gm-plugkit 2.0.1550 → 2.0.1552
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SKILL.md +32 -42
- package/instructions/browser.md +14 -21
- package/instructions/emit.md +8 -12
- package/instructions/entry.md +37 -41
- package/instructions/execute.md +20 -34
- package/instructions/plan.md +11 -19
- package/instructions/update_docs.md +11 -17
- package/instructions/verify.md +21 -31
- package/package.json +1 -1
- package/plugkit.version +1 -1
package/SKILL.md
CHANGED
|
@@ -6,84 +6,74 @@ allowed-tools: Skill, Read, Write, Bash(bun *), Bash(npx *)
|
|
|
6
6
|
|
|
7
7
|
# gm
|
|
8
8
|
|
|
9
|
-
**A turn
|
|
9
|
+
**A turn ending without a tool call is a stop; stopping mid-chain is the cardinal failure.** Agents read only tool calls and their outputs, so a prose-only turn ends the session. While the chain is in-flight (phase != COMPLETE OR prd_pending_count > 0) every turn ends in a tool call that advances it (`instruction`, the next verb the prose named, or `transition`). No summaries, no "here's what I did", no narrating closure. A turn-final sentence naming the next move instead of making it is the same stop -- take the move. Surface a decision via `AskUserQuestion` or `prd-add`, never prose. Tempted to stop: dispatch `phase-status`; if non-terminal, dispatch `instruction` and keep walking. Only `phase=COMPLETE` AND `prd_pending_count=0` authorizes a prose-only turn.
|
|
10
10
|
|
|
11
|
-
**Done is what plugkit says is done, never your claim.** The COMPLETE gate is the single arbiter
|
|
11
|
+
**Done is what plugkit says is done, never your claim.** The COMPLETE gate is the single arbiter; if not at COMPLETE there is a next transition to seek, and idle mid-chain is a deviation.
|
|
12
12
|
|
|
13
|
-
**Standing approval -- finish everything, every session, at maximum granularity.** Every
|
|
13
|
+
**Standing approval -- finish everything, every session, at maximum granularity.** Every session is pre-approved to continue until ALL requested work is done: the plan, every addition along the way, every newly-discovered or unfinished item. Do not stop to ask whether to continue, do not defer reachable work, do not narrow to a convenient slice. Plan at maximum granularity (one PRD row per real unit; `every possible` on every noun) and walk the whole closure. `blockedBy: external` is for authority you genuinely cannot reach (another team's repo, a hardware credential, a not-in-session product decision) -- never for work that is merely large, tedious, multi-component, or contended by a concurrent writer (rebase and land alongside them).
|
|
14
14
|
|
|
15
|
-
**Every possible action begins and ends with `instruction`.**
|
|
15
|
+
**Every possible action begins and ends with `instruction`.** In doubt, denied, or unclear next move: dispatch instruction. It is the only recovery primitive; improvising never beats re-reading the prose.
|
|
16
16
|
|
|
17
|
-
**You are the state machine.** Plugkit is
|
|
17
|
+
**You are the state machine.** Plugkit is durable memory + gate-checker; you walk PLAN -> EXECUTE -> EMIT -> VERIFY -> COMPLETE. Every transition, PRD resolution, mutable witness, residual scan is a verb YOU dispatch by writing `.gm/exec-spool/in/<verb>/<N>.txt`. Plugkit never advances, validates, or processes while you wait -- it serves a response the moment you write a request and sits inert otherwise. Your phase is the one you last `transition`-ed to, not the one your narration implies. Zero dispatches in gmsniff = you hallucinated the chain, not walked it. Drop this and every other rule collapses (mutables resolved without witness, COMPLETE claimed without VERIFY, residuals narrated away).
|
|
18
18
|
|
|
19
|
-
|
|
19
|
+
Every turn: dispatch `instruction`, read it, follow the imperative, dispatch the next verb it names. Re-dispatch against every drift, stall, gate-denial, or uncertainty -- in-flight it is free to over-dispatch and unbounded-cost to act without. Phase-specific discipline lives in plugkit's instruction tables; this file does not duplicate it.
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
**Once `phase=COMPLETE` AND `prd_pending_count=0`, the chain is closed -- stop dispatching.** Polling `instruction`/`phase-status` to "re-confirm" a terminal chain is the `complete-chain-poll` deviation. A new user prompt (`{"prompt":"..."}`) reopens the chain to PLAN; if your first `instruction` on intended-new work still returns COMPLETE/UPDATE-DOCS, dispatch `transition to=PLAN` **once** (this is authorized new work, not a poll).
|
|
22
22
|
|
|
23
|
-
**
|
|
23
|
+
**Client-side edits are gated by Browser Witness (hard rule).** If you Write/Edit any client-side file (`.html .js .jsx .ts .tsx .vue .svelte .mjs .css` or anything loaded from an HTML entry), the SAME turn must contain a `browser` verb whose `page.evaluate` asserts the invariant the edit establishes. `transition to=COMPLETE` refuses until `.turn-browser-witnessed` covers every entry in `.turn-browser-edits.json` by sha, else `deviation.client-edit-no-witness`. There is no validate-later.
|
|
24
24
|
|
|
25
|
-
**
|
|
25
|
+
**The live page is the debugger -- expose globals, evaluate in-browser, never blind-restart.** Surface relevant state as a `window.*` global and read it live via the `browser` verb's `page.evaluate`, running experiments in the page. A global plus one evaluate reads real runtime state in one dispatch; the restart-and-eyeball loop observes almost nothing and burns a turn. The same `browser` surface that witnesses an edit also diagnoses it.
|
|
26
26
|
|
|
27
|
-
**
|
|
27
|
+
**Search routes through the spool, never a platform search agent.** Any code/file/symbol lookup ("where is X", "what calls Y", grep the tree) is the `codesearch` verb (`{"query":"..."}`); prior knowledge is `recall`. Never the platform Explore agent, a Task/general-purpose search subagent, or raw `grep`/`Glob` -- they bypass the spool, the committed index, and recall-grounding, and do not transport across harnesses. Orient at PLAN is `recall` + `codesearch` in parallel; every mid-EXECUTE lookup is a `codesearch` too.
|
|
28
28
|
|
|
29
|
-
**
|
|
29
|
+
**Class rule: every platform-native capability that has a plugkit verb is forbidden in favor of the verb.** code/file/symbol search -> `codesearch`; prior knowledge -> `recall`; URL/web fetch -> `fetch`; running code -> `exec_js`; a real browser -> `browser`; persisting memory -> `memorize-fire`; **any git op -> the git verbs** (`git_status`/`git_log`/`git_diff`/`git_show`/`git_branch` inspect; `git_add`/`git_commit`/`git_finalize`/`git_push` stage-commit-push; `git_checkout`/`git_fetch`/`git_rm`/`git_revert`/`git_reset` mutate). `git_finalize {message}` bundles add->commit->porcelain-gate->push in one dispatch and is the COMPLETE push surface; a `bash`/`sh`/`powershell` body invoking git is gated (`deviation.bash-git-bypass`). The native tool bypasses the ledger, the index, and portability. If no verb exists, that is a missing verb to add, not license to reach around the spool.
|
|
30
30
|
|
|
31
|
-
**
|
|
32
|
-
|
|
33
|
-
**Boot before dispatching. Always check first.** Writing to `.gm/exec-spool/in/instruction/N.txt` while the watcher is dead is the canonical cold-start failure, the request sits forever, you read no response, you fabricate the chain from memory of the prose. The spool directory's existence does NOT mean the watcher is alive; `.status.json` mtime within the last 15s does. The leftover `.status.json` from yesterday's dead watcher is the most common trap.
|
|
34
|
-
|
|
35
|
-
Your first tool call of every session is the boot probe, in one Bash invocation. Read `.status.json` (liveness) and `.turn-summary.json` (orientation) together, the watcher precomputes both every 5s, so the two files give you everything you'd otherwise extract via gmsniff queries, git, yaml-parse, and ports-file scans:
|
|
31
|
+
**Boot before dispatching.** Writing `instruction/N.txt` to a dead watcher silently drops the request and you fabricate the chain from memory. The spool dir existing does not mean the watcher is alive; a `.status.json` `ts` within 15s does (a leftover stale `.status.json` is the common trap). Your first tool call every session is the boot probe in one Bash call:
|
|
36
32
|
|
|
37
33
|
```bash
|
|
38
34
|
cat .gm/exec-spool/.status.json 2>/dev/null; echo ---; cat .gm/exec-spool/.turn-summary.json 2>/dev/null; echo ---; date +%s%3N
|
|
39
35
|
```
|
|
40
36
|
|
|
41
|
-
`.turn-summary.json` carries `phase`, `last_skill`, `prd_pending`, `last_instruction_ts`, `last_instruction_age_ms`, `long_gap_threshold_ms`, `browser_sessions_alive`, `update_available`, `deviations_30m`, `watcher_uptime_ms`.
|
|
37
|
+
`.turn-summary.json` carries `phase`, `last_skill`, `prd_pending`, `last_instruction_ts`, `last_instruction_age_ms`, `long_gap_threshold_ms`, `browser_sessions_alive`, `update_available`, `deviations_30m`, `watcher_uptime_ms`. Age over threshold: your next non-orienting verb is gated, dispatch `instruction` first. `update_available` non-null: eager-upgrade with `bun x gm-plugkit@latest --kill-stale-watchers; bun x gm-plugkit@latest spool > /dev/null 2>&1 &`, then re-read `.status.json` after 8s to confirm `version`. `deviations_30m` non-zero indicates active drift to investigate before continuing.
|
|
42
38
|
|
|
43
|
-
Compare `.status.json` `ts`
|
|
39
|
+
Compare `.status.json` `ts` to the printed epoch: gap > 15000 = dead, boot it. Exception: a future `busy_until` means a long verb (browser/chromium spawn blocks the heartbeat ~15-18s) -- wait, do not boot a second watcher.
|
|
44
40
|
|
|
45
41
|
```bash
|
|
46
42
|
bun x gm-plugkit@latest spool > /dev/null 2>&1 &
|
|
47
43
|
```
|
|
48
44
|
|
|
49
|
-
(`npx -y gm-plugkit@latest spool > /dev/null 2>&1 &` if `bun` missing.)
