sinapse-ai 1.8.0 → 1.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (361) hide show
  1. package/.claude/hooks/mind-clone-governance.py +212 -212
  2. package/.claude/hooks/read-protection.py +152 -152
  3. package/.claude/hooks/slug-validation.py +175 -175
  4. package/.claude/hooks/sql-governance.py +183 -183
  5. package/.claude/rules/documentation-first.md +1 -1
  6. package/.claude/rules/hook-governance.md +1 -1
  7. package/.claude/rules/mandatory-delegation.md +1 -1
  8. package/.claude/rules/project-intelligence.md +1 -1
  9. package/.codex/agents/analyst.md +4 -371
  10. package/.codex/agents/animations-orqx.md +4 -57
  11. package/.codex/agents/architect.md +4 -560
  12. package/.codex/agents/brand-orqx.md +4 -95
  13. package/.codex/agents/claude-mastery-chief.md +4 -0
  14. package/.codex/agents/cloning-orqx.md +4 -70
  15. package/.codex/agents/commercial-orqx.md +4 -67
  16. package/.codex/agents/config-engineer.md +2 -2
  17. package/.codex/agents/content-orqx.md +4 -77
  18. package/.codex/agents/copy-orqx.md +4 -65
  19. package/.codex/agents/cost-optimizer.md +4 -0
  20. package/.codex/agents/council-orqx.md +4 -68
  21. package/.codex/agents/courses-orqx.md +4 -64
  22. package/.codex/agents/cro-persuasion.md +4 -0
  23. package/.codex/agents/cyber-orqx.md +4 -67
  24. package/.codex/agents/data-engineer.md +4 -542
  25. package/.codex/agents/design-orqx.md +4 -65
  26. package/.codex/agents/design-system.md +4 -210
  27. package/.codex/agents/developer.md +4 -666
  28. package/.codex/agents/devops.md +4 -668
  29. package/.codex/agents/finance-orqx.md +4 -57
  30. package/.codex/agents/fiscal-compliance-br.md +4 -0
  31. package/.codex/agents/forecast-strategist.md +4 -0
  32. package/.codex/agents/growth-orqx.md +4 -75
  33. package/.codex/agents/hooks-architect.md +2 -2
  34. package/.codex/agents/mcp-integrator.md +2 -2
  35. package/.codex/agents/paidmedia-orqx.md +4 -67
  36. package/.codex/agents/platform-aesthetic-director.md +4 -0
  37. package/.codex/agents/premium-packaging-strategist.md +4 -0
  38. package/.codex/agents/product-lead.md +4 -371
  39. package/.codex/agents/product-orqx.md +4 -57
  40. package/.codex/agents/product-surface-director.md +4 -0
  41. package/.codex/agents/project-integrator.md +2 -2
  42. package/.codex/agents/project-lead.md +4 -414
  43. package/.codex/agents/quality-gate.md +4 -547
  44. package/.codex/agents/research-orqx.md +4 -67
  45. package/.codex/agents/roadmap-sentinel.md +2 -2
  46. package/.codex/agents/skill-craftsman.md +2 -2
  47. package/.codex/agents/snps-orqx.md +4 -684
  48. package/.codex/agents/sop-extractor.md +4 -61
  49. package/.codex/agents/sprint-lead.md +4 -324
  50. package/.codex/agents/squad-creator.md +4 -402
  51. package/.codex/agents/storytelling-orqx.md +4 -65
  52. package/.codex/agents/swarm-orqx.md +4 -64
  53. package/.codex/agents/ux-design-expert.md +4 -532
  54. package/.codex/agents/ux-designer.md +4 -124
  55. package/.codex/command-registry.json +9 -9
  56. package/.codex/delegation-matrix.json +375 -839
  57. package/.codex/delegation-parity.json +658 -0
  58. package/.codex/handoff-packet.parity.schema.json +148 -0
  59. package/.codex/handoff-packet.template.json +26 -0
  60. package/.codex/instructions.md +8 -8
  61. package/.codex/scripts/resolve-codex-agent.js +482 -0
  62. package/.codex/scripts/resolve-codex-command.js +75 -12
  63. package/.codex/scripts/resolve-codex-delegation.js +131 -92
  64. package/.codex/skills/sinapse-claude/SKILL.md +3 -3
  65. package/.codex/skills/sinapse-po/SKILL.md +1 -1
  66. package/.codex/tasks/resolve-sinapse-conflict.md +1 -1
  67. package/.sinapse-ai/constitution.md +5 -5
  68. package/.sinapse-ai/core/doctor/checks/git-hooks.js +163 -19
  69. package/.sinapse-ai/core/events/dashboard-emitter.js +30 -9
  70. package/.sinapse-ai/core/execution/subagent-dispatcher.js +1 -1
  71. package/.sinapse-ai/core/synapse/engine.js +15 -0
  72. package/.sinapse-ai/core/ui/observability-panel.js +240 -0
  73. package/.sinapse-ai/core-config.yaml +0 -20
  74. package/.sinapse-ai/data/entity-registry.yaml +185 -236
  75. package/.sinapse-ai/development/agents/snps-orqx.md +16 -26
  76. package/.sinapse-ai/development/tasks/build-autonomous.md +11 -1
  77. package/.sinapse-ai/development/tasks/build-resume.md +8 -0
  78. package/.sinapse-ai/development/tasks/build-status.md +8 -0
  79. package/.sinapse-ai/development/tasks/build.md +8 -0
  80. package/.sinapse-ai/development/tasks/cleanup-worktrees.md +8 -1
  81. package/.sinapse-ai/development/tasks/gotcha.md +8 -0
  82. package/.sinapse-ai/development/tasks/gotchas.md +8 -0
  83. package/.sinapse-ai/development/tasks/ids-health.md +14 -6
  84. package/.sinapse-ai/development/tasks/list-mcps.md +15 -0
  85. package/.sinapse-ai/development/tasks/merge-worktree.md +8 -1
  86. package/.sinapse-ai/development/tasks/qa-review-build.md +18 -0
  87. package/.sinapse-ai/development/tasks/remove-mcp.md +8 -1
  88. package/.sinapse-ai/development/tasks/validate-agents.md +26 -14
  89. package/.sinapse-ai/development/templates/service-template/README.md.hbs +159 -159
  90. package/.sinapse-ai/development/templates/service-template/__tests__/index.test.ts.hbs +238 -238
  91. package/.sinapse-ai/development/templates/service-template/client.ts.hbs +404 -404
  92. package/.sinapse-ai/development/templates/service-template/errors.ts.hbs +183 -183
  93. package/.sinapse-ai/development/templates/service-template/index.ts.hbs +121 -121
  94. package/.sinapse-ai/development/templates/service-template/package.json.hbs +88 -88
  95. package/.sinapse-ai/development/templates/service-template/types.ts.hbs +146 -146
  96. package/.sinapse-ai/development/templates/squad-template/LICENSE +22 -22
  97. package/.sinapse-ai/git-hooks/lib/framework-guard.js +258 -0
  98. package/.sinapse-ai/git-hooks/lib/secret-scanner-core.js +355 -0
  99. package/.sinapse-ai/git-hooks/lib/staged-secret-scan.js +179 -0
  100. package/.sinapse-ai/git-hooks/lib/staged-sql-guard.js +204 -0
  101. package/.sinapse-ai/git-hooks/post-commit +28 -0
  102. package/.sinapse-ai/git-hooks/pre-commit +81 -0
  103. package/.sinapse-ai/git-hooks/pre-push +83 -0
  104. package/.sinapse-ai/hooks/ids-post-commit.js +13 -11
  105. package/.sinapse-ai/hooks/ids-pre-push.js +9 -7
  106. package/.sinapse-ai/infrastructure/scripts/codex-parity/resolve.js +161 -0
  107. package/.sinapse-ai/infrastructure/scripts/dashboard-status-writer.js +6 -2
  108. package/.sinapse-ai/infrastructure/scripts/ide-sync/index.js +65 -68
  109. package/.sinapse-ai/infrastructure/scripts/sync-codex-local-first.js +156 -1
  110. package/.sinapse-ai/infrastructure/scripts/validate-codex-delegation.js +1 -4
  111. package/.sinapse-ai/infrastructure/scripts/validate-codex-integration.js +41 -5
  112. package/.sinapse-ai/infrastructure/templates/coderabbit.yaml.template +280 -280
  113. package/.sinapse-ai/infrastructure/templates/config/env.example +16 -16
  114. package/.sinapse-ai/infrastructure/templates/config/gitignore-additions.tmpl +59 -59
  115. package/.sinapse-ai/infrastructure/templates/github/CODEOWNERS.template +12 -12
  116. package/.sinapse-ai/infrastructure/templates/github-workflows/ci.yml.template +170 -170
  117. package/.sinapse-ai/infrastructure/templates/github-workflows/pr-automation.yml.template +331 -331
  118. package/.sinapse-ai/infrastructure/templates/github-workflows/release.yml.template +197 -197
  119. package/.sinapse-ai/infrastructure/templates/gitignore/gitignore-brownfield-merge.tmpl +19 -19
  120. package/.sinapse-ai/infrastructure/templates/gitignore/gitignore-node.tmpl +86 -86
  121. package/.sinapse-ai/infrastructure/templates/gitignore/gitignore-python.tmpl +146 -146
  122. package/.sinapse-ai/infrastructure/templates/gitignore/gitignore-sinapse-base.tmpl +64 -64
  123. package/.sinapse-ai/infrastructure/templates/safe-collab/CODEOWNERS.template +16 -16
  124. package/.sinapse-ai/infrastructure/templates/sinapse-sync.yaml.template +183 -183
  125. package/.sinapse-ai/install-manifest.yaml +112 -164
  126. package/.sinapse-ai/local-config.yaml.template +65 -65
  127. package/.sinapse-ai/product/templates/adr.hbs +126 -126
  128. package/.sinapse-ai/product/templates/dbdr.hbs +242 -242
  129. package/.sinapse-ai/product/templates/epic.hbs +213 -213
  130. package/.sinapse-ai/product/templates/ide-rules/codex-rules.md +30 -0
  131. package/.sinapse-ai/product/templates/pmdr.hbs +187 -187
  132. package/.sinapse-ai/product/templates/prd-v2.0.hbs +217 -217
  133. package/.sinapse-ai/product/templates/prd.hbs +202 -202
  134. package/.sinapse-ai/product/templates/statusline/statusline-script.js +31 -8
  135. package/.sinapse-ai/product/templates/statusline/track-agent-clear.cjs +79 -0
  136. package/.sinapse-ai/product/templates/statusline/track-agent.cjs +218 -0
  137. package/.sinapse-ai/product/templates/story.hbs +264 -264
  138. package/.sinapse-ai/product/templates/task.hbs +171 -171
  139. package/.sinapse-ai/product/templates/tmpl-comment-on-examples.sql +159 -159
  140. package/.sinapse-ai/product/templates/tmpl-migration-script.sql +92 -92
  141. package/.sinapse-ai/product/templates/tmpl-rls-granular-policies.sql +105 -105
  142. package/.sinapse-ai/product/templates/tmpl-rls-kiss-policy.sql +11 -11
  143. package/.sinapse-ai/product/templates/tmpl-rls-roles.sql +136 -136
  144. package/.sinapse-ai/product/templates/tmpl-rls-simple.sql +78 -78
  145. package/.sinapse-ai/product/templates/tmpl-rls-tenant.sql +153 -153
  146. package/.sinapse-ai/product/templates/tmpl-rollback-script.sql +78 -78
  147. package/.sinapse-ai/product/templates/tmpl-seed-data.sql +141 -141
  148. package/.sinapse-ai/product/templates/tmpl-smoke-test.sql +17 -17
  149. package/.sinapse-ai/product/templates/tmpl-staging-copy-merge.sql +140 -140
  150. package/.sinapse-ai/product/templates/tmpl-stored-proc.sql +141 -141
  151. package/.sinapse-ai/product/templates/tmpl-trigger.sql +153 -153
  152. package/.sinapse-ai/product/templates/tmpl-view-materialized.sql +134 -134
  153. package/.sinapse-ai/product/templates/tmpl-view.sql +178 -178
  154. package/AGENTS.md +193 -0
  155. package/CHANGELOG.md +1247 -0
  156. package/LICENSE +63 -63
  157. package/README.en.md +17 -18
  158. package/README.md +18 -19
  159. package/bin/cli.js +1 -1
  160. package/bin/commands/install.js +194 -22
  161. package/bin/commands/status.js +14 -1
  162. package/bin/commands/uninstall.js +2 -2
  163. package/bin/commands/update.js +52 -0
  164. package/bin/lib/setup-statusline.js +191 -0
  165. package/bin/sinapse-init.js +11 -83
  166. package/bin/utils/framework-guard.js +17 -4
  167. package/bin/utils/secret-scanner-core.js +109 -7
  168. package/bin/utils/staged-sql-guard.js +204 -0
  169. package/bin/utils/validate-publish.js +63 -0
  170. package/docs/agent-reference-guide.md +5 -7
  171. package/docs/framework/agent-prefix-convention.md +58 -0
  172. package/docs/framework/architecture-overview.md +4 -4
  173. package/docs/framework/collaboration-activation.md +45 -0
  174. package/docs/framework/guiding-principles.md +9 -9
  175. package/docs/getting-started.md +1 -1
  176. package/docs/guides/agent-reference.md +1 -1
  177. package/docs/guides/codex-config.md +4 -5
  178. package/docs/pt/architecture/sub-orqx-pattern.md +20 -18
  179. package/docs/security/overview.md +1 -1
  180. package/package.json +16 -12
  181. package/packages/installer/src/index.js +26 -0
  182. package/packages/installer/src/installer/git-hooks-installer.js +211 -47
  183. package/packages/installer/src/installer/sinapse-ai-installer.js +71 -0
  184. package/packages/installer/src/wizard/feedback.js +1 -1
  185. package/packages/installer/src/wizard/ide-config-generator.js +26 -26
  186. package/packages/installer/src/wizard/index.js +53 -4
  187. package/packages/sinapse-install/bin/edmcp.js +0 -0
  188. package/packages/sinapse-install/bin/sinapse-install.js +0 -0
  189. package/scripts/audit-tasks.cjs +112 -91
  190. package/scripts/check-markdown-links.py +352 -352
  191. package/scripts/prepare-hooks.js +58 -0
  192. package/scripts/regenerate-orqx-stubs.ps1 +2 -3
  193. package/scripts/sync-counts.js +10 -2
  194. package/scripts/sync-squad-yaml-components.js +108 -6
  195. package/scripts/validate-agents-md.js +128 -0
  196. package/scripts/validate-all.js +1 -0
  197. package/scripts/validate-squad-orqx.js +19 -9
  198. package/sinapse/agents/sinapse-orqx.md +16 -26
  199. package/sinapse/agents/snps-orqx.md +15 -25
  200. package/sinapse/knowledge-base/routing-catalog.md +1 -1
  201. package/sinapse/tasks/diagnose-and-route.md +1 -1
  202. package/sinapse/tasks/squad-status-report.md +1 -1
  203. package/squads/claude-code-mastery/agents/claude-mastery-chief.md +1 -1
  204. package/squads/claude-code-mastery/agents/hooks-architect.md +60 -68
  205. package/squads/claude-code-mastery/knowledge-base/swarm-orchestration-patterns.md +1 -1
  206. package/squads/claude-code-mastery/squad.yaml +8 -0
  207. package/squads/claude-code-mastery/tasks/audit-setup.md +1 -1
  208. package/squads/claude-code-mastery/workflows/optimization-cycle.yaml +4 -4
  209. package/squads/claude-code-mastery/workflows/project-setup-cycle.yaml +4 -4
  210. package/squads/squad-animations/README.md +1 -1
  211. package/squads/squad-animations/squad.yaml +1 -1
  212. package/squads/squad-brand/squad.yaml +1 -1
  213. package/squads/squad-cloning/README.md +1 -1
  214. package/squads/squad-cloning/squad.yaml +1 -1
