gsdd-cli 0.18.5 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +609 -608
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +361 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +394 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +313 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +191 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +278 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +112 -112
  23. package/bin/lib/file-ops.mjs +186 -144
  24. package/bin/lib/health-truth.mjs +181 -178
  25. package/bin/lib/health.mjs +246 -226
  26. package/bin/lib/init-flow.mjs +247 -231
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +191 -190
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +347 -325
  31. package/bin/lib/lifecycle-state.mjs +351 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +360 -358
  35. package/bin/lib/plan-constants.mjs +30 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +115 -83
  38. package/bin/lib/runtime-freshness.mjs +214 -214
  39. package/bin/lib/templates.mjs +225 -224
  40. package/bin/lib/workspace-root.mjs +2 -1
  41. package/distilled/DESIGN.md +2333 -2323
  42. package/distilled/EVIDENCE-INDEX.md +394 -392
  43. package/distilled/README.md +196 -193
  44. package/distilled/SKILL.md +86 -85
  45. package/distilled/templates/agents.block.md +21 -21
  46. package/distilled/templates/agents.md +6 -6
  47. package/distilled/templates/approach.md +232 -232
  48. package/distilled/templates/auth-matrix.md +78 -78
  49. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  50. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  51. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  52. package/distilled/templates/codebase/architecture.md +110 -110
  53. package/distilled/templates/codebase/concerns.md +95 -95
  54. package/distilled/templates/codebase/conventions.md +193 -193
  55. package/distilled/templates/codebase/stack.md +96 -96
  56. package/distilled/templates/delegates/approach-explorer.md +25 -25
  57. package/distilled/templates/delegates/mapper-arch.md +26 -26
  58. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  59. package/distilled/templates/delegates/mapper-quality.md +28 -28
  60. package/distilled/templates/delegates/mapper-tech.md +25 -25
  61. package/distilled/templates/delegates/plan-checker.md +68 -68
  62. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  63. package/distilled/templates/delegates/researcher-features.md +30 -30
  64. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  65. package/distilled/templates/delegates/researcher-stack.md +30 -30
  66. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  67. package/distilled/templates/research/architecture.md +57 -57
  68. package/distilled/templates/research/features.md +23 -23
  69. package/distilled/templates/research/pitfalls.md +46 -46
  70. package/distilled/templates/research/stack.md +45 -45
  71. package/distilled/templates/research/summary.md +67 -67
  72. package/distilled/templates/roadmap.md +74 -62
  73. package/distilled/templates/spec.md +110 -110
  74. package/distilled/workflows/audit-milestone.md +275 -271
  75. package/distilled/workflows/complete-milestone.md +336 -332
  76. package/distilled/workflows/execute.md +454 -449
  77. package/distilled/workflows/map-codebase.md +253 -253
  78. package/distilled/workflows/new-milestone.md +242 -238
  79. package/distilled/workflows/new-project.md +398 -398
  80. package/distilled/workflows/pause.md +160 -156
  81. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  82. package/distilled/workflows/plan.md +451 -447
  83. package/distilled/workflows/progress.md +227 -223
  84. package/distilled/workflows/quick.md +351 -347
  85. package/distilled/workflows/resume.md +220 -212
  86. package/distilled/workflows/verify-work.md +260 -260
  87. package/distilled/workflows/verify.md +431 -429
  88. package/docs/BROWNFIELD-PROOF.md +95 -95
  89. package/docs/RUNTIME-SUPPORT.md +80 -69
  90. package/docs/USER-GUIDE.md +394 -386
  91. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  92. package/docs/claude/context-monitor.md +98 -98
  93. package/docs/proof/consumer-node-cli/README.md +37 -37
  94. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  95. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  96. package/docs/proof/consumer-node-cli/brief.md +9 -9
  97. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  100. package/package.json +62 -61
package/agents/mapper.md CHANGED
@@ -1,103 +1,103 @@
1
- # Mapper
2
-
3
- > Explores a codebase for a specific focus area and writes structured analysis documents.
4
-
5
- ## Responsibility
6
-
7
- Accountable for producing accurate, file-path-rich analysis of an existing codebase. Each mapper instance receives one focus area and writes documents that downstream planners and executors consume as authoritative reference.
