mindforge-cc 11.3.0 → 11.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (576) hide show
  1. package/.agent/forge/help.md +11 -0
  2. package/.agent/forge/init-project.md +36 -0
  3. package/.agent/forge/plan-phase.md +34 -0
  4. package/.agent/mindforge/add-backlog.md +32 -0
  5. package/.agent/mindforge/agent-deploy.md +34 -0
  6. package/.agent/mindforge/agent-design.md +31 -0
  7. package/.agent/mindforge/agent-eval.md +27 -0
  8. package/.agent/mindforge/agent-memory.md +27 -0
  9. package/.agent/mindforge/agent.md +31 -0
  10. package/.agent/mindforge/ai-cost.md +31 -0
  11. package/.agent/mindforge/ai-safety.md +37 -0
  12. package/.agent/mindforge/analytics.md +28 -0
  13. package/.agent/mindforge/approve.md +22 -0
  14. package/.agent/mindforge/audit.md +34 -0
  15. package/.agent/mindforge/auth-flow.md +76 -0
  16. package/.agent/mindforge/auto.md +26 -0
  17. package/.agent/mindforge/benchmark.md +37 -0
  18. package/.agent/mindforge/brd.md +90 -0
  19. package/.agent/mindforge/browse.md +30 -0
  20. package/.agent/mindforge/build-opt.md +31 -0
  21. package/.agent/mindforge/build-vs-buy.md +29 -0
  22. package/.agent/mindforge/cache.md +30 -0
  23. package/.agent/mindforge/causal.md +31 -0
  24. package/.agent/mindforge/cdn.md +34 -0
  25. package/.agent/mindforge/change.md +37 -0
  26. package/.agent/mindforge/cli.md +30 -0
  27. package/.agent/mindforge/cluster-instincts.md +35 -0
  28. package/.agent/mindforge/code-tour.md +85 -0
  29. package/.agent/mindforge/communicate.md +37 -0
  30. package/.agent/mindforge/complete-milestone.md +22 -0
  31. package/.agent/mindforge/compliance.md +31 -0
  32. package/.agent/mindforge/consult.md +37 -0
  33. package/.agent/mindforge/context-budget.md +70 -0
  34. package/.agent/mindforge/contract-test.md +30 -0
  35. package/.agent/mindforge/cost-report.md +44 -0
  36. package/.agent/mindforge/costs.md +15 -0
  37. package/.agent/mindforge/council.md +35 -0
  38. package/.agent/mindforge/create-skill.md +34 -0
  39. package/.agent/mindforge/cross-review.md +21 -0
  40. package/.agent/mindforge/dashboard.md +102 -0
  41. package/.agent/mindforge/data-mesh.md +31 -0
  42. package/.agent/mindforge/data-model.md +75 -0
  43. package/.agent/mindforge/data-pipeline.md +34 -0
  44. package/.agent/mindforge/de-slop.md +33 -0
  45. package/.agent/mindforge/debug.md +133 -0
  46. package/.agent/mindforge/degrade.md +31 -0
  47. package/.agent/mindforge/delegate.md +37 -0
  48. package/.agent/mindforge/deploy.md +32 -0
  49. package/.agent/mindforge/design-tokens.md +80 -0
  50. package/.agent/mindforge/discuss-phase.md +142 -0
  51. package/.agent/mindforge/dmux.md +32 -0
  52. package/.agent/mindforge/do.md +31 -0
  53. package/.agent/mindforge/ecommerce.md +31 -0
  54. package/.agent/mindforge/edge.md +34 -0
  55. package/.agent/mindforge/edtech.md +31 -0
  56. package/.agent/mindforge/embeddings.md +37 -0
  57. package/.agent/mindforge/environments.md +31 -0
  58. package/.agent/mindforge/eval.md +33 -0
  59. package/.agent/mindforge/events.md +30 -0
  60. package/.agent/mindforge/evolve-skills.md +49 -0
  61. package/.agent/mindforge/execute-phase.md +200 -0
  62. package/.agent/mindforge/experiment.md +28 -0
  63. package/.agent/mindforge/feature-flags.md +30 -0
  64. package/.agent/mindforge/feature-store.md +31 -0
  65. package/.agent/mindforge/finops.md +31 -0
  66. package/.agent/mindforge/fintech.md +31 -0
  67. package/.agent/mindforge/flutter.md +37 -0
  68. package/.agent/mindforge/gaming.md +31 -0
  69. package/.agent/mindforge/graphql.md +31 -0
  70. package/.agent/mindforge/health.md +31 -0
  71. package/.agent/mindforge/healthcare.md +31 -0
  72. package/.agent/mindforge/help.md +33 -0
  73. package/.agent/mindforge/hire.md +37 -0
  74. package/.agent/mindforge/hitl.md +27 -0
  75. package/.agent/mindforge/i18n.md +31 -0
  76. package/.agent/mindforge/idempotent.md +31 -0
  77. package/.agent/mindforge/init-org.md +135 -0
  78. package/.agent/mindforge/init-project.md +170 -0
  79. package/.agent/mindforge/install-skill.md +28 -0
  80. package/.agent/mindforge/introspect.md +46 -0
  81. package/.agent/mindforge/iot.md +31 -0
  82. package/.agent/mindforge/knowledge-graph.md +37 -0
  83. package/.agent/mindforge/lakehouse.md +31 -0
  84. package/.agent/mindforge/lead.md +31 -0
  85. package/.agent/mindforge/learn-instinct.md +58 -0
  86. package/.agent/mindforge/learn.md +147 -0
  87. package/.agent/mindforge/learning.md +20 -0
  88. package/.agent/mindforge/llm-route.md +37 -0
  89. package/.agent/mindforge/load-test.md +30 -0
  90. package/.agent/mindforge/logistics.md +31 -0
  91. package/.agent/mindforge/map-codebase.md +302 -0
  92. package/.agent/mindforge/market-research.md +94 -0
  93. package/.agent/mindforge/marketplace.md +124 -0
  94. package/.agent/mindforge/mcp-server.md +88 -0
  95. package/.agent/mindforge/meeting-design.md +37 -0
  96. package/.agent/mindforge/metrics.md +26 -0
  97. package/.agent/mindforge/microservices.md +64 -0
  98. package/.agent/mindforge/migrate.md +44 -0
  99. package/.agent/mindforge/migration-mgmt.md +31 -0
  100. package/.agent/mindforge/milestone.md +16 -0
  101. package/.agent/mindforge/mobile.md +37 -0
  102. package/.agent/mindforge/monorepo.md +30 -0
  103. package/.agent/mindforge/multi-tenant.md +31 -0
  104. package/.agent/mindforge/multimodal.md +37 -0
  105. package/.agent/mindforge/new-runtime.md +23 -0
  106. package/.agent/mindforge/next.md +109 -0
  107. package/.agent/mindforge/note.md +35 -0
  108. package/.agent/mindforge/observability-platform.md +31 -0
  109. package/.agent/mindforge/observability.md +75 -0
  110. package/.agent/mindforge/offline.md +37 -0
  111. package/.agent/mindforge/onboard.md +37 -0
  112. package/.agent/mindforge/orchestrate.md +74 -0
  113. package/.agent/mindforge/payments.md +28 -0
  114. package/.agent/mindforge/pipeline.md +84 -0
  115. package/.agent/mindforge/plan-phase.md +131 -0
  116. package/.agent/mindforge/plan-write.md +95 -0
  117. package/.agent/mindforge/plant-seed.md +31 -0
  118. package/.agent/mindforge/platform.md +31 -0
  119. package/.agent/mindforge/plugins.md +44 -0
  120. package/.agent/mindforge/pr-review.md +45 -0
  121. package/.agent/mindforge/privacy-eng.md +31 -0
  122. package/.agent/mindforge/product-spec.md +90 -0
  123. package/.agent/mindforge/profile-team.md +27 -0
  124. package/.agent/mindforge/prompt.md +78 -0
  125. package/.agent/mindforge/proofread.md +87 -0
  126. package/.agent/mindforge/publish-skill.md +23 -0
  127. package/.agent/mindforge/push-notify.md +37 -0
  128. package/.agent/mindforge/pwa.md +37 -0
  129. package/.agent/mindforge/qa.md +20 -0
  130. package/.agent/mindforge/quality-audit.md +34 -0
  131. package/.agent/mindforge/queue.md +31 -0
  132. package/.agent/mindforge/quick.md +139 -0
  133. package/.agent/mindforge/rag.md +30 -0
  134. package/.agent/mindforge/rate-limit.md +31 -0
  135. package/.agent/mindforge/react-native.md +37 -0
  136. package/.agent/mindforge/realtime-analytics.md +31 -0
  137. package/.agent/mindforge/record-learning.md +22 -0
  138. package/.agent/mindforge/release.md +14 -0
  139. package/.agent/mindforge/remember.md +30 -0
  140. package/.agent/mindforge/research.md +16 -0
  141. package/.agent/mindforge/retro.md +28 -0
  142. package/.agent/mindforge/retrospective.md +31 -0
  143. package/.agent/mindforge/review-backlog.md +34 -0
  144. package/.agent/mindforge/review-guide.md +63 -0
  145. package/.agent/mindforge/review.md +161 -0
  146. package/.agent/mindforge/rfc.md +34 -0
  147. package/.agent/mindforge/santa.md +33 -0
  148. package/.agent/mindforge/secrets-mgmt.md +31 -0
  149. package/.agent/mindforge/secrets.md +31 -0
  150. package/.agent/mindforge/security-scan.md +242 -0
  151. package/.agent/mindforge/serverless.md +34 -0
  152. package/.agent/mindforge/session-report.md +39 -0
  153. package/.agent/mindforge/ship.md +111 -0
  154. package/.agent/mindforge/skills.md +145 -0
