gsdd-cli 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +528 -0
- package/agents/DISTILLATION.md +306 -0
- package/agents/README.md +53 -0
- package/agents/debugger.md +82 -0
- package/agents/executor.md +394 -0
- package/agents/integration-checker.md +318 -0
- package/agents/mapper.md +103 -0
- package/agents/planner.md +296 -0
- package/agents/researcher.md +84 -0
- package/agents/roadmapper.md +296 -0
- package/agents/synthesizer.md +236 -0
- package/agents/verifier.md +337 -0
- package/bin/adapters/agents.mjs +33 -0
- package/bin/adapters/claude.mjs +145 -0
- package/bin/adapters/codex.mjs +58 -0
- package/bin/adapters/index.mjs +20 -0
- package/bin/adapters/opencode.mjs +237 -0
- package/bin/gsdd.mjs +102 -0
- package/bin/lib/cli-utils.mjs +28 -0
- package/bin/lib/health.mjs +248 -0
- package/bin/lib/init.mjs +379 -0
- package/bin/lib/manifest.mjs +134 -0
- package/bin/lib/models.mjs +379 -0
- package/bin/lib/phase.mjs +237 -0
- package/bin/lib/rendering.mjs +95 -0
- package/bin/lib/templates.mjs +207 -0
- package/distilled/DESIGN.md +1286 -0
- package/distilled/README.md +169 -0
- package/distilled/SKILL.md +85 -0
- package/distilled/templates/agents.block.md +90 -0
- package/distilled/templates/agents.md +13 -0
- package/distilled/templates/auth-matrix.md +78 -0
- package/distilled/templates/codebase/architecture.md +110 -0
- package/distilled/templates/codebase/concerns.md +95 -0
- package/distilled/templates/codebase/conventions.md +193 -0
- package/distilled/templates/codebase/stack.md +96 -0
- package/distilled/templates/delegates/mapper-arch.md +26 -0
- package/distilled/templates/delegates/mapper-concerns.md +27 -0
- package/distilled/templates/delegates/mapper-quality.md +28 -0
- package/distilled/templates/delegates/mapper-tech.md +25 -0
- package/distilled/templates/delegates/plan-checker.md +55 -0
- package/distilled/templates/delegates/researcher-architecture.md +30 -0
- package/distilled/templates/delegates/researcher-features.md +30 -0
- package/distilled/templates/delegates/researcher-pitfalls.md +30 -0
- package/distilled/templates/delegates/researcher-stack.md +30 -0
- package/distilled/templates/delegates/researcher-synthesizer.md +31 -0
- package/distilled/templates/research/architecture.md +57 -0
- package/distilled/templates/research/features.md +23 -0
- package/distilled/templates/research/pitfalls.md +46 -0
- package/distilled/templates/research/stack.md +45 -0
- package/distilled/templates/research/summary.md +67 -0
- package/distilled/templates/roadmap.md +62 -0
- package/distilled/templates/spec.md +110 -0
- package/distilled/workflows/audit-milestone.md +220 -0
- package/distilled/workflows/execute.md +270 -0
- package/distilled/workflows/map-codebase.md +246 -0
- package/distilled/workflows/new-project.md +418 -0
- package/distilled/workflows/pause.md +121 -0
- package/distilled/workflows/plan.md +383 -0
- package/distilled/workflows/progress.md +199 -0
- package/distilled/workflows/quick.md +187 -0
- package/distilled/workflows/resume.md +152 -0
- package/distilled/workflows/verify.md +307 -0
- package/package.json +45 -0
|
@@ -0,0 +1,193 @@
|
|
|
1
|
+
# Codebase Conventions
|
|
2
|
+
|
|
3
|
+
**Analysis Date:** [YYYY-MM-DD]
|
|
4
|
+
|
|
5
|
+
<guidelines>
|
|
6
|
+
- This document is durable intent (rules/patterns), not a directory dump.
|
|
7
|
+
- Be prescriptive. If 80%+ of the codebase follows a pattern, document it as a rule ("Use X"), not as a survey ("Sometimes X").
|
|
8
|
+
- Every non-trivial claim must include at least one concrete file path example.
|
|
9
|
+
- Prefer "how to do it here" over general best practices.
|
|
10
|
+
- Capture testing and mocking boundaries explicitly ("what NOT to mock"). Missing boundaries cause broken tests and slow CI.
|
|
11
|
+
- Capture external integration patterns (webhook verification, auth session management). Missing these causes security vulnerabilities.
