gsdd-cli 0.18.5 → 0.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +610 -608
  3. package/agents/DISTILLATION.md +421 -421
  4. package/agents/README.md +62 -62
  5. package/agents/approach-explorer.md +370 -361
  6. package/agents/debugger.md +82 -82
  7. package/agents/executor.md +473 -394
  8. package/agents/integration-checker.md +318 -318
  9. package/agents/mapper.md +103 -103
  10. package/agents/planner.md +342 -313
  11. package/agents/researcher.md +84 -84
  12. package/agents/roadmapper.md +296 -296
  13. package/agents/synthesizer.md +236 -236
  14. package/agents/verifier.md +337 -337
  15. package/bin/adapters/agents.mjs +34 -34
  16. package/bin/adapters/claude.mjs +193 -191
  17. package/bin/adapters/codex.mjs +85 -85
  18. package/bin/adapters/index.mjs +20 -20
  19. package/bin/adapters/opencode.mjs +280 -278
  20. package/bin/gsdd.mjs +123 -116
  21. package/bin/lib/cli-utils.mjs +28 -28
  22. package/bin/lib/evidence-contract.mjs +325 -112
  23. package/bin/lib/file-ops.mjs +186 -144
  24. package/bin/lib/health-truth.mjs +196 -178
  25. package/bin/lib/health.mjs +246 -226
  26. package/bin/lib/init-flow.mjs +247 -231
  27. package/bin/lib/init-prompts.mjs +248 -247
  28. package/bin/lib/init-runtime.mjs +193 -190
  29. package/bin/lib/init.mjs +17 -17
  30. package/bin/lib/lifecycle-preflight.mjs +760 -326
  31. package/bin/lib/lifecycle-state.mjs +356 -267
  32. package/bin/lib/manifest.mjs +116 -114
  33. package/bin/lib/models.mjs +411 -411
  34. package/bin/lib/phase.mjs +365 -358
  35. package/bin/lib/plan-constants.mjs +35 -30
  36. package/bin/lib/provenance.mjs +109 -106
  37. package/bin/lib/rendering.mjs +119 -83
  38. package/bin/lib/runtime-freshness.mjs +214 -214
  39. package/bin/lib/session-fingerprint.mjs +91 -14
  40. package/bin/lib/templates.mjs +225 -224
  41. package/bin/lib/workspace-root.mjs +2 -1
  42. package/distilled/DESIGN.md +2461 -2323
  43. package/distilled/EVIDENCE-INDEX.md +418 -392
  44. package/distilled/README.md +196 -193
  45. package/distilled/SKILL.md +86 -85
  46. package/distilled/templates/agents.block.md +21 -21
  47. package/distilled/templates/agents.md +6 -6
  48. package/distilled/templates/approach.md +272 -232
  49. package/distilled/templates/auth-matrix.md +78 -78
  50. package/distilled/templates/brownfield-change/CHANGE.md +99 -0
  51. package/distilled/templates/brownfield-change/HANDOFF.md +38 -0
  52. package/distilled/templates/brownfield-change/VERIFICATION.md +56 -0
  53. package/distilled/templates/codebase/architecture.md +110 -110
  54. package/distilled/templates/codebase/concerns.md +95 -95
  55. package/distilled/templates/codebase/conventions.md +193 -193
  56. package/distilled/templates/codebase/stack.md +96 -96
  57. package/distilled/templates/delegates/approach-explorer.md +28 -25
  58. package/distilled/templates/delegates/mapper-arch.md +26 -26
  59. package/distilled/templates/delegates/mapper-concerns.md +27 -27
  60. package/distilled/templates/delegates/mapper-quality.md +28 -28
  61. package/distilled/templates/delegates/mapper-tech.md +25 -25
  62. package/distilled/templates/delegates/plan-checker.md +78 -68
  63. package/distilled/templates/delegates/researcher-architecture.md +30 -30
  64. package/distilled/templates/delegates/researcher-features.md +30 -30
  65. package/distilled/templates/delegates/researcher-pitfalls.md +30 -30
  66. package/distilled/templates/delegates/researcher-stack.md +30 -30
  67. package/distilled/templates/delegates/researcher-synthesizer.md +31 -31
  68. package/distilled/templates/research/architecture.md +57 -57
  69. package/distilled/templates/research/features.md +23 -23
