peaks-cli 1.4.2 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +51 -0
- package/CHANGELOG.md +279 -0
- package/README-en.md +226 -0
- package/README.md +152 -122
- package/dist/src/cli/commands/agent-commands.d.ts +20 -0
- package/dist/src/cli/commands/agent-commands.js +48 -0
- package/dist/src/cli/commands/audit-commands.d.ts +18 -0
- package/dist/src/cli/commands/audit-commands.js +138 -0
- package/dist/src/cli/commands/capability-commands.js +2 -1
- package/dist/src/cli/commands/classify-classify-commands.d.ts +19 -0
- package/dist/src/cli/commands/classify-classify-commands.js +151 -0
- package/dist/src/cli/commands/code-review-commands.d.ts +34 -0
- package/dist/src/cli/commands/code-review-commands.js +83 -0
- package/dist/src/cli/commands/config-commands.js +90 -0
- package/dist/src/cli/commands/context-commands.d.ts +21 -0
- package/dist/src/cli/commands/context-commands.js +167 -0
- package/dist/src/cli/commands/core-artifact-commands.js +60 -2
- package/dist/src/cli/commands/hook-handle.js +50 -0
- package/dist/src/cli/commands/loop-commands.d.ts +21 -0
- package/dist/src/cli/commands/loop-commands.js +128 -0
- package/dist/src/cli/commands/openspec-commands.js +37 -0
- package/dist/src/cli/commands/preferences-commands.d.ts +2 -0
- package/dist/src/cli/commands/preferences-commands.js +147 -0
- package/dist/src/cli/commands/skill-conformance-commands.d.ts +9 -0
- package/dist/src/cli/commands/skill-conformance-commands.js +39 -0
- package/dist/src/cli/commands/understand-commands.js +34 -0
- package/dist/src/cli/commands/upgrade-commands.d.ts +23 -0
- package/dist/src/cli/commands/upgrade-commands.js +57 -0
- package/dist/src/cli/commands/workflow-commands.js +70 -0
- package/dist/src/cli/commands/workspace-commands.js +117 -2
- package/dist/src/cli/program.js +30 -0
- package/dist/src/lib/render/message-renderer.d.ts +20 -0
- package/dist/src/lib/render/message-renderer.js +80 -0
- package/dist/src/services/agent/ecc-agent-service.d.ts +47 -0
- package/dist/src/services/agent/ecc-agent-service.js +143 -0
- package/dist/src/services/artifacts/request-artifact-service.js +14 -0
- package/dist/src/services/audit/backing-detector.d.ts +24 -0
- package/dist/src/services/audit/backing-detector.js +59 -0
- package/dist/src/services/audit/classifier.d.ts +38 -0
- package/dist/src/services/audit/classifier.js +127 -0
- package/dist/src/services/audit/enforcers/active-skill-resolver.d.ts +29 -0
- package/dist/src/services/audit/enforcers/active-skill-resolver.js +71 -0
- package/dist/src/services/audit/enforcers/design-draft-confirm.d.ts +25 -0
- package/dist/src/services/audit/enforcers/design-draft-confirm.js +54 -0
- package/dist/src/services/audit/enforcers/lint-audit-regression.d.ts +21 -0
- package/dist/src/services/audit/enforcers/lint-audit-regression.js +86 -0
- package/dist/src/services/audit/enforcers/lint-catalog-governance.d.ts +27 -0
- package/dist/src/services/audit/enforcers/lint-catalog-governance.js +38 -0
- package/dist/src/services/audit/enforcers/lint-cli-back.d.ts +16 -0
- package/dist/src/services/audit/enforcers/lint-cli-back.js +35 -0
- package/dist/src/services/audit/enforcers/lint-output-style.d.ts +11 -0
- package/dist/src/services/audit/enforcers/lint-output-style.js +94 -0
- package/dist/src/services/audit/enforcers/lint-reference-integrity.d.ts +6 -0
- package/dist/src/services/audit/enforcers/lint-reference-integrity.js +83 -0
- package/dist/src/services/audit/enforcers/lint-reference-shape.d.ts +30 -0
- package/dist/src/services/audit/enforcers/lint-reference-shape.js +272 -0
- package/dist/src/services/audit/enforcers/lint-style.d.ts +49 -0
- package/dist/src/services/audit/enforcers/lint-style.js +173 -0
- package/dist/src/services/audit/enforcers/lint-workflow-shape.d.ts +5 -0
- package/dist/src/services/audit/enforcers/lint-workflow-shape.js +141 -0
- package/dist/src/services/audit/enforcers/login-gate.d.ts +23 -0
- package/dist/src/services/audit/enforcers/login-gate.js +40 -0
- package/dist/src/services/audit/enforcers/mock-placement.d.ts +25 -0
- package/dist/src/services/audit/enforcers/mock-placement.js +48 -0
- package/dist/src/services/audit/enforcers/no-root-pollution.d.ts +21 -0
- package/dist/src/services/audit/enforcers/no-root-pollution.js +56 -0
- package/dist/src/services/audit/enforcers/pre-rd-scan.d.ts +22 -0
- package/dist/src/services/audit/enforcers/pre-rd-scan.js +23 -0
- package/dist/src/services/audit/enforcers/prototype-fidelity.d.ts +25 -0
- package/dist/src/services/audit/enforcers/prototype-fidelity.js +75 -0
- package/dist/src/services/audit/enforcers/resume-detection.d.ts +21 -0
