npm - mindforge-cc - Versions diffs - 9.0.0 → 10.0.1 - Mend

mindforge-cc 9.0.0 → 10.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (717) hide show

package/.mindforge/config.json +1 -1
package/.mindforge/personas/a11y-architect.md +190 -0
package/.mindforge/personas/accessibility-tester.md +108 -0
package/.mindforge/personas/api-designer.md +190 -0
package/.mindforge/personas/api-gateway-architect.md +168 -0
package/.mindforge/personas/api-load-tester.md +144 -0
package/.mindforge/personas/authentication-architect.md +163 -0
package/.mindforge/personas/backup-recovery-specialist.md +181 -0
package/.mindforge/personas/browser-extension-architect.md +96 -0
package/.mindforge/personas/build-optimizer.md +160 -0
package/.mindforge/personas/caching-strategist.md +180 -0
package/.mindforge/personas/chaos-engineer.md +207 -0
package/.mindforge/personas/cli-designer.md +151 -0
package/.mindforge/personas/cloud-architect.md +229 -0
package/.mindforge/personas/code-archeologist.md +176 -0
package/.mindforge/personas/code-explorer.md +144 -0
package/.mindforge/personas/compliance-auditor.md +190 -0
package/.mindforge/personas/concurrency-expert.md +310 -0
package/.mindforge/personas/config-management-expert.md +277 -0
package/.mindforge/personas/contract-tester.md +224 -0
package/.mindforge/personas/cost-analyst.md +209 -0
package/.mindforge/personas/data-engineer.md +235 -0
package/.mindforge/personas/data-privacy-engineer.md +187 -0
package/.mindforge/personas/database-expert.md +223 -0
package/.mindforge/personas/dependency-auditor.md +181 -0
package/.mindforge/personas/design-system-engineer.md +115 -0
package/.mindforge/personas/devops-engineer.md +561 -0
package/.mindforge/personas/domain-modeler.md +127 -0
package/.mindforge/personas/email-systems-engineer.md +119 -0
package/.mindforge/personas/error-handling-architect.md +246 -0
package/.mindforge/personas/event-driven-architect.md +134 -0
package/.mindforge/personas/frontend-architect.md +107 -0
package/.mindforge/personas/git-forensics.md +146 -0
package/.mindforge/personas/git-workflow-expert.md +161 -0
package/.mindforge/personas/go-specialist.md +249 -0
package/.mindforge/personas/graphql-specialist.md +195 -0
package/.mindforge/personas/incident-commander.md +214 -0
package/.mindforge/personas/internationalization-expert.md +164 -0
package/.mindforge/personas/java-specialist.md +271 -0
package/.mindforge/personas/kubernetes-debugger.md +175 -0
package/.mindforge/personas/logging-architect.md +200 -0
package/.mindforge/personas/migration-specialist.md +237 -0
package/.mindforge/personas/ml-engineer.md +312 -0
package/.mindforge/personas/mobile-engineer.md +183 -0
package/.mindforge/personas/monorepo-architect.md +323 -0
package/.mindforge/personas/observability-engineer.md +217 -0
package/.mindforge/personas/onboarding-guide.md +265 -0
package/.mindforge/personas/performance-optimizer.md +293 -0
package/.mindforge/personas/product-manager.md +105 -0
package/.mindforge/personas/prompt-engineer.md +200 -0
package/.mindforge/personas/python-specialist.md +277 -0
package/.mindforge/personas/queue-architect.md +136 -0
package/.mindforge/personas/react-specialist.md +97 -0
package/.mindforge/personas/real-time-engineer.md +121 -0
package/.mindforge/personas/refactoring-expert.md +117 -0
package/.mindforge/personas/regex-craftsman.md +130 -0
package/.mindforge/personas/rust-specialist.md +262 -0
package/.mindforge/personas/sdk-designer.md +185 -0
package/.mindforge/personas/search-engineer.md +290 -0
package/.mindforge/personas/senior-reviewer.md +372 -0
package/.mindforge/personas/seo-specialist.md +99 -0
package/.mindforge/personas/spec-reviewer.md +172 -0
package/.mindforge/personas/state-machine-designer.md +172 -0
package/.mindforge/personas/swarm-templates.json +72 -18
package/.mindforge/personas/tailwind-specialist.md +95 -0
package/.mindforge/personas/tech-debt-analyst.md +200 -0
package/.mindforge/personas/tech-stack-selector.md +118 -0
package/.mindforge/personas/technical-interviewer.md +158 -0
package/.mindforge/personas/test-data-engineer.md +169 -0
package/.mindforge/personas/typescript-wizard.md +247 -0
package/.mindforge/personas/ux-auditor.md +251 -0
package/.mindforge/personas/webhook-designer.md +161 -0
package/CHANGELOG.md +82 -0
package/LICENSE +1 -1
package/MINDFORGE.md +18 -5
package/README.md +7 -1
package/RELEASENOTES.md +121 -193
package/SECURITY.md +108 -2
package/bin/autonomous/audit-writer.js +90 -0
package/bin/autonomous/auto-runner.js +209 -431
package/bin/autonomous/state-manager.js +116 -0
package/bin/autonomous/task-dispatcher.js +114 -0
package/bin/autonomous/wave-executor.js +169 -0
package/bin/browser/browser-daemon.js +31 -1
package/bin/change-classifier.js +3 -3
package/bin/dashboard/api-router.js +21 -22
package/bin/dashboard/metrics-aggregator.js +44 -3
package/bin/dashboard/server.js +54 -10
package/bin/dashboard/sse-bridge.js +51 -5
package/bin/engine/learning-manager.js +1 -1
package/bin/engine/mesh-syncer.js +26 -22
package/bin/engine/nexus-tracer.js +6 -5
package/bin/engine/orbital-guardian.js +13 -10
package/bin/engine/skill-evolver.js +12 -14
package/bin/engine/temporal-hub.js +25 -1
package/bin/governance/policy-engine.js +5 -5
package/bin/governance/policy-gate-hardened.js +2 -2
package/bin/governance/quantum-crypto.js +10 -2
package/bin/memory/identity-synthesizer.js +9 -11
package/bin/memory/knowledge-store.js +62 -6
package/bin/memory/semantic-hub.js +26 -30
package/bin/memory/vector-hub.js +377 -193
package/bin/migrations/v8-sqlite-migration.js +22 -21
package/bin/migrations/v9-unified-memory.js +1 -1
package/bin/mindforge-cli.js +47 -11
package/bin/models/model-broker.js +2 -0
package/bin/revops/remediation-queue.js +16 -55
