mindforge-cc 2.0.0-alpha.4 → 2.0.0-alpha.7

package/bin/installer-core.js

@@ -21,7 +21,7 @@ const RUNTIMES = {
   antigravity: {
     globalDir:      path.join(os.homedir(), '.gemini', 'antigravity'),
     localDir:       'agents',
-    commandsSubdir: 'mindforge',
+    commandsSubdir: 'workflows',
     entryFile:      'CLAUDE.md',
   },
 };
@@ -51,6 +51,31 @@ const fsu = {
   },
 };
 
+// ── Registry Management ────────────────────────────────────────────────────────
+const RegistryManager = {
+  getRegistryPath: () => path.join(os.homedir(), '.mindforge', 'registry.json'),
+
+  registerProject(projectPath) {
+    const regPath = this.getRegistryPath();
+    fsu.ensureDir(path.dirname(regPath));
+
+    let registry = { projects: [] };
+    if (fsu.exists(regPath)) {
+      try {
+        registry = JSON.parse(fsu.read(regPath));
+      } catch (e) {
+        console.error('  ⚠️  Registry file corrupted, recreating...');
+      }
+    }
+
+    if (!registry.projects.includes(projectPath)) {
+      registry.projects.push(projectPath);
+      fsu.write(regPath, JSON.stringify(registry, null, 2));
+      console.log(`  ✅  Registered project in ${regPath}`);
+    }
+  }
+};
+
 // ── Self-install detection ────────────────────────────────────────────────────
 function isSelfInstall() {
   const pkgPath = path.join(process.cwd(), 'package.json');
@@ -125,14 +150,14 @@ function safeCopyClaude(src, dst, options = {}) {
 
 // ── Install verification ──────────────────────────────────────────────────────
 function verifyInstall(baseDir, cmdsDir, runtime, scope) {
-  // Minimum required files for a functional installation
+  const pfx = runtime === 'antigravity' ? 'mindforge:' : '';
   const required = [
-    path.join(baseDir, 'CLAUDE.md'),
-    path.join(cmdsDir, 'help.md'),
-    path.join(cmdsDir, 'init-project.md'),
-    path.join(cmdsDir, 'health.md'),
-    path.join(cmdsDir, 'execute-phase.md'),
-    path.join(cmdsDir, 'security-scan.md'),
+    scope === 'local' ? path.join(process.cwd(), 'CLAUDE.md') : path.join(baseDir, 'CLAUDE.md'),
+    path.join(cmdsDir, `${pfx}help.md`),
+    path.join(cmdsDir, `${pfx}init-project.md`),
+    path.join(cmdsDir, `${pfx}health.md`),
+    path.join(cmdsDir, `${pfx}execute-phase.md`),
+    path.join(cmdsDir, `${pfx}security-scan.md`),
   ];
 
   const missing = required.filter(f => !fsu.exists(f));
@@ -171,14 +196,28 @@ async function install(runtime, scope, options = {}) {
     return;
   }
 
-  // ── 1. Install CLAUDE.md ────────────────────────────────────────────────────
+  // ── 1. Install CLAUDE.md (Root standardization for IDEs) ────────────────────
   const claudeSrc = runtime === 'claude'
     ? src('.claude', 'CLAUDE.md')
     : src('.agent', 'CLAUDE.md');
 
   if (fsu.exists(claudeSrc)) {
+    // Keep legacy location based on runtime config
     safeCopyClaude(claudeSrc, path.join(baseDir, 'CLAUDE.md'), { force, verbose });
-    console.log('  ✅  CLAUDE.md');
+
+    // ✨ STANDARD: Inject into project root and IDE-specific rules files
+    if (scope === 'local' && !selfInstall) {
+      const rootClaude = path.join(process.cwd(), 'CLAUDE.md');
+      const rootCursor = path.join(process.cwd(), '.cursorrules');
+      const rootWindsurf = path.join(process.cwd(), '.windsurfrules');
+      
+      safeCopyClaude(claudeSrc, rootClaude, { force, verbose });
+      safeCopyClaude(claudeSrc, rootCursor, { force, verbose });
+      safeCopyClaude(claudeSrc, rootWindsurf, { force, verbose });
+      console.log('  ✅  CLAUDE.md (Mirrored to project root & .cursorrules)');
+    } else {
+      console.log('  ✅  CLAUDE.md');
+    }
   }
 