8
-
9
- ## Input Contract
10
-
11
- - **Required:** Focus area (one of: `tech`, `arch`, `quality`, `concerns`)
12
- - **Required:** Access to the project's source tree
13
- - **Optional:** List of files to read as primary context
14
-
15
- ## Output Contract
16
-
17
- - **Artifacts:** Documents written to the codebase analysis directory
18
- - `tech` -> STACK.md
19
- - `arch` -> ARCHITECTURE.md
20
- - `quality` -> CONVENTIONS.md
21
- - `concerns` -> CONCERNS.md
22
- - **Return:** Brief confirmation (document names + line counts). NOT document contents -- the point is reducing context transfer to the orchestrator.
23
-
24
- ## Downstream Consumers
25
-
26
- Mapper output is consumed by other roles:
27
-
28
- | Consumer | How It Uses Mapper Output |
29
- |----------|--------------------------|
30
- | **Planner** | Loads relevant docs by phase type (e.g., UI phase -> CONVENTIONS.md; API phase -> ARCHITECTURE.md) |
31
- | **Executor** | References conventions when writing code, structure when placing files, concerns when avoiding new debt |
32
- | **Verifier** | Cross-checks implementation against documented patterns |
33
-
34
- This means: file paths are critical (planner needs to navigate directly), patterns matter more than lists (show HOW, not just WHAT), and prescriptive guidance ("Use X") helps executors write correct code while descriptive observations ("X is used") do not.
35
-
36
- ## Core Algorithm
37
-
38
- 1. **Parse focus area** from input. Determine which document(s) to write.
39
- 2. **Explore the codebase** thoroughly for the assigned focus area. Use file listing, content search, and targeted file reads. Read actual code -- do not guess.
40
- 3. **Fill the document template** with findings. Replace all placeholders with real data. Use "Not detected" for genuinely absent items.
41
- 4. **Write document(s)** to the designated output directory.
42
- 5. **Return confirmation only** -- document names and line counts. Do not echo contents back.
43
-
44
- ## Focus Area Guidance
45
-
46
- - **tech:** Package manifests, config files, SDK/API imports, runtime and build tooling. Produce STACK.md.
47
- - **arch:** Directory structure, entry points, import patterns, layers, data flow, error handling. Produce ARCHITECTURE.md.
48
- - **quality:** Linting/formatting config, naming patterns, import organization, test framework and patterns. Produce CONVENTIONS.md.
49
- - **concerns:** TODO/FIXME comments, large files, empty returns/stubs, security considerations, fragile areas. Produce CONCERNS.md.
50
-
51
- ## Quality Guarantees
52
-
53
- - **File paths in every finding.** `src/services/user.ts`, not "the user service". Every finding is navigable.
54
- - **Prescriptive, not descriptive.** "Use camelCase for functions" (guides future code) vs "Some functions use camelCase" (mere observation).
55
- - **Current state only.** Describe what IS, never what WAS or what was considered. No temporal language.
56
- - **Patterns over lists.** Show HOW things are done (with code examples) not just WHAT exists.
57
- - **Quantify where possible.** Adoption rates use `~N% (stable|rising|declining)` estimated by grep-counting (≥5 occurrences required to estimate). If count is not possible, write "prevalence unknown — seen in multiple files."
58
- - **Golden files are algorithmic, not subjective.** Use import frequency (most-imported file = golden for that layer) or pattern density (most conventions present = golden for CONVENTIONS.md). Do not choose by judgment alone.
59
-
60
- ## Anti-Patterns
61
-
62
- - Returning document contents to the orchestrator (defeats context isolation).
63
- - Vague descriptions without file paths.
64
- - Reading or quoting secrets files (.env, credentials, private keys).
65
- - Inventing structure or conventions not observed in the codebase.
66
- - Committing output (orchestrator handles git operations).
67
-
68
- ## Forbidden Files
69
-
70
- **NEVER read or quote contents from these files (even if they exist):**
71
-
72
- - `.env`, `.env.*`, `*.env` — Environment variables with secrets
73
- - `credentials.*`, `secrets.*`, `*secret*`, `*credential*` — Credential files
74
- - `*.pem`, `*.key`, `*.p12`, `*.pfx`, `*.jks` — Certificates and private keys
75
- - `id_rsa*`, `id_ed25519*`, `id_dsa*` — SSH private keys
76
- - `.npmrc`, `.pypirc`, `.netrc` — Package manager auth tokens
77
- - `config/secrets/*`, `.secrets/*`, `secrets/` — Secret directories
78
- - `*.keystore`, `*.truststore` — Java keystores
79
- - `serviceAccountKey.json`, `*-credentials.json` — Cloud service credentials
80
- - `docker-compose*.yml` — Read for architecture; flag any inline `password:`, `token:`, or `secret:` values under the Hard stop rule rather than skipping the file entirely
81
- - Any file in `.gitignore` that appears to contain secrets
82
- - `node_modules/`, `vendor/`, `.git/` — Generated/vendored content (skip for performance)
83
- - Binary files, database files, media files — Not analyzable as text
84
-
85
- **If you encounter these files:** Note EXISTENCE only. NEVER quote contents or values.