package/bin/utils/errors.js +40 -0
package/bin/utils/file-io.js +102 -0
package/bin/utils/index.js +6 -0
package/bin/utils/paths.js +33 -0
package/docs/commands-reference.md +38 -2
package/docs/getting-started.md +16 -6
package/docs/sdk-reference.md +374 -24
package/docs/troubleshooting.md +4 -4
package/docs/user-guide.md +31 -11
package/examples/sdk-integration/README.md +24 -0
package/examples/sdk-integration/index.js +24 -0
package/examples/starter-project/MINDFORGE.md +8 -8
package/package.json +30 -15
package/.agent/bin/lib/commands.cjs +0 -959
package/.agent/bin/lib/config.cjs +0 -421
package/.agent/bin/lib/core.cjs +0 -1166
package/.agent/bin/lib/frontmatter.cjs +0 -307
package/.agent/bin/lib/init.cjs +0 -1336
package/.agent/bin/lib/milestone.cjs +0 -252
package/.agent/bin/lib/model-profiles.cjs +0 -68
package/.agent/bin/lib/phase.cjs +0 -888
package/.agent/bin/lib/profile-output.cjs +0 -952
package/.agent/bin/lib/profile-pipeline.cjs +0 -539
package/.agent/bin/lib/roadmap.cjs +0 -329
package/.agent/bin/lib/security.cjs +0 -356
package/.agent/bin/lib/state.cjs +0 -969
package/.agent/bin/lib/template.cjs +0 -222
package/.agent/bin/lib/uat.cjs +0 -189
package/.agent/bin/lib/verify.cjs +0 -851
package/.agent/bin/lib/workstream.cjs +0 -491
package/.agent/bin/mindforge-tools.cjs +0 -897
package/.agent/file-manifest.json +0 -219
package/.agent/forge/help.md +0 -11
package/.agent/forge/init-project.md +0 -36
package/.agent/forge/plan-phase.md +0 -34
package/.agent/mindforge/add-backlog.md +0 -32
package/.agent/mindforge/agent.md +0 -31
package/.agent/mindforge/approve.md +0 -22
package/.agent/mindforge/audit.md +0 -34
package/.agent/mindforge/auto.md +0 -26
package/.agent/mindforge/benchmark.md +0 -37
package/.agent/mindforge/browse.md +0 -30
package/.agent/mindforge/complete-milestone.md +0 -22
package/.agent/mindforge/costs.md +0 -15
package/.agent/mindforge/cross-review.md +0 -21
package/.agent/mindforge/dashboard.md +0 -102
package/.agent/mindforge/debug.md +0 -133
package/.agent/mindforge/discuss-phase.md +0 -142
package/.agent/mindforge/do.md +0 -31
package/.agent/mindforge/execute-phase.md +0 -200
package/.agent/mindforge/health.md +0 -31
package/.agent/mindforge/help.md +0 -33
package/.agent/mindforge/init-org.md +0 -135
package/.agent/mindforge/init-project.md +0 -170
package/.agent/mindforge/install-skill.md +0 -28
package/.agent/mindforge/learn.md +0 -147
package/.agent/mindforge/learning.md +0 -20
package/.agent/mindforge/map-codebase.md +0 -302
package/.agent/mindforge/marketplace.md +0 -124
package/.agent/mindforge/metrics.md +0 -26
package/.agent/mindforge/migrate.md +0 -44
package/.agent/mindforge/milestone.md +0 -16
package/.agent/mindforge/new-runtime.md +0 -23
package/.agent/mindforge/next.md +0 -109
package/.agent/mindforge/note.md +0 -35
package/.agent/mindforge/plan-phase.md +0 -131
package/.agent/mindforge/plant-seed.md +0 -31
package/.agent/mindforge/plugins.md +0 -44
package/.agent/mindforge/pr-review.md +0 -45
package/.agent/mindforge/profile-team.md +0 -27
package/.agent/mindforge/publish-skill.md +0 -23
package/.agent/mindforge/qa.md +0 -20
package/.agent/mindforge/quick.md +0 -139
package/.agent/mindforge/record-learning.md +0 -22
package/.agent/mindforge/release.md +0 -14
package/.agent/mindforge/remember.md +0 -30
package/.agent/mindforge/research.md +0 -16
package/.agent/mindforge/retrospective.md +0 -31
package/.agent/mindforge/review-backlog.md +0 -34
package/.agent/mindforge/review.md +0 -161
package/.agent/mindforge/security-scan.md +0 -242
package/.agent/mindforge/session-report.md +0 -39
package/.agent/mindforge/ship.md +0 -111
package/.agent/mindforge/skills.md +0 -145
package/.agent/mindforge/status.md +0 -113
package/.agent/mindforge/steer.md +0 -17
package/.agent/mindforge/sync-confluence.md +0 -15
package/.agent/mindforge/sync-jira.md +0 -16
package/.agent/mindforge/tokens.md +0 -12
package/.agent/mindforge/ui-phase.md +0 -34
package/.agent/mindforge/ui-review.md +0 -36
package/.agent/mindforge/update.md +0 -46
package/.agent/mindforge/validate-phase.md +0 -31
package/.agent/mindforge/verify-phase.md +0 -66
package/.agent/mindforge/workspace.md +0 -33
package/.agent/mindforge/workstreams.md +0 -35
package/.agent/settings.json +0 -42
package/.agent/skills/mindforge-add-backlog/SKILL.md +0 -72
package/.agent/skills/mindforge-add-phase/SKILL.md +0 -39
package/.agent/skills/mindforge-add-tests/SKILL.md +0 -28
package/.agent/skills/mindforge-add-todo/SKILL.md +0 -42
package/.agent/skills/mindforge-audit-milestone/SKILL.md +0 -29
package/.agent/skills/mindforge-audit-uat/SKILL.md +0 -20
package/.agent/skills/mindforge-autonomous/SKILL.md +0 -33
package/.agent/skills/mindforge-brainstorming/SKILL.md +0 -164
package/.agent/skills/mindforge-brainstorming/scripts/frame-template.html +0 -214
package/.agent/skills/mindforge-brainstorming/scripts/helper.js +0 -88
package/.agent/skills/mindforge-brainstorming/scripts/server.cjs +0 -354
package/.agent/skills/mindforge-brainstorming/scripts/start-server.sh +0 -148
package/.agent/skills/mindforge-brainstorming/scripts/stop-server.sh +0 -56
package/.agent/skills/mindforge-brainstorming/spec-document-reviewer-prompt.md +0 -49
package/.agent/skills/mindforge-brainstorming/visual-companion.md +0 -287
package/.agent/skills/mindforge-check-todos/SKILL.md +0 -40
package/.agent/skills/mindforge-cleanup/SKILL.md +0 -19
package/.agent/skills/mindforge-complete-milestone/SKILL.md +0 -131
package/.agent/skills/mindforge-debug/SKILL.md +0 -163
package/.agent/skills/mindforge-debug_extended/CREATION-LOG.md +0 -119
package/.agent/skills/mindforge-debug_extended/SKILL.md +0 -296
package/.agent/skills/mindforge-debug_extended/condition-based-waiting-example.ts +0 -158