  155. package/.agent/mindforge/status.md +113 -0
  156. package/.agent/mindforge/steer.md +17 -0
  157. package/.agent/mindforge/stream.md +31 -0
  158. package/.agent/mindforge/sync-confluence.md +15 -0
  159. package/.agent/mindforge/sync-jira.md +16 -0
  160. package/.agent/mindforge/system-design.md +87 -0
  161. package/.agent/mindforge/team-topology.md +27 -0
  162. package/.agent/mindforge/tech-debt.md +31 -0
  163. package/.agent/mindforge/tech-radar.md +28 -0
  164. package/.agent/mindforge/threat-model.md +48 -0
  165. package/.agent/mindforge/tokens.md +12 -0
  166. package/.agent/mindforge/ui-phase.md +34 -0
  167. package/.agent/mindforge/ui-review.md +36 -0
  168. package/.agent/mindforge/update.md +46 -0
  169. package/.agent/mindforge/validate-phase.md +31 -0
  170. package/.agent/mindforge/verify-loop.md +45 -0
  171. package/.agent/mindforge/verify-phase.md +66 -0
  172. package/.agent/mindforge/vibe-check.md +37 -0
  173. package/.agent/mindforge/workspace.md +33 -0
  174. package/.agent/mindforge/workstreams.md +35 -0
  175. package/.agent/mindforge/worktrees.md +86 -0
  176. package/.agent/mindforge/write-rfc.md +64 -0
  177. package/.agent/mindforge/zero-trust.md +34 -0
  178. package/.agent/skills/mindforge-add-backlog/SKILL.md +72 -0
  179. package/.agent/skills/mindforge-add-phase/SKILL.md +39 -0
  180. package/.agent/skills/mindforge-add-tests/SKILL.md +28 -0
  181. package/.agent/skills/mindforge-add-todo/SKILL.md +42 -0
  182. package/.agent/skills/mindforge-audit-milestone/SKILL.md +29 -0
  183. package/.agent/skills/mindforge-audit-uat/SKILL.md +20 -0
  184. package/.agent/skills/mindforge-autonomous/SKILL.md +33 -0
  185. package/.agent/skills/mindforge-brainstorming/SKILL.md +164 -0
  186. package/.agent/skills/mindforge-brainstorming/scripts/frame-template.html +214 -0
  187. package/.agent/skills/mindforge-brainstorming/scripts/helper.js +90 -0
  188. package/.agent/skills/mindforge-brainstorming/scripts/server.cjs +354 -0
  189. package/.agent/skills/mindforge-brainstorming/scripts/start-server.sh +148 -0
  190. package/.agent/skills/mindforge-brainstorming/scripts/stop-server.sh +56 -0
  191. package/.agent/skills/mindforge-brainstorming/spec-document-reviewer-prompt.md +49 -0
  192. package/.agent/skills/mindforge-brainstorming/visual-companion.md +287 -0
  193. package/.agent/skills/mindforge-check-todos/SKILL.md +40 -0
  194. package/.agent/skills/mindforge-cleanup/SKILL.md +19 -0
  195. package/.agent/skills/mindforge-complete-milestone/SKILL.md +131 -0
  196. package/.agent/skills/mindforge-debug/SKILL.md +163 -0
  197. package/.agent/skills/mindforge-debug_extended/CREATION-LOG.md +119 -0
  198. package/.agent/skills/mindforge-debug_extended/SKILL.md +296 -0
  199. package/.agent/skills/mindforge-debug_extended/condition-based-waiting-example.ts +158 -0
  200. package/.agent/skills/mindforge-debug_extended/condition-based-waiting.md +115 -0
  201. package/.agent/skills/mindforge-debug_extended/defense-in-depth.md +122 -0
  202. package/.agent/skills/mindforge-debug_extended/find-polluter.sh +63 -0
  203. package/.agent/skills/mindforge-debug_extended/root-cause-tracing.md +169 -0
  204. package/.agent/skills/mindforge-debug_extended/test-academic.md +14 -0
  205. package/.agent/skills/mindforge-debug_extended/test-pressure-1.md +58 -0
  206. package/.agent/skills/mindforge-debug_extended/test-pressure-2.md +68 -0
  207. package/.agent/skills/mindforge-debug_extended/test-pressure-3.md +69 -0
  208. package/.agent/skills/mindforge-discuss-phase/SKILL.md +54 -0
  209. package/.agent/skills/mindforge-do/SKILL.md +26 -0
  210. package/.agent/skills/mindforge-execute-phase/SKILL.md +49 -0
  211. package/.agent/skills/mindforge-execute-phase_extended/SKILL.md +70 -0
  212. package/.agent/skills/mindforge-fast/SKILL.md +23 -0
  213. package/.agent/skills/mindforge-forensics/SKILL.md +49 -0
  214. package/.agent/skills/mindforge-health/SKILL.md +17 -0
  215. package/.agent/skills/mindforge-help/SKILL.md +23 -0
  216. package/.agent/skills/mindforge-insert-phase/SKILL.md +28 -0
  217. package/.agent/skills/mindforge-join-discord/SKILL.md +19 -0
  218. package/.agent/skills/mindforge-list-phase-assumptions/SKILL.md +41 -0
  219. package/.agent/skills/mindforge-list-workspaces/SKILL.md +17 -0
  220. package/.agent/skills/mindforge-manager/SKILL.md +32 -0
  221. package/.agent/skills/mindforge-map-codebase/SKILL.md +64 -0
  222. package/.agent/skills/mindforge-milestone-summary/SKILL.md +44 -0
  223. package/.agent/skills/mindforge-neural-orchestrator/SKILL.md +115 -0
  224. package/.agent/skills/mindforge-neural-orchestrator/references/codex-tools.md +100 -0
  225. package/.agent/skills/mindforge-neural-orchestrator/references/gemini-tools.md +33 -0
  226. package/.agent/skills/mindforge-new-milestone/SKILL.md +38 -0
  227. package/.agent/skills/mindforge-new-project/SKILL.md +36 -0
  228. package/.agent/skills/mindforge-new-workspace/SKILL.md +39 -0
  229. package/.agent/skills/mindforge-next/SKILL.md +19 -0
  230. package/.agent/skills/mindforge-note/SKILL.md +29 -0
  231. package/.agent/skills/mindforge-parallel-mesh_extended/SKILL.md +182 -0
  232. package/.agent/skills/mindforge-pause-work/SKILL.md +35 -0
  233. package/.agent/skills/mindforge-plan-milestone-gaps/SKILL.md +28 -0
  234. package/.agent/skills/mindforge-plan-phase/SKILL.md +38 -0
  235. package/.agent/skills/mindforge-plan-phase_extended/SKILL.md +152 -0
  236. package/.agent/skills/mindforge-plan-phase_extended/plan-document-reviewer-prompt.md +49 -0
  237. package/.agent/skills/mindforge-plant-seed/SKILL.md +22 -0
  238. package/.agent/skills/mindforge-pr-branch/SKILL.md +21 -0
  239. package/.agent/skills/mindforge-profile-user/SKILL.md +38 -0
  240. package/.agent/skills/mindforge-progress/SKILL.md +19 -0
  241. package/.agent/skills/mindforge-quick/SKILL.md +38 -0
  242. package/.agent/skills/mindforge-reapply-patches/SKILL.md +124 -0
  243. package/.agent/skills/mindforge-remove-phase/SKILL.md +26 -0
  244. package/.agent/skills/mindforge-remove-workspace/SKILL.md +22 -0
  245. package/.agent/skills/mindforge-research-phase/SKILL.md +186 -0
  246. package/.agent/skills/mindforge-resume-work/SKILL.md +35 -0
  247. package/.agent/skills/mindforge-review/SKILL.md +31 -0
  248. package/.agent/skills/mindforge-review-backlog/SKILL.md +58 -0
  249. package/.agent/skills/mindforge-review-inbound/SKILL.md +213 -0
  250. package/.agent/skills/mindforge-review-request/SKILL.md +105 -0
  251. package/.agent/skills/mindforge-review-request/code-reviewer.md +146 -0
  252. package/.agent/skills/mindforge-session-report/SKILL.md +16 -0
  253. package/.agent/skills/mindforge-set-profile/SKILL.md +9 -0
  254. package/.agent/skills/mindforge-settings/SKILL.md +32 -0
  255. package/.agent/skills/mindforge-ship/SKILL.md +16 -0
  256. package/.agent/skills/mindforge-ship_extended/SKILL.md +200 -0
  257. package/.agent/skills/mindforge-skill-creation/SKILL.md +655 -0
  258. package/.agent/skills/mindforge-skill-creation/anthropic-best-practices.md +1150 -0
  259. package/.agent/skills/mindforge-skill-creation/examples/CLAUDE_MD_TESTING.md +189 -0
  260. package/.agent/skills/mindforge-skill-creation/graphviz-conventions.dot +172 -0
  261. package/.agent/skills/mindforge-skill-creation/persuasion-principles.md +187 -0
  262. package/.agent/skills/mindforge-skill-creation/render-graphs.js +168 -0
  263. package/.agent/skills/mindforge-skill-creation/testing-skills-with-subagents.md +384 -0
  264. package/.agent/skills/mindforge-stats/SKILL.md +16 -0
  265. package/.agent/skills/mindforge-swarm-execution/SKILL.md +277 -0
  266. package/.agent/skills/mindforge-swarm-execution/code-quality-reviewer-prompt.md +26 -0
  267. package/.agent/skills/mindforge-swarm-execution/implementer-prompt.md +113 -0
  268. package/.agent/skills/mindforge-swarm-execution/spec-reviewer-prompt.md +61 -0
