+            '    coaching: "<actionable recommendation>",',
+            '    interviewee: "<name>",',
+            '    company: "<company>"',
+            '  }',
+            '}',
+            '```'
+        ]
+        : [
+            '```javascript',
+            'evidence: {',
+            '  quality: {',
+            '    composite: <number 0-10>,',
+            '    coaching: "<actionable recommendation>",',
+            '    marketEvidence: { score: <number>, rationale: "<string>" }, // flat, NO "dimensions" wrapper',
+            '    unitEconomics: { score: <number>, rationale: "<string>" },',
+            '    // add other sub-scores as direct properties',
+            '  }',
+            '}',
+            '```'
+        ];
+    const importantNote = [
+        '',
+        '> [!IMPORTANT]',
+        '> **Enforcement Notice**: Quality scores MUST follow a flat schema. Do NOT nest sub-dimension scores under a `dimensions` property. All sub-dimension objects must be direct properties of the `quality` object.',
+        ''
+    ];
     return [
         `❌ **Job completion rejected** for \`${jobName}\`.`,
         '',
-        `This job is required to emit a quality score on its final \`seekMentoring\` call so the result is captured in \`fraim_quality_scores\` for the manager dashboard. The following problems were found in \`evidence.quality\`:`,
+        `This job is required to emit a quality score on its final \`seekMentoring\` call so the result is captured in \`fraim_quality_scores\` for the quality dashboard. The following problems were found in \`evidence.quality\`:`,
         '',
         errorBullets,
+        ...importantNote,
+        `Required minimum schema for \`${entry?.stage ?? 'unknown'}\` stage:`,
         '',
-        'Required minimum schema:',
-        '',
-        '```javascript',
-        'evidence: {',
-        '  quality: {',
-        '    composite: <number 0-10>,',
-        '    participant: { fit: <number 1-10>, urgency: <number 1-10>, authority: <number 1-10> },',
-        '    evidence: {',
-        '      quoteSpecificityAvg: <number 1-10>',
-        '      // other fields are allowed and encouraged but not required',
-        '    },',
-        '    interviewee: "<name>",',
-        '    company: "<company>",',
-        '    artifactPath: "docs/customer-development/<slug>-interview.md"',
-        '  }',
-        '}',
-        '```',
+        ...schemaExample,
         '',
-        `You are still in phase \`${currentPhase}\`. The job is **not** marked complete. Build the \`evidence.quality\` object from your Phase 4 (\`conversation-quality-assessment\`) work and resubmit this final phase.`
+        `You are still in phase \`${currentPhase}\`. The job is **not** marked complete. Build the \`evidence.quality\` object from your quality assessment work and resubmit this final phase.`
     ].join('\n');
 }

package/dist/src/core/utils/git-utils.js

@@ -5,6 +5,7 @@ exports.determineDatabaseName = determineDatabaseName;
 exports.getCurrentGitBranch = getCurrentGitBranch;
 exports.determineSchema = determineSchema;
 exports.getDefaultBranch = getDefaultBranch;
+exports.sanitizeRepoIdentifier = sanitizeRepoIdentifier;
 const child_process_1 = require("child_process");
 /**
  * Gets a unique port based on the current git branch name (if it's an issue branch)
@@ -93,3 +94,55 @@ function getDefaultBranch() {
     // Default fallback
     return 'main';
 }
+/**
+ * Sanitizes a repository identifier by stripping local paths and normalizing to standard HTTPS URLs.
+ * Mandatory per Compliance requirement (C1) to ensure data privacy.
+ *
+ * @param repoUrl The raw repository URL or path to sanitize
+ * @returns Normalized HTTPS URL string, or undefined if the input is a local path or invalid
+ */
+function sanitizeRepoIdentifier(repoUrl) {
+    if (!repoUrl || typeof repoUrl !== 'string') {
+        return undefined;
+    }
+    const trimmed = repoUrl.trim();
+    // Reject local paths (Windows and POSIX)
+    if (trimmed.startsWith('/') ||
+        trimmed.startsWith('\\') ||
+        /^[a-zA-Z]:\\/.test(trimmed) ||
+        trimmed.startsWith('./') ||
+        trimmed.startsWith('../')) {
+        return undefined;
+    }
+    // Normalize GitHub/GitLab SSH and HTTPS URLs
+    // Patterns:
+    // git@github.com:owner/repo.git
+    // https://github.com/owner/repo.git
+    // git@gitlab.com:owner/repo.git
+    // https://gitlab.com/owner/repo.git
+    const gitPattern = /^(?:git@|https:\/\/)(github\.com|gitlab\.com)[:/]([^/]+\/[^/.]+?)(?:\.git)?$/i;
+    const match = trimmed.match(gitPattern);
+    if (match) {
+        const [, domain, path] = match;
+        return `https://${domain.toLowerCase()}/${path}`;
+    }
+    // If it looks like a generic URL but not from approved providers, reject for privacy
+    try {
+        const url = new URL(trimmed);
+        if (url.hostname.includes('github.com') || url.hostname.includes('gitlab.com')) {
+            let path = url.pathname;
+            if (path.startsWith('/'))
+                path = path.substring(1);
+            if (path.endsWith('.git'))
+                path = path.substring(0, path.length - 4);
+            // Only return if it matches owner/repo structure
+            if (path.split('/').length >= 2) {
+                return `https://${url.hostname.toLowerCase()}/${path}`;
+            }
+        }
+    }
+    catch (e) {
+        // Not a valid URL
+    }
+    return undefined;
+}