package/.agent/skills/mindforge-debug_extended/condition-based-waiting.md +0 -115
package/.agent/skills/mindforge-debug_extended/defense-in-depth.md +0 -122
package/.agent/skills/mindforge-debug_extended/find-polluter.sh +0 -63
package/.agent/skills/mindforge-debug_extended/root-cause-tracing.md +0 -169
package/.agent/skills/mindforge-debug_extended/test-academic.md +0 -14
package/.agent/skills/mindforge-debug_extended/test-pressure-1.md +0 -58
package/.agent/skills/mindforge-debug_extended/test-pressure-2.md +0 -68
package/.agent/skills/mindforge-debug_extended/test-pressure-3.md +0 -69
package/.agent/skills/mindforge-discuss-phase/SKILL.md +0 -54
package/.agent/skills/mindforge-do/SKILL.md +0 -26
package/.agent/skills/mindforge-execute-phase/SKILL.md +0 -49
package/.agent/skills/mindforge-execute-phase_extended/SKILL.md +0 -70
package/.agent/skills/mindforge-fast/SKILL.md +0 -23
package/.agent/skills/mindforge-forensics/SKILL.md +0 -49
package/.agent/skills/mindforge-health/SKILL.md +0 -17
package/.agent/skills/mindforge-help/SKILL.md +0 -23
package/.agent/skills/mindforge-insert-phase/SKILL.md +0 -28
package/.agent/skills/mindforge-join-discord/SKILL.md +0 -19
package/.agent/skills/mindforge-list-phase-assumptions/SKILL.md +0 -41
package/.agent/skills/mindforge-list-workspaces/SKILL.md +0 -17
package/.agent/skills/mindforge-manager/SKILL.md +0 -32
package/.agent/skills/mindforge-map-codebase/SKILL.md +0 -64
package/.agent/skills/mindforge-milestone-summary/SKILL.md +0 -44
package/.agent/skills/mindforge-neural-orchestrator/SKILL.md +0 -115
package/.agent/skills/mindforge-neural-orchestrator/references/codex-tools.md +0 -100
package/.agent/skills/mindforge-neural-orchestrator/references/gemini-tools.md +0 -33
package/.agent/skills/mindforge-new-milestone/SKILL.md +0 -38
package/.agent/skills/mindforge-new-project/SKILL.md +0 -36
package/.agent/skills/mindforge-new-workspace/SKILL.md +0 -39
package/.agent/skills/mindforge-next/SKILL.md +0 -19
package/.agent/skills/mindforge-note/SKILL.md +0 -29
package/.agent/skills/mindforge-parallel-mesh_extended/SKILL.md +0 -182
package/.agent/skills/mindforge-pause-work/SKILL.md +0 -35
package/.agent/skills/mindforge-plan-milestone-gaps/SKILL.md +0 -28
package/.agent/skills/mindforge-plan-phase/SKILL.md +0 -38
package/.agent/skills/mindforge-plan-phase_extended/SKILL.md +0 -152
package/.agent/skills/mindforge-plan-phase_extended/plan-document-reviewer-prompt.md +0 -49
package/.agent/skills/mindforge-plant-seed/SKILL.md +0 -22
package/.agent/skills/mindforge-pr-branch/SKILL.md +0 -21
package/.agent/skills/mindforge-profile-user/SKILL.md +0 -38
package/.agent/skills/mindforge-progress/SKILL.md +0 -19
package/.agent/skills/mindforge-quick/SKILL.md +0 -38
package/.agent/skills/mindforge-reapply-patches/SKILL.md +0 -124
package/.agent/skills/mindforge-remove-phase/SKILL.md +0 -26
package/.agent/skills/mindforge-remove-workspace/SKILL.md +0 -22
package/.agent/skills/mindforge-research-phase/SKILL.md +0 -186
package/.agent/skills/mindforge-resume-work/SKILL.md +0 -35
package/.agent/skills/mindforge-review/SKILL.md +0 -31
package/.agent/skills/mindforge-review-backlog/SKILL.md +0 -58
package/.agent/skills/mindforge-review-inbound/SKILL.md +0 -213
package/.agent/skills/mindforge-review-request/SKILL.md +0 -105
package/.agent/skills/mindforge-review-request/code-reviewer.md +0 -146
package/.agent/skills/mindforge-session-report/SKILL.md +0 -16
package/.agent/skills/mindforge-set-profile/SKILL.md +0 -9
package/.agent/skills/mindforge-settings/SKILL.md +0 -32
package/.agent/skills/mindforge-ship/SKILL.md +0 -16
package/.agent/skills/mindforge-ship_extended/SKILL.md +0 -200
package/.agent/skills/mindforge-skill-creation/SKILL.md +0 -655
package/.agent/skills/mindforge-skill-creation/anthropic-best-practices.md +0 -1150
package/.agent/skills/mindforge-skill-creation/examples/CLAUDE_MD_TESTING.md +0 -189
package/.agent/skills/mindforge-skill-creation/graphviz-conventions.dot +0 -172
package/.agent/skills/mindforge-skill-creation/persuasion-principles.md +0 -187
package/.agent/skills/mindforge-skill-creation/render-graphs.js +0 -168
package/.agent/skills/mindforge-skill-creation/testing-skills-with-subagents.md +0 -384
package/.agent/skills/mindforge-stats/SKILL.md +0 -16
package/.agent/skills/mindforge-swarm-execution/SKILL.md +0 -277
package/.agent/skills/mindforge-swarm-execution/code-quality-reviewer-prompt.md +0 -26
package/.agent/skills/mindforge-swarm-execution/implementer-prompt.md +0 -113
package/.agent/skills/mindforge-swarm-execution/spec-reviewer-prompt.md +0 -61
package/.agent/skills/mindforge-system-architecture/SKILL.md +0 -136
package/.agent/skills/mindforge-system-architecture/examples.md +0 -120
package/.agent/skills/mindforge-system-architecture/scaling-checklist.md +0 -76
package/.agent/skills/mindforge-tdd/SKILL.md +0 -112
package/.agent/skills/mindforge-tdd/deep-modules.md +0 -21
package/.agent/skills/mindforge-tdd/interface-design.md +0 -22
package/.agent/skills/mindforge-tdd/mocking.md +0 -24
package/.agent/skills/mindforge-tdd/refactoring.md +0 -21
package/.agent/skills/mindforge-tdd/tests.md +0 -28
package/.agent/skills/mindforge-tdd_extended/SKILL.md +0 -371
package/.agent/skills/mindforge-tdd_extended/testing-anti-patterns.md +0 -299
package/.agent/skills/mindforge-thread/SKILL.md +0 -123
package/.agent/skills/mindforge-ui-phase/SKILL.md +0 -24
package/.agent/skills/mindforge-ui-review/SKILL.md +0 -24
package/.agent/skills/mindforge-update/SKILL.md +0 -35
package/.agent/skills/mindforge-validate-phase/SKILL.md +0 -26
package/.agent/skills/mindforge-verify-work/SKILL.md +0 -30
package/.agent/skills/mindforge-verify-work_extended/SKILL.md +0 -139
package/.agent/skills/mindforge-workspace-isolated/SKILL.md +0 -218
