tribunal-kit 3.0.0 → 4.0.0

package/bin/tribunal-kit.js

@@ -270,17 +270,30 @@ function banner() {
     if (quiet) return;
     // Big ASCII art (TRIBUNAL-KIT)
     const art = String.raw`
-___________      ._____.                       .__             ____  __.__  __   
-\__    ___/______|__\_ |__  __ __  ____ _____  |  |           |    |/ _|__|/  |_ 
-  |    |  \_  __ \  || __ \|  |  \/    \\__  \ |  |    ______ |      < |  \   __\
-  |    |   |  | \/  || \_\ \  |  /   |  \/ __ \|  |__ /_____/ |    |  \|  ||  |  
-  |____|   |__|  |__||___  /____/|___|  (____  /____/         |____|__ \__||__|  
-                         \/           \/     \/                       \/          `.split('\n').filter(Boolean);
+████████╗██████╗ ██╗██████╗ ██╗   ██╗███╗   ██╗ █████╗ ██╗      ██╗  ██╗██╗████████╗
+╚══██╔══╝██╔══██╗██║██╔══██╗██║   ██║████╗  ██║██╔══██╗██║      ██║ ██╔╝██║╚══██╔══╝
+   ██║   ██████╔╝██║██████╔╝██║   ██║██╔██╗ ██║███████║██║█████╗█████╔╝ ██║   ██║   
+   ██║   ██╔══██╗██║██╔══██╗██║   ██║██║╚██╗██║██╔══██║██║╚════╝██╔═██╗ ██║   ██║   
+   ██║   ██║  ██║██║██████╔╝╚██████╔╝██║ ╚████║██║  ██║███████╗ ██║  ██╗██║   ██║   
+   ╚═╝   ╚═╝  ╚═╝╚═╝╚═════╝  ╚═════╝ ╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝ ╚═╝  ╚═╝╚═╝   ╚═╝   `.split('\n').filter(Boolean);
     console.log();
-    for (const line of art) log(`  ${c('cyan', bold(line))}`);
+    const maxLen = Math.max(...art.map(line => line.length));
+    for (const line of art) {
+        let gradientLine = '  ' + C.bold;
+        for (let i = 0; i < line.length; i++) {
+            const p = maxLen > 1 ? i / (maxLen - 1) : 0;
+            // Coquelicot #FF4000 to Penn Blue #0A1045
+            const r = Math.round(255 + p * (10 - 255));
+            const g = Math.round(64 + p * (16 - 64));
+            const b = Math.round(0 + p * (69 - 0));
+            gradientLine += `\x1b[38;2;${r};${g};${b}m${line[i]}`;
+        }
+        gradientLine += C.reset;
+        log(gradientLine);
+    }
     console.log();
     // Subtitle strip
-    const W   = 80;
+    const W   = 84;
     const sub = 'Anti-Hallucination Agent System';
     const sp  = Math.max(0, W - sub.length);
     const centred = ' '.repeat(Math.floor(sp / 2)) + sub + ' '.repeat(Math.ceil(sp / 2));
@@ -344,6 +357,18 @@ function cmdInit(flags) {
         }
     }
 
+    // Ensure history dirs exist (Case Law + Skill Evolution)
+    if (!dryRun) {
+        const caseDir = path.join(agentDest, 'history', 'case-law', 'cases');
+        const evoDir  = path.join(agentDest, 'history', 'skill-evolution');
+        fs.mkdirSync(caseDir, { recursive: true });
+        fs.mkdirSync(evoDir,  { recursive: true });
+        const gkCase = path.join(caseDir, '.gitkeep');
+        const gkEvo  = path.join(evoDir, '.gitkeep');
+        if (!fs.existsSync(gkCase)) fs.writeFileSync(gkCase, '');
+        if (!fs.existsSync(gkEvo))  fs.writeFileSync(gkEvo,  '');
+    }
+
     // Count what we're installing
     const totalFiles = countDir(agentSrc);
     log(`  ${c('gray','▸')} Scanning ${c('white', String(totalFiles))} files  ${c('gray','→')}  ${c('gray', agentDest)}`);
@@ -436,6 +461,60 @@ function cmdUpdate(flags) {
     cmdInit(flags);
 }
 
