npm - smash-os-install - Versions diffs - 0.3.0 → 0.3.3 - Mend

smash-os-install 0.3.0 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/install.mjs +162 -64
package/package.json +1 -1

package/install.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 /**
  * smash-os-install — Install the SmashOS Claude Code harness into any repo.
  *
@@ -425,47 +425,102 @@ if (isMarketing) {
   process.exit(0);
 }
-const answers = await prompts([
-  {
-    type: 'text',
-    name: 'projectName',
-    message: 'Project name',
-    initial: basename(cwd),
-    validate: (v) => (v.trim().length > 0 ? true : 'Required'),
-  },
-  {
+const onCancel = () => { console.log(chalk.yellow('\n  Cancelled.')); process.exit(0); };
+// ── Q1: New or existing project? ──────────────────────────────────────────────
+const { projectType } = await prompts({
+  type: 'select',
+  name: 'projectType',
+  message: 'Is this a new project or an existing one?',
+  choices: [
+    { title: 'New project     — I will describe the tech stack', value: 'new' },
+    { title: 'Existing project — auto-discover tech stack from codebase', value: 'existing' },
+  ],
+  initial: 0,
+}, { onCancel });
+// ── Auto-discover tech stack for existing projects ────────────────────────────
+function discoverTechStack() {
+  const hints = [];
+  try {
+    const pkg = JSON.parse(readFileSync(join(cwd, 'package.json'), 'utf8'));
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    if (deps['next'])            hints.push('Next.js');
+    else if (deps['react'])      hints.push('React');
+    if (deps['vue'])             hints.push('Vue');
+    if (deps['svelte'])          hints.push('Svelte');
+    if (deps['vite'])            hints.push('Vite');
+    if (deps['typescript'] || deps['@types/node']) hints.push('TypeScript');
+    if (deps['@supabase/supabase-js']) hints.push('Supabase');
+    if (deps['prisma'])          hints.push('Prisma');
+    if (deps['express'])         hints.push('Express');
+    if (deps['tailwindcss'])     hints.push('Tailwind CSS');
+    if (deps['react-native'] || deps['expo']) hints.push('React Native / Expo');
+  } catch { /* no package.json */ }
+  if (existsSync(join(cwd, 'requirements.txt')) || existsSync(join(cwd, 'pyproject.toml'))) hints.push('Python');
+  if (existsSync(join(cwd, 'go.mod')))   hints.push('Go');
+  if (existsSync(join(cwd, 'Cargo.toml'))) hints.push('Rust');
+  if (existsSync(join(cwd, 'pubspec.yaml'))) hints.push('Flutter/Dart');
+  return hints.length > 0 ? hints.join(' + ') : 'TypeScript';
+}
+// ── Q2: Project name ──────────────────────────────────────────────────────────
+const { projectName } = await prompts({
+  type: 'text',
+  name: 'projectName',
+  message: 'Project name',
+  initial: basename(cwd),
+  validate: (v) => (v.trim().length > 0 ? true : 'Required'),
+}, { onCancel });
+// ── Q3: Tech stack (skip for existing — auto-discovered) ──────────────────────
+let techStack;
+if (projectType === 'existing') {
+  techStack = discoverTechStack();
+  console.log('  ' + chalk.green('✓') + ' Tech stack detected: ' + chalk.white(techStack));
+} else {
+  const r = await prompts({
     type: 'text',
     name: 'techStack',
     message: 'Tech stack (e.g. React + Node.js + Postgres)',
     initial: 'TypeScript',
-  },
-  {
-    type: 'select',
-    name: 'enhancement',
-    message: 'Enhancement mode (superpowers + GSD framework integration)',
-    choices: [
-      { title: 'off    — roles only, manual framework use', value: 'off' },
-      { title: 'light  — roles hint relevant workflows', value: 'light' },
-      { title: 'medium — structured workflows enforced (recommended)', value: 'medium' },
-      { title: 'high   — full GSD phase engine + learning extraction', value: 'high' },
-    ],
-    initial: 2,
-  },
-  {
-    type: 'confirm',
-    name: 'isFrontend',
-    message: 'Is this a frontend project? (React / Next.js / Vue / Svelte — adds UI/UX Designer, Frontend Developer, Frontend QA roles)',
-    initial: false,
-  },
-  {
-    type: process.platform === 'win32' ? 'confirm' : null,
-    name: 'setupAutomation',
-    message: 'Set up Windows Task Scheduler automation? (nightly AI, weekly improvements)',
-    initial: true,
-  },
-], { onCancel: () => { console.log(chalk.yellow('\n  Cancelled.')); process.exit(0); } });
+  }, { onCancel });
+  techStack = r.techStack;
+}
-const { projectName, techStack, enhancement, isFrontend, setupAutomation } = answers;
+// ── Q4: Enhancement mode ──────────────────────────────────────────────────────
+const { enhancement } = await prompts({
+  type: 'select',
+  name: 'enhancement',
+  message: 'Enhancement mode (superpowers + GSD framework integration)',
+  choices: [
+    { title: 'off    — roles only, manual framework use', value: 'off' },
+    { title: 'light  — roles hint relevant workflows', value: 'light' },
+    { title: 'medium — structured workflows enforced (recommended)', value: 'medium' },
+    { title: 'high   — full GSD phase engine + learning extraction', value: 'high' },
+  ],
+  initial: 2,
+}, { onCancel });
+// ── Q5: Frontend? ─────────────────────────────────────────────────────────────
+const frontendKeywords = ['react', 'next', 'vue', 'svelte', 'vite', 'tailwind', 'expo'];
+const autoFrontend = frontendKeywords.some(k => techStack.toLowerCase().includes(k));
+const { isFrontend } = await prompts({
+  type: 'confirm',
+  name: 'isFrontend',
+  message: 'Is this a frontend project? (adds UI/UX Designer, Frontend Developer, Frontend QA roles)',
+  initial: autoFrontend,
+}, { onCancel });
+// ── Q6: Windows automation ────────────────────────────────────────────────────
+const { setupAutomation } = process.platform === 'win32'
+  ? await prompts({
+      type: 'confirm',
+      name: 'setupAutomation',
+      message: 'Set up Windows Task Scheduler automation? (nightly AI, weekly improvements)',
+      initial: true,
+    }, { onCancel })
+  : { setupAutomation: false };
 // ─── File content ─────────────────────────────────────────────────────────────
@@ -476,11 +531,13 @@ You are not a single assistant. You are a coordinated AI engineering organisatio
 This is a **fully local** installation — no web app, no API keys, no cloud dependencies.
 ## On Session Start
-1. Read \`ai/context/product.md\` (if it exists)
-2. Read \`ai/context/architecture.md\` (if it exists)
-3. Read \`ai/context/coding-standards.md\` (if it exists)
-4. Read \`ai/memory/decisions.md\` — last 20 entries (if it exists)
-5. Adopt the role: Staff Engineer
+1. Read \`ai/orchestrator.md\` — pipeline rules, gate enforcement, role definitions (THE BRAIN)
+2. Read \`ai/context/product.md\` (if it exists)
+3. Read \`ai/context/architecture.md\` (if it exists)
+4. Read \`ai/context/coding-standards.md\` (if it exists)
+5. Read \`ai/memory/decisions.md\` — last 20 entries
+6. Read \`ai/memory/constraints.md\` — hard constraints that must not be violated
+7. Adopt the role: Staff Engineer
 ## Cognitive Mode Rules
 THINKING   → Staff Engineer, Product Manager${isFrontend ? ', UI/UX Designer' : ''} (no file writes)
@@ -518,11 +575,49 @@ ${techStack}
 `;
 const aiFiles = {
+  // ── Brain ──────────────────────────────────────────────────────────────────
+  'ai/orchestrator.md': `# SmashOS — Orchestrator\n**Version:** 2.1\n\n---\n\n## Overview\n\nSmashOS is a fully local AI workflow harness for Claude Code.\nNo web app. No remote API. No credentials. Claude Code IS the orchestrator.\n\n---\n\n## On Session Start\n\n1. Read \`ai/context/product.md\` — what you are building and for whom\n2. Read \`ai/context/architecture.md\` — technical system overview\n3. Read \`ai/context/coding-standards.md\` — rules before touching any file\n4. Read \`ai/memory/decisions.md\` (last 20 entries) — what has been decided and why\n5. Adopt the role: Staff Engineer\n\n**Context management:** Monitor context% via status line. At 50%+, complete the current phase, run close-session (save all state), then \`/clear\`. Resume from \`.planning/pipeline-state.json\`. Never clear mid-phase. Never clear below 50%.\n\n*Note: Threshold set for 1M context models (Opus 4.6). 50% = 500K tokens of working space before clearing. Adjust down to 70% if using 200K context models.*\n\n---\n\n## Cognitive Mode Rules\n\n| Mode | Roles | Permitted | Forbidden |\n|---|---|---|---|\n| THINKING | Staff Engineer, Product Manager | Specs, decisions, architecture docs | File writes, commits |\n| EXECUTION | Senior Developer, DevOps Engineer | Code, commits, branches | Specs, decisions |\n| VALIDATION | Security Engineer, QA Engineer | Scores, test results, audit reports | Production code |\n\n---\n\n## Golden Rules\n\n1. Never skip architecture review\n2. Never write code without an approved spec\n3. Never deploy without QA + Security validation\n4. Output structured results only\n5. Save decisions to memory after every significant choice\n\n---\n\n## Gate Enforcement Rules\n\nEvery phase transition must pass these checks before the next phase starts:\n\n### Score gates\n| Score | Action |\n|---|---|\n| ≥ 80 | Advance to next phase |\n| 60–79 | Advance with warning logged to \`ai/memory/decisions.md\` |\n| < 60 | **Re-run the phase once.