gsdd-cli 0.18.4 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +625 -607
- package/agents/DISTILLATION.md +421 -421
- package/agents/README.md +62 -62
- package/agents/approach-explorer.md +361 -361
- package/agents/debugger.md +82 -82
- package/agents/executor.md +394 -394
- package/agents/integration-checker.md +318 -318
- package/agents/mapper.md +103 -103
- package/agents/planner.md +313 -313
- package/agents/researcher.md +84 -84
- package/agents/roadmapper.md +296 -296
- package/agents/synthesizer.md +236 -236
- package/agents/verifier.md +337 -337
- package/bin/adapters/agents.mjs +34 -34
- package/bin/adapters/claude.mjs +191 -191
- package/bin/adapters/codex.mjs +85 -85
- package/bin/adapters/index.mjs +20 -20
- package/bin/adapters/opencode.mjs +278 -278
- package/bin/gsdd.mjs +123 -116
- package/bin/lib/cli-utils.mjs +28 -28
- package/bin/lib/evidence-contract.mjs +112 -112
- package/bin/lib/file-ops.mjs +209 -161
- package/bin/lib/health-truth.mjs +181 -178
- package/bin/lib/health.mjs +265 -235
- package/bin/lib/init-flow.mjs +252 -236
- package/bin/lib/init-prompts.mjs +248 -247
- package/bin/lib/init-runtime.mjs +225 -212
- package/bin/lib/init.mjs +17 -17
- package/bin/lib/lifecycle-preflight.mjs +360 -333
- package/bin/lib/lifecycle-state.mjs +351 -267
- package/bin/lib/manifest.mjs +116 -114
- package/bin/lib/models.mjs +411 -411
- package/bin/lib/phase.mjs +397 -378
- package/bin/lib/plan-constants.mjs +30 -30
- package/bin/lib/provenance.mjs +109 -106
- package/bin/lib/rendering.mjs +178 -130
- package/bin/lib/runtime-freshness.mjs +221 -219
- package/bin/lib/templates.mjs +225 -224
- package/bin/lib/workspace-root.mjs +132 -0
- package/distilled/DESIGN.md +2347 -2327
- package/distilled/EVIDENCE-INDEX.md +397 -394
- package/distilled/README.md +196 -193
- package/distilled/SKILL.md +86 -85
- package/distilled/templates/agents.block.md +21 -21
- package/distilled/templates/agents.md +6 -6
- package/distilled/templates/approach.md +232 -232
- package/distilled/templates/auth-matrix.md +78 -78
- package/distilled/templates/brownfield-change/CHANGE.md +99 -0
- package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
- package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
- package/distilled/templates/codebase/architecture.md +110 -110
- package/distilled/templates/codebase/concerns.md +95 -95
- package/distilled/templates/codebase/conventions.md +193 -193
- package/distilled/templates/codebase/stack.md +96 -96
- package/distilled/templates/delegates/approach-explorer.md +25 -25
- package/distilled/templates/delegates/mapper-arch.md +26 -26
- package/distilled/templates/delegates/mapper-concerns.md +27 -27
- package/distilled/templates/delegates/mapper-quality.md +28 -28
- package/distilled/templates/delegates/mapper-tech.md +25 -25
- package/distilled/templates/delegates/plan-checker.md +68 -68
- package/distilled/templates/delegates/researcher-architecture.md +30 -30
- package/distilled/templates/delegates/researcher-features.md +30 -30
- package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
- package/distilled/templates/delegates/researcher-stack.md +30 -30
- package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
- package/distilled/templates/research/architecture.md +57 -57
- package/distilled/templates/research/features.md +23 -23
- package/distilled/templates/research/pitfalls.md +46 -46
- package/distilled/templates/research/stack.md +45 -45
- package/distilled/templates/research/summary.md +67 -67
- package/distilled/templates/roadmap.md +74 -62
- package/distilled/templates/spec.md +110 -110
- package/distilled/workflows/audit-milestone.md +275 -271
- package/distilled/workflows/complete-milestone.md +336 -332
- package/distilled/workflows/execute.md +454 -449
- package/distilled/workflows/map-codebase.md +253 -253
- package/distilled/workflows/new-milestone.md +242 -238
- package/distilled/workflows/new-project.md +398 -398
- package/distilled/workflows/pause.md +160 -156
- package/distilled/workflows/plan-milestone-gaps.md +183 -183
- package/distilled/workflows/plan.md +451 -447
- package/distilled/workflows/progress.md +227 -223
- package/distilled/workflows/quick.md +351 -347
- package/distilled/workflows/resume.md +220 -212
- package/distilled/workflows/verify-work.md +260 -260
- package/distilled/workflows/verify.md +431 -429
- package/docs/BROWNFIELD-PROOF.md +95 -95
- package/docs/RUNTIME-SUPPORT.md +93 -75
- package/docs/USER-GUIDE.md +440 -399
- package/docs/VERIFICATION-DISCIPLINE.md +59 -59
- package/docs/claude/context-monitor.md +98 -98
- package/docs/proof/consumer-node-cli/README.md +37 -37
- package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
- package/docs/proof/consumer-node-cli/SPEC.md +17 -17
- package/docs/proof/consumer-node-cli/brief.md +9 -9
- package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
- package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
- package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
- package/package.json +62 -61
|
@@ -1,193 +1,193 @@
|
|
|
1
|
-
# Codebase Conventions
|
|
2
|
-
|
|
3
|
-
**Analysis Date:** [YYYY-MM-DD]
|
|
4
|
-
|
|
5
|
-
<guidelines>
|
|
6
|
-
- This document is durable intent (rules/patterns), not a directory dump.
