gsdd-cli 0.18.4 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +625 -607
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +361 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +394 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +313 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +191 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +278 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +112 -112
  23. package/bin/lib/file-ops.mjs +209 -161
  24. package/bin/lib/health-truth.mjs +181 -178
  25. package/bin/lib/health.mjs +265 -235
  26. package/bin/lib/init-flow.mjs +252 -236
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +225 -212
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +360 -333
  31. package/bin/lib/lifecycle-state.mjs +351 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +397 -378
  35. package/bin/lib/plan-constants.mjs +30 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +178 -130
  38. package/bin/lib/runtime-freshness.mjs +221 -219
  39. package/bin/lib/templates.mjs +225 -224
  40. package/bin/lib/workspace-root.mjs +132 -0
  41. package/distilled/DESIGN.md +2347 -2327
  42. package/distilled/EVIDENCE-INDEX.md +397 -394
  43. package/distilled/README.md +196 -193
  44. package/distilled/SKILL.md +86 -85
  45. package/distilled/templates/agents.block.md +21 -21
  46. package/distilled/templates/agents.md +6 -6
  47. package/distilled/templates/approach.md +232 -232
  48. package/distilled/templates/auth-matrix.md +78 -78
  49. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  50. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  51. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  52. package/distilled/templates/codebase/architecture.md +110 -110
  53. package/distilled/templates/codebase/concerns.md +95 -95
  54. package/distilled/templates/codebase/conventions.md +193 -193
  55. package/distilled/templates/codebase/stack.md +96 -96
  56. package/distilled/templates/delegates/approach-explorer.md +25 -25
  57. package/distilled/templates/delegates/mapper-arch.md +26 -26
  58. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  59. package/distilled/templates/delegates/mapper-quality.md +28 -28
  60. package/distilled/templates/delegates/mapper-tech.md +25 -25
  61. package/distilled/templates/delegates/plan-checker.md +68 -68
  62. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  63. package/distilled/templates/delegates/researcher-features.md +30 -30
  64. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  65. package/distilled/templates/delegates/researcher-stack.md +30 -30
  66. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  67. package/distilled/templates/research/architecture.md +57 -57
  68. package/distilled/templates/research/features.md +23 -23
  69. package/distilled/templates/research/pitfalls.md +46 -46
  70. package/distilled/templates/research/stack.md +45 -45
  71. package/distilled/templates/research/summary.md +67 -67
  72. package/distilled/templates/roadmap.md +74 -62
  73. package/distilled/templates/spec.md +110 -110
  74. package/distilled/workflows/audit-milestone.md +275 -271
  75. package/distilled/workflows/complete-milestone.md +336 -332
  76. package/distilled/workflows/execute.md +454 -449
  77. package/distilled/workflows/map-codebase.md +253 -253
  78. package/distilled/workflows/new-milestone.md +242 -238
  79. package/distilled/workflows/new-project.md +398 -398
  80. package/distilled/workflows/pause.md +160 -156
  81. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  82. package/distilled/workflows/plan.md +451 -447
  83. package/distilled/workflows/progress.md +227 -223
  84. package/distilled/workflows/quick.md +351 -347
  85. package/distilled/workflows/resume.md +220 -212
  86. package/distilled/workflows/verify-work.md +260 -260
  87. package/distilled/workflows/verify.md +431 -429
  88. package/docs/BROWNFIELD-PROOF.md +95 -95
  89. package/docs/RUNTIME-SUPPORT.md +93 -75
  90. package/docs/USER-GUIDE.md +440 -399
  91. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  92. package/docs/claude/context-monitor.md +98 -98
  93. package/docs/proof/consumer-node-cli/README.md +37 -37
  94. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  95. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  96. package/docs/proof/consumer-node-cli/brief.md +9 -9
  97. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  100. package/package.json +62 -61
@@ -1,193 +1,193 @@
1
- # Codebase Conventions
2
-
3
- **Analysis Date:** [YYYY-MM-DD]
4
-
5
- <guidelines>
6
- - This document is durable intent (rules/patterns), not a directory dump.
7
- - Be prescriptive. If 80%+ of the codebase follows a pattern, document it as a rule ("Use X"), not as a survey ("Sometimes X").
8
- - Every non-trivial claim must include at least one concrete file path example.
9
- - Prefer "how to do it here" over general best practices.
10
- - Capture testing and mocking boundaries explicitly ("what NOT to mock"). Missing boundaries cause broken tests and slow CI.