|
|
12
|
+
</guidelines>
|
|
13
|
+
|
|
14
|
+
## Naming Patterns
|
|
15
|
+
|
|
16
|
+
Files:
|
|
17
|
+
- [Pattern observed]
|
|
18
|
+
|
|
19
|
+
Functions:
|
|
20
|
+
- [Pattern observed]
|
|
21
|
+
|
|
22
|
+
Variables:
|
|
23
|
+
- [Pattern observed]
|
|
24
|
+
|
|
25
|
+
Types:
|
|
26
|
+
- [Pattern observed]
|
|
27
|
+
|
|
28
|
+
## Code Style
|
|
29
|
+
|
|
30
|
+
Formatting:
|
|
31
|
+
- Tool: [Tool used]
|
|
32
|
+
- Key settings: [Key settings]
|
|
33
|
+
|
|
34
|
+
Linting:
|
|
35
|
+
- Tool: [Tool used]
|
|
36
|
+
- Key rules: [Key rules]
|
|
37
|
+
|
|
38
|
+
## Import Organization
|
|
39
|
+
|
|
40
|
+
Order:
|
|
41
|
+
1. [First group]
|
|
42
|
+
2. [Second group]
|
|
43
|
+
3. [Third group]
|
|
44
|
+
|
|
45
|
+
Path aliases:
|
|
46
|
+
- [Aliases used]
|
|
47
|
+
|
|
48
|
+
## Error Handling
|
|
49
|
+
|
|
50
|
+
Patterns:
|
|
51
|
+
- [How errors are handled]
|
|
52
|
+
- Examples: `[file paths]`
|
|
53
|
+
|
|
54
|
+
## Logging
|
|
55
|
+
|
|
56
|
+
Framework:
|
|
57
|
+
- [Tool or "console"]
|
|
58
|
+
|
|
59
|
+
Patterns:
|
|
60
|
+
- [When/how to log]
|
|
61
|
+
- Examples: `[file paths]`
|
|
62
|
+
|
|
63
|
+
## Module / Function Design
|
|
64
|
+
|
|
65
|
+
Function size:
|
|
66
|
+
- [Guidelines]
|
|
67
|
+
|
|
68
|
+
Parameters:
|
|
69
|
+
- [Pattern]
|
|
70
|
+
|
|
71
|
+
Return values:
|
|
72
|
+
- [Pattern]
|
|
73
|
+
|
|
74
|
+
Exports:
|
|
75
|
+
- [Pattern]
|
|
76
|
+
|
|
77
|
+
## Convention Adoption Rates
|
|
78
|
+
|
|
79
|
+
For each major convention documented above, estimate adoption rate using grep-counting (count occurrences in production source files, exclude `node_modules`, `vendor`, generated files). Use the format `~N% (stable|rising|declining)`.
|
|
80
|
+
|
|
81
|
+
- Pattern requires ≥5 occurrences to estimate; below that, write "prevalence unknown — seen in multiple files."
|
|
82
|
+
- Trend signal: stable = consistent across file age, rising = newer files adopt more, declining = older files adopt more.
|
|
83
|
+
|
|
84
|
+
Examples:
|
|
85
|
+
- Constructor injection: `~84% (declining)` — 37 of 44 service classes; newer files use factory functions
|
|
86
|
+
- camelCase exports: `~100% (stable)` — enforced by lint rule, zero violations found
|
|
87
|
+
- Inline error handling: `~62% (rising)` — 18 of 29 handlers; recent PRs consistently use this
|
|
88
|
+
|
|
89
|
+
Replace examples with findings from this codebase.
|
|
90
|
+
|
|
91
|
+
## Testing And Mocking (High-Leverage)
|
|
92
|
+
|
|
93
|
+
Test types used:
|
|
94
|
+
- Unit: [yes/no] (runner: [tool]) - examples: `[file paths]`
|
|
95
|
+
- Integration: [yes/no] - examples: `[file paths]`
|
|
96
|
+
- E2E: [yes/no] - examples: `[file paths]`
|
|
97
|
+
|
|
98
|
+
Where tests live:
|
|
99
|
+
- Unit tests: `[path pattern]`
|
|
100
|
+
- Integration tests: `[path pattern]`
|
|
101
|
+
- E2E tests: `[path pattern]`
|
|
102
|
+
|
|
103
|
+
Fixtures and factories:
|
|
104
|
+
- Where fixtures live: `[path pattern]`
|
|
105
|
+
- Preferred factory pattern: [pattern]
|
|
106
|
+
|
|
107
|
+
Mocking boundaries (explicit):
|
|
108
|
+
- Do mock: [what is safe to mock here]
|
|
109
|
+
- Do NOT mock: [what must remain real]
|
|
110
|
+
- Why: [rationale grounded in this codebase]
|
|
111
|
+
- Examples: `[file paths]`
|
|
112
|
+
|
|
113
|
+
External calls:
|
|
114
|
+
- Network calls in tests: [allowed/blocked]
|
|
115
|
+
- How HTTP is stubbed: [pattern] - examples: `[file paths]`
|
|
116
|
+
- DB usage in tests: [pattern] - examples: `[file paths]`
|
|
117
|
+
|
|
118
|
+
CI reliability rules:
|
|
119
|
+
- Timeouts: [standard value if any]
|
|
120
|
+
- Flake policy: [rerun policy or "none"]
|
|
121
|
+
- Test parallelism constraints: [if any]
|
|
122
|
+
|
|
123
|
+
<good_examples>
|
|
124
|
+
Example (good):
|
|
125
|
+
- "All HTTP clients must be injected via `src/lib/http/client.ts` and mocked via `test/utils/mockHttp.ts` (do NOT mock `fetch` directly). See `src/services/billing.ts` and `test/services/billing.test.ts`."
|
|
126
|
+
- "Integration tests use a real Postgres via Docker Compose. Do NOT mock DB queries; instead use `test/fixtures/dbSeed.ts`. See `test/integration/users.test.ts`."
|
|
127
|
+
|
|
128
|
+
Example (bad):
|
|
129
|
+
- "We use Jest and sometimes integration tests." (no paths, no boundaries, no rules)
|
|
130
|
+
</good_examples>
|
|
131
|
+
|
|
132
|
+
## External Integration Patterns (Security-Critical)
|
|
133
|
+
|
|
134
|
+
Capture these only if external integrations exist. Missing these causes subtle security bugs.
|
|
135
|
+
|
|
136
|
+
### Webhook Verification
|
|
137
|
+
- Webhook endpoints: `[paths]`
|
|
138
|
+
- Signature verification method: [HMAC-SHA256 / provider-specific / none]
|
|
139
|
+
- Where verification happens: `[file path]` (middleware? route handler?)