+
+function cmdLearn(flags) {
+    const targetDir = flags.path ? path.resolve(flags.path) : process.cwd();
+    const agentDest = path.join(targetDir, '.agent');
+
+    if (!fs.existsSync(agentDest)) {
+        err('.agent/ not found. Run: npx tribunal-kit init');
+        process.exit(1);
+    }
+
+    banner();
+
+    const W     = 62;
+    const title = '  Tribunal Learn — Supreme Court Mode';
+    const trail = ' '.repeat(Math.max(0, W - title.length));
+    console.log(`  ${c('cyan', '\u2554' + '\u2550'.repeat(W) + '\u2557')}`);
+    console.log(`  ${c('cyan', '\u2551')}${c('bold', c('white', title))}${trail}${c('cyan', '\u2551')}`);
+    console.log(`  ${c('cyan', '\u255a' + '\u2550'.repeat(W) + '\u255d')}`);
+    console.log();
+
+    const dryRun  = flags.dryRun ? '--dry-run' : '';
+    const useHead = flags.head   ? '--head'    : '';
+    const python  = process.platform === 'win32' ? 'python' : 'python3';
+    const { execSync } = require('child_process');
+
+    // Phase 1: Skill Evolution
+    log(`  ${c('cyan', '\u229b')} ${bold('Phase 1')} \u2014 Skill Evolution Forge (auto-generating project idioms)`);
+    const evoScript = path.join(agentDest, 'scripts', 'skill_evolution.py');
+    if (!fs.existsSync(evoScript)) {
+        warn('skill_evolution.py not found \u2014 run: npx tribunal-kit update');
+    } else {
+        try {
+            const cmd = `${python} "${evoScript}" digest ${dryRun} ${useHead}`.trim();
+            execSync(cmd, { stdio: 'inherit', cwd: targetDir });
+        } catch (e) {
+            warn(`Skill Evolution error: ${e.message}`);
+        }
+    }
+
+    console.log();
+
+    // Phase 2: Case Law prompt
+    log(`  ${c('cyan', '\u229b')} ${bold('Phase 2')} \u2014 Case Law Engine (building precedence record)`);
+    console.log();
+    log(`  ${c('gray','\u25b8')} Record a new rejection precedent:`);
+    log(`    ${c('white', 'npx tribunal-kit case add')}`);
+    console.log();
+    log(`  ${c('gray','\u25b8')} Search existing case law:`);
+    log(`    ${c('white', 'npx tribunal-kit case search "your query"')}`);
+    console.log();
+    log(`  ${c('green', '\u2714')} ${bold('Learn cycle complete.')} Your Tribunal grows smarter with every commit.`);
+    console.log();
+}
+
 // ── Async Main Wrapper ───────────────────────────────────
 async function runWithUpdateCheck(command, flags) {
     const shouldSkip = flags.skipUpdateCheck || process.env.TK_SKIP_UPDATE_CHECK === '1';
@@ -460,6 +539,15 @@ async function runWithUpdateCheck(command, flags) {
         case 'status':
             cmdStatus(flags);
             break;
+        case 'learn':
+            cmdLearn(flags);
+            break;
+        case 'case':
+            cmdCase(flags);
+            break;
+        case 'hook':
+            cmdHook(flags);
+            break;
         case 'help':
         case '--help':
         case '-h':
@@ -474,6 +562,70 @@ async function runWithUpdateCheck(command, flags) {
     }
 }
 
