mindforge-cc 2.0.0-alpha.9 → 2.1.0

package/bin/skills-builder/skill-scorer.js

@@ -0,0 +1,263 @@
+/**
+ * MindForge v2 — Skill Scorer
+ * 7-dimension quality scoring system for SKILL.md files.
+ * Total: 100 points.
+ *
+ * This is a static analysis scorer — no AI calls needed.
+ * Runs in < 100ms on any SKILL.md.
+ */
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+
+// ── Injection guard patterns (from skill-loader.md) ───────────────────────────
+const INJECTION_PATTERNS = [
+  /IGNORE ALL PREVIOUS INSTRUCTIONS/i,
+  /IGNORE PREVIOUS INSTRUCTIONS/i,
+  /DISREGARD YOUR INSTRUCTIONS/i,
+  /FORGET YOUR TRAINING/i,
+  /YOU ARE NOW/i,
+  /YOUR NEW INSTRUCTIONS ARE/i,
+  /OVERRIDE:/i,
+  /SYSTEM PROMPT:/i,
+];
+
+// ── Placeholder detection ─────────────────────────────────────────────────────
+const PLACEHOLDER_PATTERNS = [
+  /\[your description here\]/i,
+  /\[fill in\]/i,
+  /\[TODO\]/i,
+  /\btodo\b/i,
+  /\bfixme\b/i,
+  /<description>/i,
+  /\.\.\.fill in\.\.\./i,
+  /\[your [a-z\s]+ here\]/i,
+  /\[replace with\]/i,
+];
+
+// ── Generic trigger words (penalty list) ─────────────────────────────────────
+const GENERIC_TRIGGERS = new Set([
+  'database', 'api', 'model', 'service', 'component', 'function',
+  'class', 'method', 'type', 'interface', 'module', 'package',
+  'file', 'config', 'test', 'error', 'data', 'query', 'request',
+  'response', 'handler', 'controller', 'repository', 'schema',
+]);
+
+// ── SKILL.md parser ───────────────────────────────────────────────────────────
+function parseSkill(content) {
+  const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---/);
+  const frontmatter      = frontmatterMatch?.[1] || '';
+
+  // Extract triggers from frontmatter
+  const triggersSection = frontmatter.match(/^triggers:\n((?:  - .+\n?)*)/m);
+  const triggers        = (triggersSection?.[1] || '')
+    .split('\n')
+    .map(l => l.replace(/^\s*- /, '').trim())
+    .filter(Boolean);
+
+  // Count code blocks with ≥ 3 lines (meaningful examples, not one-liners)
+  const codeBlockMatches = content.match(/```[\s\S]*?```/g) || [];
+  const codeBlocks       = codeBlockMatches.length;
+  const meaningfulBlocks = codeBlockMatches.filter(block => {
+    const lines = block.split('\n').length;
+    return lines >= 4; // ``` + at least 3 content lines + ```
+  }).length;
+
+  // Count checklist items (both checked and unchecked)
+  const checklistItems = (content.match(/^- \[[ xX]\] /gm) || []).length;
+
+  // Has version history?
+  const hasVersionHistory = /## Version History/i.test(content);
+  const versionEntries    = (content.match(/^### v\d+\.\d+\.\d+/gm) || []).length;
+
+  // Mandatory action counts
+  const alwaysRules  = (content.match(/\b(Always|Must|Required|mandatory|MUST)\b/gi) || []).length;
+  const neverRules   = (content.match(/\b(Never|Don't|Do not|Avoid|NEVER)\b/gi) || []).length;
+  const hasSecuritySection  = /security|auth|SECURITY|AUTH/i.test(content);
+  const hasPerformanceSection = /performance|perf|optimiz|PERFORMANCE/i.test(content);
+  const hasErrorSection    = /error handling|exception|catch|Error/i.test(content);
+
+  return {
+    triggers, codeBlocks, meaningfulBlocks, checklistItems,
+    hasVersionHistory, versionEntries,
+    alwaysRules, neverRules,
+    hasSecuritySection, hasPerformanceSection, hasErrorSection,
