kushi-agents 4.4.4 → 4.7.4

package/plugin/lib/render-vertex.mjs

@@ -0,0 +1,249 @@
+// Render vertex-shaped artifacts from kushi inputs.
+//
+// Each renderer returns { relPath, content } where:
+//   - relPath is the path WITHIN the initiative directory (e.g.
+//     "status-updates/2026-05-20.md"), used both for staging and for the
+//     destination inside the vertex repo on --apply.
+//   - content is the full markdown body (frontmatter + sections).
+//
+// Schemas live in <vertex-repo>/.vertex/scripts/validation/schemas/. This
+// module mirrors required fields by hand — when vertex schemas change, the
+// validator catches drift (no silent skew possible).
+
+const NL = "\n";
+
+function fm(obj) {
+  // Minimal YAML emitter for the small surface vertex needs.
+  // Keeps quoting predictable so frontmatter diffs are stable.
+  const lines = ["---"];
+  for (const [k, v] of Object.entries(obj)) {
+    if (v === null || v === undefined) continue;
+    if (typeof v === "string") {
+      // ISO date stays unquoted (validator format check); other strings quoted.
+      if (/^\d{4}-\d{2}-\d{2}$/.test(v)) lines.push(`${k}: ${v}`);
+      else lines.push(`${k}: ${JSON.stringify(v)}`);
+    } else if (typeof v === "number" || typeof v === "boolean") {
+      lines.push(`${k}: ${v}`);
+    } else if (Array.isArray(v)) {
+      lines.push(`${k}:`);
+      for (const item of v) lines.push(`  - ${JSON.stringify(item)}`);
+    } else {
+      lines.push(`${k}: ${JSON.stringify(v)}`);
+    }
+  }
+  lines.push("---", "");
+  return lines.join(NL);
+}
+
+function requireFields(obj, fields, ctx) {
+  for (const f of fields) {
+    if (obj[f] === undefined || obj[f] === null || obj[f] === "") {
+      throw new Error(`[render-vertex:${ctx}] missing required field: ${f}`);
+    }
+  }
+}
+
+/**
+ * Render a vertex status-update file.
+ *
+ * input: {
+ *   customer, initiative,                  // display names (strings)
+ *   weekEnding,                            // "YYYY-MM-DD"
+ *   status,                                // "green" | "yellow" | "red"
+ *   statusReason,                          // optional audit string from status-color rule
+ *   author,                                // string
+ *   summary,                               // string (prose)
+ *   highlights,                            // string[] of bullets
+ *   nextSteps,                             // string[] of bullets
+ *   risks,                                 // [{risk, severity, owner, mitigation}]
+ *   indicators,                            // [{indicator, value}]
+ * }
+ */
+export function renderStatusUpdate(input) {
+  requireFields(input, ["customer", "initiative", "weekEnding", "status", "author"], "status-update");
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(input.weekEnding)) {
+    throw new Error("[render-vertex:status-update] weekEnding must be YYYY-MM-DD");
+  }
+  if (!["green", "yellow", "red"].includes(input.status)) {
+    throw new Error(`[render-vertex:status-update] status must be green|yellow|red, got: ${input.status}`);
+  }
+
+  const frontmatter = {
+    type: "status-update",
+    initiative: input.initiative,
+    customer: input.customer,
+    week_ending: input.weekEnding,
+    status: input.status,
+    author: input.author,
+  };
+
+  const out = [fm(frontmatter)];
+  out.push(`# Status Update: Week Ending ${input.weekEnding}`, "");
+  if (input.statusReason) {
+    out.push(`<!-- status-reason: ${input.statusReason} -->`, "");
+  }
+  out.push("## Summary", "");
+  out.push(input.summary || "_No summary provided._", "");
+
+  if (input.highlights && input.highlights.length) {
+    out.push("## Highlights", "");
+    for (const b of input.highlights) out.push(`- ${b}`);
+    out.push("");
+  }
+  if (input.nextSteps && input.nextSteps.length) {
+    out.push("## Next Steps", "");
+    for (const b of input.nextSteps) out.push(`- ${b}`);
+    out.push("");
+  }
+  if (input.risks && input.risks.length) {
+    out.push("## Risks and Blockers", "");
+    out.push("| Risk / Blocker | Severity | Owner | Mitigation / Status |");
+    out.push("| -------------- | -------- | ----- | ------------------- |");
+    for (const r of input.risks) {
+      out.push(`| ${r.risk} | ${r.severity} | ${r.owner} | ${r.mitigation} |`);
+    }
+    out.push("");
+  }
+  if (input.indicators && input.indicators.length) {
+    out.push("## Progress and Outcomes", "");
+    out.push("| Indicator | Value |");
+    out.push("| --------- | ----- |");
+    for (const i of input.indicators) {
+      out.push(`| ${i.indicator} | ${i.value} |`);
