sinapse-ai 1.16.0 → 1.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/hooks/doc-first-gate.cjs +156 -0
- package/.claude/hooks/enforce-story-gate.cjs +6 -2
- package/.claude/rules/hook-governance.md +1 -0
- package/.sinapse-ai/constitution.md +1 -1
- package/.sinapse-ai/core/atlas/atlas-data.js +278 -0
- package/.sinapse-ai/core/atlas/flows-pt.js +253 -0
- package/.sinapse-ai/core/atlas/flows.js +266 -0
- package/.sinapse-ai/core/atlas/index.js +62 -0
- package/.sinapse-ai/core/atlas/render-html.js +216 -0
- package/.sinapse-ai/core/atlas/render-markdown.js +313 -0
- package/.sinapse-ai/core/atlas/render-research-card.js +164 -0
- package/.sinapse-ai/core/orchestration/build-command.js +136 -0
- package/.sinapse-ai/core/orchestration/doc-first-resolver.js +322 -0
- package/.sinapse-ai/core/orchestration/route-command.js +97 -0
- package/.sinapse-ai/data/entity-registry.yaml +59 -14
- package/.sinapse-ai/development/agents/snps-orqx.md +9 -0
- package/.sinapse-ai/development/tasks/create-doc.md +1 -1
- package/.sinapse-ai/development/tasks/create-next-story.md +2 -3
- package/.sinapse-ai/development/tasks/spec-gather-requirements.md +11 -0
- package/.sinapse-ai/development/templates/approval-table.md +106 -0
- package/.sinapse-ai/development/workflows/spec-pipeline.yaml +1 -0
- package/.sinapse-ai/install-manifest.yaml +60 -16
- package/.sinapse-ai/product/templates/prd-tmpl.yaml +6 -2
- package/CHANGELOG.md +18 -2
- package/bin/sinapse.js +121 -0
- package/docs/framework/atlas/OPERATING-ATLAS.md +537 -0
- package/docs/framework/atlas/README.md +34 -0
- package/docs/framework/atlas/atlas-data.json +2810 -0
- package/docs/framework/atlas/atlas.html +392 -0
- package/package.json +1 -1
- package/packages/installer/src/wizard/ide-config-generator.js +6 -0
- package/scripts/install-chrome-brain.sh +2 -2
- package/scripts/validate-no-personal-leaks.js +24 -9
- package/squads/squad-copy/knowledge-base/consequence-headline-patterns.md +2 -2
- package/docs/guides/hooks-two-layers.md +0 -66
package/package.json
CHANGED
|
@@ -539,6 +539,7 @@ async function copyClaudeHooksFolder(projectRoot) {
|
|
|
539
539
|
'enforce-architecture-first.cjs',
|
|
540
540
|
'enforce-delegation.cjs',
|
|
541
541
|
'enforce-story-gate.cjs',
|
|
542
|
+
'doc-first-gate.cjs',
|
|
542
543
|
'enforce-framework-boundary.cjs',
|
|
543
544
|
'secret-scanning.cjs',
|
|
544
545
|
'write-path-validation.cjs',
|
|
@@ -603,6 +604,11 @@ const HOOK_EVENT_MAP = {
|
|
|
603
604
|
matcher: 'Write|Edit',
|
|
604
605
|
timeout: 5,
|
|
605
606
|
},
|
|
607
|
+
'doc-first-gate.cjs': {
|
|
608
|
+
event: 'PreToolUse',
|
|
609
|
+
matcher: 'Write|Edit',
|
|
610
|
+
timeout: 5,
|
|
611
|
+
},
|
|
606
612
|
// Boundary L1-L4 — protects untouchable framework core when
|
|
607
613
|
// boundary.frameworkProtection=true (read dynamically from core-config.yaml).
|
|
608
614
|
'enforce-framework-boundary.cjs': {
|
|
@@ -504,8 +504,8 @@ Nao precisa rodar `chrome-debug` manualmente.