+    content,
+  };
+}
+
+// ── Dimension scorers ─────────────────────────────────────────────────────────
+function scoreTriggerCoverage(parsed) {
+  const { triggers } = parsed;
+  let score = 0;
+
+  if (triggers.length >= 25) score = 30;
+  else if (triggers.length >= 20) score = 24;
+  else if (triggers.length >= 15) score = 18;
+  else if (triggers.length >= 10) score = 12;
+  else if (triggers.length >= 5)  score = 6;
+
+  // Penalty for generic triggers
+  const genericCount = triggers.filter(t => GENERIC_TRIGGERS.has(t.toLowerCase())).length;
+  const penalty      = genericCount * 2;
+
+  return {
+    score: Math.max(0, score - penalty),
+    max: 30,
+    details: `${triggers.length} triggers, ${genericCount} generic (penalty: -${penalty})`,
+  };
+}
+
+function scoreMandatoryActions(parsed) {
+  const { alwaysRules, neverRules, hasSecuritySection, hasPerformanceSection, hasErrorSection } = parsed;
+  let score = 0;
+
+  if (alwaysRules >= 5)           score += 5;
+  else if (alwaysRules >= 3)      score += 3;
+  else if (alwaysRules >= 1)      score += 1;
+
+  if (neverRules >= 3)            score += 5;
+  else if (neverRules >= 2)       score += 3;
+  else if (neverRules >= 1)       score += 2;
+
+  if (hasSecuritySection)         score += 5;
+  if (hasPerformanceSection)      score += 5;
+  if (hasErrorSection)            score += 5;
+
+  return {
+    score: Math.min(25, score),
+    max: 25,
+    details: `${alwaysRules} always-rules, ${neverRules} never-rules, security:${hasSecuritySection}, perf:${hasPerformanceSection}, errors:${hasErrorSection}`,
+  };
+}
+
+function scoreCodeExamples(parsed) {
+  const { meaningfulBlocks, content } = parsed;
+  let score = 0;
+
+  if (meaningfulBlocks >= 5)      score = 20;
+  else if (meaningfulBlocks >= 3) score = 14;
+  else if (meaningfulBlocks >= 1) score = 7;
+
+  // Bonus: side-by-side correct/incorrect examples
+  const hasSideBySide = content.includes('✅') && content.includes('❌');
+  if (hasSideBySide) score = Math.min(20, score + 2);
+
+  return { score: Math.min(20, score), max: 20, details: `${meaningfulBlocks} meaningful code blocks, side-by-side:${hasSideBySide}` };
+}
+
+function scoreSelfCheck(parsed) {
+  const { checklistItems } = parsed;
+  let score = 0;
+
+  if (checklistItems >= 10)     score = 15;
+  else if (checklistItems >= 7) score = 10;
+  else if (checklistItems >= 4) score = 7;
+  else if (checklistItems >= 1) score = 3;
+
+  return { score, max: 15, details: `${checklistItems} checklist items` };
+}
+
+function scoreInjectionSafe(parsed) {
+  const hasInjection = INJECTION_PATTERNS.some(p => p.test(parsed.content));
+  return {
+    score: hasInjection ? 0 : 10,
+    max: 10,
+    details: hasInjection ? 'INJECTION PATTERN DETECTED — score 0' : 'clean',
+    fail:    hasInjection,
+  };
+}
+
+function scoreNoPlaceholders(parsed) {
+  const placeholderCount = PLACEHOLDER_PATTERNS.filter(p => p.test(parsed.content)).length;
+  let score = 0;
+  if (placeholderCount === 0)      score = 10;
+  else if (placeholderCount <= 2)  score = 5;
+
+  return { score, max: 10, details: `${placeholderCount} placeholder patterns found` };
+}
+
+function scoreVersionHistory(parsed) {
+  const { hasVersionHistory, versionEntries } = parsed;
+  let score = 0;
