sinapse-ai 1.12.1 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/CLAUDE.md +2 -2
- package/.claude/rules/agent-memory-imports.md +2 -0
- package/.sinapse-ai/cli/commands/pro/index.js +8 -48
- package/.sinapse-ai/constitution.md +6 -2
- package/.sinapse-ai/core-config.yaml +5 -1
- package/.sinapse-ai/data/entity-registry.yaml +95 -95
- package/.sinapse-ai/development/agents/architect/MEMORY.md +35 -0
- package/.sinapse-ai/development/agents/data-engineer/MEMORY.md +38 -0
- package/.sinapse-ai/development/agents/developer/MEMORY.md +36 -0
- package/.sinapse-ai/development/agents/devops/MEMORY.md +39 -0
- package/.sinapse-ai/development/agents/devops.md +0 -1
- package/.sinapse-ai/development/agents/product-lead/MEMORY.md +36 -0
- package/.sinapse-ai/development/agents/project-lead/MEMORY.md +36 -0
- package/.sinapse-ai/development/agents/quality-gate/MEMORY.md +35 -0
- package/.sinapse-ai/development/agents/quality-gate.md +1 -1
- package/.sinapse-ai/development/agents/snps-orqx.md +4 -0
- package/.sinapse-ai/development/agents/sprint-lead/MEMORY.md +36 -0
- package/.sinapse-ai/development/templates/chrome-brain/knowledge-base/chrome-brain.md +2 -2
- package/.sinapse-ai/infrastructure/scripts/ide-sync/index.js +15 -0
- package/.sinapse-ai/infrastructure/scripts/validate-agents.js +159 -8
- package/.sinapse-ai/install-manifest.yaml +20 -156
- package/AGENTS.md +13 -2
- package/CHANGELOG.md +119 -4
- package/README.en.md +1 -1
- package/README.md +6 -26
- package/bin/cli.js +2 -7
- package/bin/commands/install.js +19 -257
- package/bin/commands/update.js +18 -78
- package/bin/lib/command-generator.js +261 -0
- package/bin/lib/prompts.js +2 -65
- package/bin/modules/chrome-brain-installer.js +2 -1
- package/bin/postinstall.js +6 -6
- package/docs/getting-started.md +0 -1
- package/docs/pt/getting-started.md +1 -1
- package/docs/security/dependabot-triage.md +17 -17
- package/package.json +6 -3
- package/packages/installer/src/wizard/i18n.js +3 -204
- package/packages/installer/src/wizard/index.js +1 -1
- package/packages/installer/src/wizard/questions.js +5 -368
- package/packages/installer/src/wizard/wizard.js +0 -9
- package/scripts/generate-install-manifest.js +6 -0
- package/scripts/validate-changelog-tags.js +97 -0
- package/scripts/validate-no-personal-leaks.js +184 -28
- package/scripts/validate-schemas.js +55 -10
- package/scripts/validate-story-meta.js +25 -12
- package/squads/claude-code-mastery/agents/claude-mastery-chief.md +1 -1
- package/squads/claude-code-mastery/agents/hooks-architect.md +12 -20
- package/squads/claude-code-mastery/tasks/audit-setup.md +1 -1
- package/squads/squad-product/agents/product-orqx.md +0 -1
- package/squads/squad-product/agents/ps-client-product-manager.md +0 -1
- package/squads/squad-product/agents/ps-delivery-manager.md +0 -1
- package/squads/squad-product/agents/ps-discovery-lead.md +0 -1
- package/squads/squad-product/agents/ps-product-analyst.md +0 -1
- package/squads/squad-product/agents/ps-product-ops-specialist.md +0 -1
- package/squads/squad-product/agents/ps-product-strategist.md +0 -1
- package/.sinapse-ai/core/grounding/README.md +0 -83
- package/.sinapse-ai/core/grounding/brand.cjs +0 -29
- package/.sinapse-ai/core/grounding/config-loader.cjs +0 -52
- package/.sinapse-ai/core/grounding/design-system.cjs +0 -29
- package/.sinapse-ai/core/grounding/vault.cjs +0 -36
- package/.sinapse-ai/development/scripts/approval-workflow.js +0 -643
- package/.sinapse-ai/development/scripts/backup-manager.js +0 -607
- package/.sinapse-ai/development/scripts/branch-manager.js +0 -390
- package/.sinapse-ai/development/scripts/code-quality-improver.js +0 -1329
- package/.sinapse-ai/development/scripts/commit-message-generator.js +0 -850
- package/.sinapse-ai/development/scripts/conflict-resolver.js +0 -675
- package/.sinapse-ai/development/scripts/dependency-analyzer.js +0 -638
- package/.sinapse-ai/development/scripts/diff-generator.js +0 -352
- package/.sinapse-ai/development/scripts/git-wrapper.js +0 -462
- package/.sinapse-ai/development/scripts/modification-validator.js +0 -555
- package/.sinapse-ai/development/scripts/performance-analyzer.js +0 -758
- package/.sinapse-ai/development/scripts/refactoring-suggester.js +0 -1148
- package/.sinapse-ai/development/scripts/rollback-handler.js +0 -531
- package/.sinapse-ai/development/scripts/security-checker.js +0 -359
- package/.sinapse-ai/development/scripts/template-engine.js +0 -240
- package/.sinapse-ai/development/scripts/template-validator.js +0 -279
- package/.sinapse-ai/development/scripts/test-generator.js +0 -844
- package/.sinapse-ai/development/scripts/transaction-manager.js +0 -590
- package/.sinapse-ai/development/scripts/yaml-validator.js +0 -397
- package/.sinapse-ai/hooks/sinapse-brand-grounding.cjs +0 -162
- package/.sinapse-ai/hooks/sinapse-ds-grounding.cjs +0 -211
- package/.sinapse-ai/hooks/sinapse-vault-grounding.cjs +0 -194
- package/bin/lib/register-grounding-hooks.js +0 -145
- package/docs/guides/agents/traces/execution-traces.zip +0 -0
- package/docs/guides/grounding-setup.md +0 -154
- package/docs/guides/workflows/SINAPSE-WORKFLOWS.zip +0 -0
- package/packages/installer/src/pro/pro-scaffolder.js +0 -449
- package/packages/installer/src/wizard/grounding-config.js +0 -131
- package/packages/installer/src/wizard/pro-setup.js +0 -1439
- package/packages/installer/templates/README.md +0 -16
- package/packages/installer/templates/brand-routing.example.json +0 -12
- package/packages/installer/templates/ds-routing.example.json +0 -12
- package/packages/installer/templates/vault-routing.example.json +0 -12
|
@@ -0,0 +1,261 @@
|
|
|
1
|
+
// bin/lib/command-generator.js — shared agent-command generation.