|
|
50
|
-
|
|
51
|
-
**Dispatch shape: Write + Read response in the SAME tool-call block.** Issuing the Write alone is not a dispatch, it's a request that goes nowhere visible. The shape is `Write .gm/exec-spool/in/instruction/<N>.txt` AND `Read .gm/exec-spool/out/instruction-<N>.json` (or `out/<N>.json` for nested verbs) in one parallel-tools block. The Read may return "file does not exist" on the first attempt while plugkit is mid-verb, in that case, re-Read in the next message. Do NOT proceed to any other tool, do NOT narrate "I have everything I need," do NOT begin work until you have READ the response and followed the `instruction` field. Declaring readiness without a response in hand is fabrication.
|
|
52
|
-
|
|
53
|
-
Never poll the spool dir with `sleep && ls` or `Start-Sleep && Test-Path`, plugkit is synchronous from your view; if the response is not there, the watcher is dead (re-check `.status.json` mtime) or the verb is slow (check `.gm/exec-spool/.watcher.log`), not "still processing."
|
|
54
|
-
|
|
55
|
-
**Dead-watcher recovery is mandatory, never abandon the dispatch.** If two consecutive re-Reads return "file does not exist" AND `.status.json` ts is stale (>15s gap from current epoch) AND `busy_until` is absent or in the past, the watcher is dead. (A future `busy_until` means a long synchronous verb is running, the response will land when it finishes; wait, do not boot.) Your next call is `bun x gm-plugkit@latest spool` to boot a fresh watcher (the wrapper has self-respawn paths now, one boot deploys every queued fix to disk). Then re-dispatch the original verb. Do NOT reach for an alternative tool, puppeteer-core, agent-browser, WebFetch, raw `chrome.exe`, none of these substitute for the `browser` verb. Reaching outside plugkit when the spool surface is reachable orphans state the next session cannot reap, bypasses paper section 23 witness gates, and ages the project's discipline. The recovery is always: notice dead -> boot -> re-dispatch. The full chain from spool-write to disk-Read-success is the only admissible loop; any short-circuit produces unreconcilable state.
|
|
45
|
+
(`npx -y gm-plugkit@latest spool > /dev/null 2>&1 &` if `bun` missing.) Wait ~8s, re-`cat .status.json` for a fresh `ts`, and only then write to `instruction/`.
|
|
56
46
|
|
|
57
|
-
|
|
47
|
+
**Dispatch shape: Write request + Read response in the SAME tool-call block.** The shape is `Write .gm/exec-spool/in/instruction/<N>.txt` AND `Read .gm/exec-spool/out/instruction-<N>.json` (or `out/<N>.json` for nested verbs) in one block. A first-read "file does not exist" while plugkit is mid-verb is normal -- re-Read next message. Do not proceed, narrate readiness, or begin work before reading the response and following its `instruction` field. Never poll with `sleep && ls`: plugkit is synchronous, so a missing response means dead watcher (re-check `ts`) or slow verb (check `.gm/exec-spool/.watcher.log`), not "still processing."
|
|
58
48
|
|
|
59
|
-
|
|
49
|
+
**Dead-watcher recovery is mandatory.** Two consecutive missing re-Reads AND stale `ts` (>15s) AND no future `busy_until` = dead: `bun x gm-plugkit@latest spool` to boot a fresh watcher, then re-dispatch the original verb. Never substitute an alternative tool (puppeteer-core, WebFetch, raw chrome) for the `browser` verb -- reaching outside plugkit orphans state and bypasses the witness gates. Recovery is always notice-dead -> boot -> re-dispatch.
|
|
60
50
|
|
|
61
|
-
|
|
51
|
+
From PowerShell, write spool input as UTF-8 no-BOM (`-Encoding utf8` or `[System.IO.File]::WriteAllText`); the 5.1 default UTF-16+BOM trips `spool.body-encoding-recoded`. Prefer the `Write` tool for JSON bodies. First-turn body is `{"prompt":"<user request>"}` (derives orient_nouns + recall_hits); later same-conversation turns may use `{}`.
|
|
62
52
|
|
|
63
|
-
|
|
53
|
+
**Batch writes and reads together.** Write request + Read response is one logical step -- issue both in one block, not three turns. Fan-out is the same: N independent verbs = N Writes in one block then N Reads in one block. Only a real data dependency (verb B needs A's response) forces separate turns.
|
|
64
54
|
|
|
65
|
-
|
|
55
|
+
The chain is not COMPLETE until changes are on origin. Commit and push at the end of every session that touched tracked files; do not ask -- the push IS the validation dispatch (`verify.rs`). Only the porcelain check holds it back, and a dirty tree is fixed by stage-commit or revert, not by asking.
|
|
66
56
|
|
|
67
|
-
**
|
|
57
|
+
**Every residual is triaged this turn; "pre-existing" is not a stop excuse.** Non-empty `git status --porcelain`: every entry is yours now -- commit (real work), ignore via the managed block (transient runtime emission), or revert (stale junk). "Pre-existing" only names the triage outcome. `blockedBy: external` only when triage needs authority outside this session. `.gm/disciplines/` and new memorize-fire JSON are tracked+committed; `.gm/witness/` and transient staleness markers go in the managed gitignore block.
|
|
68
58
|
|
|
69
|
-
**
|
|
59
|
+
**Apply "every possible" to every noun.** PLAN is exhaustive, not minimal: for every noun, write every possible task, validation, mutable, corner case, caveat, failure mode, and empty/overflow/reentry/degenerate state as PRD rows. A single-digit PRD on a non-trivial request means you stopped early. Second pass: feed the list back in, each row's corner cases become new rows; closed when "every possible" yields nothing new. Long-horizon prompts routinely produce high-tens-to-hundreds of rows -- density at PLAN is the only protection against silent residuals at COMPLETE.
|
|
70
60
|
|
|
71
|
-
**
|
|
61
|
+
**Sweep every possible aspect for jank, each aspect a PRD row.** For every surface the prompt concerns, enumerate every immaturity/unfinished-edge/half-wired-path across gui, ux, ui, client state, server state, and the client/server boundary -- `jank` means the rough and almost-done, not just bugs. Each is a row, plus a profiling row and a security row per surface. Scoped to the prompt's reachable closure, exhaustive within it. Every issue found spawns its own debug-and-repair rows the same turn. Fan out via parallel spool dispatches (many `prd-add`/`codesearch`/`exec_js` in one block) and plugkit task-spawn, never the platform's Task/Explore subagent.
|
|
72
62
|
|
|
73
|
-
**
|
|
63
|
+
**One tell-tale AI design element spawns a full-codebase sweep.** A boilerplate flourish, over-hedged comment, generic scaffold name, or machine-authored shape is the witness that the same shape is likely elsewhere: spool rows for a codebase-wide scan, per-cluster findings, and fix-and-verify, fanned out exhaustively -- never a one-off local fix.
|
|
74
64
|
|
|
75
|
-
**
|
|
65
|
+
**Graphical symbols are forbidden; convert to ASCII on sight.** Arrow/box/geometric glyphs, stars, bullets, checkmarks/crosses, emojis, any non-ASCII decorative symbol are a machine tell -- convert the moment seen (arrow glyph -> `->`, bullet -> `-`/`*`, check/cross -> `[x]`/`[ ]` or done/todo/pass/fail, status dot -> the word). One sighting spawns the full-codebase sweep. Exempt: code operators (`=>`, `??`, `?.`, math/comparison), frozen changelog/git-log entries, binary stores, intentional icon-font/CSS-content product glyphs.
|
|
76
66
|
|
|
77
|
-
**
|
|
67
|
+
**Treat the architecture as pliable.** It is reshapeable; every change that clearly improves it or reduces maintenance burden is a PRD plan you spool. Replacing bespoke code with native functionality or a popular well-maintained library is encouraged only when it nets a smaller maintained surface -- a heavy dependency to delete a few lines net-grows it and is the guarded failure mode. Check for an existing library first; never carry a drift-prone reimplementation of an upstream.
|
|
78
68
|
|
|
79
|
-
|
|
69
|
+
**Noticing is a planning event.** Anything you observe that should be done, is unfinished/improvable, or diverges from a user preference becomes a `prd-add` this turn. Observations carried only in prose evaporate; only the PRD store survives. "Future work"/"note for later" are drift signatures. Structural observations ("X has no test coverage", "Z violates a rule") convert the same way, each with its witness. Density grows along the walk, not just at PLAN.
|
|
80
70
|
|
|
81
|
-
|
|
71
|
+
`git push` is admissible only when `git status --porcelain` is empty, and the porcelain probe must be its OWN Bash tool-use event before the push, not `&&`-chained inside one call (ccsniff `--git-discipline` scans the tool-call stream, not shell commands within an event). The discipline is three Bash events: `git status --porcelain` -> read empty -> `git push`. Prefer the `git_push` verb (gates on porcelain internally, refuses dirty, emits `deviation.push-dirty`). Witness clean via `git_status`, pushed via `branch_status` (ahead==0). residual-scan and the COMPLETE gate both refuse a dirty tree or missing residual-check marker.
|
|
82
72
|
|
|
83
|
-
|
|
73
|
+
**Memory is project-resident, never platform-resident.** Refuse the platform's own auto-memory dir (`~/.claude/projects/*/memory/`, `~/.codex/`, `~/.cursor/*`) -- it does not transport and is invisible to gmsniff/recall. The two portable surfaces: (a) `memorize-fire` through the spool (embeds into `.gm/rs-learn.db`, surfaces via `recall` + auto-recall); (b) `AGENTS.md` for project-tracked hard rules, edited inline. They are complementary -- memorize-fire for recall-time reinforcement, AGENTS.md for the hard rule. About to Write under a platform memory dir: stop, dispatch `memorize-fire` instead. The response body is not a mutation surface either; memory routes through `memorize-fire`, tool ops through their verbs.
|
|
84
74
|
|
|
85
|
-
**Suppress mundane output; strip it to the bone.**
|
|
75
|
+
**Suppress mundane output; strip it to the bone.** Drop articles, preamble, play-by-play, boot-probe narration, dispatch echoes, restatement of prose just read, status recaps. What survives: a real finding, a decision and its one-line reason, a blocker, the single-line PRD-read declaration. Terse means fewer words, NEVER zero tool calls and never silent work -- the turn still ends in the chain-advancing tool call, and you still state in one clause what you are about to do.