|
|
140
|
+
- Verified before or after parsing payload: [before — always verify raw body]
|
|
141
|
+
- Do NOT: parse JSON before verifying signature (timing attacks)
|
|
142
|
+
- Examples: `[file paths for webhook handlers]`
|
|
143
|
+
|
|
144
|
+
### Authentication and Session Management
|
|
145
|
+
- Auth provider: [JWT / session cookie / OAuth / API key / none]
|
|
146
|
+
- Token storage (client): [httpOnly cookie / localStorage / memory]
|
|
147
|
+
- Token storage (server): [Redis / DB / stateless]
|
|
148
|
+
- Refresh logic: [how tokens are refreshed, where that code lives]
|
|
149
|
+
- Where auth is enforced: [middleware path / per-route / both]
|
|
150
|
+
- Protected vs public routes: [pattern or file]
|
|
151
|
+
- Do NOT: store tokens in localStorage for sensitive apps (XSS risk)
|
|
152
|
+
- Examples: `[file paths for auth middleware]`
|
|
153
|
+
|
|
154
|
+
### Environment Configuration
|
|
155
|
+
- Config loading: `[file path]` (e.g., `src/config/index.ts`)
|
|
156
|
+
- Environment-specific overrides: [dev/staging/prod distinction]
|
|
157
|
+
- Secrets access pattern: [env var / secrets manager / vault]
|
|
158
|
+
- Do NOT: hardcode secrets; do NOT commit `.env` files
|
|
159
|
+
- Examples: `[file paths]`
|
|
160
|
+
|
|
161
|
+
### Observability Hooks
|
|
162
|
+
- Request logging: [tool + where it's configured]
|
|
163
|
+
- Error tracking: [tool + integration file path]
|
|
164
|
+
- Performance monitoring: [tool + integration point]
|
|
165
|
+
- Health check endpoint: `[path]` (e.g., `/health`)
|
|
166
|
+
- Examples: `[file paths]`
|
|
167
|
+
|
|
168
|
+
<good_examples>
|
|
169
|
+
Example (good):
|
|
170
|
+
- "Stripe webhooks are verified via `src/webhooks/stripe.ts:verifyStripeSignature()` using the raw request body before JSON parsing. Do NOT route Stripe events through the JSON body parser middleware. See `src/middleware/webhooks.ts`."
|
|
171
|
+
- "Auth tokens are httpOnly cookies (not localStorage). Refresh happens via `src/auth/refresh.ts` called by the global axios interceptor. Token expiry = 15min access, 7-day refresh. See `src/lib/http.ts`."
|
|
172
|
+
- "All secrets come from env vars loaded via `src/config/env.ts`. Never read `process.env` directly outside that file. Dev/staging/prod configs are in `.env.example`, `.env.staging`, `.env.production` (secrets redacted, committed)."
|
|
173
|
+
|
|
174
|
+
Example (bad):
|
|
175
|
+
- "We use JWT and have some webhooks." (no paths, no security rules, no boundaries)
|
|
176
|
+
</good_examples>
|
|
177
|
+
|
|
178
|
+
## Golden Files
|
|
179
|
+
|
|
180
|
+
Identify 3–5 files that best exemplify this codebase's conventions. Selection algorithm: highest density of documented conventions in production feature files (not scaffolding, not generated code, not test files).
|
|
181
|
+
|
|
182
|
+
Format: `file path — what makes it a good example`
|
|
183
|
+
|
|
184
|
+
- `[path/to/file.ts]` — [which conventions it demonstrates, e.g., "named exports, constructor injection, custom error class, full test coverage"]
|
|
185
|
+
- `[path/to/file.ts]` — [conventions it demonstrates]
|
|
186
|
+
- `[path/to/file.ts]` — [conventions it demonstrates]
|
|
187
|
+
|
|
188
|
+
If no single file exemplifies multiple conventions, list the best per-category file instead.
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
*Convention analysis: [date]*
|
|
193
|
+
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
# Codebase Stack
|
|
2
|
+
|
|
3
|
+
**Analysis Date:** [YYYY-MM-DD]
|
|
4
|
+
|
|
5
|
+
<guidelines>
|
|
6
|
+
- List versions only when they matter (compatibility, breaking changes, reproducibility).
|
|
7
|
+
- Prefer commands and sources of truth (package.json, lockfiles, tool config) over memory.
|
|
8
|
+
- Capture the minimum needed for another agent to run, test, and ship changes safely.
|
|
9
|
+
- Include concrete commands and file paths.