  70. package/distilled/templates/research/pitfalls.md +46 -46
  71. package/distilled/templates/research/stack.md +45 -45
  72. package/distilled/templates/research/summary.md +67 -67
  73. package/distilled/templates/roadmap.md +74 -62
  74. package/distilled/templates/spec.md +110 -110
  75. package/distilled/workflows/audit-milestone.md +303 -271
  76. package/distilled/workflows/complete-milestone.md +349 -332
  77. package/distilled/workflows/execute.md +457 -450
  78. package/distilled/workflows/map-codebase.md +253 -253
  79. package/distilled/workflows/new-milestone.md +242 -238
  80. package/distilled/workflows/new-project.md +398 -398
  81. package/distilled/workflows/pause.md +160 -156
  82. package/distilled/workflows/plan-milestone-gaps.md +183 -183
  83. package/distilled/workflows/plan.md +454 -448
  84. package/distilled/workflows/progress.md +227 -223
  85. package/distilled/workflows/quick.md +351 -347
  86. package/distilled/workflows/resume.md +220 -212
  87. package/distilled/workflows/verify-work.md +260 -260
  88. package/distilled/workflows/verify.md +431 -429
  89. package/docs/BROWNFIELD-PROOF.md +95 -95
  90. package/docs/RUNTIME-SUPPORT.md +80 -69
  91. package/docs/USER-GUIDE.md +394 -386
  92. package/docs/VERIFICATION-DISCIPLINE.md +59 -59
  93. package/docs/claude/context-monitor.md +98 -98
  94. package/docs/proof/consumer-node-cli/README.md +37 -37
  95. package/docs/proof/consumer-node-cli/ROADMAP.md +14 -14
  96. package/docs/proof/consumer-node-cli/SPEC.md +17 -17
  97. package/docs/proof/consumer-node-cli/brief.md +9 -9
  98. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-PLAN.md +34 -34
  99. package/docs/proof/consumer-node-cli/phases/01-foundation/01-01-SUMMARY.md +10 -10
  100. package/docs/proof/consumer-node-cli/phases/01-foundation/01-VERIFICATION.md +30 -30
  101. package/package.json +62 -61
@@ -1,78 +1,78 @@
1
- # Authorization Matrix Template
2
-
3
- > OWASP-style authorization matrix for systematic auth verification.
4
- > Create `.planning/AUTH_MATRIX.md` using this template when your project has multiple user roles or protected resources.
5
-
6
- ## When to Create This Matrix
7
-
8
- Create an authorization matrix when your project has:
9
- - Multiple user roles (e.g., anonymous, user, admin, owner)
10
- - Protected resources that vary by role
11
- - Ownership-scoped data (users can only access their own records)
12
- - Admin or operator surfaces that must be restricted
13
-
14
- Skip this matrix for single-role projects or projects with no auth requirements.
15
-
16
- ## Matrix Format
17
-
18
- Use the OWASP pivot format: rows are resources, columns are roles, cells are permissions.
19
-
20
- ### Permission Values
21
-
22
- | Value | Meaning |
23
- |-------|---------|
24
- | ALLOW | Role can perform this action on any matching resource |
25
- | DENY | Role must be explicitly rejected (not just "no route") |
26
- | OWN | Role can perform this action only on resources they own |
27
- | N/A | Action does not apply to this resource |
28
-
29
- ### Matrix Table
30
-
31
- ```markdown
32
- | Resource | Action | anonymous | user | admin |
33
- |----------|--------|-----------|------|-------|
34
- | /login | POST | ALLOW | ALLOW| ALLOW |
35
- | /profile | GET | DENY | OWN | ALLOW |
36
- | /profile | PUT | DENY | OWN | ALLOW |
37
- | /users | GET | DENY | DENY | ALLOW |
38
- | /users | DELETE | DENY | DENY | ALLOW |
39
- | /posts | GET | ALLOW | ALLOW| ALLOW |
40
- | /posts | POST | DENY | ALLOW| ALLOW |
41
- | /posts | DELETE | DENY | OWN | ALLOW |
42
- ```
43
-
44
- Adapt the table to your project's actual resources, actions, and roles. Add or remove columns as needed.