|
|
86
76
|
|
|
87
|
-
**Prune bad memory on sight
|
|
77
|
+
**Prune bad memory on sight -- a wrong recall hit is worse than a miss.** A stale/superseded/wrong `recall` or `auto_recall` hit gets `memorize-prune {key}` (deletes text + embedding). For an uncertain set, `memorize-prune {query}` returns review-only candidates; judge, then re-dispatch the stale `{keys:[...]}` -- never a blind similarity-delete.
|
|
88
78
|
|
|
89
|
-
On turn entry (first `instruction`
|
|
79
|
+
On turn entry (first `instruction` after a >30s gap or session-start), plugkit attaches `auto_recall` `{query, hits, fired_at, turn_entry:true}` derived from the user prompt. Read `auto_recall.hits` alongside `recall_hits` (the phase+PRD-subject pack); auto_recall fires only on turn entry, do not re-trigger it.
|
package/instructions/browser.md
CHANGED
|
@@ -1,50 +1,43 @@
|
|
|
1
1
|
# BROWSER
|
|
2
2
|
|
|
3
|
-
## Hard Rule: Browser Witness Mandate (paper
|
|
3
|
+
## Hard Rule: Browser Witness Mandate (paper section 23)
|
|
4
4
|
|
|
5
|
-
**Every
|
|
5
|
+
**Every edit to code that runs in a browser requires a live `browser` dispatch in the same turn as the edit.** Client-side surfaces -- `.html`, `.js`, `.jsx`, `.ts`, `.tsx`, `.vue`, `.svelte`, `.mjs`, `.css`, web components, service workers, every asset loaded by `<script>`, every path reached by `import` from a browser-side entry -- must be witnessed by a live `page.evaluate` of the specific invariant the edit establishes. A passing node test, build, `curl` of the HTML, or static-analysis pass witnesses server delivery, not browser behavior, and is non-substitutive. The witness IS the proof; prose is not.
|
|
6
6
|
|
|
7
|
-
Protocol
|
|
7
|
+
Protocol: (1) boot the real surface -- server up, page reachable, HTTP 200 witnessed; (2) `browser` dispatch -> navigate -> poll for the global the change affects; (3) `page.evaluate` asserting the invariant, capturing witnessed values into `stdout`; (4) variance -> fix at root cause, re-witness. Never advance on unwitnessed client behavior, never queue validation for "later" -- the same turn that edits a client-side file dispatches the browser verb validating it.
|
|
8
8
|
|
|
9
|
-
|
|
10
|
-
- **EXECUTE**: edit a client-side file → dispatch `browser` in the same turn against the live page asserting the invariant the edit establishes
|
|
11
|
-
- **EMIT**: post-emit re-witness — the page still passes the invariant after the full diff lands
|
|
12
|
-
- **VERIFY**: final gate — `browser-witness-hash-mismatch` deviation fires if any file you witnessed earlier has changed without re-witnessing
|
|
9
|
+
Fires across phases: **EXECUTE** edit -> same-turn browser dispatch asserting the invariant; **EMIT** post-emit re-witness (page still passes after the full diff); **VERIFY** final gate -- `deviation.browser-witness-hash-mismatch` fires if a witnessed file changed without re-witnessing. Pure-prose static-document edits (no JS, no CSS-driven behavior, no DOM mutation) are the ONLY exempt category, and the exemption must be named explicitly in the response so the skip is auditable. Silent skip on actual behavior change is forced closure.
|
|
13
10
|
|
|
14
|
-
|
|
11
|
+
YOU drive the browser through the spool: plugkit holds the Chromium handle, per-project profile, and session table; you advance by writing `.gm/exec-spool/in/browser/<N>.txt` and reading `out/<N>.json`. There is no library import, no puppeteer/playwright/CDP handle that shortcuts this. The verb is the surface; every other reach is fabrication.
|
|
15
12
|
|
|
16
|
-
|
|
13
|
+
## Body shapes
|
|
17
14
|
|
|
18
|
-
The body is a string
|
|
15
|
+
The body is a string, five shapes only:
|
|
19
16
|
|
|
20
17
|
```
|
|
21
18
|
session new
|
|
22
19
|
session list
|
|
23
|
-
session
|
|
20
|
+
session close <id>
|
|
24
21
|
<arbitrary JS expression evaluated in page context>
|
|
25
22
|
timeout=<ms>\n<expression>
|
|
26
23
|
```
|
|
27
24
|
|
|
28
|
-
A bare expression with no live session opens one
|
|
29
|
-
|
|
30
|
-
Default per-evaluation timeout is 14000ms. Operations that legitimately exceed this (long page loads, multi-step navigation, slow remote APIs) prefix `timeout=<ms>\n` with the desired millisecond cap; the wrapper clamps to 50000ms maximum. The response includes `timeout_ms_used` so you witness which budget actually applied. `browser.runner-timeout` event fires when the runner hits the cap — read your `stderr`, narrow the operation, or raise timeout; do not retry blind at the same budget.
|
|
25
|
+
A bare expression with no live session opens one against `about:blank`; with a live session it reuses it. `session new` returns the id you carry; with more than one open, target it via `session=<id>\n<expr>`. (`session close` and `session kill` are aliases.) Default per-eval timeout 14000ms; operations that legitimately exceed it prefix `timeout=<ms>\n` (wrapper clamps to 50000ms). The response carries `timeout_ms_used`; `browser.runner-timeout` fires at the cap -- read `stderr`, narrow or raise, never retry blind at the same budget.
|
|
31
26
|
|
|
32
27
|
## Envelope
|
|
33
28
|
|
|
34
|
-
|
|
29
|
+
`{ok, stdout, stderr, exit_code, session_id?}`. `stdout` = stringified eval result; `stderr` = page errors + launch diagnostics; `exit_code` non-zero = the dispatch did not land -- read `stderr` and re-dispatch, never blind.
|
|
35
30
|
|
|
36
31
|
## Headed by default
|
|
37
32
|
|
|
38
|
-
The window opens on the user's screen
|
|
33
|
+
The window opens on the user's screen -- that IS the witness. `GM_BROWSER_HEADLESS=1` opts into headless; absent it, a session with no visible window is a launch you did not make. Do not assume or request headless to "be quiet"; the flash is the proof.
|
|
39
34
|
|
|
40
35
|
## Profile
|
|
41
36
|
|
|
42
|
-
`session new` (or a bare expression with no live session) spawns a locally-profiled Chromium at `<cwd>/.gm/browser-profile
|
|
37
|
+
`session new` (or a bare expression with no live session) spawns a locally-profiled Chromium at `<cwd>/.gm/browser-profile/`; the runner attaches via `--direct <wsEndpoint>`. Cookies/storage/extensions persist across sessions, turns, and runs. A second concurrent launch contends the SingletonLock; the watcher reuses the live CDP rather than re-launching. The runner's extension-attach mode ("Waiting for extension to connect") is never the default or what you want -- seeing it in `stderr` means the host failed to spawn local Chromium; dispatch `instruction` for recovery, not a blind retry.
|
|
43
38
|
|
|
44
39
|
## Discipline
|
|
45
40
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
A dispatch that returns `ok:false` with a launch error is plugkit telling you the environment refused; you read the `stderr`, you dispatch `instruction`, you do not loop the same body waiting for a different answer.
|
|
41
|
+
Never spawn Chromium yourself, `npm i puppeteer`, or shell `chrome.exe`; the verb owns the handle, and bypassing it orphans state plugkit cannot reap and breaks the next session's first read. Navigate by evaluating `location.href = '...'` through the spool; screenshot by dispatching the verb that returns one. A dispatch returning `ok:false` with a launch error is plugkit reporting the environment refused -- read `stderr`, dispatch `instruction`, do not loop the same body.
|
|
49
42
|
|
|
50
|
-
**Dead-watcher recovery, never substitute.** If
|
|
43
|
+
**Dead-watcher recovery, never substitute.** If a Write to `.gm/exec-spool/in/browser/<N>.txt` produces no response after two re-Reads AND `.status.json` ts is stale (>15s from current epoch), the watcher is dead: boot `bun x gm-plugkit@latest spool`, then re-dispatch the browser body. Do NOT reach for puppeteer-core, puppeteer, playwright, agent-browser, `chrome.exe`, `npx browserless`, WebFetch, or curl-then-parse -- the browser verb is the only admissible browser surface; substitutes spawn orphan Chromium plugkit cannot reap, bypass section 23 witness-marked events, and produce evidence the gate cannot read. The recovery loop is always: empty response -> check `.status.json` -> if stale, boot -> re-dispatch.
|
package/instructions/emit.md
CHANGED
|
@@ -1,31 +1,27 @@
|
|
|
1
1
|
# EMIT
|
|
2
2
|
|
|
3
|
-
YOU are the state machine. Plugkit is the synchronous library serving this prose; advancing the chain is your dispatch
|
|
3
|
+
YOU are the state machine. Plugkit is the synchronous library serving this prose; advancing the chain is your dispatch. Every write lands only through the verb you dispatch to land it.
|
|
4
4
|
|
|
5
|
-
L3 audit on disk.
|
|
5
|
+
L3 audit on disk. Land every node of the covering family; your first emit = closure.
|
|
6
6
|
|
|
7
7
|
## Read-before-write
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
The target file's on-disk content is the goal-relative reference; diffing an unread file diffs an imagined baseline, leaving your candidate unmeasured. On observed disk divergence, `transition` back to PLAN.
|
|
10
10
|
|
|
11
11
|
## Fresh index
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
Feed search outputs into EMIT only when the digest matches the live filesystem; a stale-index result is an L1 bluff.
|
|
14
14
|
|
|
15
15
|
## Write-then-verify
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
One write per artifact, then a disk Read against every touched path to assert the change -- verified disk state IS the witness, not the tool-call return. On discrepancy, regress to root cause, do not retry.
|
|
18
18
|
|
|
19
|
-
**Client-side artifacts: write-then-browser-witness,
|
|
19
|
+
**Client-side artifacts: write-then-browser-witness, same turn.** If the artifact is `.html .js .jsx .ts .tsx .vue .svelte .mjs .css` or any browser-loaded path, the disk Read is necessary but not sufficient -- also dispatch a `browser` verb that `page.evaluate`s the invariant the artifact establishes (the page-side assertion is the real witness; the disk Read only witnesses serialization). Skipping it ships a green-checked stub. The COMPLETE gate refuses without the paired browser-witness for every client-side file edited this session (`deviation.client-edit-no-witness`, gates.rs), and you regress to dispatch the missing witness.