package/.agent/skills/mindforge-workstreams/SKILL.md +0 -65
package/.agent/workflows/forge:help.md +0 -10
package/.agent/workflows/forge:init-project.md +0 -35
package/.agent/workflows/forge:plan-phase.md +0 -33
package/.agent/workflows/mindforge-add-phase.md +0 -112
package/.agent/workflows/mindforge-add-tests.md +0 -351
package/.agent/workflows/mindforge-add-todo.md +0 -158
package/.agent/workflows/mindforge-audit-milestone.md +0 -332
package/.agent/workflows/mindforge-audit-uat.md +0 -109
package/.agent/workflows/mindforge-autonomous.md +0 -815
package/.agent/workflows/mindforge-check-todos.md +0 -177
package/.agent/workflows/mindforge-cleanup.md +0 -152
package/.agent/workflows/mindforge-complete-milestone.md +0 -766
package/.agent/workflows/mindforge-diagnose-issues.md +0 -220
package/.agent/workflows/mindforge-discovery-phase.md +0 -289
package/.agent/workflows/mindforge-discuss-phase-assumptions.md +0 -645
package/.agent/workflows/mindforge-discuss-phase.md +0 -1047
package/.agent/workflows/mindforge-do.md +0 -104
package/.agent/workflows/mindforge-execute-phase.md +0 -838
package/.agent/workflows/mindforge-execute-plan.md +0 -509
package/.agent/workflows/mindforge-fast.md +0 -105
package/.agent/workflows/mindforge-forensics.md +0 -265
package/.agent/workflows/mindforge-health.md +0 -181
package/.agent/workflows/mindforge-help.md +0 -606
package/.agent/workflows/mindforge-insert-phase.md +0 -130
package/.agent/workflows/mindforge-list-phase-assumptions.md +0 -178
package/.agent/workflows/mindforge-list-workspaces.md +0 -56
package/.agent/workflows/mindforge-manager.md +0 -360
package/.agent/workflows/mindforge-map-codebase.md +0 -370
package/.agent/workflows/mindforge-milestone-summary.md +0 -223
package/.agent/workflows/mindforge-new-milestone.md +0 -469
package/.agent/workflows/mindforge-new-project.md +0 -1226
package/.agent/workflows/mindforge-new-workspace.md +0 -237
package/.agent/workflows/mindforge-next.md +0 -97
package/.agent/workflows/mindforge-node-repair.md +0 -92
package/.agent/workflows/mindforge-note.md +0 -156
package/.agent/workflows/mindforge-pause-work.md +0 -176
package/.agent/workflows/mindforge-plan-milestone-gaps.md +0 -273
package/.agent/workflows/mindforge-plan-phase.md +0 -877
package/.agent/workflows/mindforge-plant-seed.md +0 -169
package/.agent/workflows/mindforge-pr-branch.md +0 -129
package/.agent/workflows/mindforge-profile-user.md +0 -450
package/.agent/workflows/mindforge-progress.md +0 -507
package/.agent/workflows/mindforge-quick.md +0 -732
package/.agent/workflows/mindforge-remove-phase.md +0 -155
package/.agent/workflows/mindforge-remove-workspace.md +0 -90
package/.agent/workflows/mindforge-research-phase.md +0 -74
package/.agent/workflows/mindforge-resume-project.md +0 -325
package/.agent/workflows/mindforge-review.md +0 -228
package/.agent/workflows/mindforge-session-report.md +0 -146
package/.agent/workflows/mindforge-settings.md +0 -283
package/.agent/workflows/mindforge-ship.md +0 -228
package/.agent/workflows/mindforge-stats.md +0 -60
package/.agent/workflows/mindforge-transition.md +0 -671
package/.agent/workflows/mindforge-ui-phase.md +0 -290
package/.agent/workflows/mindforge-ui-review.md +0 -157
package/.agent/workflows/mindforge-update.md +0 -323
package/.agent/workflows/mindforge-validate-phase.md +0 -167
package/.agent/workflows/mindforge-verify-phase.md +0 -254
package/.agent/workflows/mindforge-verify-work.md +0 -628
package/.agent/workflows/mindforge:add-backlog.md +0 -24
package/.agent/workflows/mindforge:agent.md +0 -25
package/.agent/workflows/mindforge:approve.md +0 -21
package/.agent/workflows/mindforge:architecture.md +0 -40
package/.agent/workflows/mindforge:audit.md +0 -33
package/.agent/workflows/mindforge:auto.md +0 -25
package/.agent/workflows/mindforge:benchmark.md +0 -36
package/.agent/workflows/mindforge:brainstorming.md +0 -16
package/.agent/workflows/mindforge:browse.md +0 -29
package/.agent/workflows/mindforge:complete-milestone.md +0 -21
package/.agent/workflows/mindforge:costs.md +0 -14
package/.agent/workflows/mindforge:cross-review.md +0 -20
package/.agent/workflows/mindforge:dashboard.md +0 -101
package/.agent/workflows/mindforge:debug.md +0 -131
package/.agent/workflows/mindforge:discuss-phase.md +0 -141
package/.agent/workflows/mindforge:do.md +0 -25
package/.agent/workflows/mindforge:execute-phase.md +0 -205
package/.agent/workflows/mindforge:executor.md +0 -18
package/.agent/workflows/mindforge:health.md +0 -24
package/.agent/workflows/mindforge:help.md +0 -26
package/.agent/workflows/mindforge:identity.md +0 -18
package/.agent/workflows/mindforge:init-org.md +0 -134
package/.agent/workflows/mindforge:init-project.md +0 -185
package/.agent/workflows/mindforge:install-skill.md +0 -27
package/.agent/workflows/mindforge:learn.md +0 -146
package/.agent/workflows/mindforge:map-codebase.md +0 -301
package/.agent/workflows/mindforge:marketplace.md +0 -123
package/.agent/workflows/mindforge:memory.md +0 -18
package/.agent/workflows/mindforge:metrics.md +0 -25
package/.agent/workflows/mindforge:migrate.md +0 -43
package/.agent/workflows/mindforge:milestone.md +0 -15
package/.agent/workflows/mindforge:new-runtime.md +0 -22
package/.agent/workflows/mindforge:next.md +0 -108
package/.agent/workflows/mindforge:note.md +0 -27
package/.agent/workflows/mindforge:plan-phase.md +0 -139
package/.agent/workflows/mindforge:planner.md +0 -18
package/.agent/workflows/mindforge:plant-seed.md +0 -24
package/.agent/workflows/mindforge:plugins.md +0 -43
package/.agent/workflows/mindforge:pr-review.md +0 -44
package/.agent/workflows/mindforge:profile-team.md +0 -26
package/.agent/workflows/mindforge:publish-skill.md +0 -22
package/.agent/workflows/mindforge:qa.md +0 -19