+  if (hasVersionHistory && versionEntries >= 1) score = 10;
+  else if (versionEntries > 0) score = 5;
+
+  const bonus = versionEntries > 1 ? 2 : 0;
+  const MAX = 10;
+  return { score: Math.min(MAX, score + bonus), max: MAX, details: `${versionEntries} version entries` };
+}
+
+// ── Main score function ───────────────────────────────────────────────────────
+/**
+ * Score a SKILL.md file.
+ * @param {string} skillPathOrContent - Path to SKILL.md or content string
+ * @returns {object} Full scoring result
+ */
+function score(skillPathOrContent) {
+  let content;
+  if (typeof skillPathOrContent === 'string' && fs.existsSync(skillPathOrContent)) {
+    content = fs.readFileSync(skillPathOrContent, 'utf8');
+  } else {
+    content = skillPathOrContent;
+  }
+
+  const parsed = parseSkill(content);
+
+  const dimensions = {
+    trigger_coverage:    scoreTriggerCoverage(parsed),
+    mandatory_actions:   scoreMandatoryActions(parsed),
+    code_examples:       scoreCodeExamples(parsed),
+    self_check:          scoreSelfCheck(parsed),
+    injection_safe:      scoreInjectionSafe(parsed),
+    no_placeholders:     scoreNoPlaceholders(parsed),
+    version_history:     scoreVersionHistory(parsed),
+  };
+
+  const total = Object.values(dimensions).reduce((s, d) => s + d.score, 0);
+
+  // Determine thresholds
+  let threshold_status = 'insufficient';
+  if (total >= 90)      threshold_status = 'excellent';
+  else if (total >= 80) threshold_status = 'good';
+  else if (total >= 70) threshold_status = 'acceptable';
+  else if (total >= 60) threshold_status = 'minimum';
+
+  const can_register = total >= 60 && !dimensions.injection_safe.fail;
+  const can_publish  = total >= 80 && !dimensions.injection_safe.fail;
+
+  // Improvement suggestions
+  const suggestions = [];
+  if (dimensions.trigger_coverage.score < 24) {
+    suggestions.push(`Add ${25 - parsed.triggers.length} more triggers to reach 25+ (currently ${parsed.triggers.length})`);
+  }
+  if (dimensions.mandatory_actions.score < 20) {
+    if (!parsed.hasSecuritySection)     suggestions.push('Add a security considerations section');
+    if (!parsed.hasPerformanceSection)  suggestions.push('Add a performance considerations section');
+    if (!parsed.hasErrorSection)        suggestions.push('Add an error handling section');
+  }
+  if (dimensions.code_examples.score < 14) {
+    suggestions.push(`Add ${5 - parsed.codeBlocks} more code examples (currently ${parsed.codeBlocks})`);
+  }
+  if (dimensions.self_check.score < 10) {
+    suggestions.push(`Add ${10 - parsed.checklistItems} more checklist items (currently ${parsed.checklistItems})`);
+  }
+  if (!dimensions.version_history.score) {
+    suggestions.push('Add a ## Version History section with a v1.0.0 entry');
+  }
+
+  return {
+    quality_score:    total,
+    threshold_status,
+    can_register,
+    can_publish,
+    score_breakdown:  Object.fromEntries(Object.entries(dimensions).map(([k, v]) => [k, v.score])),
+    dimension_details: Object.fromEntries(Object.entries(dimensions).map(([k, v]) => [k, v.details])),
+    improvement_suggestions: suggestions,
+    trigger_count:    parsed.triggers.length,
+    injection_safe:   !dimensions.injection_safe.fail,
+  };
+}
+
+module.exports = { score, parseSkill, INJECTION_PATTERNS, PLACEHOLDER_PATTERNS, GENERIC_TRIGGERS };