|
|
20
20
|
|
|
21
21
|
## Artifact scope
|
|
22
22
|
|
|
23
|
-
PRD names the artifacts you may write
|
|
24
|
-
|
|
25
|
-
If during write-then-verify you notice an adjacent artifact the user clearly meant included, or an improvement the act of writing exposes (a generated file the build needs, a doc that names the new artifact, a witness script the artifact deserves) — you dispatch `prd-add` for it this turn, not as a follow-on. The same noticing-to-PRD discipline applies in EMIT: an observation that does not land as a PRD row evaporates with the turn.
|
|
26
|
-
|
|
27
|
-
Between artifacts, between disk-Read checks, between a write you're uncertain about and the next — you re-dispatch `instruction`. Closure is the EMIT discipline; re-reading the prose between artifacts is how you avoid partial emits.
|
|
23
|
+
PRD names the artifacts you may write; direct closure narrative to the commit message + `memorize-fire`. A file PRD does not name is your response body displacing the dispatch surface. If write-then-verify exposes an adjacent artifact the user meant included or an improvement the act of writing reveals (a generated file the build needs, a doc naming the new artifact, a witness script), `prd-add` it this turn -- an observation that does not land as a row evaporates with the turn. Between artifacts and uncertain writes, re-dispatch `instruction`.
|
|
28
24
|
|
|
29
25
|
## Dispatch
|
|
30
26
|
|
|
31
|
-
|
|
27
|
+
`transition` when every planned artifact is written and disk-verified. On a new unknown, `transition` back to PLAN.
|
package/instructions/entry.md
CHANGED
|
@@ -1,98 +1,94 @@
|
|
|
1
1
|
# ORCHESTRATOR
|
|
2
2
|
|
|
3
|
-
YOU are the state machine. Plugkit is the synchronous library serving this prose; advancing the chain is your dispatch, not its action.
|
|
3
|
+
YOU are the state machine. Plugkit is the synchronous library serving this prose; advancing the chain is your dispatch, not its action. It holds phase, PRD rows, and mutables on disk -- you read them via `phase-status`/`instruction` and change them via the relevant verb. Nothing advances while you wait.
|
|
4
4
|
|
|
5
|
-
Your authorization = the request. Your receipt = the PRD you write.
|
|
5
|
+
Your authorization = the request. Your receipt = the PRD you write. Trajectory PLAN -> EXECUTE -> EMIT -> VERIFY -> COMPLETE, one continuous flow, each transition a verb you dispatch. Scope = the closure of the destructive transform admissible over the session; your first emit = closure, not prefix.
|
|
6
6
|
|
|
7
|
-
**Continuation invariant (the brick wall).** A turn
|
|
7
|
+
**Continuation invariant (the brick wall).** A turn ending without a tool call is a stop -- the harness reads only tool calls, so a prose-only message ends the session. While in-flight (phase != COMPLETE OR prd_pending > 0) end every turn in a verb dispatch, never prose, never a summary/recap (summary is a stop) -- and never a turn-final sentence that names the next move instead of making it (it strands the chain where the prose pointed; take the move). Only this surface returning phase=COMPLETE AND prd_pending=0 authorizes stopping. Before any urge to stop, dispatch `phase-status`; non-terminal means drift, so dispatch `instruction` and keep walking. Depends only on the verb spool -- holds on every agent.
|
|
8
8
|
|
|
9
9
|
## Admission Filter
|
|
10
10
|
|
|
11
11
|
```
|
|
12
|
-
candidate
|
|
12
|
+
candidate -> [L1 witness] -> [L2 single-writer] -> [L3 direction] -> execute
|
|
13
13
|
```
|
|
14
14
|
|
|
15
|
-
- **L1.**
|
|
16
|
-
- **L2.** Single-writer per surface (`|F|=1`)
|
|
17
|
-
- **L3.** Lyapunov:
|
|
15
|
+
- **L1.** Admit on witness, not cheapness. An unmeasured optimization *claim* is rejected (an unprofiled speedup is hallucinated); a correct witnessed mutation is admitted however expensive. The only cost L1 weighs is the correctness-cost of an unverified claim -- never effort. The work envelope is unbounded; "too much work" never rejects.
|
|
16
|
+
- **L2.** Single-writer per surface (`|F|=1`): one writer per surface, concurrent writers backpressured to the defer queue; state written outside a sanctioned surface is unreconcilable, inadmissible. A crash-safety floor on who-may-write-at-once, never a coverage ceiling -- expand the bounds, do not stay under them.
|
|
17
|
+
- **L3.** Lyapunov: `Delta d >= 0` rejects the dispatch. Attach audit tuple `(id, hash, ts)` per accepted write. Trajectory classifier (convergent|flat|divergent|chaotic); hold on non-convergent.
|
|
18
18
|
|
|
19
|
-
The five phases are
|
|
19
|
+
The five phases are scheduling; the filter is the engine on every candidate, gating on witness, writer-safety, and direction -- never effort.
|
|
20
20
|
|
|
21
21
|
## Invariants
|
|
22
22
|
|
|
23
|
-
- **Measurement gates optimization
|
|
24
|
-
- **Bounds prevent cascades
|
|
25
|
-
- **Effort is unbounded
|
|
26
|
-
- **Direction eliminates waste
|
|
27
|
-
- **Monotonic closure on first emit
|
|
28
|
-
- **Witness is the audit primitive
|
|
23
|
+
- **Measurement gates optimization** *claims*, not effort -- a measured-correct change ships however costly.
|
|
24
|
+
- **Bounds prevent cascades:** explicit per-surface writer capacity converts crash to graceful degradation -- bounds writers, not coverage.
|
|
25
|
+
- **Effort is unbounded:** the maximal-effort fully-destructive run is the default; the only costs weighed are maintenance-surface left behind (net-smaller wins, a heavy dep for a few lines loses) and the correctness-cost of an unverified claim.
|
|
26
|
+
- **Direction eliminates waste:** motion that does not reduce distance is dead.
|
|
27
|
+
- **Monotonic closure on first emit:** a partial emit externalizes residual cost as unaudited state; mature artifact = first artifact.
|
|
28
|
+
- **Witness is the audit primitive:** a claim without `(id, hash, ts)` is not in the system.
|
|
29
29
|
|
|
30
30
|
## Code Invariants (every possible emission)
|
|
31
31
|
|
|
32
|
-
- **State
|
|
33
|
-
- **Hardware reality
|
|
34
|
-
- **Flat structure
|
|
35
|
-
- **200-line vertical slices
|
|
36
|
-
- **Async boundary explicit
|
|
37
|
-
- **Naming by scale
|
|
38
|
-
- **Fail fast, loud, deterministic
|
|
39
|
-
- **Binary transport, append-only persistence
|
|
40
|
-
- **Single focused task per session
|
|
32
|
+
- **State minimized:** sequential downward flow; explicit state flags; external input through a unified queue before mutation; state changes are explicit assignment, never a buried side effect or init hidden in helpers.
|
|
33
|
+
- **Hardware reality:** benchmark before abstracting; pass scope explicitly (closures hide scope cost in hot loops); mutate in place, pools over allocation; native data flow on hot paths (no Promise chains / class hierarchies / operator overloading there).
|
|
34
|
+
- **Flat structure:** denormalized graphs over nested documents; partial-field over whole-document writes; bytes over JSON for transport (pre-compute size, allocate once); lexical ordering for deterministic tie-breaking.
|
|
35
|
+
- **200-line vertical slices:** one responsibility per file; input->process->output complete in the module; zero-config defaults correct for 90%; universal runtime (browser/Node/mobile/Bare).
|
|
36
|
+
- **Async boundary explicit:** sequential awaitable primitives; no implicit callback ordering; unified error channel, never swallow rejections; tests await real ops, mock-free.
|
|
37
|
+
- **Naming by scale:** <50 lines single-letter algebraic; 50-200 short descriptors; >200 full names; public APIs explicit.
|
|
38
|
+
- **Fail fast, loud, deterministic:** halt on precondition violation with exact state; assert on emitted semantics, not return values; sentinel words + checksum headers on critical structures, verified on every access; never silently degrade.
|
|
39
|
+
- **Binary transport, append-only persistence:** varint fields; lexical cursors for sparse reads; append-only sequence for replay; chunked by lexical range, modify only the touched chunk.
|
|
40
|
+
- **Single focused task per session:** no drive-by refactors; pre-compute and inline.
|
|
41
41
|
|
|
42
42
|
## Token Discipline
|
|
43
43
|
|
|
44
|
-
English describing
|
|
44
|
+
English describing intent is liability when code can encode it; comments are liability when names + structure encode the same; duplication that must sync is liability. Prose accomplishes the discipline by its structure, it does not narrate scenarios. Recognize the closure anti-shape by structure (a claim composed in prose displacing a dispatch). The response body is not a mutation surface.
|
|
45
45
|
|
|
46
46
|
## Install
|
|
47
47
|
|
|
48
|
-
`bun x skills add AnEntrypoint/gm-skill`
|
|
48
|
+
`bun x skills add AnEntrypoint/gm-skill` -> `~/.agents/skills/<name>/SKILL.md` symlinked into `~/.claude/skills/<name>/`.
|
|
49
49
|
|
|
50
50
|
## Bootstrap
|
|
51
51
|
|
|
52
|
-
|
|
52
|
+
First dispatch checks `~/.gm-tools/plugkit.wasm` (or `~/.claude/gm-tools/plugkit.wasm` on legacy installs). Absent -> write `.gm/exec-spool/in/bootstrap/0.txt`; plugkit fetches, sha-verifies, writes `.bootstrap-status.json`. On pin mismatch it writes `.bootstrap-error.json` and you pause the chain.
|
|
53
53
|
|
|
54
54
|
## Supervisor drift and version updates
|
|
55
55
|
|
|
56
|
-
A supervisor respawns the watcher under fresh code on `wrapper.drift
|
|
56
|
+
A supervisor respawns the watcher under fresh code on `wrapper.drift`/`version.drift` or a stale `.status.json`. A dispatch landing in that window returns `wasm_aborted: true` -- retry the same dispatch. `update.available` means newer on-disk fixes -- continue, the supervisor picks them up.
