npm - mindforge-cc - Versions diffs - 1.0.0 - Mend

mindforge-cc 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (324) hide show

package/.agent/CLAUDE.md +462 -0
package/.agent/forge/help.md +7 -0
package/.agent/forge/init-project.md +32 -0
package/.agent/forge/plan-phase.md +30 -0
package/.agent/mindforge/approve.md +18 -0
package/.agent/mindforge/audit.md +30 -0
package/.agent/mindforge/benchmark.md +33 -0
package/.agent/mindforge/complete-milestone.md +18 -0
package/.agent/mindforge/debug.md +126 -0
package/.agent/mindforge/discuss-phase.md +138 -0
package/.agent/mindforge/execute-phase.md +165 -0
package/.agent/mindforge/health.md +21 -0
package/.agent/mindforge/help.md +23 -0
package/.agent/mindforge/init-org.md +131 -0
package/.agent/mindforge/init-project.md +155 -0
package/.agent/mindforge/install-skill.md +15 -0
package/.agent/mindforge/map-codebase.md +298 -0
package/.agent/mindforge/metrics.md +22 -0
package/.agent/mindforge/migrate.md +40 -0
package/.agent/mindforge/milestone.md +12 -0
package/.agent/mindforge/next.md +105 -0
package/.agent/mindforge/plan-phase.md +125 -0
package/.agent/mindforge/plugins.md +40 -0
package/.agent/mindforge/pr-review.md +41 -0
package/.agent/mindforge/profile-team.md +23 -0
package/.agent/mindforge/publish-skill.md +19 -0
package/.agent/mindforge/quick.md +135 -0
package/.agent/mindforge/release.md +10 -0
package/.agent/mindforge/retrospective.md +26 -0
package/.agent/mindforge/review.md +157 -0
package/.agent/mindforge/security-scan.md +233 -0
package/.agent/mindforge/ship.md +100 -0
package/.agent/mindforge/skills.md +141 -0
package/.agent/mindforge/status.md +104 -0
package/.agent/mindforge/sync-confluence.md +11 -0
package/.agent/mindforge/sync-jira.md +12 -0
package/.agent/mindforge/tokens.md +8 -0
package/.agent/mindforge/update.md +42 -0
package/.agent/mindforge/verify-phase.md +62 -0
package/.agent/mindforge/workspace.md +29 -0
package/.claude/CLAUDE.md +462 -0
package/.claude/commands/forge/help.md +7 -0
package/.claude/commands/forge/init-project.md +32 -0
package/.claude/commands/forge/plan-phase.md +30 -0
package/.claude/commands/mindforge/approve.md +18 -0
package/.claude/commands/mindforge/audit.md +30 -0
package/.claude/commands/mindforge/benchmark.md +33 -0
package/.claude/commands/mindforge/complete-milestone.md +18 -0
package/.claude/commands/mindforge/debug.md +126 -0
package/.claude/commands/mindforge/discuss-phase.md +138 -0
package/.claude/commands/mindforge/execute-phase.md +165 -0
package/.claude/commands/mindforge/health.md +21 -0
package/.claude/commands/mindforge/help.md +23 -0
package/.claude/commands/mindforge/init-org.md +131 -0
package/.claude/commands/mindforge/init-project.md +155 -0
package/.claude/commands/mindforge/install-skill.md +15 -0
package/.claude/commands/mindforge/map-codebase.md +298 -0
package/.claude/commands/mindforge/metrics.md +22 -0
package/.claude/commands/mindforge/migrate.md +40 -0
package/.claude/commands/mindforge/milestone.md +12 -0
package/.claude/commands/mindforge/next.md +105 -0
package/.claude/commands/mindforge/plan-phase.md +125 -0
package/.claude/commands/mindforge/plugins.md +40 -0
package/.claude/commands/mindforge/pr-review.md +41 -0
package/.claude/commands/mindforge/profile-team.md +23 -0
package/.claude/commands/mindforge/publish-skill.md +19 -0
package/.claude/commands/mindforge/quick.md +135 -0
package/.claude/commands/mindforge/release.md +10 -0
package/.claude/commands/mindforge/retrospective.md +26 -0
package/.claude/commands/mindforge/review.md +157 -0
package/.claude/commands/mindforge/security-scan.md +233 -0
package/.claude/commands/mindforge/ship.md +100 -0
package/.claude/commands/mindforge/skills.md +141 -0
package/.claude/commands/mindforge/status.md +104 -0
package/.claude/commands/mindforge/sync-confluence.md +11 -0
package/.claude/commands/mindforge/sync-jira.md +12 -0
package/.claude/commands/mindforge/tokens.md +8 -0
package/.claude/commands/mindforge/update.md +42 -0
package/.claude/commands/mindforge/verify-phase.md +62 -0
package/.claude/commands/mindforge/workspace.md +29 -0
package/.forge/org/CONVENTIONS.md +0 -0
package/.forge/org/ORG.md +0 -0
package/.forge/org/SECURITY.md +0 -0
package/.forge/org/TOOLS.md +0 -0
package/.forge/personas/analyst.md +0 -0
package/.forge/personas/architect.md +0 -0
package/.forge/personas/debug-specialist.md +0 -0
package/.forge/personas/developer.md +26 -0
package/.forge/personas/qa-engineer.md +0 -0
package/.forge/personas/release-manager.md +0 -0
package/.forge/personas/security-reviewer.md +33 -0
package/.forge/personas/tech-writer.md +0 -0
package/.forge/skills/api-design/SKILL.md +0 -0
package/.forge/skills/code-quality/SKILL.md +0 -0