package/.agent/workflows/mindforge:quick.md +0 -138
package/.agent/workflows/mindforge:release.md +0 -13
package/.agent/workflows/mindforge:remember.md +0 -29
package/.agent/workflows/mindforge:research.md +0 -15
package/.agent/workflows/mindforge:researcher.md +0 -18
package/.agent/workflows/mindforge:retrospective.md +0 -29
package/.agent/workflows/mindforge:review-backlog.md +0 -26
package/.agent/workflows/mindforge:review.md +0 -160
package/.agent/workflows/mindforge:reviewer.md +0 -18
package/.agent/workflows/mindforge:security-scan.md +0 -236
package/.agent/workflows/mindforge:session-report.md +0 -31
package/.agent/workflows/mindforge:ship.md +0 -108
package/.agent/workflows/mindforge:skills.md +0 -144
package/.agent/workflows/mindforge:soul.md +0 -54
package/.agent/workflows/mindforge:status.md +0 -107
package/.agent/workflows/mindforge:steer.md +0 -16
package/.agent/workflows/mindforge:sync-confluence.md +0 -14
package/.agent/workflows/mindforge:sync-jira.md +0 -15
package/.agent/workflows/mindforge:tdd.md +0 -46
package/.agent/workflows/mindforge:tokens.md +0 -11
package/.agent/workflows/mindforge:tool.md +0 -18
package/.agent/workflows/mindforge:ui-phase.md +0 -27
package/.agent/workflows/mindforge:ui-review.md +0 -28
package/.agent/workflows/mindforge:update.md +0 -45
package/.agent/workflows/mindforge:validate-phase.md +0 -25
package/.agent/workflows/mindforge:verify-phase.md +0 -65
package/.agent/workflows/mindforge:workspace.md +0 -32
package/.agent/workflows/mindforge:workstreams.md +0 -27
package/.agent/workflows/publish-release.md +0 -36
package/.claude/CLAUDE.md +0 -102
package/.claude/commands/forge/help.md +0 -7
package/.claude/commands/forge/init-project.md +0 -32
package/.claude/commands/forge/plan-phase.md +0 -30
package/.claude/commands/mindforge/add-backlog.md +0 -32
package/.claude/commands/mindforge/agent.md +0 -31
package/.claude/commands/mindforge/approve.md +0 -22
package/.claude/commands/mindforge/audit.md +0 -34
package/.claude/commands/mindforge/auto.md +0 -26
package/.claude/commands/mindforge/benchmark.md +0 -37
package/.claude/commands/mindforge/browse.md +0 -30
package/.claude/commands/mindforge/complete-milestone.md +0 -22
package/.claude/commands/mindforge/costs.md +0 -15
package/.claude/commands/mindforge/cross-review.md +0 -21
package/.claude/commands/mindforge/dashboard.md +0 -102
package/.claude/commands/mindforge/debug.md +0 -133
package/.claude/commands/mindforge/discuss-phase.md +0 -142
package/.claude/commands/mindforge/do.md +0 -31
package/.claude/commands/mindforge/execute-phase.md +0 -200
package/.claude/commands/mindforge/health.md +0 -31
package/.claude/commands/mindforge/help.md +0 -33
package/.claude/commands/mindforge/init-org.md +0 -135
package/.claude/commands/mindforge/init-project.md +0 -170
package/.claude/commands/mindforge/install-skill.md +0 -28
package/.claude/commands/mindforge/learn.md +0 -147
package/.claude/commands/mindforge/learning.md +0 -20
package/.claude/commands/mindforge/map-codebase.md +0 -302
package/.claude/commands/mindforge/marketplace.md +0 -124
package/.claude/commands/mindforge/metrics.md +0 -26
package/.claude/commands/mindforge/migrate.md +0 -44
package/.claude/commands/mindforge/milestone.md +0 -16
package/.claude/commands/mindforge/new-runtime.md +0 -23
package/.claude/commands/mindforge/next.md +0 -109
package/.claude/commands/mindforge/note.md +0 -35
package/.claude/commands/mindforge/plan-phase.md +0 -131
package/.claude/commands/mindforge/plant-seed.md +0 -31
package/.claude/commands/mindforge/plugins.md +0 -44
package/.claude/commands/mindforge/pr-review.md +0 -45
package/.claude/commands/mindforge/profile-team.md +0 -27
package/.claude/commands/mindforge/publish-skill.md +0 -23
package/.claude/commands/mindforge/qa.md +0 -20
package/.claude/commands/mindforge/quick.md +0 -139
package/.claude/commands/mindforge/record-learning.md +0 -22
package/.claude/commands/mindforge/release.md +0 -14
package/.claude/commands/mindforge/remember.md +0 -30
package/.claude/commands/mindforge/research.md +0 -16
package/.claude/commands/mindforge/retrospective.md +0 -31
package/.claude/commands/mindforge/review-backlog.md +0 -34
package/.claude/commands/mindforge/review.md +0 -161
package/.claude/commands/mindforge/security-scan.md +0 -242
package/.claude/commands/mindforge/session-report.md +0 -39
package/.claude/commands/mindforge/ship.md +0 -111
package/.claude/commands/mindforge/skills.md +0 -145
package/.claude/commands/mindforge/status.md +0 -113
package/.claude/commands/mindforge/steer.md +0 -17
package/.claude/commands/mindforge/sync-confluence.md +0 -15
package/.claude/commands/mindforge/sync-jira.md +0 -16
package/.claude/commands/mindforge/tokens.md +0 -12
package/.claude/commands/mindforge/ui-phase.md +0 -34
package/.claude/commands/mindforge/ui-review.md +0 -36
package/.claude/commands/mindforge/update.md +0 -46
package/.claude/commands/mindforge/validate-phase.md +0 -31
package/.claude/commands/mindforge/verify-phase.md +0 -66
package/.claude/commands/mindforge/workspace.md +0 -33
package/.claude/commands/mindforge/workstreams.md +0 -35
package/.claude/settings.local.json +0 -16
package/.mindforge/audit/AUDIT-SCHEMA.md +0 -470
package/.mindforge/browser/daemon-protocol.md +0 -24
package/.mindforge/browser/qa-engine.md +0 -16
package/.mindforge/browser/session-manager.md +0 -18
package/.mindforge/browser/visual-verify-spec.md +0 -31
package/.mindforge/celestial.db +0 -0
package/.mindforge/ci/ci-config-schema.md +0 -21
package/.mindforge/ci/ci-mode.md +0 -179
package/.mindforge/ci/github-actions-adapter.md +0 -224
package/.mindforge/ci/gitlab-ci-adapter.md +0 -31
package/.mindforge/ci/jenkins-adapter.md +0 -44
package/.mindforge/dashboard/api-reference.md +0 -122