|
|
57
57
|
|
|
58
58
|
## State
|
|
59
59
|
|
|
60
|
-
`cwd/.gm/`: `prd.yml`, `mutables.yml`, `exec-spool/{in,out}/`, `gm-fired-<sessionId>`, `rs-learn.db`, `disciplines/<ns>/`, `code-search/`. DB, disciplines, search index tracked
|
|
60
|
+
`cwd/.gm/`: `prd.yml`, `mutables.yml`, `exec-spool/{in,out}/`, `gm-fired-<sessionId>`, `rs-learn.db`, `disciplines/<ns>/`, `code-search/`. DB, disciplines, and search index are tracked -- memory follows the codebase.
|
|
61
61
|
|
|
62
62
|
## Spool ABI
|
|
63
63
|
|
|
64
|
-
|
|
64
|
+
Write `in/<lang>/<N>.<ext>` for language stems, `in/<verb>/<N>.txt` for orchestrator + host verbs. The watcher streams `out/<N>.{out,err}` and finalizes `out/<N>.json` synchronously -- read it once it lands. Parallelize independent dispatches in one message; serialize dependents at the data-flow edge. Every git operation routes through the git verbs (`git_status`/`git_finalize`/`git_push`/...), never a raw `git` shell body (gated `deviation.bash-git-bypass`); route every other capability through its verb.
|
|
65
65
|
|
|
66
66
|
## Observability
|
|
67
67
|
|
|
68
|
-
`.gm/exec-spool/.watcher.log`
|
|
68
|
+
`.gm/exec-spool/.watcher.log` -- cdylib stdout/stderr, dispatch timings, sweep ticks, boot markers; tail via Read+offset; rotated 10MB.
|
|
69
69
|
|
|
70
70
|
## SESSION_ID
|
|
71
71
|
|
|
72
|
-
|
|
72
|
+
Thread SESSION_ID through every spool body + rs-exec RPC; plugkit rejects empty.
|
|
73
73
|
|
|
74
74
|
## Daemonize
|
|
75
75
|
|
|
76
|
-
|
|
76
|
+
The watcher returns task_id immediately and tails to 30s wall-clock. Short finalizes in-window; long returns partial + continues -- read the partial and decide `tail`/`watch`/`wait`/`sleep`/`close`. Responses carry `running_task_ids` you track.
|
|
77
77
|
|
|
78
78
|
## Disciplines
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
Route KV writes to `<cwd>/.gm/disciplines/<ns>/`. `@<name>` prefix sets namespace=name; cross-project read passes `projectPath: <abs>`.
|
|
81
81
|
|
|
82
82
|
## Inspection routing
|
|
83
83
|
|
|
84
|
-
|
|
84
|
+
`Read` for runtime-state files (spool response JSON, `.status.json`); `codesearch` verb for every code/file/symbol search -- Glob/Grep/Explore and host-native search are blocked, the verb is the surface. Bash only for the boot probe and shell-only non-git tooling (`npm`, `bun x`, `curl`). Spool responses are synchronous; poll external state via `until <check>; do sleep N; done`.
|
|
85
85
|
|
|
86
86
|
## Memorize
|
|
87
87
|
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
You prune bad memory on sight by dispatching `memorize-prune`. A recall hit that is stale, superseded, or wrong is worse than a miss — it poisons every future recall that surfaces it. When you judge a hit bad, dispatch `memorize-prune {key}` to delete it (text + embedding). Pruning bad memory matters more than preserving good memory. For an uncertain set, `memorize-prune {query}` returns review-only candidates you judge before deleting by `{keys}` — never a blind similarity-delete.
|
|
88
|
+
Write the recall index only via `memorize-fire`; surfaces outside it produce memos the index never sees. Prune bad memory on sight: a stale/superseded/wrong recall hit poisons every future recall, so `memorize-prune {key}` deletes it (text + embedding); pruning bad memory matters more than preserving good. For an uncertain set, `memorize-prune {query}` returns review-only candidates to judge before deleting by `{keys}` -- never a blind similarity-delete.
|
|
91
89
|
|
|
92
90
|
## Return to plugkit
|
|
93
91
|
|
|
94
|
-
Against every
|
|
95
|
-
|
|
96
|
-
Every possible gate denial names the next verb you must dispatch. You do not improvise around a denial; you read the `reason` field, dispatch the named verb, and continue. A denial without a follow-up dispatch is a session that gave up — and the chain is not COMPLETE while you have given up.
|
|
92
|
+
Against every drift, gate denial, "what now", uncertain next step, or N elapsed actions without one in a non-trivial phase: dispatch `instruction`. Your memory of the prose is stale the moment phase/PRD/mutables shift. It is cheap, synchronous, idempotent -- unbounded cost to under-dispatching. Every gate denial names the next verb in its `reason` field; read it and dispatch that verb, do not improvise around the denial. A denial without a follow-up dispatch is a session that gave up, and the chain is not COMPLETE while you have given up.
|
|
97
93
|
|
|
98
|
-
Transition:
|
|
94
|
+
Transition: SESSION_ID threaded AND spool reachable -> dispatch `instruction` with `{"prompt":"<user request>"}` so plugkit derives orient_nouns + recall_hits; later same-chain dispatches may use empty body.
|
package/instructions/execute.md
CHANGED
|
@@ -1,63 +1,49 @@
|
|
|
1
1
|
# EXECUTE
|
|
2
2
|
|
|
3
|
-
YOU are the state machine. Plugkit is the synchronous library serving this prose;
|
|
3
|
+
YOU are the state machine. Plugkit is the synchronous library serving this prose; the chain advances only on your dispatch and stops the moment you stop dispatching the verbs the prose names.
|
|
4
4
|
|
|
5
|
-
L3 distance + audit
|
|
5
|
+
L3 distance + audit: real input -> real code -> real output, witnessed.
|
|
6
6
|
|
|
7
7
|
## Surfaces
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
Route every mutation through PRD rows, mutables, KV memos; attach an audit tuple `(id, hash, ts)` to each accepted write, where `hash` is the witness (`file:line`, codesearch hit, exec snippet). `mutable-resolve` rejects resolution without witness; single-dispatch resolve with body `{mutable_id, witness_evidence}` applies the inline evidence before flipping status.
|
|
10
10
|
|
|
11
|
-
Every code/file/symbol lookup
|
|
11
|
+
Every code/file/symbol lookup is a `codesearch` dispatch -- never a platform Explore agent, Task/general-purpose search subagent, or raw grep. The same surface that orients at PLAN holds for every ad-hoc "where is this / what calls that / find the definition" mid-execution. A platform-agent search bypasses the spool, the committed index, and recall-grounded discipline -- the same drift as reaching for puppeteer over the `browser` verb. The capability is a verb; dispatch the verb.
|
|
12
12
|
|
|
13
13
|
## Witness
|
|
14
14
|
|
|
15
|
-
The witness IS
|
|
15
|
+
The witness IS the distance measurement: artifact present in observable state means `d(state, goal)` decreased. An artifact composed only in prose, or success returned without doing the work, sits at high distance regardless of structure -- L3 rejects the next dispatch.
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
Witness code running on a non-default surface on that surface in the same turn; a passing test on surface A is not witness for code on surface B. For the browser surface, dispatch the `browser` verb (`in/browser/<N>.txt`, raw JS, globals `page`/`snapshot`/`screenshotWithAccessibilityLabels`/`state`; `session new|list|close <id>`).
|
|
18
18
|
|
|
19
|
-
**Client-side edits force a same-turn browser dispatch.**
|
|
19
|
+
**Client-side edits force a same-turn browser dispatch.** Writing/Editing any client-side file (`.html`, `.js`, `.jsx`, `.ts`, `.tsx`, `.vue`, `.svelte`, `.mjs`, `.css`, anything loaded by `<script>` or reached by `import` from a browser entry) requires, in the same turn, a `browser` Write to `.gm/exec-spool/in/browser/<N>.txt` that page.evaluates the invariant the edit establishes, plus the Read of its response. No staging edits to "validate later" -- later does not arrive. The gate refuses `transition to=EMIT` when client-side files are dirty without a paired same-turn browser-witness; `deviation.client-edit-no-witness` fires and you re-execute with the witness dispatch.
|
|
20
20
|
|
|
21
|
-
## Surface
|
|
21
|
+
## Surface -> mutable
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
State diverging from the PRD's assumed shape is a new mutable, not background noise: name, witness, resume -- identical to a named target. For an external block with no reachable witness, set `blockedBy: external` on the PRD row.
|
|
24
24
|
|
|
25
|
-
##
|
|
25
|
+
## Discovery: additive vs reshaping
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
Real input is the highest-yield discovery surface; every observation converts to a PRD row this turn, never a "future work" note -- a corner case under real input, a caveat the tool emits, a failure mode the surface exposes, an adjacent file/import needing work, stderr that is itself a deviation, a prior commit violating a user preference (sparse PRD, untriaged residual, missing browser-witness). Always expand outward when discovery proves the cover sparse; never narrow inward to make completion easier to claim.
|
|
28
28
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
## Planning-event re-entry — additive discovery vs reshaping discovery
|
|
32
|
-
|
|
33
|
-
A discovery is one of two kinds, and they take different moves. **Additive discovery** adds a sibling the original cover missed (a new corner case, an adjacent file, an extra validation): you `prd-add` it this turn and stay in EXECUTE — the slice grew, its shape did not change. **Reshaping discovery** is a planning event: a decision or directive that changes the scope, approach, or dependency shape of an existing row (or the plan as a whole) — "this CPU mirror should be a real-GL renderer", "this row's approach is wrong, it needs X instead". That is not a sibling to append; it rewrites a node the DAG already contains, so the cover itself must be re-cut. The move is `transition to=PLAN` (always gate-legal from EXECUTE — only `to=COMPLETE` is gated), then re-scope in PLAN and walk forward again. Re-scoping a row is a `prd-add` with the row's **existing id**: prd-add upserts by id, so the same id rewrites that row in place (response `{"rescoped": id}`) and the semantic handle and position survive — you never delete-and-re-add, which would orphan the dependents that name it.
|
|
34
|
-
|
|
35
|
-
The tell that you are mid-reshape is the urge to write "I need to re-scope" or "this reshapes the plan" in prose. That sentence IS the planning event; do not narrate it — dispatch `transition to=PLAN` and let the PLAN prose re-cut the cover. Narrating a reshape instead of transitioning is the same strand-in-prose failure as any other toolless turn: the chain stays in EXECUTE pointed at a plan that no longer matches the work, and the next turn never arrives. Additive → prd-add and stay; reshaping → transition to PLAN and re-cut.