package/bin/skills-builder/source-loader.js

@@ -0,0 +1,268 @@
+/**
+ * MindForge v2 — Source Loader
+ * Loads documentation from URLs, local files/dirs, npm packages,
+ * and the current session (SUMMARY files + HANDOFF.json).
+ *
+ * All URL fetches have SSRF protection (Day 10 pattern).
+ * Local reads use walkDir() to safely enumerate files.
+ */
+'use strict';
+
+const fs   = require('fs');
+const path = require('path');
+const dns  = require('dns').promises;
+
+const PLANNING_DIR   = path.join(process.cwd(), '.planning');
+const MINDFORGE_DIR  = path.join(process.cwd(), '.mindforge');
+
+// ── SSRF protection (reused from research-engine.js, Day 10) ─────────────────
+const PRIVATE_RANGES = [
+  /^127\./,
+  /^10\./,
+  /^172\.(1[6-9]|2\d|3[01])\./,
+  /^192\.168\./,
+  /^169\.254\./,  // AWS metadata
+  /^::1$/,
+  /^fc00:/,
+  /^fe80:/,
+];
+
+async function isSafeUrl(rawUrl) {
+  let parsed;
+  try { parsed = new URL(rawUrl); } catch { return false; }
+  if (!['http:', 'https:'].includes(parsed.protocol)) return false;
+
+  try {
+    const { address } = await dns.lookup(parsed.hostname);
+    if (PRIVATE_RANGES.some(r => r.test(address))) {
+      process.stderr.write(`[source-loader] SSRF blocked: ${rawUrl} → ${address}\n`);
+      return false;
+    }
+  } catch {
+    process.stderr.write(`[source-loader] DNS resolution failed for: ${parsed.hostname}\n`);
+    return false;
+  }
+  return true;
+}
+
+// ── URL fetcher ───────────────────────────────────────────────────────────────
+async function fetchUrl(rawUrl, maxChars = 400_000, _redirectCount = 0) {
+  if (_redirectCount > 5) {
+    throw new Error(`Too many redirects (>5) for URL: ${rawUrl}`);
+  }
+
+  if (!await isSafeUrl(rawUrl)) {
+    throw new Error(`URL blocked by SSRF protection: ${rawUrl}`);
+  }
+
+  return new Promise((resolve, reject) => {
+    const protocol = rawUrl.startsWith('https') ? require('https') : require('http');
+    let settled = false;
+    const settle = (fn, val) => { if (!settled) { settled = true; fn(val); } };
+
+    const hardTimer = setTimeout(() => {
+      settle(reject, new Error(`Fetch timeout (30s): ${rawUrl}`));
+    }, 30_000);
+
+    const req = protocol.get(rawUrl, { headers: { 'User-Agent': 'MindForge-Learn/2.0' } }, res => {
+      // Follow redirects (up to 5)
+      if ([301, 302, 303, 307, 308].includes(res.statusCode) && res.headers.location) {
+        clearTimeout(hardTimer);
+        // Pass incremented redirect count — SSRF re-checked in recursive call
+        // Comment: Each redirect hop calls isSafeUrl() — open redirect chains through private IPs are blocked
+        fetchUrl(res.headers.location, maxChars, _redirectCount + 1).then(settle.bind(null, resolve), settle.bind(null, reject));
+        return;
+      }
+      if (res.statusCode !== 200) {
+        clearTimeout(hardTimer);
+        settle(reject, new Error(`HTTP ${res.statusCode} for: ${rawUrl}`));
+        return;
+      }
+
+      let body = '';
+      res.on('data', chunk => { body += chunk; if (body.length > maxChars) res.destroy(); });
+      res.on('end', () => { clearTimeout(hardTimer); settle(resolve, body.slice(0, maxChars)); });
+      res.on('error', err => { clearTimeout(hardTimer); settle(reject, err); });
+    });
+    req.on('error', err => { clearTimeout(hardTimer); settle(reject, err); });
+    req.end();
+  });
+}
+
+// ── HTML → text (strip tags for cleaner model context) ───────────────────────