package/.forge/skills/documentation/SKILL.md +0 -0
package/.forge/skills/security-review/SKILL.md +23 -0
package/.forge/skills/testing-standards/SKILL.md +27 -0
package/.github/workflows/mindforge-ci.yml +224 -0
package/.gitlab-ci-mindforge.yml +18 -0
package/.mindforge/MINDFORGE-SCHEMA.json +165 -0
package/.mindforge/audit/AUDIT-SCHEMA.md +451 -0
package/.mindforge/ci/ci-config-schema.md +21 -0
package/.mindforge/ci/ci-mode.md +179 -0
package/.mindforge/ci/github-actions-adapter.md +224 -0
package/.mindforge/ci/gitlab-ci-adapter.md +31 -0
package/.mindforge/ci/jenkins-adapter.md +44 -0
package/.mindforge/distribution/registry-client.md +166 -0
package/.mindforge/distribution/registry-schema.md +96 -0
package/.mindforge/distribution/skill-publisher.md +44 -0
package/.mindforge/distribution/skill-validator.md +74 -0
package/.mindforge/engine/compaction-protocol.md +182 -0
package/.mindforge/engine/context-injector.md +128 -0
package/.mindforge/engine/dependency-parser.md +113 -0
package/.mindforge/engine/skills/conflict-resolver.md +69 -0
package/.mindforge/engine/skills/loader.md +184 -0
package/.mindforge/engine/skills/registry.md +98 -0
package/.mindforge/engine/skills/versioning.md +75 -0
package/.mindforge/engine/verification-pipeline.md +111 -0
package/.mindforge/engine/wave-executor.md +235 -0
package/.mindforge/governance/GOVERNANCE-CONFIG.md +17 -0
package/.mindforge/governance/approval-workflow.md +37 -0
package/.mindforge/governance/change-classifier.md +63 -0
package/.mindforge/governance/compliance-gates.md +31 -0
package/.mindforge/integrations/confluence.md +27 -0
package/.mindforge/integrations/connection-manager.md +163 -0
package/.mindforge/integrations/github.md +25 -0
package/.mindforge/integrations/gitlab.md +13 -0
package/.mindforge/integrations/jira.md +102 -0
package/.mindforge/integrations/slack.md +41 -0
package/.mindforge/intelligence/antipattern-detector.md +75 -0
package/.mindforge/intelligence/difficulty-scorer.md +55 -0
package/.mindforge/intelligence/health-engine.md +208 -0
package/.mindforge/intelligence/skill-gap-analyser.md +40 -0
package/.mindforge/intelligence/smart-compaction.md +71 -0
package/.mindforge/metrics/METRICS-SCHEMA.md +42 -0
package/.mindforge/metrics/quality-tracker.md +32 -0
package/.mindforge/monorepo/cross-package-planner.md +114 -0
package/.mindforge/monorepo/dependency-graph-builder.md +32 -0
package/.mindforge/monorepo/workspace-detector.md +129 -0
package/.mindforge/org/CONVENTIONS.md +62 -0
package/.mindforge/org/ORG.md +51 -0
package/.mindforge/org/SECURITY.md +50 -0
package/.mindforge/org/TOOLS.md +53 -0
package/.mindforge/org/integrations/INTEGRATIONS-CONFIG.md +58 -0
package/.mindforge/org/skills/MANIFEST.md +38 -0
package/.mindforge/personas/analyst.md +52 -0
package/.mindforge/personas/architect.md +75 -0
package/.mindforge/personas/debug-specialist.md +52 -0
package/.mindforge/personas/developer.md +85 -0
package/.mindforge/personas/overrides/README.md +85 -0
package/.mindforge/personas/qa-engineer.md +61 -0
package/.mindforge/personas/release-manager.md +76 -0
package/.mindforge/personas/security-reviewer.md +91 -0
package/.mindforge/personas/tech-writer.md +51 -0
package/.mindforge/plugins/PLUGINS-MANIFEST.md +23 -0
package/.mindforge/plugins/plugin-loader.md +93 -0
package/.mindforge/plugins/plugin-registry.md +44 -0
package/.mindforge/plugins/plugin-schema.md +68 -0
package/.mindforge/pr-review/ai-reviewer.md +266 -0
package/.mindforge/pr-review/finding-formatter.md +46 -0
package/.mindforge/pr-review/review-prompt-templates.md +44 -0
package/.mindforge/production/compatibility-layer.md +39 -0
package/.mindforge/production/migration-engine.md +52 -0
package/.mindforge/production/production-checklist.md +165 -0
package/.mindforge/production/token-optimiser.md +68 -0
package/.mindforge/skills/accessibility/SKILL.md +106 -0
package/.mindforge/skills/api-design/SKILL.md +98 -0
package/.mindforge/skills/code-quality/SKILL.md +88 -0
package/.mindforge/skills/data-privacy/SKILL.md +126 -0
package/.mindforge/skills/database-patterns/SKILL.md +192 -0
package/.mindforge/skills/documentation/SKILL.md +91 -0
package/.mindforge/skills/incident-response/SKILL.md +180 -0
package/.mindforge/skills/performance/SKILL.md +120 -0
package/.mindforge/skills/security-review/SKILL.md +83 -0
package/.mindforge/skills/testing-standards/SKILL.md +97 -0
package/.mindforge/team/TEAM-PROFILE.md +42 -0
package/.mindforge/team/multi-handoff.md +23 -0
package/.mindforge/team/profiles/README.md +13 -0
package/.mindforge/team/session-merger.md +18 -0
package/.planning/ARCHITECTURE.md +0 -0
package/.planning/AUDIT.jsonl +0 -0
package/.planning/HANDOFF.json +28 -0
package/.planning/PROJECT.md +33 -0