- package/dist/src/services/audit/enforcers/resume-detection.js +52 -0
- package/dist/src/services/audit/enforcers/solo-code-ban.d.ts +23 -0
- package/dist/src/services/audit/enforcers/solo-code-ban.js +27 -0
- package/dist/src/services/audit/enforcers/sub-agent-sid.d.ts +25 -0
- package/dist/src/services/audit/enforcers/sub-agent-sid.js +63 -0
- package/dist/src/services/audit/enforcers/tech-doc-presence.d.ts +28 -0
- package/dist/src/services/audit/enforcers/tech-doc-presence.js +35 -0
- package/dist/src/services/audit/red-line-catalog-p2-a.d.ts +21 -0
- package/dist/src/services/audit/red-line-catalog-p2-a.js +233 -0
- package/dist/src/services/audit/red-line-catalog-p2-b.d.ts +19 -0
- package/dist/src/services/audit/red-line-catalog-p2-b.js +225 -0
- package/dist/src/services/audit/red-line-catalog.d.ts +51 -0
- package/dist/src/services/audit/red-line-catalog.js +210 -0
- package/dist/src/services/audit/red-lines-service.d.ts +23 -0
- package/dist/src/services/audit/red-lines-service.js +486 -0
- package/dist/src/services/audit/scanners/openspec-scanner.d.ts +15 -0
- package/dist/src/services/audit/scanners/openspec-scanner.js +55 -0
- package/dist/src/services/audit/scanners/rules-tree-scanner.d.ts +16 -0
- package/dist/src/services/audit/scanners/rules-tree-scanner.js +56 -0
- package/dist/src/services/audit/scanners/skills-tree-scanner.d.ts +17 -0
- package/dist/src/services/audit/scanners/skills-tree-scanner.js +46 -0
- package/dist/src/services/audit/static-service.d.ts +57 -0
- package/dist/src/services/audit/static-service.js +125 -0
- package/dist/src/services/audit/types.d.ts +69 -0
- package/dist/src/services/audit/types.js +13 -0
- package/dist/src/services/classify/classify-service.d.ts +42 -0
- package/dist/src/services/classify/classify-service.js +122 -0
- package/dist/src/services/classify/classify-types.d.ts +79 -0
- package/dist/src/services/classify/classify-types.js +90 -0
- package/dist/src/services/code-review/ocr-service.d.ts +129 -0
- package/dist/src/services/code-review/ocr-service.js +362 -0
- package/dist/src/services/config/config-migration.d.ts +32 -0
- package/dist/src/services/config/config-migration.js +111 -0
- package/dist/src/services/config/config-restore.d.ts +10 -0
- package/dist/src/services/config/config-restore.js +47 -0
- package/dist/src/services/config/config-rollback.d.ts +13 -0
- package/dist/src/services/config/config-rollback.js +26 -0
- package/dist/src/services/config/config-service.d.ts +36 -2
- package/dist/src/services/config/config-service.js +105 -0
- package/dist/src/services/config/config-types.d.ts +73 -0
- package/dist/src/services/config/config-types.js +28 -13
- package/dist/src/services/config/model-routing.js +5 -3
- package/dist/src/services/doctor/doctor-service.js +96 -0
- package/dist/src/services/ide/adapters/hermes-adapter.d.ts +21 -0
- package/dist/src/services/ide/adapters/hermes-adapter.js +51 -0
- package/dist/src/services/ide/adapters/openclaw-adapter.d.ts +14 -0
- package/dist/src/services/ide/adapters/openclaw-adapter.js +42 -0
- package/dist/src/services/ide/ide-registry.js +7 -0
- package/dist/src/services/ide/ide-types.d.ts +1 -1
- package/dist/src/services/openspec/openspec-propose-from-doctor-service.d.ts +31 -0
- package/dist/src/services/openspec/openspec-propose-from-doctor-service.js +95 -0
- package/dist/src/services/preferences/preferences-service.d.ts +6 -0
- package/dist/src/services/preferences/preferences-service.js +43 -0
- package/dist/src/services/preferences/preferences-types.d.ts +90 -0
- package/dist/src/services/preferences/preferences-types.js +38 -0
- package/dist/src/services/rd/rd-service.js +29 -1
- package/dist/src/services/skills/skill-conformance-service.d.ts +40 -0
- package/dist/src/services/skills/skill-conformance-service.js +136 -0
- package/dist/src/services/skills/skill-runbook-service.js +44 -10
- package/dist/src/services/skills/sync-service.d.ts +86 -0
- package/dist/src/services/skills/sync-service.js +271 -0
- package/dist/src/services/slice/slice-check-service.js +166 -13
- package/dist/src/services/slice/slice-check-types.d.ts +1 -1
- package/dist/src/services/standards/migrate-claude-rules-service.d.ts +19 -0
- package/dist/src/services/standards/migrate-claude-rules-service.js +193 -0
- package/dist/src/services/understand/understand-scan-service.js +15 -2
- package/dist/src/services/understand/understand-types.d.ts +26 -0
- package/dist/src/services/upgrade/1x-detector-service.d.ts +7 -0
- package/dist/src/services/upgrade/1x-detector-service.js +94 -0
- package/dist/src/services/upgrade/gitignore-migrate-service.d.ts +56 -0
- package/dist/src/services/upgrade/gitignore-migrate-service.js +170 -0