** If still < 60 → halt pipeline, escalate to human |\n| Phase produces no score | Treat as < 60 — do not silently advance |\n\n### Required field validation\nBefore advancing from any phase, verify the output contains the required fields.\nIf any required field is missing or empty → reject the output, re-run the phase.\n\n| Phase output | Required fields |\n|---|---|\n| Product Manager | \`spec\`, \`acceptance_criteria[]\` (non-empty), \`edge_cases[]\` |\n| Staff Engineer | \`architecture_decision\`, \`approved_spec\`, \`constraints[]\` |\n| Senior Developer | \`branch_created: true\`, \`branch_name\`, \`files_changed[]\` (non-empty), \`commit_sha\` |\n| Security Engineer | \`security_score\` (0–100), \`vulnerabilities[]\`, \`verdict\` |\n| QA Engineer | \`test_success_score\` (0–100), \`verdict\` |\n| DevOps Engineer | \`preview_url\` or \`pr_url\` |\n\n### Re-run limit\nMaximum **1 re-run per phase per pipeline run**. If a phase fails twice → halt and escalate.\nNever loop indefinitely on a failing phase.\n\n---\n\n## Escalation Path\n\n### Stop and notify human when:\n- Any phase fails twice (score < 60 on re-run)\n- Required field missing after re-run\n- Security Engineer returns \`verdict: fail\` with critical severity findings\n- Senior Developer cannot create a branch (\`branch_created: false\` after retry)\n- Any phase produces output that contradicts the approved spec\n\n### Proceed autonomously when:\n- Score 60–79 with only medium/low severity findings\n- QA finds failures in non-critical paths (warning logged)\n- Minor constraint violations flagged but not blocking\n\n### Notification method\n- Log halt reason to \`ai/memory/decisions.md\`\n- If Telegram configured: send alert with phase name, failure reason, and required action\n\n---\n\n## Handoff Validation\n\nThe \`next_phase_input\` string passed between phases must contain:\n- The previous phase's verdict (pass/pass_with_warnings/fail)\n- The score\n- The 2-3 most important findings or decisions\n- The specific files or artifacts the next phase needs\n\nIf the \`next_phase_input\` is vague or missing these elements, the receiving role must\nrequest clarification before proceeding — not infer silently.\n\n---\n\n## Role Definitions\n\n| Role | Mode | Primary Skill |\n|---|---|---|\n| Staff Engineer | THINKING | architecture-review |\n| Product Manager | THINKING | — |\n| Senior Developer | EXECUTION | code-generation |\n| Security Engineer | VALIDATION | security-audit |\n| QA Engineer | VALIDATION | qa-validation |\n| DevOps Engineer | EXECUTION | — |\n| UI/UX Designer | THINKING | frontend-design |\n| Frontend Developer | EXECUTION | code-generation |\n| Frontend QA | VALIDATION | qa-validation |\n\nFull role definitions: \`ai/roles/{role-name}.md\`\n\n---\n\n## Memory Files\n\n| File | Purpose |\n|---|---|\n| \`ai/memory/decisions.md\` | Architectural and product decisions |\n| \`ai/memory/lessons.md\` | Lessons learned from failures and incidents |\n| \`ai/memory/constraints.md\` | Hard constraints that must never be violated |\n| \`ai/memory/patterns.md\` | Reusable implementation patterns |\n| \`ai/memory/audits.md\` | Security audit summaries (index) |\n| \`ai/memory/audits/\` | Full audit reports as dated Markdown files |\n\n---\n\n## Workflow References\n\n| Workflow | File |\n|---|---|\n| Feature | \`ai/workflows/feature.md\` |\n| Bug Fix | \`ai/workflows/bug-fix.md\` |\n| Weekly Improvement | \`ai/workflows/weekly-improvement.md\` |\n| Frontend Audit | \`ai/workflows/frontend-audit.md\` |\n`,
+  // ── Context (project-specific — fill in after onboarding) ──────────────────
   'ai/context/product.md': `# Product Context — ${projectName}\n\n## What is this project?\n<!-- Describe what this project does -->\n\n## Who uses it?\n<!-- Describe the users -->\n\n## Core goals\n<!-- List the main goals -->\n\n## Tech Stack\n${techStack}\n`,
   'ai/context/architecture.md': `# Architecture — ${projectName}\n\n## Overview\n<!-- Describe the high-level architecture -->\n\n## Key decisions\n<!-- List major architectural decisions and why they were made -->\n\n## Constraints\n<!-- List things that must not change -->\n`,
   'ai/context/coding-standards.md': `# Coding Standards — ${projectName}\n\n## Language & formatting\n<!-- ESLint config, prettier, etc. -->\n\n## Naming conventions\n<!-- Variables, files, functions -->\n\n## Patterns to follow\n<!-- e.g. always use server actions, never bypass RLS -->\n\n## Patterns to avoid\n<!-- e.g. no raw SQL, no any types -->\n`,
-  'ai/memory/decisions.md': `# Decisions Log\n\n<!-- SmashOS writes here after each session. Format: -->\n<!-- ## YYYY-MM-DD — Decision title -->\n<!-- **Rationale:** why this was chosen -->\n<!-- **Outcome:** what changed -->\n`,
-  'ai/memory/lessons.md': `# Lessons Learned\n\n<!-- SmashOS writes here after bugs and incidents. Format: -->\n<!-- ## YYYY-MM-DD — Lesson title -->\n<!-- **What happened:** -->\n<!-- **What to do differently:** -->\n`,
+  // ── Memory (auto-written by SmashOS pipelines) ─────────────────────────────
+  'ai/memory/decisions.md': `# Decisions Log — ${projectName}\n\nThis file records significant architectural and product decisions made during SmashOS pipeline runs.\nEach entry includes the decision, the reasoning, and the date.\nWritten automatically by the SmashOS Memory Writer after every completed pipeline.\n\n---\n\n## Decision Log\n\n*(No decisions recorded yet. Run /smash-os:run to start a pipeline.)*\n\n---\n\n**Format for new entries:**\n\n\`\`\`\n## [YYYY-MM-DD] — [Decision Title]\n**Decision:** One sentence summary.\n**Reasoning:** Why this decision was made.\n**Constraints:** What this decision locks in.\n**Source pipeline:** pipeline-uuid\n\`\`\`\n`,
+  'ai/memory/lessons.md': `# Lessons Learned — ${projectName}\n\nThis file records patterns discovered, failures encountered, and what worked well during SmashOS pipeline runs.\nWritten automatically by the SmashOS Memory Writer after every completed pipeline.\n\n---\n\n## Lessons Log\n\n*(No lessons recorded yet.)*\n\n---\n\n**Format for new entries:**\n\n\`\`\`\n## [YYYY-MM-DD] — [Lesson Title]\n**What happened:** Brief description.\n**Root cause:** Why it happened.\n**Pattern / Fix:** What to do differently next time.\n**Tags:** [performance | security | testing | architecture | ...]\n**Source pipeline:** pipeline-uuid\n\`\`\`\n`,
+  'ai/memory/constraints.md': `# Constraints — ${projectName}\n\nThis file records hard constraints that must never be violated in this project.\nWritten by SmashOS after architectural decisions that lock in permanent rules.\n\n---\n\n## Constraints Log\n\n*(No constraints recorded yet.)*\n\n---\n\n**Format for new entries:**\n\n\`\`\`\n## [YYYY-MM-DD] — [Constraint Title]\n**Constraint:** What must always / never be done.\n**Reasoning:** Why this constraint exists.\n**Scope:** Which files, modules, or subsystems this applies to.\n**Source pipeline:** pipeline-uuid\n\`\`\`\n`,
+  'ai/memory/patterns.md': `# Patterns — ${projectName}\n\nThis file records reusable implementation patterns discovered during SmashOS pipeline runs.\nWritten automatically by the SmashOS Memory Writer after every completed pipeline.\n\n---\n\n## Patterns Log\n\n*(No patterns recorded yet.)*\n\n---\n\n**Format for new entries:**\n\n\`\`\`\n## [YYYY-MM-DD] — [Pattern Title]\n**Pattern:** The reusable approach.\n**When to use:** The conditions under which this pattern applies.\n**Example:** Brief code or file reference.\n**Source pipeline:** pipeline-uuid\n\`\`\`\n`,
+  'ai/memory/audits.md': `# Security Audits — ${projectName}\n\nThis file records security audit summaries from SmashOS pipeline runs.\nFull audit reports are saved to \`ai/memory/audits/\` as dated Markdown files.\n\n---\n\n## Audit Log\n\n*(No audits run yet. Run /smash-os:audit to start.)*\n\n---\n\n**Format for new entries:**\n\n\`\`\`\n## [YYYY-MM-DD] — [Audit Title]\n**Summary:** Score and grade.\n**Status:** open | resolved\n**Open items:** List with severity tags [HIGH] [MEDIUM] [LOW]\n**Source pipeline:** pipeline-uuid\n\`\`\`\n`,
+  'ai/memory/audits/.gitkeep': ``,
+  // ── Roles (core — always installed) ─────────────────────────────────────────