11
- - Capture external integration patterns (webhook verification, auth session management). Missing these causes security vulnerabilities.
12
- </guidelines>
13
-
14
- ## Naming Patterns
15
-
16
- Files:
17
- - [Pattern observed]
18
-
19
- Functions:
20
- - [Pattern observed]
21
-
22
- Variables:
23
- - [Pattern observed]
24
-
25
- Types:
26
- - [Pattern observed]
27
-
28
- ## Code Style
29
-
30
- Formatting:
31
- - Tool: [Tool used]
32
- - Key settings: [Key settings]
33
-
34
- Linting:
35
- - Tool: [Tool used]
36
- - Key rules: [Key rules]
37
-
38
- ## Import Organization
39
-
40
- Order:
41
- 1. [First group]
42
- 2. [Second group]
43
- 3. [Third group]
44
-
45
- Path aliases:
46
- - [Aliases used]
47
-
48
- ## Error Handling
49
-
50
- Patterns:
51
- - [How errors are handled]
52
- - Examples: `[file paths]`
53
-
54
- ## Logging
55
-
56
- Framework:
57
- - [Tool or "console"]
58
-
59
- Patterns:
60
- - [When/how to log]
61
- - Examples: `[file paths]`
62
-
63
- ## Module / Function Design
64
-
65
- Function size:
66
- - [Guidelines]
67
-
68
- Parameters:
69
- - [Pattern]
70
-
71
- Return values:
72
- - [Pattern]
73
-
74
- Exports:
75
- - [Pattern]
76
-
77
- ## Convention Adoption Rates
78
-
79
- For each major convention documented above, estimate adoption rate using grep-counting (count occurrences in production source files, exclude `node_modules`, `vendor`, generated files). Use the format `~N% (stable|rising|declining)`.
80
-
81
- - Pattern requires ≥5 occurrences to estimate; below that, write "prevalence unknown — seen in multiple files."
82
- - Trend signal: stable = consistent across file age, rising = newer files adopt more, declining = older files adopt more.
83
-
84
- Examples:
85
- - Constructor injection: `~84% (declining)` — 37 of 44 service classes; newer files use factory functions
86
- - camelCase exports: `~100% (stable)` — enforced by lint rule, zero violations found
87
- - Inline error handling: `~62% (rising)` — 18 of 29 handlers; recent PRs consistently use this
88
-
89
- Replace examples with findings from this codebase.
90
-
91
- ## Testing And Mocking (High-Leverage)
92
-
93
- Test types used:
94
- - Unit: [yes/no] (runner: [tool]) - examples: `[file paths]`
95
- - Integration: [yes/no] - examples: `[file paths]`
96
- - E2E: [yes/no] - examples: `[file paths]`
97
-
98
- Where tests live:
99
- - Unit tests: `[path pattern]`
100
- - Integration tests: `[path pattern]`
101
- - E2E tests: `[path pattern]`
102
-
103
- Fixtures and factories:
104
- - Where fixtures live: `[path pattern]`
105
- - Preferred factory pattern: [pattern]
106
-
107
- Mocking boundaries (explicit):
108
- - Do mock: [what is safe to mock here]
109
- - Do NOT mock: [what must remain real]
110
- - Why: [rationale grounded in this codebase]
111
- - Examples: `[file paths]`
112
-
113
- External calls:
114
- - Network calls in tests: [allowed/blocked]
115
- - How HTTP is stubbed: [pattern] - examples: `[file paths]`
116
- - DB usage in tests: [pattern] - examples: `[file paths]`
117
-
118
- CI reliability rules:
119
- - Timeouts: [standard value if any]
120
- - Flake policy: [rerun policy or "none"]
121
- - Test parallelism constraints: [if any]
122
-
123
- <good_examples>
124
- Example (good):
125
- - "All HTTP clients must be injected via `src/lib/http/client.ts` and mocked via `test/utils/mockHttp.ts` (do NOT mock `fetch` directly). See `src/services/billing.ts` and `test/services/billing.test.ts`."
126
- - "Integration tests use a real Postgres via Docker Compose. Do NOT mock DB queries; instead use `test/fixtures/dbSeed.ts`. See `test/integration/users.test.ts`."
127
-
128
- Example (bad):
129
- - "We use Jest and sometimes integration tests." (no paths, no boundaries, no rules)
130
- </good_examples>
131
-
132
- ## External Integration Patterns (Security-Critical)
133
-
134
- Capture these only if external integrations exist. Missing these causes subtle security bugs.