+    }
+    out.push("");
+  }
+
+  const relPath = `status-updates/${input.weekEnding}.md`;
+  return { relPath, content: out.join(NL) };
+}
+
+/**
+ * Render a vertex decision (ADR) file.
+ *
+ * input: {
+ *   number, slug, title,                   // 001, "auth-jwt", "Adopt JWT for auth"
+ *   status,                                // "proposed"|"accepted"|"superseded"|...
+ *   date,                                  // "YYYY-MM-DD"
+ *   author,
+ *   context, decision,                     // prose
+ *   alternatives, consequences,            // string[] (bullets)
+ * }
+ */
+export function renderDecision(input) {
+  requireFields(input, ["number", "slug", "title", "status", "date", "author"], "decision");
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(input.date)) {
+    throw new Error("[render-vertex:decision] date must be YYYY-MM-DD");
+  }
+  const padded = String(input.number).padStart(3, "0");
+
+  const frontmatter = {
+    type: "decision",
+    number: input.number,
+    title: input.title,
+    status: input.status,
+    date: input.date,
+    author: input.author,
+  };
+  const out = [fm(frontmatter)];
+  out.push(`# ADR-${padded}: ${input.title}`, "");
+  out.push("## Context", "", input.context || "_TBD_", "");
+  out.push("## Decision", "", input.decision || "_TBD_", "");
+  if (input.alternatives && input.alternatives.length) {
+    out.push("## Alternatives Considered", "");
+    for (const b of input.alternatives) out.push(`- ${b}`);
+    out.push("");
+  }
+  if (input.consequences && input.consequences.length) {
+    out.push("## Consequences", "");
+    for (const b of input.consequences) out.push(`- ${b}`);
+    out.push("");
+  }
+  return {
+    relPath: `decisions/${padded}-${input.slug}.md`,
+    content: out.join(NL),
+  };
+}
+
+/**
+ * Render a vertex comms call-transcript file.
+ *
+ * input: { date, slug, title, participants, recording_url?, summary, transcript }
+ */
+export function renderCallTranscript(input) {
+  requireFields(input, ["date", "slug", "title"], "comms-call-transcript");
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(input.date)) {
+    throw new Error("[render-vertex:comms] date must be YYYY-MM-DD");
+  }
+  const frontmatter = {
+    title: input.title,
+    date: input.date,
+    type: "call-transcript",
+    participants: input.participants || [],
+  };
+  // recording_url is not in the comms schema but the schema allows
+  // additionalProperties; keep it as supplementary metadata for humans.
+  if (input.recording_url) frontmatter.recording_url = input.recording_url;
+  const out = [fm(frontmatter)];
+  out.push(`# ${input.title}`, "");
+  out.push("## Summary", "", input.summary || "_TBD_", "");
+  if (input.transcript) {
+    out.push("## Transcript", "", input.transcript, "");
+  }
+  return {
+    relPath: `comms/call-transcripts/${input.date}-${input.slug}.md`,
+    content: out.join(NL),
+  };
+}
+
+/**
+ * Render a vertex comms chat file.
+ *
+ * input: { date, slug, title, participants, summary, body? }
+ */
+export function renderChat(input) {
+  requireFields(input, ["date", "slug", "title"], "comms-chat");
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(input.date)) {
+    throw new Error("[render-vertex:comms] date must be YYYY-MM-DD");
+  }
+  const frontmatter = {
+    title: input.title,
+    date: input.date,
+    type: "chat",
+    participants: input.participants || [],
+  };
+  const out = [fm(frontmatter)];
+  out.push(`# ${input.title}`, "");
+  out.push("## Summary", "", input.summary || "_TBD_", "");
+  if (input.body) out.push("## Conversation", "", input.body, "");
+  return {
+    relPath: `comms/chats/${input.date}-${input.slug}.md`,
+    content: out.join(NL),
+  };
+}
+
+/**
+ * Render a vertex comms email file.
+ *
+ * input: { date, slug, title, participants?, summary, body? }
+ */
+export function renderEmail(input) {
+  requireFields(input, ["date", "slug", "title"], "comms-email");
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(input.date)) {
+    throw new Error("[render-vertex:comms] date must be YYYY-MM-DD");
+  }
+  const frontmatter = {
+    title: input.title,
+    date: input.date,
+    type: "email",
+    participants: input.participants || [],
+  };
+  const out = [fm(frontmatter)];
+  out.push(`# ${input.title}`, "");
+  out.push("## Summary", "", input.summary || "_TBD_", "");
+  if (input.body) out.push("## Body", "", input.body, "");
+  return {
+    relPath: `comms/emails/${input.date}-${input.slug}.md`,
+    content: out.join(NL),
+  };
+}