package/.mindforge/dashboard/dashboard-spec.md +0 -96
package/.mindforge/distribution/marketplace.md +0 -53
package/.mindforge/distribution/registry-client.md +0 -166
package/.mindforge/distribution/registry-schema.md +0 -96
package/.mindforge/distribution/skill-publisher.md +0 -44
package/.mindforge/distribution/skill-validator.md +0 -74
package/.mindforge/governance/GOVERNANCE-CONFIG.md +0 -17
package/.mindforge/governance/approval-workflow.md +0 -37
package/.mindforge/governance/change-classifier.md +0 -63
package/.mindforge/governance/compliance-gates.md +0 -31
package/.mindforge/governance/policies/sovereign-default.json +0 -16
package/.mindforge/integrations/confluence.md +0 -27
package/.mindforge/integrations/connection-manager.md +0 -163
package/.mindforge/integrations/github.md +0 -25
package/.mindforge/integrations/gitlab.md +0 -13
package/.mindforge/integrations/jira.md +0 -102
package/.mindforge/integrations/slack.md +0 -41
package/.mindforge/intelligence/antipattern-detector.md +0 -75
package/.mindforge/intelligence/difficulty-scorer.md +0 -55
package/.mindforge/intelligence/health-engine.md +0 -208
package/.mindforge/intelligence/skill-gap-analyser.md +0 -40
package/.mindforge/intelligence/smart-compaction.md +0 -71
package/.mindforge/memory/MEMORY-SCHEMA.md +0 -155
package/.mindforge/memory/engine/capture-protocol.md +0 -36
package/.mindforge/memory/engine/global-sync-spec.md +0 -42
package/.mindforge/memory/engine/retrieval-spec.md +0 -44
package/.mindforge/memory/sync-manifest.json +0 -6
package/.mindforge/metrics/METRICS-SCHEMA.md +0 -42
package/.mindforge/metrics/quality-tracker.md +0 -32
package/.mindforge/models/model-registry.md +0 -48
package/.mindforge/models/model-router.md +0 -30
package/.mindforge/monorepo/cross-package-planner.md +0 -114
package/.mindforge/monorepo/dependency-graph-builder.md +0 -32
package/.mindforge/monorepo/workspace-detector.md +0 -129
package/.mindforge/org/CONVENTIONS.md +0 -62
package/.mindforge/org/ORG.md +0 -51
package/.mindforge/org/SECURITY.md +0 -50
package/.mindforge/org/TOOLS.md +0 -53
package/.mindforge/org/integrations/INTEGRATIONS-CONFIG.md +0 -58
package/.mindforge/org/skills/MANIFEST.md +0 -15
package/.mindforge/plugins/PLUGINS-MANIFEST.md +0 -23
package/.mindforge/plugins/plugin-loader.md +0 -93
package/.mindforge/plugins/plugin-registry.md +0 -44
package/.mindforge/plugins/plugin-schema.md +0 -68
package/.mindforge/pr-review/ai-reviewer.md +0 -266
package/.mindforge/pr-review/finding-formatter.md +0 -46
package/.mindforge/pr-review/review-prompt-templates.md +0 -44
package/.mindforge/production/compatibility-layer.md +0 -39
package/.mindforge/production/migration-engine.md +0 -52
package/.mindforge/production/production-checklist.md +0 -76
package/.mindforge/production/token-optimiser.md +0 -68
package/.mindforge/skills-builder/auto-capture-protocol.md +0 -88
package/.mindforge/skills-builder/learn-protocol.md +0 -161
package/.mindforge/skills-builder/quality-scoring.md +0 -120
package/.mindforge/team/TEAM-PROFILE.md +0 -42
package/.mindforge/team/multi-handoff.md +0 -23
package/.mindforge/team/profiles/README.md +0 -13
package/.mindforge/team/session-merger.md +0 -18
package/.planning/ARCHITECTURE.md +0 -0
package/.planning/HANDOFF.json +0 -8
package/.planning/PROJECT.md +0 -33
package/.planning/RELEASE-CHECKLIST.md +0 -68
package/.planning/REQUIREMENTS.md +0 -35
package/.planning/ROADMAP.md +0 -12
package/.planning/STATE.md +0 -36
package/.planning/approvals/.gitkeep +0 -1
package/.planning/archive/.gitkeep +0 -1
package/.planning/audit-archive/.gitkeep +0 -1
package/.planning/decisions/.gitkeep +0 -0
package/.planning/jira-sync.json +0 -1
package/.planning/milestones/.gitkeep +0 -1
package/.planning/phases/.gitkeep +0 -0
package/.planning/research/.gitkeep +0 -0
package/.planning/screenshots/.gitkeep +0 -0
package/.planning/slack-threads.json +0 -1
package/docs/CAPABILITIES-MANIFEST.md +0 -64
package/docs/Context/Master-Context.md +0 -731
package/docs/INTELLIGENCE-MESH.md +0 -37
package/docs/MIND-FORGE-REFERENCE-V6.md +0 -96
package/docs/PERSONAS.md +0 -960
package/docs/References/audit-events.md +0 -59
package/docs/References/checkpoints.md +0 -778
package/docs/References/commands.md +0 -107
package/docs/References/config-reference.md +0 -81
package/docs/References/continuation-format.md +0 -249
package/docs/References/decimal-phase-calculation.md +0 -64
package/docs/References/git-integration.md +0 -295
package/docs/References/git-planning-commit.md +0 -38
package/docs/References/model-profile-resolution.md +0 -36
package/docs/References/model-profiles.md +0 -139
package/docs/References/phase-argument-parsing.md +0 -61
package/docs/References/planning-config.md +0 -202
package/docs/References/questioning.md +0 -162
package/docs/References/sdk-api.md +0 -53
package/docs/References/skills-api.md +0 -57
package/docs/References/tdd.md +0 -263
package/docs/References/ui-brand.md +0 -160
package/docs/References/user-profiling.md +0 -681
package/docs/References/verification-patterns.md +0 -612
package/docs/References/workstream-flag.md +0 -58
package/docs/Templates/Agents/CLAUDE-MD.md +0 -122
package/docs/Templates/Agents/COPILOT-INSTRUCTIONS.md +0 -7
package/docs/Templates/Agents/DEBUGGER-PROMPT.md +0 -91
package/docs/Templates/Agents/PLANNER-PROMPT.md +0 -117
package/docs/Templates/Codebase/architecture.md +0 -255
package/docs/Templates/Codebase/concerns.md +0 -310
package/docs/Templates/Codebase/conventions.md +0 -307
package/docs/Templates/Codebase/integrations.md +0 -280
package/docs/Templates/Codebase/stack.md +0 -186
package/docs/Templates/Codebase/structure.md +0 -285
package/docs/Templates/Codebase/testing.md +0 -480
package/docs/Templates/Execution/CONTINUE-HERE.md +0 -78