|
|
10
|
+
</guidelines>
|
|
11
|
+
|
|
12
|
+
## Languages
|
|
13
|
+
|
|
14
|
+
Primary:
|
|
15
|
+
- [Language] [Version if relevant] - used in: `[paths]`
|
|
16
|
+
|
|
17
|
+
Secondary:
|
|
18
|
+
- [Language] [Version if relevant] - used in: `[paths]`
|
|
19
|
+
|
|
20
|
+
## Runtime
|
|
21
|
+
|
|
22
|
+
Environment:
|
|
23
|
+
- [Runtime] [Version if relevant]
|
|
24
|
+
|
|
25
|
+
Package manager:
|
|
26
|
+
- [Manager] [Version if relevant]
|
|
27
|
+
- Lockfile: [present/missing] - `[path]`
|
|
28
|
+
|
|
29
|
+
## Frameworks And Tooling
|
|
30
|
+
|
|
31
|
+
Core framework(s):
|
|
32
|
+
- [Framework] [Version if relevant] - purpose: [purpose]
|
|
33
|
+
|
|
34
|
+
Testing:
|
|
35
|
+
- [Tool] [Version if relevant] - purpose: [purpose]
|
|
36
|
+
|
|
37
|
+
Build / dev:
|
|
38
|
+
- [Tool] [Version if relevant] - purpose: [purpose]
|
|
39
|
+
|
|
40
|
+
Lint / format:
|
|
41
|
+
- [Tool] - config: `[path]`
|
|
42
|
+
|
|
43
|
+
## Key Dependencies (Only What Drives Architecture)
|
|
44
|
+
|
|
45
|
+
Critical libraries:
|
|
46
|
+
- [Package] - why it matters: [reason] - examples: `[paths]`
|
|
47
|
+
|
|
48
|
+
Infra/observability:
|
|
49
|
+
- [Package] - purpose: [reason] - config: `[paths]`
|
|
50
|
+
|
|
51
|
+
## Must-Know Packages
|
|
52
|
+
|
|
53
|
+
Flag 3–5 packages that new contributors must understand before making changes. These are not necessarily the most-used packages — they are the ones where misuse causes hard-to-debug problems.
|
|
54
|
+
|
|
55
|
+
Each entry: `package-name — why it's critical — risk: low|medium|high — common mistake: what goes wrong`
|
|
56
|
+
|
|
57
|
+
Risk levels: low (causes build errors — immediately visible), medium (causes runtime bugs — visible in testing), high (causes data corruption or silent failures — hard to detect).
|
|
58
|
+
|
|
59
|
+
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
60
|
+
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
61
|
+
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
62
|
+
|
|
63
|
+
## How To Run
|
|
64
|
+
|
|
65
|
+
Install:
|
|
66
|
+
- Command(s): `[commands]`
|
|
67
|
+
|
|
68
|
+
Dev:
|
|
69
|
+
- Command(s): `[commands]`
|
|
70
|
+
|
|
71
|
+
Test:
|
|
72
|
+
- Command(s): `[commands]`
|
|
73
|
+
|
|
74
|
+
Build:
|
|
75
|
+
- Command(s): `[commands]`
|
|
76
|
+
|
|
77
|
+
## Configuration
|
|
78
|
+
|
|
79
|
+
Env:
|
|
80
|
+
- How configured: [dotenv, env vars, config files]
|
|
81
|
+
- Key config files: `[paths]`
|
|
82
|
+
|
|
83
|
+
CI/CD:
|
|
84
|
+
- CI location: `[path]`
|
|
85
|
+
- Main checks: [list]
|
|
86
|
+
|
|
87
|
+
<good_examples>
|
|
88
|
+
Example (good):
|
|
89
|
+
- "Node 20, pnpm. Install: `pnpm i`. Tests: `pnpm test` (Vitest) + `pnpm test:e2e` (Playwright). Formatting: Prettier (`.prettierrc`). Lint: ESLint (`eslint.config.mjs`)."
|
|
90
|
+
- "DB migrations run via `pnpm db:migrate` (see `package.json` scripts)."
|
|
91
|
+
</good_examples>
|
|
92
|
+
|
|
93
|
+
---
|
|
94
|
+
|
|
95
|
+
*Stack analysis: [date]*
|
|
96
|
+
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/mapper.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
Map the architecture and structure of this codebase. Read key source files to understand component boundaries, data flow, and patterns.
|
|
4
|
+
|
|
5
|
+
Write ARCHITECTURE.md to `.planning/codebase/` using the template at `.planning/templates/codebase/architecture.md`.
|
|
6
|
+
|
|
7
|
+
Include:
|
|
8
|
+
- Major components and their responsibilities (what belongs in each, what doesn't)
|
|
9
|
+
- Data flow direction (not just "they communicate" — which way does data move)
|
|
10
|
+
- "Change Routing" table: where to add new code by change type (new endpoint? new model? new UI component?)
|
|
11
|
+
- Key architectural patterns used (e.g., event-driven, layered, modular monolith)
|
|
12
|
+
- Golden files per layer: for each major layer, the single most-imported file (highest inbound import count = most stable, most understood); use import frequency as the signal, not judgment
|
|
13
|
+
|
|
14
|
+
**Anti-staleness:** Do NOT include static directory trees or full file inventories. DO include file paths for key components, entry points, and architectural boundaries (e.g., `src/services/user.ts`) -- downstream agents navigate directly to files.
|
|
15
|
+
|
|
16
|
+
<quality_gate>
|
|
17
|
+
- [ ] Components have clear responsibility boundaries
|
|
18
|
+
- [ ] Data flow direction is explicit
|
|
19
|
+
- [ ] Change Routing table is populated (where to add new code by type)
|
|
20
|
+
- [ ] Hard-to-reverse architectural decisions flagged
|
|
21
|
+
- [ ] Golden files table populated with at least one file per major layer
|
|
22
|
+
</quality_gate>
|
|
23
|
+
|
|
24
|
+
Write to: `.planning/codebase/ARCHITECTURE.md`
|
|
25
|
+
Return: 3-5 sentence summary to the Orchestrator when done.
|
|
26
|
+
Guardrails: Max Agent Hops = 3. No static directory dumps.
