sinapse-ai 1.16.0 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/.claude/hooks/doc-first-gate.cjs +156 -0
  2. package/.claude/hooks/enforce-story-gate.cjs +6 -2
  3. package/.claude/rules/hook-governance.md +1 -0
  4. package/.sinapse-ai/constitution.md +1 -1
  5. package/.sinapse-ai/core/atlas/atlas-data.js +278 -0
  6. package/.sinapse-ai/core/atlas/flows-pt.js +253 -0
  7. package/.sinapse-ai/core/atlas/flows.js +266 -0
  8. package/.sinapse-ai/core/atlas/index.js +62 -0
  9. package/.sinapse-ai/core/atlas/render-html.js +216 -0
  10. package/.sinapse-ai/core/atlas/render-markdown.js +313 -0
  11. package/.sinapse-ai/core/atlas/render-research-card.js +164 -0
  12. package/.sinapse-ai/core/orchestration/build-command.js +136 -0
  13. package/.sinapse-ai/core/orchestration/doc-first-resolver.js +322 -0
  14. package/.sinapse-ai/core/orchestration/route-command.js +97 -0
  15. package/.sinapse-ai/data/entity-registry.yaml +59 -14
  16. package/.sinapse-ai/development/agents/snps-orqx.md +9 -0
  17. package/.sinapse-ai/development/tasks/create-doc.md +1 -1
  18. package/.sinapse-ai/development/tasks/create-next-story.md +2 -3
  19. package/.sinapse-ai/development/tasks/spec-gather-requirements.md +11 -0
  20. package/.sinapse-ai/development/templates/approval-table.md +106 -0
  21. package/.sinapse-ai/development/workflows/spec-pipeline.yaml +1 -0
  22. package/.sinapse-ai/install-manifest.yaml +60 -16
  23. package/.sinapse-ai/product/templates/prd-tmpl.yaml +6 -2
  24. package/CHANGELOG.md +18 -2
  25. package/bin/sinapse.js +121 -0
  26. package/docs/framework/atlas/OPERATING-ATLAS.md +537 -0
  27. package/docs/framework/atlas/README.md +34 -0
  28. package/docs/framework/atlas/atlas-data.json +2810 -0
  29. package/docs/framework/atlas/atlas.html +392 -0
  30. package/package.json +1 -1
  31. package/packages/installer/src/wizard/ide-config-generator.js +6 -0
  32. package/scripts/install-chrome-brain.sh +2 -2
  33. package/scripts/validate-no-personal-leaks.js +24 -9
  34. package/squads/squad-copy/knowledge-base/consequence-headline-patterns.md +2 -2
  35. package/docs/guides/hooks-two-layers.md +0 -66
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sinapse-ai",
3
- "version": "1.16.0",
3
+ "version": "1.17.0",
4
4
  "description": "SINAPSE AI: Framework de orquestracao de IA — 17 squads, 172 agentes especializados",
5
5
  "bin": {
6
6
  "sinapse": "bin/sinapse.js",
@@ -539,6 +539,7 @@ async function copyClaudeHooksFolder(projectRoot) {
539
539
  'enforce-architecture-first.cjs',
540
540
  'enforce-delegation.cjs',
541
541
  'enforce-story-gate.cjs',
542
+ 'doc-first-gate.cjs',
542
543
  'enforce-framework-boundary.cjs',
543
544
  'secret-scanning.cjs',
544
545
  'write-path-validation.cjs',
@@ -603,6 +604,11 @@ const HOOK_EVENT_MAP = {
603
604
  matcher: 'Write|Edit',
604
605
  timeout: 5,
605
606
  },
607
+ 'doc-first-gate.cjs': {
608
+ event: 'PreToolUse',
609
+ matcher: 'Write|Edit',
610
+ timeout: 5,
611
+ },
606
612
  // Boundary L1-L4 — protects untouchable framework core when
607
613
  // boundary.frameworkProtection=true (read dynamically from core-config.yaml).
608
614
  'enforce-framework-boundary.cjs': {
@@ -504,8 +504,8 @@ Nao precisa rodar `chrome-debug` manualmente.
504
504
  3. Testar em nova aba → comparar com original → iterar
505
505
 