   // ── 2. Install commands ─────────────────────────────────────────────────────
@@ -189,8 +228,24 @@ async function install(runtime, scope, options = {}) {
   if (fsu.exists(cmdSrc)) {
     fsu.ensureDir(cmdsDir);
     const files = fsu.listFiles(cmdSrc).filter(f => f.endsWith('.md'));
-    files.forEach(f => fsu.copy(path.join(cmdSrc, f), path.join(cmdsDir, f)));
-    console.log(`  ✅  ${files.length} commands`);
+    
+    // Install for specific runtime
+    files.forEach(f => {
+      const targetName = runtime === 'antigravity' ? `mindforge:${f}` : f;
+      fsu.copy(path.join(cmdSrc, f), path.join(cmdsDir, targetName));
+    });
+
+    // ✨ STANDARD: Mirror to .claude/commands for cross-IDE compatibility (Cursor/Windsurf/Claude Code)
+    if (scope === 'local' && runtime !== 'claude' && !selfInstall) {
+      const standardCmdDir = path.join(process.cwd(), '.claude', 'commands', 'mindforge');
+      fsu.ensureDir(standardCmdDir);
+      files.forEach(f => {
+        fsu.copy(path.join(cmdSrc, f), path.join(standardCmdDir, f));
+      });
+      console.log(`  ✅  ${files.length} commands (Mirrored to .claude/commands/mindforge/)`);
+    } else {
+      console.log(`  ✅  ${files.length} commands`);
+    }
   }
 
   // ── 3. Framework files (local scope only, non-self-install) ─────────────────
@@ -266,6 +321,7 @@ async function install(runtime, scope, options = {}) {
       }
     }
 
+    RegistryManager.registerProject(process.cwd());
   }
 
   // ── 4. Verify installation ──────────────────────────────────────────────────

package/bin/mindforge-cli.js

@@ -0,0 +1,87 @@
+#!/usr/bin/env node
+/**
+ * MindForge CLI Router — v2.0.0
+ * Standardizes command invocation for GitHub Actions and local development.
+ */
+
+'use strict';
+
+const { spawnSync } = require('child_process');
+const path = require('path');
+
+const ARGS = process.argv.slice(2);
+const COMMAND = ARGS[0];
+const COMMAND_ARGS = ARGS.slice(1);
+
+const ROOT = path.resolve(__dirname, '..');
+
+const COMMANDS = {
+  'security-scan': {
+    script: 'bin/validate-config.js',
+    description: 'Validate configuration and run security checks',
+    defaultArgs: ['MINDFORGE.md']
+  },
+  'health': {
+    script: 'bin/installer-core.js',
+    description: 'Verify project health and installation integrity',
+    defaultArgs: ['--check']
+  },
+  'headless': {
+    script: 'bin/autonomous/headless.js',
+    description: 'Run MindForge agent in headless mode'
+  },
+  'pr-review': {
+    script: 'bin/review/cross-review-engine.js',
+    description: 'Run standard PR review logic'
+  },
+  'cross-review': {
+    script: 'bin/review/cross-review-engine.js',
+    description: 'Run advanced cross-model review'
+  },
+  'classify': {
+    script: 'bin/change-classifier.js',
+    description: 'Classify changes into governance tiers'
+  },
+  'approve': {
+    script: 'bin/governance/approve.js',
+    description: 'Generate a governance approval signature to unblock Tier 3 gates'
+  }
+};
+
+if (!COMMAND || ARGS.includes('--help') || ARGS.includes('-h')) {
+  printUsage();
+  process.exit(0);
+}
+
+const target = COMMANDS[COMMAND];
+if (!target) {
+  console.error(`❌ Unknown command: ${COMMAND}`);
+  console.error('Available commands: ' + Object.keys(COMMANDS).join(', '));
+  process.exit(1);
+}
+
+const scriptPath = path.join(ROOT, target.script);
+const finalArgs = COMMAND_ARGS.length > 0 ? COMMAND_ARGS : (target.defaultArgs || []);
+
+console.log(`🚀 Executing: ${COMMAND} (${target.description})`);
+
+const result = spawnSync('node', [scriptPath, ...finalArgs], {
+  cwd: ROOT,
+  stdio: 'inherit',
+  env: { ...process.env, MINDFORGE_CLI: 'true' }
+});
+
+process.exit(result.status || 0);
+
+function printUsage() {
+  console.log('\n⚡ MindForge Enterprise CLI\n');
+  console.log('Usage: node bin/mindforge-cli.js <command> [options]\n');
+  console.log('Commands:');
+  for (const [name, cfg] of Object.entries(COMMANDS)) {
+    console.log(`  ${name.padEnd(15)} ${cfg.description}`);
+  }
+  console.log('\nExamples:');
+  console.log('  node bin/mindforge-cli.js security-scan');
+  console.log('  node bin/mindforge-cli.js headless --phase 1');
+  console.log('\n');
+}