  269. package/.agent/skills/mindforge-system-architecture/SKILL.md +136 -0
  270. package/.agent/skills/mindforge-system-architecture/examples.md +120 -0
  271. package/.agent/skills/mindforge-system-architecture/scaling-checklist.md +76 -0
  272. package/.agent/skills/mindforge-tdd/SKILL.md +112 -0
  273. package/.agent/skills/mindforge-tdd/deep-modules.md +21 -0
  274. package/.agent/skills/mindforge-tdd/interface-design.md +22 -0
  275. package/.agent/skills/mindforge-tdd/mocking.md +24 -0
  276. package/.agent/skills/mindforge-tdd/refactoring.md +21 -0
  277. package/.agent/skills/mindforge-tdd/tests.md +28 -0
  278. package/.agent/skills/mindforge-tdd_extended/SKILL.md +371 -0
  279. package/.agent/skills/mindforge-tdd_extended/testing-anti-patterns.md +299 -0
  280. package/.agent/skills/mindforge-thread/SKILL.md +123 -0
  281. package/.agent/skills/mindforge-ui-phase/SKILL.md +24 -0
  282. package/.agent/skills/mindforge-ui-review/SKILL.md +24 -0
  283. package/.agent/skills/mindforge-update/SKILL.md +35 -0
  284. package/.agent/skills/mindforge-validate-phase/SKILL.md +26 -0
  285. package/.agent/skills/mindforge-verify-work/SKILL.md +30 -0
  286. package/.agent/skills/mindforge-verify-work_extended/SKILL.md +139 -0
  287. package/.agent/skills/mindforge-workspace-isolated/SKILL.md +218 -0
  288. package/.agent/skills/mindforge-workstreams/SKILL.md +65 -0
  289. package/.claude/CLAUDE.md +102 -0
  290. package/.claude/commands/forge/help.md +7 -0
  291. package/.claude/commands/forge/init-project.md +32 -0
  292. package/.claude/commands/forge/plan-phase.md +30 -0
  293. package/.claude/commands/mindforge/add-backlog.md +32 -0
  294. package/.claude/commands/mindforge/agent-deploy.md +34 -0
  295. package/.claude/commands/mindforge/agent-design.md +31 -0
  296. package/.claude/commands/mindforge/agent-eval.md +27 -0
  297. package/.claude/commands/mindforge/agent-memory.md +27 -0
  298. package/.claude/commands/mindforge/agent.md +31 -0
  299. package/.claude/commands/mindforge/ai-cost.md +31 -0
  300. package/.claude/commands/mindforge/ai-safety.md +37 -0
  301. package/.claude/commands/mindforge/analytics.md +28 -0
  302. package/.claude/commands/mindforge/approve.md +22 -0
  303. package/.claude/commands/mindforge/audit.md +34 -0
  304. package/.claude/commands/mindforge/auth-flow.md +76 -0
  305. package/.claude/commands/mindforge/auto.md +26 -0
  306. package/.claude/commands/mindforge/benchmark.md +37 -0
  307. package/.claude/commands/mindforge/brd.md +90 -0
  308. package/.claude/commands/mindforge/browse.md +30 -0
  309. package/.claude/commands/mindforge/build-opt.md +31 -0
  310. package/.claude/commands/mindforge/build-vs-buy.md +29 -0
  311. package/.claude/commands/mindforge/cache.md +30 -0
  312. package/.claude/commands/mindforge/causal.md +31 -0
  313. package/.claude/commands/mindforge/cdn.md +34 -0
  314. package/.claude/commands/mindforge/change.md +37 -0
  315. package/.claude/commands/mindforge/cli.md +30 -0
  316. package/.claude/commands/mindforge/cluster-instincts.md +35 -0
  317. package/.claude/commands/mindforge/code-tour.md +85 -0
  318. package/.claude/commands/mindforge/communicate.md +37 -0
  319. package/.claude/commands/mindforge/complete-milestone.md +22 -0
  320. package/.claude/commands/mindforge/compliance.md +31 -0
  321. package/.claude/commands/mindforge/consult.md +37 -0
  322. package/.claude/commands/mindforge/context-budget.md +70 -0
  323. package/.claude/commands/mindforge/contract-test.md +30 -0
  324. package/.claude/commands/mindforge/cost-report.md +44 -0
  325. package/.claude/commands/mindforge/costs.md +15 -0
  326. package/.claude/commands/mindforge/council.md +83 -0
  327. package/.claude/commands/mindforge/create-skill.md +34 -0
  328. package/.claude/commands/mindforge/cross-review.md +21 -0
  329. package/.claude/commands/mindforge/dashboard.md +102 -0
  330. package/.claude/commands/mindforge/data-mesh.md +31 -0
  331. package/.claude/commands/mindforge/data-model.md +75 -0
  332. package/.claude/commands/mindforge/data-pipeline.md +34 -0
  333. package/.claude/commands/mindforge/de-slop.md +33 -0
  334. package/.claude/commands/mindforge/debug.md +133 -0
  335. package/.claude/commands/mindforge/degrade.md +31 -0
  336. package/.claude/commands/mindforge/delegate.md +37 -0
  337. package/.claude/commands/mindforge/deploy.md +32 -0
  338. package/.claude/commands/mindforge/design-tokens.md +80 -0
  339. package/.claude/commands/mindforge/discuss-phase.md +142 -0
  340. package/.claude/commands/mindforge/dmux.md +32 -0
  341. package/.claude/commands/mindforge/do.md +31 -0
  342. package/.claude/commands/mindforge/ecommerce.md +31 -0
  343. package/.claude/commands/mindforge/edge.md +34 -0
  344. package/.claude/commands/mindforge/edtech.md +31 -0
  345. package/.claude/commands/mindforge/embeddings.md +37 -0
  346. package/.claude/commands/mindforge/environments.md +31 -0
  347. package/.claude/commands/mindforge/eval.md +33 -0
  348. package/.claude/commands/mindforge/events.md +30 -0
  349. package/.claude/commands/mindforge/evolve-skills.md +49 -0
  350. package/.claude/commands/mindforge/execute-phase.md +200 -0
  351. package/.claude/commands/mindforge/experiment.md +28 -0
  352. package/.claude/commands/mindforge/feature-flags.md +30 -0
  353. package/.claude/commands/mindforge/feature-store.md +31 -0
  354. package/.claude/commands/mindforge/finops.md +31 -0
  355. package/.claude/commands/mindforge/fintech.md +31 -0
  356. package/.claude/commands/mindforge/flutter.md +37 -0
  357. package/.claude/commands/mindforge/gaming.md +31 -0
  358. package/.claude/commands/mindforge/graphql.md +31 -0
  359. package/.claude/commands/mindforge/health.md +31 -0
  360. package/.claude/commands/mindforge/healthcare.md +31 -0
  361. package/.claude/commands/mindforge/help.md +33 -0
  362. package/.claude/commands/mindforge/hire.md +37 -0
  363. package/.claude/commands/mindforge/hitl.md +27 -0
  364. package/.claude/commands/mindforge/i18n.md +31 -0
  365. package/.claude/commands/mindforge/idempotent.md +31 -0
  366. package/.claude/commands/mindforge/init-org.md +135 -0
  367. package/.claude/commands/mindforge/init-project.md +170 -0
  368. package/.claude/commands/mindforge/install-skill.md +28 -0
  369. package/.claude/commands/mindforge/introspect.md +46 -0
  370. package/.claude/commands/mindforge/iot.md +31 -0
  371. package/.claude/commands/mindforge/knowledge-graph.md +37 -0
  372. package/.claude/commands/mindforge/lakehouse.md +31 -0
  373. package/.claude/commands/mindforge/lead.md +31 -0
  374. package/.claude/commands/mindforge/learn-instinct.md +58 -0
  375. package/.claude/commands/mindforge/learn.md +147 -0
  376. package/.claude/commands/mindforge/learning.md +20 -0
  377. package/.claude/commands/mindforge/llm-route.md +37 -0
  378. package/.claude/commands/mindforge/load-test.md +30 -0
  379. package/.claude/commands/mindforge/logistics.md +31 -0
  380. package/.claude/commands/mindforge/map-codebase.md +302 -0
  381. package/.claude/commands/mindforge/market-research.md +94 -0
  382. package/.claude/commands/mindforge/marketplace.md +124 -0
  383. package/.claude/commands/mindforge/mcp-server.md +88 -0
  384. package/.claude/commands/mindforge/meeting-design.md +37 -0
  385. package/.claude/commands/mindforge/metrics.md +26 -0
  386. package/.claude/commands/mindforge/microservices.md +64 -0
  387. package/.claude/commands/mindforge/migrate.md +44 -0
  388. package/.claude/commands/mindforge/migration-mgmt.md +31 -0
  389. package/.claude/commands/mindforge/milestone.md +16 -0
  390. package/.claude/commands/mindforge/mobile.md +37 -0
  391. package/.claude/commands/mindforge/monorepo.md +30 -0
  392. package/.claude/commands/mindforge/multi-tenant.md +31 -0
  393. package/.claude/commands/mindforge/multimodal.md +37 -0
  394. package/.claude/commands/mindforge/new-runtime.md +23 -0
  395. package/.claude/commands/mindforge/next.md +109 -0