package/dist/src/local-mcp-server/stdio-server.js

@@ -683,6 +683,7 @@ class FraimLocalMCPServer {
                 repoInfo.owner = owner;
             }
             this.repoInfo = repoInfo;
+            this.usageCollector.setRepoIdentifier(repoInfo.url || null);
             const repoLabel = this.repoInfo.owner
                 ? `${this.repoInfo.owner}/${this.repoInfo.name}`
                 : this.repoInfo.projectPath || this.repoInfo.name;
@@ -1681,7 +1682,7 @@ class FraimLocalMCPServer {
                     const isFinalCompletion = args.status === 'complete' &&
                         (tutoringResponse.nextPhase === null || tutoringResponse.nextPhase === undefined);
                     if (isQualityJob && isFinalCompletion) {
-                        const qualityErrors = (0, quality_evidence_1.validateQualityEvidence)(args.evidence?.quality);
+                        const qualityErrors = (0, quality_evidence_1.validateQualityEvidence)(args.evidence?.quality, args.jobName);
                         if (qualityErrors) {
                             this.log(`❌ Quality enforcement rejected ${args.jobName} completion: ${qualityErrors.join('; ')}`);
                             const rejection = (0, quality_evidence_1.buildQualityRejectionMessage)(args.jobName, args.currentPhase, qualityErrors);
@@ -1968,6 +1969,9 @@ class FraimLocalMCPServer {
         if (toolName && requestSessionId) {
             const success = !response.error;
             this.log(`📊 Collecting usage: ${toolName} (session: ${requestSessionId}, success: ${success})`);
+            if (!this.repoInfo) {
+                this.detectRepoInfo();
+            }
             // Capture the current queue size before collection
             const beforeCount = this.usageCollector.getEventCount();
             try {

package/dist/src/local-mcp-server/usage-collector.js

@@ -13,6 +13,7 @@ class UsageCollector {
     constructor() {
         this.events = [];
         this.userId = null;
+        this.repoIdentifier = null;
     }
     static resolveMentoringJobName(args) {
         if (!args || typeof args !== 'object') {
@@ -36,6 +37,9 @@ class UsageCollector {
     setUserId(userId) {
         this.userId = userId;
     }
+    setRepoIdentifier(repoIdentifier) {
+        this.repoIdentifier = repoIdentifier;
+    }
     /**
      * Collect MCP tool call event
      */
@@ -62,6 +66,7 @@ class UsageCollector {
             sessionId,
             success,
             category: parsed.category,
+            repoIdentifier: this.repoIdentifier || undefined,
             args: Object.keys(analyticsArgs).length > 0 ? analyticsArgs : undefined
         };
         this.events.push(event);
@@ -81,6 +86,7 @@ class UsageCollector {
             userId: this.userId || 'unknown',
             sessionId,
             success,
+            repoIdentifier: this.repoIdentifier || undefined,
             args
         };
         this.events.push(event);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fraim",
-  "version": "2.0.109",
+  "version": "2.0.116",
   "description": "FRAIM CLI - Framework for Rigor-based AI Management (alias for fraim-framework)",
   "main": "index.js",
   "bin": {
@@ -17,6 +17,7 @@
     "test": "node scripts/test-with-server.js",
     "test:isolated": "npx tsx --test --test-reporter=spec tests/isolated/test-*.ts",
     "test:smoke": "node scripts/test-with-server.js --tags=smoke",
+    "test:coverage": "node scripts/test-with-server.js --tags=smoke --coverage",
     "test:stripe": "node scripts/test-with-server.js tests/test-stripe-payment-complete.ts",
     "test:stripe:ui": "playwright test tests/ui/test-payment-ui.spec.ts",
     "test:perf": "node scripts/test-with-server.js tests/performance/analytics-perf.ts",