|
|
7
|
-
- Be prescriptive. If 80%+ of the codebase follows a pattern, document it as a rule ("Use X"), not as a survey ("Sometimes X").
|
|
8
|
-
- Every non-trivial claim must include at least one concrete file path example.
|
|
9
|
-
- Prefer "how to do it here" over general best practices.
|
|
10
|
-
- Capture testing and mocking boundaries explicitly ("what NOT to mock"). Missing boundaries cause broken tests and slow CI.
|
|
11
|
-
- Capture external integration patterns (webhook verification, auth session management). Missing these causes security vulnerabilities.
|
|
12
|
-
</guidelines>
|
|
13
|
-
|
|
14
|
-
## Naming Patterns
|
|
15
|
-
|
|
16
|
-
Files:
|
|
17
|
-
- [Pattern observed]
|
|
18
|
-
|
|
19
|
-
Functions:
|
|
20
|
-
- [Pattern observed]
|
|
21
|
-
|
|
22
|
-
Variables:
|
|
23
|
-
- [Pattern observed]
|
|
24
|
-
|
|
25
|
-
Types:
|
|
26
|
-
- [Pattern observed]
|
|
27
|
-
|
|
28
|
-
## Code Style
|
|
29
|
-
|
|
30
|
-
Formatting:
|
|
31
|
-
- Tool: [Tool used]
|
|
32
|
-
- Key settings: [Key settings]
|
|
33
|
-
|
|
34
|
-
Linting:
|
|
35
|
-
- Tool: [Tool used]
|
|
36
|
-
- Key rules: [Key rules]
|
|
37
|
-
|
|
38
|
-
## Import Organization
|
|
39
|
-
|
|
40
|
-
Order:
|
|
41
|
-
1. [First group]
|
|
42
|
-
2. [Second group]
|
|
43
|
-
3. [Third group]
|
|
44
|
-
|
|
45
|
-
Path aliases:
|
|
46
|
-
- [Aliases used]
|
|
47
|
-
|
|
48
|
-
## Error Handling
|
|
49
|
-
|
|
50
|
-
Patterns:
|
|
51
|
-
- [How errors are handled]
|
|
52
|
-
- Examples: `[file paths]`
|
|
53
|
-
|
|
54
|
-
## Logging
|
|
55
|
-
|
|
56
|
-
Framework:
|
|
57
|
-
- [Tool or "console"]
|
|
58
|
-
|
|
59
|
-
Patterns:
|
|
60
|
-
- [When/how to log]
|
|
61
|
-
- Examples: `[file paths]`
|
|
62
|
-
|
|
63
|
-
## Module / Function Design
|
|
64
|
-
|
|
65
|
-
Function size:
|
|
66
|
-
- [Guidelines]
|
|
67
|
-
|
|
68
|
-
Parameters:
|
|
69
|
-
- [Pattern]
|
|
70
|
-
|
|
71
|
-
Return values:
|
|
72
|
-
- [Pattern]
|
|
73
|
-
|
|
74
|
-
Exports:
|
|
75
|
-
- [Pattern]
|
|
76
|
-
|
|
77
|
-
## Convention Adoption Rates
|
|
78
|
-
|
|
79
|
-
For each major convention documented above, estimate adoption rate using grep-counting (count occurrences in production source files, exclude `node_modules`, `vendor`, generated files). Use the format `~N% (stable|rising|declining)`.
|
|
80
|
-
|
|
81
|
-
- Pattern requires ≥5 occurrences to estimate; below that, write "prevalence unknown — seen in multiple files."
|
|
82
|
-
- Trend signal: stable = consistent across file age, rising = newer files adopt more, declining = older files adopt more.
|
|
83
|
-
|
|
84
|
-
Examples:
|
|
85
|
-
- Constructor injection: `~84% (declining)` — 37 of 44 service classes; newer files use factory functions
|
|
86
|
-
- camelCase exports: `~100% (stable)` — enforced by lint rule, zero violations found
|
|
87
|
-
- Inline error handling: `~62% (rising)` — 18 of 29 handlers; recent PRs consistently use this
|
|
88
|
-
|
|
89
|
-
Replace examples with findings from this codebase.