- package/dist/src/services/upgrade/upgrade-service.d.ts +47 -0
- package/dist/src/services/upgrade/upgrade-service.js +381 -0
- package/dist/src/services/workflow/workflow-router-service.js +15 -4
- package/dist/src/services/workspace/claude-settings-template.d.ts +53 -0
- package/dist/src/services/workspace/claude-settings-template.js +133 -0
- package/dist/src/services/workspace/sid-naming-guard.d.ts +14 -0
- package/dist/src/services/workspace/sid-naming-guard.js +31 -0
- package/dist/src/services/workspace/workspace-archive-service.d.ts +19 -0
- package/dist/src/services/workspace/workspace-archive-service.js +32 -0
- package/dist/src/services/workspace/workspace-clean-service.d.ts +41 -0
- package/dist/src/services/workspace/workspace-clean-service.js +86 -0
- package/dist/src/services/workspace/workspace-service.d.ts +24 -0
- package/dist/src/services/workspace/workspace-service.js +124 -2
- package/dist/src/services/workspace/workspace-state-service.d.ts +7 -0
- package/dist/src/services/workspace/workspace-state-service.js +43 -0
- package/dist/src/shared/change-id.js +4 -1
- package/dist/src/shared/version.d.ts +1 -1
- package/dist/src/shared/version.js +1 -1
- package/package.json +8 -2
- package/schemas/doctor-report.schema.json +1 -1
- package/scripts/install-skills.mjs +296 -12
- package/skills/peaks-doctor/SKILL.md +59 -0
- package/skills/peaks-doctor/references/doctor-check-catalog.md +31 -0
- package/skills/peaks-doctor/references/from-doctor-flow.md +64 -0
- package/skills/peaks-doctor/test_prompts.json +17 -0
- package/skills/peaks-ide/SKILL.md +2 -0
- package/skills/peaks-qa/SKILL.md +9 -7
- package/skills/peaks-qa/references/artifact-per-request.md +19 -5
- package/skills/peaks-qa/references/qa-perf-test-plan.md +6 -6
- package/skills/peaks-qa/references/qa-runbook.md +1 -1
- package/skills/peaks-rd/SKILL.md +25 -10
- package/skills/peaks-rd/references/ocr-integration.md +214 -0
- package/skills/peaks-rd/references/rd-fanout-contracts.md +70 -0
- package/skills/peaks-rd/references/rd-runbook.md +1 -1
- package/skills/peaks-solo/SKILL.md +16 -4
- package/skills/peaks-solo/references/anchoring-and-session-info.md +9 -0
- package/skills/peaks-solo/references/step-0-55-1x-detection.md +82 -0
- package/skills/peaks-solo/references/workflow-gates-and-types.md +9 -0
|
@@ -0,0 +1,225 @@
|
|
|
1
|
+
/** Theme H — Reference structural shape (3 enforcers) */
|
|
2
|
+
const REF_H1_TITLE_REQUIRED = {
|
|
3
|
+
id: 'rl-ref-h1-title-required-001',
|
|
4
|
+
rule: 'Reference shape: every references/*.md starts with `# <title>`',
|
|
5
|
+
markers: ['MANDATORY'],
|
|
6
|
+
phrases: ['# ', 'h1 title', 'top heading'],
|
|
7
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
8
|
+
};
|
|
9
|
+
const REF_APPLICABLE_TASK_LEVELS = {
|
|
10
|
+
id: 'rl-ref-applicable-task-levels-declared-001',
|
|
11
|
+
rule: 'Reference shape: every references/*.md declares applicableTaskLevels',
|
|
12
|
+
markers: ['MANDATORY'],
|
|
13
|
+
phrases: ['applicable task levels', 'applies to', 'task levels:'],
|
|
14
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
15
|
+
};
|
|
16
|
+
const REF_SEE_ALSO_SECTION = {
|
|
17
|
+
id: 'rl-ref-see-also-section-001',
|
|
18
|
+
rule: 'Reference shape: every references/*.md has a `## See also` section',
|
|
19
|
+
markers: ['MANDATORY'],
|
|
20
|
+
phrases: ['see also', 'related references', '## see also'],
|
|
21
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
22
|
+
};
|
|
23
|
+
/** Theme I — Reference cross-references (3 enforcers) */
|
|
24
|
+
const REF_CROSS_REF_RESOLVES = {
|
|
25
|
+
id: 'rl-ref-cross-ref-resolves-001',
|
|
26
|
+
rule: 'Reference integrity: every `../<file>.md` link from a reference resolves',
|
|
27
|
+
markers: ['MANDATORY'],
|
|
28
|
+
phrases: ['cross-reference', 'see also', 'see ./'],
|
|
29
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
30
|
+
};
|
|
31
|
+
const REF_NO_SELF_REFERENCE = {
|
|
32
|
+
id: 'rl-ref-no-self-reference-001',
|
|
33
|
+
rule: 'Reference integrity: no reference file links to itself',
|
|
34
|
+
markers: ['MUST NOT'],
|
|
35
|
+
phrases: ['self reference', 'circular reference', 'recursive link'],
|
|
36
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
37
|
+
};
|
|
38
|
+
const REF_NO_ORPHAN_LINK = {
|
|
39
|
+
id: 'rl-ref-no-orphan-link-001',
|
|
40
|
+
rule: 'Reference integrity: no link to a non-existent file or section',
|
|
41
|
+
markers: ['MUST NOT'],
|
|
42
|
+
phrases: ['orphan link', 'broken link', 'dead link'],
|
|
43
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
44
|
+
};
|
|
45
|
+
/** Theme J — Reference size + structure (3 enforcers) */
|
|
46
|
+