  396. package/.claude/commands/mindforge/note.md +35 -0
  397. package/.claude/commands/mindforge/observability-platform.md +31 -0
  398. package/.claude/commands/mindforge/observability.md +75 -0
  399. package/.claude/commands/mindforge/offline.md +37 -0
  400. package/.claude/commands/mindforge/onboard.md +37 -0
  401. package/.claude/commands/mindforge/orchestrate.md +74 -0
  402. package/.claude/commands/mindforge/payments.md +28 -0
  403. package/.claude/commands/mindforge/pipeline.md +84 -0
  404. package/.claude/commands/mindforge/plan-phase.md +131 -0
  405. package/.claude/commands/mindforge/plan-write.md +95 -0
  406. package/.claude/commands/mindforge/plant-seed.md +31 -0
  407. package/.claude/commands/mindforge/platform.md +31 -0
  408. package/.claude/commands/mindforge/plugins.md +44 -0
  409. package/.claude/commands/mindforge/pr-review.md +45 -0
  410. package/.claude/commands/mindforge/privacy-eng.md +31 -0
  411. package/.claude/commands/mindforge/product-spec.md +90 -0
  412. package/.claude/commands/mindforge/profile-team.md +27 -0
  413. package/.claude/commands/mindforge/prompt.md +78 -0
  414. package/.claude/commands/mindforge/proofread.md +87 -0
  415. package/.claude/commands/mindforge/publish-skill.md +23 -0
  416. package/.claude/commands/mindforge/push-notify.md +37 -0
  417. package/.claude/commands/mindforge/pwa.md +37 -0
  418. package/.claude/commands/mindforge/qa.md +20 -0
  419. package/.claude/commands/mindforge/quality-audit.md +34 -0
  420. package/.claude/commands/mindforge/queue.md +31 -0
  421. package/.claude/commands/mindforge/quick.md +139 -0
  422. package/.claude/commands/mindforge/rag.md +30 -0
  423. package/.claude/commands/mindforge/rate-limit.md +31 -0
  424. package/.claude/commands/mindforge/react-native.md +37 -0
  425. package/.claude/commands/mindforge/realtime-analytics.md +31 -0
  426. package/.claude/commands/mindforge/record-learning.md +22 -0
  427. package/.claude/commands/mindforge/release.md +14 -0
  428. package/.claude/commands/mindforge/remember.md +30 -0
  429. package/.claude/commands/mindforge/research.md +16 -0
  430. package/.claude/commands/mindforge/retro.md +28 -0
  431. package/.claude/commands/mindforge/retrospective.md +31 -0
  432. package/.claude/commands/mindforge/review-backlog.md +34 -0
  433. package/.claude/commands/mindforge/review-guide.md +63 -0
  434. package/.claude/commands/mindforge/review.md +161 -0
  435. package/.claude/commands/mindforge/rfc.md +34 -0
  436. package/.claude/commands/mindforge/santa.md +33 -0
  437. package/.claude/commands/mindforge/secrets-mgmt.md +31 -0
  438. package/.claude/commands/mindforge/secrets.md +31 -0
  439. package/.claude/commands/mindforge/security-scan.md +242 -0
  440. package/.claude/commands/mindforge/serverless.md +34 -0
  441. package/.claude/commands/mindforge/session-report.md +39 -0
  442. package/.claude/commands/mindforge/ship.md +111 -0
  443. package/.claude/commands/mindforge/skills.md +145 -0
  444. package/.claude/commands/mindforge/status.md +113 -0
  445. package/.claude/commands/mindforge/steer.md +17 -0
  446. package/.claude/commands/mindforge/stream.md +31 -0
  447. package/.claude/commands/mindforge/sync-confluence.md +15 -0
  448. package/.claude/commands/mindforge/sync-jira.md +16 -0
  449. package/.claude/commands/mindforge/system-design.md +87 -0
  450. package/.claude/commands/mindforge/team-topology.md +27 -0
  451. package/.claude/commands/mindforge/tech-debt.md +31 -0
  452. package/.claude/commands/mindforge/tech-radar.md +28 -0
  453. package/.claude/commands/mindforge/threat-model.md +48 -0
  454. package/.claude/commands/mindforge/tokens.md +12 -0
  455. package/.claude/commands/mindforge/ui-phase.md +34 -0
  456. package/.claude/commands/mindforge/ui-review.md +36 -0
  457. package/.claude/commands/mindforge/update.md +46 -0
  458. package/.claude/commands/mindforge/validate-phase.md +31 -0
  459. package/.claude/commands/mindforge/verify-loop.md +45 -0
  460. package/.claude/commands/mindforge/verify-phase.md +66 -0
  461. package/.claude/commands/mindforge/vibe-check.md +37 -0
  462. package/.claude/commands/mindforge/workspace.md +33 -0
  463. package/.claude/commands/mindforge/workstreams.md +35 -0
  464. package/.claude/commands/mindforge/worktrees.md +86 -0
  465. package/.claude/commands/mindforge/write-rfc.md +64 -0
  466. package/.claude/commands/mindforge/zero-trust.md +34 -0
  467. package/.mindforge/config.json +2 -2
  468. package/.mindforge/governance/GOVERNANCE-CONFIG.md +17 -0
  469. package/.mindforge/governance/approval-workflow.md +37 -0
  470. package/.mindforge/governance/change-classifier.md +63 -0
  471. package/.mindforge/governance/compliance-gates.md +31 -0
  472. package/.mindforge/governance/policies/sovereign-default.json +16 -0
  473. package/.mindforge/integrations/confluence.md +27 -0
  474. package/.mindforge/integrations/connection-manager.md +163 -0
  475. package/.mindforge/integrations/github.md +25 -0
  476. package/.mindforge/integrations/gitlab.md +13 -0
  477. package/.mindforge/integrations/jira.md +102 -0
  478. package/.mindforge/integrations/slack.md +41 -0
  479. package/.mindforge/intelligence/antipattern-detector.md +75 -0
  480. package/.mindforge/intelligence/difficulty-scorer.md +55 -0
  481. package/.mindforge/intelligence/health-engine.md +208 -0
  482. package/.mindforge/intelligence/skill-gap-analyser.md +40 -0
  483. package/.mindforge/intelligence/smart-compaction.md +71 -0
  484. package/.mindforge/memory/MEMORY-SCHEMA.md +155 -0
  485. package/.mindforge/memory/engine/capture-protocol.md +36 -0
  486. package/.mindforge/memory/engine/global-sync-spec.md +42 -0
  487. package/.mindforge/memory/engine/retrieval-spec.md +44 -0
  488. package/.mindforge/memory/sync-manifest.json +6 -0
  489. package/.mindforge/metrics/METRICS-SCHEMA.md +42 -0
  490. package/.mindforge/metrics/quality-tracker.md +32 -0
  491. package/.mindforge/models/model-registry.md +48 -0
  492. package/.mindforge/models/model-router.md +30 -0
  493. package/.mindforge/org/CONVENTIONS.md +62 -0
  494. package/.mindforge/org/ORG.md +51 -0
  495. package/.mindforge/org/SECURITY.md +50 -0
  496. package/.mindforge/org/TOOLS.md +53 -0
  497. package/.mindforge/org/integrations/INTEGRATIONS-CONFIG.md +58 -0
  498. package/.mindforge/org/skills/MANIFEST.md +255 -0
  499. package/.mindforge/plugins/PLUGINS-MANIFEST.md +23 -0
  500. package/.mindforge/plugins/plugin-loader.md +93 -0
  501. package/.mindforge/plugins/plugin-registry.md +44 -0
  502. package/.mindforge/plugins/plugin-schema.md +68 -0
  503. package/.mindforge/team/TEAM-PROFILE.md +42 -0
  504. package/.mindforge/team/multi-handoff.md +23 -0
  505. package/.mindforge/team/profiles/README.md +13 -0
  506. package/.mindforge/team/session-merger.md +18 -0
  507. package/CHANGELOG.md +37 -0
  508. package/MINDFORGE.md +3 -3
  509. package/bin/installer-core.js +17 -11
  510. package/docs/References/audit-events.md +59 -0
  511. package/docs/References/checkpoints.md +778 -0
  512. package/docs/References/commands.md +107 -0
  513. package/docs/References/config-reference.md +122 -0
  514. package/docs/References/continuation-format.md +249 -0
  515. package/docs/References/decimal-phase-calculation.md +64 -0
  516. package/docs/References/git-integration.md +295 -0
  517. package/docs/References/git-planning-commit.md +38 -0
  518. package/docs/References/model-profile-resolution.md +36 -0
  519. package/docs/References/model-profiles.md +139 -0
  520. package/docs/References/phase-argument-parsing.md +61 -0
  521. package/docs/References/planning-config.md +202 -0
  522. package/docs/References/questioning.md +162 -0
  523. package/docs/References/sdk-api.md +53 -0
  524. package/docs/References/skills-api.md +57 -0
  525. package/docs/References/tdd.md +263 -0
  526. package/docs/References/ui-brand.md +160 -0
  527. package/docs/References/user-profiling.md +681 -0