  215. package/squads/squad-commercial/README.md +1 -1
  216. package/squads/squad-commercial/squad.yaml +2 -3
  217. package/squads/squad-content/README.md +1 -1
  218. package/squads/squad-content/squad.yaml +1 -1
  219. package/squads/squad-copy/README.md +1 -1
  220. package/squads/squad-copy/squad.yaml +2 -3
  221. package/squads/squad-council/README.md +1 -1
  222. package/squads/squad-courses/README.md +1 -1
  223. package/squads/squad-courses/squad.yaml +1 -1
  224. package/squads/squad-cybersecurity/README.md +1 -1
  225. package/squads/squad-cybersecurity/squad.yaml +2 -3
  226. package/squads/squad-design/README.md +1 -1
  227. package/squads/{squad-artdir → squad-design}/agents/cro-persuasion.md +1 -1
  228. package/squads/{squad-artdir → squad-design}/agents/platform-aesthetic-director.md +2 -2
  229. package/squads/{squad-artdir → squad-design}/agents/premium-packaging-strategist.md +2 -2
  230. package/squads/{squad-artdir → squad-design}/agents/product-surface-director.md +3 -3
  231. package/squads/squad-design/squad.yaml +6 -3
  232. package/squads/squad-finance/README.md +1 -1
  233. package/squads/squad-finance/squad.yaml +7 -1
  234. package/squads/squad-growth/README.md +1 -1
  235. package/squads/squad-growth/squad.yaml +1 -1
  236. package/squads/squad-paidmedia/README.md +1 -1
  237. package/squads/squad-paidmedia/squad.yaml +2 -3
  238. package/squads/squad-product/README.md +1 -1
  239. package/squads/squad-product/squad.yaml +1 -1
  240. package/squads/squad-research/README.md +1 -1
  241. package/squads/squad-research/squad.yaml +2 -3
  242. package/squads/squad-storytelling/README.md +1 -1
  243. package/squads/squad-storytelling/squad.yaml +2 -3
  244. package/.codex/agents/brad-frost.md +0 -46
  245. package/.codex/agents/claude-orqx.md +0 -72
  246. package/.codex/agents/copy-chief.md +0 -162
  247. package/.codex/agents/cyber-chief.md +0 -169
  248. package/.codex/agents/dan-mall.md +0 -43
  249. package/.codex/agents/data-chief.md +0 -198
  250. package/.codex/agents/dave-malouf.md +0 -43
  251. package/.codex/agents/db-sage.md +0 -152
  252. package/.codex/agents/design-chief.md +0 -226
  253. package/.codex/agents/dev.md +0 -102
  254. package/.codex/agents/legal-chief.md +0 -199
  255. package/.codex/agents/nano-banana-generator.md +0 -42
  256. package/.codex/agents/pm.md +0 -81
  257. package/.codex/agents/po.md +0 -85
  258. package/.codex/agents/qa.md +0 -98
  259. package/.codex/agents/sm.md +0 -77
  260. package/.codex/agents/squad-chief.md +0 -1553
  261. package/.codex/agents/squad.md +0 -66
  262. package/.codex/agents/story-chief.md +0 -180
  263. package/.codex/agents/tools-orqx.md +0 -219
  264. package/.codex/agents/traffic-masters-chief.md +0 -211
  265. package/.sinapse-ai/core/memory/__tests__/active-modules.verify.js +0 -265
  266. package/.sinapse-ai/core/permissions/__tests__/permission-mode.test.js +0 -293
  267. package/.sinapse-ai/data/registry-update-log.jsonl +0 -158
  268. package/.sinapse-ai/infrastructure/scripts/ide-sync/gemini-commands.js +0 -298
  269. package/.sinapse-ai/infrastructure/scripts/ide-sync/transformers/antigravity.js +0 -121
  270. package/.sinapse-ai/infrastructure/scripts/ide-sync/transformers/cursor.js +0 -119
  271. package/.sinapse-ai/infrastructure/scripts/ide-sync/transformers/github-copilot.js +0 -191
  272. package/.sinapse-ai/infrastructure/scripts/ide-sync/transformers/kimi.js +0 -448
  273. package/.sinapse-ai/infrastructure/tests/project-status-loader.test.js +0 -569
  274. package/.sinapse-ai/infrastructure/tests/regression-suite-v2.md +0 -622
  275. package/.sinapse-ai/infrastructure/tests/validate-module.js +0 -98
  276. package/.sinapse-ai/infrastructure/tests/worktree-manager.test.js +0 -620
  277. package/.sinapse-ai/monitor/hooks/lib/__init__.py +0 -2
  278. package/.sinapse-ai/monitor/hooks/lib/enrich.py +0 -59
  279. package/.sinapse-ai/monitor/hooks/lib/send_event.py +0 -48
  280. package/.sinapse-ai/monitor/hooks/notification.py +0 -30
  281. package/.sinapse-ai/monitor/hooks/post_tool_use.py +0 -46
  282. package/.sinapse-ai/monitor/hooks/pre_compact.py +0 -30
  283. package/.sinapse-ai/monitor/hooks/pre_tool_use.py +0 -41
  284. package/.sinapse-ai/monitor/hooks/stop.py +0 -30
  285. package/.sinapse-ai/monitor/hooks/subagent_stop.py +0 -30
  286. package/.sinapse-ai/monitor/hooks/user_prompt_submit.py +0 -39
  287. package/.sinapse-ai/product/templates/statusline/track-agent.sh +0 -69
  288. package/.sinapse-ai/workflow-intelligence/__tests__/confidence-scorer.test.js +0 -335
  289. package/.sinapse-ai/workflow-intelligence/__tests__/integration.test.js +0 -340
  290. package/.sinapse-ai/workflow-intelligence/__tests__/suggestion-engine.test.js +0 -438
  291. package/.sinapse-ai/workflow-intelligence/__tests__/wave-analyzer.test.js +0 -448
  292. package/.sinapse-ai/workflow-intelligence/__tests__/workflow-registry.test.js +0 -303
  293. package/bin/sinapse-graph.js +0 -19
  294. package/docs/codex-integration-process.md +0 -22
  295. package/docs/codex-parity-program.md +0 -27
  296. package/packages/installer/src/__tests__/performance-benchmark.js +0 -383
  297. package/packages/installer/tests/integration/environment-configuration.test.js +0 -332
  298. package/packages/installer/tests/integration/wizard-detection.test.js +0 -352
  299. package/packages/installer/tests/unit/artifact-copy-pipeline/artifact-copy-pipeline.test.js +0 -383
  300. package/packages/installer/tests/unit/claude-md-template-v5/claude-md-template-v5.test.js +0 -193
  301. package/packages/installer/tests/unit/config-validator.test.js +0 -315
  302. package/packages/installer/tests/unit/detection/detect-project-type.test.js +0 -539
  303. package/packages/installer/tests/unit/doctor/doctor-checks.test.js +0 -636
  304. package/packages/installer/tests/unit/doctor/doctor-orchestrator.test.js +0 -192
  305. package/packages/installer/tests/unit/entity-registry-bootstrap.test.js +0 -186
  306. package/packages/installer/tests/unit/env-template.test.js +0 -187
  307. package/packages/installer/tests/unit/generate-settings-json/generate-settings-json.test.js +0 -310
  308. package/packages/installer/tests/unit/git-hooks-installer.test.js +0 -262
  309. package/packages/installer/tests/unit/ide-sync-integration/ide-sync-integration.test.js +0 -231
  310. package/packages/installer/tests/unit/merger/env-merger.test.js +0 -191
  311. package/packages/installer/tests/unit/merger/markdown-merger.test.js +0 -262
  312. package/packages/installer/tests/unit/merger/strategies.test.js +0 -154
  313. package/packages/installer/tests/unit/merger/yaml-merger.test.js +0 -328
  314. package/packages/sinapse-install/tests/unit/chrome-brain.smoke.test.js +0 -66
  315. package/scripts/install-monitor-hooks.sh +0 -82
  316. package/squads/squad-artdir/README.md +0 -90
  317. package/squads/squad-artdir/agents/accessibility-guardian.md +0 -184
  318. package/squads/squad-artdir/agents/artdir-orqx.md +0 -222
  319. package/squads/squad-artdir/agents/color-psychologist.md +0 -166
  320. package/squads/squad-artdir/agents/design-system-architect.md +0 -100
  321. package/squads/squad-artdir/agents/ia-architect.md +0 -169
  322. package/squads/squad-artdir/agents/interaction-designer.md +0 -162
  323. package/squads/squad-artdir/agents/layout-engineer.md +0 -163
  324. package/squads/squad-artdir/agents/motion-architect.md +0 -185
  325. package/squads/squad-artdir/agents/type-systemist.md +0 -138
  326. package/squads/squad-artdir/agents/visual-strategist.md +0 -127
  327. package/squads/squad-artdir/checklists/seven-pillars-validation-checklist.md +0 -172
  328. package/squads/squad-artdir/knowledge-base/case-nyo-ia-reference.md +0 -289
  329. package/squads/squad-artdir/knowledge-base/deliverables-templates.md +0 -457
  330. package/squads/squad-artdir/knowledge-base/motion-technique-catalog.md +0 -247
  331. package/squads/squad-artdir/knowledge-base/premium-packaging-principles.md +0 -133
  332. package/squads/squad-artdir/knowledge-base/psychological-toolkit.md +0 -229
  333. package/squads/squad-artdir/knowledge-base/saas-art-direction-canon.md +0 -242
  334. package/squads/squad-artdir/knowledge-base/seven-pillars-framework.md +0 -289
  335. package/squads/squad-artdir/knowledge-base/ten-pillars-framework.md +0 -221
  336. package/squads/squad-artdir/package.json +0 -20
  337. package/squads/squad-artdir/squad.yaml +0 -299
  338. package/squads/squad-artdir/tasks/audit-conversion.md +0 -97
  339. package/squads/squad-artdir/tasks/audit-drift-multi-surface.md +0 -55
  340. package/squads/squad-artdir/tasks/consult-saas-canon.md +0 -54
  341. package/squads/squad-artdir/tasks/create-art-direction-brief.md +0 -110
  342. package/squads/squad-artdir/tasks/create-premium-packaging-brief.md +0 -61
  343. package/squads/squad-artdir/tasks/create-wireflow.md +0 -84
  344. package/squads/squad-artdir/tasks/design-color-system.md +0 -81
  345. package/squads/squad-artdir/tasks/design-product-surface.md +0 -60
  346. package/squads/squad-artdir/tasks/design-token-system.md +0 -58
  347. package/squads/squad-artdir/tasks/diagnose-visual-language.md +0 -92
  348. package/squads/squad-artdir/tasks/first-5-minutes-choreography.md +0 -65
  349. package/squads/squad-artdir/tasks/specify-motion-system.md +0 -84
  350. package/squads/squad-artdir/tasks/validate-against-pillars.md +0 -143
  351. package/squads/squad-artdir/templates/art-direction-brief-template.md +0 -215
  352. package/squads/squad-artdir/workflows/conversion-audit-cycle.yaml +0 -142
  353. package/squads/squad-artdir/workflows/full-art-direction-cycle.yaml +0 -179
  354. package/squads/squad-artdir/workflows/saas-platform-art-direction-cycle.yaml +0 -338
  355. package/squads/squad-commercial/agents/legal-chief.md +0 -199
  356. package/squads/squad-copy/agents/copy-chief.md +0 -162
  357. package/squads/squad-cybersecurity/agents/cyber-chief.md +0 -169
  358. package/squads/squad-design/agents/design-chief.md +0 -226
  359. package/squads/squad-paidmedia/agents/traffic-masters-chief.md +0 -211
  360. package/squads/squad-research/agents/data-chief.md +0 -198
  361. package/squads/squad-storytelling/agents/story-chief.md +0 -180
package/CHANGELOG.md ADDED
@@ -0,0 +1,1247 @@
1
+ ## [1.9.1](https://github.com/caioimori/sinapse-ai/compare/1.9.0...1.9.1) (2026-06-18)
2
+
3
+ ### Bug Fixes
4
+
5
+ * **audit:** correções da auditoria adversarial pós-1.9.0 ([3cef25e](https://github.com/caioimori/sinapse-ai/commit/3cef25e4ad6f9fa504f17b556ce16071bb3986ac))
6
+ * **release:** remove @semantic-release/git (branch protegida rejeita push direto na main) ([0c62b90](https://github.com/caioimori/sinapse-ai/commit/0c62b90e8fa64160f2f0cef5b29daef871abe0f7))
7
+
8
+ # Changelog
9
+
10
+ All notable changes to SINAPSE will be documented in this file.
11
+
12
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
13
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
14
+
15
+ ## [Unreleased]
16
+
17
+ ## [1.9.0] — 2026-06-17 — 🧭 Refino Macro (E1–E9) + Paridade Codex
18
+
19
+ > **Refino macro do framework em 9 etapas.** Invocação unificada `@sinapse`/`@snps`; remoção dos editores extras (foco Claude + Codex); medidor de tasks honesto; instalação/update reais; fusão `squad-artdir`→`squad-design` + aposentadoria de 7 chiefs (→ 17 squads · 172 agentes · 1200 tasks); feedback visual de orquestração na statusline; trava de git reativada; paridade Codex de fachada para real; pente-fino de segurança.
20
+
21
+ ### Added
22
+
23
+ - Invocação por `@sinapse` / `@snps` / `@sinapse-orqx` / `@snps-orqx` com stub rico do Imperator (diagnose → handoff → delegate).
24
+ - Feedback visual de orquestração: statusline acende `Imperator` + `N especialistas`; `sinapse status --watch`.
25
+ - `sinapse update` baixa e aplica a versão nova de verdade.
26
+ - Entrega do runtime Codex (`.codex/` + `AGENTS.md`) ao projeto do usuário; resolução paramétrica dos 172 agentes.
27
+ - Secret-scan no publish (`prepublishOnly`) + paridade travada das 2 cópias do scanner.
28
+
29
+ ### Fixed
30
+
31
+ - Resolução de mock robusta a `node_modules` aninhado em `.sinapse-ai/` (testes locais deixam de falhar por mock que não intercepta).
32
+ - `core.hooksPath` reapontado pela trava gerenciada no `npm install`.
33
+
34
+ ### Changed
35
+
36
+ - Catálogo consolidado: **17 squads · 172 agentes · 18 orqx · 1200 tasks**.
37
+
38
+ ## [1.8.0] — 2026-06-15 — ⚡ Orchestration, IDS & CLI Optimization
39
+
40
+ > **Release de racionalizacao do core.** Deep-dive de 28 modulos + frentes especiais (plano P0–P3, verificacao adversarial): fecha gaps de cabeamento CLI (pipelines poderosos existiam mas nao tinham porta de entrada), torna o gerador de entity-registry deterministico, consolida duplicatas reais e cabeia tasks orfas — tudo sem corte de capacidade. Lei travada: potencializar, nao cortar.
41
+
42
+ ### Added
43
+
44
+ - `sinapse orchestrate <story-id>` — porta de entrada CLI do pipeline autonomo (Epic 0 / MasterOrchestrator): `--status` / `--stop` / `--resume` / `--dry-run` / `--epic N`.
45
+ - `sinapse create <agent|task|workflow>` — gerador de componentes (ComponentGenerator) no CLI.
46
+ - `sinapse mode [explore|ask|auto] [--cycle]` — gerenciador de modo de permissao.
47
+ - `sinapse health --deep [--output-file <path>]` — expoe o engine completo de ~35 checks (dominios deployment/local/project/repository/services), antes sem entry-point. O `sinapse health` default (install-health) permanece inalterado.