package/plugin/lib/sanitize-workiq-input.mjs

@@ -0,0 +1,72 @@
+// Sanitize user-controlled values before substituting into WorkIQ natural-language queries.
+// Borrowed pattern: vertex weekly-status agent Phase 2a.
+
+export class WorkIQInputError extends Error {
+  constructor(message, { field, value, reason } = {}) {
+    super(message);
+    this.name = 'WorkIQInputError';
+    this.field = field;
+    this.value = value;
+    this.reason = reason;
+  }
+}
+
+const INJECTION_PHRASES = [
+  /ignore previous/i,
+  /ignore above/i,
+  /disregard (the |all )?(prior|previous|above)/i,
+  /new instructions/i,
+];
+
+const CONTROL_TOKENS = ['<|', '|>', '<<SYS>>', '<<USER>>', '<<ASSISTANT>>'];
+
+export function sanitize(value, { field = 'value', maxLength = 120 } = {}) {
+  if (value == null) {
+    throw new WorkIQInputError(`Cannot sanitize empty ${field}`, { field, value, reason: 'empty' });
+  }
+  const s = String(value);
+  if (s.length === 0) {
+    throw new WorkIQInputError(`Cannot sanitize empty ${field}`, { field, value: s, reason: 'empty' });
+  }
+  if (s.length > maxLength) {
+    throw new WorkIQInputError(
+      `${field} exceeds ${maxLength} chars (${s.length}); refusing to interpolate into WorkIQ query`,
+      { field, value: s, reason: 'too-long' }
+    );
+  }
+  if (/[\r\n]/.test(s)) {
+    throw new WorkIQInputError(
+      `${field} contains a newline; refusing to interpolate into WorkIQ query`,
+      { field, value: s, reason: 'newline' }
+    );
+  }
+  if (s.includes('```')) {
+    throw new WorkIQInputError(
+      `${field} contains triple backticks; refusing to interpolate into WorkIQ query`,
+      { field, value: s, reason: 'backticks' }
+    );
+  }
+  for (const re of INJECTION_PHRASES) {
+    if (re.test(s)) {
+      throw new WorkIQInputError(
+        `${field} contains a prompt-injection phrase (${re}); refusing to interpolate into WorkIQ query`,
+        { field, value: s, reason: 'injection-phrase' }
+      );
+    }
+  }
+  for (const tok of CONTROL_TOKENS) {
+    if (s.includes(tok)) {
+      throw new WorkIQInputError(
+        `${field} contains a model-control token (${tok}); refusing to interpolate into WorkIQ query`,
+        { field, value: s, reason: 'control-token' }
+      );
+    }
+  }
+  return s;
+}
+
+export function quoteForQuery(value, { field } = {}) {
+  const safe = sanitize(value, { field });
+  // Single-quote wrap is canonical; sanitize already rejected anything that could break out.
+  return `'${safe}'`;
+}