+function htmlToText(html) {
+  return html
+    .replace(/<script[\s\S]*?<\/script>/gi, '')   // Remove scripts
+    .replace(/<style[\s\S]*?<\/style>/gi, '')      // Remove styles
+    .replace(/<[^>]+>/g, ' ')                      // Strip remaining tags
+    .replace(/&nbsp;/g, ' ')
+    .replace(/&amp;/g, '&')
+    .replace(/&lt;/g, '<')
+    .replace(/&gt;/g, '>')
+    .replace(/&quot;/g, '"')
+    .replace(/&#39;/g, "'")
+    .replace(/\s{3,}/g, '\n\n')                   // Collapse excessive whitespace
+    .trim();
+}
+
+// ── npm package loader ────────────────────────────────────────────────────────
+async function loadNpmPackage(packageName) {
+  // Sanitize package name (prevent path injection)
+  if (!/^(@[a-z0-9-~][a-z0-9-._~]*\/)?[a-z0-9-~][a-z0-9-._~]*$/.test(packageName)) {
+    throw new Error(`Invalid npm package name: ${packageName}`);
+  }
+
+  const registryUrl = `https://registry.npmjs.org/${encodeURIComponent(packageName)}`;
+  const raw         = await fetchUrl(registryUrl, 500_000);
+  const data        = JSON.parse(raw);
+
+  const latest  = data['dist-tags']?.latest || Object.keys(data.versions || {}).pop();
+  const version = data.versions?.[latest];
+  const readme  = data.readme || version?.readme || '';
+
+  return {
+    name:        packageName,
+    version:     latest,
+    description: data.description || '',
+    homepage:    data.homepage || '',
+    repository:  version?.repository?.url || '',
+    readme:      readme.slice(0, 200_000),
+    keywords:    data.keywords || [],
+  };
+}
+
+// ── Local file/directory loader ───────────────────────────────────────────────
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', 'coverage', '.planning']);
+const DOC_EXTENSIONS = new Set(['.md', '.mdx', '.txt', '.rst', '.html', '.json', '.yaml', '.yml']);
+const CODE_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.py', '.go', '.rs', '.java']);
+
+function walkDir(dir, extensions, maxFiles = 50) {
+  const results = [];
+  function walk(d) {
+    if (results.length >= maxFiles) return;
+    let entries;
+    try { entries = fs.readdirSync(d, { withFileTypes: true }); } catch { return; }
+    for (const e of entries) {
+      if (results.length >= maxFiles) break;
+      if (SKIP_DIRS.has(e.name)) continue;
+      const full = path.join(d, e.name);
+      if (e.isDirectory()) walk(full);
+      else if (extensions.has(path.extname(e.name).toLowerCase())) results.push(full);
+    }
+  }
+  walk(dir);
+  return results;
+}
+
+function loadLocal(localPath, maxCharsPerFile = 50_000) {
+  const resolved = path.resolve(localPath);
+
+  // Safety check: resolved path must be inside cwd or be absolute
+  const stat = fs.statSync(resolved);
+  let content = '';
+
+  if (stat.isDirectory()) {
+    const allExts = new Set([...DOC_EXTENSIONS, ...CODE_EXTENSIONS]);
+    const files   = walkDir(resolved, allExts, 30);
+    for (const f of files) {
+      const text = fs.readFileSync(f, 'utf8').slice(0, maxCharsPerFile);
+      content += `\n\n### ${path.relative(process.cwd(), f)}\n${text}`;
+      if (content.length > 600_000) break;
+    }
+  } else {
+    content = fs.readFileSync(resolved, 'utf8').slice(0, maxCharsPerFile);
+  }
+
+  return { path: resolved, content: content.slice(0, 800_000) };
+}
+
+// ── Session loader ────────────────────────────────────────────────────────────
+function loadSession(phaseNum = null) {