48
+ - **IDS Gate G6** (CI/CD registry integrity, blocking) — implementado e cabeado no GateEvaluator (fase `ci_cd`); o codigo so trazia G1–G5.
49
+ - Dispatch de workflow por `project_type` nos handlers greenfield/brownfield (site/lp/app→ui, platform/saas→fullstack, api/service→service); variants mantidos como arquivos separados.
50
+ - Teste unitario do `fast-path-gate` (unico modulo de orquestracao sem cobertura dedicada).
51
+
52
+ ### Fixed
53
+
54
+ - `sinapse graph`, `sinapse ids:*`, `sinapse mcp`, `sinapse generate` caiam no `default` do binario (passados ao Claude Code como args) — agora cabeados no switch. Fecha contrato de CI do template `sinapse graph --deps`.
55
+ - **Gerador de entity-registry agora e DETERMINISTICO**: sort de arquivos (fast-glob retornava ordem de readdir), sort de `usedBy`, `lastVerified` preservado por checksum, `lastUpdated` idempotente, self-entry excluido. Elimina o churn de ~1600 linhas por commit.
56
+ - Gerador passa a escanear `bin/` — corrige `ideation-engine` falsamente marcado como `orphan` (agora `usedBy: [ideate]`, `lifecycle: production`).
57
+ - Regex de exclusao de docs ancorado em `^docs/` — 5 docs tracked de `core/docs` voltam ao install-manifest (drift de upgrade brownfield deixava de ser rastreado).
58
+ - WaveAnalyzer named export (`new` lancava "not a constructor"); diagnostics SYNAPSE no `doctor --deep`; hook `code-intel-pretool.cjs` ausente criado e registrado.
59
+
60
+ ### Changed
61
+
62
+ - `output-formatter` consolidado — `core/utils` re-exporta a fonte unica em `infrastructure/scripts` (−290 linhas de duplicata byte-identica).
63
+ - Os 3 grounding hooks (`sinapse-{brand,ds,vault}-grounding.cjs`) delegam `loadConfig` ao `config-loader.cjs` compartilhado (require guardado, fail-open preservado).
64
+ - Task @devops pre-push invoca `sinapse qa run --layer=1` em vez de reimplementar lint/test/typecheck.
65
+ - `AgentInvoker` memoiza `_loadAgent`/`_loadTask`; `MasterOrchestrator` colapsa o `_saveState()` redundante por epic no caminho de sucesso.
66
+ - 9 tasks orfas cabeadas aos agentes (devops/developer por dominio); 3 namespaces de session documentados em `core/README.md`.
67
+
68
+ ### Removed
69
+
70
+ - `test-validation-task.md` (fixture auto-declarado, zero consumidor) e as 2 copias orfas `development/scripts/elicitation-{engine,session-manager}.js` (consumidores reais usam `core/elicitation/`).
71
+
72
+ ### Security
73
+
74
+ - **Auto-execucao no install removida (supply-chain).** O hook npm `postinstall` (`node bin/postinstall.js`) foi retirado do `package.json`. Executar codigo automaticamente em `npm install` e uma superficie de supply-chain — um publish comprometido rodaria na maquina de todos os instaladores sem nenhuma acao explicita. O setup agora e EXPLICITO: via `npx sinapse-ai install` (caminho recomendado, ja documentado no README) ou via `npm run setup`. O modulo `bin/postinstall.js` foi mantido sem mudanca de comportamento — apenas deixou de ser auto-executado. CI install-matrix e comentarios ajustados ao novo modelo.
75
+
76
+ ## [1.7.0] — 2026-06-02 — 🔒 Security & Robustness Hardening
77
+
78
+ > **Release de seguranca e robustez.** Auditoria de ciberseguranca completa (6 frentes + verificacao adversarial) + fundacao de robustez (execucao segura cross-OS, learning loop, cadeia de erros tipada). Prepara o framework para distribuicao publica.
79
+
80
+ ### Security
81
+
82
+ - **Command injection / RCE eliminado** nos motores de execucao de subagentes: troca de `spawn('sh','-c', ...)` por execucao via argv+stdin sem shell (cross-spawn). Resolve injecao via story/task/gotcha.
83
+ - **github-adapter** — `execSync(string)` -> `execFileSync('gh', argv)`: fecha injecao de shell via titulo/corpo de story.
84
+ - **ideation-engine** — validacao de `rootPath` contra metacaracteres de shell.
85
+ - **semantic-merge-engine** — `execFileSync('git', argv)` nas chamadas git; cap de tamanho/iteracoes no scan de funcoes (ReDoS).
86
+ - **squad-downloader** — protecao anti zip-slip (containment de path) + allowlist de host no follow de redirect (SSRF).
87
+ - **merge-utils** — deny-list `__proto__`/`constructor`/`prototype` (prototype pollution).
88
+ - **renderer** — escaping configuravel com security contract documentado.
89
+ - **docker-compose (llm-routing)** — master key sem default conhecido (fail-fast).
90
+
91
+ ### Changed (robustez — base de execucao)
92
+
93
+ - **Execucao de agentes cross-OS**: resolucao segura do binario da CLI no Windows (sem shell injection, sem quebra de `claude.cmd`).
94
+ - **Learning loop religado**: gotcha-loader endurecido + janela rolante de erro.
95
+ - **Cadeia de erros tipada** (`core/errors/`): SinapseError com normalize/serialize, sem vazar stack em producao.
96
+ - **context-tracker model-aware** + bloco `models:` no core-config (estimativa de contexto precisa).
97
+ - **semantic-handshake-engine**: motor de constraints executaveis.
98
+
99
+ ### Privacy & Packaging
100
+
101
+ - Removidos nomes pessoais e referencias a projeto privado dos materiais publicados.
102
+ - `files`: glob `docs/*.md` substituido por allow-list explicita de docs publicos + `.npmignore` (impede vazamento de docs internos no pacote).
103
+
104
+ ## [1.6.1] — 2026-05-26 — 🩹 Patch: fix installer regression do BUG-001
105
+
106
+ > **Patch release imediato.** O v1.6.0 corrigiu o BUG-001 (orqx voltando ao auto-plano) nas personas canônicas e no template YAML, MAS deixou 3 arquivos JS do installer com `"HALT and await user input"` hardcoded. Resultado: `npx sinapse-ai install` ou `update` gerava stubs orqx errados de novo, regredindo o fix.
107
+
108
+ ### Fixed
109
+
110
+ - **`bin/commands/install.js`** — função `generateCommandMd()` agora detecta orquestradores (id termina em `-orqx` OU é Imperator) e gera STEP 4/6 com briefing-on-activation flow. Specialists continuam com HALT (correto).
111
+ - **`bin/commands/install.js`** — bloco do Imperator template substitui `Then HALT and await user input` por briefing-on-activation check + Initial State Audit + Bootstrap Classification + Orchestration Plan + Execute.
112
+ - **`packages/installer/src/wizard/index.js`** — `buildAgentTemplate()` (que só gera stubs orqx) corrigida pra emitir STEP 4 com briefing-on-activation.
113
+ - **`.sinapse-ai/development/scripts/apply-inline-greeting-all-agents.js`** — INLINE_GREETING_LOGIC STEP 5 agora é condicional (orqx → auto-plan; specialist → HALT).
114
+
115
+ ### Why this matters
116
+
117
+ Sem este patch, **toda instalação fresh do v1.6.0 regredia o BUG-001 imediatamente**. Detectado ao rodar `npx sinapse-ai@latest update`: o sinapse-orqx.md stub voltou pro formato curto com "HALT and await user input".
118
+
119
+ ## [1.6.0] — 2026-05-26 — 🔧 Framework cleanup release (15 bugs P0/P1/P2/P3)
120
+
121
+ > **Cleanup + 2 squads oficiais.** Resolve 15 bugs estruturais mapeados pela auditoria 2026-05-25, oficializa n8n + higgsfield-studio como squads SINAPSE, simplifica regras opt-in, e corrige comportamento crítico dos orquestradores (auto-plano de orquestração ao receber briefing).
122
+
123
+ ### Fixed (Onda 1 — P0 críticos, PR #208)
124
+
125
+ - **BUG-001 — orchestrators agora disparam plano automático** ao receber briefing. Persona Imperator tinha regra contraditória: `"HALT and await user input. Do NOT do anything else."` vencia sobre a regra `"NON-NEGOTIABLE: ORCHESTRATION PLAN ON EVERY BRIEFING"`. Resultado: usuário sempre precisava pedir `cria plano`. Fix: substituído por briefing-on-activation check em 6 personas Imperator + template `activation-instructions-inline-greeting.yaml` + swarm-orqx STEP 5.
126
+ - **BUG-002 — Imperator (sinapse-orqx) era "fantasma"**: stub apontava pra `~/.sinapse/sinapse/agents/sinapse-orqx.md` que nunca existiu. Fix: source canônico criado em `sinapse/agents/sinapse-orqx.md` (791 linhas, persona completa com ASCII art, 18 squads routing table, Initial State Audit, Bootstrap Classification, NSN mode).
127
+ - **BUG-003 — 19 dos 22 stubs orqx em formato truncado** (15 linhas, sem blocos Activation Instructions / How to Execute / Cross-Squad Handoff). Fix: novo script `scripts/regenerate-orqx-stubs.ps1` regenera todos os 22 stubs no formato completo (42-55 linhas) com o flow de briefing-auto-orchestration.
128
+ - **BUG-005 — slash command `/SINAPSE:agents:sinapse-orqx` ausente** (só existiam os 21 squad-orqx + snps-orqx). Fix: criado em `~/.claude/commands/SINAPSE/agents/sinapse-orqx.md`.
129
+
130
+ ### Fixed (Onda 2 — P1, PR #209)
131
+
132
+ - **BUG-004** — 12 commands SNPS (`/SNPS:agents:*`) propagados pra `~/.claude/commands/SNPS/agents/` (parity Codex no nível local).
133
+ - **BUG-006 + BUG-012** — **n8n vira squad oficial SINAPSE**. Consolidação em `~/.sinapse/squad-n8n/` (18 agents + squad.yaml v1.0). Rule `n8n-squad-routing.md` atualizada removendo "não faz parte do framework". Knowledge base externa em `Workspace/sinapse/n8n/` (18k linhas) mantida.
134
+ - **BUG-009** — MEMORY.md de 29.6KB → 12.6KB (limite 24.4KB, agora com margem). Entradas longas encurtadas pra <200 chars cada, mantendo discovery via pointers.
135
+
136
+ ### Changed (Onda 3 — P1+P2, PR #209)
137
+
138
+ - **BUG-007 — rules opt-in viram always-on**. `CLAUDE.md` global bumpado pra v6.4. `documentation-first`, `mandatory-delegation`, `workflow-execution` agora sempre carregadas; agente calibra cerimônia conforme escopo (story epic vs bug fix simples). Mais simples que implementar hook trigger custom por path/keyword.
139
+ - **BUG-014** — **higgsfield-studio vira squad oficial SINAPSE**. Consolidação em `~/.sinapse/squad-higgsfield-studio/` (14 agents + squad.yaml v1.0). Mesma arquitetura padrão dos outros squads.
140
+ - **BUG-010** — `vault-routing.json` corrigido: 7 entradas apontavam pra notas inexistentes. Substituídas por equivalentes funcionais.
141
+ - **BUG-008** — rules deprecated (`sinapse-source-of-truth.md`, `response-format.md`) movidas pra `~/.claude/rules/_deprecated/`.
142
+
143
+ ### Cleanup (Onda 4 — P2/P3, PR #209)
144
+
145
+ - **BUG-011** — `.backup-stubs-20260512-120825/` movido de `~/.claude/agents/` pra `~/.claude/backups/`.
146
+ - **BUG-013** — nova doc `docs/guides/hooks-two-layers.md` explicando arquitetura intencional dos hooks (camada global `~/.claude/hooks/` vs camada framework `<repo>/.claude/hooks/`).
147
+ - **BUG-015** — memory sincronizada: removidas menções de stories Ready (10.35/10.38/10.39/10.40/10.41/10.42) que já estavam Done.
148
+ - **BUG-016** — 9 skills com espaço no nome renomeadas pra kebab-case (`Creative Skills` → `creative-skills`, etc).
149
+
150
+ ### Added
151
+
152
+ - `docs/audits/2026-05-25-framework-gargalos-audit.md` — relatório completo da auditoria que mapeou os 15 bugs deste release.
153
+ - `sinapse/agents/sinapse-orqx.md` — persona canônica Imperator (faltava no source do repo).
154
+ - `scripts/regenerate-orqx-stubs.ps1` — script PowerShell que regenera os 22 stubs em qualquer máquina.
155
+ - `docs/guides/hooks-two-layers.md` — doc da arquitetura de hooks.
156
+
157
+ ### Notes
158
+
159
+ - **Sem breaking changes** se você só usa o framework como orchestrator. Comportamento novo dos orqx (auto-plano) é uma melhoria, não quebra fluxos existentes.
160
+ - **Inclui também outros 5 PRs entre v1.5.0 e v1.6.0**: #203 (limpa claude-code-mastery orphan agents), #204 (docs audit Onda 3 orqx coverage gap), #205 (canonical flat squad-schema + validator), #206 (169 broken links fixed), #207 (squad-finance ganha 3 agentes).
161
+ - **3 investigações pendentes** (fora do escopo desta release): hooks órfãos no settings.json, validação cruzada task_refs em workflows, health check completo dos 17 squads canonicos.
162
+
163
+ ## [1.5.0] — 2026-05-15 — 🚀 Feature release (sinapse-delegate + fast-path-gate)
164
+
165
+ > **Feature release.** Adiciona dois patterns úteis ao SINAPSE: outsource explícito pra executor externo via `sinapse-delegate` e heurística de fast-path no orchestrator. Sem breaking changes; ambos opt-in.
166
+
167
+ ### Added
168
+
169
+ - **`sinapse-delegate` CLI** — novo entry point pra outsource de tasks específicas (story implementations, refactors, mechanical edits) pra executor externo como Codex CLI. Grava prompt + output + log em `.sinapse/external-runs/<timestamp>-<slug>/` pra audit completo. Suporta sandboxes (read-only, workspace-write, full-auto, danger-full-access), git cleanliness gate (`--allow-dirty` pra bypass intencional), dry-run, foreground/background. **Caso de uso principal:** economizar tokens Opus em tasks repetitivas/mecânicas roteando-as pra modelos menores (Codex/Haiku).
170
+ - Entry: `bin/sinapse-delegate.js` (registrado em `package.json#bin`)
171
+ - Implementação: `.sinapse-ai/core/external-executors/delegate-cli.js`
172
+ - Provider suportado nesta release: `codex` (extensível pra outros via `PROVIDERS` map)
173
+ - Uso: `sinapse-delegate codex -t story-10.50 -f prompt.md --sandbox workspace-write`
174
+
175
+ - **Fast-Path Gate** em `.sinapse-ai/core/orchestration/fast-path-gate.js` — heurística determinística que avalia se uma task pode rodar em modo acelerado (`parallel_batch`, `deterministic_batch`, `external_executor`) versus workflow padrão sequencial. Analisa sinais de automação (bulk-edit, structured-transform, mechanical-edit, map-then-apply, repetition, parallelizable) versus sinais de risco (architecture, security, destructive, production, migration). Retorna `mode`, `confidence` (0-1), `parallelizable`, `riskLevel`, `reasons` e `actions` recomendadas. Configurável via `DEFAULT_FAST_PATH_CONFIG`.
176
+ - Exportado em `.sinapse-ai/core/orchestration/index.js` como `evaluateFastPath`, `DEFAULT_FAST_PATH_CONFIG`, `getAutomationPatterns`, `getRiskPatterns`, `getStructuredFileExtensions`, `normalizeFastPathConfig`, `normalizeFastPathTask`
177
+ - Sem state global, sem dependências externas, pure function — fácil de integrar em qualquer decisão de roteamento
178
+
179
+ ### Notes
180
+
181
+ - **Service Discovery (`sinapse workers search/list/info`) já existia** desde versão anterior em `.sinapse-ai/cli/commands/workers/` — confirmado via smoke test e bin/sinapse.js já roteia. Sem ação necessária nesta release.