|
|
2
|
+
//
|
|
3
|
+
// Single source of truth for the Phase 2 "generate agent commands" logic used by
|
|
4
|
+
// BOTH `install` and `update`. Previously update.js only regenerated `-orqx`
|
|
5
|
+
// commands, silently dropping every specialist command + the rich master stubs a
|
|
6
|
+
// fresh install creates. Extracting the install behavior here makes `update`
|
|
7
|
+
// produce byte-identical command files to `install`.
|
|
8
|
+
|
|
9
|
+
const fs = require('fs');
|
|
10
|
+
const path = require('path');
|
|
11
|
+
|
|
12
|
+
const { SINAPSE_HOME, CLAUDE_COMMANDS_DIR } = require('./constants');
|
|
13
|
+
const { extractAgentMeta } = require('./squads');
|
|
14
|
+
const { toForwardSlash } = require('./fs-utils');
|
|
15
|
+
|
|
16
|
+
/**
|
|
17
|
+
* Rich Imperator stub for the master entry points (@sinapse, @snps, @sinapse-orqx,
|
|
18
|
+
* @snps-orqx). The identity (ASCII greeting + 👑 signature + diagnose→plan→delegate
|
|
19
|
+
* mandate) is baked INLINE so activation is reliable — it does not depend on the model
|
|
20
|
+
* choosing to deep-read an external persona (which produced a shallow "modo orqx" before).
|
|
21
|
+
* The full persona (routing table, workflows, tasks) is still linked for depth.
|
|
22
|
+
*/
|
|
23
|
+
function generateMasterStub(agentId, personaPath, squadPath, squads) {
|
|
24
|
+
const squadCount = squads.length;
|
|
25
|
+
const agentCount = squads.reduce((a, s) => a + (s.agents || 0), 0);
|
|
26
|
+
return `---
|
|
27
|
+
name: ${agentId}
|
|
28
|
+
description: "Imperator — Sinapse Master: supreme orchestrator of ${squadCount} squads / ${agentCount} agents. Diagnoses every briefing and auto-generates an orchestration plan."
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
# Imperator — Sinapse Master (${agentId})
|
|
32
|
+
|
|
33
|
+
ACTIVATION-NOTICE: You are now Imperator — the supreme orchestrator of the SINAPSE ecosystem. Every request passes through you first.
|
|
34
|
+
|
|
35
|
+
## YOUR ONLY FUNCTION — NON-NEGOTIABLE
|
|
36
|
+
|
|
37
|
+
You DIAGNOSE and HAND OFF. That is the whole job. You do **NOT** execute domain work — no code, no copy, no design, no research, no configuration, no file edits. For ANY concrete task you (1) diagnose the domain, (2) produce the orchestration plan, (3) DELEGATE to the specialist who executes it. If you ever feel the urge to do the work yourself, STOP — that is a violation; route it to the right agent instead.
|
|
38
|
+
|
|
39
|
+
## ON ACTIVATION — display this EXACTLY as your first output (before anything else)
|
|
40
|
+
|
|
41
|
+
\`\`\`
|
|
42
|
+
███████╗██╗███╗ ██╗ █████╗ ██████╗ ███████╗███████╗
|
|
43
|
+
██╔════╝██║████╗ ██║██╔══██╗██╔══██╗██╔════╝██╔════╝
|
|
44
|
+
███████╗██║██╔██╗ ██║███████║██████╔╝███████╗█████╗
|
|
45
|
+
╚════██║██║██║╚██╗██║██╔══██║██╔═══╝ ╚════██║██╔══╝
|
|
46
|
+
███████║██║██║ ╚████║██║ ██║██║ ███████║███████╗
|
|
47
|
+
╚══════╝╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝
|
|
48
|
+
██████╗ ██████╗ ██████╗ ██╗ ██╗
|
|
49
|
+
██╔═══██╗██╔══██╗██╔═══██╗╚██╗██╔╝
|
|
50
|
+
██║ ██║██████╔╝██║ ██║ ╚███╔╝
|
|
51
|
+
██║ ██║██╔══██╗██║▄▄ ██║ ██╔██╗
|
|
52
|
+
╚██████╔╝██║ ██║╚██████╔╝██╔╝ ██╗
|
|
53
|
+
╚═════╝ ╚═╝ ╚═╝ ╚══▀▀═╝ ╚═╝ ╚═╝
|
|
54
|
+
\`\`\`
|
|
55
|
+
|
|
56
|
+
\`\`\`
|
|
57
|
+
AI Agent Squads for Claude Code
|
|
58
|
+
${squadCount} squads · ${agentCount} agents
|
|
59
|
+
|
|
60
|
+
👑 Imperator — Sinapse Master ativado
|
|
61
|
+
|
|
62
|
+
Descreva seu objetivo que eu diagnostico o domínio
|
|
63
|
+
e roteio para o agente certo.