package/.planning/RELEASE-CHECKLIST.md +68 -0
package/.planning/REQUIREMENTS.md +0 -0
package/.planning/ROADMAP.md +0 -0
package/.planning/STATE.md +31 -0
package/.planning/approvals/.gitkeep +1 -0
package/.planning/archive/.gitkeep +1 -0
package/.planning/audit-archive/.gitkeep +1 -0
package/.planning/decisions/.gitkeep +0 -0
package/.planning/decisions/ADR-001-handoff-tracking.md +41 -0
package/.planning/decisions/ADR-002-markdown-commands.md +46 -0
package/.planning/decisions/ADR-003-skills-trigger-model.md +37 -0
package/.planning/decisions/ADR-004-wave-parallelism-model.md +45 -0
package/.planning/decisions/ADR-005-append-only-audit-log.md +51 -0
package/.planning/decisions/ADR-006-tiered-skills-system.md +22 -0
package/.planning/decisions/ADR-007-trigger-keyword-model.md +22 -0
package/.planning/decisions/ADR-008-just-in-time-skill-loading.md +29 -0
package/.planning/decisions/ADR-009-enterprise-integration-retry-policy.md +8 -0
package/.planning/decisions/ADR-010-governance-tier-escalation.md +8 -0
package/.planning/decisions/ADR-011-multi-developer-handoff-contract.md +8 -0
package/.planning/decisions/ADR-012-intelligence-feedback-loops.md +19 -0
package/.planning/decisions/ADR-013-mindforge-md-constitution.md +16 -0
package/.planning/decisions/ADR-014-metrics-as-signals-not-evaluation.md +15 -0
package/.planning/decisions/ADR-015-npm-based-skill-registry.md +26 -0
package/.planning/decisions/ADR-016-ci-exit-code-0-on-timeout.md +27 -0
package/.planning/decisions/ADR-017-sdk-localhost-only.md +28 -0
package/.planning/decisions/ADR-018-installer-self-install-detection.md +15 -0
package/.planning/decisions/ADR-019-self-update-scope-preservation.md +14 -0
package/.planning/decisions/ADR-020-v1.0.0-stable-interface-contract.md +23 -0
package/.planning/jira-sync.json +9 -0
package/.planning/milestones/.gitkeep +1 -0
package/.planning/phases/day1/REVIEW-DAY1.md +50 -0
package/.planning/phases/day1/SECURITY-REVIEW-DAY1.md +15 -0
package/.planning/phases/day2/REVIEW-DAY2.md +521 -0
package/.planning/phases/day3/REVIEW-DAY3.md +234 -0
package/.planning/slack-threads.json +6 -0
package/CHANGELOG.md +175 -0
package/LICENSE +21 -0
package/MINDFORGE.md +76 -0
package/README.md +182 -0
package/RELEASENOTES.md +41 -0
package/SECURITY.md +4 -0
package/bin/install.js +120 -0
package/bin/installer-core.js +292 -0
package/bin/migrations/0.1.0-to-0.5.0.js +37 -0
package/bin/migrations/0.5.0-to-0.6.0.js +17 -0
package/bin/migrations/0.6.0-to-1.0.0.js +100 -0
package/bin/migrations/migrate.js +151 -0
package/bin/migrations/schema-versions.js +64 -0
package/bin/updater/changelog-fetcher.js +62 -0
package/bin/updater/self-update.js +169 -0
package/bin/updater/version-comparator.js +68 -0
package/bin/validate-config.js +92 -0
package/bin/wizard/config-generator.js +112 -0
package/bin/wizard/environment-detector.js +76 -0
package/bin/wizard/setup-wizard.js +237 -0
package/docs/Context/Master-Context.md +701 -0
package/docs/architecture/README.md +35 -0
package/docs/architecture/decision-records-index.md +26 -0
package/docs/ci-cd-integration.md +30 -0
package/docs/ci-quickstart.md +78 -0
package/docs/commands-reference.md +11 -0
package/docs/contributing/CONTRIBUTING.md +38 -0
package/docs/contributing/plugin-authoring.md +50 -0
package/docs/contributing/skill-authoring.md +41 -0
package/docs/enterprise-setup.md +25 -0
package/docs/faq.md +38 -0
package/docs/getting-started.md +36 -0
package/docs/governance-guide.md +23 -0
package/docs/mindforge-md-reference.md +53 -0
package/docs/monorepo-guide.md +26 -0
package/docs/persona-customisation.md +56 -0
package/docs/quick-verify.md +33 -0
package/docs/reference/audit-events.md +53 -0
package/docs/reference/commands.md +82 -0
package/docs/reference/config-reference.md +64 -0
package/docs/reference/sdk-api.md +48 -0
package/docs/reference/skills-api.md +57 -0
package/docs/release-checklist-guide.md +37 -0
package/docs/requirements.md +29 -0
package/docs/sdk-reference.md +27 -0
package/docs/security/SECURITY.md +42 -0
package/docs/security/penetration-test-results.md +31 -0
package/docs/security/threat-model.md +142 -0
package/docs/skills-authoring-guide.md +119 -0
package/docs/skills-publishing-guide.md +21 -0
package/docs/team-setup-guide.md +21 -0
package/docs/troubleshooting.md +119 -0
package/docs/tutorial.md +195 -0
package/docs/upgrade.md +44 -0
package/docs/user-guide.md +131 -0
package/docs/usp-features.md +214 -0
package/eslint.config.mjs +31 -0
package/examples/starter-project/.planning/AUDIT.jsonl +1 -0
package/examples/starter-project/.planning/HANDOFF.json +23 -0
package/examples/starter-project/.planning/PROJECT.md +27 -0
package/examples/starter-project/.planning/STATE.md +10 -0