|
|
90
|
-
|
|
91
|
-
## Testing And Mocking (High-Leverage)
|
|
92
|
-
|
|
93
|
-
Test types used:
|
|
94
|
-
- Unit: [yes/no] (runner: [tool]) - examples: `[file paths]`
|
|
95
|
-
- Integration: [yes/no] - examples: `[file paths]`
|
|
96
|
-
- E2E: [yes/no] - examples: `[file paths]`
|
|
97
|
-
|
|
98
|
-
Where tests live:
|
|
99
|
-
- Unit tests: `[path pattern]`
|
|
100
|
-
- Integration tests: `[path pattern]`
|
|
101
|
-
- E2E tests: `[path pattern]`
|
|
102
|
-
|
|
103
|
-
Fixtures and factories:
|
|
104
|
-
- Where fixtures live: `[path pattern]`
|
|
105
|
-
- Preferred factory pattern: [pattern]
|
|
106
|
-
|
|
107
|
-
Mocking boundaries (explicit):
|
|
108
|
-
- Do mock: [what is safe to mock here]
|
|
109
|
-
- Do NOT mock: [what must remain real]
|
|
110
|
-
- Why: [rationale grounded in this codebase]
|
|
111
|
-
- Examples: `[file paths]`
|
|
112
|
-
|
|
113
|
-
External calls:
|
|
114
|
-
- Network calls in tests: [allowed/blocked]
|
|
115
|
-
- How HTTP is stubbed: [pattern] - examples: `[file paths]`
|
|
116
|
-
- DB usage in tests: [pattern] - examples: `[file paths]`
|
|
117
|
-
|
|
118
|
-
CI reliability rules:
|
|
119
|
-
- Timeouts: [standard value if any]
|
|
120
|
-
- Flake policy: [rerun policy or "none"]
|
|
121
|
-
- Test parallelism constraints: [if any]
|
|
122
|
-
|
|
123
|
-
<good_examples>
|
|
124
|
-
Example (good):
|
|
125
|
-
- "All HTTP clients must be injected via `src/lib/http/client.ts` and mocked via `test/utils/mockHttp.ts` (do NOT mock `fetch` directly). See `src/services/billing.ts` and `test/services/billing.test.ts`."
|
|
126
|
-
- "Integration tests use a real Postgres via Docker Compose. Do NOT mock DB queries; instead use `test/fixtures/dbSeed.ts`. See `test/integration/users.test.ts`."
|
|
127
|
-
|
|
128
|
-
Example (bad):
|
|
129
|
-
- "We use Jest and sometimes integration tests." (no paths, no boundaries, no rules)
|
|
130
|
-
</good_examples>
|
|
131
|
-
|
|
132
|
-
## External Integration Patterns (Security-Critical)
|
|
133
|
-
|
|
134
|
-
Capture these only if external integrations exist. Missing these causes subtle security bugs.
|
|
135
|
-
|
|
136
|
-
### Webhook Verification
|
|
137
|
-
- Webhook endpoints: `[paths]`
|
|
138
|
-
- Signature verification method: [HMAC-SHA256 / provider-specific / none]
|
|
139
|
-
- Where verification happens: `[file path]` (middleware? route handler?)
|
|
140
|
-
- Verified before or after parsing payload: [before — always verify raw body]
|
|
141
|
-
- Do NOT: parse JSON before verifying signature (timing attacks)
|
|
142
|
-
- Examples: `[file paths for webhook handlers]`
|
|
143
|
-
|
|
144
|
-
### Authentication and Session Management
|
|
145
|
-
- Auth provider: [JWT / session cookie / OAuth / API key / none]
|
|
146
|
-
- Token storage (client): [httpOnly cookie / localStorage / memory]
|
|
147
|
-
- Token storage (server): [Redis / DB / stateless]
|
|
148
|
-
- Refresh logic: [how tokens are refreshed, where that code lives]
|
|
149
|
-
- Where auth is enforced: [middleware path / per-route / both]
|
|
150
|
-
- Protected vs public routes: [pattern or file]
|
|
151
|
-
- Do NOT: store tokens in localStorage for sensitive apps (XSS risk)
|
|
152
|
-
- Examples: `[file paths for auth middleware]`
|
|
153
|
-
|
|
154
|
-
### Environment Configuration
|
|
155
|
-
- Config loading: `[file path]` (e.g., `src/config/index.ts`)
|
|
156
|
-
- Environment-specific overrides: [dev/staging/prod distinction]
|
|
157
|
-
- Secrets access pattern: [env var / secrets manager / vault]
|
|
158
|
-
- Do NOT: hardcode secrets; do NOT commit `.env` files
|
|
159
|
-
- Examples: `[file paths]`
|
|
160
|
-
|
|
161
|
-
### Observability Hooks
|
|
162
|
-
- Request logging: [tool + where it's configured]
|
|
163
|
-
- Error tracking: [tool + integration file path]
|
|
164
|
-
- Performance monitoring: [tool + integration point]
|
|
165
|
-
- Health check endpoint: `[path]` (e.g., `/health`)
|
|
166
|
-
- Examples: `[file paths]`
|
|
167
|
-
|
|
168
|
-
<good_examples>
|
|
169
|
-
Example (good):
|
|
170
|
-
- "Stripe webhooks are verified via `src/webhooks/stripe.ts:verifyStripeSignature()` using the raw request body before JSON parsing. Do NOT route Stripe events through the JSON body parser middleware. See `src/middleware/webhooks.ts`."
|
|
171
|
-
- "Auth tokens are httpOnly cookies (not localStorage). Refresh happens via `src/auth/refresh.ts` called by the global axios interceptor. Token expiry = 15min access, 7-day refresh. See `src/lib/http.ts`."
|
|
172
|
-
- "All secrets come from env vars loaded via `src/config/env.ts`. Never read `process.env` directly outside that file. Dev/staging/prod configs are in `.env.example`, `.env.staging`, `.env.production` (secrets redacted, committed)."