  528. package/docs/References/verification-patterns.md +612 -0
  529. package/docs/References/workstream-flag.md +58 -0
  530. package/docs/Templates/Agents/CLAUDE-MD.md +122 -0
  531. package/docs/Templates/Agents/COPILOT-INSTRUCTIONS.md +7 -0
  532. package/docs/Templates/Agents/DEBUGGER-PROMPT.md +91 -0
  533. package/docs/Templates/Agents/PLANNER-PROMPT.md +117 -0
  534. package/docs/Templates/Codebase/architecture.md +255 -0
  535. package/docs/Templates/Codebase/concerns.md +310 -0
  536. package/docs/Templates/Codebase/conventions.md +307 -0
  537. package/docs/Templates/Codebase/integrations.md +280 -0
  538. package/docs/Templates/Codebase/stack.md +186 -0
  539. package/docs/Templates/Codebase/structure.md +285 -0
  540. package/docs/Templates/Codebase/testing.md +480 -0
  541. package/docs/Templates/Execution/CONTINUE-HERE.md +78 -0
  542. package/docs/Templates/Execution/DISCUSSION-LOG.md +63 -0
  543. package/docs/Templates/Execution/PHASE-PROMPT.md +610 -0
  544. package/docs/Templates/Execution/STATE.md +176 -0
  545. package/docs/Templates/Execution/SUMMARY-COMPLEX.md +59 -0
  546. package/docs/Templates/Execution/SUMMARY-MINIMAL.md +41 -0
  547. package/docs/Templates/Execution/SUMMARY-STANDARD.md +48 -0
  548. package/docs/Templates/Execution/SUMMARY.md +248 -0
  549. package/docs/Templates/Profile/DEV-PREFERENCES.md +21 -0
  550. package/docs/Templates/Profile/USER-PROFILE.md +146 -0
  551. package/docs/Templates/Profile/USER-SETUP.md +311 -0
  552. package/docs/Templates/Project/AGENTS_LEARNING.md +88 -0
  553. package/docs/Templates/Project/DISCOVERY.md +146 -0
  554. package/docs/Templates/Project/MILESTONE-ARCHIVE.md +123 -0
  555. package/docs/Templates/Project/MILESTONE.md +115 -0
  556. package/docs/Templates/Project/PROJECT.md +206 -0
  557. package/docs/Templates/Project/REQUIREMENTS.md +231 -0
  558. package/docs/Templates/Project/RETROSPECTIVE.md +54 -0
  559. package/docs/Templates/Project/ROADMAP.md +202 -0
  560. package/docs/Templates/Quality/DEBUG.md +164 -0
  561. package/docs/Templates/Quality/UAT.md +280 -0
  562. package/docs/Templates/Quality/UI-SPEC.md +100 -0
  563. package/docs/Templates/Quality/VALIDATION.md +76 -0
  564. package/docs/Templates/Quality/VERIFICATION-REPORT.md +322 -0
  565. package/docs/Templates/Research/ARCHITECTURE.md +204 -0
  566. package/docs/Templates/Research/FEATURES.md +147 -0
  567. package/docs/Templates/Research/PITFALLS.md +200 -0
  568. package/docs/Templates/Research/STACK.md +120 -0
  569. package/docs/Templates/Research/SUMMARY.md +170 -0
  570. package/docs/Templates/System/CONFIG.json +43 -0
  571. package/docs/Templates/System/CONTEXT.md +352 -0
  572. package/examples/starter-project/.planning/ARCHITECTURE.md +23 -0
  573. package/examples/starter-project/.planning/RELEASE-CHECKLIST.md +22 -0
  574. package/examples/starter-project/.planning/REQUIREMENTS.md +31 -0
  575. package/examples/starter-project/.planning/ROADMAP.md +28 -0
  576. package/package.json +22 -3
@@ -0,0 +1,242 @@
1
+ ---
2
+ description: - Default: OWASP Top 10 review on the changed files or specified path
3
+ ---
4
+
5
+ # MindForge — Security Scan Command
6
+ # Usage: /mindforge:security-scan [path] [--deep] [--deps] [--secrets]
7
+ # Standalone security scan. Can be run independently of the phase lifecycle.
8
+
9
+ ## Scan modes
10
+ - Default: OWASP Top 10 review on the changed files or specified path
11
+ - `--deep`: Extended scan including all files, not just changed
12
+ - `--deps`: Dependency audit (CVE scan of package.json / requirements.txt)
13
+ - `--secrets`: Secret detection scan only (fast, suitable for pre-commit hook)
14
+ - Flags composable: `--deps --secrets` runs both dependency audit and secret detection
15
+
16
+ ## Step 1 — Activate Security Reviewer persona
17
+
18
+ Load `security-reviewer.md` persona immediately and completely.
19
+ This command runs entirely in security mode. Do not switch personas.
20
+
21
+ ## Step 1.5 — Sovereign Integrity Check (v6.2.0-alpha)
22
+
23
+ Before scanning user code, verify the integrity of the MindForge Sovereign Engine:
24
+ 1. **Quantum Signature Verification**: Run `node bin/governance/quantum-crypto.js --verify .mindforge/engine/`.
25
+ 2. **Policy Integrity**: Ensure `bin/governance/policy-engine.js` has not been tampered with (check for illegal bypass additions).
26
+ 3. **Result**: If integrity check fails, mark the entire scan as **FAILED (CRITICAL)** and alert the user of a potential framework compromise.
27
+
28
+ ```bash
29
+ # Default: staged + unstaged changes
30
+ git diff HEAD --name-only
31
+
32
+ # With path argument
33
+ find [path] -name "*.ts" -o -name "*.js" -o -name "*.py"
34
+
35
+ # --deep: all source files
36
+ find src/ -type f \( -name "*.ts" -o -name "*.js" -o -name "*.py" \)
37
+ ```
38
+
39
+ ## Step 3 — OWASP Top 10 scan (always runs unless --secrets only)
40
+
41
+ For each file in scope, check all 10 OWASP categories:
42
+
43
+ ### A01 — Broken Access Control
44
+ - Scan for: missing auth middleware, direct object references, path traversal
45
+ - Patterns to flag:
46
+ ```
47
+ req.params.userId # Direct user ID from request — verify ownership check
48
+ fs.readFile(userInput) # Path traversal risk
49
+ WHERE id = ${id} # Direct injection without parameterisation
50
+ ```
51
+
52
+ ### A02 — Cryptographic Failures
53
+ - Scan for: weak algorithms, insecure transport, unencrypted sensitive data
54
+ - Patterns to flag:
55
+ ```
56
+ md5(, sha1(, sha256(password # Weak password hashing
57
+ http:// # Non-HTTPS URLs in API calls
58
+ Math.random() # Cryptographically insecure random
59
+ ```
60
+
61
+ ### A03 — Injection
62
+ - Scan for: SQL, NoSQL, OS, LDAP injection
63
+ - Patterns to flag:
64
+ ```
65
+ `SELECT * FROM users WHERE email = '${ # SQL injection
66
+ exec(, execSync(, child_process # OS command injection
67
+ eval(userInput # Code injection
68
+ ```
69
+
70
+ ### A04 — Insecure Design
71
+ - Scan for: missing rate limiting, no input validation, trust boundary issues
72
+ - Patterns to flag: endpoints without validation middleware, no rate limit decorators
73
+
74
+ ### A05 — Security Misconfiguration
75
+ - Scan for: debug mode in production, default credentials, verbose errors
76
+ - Patterns to flag:
77
+ ```
78
+ console.error(err) # Exposes stack traces to clients
79
+ NODE_ENV !== 'production' # Debug code paths
80
+ ALLOW_ALL, *, cors({origin: '*'}) # Overly permissive CORS
81
+ ```
82
+
83
+ ### A06 — Vulnerable Components
84
+ - Run: `npm audit --audit-level=moderate` or `pip-audit`
85
+ - Flag any HIGH or CRITICAL CVEs
86
+
87
+ ### A07 — Authentication Failures
88
+ - Scan for: missing password complexity, no brute force protection, weak sessions
89
+ - Patterns to flag:
90
+ ```
91
+ bcrypt.hashSync(pass, 1) # Cost factor too low
92
+ jwt.verify(token, '', { # Empty secret
93
+ session.destroy( # Verify redirect after destroy
94
+ ```
95
+
96
+ ### A08 — Software and Data Integrity Failures
97
+ - Check: no package-lock.json means no integrity guarantee
98
+ - Check: any `curl | sh` or `wget | bash` patterns
99
+
100
+ ### A09 — Security Logging Failures
101
+ - Scan for: no logging on auth failures, admin actions not logged, PII in logs
102
+ - Patterns to flag:
103
+ ```
104
+ user.email in any log statement
105
+ password in any log statement
106
+ catch(e) {} # Silent failure = no security log
107
+ ```
108
+
109
+ ### A10 — SSRF
110
+ - Scan for: server-side requests to user-controlled URLs
111
+ - Patterns to flag:
112
+ ```
113
+ fetch(req., axios.get(req., axios.post(req., http.get(req.,
114
+ req.body.url, req.params.url, req.query.url, req.headers
115
+ ```
116
+
117
+ ## Step 4 — Secret detection (--secrets or always as part of default scan)
118
+
119
+ Pattern-based scan across all files in scope:
120
+
121
+ ```bash
122
+ # High confidence patterns (always flag as CRITICAL)
123
+ grep -rn -E "(sk-[a-zA-Z0-9]{20,}|AKIA[A-Z0-9]{16}|ghp_[a-zA-Z0-9]{36})" .
