sinapse-ai 1.12.1 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/.claude/CLAUDE.md +2 -2
  2. package/.claude/rules/agent-memory-imports.md +2 -0
  3. package/.sinapse-ai/cli/commands/pro/index.js +8 -48
  4. package/.sinapse-ai/constitution.md +6 -2
  5. package/.sinapse-ai/core-config.yaml +5 -1
  6. package/.sinapse-ai/data/entity-registry.yaml +95 -95
  7. package/.sinapse-ai/development/agents/architect/MEMORY.md +35 -0
  8. package/.sinapse-ai/development/agents/data-engineer/MEMORY.md +38 -0
  9. package/.sinapse-ai/development/agents/developer/MEMORY.md +36 -0
  10. package/.sinapse-ai/development/agents/devops/MEMORY.md +39 -0
  11. package/.sinapse-ai/development/agents/devops.md +0 -1
  12. package/.sinapse-ai/development/agents/product-lead/MEMORY.md +36 -0
  13. package/.sinapse-ai/development/agents/project-lead/MEMORY.md +36 -0
  14. package/.sinapse-ai/development/agents/quality-gate/MEMORY.md +35 -0
  15. package/.sinapse-ai/development/agents/quality-gate.md +1 -1
  16. package/.sinapse-ai/development/agents/snps-orqx.md +4 -0
  17. package/.sinapse-ai/development/agents/sprint-lead/MEMORY.md +36 -0
  18. package/.sinapse-ai/development/templates/chrome-brain/knowledge-base/chrome-brain.md +2 -2
  19. package/.sinapse-ai/infrastructure/scripts/ide-sync/index.js +15 -0
  20. package/.sinapse-ai/infrastructure/scripts/validate-agents.js +159 -8
  21. package/.sinapse-ai/install-manifest.yaml +20 -156
  22. package/AGENTS.md +13 -2
  23. package/CHANGELOG.md +119 -4
  24. package/README.en.md +1 -1
  25. package/README.md +6 -26
  26. package/bin/cli.js +2 -7
  27. package/bin/commands/install.js +19 -257
  28. package/bin/commands/update.js +18 -78
  29. package/bin/lib/command-generator.js +261 -0
  30. package/bin/lib/prompts.js +2 -65
  31. package/bin/modules/chrome-brain-installer.js +2 -1
  32. package/bin/postinstall.js +6 -6
  33. package/docs/getting-started.md +0 -1
  34. package/docs/pt/getting-started.md +1 -1
  35. package/docs/security/dependabot-triage.md +17 -17
  36. package/package.json +6 -3
  37. package/packages/installer/src/wizard/i18n.js +3 -204
  38. package/packages/installer/src/wizard/index.js +1 -1
  39. package/packages/installer/src/wizard/questions.js +5 -368
  40. package/packages/installer/src/wizard/wizard.js +0 -9
  41. package/scripts/generate-install-manifest.js +6 -0
  42. package/scripts/validate-changelog-tags.js +97 -0
  43. package/scripts/validate-no-personal-leaks.js +184 -28
  44. package/scripts/validate-schemas.js +55 -10
  45. package/scripts/validate-story-meta.js +25 -12
  46. package/squads/claude-code-mastery/agents/claude-mastery-chief.md +1 -1
  47. package/squads/claude-code-mastery/agents/hooks-architect.md +12 -20
  48. package/squads/claude-code-mastery/tasks/audit-setup.md +1 -1
  49. package/squads/squad-product/agents/product-orqx.md +0 -1
  50. package/squads/squad-product/agents/ps-client-product-manager.md +0 -1
  51. package/squads/squad-product/agents/ps-delivery-manager.md +0 -1
  52. package/squads/squad-product/agents/ps-discovery-lead.md +0 -1
  53. package/squads/squad-product/agents/ps-product-analyst.md +0 -1
  54. package/squads/squad-product/agents/ps-product-ops-specialist.md +0 -1
  55. package/squads/squad-product/agents/ps-product-strategist.md +0 -1
  56. package/.sinapse-ai/core/grounding/README.md +0 -83
  57. package/.sinapse-ai/core/grounding/brand.cjs +0 -29
  58. package/.sinapse-ai/core/grounding/config-loader.cjs +0 -52
  59. package/.sinapse-ai/core/grounding/design-system.cjs +0 -29
  60. package/.sinapse-ai/core/grounding/vault.cjs +0 -36
  61. package/.sinapse-ai/development/scripts/approval-workflow.js +0 -643
  62. package/.sinapse-ai/development/scripts/backup-manager.js +0 -607
  63. package/.sinapse-ai/development/scripts/branch-manager.js +0 -390
  64. package/.sinapse-ai/development/scripts/code-quality-improver.js +0 -1329
  65. package/.sinapse-ai/development/scripts/commit-message-generator.js +0 -850
  66. package/.sinapse-ai/development/scripts/conflict-resolver.js +0 -675
  67. package/.sinapse-ai/development/scripts/dependency-analyzer.js +0 -638
  68. package/.sinapse-ai/development/scripts/diff-generator.js +0 -352
  69. package/.sinapse-ai/development/scripts/git-wrapper.js +0 -462
  70. package/.sinapse-ai/development/scripts/modification-validator.js +0 -555
  71. package/.sinapse-ai/development/scripts/performance-analyzer.js +0 -758
  72. package/.sinapse-ai/development/scripts/refactoring-suggester.js +0 -1148
  73. package/.sinapse-ai/development/scripts/rollback-handler.js +0 -531
  74. package/.sinapse-ai/development/scripts/security-checker.js +0 -359
  75. package/.sinapse-ai/development/scripts/template-engine.js +0 -240
  76. package/.sinapse-ai/development/scripts/template-validator.js +0 -279
  77. package/.sinapse-ai/development/scripts/test-generator.js +0 -844
  78. package/.sinapse-ai/development/scripts/transaction-manager.js +0 -590
  79. package/.sinapse-ai/development/scripts/yaml-validator.js +0 -397
  80. package/.sinapse-ai/hooks/sinapse-brand-grounding.cjs +0 -162
  81. package/.sinapse-ai/hooks/sinapse-ds-grounding.cjs +0 -211
  82. package/.sinapse-ai/hooks/sinapse-vault-grounding.cjs +0 -194
  83. package/bin/lib/register-grounding-hooks.js +0 -145
  84. package/docs/guides/agents/traces/execution-traces.zip +0 -0
  85. package/docs/guides/grounding-setup.md +0 -154
  86. package/docs/guides/workflows/SINAPSE-WORKFLOWS.zip +0 -0
  87. package/packages/installer/src/pro/pro-scaffolder.js +0 -449
  88. package/packages/installer/src/wizard/grounding-config.js +0 -131
  89. package/packages/installer/src/wizard/pro-setup.js +0 -1439
  90. package/packages/installer/templates/README.md +0 -16
  91. package/packages/installer/templates/brand-routing.example.json +0 -12
  92. package/packages/installer/templates/ds-routing.example.json +0 -12
  93. package/packages/installer/templates/vault-routing.example.json +0 -12
@@ -31,3 +31,41 @@
31
31
  <!-- Patterns no longer relevant — kept for history -->
32
32
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
33
33
 
34
+ ## Municao: Engenharia de Software (kit Fase 4)
35
+
36
+ Fonte completa: `engenharia-software/fase-4-agents/KIT-data-engineer.md` (repo github caioimori/engenharia-de-software). Recorte: modelagem + indexacao + ACID/isolamento + RAG vetorial + RLS multi-tenant + memoria de agent como event store.
