mindforge-cc 6.2.0-alpha → 6.2.0

package/.claude/commands/mindforge/map-codebase.md

@@ -1,36 +1,302 @@
 ---
-name: mindforge:map-codebase
-description: Onboard MindForge to an existing project by mapping architecture and conventions
-argument-hint: [area]
-allowed-tools:
-  - run_command
-  - list_dir
-  - view_file
-  - write_to_file
+description: - Joining an existing project that has no MindForge context files
 ---
 
-<objective>
-Rapidly bootstrap MindForge context for brownfield repositories by scanning files to infer architecture, technology stack, and actual coding conventions used by the existing team.
-</objective>
-
-<execution_context>
-.claude/commands/mindforge/map-codebase.md
-</execution_context>
-
-<context>
-Target: Existing repositories without MindForge initialization.
-Security: Enforces strict exclusion list (secrets, keys, pems, ignores).
-Strategy: Sampling for large codebases (>200 files).
-</context>
-
-<process>
-1. **Inventory**: Count source files and decide on a reading strategy (Sampling vs. Full).
-2. **Parallel Analysis**:
-    - **Stack Agent**: Identify runtimes, frameworks, and databases.
-    - **Architect Agent**: Discover architectural patterns and domain models.
-    - **Convention Agent**: Document actual naming and error handling patterns found in code.
-    - **Quality Agent**: Assess testing and linting status.
-3. **Synthesis**: Write `ARCHITECTURE.md`, `PROJECT.md`, and a draft `CONVENTIONS.md`.
-4. **Review**: Present findings to the user for correction and confirmation.
-5. **Initialize**: Finalize `STATE.md` and transition the project to "Ready to plan".
-</process>
+# MindForge — Map Codebase Command
+# Usage: /mindforge:map-codebase [area]
+# Onboards MindForge to an existing (brownfield) codebase.
+# Run this INSTEAD of /mindforge:init-project when joining an existing project.
+
+## When to use this command
+- Joining an existing project that has no MindForge context files
+- Adding MindForge to a team that already has a codebase
+- Onboarding to a new-to-you repository
+- Re-mapping after major architectural changes
+
+## What it produces
+- `.planning/ARCHITECTURE.md` — system architecture discovered from code
+- `.planning/PROJECT.md` — project identity inferred from codebase + user confirmation
+- `.mindforge/org/CONVENTIONS.md` — actual conventions found in the code
+- `.planning/STATE.md` — current position (MindForge onboarded, ready to plan)
+- `.planning/decisions/ADR-NNN-[title].md` — key architectural decisions found
+
+## Pre-execution security check
+
+Before reading ANY files, build an exclusion list.
+NEVER read these file patterns during codebase mapping:
+
+```bash
+# Build the exclusion list
+EXCLUDED_PATTERNS=(
+  "*.env"         ".env.*"       "*.env.local"
+  "*.key"         "*.pem"        "*.p12"         "*.pfx"
+  "secrets/*"     "**/secrets/*" "**/.secrets/*"
+  "*.secret"      "*credentials*"
+  ".npmrc"        # may contain npm tokens
+  ".pypirc"       # may contain PyPI tokens
+  "~/.aws/*"      "~/.ssh/*"
+)
+```
+
+For any file the agent is about to read, check:
+1. Does the file name match any excluded pattern?
+2. Is the file in a directory named `secrets/`, `.secrets/`, or `credentials/`?
+3. Is the file listed in `.gitignore`? (`.gitignore` files are intentionally excluded from git for a reason)
+
+If yes to any: SKIP the file. Log that it was skipped.
+Do not include any content from excluded files in ARCHITECTURE.md or CONVENTIONS.md.
+
+## Step 0 — Clean up any previous mapping artifacts
+
+```bash
+# Remove any stale temp files from a previous mapping attempt
+if [ -d ".planning/map-temp" ]; then
+  echo "Cleaning up previous mapping session..."
+  rm -rf .planning/map-temp
+fi
+mkdir -p .planning/map-temp
+```
+
+## Step 1 — Codebase inventory
+
+Spawn FOUR parallel subagents. Each focuses on one analysis area.
+Each subagent writes its findings to a temporary file.
+