506
506
  **Casos validados:**
507
- - itsoffbrand.com hero (orb WebGL, parallax, blend-mode) — 15min
508
- - sinapse.club face 3D (Three.js r183, WaltHead.obj, bloom) — 20min
507
+ - Hero com orb WebGL (parallax, blend-mode) — ~15min
508
+ - Cena 3D facial (Three.js, modelo .obj, bloom) — ~20min
509
509
 
510
510
  ### Animacoes 3D via AI
511
511
 
@@ -106,12 +106,14 @@ const BLOCKED_PATTERNS = [
106
106
  {
107
107
  pattern: /C:\\Users\\Caio[ ]?Imori/i,
108
108
  description: 'Absolute Windows path containing maintainer name',
109
- suggestion: 'Use {REPO_ROOT} placeholder or relative paths',
109
+ suggestion: 'Use {REPO_ROOT} placeholder, process.cwd(), or relative paths',
110
+ always: true, // a hardcoded personal path is never acceptable — even in archive/allowlisted files
110
111
  },
111
112
  {
112
113
  pattern: /OneDrive[\\/].*Caio[ ]?Imori/i,
113
114
  description: 'OneDrive path containing maintainer name',
114
115
  suggestion: 'Remove or use {VAULT_ROOT} placeholder',
116
+ always: true, // a personal vault path is never acceptable anywhere
115
117
  },
116
118
  {
117
119
  pattern: /Caio can (reactivate|activate|approve|reject|merge|deploy)/i,
@@ -135,7 +137,15 @@ function isAllowed(filePath) {
135
137
  // real leak. Everything else (framework internals, squad agents, internal
136
138
  // docs) is intentionally OUT of scope.
137
139
  const CONCEPT_FILE_SCOPES = new Set(['README.md', 'docs/getting-started.md']);
138
- const CONCEPT_PREFIX_SCOPES = ['packages/installer/', 'bin/', 'docs/pt/', 'docs/en/'];
140
+ // The atlas SOURCE (hand-authored "how SINAPSE works" flows/renderers) is a
141
+ // public surface and must describe the framework generically — never naming the
142
+ // maintainer's private grounding (Second Brain vault, personal/client DS). Only
143
+ // the source is scoped here, NOT the generated output (docs/framework/atlas/*),
144
+ // which aggregates squad/workflow descriptions that legitimately use generic
145
+ // deliverable terms like "brandbook".
146
+ const CONCEPT_PREFIX_SCOPES = [
147
+ 'packages/installer/', 'bin/', 'docs/pt/', 'docs/en/', '.sinapse-ai/core/atlas/',
148
+ ];
139
149
 
140
150
  function isConceptScoped(filePath) {
141
151
  const normalized = filePath.replace(/\\/g, '/');
@@ -161,9 +171,9 @@ const CONCEPT_PATTERNS = [
161
171
  suggestion: 'Describe generically (e.g. "a session-start grounding hook") — do not name the private mechanism',
162
172
  },
163
173
  {
164
- pattern: /\bsecond-brain\b/i,
165
- description: "Maintainer's private knowledge base (Second-Brain) leaked to user-facing surface",
166
- suggestion: 'Generalize to "external memory source (e.g. an Obsidian vault)"',
174
+ pattern: /\bsecond[ -]brain\b/i,
175
+ description: "Maintainer's private knowledge base (Second Brain) leaked to user-facing surface",
176
+ suggestion: 'Generalize to "knowledge base" / "external memory source" do not name the private vault',
167
177
  },
168
178
  {
169
179
  pattern: /\bbrandbook\b/i,
@@ -244,7 +254,7 @@ function getTrackedFiles() {
244
254
  return out.split('\n').filter(Boolean);
245
255
  }
246
256
 