37
+
38
+ ### Principios nao-negociaveis
39
+ - Independencia de dados: manipule relacoes declarativamente; o sistema decide storage/indice/caminho de acesso (Codd 1970).
40
+ - ACID e contrato e cada letra custa; "C" (invariantes) e da aplicacao via constraint, nao do banco (Gray & Reuter; Kleppmann DDIA cap.7).
41
+ - Isolamento e matriz anomalia x nivel, nao escada: SI e RR sao incomparaveis. Escolha o MENOR nivel que evita as anomalias relevantes (Berenson et al. 1995).
42
+ - Os nomes do nivel mentem ("REPEATABLE READ" do Postgres = snapshot isolation) — verifique, nao assuma (Jepsen PostgreSQL).
43
+ - Write skew (invariante de conjunto sob SI) exige protecao explicita: SSI, `FOR UPDATE` ou constraint (Ports & Grittner 2012 SSI).
44
+ - Durabilidade vem do log (WAL antes do dado); COMMIT = fsync do registro de commit (Mohan et al. 1992, ARIES).
45
+ - Modele pelas queries reais: BCNF por padrao, desnormaliza so com medicao; indexa colunas reais de WHERE/JOIN/ORDER BY (Ramakrishnan/Gehrke).
46
+ - Cardinalidade domina o plano; `EXPLAIN ANALYZE` (plano real) e o arbitro (Leis et al., Join Order Benchmark).
47
+ - Idempotencia via unique constraint + upsert em todo efeito colateral; exactly-once nao existe = at-least-once + idempotencia (Stripe/Brandur).
48
+ - Memoria de agent = event store append-only + projecoes (CQRS); historico nunca sobrescrito. Isolamento por tenant via RLS. FSM avanca em transacao + outbox, nunca dual-write (Playbook dados distribuidos). PostgreSQL e default racional — sair dele exige necessidade medida.
49
+
50
+ ### Gates verificaveis (antes de Done)
51
+ - [ ] PK/FK declaradas em toda tabela/relacao (`information_schema.table_constraints`, zero faltando).
52
+ - [ ] Unique constraint em toda chave de idempotencia/dedup.
53
+ - [ ] Sem over-indexing: nenhum indice maduro com `idx_scan = 0` (`pg_stat_user_indexes`).
54
+ - [ ] Cada `BEGIN` com nivel de isolamento explicito e justificado (menor que evita as anomalias).
55
+ - [ ] Write skew coberto: teste de concorrencia (duas txns paralelas) prova que o invariante nunca quebra.
56
+ - [ ] Retry de `serialization_failure` (SQLSTATE 40001) com backoff nas txns serializable.
57
+ - [ ] Transacoes curtas: nenhuma chamada de rede (HTTP/LLM) dentro de `BEGIN/COMMIT`.
58
+ - [ ] `EXPLAIN ANALYZE` confirma `Index Scan` nas queries quentes (sem `Seq Scan` inesperado).
59
+ - [ ] Zero N+1; keyset pagination (seek), nao `OFFSET` grande; sem `SELECT *` / result set sem LIMIT em caminho quente.
60
+ - [ ] Migrations versionadas e reversiveis (`up`+`down`); backfill em lotes.
61
+ - [ ] Backup + PITR com restore TESTADO (durabilidade nao testada nao existe).
62
+ - [ ] RAG: filtro hibrido no banco com teste de vazamento cross-tenant = zero; recall@k real medido acima do limiar.
63
+ - [ ] Idempotencia de tool mutante: mesma key 3x = efeito externo 1x (teste de integracao).
64
+ - [ ] Event store append-only: replay reconstroi estado identico (teste de replay).
65
+ - [ ] RLS ativo: query sem `tenant_id` correto retorna zero linhas (teste tenant A x B).
66
+ - [ ] FSM + outbox sem dual-write: crash injetado entre escrita e publicacao nao perde evento.
67
+ - [ ] ADR registrado pra toda escolha estrutural (engine, isolamento padrao, indice vetorial).
68
+
69
+ ### Loop operacional
70
+ Entender (queries reais + invariantes) -> Modelar (BCNF, PK/FK, unique) -> Isolar (menor nivel; write skew -> SSI/lock + retry 40001) -> Indexar -> Provar (`EXPLAIN ANALYZE`, matar N+1) -> Migrar (versionada/reversivel) -> Especializar (RAG/event store/RLS/outbox) -> Verificar (rodar TODOS os gates ate verde) -> Registrar ADR + handoff (push/PR exclusivo do @devops). Diagrama mermaid completo no kit em `engenharia-software/fase-4-agents/KIT-data-engineer.md`.
71
+
@@ -45,3 +45,39 @@
45
45
  <!-- Patterns no longer relevant — kept for history -->
46
46
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
47
47
 
48
+ ## Municao: Engenharia de Software (kit Fase 4)
49
+
50
+ > Fonte: kits completos em `engenharia-software/fase-4-agents/` (KIT-developer + KIT-fundamentos-transversal), repo github `caioimori/engenharia-de-software`. Aqui so o essencial — consulte o kit pro detalhe.
51
+
52
+ ### Principios nao-negociaveis
53
+ - **Codigo e AST, nao string.** Inspecao/edicao via tree-sitter/LSP/AST engine, nunca regex ou troca por linha (edicao crua de LLM muda comportamento em ~7-8% dos casos). (Nystrom *Crafting Interpreters* / CODESTRUCT)
54
+ - **Nenhuma mudanca sem rede verde.** Suite verde antes E depois de cada passo; area sem cobertura -> gera characterization/Golden Master ANTES de tocar. (Feathers *WELC* / Beck)
55
+ - **Smell nomeado antes de refatorar.** So refatora se o sintoma casa uma linha do CATALOGO smell->refactoring->pattern (cite a linha). Sem smell, nao mexe. (Fowler/Martin)
56
+ - **Two Hats.** Cada commit e SO refatoracao OU SO feature, jamais ambos. (Fowler *Refactoring* 2ª ed.)