+function cmdCase(flags) {
+    const targetDir = flags.path ? path.resolve(flags.path) : process.cwd();
+    const agentDest = path.join(targetDir, '.agent');
+
+    if (!fs.existsSync(agentDest)) {
+        err('.agent/ not found. Run: npx tribunal-kit init');
+        process.exit(1);
+    }
+
+    const args = process.argv.slice(3).join(' ');
+    if (!args || args === 'help' || args === '--help' || args === '-h') {
+        banner();
+        log(`  ${c('cyan', '\u2554' + '\u2550'.repeat(60) + '\u2557')}`);
+        log(`  ${c('cyan', '\u2551')}${c('bold', c('white', '  Tribunal Case Law Engine \u2014 Supreme Court             '))}${c('cyan', '\u2551')}`);
+        log(`  ${c('cyan', '\u255a' + '\u2550'.repeat(60) + '\u255d')}`);
+        console.log();
+        log(`  ${c('cyan', 'add'.padEnd(10))}  ${c('gray', 'Record a new Case Law rejection pattern')}`);
+        log(`  ${c('cyan', 'search'.padEnd(10))}  ${c('gray', 'Search existing cases (e.g., search "query")')}`);
+        log(`  ${c('cyan', 'list'.padEnd(10))}  ${c('gray', 'List all recorded case law')}`);
+        console.log();
+        process.exit(1);
+    }
+
+    const python  = process.platform === 'win32' ? 'python' : 'python3';
+    const caseLawScript = path.join(agentDest, 'scripts', 'case_law_manager.py');
+
+    // Make shorthand aliases
+    let pyArgs = args;
+    if (pyArgs.startsWith('add')) pyArgs = pyArgs.replace(/^add/, 'add-case');
+    if (pyArgs.startsWith('search')) pyArgs = pyArgs.replace(/^search/, 'search-cases');
+
+    try {
+        const { execSync } = require('child_process');
+        execSync(`${python} "${caseLawScript}" ${pyArgs}`, { stdio: 'inherit', cwd: targetDir });
+    } catch (e) {
+        process.exit(1); // Script already prints errors
+    }
+}
+
+function cmdHook(flags) {
+    const targetDir = flags.path ? path.resolve(flags.path) : process.cwd();
+    const gitDir = path.join(targetDir, '.git');
+    
+    if (!fs.existsSync(gitDir)) {
+        err('Not a git repository. Cannot install git hooks here.');
+        process.exit(1);
+    }
+    
+    const hooksDir = path.join(gitDir, 'hooks');
+    if (!fs.existsSync(hooksDir)) {
+        fs.mkdirSync(hooksDir, { recursive: true });
+    }
+    
+    const prePushPath = path.join(hooksDir, 'pre-push');
+    const hookScript = `#!/bin/sh\n# Supreme Court - Auto Learn on Push\necho "⚖️  Tribunal Supreme Court: Evolving Skills..."\nnpx tribunal-kit learn --head\n`;
+    
+    fs.writeFileSync(prePushPath, hookScript, { mode: 0o755 });
+    
+    console.log();
+    log(`  ${c('green', '✔')} Installed pre-push git hook.`);
+    log(`  ${c('gray', '▸')} Skill Evolution will now run automatically every time you git push.`);
+    console.log();
+}
+
 function cmdStatus(flags) {
     const targetDir = flags.path ? path.resolve(flags.path) : process.cwd();
     const agentDest = path.join(targetDir, '.agent');
@@ -515,6 +667,9 @@ function cmdHelp() {
     log(cmd('init',   'Install .agent/ into current project'));
     log(cmd('update', 'Re-install to get latest version'));
     log(cmd('status', 'Check if .agent/ is installed'));
+    log(cmd('learn',  'Evolve project idioms based on git diffs'));
+    log(cmd('case',   'Manage Case Law precedents (add, search, list)'));
+    log(cmd('hook',   'Install pre-push git hook for auto-learning'));
     console.log();
     log(bold('  Options'));
     log(`  ${c('gray','─'.repeat(40))}`);
@@ -523,6 +678,7 @@ function cmdHelp() {
     log(opt('--quiet',              'Suppress all output'));
     log(opt('--dry-run',            'Preview actions without executing'));
     log(opt('--skip-update-check',  'Skip auto-update version check'));
+    log(opt('--head',               '(learn) Diff against last commit instead of staged'));
     console.log();
     log(bold('  Examples'));
     log(`  ${c('gray','─'.repeat(40))}`);
@@ -532,6 +688,13 @@ function cmdHelp() {
     log(ex('npx tribunal-kit init --dry-run'));
     log(ex('npx tribunal-kit update'));
     log(ex('npx tribunal-kit status'));
+    log(ex('npx tribunal-kit learn'));
+    log(ex('npx tribunal-kit learn --dry-run'));
+    log(ex('npx tribunal-kit learn --head'));
+    log(ex('npx tribunal-kit case add'));
+    log(ex('npx tribunal-kit case search "useEffect"'));
+    log(ex('npx tribunal-kit case list'));
+    log(ex('npx tribunal-kit hook'));
     console.log();
 }
 
@@ -541,8 +704,8 @@ const { command, flags } = parseArgs(process.argv);
 if (flags.quiet) quiet = true;
 
 runWithUpdateCheck(command, flags);
-
-// -- Exports (for testing) -- do not remove
-if (require.main !== module) {
-  module.exports = { parseArgs, compareSemver, copyDir, countDir, isSelfInstall };
+
+// -- Exports (for testing) -- do not remove
+if (require.main !== module) {
+  module.exports = { parseArgs, compareSemver, copyDir, countDir, isSelfInstall };
 }