+  const phasesDir = path.join(PLANNING_DIR, 'phases');
+  if (!fs.existsSync(phasesDir)) return { content: '', sources: [] };
+
+  // Determine phase to analyse
+  let targetPhase = phaseNum;
+  if (!targetPhase) {
+    // Find the most recent phase with SUMMARY files
+    const phaseDirs = fs.readdirSync(phasesDir)
+      .filter(d => /^\d+$/.test(d))
+      .map(Number).sort((a, b) => b - a); // Descending
+    targetPhase = phaseDirs[0];
+  }
+
+  if (!targetPhase) return { content: '', sources: [] };
+
+  const phaseDir = path.join(phasesDir, String(targetPhase));
+  const sources  = [];
+  let content    = `# Session Analysis — Phase ${targetPhase}\n\n`;
+
+  // SUMMARY files
+  const summaryFiles = fs.existsSync(phaseDir)
+    ? fs.readdirSync(phaseDir).filter(f => f.startsWith('SUMMARY-') && f.endsWith('.md'))
+    : [];
+  for (const f of summaryFiles) {
+    const text = fs.readFileSync(path.join(phaseDir, f), 'utf8');
+    content += `## ${f}\n${text.slice(0, 10_000)}\n\n`;
+    sources.push(f);
+  }
+
+  // HANDOFF.json implicit_knowledge
+  const handoffPath = path.join(PLANNING_DIR, 'HANDOFF.json');
+  if (fs.existsSync(handoffPath)) {
+    try {
+      const handoff = JSON.parse(fs.readFileSync(handoffPath, 'utf8'));
+      const implicit = handoff.implicit_knowledge || [];
+      if (implicit.length > 0) {
+        content += `## Implicit Knowledge (from HANDOFF.json)\n`;
+        implicit
+          .filter(i => (i.confidence || 0) >= 0.65)
+          .forEach(i => { content += `- ${i.topic || i.text}: ${i.content || i.text}\n`; });
+        content += '\n';
+        sources.push('HANDOFF.json:implicit_knowledge');
+      }
+    } catch { /* ignore malformed HANDOFF */ }
+  }
+
+  // ADR files from this phase
+  const decisionsDir = path.join(PLANNING_DIR, 'decisions');
+  if (fs.existsSync(decisionsDir)) {
+    const recentAdrs = fs.readdirSync(decisionsDir)
+      .filter(f => f.startsWith('ADR-') && f.endsWith('.md'))
+      .slice(-5); // Last 5 ADRs
+    for (const f of recentAdrs) {
+      const text = fs.readFileSync(path.join(decisionsDir, f), 'utf8');
+      content += `## ${f}\n${text.slice(0, 5_000)}\n\n`;
+      sources.push(f);
+    }
+  }
+
+  return { content: content.slice(0, 800_000), sources, phase: targetPhase };
+}
+
+// ── Main load function ────────────────────────────────────────────────────────
+async function load(source) {
+  if (source === '--session') {
+    const result = loadSession();
+    return { type: 'session', content: result.content, metadata: { sources: result.sources, phase: result.phase } };
+  }
+
+  if (source.startsWith('npm:')) {
+    const pkg = source.slice(4);
+    const result = await loadNpmPackage(pkg);
+    const content = `# ${result.name} v${result.version}\n${result.description}\n\n${result.readme}`;
+    return { type: 'npm', content, metadata: result };
+  }
+
+  if (source.startsWith('http://') || source.startsWith('https://')) {
+    const raw  = await fetchUrl(source);
+    const text = raw.includes('<html') || raw.includes('<HTML') ? htmlToText(raw) : raw;
+    return { type: 'url', content: text, metadata: { url: source, length: raw.length } };
+  }
+
+  // Local path
+  const result = loadLocal(source);
+  return { type: 'local', content: result.content, metadata: { path: result.path } };
+}
+
+module.exports = { load, fetchUrl, isSafeUrl, htmlToText, loadNpmPackage, loadLocal, loadSession };