124
+
125
+ # Credential assignment patterns (flag as HIGH)
126
+ grep -rn -E "(password|passwd|secret|api_key|apikey|access_token)\s*=\s*['\"][^'\"]{8,}" .
127
+
128
+ # Azure connection strings
129
+ grep -rn -E "DefaultEndpointsProtocol=https;AccountName=" .
130
+
131
+ # GCP service account keys
132
+ grep -rn -E "\"type\"\\s*:\\s*\"service_account\"" .
133
+
134
+ # PEM/Certificate content
135
+ grep -rn "-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----" .
136
+
137
+ # Database URLs with credentials
138
+ grep -rn -E "postgres://[^:]+:[^@]+@|mysql://[^:]+:[^@]+@" .
139
+ ```
140
+
141
+ Report each finding with:
142
+ - File and line number
143
+ - The matched pattern (redact the actual secret value: show first 4 chars + ***)
144
+ - Severity: CRITICAL if a real credential pattern, HIGH if credential-shaped pattern
145
+ Redaction applies to both console output and the report file.
146
+
147
+ ## Step 5 — Dependency audit (--deps flag)
148
+
149
+ ```bash
150
+ # Node.js projects
151
+ npm audit --json 2>/dev/null | node -e "
152
+ const data = JSON.parse(require('fs').readFileSync('/dev/stdin', 'utf8'));
153
+ const vulns = data.vulnerabilities || {};
154
+ Object.entries(vulns).forEach(([name, v]) => {
155
+ if (['high','critical'].includes(v.severity)) {
156
+ console.log(v.severity.toUpperCase() + ': ' + name + ' — ' + v.via[0]?.title);
157
+ }
158
+ });
159
+ "
160
+
161
+ # Python projects
162
+ pip-audit --format json 2>/dev/null
163
+ ```
164
+
165
+ ## Step 6 — Write security scan report
166
+
167
+ `.planning/SECURITY-SCAN-[timestamp].md`:
168
+
169
+ ```markdown
170
+ # Security Scan Report
171
+ **Date:** [ISO-8601]
172
+ **Scope:** [what was scanned]
173
+ **Scanner:** MindForge Security Reviewer
174
+
175
+ ## Executive Summary
176
+ [1-2 sentences: overall security posture, number of findings by severity]
177
+
178
+ ## Critical Findings (fix immediately — block all merges)
179
+ [OWASP category] | [File:Line] | [Description] | [Remediation]
180
+
181
+ ## High Findings (fix before next release)
182
+ ...
183
+
184
+ ## Medium Findings (fix in next sprint)
185
+ ...
186
+
187
+ ## Low Findings (backlog)
188
+ ...
189
+
190
+ ## Dependency Audit
191
+ | Package | Version | Severity | CVE | Fixed in |
192
+ |---|---|---|---|---|
193
+
194
+ ## Secret Detection
195
+ | File | Pattern | Severity | Action |
196
+ |---|---|---|---|
197
+
198
+ ## Verdict
199
+ ✅ CLEAN — No critical or high findings
200
+ ⚠️ ISSUES — [N] critical, [N] high findings require attention
201
+ ```
202
+
203
+ ## Important: scan report visibility
204
+
205
+ Security scan reports are written to `.planning/SECURITY-SCAN-[timestamp].md`.
206
+
207
+ **Private repository:** Keep reports committed — they are valuable for audit
208
+ history and team security review.
209
+
210
+ **Public repository:** Add `.planning/SECURITY-SCAN-*.md` to `.gitignore`
211
+ to avoid exposing vulnerability information to potential attackers.
212
+
213
+ MindForge does not make this decision for you — configure `.gitignore`
214
+ based on your repository's visibility.
215
+
216
+ ## Step 7 — Write AUDIT entry
217
+
218
+ ```json
219
+ {
220
+ "event": "security_scan_completed",
221
+ "scope": "[path or 'staged changes']",
222
+ "flags": ["--deps", "--secrets"],
223
+ "critical_findings": [N],
224
+ "high_findings": [N],
225
+ "secrets_detected": [N],
226
+ "vulnerable_deps": [N],
227
+ "report_path": ".planning/SECURITY-SCAN-[timestamp].md"
228
+ }
229
+ ```
230
+
231
+ ## Automatic blocking behaviour
232
+ If CRITICAL findings are detected: print a prominent warning:
233
+ ```
234
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
235
+ 🔴 CRITICAL SECURITY FINDINGS DETECTED
236
+
237
+ [N] critical issues must be fixed before any code is merged.
238
+ See: .planning/SECURITY-SCAN-[timestamp].md
239
+
240
+ Do NOT commit or deploy until these are resolved.
241
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
242
+ ```
@@ -0,0 +1,34 @@
1
+ ---
2
+ name: mindforge:serverless
3
+ description: "Design serverless function composition and cost model. Usage: /mindforge:serverless [app] [--composition step-functions|choreography] [--cold-start mitigate]"
4
+ argument-hint: "[app] [--composition step-functions|choreography] [--cold-start mitigate]"
5
+ allowed-tools:
6
+ - list_dir
7
+ - view_file
8
+ ---
9
+
10
+ <objective>
11
+ Design a serverless function architecture with optimal composition patterns, cold start mitigation, and a transparent cost model that enables predictable scaling economics.
12
+ </objective>
13
+
14
+ <execution_context>
15
+ @.mindforge/skills/serverless-patterns/SKILL.md
16
+ </execution_context>
17
+
18
+ <context>
19
+ Skills Directory: `.mindforge/skills/serverless-patterns/`
20
+ State: Decomposes application logic into discrete functions with defined triggers, state management, and cost projections.
21
+ </context>
22
+
23
+ <process>
24
+ 1. **Identify Function Boundaries**: Decompose the application into discrete units of work. Each function should have a single responsibility, well-defined input/output, and independent scaling characteristics.
25
+ 2. **Choose Composition Pattern**: Select between orchestration (Step Functions / Durable Functions with explicit state machine) or choreography (event-driven with pub/sub). Document decision rationale based on workflow complexity and observability needs.
26
+ 3. **Address Cold Starts**: Implement mitigation strategy — provisioned concurrency for latency-critical paths, bundle optimization (tree-shaking, minimal dependencies), or snap-start where available. Measure and set cold start budget per function.
27
+ 4. **Design State Management**: Since functions are stateless, design external state persistence (DynamoDB, Redis, or S3) with appropriate consistency guarantees. Define state TTL and cleanup policies.
28
+ 5. **Configure Event Triggers**: Map each function to its invocation source (HTTP, queue, schedule, stream, storage event). Define retry policies, dead-letter queues, and idempotency keys per trigger.
29
+ 6. **Set Timeouts with Checkpointing**: Configure execution timeouts per function. For long-running workflows, implement checkpointing to resume from last successful step on timeout or failure.
30
+ 7. **Model Costs**: Calculate projected costs using formula: (invocations x duration x memory_mb) / pricing_unit. Include data transfer, storage, and orchestration service charges. Produce monthly cost estimate at current and 10x scale.