package/docs/Templates/Execution/DISCUSSION-LOG.md +0 -63
package/docs/Templates/Execution/PHASE-PROMPT.md +0 -610
package/docs/Templates/Execution/STATE.md +0 -176
package/docs/Templates/Execution/SUMMARY-COMPLEX.md +0 -59
package/docs/Templates/Execution/SUMMARY-MINIMAL.md +0 -41
package/docs/Templates/Execution/SUMMARY-STANDARD.md +0 -48
package/docs/Templates/Execution/SUMMARY.md +0 -248
package/docs/Templates/Profile/DEV-PREFERENCES.md +0 -21
package/docs/Templates/Profile/USER-PROFILE.md +0 -146
package/docs/Templates/Profile/USER-SETUP.md +0 -311
package/docs/Templates/Project/AGENTS_LEARNING.md +0 -88
package/docs/Templates/Project/DISCOVERY.md +0 -146
package/docs/Templates/Project/MILESTONE-ARCHIVE.md +0 -123
package/docs/Templates/Project/MILESTONE.md +0 -115
package/docs/Templates/Project/PROJECT.md +0 -206
package/docs/Templates/Project/REQUIREMENTS.md +0 -231
package/docs/Templates/Project/RETROSPECTIVE.md +0 -54
package/docs/Templates/Project/ROADMAP.md +0 -202
package/docs/Templates/Quality/DEBUG.md +0 -164
package/docs/Templates/Quality/UAT.md +0 -280
package/docs/Templates/Quality/UI-SPEC.md +0 -100
package/docs/Templates/Quality/VALIDATION.md +0 -76
package/docs/Templates/Quality/VERIFICATION-REPORT.md +0 -322
package/docs/Templates/Research/ARCHITECTURE.md +0 -204
package/docs/Templates/Research/FEATURES.md +0 -147
package/docs/Templates/Research/PITFALLS.md +0 -200
package/docs/Templates/Research/STACK.md +0 -120
package/docs/Templates/Research/SUMMARY.md +0 -170
package/docs/Templates/System/CONFIG.json +0 -43
package/docs/Templates/System/CONTEXT.md +0 -352
package/docs/adr/ADR-024-browser-localhost-only.md +0 -17
package/docs/adr/ADR-025-visual-verify-failure-treatment.md +0 -19
package/docs/adr/ADR-026-session-persistence-security.md +0 -20
package/docs/adr/ADR-042-ads-protocol.md +0 -30
package/docs/architecture/NEXUS-DASHBOARD.md +0 -35
package/docs/architecture/PAR-ZTS-SURVEY.md +0 -43
package/docs/architecture/README.md +0 -78
package/docs/architecture/V3-CORE.md +0 -52
package/docs/architecture/V4-SWARM-MESH.md +0 -77
package/docs/architecture/V5-ENTERPRISE.md +0 -131
package/docs/architecture/V6-SOVEREIGN.md +0 -43
package/docs/architecture/V8-SRE.md +0 -88
package/docs/architecture/V9-BEDROCK.md +0 -162
package/docs/architecture/adr-039-multi-runtime-support.md +0 -20
package/docs/architecture/adr-040-additive-schema-migration.md +0 -21
package/docs/architecture/adr-041-stable-runtime-interface-contract.md +0 -20
package/docs/architecture/decision-records-index.md +0 -29
package/docs/ci-cd-integration.md +0 -30
package/docs/ci-cd.md +0 -92
package/docs/ci-quickstart.md +0 -78
package/docs/commands-skills/DISCOVERED_SKILLS.md +0 -21
package/docs/contributing/CONTRIBUTING.md +0 -38
package/docs/contributing/plugin-authoring.md +0 -50
package/docs/contributing/skill-authoring.md +0 -41
package/docs/enterprise-setup.md +0 -25
package/docs/feature-dashboard.md +0 -63
package/docs/governance-guide.md +0 -134
package/docs/monorepo-guide.md +0 -26
package/docs/persona-customisation.md +0 -56
package/docs/publishing-guide.md +0 -43
package/docs/quick-verify.md +0 -33
package/docs/registry/AGENTS.md +0 -37
package/docs/registry/COMMANDS.md +0 -87
package/docs/registry/HOOKS.md +0 -38
package/docs/registry/PERSONAS.md +0 -64
package/docs/registry/README.md +0 -27
package/docs/registry/SKILLS.md +0 -142
package/docs/registry/WORKFLOWS.md +0 -72
package/docs/release-checklist-guide.md +0 -37
package/docs/requirements.md +0 -29
package/docs/security/SECURITY.md +0 -55
package/docs/security/ZTAI-OVERVIEW.md +0 -37
package/docs/security/penetration-test-results.md +0 -31
package/docs/security/threat-model.md +0 -142
package/docs/skills-authoring-guide.md +0 -176
package/docs/skills-publishing-guide.md +0 -22
package/docs/team-setup-guide.md +0 -21
package/docs/testing-current-version.md +0 -130
package/docs/tutorial.md +0 -162
package/docs/upgrade.md +0 -58
package/docs/usp-features.md +0 -102
package/docs/workflow-atlas.md +0 -57

package/SECURITY.md CHANGED Viewed

@@ -1,4 +1,110 @@
 # Security Policy
-Please see `docs/security/SECURITY.md` for the full security policy,
-reporting process, and supported versions.
+## Supported Versions
+| Version | Status | Support Level |
+|---------|--------|---------------|
+| 10.x | **Current** | Full security and feature updates |
+| 9.x | Maintenance | Critical security patches only (until 2026-08-31) |
+| 8.x | End of Life | No further updates |
+| 7.x and below | End of Life | No further updates |
+We recommend all users upgrade to the latest 10.x release. Security patches for 9.x will be provided for critical vulnerabilities only, on a best-effort basis, until August 2026.
+---
+## Reporting a Vulnerability
+If you discover a security vulnerability in MindForge, please report it responsibly.
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+### How to Report
+1. **Email**: Send a detailed report to the repository maintainer via the email listed in their GitHub profile.
+2. **GitHub Security Advisories**: Use the "Report a vulnerability" button on the repository's Security tab (preferred).
+### What to Include
+- Description of the vulnerability and its potential impact
+- Steps to reproduce (minimal test case preferred)
+- Affected version(s)
+- Any suggested fix or mitigation
+### Response Timeline
+| Stage | Target |
+|-------|--------|
+| Acknowledgment | Within 48 hours |
+| Severity assessment | Within 5 business days |
+| Patch development | Within 14 days for Critical/High |
+| Public disclosure | After patch is released, coordinated with reporter |
+We follow responsible disclosure practices. We will credit reporters in the release notes unless they prefer anonymity.