|
|
173
|
-
|
|
174
|
-
Example (bad):
|
|
175
|
-
- "We use JWT and have some webhooks." (no paths, no security rules, no boundaries)
|
|
176
|
-
</good_examples>
|
|
177
|
-
|
|
178
|
-
## Golden Files
|
|
179
|
-
|
|
180
|
-
Identify 3–5 files that best exemplify this codebase's conventions. Selection algorithm: highest density of documented conventions in production feature files (not scaffolding, not generated code, not test files).
|
|
181
|
-
|
|
182
|
-
Format: `file path — what makes it a good example`
|
|
183
|
-
|
|
184
|
-
- `[path/to/file.ts]` — [which conventions it demonstrates, e.g., "named exports, constructor injection, custom error class, full test coverage"]
|
|
185
|
-
- `[path/to/file.ts]` — [conventions it demonstrates]
|
|
186
|
-
- `[path/to/file.ts]` — [conventions it demonstrates]
|
|
187
|
-
|
|
188
|
-
If no single file exemplifies multiple conventions, list the best per-category file instead.
|
|
189
|
-
|
|
190
|
-
---
|
|
191
|
-
|
|
192
|
-
*Convention analysis: [date]*
|
|
193
|
-
|
|
1
|
+
# Codebase Conventions
|
|
2
|
+
|
|
3
|
+
**Analysis Date:** [YYYY-MM-DD]
|
|
4
|
+
|
|
5
|
+
<guidelines>
|
|
6
|
+
- This document is durable intent (rules/patterns), not a directory dump.
|
|
7
|
+
- Be prescriptive. If 80%+ of the codebase follows a pattern, document it as a rule ("Use X"), not as a survey ("Sometimes X").
|
|
8
|
+
- Every non-trivial claim must include at least one concrete file path example.
|
|
9
|
+
- Prefer "how to do it here" over general best practices.
|
|
10
|
+
- Capture testing and mocking boundaries explicitly ("what NOT to mock"). Missing boundaries cause broken tests and slow CI.
|
|
11
|
+
- Capture external integration patterns (webhook verification, auth session management). Missing these causes security vulnerabilities.
|
|
12
|
+
</guidelines>
|
|
13
|
+
|
|
14
|
+
## Naming Patterns
|
|
15
|
+
|
|
16
|
+
Files:
|
|
17
|
+
- [Pattern observed]
|
|
18
|
+
|
|
19
|
+
Functions:
|
|
20
|
+
- [Pattern observed]
|
|
21
|
+
|
|
22
|
+
Variables:
|
|
23
|
+
- [Pattern observed]
|
|
24
|
+
|
|
25
|
+
Types:
|
|
26
|
+
- [Pattern observed]
|
|
27
|
+
|
|
28
|
+
## Code Style
|
|
29
|
+
|
|
30
|
+
Formatting:
|
|
31
|
+
- Tool: [Tool used]
|
|
32
|
+
- Key settings: [Key settings]
|
|
33
|
+
|
|
34
|
+
Linting:
|
|
35
|
+
- Tool: [Tool used]
|
|
36
|
+
- Key rules: [Key rules]
|
|
37
|
+
|
|
38
|
+
## Import Organization
|
|
39
|
+
|
|
40
|
+
Order:
|
|
41
|
+
1. [First group]
|
|
42
|
+
2. [Second group]
|
|
43
|
+
3. [Third group]
|
|
44
|
+
|
|
45
|
+
Path aliases:
|
|
46
|
+
- [Aliases used]
|
|
47
|
+
|
|
48
|
+
## Error Handling
|
|
49
|
+
|
|
50
|
+
Patterns:
|
|
51
|
+
- [How errors are handled]
|
|
52
|
+
- Examples: `[file paths]`
|
|
53
|
+
|
|
54
|
+
## Logging
|
|
55
|
+
|
|
56
|
+
Framework:
|
|
57
|
+
- [Tool or "console"]
|
|
58
|
+
|
|
59
|
+
Patterns:
|
|
60
|
+
- [When/how to log]
|
|
61
|
+
- Examples: `[file paths]`
|
|
62
|
+
|
|
63
|
+
## Module / Function Design
|
|
64
|
+
|
|
65
|
+
Function size:
|
|
66
|
+
- [Guidelines]
|
|
67
|
+
|
|
68
|
+
Parameters:
|
|
69
|
+
- [Pattern]
|
|
70
|
+
|
|
71
|
+
Return values:
|
|
72
|
+
- [Pattern]
|
|
73
|
+
|
|
74
|
+
Exports:
|
|
75
|
+
- [Pattern]
|
|
76
|
+
|
|
77
|
+
## Convention Adoption Rates
|
|
78
|
+
|
|
79
|
+
For each major convention documented above, estimate adoption rate using grep-counting (count occurrences in production source files, exclude `node_modules`, `vendor`, generated files). Use the format `~N% (stable|rising|declining)`.
|
|
80
|
+
|
|
81
|
+
- Pattern requires ≥5 occurrences to estimate; below that, write "prevalence unknown — seen in multiple files."
|
|
82
|
+
- Trend signal: stable = consistent across file age, rising = newer files adopt more, declining = older files adopt more.