182
+ - **Implementação:** pure functions, sem state global, sem dependências externas além do que já existe. Integração via export em `.sinapse-ai/core/orchestration/index.js`.
183
+ - **Sem breaking changes.** Features são opt-in: ninguém precisa rodar `sinapse-delegate` ou chamar `evaluateFastPath` se não quiser.
184
+
185
+ ### Migration
186
+
187
+ Nada necessário pra usuários da v1.4.x. Quem quiser usar:
188
+
189
+ ```bash
190
+ npm install sinapse-ai@latest
191
+
192
+ # Outsource uma task pesada pro Codex
193
+ sinapse-delegate codex -t my-task -p "Replace deprecated React imports in src/" --sandbox workspace-write
194
+
195
+ # Avaliar uma task antes de executar (programático)
196
+ node -e "console.log(require('sinapse-ai/.sinapse-ai/core/orchestration').evaluateFastPath({ task: { description: 'bulk rename yaml files', files: ['a.yaml','b.yaml','c.yaml'] }}))"
197
+ ```
198
+
199
+ ## [1.4.2] — 2026-05-14 — 🩹 Doctor bugfix patch (Story 10.42 regression + false-FAIL cleanup)
200
+
201
+ > **Bugfix patch.** Smoke test pós-v1.4.1 detectou 1 regressão real + 4 ruídos no doctor que arruinavam a primeira impressão pra users novos. Esta release consolida os 5 fixes.
202
+
203
+ ### Fixed
204
+
205
+ - **Story 10.42 regressão** — `npx sinapse-ai doctor` em projeto fresh exibia 11 FAILs ao invés da mensagem amigável `NOT_INSTALLED`. Root cause: `detectInstallState()` qualificava `~/.sinapse/` e `~/.claude/commands/SINAPSE/` como markers globais — esses sempre existem em máquinas que já rodaram SINAPSE em qualquer outro projeto, anulando completamente a detecção de fresh-project. Agora só `<projectRoot>/.sinapse-ai/` qualifica. EXIT=4 + mensagem amigável confirmados em smoke test.
206
+ - **`npm-packages` check** — não falha mais quando `node_modules/` está ausente no projeto raiz. Confia em `canResolveDep` (Story 10.48) para validar deps do `.sinapse-ai/` via Node module resolution (parent + global). Projetos sem deps Node próprios (writing repos, design repos, infra-only) não levam mais FAIL falso.
207
+ - **`skills-count` check** — `.claude/skills/` é OPCIONAL e não shipado pelo install (verificado contra `install-manifest.yaml`). Status mudado de FAIL para INFO. Mensagem revisada: "skills are optional — install via `npx claude-skills add <name>`". `onError` policy: `'warn'` ao invés de `'fail'`.
208
+ - **`manifest-version-parity` check** — comparava `<projectRoot>/package.json#version` (do user) com `.sinapse-ai/install-manifest.yaml#version` (do framework) em qualquer cwd. Em projeto user isso sempre dava FAIL com "Run `npm run generate:manifest`" — script que só existe no repo do framework. Agora detecta context via `package.json#name === "sinapse-ai"`: se não for o repo do framework, INFO + skipped.
209
+ - **`scripts/sinapse-patch.js` Windows detection** — `findCliPath` só procurava `cli.js` em paths POSIX. Claude Code 2.x no Windows ships `cli-wrapper.cjs` em `~/AppData/Roaming/npm/node_modules/@anthropic-ai/claude-code/`. Adicionados Windows-specific candidates + variantes de filename (`cli.js`, `cli-wrapper.cjs`, `bin/cli.js`). Plus mensagem `[ERRO]` → `[INFO]` e `process.exit(1)` → `process.exit(0)` quando CLI não é encontrado: branding patch é cosmético opcional, não deve nunca bloquear o install pipeline.
210
+
211
+ ### Removed
212
+
213
+ - **`validator` dep órfã** removida de `.sinapse-ai/package.json`. Estava declarada como dependency mas sem nenhum import no código. Causava FAIL legítimo em `npm-packages` check porque era unresolvable. Zero impacto runtime.
214
+
215
+ ### Smoke test confirmation (2026-05-14)
216
+
217
+ | Capability | Antes (v1.4.1) | Agora (v1.4.2) |
218
+ |---|---|---|
219
+ | `doctor` em projeto fresh | 11 FAIL, EXIT=2 | mensagem amigável, EXIT=4 |
220
+ | `doctor` em projeto instalado | 3 FALSE FAIL | 0 FAIL |
221
+ | `npm install` + branding patch | `[ERRO]` visível | `[INFO]` informativo + exit 0 |
222
+ | `npm-packages` em repo do framework | FAIL "validator unresolvable" | PASS "13 deps resolved" |
223
+
224
+ ## [1.4.1] — 2026-05-14 — 🔒 Security + docs honesty patch
225
+
226
+ > **Patch release.** Consolida no npm o que entrou em main depois da v1.4.0: README com copy honesta sobre o estado real dos hooks de grounding (PR #198) + bump transitivo de `ip-address` para versão patched, resolvendo Dependabot #21 (PR #199). Mais cleanup completo de versões legacy no npm registry.
227
+
228
+ ### Security
229
+
230
+ - **Dependabot #21** — `ip-address` (dev-scope, transitive): vulnerable versions `<= 10.1.0` carregam XSS em métodos `Address6` HTML-emitting (severity: medium). Bundled `ip-address` dentro de `npm` (consumido por `@semantic-release/npm`) bumped para 10.1.1 via regeneração limpa de `package-lock.json`. `package.json` overrides também carregam `"ip-address": "^10.1.1"` como safeguard.
231
+
232
+ ### Documentation
233
+
234
+ - **README** — Seção "Grounding semantico" reescrita para alinhar messaging com implementação real:
235
+ - Status renomeado "foundation pre-GA" (substituindo claims de injection concreta)
236
+ - Tabela cobre "Funcao na release atual" e "Injecao semantica" (roadmap)
237
+ - Adicionado bloco explicando o moat (opt-in declarativo vs runtime-coupled grounding em frameworks competidores)
238
+
239
+ ### Changed (npm registry cleanup)
240
+
241
+ - **72 versões legacy deprecated no npm** com mensagens orientando pra `@latest`:
242
+ - 3 da linha 1.x pré-reset (1.0.0, 1.0.1, 1.1.0)
243
+ - 5.x série completa (6 versões: 5.0.3-5.0.8)
244
+ - 6.x série completa (5 versões: 6.0.0-6.0.4)
245
+ - 7.x série completa (39 versões: 7.0.0-7.7.11)
246
+ - 8.x série completa (3 versões: 8.0.0-8.0.2)
247
+ - 9.x série completa (6 versões: 9.0.0-9.5.0)
248
+ - 10.x série completa (13 versões: 10.0.0 + 12 RCs)
249
+ - **dist-tag `rc` removida** (era órfã apontando pra `10.0.0-rc.12` deprecated). Apenas `latest` permanece, apontando para 1.4.1.
250
+
251
+ ### Migration
252
+
253
+ Sem ação necessária para quem já está na linha 1.x. Patch transparente.
254
+
255
+ ```bash
256
+ npm install sinapse-ai@latest
257
+ ```
258
+
259
+ ## [1.4.0] — 2026-05-12 — 📦 Install UX Hardening epic complete
260
+
261
+ > **Consolidation release.** Fecha formalmente o epic `install-ux-hardening` (8 stories validadas e marcadas Done) e estabelece v1.4.0 como o baseline pós-pré-GA estável. Sem mudanças de código vs 1.3.0 — todo o trabalho já estava em main desde os PRs de abril/maio. Esta release marca o fim do ciclo e sinaliza pros users no canal 10.x (deprecated em 2026-05-12) que o caminho oficial é `npm install sinapse-ai@latest`.
262
+
263
+ ### Changed (epic closure — documentation only)
264
+
265
+ - **All 8 stories of `epic install-ux-hardening` validated and closed as Done:**
266
+ - **10.35** — `--reconfigure` flag (re-prompt language/LLM without `--force` wipe)
267
+ - **10.38** — Install merge-only for existing config files (PR #195 today — status closure)
268
+ - **10.39** — Postinstall exit code fix (warn never kills `npm install`)
269
+ - **10.40** — Uninstall completeness + update staleness + npx cache docs
270
+ - **10.41** — Chrome Brain SessionStart hook (prevent MCP disconnect at boot)
271
+ - **10.42** — Doctor fresh-project detection (friendly NOT_INSTALLED message)
272
+ - **10.46** — Setup wizard always prompts language + LLM (PR #117, validated PR #196 today)
273
+ - **10.47** — Generalize grounding semantico as opt-in BYO (PR #118 + #142, validated PR #196 today)
274
+
275
+ ### Deprecated (npm distribution)
276
+
277
+ - **All `10.x` versions deprecated on npm** (13 total: `10.0.0` plus `10.0.0-rc.1` through `10.0.0-rc.12`). Message: "Published in error during framework reset. Run `npm install sinapse-ai@latest` for the current GA release (1.3.0+)."
278
+ - The `10.x` line was published during the pre-rename phase; `1.x` is the canonical, supported line.
279
+
280
+ ## [1.3.0] — 2026-05-08 — 🎉 Pre-GA hardening (Install UX + Greenfield/Brownfield handoff)
281
+
282
+ > **Versão oficial estável.** Fecha os dois bloqueadores de release reportados pelo maintainer: install UX que pulava configurações (idioma/IDE/modo) e handoff greenfield→brownfield onde projetos nunca graduavam. Soma 14 PRs nesta sessão (#180-#193): doc-first hardening (Categoria 0), lint hardening (Categoria 2), MCP+Skills audits (5.2/5.3) e os 4 PRs estruturais de pré-GA.
283
+
284
+ ### Added (Pre-GA structural — PRs #190-#193)
285
+
286
+ - **Real interactive wizard** (PR #190 — `selectInstallationMode()`): usuário confirma greenfield vs brownfield via inquirer list; non-interactive (CI / piped stdin / `SINAPSE_NON_INTERACTIVE=1`) cai pro detected mode imprimindo a escolha. Novo helper `confirmInstallSummary()` renderiza summary estruturado (mode/language/IDE/target/grounding) antes de qualquer ação destrutiva.
287
+ - **Skip-announce** em `bin/commands/install.js`: quando idioma/IDE são reusados de `~/.claude/settings.json` (upsert), o installer agora imprime exatamente o que foi reusado e como forçar re-prompt (`--reconfigure`). Antes pulava silenciosamente.
288
+ - **Pre-install summary block** antes da Phase 1: `Idioma / IDE / Modo / Destino` com chance de Ctrl+C.
289
+ - **8-dimension maturity audit** (PR #191 — `auditMaturityDimensions()`): substitui os 3 signals antigos por checagem de docs, brand, designSystem, components, code, tests, infra, git history. Single-digit ms; safe to call em todo detect.
290
+ - **`MATURE` e `PARTIAL` no enum `ProjectState`** (PR #191): código alinha com a doc do PR #184 (5 maturity levels). Decisão tree em `detectProjectState()` reescrita em camadas; legacy paths preservados verbatim.
291
+ - **Routing cases `_handleMature()` e `_handlePartial()`** no `_routeByState()` switch.
292
+ - **Graduation signal** (PR #192 — `greenfield-handler` Phase 3): emite evento `graduation` + grava marker `workflow.maturity = 'mature'` em SessionState. Best-effort — falhas não bloqueiam.
293
+ - **MATURE-aware brownfield welcome** (PR #192 — `brownfield-handler`): aceita `context.projectState === 'MATURE'` como entry point legítimo e troca a mensagem de boas-vindas pra "Detectei um projeto maduro..." em vez do first-touch genérico.
294
+ - **Continuation Behavior real** (PR #193 — `_handlePartial()`): inventário das dimensões presentes + gap analysis + recomendação de phase (heurística: docs+code sem tests → Phase 3, components sem docs → Phase 1, etc) + 3-way surface (`continue` / `brownfield` / `start-over`). Nunca sobrescreve.
295
+ - **`handleContinuationDecision(choice)`** roteia a escolha do user pro handler correto, propagando `continuation.inventory` como input ao próximo handler.
296
+
297
+ ### Added (Doc-first hardening — PRs #180-#184)
298
+
299
+ - **Project Type Gate** em `.claude/rules/documentation-first.md`: bloqueia execução em [site, lp, app, platform, saas, api, service] sem epic/PRD/architecture.
300
+ - **Bootstrap Classification** no Imperator (`sinapse-orqx.md`): Step -1 (Initial State Audit) → Step 0 (project_type sub-classification) → Step 1 (route).
301
+ - **Greenfield sub-classification** em `.claude/rules/project-intelligence.md`: project_type → workflow file (greenfield-{ui,service,fullstack}.yaml).
302
+ - **Continuation Behavior (PARTIAL maturity)** documentada como contrato.
303
+ - **Audit doc-first**: `docs/audits/2026-05-07-doc-first-bug.md` com root cause de 4 gaps.
304
+
305
+ ### Added (Lint hardening — PRs #185-#187)
306
+
307
+ - **`validate:cross-refs`** (PR #185): novo lint guard que checa refs `agent: <id>` em workflow YAMLs contra registry de agents. **Achou 71 refs quebrados em 13 workflows** — fix via aliases backward-compat (`pm` → `project-lead`, `po` → `product-lead`, `sm` → `sprint-lead`, `qa` → `quality-gate`, `dev` → `developer`).
308
+ - **`validate:all`** (PR #186): runner paralelo dos 6 lint guards (no-external-refs, no-personal-leaks, orqx-discipline, cross-refs, manifest:parity, squad-yaml). **~6x faster** (~5s sequencial → 0.85s paralelo).
309
+ - **CI lint mirror** (PR #187 — `.github/workflows/lint-guards.yml`): mesmos 6 guards rodam em PR + push to main, cobrindo contributors sem husky e pushes com `--no-verify`.
310
+
311
+ ### Added (Audits read-only — PRs #188-#189)
312
+
313
+ - `docs/audits/2026-05-08-mcp-integration-audit.md`: PASS, 1 LOW recommendation.
314
+ - `docs/audits/2026-05-08-skills-audit.md`: PASS com 1 MEDIUM (`.claude/skills/` não está em `package.json#files`).
315
+ - `docs/audits/2026-05-08-install-ux-audit.md`: FAIL pra GA (resolvido em PR #190).
316
+ - `docs/audits/2026-05-08-greenfield-brownfield-handoff-audit.md`: FAIL pra GA (resolvido em PRs #191-#193).
317
+
318
+ ### Changed
319
+
320
+ - 5 framework agents (`project-lead`, `product-lead`, `sprint-lead`, `quality-gate`, `developer`) ganharam aliases backward-compat (`pm`, `po`, `sm`, `qa`, `dev`) pra workflows que usam IDs legacy continuarem resolvíveis.
321
+ - `pre-push` hook: 6 lint guards seriais consolidados em uma única chamada paralela `validate:all` (tempo de push reduzido).
322
+
323
+ ### Fixed
324
+
325
+ - ESLint pré-existente em `scripts/sync-squad-yaml-components.js:58` (no-regex-spaces — literal duplo espaço → `{2}` quantifier).
326
+
327
+ ## [1.2.1] — 2026-05-04 — Polish patch (--version flag)
328
+
329
+ ### Added
330
+
331
+ - **Canonical `--version` flag** (`-v` / `version` aliases): every CLI user
332
+ expects `npx sinapse-ai --version` to return the semver. Previously routed
333
+ to fuzzy match (`Comando desconhecido: --version`). Now reads from
334
+ package.json and prints raw semver only — no banner, no ANSI — so scripts
335
+ capture cleanly.