247
- function scanFile(filePath) {
257
+ function scanFile(filePath, rules = BLOCKED_PATTERNS) {
248
258
  const fullPath = path.join(ROOT, filePath);
249
259
  if (!fs.existsSync(fullPath)) return [];
250
260
  const content = fs.readFileSync(fullPath, 'utf8');
@@ -252,7 +262,7 @@ function scanFile(filePath) {
252
262
  const violations = [];
253
263
  for (let i = 0; i < lines.length; i++) {
254
264
  const line = lines[i];
255
- for (const rule of BLOCKED_PATTERNS) {
265
+ for (const rule of rules) {
256
266
  const match = line.match(rule.pattern);
257
267
  if (match) {
258
268
  violations.push({
@@ -278,9 +288,14 @@ function run() {
278
288
  if (!isTextFile(file)) continue;
279
289
 
280
290
  // CHECK 1 — operational personal references ("Caio" literals, paths).
281
- // Scanned across the whole tree except the autorship/history allow-list.
291
+ // `always` patterns (hardcoded personal/vault paths) are checked on EVERY
292
+ // file — they are never acceptable, not even in archive/allowlisted docs.
293
+ // The remaining patterns are scanned across the tree except the
294
+ // authorship/history allow-list.
295
+ const alwaysRules = BLOCKED_PATTERNS.filter((r) => r.always);
296
+ allViolations.push(...scanFile(file, alwaysRules));
282
297
  if (!isAllowed(file)) {
283
- allViolations.push(...scanFile(file));
298
+ allViolations.push(...scanFile(file, BLOCKED_PATTERNS.filter((r) => !r.always)));
284
299
  }
285
300
 
286
301
  // CHECK 2 — conceptual / business leaks, scoped ONLY to user-facing
@@ -43,7 +43,7 @@ Quem entender antes, captura a vantagem. Cria urgencia sem ser explicitamente ur
43
43
  - "...enquanto a maioria ainda nao percebeu"
44
44
  - "...e por que os que entenderam primeiro nao voltam atras"
45
45
 
46
- ## Padroes de Hook para Social (Soier-inspired)
46
+ ## Padroes de Hook para Social
47
47
 
48
48
  ### Para conteudo curto (Reels, Stories, Carrossel)
49
49
 
@@ -55,7 +55,7 @@ Quem entender antes, captura a vantagem. Cria urgencia sem ser explicitamente ur
55
55
  | **Mini-alerta** | "Se voce ainda faz [X] manualmente, leia isso." | Urgencia pratica |
56
56
  | **Numero concreto** | "Reduzi 40h/mes de operacao para 6h com este workflow." | Prova quantificavel |
57
57
 
58
- ### Regras de compressao (Soier-inspired)
58
+ ### Regras de compressao
59
59
 