|
|
83
|
+
|
|
84
|
+
Examples:
|
|
85
|
+
- Constructor injection: `~84% (declining)` — 37 of 44 service classes; newer files use factory functions
|
|
86
|
+
- camelCase exports: `~100% (stable)` — enforced by lint rule, zero violations found
|
|
87
|
+
- Inline error handling: `~62% (rising)` — 18 of 29 handlers; recent PRs consistently use this
|
|
88
|
+
|
|
89
|
+
Replace examples with findings from this codebase.
|
|
90
|
+
|
|
91
|
+
## Testing And Mocking (High-Leverage)
|
|
92
|
+
|
|
93
|
+
Test types used:
|
|
94
|
+
- Unit: [yes/no] (runner: [tool]) - examples: `[file paths]`
|
|
95
|
+
- Integration: [yes/no] - examples: `[file paths]`
|
|
96
|
+
- E2E: [yes/no] - examples: `[file paths]`
|
|
97
|
+
|
|
98
|
+
Where tests live:
|
|
99
|
+
- Unit tests: `[path pattern]`
|
|
100
|
+
- Integration tests: `[path pattern]`
|
|
101
|
+
- E2E tests: `[path pattern]`
|
|
102
|
+
|
|
103
|
+
Fixtures and factories:
|
|
104
|
+
- Where fixtures live: `[path pattern]`
|
|
105
|
+
- Preferred factory pattern: [pattern]
|
|
106
|
+
|
|
107
|
+
Mocking boundaries (explicit):
|
|
108
|
+
- Do mock: [what is safe to mock here]
|
|
109
|
+
- Do NOT mock: [what must remain real]
|
|
110
|
+
- Why: [rationale grounded in this codebase]
|
|
111
|
+
- Examples: `[file paths]`
|
|
112
|
+
|
|
113
|
+
External calls:
|
|
114
|
+
- Network calls in tests: [allowed/blocked]
|
|
115
|
+
- How HTTP is stubbed: [pattern] - examples: `[file paths]`
|
|
116
|
+
- DB usage in tests: [pattern] - examples: `[file paths]`
|
|
117
|
+
|
|
118
|
+
CI reliability rules:
|
|
119
|
+
- Timeouts: [standard value if any]
|
|
120
|
+
- Flake policy: [rerun policy or "none"]
|
|
121
|
+
- Test parallelism constraints: [if any]
|
|
122
|
+
|
|
123
|
+
<good_examples>
|
|
124
|
+
Example (good):
|
|
125
|
+
- "All HTTP clients must be injected via `src/lib/http/client.ts` and mocked via `test/utils/mockHttp.ts` (do NOT mock `fetch` directly). See `src/services/billing.ts` and `test/services/billing.test.ts`."
|
|
126
|
+
- "Integration tests use a real Postgres via Docker Compose. Do NOT mock DB queries; instead use `test/fixtures/dbSeed.ts`. See `test/integration/users.test.ts`."
|
|
127
|
+
|
|
128
|
+
Example (bad):
|
|
129
|
+
- "We use Jest and sometimes integration tests." (no paths, no boundaries, no rules)
|
|
130
|
+
</good_examples>
|
|
131
|
+
|
|
132
|
+
## External Integration Patterns (Security-Critical)
|
|
133
|
+
|
|
134
|
+
Capture these only if external integrations exist. Missing these causes subtle security bugs.
|
|
135
|
+
|
|
136
|
+
### Webhook Verification
|
|
137
|
+
- Webhook endpoints: `[paths]`
|
|
138
|
+
- Signature verification method: [HMAC-SHA256 / provider-specific / none]
|
|
139
|
+
- Where verification happens: `[file path]` (middleware? route handler?)
|
|
140
|
+
- Verified before or after parsing payload: [before — always verify raw body]
|
|
141
|
+
- Do NOT: parse JSON before verifying signature (timing attacks)
|
|
142
|
+
- Examples: `[file paths for webhook handlers]`
|
|
143
|
+
|
|
144
|
+
### Authentication and Session Management
|
|
145
|
+
- Auth provider: [JWT / session cookie / OAuth / API key / none]
|
|
146
|
+
- Token storage (client): [httpOnly cookie / localStorage / memory]
|
|
147
|
+
- Token storage (server): [Redis / DB / stateless]
|
|
148
|
+
- Refresh logic: [how tokens are refreshed, where that code lives]
|
|
149
|
+
- Where auth is enforced: [middleware path / per-route / both]
|
|
150
|
+
- Protected vs public routes: [pattern or file]
|
|
151
|
+
- Do NOT: store tokens in localStorage for sensitive apps (XSS risk)
|
|
152
|
+
- Examples: `[file paths for auth middleware]`
|
|
153
|
+
|
|
154
|
+
### Environment Configuration
|
|
155
|
+
- Config loading: `[file path]` (e.g., `src/config/index.ts`)
|
|
156
|
+
- Environment-specific overrides: [dev/staging/prod distinction]
|
|
157
|
+
- Secrets access pattern: [env var / secrets manager / vault]
|
|
158
|
+
- Do NOT: hardcode secrets; do NOT commit `.env` files
|
|
159
|
+
- Examples: `[file paths]`
|
|
160
|
+
|
|
161
|
+
### Observability Hooks
|
|
162
|
+
- Request logging: [tool + where it's configured]
|
|
163
|
+
- Error tracking: [tool + integration file path]
|
|
164
|
+
- Performance monitoring: [tool + integration point]
|
|
165
|
+
- Health check endpoint: `[path]` (e.g., `/health`)
|
|
166
|
+
- Examples: `[file paths]`
|
|
167
|
+
|
|
168
|
+
<good_examples>
|
|
169
|
+
Example (good):
|
|
170
|
+
- "Stripe webhooks are verified via `src/webhooks/stripe.ts:verifyStripeSignature()` using the raw request body before JSON parsing. Do NOT route Stripe events through the JSON body parser middleware. See `src/middleware/webhooks.ts`."