package/package.json

@@ -1,17 +1,38 @@
 {
     "name": "tribunal-kit",
-    "version": "3.0.0",
-    "description": "Anti-Hallucination AI Agent Kit — 33 specialist agents, 25 slash commands, Swarm/Supervisor engine, and Tribunal review pipeline for Cursor, Windsurf, and Antigravity.",
+    "version": "4.0.0",
+    "description": "Anti-Hallucination AI Agent Kit — 34 specialist agents, 26 slash commands, Swarm/Supervisor engine, and Supreme Court Tribunal review pipeline.",
     "keywords": [
         "ai",
+        "ai-agent",
         "agent",
+        "agents",
+        "multi-agent",
+        "agentic",
+        "swarm",
+        "orchestration",
+        "llm",
+        "anti-hallucination",
         "hallucination",
+        "code-review",
+        "code-quality",
         "cursor",
+        "cursor-rules",
+        "cursorrules",
         "windsurf",
+        "copilot",
+        "cline",
+        "gemini",
         "antigravity",
         "tribunal",
-        "code-review",
-        "llm"
+        "mcp",
+        "model-context-protocol",
+        "cli",
+        "devtools",
+        "ai-coding",
+        "autonomous-agents",
+        "coding-assistant",
+        "automation"
     ],
     "homepage": "https://github.com/Harmitx7/tribunal-kit",
     "repository": {

package/.agent/skills/api-patterns/api-style.md

@@ -1,42 +0,0 @@
-# API Style Selection (2025)
-
-> REST vs GraphQL vs tRPC - Hangi durumda hangisi?
-
-## Decision Tree
-
-```
-Who are the API consumers?
-│
-├── Public API / Multiple platforms
-│   └── REST + OpenAPI (widest compatibility)
-│
-├── Complex data needs / Multiple frontends
-│   └── GraphQL (flexible queries)
-│
-├── TypeScript frontend + backend (monorepo)
-│   └── tRPC (end-to-end type safety)
-│
-├── Real-time / Event-driven
-│   └── WebSocket + AsyncAPI
-│
-└── Internal microservices
-    └── gRPC (performance) or REST (simplicity)
-```
-
-## Comparison
-
-| Factor | REST | GraphQL | tRPC |
-|--------|------|---------|------|
-| **Best for** | Public APIs | Complex apps | TS monorepos |
-| **Learning curve** | Low | Medium | Low (if TS) |
-| **Over/under fetching** | Common | Solved | Solved |
-| **Type safety** | Manual (OpenAPI) | Schema-based | Automatic |
-| **Caching** | HTTP native | Complex | Client-based |
-
-## Selection Questions
-
-1. Who are the API consumers?
-2. Is the frontend TypeScript?
-3. How complex are the data relationships?
-4. Is caching critical?
-5. Public or internal API?

package/.agent/skills/api-patterns/auth.md

@@ -1,24 +0,0 @@
-# Authentication Patterns
-
-> Choose auth pattern based on use case.
-
-## Selection Guide
-
-| Pattern | Best For |
-|---------|----------|
-| **JWT** | Stateless, microservices |
-| **Session** | Traditional web, simple |
-| **OAuth 2.0** | Third-party integration |
-| **API Keys** | Server-to-server, public APIs |
-| **Passkey** | Modern passwordless (2025+) |
-
-## JWT Principles
-
-```
-Important:
-├── Always verify signature
-├── Check expiration
-├── Include minimal claims
-├── Use short expiry + refresh tokens
-└── Never store sensitive data in JWT
-```

package/.agent/skills/api-patterns/documentation.md

@@ -1,26 +0,0 @@
-# API Documentation Principles
-
-> Good docs = happy developers = API adoption.
-
-## OpenAPI/Swagger Essentials
-
-```
-Include:
-├── All endpoints with examples
-├── Request/response schemas
-├── Authentication requirements
-├── Error response formats
-└── Rate limiting info
-```
-
-## Good Documentation Has
-
-```
-Essentials:
-├── Quick start / Getting started
-├── Authentication guide
-├── Complete API reference
-├── Error handling guide
-├── Code examples (multiple languages)
-└── Changelog
-```

package/.agent/skills/api-patterns/graphql.md

@@ -1,41 +0,0 @@
-# GraphQL Principles
-
-> Flexible queries for complex, interconnected data.
-
-## When to Use
-
-```
-✅ Good fit:
-├── Complex, interconnected data
-├── Multiple frontend platforms
-├── Clients need flexible queries
-├── Evolving data requirements
-└── Reducing over-fetching matters
-
-❌ Poor fit:
-├── Simple CRUD operations
-├── File upload heavy
-├── HTTP caching important
-└── Team unfamiliar with GraphQL
-```
-
-## Schema Design Principles
-
-```
-Principles:
-├── Think in graphs, not endpoints
-├── Design for evolvability (no versions)
-├── Use connections for pagination
-├── Be specific with types (not generic "data")
-└── Handle nullability thoughtfully
-```
-
-## Security Considerations
-
-```
-Protect against:
-├── Query depth attacks → Set max depth
-├── Query complexity → Calculate cost
-├── Batching abuse → Limit batch size
-├── Introspection → Disable in production
-```