336
+ - 5 contract tests in `tests/unit/cli-version-flag.test.js`.
337
+
338
+ ## [1.2.0] — 2026-05-04 — 🎉 GA Definitiva (versioning reset, branding SNPS AI)
339
+
340
+ > **Branding reset.** Após bloqueio de v1.0.0/1.0.1/1.1.0 no npm (publishes legacy de março/2026), v1.2.0 estabelece a linha 1.x oficial do framework. Linha 10.x mantida no histórico.
341
+ > **Visible branding:** o logo e ASCII art agora mostram **SNPS AI** (abreviação de SINAPSE) em wizard, postinstall, banners, help, status. Nome formal `SINAPSE AI` permanece em README h1, LICENSE, npm package name (`sinapse-ai`).
342
+ > **Inclui (PRs #138-#143):** refactor cli.js modular (1752→175 LOC), audit 3 CLI UX polish, SNPS rename + slash namespace migration, article gates VII/VIII/XI automatizados, grounding hooks shipados (vault/DS/brand), trusted publishing OIDC, 3 revisões clínicas com zero P0/P1.
343
+
344
+ ### Added (Story GA-1.6 — Grounding hooks shipados: vault / DS / brand)
345
+
346
+ - **3 executable Claude Code hooks** at `.sinapse-ai/hooks/sinapse-{vault,ds,brand}-grounding.cjs`,
347
+ closing the gap left by Story 10.47 (which shipped the wizard + library
348
+ hooks but no executable hooks). Hooks read `~/.claude/sinapse-ai-config.yaml`
349
+ and inject `<vault-grounding>`, `<ds-grounding>`, or `<brand-grounding>`
350
+ blocks into the user prompt via the standard `UserPromptSubmit` contract.
351
+ - **Auto-registration in `~/.claude/settings.json`** during `sinapse-ai install`
352
+ and `update` — idempotent, non-destructive (preserves any existing personal
353
+ hooks like `vault-grounding.cjs`, `terminal-bus.cjs`).
354
+ - **Coexistence with personal hooks:** `sinapse-` filename prefix + dedicated
355
+ config file (`sinapse-ai-config.yaml` instead of `vault-routing.json` /
356
+ `ds-routing.json`) means both layers can run side-by-side.
357
+ - **Fail-open guarantees:** every error path exits 0 silently. 3500 ms timeout
358
+ per hook. Anti-double-injection check. Size caps (6000 / 3000 / 2000 chars).
359
+ - **31 new tests** in `tests/hooks/` covering executable contract (spawned
360
+ child processes with isolated `HOME`), helpers (pure functions), and the
361
+ settings.json registrar (idempotence, missing-file safety, malformed JSON
362
+ handling, personal-hook preservation).
363
+ - **Docs:** new "How the hooks work" section in `docs/guides/grounding-setup.md`
364
+ covering activation triggers, size caps, and coexistence policy.
365
+
366
+ ### Added (Story GA-1.5 — Article gates VII/VIII/XI automated)
367
+
368
+ - **Article VII gate (Metrics Accuracy):** new `scripts/validate-article-vii.js`
369
+ detects drift in squad/agent/orqx/task counts across `README.md`, `README.en.md`,
370
+ `AGENTS.md`, `package.json` description, and `packages/installer/src/wizard/feedback.js`.
371
+ Runs in CI on every PR/push and as a pre-publish step in `npm-publish.yml`.
372
+ - **Article VIII gate (Mandatory Delegation):** new `scripts/validate-article-viii.js`
373
+ verifies `enforce-delegation.cjs` is registered in `.claude/settings.json`,
374
+ has valid syntax, and that no `*-orqx.md` agent contains direct execution
375
+ instructions (e.g., "use Edit tool", "run npm").
376
+ - **Article XI gate (Conservative Default):** new `scripts/validate-article-xi.js`
377
+ blocks PRs that delete files in protected paths (`squads/*/agents/`,
378
+ `squads/*/tasks/`, `squads/*/knowledge-base/`, `bin/`, `.claude/hooks/`,
379
+ `.sinapse-ai/development/agents/`) without an explicit
380
+ `Article XI override: <reason>` justification in commit messages or PR body.
381
+ Renames (`git mv`) are not blocked.
382
+ - **CI workflow:** new `.github/workflows/article-gates.yml` with three parallel
383
+ jobs (article-vii, article-viii, article-xi) wired to PR and push triggers.
384
+ - **NPM scripts:** `validate:article-vii`, `validate:article-viii`, `validate:article-xi`.
385
+ - **Docs:** `docs/pt/architecture/article-gates.md` explaining each gate and
386
+ the override protocol for Article XI.
387
+
388
+ ### Fixed (Story GA-1.5 — collateral metrics drift)
389
+
390
+ - README.md, README.en.md, AGENTS.md, and `packages/installer/src/wizard/feedback.js`
391
+ updated from stale counts (18/186, 18/175, 1,425/1,430/1,370 tasks) to canonical
392
+ counts (19 squads, 200 agents, 1,237 tasks) — surfaced and required by the new
393
+ Article VII gate.
394
+
395
+ ### Changed (Story GA-1.4 — SNPS Rename)
396
+
397
+ - **Master orchestrator renamed:** `sinapse-orqx` → `snps-orqx`.
398
+ Backward-compat alias `@sinapse-orqx` preserved for one release (until v1.3.0).
399
+ - **Slash command namespace migrated:** `/SINAPSE:agents:*` → `/SNPS:agents:*`.
400
+ The legacy `/SINAPSE:` namespace remains available as a deprecation alias for one release.
401
+ - **Visual branding updated:** CLI banner ASCII art and user-facing strings
402
+ ("Bem-vindo ao SNPS AI", postinstall summary, update messages) now show **SNPS AI**.
403
+ - **Formal name preserved:** the npm package (`sinapse-ai`), README h1, LICENSE,
404
+ internal env vars (`SINAPSE_HOME`, `SINAPSE_SKIP_POSTINSTALL`, etc.), and source
405
+ file names are intentionally unchanged.
406
+
407
+ ### Files renamed
408
+
409
+ - `.sinapse-ai/development/agents/sinapse-orqx.md` → `snps-orqx.md`
410
+ - `.claude/agents/sinapse-orqx.md` → `snps-orqx.md`
411
+ - `.codex/agents/sinapse-orqx.md` → `snps-orqx.md`
412
+ - `.github/agents/sinapse-orqx.agent.md` → `snps-orqx.agent.md`
413
+ - `sinapse/agents/sinapse-orqx.md` → `snps-orqx.md`
414
+ - `docs/guides/agents/traces/sinapse-orqx-execution-trace.md` → `snps-orqx-execution-trace.md`
415
+ - `docs/sinapse-agent-flows/sinapse-orqx-system.md` → `snps-orqx-system.md`
416
+ - `.claude/commands/SINAPSE/` content copied to `.claude/commands/SNPS/` (SINAPSE/ retained as alias)
417
+
418
+ ## [10.0.0] — 2026-05-02 — 🎉 General Availability
419
+
420
+ > **Note on versioning:** initial plan was a 10.x → 1.0.0 reset, but
421
+ > versions 1.0.0/1.0.1/1.1.0 were already published in March 2026 to
422
+ > npm under the same package name (legacy). Skipping the symbolic
423
+ > reset and promoting `10.0.0` (clean, no -rc) as GA on the
424
+ > `latest` dist-tag. Functionally equivalent: same code, same
425
+ > contracts, same audit results. The 10.x line becomes the official
426
+ > stable line.
427
+
428
+ ## [1.0.0] — 2026-05-02 — 🎉 General Availability
429
+
430
+ **SINAPSE-AI v1.0 is here.** First public stable release. The framework
431
+ that started as IMORI experiments and grew into a 19-squad / 200-agent
432
+ orchestration system with Constitutional governance is now production-ready.
433
+
434
+ ### Migration from rc.x
435
+
436
+ If you were tracking `dist-tag rc`:
437
+ ```bash
438
+ npm install -g sinapse-ai@latest
439
+ ```
440
+
441
+ Or pin v1 explicitly:
442
+ ```bash
443
+ npm install -g sinapse-ai@1.0.0
444
+ ```
445
+
446
+ There are no breaking changes between `10.0.0-rc.12` and `1.0.0` — the
447
+ version reset to v1.0.0 is the formal GA promotion of the rc.x line
448
+ (decision: 10.x was the beta version of the product; v1.0.0 is the
449
+ official launch).
450
+
451
+ ### What v1.0.0 ships
452
+
453
+ - **19 squads** organized around domain expertise (brand, copy,
454
+ growth, paid media, finance, content, design, animations, cybersec,
455
+ product, research, council, courses, commercial, storytelling,
456
+ cloning, art direction, claude-code-mastery, plus the master)
457
+ - **200 agents** (12 framework + 188 squad specialists)
458
+ - **22 orqx** orchestrators (21 squad + 1 master `sinapse-orqx`)
459
+ - **1.237 tasks** executable across the squads
460
+ - **Constitution** with 12 articles, 6 marked NON-NEGOTIABLE, enforced
461
+ by 19 runtime hooks
462
+ - **Multi-IDE parity:** Claude Code + Codex CLI
463
+ - **Grounding semantic foundation** (vault / design-system / brand
464
+ opt-in BYO via `~/.claude/sinapse-ai-config.yaml`)
465
+ - **Doctor** with 16 health checks, fail-fast on broken state
466
+ - **Safe Collaboration** for non-developer users (Caio + Matheus)
467
+ - **Persona simulation notice** in 22 mind clones (LICENSE §VII)
468
+ - **`--provenance`** signed publish via OIDC trusted publishing
469
+
470
+ ### Pre-GA cycles closed
471
+
472
+ This GA is built on top of three sequential pre-GA audit cycles:
473
+
474
+ - Audit 1 (Functional) — runtime/install verified across 8 sub-domains.
475
+ Closed P0 uninstall completeness.
476
+ - Audit 2 (Quality) — code/security/perf reviewed across 8 sub-domains.
477
+ Closed 3 P0 (chrome-brain coverage, sinapse-pro coverage, undeclared deps).
478
+ - Audit 3 (UX/DX) — public messaging/onboarding reviewed across 10
479
+ sub-domains. Closed 6 P0 (counts/badge/persona table/agent reference/
480
+ org consolidation/security versions).
481
+
482
+ 11 of 15 P0 surfaced by the audits are closed. Remaining P1/P2 items
483
+ become v1.0.x or v1.1 backlog — none block GA.
484
+
485
+ ### Backlog for v1.0.x and beyond
486
+
487
+ - Audit 2 Wave B/C — refactor `bin/cli.js` (1752 LOC), consolidate
488
+ `dev/` vs `infra/` duplications, fail-mode matrix doc, automated
489
+ Article VII/VIII/XI gates
490
+ - Audit 3 Bloco C/D/E — CLI error PT consolidation, `sinapse` vs
491
+ `sinapse-ai` binary deprecation path, fuzzy-match unknowns,
492
+ postinstall next-step hint, examples library expansion
493
+ - SNPS prefix rename (`sinapse-X` → `snps-X` agent files) — v1.1
494
+ - Dim 14/15/17 audit reactivation — driven by post-GA telemetry
495
+
496
+ ### Acknowledgments
497
+
498
+ Built with Claude Opus 4.7 (1M context) co-author across the entire
499
+ audit + GA preparation cycle. Full transcript-to-PR traceability in
500
+ the commit log.
501
+
502
+ ## [10.0.0-rc.12] — 2026-05-02
503
+
504
+ 3-audit consolidation. Closes 11 of the 15 P0 surfaced by the three
505
+ sequential pre-GA audits (Functional / Quality / UX-DX). Remaining
506
+ P1/P2 are tracked in `docs/audits/` for follow-up; none block GA.
507
+
508
+ ### Fixed — Audit 1 (Functional)
509
+
510
+ - Uninstall now removes every SINAPSE-authored agent file via
511
+ `~/.sinapse/installed-agents.json` manifest (was leaving ~178
512
+ orphaned files in `~/.claude/agents/` + `~/.codex/agents/`).
513
+ Backward-compat heuristic for pre-manifest installs. (PR #129)
514
+ - Doctor `ide-sync` check no longer reports `12/12 ✓` while ~21
515
+ squad orqx files are missing — now expects framework + squad orqx
516
+ baseline. (PR #130)
517
+ - New doctor `manifest-version-parity` check fails on package.json ↔
518
+ install-manifest.yaml drift. (PR #130)
519
+
520
+ ### Fixed — Audit 2 (Quality)
521
+
522
+ - `chrome-brain.js` (1145 LOC) now has 6 smoke tests locking the
523
+ public contract — was 0% coverage. (PR #132)
524
+ - `sinapse-pro.js` bin (232 LOC) now has 5 smoke tests — was 0%. (PR #132)
525
+ - `yaml@^2.8.3` declared in `dependencies` (was used but undeclared,
526
+ silent-break risk on hoist-strip publish). (PR #132)
527
+ - `@eslint/js@^9.39.4` declared in `devDependencies` (used in
528
+ `eslint.config.js`, was undeclared). (PR #132)
529
+
530
+ ### Fixed — Audit 3 (UX/DX)
531
+
532
+ - README counts reconciled to disk reality: 200 agentes (was 186), 19
533
+ squads (was 18), 1.237 tasks (was 1.425). Test badge bumped to 11014. (PR #134)
534
+ - `getting-started.md` persona table replaced legacy-upstream codenames
535
+ with canonical SINAPSE codenames (Litmus/Stratum/Beacon/Axis/Scope/
536
+ Tensor/Mosaic/Pipeline). (PR #134)
537
+ - `agent-reference.md` was misnamed AGENTS.md for Codex — renamed to
538
+ `codex-config.md`; created a real `agent-reference.md` documenting
539
+ the 10 framework agents + 21 squad orqx + ~170 specialists. (PR #134)
540
+ - GitHub org consolidated to `caioimori/` across ~120 files (was a
541
+ split-brain with vestigial `SinapseAI/` references). (PR #134)
542
+ - `SECURITY.md` supported-versions table replaced legacy v7.x with the
543
+ real channel matrix (rc.x on `rc`, 9.x last-GA on `latest`). (PR #134)
544
+ - Replaced illustrative `ghp_xxxx` / `sk-xxxx` placeholders in
545
+ security-hardening.md with `<your-X-here>` form. (PR #134)
546
+ - Deleted `.github/ISSUE_DRAFT_P0_missing_module.md` (Jan 2025
547
+ obsolete draft referencing legacy persona names). (PR #134)
548
+
549
+ ### Added — Pre-GA hardening artifacts
550
+
551
+ - `docs/audits/audit-1-functional/` — 8 sub-reports + SUMMARY (PR #128)
552
+ - `docs/audits/audit-2-quality/` — 8 sub-reports + SUMMARY (PR #131)
553
+ - `docs/audits/audit-3-ux-dx/` — 10 sub-reports + SUMMARY (PR #133)
554
+
555
+ ### Notes for v1.0.0 promotion
556
+
557
+ This RC closes the three pre-GA audit cycles. Remaining open items
558
+ (Audit 2 Wave B/C, Audit 3 Bloco C/D/E) are P1/P2 that do not block
559
+ GA — they become v1.0.x or v1.1 backlog.
560
+
561
+ For the v1.0.0 GA promotion (next event):
562
+ - Tag `v1.0.0` (clean semver, no -rc suffix) → workflow auto-routes
563
+ to `latest` (per PR #127 fix)
564
+ - `--provenance` automatic via OIDC
565
+ - GitHub release notes + migration guide
566
+
567
+ ## [10.0.0-rc.11] — 2026-05-02
568
+
569
+ Pre-GA hardening sprint. Closes the remaining clinical-audit blockers and the
570
+ last UX/legal items that were holding back v1.0.0 promotion. Zero new features
571
+ — this RC exists to make v1.0.0 boring.