package/bin/wizard/setup-wizard.js

@@ -246,4 +246,8 @@ async function main() {
   }
 }
 
-main();
+module.exports = { main };
+
+if (require.main === module) {
+  main();
+}

package/docs/Context/Master-Context.md

@@ -1,5 +1,5 @@
 # MindForge — Continuation State File
-# Generated: Day 7 Complete
+# Generated: Complete
 # Purpose: Provide full context for resuming in a new chat session
 
 ---
@@ -10,7 +10,7 @@
 **Tagline:** Enterprise Agentic Framework — the best agentic framework
 **Repository:** `github.com/mindforge-dev/mindforge` (conceptual)
 **npm package:** `npx mindforge-cc@latest`
-**Current version:** v1.0.0 (first stable public release, tagged at Day 7 completion)
+**Current version:** v1.0.0 (first stable public release, tagged at completion)
 **Runtimes supported:** Claude Code (`.claude/`) and Antigravity (`.agent/`)
 **License:** MIT
 
@@ -26,7 +26,7 @@ anti-pattern detector, quality metrics, team profiling).
 
 ## WHAT WAS BUILT — DAY BY DAY
 
-### Day 1 — Foundation (`feat/mindforge-core-scaffold` → v0.1.0)
+### — Foundation (`feat/mindforge-core-scaffold` → v0.1.0)
 
 **Branch:** `feat/mindforge-core-scaffold`
 **Output files:** `DAY1-IMPLEMENT.md`, `DAY1-REVIEW.md`, `DAY1-HARDEN.md`
@@ -66,7 +66,7 @@ Built the entire structural foundation:
 
 ---
 
-### Day 2 — Wave Execution Engine (`feat/mindforge-wave-engine` → v0.2.0)
+### — Wave Execution Engine (`feat/mindforge-wave-engine` → v0.2.0)
 
 **Branch:** `feat/mindforge-wave-engine`
 **Output files:** `DAY2-IMPLEMENT.md`, `DAY2-REVIEW.md`, `DAY2-HARDEN.md`
@@ -92,7 +92,7 @@ Built the execution engine that makes plans actually run:
 
 ---
 
-### Day 3 — Skills Platform (`feat/mindforge-skills-platform` → v0.3.0)
+### — Skills Platform (`feat/mindforge-skills-platform` → v0.3.0)
 
 **Branch:** `feat/mindforge-skills-platform`
 **Output files:** `DAY3-IMPLEMENT.md`, `DAY3-REVIEW.md`, `DAY3-HARDEN.md`
@@ -130,7 +130,7 @@ Built the skills distribution and intelligence engine:
 
 ---
 
-### Day 4 — Enterprise Integrations + Governance (`feat/mindforge-enterprise-integrations` → v0.4.0)
+### — Enterprise Integrations + Governance (`feat/mindforge-enterprise-integrations` → v0.4.0)
 
 **Branch:** `feat/mindforge-enterprise-integrations`
 **Output files:** `DAY4-IMPLEMENT.md`, `DAY4-REVIEW.md`, `DAY4-HARDEN.md`
@@ -167,7 +167,7 @@ Built the enterprise integration and governance layer:
 
 ---
 
-### Day 5 — Intelligence Layer (`feat/mindforge-intelligence-layer` → v0.5.0)
+### — Intelligence Layer (`feat/mindforge-intelligence-layer` → v0.5.0)
 
 **Branch:** `feat/mindforge-intelligence-layer`
 **Output files:** `DAY5-IMPLEMENT.md`, `DAY5-REVIEW.md`, `DAY5-HARDEN.md`
@@ -205,7 +205,7 @@ Built the framework's self-awareness and self-improvement systems:
 
 ---
 
-### Day 6 — Distribution Platform (`feat/mindforge-distribution-platform` → v0.6.0)
+### — Distribution Platform (`feat/mindforge-distribution-platform` → v0.6.0)
 