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/mapper.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
Map the technical debt, security concerns, and risks in this codebase.
|
|
4
|
+
|
|
5
|
+
**Security check first (hard stop):** Follow the Hard stop directive in `.planning/templates/roles/mapper.md` — grep for secrets before writing anything. If found: STOP and report to Orchestrator immediately.
|
|
6
|
+
|
|
7
|
+
If no secrets found, write CONCERNS.md to `.planning/codebase/` using the template at `.planning/templates/codebase/concerns.md`.
|
|
8
|
+
|
|
9
|
+
Include:
|
|
10
|
+
- Known bugs or fragile areas (with file references where possible)
|
|
11
|
+
- Security vulnerabilities or missing validations
|
|
12
|
+
- Performance bottlenecks
|
|
13
|
+
- Missing test coverage for critical paths
|
|
14
|
+
- Deprecated or end-of-life dependencies
|
|
15
|
+
- Downstream impact ranking: top 3 concerns ranked by how much future work they block (concerns blocking multiple change-routing rows from ARCHITECTURE.md rank highest, not just by severity)
|
|
16
|
+
|
|
17
|
+
<quality_gate>
|
|
18
|
+
- [ ] Secret scan completed and result reported
|
|
19
|
+
- [ ] Concerns are specific (file references, not vague "some places")
|
|
20
|
+
- [ ] Severity assigned per concern: critical / moderate / minor
|
|
21
|
+
- [ ] Deprecated dependencies listed with EOL dates if known
|
|
22
|
+
- [ ] Downstream impact table ranks at least top 3 concerns with Blocks column populated
|
|
23
|
+
</quality_gate>
|
|
24
|
+
|
|
25
|
+
Write to: `.planning/codebase/CONCERNS.md`
|
|
26
|
+
Return: 3-5 sentence summary to the Orchestrator when done. If secrets found, STOP and report immediately.
|
|
27
|
+
Guardrails: Max Agent Hops = 3. Hard stop on secrets.
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/mapper.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
Map the conventions and quality patterns of this codebase. Read existing tests, lint config, and code samples.
|
|
4
|
+
|
|
5
|
+
Write CONVENTIONS.md to `.planning/codebase/` using the template at `.planning/templates/codebase/conventions.md`.
|
|
6
|
+
|
|
7
|
+
Include:
|
|
8
|
+
- Naming patterns (files, functions, variables, exports)
|
|
9
|
+
- Code style rules enforced by lint/format config
|
|
10
|
+
- Testing and mocking boundaries — explicit "Do mock" / "Do NOT mock" rules with examples
|
|
11
|
+
- External integration patterns: webhook signature verification, auth session management, environment config
|
|
12
|
+
- CI reliability rules (what must pass before merge)
|
|
13
|
+
- Convention adoption rates: for each major convention, estimate `~N% (stable|rising|declining)` using grep-counting (≥5 occurrences required; below that write "prevalence unknown — seen in multiple files")
|
|
14
|
+
- Golden files: 2–3 production files with the highest density of documented conventions (not scaffolding, not generated, not tests); format: `file path — which conventions it demonstrates`
|
|
15
|
+
|
|
16
|
+
**Anti-staleness:** Do NOT enumerate test files or list every convention observed. Document rules and patterns: the invariants, not the inventory.
|
|
17
|
+
|
|
18
|
+
<quality_gate>
|
|
19
|
+
- [ ] Mocking boundaries are explicit ("Do mock: X" / "Do NOT mock: Y")
|
|
20
|
+
- [ ] External integration security rules included (webhook, auth, env config)
|
|
21
|
+
- [ ] Rules are actionable ("always do X"), not descriptive ("the codebase uses X")
|
|
22
|
+
- [ ] At least one convention has a quantified adoption rate (e.g., `~N% (stable|rising|declining)`)
|
|
23
|
+
- [ ] Golden files section lists at least 2 files with rationale
|
|
24
|
+
</quality_gate>
|
|
25
|
+
|
|
26
|
+
Write to: `.planning/codebase/CONVENTIONS.md`
|
|
27
|
+
Return: 3-5 sentence summary to the Orchestrator when done.
|
|
28
|
+
Guardrails: Max Agent Hops = 3. Rules not inventories.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/mapper.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
Map the technology stack of this codebase. Read package manifests, lockfiles, and entry points.
|
|
4
|
+
|
|
5
|
+
Write STACK.md to `.planning/codebase/` using the template at `.planning/templates/codebase/stack.md`.
|
|
6
|
+
|
|
7
|
+
Include:
|
|
8
|
+
- Languages and runtimes (with versions)
|
|
9
|
+
- Frameworks and key libraries (10-20 most important, not the full lockfile)
|
|
10
|
+
- Infrastructure and deployment tooling
|
|
11
|
+
- For each package: why it matters to this project (not just what it is)
|
|
12
|
+
- Must-know packages: 3–5 packages where misuse causes the hardest-to-debug problems; include risk index (low/medium/high) and the common mistake to avoid
|
|
13
|
+
|
|
14
|
+
**Anti-staleness:** Do NOT dump the full lockfile or dependency tree. Include only packages with architectural significance and note why they matter.
|
|
15
|
+
|
|
16
|
+
<quality_gate>
|
|
17
|
+
- [ ] 10-20 packages listed with version + rationale (not a lockfile dump)
|
|
18
|
+
- [ ] Build/deploy tooling included
|
|
19
|
+
- [ ] Any deprecated or risky dependencies flagged
|
|
20
|
+
- [ ] Must-know packages section identifies at least 3 packages with risk index (low/medium/high)
|
|
21
|
+
</quality_gate>
|
|
22
|
+
|
|
23
|
+
Write to: `.planning/codebase/STACK.md`
|
|
24
|
+
Return: 3-5 sentence summary to the Orchestrator when done.
|
|
25
|
+
Guardrails: Max Agent Hops = 3. No static dependency dumps.