+### Subagent A — Technology Stack Analyst
+Context: minimal (CONVENTIONS.md template + task description)
+Persona: architect.md
+Task:
+```
+Analyse this repository's technology stack. Read:
+- package.json / requirements.txt / Cargo.toml / go.mod (root and workspaces)
+- Dockerfile, docker-compose.yml (if present)
+- CI/CD configuration: .github/workflows/, .gitlab-ci.yml, .circleci/
+- Infrastructure files: terraform/, pulumi/, k8s/, helm/
+
+Write to: .planning/map-temp/STACK.md
+Include:
+- Runtime/language and version
+- Framework(s) and versions
+- Database(s) used
+- Cache and queue systems
+- Testing framework(s)
+- Build and bundling tools
+- Deployment target (AWS/GCP/Azure/bare metal/etc.)
+- External services integrated (payment, email, auth, etc.)
+```
+
+### Subagent B — Architecture Analyst
+Context: minimal
+Persona: architect.md
+Task:
+```
+Analyse this repository's architecture. Read:
+- All files in src/ (or equivalent) — structure, not content
+- README.md and any docs/ directory
+- Any architecture diagrams (look for .png, .svg, .drawio in docs/)
+- Entry points: index.ts, main.py, app.go, server.ts (root-level)
+
+Write to: .planning/map-temp/ARCHITECTURE-RAW.md
+Include:
+- Architectural pattern: MVC / Clean Architecture / Hexagonal / Modular Monolith / Microservices
+- Domain model: what are the core entities? (infer from models/, entities/, types/)
+- API surface: public endpoints found in routes/, controllers/, handlers/
+- Module structure: how is the code organised? Feature-based / Layer-based?
+- Key design patterns in use: Repository, Service, Factory, Observer, etc.
+```
+
+### Scale handling for large codebases
+
+Before reading source files, count them:
+```bash
+find src/ -type f \( -name "*.ts" -o -name "*.py" -o -name "*.go" \) | wc -l
+```
+
+If count > 200 files: use sampling strategy instead of full read:
+- Read 3 files from each top-level subdirectory
+- Prioritise: largest files (by size), entry points (index.*, main.*, app.*)
+- Read the full Prisma schema / SQLAlchemy models / Django models file (always)
+- Read all route/controller index files (always)
+- Sample 2-3 files per feature directory
+- Do NOT read test files during mapping (they follow source patterns, not add to them)
+
+If count > 1000 files: read only entry points, schema files, and top-level indices.
+Report to the user: "Large codebase detected ([N] source files).
+Using sampling strategy — some conventions may require manual confirmation."
+
+### Subagent C — Conventions Analyst
+Context: minimal
+Persona: developer.md
+Task:
+```
+Analyse the actual coding conventions used in this repository.
+Read 5-10 representative source files from different areas of the codebase.
+
+Write to: .planning/map-temp/CONVENTIONS-RAW.md
+Infer and document:
+- Naming conventions: variables, functions, classes, files, database columns
+- Import order and grouping style
+- Error handling patterns: how are errors thrown and caught?
+- TypeScript patterns: preferred type patterns, generic usage
+- Comment style: JSDoc, inline, etc.
+- Test file naming and location pattern
+- Async patterns: callbacks / promises / async-await
+- State management (frontend): if applicable
+- Any recurring patterns that appear across multiple files
+
+Important: document what IS there, not what should be there.
+This is a description of reality, not a prescription.
+```
+
+### Subagent D — Quality Baseline Analyst
+Context: minimal
+Persona: qa-engineer.md
+Task:
+```
+Assess the current quality baseline of this repository.
+
+Write to: .planning/map-temp/QUALITY-BASELINE.md
+Check:
+- Test coverage: does a test suite exist? What framework? Run: [test command] --coverage
+- Linting: is a linter configured? (.eslintrc, .pylintrc, ruff.toml, etc.)
+- Type checking: TypeScript config? Strict mode enabled?
+- CI/CD: does it run tests on PRs?
+- Security: any security scanning in CI?
+- Known issues: open GitHub/GitLab issues, TODO count in source