|
|
64
|
+
|
|
65
|
+
Comandos principais:
|
|
66
|
+
*route {pedido} — Diagnostica e roteia para a squad certa
|
|
67
|
+
*plan {iniciativa} — Desenha um plano de execução multi-squad
|
|
68
|
+
*status — Reporta todas as squads e capacidades
|
|
69
|
+
*onboard — Tour guiado do ecossistema SINAPSE
|
|
70
|
+
*help — Mostra todos os comandos
|
|
71
|
+
\`\`\`
|
|
72
|
+
|
|
73
|
+
## AFTER THE GREETING — NON-NEGOTIABLE (Imperator's core function)
|
|
74
|
+
|
|
75
|
+
Check if the user provided a briefing with the activation:
|
|
76
|
+
- **Briefing provided** → proceed IMMEDIATELY: run the Initial State Audit → classify the request → produce an ORCHESTRATION PLAN (phases + squads + specific agents assigned + handoffs) → delegate to the specialists. NEVER ask "do you want me to plan?" — for Imperator the answer is always YES.
|
|
77
|
+
- **Bare activation** → await the briefing, then apply the same flow automatically on receipt.
|
|
78
|
+
|
|
79
|
+
You diagnose and DELEGATE — never execute domain work yourself. Route simple, well-defined requests directly to @specialist; complex ones to @{domain}-orqx; cross-domain ones by coordinating multiple orchestrators.
|
|
80
|
+
|
|
81
|
+
## FULL OPERATING PARAMETERS
|
|
82
|
+
|
|
83
|
+
For your complete persona — the routing table of all squads, the Initial State Audit, the Documentation-First gate, NSN enforcement, and every workflow and task — read and ADOPT:
|
|
84
|
+
\`${personaPath}\`
|
|
85
|
+
Tasks: \`${squadPath}/tasks/\` · Workflows: \`${squadPath}/workflows/\` · Manifest: \`${squadPath}/squad.yaml\`
|
|
86
|
+
|
|
87
|
+
— Imperator, orchestrating SINAPSE
|
|
88
|
+
`;
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
function generateCommandMd(agentId, agentName, agentIcon, squadName, squadPath, agentFile) {
|
|
92
|
+
// Detecta se é orquestrador: id termina em -orqx OU é Imperator (snps-orqx/sinapse-orqx)
|
|
93
|
+
// ou um dos apelidos curtos do master (sinapse/snps).
|
|
94
|
+
const isOrchestrator = /-orqx$/.test(agentId) || agentId === 'snps-orqx' || agentId === 'sinapse-orqx' || agentId === 'sinapse' || agentId === 'snps';
|
|
95
|
+
|
|
96
|
+
const step4 = isOrchestrator
|
|
97
|
+
? `4. Briefing-on-activation check (this agent is an ORCHESTRATOR):
|
|
98
|
+
- If user provided briefing/context with the activation → proceed IMMEDIATELY: absorb → diagnose → plan with phases + agents + handoffs → execute (YOLO). NEVER ask "do you want me to plan?".
|
|
99
|
+
- If bare activation only → await briefing. On receipt, apply same flow automatically.`
|
|
100
|
+
: '4. HALT and await user input';
|
|
101
|
+
|
|
102
|
+
const step6 = isOrchestrator
|
|
103
|
+
? `6. Briefing-on-activation check (ORCHESTRATOR):
|
|
104
|
+
- If user provided briefing → proceed IMMEDIATELY: absorb → diagnose → plan → execute
|
|
105
|
+
- If bare activation → await briefing, then plan automatically. NEVER ask "do you want me to plan?".`
|
|
106
|
+
: '6. HALT and await user input';
|
|
107
|
+
|
|
108
|
+
// Frontmatter (name + description) is REQUIRED so the file resolves as a Claude Code
|
|
109
|
+
// subagent (@id) — without it, @id matches nothing. The same file doubles as a slash
|
|
110
|
+
// command (/SINAPSE:agents:id); extra frontmatter is harmless there.
|
|
111
|
+
const fmDesc = (isOrchestrator
|
|
112
|
+
? `${agentName || agentId} — orchestrator for ${squadName}; diagnoses, routes to specialists and auto-generates an orchestration plan`
|
|
113
|
+
: `${agentName || agentId} — ${squadName} specialist`).replace(/["\n\r]/g, ' ').trim();
|
|
114
|
+
|
|
115
|
+
return `---
|
|
116
|
+
name: ${agentId}
|
|
117
|
+
description: "${fmDesc}"
|
|
118
|
+
---
|
|
119
|
+
|
|
120
|
+
# ${agentId}
|
|
121
|
+
|
|
122
|
+
ACTIVATION-NOTICE: This command activates an agent from ${squadName}.
|
|
123
|
+
|
|
124
|
+
CRITICAL: Read the agent definition file at \`${squadPath}/agents/${agentFile}\` to understand your full operating parameters. Then:
|
|
125
|
+
1. Adopt the persona defined in that file (name: ${agentName}, icon: ${agentIcon})
|
|
126
|
+
2. Load the squad manifest at \`${squadPath}/squad.yaml\` for context
|
|
127
|
+
3. Display a greeting showing your agent name, role, and available commands
|
|
128
|
+
${step4}
|
|
129
|
+
|
|
130
|
+
## Agent Reference
|
|
131
|
+
- **Agent ID:** ${agentId}
|
|
132
|
+
- **Squad:** ${squadName}
|
|
133
|
+
- **Definition:** \`${squadPath}/agents/${agentFile}\`
|
|
134
|
+
- **Squad Manifest:** \`${squadPath}/squad.yaml\`
|
|
135
|
+
- **Tasks:** \`${squadPath}/tasks/\`
|
|
136
|
+
- **Knowledge Bases:** \`${squadPath}/knowledge-base/\`
|
|
137
|
+
- **Workflows:** \`${squadPath}/workflows/\`
|
|
138
|
+
|
|
139
|
+
## Activation Instructions
|
|
140
|
+
1. Read the full agent definition: \`${squadPath}/agents/${agentFile}\`
|
|
141
|
+
2. Adopt the persona (name, icon, communication style, principles)
|
|
142
|
+
3. Show greeting: "{icon} {name} — {role} ativado"
|
|
143
|
+
4. Show: "Squad: ${squadName} | Invoke: /SINAPSE:agents:${agentId}"
|
|
144
|
+
5. List your key tasks from the agent definition
|
|
145
|
+
${step6}
|
|
146
|
+
|
|
147
|
+
## How to Execute Tasks
|
|
148
|
+
When the user requests a task:
|
|
149
|
+
1. Find the matching task in \`${squadPath}/tasks/\`
|
|
150
|
+
2. Read the task file completely
|
|
151
|
+
3. Execute following the task checklist step by step
|
|
152
|
+
4. Consult knowledge bases in \`${squadPath}/knowledge-base/\` as needed
|
|
153
|
+
|
|
154
|
+
## Cross-Squad Handoff
|
|
155
|
+
If the task requires expertise outside this squad:
|
|
156
|
+
1. Identify which squad covers the needed domain
|
|
157
|
+
2. Recommend: /SINAPSE:agents:{appropriate-agent}
|
|
158
|
+
3. Provide handoff context
|
|
159
|
+
`;
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
/**
|
|
163
|
+
* Regenerate ALL agent command files into `commandsDir`. This is the exact Phase 2
|
|
164
|
+
* behavior of a fresh install, shared so `update` produces an identical set:
|
|
165
|
+
* 1. Clear commandsDir.