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/planner.md` before starting. Reuse its planning vocabulary and quality standards, but this wrapper overrides your objective: you are reviewing plans, not authoring them.
|
|
2
|
+
|
|
3
|
+
You are the fresh-context plan checker for `/gsdd:plan`.
|
|
4
|
+
|
|
5
|
+
Read only the explicit inputs provided by the orchestrator:
|
|
6
|
+
- target phase goal and requirement IDs
|
|
7
|
+
- relevant locked decisions or deferred items from `.planning/SPEC.md`
|
|
8
|
+
- any relevant phase research file
|
|
9
|
+
- the produced `.planning/phases/*-PLAN.md` file(s)
|
|
10
|
+
|
|
11
|
+
Do NOT inherit the planner's hidden reasoning. Treat the current plans as untrusted drafts that must prove they will achieve the phase goal before execution.
|
|
12
|
+
|
|
13
|
+
Verify these dimensions:
|
|
14
|
+
- `requirement_coverage`: every phase requirement is covered by at least one concrete task
|
|
15
|
+
- `task_completeness`: every executable task has files, action, verify, and done fields. Additionally check verify quality:
|
|
16
|
+
- **Runnable?** Does `<verify>` contain at least one command that an executor can run programmatically (e.g., a shell command, test runner invocation, curl request)? If ALL verify items are observational text with no runnable command -> `blocker`.
|
|
17
|
+
- **Fast?** Do verify commands complete quickly? Flag full E2E suites (playwright, cypress, selenium) without a faster smoke test -> `warning`. Flag watch-mode flags (`--watchAll`, `--watch`) -> `blocker`. Flag arbitrary delays > 30s -> `warning`.
|
|
18
|
+
- **Ordered?** If a verify command references a test file, does an earlier task in the plan create that file? If the referenced file has no prior task producing it -> `blocker`.
|
|
19
|
+
- `dependency_correctness`: ordering, dependencies, and plan structure are coherent
|
|
20
|
+
- `key_link_completeness`: important wiring/integration links are planned, not just isolated artifacts
|
|
21
|
+
- `scope_sanity`: plans are sized so an executor can complete them without context collapse
|
|
22
|
+
- `must_have_quality`: success criteria and must-haves are specific, observable, and reflected in tasks
|
|
23
|
+
- `context_compliance`: locked decisions are honored and deferred ideas stay out of scope
|
|
24
|
+
|
|
25
|
+
Return JSON only as a single object with this shape:
|
|
26
|
+
|
|
27
|
+
```json
|
|
28
|
+
{
|
|
29
|
+
"status": "passed",
|
|
30
|
+
"summary": "One sentence overall assessment",
|
|
31
|
+
"issues": [
|
|
32
|
+
{
|
|
33
|
+
"dimension": "requirement_coverage",
|
|
34
|
+
"severity": "blocker",
|
|
35
|
+
"description": "What is wrong",
|
|
36
|
+
"plan": "01-PLAN",
|
|
37
|
+
"task": "1-02",
|
|
38
|
+
"fix_hint": "Specific revision instruction"
|
|
39
|
+
}
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
Rules:
|
|
45
|
+
- Status must be either `"passed"` or `"issues_found"`.
|
|
46
|
+
- Use `"status": "passed"` only when no blockers remain. Warnings may still be listed.
|
|
47
|
+
- Use `"status": "issues_found"` when any blocker exists or when warnings should be surfaced for revision.
|
|
48
|
+
- Keep `fix_hint` targeted. The planner should patch the existing plan, not replan from scratch, unless the issue is fundamental.
|
|
49
|
+
- If there are no issues, return `"issues": []`.
|
|
50
|
+
|
|
51
|
+
Guardrails:
|
|
52
|
+
- Do NOT write or edit plan files yourself.
|
|
53
|
+
- Do NOT accept vague tasks such as "implement auth" without concrete files, actions, and verification.
|
|
54
|
+
- Do NOT verify codebase reality; you are checking whether the plan will work, not whether the code already exists.
|
|
55
|
+
- Do NOT silently approve missing wiring or missing requirement coverage.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/researcher.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
You are researching ONE dimension: how systems in this domain are typically structured.
|
|
4
|
+
|
|
5
|
+
The Orchestrator has provided you with:
|
|
6
|
+
- Project goal / domain (in your Context)
|
|
7
|
+
- Milestone context: `greenfield` or `subsequent` (in your Context)
|
|
8
|
+
|
|
9
|
+
**If greenfield:** How are systems in this domain typically structured? What are the major components and boundaries?
|
|
10
|
+
**If subsequent:** How do the target features integrate with existing architecture? What are the integration patterns?
|
|
11
|
+
|
|
12
|
+
**Research question:** How are systems in this domain typically structured? What are the major components, their boundaries, and the suggested build order?
|
|
13
|
+
|
|
14
|
+
Your output informs phase structure in ROADMAP.md. Include:
|
|
15
|
+
- Component map: what each component is responsible for
|
|
16
|
+
- Data flow: how information moves between components (direction matters)
|
|
17
|
+
- Suggested build order: which components have dependencies ("Auth must exist before any user-scoped feature")
|
|
18
|
+
- Key decision points: architectural choices that are hard to reverse
|
|
19
|
+
|
|
20
|
+
<quality_gate>
|
|
21
|
+
- [ ] Components have clear boundaries (what belongs, what doesn't)
|
|
22
|
+
- [ ] Data flow direction explicit (not just "they communicate")
|
|
23
|
+
- [ ] Build order implications documented (what blocks what)
|
|
24
|
+
- [ ] Hard-to-reverse decisions flagged explicitly
|
|
25
|
+
</quality_gate>
|
|
26
|
+
|
|
27
|
+
Write to: `.planning/research/ARCHITECTURE.md`
|
|
28
|
+
Use template: `.planning/templates/research/architecture.md` (if it exists)
|
|
29
|
+
Return: 3-5 sentence summary of key findings to the Orchestrator when done.