package/plugin/lib/studio-registry.mjs

@@ -0,0 +1,39 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const PACKAGED_REGISTRY = path.resolve(__dirname, '..', 'config', 'studios.json');
+
+// Resolution order (highest wins):
+//   1. <project>/.kushi/studios.json
+//   2. ~/.copilot/m-skills/kushi/config/studios.json (user override)
+//   3. PACKAGED_REGISTRY (plugin/config/studios.json)
+export function loadStudioRegistry({ projectRoot, userOverrideDir } = {}) {
+  const candidates = [];
+  if (projectRoot) candidates.push(path.join(projectRoot, '.kushi', 'studios.json'));
+  if (userOverrideDir) candidates.push(path.join(userOverrideDir, 'studios.json'));
+  candidates.push(PACKAGED_REGISTRY);
+
+  for (const p of candidates) {
+    if (fs.existsSync(p)) {
+      const raw = fs.readFileSync(p, 'utf8');
+      const data = JSON.parse(raw);
+      return { ...data, _source: p };
+    }
+  }
+  throw new Error('No studio registry found; checked: ' + candidates.join(', '));
+}
+
+export function getStudio(registry, id) {
+  if (!id) return registry.studios._default ?? null;
+  const studio = registry.studios[id];
+  if (studio) return studio;
+  return null;
+}
+
+export function listKnownStudios(registry) {
+  return Object.keys(registry.studios).filter((k) => k !== '_default');
+}

package/plugin/lib/vertex-validate.mjs

@@ -0,0 +1,121 @@
+// Invoke the vertex repo's `validate_frontmatter.py` against staged files.
+// Vertex schemas live in <repo>/.vertex/scripts/validation/schemas/; the
+// validator script picks the right schema by the file's path within the
+// initiative. Kushi ships NO copies — schemas are read in place.
+//
+// Cross-platform: uses spawnSync with `python3` then falls back to `python`.
+
+import { spawnSync } from "node:child_process";
+
+export class VertexValidatorError extends Error {
+  constructor(code, message, details = {}) {
+    super(message);
+    this.name = "VertexValidatorError";
+    this.code = code;
+    this.details = details;
+  }
+}
+
+let _cachedPython = null;
+
+function pickPython() {
+  if (_cachedPython !== null) return _cachedPython;
+  // Vertex's validator requires `pyyaml`. Some systems have multiple python
+  // shims (e.g. Windows `python3` is a Store-app stub) where `--version`
+  // succeeds but `import yaml` fails. Probe both AND verify yaml is reachable.
+  const candidates = ["python3", "python", "py"];
+  for (const bin of candidates) {
+    const ver = spawnSync(bin, ["--version"], { encoding: "utf8" });
+    if (ver.status !== 0) continue;
+    const yaml = spawnSync(bin, ["-c", "import yaml"], { encoding: "utf8" });
+    if (yaml.status === 0) {
+      _cachedPython = bin;
+      return bin;
+    }
+  }
+  // Fall back to whichever python at least exists — caller will get a clear
+  // "vertex-schema-fail" with ModuleNotFoundError stderr if yaml is missing.
+  for (const bin of candidates) {
+    const ver = spawnSync(bin, ["--version"], { encoding: "utf8" });
+    if (ver.status === 0) {
+      _cachedPython = bin;
+      return bin;
+    }
+  }
+  _cachedPython = false;
+  return null;
+}
+
+// Exposed for tests to reset the cache between runs.
+export function _resetPythonCache() {
+  _cachedPython = null;
+}
+
+/**
+ * Validate a single staged file. Returns {ok: true} on success.
+ *
+ * Args:
+ *   - validatorPath : absolute path to vertex's validate_frontmatter.py
+ *   - filePath      : absolute path to the file to validate (may be OUTSIDE the vertex repo
+ *                     when staging — pass `baseDir` set to the staging root in that case)
+ *   - repoPath      : absolute path to the vertex repo (used as cwd so the validator finds
+ *                     its sibling schemas/ directory)
+ *   - baseDir       : optional. If filePath lives OUTSIDE repoPath (e.g. kushi's
+ *                     .kushi-staging/), pass the staging root here. Translated to the
+ *                     validator's `--base-dir` flag so glob matching works.
+ *
+ * Throws VertexValidatorError on failure with code:
+ *   - "python-missing"           : no python3 / python on PATH
+ *   - "vertex-validator-missing" : validator script absent / spawn error
+ *   - "vertex-schema-fail"       : validator exit non-zero (stderr/stdout in details)
+ */
+export function validateFile({ validatorPath, filePath, repoPath, baseDir }) {
+  const py = pickPython();
+  if (!py) {
+    throw new VertexValidatorError("python-missing", "neither python3 nor python found on PATH");
+  }
+  const args = [validatorPath];
+  if (baseDir) {
+    args.push("--base-dir", baseDir);
+  }
+  args.push(filePath);
+  const r = spawnSync(py, args, {
+    cwd: repoPath,
+    encoding: "utf8",
+  });
+  if (r.error) {
+    throw new VertexValidatorError("vertex-validator-missing", r.error.message, { validatorPath });
+  }
+  if (r.status !== 0) {
+    throw new VertexValidatorError(
+      "vertex-schema-fail",
+      `validator failed for ${filePath}`,
+      { stdout: r.stdout, stderr: r.stderr, status: r.status, filePath }
+    );
+  }
+  return { ok: true, stdout: r.stdout };
+}
+
+/**
+ * Validate a batch. Returns {ok, passed: [...], failed: [{filePath, details}]}.
+ * Does NOT throw — caller decides whether to abort `--apply`.
+ * Accepts the same args as validateFile but `files` is an array.
+ */
+export function validateBatch({ validatorPath, files, repoPath, baseDir }) {
+  const passed = [];
+  const failed = [];
+  for (const filePath of files) {
+    try {
+      validateFile({ validatorPath, filePath, repoPath, baseDir });
+      passed.push(filePath);
+    } catch (err) {
+      failed.push({
+        filePath,
+        code: err.code,
+        message: err.message,
+        details: err.details,
+      });
+    }
+  }
+  return { ok: failed.length === 0, passed, failed };
+}