|
|
166
|
+
* 2. Write a command for EVERY agent of every squad (not only -orqx).
|
|
167
|
+
* 3. Write commands for the sinapse master squad agents.
|
|
168
|
+
* 4. Overwrite the four master entry points (sinapse-orqx, snps-orqx, sinapse,
|
|
169
|
+
* snps) with the rich Imperator stub.
|
|
170
|
+
*
|
|
171
|
+
* @param {Object} [deps] - Injectable dependencies (defaults bind to real fs/paths).
|
|
172
|
+
* @param {string} [deps.sinapseHome] - Root of installed squads (~/.sinapse).
|
|
173
|
+
* @param {string} [deps.commandsDir] - Target commands dir.
|
|
174
|
+
* @param {Array} deps.squads - Squad descriptors ({ name, agents, ... }).
|
|
175
|
+
* @param {string} [deps.sinapseMasterDest] - Path to the installed sinapse/ master squad.
|
|
176
|
+
* @returns {{ writtenAgents: Set<string>, totalAgents: number }}
|
|
177
|
+
*/
|
|
178
|
+
function regenerateAgentCommands(deps = {}) {
|
|
179
|
+
const {
|
|
180
|
+
sinapseHome = SINAPSE_HOME,
|
|
181
|
+
commandsDir = CLAUDE_COMMANDS_DIR,
|
|
182
|
+
squads,
|
|
183
|
+
sinapseMasterDest = path.join(sinapseHome, 'sinapse'),
|
|
184
|
+
} = deps;
|
|
185
|
+
|
|
186
|
+
if (!Array.isArray(squads)) {
|
|
187
|
+
throw new Error('regenerateAgentCommands: `squads` array is required');
|
|
188
|
+
}
|
|
189
|
+
|
|
190
|
+
fs.mkdirSync(commandsDir, { recursive: true });
|
|
191
|
+
|
|
192
|
+
// Clear old commands (dir may not exist on a fresh install — guarded).
|
|
193
|
+
try {
|
|
194
|
+
for (const f of fs.readdirSync(commandsDir)) {
|
|
195
|
+
fs.unlinkSync(path.join(commandsDir, f));
|
|
196
|
+
}
|
|
197
|
+
} catch { /* dir may not exist yet */ }
|
|
198
|
+
|
|
199
|
+
const sinapseBase = toForwardSlash(sinapseHome);
|
|
200
|
+
const writtenAgents = new Set();
|
|
201
|
+
|
|
202
|
+
// 1. A command/subagent for EVERY agent (not only -orqx), so every specialist
|
|
203
|
+
// is invokable via @agent and /SINAPSE:agents:agent.
|
|
204
|
+
for (const squad of squads) {
|
|
205
|
+
const squadPath = `${sinapseBase}/${squad.name}`;
|
|
206
|
+
const agentsDir = path.join(sinapseHome, squad.name, 'agents');
|
|
207
|
+
if (!fs.existsSync(agentsDir)) continue;
|
|
208
|
+
|
|
209
|
+
const squadAgents = fs.readdirSync(agentsDir).filter(f => f.endsWith('.md'));
|
|
210
|
+
for (const file of squadAgents) {
|
|
211
|
+
const agentId = file.replace('.md', '');
|
|
212
|
+
const meta = extractAgentMeta(path.join(agentsDir, file));
|
|
213
|
+
const cmdContent = generateCommandMd(agentId, meta.name, meta.icon, squad.name, squadPath, file);
|
|
214
|
+
fs.writeFileSync(path.join(commandsDir, `${agentId}.md`), cmdContent);
|
|
215
|
+
writtenAgents.add(file);
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
|
|
219
|
+
// 2. Commands for sinapse/ master squad agents.
|
|
220
|
+
if (fs.existsSync(sinapseMasterDest)) {
|
|
221
|
+
const masterAgentsDir = path.join(sinapseMasterDest, 'agents');
|
|
222
|
+
if (fs.existsSync(masterAgentsDir)) {
|
|
223
|
+
for (const file of fs.readdirSync(masterAgentsDir).filter(f => f.endsWith('.md'))) {
|
|
224
|
+
if (writtenAgents.has(file)) continue;
|
|
225
|
+
const agentId = file.replace('.md', '');
|
|
226
|
+
const meta = extractAgentMeta(path.join(masterAgentsDir, file));
|
|
227
|
+
const squadPath = `${sinapseBase}/sinapse`;
|
|
228
|
+
const cmdContent = generateCommandMd(agentId, meta.name, meta.icon, 'sinapse', squadPath, file);
|
|
229
|
+
fs.writeFileSync(path.join(commandsDir, `${agentId}.md`), cmdContent);
|
|
230
|
+
writtenAgents.add(file);
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
// 3. Master entry points (@sinapse, @snps, @sinapse-orqx, @snps-orqx) → rich
|
|
236
|
+
// Imperator stub. Overwrites the generic command file for the orqx names and
|
|
237
|
+
// adds the short aliases the user actually types.