45
-
46
- ## Sensitive Surfaces
47
-
48
- The following resource categories MUST have matrix coverage when they exist in your project:
49
-
50
- - **User-scoped data** (profiles, settings, personal records) — require OWN or DENY
51
- - **Admin surfaces** (user management, system config, audit logs) — require DENY for non-admin roles
52
- - **Financial data** (billing, payments, subscriptions) — require explicit DENY or OWN
53
- - **Destructive actions** (delete, bulk operations, account removal) — require explicit role gates
54
- - **API keys and credentials** — require DENY for non-owner roles
55
-
56
- If a sensitive surface exists in your codebase but is missing from the matrix, the integration checker's narrative auth check (Step 4) will still flag it — Step 4 runs unconditionally regardless of whether this matrix exists. Step 4a only verifies cells that are already in the matrix.
57
-
58
- ## How the Integration Checker Uses This Matrix
59
-
60
- During milestone audits, the integration checker (Step 4a) will:
61
-
62
- 1. Parse each row of the matrix table(s)
63
- 2. For each cell (resource x role x expected permission):
64
- - **ALLOW**: Verify the role can access the resource (no auth gate blocks it)
65
- - **DENY**: Verify explicit rejection exists (middleware, guard, or policy denies access)
66
- - **OWN**: Verify ownership check is enforced (not just auth, but scoped to the user's records)
67
- 3. Report each cell as:
68
- - **VERIFIED**: Implementation matches the matrix expectation
69
- - **MISMATCH**: Implementation contradicts the matrix (e.g., DENY expected but no guard found)
70
- - **UNTESTED**: Cannot determine from static analysis (e.g., dynamic policy evaluation)
71
-
72
- The narrative auth check (Step 4) always runs regardless of whether this matrix exists.
73
-
74
- ## File Location
75
-
76
- Save your project's authorization matrix as `.planning/AUTH_MATRIX.md`.
77
-
78
- The integration checker will automatically detect and consume it when present. No configuration needed.
1
+ # Authorization Matrix Template
2
+
3
+ > OWASP-style authorization matrix for systematic auth verification.
4
+ > Create `.planning/AUTH_MATRIX.md` using this template when your project has multiple user roles or protected resources.
5
+
6
+ ## When to Create This Matrix
7
+
8
+ Create an authorization matrix when your project has:
9
+ - Multiple user roles (e.g., anonymous, user, admin, owner)
10
+ - Protected resources that vary by role
11
+ - Ownership-scoped data (users can only access their own records)
12
+ - Admin or operator surfaces that must be restricted
13
+
14
+ Skip this matrix for single-role projects or projects with no auth requirements.
15
+
16
+ ## Matrix Format
17
+
18
+ Use the OWASP pivot format: rows are resources, columns are roles, cells are permissions.
19
+
20
+ ### Permission Values
21
+
22
+ | Value | Meaning |
23
+ |-------|---------|
24
+ | ALLOW | Role can perform this action on any matching resource |
25
+ | DENY | Role must be explicitly rejected (not just "no route") |
26
+ | OWN | Role can perform this action only on resources they own |
27
+ | N/A | Action does not apply to this resource |
28
+
29
+ ### Matrix Table
30
+
31
+ ```markdown
32
+ | Resource | Action | anonymous | user | admin |
33
+ |----------|--------|-----------|------|-------|
34
+ | /login | POST | ALLOW | ALLOW| ALLOW |
35
+ | /profile | GET | DENY | OWN | ALLOW |
36
+ | /profile | PUT | DENY | OWN | ALLOW |
37
+ | /users | GET | DENY | DENY | ALLOW |
38
+ | /users | DELETE | DENY | DENY | ALLOW |
39
+ | /posts | GET | ALLOW | ALLOW| ALLOW |
40
+ | /posts | POST | DENY | ALLOW| ALLOW |
41
+ | /posts | DELETE | DENY | OWN | ALLOW |
42
+ ```
43
+
44
+ Adapt the table to your project's actual resources, actions, and roles. Add or remove columns as needed.