package/examples/starter-project/MINDFORGE.md +40 -0
package/examples/starter-project/README.md +14 -0
package/implementation-roadmap/day-1-imp/DAY1-HARDEN.md +823 -0
package/implementation-roadmap/day-1-imp/DAY1-IMPLEMENT.md +2459 -0
package/implementation-roadmap/day-1-imp/DAY1-REVIEW.md +288 -0
package/implementation-roadmap/day-2-imp/DAY2-HARDEN.md +954 -0
package/implementation-roadmap/day-2-imp/DAY2-IMPLEMENT.md +2347 -0
package/implementation-roadmap/day-2-imp/DAY2-REVIEW.md +422 -0
package/implementation-roadmap/day-3-imp/DAY3-HARDEN.md +870 -0
package/implementation-roadmap/day-3-imp/DAY3-IMPLEMENT.md +2798 -0
package/implementation-roadmap/day-3-imp/DAY3-REVIEW.md +484 -0
package/implementation-roadmap/day-4-imp/DAY4-HARDEN.md +1087 -0
package/implementation-roadmap/day-4-imp/DAY4-IMPLEMENT.md +2874 -0
package/implementation-roadmap/day-4-imp/DAY4-REVIEW.md +386 -0
package/implementation-roadmap/day-5-imp/DAY5-HARDEN.md +1078 -0
package/implementation-roadmap/day-5-imp/DAY5-IMPLEMENT.md +3151 -0
package/implementation-roadmap/day-5-imp/DAY5-REVIEW.md +345 -0
package/implementation-roadmap/day-6-imp/DAY6-COMPLETE.md +3919 -0
package/implementation-roadmap/day-7-imp-prod/DAY7-PRODUCTION-FINAL.md +4513 -0
package/package.json +31 -0
package/sdk/README.md +69 -0
package/sdk/eslint.config.mjs +34 -0
package/sdk/package-lock.json +1507 -0
package/sdk/package.json +30 -0
package/sdk/src/client.ts +133 -0
package/sdk/src/commands.ts +63 -0
package/sdk/src/events.ts +166 -0
package/sdk/src/index.ts +22 -0
package/sdk/src/types.ts +87 -0
package/sdk/tsconfig.json +13 -0
package/tests/audit.test.js +206 -0
package/tests/ci-mode.test.js +162 -0
package/tests/compaction.test.js +161 -0
package/tests/distribution.test.js +205 -0
package/tests/e2e.test.js +618 -0
package/tests/governance.test.js +130 -0
package/tests/install.test.js +209 -0
package/tests/integrations.test.js +128 -0
package/tests/intelligence.test.js +117 -0
package/tests/metrics.test.js +96 -0
package/tests/migration.test.js +309 -0
package/tests/production.test.js +416 -0
package/tests/sdk.test.js +200 -0
package/tests/skills-platform.test.js +403 -0
package/tests/wave-engine.test.js +338 -0

package/tests/e2e.test.js ADDED Viewed

@@ -0,0 +1,618 @@
+/**
+ * MindForge Day 7 — End-to-End Simulation Tests
+ * Simulates complete project workflows using file system operations.
+ * No actual Claude API calls — tests the state machine, not the AI.
+ *
+ * Run: node tests/e2e.test.js
+ */
+'use strict';
+const fs   = require('fs');
+const path = require('path');
+const os   = require('os');
+const assert = require('assert');
+let passed = 0, failed = 0;
+const cleanupFailures = [];
+function test(name, fn) {
+  try { fn(); console.log(`  ✅  ${name}`); passed++; }
+  catch(e) { console.error(`  ❌  ${name}\n      ${e.message}`); failed++; }
+}
+// ── Test project factory ───────────────────────────────────────────────────────
+function createTestProject() {
+  const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'mindforge-e2e-'));
+  function write(relPath, content) {
+    const fullPath = path.join(tmpDir, relPath);
+    fs.mkdirSync(path.dirname(fullPath), { recursive: true });
+    fs.writeFileSync(fullPath, content, 'utf8');
+    return fullPath;
+  }
+  function read(relPath) {
+    const p = path.join(tmpDir, relPath);
+    return fs.existsSync(p) ? fs.readFileSync(p, 'utf8') : null;
+  }
+  function exists(relPath) {
+    return fs.existsSync(path.join(tmpDir, relPath));
+  }
+  function appendAudit(entry) {
+    const auditPath = path.join(tmpDir, '.planning', 'AUDIT.jsonl');
+    const line = JSON.stringify({
+      id:         `test-${Date.now()}-${Math.random().toString(36).slice(2)}`,
+      timestamp:  new Date().toISOString(),
+      session_id: 'test-session-001',
+      agent:      'mindforge-test',
+      ...entry,
+    });
+    fs.appendFileSync(auditPath, line + '\n');
+  }
+  function cleanup() {
+    try { fs.rmSync(tmpDir, { recursive: true, force: true }); }
+    catch(e) {
+      cleanupFailures.push(tmpDir);
+      console.warn(`  ⚠️  Cleanup warning: ${e.message} (dir: ${tmpDir})`);
+    }
+  }
+  return { tmpDir, write, read, exists, appendAudit, cleanup };
+}
+// ── Workflow simulation functions ──────────────────────────────────────────────
+function initProject(project) {
+  const { write } = project;
+  // Core .planning/ files
+  write('.planning/PROJECT.md', `# E2E Test Project
+## Tech stack
+- Node.js 20 LTS
+- TypeScript 5.x
+- PostgreSQL via Prisma
+## v1 scope — IN
+- [x] User authentication (email/password)
+- [x] User profile management
+## Success criteria
+All acceptance tests passing. Zero HIGH security findings.