const REF_LINE_COUNT_LE_800 = {
|
|
47
|
+
id: 'rl-ref-line-count-le-800-001',
|
|
48
|
+
rule: 'Reference size: each reference ≤ 800 lines (Karpathy 4 原则 §2.3)',
|
|
49
|
+
markers: ['MANDATORY'],
|
|
50
|
+
phrases: ['800 lines', 'line count', 'karpathy cap', 'file size'],
|
|
51
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
52
|
+
};
|
|
53
|
+
const REF_H2_COUNT_LE_12 = {
|
|
54
|
+
id: 'rl-ref-h2-count-le-12-001',
|
|
55
|
+
rule: 'Reference size: at most 12 `## <heading>` per reference',
|
|
56
|
+
markers: ['MANDATORY'],
|
|
57
|
+
phrases: ['h2 count', '12 h2', 'depth cap'],
|
|
58
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
59
|
+
};
|
|
60
|
+
const REF_OVERVIEW_SECTION_NEAR_TOP = {
|
|
61
|
+
id: 'rl-ref-overview-section-near-top-001',
|
|
62
|
+
rule: 'Reference size: long references (>200 lines) must have `## Overview` within the first 30 lines',
|
|
63
|
+
markers: ['MANDATORY'],
|
|
64
|
+
phrases: ['overview section', 'top of file', '## overview'],
|
|
65
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
66
|
+
};
|
|
67
|
+
/** Theme K — loadStrategy behavior (2 enforcers) */
|
|
68
|
+
const REF_LOADSTRATEGY_ON_DEMAND_FALLBACK = {
|
|
69
|
+
id: 'rl-ref-loadstrategy-on-demand-fallback-001',
|
|
70
|
+
rule: 'loadStrategy: on-demand references must declare a fallback path',
|
|
71
|
+
markers: ['MANDATORY'],
|
|
72
|
+
phrases: ['on-demand fallback', 'fallback path', 'loadstrategy: on-demand'],
|
|
73
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
74
|
+
};
|
|
75
|
+
const REF_LOADSTRATEGY_ALWAYS_CACHEABLE = {
|
|
76
|
+
id: 'rl-ref-loadstrategy-always-cacheable-001',
|
|
77
|
+
rule: 'loadStrategy: always references must be safe to load unconditionally',
|
|
78
|
+
markers: ['MANDATORY'],
|
|
79
|
+
phrases: ['always-cacheable', 'unconditional load', 'loadstrategy: always'],
|
|
80
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
81
|
+
};
|
|
82
|
+
/** Theme L — Audit regression (4 enforcers) */
|
|
83
|
+
const AUDIT_CATALOG_STABILITY = {
|
|
84
|
+
id: 'rl-audit-catalog-stability-001',
|
|
85
|
+
rule: 'Audit regression: catalog size has not grown > 20% in the last 90 days',
|
|
86
|
+
markers: ['MANDATORY'],
|
|
87
|
+
phrases: ['catalog stability', 'catalog growth', 'catalog drift'],
|
|
88
|
+
enforcerRef: 'src/services/audit/enforcers/lint-audit-regression.ts',
|
|
89
|
+
};
|
|
90
|
+
const AUDIT_NO_ORPHAN_ENFORCER = {
|
|
91
|
+
id: 'rl-audit-no-orphan-enforcer-001',
|
|
92
|
+
rule: 'Audit regression: every enforcerRef points to a real file',
|
|
93
|
+
markers: ['MUST NOT'],
|
|
94
|
+
phrases: ['orphan enforcer', 'missing enforcer file', 'enforcerref'],
|
|
95
|
+
enforcerRef: 'src/services/audit/enforcers/lint-audit-regression.ts',
|
|
96
|
+
};
|
|
97
|
+
const AUDIT_NO_ORPHAN_CATALOG = {
|
|
98
|
+
id: 'rl-audit-no-orphan-catalog-001',
|
|
99
|
+
rule: 'Audit regression: every catalog entry has a non-null enforcerRef (or a documented reason)',
|
|
100
|
+
markers: ['MUST NOT'],
|
|
101
|
+
phrases: ['orphan catalog', 'prose-only entry', 'enforcerref: null'],
|
|
102
|
+
enforcerRef: 'src/services/audit/enforcers/lint-audit-regression.ts',
|
|
103
|
+
};
|
|
104
|
+
const AUDIT_RUNTIME_BUDGET = {
|
|
105
|
+
id: 'rl-audit-runtime-budget-001',
|
|
106
|
+
rule: 'Audit regression: peaks audit red-lines completes in < 2 seconds on a 100-reference project',
|
|
107
|
+
markers: ['MANDATORY'],
|
|
108
|
+
phrases: ['runtime budget', 'audit performance', '2 second budget'],
|
|
109
|
+
enforcerRef: 'src/services/audit/enforcers/lint-audit-regression.ts',
|
|
110
|
+
};
|
|
111
|
+
/** Theme M — Inline shell patterns (3 enforcers) */
|
|
112
|
+
const REF_NO_BASH_HEREDOC = {
|
|
113
|
+
id: 'rl-ref-no-bash-heredoc-001',
|
|
114
|
+
rule: 'Reference inline shell: no `cat <<EOF` (YAGNI for the demo skill)',
|
|
115
|
+
markers: ['MUST NOT'],
|
|
116
|
+
phrases: ['bash heredoc', 'cat <<eof', 'heredoc pattern'],
|
|
117
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
118
|
+
};
|
|
119
|
+
const REF_NO_SUDO = {
|
|
120
|
+
id: 'rl-ref-no-sudo-001',
|
|
121
|
+
rule: 'Reference inline shell: no `sudo` (peaks-cli is user-scope)',
|
|
122
|
+
markers: ['MUST NOT'],
|
|
123
|
+
phrases: ['no sudo', 'user-scope', 'sudo command'],
|
|
124
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
125
|
+
};
|
|
126
|
+
const REF_NO_CURL_PIPE_BASH = {
|
|
127
|
+
id: 'rl-ref-no-curl-pipe-bash-001',
|
|
128
|
+
rule: 'Reference inline shell: no `curl ... | bash` (LLM supply-chain attack vector)',
|
|
129
|
+
markers: ['MUST NOT'],
|
|
130
|
+
phrases: ['curl pipe bash', 'remote code execution', 'supply-chain'],
|
|
131