|
|
238
|
+
if (fs.existsSync(sinapseMasterDest)) {
|
|
239
|
+
const masterSquadPath = `${sinapseBase}/sinapse`;
|
|
240
|
+
const masterEntryPoints = [
|
|
241
|
+
['sinapse-orqx', 'sinapse-orqx.md'],
|
|
242
|
+
['snps-orqx', 'snps-orqx.md'],
|
|
243
|
+
['sinapse', 'sinapse-orqx.md'],
|
|
244
|
+
['snps', 'snps-orqx.md'],
|
|
245
|
+
];
|
|
246
|
+
for (const [id, personaFile] of masterEntryPoints) {
|
|
247
|
+
const personaPath = `${masterSquadPath}/agents/${personaFile}`;
|
|
248
|
+
const stub = generateMasterStub(id, personaPath, masterSquadPath, squads);
|
|
249
|
+
fs.writeFileSync(path.join(commandsDir, `${id}.md`), stub);
|
|
250
|
+
writtenAgents.add(`${id}.md`);
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
|
|
254
|
+
return { writtenAgents, totalAgents: writtenAgents.size };
|
|
255
|
+
}
|
|
256
|
+
|
|
257
|
+
module.exports = {
|
|
258
|
+
generateCommandMd,
|
|
259
|
+
generateMasterStub,
|
|
260
|
+
regenerateAgentCommands,
|
|
261
|
+
};
|
package/bin/lib/prompts.js
CHANGED
|
@@ -1,9 +1,8 @@
|
|
|
1
|
-
// bin/lib/prompts.js — interactive prompts (LLM,
|
|
1
|
+
// bin/lib/prompts.js — interactive prompts (LLM, uninstall).
|
|
2
2
|
// Story GA-1.2 — extracted from bin/cli.js.
|
|
3
3
|
|
|
4
|
-
const path = require('path');
|
|
5
4
|
const { getLogger } = require('../../.sinapse-ai/core/logger');
|
|
6
|
-
const {
|
|
5
|
+
const { CYAN, GREEN, BOLD, DIM, YELLOW, NC } = require('./constants');
|
|
7
6
|
const { detectInteractiveMode, warnNonInteractive } = require('./detection');
|
|
8
7
|
|
|
9
8
|
/**
|
|
@@ -53,67 +52,6 @@ async function promptLlmChoice() {
|
|
|
53
52
|
}
|
|
54
53
|
}
|
|
55
54
|
|
|
56
|
-
// Story 10.47 — collect optional grounding paths (vault / design system /
|
|
57
|
-
// brand). Empty answers leave the section disabled and the shipped hook
|
|
58
|
-
// stays a no-op. Reuses the multi-signal interactive detector from Story
|
|
59
|
-
// 10.46 so CI / non-TTY runs skip silently with the consolidated warning
|
|
60
|
-
// already emitted by lang/LLM helpers.
|
|
61
|
-
async function promptGroundingSections({ isUpsert = false, reconfigure = false } = {}) {
|
|
62
|
-
const logger = getLogger();
|
|
63
|
-
const groundingConfig = require(path.join(
|
|
64
|
-
ROOT, 'packages', 'installer', 'src', 'wizard', 'grounding-config',
|
|
65
|
-
));
|
|
66
|
-
const existing = groundingConfig.readGroundingConfig();
|
|
67
|
-
const pending = isUpsert && !reconfigure
|
|
68
|
-
? groundingConfig.pendingGroundingSections(existing)
|
|
69
|
-
: { askVault: true, askDesignSystem: true, askBrand: true };
|
|
70
|
-
|
|
71
|
-
if (!pending.askVault && !pending.askDesignSystem && !pending.askBrand) {
|
|
72
|
-
return existing;
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
if (!detectInteractiveMode()) {
|
|
76
|
-
warnNonInteractive();
|
|
77
|
-
// Persist defaults so the file exists with a documented schema even on
|
|
78
|
-
// headless installs (helps users discover it later via `--reconfigure`).
|
|
79
|
-
const merged = groundingConfig.buildGroundingFromAnswers({}, existing);
|
|
80
|
-
groundingConfig.writeGroundingConfig(merged);
|
|
81
|
-
return merged;
|
|
82
|
-
}
|
|
83
|
-
|
|
84
|
-
const questions = require(path.join(
|
|
85
|
-
ROOT, 'packages', 'installer', 'src', 'wizard', 'questions',
|
|
86
|
-
));
|
|
87
|
-
const inquirer = require('inquirer');
|
|
88
|
-
|
|
89
|
-
const ask = [];
|
|
90
|
-
if (pending.askVault) ask.push(questions.getVaultGroundingQuestion());
|
|
91
|
-
if (pending.askDesignSystem) ask.push(questions.getDesignSystemGroundingQuestion());
|
|
92
|
-
if (pending.askBrand) ask.push(questions.getBrandGroundingQuestion());
|
|
93
|
-
|
|
94
|
-
logger.always('');
|
|
95
|
-
logger.always(`${CYAN}Grounding semantico (opt-in):${NC}`);
|
|
96
|
-
logger.always(`${DIM} Pular qualquer pergunta ativa o fallback generico do framework.${NC}`);
|
|
97
|
-
|
|
98
|
-
let answers = {};
|
|
99
|
-
try {
|
|
100
|
-
answers = await inquirer.prompt(ask);
|
|
101
|
-
} catch {
|
|
102
|
-
// Fallback: minimal readline loop if inquirer fails (e.g. exotic shells).
|
|
103
|
-
const readline = require('readline');
|
|
104
|
-
const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
|
|
105
|
-
const askLine = (msg) => new Promise((resolve) => rl.question(msg, resolve));
|
|
106
|
-
if (pending.askVault) answers.vaultPath = (await askLine(' Vault path (Enter pra pular): ')).trim();
|
|
107
|
-
if (pending.askDesignSystem) answers.designSystemPath = (await askLine(' Design system path (Enter pra pular): ')).trim();
|
|
108
|
-
if (pending.askBrand) answers.brandbookPath = (await askLine(' Brandbook path (Enter pra pular): ')).trim();
|
|
109
|
-
rl.close();
|
|
110
|
-
}
|
|
111
|
-
|
|
112
|
-
const merged = groundingConfig.buildGroundingFromAnswers(answers, existing);
|
|
113
|
-
groundingConfig.writeGroundingConfig(merged);
|
|
114
|
-
return merged;
|
|
115
|
-
}
|
|
116
|
-
|
|
117
55
|
// Story 10.40 — Confirmation prompt for destructive uninstall.