57
+ - **Passo atomico + reversao.** Um passo por vez; vermelho -> reverte e reduz (nunca empilha quebra). Mudanca grande -> Mikado. (Beck / Mikado Method)
58
+ - **Complexidade cognitiva e o juiz, nao linhas.** Decompoe por intencao/profundidade; modulo profundo > muitos metodos rasos; nunca limite de linha cego. (Ousterhout *APoSD* / SonarSource)
59
+ - **Pattern so com variacao concreta HOJE e abstracao deep (YAGNI).** Prefira idioma mais barato (funcao > classe). (Kerievsky / GoF / Norvig)
60
+ - **Mock so de dependencia out-of-process compartilhada.** Dor no teste = sinal de design, nao desculpa pra mockar. Qualidade = mutation score, nao cobertura de linha. (Khorikov / PIT / Stryker)
61
+ - **Nunca reescreve do zero em codigo com usuarios** -> Strangler Fig / Branch by Abstraction. (Fowler)
62
+ - **Agente = interpretador eval/apply.** Loop com caso base OBRIGATORIO (teto de iteracoes); delega a algoritmo deterministico o que e exato e barato (ordenar/dedup/topo-sort); declara Big-O e estrutura pela operacao dominante; estado minimo, sem mutavel compartilhado no fan-out. (SICP / CLRS / Out of the Tar Pit)
63
+
64
+ ### Gates verificaveis (antes de Done)
65
+ - [ ] Suite verde (pre E pos cada passo) — `npm test` exit 0
66
+ - [ ] Characterization/Golden Master existe em area legada tocada
67
+ - [ ] Behavior diff vazio (Golden Master byte-a-byte) apos refatoracao
68
+ - [ ] Edicao AST-safe — arquivo parseia valido apos Rename/Move/Extract
69
+ - [ ] Complexidade cognitiva <= 15 por funcao (sonarjs / ruff C901 / clippy)
70
+ - [ ] Aninhamento <= 3 niveis (eslint max-depth)
71
+ - [ ] Smell nomeado — refatoracao cita linha do CATALOGO
72
+ - [ ] Two Hats no commit — sem misturar refactor + teste de comportamento novo
73
+ - [ ] Mutation score incremental >= threshold no diff (Stryker / PIT / cargo-mutants)
74
+ - [ ] Anti-overengineering — nenhuma interface de 1 impl especulativa, nenhum Singleton mutavel global
75
+ - [ ] Output sintaticamente valido (codegen/DSL) — grammar-constrained + typecheck exit 0
76
+ - [ ] 100% das tool-calls validadas por schema/gramatica antes de executar
77
+ - [ ] Caso base alcancavel no loop (teto de iteracoes assertado)
78
+ - [ ] Flakiness < 1% (suite rodada N vezes)
79
+ - [ ] ADR registrado pra decisao de design nao-trivial
80
+
81
+ ### Loop operacional
82
+ Entender (legado -> characterizar) -> design barato (comentario de interface antes) -> teste que falha pela razao certa -> implementacao minima que passa -> refatorar com rede (smell->refactoring->pattern, passos atomicos AST) -> gate de qualidade -> Done. Nunca avance com a barra vermelha. Diagramas L1-L12 + loop mestre em `LOOPS-craftsmanship-diagramas.md` (e `LOOPS-onda-6-fundamentos-linguagens-diagramas` pro eval/apply).
83
+
@@ -38,3 +38,42 @@
38
38
  <!-- Patterns no longer relevant — kept for history -->
39
39
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
40
40
 
41
+ ## Municao: Engenharia de Software (kit Fase 4)
42
+
43
+ Kit completo em `engenharia-software/fase-4-agents/KIT-devops-sre.md` (repo github caioimori/engenharia-de-software). Padrao encarnado: DORA Elite + Google SRE — velocidade COM estabilidade. Loop unico: CODAR -> ENTREGAR -> MEDIR -> PROTEGER, realimentado por postmortem.
44
+
45
+ ### Principios nao-negociaveis
46
+ - **Build once, promote everywhere** — um artefato versionado (hash identico) atravessa todos os ambientes; nunca rebuild por ambiente. (Humble & Farley, *Continuous Delivery*)
47
+ - **Batch pequeno + trunk-based** — branch < 1 dia, integracao >= diaria; lotes pequenos = falhas baratas de reverter (mais critico sob codigo de IA). (Accelerate / DORA)
48
+ - **Testes/scans sao gate, nao sugestao** — "pronto" = CI verde objetivo, nunca auto-avaliacao do LLM; suite vermelha bloqueia tudo. (*Continuous Delivery*)
49
+ - **Error budget governa o ritmo** — orcamento ok -> acelera; estourou -> feature freeze (so P0/security). (Google SRE Book)
50
+ - **SLO por Critical User Journey** — SLI = good_events/valid_events; latencia de sucesso separada da de erro. (SRE Workbook)
51
+ - **Todo integration point nasce resiliente** — timeout finito + bulkhead + backoff com jitter (so se idempotente) + cap/retry-budget + idempotency key + backpressure + graceful degradation. Projete contra o LOOP DE AMPLIFICACAO, nao so o gatilho (colapso metaestavel). (Nygard *Release It!* / Bronson-Huang)
52
+ - **A cauda manda** — em fan-out otimize p99/p999, nao a media; hedged request quando p95 estoura. (Dean & Barroso *Tail at Scale*)
53
+ - **Meca antes de otimizar** — USE + drill-down (top->iostat->/proc/meminfo->dmesg, flame graph), classifique memory-bound vs compute-bound; nunca chute "vamos paralelizar". (Brendan Gregg *Systems Performance*)
54
+ - **Durabilidade = fsync, nao write**; least privilege na execucao (seccomp+cgroups+drop caps, nunca root no host, io_uring bloqueado em sandbox hostil). (OSTEP / Saltzer-Schroeder)
55
+ - **Supply chain e gate de 1a classe** — SBOM + assinatura Sigstore + provenance SLSA>=L2, verificado na admissao. (SLSA v1.1 / NIST SSDF)
56
+ - **Postmortem blameless, causas multiplas** -> backlog + atualiza threat model; mitigar antes de diagnosticar. (Cook / SRE Book)
57
+ - **Human-in-the-loop para acao destrutiva** (push --force, delete, deploy prod). (espelha safe-collaboration.md)
58
+
59
+ ### Gates verificaveis (antes de Done)
60
+ - [ ] Branch curto (< 24h, sem long-lived) — `git log`/`git branch -a`
61
+ - [ ] Codigo incompleto atras de feature flag com kill switch (grep confirma flag-guard)