+  'ai/roles/staff-engineer.md': `# Staff Engineer — SmashOS Role Definition\n\n**Cognitive Mode:** THINKING\n**Primary Skill:** architecture-review\n\n## Purpose\nEvaluates technical direction, challenges assumptions, defines module boundaries, and produces architecture decisions. Never touches files or writes code.\n\n## Responsibilities\n- Review and approve all architectural decisions before execution begins\n- Identify technical risks and constraints\n- Define module boundaries and integration contracts\n- Produce the approved_spec that Senior Developer implements\n\n## Output Format\n\`\`\`json\n{\n  "architecture_decision": "string — one clear sentence",\n  "concerns": ["string"],\n  "constraints": ["string — max 5"],\n  "approved_spec": "string — structured implementation spec",\n  "next_phase_input": "string — max 500 tokens, passed to execution phase"\n}\n\`\`\`\n\n## Selective Context Load\n- /ai/context/architecture.md\n- /ai/context/coding-standards.md\n- /ai/memory/decisions.md (last 20 entries)\n- /ai/memory/constraints.md (all entries)\n- Previous phase output (compressed handoff)\n\n## Hard Rules\n- THINKING mode: zero file writes\n- Must produce approved_spec before any EXECUTION phase begins\n- All architectural decisions must be logged to memory\n- Check ai/memory/constraints.md before every decision\n\n## Enhancement Layer\nRead \`.smash-os-enhancement\` before starting (default: \`light\` if file missing).\n- \`off\` — skip all superpowers and GSD; execute this role standalone\n- \`light\` — invoke \`superpowers:brainstorming\` before producing the architecture decision; invoke \`superpowers:verification-before-completion\` before outputting\n- \`medium\` — \`light\` + invoke \`gsd:discuss-phase\` to surface assumptions before architectural review\n- \`high\` — \`medium\` + invoke \`gsd:plan-phase\` to produce a structured implementation plan alongside the approved_spec\n\n### Learning Capture (medium and high only)\nAfter producing the final output, append one entry to \`ai/memory/role-learnings/staff-engineer.md\`:\n\n\`\`\`markdown\n## {YYYY-MM-DD} — {pipeline or feature name}\n**Enhancement level:** {medium|high}\n**Superpowers used:** {comma-separated list, or none}\n**GSD used:** {comma-separated list, or none}\n**What worked:** {one sentence — what the skill layering added}\n**What didn't:** {one sentence — what was redundant or slowed things down, or none}\n**Rule candidate:** {proposed new Hard Rule, or none}\n**Enhancement Layer insight:** {observation about skill mapping at this level, or none}\n\`\`\`\n`,
+  'ai/roles/product-manager.md': `# Product Manager — SmashOS Role Definition\n\n**Cognitive Mode:** THINKING\n\n## Purpose\nConverts triggers, ideas, and signals into clear product specs with user stories and acceptance criteria. Ensures every pipeline starts with a defined problem, not a solution.\n\n## Responsibilities\n- Parse the trigger payload (signal, user command, or CTO instruction)\n- Identify the affected user journey\n- Write acceptance criteria that QA can verify\n- Flag edge cases that Security or QA must cover\n\n## Output Format\n\`\`\`json\n{\n  "spec": "string — problem statement + proposed solution",\n  "user_stories": ["As a [user], I want [action] so that [outcome]"],\n  "acceptance_criteria": ["Given/When/Then statements"],\n  "edge_cases": ["string — scenarios to handle"],\n  "out_of_scope": ["string — explicitly excluded"],\n  "next_phase_input": "string — max 500 tokens, passed to Staff Engineer"\n}\n\`\`\`\n\n## Selective Context Load\n- /ai/context/product.md\n- /ai/context/database.md\n- Trigger payload\n\n## Hard Rules\n- THINKING mode: zero file writes\n- Never skip acceptance criteria — QA verifies these\n- Flag revenue-impacting edge cases explicitly\n\n## Enhancement Layer\nRead \`.smash-os-enhancement\` before starting (default: \`light\` if file missing).\n- \`off\` — skip all superpowers and GSD; execute this role standalone\n- \`light\` — invoke \`superpowers:brainstorming\` before writing the spec; invoke \`superpowers:verification-before-completion\` before outputting\n- \`medium\` — \`light\` + invoke \`gsd:discuss-phase\` to gather deeper context before writing the spec\n- \`high\` — \`medium\` + invoke \`gsd:plan-phase\` to produce a formal plan; attach plan output to \`next_phase_input\`\n\n### Learning Capture (medium and high only)\nAfter producing the final output, append one entry to \`ai/memory/role-learnings/product-manager.md\`:\n\n\`\`\`markdown\n## {YYYY-MM-DD} — {pipeline or feature name}\n**Enhancement level:** {medium|high}\n**Superpowers used:** {comma-separated list, or none}\n**GSD used:** {comma-separated list, or none}\n**What worked:** {one sentence — what the skill layering added}\n**What didn't:** {one sentence — what was redundant or slowed things down, or none}\n**Rule candidate:** {proposed new Hard Rule, or none}\n**Enhancement Layer insight:** {observation about skill mapping at this level, or none}\n\`\`\`\n`,
+  'ai/roles/senior-developer.md': `# Senior Developer — SmashOS Role Definition\n\n**Cognitive Mode:** EXECUTION\n**Primary Skill:** code-generation\n\n## Purpose\nImplements the approved spec. Writes production-quality code, creates the branch, commits changes, and prepares for QA and Security review. Never improvises — implements the spec exactly.\n\n## Responsibilities\n- Implement exactly what the approved_spec describes\n- Follow coding-standards.md without deviation\n- Write code that passes the acceptance criteria\n- Create the branch and commit with a clear message\n- Report files changed for Security and QA review\n\n## Output Format\n\`\`\`json\n{\n  "branch_name": "string — e.g. feature/add-user-auth",\n  "files_changed": ["path/to/file.ts"],\n  "commit_sha": "string",\n  "summary": "string — one paragraph description of the change",\n  "next_phase_input": "string — max 500 tokens, passed to Security Engineer"\n}\n\`\`\`\n\n## Selective Context Load\n- /ai/context/architecture.md\n- /ai/context/coding-standards.md\n- Approved spec (from Staff Engineer output)\n\n## Hard Rules\n- EXECUTION mode: no specs, no architecture decisions\n- **Always create a branch named \`feature/<spec-slug>\` before writing any files**\n- Never commit directly to \`master\` or the default branch\n- \`branch_created: true\` must appear in the output before Phase 4 can begin\n- One commit per logical change — no mixed concerns\n\n## Enhancement Layer\nRead \`.smash-os-enhancement\` before starting (default: \`light\` if file missing).\n- \`off\` — implement the spec directly\n- \`light\` — invoke \`superpowers:test-driven-development\` before writing code; invoke \`superpowers:verification-before-completion\` before committing\n- \`medium\` — \`light\` + invoke \`superpowers:writing-plans\` to produce an implementation plan from the approved_spec before touching files\n- \`high\` — \`medium\` + invoke \`gsd:execute-phase\` to run implementation with atomic commits and deviation handling\n\n### Learning Capture (medium and high only)\nAfter producing the final output, append one entry to \`ai/memory/role-learnings/senior-developer.md\`:\n\n\`\`\`markdown\n## {YYYY-MM-DD} — {pipeline or feature name}\n**Enhancement level:** {medium|high}\n**Superpowers used:** {comma-separated list, or none}\n**GSD used:** {comma-separated list, or none}\n**What worked:** {one sentence — what the skill layering added}\n**What didn't:** {one sentence — what was redundant or slowed things down, or none}\n**Rule candidate:** {proposed new Hard Rule, or none}\n**Enhancement Layer insight:** {observation about skill mapping at this level, or none}\n\`\`\`\n`,
+  'ai/roles/security-engineer.md': `# Security Engineer — SmashOS Role Definition\n\n**Cognitive Mode:** VALIDATION\n**Primary Skill:** security-audit\n\n## Purpose\nThreat models every change before it reaches production. Validates authentication, authorisation, input handling, and data exposure. Scores every change on a 0–100 security scale.\n\n## Responsibilities\n- Review file diff from Senior Developer output\n- Identify OWASP Top 10 violations, injection risks, auth bypasses\n- Check RLS / access control for every DB-touching change\n- Assign security_score and verdict\n- Write new hard constraints to ai/memory/constraints.md for any systemic risk found\n\n## Output Format\n\`\`\`json\n{\n  "risk_level": "low | medium | high | critical",\n  "vulnerabilities": [\n    { "severity": "critical | high | medium | low", "description": "string", "line": "string" }\n  ],\n  "security_score": 0,\n  "verdict": "pass | pass_with_warnings | fail",\n  "remediation": ["string — required fixes if verdict = fail"],\n  "next_phase_input": "string — max 500 tokens, passed to QA Engineer"\n}\n\`\`\`\n\n## Selective Context Load\n- /ai/context/database.md (auth + RLS sections)\n- /ai/context/architecture.md (auth section)\n- /ai/memory/constraints.md (all entries)\n- File diff from Senior Developer\n\n## Hard Rules\n- VALIDATION mode: never write production code\n- \`critical\` vulnerability → pipeline halted immediately\n- security_score < 60 → verdict = fail\n- Always check: SQL injection, XSS, CSRF, broken auth, data exposure, path traversal\n- Any systemic risk → add to ai/memory/constraints.md\n\n## Enhancement Layer\nRead \`.smash-os-enhancement\` before starting (default: \`light\` if file missing).\n- \`off\` — run the security review standalone\n- \`light\` — invoke \`superpowers:verification-before-completion\` before issuing the verdict\n- \`medium\` — \`light\` + invoke \`superpowers:systematic-debugging\` if any vulnerability is high or critical\n- \`high\` — \`medium\` + invoke \`gsd:validate-phase\` after verdict = pass to retroactively audit coverage gaps\n\n### Learning Capture (medium and high only)\nAfter producing the final output, append one entry to \`ai/memory/role-learnings/security-engineer.md\`:\n\n\`\`\`markdown\n## {YYYY-MM-DD} — {pipeline or feature name}\n**Enhancement level:** {medium|high}\n**Superpowers used:** {comma-separated list, or none}\n**GSD used:** {comma-separated list, or none}\n**What worked:** {one sentence — what the skill layering added}\n**What didn't:** {one sentence — what was redundant or slowed things down, or none}\n**Rule candidate:** {proposed new Hard Rule, or none}\n**Enhancement Layer insight:** {observation about skill mapping at this level, or none}\n\`\`\`\n`,