135
-
136
- ### Webhook Verification
137
- - Webhook endpoints: `[paths]`
138
- - Signature verification method: [HMAC-SHA256 / provider-specific / none]
139
- - Where verification happens: `[file path]` (middleware? route handler?)
140
- - Verified before or after parsing payload: [before — always verify raw body]
141
- - Do NOT: parse JSON before verifying signature (timing attacks)
142
- - Examples: `[file paths for webhook handlers]`
143
-
144
- ### Authentication and Session Management
145
- - Auth provider: [JWT / session cookie / OAuth / API key / none]
146
- - Token storage (client): [httpOnly cookie / localStorage / memory]
147
- - Token storage (server): [Redis / DB / stateless]
148
- - Refresh logic: [how tokens are refreshed, where that code lives]
149
- - Where auth is enforced: [middleware path / per-route / both]
150
- - Protected vs public routes: [pattern or file]
151
- - Do NOT: store tokens in localStorage for sensitive apps (XSS risk)
152
- - Examples: `[file paths for auth middleware]`
153
-
154
- ### Environment Configuration
155
- - Config loading: `[file path]` (e.g., `src/config/index.ts`)
156
- - Environment-specific overrides: [dev/staging/prod distinction]
157
- - Secrets access pattern: [env var / secrets manager / vault]
158
- - Do NOT: hardcode secrets; do NOT commit `.env` files
159
- - Examples: `[file paths]`
160
-
161
- ### Observability Hooks
162
- - Request logging: [tool + where it's configured]
163
- - Error tracking: [tool + integration file path]
164
- - Performance monitoring: [tool + integration point]
165
- - Health check endpoint: `[path]` (e.g., `/health`)
166
- - Examples: `[file paths]`
167
-
168
- <good_examples>
169
- Example (good):
170
- - "Stripe webhooks are verified via `src/webhooks/stripe.ts:verifyStripeSignature()` using the raw request body before JSON parsing. Do NOT route Stripe events through the JSON body parser middleware. See `src/middleware/webhooks.ts`."
171
- - "Auth tokens are httpOnly cookies (not localStorage). Refresh happens via `src/auth/refresh.ts` called by the global axios interceptor. Token expiry = 15min access, 7-day refresh. See `src/lib/http.ts`."
172
- - "All secrets come from env vars loaded via `src/config/env.ts`. Never read `process.env` directly outside that file. Dev/staging/prod configs are in `.env.example`, `.env.staging`, `.env.production` (secrets redacted, committed)."
173
-
174
- Example (bad):
175
- - "We use JWT and have some webhooks." (no paths, no security rules, no boundaries)
176
- </good_examples>
177
-
178
- ## Golden Files
179
-
180
- Identify 3–5 files that best exemplify this codebase's conventions. Selection algorithm: highest density of documented conventions in production feature files (not scaffolding, not generated code, not test files).
181
-
182
- Format: `file path — what makes it a good example`
183
-
184
- - `[path/to/file.ts]` — [which conventions it demonstrates, e.g., "named exports, constructor injection, custom error class, full test coverage"]
185
- - `[path/to/file.ts]` — [conventions it demonstrates]
186
- - `[path/to/file.ts]` — [conventions it demonstrates]
187
-
188
- If no single file exemplifies multiple conventions, list the best per-category file instead.
189
-
190
- ---
191
-
192
- *Convention analysis: [date]*
193
-
1
+ # Codebase Conventions
2
+
3
+ **Analysis Date:** [YYYY-MM-DD]
4
+
5
+ <guidelines>
6
+ - This document is durable intent (rules/patterns), not a directory dump.
7
+ - Be prescriptive. If 80%+ of the codebase follows a pattern, document it as a rule ("Use X"), not as a survey ("Sometimes X").
8
+ - Every non-trivial claim must include at least one concrete file path example.
9
+ - Prefer "how to do it here" over general best practices.
10
+ - Capture testing and mocking boundaries explicitly ("what NOT to mock"). Missing boundaries cause broken tests and slow CI.
11
+ - Capture external integration patterns (webhook verification, auth session management). Missing these causes security vulnerabilities.