|
|
|
504
504
|
3. Testar em nova aba → comparar com original → iterar
|
|
505
505
|
|
|
506
506
|
**Casos validados:**
|
|
507
|
-
-
|
|
508
|
-
-
|
|
507
|
+
- Hero com orb WebGL (parallax, blend-mode) — ~15min
|
|
508
|
+
- Cena 3D facial (Three.js, modelo .obj, bloom) — ~20min
|
|
509
509
|
|
|
510
510
|
### Animacoes 3D via AI
|
|
511
511
|
|
|
@@ -106,12 +106,14 @@ const BLOCKED_PATTERNS = [
|
|
|
106
106
|
{
|
|
107
107
|
pattern: /C:\\Users\\Caio[ ]?Imori/i,
|
|
108
108
|
description: 'Absolute Windows path containing maintainer name',
|
|
109
|
-
suggestion: 'Use {REPO_ROOT} placeholder or relative paths',
|
|
109
|
+
suggestion: 'Use {REPO_ROOT} placeholder, process.cwd(), or relative paths',
|
|
110
|
+
always: true, // a hardcoded personal path is never acceptable — even in archive/allowlisted files
|
|
110
111
|
},
|
|
111
112
|
{
|
|
112
113
|
pattern: /OneDrive[\\/].*Caio[ ]?Imori/i,
|
|
113
114
|
description: 'OneDrive path containing maintainer name',
|
|
114
115
|
suggestion: 'Remove or use {VAULT_ROOT} placeholder',
|
|
116
|
+
always: true, // a personal vault path is never acceptable anywhere
|
|
115
117
|
},
|
|
116
118
|
{
|
|
117
119
|
pattern: /Caio can (reactivate|activate|approve|reject|merge|deploy)/i,
|
|
@@ -135,7 +137,15 @@ function isAllowed(filePath) {
|
|
|
135
137
|
// real leak. Everything else (framework internals, squad agents, internal
|
|
136
138
|
// docs) is intentionally OUT of scope.
|
|
137
139
|
const CONCEPT_FILE_SCOPES = new Set(['README.md', 'docs/getting-started.md']);
|
|
138
|
-
|
|
140
|
+
// The atlas SOURCE (hand-authored "how SINAPSE works" flows/renderers) is a
|
|
141
|
+
// public surface and must describe the framework generically — never naming the
|
|
142
|
+
// maintainer's private grounding (Second Brain vault, personal/client DS). Only
|
|
143
|
+
// the source is scoped here, NOT the generated output (docs/framework/atlas/*),
|
|
144
|
+
// which aggregates squad/workflow descriptions that legitimately use generic
|
|
145
|
+
// deliverable terms like "brandbook".
|
|
146
|
+
const CONCEPT_PREFIX_SCOPES = [
|
|
147
|
+
'packages/installer/', 'bin/', 'docs/pt/', 'docs/en/', '.sinapse-ai/core/atlas/',
|
|
148
|
+
];
|
|
139
149
|
|
|
140
150
|
function isConceptScoped(filePath) {
|
|
141
151
|
const normalized = filePath.replace(/\\/g, '/');
|
|
@@ -161,9 +171,9 @@ const CONCEPT_PATTERNS = [
|
|
|
161
171
|
suggestion: 'Describe generically (e.g. "a session-start grounding hook") — do not name the private mechanism',
|
|
162
172
|
},
|
|
163
173
|
{
|
|
164
|
-
pattern: /\bsecond-brain\b/i,
|
|
165
|
-
description: "Maintainer's private knowledge base (Second
|
|
166
|
-
suggestion: 'Generalize to "external memory source
|
|
174
|
+
pattern: /\bsecond[ -]brain\b/i,
|
|
175
|
+
description: "Maintainer's private knowledge base (Second Brain) leaked to user-facing surface",
|
|
176
|
+
suggestion: 'Generalize to "knowledge base" / "external memory source" — do not name the private vault',
|
|
167
177
|
},
|
|
168
178
|
{
|
|
169
179
|
pattern: /\bbrandbook\b/i,
|
|
@@ -244,7 +254,7 @@ function getTrackedFiles() {
|
|
|
244
254
|
return out.split('\n').filter(Boolean);
|
|
245
255
|
}
|
|
246
256
|
|
|
247
|
-
function scanFile(filePath) {
|
|
257
|
+
function scanFile(filePath, rules = BLOCKED_PATTERNS) {
|
|
248
258
|
const fullPath = path.join(ROOT, filePath);
|
|
249
259
|
if (!fs.existsSync(fullPath)) return [];
|
|
250
260
|
const content = fs.readFileSync(fullPath, 'utf8');
|
|
@@ -252,7 +262,7 @@ function scanFile(filePath) {
|
|
|
252
262
|
const violations = [];
|
|
253
263
|
for (let i = 0; i < lines.length; i++) {
|
|
254
264
|
const line = lines[i];
|
|
255
|
-
for (const rule of
|
|
265
|
+
for (const rule of rules) {
|
|
256
266
|
const match = line.match(rule.pattern);
|
|
257
267
|
if (match) {
|
|
258
268
|
violations.push({
|
|
@@ -278,9 +288,14 @@ function run() {
|
|
|
278
288
|
if (!isTextFile(file)) continue;
|
|
279
289
|
|
|
280
290
|
// CHECK 1 — operational personal references ("Caio" literals, paths).