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
132
|
+
};
|
|
133
|
+
/** Theme N — Code blocks (3 enforcers) */
|
|
134
|
+
const REF_CODE_BLOCK_LANGUAGE = {
|
|
135
|
+
id: 'rl-ref-code-block-language-declared-001',
|
|
136
|
+
rule: 'Reference code blocks: every fenced block has a language tag',
|
|
137
|
+
markers: ['MANDATORY'],
|
|
138
|
+
phrases: ['fenced code block', 'language tag', 'typescript | bash | json'],
|
|
139
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
140
|
+
};
|
|
141
|
+
const REF_NO_FAKE_PROMPT = {
|
|
142
|
+
id: 'rl-ref-no-fake-prompt-001',
|
|
143
|
+
rule: 'Reference code blocks: no `# fake prompt` / `$ fake` markers',
|
|
144
|
+
markers: ['MUST NOT'],
|
|
145
|
+
phrases: ['fake prompt', 'placeholder code', 'demo marker'],
|
|
146
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
147
|
+
};
|
|
148
|
+
const REF_NO_ABSOLUTE_PATHS = {
|
|
149
|
+
id: 'rl-ref-no-absolute-paths-001',
|
|
150
|
+
rule: 'Reference code blocks: no `C:\\` or `/usr/local` (use peaks-cli primitives)',
|
|
151
|
+
markers: ['MUST NOT'],
|
|
152
|
+
phrases: ['absolute path', 'c:\\', '/usr/local', 'machine-specific'],
|
|
153
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
154
|
+
};
|
|
155
|
+
/** Theme O — Permissions + numbers (2 enforcers) */
|
|
156
|
+
const REF_NO_CHMOD_777 = {
|
|
157
|
+
id: 'rl-ref-no-chmod-777-001',
|
|
158
|
+
rule: 'Reference inline shell: no `chmod 777` (security red flag)',
|
|
159
|
+
markers: ['MUST NOT'],
|
|
160
|
+
phrases: ['chmod 777', 'world-writable', 'insecure permission'],
|
|
161
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
162
|
+
};
|
|
163
|
+
const REF_NO_MAGIC_NUMBERS = {
|
|
164
|
+
id: 'rl-ref-no-magic-numbers-001',
|
|
165
|
+
rule: 'Reference code blocks: no unsigned integer ≥ 100 that is not a named constant',
|
|
166
|
+
markers: ['MUST NOT'],
|
|
167
|
+
phrases: ['magic number', 'named constant', 'hard-coded threshold'],
|
|
168
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
169
|
+
};
|
|
170
|
+
/** Theme P — Dogfooding (2 enforcers) */
|
|
171
|
+
const REF_SKILL_CITES_EVERY_EXISTING = {
|
|
172
|
+
id: 'rl-ref-skill-cites-every-existing-reference-001',
|
|
173
|
+
rule: 'Reference dogfooding: every reference file IS cited in its parent SKILL.md',
|
|
174
|
+
markers: ['MANDATORY'],
|
|
175
|
+
phrases: ['uncited reference', 'dead reference', 'reference not cited'],
|
|
176
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
177
|
+
};
|
|
178
|
+
const REF_LOADSTRATEGY_MATCHES_SIZE = {
|
|
179
|
+
id: 'rl-ref-loadstrategy-matches-size-001',
|
|
180
|
+
rule: 'Reference dogfooding: loadStrategy matches file size (>5KB → on-demand)',
|
|
181
|
+
markers: ['MANDATORY'],
|
|
182
|
+
phrases: ['loadstrategy matches size', 'context budget', 'on-demand for large'],
|
|
183
|
+
enforcerRef: 'src/services/audit/enforcers/lint-reference-shape.ts',
|
|
184
|
+
};
|
|
185
|
+
/**
|
|
186
|
+
* The 25 P2-b entries, in stable display order. Spread into
|
|
187
|
+
* RED_LINE_CATALOG (after P2-a's block) so future slices can
|
|
188
|
+
* append without touching this file.
|
|
189
|
+
*/
|
|
190
|
+
export const RED_LINE_CATALOG_P2_B = [
|
|
191
|
+
// Theme H
|
|
192
|
+
REF_H1_TITLE_REQUIRED,
|
|
193
|
+
REF_APPLICABLE_TASK_LEVELS,
|
|
194
|
+
REF_SEE_ALSO_SECTION,
|
|
195
|
+
// Theme I
|
|
196
|
+
REF_CROSS_REF_RESOLVES,
|
|
197
|
+
REF_NO_SELF_REFERENCE,
|
|
198
|
+
REF_NO_ORPHAN_LINK,
|
|
199
|
+
// Theme J
|
|
200
|
+
REF_LINE_COUNT_LE_800,
|
|
201
|
+
REF_H2_COUNT_LE_12,
|
|
202
|
+
REF_OVERVIEW_SECTION_NEAR_TOP,
|
|
203
|
+
// Theme K
|
|
204
|
+
REF_LOADSTRATEGY_ON_DEMAND_FALLBACK,
|
|
205
|
+
REF_LOADSTRATEGY_ALWAYS_CACHEABLE,
|
|
206
|
+
// Theme L
|
|
207
|
+
AUDIT_CATALOG_STABILITY,
|
|
208
|
+
AUDIT_NO_ORPHAN_ENFORCER,
|
|
209
|
+
AUDIT_NO_ORPHAN_CATALOG,
|
|
210
|
+
AUDIT_RUNTIME_BUDGET,
|
|
211
|
+
// Theme M
|
|
212
|
+
REF_NO_BASH_HEREDOC,
|
|
213
|
+
REF_NO_SUDO,
|
|
214
|
+
REF_NO_CURL_PIPE_BASH,
|
|
215
|
+
// Theme N
|
|
216
|
+
REF_CODE_BLOCK_LANGUAGE,
|
|
217
|
+
REF_NO_FAKE_PROMPT,
|
|
218
|
+
REF_NO_ABSOLUTE_PATHS,
|
|
219
|
+
// Theme O
|
|
220
|
+
REF_NO_CHMOD_777,
|
|
221
|
+
REF_NO_MAGIC_NUMBERS,
|
|
222
|
+
// Theme P
|
|
223
|
+
REF_SKILL_CITES_EVERY_EXISTING,
|
|
224
|
+
REF_LOADSTRATEGY_MATCHES_SIZE,
|
|
225
|
+
];
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Red-line catalog — the 5 P0 red lines shipped in L2.1, plus the marker
|
|
3
|
+
* patterns that the classifier uses to discover them in markdown.
|
|
4
|
+
*
|
|
5
|
+
* The catalog is hand-maintained. New enforcers (L2.2/2.3/2.4) add entries
|
|
6
|
+
* here and the backing-detector picks them up automatically.