45
+
46
+ ## Sensitive Surfaces
47
+
48
+ The following resource categories MUST have matrix coverage when they exist in your project:
49
+
50
+ - **User-scoped data** (profiles, settings, personal records) — require OWN or DENY
51
+ - **Admin surfaces** (user management, system config, audit logs) — require DENY for non-admin roles
52
+ - **Financial data** (billing, payments, subscriptions) — require explicit DENY or OWN
53
+ - **Destructive actions** (delete, bulk operations, account removal) — require explicit role gates
54
+ - **API keys and credentials** — require DENY for non-owner roles
55
+
56
+ If a sensitive surface exists in your codebase but is missing from the matrix, the integration checker's narrative auth check (Step 4) will still flag it — Step 4 runs unconditionally regardless of whether this matrix exists. Step 4a only verifies cells that are already in the matrix.
57
+
58
+ ## How the Integration Checker Uses This Matrix
59
+
60
+ During milestone audits, the integration checker (Step 4a) will:
61
+
62
+ 1. Parse each row of the matrix table(s)
63
+ 2. For each cell (resource x role x expected permission):
64
+ - **ALLOW**: Verify the role can access the resource (no auth gate blocks it)
65
+ - **DENY**: Verify explicit rejection exists (middleware, guard, or policy denies access)
66
+ - **OWN**: Verify ownership check is enforced (not just auth, but scoped to the user's records)
67
+ 3. Report each cell as:
68
+ - **VERIFIED**: Implementation matches the matrix expectation
69
+ - **MISMATCH**: Implementation contradicts the matrix (e.g., DENY expected but no guard found)
70
+ - **UNTESTED**: Cannot determine from static analysis (e.g., dynamic policy evaluation)
71
+
72
+ The narrative auth check (Step 4) always runs regardless of whether this matrix exists.
73
+
74
+ ## File Location
75
+
76
+ Save your project's authorization matrix as `.planning/AUTH_MATRIX.md`.
77
+
78
+ The integration checker will automatically detect and consume it when present. No configuration needed.
@@ -0,0 +1,99 @@
1
+ ---
2
+ change: CHANGE-001
3
+ status: active
4
+ type: medium_scope_brownfield
5
+ ---
6
+
7
+ # Brownfield Change: [Short Title]
8
+
9
+ > This folder is the bounded medium-scope lane.
10
+ > It represents one active medium-scope change only.
11
+ > Do not add phase numbering, roadmap checkboxes, or milestone state here.
12
+ > Instantiate the live operational artifact at `.planning/brownfield-change/CHANGE.md`.
13
+ > `progress` and `resume` read this file first for status, scope, integration surface, and the authoritative next action.
14
+ > If this lane no longer fits one active stream, widen explicitly through `/gsdd-new-project` (first milestone) or `/gsdd-new-milestone` (subsequent milestone) using this folder as the preserved input surface. Do not invent a separate promotion artifact.
15
+
16
+ ## Goal
17
+
18
+ State the single cohesive outcome this change is meant to achieve.
19
+
20
+ ## Why This Exists
21
+
22
+ - Why this work matters now.
23
+ - What user, operator, or repo problem it solves.
24
+
25
+ ## In Scope
26
+
27
+ - What this change includes.
28
+ - Which surfaces are allowed to move.
29
+
30
+ ## Out of Scope
31
+
32
+ - What this change explicitly does not include.