|
|
118
56
|
// Returns true if user confirmed, false otherwise.
|
|
119
57
|
async function confirmUninstall() {
|
|
@@ -130,6 +68,5 @@ async function confirmUninstall() {
|
|
|
130
68
|
|
|
131
69
|
module.exports = {
|
|
132
70
|
promptLlmChoice,
|
|
133
|
-
promptGroundingSections,
|
|
134
71
|
confirmUninstall,
|
|
135
72
|
};
|
|
@@ -140,7 +140,8 @@ function mergeHooks(settingsPath, hookDefs) {
|
|
|
140
140
|
const existing = settings.hooks[hookType] || [];
|
|
141
141
|
const newKeys = new Set(hookList.map(h => hookKey(h.matcher, h)));
|
|
142
142
|
// Dedupe by (matcher + command) so SessionStart matcher="" doesn't
|
|
143
|
-
// collide with other modules' SessionStart hooks (e.g.
|
|
143
|
+
// collide with other modules' SessionStart hooks (e.g. another
|
|
144
|
+
// session-start grounding hook).
|
|
144
145
|
const filtered = existing.filter(e => !newKeys.has(hookKey(e.matcher, e)));
|
|
145
146
|
filtered.push(...hookList);
|
|
146
147
|
settings.hooks[hookType] = filtered;
|
package/bin/postinstall.js
CHANGED
|
@@ -340,7 +340,7 @@ function stepCreateRuntimeDirs() {
|
|
|
340
340
|
fs.mkdirSync(dir, { recursive: true });
|
|
341
341
|
} catch (err) {
|
|
342
342
|
if (err.code === 'EACCES' || err.code === 'EPERM') {
|
|
343
|
-
warn(`Sem permissão para criar ${path.relative(PROJECT_ROOT, dir)} —
|
|
343
|
+
warn(`Sem permissão para criar ${path.relative(PROJECT_ROOT, dir)} — SINAPSE AI vai tentar criar no primeiro uso.`);
|
|
344
344
|
softFailures += 1;
|
|
345
345
|
continue;
|
|
346
346
|
}
|
|
@@ -439,7 +439,7 @@ function stepDoctor() {
|
|
|
439
439
|
* Teste: sinapse doctor
|
|
440
440
|
* Começar: @sinapse no Claude Code
|
|
441
441
|
*
|
|
442
|
-
* Docs: https://sinapse
|
|
442
|
+
* Docs: https://github.com/caioimori/sinapse-ai#readme
|
|
443
443
|
*
|
|
444
444
|
* In --verbose mode the caller has already printed detailed step output, so we
|
|
445
445
|
* still render the minimal summary at the end as a recap.
|
|
@@ -477,9 +477,9 @@ function renderFinalSummary(opts = {}) {
|
|
|
477
477
|
const isGlobal = isGlobalInstall();
|
|
478
478
|
const lines = [];
|
|
479
479
|
if (firstRun) {
|
|
480
|
-
lines.push(`${c.bold}Bem-vindo ao
|
|
480
|
+
lines.push(`${c.bold}Bem-vindo ao SINAPSE AI!${c.reset} 🎉`);
|
|
481
481
|
}
|
|
482
|
-
lines.push(`${c.bold}
|
|
482
|
+
lines.push(`${c.bold}SINAPSE AI ${version}${c.reset} instalado ${c.green}✓${c.reset}`);
|
|
483
483
|
if (!isGlobal) {
|
|
484
484
|
lines.push(`${c.dim}${agents} ${agentsWord} · ${squads} ${squadsWord} ${prontosWord}${c.reset}`);
|
|
485
485
|
}
|
|
@@ -493,7 +493,7 @@ function renderFinalSummary(opts = {}) {
|
|
|
493
493
|
lines.push(`Começar: ${c.cyan}@sinapse${c.reset} no Claude Code`);
|
|
494
494
|
}
|
|
495
495
|
lines.push('');
|
|
496
|
-
lines.push(`Docs: ${c.dim}https://sinapse
|
|
496
|
+
lines.push(`Docs: ${c.dim}https://github.com/caioimori/sinapse-ai#readme${c.reset}`);
|
|
497
497
|
|
|
498
498
|
for (const line of lines) {
|
|
499
499
|
process.stdout.write(`${line}\n`);
|
|
@@ -567,7 +567,7 @@ function main(argvOverride) {
|
|
|
567
567
|
return 0;
|
|
568
568
|
}
|
|
569
569
|
|
|
570
|
-
verboseLog(`${c.dim}
|
|
570
|
+
verboseLog(`${c.dim}SINAPSE AI postinstall — configurando ambiente...${c.reset}`);
|
|
571
571
|
|
|
572
572
|
const syncIde = stepSyncIde();
|
|
573
573
|
if (syncIde.critical) {
|
package/docs/getting-started.md
CHANGED
|
@@ -42,7 +42,6 @@ No prompt do Claude Code ou Codex:
|
|
|
42
42
|
|---|---|
|
|
43
43
|
| Entender filosofia do framework | [`README.md`](../README.md) |
|
|
44
44
|
| Ver lista completa de agentes | [Agent Reference Guide](agent-reference-guide.md) |
|
|
45
|
-
| Configurar grounding (vault, DS, brand) | [Grounding Setup](guides/grounding-setup.md) |
|
|
46
45
|
| Resolver problema na instalação | [Troubleshooting](troubleshooting.md) |
|
|
47
46
|
| Ver workflow de desenvolvimento | [`docs/sinapse-workflows/`](sinapse-workflows/) |
|
|
48
47
|
| Contribuir | [`CONTRIBUTING.md`](../CONTRIBUTING.md) |
|
|
@@ -337,7 +337,7 @@ steps:
|
|
|
337
337
|
|
|
338
338
|
## Conceitos Básicos da Camada de Memória
|
|
339
339
|
|
|
340
|
-
A camada de memória da SINAPSE (Chrome Brain v3) fornece gerenciamento inteligente de contexto com grounding
|
|
340
|
+
A camada de memória da SINAPSE (Chrome Brain v3) fornece gerenciamento inteligente de contexto com grounding contra seu vault de notas (opcional) e recuperação semântica nativa.