62
+ - [ ] Build-once: hash SHA-256 do artefato identico entre estagios
63
+ - [ ] CI verde: exit 0 em build+unit+lint+type-check+secret scan+dep scan
64
+ - [ ] Suite de testes verde (runner retorna 0 falhas)
65
+ - [ ] Complexidade cognitiva <= 15 por funcao (linter)
66
+ - [ ] Mutation score >= threshold (mutmut/stryker/PIT)
67
+ - [ ] SCA: 0 CVE critico aberto (Trivy/Grype/Snyk)
68
+ - [ ] Secret scan limpo (gitleaks/trufflehog); `.env` real nunca staged
69
+ - [ ] Artefato assinado + SBOM + provenance: `cosign verify` ok, SLSA>=L2
70
+ - [ ] Migration breaking via expand->contract; rollback de schema testado
71
+ - [ ] Deploy progressivo (canary 1-5% + ACA) com rollback amarrado ao SLO; abort automatico fora do budget
72
+ - [ ] DORA 4 keys medidas (deploy freq, lead time, CFR, MTTR) com numero, nao estimativa
73
+ - [ ] Burn-rate multi-janela configurado (14,4x / 6x / 1x); golden signals instrumentados
74
+ - [ ] Triade de estabilidade + idempotency testada em todo integration point; RPO/RTO + restore real testado
75
+ - [ ] (Agents) Eval gate (LLM-as-judge) + canary 5% antes de 100%; cap de iteracoes/retry budget no orquestrador
76
+
77
+ ### Loop operacional
78
+ CODAR (integrar pequeno, testavel, seguro, atras de flag) -> ENTREGAR (pipeline com gates + canary/rollback) -> MEDIR (DORA + SLO + wide events) -> PROTEGER (triade de estabilidade + blast radius); postmortem blameless realimenta o threat model e o error budget governa o ritmo. Detalhe + diagramas mermaid no kit (secao "Loop operacional") e em `PIPELINE-operacional...` / `PLAYBOOK-performance-execucao`.
79
+
@@ -304,7 +304,6 @@ dependencies:
304
304
  utils:
305
305
  - branch-manager # Manages git branch operations and workflows
306
306
  - repository-detector # Detect repository context dynamically
307
- - gitignore-manager # Manage gitignore rules per mode
308
307
  - version-tracker # Track version history and semantic versioning
309
308
  - git-wrapper # Abstracts git command execution for consistency
310
309
  scripts:
@@ -43,3 +43,39 @@
43
43
  ## Archived
44
44
  <!-- Patterns no longer relevant — kept for history -->
45
45
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
46
+
47
+ ## Municao: Engenharia de Software (kit Fase 4)
48
+
49
+ Fonte completa: kit `KIT-product-sprint.md` em `engenharia-software/fase-4-agents/` (repo github caioimori/engenharia-de-software). Destila o essencial; consultar o kit pro detalhe.
50
+
51
+ ### Principios nao-negociaveis
52
+ - **Outcome over output** — todo "so that" e resultado mensuravel, nunca tarefa/feature; roadmap = problemas/outcomes, nao lista de entregas (Perri *Escaping the Build Trap* / Cagan *Inspired*).
53
+ - **Lote pequeno e lei nuclear** — reduzir tamanho do lote corta custo, risco e lead time juntos (Reinertsen *Product Development Flow*).
54
+ - **Slice vertical por outcome** — walking skeleton end-to-end ANTES de qualquer feature horizontal; nunca fatiar por camada tecnica (Patton *User Story Mapping*).
55
+ - **Requisito = exemplo = teste** — key examples concretos com contra-exemplo e edge case (Adzic *Specification by Example* / Example Mapping).
56
+ - **Sem fit criterion, e opiniao** — todo requisito/NFR tem medida objetiva quantificada (Robertson/Volere).
57
+ - **Story passa INVEST + 3C** — 3C = Card/Conversation/Confirmation (estrutura); INVEST = qualidade (Jeffries / Wake).
58
+ - **Limitar WIP, nao maximizar ocupacao** — WIP = Throughput x Cycle Time (Lei de Little); lead time ∝ 1/(1−ρ) (Little/Vacanti / Reinertsen).
59
+ - **MVP = experimento** — hipotese + actionable metric + pivot-or-persevere; cada fatia e um giro de Build-Measure-Learn (Ries *Lean Startup*).
60
+ - **Forecast probabilistico** — "X% de chance ate Y" via throughput/Monte Carlo; nunca data-compromisso, nunca velocity como meta (Vacanti / Goodhart).
61
+ - **Cerimonia calibrada por risco (Cynefin + Boehm-Turner)** — bug fix = YOLO; epic multi-story = pipeline completo.
62
+
63
+ ### Gates verificaveis (antes de Done)
64
+ - [ ] "so that" e outcome mensuravel, nao verbo de implementacao
65
+ - [ ] Fit criterion presente e quantificado (NFR sem numero = FAIL)
66
+ - [ ] >=1 key example Given/When/Then + >=1 contra-exemplo/edge case
67
+ - [ ] INVEST completo (I-N-V-E-S-T item a item)
68
+ - [ ] 3C presentes (Card + Conversation registrada + Confirmation = AC escritos)
69
+ - [ ] Rastreavel feature -> story -> exemplo -> teste
70
+ - [ ] Cabe num lote pequeno (Small); senao split via SPIDR
71
+ - [ ] Fatiada por outcome end-to-end, nao "so backend"/"so frontend"
72
+ - [ ] Walking skeleton existe e veio primeiro
73
+ - [ ] WIP limitado por coluna respeitado (max 1 InProgress por executor)
74
+ - [ ] PR/diff > 400 linhas dispara warning e split
75
+ - [ ] 5 premissas da Lei de Little checadas antes de confiar em cycle time/throughput
76
+ - [ ] Forecast em formato probabilistico (data pontual = FAIL)
77
+ - [ ] DoD por coluna verde antes de avancar status (jidoka/stop-the-line)
78
+ - [ ] WSJF (CoD ÷ Job Size) registrado pro sequenciamento; ordem por HiPPO = FAIL
79
+
80
+ ### Loop operacional
81
+ Classificar (Cynefin/risco) -> Descobrir (OST, >=3 solucoes) -> Mapear (Story Map + walking skeleton) -> Fatiar vertical (SPIDR) -> Refinar (Example Mapping <30min) -> Gate A+B -> Ready -> Pull sob WIP -> Implementar lote pequeno -> DoD jidoka -> Measure -> pivot-or-persevere -> Forecast -> Retro/kaizen. Diagrama mermaid completo na secao "## Loop operacional" do kit.