33
+ - Work that should promote into milestone planning instead of widening this folder.
34
+
35
+ ## Structural Promotion Triggers
36
+
37
+ Widen into milestone planning only when one or more of these become true:
38
+
39
+ - The work no longer fits one active stream with one shared goal and closeout path.
40
+ - The change needs roadmap-owned lifecycle state, multiple planned phases, or milestone-level requirement tracking.
41
+ - Independent slices can no longer keep disjoint write ownership under one bounded change.
42
+ - The proof or review burden has grown beyond what one `CHANGE.md` / `HANDOFF.md` / `VERIFICATION.md` chain can carry honestly.
43
+
44
+ Choose the widening surface case-by-case:
45
+
46
+ - Use `/gsdd-new-project` when the repo has no shipped milestone history yet.
47
+ - Use `/gsdd-new-milestone` when the repo already has shipped milestone history and this change now needs the next milestone cycle.
48
+
49
+ ## Done When
50
+
51
+ - Observable outcomes that prove the change is complete.
52
+ - Conditions that must be true before closeout.
53
+
54
+ ## Current Status
55
+
56
+ - Current posture: `active | blocked | ready_for_verification | closed`
57
+ - Current branch / integration surface:
58
+ - Current owner / runtime:
59
+
60
+ Keep these labels concrete and current. This section is the canonical operational continuity surface for the active change.
61
+
62
+ ## Next Action
63
+
64
+ - The single best next move from repo truth.
65
+ - If blocked, name the blocker and the exact unblock step.
66
+
67
+ Keep the first bullet as the authoritative next action. `HANDOFF.md` may explain why, but it must not become a competing operational source.
68
+
69
+ ## PR Slice Ownership
70
+
71
+ Use this only when the change spans multiple PRs or working slices.
72
+ Every slice must have disjoint write ownership and still roll up to the same goal and closeout path.
73
+ When possible, list repo-relative paths or module roots in `Owned files / modules` so continuity checks can compare the declared write scope to the live worktree.
74
+
75
+ | Slice | Scope | Owned files / modules | Status |
76
+ | --- | --- | --- | --- |
77
+ | A | [What this slice does] | [Disjoint write set] | planned |
78
+
79
+ ## Dependencies And Risks
80
+
81
+ - External dependencies or repo assumptions.
82
+ - Cross-cut risks that would force promotion into milestone planning.
83
+
84
+ ## Widening Handoff
85
+
86
+ If this bounded change needs milestone planning, reuse this folder directly instead of rediscovering the work:
87
+
88
+ - `CHANGE.md` carries the active goal, scope, done-when, next action, and declared write scope.
89
+ - `HANDOFF.md` carries the active constraints, unresolved uncertainty, decision posture, and anti-regression rules.
90
+ - `VERIFICATION.md` carries the proof and gap state gathered so far, even when that proof is only partial.
91
+
92
+ Promotion should preserve this context. Do not create a second durable handoff file before milestone setup begins.
93
+
94
+ ## Closeout Path
95
+
96
+ 1. Update `HANDOFF.md` so the latest decision context is recoverable from disk.
97
+ 2. Record closeout evidence in `VERIFICATION.md`.
98
+ 3. Close this folder only after the verification surface says the goal is satisfied.
99
+ 4. If the work widens instead of closing, keep this folder as the promotion input and move into `/gsdd-new-project` or `/gsdd-new-milestone` explicitly.
@@ -0,0 +1,38 @@
1
+ ---
2
+ change: CHANGE-001
3
+ updated: 2026-04-21
4
+ ---
5
+
6
+ # Brownfield Change Handoff
7
+
8
+ Use this file for rolling judgment and cross-session continuity on the active change.
9
+ Do not duplicate milestone roadmap state here.
10
+ Operational state still lives in `CHANGE.md`.
11
+ This file explains constraints, uncertainty, posture, and anti-regression context; it must not become a second status or routing authority.