|
|
29
|
+
Two kinds, two moves. **Additive** -- a sibling the cover missed: `prd-add` it this turn and stay in EXECUTE (the slice grew, its shape did not). **Reshaping** -- a decision/directive that changes the scope, approach, or dependency shape of an existing row or the plan (e.g. "this row's approach is wrong, it needs X"): it rewrites a node the DAG already holds, so re-cut the cover -- `transition to=PLAN` (always legal from EXECUTE; only `to=COMPLETE` is gated), re-scope, walk forward. Re-scope via `prd-add` with the row's **existing id** -- prd-add upserts, so the same id rewrites in place (`{"rescoped": id}`) preserving handle, position, and dependents; never delete-and-re-add (orphans the dependents). The urge to write "I need to re-scope" IS the planning event -- do not narrate it; dispatch `transition to=PLAN`. Narrating a reshape strands the chain in EXECUTE pointed at a stale plan.
|
|
36
30
|
|
|
37
31
|
## Maturity-first
|
|
38
32
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
## Engineering invariants
|
|
33
|
+
First emit = closure of the transform; scaffold + IOU externalizes residual cost as state you will not return to. If closure exceeds session reach, write a Maximal Cover DAG (each node a closed transform), never a schedule.
|
|
42
34
|
|
|
43
|
-
|
|
35
|
+
## Engineering invariants (shape of the code you land)
|
|
44
36
|
|
|
45
|
-
|
|
37
|
+
Data first -- get the structures and their invariants right and the code writes itself; convoluted control flow means the data model is wrong, so fix the model. Make invalid state unrepresentable -- pass parameters over hidden globals, encode the constraint in the type/shape so the bad combination cannot be constructed. Reason from physical constraints (latency, bandwidth, memory, coordination, the worst node) before designing within them. Keep the spine flat, each unit single-focus and understandable at its call site. Make misuse structurally impossible, not documented-against. Optimize the worst case, not the average; design every failure path explicitly (full -> degraded -> safe-fail -> explicit-error), never a silent catastrophic mode. Measure, do not assume -- profile before optimizing, implement both and compare on real input when in genuine dispute. When a change regresses something that worked, revert first and investigate second: restore green, then diagnose from a known-good base. Fail fast and loud over limping on bad state.
|
|
46
38
|
|
|
47
39
|
## Memorize
|
|
48
40
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
Between each mutable resolution, between failed exec retries, between unfamiliar errors — you re-dispatch `instruction`. EXECUTE has the highest drift surface; the recovery primitive is unchanged.
|
|
52
|
-
|
|
53
|
-
When a gate denies your verb, the denial payload carries a `next_dispatch` field naming the recovery verb (typically `instruction`). You dispatch THAT verb next, not the same denied verb again. Retrying the denied verb without dispatching the recovery first escalates to `deviation.long-gap-retry-without-instruction` on the 2nd attempt. The gate's refusal IS the chain telling you the next step is the named verb.
|
|
41
|
+
Write the recall index only via `memorize-fire`; other surfaces produce memos the index never sees. Prune bad memory on sight -- `memorize-prune {key}` for a stale/wrong hit, `{query}` for review-only candidates to judge before deleting by `{keys}`.
|
|
54
42
|
|
|
55
43
|
## Dispatch
|
|
56
44
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
You flip mutables by dispatching `mutable-resolve` with body `{"mutable_id": "<id>", "witness_evidence": "<file:line | codesearch hit | exec snippet>"}`.
|
|
60
|
-
|
|
61
|
-
You flip PRD rows by dispatching `prd-resolve` with body `{"id": "<prd-item-id>", "witness_evidence": "<…>"}`. Bare text body (just the id) is also accepted but loses the witness audit trail. Do not pass `{prd_id, witness_evidence}` with the whole envelope nested as a string — the verb accepts `id` or `prd_id` at the top level alongside `witness_evidence`. A response with `deviation_kind: prd-resolve-unknown-id` means your id did not match a PRD row; you read the `hint` field and re-dispatch with the correct id, you do not retry blind.
|
|
45
|
+
Spool every exec. Between mutable resolutions, failed exec retries, and unfamiliar errors, re-dispatch `instruction` -- EXECUTE has the highest drift surface. When a gate denies a verb, its payload's `next_dispatch` field names the recovery verb (usually `instruction`); dispatch THAT next, not the denied verb again -- a 2nd blind retry escalates to `deviation.long-gap-retry-without-instruction`.
|
|
62
46
|
|
|
63
|
-
|
|
47
|
+
- Mutables: `mutable-resolve` body `{"mutable_id": "<id>", "witness_evidence": "<file:line | codesearch hit | exec snippet>"}`.
|
|
48
|
+
- PRD rows: `prd-resolve` body `{"id": "<id>", "witness_evidence": "<...>"}` (top-level `id`/`prd_id` beside `witness_evidence`; bare-id body works but loses the audit trail; never nest the whole envelope as a string). `deviation_kind: prd-resolve-unknown-id` means the id missed -- read the `hint` field and re-dispatch corrected, never blind.
|
|
49
|
+
- `transition` when the slice is closed and every mutable is witnessed; `transition to=PLAN` on a new unknown or reshaping discovery.
|
package/instructions/plan.md
CHANGED
|
@@ -1,43 +1,35 @@
|
|
|
1
1
|
# PLAN
|
|
2
2
|
|
|
3
|
-
YOU are the state machine. Plugkit is the synchronous library serving this prose;
|
|
3
|
+
YOU are the state machine. Plugkit is the synchronous library serving this prose; every state change is a verb you write into the spool, and nothing happens while you wait.
|
|
4
4
|
|
|
5
|
-
L1 baseline + L2 covering family. You loaded prior memory on entry
|
|
5
|
+
L1 baseline + L2 covering family. You loaded prior memory on entry via `instruction`.
|
|
6
6
|
|
|
7
7
|
## Orient
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
First non-trivial dispatch = a single-message parallel fan-out of `recall` + `codesearch` against the request's nouns. Hits are your baseline; misses delimit fresh ground to investigate. Skip orient and you commit to an unobserved envelope.
|
|
10
10
|
|
|
11
11
|
## Cover
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
Write the PRD as the central plan-item store (`|F|=1`): enumerate every content node as the closure of the destructive transform admissible over the session, a dependency DAG partitioned along dependency edges, not schedule. Reach permits the next node; the next node is in-scope. Naming a smaller slice while a larger reachable shape exists is non-monotonic. Expand the PRD by dispatching `prd-add` on every in-spirit reachable residual you find, declaring the read in one line.
|
|
14
14
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
Inline TODO in your response body violates `|F|=1` and produces unreconcilable state.
|
|
15
|
+
"Every possible" is the load-bearing test -- apply it to every noun, surface, transform, and output the request reaches; each application yields rows. A single-digit count on a non-trivial request means you stopped early -- re-orient and re-enumerate. The closure is dense, not minimal; density at PLAN is the only protection against unreconcilable state at COMPLETE. An inline TODO in the response body violates `|F|=1`.
|
|
18
16
|
|
|
19
17
|
## Expansion
|
|
20
18
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
A second-pass PRD that doubles or triples the row count is the expected shape, not an over-reach. Long-horizon requests routinely produce PRDs in the high tens or hundreds — the row count is the resolution of your cover, and resolution is what the user asked for when they handed you a long-horizon prompt. Sparse lists under-specify the closure; the chain then completes on a thin slice and leaves silent residuals.
|
|
19
|
+
Feed the first pass into a second transform: for every row, ask what every corner case, caveat, failure mode, adjacent-row interaction, degenerate input, and empty/overflow/reentry state looks like, and write those as new rows. Validations, edge cases, and anticipated mutables are first-class rows. Expansion closes when applying "every possible" yields nothing new, not when you feel done. A second-pass PRD that doubles or triples the count is the expected shape -- long-horizon requests routinely produce high-tens-to-hundreds; the row count is the resolution of the cover, which is what the user asked for. Sparse lists complete on a thin slice and leave silent residuals.
|
|
24
20
|
|
|
25
|
-
Cut the cover so the hardest reachable node comes first
|
|
21
|
+
Cut the cover so the hardest reachable node comes first: the row exercising the most failure modes at once -- the worst-case integration where concurrency, partial failure, and real input collide -- proves the design, so make it a first-class early row, not a deferred "once the easy parts work." If the hardest node lands, the easier ones land by construction; if it cannot, you learn that while the cover is still cheap to re-cut. Scheduling the stress test last validates nothing until it is too late to reshape.
|
|
26
22
|
|
|
27
23
|
## Noticing-to-PRD
|
|
28
24
|
|
|
29
|
-
Anything
|
|
25
|
+
Anything noticed during orient or expansion that is not yet a row -- outstanding work, an unfinished surface, an improvable shape, a preference misalignment, an adjacent concern -- is a `prd-add` this turn. Observations carried only in the response body evaporate; only the store survives. "We should also..." / "worth noting..." belongs in a row with the witness that motivated it. Structural noticing (no test coverage on X, docs missing on Y, prior commit Z violates a rule) and preference-aware noticing (state diverging from density-at-PLAN, residual-triage, push-on-clean, every-possible expansion, browser-witness coverage) convert the same way -- each its own row describing the aligned state.
|
|
30
26
|
|
|
31
27
|
## Mutables
|
|
32
28
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
Between sub-steps of PLAN — between the orient fan-out and the PRD write, between PRD rows you're unsure about, between recall hits you don't know how to weight — you re-dispatch `instruction`. Uncertainty is the signal to come back. You do not invent next steps from memory of the prose; you re-read.
|
|
29
|
+
Enter unknowns into `.gm/mutables.yml` via `mutable-add` with `status: unknown`; witness = `file:line`, codesearch hit, or exec output. Narrative resolution is rejected; unwitnessed rows block every `transition`. Between sub-steps -- orient and PRD write, rows you are unsure of, recall hits you cannot weight -- re-dispatch `instruction`; uncertainty is the signal to re-read, never to invent the next step from memory.
|
|
36
30
|
|
|
37
31
|
## Dispatch
|
|
38
32
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
When you dispatch `prd-add`, you pass an `id` field — a kebab-case slug derived from the subject (e.g. `dedupe-update-error`, `route-fastgrnn-port`). Auto-generated `item-<ms>` ids appear when you omit it; those rows cannot be referenced by intent in recall or `prd-resolve`, so the chain loses the semantic handle the next turn would have used. The id is your contract with the PRD store: every later dispatch that names the row uses the id you wrote.