+
+Note: do not fix anything. Only document what exists.
+```
+
+## Step 2 — Synthesise findings
+
+Read all four temp files. Synthesise into the permanent context files.
+
+### Write `.planning/ARCHITECTURE.md`
+
+Use ARCHITECTURE-RAW.md as input. Write a clean, structured architecture document:
+
+```markdown
+# [Project Name] — Architecture
+
+## System overview
+[2-3 sentences from the subagent's findings]
+
+## Technology stack
+[From STACK.md — organised by layer]
+
+## Architectural pattern
+[From ARCHITECTURE-RAW.md]
+
+## Domain model
+[Core entities and their relationships]
+
+## API surface
+[Key endpoints / GraphQL operations / gRPC services found]
+
+## Module structure
+[How the codebase is organised]
+
+## External integrations
+[Third-party services found]
+
+## Known architectural decisions
+[Any ADRs, architecture docs, or README decisions found]
+
+## Quality baseline
+[From QUALITY-BASELINE.md — honest assessment]
+
+## MindForge onboarding notes
+[What was inferred vs. confirmed, what needs human review]
+```
+
+### Write `.mindforge/org/CONVENTIONS.md`
+
+Use CONVENTIONS-RAW.md as input. Write the conventions file in the standard format,
+but clearly mark inferred conventions:
+
+```markdown
+# Coding Conventions — [Project Name]
+# Source: Inferred from codebase analysis by MindForge
+# Status: DRAFT — confirm with team before treating as authoritative
+
+## IMPORTANT
+These conventions were inferred from code analysis. Review each section
+and mark as [CONFIRMED] or [NEEDS REVIEW] before running /mindforge:plan-phase.
+
+## Naming conventions [NEEDS REVIEW]
+[What was found]
+```
+
+## Step 3 — Present findings for confirmation
+
+Present a summary to the user. Ask for confirmation and corrections:
+
+```
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+MindForge Codebase Analysis Complete
+
+  Stack:
+    Runtime   : Node.js 20 (inferred from .nvmrc)
+    Framework : Next.js 14 (inferred from package.json)
+    Database  : PostgreSQL via Prisma (inferred from prisma/schema.prisma)
+    Auth      : NextAuth.js (inferred from package.json)
+
+  Architecture:
+    Pattern   : Feature-based modular (inferred from src/ structure)
+    Entities  : User, Organization, Project, Task (inferred from Prisma schema)
+    API       : REST API in src/app/api/ (24 route files found)
+
+  Quality baseline:
+    Tests     : Vitest, ~340 test files, ~67% coverage (inferred from coverage report)
+    Linting   : ESLint configured, strict TypeScript
+    CI/CD     : GitHub Actions (4 workflows)
+
+  Conventions: see .mindforge/org/CONVENTIONS.md (DRAFT — needs review)
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Does this look correct? (yes / correct [field]: [value] / no)
+```
+
+Wait for user confirmation. Apply any corrections the user provides.
+
+## Step 4 — Write PROJECT.md and STATE.md
+
+After confirmation, write:
+
+`.planning/PROJECT.md` — populated with confirmed findings
+`.planning/STATE.md` — status: "Codebase mapped. Ready to plan first phase."
+Add a warning in STATE.md if CONVENTIONS.md is still DRAFT and requires review.
+`.planning/HANDOFF.json` — updated with onboarding completion
+
+## Step 5 — Clean up and report
+
+After analysis completes, delete `.planning/map-temp/` to avoid stale data.
+
+```bash
+rm -rf .planning/map-temp/
+```
+
+Report to user:
+"✅ Codebase mapped.
+
+  Files created:
+    .planning/ARCHITECTURE.md
+    .planning/PROJECT.md
+    .mindforge/org/CONVENTIONS.md (DRAFT — please review)
+    .planning/STATE.md
+
+  Review .mindforge/org/CONVENTIONS.md and mark each section as [CONFIRMED].
+  Then run /mindforge:plan-phase 1 to begin your first phase."
+
+Write AUDIT entry:
+```json
+{
+  "event": "codebase_mapped",
+  "files_analysed": [N],
+  "entities_found": [N],
+  "api_routes_found": [N],
+  "conventions_confidence": "medium",
+  "requires_human_review": [".mindforge/org/CONVENTIONS.md"]
+}
+```