package/plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "kushi",
-  "description": "Multi-source project evidence + Q&A agent. Snapshot + stream capture across Email, Teams, OneNote, SharePoint, Meetings, CRM, ADO; plus read-only natural-language Q&A over the captured evidence. WorkIQ-only for M365 sources (Graph / m365_* FORBIDDEN as fallbacks; user-paste is first-class). Host-agnostic. Three install profiles: core (aggregator only), standard (default — adds bootstrap/refresh + FDE authoring), full (adds State/ rollup).",
-  "version": "3.12.2",
+  "description": "Multi-source project evidence + Q&A agent. Snapshot + stream capture across Email, Teams, OneNote, Loop, SharePoint, Meetings, CRM, ADO; plus read-only natural-language Q&A over the captured evidence. WorkIQ-only for M365 sources (Graph / m365_* FORBIDDEN as fallbacks; user-paste is first-class). Host-agnostic. Three install profiles: core (aggregator only), standard (default — adds bootstrap/refresh + FDE authoring), full (adds State/ rollup).",
+  "version": "3.15.0",
   "author": "ushakrishnan",
   "repository": "https://github.com/gim-home/kushi",
   "default_profile": "standard",
@@ -16,20 +16,25 @@
         "pull-teams",
         "pull-meetings",
         "pull-onenote",
+        "pull-loop",
         "pull-sharepoint",
         "pull-crm",
         "pull-ado",
         "aggregate-project",
         "consolidate-evidence",
         "project-status",
-        "ask-project"
+        "ask-project",
+        "vertex-link",
+        "emit-vertex"
       ],
       "prompts": [
         "setup",
         "aggregate",
         "consolidate",
         "status",
-        "ask"
+        "ask",
+        "vertex-link",
+        "emit-vertex"
       ],
       "instructions": "*",
       "templates": [
@@ -43,7 +48,9 @@
         "consolidate",
         "status",
         "pull",
-        "ask"
+        "ask",
+        "vertex-link",
+        "emit-vertex"
       ]
     },
     "standard": {
@@ -116,4 +123,4 @@
       ]
     }
   }
-}
+}

package/plugin/prompts/bootstrap.prompt.md

@@ -21,10 +21,12 @@ Inputs the agent will resolve:
 - `<project>` — the engagement folder name (fuzzy-match under engagement-root if needed).
 - `<window>` — defaults to 30 days. Override with `last 60 days`, `since 2026-04-01`, or `2026-04-01..2026-05-01`.
 