|
|
33
|
+
Verbs: `recall`, `codesearch`, `prd-add`, `mutable-add`, `mutable-resolve`, `transition`. Plugkit holds phase on disk; you advance it by writing `transition`.
|
|
42
34
|
|
|
43
|
-
`prd-add`
|
|
35
|
+
`prd-add` takes an `id` -- a kebab-case slug from the subject (`dedupe-update-error`, `route-fastgrnn-port`). Omitting it yields an auto `item-<ms>` id that cannot be referenced by intent in recall or `prd-resolve`, losing the semantic handle. `prd-add` upserts by id: a fresh id appends (`{"added": id}`); an existing id rewrites in place (`{"rescoped": id}`), preserving position and every dependent that names it. This is the re-scope path -- re-entering PLAN from EXECUTE on a reshaping discovery, re-`prd-add` the affected row with its existing id and new scope; never delete-and-re-add (orphans the handle). Re-entry to PLAN is a first-class move, not a failure; the cover is meant to be re-cut whenever the work reveals the old shape was wrong.
|
|
@@ -1,43 +1,37 @@
|
|
|
1
1
|
# UPDATE-DOCS
|
|
2
2
|
|
|
3
|
-
YOU are the state machine. Plugkit is the synchronous library serving this prose;
|
|
3
|
+
YOU are the state machine. Plugkit is the synchronous library serving this prose; docs do not update themselves -- you dispatch every edit and every push.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Docs reflect the current state of the system, not its history. Every rule in AGENTS.md is present-tense -- what must or must-not be the case in code now. Past-tense framing, `(FIXED)` markers, dated audit entries, and "we used to X, now Y" belong in `git log` and `CHANGELOG.md`, never AGENTS.md.
|
|
6
6
|
|
|
7
7
|
## AGENTS.md and CLAUDE.md
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
Edit AGENTS.md/CLAUDE.md inline -- the top of the preserved hierarchy and the only doc that survives context summarization. `memorize-fire` is the parallel surface (`.gm/exec-spool/in/memorize-fire/<N>.txt`, raw text or `{text, namespace?}`) where `recall`/`auto_recall` retrieve the fact on future turns. AGENTS.md is the staging ground; the store is the recall surface. Migration is the agent's dual-write, not a file-scan: landing a load-bearing rule in AGENTS.md, fire the same rule to the store the same session so it surfaces in `auto_recall`. An automatic ingest cannot run -- the classifier cannot judge which paragraphs are recall-worthy rules vs narrative, so the agent judges at write time. Never pass `namespace:"AGENTS.md"` (mislabeled namespace); load-bearing rules go to the default namespace. Multiple facts = multiple parallel requests in one message.
|
|
10
10
|
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
**Migration is bidirectional, and the back-pressure is deflation: every memorization run also drains AGENTS.md.** AGENTS.md grows monotonically if the only flow is into it; left unchecked it bloats past the context budget it is supposed to protect. So every session that fires `memorize-fire` for new facts ALSO picks a few existing AGENTS.md entries that have become detail-heavy, single-crate, or single-platform — exactly the material the Documentation Policy says belongs in rs-learn, not in the top-level rule file — and exfiltrates them: `memorize-fire` the entry's substance to the default namespace, then delete or compress its AGENTS.md paragraph to a one-line pointer in the same commit. Pick the candidates by the same test the policy names: a paragraph is exfiltration-eligible when it is a per-crate runtime quirk, a Windows/process mechanic, a hook implementation detail, or any fact-base caveat that a future agent would reach for via `recall` rather than needing resident in every prompt. Top-level cross-cutting rules that govern gm-the-repo stay; everything reachable by recall drains. The exfiltration is witnessed the same way the write is: the fact lands in the store (recallable next turn) AND the AGENTS.md byte-count drops. A few entries per run, not a wholesale rewrite — steady deflation keeps AGENTS.md lean while the recall surface absorbs the detail. Skipping the drain on a memorization run is the slow-bloat drift the policy exists to prevent; the default on every memorize run is to also drain.
|
|
11
|
+
**Migration is bidirectional; the back-pressure is deflation -- every memorize run also drains AGENTS.md.** AGENTS.md grows monotonically if flow is only inward and bloats past the budget it protects. So every session firing `memorize-fire` for new facts ALSO picks a few existing AGENTS.md entries that have gone detail-heavy/single-crate/single-platform (the material the Documentation Policy assigns to rs-learn), `memorize-fire`s the substance to the default namespace, and deletes or compresses the paragraph to a one-line pointer in the same commit. Eligible = a per-crate runtime quirk, a Windows/process mechanic, a hook implementation detail, any fact-base caveat a future agent reaches for via `recall` rather than needing resident every prompt. Top-level cross-cutting rules stay; everything recall-reachable drains. Witnessed both ways: the fact lands in the store AND the byte-count drops. A few entries per run, never a wholesale rewrite. Skipping the drain is the slow-bloat drift the policy exists to prevent.
|
|
14
12
|
|
|
15
13
|
## README.md
|
|
16
14
|
|
|
17
|
-
|
|
15
|
+
Refresh to the surface a new reader actually encounters: remove every stale install step, version pin, and gone feature; add what you added this session if it changes the public surface.
|
|
18
16
|
|
|
19
17
|
## docs/index.html
|
|
20
18
|
|
|
21
|
-
|
|
19
|
+
Regenerate/hand-edit to the same surface. Site builds run from `site/`; the deployed `/` route renders from `site/content/pages/home.yaml` via flatspace. Route landing edits through `site/theme.mjs` (Hero) and the YAML, never `site/index.html` directly. `docs/styles.css` is generated from `site/input.css` -- append to the source, not the output.
|
|
22
20
|
|
|
23
21
|
## CHANGELOG.md
|
|
24
22
|
|
|
25
|
-
|
|
23
|
+
One entry per commit landed this session: the commit subject plus a one-sentence "why", no recipe. CHANGELOG carries the history AGENTS.md refuses.
|
|
26
24
|
|
|
27
25
|
## Commit and Push
|
|
28
26
|
|
|
29
|
-
|
|
27
|
+
Stage doc updates only -- never bundle them with code changes from earlier phases (committed at their own time). One commit, present-tense imperative subject. Push via the git verbs: `git_finalize {message}` bundles add -> commit -> porcelain-gate -> push in one dispatch, or `git_add` the doc paths then `git_commit` then `git_push`. The verbs gate on the porcelain probe internally and refuse a dirty tree (`deviation.push-dirty`); a raw `git` shell body is gated `deviation.bash-git-bypass`. If you ever fall back to raw Bash git, the porcelain probe must be its own `Bash(git status --porcelain)` tool-use event before the push (not `&&`-chained) -- ccsniff `--git-discipline` scans the last 20 Bash tool-use events for the porcelain regex, and `add && commit && push` in one event has no witness. A doc commit stages only paths matching AGENTS.md, CLAUDE.md, README.md, SKILLS.md, CHANGELOG.md, LICENSE*, docs/**, or site/**; any non-doc path means you bundled phases -- split it out before staging. The push triggers the docs pipeline and IS the validation dispatch.
|
|
30
28
|
|
|
31
29
|
## COMPLETE
|
|
32
30
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
**Once `phase=COMPLETE` and `prd_pending_count=0`, the chain is closed.** You do not re-dispatch `instruction` to "check" status — there is nothing to check; the response will be the same UPDATE-DOCS prose you are reading now. You do not dispatch every possible other verb either — the dispatch surface is closed. The session ends. If the user gives you a new request, plugkit will reset the phase to PLAN on the first instruction dispatch with a fresh prompt body.
|
|
31
|
+
Terminal phase. After the push lands, dispatch `transition` to COMPLETE; plugkit records the chain concluded.
|
|
36
32
|
|
|
37
|
-
Re-dispatching instruction on a COMPLETE chain with no new prompt is a deviation
|
|
33
|
+
**Once `phase=COMPLETE` and `prd_pending_count=0`, the chain is closed.** Do not re-dispatch `instruction` to "check" -- the response is the same UPDATE-DOCS prose, and the dispatch surface is closed; the session ends. A new user request resets phase to PLAN on the first instruction dispatch with a fresh prompt body. Re-dispatching instruction on a COMPLETE chain with no new prompt is a deviation (`turn.start`/`turn.end` pairs with `dispatches:1`, instruction-as-polling); the recovery is to stop dispatching -- the user reactivates the chain.
|
|
38
34
|
|
|
39
35
|
## Dispatch
|
|
40
36
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
Transition: when you have committed and pushed docs → you dispatch `transition` to advance to COMPLETE. Chain done.
|
|
37
|
+
`phase-status` to confirm chain state, then `transition` to COMPLETE if not already. After COMPLETE lands, stop.
|
package/instructions/verify.md
CHANGED
|
@@ -1,71 +1,61 @@
|
|
|
1
1
|
# VERIFY
|
|
2
2
|
|
|
3
|
-
YOU are the state machine. Plugkit
|
|
3
|
+
YOU are the state machine. Plugkit does not validate in the background -- you read the four observations and decide whether to `transition`.
|
|
4
4
|
|
|
5
|
-
L3 trajectory;
|
|
5
|
+
L3 trajectory; `transition` iff every observation is convergent.
|
|
6
6
|
|
|
7
7
|
```
|
|
8
8
|
[worktree-clean] [remote-pushed] [prd-empty] [mutables-witnessed]
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
-
|
|
11
|
+
All four true = convergence -> `transition`. Any false defers, holds, or regresses.