60
60
  - **Uma ideia por peca** — se precisa de "alem disso", e outra peca
61
61
  - **Hook entendido em 2 segundos** — se precisa reler, e longo demais
@@ -1,66 +0,0 @@
1
- # Hooks: arquitetura de duas camadas
2
-
3
- O SINAPSE-AI tem hooks em dois lugares distintos. Isso é proposital, não bug. Esta nota documenta a separação pra evitar confusão futura (auditoria 2026-05-25 BUG-013).
4
-
5
- ## Camada 1: hooks globais do user (`~/.claude/hooks/`)
6
-
7
- **Escopo:** Toda sessão Claude Code do Caio, em qualquer projeto.
8
-
9
- **18 hooks .cjs:**
10
-
11
- | Hook | Evento | Função |
12
- |---|---|---|
13
- | `unified-grounding.cjs` | UserPromptSubmit | Único entry point. Funde 4 geradores: vault-grounding, ds-grounding, build-best-practices, squad-grounding |
14
- | `vault-grounding.cjs` | gerador (chamado por unified) | Injeta notas do Second Brain por domínio |
15
- | `ds-anti-pattern-guard.cjs` | PostToolUse | Bloqueia Write/Edit com violações DS (C1-C9) |
16
- | `build-best-practices.cjs` | gerador | Injeta playbook de construção do Caio |
17
- | `squad-grounding-router.cjs` | gerador | Detecta squad ativo, injeta DS relacionado |
18
- | `workspace-routing.cjs` | PreToolUse Bash | Reescreve mkdir/git init fora do Workspace pra path canônico |
19
- | `vault-project-register.cjs` | PostToolUse Bash | Registra projeto novo no vault |
20
- | `session-capture.cjs` + `session-capture-worker.cjs` | SessionStart/End | Captura sessões pro cronjob 2:30 BRT enrichment |
21
- | `auto-checkpoint.cjs` | UserPromptSubmit | Cria checkpoints periódicos |
22
- | `precompact-session-digest.cjs` | PreCompact | Resume sessão antes de compactar |
23
- | `code-intel-pretool.cjs` | PreToolUse | Code intelligence prep |
24
- | `healthcheck.cjs` | manual | Diagnostico setup |
25
- | `repair.cjs` | manual | Auto-fix problemas |
26
- | `synapse-engine.cjs` | UserPromptSubmit (subset) | Motor synapse legacy |
27
- | `terminal-bus.cjs` | UserPromptSubmit | Cross-terminal messaging |
28
-
29
- **Registrados em `~/.claude/settings.json`:** unified-grounding, session-capture, auto-checkpoint, workspace-routing, vault-project-register, ds-anti-pattern-guard, build-best-practices, chrome-ensure, chrome-brain-log.
30
-
31
- **Não-registrados (presentes mas sem entry em settings):** code-intel-pretool, healthcheck, repair, precompact-session-digest, synapse-engine. Estes são executados manualmente ou via fluxo específico.
32
-
33
- ## Camada 2: hooks do framework (`<repo>/.claude/hooks/`)
34
-
35
- **Escopo:** Apenas quando Claude Code está rodando dentro de um repo SINAPSE-AI.
36
-
37
- **Hooks principais:**
38
-
39
- | Hook | Evento | Função |
40
- |---|---|---|
41
- | `enforce-architecture-first.cjs` | UserPromptSubmit | Bloqueia geração de código sem arquitetura validada |
42
- | `enforce-delegation.cjs` | UserPromptSubmit | Força orchestrators a delegar pra specialists |
43
- | `enforce-nsn-guard.cjs` | UserPromptSubmit | NSN mode: bloqueia "não dá pra fazer" sem 3 tentativas |
44
- | `enforce-story-gate.cjs` | UserPromptSubmit | Bloqueia código sem story Ready |
45
- | `secret-scanning.cjs` | PreToolUse | Detecta secrets em arquivos antes de commit |
46
- | `ids-hook.cjs` | PreToolUse | Mantém install-manifest.yaml sincronizado |
47
-
48
- **Por que separados:** rules do framework (documentation-first, mandatory-delegation, workflow-execution) só fazem sentido dentro de um repo SINAPSE-AI. Aplicar globalmente em todo projeto pequeno seria over-engineering.
49
-
50
- ## Como decidir onde colocar um hook novo
51
-
52
- | Hook deve rodar em... | Lugar |
53
- |---|---|
54
- | Toda sessão do Caio, qualquer projeto | `~/.claude/hooks/` |
55
- | Apenas dentro de repos SINAPSE-AI | `<repo>/.claude/hooks/` |
56
- | Toda sessão MAS com config diferente por projeto | `~/.claude/hooks/` + lê config local (`.claude/config.json` do projeto) |
57
-
58
- ## Não duplicar
59
-
60
- Se um hook precisa rodar em ambas as camadas, criar em uma e o outro lugar **carrega** o primeiro. Não copy-paste. Exemplo: workspace-routing vive em `~/.claude/hooks/` e qualquer projeto que precisar usa via reference.
61
-
62
- ## Refs
63
-
64
- - `~/.claude/settings.json` — registro dos hooks globais
65
- - `<repo>/.claude/settings.json` — registro dos hooks do framework
66
- - Auditoria que gerou esta nota: `docs/audits/2026-05-25-framework-gargalos-audit.md` (BUG-013)