|
|
281
|
-
//
|
|
291
|
+
// `always` patterns (hardcoded personal/vault paths) are checked on EVERY
|
|
292
|
+
// file — they are never acceptable, not even in archive/allowlisted docs.
|
|
293
|
+
// The remaining patterns are scanned across the tree except the
|
|
294
|
+
// authorship/history allow-list.
|
|
295
|
+
const alwaysRules = BLOCKED_PATTERNS.filter((r) => r.always);
|
|
296
|
+
allViolations.push(...scanFile(file, alwaysRules));
|
|
282
297
|
if (!isAllowed(file)) {
|
|
283
|
-
allViolations.push(...scanFile(file));
|
|
298
|
+
allViolations.push(...scanFile(file, BLOCKED_PATTERNS.filter((r) => !r.always)));
|
|
284
299
|
}
|
|
285
300
|
|
|
286
301
|
// CHECK 2 — conceptual / business leaks, scoped ONLY to user-facing
|
|
@@ -43,7 +43,7 @@ Quem entender antes, captura a vantagem. Cria urgencia sem ser explicitamente ur
|
|
|
43
43
|
- "...enquanto a maioria ainda nao percebeu"
|
|
44
44
|
- "...e por que os que entenderam primeiro nao voltam atras"
|
|
45
45
|
|
|
46
|
-
## Padroes de Hook para Social
|
|
46
|
+
## Padroes de Hook para Social
|
|
47
47
|
|
|
48
48
|
### Para conteudo curto (Reels, Stories, Carrossel)
|
|
49
49
|
|
|
@@ -55,7 +55,7 @@ Quem entender antes, captura a vantagem. Cria urgencia sem ser explicitamente ur
|
|
|
55
55
|
| **Mini-alerta** | "Se voce ainda faz [X] manualmente, leia isso." | Urgencia pratica |
|
|
56
56
|
| **Numero concreto** | "Reduzi 40h/mes de operacao para 6h com este workflow." | Prova quantificavel |
|
|
57
57
|
|
|
58
|
-
### Regras de compressao
|
|
58
|
+
### Regras de compressao
|
|
59
59
|
|
|
60
60
|
- **Uma ideia por peca** — se precisa de "alem disso", e outra peca
|
|
61
61
|
- **Hook entendido em 2 segundos** — se precisa reler, e longo demais
|
|
@@ -1,66 +0,0 @@
|
|
|
1
|
-
# Hooks: arquitetura de duas camadas
|
|
2
|
-
|
|
3
|
-
O SINAPSE-AI tem hooks em dois lugares distintos. Isso é proposital, não bug. Esta nota documenta a separação pra evitar confusão futura (auditoria 2026-05-25 BUG-013).