@@ -37,3 +37,39 @@
37
37
  <!-- Patterns no longer relevant — kept for history -->
38
38
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
39
39
 
40
+ ## Municao: Engenharia de Software (kit Fase 4)
41
+
42
+ Fonte completa: kit `KIT-product-sprint.md` em `engenharia-software/fase-4-agents/` (repo github caioimori/engenharia-de-software). Carregar pra detalhe; aqui so o essencial.
43
+
44
+ ### Principios nao-negociaveis
45
+ - **Outcome over output** — todo "so that" e resultado mensuravel, nunca tarefa/feature; roadmap = problemas/outcomes (Perri *Escaping the Build Trap* / Cagan *Inspired*).
46
+ - **Lote pequeno e lei nuclear** — reduzir o lote corta custo, risco, variabilidade e lead time de uma vez (Reinertsen *Product Development Flow*).
47
+ - **Slice vertical por outcome** — walking skeleton end-to-end ANTES de qualquer feature horizontal; quebrar com SPIDR (Patton *User Story Mapping* / Cohn).
48
+ - **Requisito = exemplo = teste** — criterio de aceite sao key examples concretos com contra-exemplo e edge case (Adzic *Specification by Example* / Example Mapping).
49
+ - **Sem fit criterion, e opiniao** — todo requisito (esp. NFR) tem medida objetiva quantificada (Robertson/Volere).
50
+ - **Story passa INVEST + 3C** — 3C = Card/Conversation/Confirmation (estrutura); INVEST = qualidade (Jeffries / Wake).
51
+ - **Limitar WIP, nao ocupacao** — WIP = Throughput x Cycle Time (Lei de Little); lead time ∝ 1/(1−ρ), 100% ocupacao explode (Reinertsen / Vacanti).
52
+ - **MVP = experimento** — hipotese + actionable metric + pivot-or-persevere; cada fatia = giro de Build-Measure-Learn (Ries *Lean Startup*).
53
+ - **Forecast probabilistico** — "X% de chance ate Y" via throughput/Monte Carlo; velocity NUNCA como meta, nem individual (Vacanti / Goodhart).
54
+ - **Cerimonia calibrada por risco** — Cynefin + Boehm-Turner (Size/Criticality/Dynamism/Personnel/Culture): bug fix = YOLO, epic = pipeline.
55
+
56
+ ### Gates verificaveis (antes de Done)
57
+ - [ ] "so that" e outcome mensuravel, nao verbo de implementacao
58
+ - [ ] fit criterion presente e quantificado (NFR sem numero = FAIL)
59
+ - [ ] >=1 key example Given/When/Then + >=1 contra-exemplo/edge case
60
+ - [ ] INVEST completo (cada item marcado)
61
+ - [ ] 3C presentes (Card + Conversation registrada + Confirmation)
62
+ - [ ] rastreavel feature->story->exemplo->teste
63
+ - [ ] cabe num lote pequeno (Small); senao split por SPIDR
64
+ - [ ] fatiada vertical por outcome (rejeita "so backend"/"so frontend")
65
+ - [ ] walking skeleton existe e veio primeiro
66
+ - [ ] WIP por coluna respeitado (max 1 InProgress por executor)
67
+ - [ ] PR/diff > 400 linhas dispara split
68
+ - [ ] 5 premissas da Lei de Little checadas antes de confiar em cycle time/throughput
69
+ - [ ] forecast em formato probabilistico (data pontual-compromisso = FAIL)
70
+ - [ ] DoD por coluna verde (jidoka/stop-the-line) antes de avancar status
71
+ - [ ] WSJF (`CoD ÷ Job Size`) registrado pra sequenciamento; ordem por HiPPO = FAIL
72
+
73
+ ### Loop operacional
74
+ Classificar (Cynefin) -> descobrir (OST, >=3 solucoes, testar assumption mais arriscada) -> mapear (Story Map) -> fatiar vertical (SPIDR) -> refinar (Example Mapping <30min) -> Gate A+B (Ready) -> puxar sob WIP -> implementar lote pequeno -> DoD jidoka -> medir actionable metric -> pivot-or-persevere -> forecast Monte Carlo -> retro (kaizen + OST + CFD). Diagrama mermaid completo na secao "## Loop operacional" do kit.
75
+
@@ -41,3 +41,38 @@
41
41
  <!-- Patterns no longer relevant — kept for history -->
42
42
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
43
43
 
44
+ ## Munição: Engenharia de Software (kit Fase 4)
45
+
46
+ Fonte: kit completo em `engenharia-software/fase-4-agents/KIT-quality-gate.md` (repo github caioimori/engenharia-de-software). Consolida testes/TDD + segurança/threat-model. Regra de ouro: todo princípio que pode virar gate, virou gate. Verdict sempre amarrado a evidência de ferramenta — nunca "parece bom".
47
+
48
+ ### Princípios não-negociáveis
49
+ - Cobertura ≠ qualidade; o sinal honesto é mutation score incremental no diff (DeMillo/Lipton/Sayward; PIT/Stryker).
50
+ - Teste comportamento observável, nunca implementação — resistência à refatoração é binária (Khorikov, *Unit Testing* 2020).
51
+ - Só mocke dependência out-of-process compartilhada/mutável; nunca interna nem privada (Khorikov; Google/Thoughtworks).
52
+ - 4 pilares: fixe resistência+manutenibilidade, negocie proteção×velocidade (Khorikov 2020).
53
+ - Determinismo é lei: relógio/aleatório/I/O injetados; flakiness > 1% destrói a suíte (*SWE at Google*).
54
+ - Pirâmide por size de recurso (~80/15/5), não por nome de camada (Cohn; *SWE at Google*).
55
+ - Legacy = código sem teste → characterization test antes de tocar (Feathers, *WELC* 2004).
56
+ - Suíte verde é pré-condição de merge, não conquista (Beck, *TDD by Example*).
57
+ - Toda saída do LLM é input não confiável — valida contra schema/allow-list (OWASP LLM05/2025).
58
+ - Cada ameaça → mitigação → teste → gate; prompt injection se resolve por contenção, não filtro (Shostack/STRIDE; OWASP LLM01).