12
+ </guidelines>
13
+
14
+ ## Naming Patterns
15
+
16
+ Files:
17
+ - [Pattern observed]
18
+
19
+ Functions:
20
+ - [Pattern observed]
21
+
22
+ Variables:
23
+ - [Pattern observed]
24
+
25
+ Types:
26
+ - [Pattern observed]
27
+
28
+ ## Code Style
29
+
30
+ Formatting:
31
+ - Tool: [Tool used]
32
+ - Key settings: [Key settings]
33
+
34
+ Linting:
35
+ - Tool: [Tool used]
36
+ - Key rules: [Key rules]
37
+
38
+ ## Import Organization
39
+
40
+ Order:
41
+ 1. [First group]
42
+ 2. [Second group]
43
+ 3. [Third group]
44
+
45
+ Path aliases:
46
+ - [Aliases used]
47
+
48
+ ## Error Handling
49
+
50
+ Patterns:
51
+ - [How errors are handled]
52
+ - Examples: `[file paths]`
53
+
54
+ ## Logging
55
+
56
+ Framework:
57
+ - [Tool or "console"]
58
+
59
+ Patterns:
60
+ - [When/how to log]
61
+ - Examples: `[file paths]`
62
+
63
+ ## Module / Function Design
64
+
65
+ Function size:
66
+ - [Guidelines]
67
+
68
+ Parameters:
69
+ - [Pattern]
70
+
71
+ Return values:
72
+ - [Pattern]
73
+
74
+ Exports:
75
+ - [Pattern]
76
+
77
+ ## Convention Adoption Rates
78
+
79
+ For each major convention documented above, estimate adoption rate using grep-counting (count occurrences in production source files, exclude `node_modules`, `vendor`, generated files). Use the format `~N% (stable|rising|declining)`.
80
+
81
+ - Pattern requires ≥5 occurrences to estimate; below that, write "prevalence unknown — seen in multiple files."
82
+ - Trend signal: stable = consistent across file age, rising = newer files adopt more, declining = older files adopt more.
83
+
84
+ Examples:
85
+ - Constructor injection: `~84% (declining)` — 37 of 44 service classes; newer files use factory functions
86
+ - camelCase exports: `~100% (stable)` — enforced by lint rule, zero violations found
87
+ - Inline error handling: `~62% (rising)` — 18 of 29 handlers; recent PRs consistently use this
88
+
89
+ Replace examples with findings from this codebase.
90
+
91
+ ## Testing And Mocking (High-Leverage)
92
+
93
+ Test types used:
94
+ - Unit: [yes/no] (runner: [tool]) - examples: `[file paths]`
95
+ - Integration: [yes/no] - examples: `[file paths]`
96
+ - E2E: [yes/no] - examples: `[file paths]`
97
+
98
+ Where tests live:
99
+ - Unit tests: `[path pattern]`
100
+ - Integration tests: `[path pattern]`
101
+ - E2E tests: `[path pattern]`
102
+
103
+ Fixtures and factories:
104
+ - Where fixtures live: `[path pattern]`
105
+ - Preferred factory pattern: [pattern]
106
+
107
+ Mocking boundaries (explicit):
108
+ - Do mock: [what is safe to mock here]
109
+ - Do NOT mock: [what must remain real]
110
+ - Why: [rationale grounded in this codebase]
111
+ - Examples: `[file paths]`
112
+
113
+ External calls:
114
+ - Network calls in tests: [allowed/blocked]
115
+ - How HTTP is stubbed: [pattern] - examples: `[file paths]`
116
+ - DB usage in tests: [pattern] - examples: `[file paths]`
117
+
118
+ CI reliability rules:
119
+ - Timeouts: [standard value if any]
120
+ - Flake policy: [rerun policy or "none"]
121
+ - Test parallelism constraints: [if any]
122
+
123
+ <good_examples>
124
+ Example (good):
125
+ - "All HTTP clients must be injected via `src/lib/http/client.ts` and mocked via `test/utils/mockHttp.ts` (do NOT mock `fetch` directly). See `src/services/billing.ts` and `test/services/billing.test.ts`."
126
+ - "Integration tests use a real Postgres via Docker Compose. Do NOT mock DB queries; instead use `test/fixtures/dbSeed.ts`. See `test/integration/users.test.ts`."
127
+
128
+ Example (bad):
129
+ - "We use Jest and sometimes integration tests." (no paths, no boundaries, no rules)
130
+ </good_examples>
131
+
132
+ ## External Integration Patterns (Security-Critical)
133
+
134
+ Capture these only if external integrations exist. Missing these causes subtle security bugs.