|
|
341
341
|
|
|
342
342
|
### Como a Memória Funciona
|
|
343
343
|
|
|
@@ -10,22 +10,21 @@ This document applies to `caioimori/sinapse-ai` and covers advisories surfaced b
|
|
|
10
10
|
- GitHub Dependabot alerts (https://github.com/caioimori/sinapse-ai/security/dependabot)
|
|
11
11
|
- `npm audit` run locally or in CI
|
|
12
12
|
|
|
13
|
-
## Current state (2026-
|
|
13
|
+
## Current state (2026-06-21)
|
|
14
14
|
|
|
15
15
|
### GitHub Dependabot
|
|
16
16
|
|
|
17
|
-
Open alerts: **0**.
|
|
17
|
+
Open alerts: **0**. The 3 `undici` alerts surfaced on 2026-06-21 (#36, #41, #43) were dismissed as `tolerable_risk` with rationale (see below). The earlier `picomatch` / `brace-expansion` advisories are gone — the bundled `npm` tarball advanced to `11.17.0`, which ships patched versions.
|
|
18
18
|
|
|
19
19
|
### Local `npm audit` — full dev tree
|
|
20
20
|
|
|
21
|
-
|
|
21
|
+
One advisory family remains surfaced by `npm audit` even after applying root `overrides` in `package.json`:
|
|
22
22
|
|
|
23
|
-
| Severity | Package |
|
|
23
|
+
| Severity | Package | Advisories | Path |
|
|
24
24
|
|---|---|---|---|
|
|
25
|
-
| HIGH |
|
|
26
|
-
| MODERATE | brace-expansion@5.0.4 | GHSA-f886-m6hf-6m8v (zero-step DoS) | `semantic-release > @semantic-release/npm > npm > minimatch > brace-expansion` |
|
|
25
|
+
| HIGH (aggregate) | undici@6.26.0 | GHSA-p88m-4jfj-68fv, GHSA-g8m3-5g58-fq7m, GHSA-35p6-xmwp-9g52, GHSA-vxpw-j846-p89q | `semantic-release > @semantic-release/npm > npm > node-gyp > undici` |
|
|
27
26
|
|
|
28
|
-
|
|
27
|
+
It originates from the `npm@11.17.0` tarball that `@semantic-release/npm@13.1.5` bundles. `npm` reports it literally as *"undici@6.26.0 is a bundled dependency of npm@11.17.0 ... It cannot be fixed automatically."* It is frozen inside npm's bundled dependency tree and cannot be replaced via root `overrides` (overrides do not reach into `bundleDependencies` — verified: a targeted `undici@<6.27.0` override has no effect).
|
|
29
28
|
|
|
30
29
|
## Triage decision
|
|
31
30
|
|
|
@@ -33,12 +32,10 @@ Status: **Accepted — tolerable risk.**
|
|
|
33
32
|
|
|
34
33
|
Rationale:
|
|
35
34
|
|
|
36
|
-
1. **Scope:**
|
|
37
|
-
2. **Reachability:** `node-gyp`
|
|
38
|
-
3. **Shipped package:** `npm pack --dry-run` confirms `semantic-release` and its `node_modules` do not ship to the published `sinapse-ai` tarball (
|
|
39
|
-
4. **Upstream fix dependency:** The fix lives upstream — a new `npm` tarball that embeds
|
|
40
|
-
|
|
41
|
-
GitHub Dependabot already confirms this judgement: these advisories are NOT surfaced as open alerts at `https://github.com/caioimori/sinapse-ai/security/dependabot`.
|
|
35
|
+
1. **Scope:** `undici` here is a transitive dev-only dependency. It is reached only through `semantic-release`, which runs in CI release automation and never in user-installed code paths. `npm audit --omit=dev --audit-level=high` on the root returns `0 vulns`.
|
|
36
|
+
2. **Reachability:** `node-gyp` invokes `undici` only when downloading Node headers to build native addons during install. None of the undici advisories (header injection, SameSite downgrade, queue poisoning, WebSocket DoS) is reachable from any code path that executes when a user runs `npx sinapse-ai install` or any runtime agent command.
|
|
37
|
+
3. **Shipped package:** `npm pack --dry-run` confirms `semantic-release` and its `node_modules` do not ship to the published `sinapse-ai` tarball (`devDependency` only).
|
|
38
|
+
4. **Upstream fix dependency:** The fix lives upstream — a new `npm` tarball that embeds `undici >= 6.27.0`, followed by a `@semantic-release/npm` bump. Blocked on external release timing; the SINAPSE project cannot accelerate it.
|
|
42
39
|
|
|
43
40
|
## CI gate policy
|
|
44
41
|
|
|
@@ -47,7 +44,7 @@ Two-tier audit enforcement in `.github/workflows/ci.yml`:
|
|
|
47
44
|
1. **Production-dep gate (hard block, Article X Tier 1 #7):**
|
|
48
45
|
`npm audit --omit=dev --audit-level=high` MUST pass — any HIGH or CRITICAL in production dependencies blocks merge.
|
|
49
46
|
2. **Full-tree gate (critical-only):**
|
|
50
|
-
`npm audit --audit-level=critical` MUST pass — CRITICAL anywhere (incl. dev) blocks merge. HIGH/MODERATE in dev with triage entry in this document is accepted.
|
|
47
|
+
`npm audit --audit-level=critical` MUST pass — CRITICAL anywhere (incl. dev) blocks merge. HIGH/MODERATE in dev with a triage entry in this document is accepted.