 **Branch:** `feat/mindforge-distribution-platform`
 **Output files:** `DAY6-COMPLETE.md` (all three prompts in one file)
@@ -250,7 +250,7 @@ Built the public distribution, CI/CD, SDK, and monorepo layers:
 
 ---
 
-### Day 7 — Production Hardening & v1.0.0 Release (`feat/mindforge-production-release` → v1.0.0)
+### — Production Hardening & v1.0.0 Release (`feat/mindforge-production-release` → v1.0.0)
 
 **Branch:** `feat/mindforge-production-release`
 **Output files:** `DAY7-PRODUCTION-FINAL.md` (all three prompts in one file, 174KB)
@@ -621,7 +621,7 @@ Test all installer code paths on Windows. Fix path separator issues where found.
 - Community Discord/Slack setup
 - `mindforge.dev` landing page content
 
-### Day 8 branch and version
+### branch and version
 
 **Branch:** `feat/mindforge-multi-runtime-dashboard`
 **Target version:** v1.1.0 (stable minor — no breaking changes)
@@ -698,4 +698,4 @@ All prompt files are in `/mnt/user-data/outputs/`:
 
 ---
 
-*State file generated at Day 7 completion. MindForge v1.0.0 — 36 commands · 10 skills · 8 personas · 20 ADRs · 15 test suites.*
+*State file generated at completion. MindForge v1.0.0 — 36 commands · 10 skills · 8 personas · 20 ADRs · 15 test suites.*

package/docs/architecture/README.md

@@ -11,6 +11,7 @@ Markdown protocols and JSON schemas, with a small Node.js CLI runtime.
 4. **Intelligence Layer** — Health, difficulty, anti-patterns in `.mindforge/intelligence/`
 5. **Knowledge Layer** — Long-term memory, capture, and sync in `.mindforge/memory/`
 6. **Distribution Layer** — Installer, registry, CI, SDK, plugins
+7. **Observability Layer (v2)** — Real-time dashboard, SSE bridge, metrics aggregator
 
 ## Key data artifacts
 - `.planning/PROJECT.md` — project brief
@@ -24,6 +25,7 @@ Markdown protocols and JSON schemas, with a small Node.js CLI runtime.
 2. `/mindforge:execute-phase` runs plans in waves
 3. `/mindforge:verify-phase` runs automated + human gates
 4. `/mindforge:ship` generates release artifacts and PR metadata
+5. `/mindforge:dashboard` provides real-time observability and governance
 
 ## Installation targets
 - Claude Code: `~/.claude/` or `.claude/`

package/docs/architecture/decision-records-index.md

@@ -4,23 +4,23 @@ All 20 ADRs in chronological order.
 