135
+
136
+ ### Webhook Verification
137
+ - Webhook endpoints: `[paths]`
138
+ - Signature verification method: [HMAC-SHA256 / provider-specific / none]
139
+ - Where verification happens: `[file path]` (middleware? route handler?)
140
+ - Verified before or after parsing payload: [before — always verify raw body]
141
+ - Do NOT: parse JSON before verifying signature (timing attacks)
142
+ - Examples: `[file paths for webhook handlers]`
143
+
144
+ ### Authentication and Session Management
145
+ - Auth provider: [JWT / session cookie / OAuth / API key / none]
146
+ - Token storage (client): [httpOnly cookie / localStorage / memory]
147
+ - Token storage (server): [Redis / DB / stateless]
148
+ - Refresh logic: [how tokens are refreshed, where that code lives]
149
+ - Where auth is enforced: [middleware path / per-route / both]
150
+ - Protected vs public routes: [pattern or file]
151
+ - Do NOT: store tokens in localStorage for sensitive apps (XSS risk)
152
+ - Examples: `[file paths for auth middleware]`
153
+
154
+ ### Environment Configuration
155
+ - Config loading: `[file path]` (e.g., `src/config/index.ts`)
156
+ - Environment-specific overrides: [dev/staging/prod distinction]
157
+ - Secrets access pattern: [env var / secrets manager / vault]
158
+ - Do NOT: hardcode secrets; do NOT commit `.env` files
159
+ - Examples: `[file paths]`
160
+
161
+ ### Observability Hooks
162
+ - Request logging: [tool + where it's configured]
163
+ - Error tracking: [tool + integration file path]
164
+ - Performance monitoring: [tool + integration point]
165
+ - Health check endpoint: `[path]` (e.g., `/health`)
166
+ - Examples: `[file paths]`
167
+
168
+ <good_examples>
169
+ Example (good):
170
+ - "Stripe webhooks are verified via `src/webhooks/stripe.ts:verifyStripeSignature()` using the raw request body before JSON parsing. Do NOT route Stripe events through the JSON body parser middleware. See `src/middleware/webhooks.ts`."
171
+ - "Auth tokens are httpOnly cookies (not localStorage). Refresh happens via `src/auth/refresh.ts` called by the global axios interceptor. Token expiry = 15min access, 7-day refresh. See `src/lib/http.ts`."
172
+ - "All secrets come from env vars loaded via `src/config/env.ts`. Never read `process.env` directly outside that file. Dev/staging/prod configs are in `.env.example`, `.env.staging`, `.env.production` (secrets redacted, committed)."
173
+
174
+ Example (bad):
175
+ - "We use JWT and have some webhooks." (no paths, no security rules, no boundaries)
176
+ </good_examples>
177
+
178
+ ## Golden Files
179
+
180
+ Identify 3–5 files that best exemplify this codebase's conventions. Selection algorithm: highest density of documented conventions in production feature files (not scaffolding, not generated code, not test files).
181
+
182
+ Format: `file path — what makes it a good example`
183
+
184
+ - `[path/to/file.ts]` — [which conventions it demonstrates, e.g., "named exports, constructor injection, custom error class, full test coverage"]
185
+ - `[path/to/file.ts]` — [conventions it demonstrates]
186
+ - `[path/to/file.ts]` — [conventions it demonstrates]
187
+
188
+ If no single file exemplifies multiple conventions, list the best per-category file instead.
189
+
190
+ ---
191
+
192
+ *Convention analysis: [date]*
193
+
@@ -1,96 +1,96 @@
1
- # Codebase Stack
2
-
3
- **Analysis Date:** [YYYY-MM-DD]
4
-
5
- <guidelines>
6
- - List versions only when they matter (compatibility, breaking changes, reproducibility).
7
- - Prefer commands and sources of truth (package.json, lockfiles, tool config) over memory.
8
- - Capture the minimum needed for another agent to run, test, and ship changes safely.
9
- - Include concrete commands and file paths.