package/.claude/commands/mindforge/marketplace.md

@@ -1,33 +1,124 @@
 ---
-name: mindforge:marketplace
-description: Discover, evaluate, and install community-published skills
-argument-hint: [search|featured|trending|install|publish]
-allowed-tools:
-  - run_command
-  - list_dir
-  - view_file
+description: Discover, evaluate, and install community-published MindForge skills from the
 ---
 
-<objective>
-Provide a central hub for sharing and consuming battle-tested MindForge skills, allowing developers to extend their agent's capabilities without manual documentation research.
-</objective>
-
-<execution_context>
-.claude/commands/mindforge/marketplace.md
-</execution_context>
-
-<context>
-Platform: Curated layer over npm.
-Subcommands: search, featured, trending, install, publish.
-Quality: Enforces quality scores and session quality lift metrics.
-</context>
-
-<process>
-1. **Query Subcommand**:
-    - `search`: Find relevant skills based on tech stack or domain keywords.
-    - `featured/trending`: Display curated or popular skill lists.
-2. **Install Flow**: Delegate to `/mindforge:install-skill` while surfacing quality scores and expected quality lift.
-3. **Publish Flow**: Validate skill directory for quality (score >= 80), injection safety, and complete history before pushing.
-4. **Render Format**: Display skills with detailed metrics (installs, lifters, triggers).
-5. **Audit**: Log `marketplace_action` including query/skill name and quality scores.
-</process>
+# MindForge v2 — Marketplace Command
+# Usage: /mindforge:marketplace [search|featured|trending|install|publish]
+# Version: v2.0.0-alpha.6
+
+## Purpose
+Discover, evaluate, and install community-published MindForge skills from the
+marketplace — a curated layer on top of the npm registry.
+
+The marketplace is the shortcut: instead of learning from documentation yourself,
+install skills that the community has already created, validated, and battle-tested.
+
+## Sub-commands
+
+### search [query]
+Find skills relevant to your tech stack or domain.
+```
+/mindforge:marketplace search "prisma"
+/mindforge:marketplace search "stripe payment processing"
+/mindforge:marketplace search "HIPAA compliance"
+/mindforge:marketplace search "graphql api"
+```
+
+Output:
+```
+🔍 Marketplace search: "prisma" (6 results)
+
+  1. prisma-advanced (v1.2.3)
+     Advanced Prisma patterns: relations, migrations, performance, cursor pagination
+     847 installs this week
+
+  2. prisma-schema (v1.0.1)
+     Prisma schema design: models, relations, enums, cascade rules
+     234 installs this week
+
+  3. prisma-testing (v1.0.0)
+     Testing Prisma with Jest: database seeding, teardown, transaction rollback
+     156 installs this week
+
+Install: /mindforge:marketplace install prisma-advanced
+```
+
+### featured
+Show curated featured skills by category.
+```
+/mindforge:marketplace featured
+```
+
+Output:
+```
+🏪 MindForge Community Skills — Featured
+
+  Database:
+    db-postgres-advanced v2.1.0  — Advanced PostgreSQL patterns, indexes, partitioning
+    db-prisma-advanced   v1.2.0  — Prisma relations, migrations, query optimisation
+    db-drizzle           v1.0.0  — Drizzle ORM type-safe patterns
+
+  API:
+    api-graphql v1.4.0  — GraphQL schema, resolvers, N+1 prevention
+    api-rest    v2.0.0  — REST API design, versioning, error schemas
+
+  Compliance:
+    fintech-pci-compliance  v1.1.0 — PCI DSS Level 1 safeguards
+    healthtech-hipaa        v1.0.1 — HIPAA Security Rule for PHI
+    [more...]
+```
+
+### trending
+Show most-installed skills this month.
+```
+/mindforge:marketplace trending
+```
+
+### install [name] [--tier project|org]
+Install a marketplace skill.
+```
+/mindforge:marketplace install prisma-advanced
+/mindforge:marketplace install mindforge-skill-api-graphql --tier org
+/mindforge:marketplace install fintech-pci-compliance --tier project
+```
+
+Short names work (without `mindforge-skill-` prefix).
+Delegates to `/mindforge:install-skill` for actual installation.
+Shows quality score and session_quality_lift before installing.
+
+### publish [skill-dir]
+Publish a skill to the community marketplace.
+```
+/mindforge:marketplace publish .mindforge/skills/my-skill/
+```
+
+Requirements:
+- Quality score ≥ 80/100
+- No injection patterns
+- Has complete version history
+- Has author contact (GitHub issues URL)
+
+## Skill quality display format
+
+```
+📊 Skill: prisma-advanced v1.2.3
+   Quality score: 94/100 (Excellent)
+   ★★★★★ Session quality lift: +8.2 points (over 1,247 sessions)
+   847 installs/week | Published by: @prisma-community
+
+   Top trigger keywords: "prisma schema", "@relation", "prisma migrate",
+                          "prisma generate", "onDelete", "cursor pagination"
+
+   [Install] [Preview SKILL.md] [View on npm]
+```
+
+## AUDIT entry
+```json
+{
+  "event": "marketplace_action",
+  "action": "search|install|publish",
+  "query": "[search query if search]",
+  "skill_name": "[name if install/publish]",
+  "quality_score": 94
+}
+```