+`);
+  write('.planning/REQUIREMENTS.md', `# Requirements
+## Functional requirements
+| ID | Requirement | Acceptance criterion | Scope |
+|---|---|---|---|
+| FR-01 | User login | POST /auth/login returns JWT for valid credentials | v1 |
+| FR-02 | User logout | POST /auth/logout invalidates session | v1 |
+| FR-03 | Profile fetch | GET /users/:id returns profile for authenticated user | v1 |
+`);
+  write('.planning/ARCHITECTURE.md', `# Architecture
+## Architectural pattern
+Modular monolith — Express API with Prisma ORM
+## Technology stack
+- Runtime: Node.js 20
+- Framework: Express 4.x
+- Database: PostgreSQL 15
+## Data model
+**User**: id (UUID), email, passwordHash, createdAt, updatedAt
+`);
+  write('.planning/STATE.md', `# Project State
+## Status
+Phase 1 in progress
+## Current phase
+Phase 1 — Authentication
+## Next action
+Execute Phase 1 plans
+`);
+  write('.planning/HANDOFF.json', JSON.stringify({
+    schema_version: '1.0.0',
+    plugin_api_version: '1.0.0',
+    project: 'E2E Test Project',
+    phase: 1,
+    plan: null,
+    next_task: 'Execute Phase 1 — Authentication',
+    blockers: [],
+    decisions_needed: [],
+    decisions_made: [],
+    discoveries: [],
+    implicit_knowledge: [],
+    quality_signals: [],
+    context_refs: ['.planning/PROJECT.md', '.planning/STATE.md'],
+    recent_commits: [],
+    recent_files: [],
+    session_id: 'test-session-001',
+    _warning: 'Never store secrets or tokens in this file.',
+    updated_at: new Date().toISOString(),
+  }, null, 2));
+  write('.planning/AUDIT.jsonl', '');
+  project.appendAudit({ event: 'project_initialised', phase: null });
+}
+function planPhase(project, phaseNum) {
+  const { write, appendAudit } = project;
+  const phaseDir = `.planning/phases/${phaseNum}`;
+  // Difficulty score
+  write(`${phaseDir}/DIFFICULTY-SCORE-${phaseNum}.md`, `# Difficulty Score — Phase ${phaseNum}
+## Scores
+| Dimension | Score |
+|---|---|
+| Technical | 4/5 |
+| Risk | 5/5 |
+| Ambiguity | 2/5 |
+| Dependencies | 2/5 |
+## Composite: 3.75 — Challenging
+## Recommendations: 6 atomic tasks
+`);
+  // Plan file with valid XML
+  write(`${phaseDir}/PLAN-${phaseNum}-01.md`, `<task type="auto">
+  <n>Implement login endpoint with JWT</n>
+  <persona>developer</persona>
+  <phase>${phaseNum}</phase>
+  <plan>01</plan>
+  <dependencies>none</dependencies>
+  <files>
+    src/auth/login.ts
+    src/auth/login.test.ts
+  </files>
+  <context>
+    Skills: security-review (jwt.sign trigger), api-design, testing-standards
+  </context>
+  <action>
+    Create POST /auth/login endpoint. Validate email/password against database.
+    Use argon2 for password verification. Return signed JWT on success.
+    Return 401 for invalid credentials (no information disclosure).
+  </action>
+  <verify>npm test -- --testPathPattern=auth.login</verify>
+  <done>All login tests passing, argon2 verification working, JWT returned</done>
+</task>`);
+  write(`${phaseDir}/PLAN-${phaseNum}-02.md`, `<task type="auto">
+  <n>Implement logout endpoint with session invalidation</n>
+  <persona>developer</persona>
+  <phase>${phaseNum}</phase>
+  <plan>02</plan>
+  <dependencies>01</dependencies>
+  <files>
+    src/auth/logout.ts
+    src/auth/logout.test.ts
+  </files>
+  <context>
+    Skills: security-review, testing-standards
+  </context>
+  <action>
+    Create POST /auth/logout endpoint. Invalidate JWT via blocklist in Redis.
+    Verify that blocklisted tokens return 401 on subsequent requests.
+  </action>
+  <verify>npm test -- --testPathPattern=auth.logout</verify>
+  <done>Logout invalidates tokens, blocklisted tokens rejected</done>
+</task>`);
+  // Dependency graph
+  write(`${phaseDir}/DEPENDENCY-GRAPH-${phaseNum}.md`, `# Dependency Graph — Phase ${phaseNum}
+## Wave 1 (independent)
+- Plan 01: Implement login endpoint
+## Wave 2 (depends on Wave 1)
+- Plan 02: Implement logout endpoint (requires login implementation)
+`);
+  appendAudit({ event: 'phase_planned', phase: phaseNum, plans_created: 2, waves: 2 });
+}
+function executeTask(project, phaseNum, planId, commitSha) {
+  const { write, appendAudit } = project;
+  const phaseDir = `.planning/phases/${phaseNum}`;
+  appendAudit({ event: 'task_started', phase: phaseNum, plan: planId });
+  write(`${phaseDir}/SUMMARY-${phaseNum}-${planId}.md`, `# Summary — Phase ${phaseNum}, Plan ${planId}
+## Status: Completed ✅
+## Commit: ${commitSha}
+## Verify result: PASS
+## Files modified:
+- src/auth/${planId === '01' ? 'login' : 'logout'}.ts (created)
+- src/auth/${planId === '01' ? 'login' : 'logout'}.test.ts (created, 8 tests)
+`);
+  appendAudit({ event: 'task_completed', phase: phaseNum, plan: planId, commit_sha: commitSha, verify_result: 'pass' });
+}
+function runSecurityScan(project, phaseNum, findings = []) {
+  const { write, appendAudit } = project;
+  const phaseDir = `.planning/phases/${phaseNum}`;
+  const criticalCount = findings.filter(f => f.severity === 'CRITICAL').length;
+  const highCount     = findings.filter(f => f.severity === 'HIGH').length;
+  write(`${phaseDir}/SECURITY-REVIEW-${phaseNum}.md`, `# Security Review — Phase ${phaseNum}
+## Scan date: ${new Date().toISOString()}
+## OWASP A01: ${findings.length === 0 ? 'PASS ✅' : 'FINDINGS'}
+${findings.map(f => `### ${f.severity}: ${f.description}\nFile: ${f.file}:${f.line}\nRemediation: ${f.remediation}`).join('\n\n')}