10
- </guidelines>
11
-
12
- ## Languages
13
-
14
- Primary:
15
- - [Language] [Version if relevant] - used in: `[paths]`
16
-
17
- Secondary:
18
- - [Language] [Version if relevant] - used in: `[paths]`
19
-
20
- ## Runtime
21
-
22
- Environment:
23
- - [Runtime] [Version if relevant]
24
-
25
- Package manager:
26
- - [Manager] [Version if relevant]
27
- - Lockfile: [present/missing] - `[path]`
28
-
29
- ## Frameworks And Tooling
30
-
31
- Core framework(s):
32
- - [Framework] [Version if relevant] - purpose: [purpose]
33
-
34
- Testing:
35
- - [Tool] [Version if relevant] - purpose: [purpose]
36
-
37
- Build / dev:
38
- - [Tool] [Version if relevant] - purpose: [purpose]
39
-
40
- Lint / format:
41
- - [Tool] - config: `[path]`
42
-
43
- ## Key Dependencies (Only What Drives Architecture)
44
-
45
- Critical libraries:
46
- - [Package] - why it matters: [reason] - examples: `[paths]`
47
-
48
- Infra/observability:
49
- - [Package] - purpose: [reason] - config: `[paths]`
50
-
51
- ## Must-Know Packages
52
-
53
- Flag 3–5 packages that new contributors must understand before making changes. These are not necessarily the most-used packages — they are the ones where misuse causes hard-to-debug problems.
54
-
55
- Each entry: `package-name — why it's critical — risk: low|medium|high — common mistake: what goes wrong`
56
-
57
- Risk levels: low (causes build errors — immediately visible), medium (causes runtime bugs — visible in testing), high (causes data corruption or silent failures — hard to detect).
58
-
59
- - `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
60
- - `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
61
- - `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
62
-
63
- ## How To Run
64
-
65
- Install:
66
- - Command(s): `[commands]`
67
-
68
- Dev:
69
- - Command(s): `[commands]`
70
-
71
- Test:
72
- - Command(s): `[commands]`
73
-
74
- Build:
75
- - Command(s): `[commands]`
76
-
77
- ## Configuration
78
-
79
- Env:
80
- - How configured: [dotenv, env vars, config files]
81
- - Key config files: `[paths]`
82
-
83
- CI/CD:
84
- - CI location: `[path]`
85
- - Main checks: [list]
86
-
87
- <good_examples>
88
- Example (good):
89
- - "Node 20, pnpm. Install: `pnpm i`. Tests: `pnpm test` (Vitest) + `pnpm test:e2e` (Playwright). Formatting: Prettier (`.prettierrc`). Lint: ESLint (`eslint.config.mjs`)."
90
- - "DB migrations run via `pnpm db:migrate` (see `package.json` scripts)."
91
- </good_examples>
92
-
93
- ---
94
-
95
- *Stack analysis: [date]*
96
-
1
+ # Codebase Stack
2
+
3
+ **Analysis Date:** [YYYY-MM-DD]
4
+
5
+ <guidelines>
6
+ - List versions only when they matter (compatibility, breaking changes, reproducibility).
7
+ - Prefer commands and sources of truth (package.json, lockfiles, tool config) over memory.
8
+ - Capture the minimum needed for another agent to run, test, and ship changes safely.
9
+ - Include concrete commands and file paths.
10
+ </guidelines>
11
+
12
+ ## Languages
13
+
14
+ Primary:
15
+ - [Language] [Version if relevant] - used in: `[paths]`
16
+
17
+ Secondary:
18
+ - [Language] [Version if relevant] - used in: `[paths]`
19
+
20
+ ## Runtime
21
+
22
+ Environment:
23
+ - [Runtime] [Version if relevant]
24
+
25
+ Package manager:
26
+ - [Manager] [Version if relevant]
27
+ - Lockfile: [present/missing] - `[path]`
28
+
29
+ ## Frameworks And Tooling
30
+
31
+ Core framework(s):
32
+ - [Framework] [Version if relevant] - purpose: [purpose]
33
+
34
+ Testing:
35
+ - [Tool] [Version if relevant] - purpose: [purpose]
36
+
37
+ Build / dev:
38
+ - [Tool] [Version if relevant] - purpose: [purpose]
39
+
40
+ Lint / format:
41
+ - [Tool] - config: `[path]`
42
+
43
+ ## Key Dependencies (Only What Drives Architecture)
44
+
45
+ Critical libraries:
46
+ - [Package] - why it matters: [reason] - examples: `[paths]`
47
+
48
+ Infra/observability:
49
+ - [Package] - purpose: [reason] - config: `[paths]`
50
+
51
+ ## Must-Know Packages
52
+
53
+ Flag 3–5 packages that new contributors must understand before making changes. These are not necessarily the most-used packages — they are the ones where misuse causes hard-to-debug problems.