package/.claude/commands/mindforge/metrics.md

@@ -1,33 +1,26 @@
 ---
-name: mindforge:metrics
-description: Display session and phase quality trends with early warning signals
-argument-hint: [--phase N] [--window short|medium|long] [--export path]
-allowed-tools:
-  - list_dir
-  - view_file
-  - write_to_file
+description: Display session and phase quality trends with early warning signals.
 ---
 
-<objective>
-Provide a dashboard of software delivery metrics, identifying quality trends and providing early warning signals for architectural or process decay.
-</objective>
+# MindForge — Metrics Command
+# Usage: /mindforge:metrics [--phase N] [--window short|medium|long] [--export path]
 
-<execution_context>
-.claude/commands/mindforge/metrics.md
-</execution_context>
+Display session and phase quality trends with early warning signals.
 
-<context>
-Sources: .mindforge/metrics/*.jsonl, .planning/AUDIT.jsonl
-Sub-metrics: Session quality, phase metrics, skill usage, compaction quality.
-</context>
+## Data sources
+- `.mindforge/metrics/session-quality.jsonl`
+- `.mindforge/metrics/phase-metrics.jsonl`
+- `.mindforge/metrics/skill-usage.jsonl`
+- `.mindforge/metrics/compaction-quality.jsonl`
+- `.planning/AUDIT.jsonl` for correlation
 
-<process>
-1. **Fetch Metrics**: Read the relevant JSONL logs based on the requested window.
-2. **Analyze Trends**: Correlate session quality with verify pass rates and security findings.
-3. **Build Dashboard**:
-    - Quality trends graph (text-based).
-    - Failure/Compaction summary.
-    - Early warnings (e.g., "Rising complexity in Wave 2").
-4. **Export (Optional)**: If requested, write the aggregated metrics to the target path.
-5. **Log**: Record `metrics_viewed` in the audit log.
-</process>
+## Dashboard sections
+- session quality trend
+- verify pass/security/failure/compaction summary
+- skill usage distribution
+- early warnings + recommendations
+
+## AUDIT
+```json
+{ "event": "metrics_viewed", "window": "short", "early_warnings": 0 }
+```

package/.claude/commands/mindforge/migrate.md

@@ -1,33 +1,44 @@
 ---
-name: mindforge:migrate
-description: Run explicit schema migrations for planning artifacts
-argument-hint: [--from X.Y.Z] [--to X.Y.Z] [--dry-run] [--force]
-allowed-tools:
-  - run_command
-  - list_dir
-  - view_file
-  - write_to_file
+description: Run explicit schema migrations for .planning/ files.
 ---
 