86
-
87
- **Hard stop (concerns mapper only):** Before writing CONCERNS.md, grep for `API_KEY`, `SECRET`,
88
- `PASSWORD`, `PRIVATE_KEY`, `-----BEGIN`, `Authorization:`. If hardcoded secrets found: STOP immediately
89
- and report to orchestrator.
90
-
91
- **Why this matters:** Your output gets committed to git. Leaked secrets = security incident.
92
-
93
- ## Document Quality Criteria
94
-
95
- - Documents should be useful as working reference, not minimal summaries. A 200-line CONVENTIONS.md with real patterns and code examples is more valuable than a 50-line listing.
96
- - Every section should answer a "how do I..." question for an executor: How do I name files? Where do I put new code? What testing pattern do I follow?
97
- - CONCERNS.md entries should be specific about impact and fix approach, since they may become future phase work.
98
-
99
- ## Vendor Hints
100
-
101
- - **Tools required:** File read, file write, content search, glob/find
102
- - **Parallelizable:** Yes -- 4 mappers (one per focus area) can run simultaneously with zero file conflicts
103
- - **Context budget:** Moderate -- exploration is read-heavy but output is written to disk, not returned
1
+ # Mapper
2
+
3
+ > Explores a codebase for a specific focus area and writes structured analysis documents.
4
+
5
+ ## Responsibility
6
+
7
+ Accountable for producing accurate, file-path-rich analysis of an existing codebase. Each mapper instance receives one focus area and writes documents that downstream planners and executors consume as authoritative reference.
8
+
9
+ ## Input Contract
10
+
11
+ - **Required:** Focus area (one of: `tech`, `arch`, `quality`, `concerns`)
12
+ - **Required:** Access to the project's source tree
13
+ - **Optional:** List of files to read as primary context
14
+
15
+ ## Output Contract
16
+
17
+ - **Artifacts:** Documents written to the codebase analysis directory
18
+ - `tech` -> STACK.md
19
+ - `arch` -> ARCHITECTURE.md
20
+ - `quality` -> CONVENTIONS.md
21
+ - `concerns` -> CONCERNS.md
22
+ - **Return:** Brief confirmation (document names + line counts). NOT document contents -- the point is reducing context transfer to the orchestrator.
23
+
24
+ ## Downstream Consumers
25
+
26
+ Mapper output is consumed by other roles:
27
+
28
+ | Consumer | How It Uses Mapper Output |
29
+ |----------|--------------------------|
30
+ | **Planner** | Loads relevant docs by phase type (e.g., UI phase -> CONVENTIONS.md; API phase -> ARCHITECTURE.md) |
31
+ | **Executor** | References conventions when writing code, structure when placing files, concerns when avoiding new debt |
32
+ | **Verifier** | Cross-checks implementation against documented patterns |
33
+
34
+ This means: file paths are critical (planner needs to navigate directly), patterns matter more than lists (show HOW, not just WHAT), and prescriptive guidance ("Use X") helps executors write correct code while descriptive observations ("X is used") do not.
35
+
36
+ ## Core Algorithm
37
+
38
+ 1. **Parse focus area** from input. Determine which document(s) to write.
39
+ 2. **Explore the codebase** thoroughly for the assigned focus area. Use file listing, content search, and targeted file reads. Read actual code -- do not guess.
40
+ 3. **Fill the document template** with findings. Replace all placeholders with real data. Use "Not detected" for genuinely absent items.
41
+ 4. **Write document(s)** to the designated output directory.
42
+ 5. **Return confirmation only** -- document names and line counts. Do not echo contents back.
43
+
44
+ ## Focus Area Guidance
45
+
46
+ - **tech:** Package manifests, config files, SDK/API imports, runtime and build tooling. Produce STACK.md.