+  'ai/roles/qa-engineer.md': `# QA Engineer — SmashOS Role Definition\n\n**Cognitive Mode:** VALIDATION\n**Primary Skill:** qa-validation\n\n## Purpose\nGenerates and evaluates test cases covering the acceptance criteria, failure scenarios, and edge cases. Scores the change on a 0–100 test success scale.\n\n## Responsibilities\n- Map each acceptance criterion to a test case\n- Cover all edge cases flagged by Product Manager\n- Identify regression risks from files_changed\n- Assign test_success_score and verdict\n\n## Output Format\n\`\`\`json\n{\n  "tests_run": 0,\n  "tests_passed": 0,\n  "test_success_score": 0,\n  "failures": [\n    { "test": "string", "expected": "string", "actual": "string" }\n  ],\n  "verdict": "pass | pass_with_warnings | fail",\n  "coverage_gaps": ["string — areas not covered by tests"],\n  "next_phase_input": "string — max 500 tokens, passed to DevOps Engineer"\n}\n\`\`\`\n\n## Selective Context Load\n- /ai/context/coding-standards.md\n- Acceptance criteria (from Product Manager output)\n- File diff from Senior Developer\n- Security verdict\n\n## Hard Rules\n- VALIDATION mode: never write production code\n- test_success_score < 50 after two retries → pipeline paused, human required\n- Every acceptance criterion must map to at least one test case\n- Coverage gaps must be reported even if verdict = pass\n\n## Enhancement Layer\nRead \`.smash-os-enhancement\` before starting (default: \`light\` if file missing).\n- \`off\` — run QA validation standalone\n- \`light\` — invoke \`superpowers:verification-before-completion\` before issuing the verdict\n- \`medium\` — \`light\` + invoke \`superpowers:test-driven-development\` to generate test cases from acceptance criteria before running them\n- \`high\` — \`medium\` + invoke \`gsd:add-tests\` to produce a formal test suite and attach it to the pipeline output\n\n### Learning Capture (medium and high only)\nAfter producing the final output, append one entry to \`ai/memory/role-learnings/qa-engineer.md\`:\n\n\`\`\`markdown\n## {YYYY-MM-DD} — {pipeline or feature name}\n**Enhancement level:** {medium|high}\n**Superpowers used:** {comma-separated list, or none}\n**GSD used:** {comma-separated list, or none}\n**What worked:** {one sentence — what the skill layering added}\n**What didn't:** {one sentence — what was redundant or slowed things down, or none}\n**Rule candidate:** {proposed new Hard Rule, or none}\n**Enhancement Layer insight:** {observation about skill mapping at this level, or none}\n\`\`\`\n`,
+  'ai/roles/devops-engineer.md': `# DevOps Engineer — SmashOS Role Definition\n\n**Cognitive Mode:** EXECUTION\n\n## Purpose\nDeploys the branch, opens the PR with all phase scores attached, and confirms deployment success. The final gate before human review.\n\n## Responsibilities\n- Deploy the branch to preview environment (if applicable)\n- Open a PR with title, description, and score summary\n- Attach Security score, QA score, and overall pipeline score to PR description\n- Confirm preview URL is live (or PR is open for local-only projects)\n\n## Output Format\n\`\`\`json\n{\n  "preview_url": "string or null",\n  "pr_url": "string",\n  "pr_number": 0,\n  "deployment_status": "success | failed | local-only",\n  "overall_score": 0,\n  "score_breakdown": {\n    "test_success": 0,\n    "security_score": 0,\n    "architecture_compliance": 0\n  }\n}\n\`\`\`\n\n## Selective Context Load\n- /ai/context/architecture.md (deployment section)\n- PR metadata (branch name, commit SHA)\n- Score summary from Security + QA phases\n\n## Hard Rules\n- EXECUTION mode: no specs, no decisions\n- Never open a PR if Security verdict = fail or test_success_score < 50\n- PR description must include score breakdown in a table\n\n## Enhancement Layer\nRead \`.smash-os-enhancement\` before starting (default: \`light\` if file missing).\n- \`off\` — execute deployment steps standalone\n- \`light\` — invoke \`superpowers:verification-before-completion\` before marking pipeline complete\n- \`medium\` — \`light\` + invoke \`superpowers:finishing-a-development-branch\` to validate branch state before opening the PR\n- \`high\` — \`medium\` + invoke \`gsd:ship\` to run the full PR creation, review, and merge preparation workflow\n\n### Learning Capture (medium and high only)\nAfter producing the final output, append one entry to \`ai/memory/role-learnings/devops-engineer.md\`:\n\n\`\`\`markdown\n## {YYYY-MM-DD} — {pipeline or feature name}\n**Enhancement level:** {medium|high}\n**Superpowers used:** {comma-separated list, or none}\n**GSD used:** {comma-separated list, or none}\n**What worked:** {one sentence — what the skill layering added}\n**What didn't:** {one sentence — what was redundant or slowed things down, or none}\n**Rule candidate:** {proposed new Hard Rule, or none}\n**Enhancement Layer insight:** {observation about skill mapping at this level, or none}\n\`\`\`\n`,
+  // ── Workflows (core — always installed) ──────────────────────────────────────
+  'ai/workflows/feature.md': `# Feature Workflow — SmashOS\n\n**Phases:** 6\n**Trigger:** user command, CTO decision, signal (pr_opened, user_command)\n\n## Phase Sequence\n\n\`\`\`\nPhase 1 — Product Manager     [THINKING]\n  Input:  trigger payload (idea, signal, user command)\n  Output: spec, user_stories[], acceptance_criteria[], edge_cases[]\n\nPhase 2 — Staff Engineer      [THINKING]\n  Input:  Phase 1 output\n  Output: architecture_decision, constraints[], approved_spec\n\nPhase 3 — Senior Developer    [EXECUTION]\n  Input:  approved_spec from Phase 2\n  Output: branch_created (bool, must be true), branch_name, files_changed[], commit_sha\n  Gate:   branch_created must = true before Phase 4 starts\n\nPhase 4 — Security Engineer   [VALIDATION]\n  Input:  files_changed from Phase 3\n  Output: security_score, vulnerabilities[], verdict\n\nPhase 5 — QA Engineer         [VALIDATION]\n  Input:  acceptance_criteria (Phase 1) + files_changed (Phase 3) + security verdict (Phase 4)\n  Output: test_success_score, failures[], verdict\n\nPhase 6 — DevOps Engineer     [EXECUTION]\n  Input:  branch_name (Phase 3) + scores (Phase 4 + 5)\n  Output: preview_url, pr_url, overall_score\n\`\`\`\n\n## Advancement Rules\n\n| Score | Action |\n|---|---|\n| ≥ 80 | Advance to next phase |\n| 60–79 | Advance with warning logged to memories |\n| 40–59 | Return to previous EXECUTION phase, retry once |\n| < 40 | Pipeline paused — human required |\n\n## Halt Conditions\n- Security verdict = \`critical\`\n- test_success_score < 50 after two retries\n- risk_score > 75 at any phase\n\n## Memory Write (on completion)\nMemory Writer extracts decisions, lessons, patterns from pipeline and appends to /ai/memory/.\n`,
+  'ai/workflows/bug-fix.md': `# Bug Fix Workflow — SmashOS\n\n**Phases:** 4\n**Trigger:** signal (error_spike, test_failed), user command, CTO decision\n\n## Phase Sequence\n\n\`\`\`\nPhase 1 — Staff Engineer      [THINKING]\n  Input:  bug report / signal payload\n  Output: root_cause_analysis, fix_spec, affected_files[]\n\nPhase 2 — Senior Developer    [EXECUTION]\n  Input:  fix_spec from Phase 1\n  Output: branch_name, files_changed[], commit_sha\n\nPhase 3 — QA Engineer         [VALIDATION]\n  Input:  files_changed (Phase 2) + original bug description\n  Output: regression_test_results, test_success_score, verdict\n\nPhase 4 — DevOps Engineer     [EXECUTION]\n  Input:  branch_name (Phase 2) + QA verdict (Phase 3)\n  Output: preview_url, pr_url\n\`\`\`\n\n## Notes\n- Bug fix skips Product Manager (problem is already defined by the bug)\n- Bug fix skips Security Engineer for speed — Security can re-audit if risk_score > 50\n- If Security is needed: manually add Security phase between Phase 2 and Phase 3\n\n## Halt Conditions\n- Root cause cannot be identified (Staff Engineer output confidence < 0.7)\n- test_success_score < 50 after two retries\n- fix_spec changes auth or payments paths → escalate to full Feature Workflow\n\n## Memory Write (on completion)\nAppend root cause + fix pattern to /ai/memory/lessons.md.\n`,
+  'ai/workflows/weekly-improvement.md': `# Weekly Improvement Workflow — SmashOS\n\n**Phases:** 5\n**Trigger:** Monday 06:00 cron (or /smash-os:run weekly-improvement)\n\n## Phase Sequence\n\n\`\`\`\nPhase 1 — Staff Engineer      [THINKING]\n  Input:  recent pipeline scores, health_score, recent lessons, open signals\n  Output: weakness_report, prioritised_improvements[] (max 3)\n\nPhase 2 — Product Manager     [THINKING]\n  Input:  weakness_report from Phase 1\n  Output: improvement_plan, acceptance_criteria[] for each improvement\n\nPhase 3 — Senior Developer    [EXECUTION]\n  Input:  improvement_plan from Phase 2\n  Output: branch_name, files_changed[], commit_sha\n  Constraint: Safe refactors only — no new features, no schema changes\n\nPhase 4 — QA Engineer         [VALIDATION]\n  Input:  files_changed (Phase 3) + acceptance_criteria (Phase 2)\n  Output: regression_test_results, test_success_score, verdict\n\nPhase 5 — DevOps Engineer     [EXECUTION]\n  Input:  branch_name (Phase 3) + QA verdict (Phase 4)\n  Output: preview_url, pr_url\n\`\`\`\n\n## Safety Constraints\n- Phase 3 is limited to refactors, dependency updates, and small UX improvements\n- No schema migrations (risk_score automatically elevated)\n- No auth or payments path changes (escalates to risk_score > 75 → autonomous = false)\n- If health_score < 40: workflow skipped, alert sent instead\n\n## Memory Write (on completion)\nAppend improvement patterns and performance change measurements to /ai/memory/lessons.md.\n`,