12
+ If this change widens into milestone planning, this file remains the preserved judgment input to `/gsdd-new-project` or `/gsdd-new-milestone`; do not copy it into a second promotion artifact.
13
+
14
+ ## Active Constraints
15
+
16
+ - Boundaries that the next session must keep.
17
+ - Explicit no-touch surfaces or approval gates.
18
+
19
+ ## Unresolved Uncertainty
20
+
21
+ - Open questions that still affect execution or verification.
22
+ - Unknowns that are safe to keep open for now.
23
+
24
+ ## Decision Posture
25
+
26
+ - What approach was chosen and why.
27
+ - What was intentionally deferred.
28
+
29
+ ## Anti-Regression
30
+
31
+ - Invariants future work must not break.
32
+ - Contract rules that keep this lane bounded.
33
+
34
+ ## Next Action
35
+
36
+ - Record only the decision context behind the `CHANGE.md` next action.
37
+ - If the work is blocked, name the unblock path exactly, but keep the authoritative operational next step in `CHANGE.md`.
38
+ - If the work widens into milestone planning, keep the why/why-not context here so the milestone workflow can reuse it without rediscovery.
@@ -0,0 +1,56 @@
1
+ ---
2
+ change: CHANGE-001
3
+ verified: 2026-04-21
4
+ status: pending
5
+ delivery_posture: repo_only
6
+ required_evidence:
7
+ - code
8
+ recommended_evidence:
9
+ - test
10
+ ---
11
+
12
+ # Brownfield Change Verification
13
+
14
+ Use this file as the existing proof surface even when the bounded change widens before closeout.
15
+ Milestone-init workflows should read it for preserved proof and remaining gaps instead of forcing the user to restate what is already verified.
16
+
17
+ ## Goal Verification
18
+
19
+ - Restate the change goal in observable terms.
20
+ - Say whether the goal is verified, partially verified, or blocked.
21
+
22
+ ## Evidence
23
+
24
+ List the evidence used to support closure. Use the shared evidence vocabulary:
25
+ - `code`
26
+ - `test`
27
+ - `runtime`
28
+ - `delivery`
29
+ - `human`
30
+
31
+ ## Artifact Checks
32
+
33
+ | Artifact | Exists | Substantive | Wired | Notes |
34
+ | --- | --- | --- | --- | --- |
35
+ | [path] | yes | yes | yes | [notes] |
36
+
37
+ ## Gaps
38
+
39
+ - Missing proof, missing behavior, or unresolved blockers.
40
+ - If required evidence is missing, say so explicitly.
41
+
42
+ ## Widening Reuse
43
+
44
+ - Preserve already-confirmed proof when the change widens into milestone planning.
45
+ - Carry partial verification or known gaps forward so the milestone workflow can plan from current truth.
46
+ - Do not reset this evidence surface just because the work is moving into a larger lifecycle.
47
+
48
+ ## Human Verification
49
+
50
+ - Manual checks still needed before closure, if any.
51
+
52
+ ## Closeout Decision
53
+
54
+ - `passed` when the bounded change is proven complete.
55
+ - `gaps_found` when implementation or proof is still missing.
56
+ - `human_needed` when machine checks pass but human confirmation remains.
@@ -1,110 +1,110 @@
1
- # Codebase Architecture
2
-
3
- **Analysis Date:** [YYYY-MM-DD]
4
-
5
- <guidelines>
6
- - This document is durable intent: boundaries, layering, entrypoints, and change-routing rules.
7
- - Do NOT write a static directory tree. It rots. Instead: reference a few canonical entrypoints and show "where changes go".
8
- - Every layer/abstraction must include concrete file paths.
9
- - Include "where to add new code" rules. This prevents downstream agents from scattering logic across random files.