|
|
171
|
+
- "Auth tokens are httpOnly cookies (not localStorage). Refresh happens via `src/auth/refresh.ts` called by the global axios interceptor. Token expiry = 15min access, 7-day refresh. See `src/lib/http.ts`."
|
|
172
|
+
- "All secrets come from env vars loaded via `src/config/env.ts`. Never read `process.env` directly outside that file. Dev/staging/prod configs are in `.env.example`, `.env.staging`, `.env.production` (secrets redacted, committed)."
|
|
173
|
+
|
|
174
|
+
Example (bad):
|
|
175
|
+
- "We use JWT and have some webhooks." (no paths, no security rules, no boundaries)
|
|
176
|
+
</good_examples>
|
|
177
|
+
|
|
178
|
+
## Golden Files
|
|
179
|
+
|
|
180
|
+
Identify 3–5 files that best exemplify this codebase's conventions. Selection algorithm: highest density of documented conventions in production feature files (not scaffolding, not generated code, not test files).
|
|
181
|
+
|
|
182
|
+
Format: `file path — what makes it a good example`
|
|
183
|
+
|
|
184
|
+
- `[path/to/file.ts]` — [which conventions it demonstrates, e.g., "named exports, constructor injection, custom error class, full test coverage"]
|
|
185
|
+
- `[path/to/file.ts]` — [conventions it demonstrates]
|
|
186
|
+
- `[path/to/file.ts]` — [conventions it demonstrates]
|
|
187
|
+
|
|
188
|
+
If no single file exemplifies multiple conventions, list the best per-category file instead.
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
*Convention analysis: [date]*
|
|
193
|
+
|
|
@@ -1,96 +1,96 @@
|
|
|
1
|
-
# Codebase Stack
|
|
2
|
-
|
|
3
|
-
**Analysis Date:** [YYYY-MM-DD]
|
|
4
|
-
|
|
5
|
-
<guidelines>
|
|
6
|
-
- List versions only when they matter (compatibility, breaking changes, reproducibility).
|
|
7
|
-
- Prefer commands and sources of truth (package.json, lockfiles, tool config) over memory.
|
|
8
|
-
- Capture the minimum needed for another agent to run, test, and ship changes safely.
|
|
9
|
-
- Include concrete commands and file paths.
|
|
10
|
-
</guidelines>
|
|
11
|
-
|
|
12
|
-
## Languages
|
|
13
|
-
|
|
14
|
-
Primary:
|
|
15
|
-
- [Language] [Version if relevant] - used in: `[paths]`
|
|
16
|
-
|
|
17
|
-
Secondary:
|
|
18
|
-
- [Language] [Version if relevant] - used in: `[paths]`
|
|
19
|
-
|
|
20
|
-
## Runtime
|
|
21
|
-
|
|
22
|
-
Environment:
|
|
23
|
-
- [Runtime] [Version if relevant]
|
|
24
|
-
|
|
25
|
-
Package manager:
|
|
26
|
-
- [Manager] [Version if relevant]
|
|
27
|
-
- Lockfile: [present/missing] - `[path]`
|
|
28
|
-
|
|
29
|
-
## Frameworks And Tooling
|
|
30
|
-
|
|
31
|
-
Core framework(s):
|
|
32
|
-
- [Framework] [Version if relevant] - purpose: [purpose]
|
|
33
|
-
|
|
34
|
-
Testing:
|
|
35
|
-
- [Tool] [Version if relevant] - purpose: [purpose]
|
|
36
|
-
|
|
37
|
-
Build / dev:
|
|
38
|
-
- [Tool] [Version if relevant] - purpose: [purpose]
|
|
39
|
-
|
|
40
|
-
Lint / format:
|
|
41
|
-
- [Tool] - config: `[path]`
|
|
42
|
-
|
|
43
|
-
## Key Dependencies (Only What Drives Architecture)
|
|
44
|
-
|
|
45
|
-
Critical libraries:
|
|
46
|
-
- [Package] - why it matters: [reason] - examples: `[paths]`
|
|
47
|
-
|
|
48
|
-
Infra/observability:
|
|
49
|
-
- [Package] - purpose: [reason] - config: `[paths]`
|
|
50
|
-
|
|
51
|
-
## Must-Know Packages
|
|
52
|
-
|
|
53
|
-
Flag 3–5 packages that new contributors must understand before making changes. These are not necessarily the most-used packages — they are the ones where misuse causes hard-to-debug problems.