+  // ── Role learnings (skeleton — auto-written by roles at medium/high enhancement) ──
+  'ai/memory/role-learnings/staff-engineer.md': `# Role Learnings — Staff Engineer\n\nThis file accumulates learnings from the Staff Engineer role across sessions.\nEntries are written automatically when enhancement is medium or high.\nThe /smash-os:evolve-roles command reads this file and proposes improvements to the role definition.\n\n---\n\n*(No entries yet. Run a pipeline at medium or high enhancement to start accumulating learnings.)*\n\n---\n\n**Entry format:**\n\`\`\`\n## YYYY-MM-DD — pipeline or feature name\n**Enhancement level:** medium|high\n**Superpowers used:** ...\n**GSD used:** ...\n**What worked:** ...\n**What didn't:** ...\n**Rule candidate:** ...\n**Enhancement Layer insight:** ...\n\`\`\`\n`,
+  'ai/memory/role-learnings/product-manager.md': `# Role Learnings — Product Manager\n\nThis file accumulates learnings from the Product Manager role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+  'ai/memory/role-learnings/senior-developer.md': `# Role Learnings — Senior Developer\n\nThis file accumulates learnings from the Senior Developer role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+  'ai/memory/role-learnings/security-engineer.md': `# Role Learnings — Security Engineer\n\nThis file accumulates learnings from the Security Engineer role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+  'ai/memory/role-learnings/qa-engineer.md': `# Role Learnings — QA Engineer\n\nThis file accumulates learnings from the QA Engineer role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+  'ai/memory/role-learnings/devops-engineer.md': `# Role Learnings — DevOps Engineer\n\nThis file accumulates learnings from the DevOps Engineer role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
 };
 const settingsJson = JSON.stringify({
@@ -689,13 +784,14 @@ main().catch((err) => {
 const localSkills = {
   'smash-os-role': `---\nname: smash-os-role\ndescription: Switch cognitive mode and load a SmashOS role definition. Use when switching roles or at session start.\n---\n\n# /smash-os:role\n\nSwitch to the named role and adopt its cognitive mode.\n\n## Roles\n\n| Role | Mode | Allowed |\n|---|---|---|\n| Staff Engineer | THINKING | Architecture, decisions, reviews |\n| Product Manager | THINKING | Specs, user stories, acceptance criteria |\n| Senior Developer | EXECUTION | Writing code, editing files |\n| Security Engineer | VALIDATION | Security review only, no code changes |\n| QA Engineer | VALIDATION | Testing and verification only |\n| DevOps Engineer | EXECUTION | Infrastructure, deployment |\n| UI/UX Designer | THINKING | Design review, UX audit, brand compliance (frontend projects only) |\n| Frontend Developer | EXECUTION | Component code, a11y, performance, design system (frontend projects only) |\n| Frontend QA | VALIDATION | Playwright E2E tests, coverage sign-off (frontend projects only) |\n\n## Steps\n1. Read the role name from the argument (default: Staff Engineer)\n2. Read \`.smash-os-enhancement\` (default: off if missing)\n3. Announce: "Switching to [Role] — [Mode] mode · Enhancement: [level]"\n4. Load \`ai/roles/<role-slug>.md\` if it exists\n5. Apply cognitive mode restrictions AND the enhancement behaviors below\n\n## Enhancement Mode Behaviors\n\n**off** — Role operates standalone. Use your own judgment on process.\n\n**light** — Surface framework hints before significant tasks:\n- Architecture or complex decisions → suggest \`/superpowers:brainstorming\` first\n- New code → remind about TDD (\`/superpowers:test-driven-development\`)\n- Bug investigation → suggest \`/superpowers:systematic-debugging\`\n- Do not force these — surface as a suggestion, then proceed\n\n**medium** — Enforce structured workflows:\n- Feature work: brainstorm → write-plans → TDD → verification-before-completion (mandatory gates)\n- Bug work: systematic-debugging with hypothesis log\n- Before claiming complete: always invoke \`/superpowers:verification-before-completion\`\n- Complex decisions: brainstorm alternatives before committing\n- After significant work: extract key learnings to \`ai/memory/lessons.md\`\n\n**high** — Full GSD phase management + active learning extraction:\n- Complex work (3+ implementation steps): use GSD (discuss → plan → execute → verify)\n- Use \`/gsd:plan-phase\` before any multi-step implementation\n- Simple/reversible tasks (< 30 min, single obvious approach): use medium workflows instead\n- After each phase: run \`/smash-os:extract-learnings\` to capture conventions and decisions\n- Completion: \`/gsd:verify-work\` before signing off\n- Learnings feed into \`ai/memory/\` and inform skill evolution\n`,
-  'smash-os-memory': `---\nname: smash-os-memory\ndescription: Show recent SmashOS decisions and lessons from the ai/memory/ folder.\n---\n\n# /smash-os:memory\n\nRead and display the local SmashOS memory files.\n\n## Steps\n1. Read \`ai/memory/decisions.md\` (last 20 entries)\n2. Read \`ai/memory/lessons.md\` (last 10 entries)\n3. Display them clearly — decisions first, then lessons\n4. If either file is empty or missing, say so\n`,
+  'smash-os-memory': `---\nname: smash-os-memory\ndescription: Show recent SmashOS memory — decisions, lessons, constraints, patterns, and audit summaries from the ai/memory/ folder.\n---\n\n# /smash-os:memory\n\nRead and display the local SmashOS memory files.\n\n## Steps\n1. Read \`ai/memory/decisions.md\` (last 20 entries)\n2. Read \`ai/memory/lessons.md\` (last 10 entries)\n3. Read \`ai/memory/constraints.md\` (all entries — these are hard rules, never skip)\n4. Read \`ai/memory/patterns.md\` (last 10 entries)\n5. Read \`ai/memory/audits.md\` (last 3 entries)\n6. Display in order: constraints first (always active), then decisions, lessons, patterns, audits\n7. If any file is empty or missing, say so\n`,
   'smash-os-onboarding': `---\nname: smash-os:onboarding\ndescription: Run SmashOS onboarding — scans the codebase, pre-fills answers from what it finds, then walks through registration questions section by section. Each question can be skipped. Writes all ai/context/ files when done.\nallowed-tools: Bash, Read, Glob, Grep, Write\n---\n\n# /smash-os:onboarding\n\nOnboard this repo into SmashOS. Always local — no API keys required.\n\n## Phase 1 — Codebase Scan\n\nAnnounce start, then silently read:\n- \`package.json\`, \`README.md\`, \`CLAUDE.md\`, \`.smash-os-mode\`\n- Top-level dirs + \`src/\`, \`app/\`, \`lib/\` contents\n- Key config files: vite, next, react-router, tsconfig, tailwind, drizzle\n- \`supabase/migrations/\`, \`prisma/schema.prisma\`, \`.env.example\`\n- Any existing \`ai/context/\` files\n- Up to 5 representative source files\n\nBuild internal knowledge from what you find — used to pre-fill Phase 2.\n\n## Phase 2 — Registration Interview\n\nTell the user:\n\`\`\`\n▸ SMASH OS  ·  registration interview\n─────────────────────────────────────\n  I've scanned your codebase. Now I'll ask questions to fill in\n  your AI context files. Each question shows what I already found.\n  Type SKIP to skip any question. Type DONE to finish a section early.\n─────────────────────────────────────\n\`\`\`\n\nFor each question: show your pre-filled guess first, then ask. If user types SKIP — accept the pre-fill and move on. User answers always override pre-fills. One section at a time.\n\n**Section 1 — Product & Business → ai/context/product.md**\nQ1 What does this product do? | Q2 Who are the users? | Q3 Main modules/features? | Q4 Revenue/business model? | Q5 3–5 core daily workflows? | Q6 Non-negotiable rules? | Q7 What does "broken" look like?\n\n**Section 2 — Architecture & Tech Stack → ai/context/architecture.md**\nQ1 Frontend framework + version? | Q2 Backend/API layer? | Q3 Database(s)? | Q4 Auth method? | Q5 Deployment target? | Q6 External services/APIs? | Q7 Folder/module structure? | Q8 Architectural rules/boundaries?\n\n**Section 3 — Coding Standards → ai/context/coding-standards.md**\nQ1 Language + strictness? | Q2 Naming conventions? | Q3 How are mutations handled? | Q4 Styling approach? | Q5 Testing setup? | Q6 Consistent patterns/abstractions? | Q7 What should AI-generated code always avoid?\n\n**Section 4 — Database → ai/context/database.md** (skip if no DB detected)\nQ1 Main tables + what each stores? | Q2 Key relationships? | Q3 RLS or data isolation? | Q4 How is DB accessed in code? | Q5 Business-critical queries to document? | Q6 Tables needing special care?\n\n**Section 5 — Current State → ai/memory/decisions.md**\nQ1 Current state of codebase? | Q2 3 biggest pain points? | Q3 Actively being worked on? | Q4 Settled decisions not to revisit? | Q5 What has been tried and failed?\n\n## Phase 3 — Write Context Files\n\nMerge pre-fills + user answers. Write real prose — no placeholder comments.\nIf a file exists with real content, append rather than overwrite.\n\nFiles: ai/context/product.md | ai/context/architecture.md | ai/context/coding-standards.md | ai/context/database.md | ai/memory/decisions.md (append) | ai/context/orchestrator.md (update summaries)\n\n## Phase 4 — Confirm\n\n\`\`\`\n▸ SMASH OS  ·  onboarded\n─────────────────────────────────────\n  FILES WRITTEN\n    · ai/context/product.md\n    · ai/context/architecture.md\n    · ai/context/coding-standards.md\n    · ai/context/database.md\n    · ai/memory/decisions.md   (initial context appended)\n    · ai/context/orchestrator.md  (summaries updated)\n\n  WHAT I NOW KNOW\n  {2–4 sentence natural language summary}\n\n  Run /smash-os:run to start your first pipeline.\n─────────────────────────────────────\n\`\`\`\n\n## Rules\n- Never ask for credentials\n- Always show pre-fill before asking\n- Never repeat a skipped question\n- Write real content — no placeholder comments\n- Re-runs append, never overwrite history\n`,