package/docs/Context/Master-Context.md

@@ -34,15 +34,8 @@ anti-pattern detector, quality metrics, team profiling).
 Built the entire structural foundation:
 
 - **`.claude/CLAUDE.md`** — The agent entry point. Session start protocol, plan-first rule, quality gates, security auto-trigger, state artifact table. Mirrored identically to `.agent/CLAUDE.md` (Antigravity runtime).
-- **8 agent persona files** in `.mindforge/personas/`:
-  - `analyst.md` — Requirements decomposition and gap identification
-  - `architect.md` — System design, ADRs, technology decisions
-  - `developer.md` — Implementation with 5 common AI anti-pattern guards
-  - `qa-engineer.md` — Test strategy and verification
-  - `security-reviewer.md` — OWASP-aligned security review
-  - `tech-writer.md` — Documentation and changelog authoring
-  - `debug-specialist.md` — 10-step root cause analysis protocol
-  - `release-manager.md` — Deployment coordination
+- **32 agent persona files** in `.mindforge/personas/`:
+  - `advisor-researcher.md`, `analyst.md`, `architect.md`, `assumptions-analyzer-extend.md`, `assumptions-analyzer.md`, `codebase-mapper-extend.md`, `codebase-mapper.md`, `coverage-specialist.md`, `debug-specialist.md`, `debugger.md`, `decision-architect.md`, `developer.md`, `executor.md`, `integration-checker.md`, `nyquist-auditor.md`, `phase-researcher.md`, `plan-checker.md`, `planner.md`, `project-researcher.md`, `qa-engineer.md`, `release-manager.md`, `research-agent.md`, `research-synthesizer.md`, `roadmapper-extend.md`, `roadmapper.md`, `security-reviewer.md`, `tech-writer.md`, `ui-auditor.md`, `ui-checker.md`, `ui-researcher.md`, `user-profiler.md`, `verifier.md`
 - **5 initial core skill packs** in `.mindforge/skills/`:
   - `security-review/SKILL.md` — 29 trigger keywords, OWASP A01-A10
   - `code-quality/SKILL.md` — Complexity, naming, error handling
@@ -331,7 +324,7 @@ mindforge-cc/                         ← npm package root
 │       └── [36 .md command files]
 │
 ├── .mindforge/
-│   ├── personas/                     ← 8 persona definitions + overrides/
+│   ├── personas/                     ← 32 persona definitions + overrides/
 │   ├── skills/                       ← 10 core skill packs (SKILL.md each)
 │   ├── engine/
 │   │   ├── wave-executor.md          ← Kahn's topological sort, parallel waves
@@ -490,9 +483,9 @@ mindforge-cc/                         ← npm package root
 9. `incident-response` — P0-P3, runbooks, postmortems
 10. `database-patterns` — Compound cursor, UUIDv7, indexes
 
-### 8 Agent Personas
+### 32 Agent Personas
 
-analyst, architect, developer, qa-engineer, security-reviewer, tech-writer, debug-specialist, release-manager
+advisor-researcher, analyst, architect, assumptions-analyzer-extend, assumptions-analyzer, codebase-mapper-extend, codebase-mapper, coverage-specialist, debug-specialist, debugger, decision-architect, developer, executor, integration-checker, nyquist-auditor, phase-researcher, plan-checker, planner, project-researcher, qa-engineer, release-manager, research-agent, research-synthesizer, roadmapper-extend, roadmapper, security-reviewer, tech-writer, ui-auditor, ui-checker, ui-researcher, user-profiler, verifier
 
 ### 20 Architecture Decision Records
 
@@ -698,4 +691,4 @@ All prompt files are in `/mnt/user-data/outputs/`:
 
 ---
 
-*State file generated at completion. MindForge v1.0.0 — 36 commands · 10 skills · 8 personas · 20 ADRs · 15 test suites.*
+*State file generated at completion. MindForge v1.0.0 — 36 commands · 10 skills · 32 personas · 20 ADRs · 15 test suites.*