|
|
54
|
-
|
|
55
|
-
Each entry: `package-name — why it's critical — risk: low|medium|high — common mistake: what goes wrong`
|
|
56
|
-
|
|
57
|
-
Risk levels: low (causes build errors — immediately visible), medium (causes runtime bugs — visible in testing), high (causes data corruption or silent failures — hard to detect).
|
|
58
|
-
|
|
59
|
-
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
60
|
-
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
61
|
-
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
62
|
-
|
|
63
|
-
## How To Run
|
|
64
|
-
|
|
65
|
-
Install:
|
|
66
|
-
- Command(s): `[commands]`
|
|
67
|
-
|
|
68
|
-
Dev:
|
|
69
|
-
- Command(s): `[commands]`
|
|
70
|
-
|
|
71
|
-
Test:
|
|
72
|
-
- Command(s): `[commands]`
|
|
73
|
-
|
|
74
|
-
Build:
|
|
75
|
-
- Command(s): `[commands]`
|
|
76
|
-
|
|
77
|
-
## Configuration
|
|
78
|
-
|
|
79
|
-
Env:
|
|
80
|
-
- How configured: [dotenv, env vars, config files]
|
|
81
|
-
- Key config files: `[paths]`
|
|
82
|
-
|
|
83
|
-
CI/CD:
|
|
84
|
-
- CI location: `[path]`
|
|
85
|
-
- Main checks: [list]
|
|
86
|
-
|
|
87
|
-
<good_examples>
|
|
88
|
-
Example (good):
|
|
89
|
-
- "Node 20, pnpm. Install: `pnpm i`. Tests: `pnpm test` (Vitest) + `pnpm test:e2e` (Playwright). Formatting: Prettier (`.prettierrc`). Lint: ESLint (`eslint.config.mjs`)."
|
|
90
|
-
- "DB migrations run via `pnpm db:migrate` (see `package.json` scripts)."
|
|
91
|
-
</good_examples>
|
|
92
|
-
|
|
93
|
-
---
|
|
94
|
-
|
|
95
|
-
*Stack analysis: [date]*
|
|
96
|
-
|
|
1
|
+
# Codebase Stack
|
|
2
|
+
|
|
3
|
+
**Analysis Date:** [YYYY-MM-DD]
|
|
4
|
+
|
|
5
|
+
<guidelines>
|
|
6
|
+
- List versions only when they matter (compatibility, breaking changes, reproducibility).
|
|
7
|
+
- Prefer commands and sources of truth (package.json, lockfiles, tool config) over memory.
|
|
8
|
+
- Capture the minimum needed for another agent to run, test, and ship changes safely.
|
|
9
|
+
- Include concrete commands and file paths.
|
|
10
|
+
</guidelines>
|
|
11
|
+
|
|
12
|
+
## Languages
|
|
13
|
+
|
|
14
|
+
Primary:
|
|
15
|
+
- [Language] [Version if relevant] - used in: `[paths]`
|
|
16
|
+
|
|
17
|
+
Secondary:
|
|
18
|
+
- [Language] [Version if relevant] - used in: `[paths]`
|
|
19
|
+
|
|
20
|
+
## Runtime
|
|
21
|
+
|
|
22
|
+
Environment:
|
|
23
|
+
- [Runtime] [Version if relevant]
|
|
24
|
+
|
|
25
|
+
Package manager:
|
|
26
|
+
- [Manager] [Version if relevant]
|
|
27
|
+
- Lockfile: [present/missing] - `[path]`
|
|
28
|
+
|
|
29
|
+
## Frameworks And Tooling
|
|
30
|
+
|
|
31
|
+
Core framework(s):
|
|
32
|
+
- [Framework] [Version if relevant] - purpose: [purpose]
|
|
33
|
+
|
|
34
|
+
Testing:
|
|
35
|
+
- [Tool] [Version if relevant] - purpose: [purpose]
|
|
36
|
+
|
|
37
|
+
Build / dev:
|
|
38
|
+
- [Tool] [Version if relevant] - purpose: [purpose]
|
|
39
|
+
|
|
40
|
+
Lint / format:
|
|
41
|
+
- [Tool] - config: `[path]`
|
|
42
|
+
|
|
43
|
+
## Key Dependencies (Only What Drives Architecture)
|
|
44
|
+
|
|
45
|
+
Critical libraries:
|
|
46
|
+
- [Package] - why it matters: [reason] - examples: `[paths]`
|
|
47
|
+
|
|
48
|
+
Infra/observability:
|
|
49
|
+
- [Package] - purpose: [reason] - config: `[paths]`
|
|
50
|
+
|
|
51
|
+
## Must-Know Packages
|
|
52
|
+
|
|
53
|
+
Flag 3–5 packages that new contributors must understand before making changes. These are not necessarily the most-used packages — they are the ones where misuse causes hard-to-debug problems.
|
|
54
|
+
|
|
55
|
+
Each entry: `package-name — why it's critical — risk: low|medium|high — common mistake: what goes wrong`
|
|
56
|
+
|
|
57
|
+
Risk levels: low (causes build errors — immediately visible), medium (causes runtime bugs — visible in testing), high (causes data corruption or silent failures — hard to detect).