+## Summary
+- CRITICAL: ${criticalCount}
+- HIGH: ${highCount}
+- Total: ${findings.length}
+${findings.length === 0 ? '## Verdict: CLEAN ✅' : `## Verdict: ${criticalCount > 0 ? '🔴 BLOCKED' : '⚠️  REVIEW REQUIRED'}`}
+`);
+  appendAudit({ event: 'security_scan_completed', phase: phaseNum, critical: criticalCount, high: highCount });
+}
+function verifyPhase(project, phaseNum) {
+  const { write, appendAudit } = project;
+  const phaseDir = `.planning/phases/${phaseNum}`;
+  write(`${phaseDir}/GATE-RESULTS-${phaseNum}.md`, `# Compliance Gate Results — Phase ${phaseNum}
+## Run at: ${new Date().toISOString()}
+| Gate | Status | Detail |
+|---|---|---|
+| Secret detection | ✅ PASS | 0 patterns found |
+| CRITICAL security findings | ✅ PASS | No open CRITICAL findings |
+| Test suite | ✅ PASS | 16 tests passing |
+| Dependency CVEs | ✅ PASS | 0 HIGH/CRITICAL |
+| GDPR retention | ✅ PASS | data-privacy skill not active |
+## Overall: ✅ ALL BLOCKING GATES PASSED
+`);
+  write(`${phaseDir}/VERIFICATION-${phaseNum}.md`, `# Verification — Phase ${phaseNum}
+## Stage 1 — Tests: 16/16 passing ✅
+## Stage 2 — Requirements:
+| FR-01 | User login | ✅ | src/auth/login.ts:24 |
+| FR-02 | User logout | ✅ | src/auth/logout.ts:18 |
+## Stage 3 — Type check: PASS ✅
+## Stage 4 — Security: PASS ✅
+## Overall: ✅ PHASE VERIFIED
+`);
+  write(`${phaseDir}/UAT-${phaseNum}.md`, `# UAT — Phase ${phaseNum}
+## Test results
+| # | Deliverable | Result | Notes |
+|---|---|---|---|
+| 1 | POST /auth/login returns JWT | ✅ | Tested with valid+invalid credentials |
+| 2 | POST /auth/logout invalidates session | ✅ | Blocklist verified |
+## Overall: ✅ ALL UAT PASSED
+`);
+  appendAudit({ event: 'phase_completed', phase: phaseNum, uat_pass_rate: 1.0 });
+}
+// ── Tests ──────────────────────────────────────────────────────────────────────
+console.log('\nMindForge Day 7 — End-to-End Tests\n');
+// ── Test 1: Complete greenfield workflow ───────────────────────────────────────
+console.log('Greenfield project workflow:');
+const gf = createTestProject();
+try {
+  test('init-project creates all required .planning/ files', () => {
+    initProject(gf);
+    const required = ['PROJECT.md', 'REQUIREMENTS.md', 'ARCHITECTURE.md', 'STATE.md', 'HANDOFF.json', 'AUDIT.jsonl'];
+    required.forEach(f => assert.ok(gf.exists(`.planning/${f}`), `Missing: ${f}`));
+  });
+  test('HANDOFF.json has v1.0.0 schema_version and plugin_api_version', () => {
+    const handoff = JSON.parse(gf.read('.planning/HANDOFF.json'));
+    assert.strictEqual(handoff.schema_version, '1.0.0');
+    assert.strictEqual(handoff.plugin_api_version, '1.0.0');
+    assert.ok(handoff._warning, 'Should have _warning field');
+    assert.ok(!handoff._warning.toLowerCase().includes('password'), '_warning should not contain password');
+  });
+  test('initial AUDIT.jsonl has project_initialised event with session_id', () => {
+    const lines = gf.read('.planning/AUDIT.jsonl').split('\n').filter(Boolean);
+    assert.ok(lines.length >= 1, 'Should have at least one audit entry');
+    const first = JSON.parse(lines[0]);
+    assert.strictEqual(first.event, 'project_initialised');
+    assert.ok(first.session_id, 'Should have session_id');
+    assert.ok(first.id, 'Should have id');
+    assert.ok(first.timestamp, 'Should have timestamp');
+  });
+  test('plan-phase creates PLAN files with valid XML structure', () => {
+    planPhase(gf, 1);
+    const plan = gf.read('.planning/phases/1/PLAN-1-01.md');
+    assert.ok(plan, 'PLAN-1-01.md should exist');
+    assert.ok(plan.includes('<task type="auto">'), 'Should have task element');
+    assert.ok(plan.includes('<n>'), 'Should have task name');
+    assert.ok(plan.includes('<persona>'), 'Should specify persona');
+    assert.ok(plan.includes('<dependencies>'), 'Should have dependencies');
+    assert.ok(plan.includes('<verify>'), 'Should have verify step');
+    assert.ok(plan.includes('<done>'), 'Should have definition of done');
+  });
+  test('difficulty score file created before plans', () => {
+    assert.ok(gf.exists('.planning/phases/1/DIFFICULTY-SCORE-1.md'));
+    const score = gf.read('.planning/phases/1/DIFFICULTY-SCORE-1.md');
+    assert.ok(score.includes('Composite'), 'Should have composite score');
+    assert.ok(score.includes('Challenging'), 'Should have difficulty label');
+  });
+  test('dependency graph created and shows wave structure', () => {
+    const dep = gf.read('.planning/phases/1/DEPENDENCY-GRAPH-1.md');
+    assert.ok(dep, 'Dependency graph should exist');
+    assert.ok(dep.includes('Wave 1'), 'Should define Wave 1');
+    assert.ok(dep.includes('Wave 2'), 'Should define Wave 2');
+    assert.ok(dep.includes('Plan 01'), 'Should reference Plan 01');
+    assert.ok(dep.includes('Plan 02'), 'Should reference Plan 02');
+  });
+  test('execute task creates SUMMARY with commit SHA', () => {
+    executeTask(gf, 1, '01', 'abc1234ef');
+    const summary = gf.read('.planning/phases/1/SUMMARY-1-01.md');
+    assert.ok(summary, 'SUMMARY-1-01.md should exist');
+    assert.ok(summary.includes('Completed ✅'), 'Should show completed status');
+    assert.ok(summary.includes('abc1234ef'), 'Should include commit SHA');
+  });
+  test('task execution writes task_started and task_completed to AUDIT.jsonl', () => {
+    executeTask(gf, 1, '02', 'def5678ab');