31
+ 8. **Compare vs. Container Costs**: Produce break-even analysis comparing serverless vs. container (ECS/Cloud Run) at various traffic levels. Identify the crossover point where containers become more economical.
32
+ 9. **Define Observability Strategy**: Design distributed tracing across function chains, structured logging with correlation IDs, and custom metrics for business-level monitoring.
33
+ 10. **Document Deployment Pipeline**: Specify IaC templates (SAM/CDK/Serverless Framework), environment promotion strategy, and canary deployment configuration for function updates.
34
+ </process>
@@ -0,0 +1,39 @@
1
+ ---
2
+ name: mindforge:session-report
3
+ description: Generate a post-session summary document capturing work performed and resource usage
4
+ argument-hint: none
5
+ allowed-tools:
6
+ - run_command
7
+ - view_file
8
+ - write_to_file
9
+ - list_dir
10
+ ---
11
+
12
+ <objective>
13
+ Generate a comprehensive summary of an active coding session, providing a clear trail of work for stakeholders and a diagnostic record of resource usage (tokens, time, etc.).
14
+ </objective>
15
+
16
+ <execution_context>
17
+ .claude/commands/mindforge/session-report.md
18
+ </execution_context>
19
+
20
+ <context>
21
+ Storage: .planning/reports/
22
+ Data sources: Git logs, terminal history, `STATE.md`, and session memory.
23
+ </context>
24
+
25
+ <process>
26
+ 1. **Gather Data**:
27
+ - Get recent git commits and diff summaries.
28
+ - Read the current `STATE.md` for phase/plan status updates.
29
+ - Extract key decisions or findings from the session.
30
+ 2. **Profile Resources**:
31
+ - Estimate token usage if possible.
32
+ - Calculate session duration.
33
+ 3. **Draft Report**: Create `SESSION_REPORT_[timestamp].md` containing:
34
+ - Summary of Work Performed
35
+ - Outcomes achieved (Plans "completed")
36
+ - Key Decisions
37
+ - Resource Usage Profile
38
+ 4. **Confirm**: Notify the user and provide a link to the report.
39
+ </process>
@@ -0,0 +1,111 @@
1
+ ---
2
+ description: Create a release PR for a verified phase. Usage: /mindforge:ship [N]
3
+ ---
4
+
5
+ Create a release PR for a verified phase. Usage: /mindforge:ship [N]
6
+
7
+ ## Pre-check
8
+ Read UAT.md for phase N. If status is not "All passed ✅": stop.
9
+ Tell the user: "Phase [N] has not been fully verified. Run /mindforge:verify-phase [N] first."
10
+
11
+ ## Step 1 — Generate changelog entry
12
+ Read all SUMMARY files for phase N.
13
+ Read REQUIREMENTS.md for phase N items.
14
+ Generate a CHANGELOG.md entry following Keep a Changelog format:
15
+
16
+ ```markdown
17
+ ## [Unreleased] — Phase [N]: [Phase description]
18
+
19
+ ### Added
20
+ - [New feature from this phase]
21
+
22
+ ### Changed
23
+ - [Changed behaviour]
24
+
25
+ ### Fixed
26
+ - [Bug fixes]
27
+
28
+ ### Security
29
+ - [Security improvements]
30
+ ```
31
+
32
+ Prepend this to CHANGELOG.md.
33
+
34
+ ## Step 2 — Run final quality gates
35
+ Run all of the following and report results:
36
+ ```bash
37
+ # Type checking
38
+ npx tsc --noEmit
39
+
40
+ # Linting
41
+ npx eslint . --ext .ts,.tsx --max-warnings 0
42
+
43
+ # Tests
44
+ npm test
45
+
46
+ # Security scan (if npm project)
47
+ npm audit --audit-level=high
48
+ ```
49
+
50
+ If any gate fails: stop. Report the failures. Do not proceed to PR creation.
51
+
52
+ ## Step 2.1 — Final Intelligence Audit
53
+ 1. Read `AGENTS_LEARNING.md` for this project.
54
+ 2. Verify if any new architectural patterns, anti-patterns, or mistakes from this phase were recorded.
55
+ 3. If not: Run `/mindforge:record-learning` now to capture them before shipping.
56
+ 4. Commit `AGENTS_LEARNING.md` if updated.
57
+
58
+ ## Step 3 — Create PR description
59
+ Generate a complete PR description:
60
+
61
+ ```markdown
62
+ ## MindForge Phase [N] — [Phase description]
63
+
64
+ ### Summary
65
+ [2-3 sentences describing what this phase delivered]
66
+
67
+ ### Changes
68
+ [Bullet list of major changes from SUMMARY files]
69
+
70
+ ### Requirements delivered
71
+ | FR ID | Description | Verified |
72
+ |-------|------------------------------|----------|
73
+ | FR-01 | ... | ✅ |
74
+
75
+ ### Testing
76
+ - Unit tests: [pass/fail + coverage %]
77
+ - Integration tests: [pass/fail]
78
+ - UAT: Completed and signed off (see UAT.md)
79
+
80
+ ### Security
81
+ - [ ] Security review completed (see SECURITY-REVIEW-N.md)
82
+ - [ ] No hardcoded secrets in diff
83
+ - [ ] All dependencies scanned for CVEs
84
+
85
+ ### Checklist
86
+ - [x] CHANGELOG.md updated
87
+ - [x] AGENTS_LEARNING.md updated with phase-specific insights
88
+ - [x] All tests pass
89
+ - [x] No linter errors
90
+ - [x] UAT signed off
91
+ - [ ] Reviewed by: [assign]
92
+ ```
93
+
94
+ ## Step 4 — Commit and tag
95
+ ```bash
96
+ git add CHANGELOG.md
97
+ git commit -m "docs(changelog): add Phase [N] release notes"
98
+ git push origin feat/mindforge-core-scaffold
99
+ ```
100
+
101
+ Tell the user the PR description and instruct them to open the PR manually
102
+ (or provide the `gh pr create` command if GitHub CLI is available).
103
+
104
+ Tell the user:
105
+ "✅ Phase [N] ready to ship.
106
+ PR description generated above.
107
+ Open your PR, assign reviewers, and merge when approved."
108
+
109
+ ## Step 5 — Update state
110
+ Update STATE.md to mark Phase [N] as shipped.
111
+ Update HANDOFF.json with next phase number.
@@ -0,0 +1,145 @@
1
+ ---
2
+ description: /mindforge:skills list
3
+ ---
4
+
5
+ # MindForge — Skills Command
6
+ # Usage: /mindforge:skills [subcommand] [args]
7
+ # Subcommands: list | add | update | validate | info | search
8
+
9
+ ## Subcommand: list
10
+ `/mindforge:skills list`
11
+
12
+ Read MANIFEST.md. Display all registered skills in a formatted table
13
+ (include path for each skill):
14
+
15
+ ```
16
+ MindForge Skills Registry
17
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
18
+
19
+ Tier 1 — Core Skills (10 installed)
20
+ ────────────────────────────────────────────────────────────
21
+ ✅ security-review v1.0.0 stable .mindforge/skills/security-review/SKILL.md
22
+ ✅ code-quality v1.0.0 stable .mindforge/skills/code-quality/SKILL.md
23
+ ✅ api-design v1.0.0 stable .mindforge/skills/api-design/SKILL.md
24
+ ✅ testing-standards v1.0.0 stable .mindforge/skills/testing-standards/SKILL.md
25
+ ✅ documentation v1.0.0 stable .mindforge/skills/documentation/SKILL.md
26
+ ✅ performance v1.0.0 stable .mindforge/skills/performance/SKILL.md
27
+ ✅ accessibility v1.0.0 stable .mindforge/skills/accessibility/SKILL.md
28
+ ✅ data-privacy v1.0.0 stable .mindforge/skills/data-privacy/SKILL.md
29
+ ✅ incident-response v1.0.0 stable .mindforge/skills/incident-response/SKILL.md
30
+ ✅ database-patterns v1.0.0 stable .mindforge/skills/database-patterns/SKILL.md
31
+
32
+ Tier 2 — Org Skills (0 installed)
33
+ ────────────────────────────────────────────────────────────
34
+ (none — run /mindforge:skills add to add org skills)
35
+
36
+ Tier 3 — Project Skills (0 installed)
37
+ ────────────────────────────────────────────────────────────
38
+ (none)
39
+
40
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
41
+ Total: 10 skills | Run /mindforge:skills validate to check health
42
+ ```
43
+
44
+ ## Subcommand: info
45
+ `/mindforge:skills info [skill-name]`
46
+
47
+ Display detailed information about a specific skill:
48
+
49
+ ```
50
+ Skill: security-review
51
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
52
+ Version : 1.0.0
53
+ Status : stable
54
+ Tier : 1 (Core)
55
+ Min MindForge: 0.1.0
56
+ Path : .mindforge/skills/security-review/SKILL.md
57
+
58
+ Triggers (25):
59
+ auth, authentication, authorisation, authorization, login,
60
+ logout, password, token, JWT, session, cookie, OAuth,
61
+ payment, billing, stripe, PII, GDPR, personal data,
62
+ upload, file upload, credentials, API key, secret, env,
63
+ environment variable, encryption, hashing, bcrypt, argon2
64
+
65
+ Changelog:
66
+ 1.0.0 — Initial stable release
67
+ ```
68
+
69
+ ## Subcommand: search
70
+ `/mindforge:skills search [keyword]`
71
+
72
+ Find which skills would activate for a given keyword:
73
+
74
+ ```
75
+ /mindforge:skills search "database query"
76
+
77
+ Matching skills for "database query":
78
+ ────────────────────────────────────────────────────────────
79
+ database-patterns v1.0.0 [tier 1] trigger: "database", "query"
80
+ performance v1.0.0 [tier 1] trigger: "query time"
81
+
82
+ These 2 skills would be automatically loaded for a task
83
+ containing "database query" in its description.