|
|
7
|
+
*/
|
|
8
|
+
import type { RedLineMarker } from './types.js';
|
|
9
|
+
export interface RedLineCatalogEntry {
|
|
10
|
+
/** Stable id, e.g. "rl-solo-code-ban-001". */
|
|
11
|
+
readonly id: string;
|
|
12
|
+
readonly rule: string;
|
|
13
|
+
/** Markers that, if found near the rule's text, identify this red line. */
|
|
14
|
+
readonly markers: readonly RedLineMarker[];
|
|
15
|
+
/** Substring(s) that must appear in the surrounding ±2 lines. */
|
|
16
|
+
readonly phrases: readonly string[];
|
|
17
|
+
/** Relative path to the enforcement file (or null when prose-only). */
|
|
18
|
+
readonly enforcerRef: string | null;
|
|
19
|
+
}
|
|
20
|
+
export declare const RED_LINE_CATALOG: readonly RedLineCatalogEntry[];
|
|
21
|
+
/**
|
|
22
|
+
* Catalog entries for enforcers whose source code is shipped in this slice
|
|
23
|
+
* but whose integration is deferred to subsequent slices (L2.1.1 or later).
|
|
24
|
+
*
|
|
25
|
+
* The backing-detector downgrades these to `prose-only` at runtime because
|
|
26
|
+
* the integration seam is missing. When the integration lands, the entry
|
|
27
|
+
* is removed from this set in a single-line follow-up commit.
|
|
28
|
+
*
|
|
29
|
+
* L2.1 final state: Tasks 5 (solo-code-ban) + 6 (no-root-pollution) are
|
|
30
|
+
* wired into peaks hook handle (Tasks 1-4: framework + 3 enforcers also
|
|
31
|
+
* integrated). Tasks 3 (tech-doc-presence) and 4 (mock-placement) are
|
|
32
|
+
* deferred — their request-transition / slice-check integrations are
|
|
33
|
+
* tracked separately.
|
|
34
|
+
*/
|
|
35
|
+
export declare const DEFERRED_ENFORCERS: ReadonlySet<string>;
|
|
36
|
+
/**
|
|
37
|
+
* A red line's catalog id is the join key. If a discovered red line in a
|
|
38
|
+
* markdown file matches no catalog entry, it stays as `prose-only`.
|
|
39
|
+
*
|
|
40
|
+
* Match policy: phrase-only for identity. Markers (MANDATORY / BLOCKING /
|
|
41
|
+
* MUST NOT / RED LINE) are too generic to disambiguate — every catalog
|
|
42
|
+
* entry shares the same marker set, so a marker-only match would always
|
|
43
|
+
* return the first catalog entry regardless of the rule.
|
|
44
|
+
*
|
|
45
|
+
* Deferred enforcers (Tasks 4-6 integration pending) are matched by
|
|
46
|
+
* phrase but tagged with enforcerRef=null so the backing-detector
|
|
47
|
+
* downgrades them to prose-only at runtime. They are NOT removed from
|
|
48
|
+
* the catalog so future integration commits can re-tag them with a
|
|
49
|
+
* single source-of-truth change.
|
|
50
|
+
*/
|
|
51
|
+
export declare function findCatalogEntry(rule: string, _markers: readonly RedLineMarker[]): RedLineCatalogEntry | null;
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Red-line catalog — the 5 P0 red lines shipped in L2.1, plus the marker
|
|
3
|
+
* patterns that the classifier uses to discover them in markdown.
|
|
4
|
+
*
|
|
5
|
+
* The catalog is hand-maintained. New enforcers (L2.2/2.3/2.4) add entries
|
|
6
|
+
* here and the backing-detector picks them up automatically.
|
|
7
|
+
*/
|
|
8
|
+
import { RED_LINE_CATALOG_P2_A } from './red-line-catalog-p2-a.js';
|
|
9
|
+
import { RED_LINE_CATALOG_P2_B } from './red-line-catalog-p2-b.js';
|
|
10
|
+
export const RED_LINE_CATALOG = [
|
|
11
|
+
{
|
|
12
|
+
id: 'rl-solo-code-ban-001',
|
|
13
|
+
rule: 'Solo Code-Change Red Line',
|
|
14
|
+
markers: ['BLOCKING', 'MANDATORY'],
|
|
15
|
+
phrases: [
|
|
16
|
+
'peaks-solo',
|
|
17
|
+
'orchestrator, NOT an implementer',
|
|
18
|
+
'solo',
|
|
19
|
+
],
|
|
20
|
+
enforcerRef: 'src/services/audit/enforcers/solo-code-ban.ts',
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
id: 'rl-no-root-pollution-001',
|
|
24
|
+
rule: 'No Root Pollution',
|
|
25
|
+
markers: ['MANDATORY', 'MUST NOT', 'RED LINE'],
|
|
26
|
+
phrases: [
|
|
27
|
+
'root pollution',
|
|
28
|
+
'must not write to the project root',
|
|
29
|
+
'no root',
|
|
30
|
+
],
|
|
31
|
+
enforcerRef: 'src/services/audit/enforcers/no-root-pollution.ts',
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
id: 'rl-sub-agent-sid-001',
|
|
35
|
+
rule: 'Sub-Agent SID Isolation',
|
|
36
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
37
|
+
phrases: [
|
|
38
|
+
'sub-agent',
|
|
39
|
+
'session id',
|
|
40
|
+
'sub-agent session sharing',
|
|
41
|
+
'one conversation = one sid',
|
|
42
|
+
],
|
|
43
|
+
enforcerRef: 'src/services/audit/enforcers/sub-agent-sid.ts',
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
id: 'rl-tech-doc-presence-001',
|
|
47
|
+
rule: 'Tech-Doc Presence',
|
|
48
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
49
|
+
phrases: [
|
|
50
|
+
'tech-doc',
|
|
51
|
+
'tech doc',
|
|
52
|
+
'spec-locked',
|
|
53
|
+
'rd/tech-doc.md',
|
|
54
|
+
],
|
|
55
|
+
enforcerRef: 'src/services/audit/enforcers/tech-doc-presence.ts',
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
id: 'rl-mock-placement-001',
|
|
59
|
+
rule: 'Mock Data Placement',
|
|
60
|
+
markers: ['MUST NOT', 'MANDATORY'],
|
|
61
|
+
phrases: [
|
|
62
|
+
'mock data',
|
|
63
|
+
'mock placement',
|
|
64
|
+
'inline mock',
|
|
65
|
+
'fixture placement',
|
|
66
|
+
],
|
|
67
|
+
enforcerRef: 'src/services/audit/enforcers/mock-placement.ts',
|
|
68
|
+
},
|
|
69
|
+
// === Slice L2.2 P1 — 10 P1 red lines across 5 categories ===
|
|
70
|
+
// Each catalog entry has a phrase that distinguishes it from P0; the
|
|
71
|
+
// backing-detector + DEFERRED_ENFORCERS mechanism handles the rest.