10
- </guidelines>
11
-
12
- ## Pattern Overview
13
-
14
- Overall:
15
- - [Pattern name]
16
-
17
- Key characteristics:
18
- - [Characteristic 1]
19
- - [Characteristic 2]
20
- - [Characteristic 3]
21
-
22
- ## Layers (Boundaries)
23
-
24
- Layer: [Layer name]
25
- - Purpose: [What this layer does]
26
- - Location: `[path(s)]`
27
- - Owns: [What it is responsible for]
28
- - Does NOT own: [Explicit non-responsibilities]
29
- - Depends on: [What it uses]
30
- - Used by: [What uses it]
31
-
32
- ## Entry Points
33
-
34
- Entrypoint: [Name]
35
- - Location: `[path]`
36
- - Triggers: [What invokes it]
37
- - Responsibilities: [What it does]
38
-
39
- ## Data Flow (One Or Two Canonical Flows)
40
-
41
- Flow: [Name]
42
- 1. [Step 1]
43
- 2. [Step 2]
44
- 3. [Step 3]
45
-
46
- State management:
47
- - [How state is handled]
48
-
49
- ## Key Abstractions
50
-
51
- Abstraction: [Name]
52
- - Purpose: [What it represents]
53
- - Examples: `[file paths]`
54
- - Pattern: [Pattern used]
55
-
56
- ## Error Handling Strategy
57
-
58
- Strategy:
59
- - [Approach]
60
- - Examples: `[file paths]`
61
-
62
- ## Cross-Cutting Concerns
63
-
64
- Logging:
65
- - [Approach] - examples: `[file paths]`
66
-
67
- Validation:
68
- - [Approach] - examples: `[file paths]`
69
-
70
- Authentication/Authorization:
71
- - [Approach] - examples: `[file paths]`
72
-
73
- ## Change Routing (Where To Add New Code)
74
-
75
- When making a change, follow these rules:
76
-
77
- | Change type | Add/modify here | Do NOT do this | Example paths |
78
- |---|---|---|---|
79
- | New API endpoint / handler | [file or folder pattern] | [anti-pattern] | `[paths]` |
80
- | New domain capability / business rule | [location] | [anti-pattern] | `[paths]` |
81
- | New UI page / screen | [location] | [anti-pattern] | `[paths]` |
82
- | New background job / worker | [location] | [anti-pattern] | `[paths]` |
83
- | DB schema change / migration | [location] | [anti-pattern] | `[paths]` |
84
- | New external integration | [location] | [anti-pattern] | `[paths]` |
85
- | Adding a new module/package | [location] | [anti-pattern] | `[paths]` |
86
-
87
- <good_examples>
88
- Example (good):
89
- - "New routes live in `src/server/routes/*.ts` and are registered in `src/server/app.ts`. Business rules never go in route handlers; they live in `src/domain/*`. See `src/server/routes/users.ts` and `src/domain/user/createUser.ts`."
90
-
91
- Example (bad):
92
- - "Add routes wherever it makes sense."
93
- </good_examples>
94
-
95
- ## Golden Files Per Layer
96
-
97
- For each architectural layer, identify the single most-instructive file using inbound import frequency as the signal: the most-imported file in a layer is the most stable and most understood.
98
-
99
- | Layer | Golden File | Why |
100
- |-------|-------------|-----|
101
- | [Layer name] | `[path/to/file.ts]` | [Why it's the most-imported / most-instructive for this layer] |
102
- | [Layer name] | `[path/to/file.ts]` | [Why] |
103
- | [Layer name] | `[path/to/file.ts]` | [Why] |
104
-
105
- To find the most-imported file in a layer: grep for imports of each candidate file and count occurrences. The highest count is the golden file.
106
-
107
- ---
108
-
109
- *Architecture analysis: [date]*
110
-
1
+ # Codebase Architecture
2
+
3
+ **Analysis Date:** [YYYY-MM-DD]
4
+
5
+ <guidelines>
6
+ - This document is durable intent: boundaries, layering, entrypoints, and change-routing rules.
7
+ - Do NOT write a static directory tree. It rots. Instead: reference a few canonical entrypoints and show "where changes go".
8
+ - Every layer/abstraction must include concrete file paths.
9
+ - Include "where to add new code" rules. This prevents downstream agents from scattering logic across random files.