-Reads:
-- `<workspace>/.kushi/config/user/project-evidence.yml` for alias + engagement-root.
-- `<workspace>/.kushi/config/user/m365-auth.json` for tenant + default notebook + mailbox-folder hints.
-- `<workspace>/.kushi/config/shared/integrations.yml` for ADO/CRM org-level connections (shared per project).
+Reads (paths resolved via `Get-KushiConfig` / `loadKushiConfig` — see `instructions/kushi-config-root.instructions.md`):
+- `<kushi-config-root>/user/project-evidence.yml` for alias + engagement-root.
+- `<kushi-config-root>/user/m365-auth.json` for tenant + default notebook + mailbox-folder hints.
+- `<kushi-config-root>/shared/integrations.yml` for ADO/CRM org-level connections (shared per project).
+
+`<kushi-config-root>` is `<workspace>/.kushi/config/` on vscode installs or `~/.copilot/m-skills/kushi/config/` on Clawpilot installs — the helpers pick the right one automatically. **Never** treat a missing `<workspace>/.kushi/` as evidence that Kushi isn't installed; that was the v4.7.1- bug that caused bootstrap to wrongly prompt for install/overwrite.
 
 **Step 0 — verify per-user config is filled** (the minimum the bootstrap skill needs before it can discover the rest). Before any pull, call:
 
@@ -38,7 +40,7 @@ Reads:
 
 If it throws, STOP and prompt the user with the exact missing-field list:
 
-> ⚠ `<workspace>/.kushi/config/user/m365-auth.json` is missing required fields: `<list from the helper>`. Open it, fill in those values, then re-run `bootstrap`. Everything else (section IDs, calendar series, specific mailbox folder discovery, channel IDs, SharePoint site IDs, CRM `crmRecordId`, ADO work-item IDs) is the bootstrap skill's job to **discover via WorkIQ + per-source probes** — do NOT pre-fill those.
+> ⚠ `<kushi-config-root>/user/m365-auth.json` is missing required fields: `<list from the helper>`. Run `Get-KushiConfig -Name 'm365-auth' -Path` to see the resolved path, open it, fill in those values, then re-run `bootstrap`. Everything else (section IDs, calendar series, specific mailbox folder discovery, channel IDs, SharePoint site IDs, CRM `crmRecordId`, ADO work-item IDs) is the bootstrap skill's job to **discover via WorkIQ + per-source probes** — do NOT pre-fill those.
 
 Continue only when both helper calls succeed (`project-evidence.yml` is allowed to still have `<auto>` for identity; identity-resolution.instructions.md fills it in Step 0 of the bootstrap skill).
 
@@ -52,8 +54,8 @@ Continue only when both helper calls succeed (`project-evidence.yml` is allowed
 On WorkIQ failure during discovery, per `deferred-retry-on-workiq-fail.instructions.md`: the bootstrap skill writes a marker, surfaces it in the run report, and continues. **It does NOT call `m365_get_*` / Graph as a fallback.** The next `refresh` drains the queue.
 
 Produces:
-- `<workspace>/.kushi/config/user/{m365-auth,m365-mutable}.json` (per-user, hand-edited above + auto-populated by Step 4a)
-- `<workspace>/.kushi/config/shared/integrations.yml` (shared, ADO/CRM connection blocks; per-project `boundaries:` lives in the project file below)
+- `<kushi-config-root>/user/{m365-auth,m365-mutable}.json` (per-user, hand-edited above + auto-populated by Step 4a)
+- `<kushi-config-root>/shared/integrations.yml` (shared, ADO/CRM connection blocks; per-project `boundaries:` lives in the project file below)
 - `<engagement-root>/<project>/integrations.yml` (per-project boundaries + enabled-sources, shared via OneDrive)
 - `<engagement-root>/<project>/Evidence/{contributors.yml, run-log.yml, <alias>/.settings.yml, <alias>/{email,teams,meetings,onenote,sharepoint,crm,ado}/{snapshot,stream}/, <alias>/_deferred-retries/}`
 - `<engagement-root>/<project>/State/{00..09}_*.md` (full profile only)