84
+ ```
85
+
86
+ ## Subcommand: validate
87
+ `/mindforge:skills validate`
88
+
89
+ Run a health check on all installed skills:
90
+
91
+ ```
92
+ Validating skills...
93
+
94
+ ✅ security-review — frontmatter valid, file readable, triggers: 29
95
+ ✅ code-quality — frontmatter valid, file readable, triggers: 14
96
+ ✅ performance — frontmatter valid, file readable, triggers: 31
97
+ ⚠️ [org-skill-name] — frontmatter valid but missing 'version' field
98
+ ❌ [missing-skill] — listed in MANIFEST.md but file not found
99
+
100
+ Issues found: 2
101
+ Run /mindforge:skills add to fix missing skills.
102
+ Fix frontmatter issues manually in the SKILL.md file.
103
+ ```
104
+
105
+ Validation checks:
106
+ 1. Every manifest entry has a corresponding SKILL.md file
107
+ 2. Every SKILL.md has: `name`, `version`, `status`, `triggers` in frontmatter
108
+ 3. Every SKILL.md has a self-check or checklist section
109
+ 4. All versions are valid semver strings
110
+ 5. No two skills at the same tier share the same trigger keyword (flag as ⚠️)
111
+ 6. Every skill file is readable (not empty, not corrupted)
112
+
113
+ ## Subcommand: add
114
+ `/mindforge:skills add [path-to-skill-dir]`
115
+
116
+ Register a new skill in the manifest:
117
+
118
+ 1. Read the SKILL.md in the provided path
119
+ 2. Validate the frontmatter (all required fields present)
120
+ 3. Check for trigger keyword conflicts with existing skills
121
+ 4. Ask the user: "Which tier should this skill be registered as? (2=Org / 3=Project)"
122
+ 5. Show the exact MANIFEST.md entry that will be written and ask for confirmation
123
+ 6. Add the entry to MANIFEST.md in the correct section
124
+ 7. Run `/mindforge:skills validate` to confirm registration is clean
125
+ 8. Commit: `feat(skills): register [skill-name] v[version] as tier [N] skill`
126
+
127
+ ## Subcommand: update
128
+ `/mindforge:skills update [skill-name]`
129
+
130
+ Update a skill to a newer version:
131
+
132
+ 1. Read current version from MANIFEST.md
133
+ 2. Check the skill's changelog in SKILL.md for available updates
134
+ 3. If MAJOR version change: show breaking changes, require confirmation
135
+ 4. If MINOR or PATCH: update automatically
136
+ 5. Update MANIFEST.md version entry
137
+ 6. Run `/mindforge:skills validate` after update
138
+ 7. Run `node tests/skills-platform.test.js` after update
139
+ 8. Commit: `chore(skills): update [name] v[old] → v[new]`
140
+
141
+ ## Error handling
142
+ - If MANIFEST.md does not exist: offer to create it with current skills
143
+ - If a skill name is not found: suggest similar names (fuzzy match)
144
+ - If validation finds critical errors: block any phase execution until fixed
145
+ (A skills validation failure is a BLOCKING issue)
@@ -0,0 +1,113 @@
1
+ ---
2
+ description: Display a rich dashboard of the current project state.
3
+ ---
4
+
5
+ # MindForge — Status Command
6
+ # Usage: /mindforge:status
7
+
8
+ Display a rich dashboard of the current project state.
9
+ Pull data from STATE.md, AUDIT.jsonl, REQUIREMENTS.md, and the phases directory.
10
+
11
+ ## Dashboard sections
12
+
13
+ ### Section 1 — Project header
14
+ ```
15
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
16
+ ⚡ MindForge Status — [Project Name]
17
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
18
+ Last updated : [STATE.md last updated timestamp]
19
+ Current phase: Phase [N] — [phase description]
20
+ Status : [status from STATE.md]
21
+ ```
22
+
23
+ ### Section 2 — Phase progress
24
+ ```
25
+ Phase Progress
26
+ ───────────────────────────────────────────────────────
27
+ Phase 1 [████████████████████] 100% — Complete ✅
28
+ Phase 2 [████████░░░░░░░░░░░░] 40% — In progress
29
+ Phase 3 [░░░░░░░░░░░░░░░░░░░░] 0% — Not started
30
+ Phase 4 [░░░░░░░░░░░░░░░░░░░░] 0% — Not started
31
+ ```
32
+ Calculate percentage from: tasks with SUMMARY files / total tasks in phase.
33
+ Count ONLY SUMMARY files that contain `Status: Completed ✅` (or `Status` + `Completed`).
34
+ Do not count failed tasks as progress.
35
+ If VERIFICATION.md is missing for a phase: label it "In progress" not "0% verified".
36
+
37
+ ### Section 3 — Requirements coverage
38
+ Read REQUIREMENTS.md and count:
39
+ - Total v1 requirements
40
+ - Requirements with a passing test (from VERIFICATION.md files)
41
+ - Requirements implemented but untested
42
+ - Requirements not yet started
43
+
44
+ ```
45
+ Requirements (v1)
46
+ ───────────────────────────────────────────────────────
47
+ Total : [N]
48
+ ✅ Done + tested : [N]
49
+ ⚠️ Done, no test : [N]
50
+ 🔴 Not started : [N]
51
+ ```
52
+
53
+ ### Section 4 — Recent activity (from AUDIT.jsonl)
54
+ Read the last 10 entries from AUDIT.jsonl and display:
55
+ ```
56
+ Recent Activity
57
+ ───────────────────────────────────────────────────────
58
+ [timestamp] task_completed Plan 03: User API endpoints ✅
59
+ [timestamp] task_completed Plan 02: Product model ✅
60
+ [timestamp] task_started Plan 03: User API endpoints
61
+ [timestamp] task_completed Plan 01: User model ✅
62
+ [timestamp] context_compaction Phase 2, Plan 03 (72% context)
63
+ ```
64
+ If AUDIT.jsonl is empty or missing, display:
65
+ ```
66
+ Recent Activity
67
+ ───────────────────────────────────────────────────────
68
+ No activity logged yet. Activity will appear here
69
+ after running /mindforge:execute-phase.
70
+ ```
71
+
72
+ ### Section 5 — Open issues
73
+ Check for:
74
+ - Any open SECURITY-REVIEW files with CRITICAL or HIGH findings
75
+ - Any BUGS.md files with open issues
76
+ - Any failed tasks in WAVE-REPORT files
77
+ - Any blockers in STATE.md
78
+
79
+ ```
80
+ Open Issues
81
+ ───────────────────────────────────────────────────────
82
+ 🔴 CRITICAL: [if any — from SECURITY-REVIEW]
83
+ 🟠 HIGH: [if any]
84
+ ✅ No open issues
85
+ ```
86
+
87
+ ### Section 7 — Sovereign Intelligence
88
+ ```
89
+ Sovereign Intelligence (v6.2.0-alpha)
90
+ ───────────────────────────────────────────────────────
91
+ 🛡️ PQAS Security : [ACTIVE | PASSIVE] (Dilithium-5)
92
+ 🎯 Proactive Homing: [ENABLED | DISABLED]
93
+ 🧠 Drift Recovery : [N] remediation events
94
+ 🧬 Biometric Gate : [LOCKED | BYPASSED]
95
+ ```
96
+ - PQAS Status: Check if `bin/governance/quantum-crypto.js` exists and if `PolicyEngine.js` has `highRiskBypass` enabled.
97
+ - Proactive Homing: Check if `bin/autonomous/intent-harvester.js` is active in `AutoRunner.js`.
98
+
99
+ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
100
+ ```
101
+
102
+ ## Data sources (in priority order)
103
+ 1. STATE.md — authoritative for current status
104
+ 2. AUDIT.jsonl — authoritative for history
105
+ 3. REQUIREMENTS.md — authoritative for scope
106
+ 4. VERIFICATION.md files — authoritative for test coverage
107
+ 5. WAVE-REPORT files — authoritative for execution history
108
+ 6. HANDOFF.json — authoritative for session state
109
+
110
+ ## Performance notes
111
+ - For recent activity, read only the last 500 bytes of AUDIT.jsonl:
112
+ `tail -c 500 .planning/AUDIT.jsonl | [parse last complete JSON objects]`
113
+ - For requirement counts, count lines starting with `| FR-` instead of parsing the whole file.