|
|
51
48
|
|
|
52
49
|
If a new HIGH/MODERATE in dev deps emerges and is not yet in this document, CI does NOT block it (tier 2 only flags critical). The maintainer must review `npm audit` at each RC and either upgrade or add a row below.
|
|
53
50
|
|
|
@@ -55,12 +52,14 @@ If a new HIGH/MODERATE in dev deps emerges and is not yet in this document, CI d
|
|
|
55
52
|
|
|
56
53
|
| Advisory | Package | Severity | Reason | Expires |
|
|
57
54
|
|---|---|---|---|---|
|
|
58
|
-
| GHSA-
|
|
59
|
-
| GHSA-
|
|
55
|
+
| GHSA-p88m-4jfj-68fv | undici | MODERATE | Bundled inside `npm@11.17.0` within `semantic-release` dev dep. Not reachable from user runtime. Upstream fix pending. | Next GA re-review |
|
|
56
|
+
| GHSA-g8m3-5g58-fq7m | undici | LOW | Bundled inside `npm@11.17.0` within `semantic-release` dev dep. Not reachable from user runtime. Upstream fix pending. | Next GA re-review |
|
|
57
|
+
| GHSA-35p6-xmwp-9g52 | undici | LOW | Bundled inside `npm@11.17.0` within `semantic-release` dev dep. Not reachable from user runtime. Upstream fix pending. | Next GA re-review |
|
|
58
|
+
| GHSA-vxpw-j846-p89q | undici | LOW | WebSocket DoS, surfaced by `npm audit` only. Same bundled-in-npm origin. Not reachable from user runtime. | Next GA re-review |
|
|
60
59
|
|
|
61
60
|
## Proactive hardening in place
|
|
62
61
|
|
|
63
|
-
Even though overrides do not reach the bundled tree, `package.json` carries root `overrides`
|
|
62
|
+
Even though overrides do not reach the bundled tree, `package.json` carries root `overrides` (`diff`, `serialize-javascript`, `picomatch`, `brace-expansion`, `fast-uri`, `ip-address`, `@babel/core`, `js-yaml`). When upstream `npm` / `@semantic-release/npm` releases a tarball with `undici >= 6.27.0`, the advisory clears with no action needed. A defensive `undici` override was evaluated and intentionally NOT added — it has zero effect on a bundled dependency and would be dead config.
|
|
64
63
|
|
|
65
64
|
## Review cadence
|
|
66
65
|
|
|
@@ -73,3 +72,4 @@ Even though overrides do not reach the bundled tree, `package.json` carries root
|
|
|
73
72
|
| Date | Actor | Change |
|
|
74
73
|
|---|---|---|
|
|
75
74
|
| 2026-04-19 | Story 10.34 execution | Triage created. rc.1-era 12 alerts confirmed closed on GitHub. 2 remaining `npm audit` advisories (picomatch + brace-expansion inside bundled npm) accepted as tolerable risk. Root `overrides` added defensively. CI gate hardened with `--omit=dev --audit-level=high` job. |
|
|
75
|
+
| 2026-06-21 | Session audit | npm bundled tarball advanced to `11.17.0` → picomatch + brace-expansion advisories resolved upstream and removed. New `undici@6.26.0` advisory family surfaced (3 Dependabot alerts + 1 audit-only). Confirmed bundled-in-npm and unfixable via overrides; dismissed the 3 Dependabot alerts as `tolerable_risk` and accepted here. Production audit remains `0 vulns`. |
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "sinapse-ai",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.13.0",
|
|
4
4
|
"description": "SINAPSE AI: Framework de orquestracao de IA — 17 squads, 172 agentes especializados",
|
|
5
5
|
"bin": {
|
|
6
6
|
"sinapse": "bin/sinapse.js",
|
|
@@ -72,6 +72,9 @@
|
|
|
72
72
|
"!**/tests/**",
|
|
73
73
|
"!**/*.test.js",
|
|
74
74
|
"!**/*.spec.js",
|
|
75
|
+
"!**/dist/**",
|
|
76
|
+
"!**/*.map",
|
|
77
|
+
"!**/*.zip",
|
|
75
78
|
".sinapse-ai/development/templates/**"
|
|
76
79
|
],
|
|
77
80
|
"scripts": {
|
|
@@ -81,7 +84,7 @@
|
|
|
81
84
|
"test": "jest",
|
|
82
85
|
"test:watch": "jest --watch",
|
|
83
86
|
"test:coverage": "jest --coverage",
|
|
84
|
-
"test:health-check": "
|
|
87
|
+
"test:health-check": "jest tests/health-check",
|
|
85
88
|
"eval": "node scripts/eval-runner.js",
|
|
86
89
|
"validate:evals": "node scripts/validate-evals.js",
|
|
87
90
|
"validate:schemas": "node scripts/validate-schemas.js",
|
|
@@ -133,6 +136,7 @@
|
|
|
133
136
|
"sync:squad-yaml": "node scripts/sync-squad-yaml-components.js",
|
|
134
137
|
"validate:squad-yaml": "node scripts/sync-squad-yaml-components.js --check",
|
|
135
138
|
"validate:story-meta": "node scripts/validate-story-meta.js",
|
|
139
|
+
"validate:changelog": "node scripts/validate-changelog-tags.js",
|
|
136
140
|
"validate:squad-orqx": "node scripts/validate-squad-orqx.js",
|
|
137
141
|
"validate:release-readiness": "node scripts/release-readiness.js",
|
|
138
142
|
"manifest:ensure": "node scripts/ensure-manifest.js",
|
|
@@ -211,7 +215,6 @@
|
|
|
211
215
|
"husky": "^9.1.7",
|
|
212
216
|
"jest": "^30.2.0",
|
|
213
217
|
"lint-staged": "^16.1.1",
|
|
214
|
-
"mocha": "^11.7.5",
|
|
215
218
|
"prettier": "^3.5.3",
|
|
216
219
|
"semantic-release": "^25.0.2",
|
|
217
220
|
"typescript": "^5.9.3"
|