 | ADR | Title | Status | Day | Key decision |
 |---|---|---|---|---|
-| ADR-001 | HANDOFF.json for cross-session state | Accepted | Day 2 | HANDOFF.json as the primary cross-session state artifact |
-| ADR-002 | Markdown-based commands | Accepted | Day 1 | Slash commands as Markdown files (not code) |
-| ADR-003 | Keyword-trigger model for skill loading | Accepted | Day 1 | Deterministic keyword matching over AI-decided selection |
-| ADR-004 | Wave parallelism over full parallelism | Accepted | Day 2 | Wave-based (dependency-ordered) over unconstrained parallel |
-| ADR-005 | Append-only JSONL for audit log | Accepted | Day 2 | AUDIT.jsonl append-only (never update, never delete) |
-| ADR-006 | Three-tier skills architecture | Accepted | Day 3 | Core → Org → Project tier hierarchy |
-| ADR-007 | Keyword-trigger model (reaffirmed at Day 3 scale) | Accepted | Day 3 | Confirmed at 10+ skill scale |
-| ADR-008 | Just-in-time skill loading | Accepted | Day 3 | Load at task time, not session start |
-| ADR-009 | Environment-variable-only credential storage | Accepted | Day 4 | Credentials only in env vars, never in config files |
-| ADR-010 | Compliance gates non-bypassable; approvals allow emergency | Accepted | Day 4 | Gates: never bypass. Approvals: emergency override with audit |
-| ADR-011 | Integration failures are non-blocking | Accepted | Day 4 | Jira/Slack/GitHub down ≠ phase blocked |
-| ADR-012 | Intelligence outputs feed back into system behaviour | Accepted | Day 5 | Difficulty → granularity, retro → MINDFORGE.md, quality → behaviour |
-| ADR-013 | MINDFORGE.md as constitution with non-overridable primitives | Accepted | Day 5 | Non-overridable governance primitives cannot be disabled |
-| ADR-014 | Metrics are system signals, not developer performance | Accepted | Day 5 | Quality scores improve the system, not evaluate individuals |
-| ADR-015 | npm as the public skills registry | Accepted | Day 6 | npm ecosystem for skill distribution |
-| ADR-016 | CI timeout exits with code 0 (soft stop) | Accepted | Day 6 | Timeout = save and resume, not failure |
-| ADR-017 | SDK event stream is localhost-only | Accepted | Day 6 | SSE binds to 127.0.0.1 only |
-| ADR-018 | Installer detects and handles self-install | Accepted | Day 7 | Installer running inside its own repo = no-op for framework files |
-| ADR-019 | Self-update preserves original install scope | Accepted | Day 7 | Update local→local, global→global |
-| ADR-020 | v1.0.0 stable interface contract | Accepted | Day 7 | Defines what "stable" means for plugins and SDK consumers |
+| ADR-001 | HANDOFF.json for cross-session state | Accepted | HANDOFF.json as the primary cross-session state artifact |
+| ADR-002 | Markdown-based commands | Accepted | Slash commands as Markdown files (not code) |
+| ADR-003 | Keyword-trigger model for skill loading | Accepted | Deterministic keyword matching over AI-decided selection |
+| ADR-004 | Wave parallelism over full parallelism | Accepted | Wave-based (dependency-ordered) over unconstrained parallel |
+| ADR-005 | Append-only JSONL for audit log | Accepted | AUDIT.jsonl append-only (never update, never delete) |
+| ADR-006 | Three-tier skills architecture | Accepted | Core → Org → Project tier hierarchy |
+| ADR-007 | Keyword-trigger model (reaffirmed at scale) | Accepted | Confirmed at 10+ skill scale |
+| ADR-008 | Just-in-time skill loading | Accepted | Load at task time, not session start |
+| ADR-009 | Environment-variable-only credential storage | Accepted | Credentials only in env vars, never in config files |
+| ADR-010 | Compliance gates non-bypassable; approvals allow emergency | Accepted | Gates: never bypass. Approvals: emergency override with audit |
+| ADR-011 | Integration failures are non-blocking | Accepted | Jira/Slack/GitHub down ≠ phase blocked |
+| ADR-012 | Intelligence outputs feed back into system behaviour | Accepted | Difficulty → granularity, retro → MINDFORGE.md, quality → behaviour |
+| ADR-013 | MINDFORGE.md as constitution with non-overridable primitives | Accepted | Non-overridable governance primitives cannot be disabled |
+| ADR-014 | Metrics are system signals, not developer performance | Accepted | Quality scores improve the system, not evaluate individuals |
+| ADR-015 | npm as the public skills registry | Accepted | npm ecosystem for skill distribution |
+| ADR-016 | CI timeout exits with code 0 (soft stop) | Accepted | Timeout = save and resume, not failure |
+| ADR-017 | SDK event stream is localhost-only | Accepted | SSE binds to 127.0.0.1 only |
+| ADR-018 | Installer detects and handles self-install | Accepted | Installer running inside its own repo = no-op for framework files |
+| ADR-019 | Self-update preserves original install scope | Accepted | Update local→local, global→global |
+| ADR-020 | v1.0.0 stable interface contract | Accepted | Defines what "stable" means for plugins and SDK consumers |