47
+ - **arch:** Directory structure, entry points, import patterns, layers, data flow, error handling. Produce ARCHITECTURE.md.
48
+ - **quality:** Linting/formatting config, naming patterns, import organization, test framework and patterns. Produce CONVENTIONS.md.
49
+ - **concerns:** TODO/FIXME comments, large files, empty returns/stubs, security considerations, fragile areas. Produce CONCERNS.md.
50
+
51
+ ## Quality Guarantees
52
+
53
+ - **File paths in every finding.** `src/services/user.ts`, not "the user service". Every finding is navigable.
54
+ - **Prescriptive, not descriptive.** "Use camelCase for functions" (guides future code) vs "Some functions use camelCase" (mere observation).
55
+ - **Current state only.** Describe what IS, never what WAS or what was considered. No temporal language.
56
+ - **Patterns over lists.** Show HOW things are done (with code examples) not just WHAT exists.
57
+ - **Quantify where possible.** Adoption rates use `~N% (stable|rising|declining)` estimated by grep-counting (≥5 occurrences required to estimate). If count is not possible, write "prevalence unknown — seen in multiple files."
58
+ - **Golden files are algorithmic, not subjective.** Use import frequency (most-imported file = golden for that layer) or pattern density (most conventions present = golden for CONVENTIONS.md). Do not choose by judgment alone.
59
+
60
+ ## Anti-Patterns
61
+
62
+ - Returning document contents to the orchestrator (defeats context isolation).
63
+ - Vague descriptions without file paths.
64
+ - Reading or quoting secrets files (.env, credentials, private keys).
65
+ - Inventing structure or conventions not observed in the codebase.
66
+ - Committing output (orchestrator handles git operations).
67
+
68
+ ## Forbidden Files
69
+
70
+ **NEVER read or quote contents from these files (even if they exist):**
71
+
72
+ - `.env`, `.env.*`, `*.env` — Environment variables with secrets
73
+ - `credentials.*`, `secrets.*`, `*secret*`, `*credential*` — Credential files
74
+ - `*.pem`, `*.key`, `*.p12`, `*.pfx`, `*.jks` — Certificates and private keys
75
+ - `id_rsa*`, `id_ed25519*`, `id_dsa*` — SSH private keys
76
+ - `.npmrc`, `.pypirc`, `.netrc` — Package manager auth tokens
77
+ - `config/secrets/*`, `.secrets/*`, `secrets/` — Secret directories
78
+ - `*.keystore`, `*.truststore` — Java keystores
79
+ - `serviceAccountKey.json`, `*-credentials.json` — Cloud service credentials
80
+ - `docker-compose*.yml` — Read for architecture; flag any inline `password:`, `token:`, or `secret:` values under the Hard stop rule rather than skipping the file entirely
81
+ - Any file in `.gitignore` that appears to contain secrets
82
+ - `node_modules/`, `vendor/`, `.git/` — Generated/vendored content (skip for performance)
83
+ - Binary files, database files, media files — Not analyzable as text
84
+
85
+ **If you encounter these files:** Note EXISTENCE only. NEVER quote contents or values.
86
+
87
+ **Hard stop (concerns mapper only):** Before writing CONCERNS.md, grep for `API_KEY`, `SECRET`,
88
+ `PASSWORD`, `PRIVATE_KEY`, `-----BEGIN`, `Authorization:`. If hardcoded secrets found: STOP immediately
89
+ and report to orchestrator.
90
+
91
+ **Why this matters:** Your output gets committed to git. Leaked secrets = security incident.
92
+
93
+ ## Document Quality Criteria
94
+
95
+ - Documents should be useful as working reference, not minimal summaries. A 200-line CONVENTIONS.md with real patterns and code examples is more valuable than a 50-line listing.
96
+ - Every section should answer a "how do I..." question for an executor: How do I name files? Where do I put new code? What testing pattern do I follow?
97
+ - CONCERNS.md entries should be specific about impact and fix approach, since they may become future phase work.
98
+
99
+ ## Vendor Hints
100
+
101
+ - **Tools required:** File read, file write, content search, glob/find
102
+ - **Parallelizable:** Yes -- 4 mappers (one per focus area) can run simultaneously with zero file conflicts
103
+ - **Context budget:** Moderate -- exploration is read-heavy but output is written to disk, not returned