572
+
573
+ ### Added — Clinical Audit completion (14/17 dimensions)
574
+
575
+ - **Dim 3 — Agents (CONCERNS).** 0 P0 / 3 P1 / 3 P2 / 2 P3. Constitutional
576
+ drift in the canonical counts block, Imperator banner referencing stale
577
+ numbers, and undecided subagent surface across 178 files in `.claude/agents/`.
578
+ None block runtime; all block honest v1 messaging. `docs/audits/audit-dim-03-agents.md`. (PR #121)
579
+ - **Dim 4 — Subagents (CONCERNS).** 0 P0 / 1 P1 / 4 P2 / 2 P3. Spawn vs
580
+ activator surface is undocumented; `sinapse-` prefix policy still pending.
581
+ Mirrors Dim 3 F3-4. `docs/audits/audit-dim-04-subagents.md`. (PR #121)
582
+ - **Dim 5 — Workers (CONCERNS).** 0 P0 / 1 P1 / 3 P2 / 2 P3. Service registry
583
+ was 5 months stale with 8 phantom entries (regenerated in Block 3a).
584
+ `docs/audits/audit-dim-05-workers.md`. (PR #121)
585
+ - **Dim 6 — Squads (CONCERNS).** 0 P0 / 2 P1 / 4 P2 / 2 P3. 10/19 squad
586
+ manifests had count drift; 3 lacked the metrics block entirely. Reconciled
587
+ in Block 3a via new idempotent script. `docs/audits/audit-dim-06-squads.md`. (PR #121)
588
+ - **Dim 7 — Clones (CONCERNS).** 0 P0 / 2 P1 / 3 P2 / 1 P3. 22 simulated
589
+ personas of real public figures shipped with no licensing or disclaimer
590
+ in the OSS package. Resolved in Block 3b — disclaimer in every persona
591
+ file + LICENSE notice + governance hook hardened to fail-closed.
592
+ `docs/audits/audit-dim-07-clones.md`. (PR #121)
593
+ - **Dim 14, 15, 17 — DEFERRED.** Cognition-layer dimensions deferred from
594
+ v1.0.0 with explicit justification. `docs/audits/dim-14-15-17-deferral.md`. (PR #121)
595
+
596
+ ### Added — Pre-GA hardening (Block 1, 3, 7)
597
+
598
+ - Auto-generated counts block in `.sinapse-ai/constitution.md`
599
+ with `npm run sync:counts`. Real numbers: 19 squads, 200 agents,
600
+ 22 orqx commands, 1237 tasks. (PR #119, #122)
601
+ - 16 squad manifests reconciled with disk reality via
602
+ `npm run reconcile:squads` (idempotent). (PR #122)
603
+ - Service registry rebuilt: 369 workers, fresh timestamp. (PR #122)
604
+ - Persona simulation notice in 22 mind clones across squad-council,
605
+ squad-storytelling, squad-design + machine-readable markers
606
+ + `npm run apply:persona-disclaimer` (idempotent) +
607
+ fail-closed `mind-clone-governance.py`. (PR #123)
608
+ - `LICENSE` "PERSONA SIMULATION NOTICE" section with takedown procedure. (PR #123)
609
+ - `.claude/agents/README.md` documents the activator pattern (decision 2a). (PR #122)
610
+ - `README.md` grounding section aligned with foundation-only state of
611
+ Story 10.47 hooks (Concern 1 from Story 10.47 QA). (PR #119)
612
+ - `APSE → SNPS` string rename across docs/CHANGELOG (Caio decision 2026-05-02).
613
+ Word-boundary safe — `SINAPSE` brand and `sinapse-` prefix preserved. (PR #124)
614
+
615
+ ### Fixed
616
+
617
+ - Doctor `npm-packages` check honors Node module resolution instead of
618
+ expecting sibling `.sinapse-ai/node_modules/`. Resolves Bug 3 GA blocker.
619
+ Also adds `tar` as direct runtime dep (was only in `overrides`). (PR #120)
620
+ - Pre-existing `no-fallthrough` ESLint error at `bin/cli.js` cleared
621
+ (Story 10.45 piggyback inside Story 10.46). (PR #117)
622
+ - Setup wizard now prompts for language + LLM in Git Bash + Windows where
623
+ `process.stdin.isTTY === undefined` previously bypassed the prompts.
624
+ Multi-signal `detectInteractiveMode()` honors stdout TTY + flag overrides
625
+ + CI env vars. P0 GA blocker. (PR #117 / Story 10.46)
626
+ - Setup wizard now collects optional grounding paths (vault, design system,
627
+ brand) via opt-in BYO and ships shipping-ready hooks under
628
+ `.sinapse-ai/core/grounding/` with no-op default + JSON example templates
629
+ + full guide `docs/guides/grounding-setup.md`. (PR #118 / Story 10.47)
630
+ - `tar` removed from `package.json` overrides after becoming a direct dep
631
+ (resolves EOVERRIDE on `npm install`). (PR #125)
632
+
633
+ ### Resolved (no work needed)
634
+
635
+ - Dependabot 20 historical alerts: all 17 fixed + 3 dismissed. 0 open. (Block 4)
636
+ - CodeQL 3s phantom check: self-resolved across PRs #117–#119. (Block 6)
637
+
638
+ ### Notes for v1.0.0 promotion
639
+
640
+ This RC closes Phase 1 of the pre-GA gate. The next promotion event publishes
641
+ v1.0.0 to `latest` with `--provenance` (OIDC trusted publishing). Migration
642
+ notes for users on rc.x: backward compat alias for the (so-far-unused) APSE
643
+ prefix is unnecessary because no rc shipped APSE-prefixed agents publicly.
644
+
645
+ ## [10.0.0-rc.10] — 2026-04-19
646
+
647
+ Release candidate capturing the first nine dimensions of the pre-GA Clinical Audit (Phases 1 through 3) and one rule-drift correction surfaced by the audit. Zero runtime changes — all deliverables here are documentation / governance artifacts that land ahead of the Fase C agent-rename work scheduled for 2026-04-23.
648
+
649
+ ### Added — Clinical Audit coverage (9/17 dimensions)
650
+
651
+ - **Dim 13 Gitflows — PASS.** Branch protection, husky hooks (pre-commit + pre-push), and CI status checks verified against `safe-collaboration.md`. Admin-bypass flow exercised 7 times this session (PRs #98–#107) without issue. One MEDIUM logged (session-start auto-fetch is a convention, not a hook — post-GA stub). Evidence in `docs/audits/audit-dim-13-gitflows.md`. (PR #108)
652
+ - **Dim 11 Plugins — CONCERNS.** Installer footprint on plugin system confirmed zero (as intended). Two MEDIUMs: no plugin trust/review rule, no version-pinning guidance. Both are post-GA docs stories, not GA blockers. `docs/audits/audit-dim-11-plugins.md`. (PR #109)
653
+ - **Dim 12 MCP — PASS.** Chrome Brain MCP stack validated stable post-rc.8 (SessionStart hook in place). Installer idempotency observed. Two MEDIUMs: upstream figma-console instability (out of SINAPSE locus of control) and rule-drift in `mcp-usage.md` (fixed in PR #112). `docs/audits/audit-dim-12-mcp.md`. (PR #109)
654
+ - **Dim 1 Features — PASS.** Inventory of user-facing features validated against CLI help text + installer code. One MEDIUM (partial canonical-CLI parity, tracked as item #9 dual-CLI). `docs/audits/audit-dim-01-features.md`. (PR #110)
655
+ - **Dim 8 Commands — CONCERNS.** Dual CLI drift confirmed (`npx sinapse-ai` narrower than `sinapse`). Agent-subcommand audit deferred to Phase 4 per epic ordering (post-SNPS-rename). `docs/audits/audit-dim-08-commands.md`. (PR #110)
656
+ - **Dim 9 Skills — PASS.** All 17 authored skills + plugin + third-party skills load cleanly. One LOW (no top-level skill index doc). `docs/audits/audit-dim-09-skills.md`. (PR #110)
657
+ - **Dim 2 Workflows — PASS.** Four primary workflows (SDC, QA Loop, Spec Pipeline, Brownfield Discovery) have corresponding YAML definitions; 210 task files present. One MEDIUM (per-task contract quality not covered by shell audit — folded into Phase 5 follow-up). `docs/audits/audit-dim-02-workflows.md`. (PR #111)
658
+ - **Dim 10 Tools — PASS.** Hook coverage matches `hook-governance.md`; 74 hook-security tests pass; native-first discipline observed throughout session. One LOW (hook timeout guidance unwritten). `docs/audits/audit-dim-10-tools.md`. (PR #111)
659
+ - **Dim 16 Token Economy — PASS.** All 9 sections of the NON-NEGOTIABLE rule aligned with observed session behavior. One LOW (compaction threshold is convention, not hook — intentional). `docs/audits/audit-dim-16-token-economy.md`. (PR #111)
660
+
661
+ ### Fixed
662
+
663
+ - **`.claude/rules/mcp-usage.md` drift** — Rule no longer claims Docker MCP Toolkit is the "primary MCP infrastructure"; relabeled as an optional acceleration layer. The "Direct in Claude Code" table now lists the three MCPs the SINAPSE installer actually registers (`chrome-devtools`, `dev-browser`, `terminal-bus`) instead of the previous `playwright` + `desktop-commander` entries that no installer path produces. Doc-only, no runtime change. (PR #112)
664
+
665
+ ### Audit summary
666
+
667
+ Across the 9 dimensions audited pre-rename: **zero CRITICAL, zero HIGH, zero GA blockers.** Findings breakdown: 7 MEDIUM (all docs-only or tracked elsewhere) + 3 LOW (all optional polish). The remaining 8 dimensions (3 Agents, 4 Subagents, 5 Workers, 6 Squads, 7 Clones, 14 Research, 15 Knowledge Base, 17 Hallucinations) are deferred to Phase 4 + Phase 5 per the epic's ordering rule: "Rename (Fase C) executed between audit Phase 3 and Phase 4" to avoid auditing names that will churn.
668
+
669
+ ## [10.0.0-rc.9] — 2026-04-19
670
+
671
+ Release candidate closing Fase B (Hardening): CLI surface parity, NSN guard enforcement at the hook layer, and the plan-first clinical audit epic. No new user-facing features — this is trust-infrastructure work ahead of GA.
672
+
673
+ ### Added
674
+
675
+ - **Story 10.43** — `init <name>` on the canonical `npx sinapse-ai` entry. The greenfield scaffolder was reachable through the legacy `sinapse` binary but missing from `npx sinapse-ai`. Fixed with a thin `case 'init'` that forwards via `spawnSync` to the existing wizard — single source of truth, identical flags (`--force`, `--skip-install`, `--template default|minimal|enterprise`). Help text updated. (PR #103)
676
+ - **Story 10.44** — NSN Mode guard hook (`.claude/hooks/enforce-nsn-guard.cjs`). Scans `.md/.mdx/.txt` content on Write/Edit PreToolUse for NSN anti-patterns ("abra o dashboard manualmente", "siga esses passos manualmente", "não consigo acessar a interface", "você precisa abrir/clicar", "I can't do this"). WARN mode (stderr + exit 0) — gives agents visibility without false-positive blocking. Registered in `.claude/settings.json` and documented in `hook-governance.md`. (PR #104)
677
+ - **Epic: Clinical Audit (Pre-GA)** — `docs/epics/epic-clinical-audit-pre-ga.md`. Plan-first deliverable per explicit directive ("IA não pode alucinar — plano ANTES da execução"). Defines 17-dimension audit scope, per-dimension execution protocol (Inventory → Contract → Reality → Delta → Severity → Recommendation → Gate), phased dependency chain, and citation discipline (file:line required for every Reality claim). Audit execution does NOT begin with this merge — individual dimension stories must be written + validated Ready first. (PR #105)
678
+
679
+ ### Changed
680
+
681
+ - **CLI help surface** — `npx sinapse-ai --help` now lists `init <name>` as the first command, reflecting the greenfield path now has parity.
682
+
683
+ ### Unblocked
684
+
685
+ With rc.9, the pre-GA backlog is reduced to: (1) execute the clinical audit (blocked on explicit go-ahead per epic), (2) dual-CLI consolidation (separate story, not a GA blocker), (3) Fase C SNPS rename (separate epic).
686
+
687
+ ## [10.0.0-rc.8] — 2026-04-19
688
+
689
+ Release candidate clearing the rc.8 gate: the three pre-GA blockers (Dependabot, Doctor FAIL on fresh project, Yarn v1 Windows platform exception) are resolved or durably triaged.
690
+
691
+ ### Fixed
692
+
693
+ - **Story 10.41** — Chrome Brain SessionStart hook. The `chrome-devtools` MCP is configured with `--browser-url=http://127.0.0.1:9222`, so it tries to connect to an already-running Chrome at boot. Before this release the installer only registered `PreToolUse` / `PostToolUse` hooks — both fire **after** MCP init — so the MCP would fail, mark itself disconnected, and never auto-reconnect (user had to restart Claude Code). Installer now registers a `SessionStart` hook (`timeout=15s`) that runs `chrome-ensure` before MCP startup, and deduplicates hooks by `(matcher + command)` so the `matcher=""` slot does not collide with other modules (e.g. vault-grounding). Uninstall drops SessionStart entries by matching `chrome-ensure` in the command. Applied to both installer entrypoints (`bin/modules/chrome-brain-installer.js` + `packages/sinapse-install/src/capabilities/chrome-brain.js`). (PR #98)
694
+ - **Story 10.42 / Bug 3** — Doctor fresh-project detection. Running `sinapse doctor` in a directory where SINAPSE was never installed previously produced 11 FAIL entries — every check fired because no artifact existed. New users read that as "the framework is broken" on first contact. Fix: pre-flight `detectInstallState` in `.sinapse-ai/core/doctor/index.js`. If ALL THREE markers are absent (`<projectRoot>/.sinapse-ai/`, `~/.sinapse/`, `~/.claude/commands/SINAPSE/`), doctor short-circuits with a three-line NOT_INSTALLED block ("SINAPSE is not installed in this project. Run: npx sinapse-ai install") and exits code **4** (distinct from 0/1/2/3). JSON output carries `notInstalled: true` + `installCommand`. `--homeDir` option and `SINAPSE_DOCTOR_HOME` env override added for test isolation. Any single marker present → full 15-check suite runs unchanged. 5 new unit tests. (PR #100)
695
+
696
+ ### Changed
697
+
698
+ - **Story 10.34 — re-executed + hardened.** GitHub Dependabot open-alert count already 0 (all 12 rc.1-era alerts closed). `npm audit --omit=dev` is clean. The 2 remaining advisories on the full tree (`picomatch@4.0.3` HIGH, `brace-expansion@5.0.4` MODERATE) are bundled inside `npm@11.12.1` within `@semantic-release/npm` — outside the reach of root `overrides`. Accepted with audit trail at `docs/security/dependabot-triage.md`. CI gate upgraded per Constitution Art. X Tier 1 #7: new job `npm audit --omit=dev --audit-level=high` (HIGH/CRITICAL in prod deps blocks); existing `--audit-level=critical` full-tree job retained. (PR #99)
699
+ - **Install matrix Yarn v1 Windows exception re-affirmed for GA.** `docs/audits/install-matrix-2026-04-16.md` sign-off updated: Dependabot + Doctor FAIL blockers cleared, gate decision marked durable through GA 1.0.0 with explicit revalidation triggers. 24/27 combo matrix stands. (PR #101)
700
+
701
+ ### Infrastructure
702
+
703
+ - **Doctor exit code table expanded.** `0=PASS, 1=WARN, 2=FAIL, 3=internal-error, 4=NOT_INSTALLED`. Release notes for downstream scripts that branch on exit code.