|
|
30
|
+
Guardrails: Max Agent Hops = 3.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/researcher.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
You are researching ONE dimension: what features exist in this domain.
|
|
4
|
+
|
|
5
|
+
The Orchestrator has provided you with:
|
|
6
|
+
- Project goal / domain (in your Context)
|
|
7
|
+
- Milestone context: `greenfield` or `subsequent` (in your Context)
|
|
8
|
+
|
|
9
|
+
**If greenfield:** What features do products in this domain have? What's table stakes vs differentiating?
|
|
10
|
+
**If subsequent:** How do the target features typically work? What do users expect as baseline behavior?
|
|
11
|
+
|
|
12
|
+
**Research question:** What features do products in this domain have? What's table stakes (users leave without it) vs differentiating (competitive advantage) vs anti-feature (actively harmful to include in v1)?
|
|
13
|
+
|
|
14
|
+
Your output feeds SPEC requirements. Categorize explicitly:
|
|
15
|
+
- **Table Stakes**: Must have or users leave (each with brief why)
|
|
16
|
+
- **Differentiators**: Competitive advantage (each with complexity estimate: low/medium/high)
|
|
17
|
+
- **Anti-features**: Things to deliberately NOT build in v1 (with rationale)
|
|
18
|
+
- Dependencies between features (Feature B requires Feature A)
|
|
19
|
+
|
|
20
|
+
<quality_gate>
|
|
21
|
+
- [ ] All three categories populated (table stakes / differentiators / anti-features)
|
|
22
|
+
- [ ] Complexity estimate per differentiator (low/medium/high)
|
|
23
|
+
- [ ] Dependencies between features identified
|
|
24
|
+
- [ ] v1 vs v2 recommendation for differentiators
|
|
25
|
+
</quality_gate>
|
|
26
|
+
|
|
27
|
+
Write to: `.planning/research/FEATURES.md`
|
|
28
|
+
Use template: `.planning/templates/research/features.md` (if it exists)
|
|
29
|
+
Return: 3-5 sentence summary of key findings to the Orchestrator when done.
|
|
30
|
+
Guardrails: Max Agent Hops = 3.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/researcher.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
You are researching ONE dimension: what goes wrong in projects in this domain.
|
|
4
|
+
|
|
5
|
+
The Orchestrator has provided you with:
|
|
6
|
+
- Project goal / domain (in your Context)
|
|
7
|
+
- Milestone context: `greenfield` or `subsequent` (in your Context)
|
|
8
|
+
|
|
9
|
+
**If greenfield:** What do projects in this domain commonly get wrong? Critical mistakes in early decisions?
|
|
10
|
+
**If subsequent:** What are common mistakes when adding the target features to existing projects? Integration anti-patterns?
|
|
11
|
+
|
|
12
|
+
**Research question:** What do projects in this domain commonly get wrong? What are the critical mistakes that are expensive to fix later?
|
|
13
|
+
|
|
14
|
+
Your output prevents mistakes in roadmap and planning. For each pitfall:
|
|
15
|
+
- Warning signs: how to detect it early
|
|
16
|
+
- Prevention strategy: specific and actionable ("do X"), not vague ("be careful")
|
|
17
|
+
- Which phase should address it (Phase 1? Phase 3?)
|
|
18
|
+
- Severity: critical (breaks the product) / moderate (slows development) / minor (cleanup later)
|
|
19
|
+
|
|
20
|
+
<quality_gate>
|
|
21
|
+
- [ ] Pitfalls are specific to THIS domain, not generic advice
|
|
22
|
+
- [ ] Prevention strategies are actionable ("do X"), not vague ("be careful")
|
|
23
|
+
- [ ] Phase mapping included where relevant
|
|
24
|
+
- [ ] Sources cited for non-obvious claims
|
|
25
|
+
</quality_gate>
|
|
26
|
+
|
|
27
|
+
Write to: `.planning/research/PITFALLS.md`
|
|
28
|
+
Use template: `.planning/templates/research/pitfalls.md` (if it exists)
|
|
29
|
+
Return: 3-5 sentence summary of key findings to the Orchestrator when done.
|
|
30
|
+
Guardrails: Max Agent Hops = 3.
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/researcher.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
You are researching ONE dimension: the technology stack for the project domain.
|
|
4
|
+
|
|
5
|
+
The Orchestrator has provided you with:
|
|
6
|
+
- Project goal / domain (in your Context)
|
|
7
|
+
- Milestone context: `greenfield` or `subsequent` (in your Context)
|
|
8
|
+
|
|
9
|
+
**If greenfield:** Research the standard stack for building this domain from scratch.
|
|
10
|
+
**If subsequent:** Research what libraries/tools are needed to ADD the target features to an existing app. Don't re-research the existing system.
|
|
11
|
+
|
|
12
|
+
**Research question:** What is the current (2025/2026) standard stack for this domain? Which libraries are proven vs risky?