54
+
55
+ Each entry: `package-name — why it's critical — risk: low|medium|high — common mistake: what goes wrong`
56
+
57
+ Risk levels: low (causes build errors — immediately visible), medium (causes runtime bugs — visible in testing), high (causes data corruption or silent failures — hard to detect).
58
+
59
+ - `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
60
+ - `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
61
+ - `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
62
+
63
+ ## How To Run
64
+
65
+ Install:
66
+ - Command(s): `[commands]`
67
+
68
+ Dev:
69
+ - Command(s): `[commands]`
70
+
71
+ Test:
72
+ - Command(s): `[commands]`
73
+
74
+ Build:
75
+ - Command(s): `[commands]`
76
+
77
+ ## Configuration
78
+
79
+ Env:
80
+ - How configured: [dotenv, env vars, config files]
81
+ - Key config files: `[paths]`
82
+
83
+ CI/CD:
84
+ - CI location: `[path]`
85
+ - Main checks: [list]
86
+
87
+ <good_examples>
88
+ Example (good):
89
+ - "Node 20, pnpm. Install: `pnpm i`. Tests: `pnpm test` (Vitest) + `pnpm test:e2e` (Playwright). Formatting: Prettier (`.prettierrc`). Lint: ESLint (`eslint.config.mjs`)."
90
+ - "DB migrations run via `pnpm db:migrate` (see `package.json` scripts)."
91
+ </good_examples>
92
+
93
+ ---
94
+
95
+ *Stack analysis: [date]*
96
+
@@ -1,25 +1,25 @@
1
- **Role contract:** Read `.planning/templates/roles/approach-explorer.md` before starting. Follow its algorithm, scope, anti-patterns, and quality standards.
2
-
3
- You are the approach explorer delegate for the plan workflow.
4
-
5
- **Your job:** Identify gray areas in the target phase, research viable approaches for technical decisions, conduct an adaptive conversation with the user to capture locked decisions, and write APPROACH.md to the phase directory.
6
-
7
- Read only the explicit inputs provided by the orchestrator:
8
- - target phase goal and requirement IDs from `.planning/ROADMAP.md`
9
- - locked decisions and deferred items from `.planning/SPEC.md`
10
- - phase research file (if exists)
11
- - relevant codebase files (existing patterns and conventions)
12
- - approach template at `.planning/templates/approach.md`
13
-
14
- ## Gray Area Classification
15
-
16
- Classify each gray area before acting on it:
17
- - **Taste:** Ask directly, no research needed
18
- - **Technical:** Research 2-3 approaches first, then present with trade-offs
19
- - **Hybrid:** Research the technical part, ask about taste
20
-
21
- ## Output
22
-
23
- Write `{padded_phase}-APPROACH.md` to the phase directory using the approach template.
24
-
25
- Return structured summary: gray areas explored, decisions captured, assumptions validated/corrected, deferred ideas, path to APPROACH.md.
1
+ **Role contract:** Read `.planning/templates/roles/approach-explorer.md` before starting. Follow its algorithm, scope, anti-patterns, and quality standards.
2
+
3
+ You are the approach explorer delegate for the plan workflow.
4
+
5
+ **Your job:** Identify gray areas in the target phase, research viable approaches for technical decisions, conduct an adaptive conversation with the user to capture locked decisions, and write APPROACH.md to the phase directory.
6
+
7
+ Read only the explicit inputs provided by the orchestrator:
8
+ - target phase goal and requirement IDs from `.planning/ROADMAP.md`
9
+ - locked decisions and deferred items from `.planning/SPEC.md`
10
+ - phase research file (if exists)
11
+ - relevant codebase files (existing patterns and conventions)
12
+ - approach template at `.planning/templates/approach.md`
13
+
14
+ ## Gray Area Classification
15
+
16
+ Classify each gray area before acting on it:
17
+ - **Taste:** Ask directly, no research needed
18
+ - **Technical:** Research 2-3 approaches first, then present with trade-offs
19
+ - **Hybrid:** Research the technical part, ask about taste
20
+
21
+ ## Output
22
+
23
+ Write `{padded_phase}-APPROACH.md` to the phase directory using the approach template.
24
+
25
+ Return structured summary: gray areas explored, decisions captured, assumptions validated/corrected, deferred ideas, path to APPROACH.md.