704
+ - **CI security gate** now enforces zero HIGH/CRITICAL in production deps on every PR that touches `package-lock.json`.
705
+
706
+ ## [10.0.0-rc.4] — 2026-04-16
707
+
708
+ Release candidate closing the pre-v1.0.0 GA gate. Three blockers resolved today:
709
+
710
+ ### Fixed
711
+
712
+ - **Story 10.39** — Postinstall exit code fix. Fresh `npm install sinapse-ai` no longer fails with `npm error command failed` when the framework is operational but doctor reports non-critical WARN findings. Exit 1 removed from the contract; only critical failures (sync:ide error, doctor exit ≥ 2) now produce non-zero exit. `--json` output still carries `status: warn` for pipelines that want strict behavior. (PR #82)
713
+ - **Story 10.34** — Dependabot vulnerabilities cleanup. Root lockfile now overrides `serialize-javascript ^7.0.5`, `picomatch ^4.0.4`, `brace-expansion ^5.0.5`. Health-dashboard subpackage lockfile regenerated against current `package.json` (vite@7.3.1, react@18.2). `npm audit --omit=dev` on root = 0 vulnerabilities; `npm audit` on health-dashboard = 0 vulnerabilities. Remaining dev-only vulns inside bundled npm CLI (via `@semantic-release/npm`) dismissed as tolerable risk. (PR #83)
714
+
715
+ ### Changed
716
+
717
+ - **Story A.5 closed** — Windows Wrapper & Cross-Platform Test Matrix accepted with 24/27 PASS. The 3 FAIL combos are all Windows × Yarn v1 (classic), documented as an unsupported platform: Yarn v1 has been in maintenance mode since 2020 with Yarn Berry (v2+) as successor. Windows users should migrate to Yarn v2+ or use npm/pnpm. macOS/Linux on Yarn v1 remain supported. (PR #80)
718
+ - `README.md` — "Supported Platforms" matrix published under installation FAQ, documenting the Yarn v1 Windows exception.
719
+ - `docs/audits/install-matrix-2026-04-16.md` — full decision record for the A.5 gate.
720
+
721
+ ## [Previous Unreleased]
722
+
723
+ Epic `install-ux-hardening` — hardens the install pipeline, CLI output,
724
+ agent activation and handoff runtime so a non-technical user can
725
+ `npm install -g sinapse-ai` on Windows / macOS / Linux, see a minimal
726
+ friendly output, invoke `@developer` immediately, and get a clean
727
+ `sinapse doctor` on a fresh machine. 6 stories Done, 1 (A.5) InReview
728
+ gated on rc.4 CI matrix execution. Resolves gargalos G1-G7 from the
729
+ 2026-04-14 internal install audit. Blocks v1.0.0 GA.
730
+
731
+ ### Added
732
+
733
+ - **Story A.1** — Postinstall orchestrator (`bin/postinstall.js`). Fresh
734
+ `npm install -g sinapse-ai` now automatically runs `sync:ide --ide
735
+ claude-code`, creates `.sinapse/handoffs/` and `.sinapse/scratchpad/`
736
+ runtime dirs, and runs `sinapse doctor --quiet`. No manual sync step
737
+ needed after install. Respects `SINAPSE_SKIP_POSTINSTALL=1`
738
+ (explicit opt-out) and auto-skips on common CI env vars
739
+ (`CI=true`, `GITHUB_ACTIONS`, etc.) unless
740
+ `SINAPSE_FORCE_POSTINSTALL=1` is set. Fails loudly (exit 2) on
741
+ critical failures (sync:ide error, doctor FAIL). Resolves G1, G2, G7.
742
+ - **Story A.2** — Structured logger (`.sinapse-ai/core/logger/`) with
743
+ levels `error | warn | info | debug`. Default level is `warn` so
744
+ fresh installs emit ≤ 10 lines of output. `--verbose` promotes to
745
+ `info`, `--debug` to `debug`, `--quiet` suppresses all but `error`,
746
+ `--json` emits structured output for CI/automation. All 336
747
+ existing `console.*` calls in `bin/cli.js` and `bin/sinapse.js`
748
+ migrated to the logger. ASCII art header only shown on `--verbose`
749
+ or first-run. Resolves structural half of G3.
750
+ - **Story A.3** — Doctor exception classification. Each check module
751
+ now declares its own failure severity via `onError: 'fail' | 'warn'
752
+ | 'skip'`. The generic `catch` in `.sinapse-ai/core/doctor/index.js`
753
+ no longer marks every exception as FAIL. `entity-registry`,
754
+ `agent-memory`, `git-hooks` are `warn` in fresh-install context;
755
+ `node-version`, `npm-packages`, `settings-json` remain `fail`.
756
+ Doctor exit codes: `0` PASS, `1` WARN only, `2` FAIL, `3` internal.
757
+ Fresh install on clean machine now returns exit code `0`. Resolves
758
+ G4.
759
+ - **Story A.4** — Manifest parity validation. New script
760
+ `.sinapse-ai/infrastructure/scripts/validate-manifest-parity.js`
761
+ compares `install-manifest.yaml` against real files in
762
+ `.sinapse-ai/development/{agents,tasks,templates,checklists}/`.
763
+ Wired into `pre-push` hook and `npm run validate:manifest`. CI
764
+ workflow `.github/workflows/manifest-parity.yml` runs parity check
765
+ on every PR. `install-manifest.yaml` regenerated with accurate
766
+ counts (12 agents, not 23) and hashes. Resolves G5.
767
+ - **Story A.5** — Cross-platform install test matrix infra
768
+ (`.github/workflows/install-matrix.yml` + local harness
769
+ `scripts/test-install-matrix-local.sh`). 27 combos (Win/Mac/Linux ×
770
+ npm/pnpm/yarn × global/npx/local). Gated behind release label —
771
+ execution deferred to rc.4 CI run (A.5 remains `InReview` until
772
+ matrix is green). Resolves G6 (infra only).
773
+ - **Story B.1** — Minimalist install output. Default `sinapse install`
774
+ output is ≤ 8 lines: version, agent/squad count, `sinapse doctor`
775
+ hint, `@sinapse` hint, docs URL. `--verbose` preserves full
776
+ relatório for power users, `--json` for CI, first-run detection
777
+ adds a "Bem-vindo ao SINAPSE!" line once per machine. Copy reviewed
778
+ for non-technical PT-BR voice. Resolves content half of G3.
779
+ - **Story C.1** — Exit codes, auto-doctor and opt-in telemetry stub.
780
+ Install script exits `0` success, `1` partial (warnings), `2`
781
+ failed. `sinapse doctor --quiet` runs at end of postinstall with a
782
+ one-liner on failure. New `.sinapse-ai/core/telemetry/` module —
783
+ **disabled by default**, opt-in via `sinapse telemetry enable` or
784
+ `SINAPSE_TELEMETRY=1`. Anonymized payload (no paths, no usernames):
785
+ failure category + platform + version only. Privacy policy in
786
+ `docs/TELEMETRY.md`. Real endpoint is follow-up work.
787
+
788
+ ### Notes
789
+
790
+ - **Story A.5 (`InReview`)** — workflow infrastructure is merged; the
791
+ 27-combo matrix itself will execute as part of the rc.4 release
792
+ cycle. A.5 is promoted to `Done` only after the matrix passes
793
+ green, per the epic-level gate for `rc → latest` promotion.
794
+
795
+ ## [10.0.0-rc.3] - 2026-04-13
796
+
797
+ Critical UX fix: installer can no longer destroy user config.
798
+
799
+ ### Fixed
800
+
801
+ - **Story 10.38** — Installer merge-only policy. Existing `CLAUDE.md`,
802
+ `.env` and other known config files are ALWAYS merged during
803
+ install — never overwritten, never prompted. User customizations
804
+ (custom rules, env values) are preserved by default and
805
+ unconditionally. Files without a registered merge strategy are
806
+ backed up (`<file>.backup.<ts>`) before any change. Legacy fallback
807
+ installer (`bin/sinapse-init.js`) now also runs `MarkdownMerger` on
808
+ existing `CLAUDE.md` instead of plain `fse.copy`. The old
809
+ `--merge` / `--no-merge` flags are accepted as no-ops for
810
+ backward compatibility.
811
+
812
+ ## [10.0.0-rc.2] - 2026-04-13
813
+
814
+ Bug fix: `--reconfigure` flag for `npx sinapse-ai install`.
815
+
816
+ ### Fixed
817
+
818
+ - **Story 10.35** — `npx sinapse-ai install --reconfigure` re-prompts
819
+ language and LLM choice without wiping existing install. Upsert fast
820
+ path (plain `install`) is unchanged. Non-TTY guard preserved. PR #69.
821
+
822
+ ## [10.0.0-rc.1] - 2026-04-13
823
+
824
+ Phase 0 + Phase 1 closeout for the v10.0.0 release. 15 stories shipped
825
+ across 5 cycles, +130 tests, zero regressions, deterministic working
826
+ tree, idempotent installer + updater, doctor reachable from canonical
827
+ CLI, hardened cross-IDE parity, and full release-readiness aggregator.
828
+
829
+ ### Added
830
+
831
+ - **Story 10.17** — External-refs CI guard (`scripts/validate-no-external-refs.js`)
832
+ scanning 100% of git-tracked files, plus Phase 0 authorial hygiene
833
+ pass and Epic 11.0 placeholder. PR #51.
834
+ - **Story 10.18** — Cross-IDE parity hardening: self-sufficient
835
+ `validate-parity.js` error reporting, new `validate:parity:fast`
836
+ pre-push guard with smart short-circuit, compatibility contract
837
+ versioning policy (`sinapse-current.yaml`). PR #52.
838
+ - **Story 10.19** — Coverage floor ratchet (jest.config.js policy
839
+ comment + 23/21/23/25 floors) and story-meta linter
840
+ (`scripts/validate-story-meta.js`). PR #53.
841
+ - **Story 10.20** — Install upsert idempotente in `bin/cli.js`:
842
+ `syncDirSync`, `detectExistingInstall`, `--force` escape hatch.
843
+ Re-running install preserves `installedAt` and reuses prior
844
+ language/LLM choices. PR #54.
845
+ - **Story 10.21** — `npx sinapse-ai doctor` wired into the canonical
846
+ CLI with `--fix`, `--dry-run`, `--json`, `--quiet`, `--deep`,
847
+ `--help` flags. Mirrors legacy `bin/sinapse.js` wiring but uses
848
+ `process.exitCode` for clean stdout flush. PR #55.
849
+ - **Story 10.22** — Update upsert idempotente: `cmdUpdateGlobal`
850
+ reuses settings, calls `syncDirSync`, preserves `installedAt`,
851
+ prints "Update complete" summary mirroring 10.20 install upsert. PR #56.
852
+ - **Story 10.23** — Squad allow-list cleanup. 5 of 6 pre-existing
853
+ fork attribution files rewritten in authorial voice; the 6th
854
+ (`skill-craftsman.md`) kept as permanent allow-list entry with
855
+ documented rationale. PR #57.
856
+ - **Story 10.25** — Coverage Report Summary script
857
+ (`scripts/coverage-report-summary.js`) replaces the no-op CI step;
858
+ emits a Markdown table to `$GITHUB_STEP_SUMMARY` so PR reviewers
859
+ see coverage at a glance. PR #59.
860
+ - **Story 10.28** — Squad orqx activation verification
861
+ (`scripts/validate-squad-orqx.js`) covering 21 squad orchestrators
862
+ across 4 distinct file formats. Companion to the existing
863
+ `validate-agents.js` for core framework agents. PR #61.
864
+ - **Story 10.29** — Release readiness aggregator
865
+ (`scripts/release-readiness.js`) wraps every validator built
866
+ throughout Epic 10.0 into one pre-release report. PR #62.
867
+ - **Story 10.31** — Surgical README polish: CLI Reference now matches
868
+ the canonical command surface, badges include test count and
869
+ Constitution. PR #64.
870
+ - **Story 10.32** — This release prep: bump to 10.0.0-rc.1 +
871
+ CHANGELOG entry summarizing all of Phase 0 + Phase 1.
872
+
873
+ ### Fixed
874
+
875
+ - **Story 10.24** — Registry write idempotency. Changed
876
+ `_writeRegistry` from `sortKeys: false` to `sortKeys: true`. Two
877
+ writes of the same data now produce byte-identical files,
878
+ eliminating the recurring `M entity-registry.yaml` churn that
879
+ polluted git status throughout cycles 1-2. PR #58.
880
+ - **Story 10.27** — Pre-commit manifest auto-regen. The IDS
881
+ post-commit hook now also regenerates `install-manifest.yaml`
882
+ after any `.sinapse-ai/` change, and `generate-install-manifest.js`
883
+ no longer writes a non-deterministic `generated_at` timestamp
884
+ into the file body. The recurring "manifest outdated" warning
885
+ is gone. PR #60.
886
+
887
+ ### Changed
888
+
889
+ - **Story 10.30** — `sinapse-minimal` and `sinapse-graph` removed
890
+ from `package.json` `bin`. The .js files stay for one release
891
+ cycle as direct-node fallbacks, then are deleted entirely in
892
+ v11. The canonical surface is now exactly two binaries:
893
+ `sinapse` (legacy router) and `sinapse-ai` (canonical CLI). PR #63.
894
+
895
+ ### Quality Metrics
896
+
897
+ - Tests: 10599 → 10729 (+130 across cycles 1-5, 0 regressions)
898
+ - Coverage actual: statements 34.9%, branches 32.47%, lines 35.03%,
899
+ functions 37.73% (all above the 23/21/23/25 ratchet floors)
900
+ - Working tree determinism: every commit converges to clean state
901
+ - CI: 32-33 checks pass per PR (the only "fail" is the standalone
902
+ CodeQL standalone scan unrelated to PR content)
903
+ - Allow-list shrunk from 6 → 1 permanent entry
904
+ - 6 new validators / scripts in production
905
+
906
+ ### Breaking Changes
907
+
908
+ None. v10.0.0-rc.1 is fully backward-compatible with 9.x. The only
909
+ removal (`sinapse-minimal` / `sinapse-graph` bin entries) is for
910
+ binaries that have been deprecated since v3.11.1 with runtime
911
+ warnings.
912
+
913
+ ---
914
+
915
+ ## [6.0.0] - 2026-03-25
916
+
917
+ ### Breaking Changes
918
+ - Standardized agent IDs to full names: `developer`, `quality-gate`, `project-lead`, `product-lead`, `sprint-lead`
919
+ - Unified orchestrator naming to `sinapse-orqx`
920
+ - Wizard simplified: PT-BR only, single LLM question, auto-detect everything
921
+ - Removed Spanish (ES) and Chinese (ZH) language support
922
+ - Only 19 orqx agents visible as commands (specialist agents are backend-only)
923
+
924
+ ### Added
925
+ - Immersive SINAPSE AI welcome screen with ASCII art banner
926
+ - Auto-detection of project type (greenfield/brownfield/upgrade)
927
+ - Auto-detection of tech preset from project files
928
+ - LLM selection: Claude Code / Codex CLI / Both
929
+ - 19 global agent definitions installed to ~/.claude/agents/
930
+ - 18 orqx command files in .claude/commands/SINAPSE/agents/
931
+
932
+ ### Changed
933
+ - Default language hardcoded to Portuguese (PT-BR)
934
+ - Installation wizard reduced to 1 interactive question
935
+ - CODEOWNERS updated to @caioimori & @eusoier
936
+ - Welcome banner updated to SINAPSE AI branding
937
+
938
+ ### Removed
939
+ - All legacy external references cleaned from codebase
940
+ - Spanish (docs/es/) and Chinese (docs/zh/) documentation
941
+ - 11 core agent commands (dev, qa, pm, po, sm, etc.) — now backend-only
942
+ - Language selection from wizard (hardcoded PT-BR)
943
+ - User profile selection from wizard (hardcoded Quick Mode)
944
+ - Project type selection from wizard (auto-detected)
945
+ - Tech preset selection from wizard (auto-detected)
946
+
947
+ ### Security
948
+ - LICENSE updated with complete MIT copyright chain
949
+ - Zero external references in codebase (verified via automated scan)
950
+
951
+ ## [4.2.11] - 2026-02-16
952
+
953
+ ### Added
954
+
955
+ - Squad agent commands are now automatically installed to active IDEs during pro scaffolding (`installSquadCommands`).