+---
+## Security Features (v10.0.0)
+### Authentication & Authorization
+- **Bearer token auth on dashboard** — All mutating endpoints (`/api/steering`, `/api/approve`, SSE control) require `Authorization: Bearer <token>`. Token is sourced from `MINDFORGE_DASHBOARD_TOKEN` environment variable.
+- **Browser daemon authentication** — The `/evaluate` endpoint requires auth before executing code in the Playwright context.
+- **ZTAI Trust Tiers** — 4-tier authorization model (Tier 0-3) controls which agents can perform which actions. Tier 3 (catastrophic-risk) operations require explicit human approval.
+### Audit & Integrity
+- **Merkle-chain audit log** — Every entry in `AUDIT.jsonl` includes a SHA-256 hash of the previous entry. Tampering with any historical entry breaks the chain, making modifications detectable.
+- **AuditWriter with buffered writes** — Atomic append operations prevent partial writes from corrupting the log.
+- **npm provenance** — Published packages include SLSA Build Level 2 attestation via `--provenance`, proving the package was built from the stated source commit in CI.
+### Input Validation & Injection Prevention
+- **Parameterized SQL queries** — All VectorHub queries use bound parameters. No string concatenation of user input into SQL.
+- **Path traversal prevention** — The temporal API validates `auditId` against `[a-zA-Z0-9_-]` and verifies resolved paths remain within the expected directory.
+- **No shell interpretation** — Commands that invoke external processes use argument arrays, never shell string interpolation.
+- **Structured action allowlist** — Autonomous actions are validated against an explicit permit list (replaces the previous regex blocklist that was prone to bypass).
+### Governance & Policy
+- **Fail-closed ZK verification** — `verifyZKProof()` throws on invalid or missing proofs. The system denies by default.
+- **Non-overridable parameters** — Security-critical MINDFORGE.md settings cannot be overridden by project-level or session-level configuration.
+- **CSP headers on dashboard** — Content Security Policy headers prevent XSS in the dashboard UI.
+- **Localhost-only binding** — The dashboard server binds to `127.0.0.1` only. It is not accessible from the network.
+### Supply Chain
+- **Zero native dependencies** — The removal of `better-sqlite3` eliminates the entire native compilation toolchain (node-gyp, Python, C++ compiler) from the install process, reducing the attack surface.
+- **Dependabot enabled** — Automated weekly scans for vulnerable npm dependencies and monthly GitHub Actions version updates.
+- **CODEOWNERS enforcement** — Changes to `bin/governance/`, `bin/engine/`, and the SDK require review from designated security owners.
+- **.npmignore** — Prevents accidental publication of secrets, test fixtures, planning state, and intelligence logs.
+---
+## Security Hardening Checklist (for Contributors)
+Before submitting code that touches security-sensitive paths:
+- [ ] No hardcoded secrets, tokens, or API keys in code or config
+- [ ] All user inputs validated before processing
+- [ ] SQL queries use bound parameters (never string concatenation)
+- [ ] File path inputs validated and contained within expected directories
+- [ ] External process invocations use argument arrays (no shell)
+- [ ] Authentication checks present on all mutating endpoints
+- [ ] Error messages do not leak internal paths or stack traces to clients
+- [ ] Audit log entries include the action for traceability
+- [ ] Tests cover the security-relevant behavior (positive and negative cases)
+---
+## Known Mitigations & Limitations
+- **ZK-proofs are simulated** — The Dilithium-5 / ZK-proof layer uses cryptographic simulation, not hardware-backed TEEs. It provides logical governance enforcement, not hardware-grade isolation.
+- **Dashboard is localhost-only** — The dashboard is designed for local development. Do not expose it to the public internet, even behind a reverse proxy, without adding additional authentication.
+- **ZTAI keys are file-based** — Agent identity keys are stored on disk. In production deployments requiring hardware-bound keys, integrate with your organization's HSM or secure enclave.
+---
+## Contact
+For security questions that are not vulnerability reports, open a GitHub Discussion with the "security" label.

package/bin/autonomous/audit-writer.js ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * MindForge — Audit Writer (Async Buffered)
+ * Extracted from auto-runner.js — handles all JSONL audit append operations.
+ * Buffers entries and flushes every 100ms or when buffer reaches 10 entries.
+ */
+'use strict';
+const fs = require('fs');
+const crypto = require('crypto');
+const FLUSH_INTERVAL_MS = 100;
+const FLUSH_THRESHOLD = 10;
+/**
+ * Creates a buffered async audit writer.
+ * @param {string} auditPath — Path to the AUDIT.jsonl file
+ * @returns {{ write: (entry: object) => void, flush: () => Promise<void>, close: () => Promise<void> }}
+ */
+function createAuditWriter(auditPath) {
+  let buffer = [];
+  let flushTimer = null;
+  let isClosed = false;
+  function scheduleFlush() {
+    if (flushTimer !== null) return;
+    flushTimer = setTimeout(async () => {
+      flushTimer = null;
+      await flush();
+    }, FLUSH_INTERVAL_MS);
+  }
+  /**
+   * Adds an entry to the buffer. Triggers flush if threshold reached.
+   * Stamps entry with id and timestamp if missing (immutable — creates new object).
+   */
+  function write(entry) {
+    if (isClosed) {
+      throw new Error('AuditWriter is closed — cannot write after close()');
+    }
+    const stamped = Object.assign(Object.create(null), entry, {
+      id: entry.id || crypto.randomBytes(8).toString('hex'),
+      timestamp: entry.timestamp || new Date().toISOString(),
+    });
+    buffer = [...buffer, stamped];
+    if (buffer.length >= FLUSH_THRESHOLD) {
+      // Immediate flush — don't wait for timer
+      if (flushTimer !== null) {
+        clearTimeout(flushTimer);
+        flushTimer = null;
+      }
+      flush();
+    } else {
+      scheduleFlush();
+    }
+    return stamped;
+  }
+  /**
+   * Flushes the buffer to disk using async appendFile.
+   */
+  async function flush() {
+    if (buffer.length === 0) return;
+    const toWrite = buffer;
+    buffer = [];
+    const payload = toWrite.map(e => JSON.stringify(e)).join('\n') + '\n';
+    await fs.promises.appendFile(auditPath, payload);
+  }
+  /**
+   * Flushes remaining entries and stops the timer. After close(), write() will throw.
+   */
+  async function close() {
+    isClosed = true;
+    if (flushTimer !== null) {
+      clearTimeout(flushTimer);
+      flushTimer = null;
+    }
+    await flush();
+  }
+  return Object.freeze({ write, flush, close });
+}
+module.exports = { createAuditWriter };