59
+
60
+ ### Gates verificáveis (antes de Done)
61
+ - [ ] Suíte verde 100% (runner exit 0; zero skip sem justificativa)
62
+ - [ ] Mutation score incremental ≥ threshold do módulo (Stryker/PIT no diff)
63
+ - [ ] Flakiness < 1% (flaky → quarentena + owner + deadline)
64
+ - [ ] Zero lógica condicional no teste (sem if/for/while/try)
65
+ - [ ] Zero mock de dependência interna ou out-of-process privada
66
+ - [ ] Determinismo: sem Date.now()/Math.random()/I/O real não-injetado
67
+ - [ ] Nome do teste descreve comportamento; snapshot não é única asserção
68
+ - [ ] SCA bloqueia CVE crítico em dependência
69
+ - [ ] Secret scanning bloqueia merge com credencial em plaintext
70
+ - [ ] SAST com FP tunado; achado crítico bloqueia
71
+ - [ ] Threat model STRIDE rastreável a teste (feature que cruza trust boundary/toca dado sensível)
72
+ - [ ] Cripto: zero cripto caseira; AEAD + Argon2id + CSPRNG; secret em KMS
73
+ - [ ] Agent de IA: allow-list de tools, HITL em ação destrutiva, secret fora do prompt
74
+ - [ ] Agent de IA: isolamento multi-tenant + red-team de prompt injection como regressão
75
+
76
+ ### Loop operacional
77
+ QA Gate/Loop determinístico: suíte verde → qualidade do teste → mutation incremental → flakiness → segurança → least agency → verdict (PASS/CONCERNS/FAIL/WAIVED); qualquer gate aplicável vermelho ⇒ não assina Done; máx 5 iterações então escala. Diagrama/passo-a-passo completo no kit (`KIT-quality-gate.md` §"Loop operacional").
78
+
@@ -207,7 +207,7 @@ dependencies:
207
207
  tasks:
208
208
  - qa-create-fix-request.md
209
209
  - qa-generate-tests.md
210
- - manage-story-backlog.md
210
+ - po-manage-story-backlog.md
211
211
  - qa-nfr-assess.md
212
212
  - qa-gate.md
213
213
  - qa-review-build.md
@@ -697,6 +697,10 @@ framework_compatibility:
697
697
  - "Sinapse own domain expertise: branding, content, copy, growth, finance, etc."
698
698
  - "No overlap — clear boundary between dev workflow and domain expertise"
699
699
  - "@sinapse-orqx can invoke any squad directly via /{prefix}:agents:{orchestrator}"
700
+
701
+ autoClaude:
702
+ version: '3.0'
703
+ migratedAt: '2026-06-21T05:17:50.359Z'
700
704
  ```
701
705
 
702
706
  ---
@@ -38,3 +38,39 @@
38
38
  <!-- Patterns no longer relevant — kept for history -->
39
39
  <!-- Format: - ~~{pattern}~~ | Archived: {YYYY-MM-DD} | Reason: {reason} -->
40
40
 
41
+ ## Municao: Engenharia de Software (kit Fase 4)
42
+
43
+ Fonte completa: `engenharia-software/fase-4-agents/KIT-product-sprint.md` (repo github caioimori/engenharia-de-software). Principio-mestre: o artefato (story/board) e meio; o fim e entendimento compartilhado + comportamento medido. Lote pequeno e lei nuclear.
44
+
45
+ ### Principios nao-negociaveis
46
+ - **Outcome over output.** Todo "so that" e resultado mensuravel, nunca tarefa/feature; roadmap = problemas/outcomes (Perri *Escaping the Build Trap* / Cagan *Inspired*).
47
+ - **Slice vertical por outcome, walking skeleton primeiro.** End-to-end fino ANTES de feature horizontal; quebra com SPIDR (Spike/Path/Interface/Data/Rules) (Patton *User Story Mapping* / Cohn).
48
+ - **Requisito = exemplo = teste.** Key examples concretos com contra-exemplo e edge case; sem fit criterion quantificado e opiniao (Adzic *Specification by Example* / Robertson-Volere).
49
+ - **Story passa INVEST + 3C.** 3C = Card/Conversation/Confirmation (estrutura); INVEST = qualidade (Wake / Jeffries).
50
+ - **Limitar WIP, nao maximizar ocupacao.** WIP = Throughput × Cycle Time (Lei de Little); lead time ∝ 1/(1−ρ); pull, nao push (Reinertsen / Anderson *Kanban*).
51
+ - **MVP e experimento, nao versao pequena.** Cada fatia = giro Build-Measure-Learn com hipotese + actionable metric + pivot-or-persevere (Ries *Lean Startup*).
52
+ - **Forecast probabilistico, nao promessa.** "X% ate Y" via throughput/Monte Carlo; velocity NUNCA como meta (Vacanti / Goodhart).
53
+ - **Cerimonia calibrada por risco (Cynefin + Boehm-Turner).** Bug fix = YOLO; epic multi-story = pipeline completo (Snowden / Boehm-Turner).
54
+ - **DoD como jidoka (stop-the-line).** Defeito para a linha; status nao avanca sem gate verde (Poppendieck / DevOps Handbook).
55
+ - **Discovery e habito, nao fase.** OST vivo: >=3 solucoes por oportunidade, testa a assumption mais arriscada primeiro (Torres *Continuous Discovery Habits*).
56
+
57
+ ### Gates verificaveis (antes de Done)
58
+ - [ ] "so that" e outcome mensuravel, nao verbo de implementacao
59
+ - [ ] Fit criterion presente e quantificado (NFR sem numero = FAIL)
60
+ - [ ] >=1 key example Given/When/Then + >=1 contra-exemplo/edge case
61
+ - [ ] INVEST completo (item a item)
62
+ - [ ] 3C presentes (Card + Conversation + Confirmation)
63
+ - [ ] Rastreavel feature -> story -> exemplo -> teste
64
+ - [ ] Cabe num lote pequeno (Small); senao dispara split via SPIDR
65
+ - [ ] Fatiada por outcome end-to-end (rejeita slice so backend/so frontend)
66
+ - [ ] Walking skeleton existe e veio antes de feature horizontal
67
+ - [ ] MVP declarado como experimento (hipotese + metric + pivot)
68
+ - [ ] WIP respeitado: max 1 InProgress por executor; PR/diff > 400 linhas = quebrar
69
+ - [ ] Forecast em formato probabilistico ("X% ate Y"); data pontual = FAIL
70
+ - [ ] Velocity NAO usada como meta (nem individual)
71
+ - [ ] Complexidade classificada (Cynefin) e cerimonia calibrada (Boehm-Turner)
72
+ - [ ] WSJF registrado para sequenciamento (CoD ÷ Job Size); ordem por HiPPO = FAIL
73
+
74
+ ### Loop operacional
75
+ Classificar (Cynefin) -> descobrir (OST) -> mapear (Story Map) -> fatiar vertical (SPIDR) -> refinar (Example Mapping <30min) -> Gate A+B -> puxar sob WIP -> implementar lote pequeno (DoD jidoka) -> medir -> aprender (pivot/persevere) -> forecast Monte Carlo -> retro (1-3 kaizen + atualiza OST/CFD). Diagrama completo na secao "Loop operacional" do kit.