   'smash-os-run': `---\nname: smash-os-run\ndescription: Trigger a SmashOS pipeline manually. Usage: /smash-os:run [type] where type is feature | bug-fix | weekly-improvement | security-audit | custom.\nallowed-tools: Bash, Read, Write, Edit, Glob, Grep\n---\n\n# /smash-os:run\n\nTrigger a SmashOS pipeline for this repo (local mode).\n\nAll pipelines execute inline — Claude Code IS the pipeline engine.\nLoad context from \`ai/context/\` and \`ai/memory/\` before starting.\n\n## Pipeline Types\n- \`feature\` — full 7-phase feature development\n- \`bug-fix\` — diagnose and fix a bug\n- \`security-audit\` — security review of recent changes\n- \`weekly-improvement\` — code quality and refactor pass\n- \`frontend-audit\` — UI/UX design review + component quality + Playwright tests (frontend projects only)\n- \`playwright\` — Frontend QA phase only: generate/review Playwright E2E tests (frontend projects only)\n- \`custom\` — user-defined pipeline (ask for description first)\n\n## Phase Sequence\n\nRun all 7 phases in order. For each phase adopt the role, do the work, output the result.\n\n**Phase 0 — Debate (Staff Engineer)**\n- Analyse from multiple architectural angles\n- Surface trade-offs and open questions\n\n**Phase 1 — Product Manager**\n- Define acceptance criteria and user stories\n- Output: spec with measurable outcomes\n\n**Phase 2 — Staff Engineer / Architecture**\n- Design implementation approach\n- Identify files to create/modify\n\n**Phase 3 — Senior Developer**\n- Write the actual code changes\n- Follow \`ai/context/coding-standards.md\`\n\n**Phase 4 — Security Engineer**\n- Review for auth, input validation, injection risks\n- Output: security sign-off or blockers\n\n**Phase 5 — QA Engineer**\n- Write test cases, identify edge cases\n- Output: test plan + pass/fail verdict\n\n**Phase 6 — DevOps**\n- Deployment impact, migrations, config changes\n- Output: deployment checklist\n\n## Phase Output Format\n\n\`\`\`\n▸ SMASH OS  ·  phase {N}  ·  {role}\n─────────────────────────────────────\n{output}\n─────────────────────────────────────\n\`\`\`\n\n## After All Phases\n\nSave key decisions to \`ai/memory/decisions.md\`.\n\nFinal output:\n\`\`\`\n▸ SMASH OS  ·  pipeline complete  [local]\n─────────────────────────────────────\n  type       {type}\n  phases     7 / 7\n  status     completed\n─────────────────────────────────────\n\`\`\`\n\nIf enhancement is medium or high, also run \`/smash-os:extract-learnings\` after completion.\n`,
   'smash-os-enhancement': `---\nname: smash-os-enhancement\ndescription: View or change the SmashOS enhancement level (off/light/medium/high). Controls how deeply superpowers and GSD frameworks integrate into role workflows.\nallowed-tools: Read, Write\n---\n\n# /smash-os:enhancement [level]\n\nView or set the SmashOS enhancement mode.\n\n## Steps\n1. Read the argument (if any). Valid values: \`off\`, \`light\`, \`medium\`, \`high\`\n2. If no argument: read \`.smash-os-enhancement\` (default: off) and display current level + description\n3. If argument provided: validate, write to \`.smash-os-enhancement\`, confirm change\n\n## Level Descriptions\n\n| Level | What it does |\n|---|---|\n| off | Roles operate standalone — no framework integration |\n| light | Roles surface hints for relevant superpowers skills |\n| medium | Structured workflows enforced: brainstorm → plan → TDD → verify + learning extraction |\n| high | Full GSD phase management + active learning extraction → feeds skill evolution |\n\n## Output Format\n\n\`\`\`\n▸ SMASH OS  ·  enhancement mode\n─────────────────────────────────────\n  level      {level}\n  {description}\n─────────────────────────────────────\n\`\`\`\n`,
   'smash-os-extract-learnings': `---\nname: smash-os-extract-learnings\ndescription: Extract conventions, decisions, and lessons from the current session and save to ai/memory/. At high enhancement mode this runs automatically after each significant phase. Feeds into skill evolution.\nallowed-tools: Read, Write, Glob\n---\n\n# /smash-os:extract-learnings\n\nExtract and persist learnings from the current session.\n\n## Steps\n\n1. Review recent work in this session — what was built, what decisions were made, what friction was encountered\n2. Identify items in each category:\n   - **Conventions discovered**: patterns or standards that emerged or were reinforced\n   - **Decisions made**: architectural or product choices with rationale\n   - **Lessons learned**: what went wrong or could be improved\n   - **Role improvements**: behaviors that should be added/removed from a role definition\n3. Write to \`ai/memory/lessons.md\` (append) — lessons + conventions\n4. Write to \`ai/memory/decisions.md\` (append) — decisions with rationale\n5. If role improvements were identified:\n   - Read the relevant \`ai/roles/<role-slug>.md\` file (create it if missing)\n   - Propose the improvement inline\n   - Ask: "Apply this improvement to the [Role] definition? (y/n)"\n   - If yes: write the updated role file\n6. Output a brief summary of what was extracted\n\n## Output Format\n\n\`\`\`\n▸ SMASH OS  ·  learnings extracted\n─────────────────────────────────────\n  conventions   {N}\n  decisions     {N}\n  lessons       {N}\n  role updates  {N applied | none}\n─────────────────────────────────────\n\`\`\`\n\n## Notes\n- Never overwrite existing entries — always append\n- Role improvements should be additive, not destructive\n- These files are read by skill-evolution — write clearly for future context\n- If nothing significant happened this session: output "No learnings to extract"\n`,
   'smash-os-role-improve': `---\nname: smash-os-role-improve\ndescription: Role improvement pass — reads accumulated learnings from ai/memory/role-learnings/, applies insights back to each role definition. Gains new rules, prunes stale ones, consolidates duplicates, enhances the Enhancement Layer. Run manually or via the RoleImprovement scheduled task.\nallowed-tools: Read, Write, Edit\n---\n\n# /smash-os:role-improve\n\nRead all role learning logs. For each role with new entries, analyse and apply improvements back to the role definition.\n\n## Step 1 — Discover roles with learnings\n\nRead all files in \`ai/memory/role-learnings/\`. Skip any with no entries beyond the header (nothing after the \`---\` separator).\n\n## Step 2 — Analyse each learning log\n\nFor each role that has entries, extract:\n- **Gains** — new constraints or patterns that consistently improved output\n- **Prunes** — Hard Rules flagged as redundant, too slow, or consistently skipped\n- **Consolidations** — duplicate or near-duplicate rules that can be merged\n- **Enhancement Layer improvements** — which skills actually added value at which levels\n\n## Step 3 — Apply improvements to each role file\n\n1. Add new Hard Rules from Gains — each dated \`[YYYY-MM-DD]\`\n2. Remove pruned rules if flagged 3+ times; convert to comment if 1–2 times\n3. Consolidate duplicate rules\n4. Update Enhancement Layer skill mappings\n5. Append to \`## Improvement History\` (create if missing): \`- YYYY-MM-DD: {N gains, M prunes, K consolidations}\`\n\nDo not change Purpose, Responsibilities, Output Format, or Selective Context Load unless a learning entry explicitly proposes it.\n\n## Step 4 — Archive processed learnings\n\nAfter updating a role file, append an archive marker and move processed entries below it. New entries append above the archive.\n\n## Step 5 — Report\n\n\`\`\`\n▸ SMASH OS  ·  role improvement pass\n─────────────────────────────────────\n  {date}\n  ROLES UPDATED  {list with counts}\n  ROLES SKIPPED  {list — no new learnings}\n─────────────────────────────────────\n\`\`\`\n\n## Rules\n- Never remove a Hard Rule without 3+ learning entries flagging it\n- All new Hard Rules carry a derivation date\n- Idempotent — no new entries = no changes\n`,