10
+ </guidelines>
11
+
12
+ ## Pattern Overview
13
+
14
+ Overall:
15
+ - [Pattern name]
16
+
17
+ Key characteristics:
18
+ - [Characteristic 1]
19
+ - [Characteristic 2]
20
+ - [Characteristic 3]
21
+
22
+ ## Layers (Boundaries)
23
+
24
+ Layer: [Layer name]
25
+ - Purpose: [What this layer does]
26
+ - Location: `[path(s)]`
27
+ - Owns: [What it is responsible for]
28
+ - Does NOT own: [Explicit non-responsibilities]
29
+ - Depends on: [What it uses]
30
+ - Used by: [What uses it]
31
+
32
+ ## Entry Points
33
+
34
+ Entrypoint: [Name]
35
+ - Location: `[path]`
36
+ - Triggers: [What invokes it]
37
+ - Responsibilities: [What it does]
38
+
39
+ ## Data Flow (One Or Two Canonical Flows)
40
+
41
+ Flow: [Name]
42
+ 1. [Step 1]
43
+ 2. [Step 2]
44
+ 3. [Step 3]
45
+
46
+ State management:
47
+ - [How state is handled]
48
+
49
+ ## Key Abstractions
50
+
51
+ Abstraction: [Name]
52
+ - Purpose: [What it represents]
53
+ - Examples: `[file paths]`
54
+ - Pattern: [Pattern used]
55
+
56
+ ## Error Handling Strategy
57
+
58
+ Strategy:
59
+ - [Approach]
60
+ - Examples: `[file paths]`
61
+
62
+ ## Cross-Cutting Concerns
63
+
64
+ Logging:
65
+ - [Approach] - examples: `[file paths]`
66
+
67
+ Validation:
68
+ - [Approach] - examples: `[file paths]`
69
+
70
+ Authentication/Authorization:
71
+ - [Approach] - examples: `[file paths]`
72
+
73
+ ## Change Routing (Where To Add New Code)
74
+
75
+ When making a change, follow these rules:
76
+
77
+ | Change type | Add/modify here | Do NOT do this | Example paths |
78
+ |---|---|---|---|
79
+ | New API endpoint / handler | [file or folder pattern] | [anti-pattern] | `[paths]` |
80
+ | New domain capability / business rule | [location] | [anti-pattern] | `[paths]` |
81
+ | New UI page / screen | [location] | [anti-pattern] | `[paths]` |
82
+ | New background job / worker | [location] | [anti-pattern] | `[paths]` |
83
+ | DB schema change / migration | [location] | [anti-pattern] | `[paths]` |
84
+ | New external integration | [location] | [anti-pattern] | `[paths]` |
85
+ | Adding a new module/package | [location] | [anti-pattern] | `[paths]` |
86
+
87
+ <good_examples>
88
+ Example (good):
89
+ - "New routes live in `src/server/routes/*.ts` and are registered in `src/server/app.ts`. Business rules never go in route handlers; they live in `src/domain/*`. See `src/server/routes/users.ts` and `src/domain/user/createUser.ts`."
90
+
91
+ Example (bad):
92
+ - "Add routes wherever it makes sense."
93
+ </good_examples>
94
+
95
+ ## Golden Files Per Layer
96
+
97
+ For each architectural layer, identify the single most-instructive file using inbound import frequency as the signal: the most-imported file in a layer is the most stable and most understood.
98
+
99
+ | Layer | Golden File | Why |
100
+ |-------|-------------|-----|
101
+ | [Layer name] | `[path/to/file.ts]` | [Why it's the most-imported / most-instructive for this layer] |
102
+ | [Layer name] | `[path/to/file.ts]` | [Why] |
103
+ | [Layer name] | `[path/to/file.ts]` | [Why] |
104
+
105
+ To find the most-imported file in a layer: grep for imports of each candidate file and count occurrences. The highest count is the golden file.
106
+
107
+ ---
108
+
109
+ *Architecture analysis: [date]*
110
+