|
|
58
|
+
|
|
59
|
+
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
60
|
+
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
61
|
+
- `[package]` — [why critical] — risk: [level] — common mistake: [what goes wrong]
|
|
62
|
+
|
|
63
|
+
## How To Run
|
|
64
|
+
|
|
65
|
+
Install:
|
|
66
|
+
- Command(s): `[commands]`
|
|
67
|
+
|
|
68
|
+
Dev:
|
|
69
|
+
- Command(s): `[commands]`
|
|
70
|
+
|
|
71
|
+
Test:
|
|
72
|
+
- Command(s): `[commands]`
|
|
73
|
+
|
|
74
|
+
Build:
|
|
75
|
+
- Command(s): `[commands]`
|
|
76
|
+
|
|
77
|
+
## Configuration
|
|
78
|
+
|
|
79
|
+
Env:
|
|
80
|
+
- How configured: [dotenv, env vars, config files]
|
|
81
|
+
- Key config files: `[paths]`
|
|
82
|
+
|
|
83
|
+
CI/CD:
|
|
84
|
+
- CI location: `[path]`
|
|
85
|
+
- Main checks: [list]
|
|
86
|
+
|
|
87
|
+
<good_examples>
|
|
88
|
+
Example (good):
|
|
89
|
+
- "Node 20, pnpm. Install: `pnpm i`. Tests: `pnpm test` (Vitest) + `pnpm test:e2e` (Playwright). Formatting: Prettier (`.prettierrc`). Lint: ESLint (`eslint.config.mjs`)."
|
|
90
|
+
- "DB migrations run via `pnpm db:migrate` (see `package.json` scripts)."
|
|
91
|
+
</good_examples>
|
|
92
|
+
|
|
93
|
+
---
|
|
94
|
+
|
|
95
|
+
*Stack analysis: [date]*
|
|
96
|
+
|
|
@@ -1,25 +1,25 @@
|
|
|
1
|
-
**Role contract:** Read `.planning/templates/roles/approach-explorer.md` before starting. Follow its algorithm, scope, anti-patterns, and quality standards.
|
|
2
|
-
|
|
3
|
-
You are the approach explorer delegate for the plan workflow.
|
|
4
|
-
|
|
5
|
-
**Your job:** Identify gray areas in the target phase, research viable approaches for technical decisions, conduct an adaptive conversation with the user to capture locked decisions, and write APPROACH.md to the phase directory.
|
|
6
|
-
|
|
7
|
-
Read only the explicit inputs provided by the orchestrator:
|
|
8
|
-
- target phase goal and requirement IDs from `.planning/ROADMAP.md`
|
|
9
|
-
- locked decisions and deferred items from `.planning/SPEC.md`
|
|
10
|
-
- phase research file (if exists)
|
|
11
|
-
- relevant codebase files (existing patterns and conventions)
|
|
12
|
-
- approach template at `.planning/templates/approach.md`
|
|
13
|
-
|
|
14
|
-
## Gray Area Classification
|
|
15
|
-
|
|
16
|
-
Classify each gray area before acting on it:
|
|
17
|
-
- **Taste:** Ask directly, no research needed
|
|
18
|
-
- **Technical:** Research 2-3 approaches first, then present with trade-offs
|
|
19
|
-
- **Hybrid:** Research the technical part, ask about taste
|
|
20
|
-
|
|
21
|
-
## Output
|
|
22
|
-
|
|
23
|
-
Write `{padded_phase}-APPROACH.md` to the phase directory using the approach template.
|
|
24
|
-
|
|
25
|
-
Return structured summary: gray areas explored, decisions captured, assumptions validated/corrected, deferred ideas, path to APPROACH.md.
|
|
1
|
+
**Role contract:** Read `.planning/templates/roles/approach-explorer.md` before starting. Follow its algorithm, scope, anti-patterns, and quality standards.
|
|
2
|
+
|
|
3
|
+
You are the approach explorer delegate for the plan workflow.
|
|
4
|
+
|
|
5
|
+
**Your job:** Identify gray areas in the target phase, research viable approaches for technical decisions, conduct an adaptive conversation with the user to capture locked decisions, and write APPROACH.md to the phase directory.
|
|
6
|
+
|
|
7
|
+
Read only the explicit inputs provided by the orchestrator:
|
|
8
|
+
- target phase goal and requirement IDs from `.planning/ROADMAP.md`
|
|
9
|
+
- locked decisions and deferred items from `.planning/SPEC.md`
|
|
10
|
+
- phase research file (if exists)
|
|
11
|
+
- relevant codebase files (existing patterns and conventions)
|
|
12
|
+
- approach template at `.planning/templates/approach.md`
|
|
13
|
+
|
|
14
|
+
## Gray Area Classification
|
|
15
|
+
|
|
16
|
+
Classify each gray area before acting on it:
|
|
17
|
+
- **Taste:** Ask directly, no research needed
|
|
18
|
+
- **Technical:** Research 2-3 approaches first, then present with trade-offs
|
|
19
|
+
- **Hybrid:** Research the technical part, ask about taste
|
|
20
|
+
|
|
21
|
+
## Output
|
|
22
|
+
|
|
23
|
+
Write `{padded_phase}-APPROACH.md` to the phase directory using the approach template.
|
|
24
|
+
|
|
25
|
+
Return structured summary: gray areas explored, decisions captured, assumptions validated/corrected, deferred ideas, path to APPROACH.md.
|