   'smash-os-evolve-roles': `---\nname: smash-os-evolve-roles\ndescription: Analyze accumulated learnings from ai/memory/ and propose targeted improvements to SmashOS role files. Bridges extract-learnings to skill evolution. Runs automatically weekly via Task Scheduler.\nallowed-tools: Read, Write, Glob\n---\n\n# /smash-os:evolve-roles\n\nAnalyze learnings accumulated across sessions and evolve role definitions based on real project experience.\n\n## Steps\n\n1. Read \`ai/memory/lessons.md\` — find entries tagged with role improvement suggestions (look for "Role improvements:", "role:", "[role improvement]" markers)\n2. Read \`ai/memory/decisions.md\` — find conventions that should be encoded into specific roles\n3. Skip any learning already marked with \`[applied YYYY-MM-DD]\`\n4. List all files in \`ai/roles/\` — project-specific role overrides\n   - If \`ai/roles/\` is empty or missing: offer to scaffold defaults (staff-engineer, senior-developer, security-engineer)\n5. For each pending improvement, identify the target role and present:\n   - Current relevant section (or "no file yet")\n   - Proposed addition/change (be specific — not "be more careful", but "always check for stale migrations before running tests")\n   - Ask: "Apply to [role-name].md? (y/n)"\n6. If approved: write/update \`ai/roles/<role-slug>.md\`, mark the source lesson as \`[applied {date}]\` in lessons.md\n7. After all project-level changes, ask: "Any improvements universal enough for the global skill? (y/n)"\n   - If yes: list candidates, confirm each, then append to \`~/.claude/skills/smash-os-role/SKILL.md\` under a "## Project-Learned Behaviors" section\n8. Output summary\n\n## Output Format\n\n\`\`\`\n▸ SMASH OS  ·  role evolution\n─────────────────────────────────────\n  learnings reviewed   {N}\n  improvements found   {N}\n  applied to roles     {N}\n  global skill updated {yes | no}\n─────────────────────────────────────\n\`\`\`\n\n## Rules\n- Never remove existing role capabilities — only add or refine\n- Improvements must be specific and actionable, not vague\n- Mark applied learnings so they are not re-proposed on the next run\n- Global skill updates: only universal, project-agnostic behaviors (not "use Postgres migrations" — yes to "always confirm schema changes with Security Engineer before applying")\n- If no pending improvements: output "Roles are up to date — no changes needed"\n`,
+  'smash-os-performance': `---\nname: smash-os-performance\ndescription: Full performance audit and fix pipeline for any SmashBurgerBar web app. Scores performance across 6 dimensions, auto-fixes safe issues, generates prioritised action plans.\n---\n\n# /smash-os:performance\n\nRun a full performance audit for the current project. Scores every dimension, auto-fixes safe wins, and generates a prioritised fix plan.\n\n---\n\n## Phase 1 — Detect Project Type\n\nRead \`package.json\` and identify:\n- Framework: React Router v7 / Next.js / plain React\n- Renderer: SSR / CSR / SSG\n- Key deps: \`@tanstack/react-virtual\`, \`@vercel/analytics\`, \`@vercel/speed-insights\`\n- Build tool: Vite / Webpack / Turbopack\n\n---\n\n## Phase 2 — Score Performance Dimensions (0–100 each)\n\n| # | Dimension | Weight | How to measure |\n|---|---|---|---|\n| 1 | **Data Loading Strategy** | 25% | Single Fetch enabled? Loaders return naked objects? \`json()\`/\`defer()\` still used? Streaming used for slow data? |\n| 2 | **Rendering & Hydration** | 20% | Server-first? Unnecessary client components? Hydration mismatches? Third-party SDKs causing flicker? |\n| 3 | **Bundle Size** | 20% | Check \`build/\` output sizes. Large deps in client bundle? Code splitting in place? |\n| 4 | **List & Grid Performance** | 15% | Lists over 100 items without virtualisation? \`@tanstack/react-virtual\` installed? |\n| 5 | **UX Responsiveness** | 10% | \`viewTransition\` on navigation links? \`<Suspense>\` wrapping slow components? \`streamTimeout\` set? |\n| 6 | **Asset & Cache Optimisation** | 10% | Images use \`next/image\` or equivalent? Fonts optimised? \`Cache-Control\` headers set? CDN cache on static assets? |\n\n**Performance Score (PS) = sum of weighted contributions**\n\nGrades: 90–100 A · 75–89 B · 60–74 C · 40–59 D · 0–39 F\n\n---\n\n## Phase 3 — Detect and Fix Common Issues\n\n### Data loading\n- [ ] Replace \`json(return {...})\` with \`return {...}\` (naked object) in all loaders\n- [ ] Replace \`defer()\` with non-awaited promises returned directly from loaders\n- [ ] Add \`shouldRevalidate\` to routes that don't need to re-fetch on every navigation\n- [ ] Identify loaders that await slow external calls — split into critical (awaited) + secondary (streamed)\n\n### Streaming\n- [ ] Check \`entry.server.tsx\` — add \`export const streamTimeout = 5000\` if absent\n- [ ] Wrap components that receive streamed promises in \`<Suspense fallback={...}>\`\n\n### Rendering\n- [ ] Audit \`'use client'\` usage — push boundaries as far down the tree as possible\n- [ ] Check for third-party SDK initialisation in components — move to server loaders\n\n### Lists\n- [ ] Find all \`.map()\` renders of lists > 100 items\n- [ ] Install \`@tanstack/react-virtual\` if not present\n- [ ] Wrap identified lists with \`useVirtualizer\`\n\n### UX transitions\n- [ ] Add \`viewTransition\` to primary navigation \`<Link>\` components\n- [ ] Add \`streamTimeout\` export to \`entry.server.tsx\`\n\n### Assets\n- [ ] Check image tags — ensure \`loading="lazy"\` on below-fold images\n- [ ] Verify \`Cache-Control: public, max-age=31536000, immutable\` on static assets in \`vercel.json\` or equivalent\n\n---\n\n## Phase 4 — Auto-Fix Protocol\n\n| Severity | Action |\n|---|---|\n| Safe mechanical change (remove \`json()\`, add \`streamTimeout\`) | Fix inline, note in report |\n| Requires logic change (split loader, add virtualisation) | Generate \`PERF_PR_N.md\` with exact code change |\n| Requires package install | Print install command, do not run automatically |\n\n---\n\n## Phase 5 — Report Output\n\n\`\`\`\n╔══════════════════════════════════════════════════╗\n║      PERFORMANCE SCORE  ·  [PROJECT NAME]        ║\n╠══════════════════════════════════════════════════╣\n║  1. Data Loading Strategy   ██████░░░  65% ×0.25 ║\n║  2. Rendering & Hydration   ████████░  80% ×0.20 ║\n║  3. Bundle Size             ███████░░  70% ×0.20 ║\n║  4. List Performance        ██░░░░░░░  20% ×0.15 ║\n║  5. UX Responsiveness       █████░░░░  50% ×0.10 ║\n║  6. Asset & Cache           ████████░  80% ×0.10 ║\n╠══════════════════════════════════════════════════╣\n║  PERFORMANCE SCORE                  63.75  →  C  ║\n╚══════════════════════════════════════════════════╝\n\nAuto-fixed:   N items\nPRs queued:   N → PERF_PR_1.md, PERF_PR_2.md\n\nNext actions:\n  [HIGH]  Virtualise order history list — 3,000 rows rendered on mount\n  [HIGH]  Split menu loader — Supabase call blocks 1.8s before first byte\n  [MED]   Add streamTimeout to entry.server.tsx\n  [MED]   Remove json() from 4 loaders\n  [LOW]   Add viewTransition to nav links\n\`\`\`\n\nSave report to \`ai/memory/audits/PERF_REPORT_<YYYY-MM-DD>.md\`.\n\n---\n\n## Roles active during this pipeline\n\n| Role | Mode | Responsibility |\n|---|---|---|\n| Staff Engineer | THINKING | Identifies architectural causes of slowness |\n| Senior Developer | EXECUTION | Implements fixes |\n| QA Engineer | VALIDATION | Verifies fixes don't break functionality |\n\n---\n\n## Key research reference\n\n\`docs/research/react-router-v7-performance.md\` — React Router v7 + React 19 performance patterns (Single Fetch, Streaming, View Transitions, Virtualisation).\n\n---\n\n## Rules\n\n- Never virtualise a list without first confirming item count from real data or code\n- Never remove \`await\` from a loader without checking if the data is used in the initial render\n- Always run \`typecheck\` after auto-fixes\n- Store all findings in \`ai/memory/audits/PERF_REPORT_<date>.md\`\n`,
 };
 // ─── Write files ──────────────────────────────────────────────────────────────
@@ -724,30 +820,32 @@ for (const [relPath, content] of Object.entries(aiFiles)) {
   }
 }
-// ─── Frontend roles (opt-in) ──────────────────────────────────────────────────
+// ─── Frontend roles (opt-in, inline — no source tree dependency) ──────────────
+const frontendFiles = {
+  'ai/roles/ui-ux-designer.md': `# UI/UX Designer — SmashOS Role Definition\n\n**Cognitive Mode:** THINKING\n**Primary Skill:** frontend-design\n**Trigger:** FRONTEND_CHANGED flag, or \`/smash-os:run frontend-audit\`\n\n## Purpose\nReviews and designs the user experience layer. Catches layout, hierarchy, accessibility, and brand compliance issues at the design level — before the Frontend Developer implements them.\n\n## Output Format\n\`\`\`json\n{\n  "design_score": 0,\n  "files_reviewed": ["string"],\n  "findings": [\n    { "severity": "critical | high | medium | low", "category": "hierarchy | spacing | accessibility | brand | mobile | flow | consistency", "location": "string", "issue": "string", "recommendation": "string" }\n  ],\n  "ux_patterns_missing": ["string"],\n  "brand_violations": ["string"],\n  "verdict": "approved | approved_with_changes | requires_redesign",\n  "next_phase_input": "string — max 500 tokens"\n}\n\`\`\`\n\n## Design Review Checklist\n- [ ] Visual hierarchy is clear — primary action obvious, secondary subordinate\n- [ ] Spacing is consistent — no arbitrary gaps or cramped elements\n- [ ] Mobile layout works at 320px, 375px, 768px breakpoints\n- [ ] Interactive elements have visible focus states\n- [ ] Touch targets minimum 44×44px on mobile\n- [ ] Loading, empty, and error states designed (not just happy path)\n- [ ] Contrast ratios meet WCAG AA (4.5:1 for body text, 3:1 for UI)\n- [ ] Consistent border radii across all components on a screen\n\n## Hard Rules\n- THINKING mode: no file writes, no code\n- Never approve a screen with missing empty/loading/error states\n- design_score < 60 → verdict must be \`requires_redesign\`\n- design_score 60–79 → verdict must be \`approved_with_changes\`\n- design_score ≥ 80 → verdict may be \`approved\`\n\n## Enhancement Layer\n- \`off\` — standalone design review against checklist\n- \`light\` — invoke \`superpowers:brainstorming\` before issuing verdict on complex UX flows\n- \`medium\` — \`light\` + produce a written design rationale for each major finding\n- \`high\` — \`medium\` + invoke \`gsd:plan-phase\` to produce a design improvement plan as structured phases\n\n### Learning Capture (medium and high only)\nAppend one entry to \`ai/memory/role-learnings/ui-ux-designer.md\`.\n`,