package/docs/ci-cd.md

@@ -0,0 +1,92 @@
+# 🚀 MindForge 5-Layer Plane Architecture (CI/CD)
+
+MindForge v2.0.0 uses a sophisticated Control + Execution Plane architecture for its GitHub Actions, ensuring enterprise-grade governance and autonomous execution capabilities.
+
+## 🏗️ The 5 Planes
+
+| Plane | Purpose | Trigger |
+| --- | --- | --- |
+| **Control Plane** | Change classification & Routing | `push`, `pull_request` |
+| **Execution Plane** | Headless agent runtime | `workflow_call` |
+| **AI Intelligence** | Multi-model code validation | PRs (reusable) |
+| **Release Plane** | Packaging & Deployment | Tags (`v*`) |
+| **Observability** | Run metrics & Analytics | Post-run |
+
+---
+
+## 🔄 PR Workflow Lifecycle
+
+When you open or update a Pull Request, MindForge triggers the following "Beast" sequence:
+
+1. **🔍 Classify**: Analyzes diffs to assign a **Governance Tier (1, 2, or 3)**.
+2. **⚖️ Govern**:
+    - **Tier 3 Enforcement**: Blocks the PR if sensitive changes are detected without an approval file.
+    - **Security Scan**: Automatically validates `MINDFORGE.md` and project configurations.
+3. **⚡ Execute**:
+    - Runs **Headless Agent** to verify autonomous logic.
+    - Executes full **Test Suite** and **Linter**.
+4. **🤖 Review**:
+    - Triggers **AI Intelligence Layer** (Claude + GPT-4o).
+    - Posts architectural/security findings as a **PR Comment**.
+5. **📊 Observe**: Generates a performance and audit trace report.
+
+---
+
+## 🔍 Control Plane & Tiers
+
+Every change is automatically classified into a governance tier:
+
+- **Tier 1 (Trivial)**: Auto-approves and executes basic verification.
+- **Tier 2 (Logic)**: Executes full test suites and AI review.
+- **Tier 3 (Sensitive)**: Blocks the pipeline unless a manual approval is found in `.planning/approvals/`.
+
+---
+
+## 🛠️ MindForge CLI (`bin/mindforge-cli.js`)
+
+All planes interact with MindForge via a centralized CLI router:
+
+- `health`: Validates project integrity.
+- `security-scan`: Scans for secrets and PII.
+- `headless`: Executes agents in non-interactive mode.
+- `pr-review`: Standard code review.
+- `cross-review`: Multi-model architecture validation.
+
+---
+
+## 🛡️ Governance Enforcement
+
+If a PR touches sensitive components (Auth, Payments, Security):
+1. The **Control Plane** identifies it as **Tier 3**.
+2. The **Governance Gate** fails unless a valid `.planning/approvals/*.json` file exists.
+3. Once approved, the **Execution Plane** resumes the workflow.
+
+
+
+---
+
+## 📦 Automated Releases
+
+Releases are triggered by pushing a semver tag:
+
+```bash
+git tag v2.0.0
+git push origin v2.0.0
+```
+
+This will automatically:
+
+- Run the full test suite.
+- Generate a CHANGELOG.
+- Publish to npm.
+- Create a GitHub Release with build artifacts.
+
+---
+
+## 📊 Observability
+
+MindForge tracks every CI execution:
+
+- **Success Rate**: Phase completion status.
+- **Token Usage**: AI cost monitoring.
+- **Audit Trace**: Full execution history in `AUDIT.jsonl`.

package/docs/commands-reference.md

@@ -8,4 +8,5 @@
 | `/mindforge:execute-phase [N]`  | Execute plans with wave-based parallelism     |
 | `/mindforge:verify-phase [N]`   | Human acceptance testing + automated checks  |
 | `/mindforge:ship [N]`           | Generate changelog, run quality gates, create PR |
+| `/mindforge:dashboard`           | Manage the real-time web observability dashboard |
 

package/docs/enterprise-setup.md

@@ -18,7 +18,7 @@ Configure Jira, Confluence, Slack, and SCM governance safely without storing
 - never use `curl -v` with Authorization headers
 - rotate credentials by updating the environment, not config files
 
-## Supported Day 4 outputs
+## Supported outputs
 - Jira epics and stories for phases/plans
 - Confluence architecture and ADR publishing
 - Slack notifications and thread tracking