|
|
72
|
+
{
|
|
73
|
+
id: 'rl-resume-detection-001',
|
|
74
|
+
rule: 'Resume Detection: Session Binding',
|
|
75
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
76
|
+
phrases: ['resume detection', 'session binding', 'resume session', 'resume from'],
|
|
77
|
+
enforcerRef: 'src/services/audit/enforcers/resume-detection.ts',
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
id: 'rl-resume-detection-002',
|
|
81
|
+
rule: 'Resume Detection: Request State',
|
|
82
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
83
|
+
phrases: ['request state', 'resumable state', 'spec-locked', 'implemented', 'qa-handoff'],
|
|
84
|
+
enforcerRef: 'src/services/audit/enforcers/resume-detection.ts',
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
id: 'rl-prototype-fidelity-001',
|
|
88
|
+
rule: 'Prototype Fidelity: No Stub Markers',
|
|
89
|
+
markers: ['MUST NOT', 'MANDATORY'],
|
|
90
|
+
phrases: ['prototype fidelity', 'no stub', 'no TODO', 'no FIXME', 'no placeholder'],
|
|
91
|
+
enforcerRef: 'src/services/audit/enforcers/prototype-fidelity.ts',
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
id: 'rl-prototype-fidelity-002',
|
|
95
|
+
rule: 'Prototype Fidelity: Test Coverage',
|
|
96
|
+
markers: ['MANDATORY', 'RED LINE'],
|
|
97
|
+
phrases: ['prototype test', 'must have tests', 'test coverage', 'fidelity test'],
|
|
98
|
+
enforcerRef: 'src/services/audit/enforcers/prototype-fidelity.ts',
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
id: 'rl-design-draft-confirm-001',
|
|
102
|
+
rule: 'Design-Draft Confirm: Existence',
|
|
103
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
104
|
+
phrases: ['design-draft', 'design draft', 'design-draft.md', 'design draft exists'],
|
|
105
|
+
enforcerRef: 'src/services/audit/enforcers/design-draft-confirm.ts',
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
id: 'rl-design-draft-confirm-002',
|
|
109
|
+
rule: 'Design-Draft Confirm: Confirmed State',
|
|
110
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
111
|
+
phrases: ['design confirmed', 'design-draft confirmed', 'confirmed-by-user', 'user confirmed'],
|
|
112
|
+
enforcerRef: 'src/services/audit/enforcers/design-draft-confirm.ts',
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
id: 'rl-pre-rd-scan-001',
|
|
116
|
+
rule: 'Pre-RD Scan: Archetype Detected',
|
|
117
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
118
|
+
phrases: ['pre-rd scan', 'project-scan', 'archetype detected', 'scan archetype'],
|
|
119
|
+
enforcerRef: 'src/services/audit/enforcers/pre-rd-scan.ts',
|
|
120
|
+
},
|
|
121
|
+
{
|
|
122
|
+
id: 'rl-pre-rd-scan-002',
|
|
123
|
+
rule: 'Pre-RD Scan: Standards Preflight',
|
|
124
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
125
|
+
phrases: ['standards preflight', 'pre-rd standards', 'standards init', 'standards update'],
|
|
126
|
+
enforcerRef: 'src/services/audit/enforcers/pre-rd-scan.ts',
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
id: 'rl-login-gate-001',
|
|
130
|
+
rule: 'Login Gate: Destructive Path Confirmation',
|
|
131
|
+
markers: ['MANDATORY', 'BLOCKING', 'RED LINE'],
|
|
132
|
+
phrases: ['login gate', 'destructive path', 'uninstall', 'force-push', 'user confirmation required'],
|
|
133
|
+
enforcerRef: 'src/services/audit/enforcers/login-gate.ts',
|
|
134
|
+
},
|
|
135
|
+
{
|
|
136
|
+
id: 'rl-login-gate-002',
|
|
137
|
+
rule: 'Login Gate: Protected Path Auth',
|
|
138
|
+
markers: ['MANDATORY', 'BLOCKING'],
|
|
139
|
+
phrases: ['protected path', 'auth required', 'auth header', 'login required', 'session check'],
|
|
140
|
+
enforcerRef: 'src/services/audit/enforcers/login-gate.ts',
|
|
141
|
+
},
|
|
142
|
+
// Slice #6 L2.3 P2-a: 24 lint-style red-lines (Theme A: section
|
|
143
|
+
// structure, B: frontmatter shape, C: output style, D: CLI-back
|
|
144
|
+
// gaps, E: reference integrity, F: workflow-bound shape, G: catalog
|
|
145
|
+
// governance). Spread from the P2-a module so future P2-a edits
|
|
146
|
+
// are localized.