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
## Push and worktree-clean
|
|
14
14
|
|
|
15
|
-
The `git_push` verb is the only admissible push surface,
|
|
15
|
+
The `git_push` verb is the only admissible push surface, any repo, any cwd; it runs the `[worktree-clean]` porcelain probe internally and refuses a dirty tree. `git_finalize {message}` bundles add -> commit -> probe -> push. Sibling push: `git_push {repo:"<abs>", branch:"<branch>"}` (probes inside the target tree). A raw `git` shell body is gated `deviation.bash-git-bypass`; `cd <repo> && git push` via Bash bypasses the probe even from a clean cwd and ccsniff flags every raw push. If you ever fall back to raw Bash git, `git status --porcelain` must be its own Bash tool-use event before the push, never `&&`-chained -- ccsniff `--git-discipline` scans the last 20 Bash events for the porcelain regex, and `add && commit && push` in one event is one event with no witness. Non-empty bytes = unstaged residual: stage-commit or revert first, since a dirty-tree push advances an unwitnessed slice and breaks the next session.
|
|
16
16
|
|
|
17
17
|
## CI
|
|
18
18
|
|
|
19
|
-
The push
|
|
19
|
+
The push IS the validation dispatch. Local proof covers one platform; the matrix covers all. Red = a divergent observation that holds the trajectory until you name the cause and push green; toolchain skew is an observation to converge, not stop.
|
|
20
20
|
|
|
21
21
|
## Integration witness
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
Write `test.js` at root, 200-line ceiling, real services only. Pass = integration witness; on fail `transition` back to EXECUTE. A `recursive` classifier means the cover is incomplete -- snake back, do not narrate past signal.
|
|
24
24
|
|
|
25
25
|
## Residual-scan
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
Run `residual-scan` before COMPLETE; it examines the open surface (PRD pending, browser sessions, dirty tree, untracked artifacts, browser-witness coverage for client-side files modified this session). Non-empty = non-convergent -> expand the PRD with the reachable in-spirit residual via `prd-add` and re-execute. One-shot per stop window via marker. `reason: "browser sessions still open"` -> close each (`browser` `session close <id>`; `session list` enumerates); retrying the scan without closing is the idle-mid-chain/polling deviation -- the denial names the next verb, dispatch it.
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
Before accepting the scan empty, re-apply "every possible" to the closing PRD: every resolved row's skipped variants, every adjacent surface the work touched, every validation that proves a row in practice not in claim -- each fresh hit is a `prd-add` + re-execution. A clean scan on a short PRD for a long-horizon prompt is a false negative. Noticing-to-PRD is unchanged: anything observed while testing/reading diffs/inspecting closing state converts this turn and re-executes; stopping at "tests pass" while noticing named follow-on work is the canonical VERIFY drift.
|
|
30
30
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
Noticing-to-PRD is unchanged in VERIFY — anything you observe while running tests, while reading diffs, while inspecting the closing state that is not yet a PRD row converts this turn. If the validation surfaces a related concern (a path the test didn't exercise, a config the artifact depends on, a doc that should mention the change, a user preference the diff does not yet honor), you dispatch `prd-add` and re-execute the chain. Stopping at "tests pass" when noticing has named follow-on work is the canonical VERIFY drift. The chain accepts a stop only when noticing has nothing new to say AND every row has its witness.
|
|
34
|
-
|
|
35
|
-
**Every entry in `git status --porcelain` is triaged this turn — "pre-existing" is not a stop excuse.** When residual-scan reports `worktree dirty`, every modified or untracked path is your decision now: commit (real session or upstream work landed in the tree), add to the managed gitignore block between `# >>> plugkit managed` markers (transient runtime emission like `.gm/witness/` or `.gm/exec-spool/.*-stale.json`), or revert (stale junk). The label "pre-existing residual" only names the triage *outcome* — never the stopping condition. `blockedBy: external` is admissible only when triage requires authority outside this session (another team's repo, a hardware credential, an owner-only decision visible to no in-process actor). For files visible in your local tree, the agent always has authority; declaring "pre-existing, can't touch" on local files wedges the chain at VERIFY and is the canonical drift mechanism. Disciplines (`.gm/disciplines/`) are tracked, never ignored — new memorize-fire `mem-*.json` get committed alongside their session's work.
|
|
31
|
+
**Every `git status --porcelain` entry is triaged this turn -- "pre-existing" is not a stop excuse.** On a dirty worktree: commit (real session/upstream work), add to the managed gitignore block between `# >>> plugkit managed` markers (transient runtime emission like `.gm/witness/` or `.gm/exec-spool/.*-stale.json`), or revert (stale junk). "Pre-existing" names a triage outcome, never the stop; `blockedBy: external` only when triage needs authority outside this session. For local-tree files you always have authority. `.gm/disciplines/` is tracked; new memorize-fire `mem-*.json` get committed.
|
|
36
32
|
|
|
37
33
|
## Browser-witness coverage
|
|
38
34
|
|
|
39
|
-
Before
|
|
35
|
+
Before COMPLETE, every client-side file touched this session must have a `browser.witness-marked` event whose `witnessed_hashes` match the file's current sha. The check enumerates every changed `.html .js .jsx .ts .tsx .vue .svelte .mjs .css` (or HTML-imported path); mismatch/absence fires `deviation.browser-witness-hash-mismatch`/`deviation.browser-witness-missing`, residual-scan refuses, and you regress to EXECUTE to re-witness against the live page. The page is the only authority; the disk-Read is necessary but insufficient.
|
|
40
36
|
|
|
41
37
|
## Trace to a human outcome
|
|
42
38
|
|
|
43
|
-
Before
|
|
39
|
+
Before accepting the slice convergent, trace every shipped change to a human outcome -- a capability gained, a wait removed, a failure no longer hit, a developer the interface stops fighting. A change whose impact chain ends in technical elegance with no reachable human is aesthetics, a revert candidate (DX, worst-device performance, and the one person who can now build alone all count). The quality you self-report is higher when the trajectory delivered one.
|
|
44
40
|
|
|
45
41
|
## Witness over claim
|
|
46
42
|
|
|
47
|
-
|
|
43
|
+
Attach `witness_evidence` of the admitted form to every mutable in the closing slice. Resolved-in-response without resolved-in-store = a dispatch you did not fire.
|
|
48
44
|
|
|
49
45
|
## Completion
|
|
50
46
|
|
|
51
|
-
The chain enters COMPLETE when your
|
|
52
|
-
|
|
53
|
-
**Done is plugkit's pronouncement, not yours.** You do not decide when the work is done. Plugkit decides — through the COMPLETE gate, the four-observation window, and the on-disk state file. If you "feel done" but the gate denies, you are not done. If the gate allows but you have not yet dispatched `transition`, you are not done. If `transition` returns anything but COMPLETE, you are not done. The agent that announces "I'm finished" before plugkit's gate flips is the agent that has stopped dispatching and started narrating. The cure is to dispatch `phase-status` and read what plugkit actually says.
|
|
54
|
-
|
|
55
|
-
**Always seek the next state transition.** If the chain is not at COMPLETE, there is a next transition to seek. Idle is a deviation. "Waiting for the user" mid-chain is a deviation (the user authorized the closure at request time; they do not need to re-authorize each phase). When you finish a verb and do not immediately know the next, you dispatch `instruction` and read it. When `phase-status` shows a non-terminal phase, you act on it — you do not stop. The chain's natural state is motion toward COMPLETE; rest is the exception that requires plugkit's pronouncement.
|
|
56
|
-
|
|
57
|
-
Between every possible pair of the four observations, between residual-scan and COMPLETE, between push and transition — you re-dispatch `instruction`. VERIFY is where premature COMPLETE happens; the recovery primitive prevents it.
|
|
47
|
+
The chain enters COMPLETE only when your `transition` returns COMPLETE phase; the on-disk state file moves only on a `transition`. **Done is plugkit's pronouncement, not yours** -- gate denies -> not done; gate allows but no `transition` dispatched -> not done; `transition` returns non-COMPLETE -> not done. Announcing "I'm finished" before the gate flips is narrating; the cure is `phase-status`. Not-COMPLETE means a next transition exists; idle and "waiting for the user" mid-chain are deviations (closure was authorized at request time). Between the four observations, between residual-scan and COMPLETE, between push and transition, re-dispatch `instruction` -- VERIFY is where premature COMPLETE happens.
|
|
58
48
|
|
|
59
|
-
**You close rs-learn's learning loop here
|
|
49
|
+
**You close rs-learn's learning loop here -- you are the model in the loop and hold the one signal every core needs: how well this turn went.** Before COMPLETE, self-report turn quality 0.0-1.0 (1.0 = clean convergent walk, no deviations, pushed, gate-allowed; lower as deviations/rework accumulate). That number drives every core, none of which can observe it without you:
|
|
60
50
|
|
|
61
|
-
- **
|
|
62
|
-
- **
|
|
63
|
-
- **
|
|
51
|
+
- **Instant MicroLoRA adapter:** rank-2 head over the 384-dim bge embeddings emitting a per-target re-rank logit `B*(A*embedding)` (does not reshape the vector). Meaningful only with >=2 enabled disciplines; default-only = correct no-op, skip. With >=2: init once per session `learn {verb:init_instant, body:{targets:[<enabled namespaces>]}}`, then `learn {verb:feedback, body:{embedding:<bge embedding of this turn's task>, payload:{quality:<0-1>}}}` -- high quality shifts the helpful namespace's logit up so recall promotes it.
|
|
52
|
+
- **FastGRNN router:** `learn {verb:record_outcome, body:{target:"<your model id>", quality:<0-1>}}` so the next `route_hint` reflects learned outcomes.
|
|
53
|
+
- **Deep EWC core** and **GAT attention relation weights** take the same quality as `record_loss` / `nudge_relation`.
|
|
64
54
|
|
|
65
|
-
rs-learn never calls
|
|
55
|
+
rs-learn never calls a model; it emits the need and you supply the answer. Skipping the self-report leaves the cores untrained.
|
|
66
56
|
|
|
67
|
-
**
|
|
57
|
+
**No summary, no prose-only turn here.** A summary, recap, announced-but-undispatched next move, or any tool-less message IS a stop -- VERIFY is where the temptation peaks. Until this surface returns phase=COMPLETE after your `transition`, every turn ends in a verb (`phase-status`, `residual-scan`, the push verbs, `instruction`, `transition`). Catching yourself composing a summary IS the drift signal -> dispatch `phase-status` instead.
|
|
68
58
|
|
|
69
59
|
## Dispatch
|
|
70
60
|
|
|
71
|
-
|
|
61
|
+
`transition` to COMPLETE only when the four-observation window is fully true; the handler hard-rejects while any open mutable or PRD item remains.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "gm-plugkit",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.1552",
|
|
4
4
|
"description": "Bootstrap and daemon-spawn tool for gm plugkit binary. Downloads the correct platform binary, verifies SHA256, and starts the spool watcher daemon. Includes plugkit-wasm-wrapper for WASM-based spool watching.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"bin": {
|
package/plugkit.version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.1.
|
|
1
|
+
0.1.645
|