956
+ - Supports Claude Code (`.claude/commands/{squad}/`), Codex CLI (`.codex/agents/`), Gemini CLI (`.gemini/rules/{squad}/`), and Cursor (`.cursor/rules/`).
957
+ - Installed files are tracked in `pro-installed-manifest.yaml` and `pro-version.json`.
958
+
959
+ ## [4.2.10] - 2026-02-16
960
+
961
+ ### Fixed
962
+
963
+ - Handle `ALREADY_ACTIVATED` license status gracefully instead of throwing error.
964
+ - Fix error envelope parsing in pro license client — correctly extracts error messages from API responses.
965
+
966
+ ## [4.2.9] - 2026-02-16
967
+
968
+ ### Fixed
969
+
970
+ - Pass `targetDir` correctly to `runProWizard` — fixes pro install failing in non-CWD projects.
971
+ - Surface pro install errors to user instead of silently swallowing them.
972
+
973
+ ## [4.2.8] - 2026-02-16
974
+
975
+ ### Fixed
976
+
977
+ - Exclude `mmos-squad` (private) from pro scaffolding via `SCAFFOLD_EXCLUDES`.
978
+ - Merge `pro-config.yaml` sections into `core-config.yaml` during pro install (`mergeProConfig`).
979
+
980
+ ## [4.2.7] - 2026-02-16
981
+
982
+ ### Fixed
983
+
984
+ - Pro wizard (`npx sinapse-ai install`) now auto-installs `@sinapse-fullstack/pro` package during Step 2, fixing "Pro package not found" error in greenfield and brownfield projects.
985
+ - Greenfield projects without `package.json` now get `npm init -y` automatically before pro install.
986
+ - Removed unused `headings` import in `pro-setup.js`.
987
+
988
+ ## [Unreleased]
989
+
990
+ ### Added
991
+
992
+ - `docs/glossary.md` with official SINAPSE taxonomy terms:
993
+ - `squad`
994
+ - `flow-state`
995
+ - `confidence gate`
996
+ - `execution profile`
997
+ - `scripts/semantic-lint.js` for semantic terminology regression checks.
998
+ - `tests/unit/semantic-lint.test.js` for semantic lint rule validation.
999
+
1000
+ ### Changed
1001
+
1002
+ - CI now includes a `Semantic Lint` job (`npm run validate:semantic-lint`).
1003
+ - Pre-commit markdown pipeline now runs semantic lint through `lint-staged`.
1004
+
1005
+ ### Migration Notes
1006
+
1007
+ - Deprecated terminology replacements:
1008
+ - `expansion pack` -> `squad`
1009
+ - `permission mode` -> `execution profile`
1010
+ - `workflow state` -> `flow-state` (warning-level migration)
1011
+
1012
+ ---
1013
+
1014
+ ## [3.9.0] - 2025-12-26
1015
+
1016
+ ### Highlights
1017
+
1018
+ This release introduces **Squad Continuous Improvement** capabilities with analyze and extend commands, plus a massive codebase cleanup removing 116K+ lines of deprecated content.
1019
+
1020
+ ### Added
1021
+
1022
+ #### Story SQS-11: Squad Analyze & Extend
1023
+ - **`*analyze-squad` command** - Analyze squad structure, coverage, and get improvement suggestions
1024
+ - **`*extend-squad` command** - Add new components (agents, tasks, workflows, etc.) incrementally
1025
+ - **New Scripts:**
1026
+ - `squad-analyzer.js` - Inventory and coverage analysis
1027
+ - `squad-extender.js` - Component creation with templates
1028
+ - **8 Component Templates:**
1029
+ - `agent-template.md`, `task-template.md`, `workflow-template.yaml`
1030
+ - `checklist-template.md`, `template-template.md`
1031
+ - `tool-template.js`, `script-template.js`, `data-template.yaml`
1032
+ - **New Tasks:**
1033
+ - `squad-creator-analyze.md`
1034
+ - `squad-creator-extend.md`
1035
+
1036
+ ### Changed
1037
+
1038
+ #### Story TD-1: Tech Debt Cleanup
1039
+ - Fixed ESLint warnings in 5 core files
1040
+ - Removed 284 deprecated files (~116,978 lines deleted)
1041
+ - Cleaned `.github/deprecated-docs/` directory
1042
+ - Removed obsolete backup files
1043
+
1044
+ ### Fixed
1045
+ - ESLint `_error` variable warnings in test utilities
1046
+ - Context loader error handling improvements
1047
+
1048
+ ---
1049
+
1050
+ ## [3.8.0] - 2025-12-26
1051
+
1052
+ *Previous release with WIS and SQS features.*
1053
+
1054
+ ---
1055
+
1056
+ ## [2.2.3] - 2025-12-22
1057
+
1058
+ ### Highlights
1059
+
1060
+ This release marks the **Open-Source Community Readiness** milestone, preparing SINAPSE for public contribution while introducing the **Squad System** for extensibility.
1061
+
1062
+ ### Added
1063
+
1064
+ #### Epic OSR: Open-Source Community Readiness (10 Stories)
1065
+
1066
+ - **Legal Foundation** (OSR-3)
1067
+ - `PRIVACY.md` / `PRIVACY-PT.md` - Privacy policies (EN/PT)
1068
+ - `TERMS.md` / `TERMS-PT.md` - Terms of use (EN/PT)
1069
+ - `CODE_OF_CONDUCT.md` - Community guidelines with contact info
1070
+
1071
+ - **Community Process** (OSR-6)
1072
+ - Feature request templates and triage process
1073
+ - Issue labeling standards
1074
+
1075
+ - **Public Roadmap** (OSR-7)
1076
+ - Public roadmap documentation
1077
+ - Community visibility into planned features
1078
+
1079
+ - **Squads Guide** (OSR-8)
1080
+ - Comprehensive guide for creating community squads
1081
+ - Examples and best practices
1082
+
1083
+ - **Rebranding to SINAPSE** (OSR-9)
1084
+ - Brand investigation complete
1085
+ - Namespace updated to SinapseAI
1086
+
1087
+ - **Release Checklist** (OSR-10)
1088
+ - GitHub configuration validated
1089
+ - CodeQL security scanning active (30+ alerts addressed)
1090
+ - Branch protection rules configured
1091
+ - Smoke test passed on clean clone
1092
+
1093
+ #### Epic SQS: Squad System Enhancement (Sprint 7)
1094
+
1095
+ - **Squad Designer Agent** (SQS-9)
1096
+ - New `@squad-creator` agent for guided squad creation
1097
+ - Interactive wizard with `*create-squad` command
1098
+ - AI-powered naming and structure suggestions
1099
+
1100
+ - **Squad Loader Utility** (SQS-2)
1101
+ - Local squad resolution from `./squads/` directory
1102
+ - Simplified loading without complex caching
1103
+
1104
+ - **Squad Validator + Schema** (SQS-3)
1105
+ - JSON Schema for squad manifest validation
1106
+ - `*validate-squad` command for compliance checking
1107
+
1108
+ - **Squad Creator Tasks** (SQS-4)
1109
+ - `*create-squad` - Interactive squad creation
1110
+ - `*validate-squad` - Manifest validation
1111
+ - `*list-squads` - Local squad discovery
1112
+
1113
+ #### Infrastructure & Documentation
1114
+
1115
+ - **Documentation Integrity System** (6.9)
1116
+ - Automated cross-reference validation
1117
+ - Link checking in CI pipeline
1118
+
1119
+ - **MCP Governance Consolidation** (6.14)
1120
+ - Unified MCP configuration rules
1121
+ - `.claude/rules/mcp-usage.md` guidance
1122
+
1123
+ - **Agent Config Path Fix** (6.15)
1124
+ - Resolved path resolution issues across platforms
1125
+
1126
+ - **Scripts Path Consolidation** (6.16)
1127
+ - Standardized script locations under `.sinapse-ai/scripts/`
1128
+
1129
+ - **Semantic Release Automation** (6.17)
1130
+ - Automated versioning on merge to main
1131
+ - Conventional commit parsing
1132
+ - Automatic CHANGELOG generation
1133
+
1134
+ - **Agent Command Rationalization** (Story 6.1.2.3)
1135
+ - Command consolidation: `sinapse-orqx` 44→30 commands (32% reduction)
1136
+ - Command consolidation: `data-engineer` 31→28 commands (9.7% reduction)
1137
+ - New consolidated tasks: `security-audit`, `analyze-performance`, `test-as-user`, `setup-database`
1138
+ - Migration guide: `docs/guides/command-migration-guide.md`
1139
+ - Agent selection guide: `docs/guides/agent-selection-guide.md`
1140
+
1141
+ - **Dynamic Project Status Context** (Story 6.1.2.4)
1142
+ - Git branch, modified files, and recent commits shown in agent greetings
1143
+ - Current story and epic detection from `docs/stories/`
1144
+ - 60-second cache mechanism (<100ms first load, <10ms cached)
1145
+ - Cross-platform support (Windows/Linux/macOS)
1146
+
1147
+ ### Changed
1148
+
1149
+ - **Agent Delegation Guidance** - All agents now include "NOT for" sections in `whenToUse`
1150
+ - **PR Title Format** - DevOps `*create-pr` now generates Conventional Commits format titles
1151
+ - **Scripts Location** - Consolidated under `.sinapse-ai/scripts/` for consistency
1152
+ - **MCP Configuration** - Unified rules in `.claude/rules/mcp-usage.md`
1153
+
1154
+ ### Fixed
1155
+
1156
+ - **Agent Config Paths** (6.15) - Resolved path resolution issues on Windows
1157
+ - **Script References** (6.16) - Fixed broken script imports across agents
1158
+
1159
+ ### Security
1160
+
1161
+ - **CodeQL Scanning** - Active with 30+ alerts reviewed
1162
+ - **Branch Protection** - Enabled on main (1 approver, dismiss stale reviews)
1163
+
1164
+ ### Documentation
1165
+
1166
+ - **Squads Guide** - Complete guide for community squad creation
1167
+ - **Feature Process** - Templates and triage workflow documented
1168
+ - **Public Roadmap** - Community visibility into planned features
1169
+ - **Legal Documents** - Privacy policy, Terms of Use (EN/PT)
1170
+
1171
+ ---
1172
+
1173
+ ## [4.32.0] - 2025-11-12
1174
+
1175
+ ### Removed
1176
+ - **Private squads** - Moved to separate private repository (`sinapse-squads`)
1177
+ - Removed `squads/creator/` (CreatorOS)
1178
+ - Removed `squads/innerlens/`
1179
+ - Removed `squads/mmos-mapper/`
1180
+ - Removed `squads/sinapse-infrastructure-devops/`
1181
+ - Removed `squads/meeting-notes/`
1182
+ - Repository: https://github.com/caioimori/sinapse-squads (PRIVATE)
1183
+ - **Internal development tools** - Moved to separate private repository (`sinapse-dev-tools`)
1184
+ - Removed analysis scripts: `analyze-batches.js`, `analyze-decision-patterns.js`, `analyze-epic3.js`, etc.
1185
+ - Removed consolidation scripts: `consolidate-entities.js`, `consolidate-results.js`, etc.
1186
+ - Removed extraction scripts: `extract-all-claude-backups.js`, `extract-claude-history.js`
1187
+ - Removed generation scripts: `generate-entity-summary.js`, `generate-entity-table.js`
1188
+ - Repository: https://github.com/caioimori/sinapse-dev-tools (PRIVATE)
1189
+ - **hybrid-ops squad** - Moved to separate repository for independent maintenance
1190
+ - Removed `squads/hybrid-ops/` directory
1191
+ - Removed `.hybrid-ops/` directory
1192
+ - Updated `core-config.yaml` to reference external repository
1193
+ - Updated `install-manifest.yaml` (removed 47 file entries)
1194
+ - Repository: https://github.com/caioimori/sinapse-hybrid-ops
1195
+
1196
+ ### Changed
1197
+ - README.md - hybrid-ops now listed under "Squads Externos"
1198
+ - Squad can now be installed independently via GitHub
1199
+ - **Squad naming convention** - Applied consistent `{agent-id}-` prefix to agent-specific tasks across all 6 squads
1200
+ - ETL pack: 4 tasks renamed (youtube-specialist, social-specialist, web-specialist)
1201
+ - Creator pack: 4 tasks already renamed (pre-existing migration)
1202
+ - Innerlens pack: 4 tasks renamed (fragment-extractor, psychologist, quality-assurance)
1203
+ - Mmos-mapper pack: 7 tasks renamed (cognitive-analyst, research-specialist, system-prompt-architect, emulator, mind-pm)
1204
+ - Sinapse-infrastructure-devops pack: 2 tasks already renamed (pre-existing)
1205
+ - Meeting-notes pack: 1 task already renamed (pre-existing)
1206
+ - All agent dependencies updated to reference new task names
1207
+ - Shared tasks correctly have NO prefix (conservative approach)
1208
+
1209
+ ### Technical
1210
+ - Story: 4.6 - Move Hybrid-Ops to Separate Repository
1211
+ - Breaking Change: hybrid-ops no longer bundled with sinapse-ai
1212
+ - Migration: Users can install from external repo to `squads/hybrid-ops/`
1213
+ - Story: 4.7 - Removed `squads/hybrid-ops.legacy/` directory (legacy backup no longer needed)
1214
+ - Story: 4.5.3 - Squads Naming Convention Migration
1215
+ - Applied naming convention from Story 4.5.2 to all 6 squads
1216
+ - Total: 15 tasks renamed (11 new + 4 pre-existing)
1217
+ - 18 agent files updated with new dependencies
1218
+ - Validation: 100% compliance, 0 broken references
1219
+
1220
+ ## [4.31.1] - 2025-10-22
1221
+
1222
+ ### Added
1223
+ - NPX temporary directory detection with defense-in-depth architecture
1224
+ - PRIMARY detection layer in `tools/sinapse-npx-wrapper.js` using `__dirname`
1225
+ - SECONDARY fallback detection in `tools/installer/bin/sinapse.js` using `process.cwd()`
1226
+ - User-friendly help message with chalk styling when NPX temp directory detected
1227
+ - Regex patterns to identify macOS NPX temporary paths (`/private/var/folders/.*/npx-/`, `/.npm/_npx/`)
1228
+ - JSDoc documentation for NPX detection functions
1229
+
1230
+ ### Fixed
1231
+ - NPX installation from temporary directory no longer attempts IDE detection
1232
+ - Clear error message guides users to correct installation directory
1233
+ - Prevents confusion when running `npx sinapse-ai install` from home directory
1234
+
1235
+ ### Changed
1236
+ - Early exit with `process.exit(1)` when NPX temporary context detected
1237
+ - Help message provides actionable solution: `cd /path/to/your/project && npx sinapse-ai install`
1238
+
1239
+ ### Technical
1240
+ - Story: 2.3 - NPX Installation Context Detection & Help Text (macOS)
1241
+ - Defense in depth: Two independent detection layers provide redundancy
1242
+ - macOS-specific implementation (other platforms unaffected)
1243
+ - Non-breaking change (patch version)
1244
+
1245
+ ## [4.31.0] - Previous Release
1246
+
1247
+ *(Previous changelog entries to be added)*