package/plugin/prompts/emit-vertex.prompt.md

@@ -0,0 +1,33 @@
+---
+description: "Render vertex-shaped artifacts from kushi evidence — weekly status update, decisions, workshops, comms, and PR-style living-doc proposals. Stages first, validates against vertex's own schemas, applies on demand."
+mode: "agent"
+---
+
+# emit-vertex prompt
+
+Use this prompt to ask kushi to produce vertex-shaped artifacts for a project that has already been linked via `vertex-link`.
+
+## Examples
+
+```text
+@Kushi emit vertex weekly for acme-platform-mod
+@Kushi emit vertex decisions for acme-platform-mod
+@Kushi emit vertex --all for acme-platform-mod --apply
+@Kushi update vertex for acme-platform-mod          # interactive — pick modes
+```
+
+## What it does
+
+Reads `<project>/Evidence/<alias>/` (across all contributors) plus `<project>/State/*.md` for the linked vertex initiative, renders the requested artifacts, stages them under `<project>/.kushi-staging/vertex/<run-ts>/`, validates each against vertex's `.vertex/scripts/validation/validate_frontmatter.py` in place, and (with `--apply`) copies into the vertex repo for GitDoc to commit.
+
+Living docs (`customer-details.md`, `risk-register.md`, `architecture-overview.md`, …) are NEVER overwritten — they're written as `.diff` + `.proposal.md` companions in the staging folder for the user to apply by hand.
+
+## Pre-requisites
+
+- `<project>/kushi.yaml#vertex` populated (run `vertex-link` once if not).
+- Python 3 on PATH.
+- The vertex repo accessible at the configured `repo_path` with `.vertex/scripts/validation/validate_frontmatter.py` present.
+
+## Doctrine
+
+Bound to skill `emit-vertex`. Full rules in [`vertex-emit.instructions.md`](../instructions/vertex-emit.instructions.md).

package/plugin/prompts/setup.prompt.md

@@ -20,7 +20,7 @@ Runs the **setup** skill:
 
 1. Resolves the workiq CLI path (pinned `cli_path` → PATH → Clawpilot-managed `~/.copilot/bin/workiq` fallback). **No `~/.kushi/bin/` filesystem probe** (removed in v4.4.4).
 2. Functionally verifies WorkIQ by sending: *"Who am I? Return UPN, displayName, mailNickname as JSON."*
-3. Parses the response and writes `identity` (alias / display_name / email) into `<workspace>/.kushi/config/user/project-evidence.yml`, preserving comments.
+3. Parses the response and writes `identity` (alias / display_name / email) into `<kushi-config-root>/user/project-evidence.yml` (resolved via `Get-KushiConfig -Name 'project-evidence' -Path`; see `instructions/kushi-config-root.instructions.md`), preserving comments.
 4. On failure, walks the user through install / sign-in / retry using `ask_user` (no outbound sends).
 5. Prints a green status table summarizing host, cli_path, identity, and persistence target.
 

package/plugin/prompts/vertex-link.prompt.md

@@ -0,0 +1,27 @@
+---
+description: "One-time link of a kushi project to a vertex repo's customer + initiative directories. Populates kushi.yaml#vertex so emit-vertex can render into the right place."
+mode: "agent"
+---
+
+# vertex-link prompt
+
+Use this once per kushi project to tell kushi which vertex repo + `<customer-slug>/<initiative-slug>/` it maps to.
+
+## Examples
+
+```text
+@Kushi link vertex for acme-platform-mod
+@Kushi link vertex for acme-platform-mod to ~/repos/vertex-acme
+@Kushi link vertex for acme-platform-mod --reconfigure
+@Kushi vertex link
+```
+
+## What it does
+
+Locates the vertex repo (fuzzy-discovers from common locations or accepts a path), fuzzy-matches the kushi project name against existing `<customer>/<initiative>/` directories in vertex, asks the user to confirm the match, optionally sets the studio identifier, and writes the mapping into `<project>/kushi.yaml`.
+
+Idempotent — running again without `--reconfigure` just prints the current mapping.
+
+## Doctrine
+
+Bound to skill `vertex-link`. Full rules in the [`vertex-link/SKILL.md`](../skills/vertex-link/SKILL.md).