76
+
@@ -76,8 +76,8 @@ Nao precisa rodar `chrome-debug` manualmente.
76
76
  3. Testar em nova aba → comparar com original → iterar
77
77
 
78
78
  **Casos validados:**
79
- - itsoffbrand.com hero (orb WebGL, parallax, blend-mode) — 15min
80
- - sinapse.club face 3D (Three.js r183, WaltHead.obj, bloom) — 20min
79
+ - hero com orb WebGL (parallax, blend-mode) — ~15min
80
+ - landing com rosto 3D (Three.js + bloom) — ~20min
81
81
 
82
82
  ### Animacoes 3D via AI
83
83
 
@@ -324,6 +324,21 @@ async function commandSync(options) {
324
324
 
325
325
  // Filter IDEs if --ide flag specified
326
326
  let targetIdes = Object.entries(config.targets);
327
+
328
+ // Hard-skip: ide-sync must NEVER write .codex. The Codex mirror is owned by the
329
+ // canonical Codex sync (sync-codex-local-first.js writes thin runtime pointers
330
+ // resolved by resolve-codex-agent.js). Letting ide-sync write it clobbers those
331
+ // pointers with full agent bodies. This is enforced in CODE — not just via the
332
+ // config `targets.codex.enabled: false` — so a stray config flip can't re-arm the
333
+ // foot-gun. To refresh .codex, run `npm run sync:codex`.
334
+ if (options.ide === 'codex') {
335
+ console.error(
336
+ `${colors.yellow}'codex' is managed by the Codex sync (npm run sync:codex), not ide-sync — nothing to do.${colors.reset}`
337
+ );
338
+ process.exit(0);
339
+ }
340
+ targetIdes = targetIdes.filter(([name]) => name !== 'codex');
341
+
327
342
  if (options.ide) {
328
343
  targetIdes = targetIdes.filter(([name]) => name === options.ide);
329
344
  if (targetIdes.length === 0) {
@@ -28,6 +28,10 @@ const yaml = require('js-yaml');
28
28
  // Paths
29
29
  const ROOT_DIR = path.join(__dirname, '..', '..');
30
30
  const AGENTS_DIR = path.join(ROOT_DIR, 'development', 'agents');
31
+ // Squad agents live in the repo root under squads/<squad>/agents/*.md.
32
+ // ROOT_DIR is .sinapse-ai/; the repo root is one level up.
33
+ const REPO_ROOT = path.join(ROOT_DIR, '..');
34
+ const SQUADS_DIR = path.join(REPO_ROOT, 'squads');
31
35
  const TASKS_DIR = path.join(ROOT_DIR, 'development', 'tasks');
32
36
  const TEMPLATES_DIR = path.join(ROOT_DIR, 'development', 'templates');
33
37
  const CHECKLISTS_DIR = path.join(ROOT_DIR, 'development', 'checklists');
@@ -93,9 +97,10 @@ function extractYamlFromMarkdown(content) {
93
97
  }
94
98
 
95
99
  /**
96
- * Load all agent files
100
+ * Load the 12 CORE agents (development/agents/*.md).
101
+ * Core agents are held to the STRICT schema (problems -> errors).
97
102
  */
98
- async function loadAllAgents() {
103
+ async function loadCoreAgents() {
99
104
  const agents = [];
100
105
 
101
106
  try {
@@ -115,6 +120,8 @@ async function loadAllAgents() {
115
120
  commands: parsed.commands || [],
116
121
  dependencies: parsed.dependencies || {},
117
122
  parsed,
123
+ isCore: true,
124
+ tier: 'core',
118
125
  });
119
126
  }
120
127
  }
@@ -126,6 +133,100 @@ async function loadAllAgents() {
126
133
  return agents;
127
134
  }
128
135
 
136
+ /**
137
+ * Load the SQUAD agents (squads/<squad>/agents/*.md).
138
+ *
139
+ * Non-breaking by design: squad agents carry KNOWN pre-existing debt (3
140
+ * different definition formats, malformed frontmatter, missing roster
141
+ * entries) that later waves will fix. Here they are classified as WARNINGS,
142
+ * never errors — the only thing that can ERROR is an unreadable file.
143
+ *
144
+ * Each record is tagged isCore:false so the validators downgrade their
145
+ * findings to warnings.
146
+ */
147
+ async function loadSquadAgents() {
148
+ const agents = [];
149
+
150
+ let squadDirs;
151
+ try {
152
+ const entries = await fs.readdir(SQUADS_DIR, { withFileTypes: true });
153
+ squadDirs = entries.filter((e) => e.isDirectory()).map((e) => e.name);
154
+ } catch {
155
+ // No squads/ dir (e.g. a stripped checkout) -> nothing to add, not fatal.
156
+ return agents;
157
+ }
158
+
159
+ for (const squad of squadDirs) {
160
+ const agentsDir = path.join(SQUADS_DIR, squad, 'agents');
161
+ let files;
162
+ try {
163
+ files = await fs.readdir(agentsDir);
164
+ } catch {
165
+ continue; // squad without an agents/ dir -> skip
166
+ }
167
+
168
+ for (const file of files) {
169
+ if (!file.endsWith('.md') || file.startsWith('_')) continue;
170
+ const filePath = path.join(agentsDir, file);
171
+
172
+ let content;
173
+ try {
174
+ content = await fs.readFile(filePath, 'utf-8');
175
+ } catch (error) {
176
+ // Unreadable file is the ONE critical issue allowed to error for squads.
177
+ agents.push({
178
+ file: `${squad}/agents/${file}`,
179
+ path: filePath,
180
+ id: file.replace('.md', ''),
181
+ name: undefined,
182
+ commands: [],
183
+ dependencies: {},
184
+ parsed: null,
185
+ isCore: false,
186
+ tier: 'squad',
187
+ squad,
188
+ readError: error.message,
189
+ });
190
+ continue;
191
+ }
192
+
193
+ let parsed = null;
194
+ try {
195
+ parsed = extractYamlFromMarkdown(content);
196
+ } catch {
197
+ // Malformed frontmatter -> parsed stays null; surfaced as a WARNING.