|
|
4
|
-
|
|
5
|
-
## Camada 1: hooks globais do user (`~/.claude/hooks/`)
|
|
6
|
-
|
|
7
|
-
**Escopo:** Toda sessão Claude Code do Caio, em qualquer projeto.
|
|
8
|
-
|
|
9
|
-
**18 hooks .cjs:**
|
|
10
|
-
|
|
11
|
-
| Hook | Evento | Função |
|
|
12
|
-
|---|---|---|
|
|
13
|
-
| `unified-grounding.cjs` | UserPromptSubmit | Único entry point. Funde 4 geradores: vault-grounding, ds-grounding, build-best-practices, squad-grounding |
|
|
14
|
-
| `vault-grounding.cjs` | gerador (chamado por unified) | Injeta notas do Second Brain por domínio |
|
|
15
|
-
| `ds-anti-pattern-guard.cjs` | PostToolUse | Bloqueia Write/Edit com violações DS (C1-C9) |
|
|
16
|
-
| `build-best-practices.cjs` | gerador | Injeta playbook de construção do Caio |
|
|
17
|
-
| `squad-grounding-router.cjs` | gerador | Detecta squad ativo, injeta DS relacionado |
|
|
18
|
-
| `workspace-routing.cjs` | PreToolUse Bash | Reescreve mkdir/git init fora do Workspace pra path canônico |
|
|
19
|
-
| `vault-project-register.cjs` | PostToolUse Bash | Registra projeto novo no vault |
|
|
20
|
-
| `session-capture.cjs` + `session-capture-worker.cjs` | SessionStart/End | Captura sessões pro cronjob 2:30 BRT enrichment |
|
|
21
|
-
| `auto-checkpoint.cjs` | UserPromptSubmit | Cria checkpoints periódicos |
|
|
22
|
-
| `precompact-session-digest.cjs` | PreCompact | Resume sessão antes de compactar |
|
|
23
|
-
| `code-intel-pretool.cjs` | PreToolUse | Code intelligence prep |
|
|
24
|
-
| `healthcheck.cjs` | manual | Diagnostico setup |
|
|
25
|
-
| `repair.cjs` | manual | Auto-fix problemas |
|
|
26
|
-
| `synapse-engine.cjs` | UserPromptSubmit (subset) | Motor synapse legacy |
|
|
27
|
-
| `terminal-bus.cjs` | UserPromptSubmit | Cross-terminal messaging |
|
|
28
|
-
|
|
29
|
-
**Registrados em `~/.claude/settings.json`:** unified-grounding, session-capture, auto-checkpoint, workspace-routing, vault-project-register, ds-anti-pattern-guard, build-best-practices, chrome-ensure, chrome-brain-log.
|
|
30
|
-
|
|
31
|
-
**Não-registrados (presentes mas sem entry em settings):** code-intel-pretool, healthcheck, repair, precompact-session-digest, synapse-engine. Estes são executados manualmente ou via fluxo específico.
|
|
32
|
-
|
|
33
|
-
## Camada 2: hooks do framework (`<repo>/.claude/hooks/`)
|
|
34
|
-
|
|
35
|
-
**Escopo:** Apenas quando Claude Code está rodando dentro de um repo SINAPSE-AI.
|
|
36
|
-
|
|
37
|
-
**Hooks principais:**
|
|
38
|
-
|
|
39
|
-
| Hook | Evento | Função |
|
|
40
|
-
|---|---|---|
|
|
41
|
-
| `enforce-architecture-first.cjs` | UserPromptSubmit | Bloqueia geração de código sem arquitetura validada |
|
|
42
|
-
| `enforce-delegation.cjs` | UserPromptSubmit | Força orchestrators a delegar pra specialists |
|
|
43
|
-
| `enforce-nsn-guard.cjs` | UserPromptSubmit | NSN mode: bloqueia "não dá pra fazer" sem 3 tentativas |
|
|
44
|
-
| `enforce-story-gate.cjs` | UserPromptSubmit | Bloqueia código sem story Ready |
|
|
45
|
-
| `secret-scanning.cjs` | PreToolUse | Detecta secrets em arquivos antes de commit |
|
|
46
|
-
| `ids-hook.cjs` | PreToolUse | Mantém install-manifest.yaml sincronizado |
|
|
47
|
-
|
|
48
|
-
**Por que separados:** rules do framework (documentation-first, mandatory-delegation, workflow-execution) só fazem sentido dentro de um repo SINAPSE-AI. Aplicar globalmente em todo projeto pequeno seria over-engineering.
|
|
49
|
-
|
|
50
|
-
## Como decidir onde colocar um hook novo
|
|
51
|
-
|
|
52
|
-
| Hook deve rodar em... | Lugar |
|
|
53
|
-
|---|---|
|
|
54
|
-
| Toda sessão do Caio, qualquer projeto | `~/.claude/hooks/` |
|
|
55
|
-
| Apenas dentro de repos SINAPSE-AI | `<repo>/.claude/hooks/` |
|
|
56
|
-
| Toda sessão MAS com config diferente por projeto | `~/.claude/hooks/` + lê config local (`.claude/config.json` do projeto) |
|
|
57
|
-
|
|
58
|
-
## Não duplicar
|
|
59
|
-
|
|
60
|
-
Se um hook precisa rodar em ambas as camadas, criar em uma e o outro lugar **carrega** o primeiro. Não copy-paste. Exemplo: workspace-routing vive em `~/.claude/hooks/` e qualquer projeto que precisar usa via reference.
|
|
61
|
-
|
|
62
|
-
## Refs
|
|
63
|
-
|
|
64
|
-
- `~/.claude/settings.json` — registro dos hooks globais
|
|
65
|
-
- `<repo>/.claude/settings.json` — registro dos hooks do framework
|
|
66
|
-
- Auditoria que gerou esta nota: `docs/audits/2026-05-25-framework-gargalos-audit.md` (BUG-013)
|