+    const lines = gf.read('.planning/AUDIT.jsonl').split('\n').filter(Boolean);
+    const events = lines.map(l => JSON.parse(l).event);
+    assert.ok(events.includes('task_started'), 'Should have task_started event');
+    assert.ok(events.includes('task_completed'), 'Should have task_completed event');
+  });
+  test('security scan writes SECURITY-REVIEW file', () => {
+    runSecurityScan(gf, 1, []);
+    assert.ok(gf.exists('.planning/phases/1/SECURITY-REVIEW-1.md'));
+    const review = gf.read('.planning/phases/1/SECURITY-REVIEW-1.md');
+    assert.ok(review.includes('CLEAN ✅') || review.includes('PASS'), 'Should show passing result');
+  });
+  test('verify-phase creates GATE-RESULTS, VERIFICATION, and UAT files', () => {
+    verifyPhase(gf, 1);
+    assert.ok(gf.exists('.planning/phases/1/GATE-RESULTS-1.md'), 'GATE-RESULTS should exist');
+    assert.ok(gf.exists('.planning/phases/1/VERIFICATION-1.md'), 'VERIFICATION should exist');
+    assert.ok(gf.exists('.planning/phases/1/UAT-1.md'), 'UAT should exist');
+  });
+  test('GATE-RESULTS shows all 5 gates passing', () => {
+    const gates = gf.read('.planning/phases/1/GATE-RESULTS-1.md');
+    assert.ok(gates.includes('Secret detection'), 'Should have secret detection gate');
+    assert.ok(gates.includes('CRITICAL security'), 'Should have CRITICAL findings gate');
+    assert.ok(gates.includes('Test suite'), 'Should have test suite gate');
+    assert.ok(gates.includes('✅ PASS'), 'Gates should pass');
+    assert.ok(gates.includes('ALL BLOCKING GATES PASSED'), 'Should confirm all gates passed');
+  });
+  test('VERIFICATION.md references requirements with traceability', () => {
+    const v = gf.read('.planning/phases/1/VERIFICATION-1.md');
+    assert.ok(v.includes('FR-01'), 'Should reference FR-01');
+    assert.ok(v.includes('FR-02'), 'Should reference FR-02');
+    assert.ok(v.includes('src/auth/'), 'Should reference source files');
+  });
+  // Complete audit log validation
+  test('full workflow: all AUDIT.jsonl entries are valid with required fields', () => {
+    const lines = gf.read('.planning/AUDIT.jsonl').split('\n').filter(Boolean);
+    assert.ok(lines.length >= 6, `Should have >= 6 audit entries, got ${lines.length}`);
+    lines.forEach((line, i) => {
+      let entry;
+      assert.doesNotThrow(() => { entry = JSON.parse(line); }, `Line ${i+1} is not valid JSON`);
+      assert.ok(entry.id,         `Line ${i+1}: missing 'id'`);
+      assert.ok(entry.timestamp,  `Line ${i+1}: missing 'timestamp'`);
+      assert.ok(entry.event,      `Line ${i+1}: missing 'event'`);
+      assert.ok(entry.session_id, `Line ${i+1}: missing 'session_id'`);
+      assert.ok(entry.agent,      `Line ${i+1}: missing 'agent'`);
+    });
+  });
+  test('full workflow: AUDIT.jsonl events cover complete lifecycle', () => {
+    const lines   = gf.read('.planning/AUDIT.jsonl').split('\n').filter(Boolean);
+    const events  = new Set(lines.map(l => JSON.parse(l).event));
+    assert.ok(events.has('project_initialised'), 'Missing: project_initialised');
+    assert.ok(events.has('phase_planned'),       'Missing: phase_planned');
+    assert.ok(events.has('task_started'),        'Missing: task_started');
+    assert.ok(events.has('task_completed'),      'Missing: task_completed');
+    assert.ok(events.has('phase_completed'),     'Missing: phase_completed');
+  });
+} finally {
+  gf.cleanup();
+}
+// ── Test 2: Brownfield / map-codebase workflow ─────────────────────────────────
+console.log('\nBrownfield project workflow:');
+const bf = createTestProject();
+try {
+  // Simulate what /mindforge:map-codebase produces
+  test('map-codebase creates CONVENTIONS.md with DRAFT status marker', () => {
+    bf.write('.mindforge/org/CONVENTIONS.md', `# Coding Conventions — E2E Test Project
+# Source: Inferred from codebase analysis by MindForge
+# Status: DRAFT — confirm with team before treating as authoritative
+## IMPORTANT
+These conventions were inferred from code analysis.
+Review each section and mark as [CONFIRMED] or [NEEDS REVIEW].
+## Naming conventions [NEEDS REVIEW]
+- Variables: camelCase
+- Files: kebab-case
+- Classes: PascalCase
+## Import order [NEEDS REVIEW]
+- Node.js built-ins
+- Third-party libraries
+- Internal modules
+`);
+    const content = bf.read('.mindforge/org/CONVENTIONS.md');
+    assert.ok(content.includes('DRAFT'), 'Should be marked as DRAFT');
+    assert.ok(content.includes('NEEDS REVIEW'), 'Should have review markers');
+  });
+  test('map-codebase creates ARCHITECTURE.md with inferred stack', () => {
+    bf.write('.planning/ARCHITECTURE.md', `# Architecture — E2E Test Project
+## MindForge onboarding: Inferred from codebase
+## Technology stack
+- Runtime: Node.js 20 (inferred from .nvmrc)
+- Framework: Express 4.x (inferred from package.json)
+- Database: PostgreSQL via Prisma (inferred from prisma/schema.prisma)
+## Quality baseline
+- Tests: Vitest, ~200 test files
+- Linting: ESLint configured
+- CI/CD: GitHub Actions
+`);
+    const arch = bf.read('.planning/ARCHITECTURE.md');
+    assert.ok(arch, 'ARCHITECTURE.md should exist');
+    assert.ok(arch.includes('inferred') || arch.includes('Inferred'), 'Should note inferred content');
+  });
+  test('STATE.md from map-codebase shows ready-for-planning status', () => {
+    bf.write('.planning/STATE.md', `# Project State
+## Status
+Codebase mapped. Ready to plan first phase.