198
+ parsed = null;
199
+ }
200
+
201
+ const agentBlock = parsed && parsed.agent ? parsed.agent : {};
202
+ agents.push({
203
+ file: `${squad}/agents/${file}`,
204
+ path: filePath,
205
+ id: agentBlock.id || file.replace('.md', ''),
206
+ name: agentBlock.name,
207
+ commands: (parsed && parsed.commands) || [],
208
+ dependencies: (parsed && parsed.dependencies) || {},
209
+ parsed,
210
+ isCore: false,
211
+ tier: 'squad',
212
+ squad,
213
+ parseFailed: parsed === null,
214
+ });
215
+ }
216
+ }
217
+
218
+ return agents;
219
+ }
220
+
221
+ /**
222
+ * Load all agent files (core + squad).
223
+ */
224
+ async function loadAllAgents() {
225
+ const core = await loadCoreAgents();
226
+ const squad = await loadSquadAgents();
227
+ return [...core, ...squad];
228
+ }
229
+
129
230
  /**
130
231
  * Check if a file exists
131
232
  */
@@ -171,21 +272,32 @@ function validateCommandUniqueness(agents) {
171
272
  agent: agent.id,
172
273
  file: agent.file,
173
274
  hasVisibility: cmd.visibility !== undefined,
275
+ isCore: agent.isCore === true,
174
276
  });
175
277
  }
176
278
  }
177
279
 
178
- // Check for duplicates
280
+ // Check for duplicates.
281
+ // A collision is an ERROR only when it is entirely between CORE agents
282
+ // (the strict, long-standing guarantee). Any collision that involves a
283
+ // SQUAD agent is downgraded to a WARNING — squad agents carry pre-existing
284
+ // naming debt that later waves will reconcile, and they must not break CI.
179
285
  for (const [cmd, owners] of commandOwners) {
180
286
  if (owners.length > 1 && !SHARED_COMMANDS.has(cmd)) {
181
287
  const ownerList = owners.map((o) => `@${o.agent}`).join(', ');
182
- errors.push({
288
+ const allCore = owners.every((o) => o.isCore);
289
+ const finding = {
183
290
  type: 'DUPLICATE_COMMAND',
184
291
  command: cmd,
185
292
  owners: owners.map((o) => o.agent),
186
293
  message: `Command "*${cmd}" has multiple owners: ${ownerList}`,
187
294
  suggestion: `Keep "*${cmd}" only in the primary owner agent and remove from others, or add to SHARED_COMMANDS if intentionally shared.`,
188
- });
295
+ };
296
+ if (allCore) {
297
+ errors.push(finding);
298
+ } else {
299
+ warnings.push(finding);
300
+ }
189
301
  }
190
302
  }
191
303
 
@@ -282,9 +394,37 @@ function validateAgentFormat(agents) {
282
394
  for (const agent of agents) {
283
395
  const { parsed, file, id } = agent;
284
396
 
397
+ // SQUAD agents: known pre-existing debt. Every structural problem here is
398
+ // a WARNING (never an error) so the 160 squad agents never break CI. The
399
+ // single exception (unreadable file) is handled earlier in the loader.
400
+ // CORE agents keep the strict behavior — structural problems are errors.
401
+ const sink = agent.isCore ? errors : warnings;
402
+
403
+ // Unreadable file is the ONLY truly-critical squad issue -> error.
404
+ if (agent.readError) {
405
+ errors.push({
406
+ type: 'UNREADABLE_AGENT',
407
+ agent: id,
408
+ message: `Cannot read agent file ${file}: ${agent.readError}`,
409
+ });
410
+ continue;
411
+ }
412
+
413
+ // A squad agent whose YAML didn't parse at all -> one consolidated warning,
414
+ // then skip the field-by-field checks (parsed is null).
415
+ if (!parsed || !parsed.agent) {
416
+ warnings.push({
417
+ type: 'UNPARSEABLE_AGENT',
418
+ agent: id,
419
+ message: `Could not parse agent definition in ${file} (no agent block / malformed frontmatter) — squad debt, later wave`,
420
+ suggestion: 'Normalize the agent frontmatter to the standard schema (agent.id/name/title).',
421
+ });
422
+ continue;
423
+ }
424
+
285
425
  // Check required fields
286
426
  if (!parsed.agent.id) {
287
- errors.push({
427
+ sink.push({
288
428
  type: 'MISSING_FIELD',
289
429
  agent: id,
290
430
  field: 'agent.id',
@@ -293,7 +433,7 @@ function validateAgentFormat(agents) {
293
433
  }
294
434
 
295
435
  if (!parsed.agent.name) {
296
- errors.push({
436
+ sink.push({
297
437
  type: 'MISSING_FIELD',
298
438
  agent: id,
299
439
  field: 'agent.name',
@@ -302,7 +442,7 @@ function validateAgentFormat(agents) {
302
442
  }
303
443
 
304
444
  if (!parsed.agent.title) {
305
- errors.push({
445
+ sink.push({
306
446
  type: 'MISSING_FIELD',
307
447
  agent: id,
308
448
  field: 'agent.title',
@@ -443,6 +583,10 @@ function formatResults(results, showSuggestions = false) {
443
583
  lines.push(' Summary');
444
584
  lines.push('━'.repeat(60));
445
585
  lines.push(` Agents validated: ${summary.totalAgents}`);
586
+ if (summary.coreAgents !== undefined) {
587
+ lines.push(` Core (strict): ${summary.coreAgents}`);
588
+ lines.push(` Squad (warn): ${summary.squadAgents}`);
589
+ }
446
590
  lines.push(` Errors: ${summary.totalErrors}`);
447
591
  lines.push(` Warnings: ${summary.totalWarnings}`);
448
592
  lines.push('');
@@ -487,12 +631,17 @@ async function validateAgents(options = {}) {
487
631
  dependencyValidation.warnings.length +
488
632
  formatValidation.warnings.length;
489
633
 
634
+ const coreAgents = agents.filter((a) => a.isCore);
635
+ const squadAgents = agents.filter((a) => !a.isCore);
636
+
490
637
  const results = {
491
638
  commandValidation,
492
639
  dependencyValidation,
493
640
  formatValidation,
494
641
  summary: {
495
642
  totalAgents: agents.length,
643
+ coreAgents: coreAgents.length,
644
+ squadAgents: squadAgents.length,
496
645
  totalErrors,
497
646
  totalWarnings,
498
647
  valid: totalErrors === 0,
@@ -545,6 +694,8 @@ module.exports = {
545
694
  validateDependencies,
546
695
  validateAgentFormat,
547
696
  loadAllAgents,
697
+ loadCoreAgents,
698
+ loadSquadAgents,
548
699
  };
549
700
 
550
701
  // Run CLI if called directly