+  'ai/roles/frontend-developer.md': `# Frontend Developer — SmashOS Role Definition\n\n**Cognitive Mode:** EXECUTION\n**Primary Skill:** code-generation\n**Trigger:** FRONTEND_CHANGED flag, after UI/UX Designer approval\n\n## Purpose\nImplements and reviews frontend code. Writes production-quality components, ensures React/framework best practices, optimises performance, and hands off clean, accessible code to Frontend QA.\n\n## Output Format\n\`\`\`json\n{\n  "branch_name": "string — e.g. frontend/improve-nav-mobile",\n  "files_changed": ["path/to/component.tsx"],\n  "commit_sha": "string",\n  "component_score": 0,\n  "findings": [\n    { "severity": "critical | high | medium | low", "category": "performance | accessibility | best-practice | design-system | bundle-size", "location": "string", "issue": "string", "fix_applied": "string" }\n  ],\n  "a11y_fixes": ["string"],\n  "verdict": "pass | pass_with_warnings | fail",\n  "next_phase_input": "string — max 500 tokens"\n}\n\`\`\`\n\n## Code Review Checklist\n- [ ] No \`useEffect\` with missing dependencies\n- [ ] No \`any\` types in TypeScript component props\n- [ ] Client components (\`'use client'\`) only where browser APIs or interactivity is needed\n- [ ] No inline styles — design tokens/Tailwind classes only\n- [ ] Images use optimised component (next/image or equivalent)\n- [ ] Accessible: correct \`alt\` text, \`aria-label\` on icon-only buttons\n- [ ] No \`key={index}\` in dynamic lists\n- [ ] Loading and error states implemented for every async component\n- [ ] No \`console.log\` left in production code\n- [ ] Components under 300 lines — extract if larger\n\n## Hard Rules\n- EXECUTION mode: no specs, no architecture decisions\n- Always create a branch named \`frontend/<slug>\` before writing any files\n- Never commit directly to \`master\` or the default branch\n- Design system violations are always flagged, never silently fixed with ad-hoc values\n- \`component_score < 50\` after one retry → escalate to Staff Engineer\n\n## Enhancement Layer\n- \`off\` — implement/review standalone\n- \`light\` — invoke \`superpowers:verification-before-completion\` before committing\n- \`medium\` — \`light\` + invoke \`superpowers:writing-plans\` before touching multiple components\n- \`high\` — \`medium\` + invoke \`gsd:execute-phase\` for multi-component changes\n\n### Learning Capture (medium and high only)\nAppend one entry to \`ai/memory/role-learnings/frontend-developer.md\`.\n`,
+  'ai/roles/frontend-qa.md': `# Frontend QA / Playwright Engineer — SmashOS Role Definition\n\n**Cognitive Mode:** VALIDATION\n**Primary Skill:** qa-validation\n**Trigger:** FRONTEND_CHANGED flag, after Frontend Developer phase completes\n\n## Purpose\nValidates frontend changes through E2E test coverage and visual review. Writes Playwright tests for user flows, identifies untested paths, flags visual regressions, and issues a final sign-off.\n\n## Output Format\n\`\`\`json\n{\n  "tests_written": 0,\n  "tests_passing": 0,\n  "coverage_score": 0,\n  "test_files": ["string"],\n  "user_flows_covered": ["string"],\n  "coverage_gaps": ["string"],\n  "visual_regression_risks": ["string"],\n  "verdict": "pass | pass_with_warnings | fail",\n  "next_phase_input": "string — max 500 tokens"\n}\n\`\`\`\n\n## Test Writing Guidelines\n- Test file naming: \`{component-name}.spec.ts\` or \`{flow-name}.e2e.ts\`\n- Always test: happy path, empty state, error state, loading state\n- Mobile tests: \`test.use({ viewport: { width: 375, height: 812 } })\`\n- Use \`page.getByRole()\` and \`page.getByLabel()\` — never CSS selectors unless unavoidable\n- Keep tests independent — no shared state between test blocks\n\n## Hard Rules\n- VALIDATION mode: never write production code — test files only\n- coverage_score < 50 after one retry → pipeline paused, human required\n- Never mark verdict = pass with uncovered critical user flows\n- Playwright tests must be runnable with \`npx playwright test\`\n\n## Enhancement Layer\n- \`off\` — standalone Playwright test generation\n- \`light\` — invoke \`superpowers:verification-before-completion\` before issuing verdict\n- \`medium\` — \`light\` + invoke \`superpowers:test-driven-development\` to map flows before writing tests\n- \`high\` — \`medium\` + invoke \`gsd:add-tests\` for a formal test suite attached to pipeline output\n\n### Learning Capture (medium and high only)\nAppend one entry to \`ai/memory/role-learnings/frontend-qa.md\`.\n`,
+  'ai/workflows/frontend-audit.md': `# Frontend Audit Workflow — SmashOS\n\n**Phases:** 3\n**Trigger:** FRONTEND_CHANGED (auto) · \`/smash-os:run frontend-audit\` (manual)\n**Condition:** Only runs when the project was installed with frontend support enabled\n\n## Phase Sequence\n\n\`\`\`\nPhase 1 — UI/UX Designer       [THINKING]\n  Input:  git diff or full file list (manual), brand-guidelines.md (if exists)\n  Output: design_score, findings[], brand_violations[], verdict\n  Gate:   verdict = requires_redesign → pause pipeline, human required\n\nPhase 2 — Frontend Developer   [EXECUTION]\n  Input:  Phase 1 output (design findings + verdict)\n  Output: files_changed[], component_score, a11y_fixes[], verdict\n  Gate:   verdict = fail → return to Phase 1 for re-review\n\nPhase 3 — Frontend QA          [VALIDATION]\n  Input:  Phase 2 output (files_changed + component findings)\n  Output: test_files[], coverage_score, coverage_gaps[], verdict\n  Gate:   coverage_score < 50 after one retry → pipeline paused, human required\n\`\`\`\n\n## Advancement Rules\n\n| Score | Action |\n|---|---|\n| ≥ 80 | Advance to next phase |\n| 60–79 | Advance with warning logged to \`ai/memory/lessons.md\` |\n| 40–59 | Return to previous phase, retry once |\n| < 40 | Pipeline paused — human required |\n\n## Halt Conditions\n- UI/UX Designer verdict = \`requires_redesign\`\n- Frontend Developer verdict = \`fail\` after one retry\n- Frontend QA coverage_score < 50 after one retry\n\n## Memory Write (on completion)\nAppend to \`ai/memory/decisions.md\`: design decisions, component patterns, Playwright test patterns.\n`,
+  'ai/memory/role-learnings/ui-ux-designer.md': `# Role Learnings — UI/UX Designer\n\nThis file accumulates learnings from the UI/UX Designer role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+  'ai/memory/role-learnings/frontend-developer.md': `# Role Learnings — Frontend Developer\n\nThis file accumulates learnings from the Frontend Developer role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+  'ai/memory/role-learnings/frontend-qa.md': `# Role Learnings — Frontend QA\n\nThis file accumulates learnings from the Frontend QA role across sessions.\nEntries are written automatically when enhancement is medium or high.\n\n---\n\n*(No entries yet.)*\n`,
+};
 if (isFrontend) {
-  const smashOsRoot = join(dirname(new URL(import.meta.url).pathname.replace(/^\/([A-Z]:)/, '$1')), '..');
-  const frontendRoles = [
-    { src: 'ai/roles/ui-ux-designer.md',    dest: 'ai/roles/ui-ux-designer.md' },
-    { src: 'ai/roles/frontend-developer.md', dest: 'ai/roles/frontend-developer.md' },
-    { src: 'ai/roles/frontend-qa.md',        dest: 'ai/roles/frontend-qa.md' },
-    { src: 'ai/workflows/frontend-audit.md', dest: 'ai/workflows/frontend-audit.md' },
-  ];
   console.log('');
   console.log(chalk.dim('  Frontend team:'));
-  for (const { src, dest } of frontendRoles) {
-    const srcPath = join(smashOsRoot, src);
-    if (!existsSync(join(cwd, dest))) {
-      if (existsSync(srcPath)) {
-        writeFile(dest, readFileSync(srcPath, 'utf8'));
-        console.log('  ' + chalk.green('✓') + ' ' + chalk.white(dest));
-        written++;
-      } else {
-        console.log('  ' + chalk.yellow('!') + ' ' + chalk.dim(`${src} — source not found, skipped`));
-      }
+  for (const [relPath, content] of Object.entries(frontendFiles)) {
+    if (!existsSync(join(cwd, relPath))) {
+      writeFile(relPath, content);
+      console.log('  ' + chalk.green('✓') + ' ' + chalk.white(relPath));
+      written++;
     } else {
-      console.log('  ' + chalk.dim('↷') + ' ' + chalk.dim(`${dest} (already exists — skipped)`));
+      console.log('  ' + chalk.dim('↷') + ' ' + chalk.dim(`${relPath} (already exists — skipped)`));
     }
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "smash-os-install",
-  "version": "0.3.0",
+  "version": "0.3.3",
   "description": "Install the SmashOS local AI workflow harness into any repo — no web app, no API keys required",
   "type": "module",
   "bin": {