|
|
13
|
+
|
|
14
|
+
Your output feeds the roadmapper. Be prescriptive:
|
|
15
|
+
- Specific package names with current versions (verify via web search — do NOT rely on training data)
|
|
16
|
+
- Clear rationale for each choice: why this, not the alternatives
|
|
17
|
+
- Explicit "Do NOT use" list with reasons
|
|
18
|
+
- Confidence level per recommendation: ✅ verified (official docs), ⚠️ likely, ❓ uncertain
|
|
19
|
+
|
|
20
|
+
<quality_gate>
|
|
21
|
+
- [ ] Versions verified against current official docs or registry (not training data)
|
|
22
|
+
- [ ] Every recommendation has a rationale AND a counterpoint (when you'd choose differently)
|
|
23
|
+
- [ ] "What NOT to use" section populated with specific packages and reasons
|
|
24
|
+
- [ ] Confidence level assigned to each recommendation
|
|
25
|
+
</quality_gate>
|
|
26
|
+
|
|
27
|
+
Write to: `.planning/research/STACK.md`
|
|
28
|
+
Use template: `.planning/templates/research/stack.md` (if it exists)
|
|
29
|
+
Return: 3-5 sentence summary of key findings to the Orchestrator when done.
|
|
30
|
+
Guardrails: Max Agent Hops = 3.
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/synthesizer.md` before starting. Follow its algorithm, quality guarantees, and anti-patterns.
|
|
2
|
+
|
|
3
|
+
Synthesize the 4 research files into a single actionable SUMMARY.md.
|
|
4
|
+
|
|
5
|
+
Read these files (all should exist):
|
|
6
|
+
- `.planning/research/STACK.md`
|
|
7
|
+
- `.planning/research/FEATURES.md`
|
|
8
|
+
- `.planning/research/ARCHITECTURE.md`
|
|
9
|
+
- `.planning/research/PITFALLS.md`
|
|
10
|
+
|
|
11
|
+
Cross-reference them. Surface conflicts and dependencies between findings. Do NOT do new research — synthesize what exists.
|
|
12
|
+
|
|
13
|
+
SUMMARY.md MUST include:
|
|
14
|
+
1. **Key Findings** — top 5-7 bullets across all 4 dimensions
|
|
15
|
+
2. **Implications for Roadmap** — suggested phase groupings derived from architecture build order + pitfall avoidance (this is the critical handoff to the roadmapper)
|
|
16
|
+
3. **Research Flags** — which phases need deeper research vs standard patterns
|
|
17
|
+
4. **Confidence Assessment** — per domain: stack / features / architecture / pitfalls
|
|
18
|
+
5. **Sources** — all sources cited across the 4 research files, deduplicated
|
|
19
|
+
|
|
20
|
+
Use template: `.planning/templates/research/summary.md` (if it exists)
|
|
21
|
+
|
|
22
|
+
<quality_gate>
|
|
23
|
+
- [ ] "Implications for Roadmap" section populated with phase suggestions
|
|
24
|
+
- [ ] Conflicts between research files surfaced (not hidden)
|
|
25
|
+
- [ ] Confidence levels consistent with what researchers assigned
|
|
26
|
+
- [ ] No new claims introduced (only synthesis)
|
|
27
|
+
</quality_gate>
|
|
28
|
+
|
|
29
|
+
Write to: `.planning/research/SUMMARY.md`
|
|
30
|
+
Return: 5-7 bullet key findings to the Orchestrator when done.
|
|
31
|
+
Guardrails: Max Agent Hops = 2. Do not do new research — synthesize only.
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# Architecture Research Template
|
|
2
|
+
|
|
3
|
+
Use when researching system structure and patterns for a project or phase.
|
|
4
|
+
|
|
5
|
+
Write to: `.planning/research/ARCHITECTURE.md`
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
```markdown
|
|
10
|
+
# Architecture Research
|
|
11
|
+
|
|
12
|
+
**Domain**: [what we're building]
|
|
13
|
+
**Researched**: [date]
|
|
14
|
+
|
|
15
|
+
## Recommended Structure
|
|
16
|
+
|
|
17
|
+
```
|
|
18
|
+
src/
|
|
19
|
+
├── [folder]/ # [purpose]
|
|
20
|
+
├── [folder]/ # [purpose]
|
|
21
|
+
└── [folder]/ # [purpose]
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
## Key Patterns
|
|
25
|
+
|
|
26
|
+
### [Pattern Name]
|
|
27
|
+
**What**: [description]
|
|
28
|
+
**When**: [when to use it]
|
|
29
|
+
**Example**:
|
|
30
|
+
```
|
|
31
|
+
[brief code or pseudo-code snippet]
|
|
32
|
+
```
|
|
33
|
+
|
|
34
|
+
### [Pattern Name]
|
|
35
|
+
**What**: [description]
|
|
36
|
+
**When**: [when to use it]
|
|
37
|
+
|
|
38
|
+
## Anti-Patterns
|
|
39
|
+
|
|
40
|
+
- **[Don't do this]**: [why it's bad] → [do this instead]
|
|
41
|
+
- **[Don't do this]**: [why it's bad] → [do this instead]
|
|
42
|
+
|
|
43
|
+
## Component Boundaries
|
|
44
|
+
|
|
45
|
+
[Which components talk to which, data flow direction, build order implications]
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
*Confidence: [HIGH/MEDIUM/LOW]*
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## Guidelines
|
|
52
|
+
|
|
53
|
+
- **Structure** should reflect the actual folder layout you'd create
|
|
54
|
+
- **Patterns** should include real examples, not just names
|
|
55
|
+
- **Anti-patterns** are as valuable as patterns — they prevent common mistakes
|
|
56
|
+
- **Component boundaries** inform phase ordering in the roadmap
|
|
57
|
+
- Keep to ~40-50 lines when filled out
|