+## Current phase
+None — run /mindforge:plan-phase 1 to begin.
+## Last action
+/mindforge:map-codebase completed — codebase analysis done.
+`);
+    const state = bf.read('.planning/STATE.md');
+    assert.ok(state.includes('map'), 'STATE.md should reference map-codebase');
+    assert.ok(state.includes('plan'), 'STATE.md should suggest next step');
+  });
+} finally {
+  bf.cleanup();
+}
+// ── Test 3: Multi-developer handoff scenario ──────────────────────────────────
+console.log('\nMulti-developer handoff scenario:');
+const md = createTestProject();
+try {
+  test('per-developer handoffs are distinct and non-conflicting', () => {
+    initProject(md);
+    const base = JSON.parse(md.read('.planning/HANDOFF.json'));
+    const alice = {
+      ...base,
+      developer_id: 'alice',
+      session_id: 'sess-alice',
+      recent_files: ['src/auth/login.ts'],
+    };
+    const bob = {
+      ...base,
+      developer_id: 'bob',
+      session_id: 'sess-bob',
+      recent_files: ['src/auth/logout.ts'],
+    };
+    md.write('.planning/HANDOFF-alice.json', JSON.stringify(alice, null, 2));
+    md.write('.planning/HANDOFF-bob.json', JSON.stringify(bob, null, 2));
+    md.write('.planning/HANDOFF.json', JSON.stringify({
+      ...base,
+      active_developers: ['alice', 'bob'],
+    }, null, 2));
+    const a = JSON.parse(md.read('.planning/HANDOFF-alice.json'));
+    const b = JSON.parse(md.read('.planning/HANDOFF-bob.json'));
+    const main = JSON.parse(md.read('.planning/HANDOFF.json'));
+    assert.notStrictEqual(a.session_id, b.session_id, 'Session IDs should be distinct');
+    assert.notDeepStrictEqual(a.recent_files, b.recent_files, 'Recent files should differ');
+    assert.ok(Array.isArray(main.active_developers), 'active_developers should exist');
+    assert.ok(main.active_developers.includes('alice'), 'alice should be in active_developers');
+    assert.ok(main.active_developers.includes('bob'), 'bob should be in active_developers');
+  });
+} finally {
+  md.cleanup();
+}
+// ── Test 4: Context compaction scenario ───────────────────────────────────────
+console.log('\nContext compaction scenario:');
+const cc = createTestProject();
+try {
+  test('Level 2 compaction adds decisions_made and implicit_knowledge', () => {
+    initProject(cc);
+    const handoff = JSON.parse(cc.read('.planning/HANDOFF.json'));
+    handoff.decisions_made = ['Adopted JWT auth for v1'];
+    handoff.implicit_knowledge = ['Token revocation uses Redis blocklist'];
+    cc.write('.planning/HANDOFF.json', JSON.stringify(handoff, null, 2));
+    const updated = JSON.parse(cc.read('.planning/HANDOFF.json'));
+    assert.ok(Array.isArray(updated.decisions_made), 'decisions_made should be array');
+    assert.ok(Array.isArray(updated.implicit_knowledge), 'implicit_knowledge should be array');
+    assert.ok(updated.decisions_made.length >= 1, 'decisions_made should be populated');
+    assert.ok(updated.implicit_knowledge.length >= 1, 'implicit_knowledge should be populated');
+  });
+} finally {
+  cc.cleanup();
+}
+// ── Test 5: Security gate scenarios ───────────────────────────────────────────
+console.log('\nSecurity gate scenarios:');
+const sg = createTestProject();
+try {
+  test('CRITICAL security finding in review blocks phase completion indicator', () => {
+    initProject(sg);
+    planPhase(sg, 1);
+    executeTask(sg, 1, '01', 'abc1234');
+    // Run security scan with a CRITICAL finding
+    runSecurityScan(sg, 1, [{
+      severity: 'CRITICAL',
+      description: 'SQL injection via unsanitised user input',
+      file: 'src/db/users.ts',
+      line: 47,
+      remediation: 'Use parameterised queries: db.query($1, [id])',
+    }]);
+    const review = sg.read('.planning/phases/1/SECURITY-REVIEW-1.md');
+    assert.ok(review.includes('CRITICAL'), 'Should show CRITICAL finding');
+    assert.ok(review.includes('BLOCKED') || review.includes('0 CRITICAL') === false, 'Should indicate blocked state');
+  });
+  test('AUDIT.jsonl captures security findings with correct schema', () => {
+    const lines = sg.read('.planning/AUDIT.jsonl').split('\n').filter(Boolean);
+    const secScan = lines.map(l => JSON.parse(l)).find(e => e.event === 'security_scan_completed');
+    assert.ok(secScan, 'Should have security_scan_completed audit entry');
+    assert.strictEqual(secScan.critical, 1, 'Should record 1 critical finding');
+    assert.ok(secScan.session_id, 'Security scan audit entry should have session_id');
+  });
+} finally {
+  sg.cleanup();
+}
+// ── Results ─────────────────────────────────────────────────────────────────────
+console.log(`\n${'─'.repeat(55)}`);
+console.log(`Results: ${passed} passed, ${failed} failed`);
+if (cleanupFailures.length > 0) {
+  console.warn(`\n⚠️  ${cleanupFailures.length} test directories were not cleaned up:`);
+  cleanupFailures.forEach(p => console.warn(`  - ${p}`));
+}
+if (failed > 0) {
+  console.error(`\n❌  ${failed} test(s) failed.\n`);
+  process.exit(1);
+} else {
+  console.log(`\n✅  All E2E tests passed.\n`);
+}