-<objective>
-Ensures consistency and compatibility of planning files (.planning/*.md, handoff.json) across different versions of MindForge by executing structured schema migrations.
-</objective>
-
-<execution_context>
-.claude/commands/mindforge/migrate.md
-</execution_context>
-
-<context>
-Detection: Compares `schema_version` in HANDOFF.json with current framework version.
-Safety: Mandatory backup before mutation.
-Engine: bin/migrations/migrate.js
-</context>
-
-<process>
-1. **Detect Path**: Determine the migration range based on HANDOFF.json vs package.json.
-2. **Backup**: Create a timestamped backup of the `.planning/` directory.
-3. **Dry-run**: Show the user which files will be modified and describe any breaking schema changes.
-4. **Execute**: Run the migration scripts sequentially across the target files.
-5. **Verify**: Run `/mindforge:health` to ensure the post-migration state is valid.
-6. **Audit**: Log success or failure of the migration process.
-</process>
+# MindForge — Migrate Command
+# Usage: /mindforge:migrate [--from X.Y.Z] [--to X.Y.Z] [--dry-run] [--force]
+
+## Purpose
+Run explicit schema migrations for .planning/ files.
+Normally triggered automatically by /mindforge:update.
+Use this command manually when: auto-migration failed, manual version jump, recovery.
+
+## Flow
+
+### Auto-detect migration need
+Read `schema_version` from HANDOFF.json.
+Compare against current `package.json` version.
+Determine migration path.
+
+### Dry-run mode (--dry-run)
+Show: which migrations would run, what each changes.
+Show: breaking changes for the migration path.
+Make NO changes to any file.
+
+### Backup first
+Before any changes: create `.planning/migration-backup-[timestamp]/`
+Verify backup integrity (file count, non-empty).
+If backup fails: ABORT. Explain disk space issue.
+
+### Execute migrations
+Run `node bin/migrations/migrate.js`.
+Show progress for each migration.
+If any migration fails: auto-restore from backup.
+
+### Verify
+Run /mindforge:health after migration.
+If health errors: report with specific fix instructions.
+Preserve backup until user is satisfied — they must delete it manually.
+
+## Manual version override
+`/mindforge:migrate --from 0.1.0 --to 1.0.0` — forces migration between specified versions.
+Use with care: intended for recovery scenarios where HANDOFF.json schema_version is wrong.
+
+## AUDIT entry

package/.claude/commands/mindforge/milestone.md

@@ -1,35 +1,16 @@
 ---
-name: mindforge:milestone
-description: Create or update a milestone definition and track grouped phase health
-argument-hint: <name> [phase list]
-allowed-tools:
-  - list_dir
-  - write_to_file
-  - view_file
+description: Create or update a milestone definition in .planning/milestones/ and track the
 ---
 
-<objective>
-Define and track major project milestones by grouping phases, monitoring their health, and linking approvals and verification status.
-</objective>
+Create or update a milestone definition in `.planning/milestones/` and track the
+ health of grouped phases. Usage: `/mindforge:milestone <name> [phase list]`
 
-<execution_context>
-.claude/commands/mindforge/milestone.md
-</execution_context>
+## Outputs
+- milestone document with included phases
+- health summary (on track, at risk, blocked)
+- linked approvals, blockers, and verification status
 
-<context>
-Arguments: $ARGUMENTS (Name of milestone and optional list of phase numbers)
-Storage: .planning/milestones/
-Health Rules: Any blocked phase makes the milestone "at risk".
-</context>
-
-<process>
-1. **Parse Arguments**: Extract milestone name and phase list.
-2. **Read State**: Check existing phases in `.planning/phases/`.
-3. **Generate/Update Milestone**:
-    - Create/update `.planning/milestones/[name].md`.
-    - Include phase list, health summary (on track, at risk, blocked), and verification status.
-4. **Evaluate Health**:
-    - Mark as "at risk" if any linked phase is blocked.
-    - Monitor for completed vs. verified phases for release readiness.
-5. **Report**: Summarize milestone health and next actions to the user.
-</process>
+## Health rules
+- any blocked phase makes the milestone at risk
+- missing verification keeps milestone status yellow
+- completed verified phases count toward release readiness