package/docs/feature-dashboard.md

@@ -0,0 +1,52 @@
+# Feature: Real-time Dashboard (v2)
+
+The MindForge Real-time Dashboard provides a high-fidelity, web-based control center for your agentic workflows. It leverages **Server-Sent Events (SSE)** to push live updates from your codebase directly to your browser with zero performance overhead.
+
+## 🚀 Getting Started
+
+To launch the dashboard:
+```bash
+/mindforge:dashboard --start --open
+```
+
+Default access: `http://localhost:7339` (Strictly bound to `127.0.0.1` for security).
+
+## 🛠 Key Features
+
+### 1. Live Audit Stream
+- Real-time rolling feed of all `AUDIT.jsonl` events.
+- Color-coded status indicators (Success, Failure, Security Warning).
+- Detailed JSON inspection for every action.
+
+### 2. Performance Metrics
+- **Token Costs**: Cumulative and session-based cost tracking across all providers.
+- **Quality Score**: Real-time graphing of verify-pass-rates.
+- **Compaction Health**: Monitoring of context management efficiency.
+
+### 3. Web-based Governance
+- **Tier 2/3 Approvals**: Review pending architectural or security changes.
+- **Tier 3 Confirmation**: Mandatory plan ID typing for high-risk approvals is enforced in the UI.
+- **Decision History**: Interactive timeline of past approvals and rejections.
+
+### 4. Team & Agent Activity
+- **Wave Progress**: Track multiple agents executing parallel waves.
+- **Persona Context**: See which agent personas are currently active.
+- **Steerage Feed**: View steering instructions as they are applied.
+
+## 🛡 Hardened Security
+- **Localhost Binding**: The server refuses connections from external IPs.
+- **CORS Lock-down**: Only allows requests from the local control plane.
+- **Integrity First**: Audit logs are written by the backend *before* changes are committed, ensuring a bulletproof trail.
+
+## 📟 Command Reference
+
+| Flag | Action |
+| :--- | :--- |
+| `--start` | Launch the dashboard server process. |
+| `--stop` | Gracefully shut down the server. |
+| `--status` | Check if the dashboard is running and get PID. |
+| `--open` | Open the UI in your default browser. |
+| `--port [N]` | Change the default port (7339). |
+
+---
+*For technical implementation details, see `.mindforge/dashboard/dashboard-spec.md`.*

package/docs/publishing-guide.md

@@ -10,69 +10,34 @@ This guide outlines the standard procedure for publishing a new version of `mind
 
 ## Step-by-Step Workflow
 
-### 1. Versioning Strategy
+### 1. Pre-Flight Verification & Adversarial Review
+Before any release, ensure the following is completed:
 
-MindForge follows [Semantic Versioning (SemVer)](https://semver.org/).
+- **Structural Integrity**: Run `npm test` to verify layout and command mirroring.
+- **Security Check**: Run `/mindforge:security-scan` to ensure no keys or CVEs are present.
+- **Mult-Model Review**: Run `/mindforge:cross-review` to have multiple models (Claude, GPT, Gemini) audit the new features for edge cases.
 
-- **Major (X.0.0)**: Breaking changes or significant architecture shifts.
-- **Minor (0.X.0)**: New features, non-breaking.
-- **Patch (0.0.X)**: Bug fixes, performance improvements.
-- **Prereleases**: Append `-alpha.N`, `-beta.N`, or `-rc.N` (e.g., `2.0.0-alpha.4`).
+### 2. Versioning Strategy
+MindForge follows SemVer. Update `package.json` and `CHANGELOG.md` first.
 
-### 2. Pre-Publish Verification
+### 3. Automated Release Workflow
+MindForge provides a built-in workflow to handle the heavy lifting:
 
-Always run the integrity suite before publishing:
+1. Run the slash command: `/publish-release`
+2. Follow the interactive prompts to execute tests and dry runs.
 
-```bash
-npm test
-```
-
-This verifies that:
-- All required directories and files exist.
-- Commands are mirrored between `.claude/` and `.agent/`.
-- `package.json` metadata is valid.
-- No secrets are leaked.
-
-### 3. Dry Run
-
-Validate the package contents:
+### 4. Manual Publishing (Fallback)
+If the workflow is unavailable:
 
 ```bash
-npm pack --dry-run
+npm publish --tag alpha --access public
 ```
 
-Review the file list in the output to ensure no internal config or temporary files are included.
-
-### 4. Publishing
-
-#### Stable Releases
-For stable versions (e.g., `2.0.0`), use a standard publish:
-
-```bash
-npm publish --access public
-```
-
-#### Prereleases (Alpha/Beta/RC)
-For prerelease versions, you **MUST** specify a tag to avoid them being installed as `@latest`:
-
-```bash
-npm publish --tag [alpha|beta|rc] --access public
-```
-
-### 5. Git Tagging
-
-After a successful publish, tag the commit in Git:
-
+### 5. Git Tagging & Origin Sync
 ```bash
 git tag v[version]
-git push origin v[version]
+git push origin --tags
 ```
 
-## Troubleshooting
-
-- **403 Forbidden**: Usually means the version already exists on npm or you don't have permissions.
-- **Tag Required**: If you get an error about specifying a tag, it's because you are publishing a version with a hyphen (prerelease) without the `--tag` flag.
-- **Integrity Failure**: Fix the structural issues reported by `npm test` before retrying.
-
 ---
 *Last Updated: 2026-03-22*