|
|
147
|
+
...RED_LINE_CATALOG_P2_A,
|
|
148
|
+
// Slice #7 L2.4 P2-b: 25 lint-style red-lines for references/*.md
|
|
149
|
+
// (Themes H-P) + 4 audit-regression enforcers (Theme L). Spread
|
|
150
|
+
// from the P2-b module so future P2-b edits are localized.
|
|
151
|
+
...RED_LINE_CATALOG_P2_B,
|
|
152
|
+
];
|
|
153
|
+
/**
|
|
154
|
+
* Catalog entries for enforcers whose source code is shipped in this slice
|
|
155
|
+
* but whose integration is deferred to subsequent slices (L2.1.1 or later).
|
|
156
|
+
*
|
|
157
|
+
* The backing-detector downgrades these to `prose-only` at runtime because
|
|
158
|
+
* the integration seam is missing. When the integration lands, the entry
|
|
159
|
+
* is removed from this set in a single-line follow-up commit.
|
|
160
|
+
*
|
|
161
|
+
* L2.1 final state: Tasks 5 (solo-code-ban) + 6 (no-root-pollution) are
|
|
162
|
+
* wired into peaks hook handle (Tasks 1-4: framework + 3 enforcers also
|
|
163
|
+
* integrated). Tasks 3 (tech-doc-presence) and 4 (mock-placement) are
|
|
164
|
+
* deferred — their request-transition / slice-check integrations are
|
|
165
|
+
* tracked separately.
|
|
166
|
+
*/
|
|
167
|
+
export const DEFERRED_ENFORCERS = new Set([
|
|
168
|
+
// L2.1 carries-over: tech-doc-presence + mock-placement (request-transition / slice-check integrations deferred)
|
|
169
|
+
'rl-tech-doc-presence-001',
|
|
170
|
+
'rl-mock-placement-001',
|
|
171
|
+
// L2.2 P1: 4 source-only enforcers (login-gate is integrated; the other 4 are deferred)
|
|
172
|
+
'rl-resume-detection-001',
|
|
173
|
+
'rl-resume-detection-002',
|
|
174
|
+
'rl-prototype-fidelity-001',
|
|
175
|
+
'rl-prototype-fidelity-002',
|
|
176
|
+
'rl-design-draft-confirm-001',
|
|
177
|
+
'rl-design-draft-confirm-002',
|
|
178
|
+
'rl-pre-rd-scan-001',
|
|
179
|
+
'rl-pre-rd-scan-002',
|
|
180
|
+
]);
|
|
181
|
+
/**
|
|
182
|
+
* A red line's catalog id is the join key. If a discovered red line in a
|
|
183
|
+
* markdown file matches no catalog entry, it stays as `prose-only`.
|
|
184
|
+
*
|
|
185
|
+
* Match policy: phrase-only for identity. Markers (MANDATORY / BLOCKING /
|
|
186
|
+
* MUST NOT / RED LINE) are too generic to disambiguate — every catalog
|
|
187
|
+
* entry shares the same marker set, so a marker-only match would always
|
|
188
|
+
* return the first catalog entry regardless of the rule.
|
|
189
|
+
*
|
|
190
|
+
* Deferred enforcers (Tasks 4-6 integration pending) are matched by
|
|
191
|
+
* phrase but tagged with enforcerRef=null so the backing-detector
|
|
192
|
+
* downgrades them to prose-only at runtime. They are NOT removed from
|
|
193
|
+
* the catalog so future integration commits can re-tag them with a
|
|
194
|
+
* single source-of-truth change.
|
|
195
|
+
*/
|
|
196
|
+
export function findCatalogEntry(rule, _markers) {
|
|
197
|
+
const lower = rule.toLowerCase();
|
|
198
|
+
for (const entry of RED_LINE_CATALOG) {
|
|
199
|
+
const phraseHit = entry.phrases.some((p) => lower.includes(p.toLowerCase()));
|
|
200
|
+
if (phraseHit) {
|
|
201
|
+
if (DEFERRED_ENFORCERS.has(entry.id)) {
|
|
202
|
+
// Return a copy with enforcerRef nulled out, so backing-detector
|
|
203
|
+
// treats it as prose-only until the integration lands.
|
|
204
|
+
return { ...entry, enforcerRef: null };
|
|
205
|
+
}
|
|
206
|
+
return entry;
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
return null;
|
|
210
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* red-lines-service — main entry. Orchestrates the three tree scanners,
|
|
3
|
+
* the classifier, and the backing detector, then assembles the final
|
|
4
|
+
* RedLineAudit envelope.
|
|
5
|
+
*
|
|
6
|
+
* Pipeline (per openspec/changes/2026-06-11-l2-1-redlines-audit/design.md):
|
|
7
|
+
* 1. Run all 3 scanners in parallel (skills, rules, openspec)
|
|
8
|
+
* 2. Classifier turns MarkdownLine[] into RedLineEntry[]
|
|
9
|
+
* 3. Backing detector re-classifies each entry (cli-backed vs partial vs prose-only)
|
|
10
|
+
* 4. Tally + return RedLineAudit
|
|
11
|
+
*
|
|
12
|
+
* Sub-agent-sid enforcer (Task 2) is also invoked here: it dogfoods Slice 0.5
|
|
13
|
+
* sid-naming-guard and adds any invalid sids as warnings.
|
|
14
|
+
*/
|
|
15
|
+
import type { RedLineAudit, ScanWarning } from './types.js';
|
|
16
|
+
export interface RedLinesServiceInput {
|
|
17
|
+
readonly projectRoot: string;
|
|
18
|
+
}
|
|
19
|
+
export interface RedLinesServiceResult {
|
|
20
|
+
readonly audit: RedLineAudit;
|
|
21
|
+
readonly warnings: readonly ScanWarning[];
|
|
22
|
+
}
|
|
23
|
+
export declare function runRedLinesAudit(input: RedLinesServiceInput): RedLinesServiceResult;
|