package/.agent/skills/api-patterns/rate-limiting.md

@@ -1,31 +0,0 @@
-# Rate Limiting Principles
-
-> Protect your API from abuse and overload.
-
-## Why Rate Limit
-
-```
-Protect against:
-├── Brute force attacks
-├── Resource exhaustion
-├── Cost overruns (if pay-per-use)
-└── Unfair usage
-```
-
-## Strategy Selection
-
-| Type | How | When |
-|------|-----|------|
-| **Token bucket** | Burst allowed, refills over time | Most APIs |
-| **Sliding window** | Smooth distribution | Strict limits |
-| **Fixed window** | Simple counters per window | Basic needs |
-
-## Response Headers
-
-```
-Include in headers:
-├── X-RateLimit-Limit (max requests)
-├── X-RateLimit-Remaining (requests left)
-├── X-RateLimit-Reset (when limit resets)
-└── Return 429 when exceeded
-```

package/.agent/skills/api-patterns/response.md

@@ -1,37 +0,0 @@
-# Response Format Principles
-
-> Consistency is key - choose a format and stick to it.
-
-## Common Patterns
-
-```
-Choose one:
-├── Envelope pattern ({ success, data, error })
-├── Direct data (just return the resource)
-└── HAL/JSON:API (hypermedia)
-```
-
-## Error Response
-
-```
-Include:
-├── Error code (for programmatic handling)
-├── User message (for display)
-├── Details (for debugging, field-level errors)
-├── Request ID (for support)
-└── NOT internal details (security!)
-```
-
-## Pagination Types
-
-| Type | Best For | Trade-offs |
-|------|----------|------------|
-| **Offset** | Simple, jumpable | Performance on large datasets |
-| **Cursor** | Large datasets | Can't jump to page |
-| **Keyset** | Performance critical | Requires sortable key |
-
-### Selection Questions
-
-1. How large is the dataset?
-2. Do users need to jump to specific pages?
-3. Is data frequently changing?

package/.agent/skills/api-patterns/rest.md

@@ -1,40 +0,0 @@
-# REST Principles
-
-> Resource-based API design - nouns not verbs.
-
-## Resource Naming Rules
-
-```
-Principles:
-├── Use NOUNS, not verbs (resources, not actions)
-├── Use PLURAL forms (/users not /user)
-├── Use lowercase with hyphens (/user-profiles)
-├── Nest for relationships (/users/123/posts)
-└── Keep shallow (max 3 levels deep)
-```
-
-## HTTP Method Selection
-
-| Method | Purpose | Idempotent? | Body? |
-|--------|---------|-------------|-------|
-| **GET** | Read resource(s) | Yes | No |
-| **POST** | Create new resource | No | Yes |
-| **PUT** | Replace entire resource | Yes | Yes |
-| **PATCH** | Partial update | No | Yes |
-| **DELETE** | Remove resource | Yes | No |
-
-## Status Code Selection
-
-| Situation | Code | Why |
-|-----------|------|-----|
-| Success (read) | 200 | Standard success |
-| Created | 201 | New resource created |
-| No content | 204 | Success, nothing to return |
-| Bad request | 400 | Malformed request |
-| Unauthorized | 401 | Missing/invalid auth |
-| Forbidden | 403 | Valid auth, no permission |
-| Not found | 404 | Resource doesn't exist |
-| Conflict | 409 | State conflict (duplicate) |
-| Validation error | 422 | Valid syntax, invalid data |
-| Rate limited | 429 | Too many requests |
-| Server error | 500 | Our fault |

package/.agent/skills/api-patterns/security-testing.md

@@ -1,122 +0,0 @@
-# API Security Testing
-
-> Principles for testing API security. OWASP API Top 10, authentication, authorization testing.
-
----
-
-## OWASP API Security Top 10
-
-| Vulnerability | Test Focus |
-|---------------|------------|
-| **API1: BOLA** | Access other users' resources |
-| **API2: Broken Auth** | JWT, session, credentials |
-| **API3: Property Auth** | Mass assignment, data exposure |
-| **API4: Resource Consumption** | Rate limiting, DoS |
-| **API5: Function Auth** | Admin endpoints, role bypass |
-| **API6: Business Flow** | Logic abuse, automation |
-| **API7: SSRF** | Internal network access |
-| **API8: Misconfiguration** | Debug endpoints, CORS |
-| **API9: Inventory** | Shadow APIs, old versions |
-| **API10: Unsafe Consumption** | Third-party API trust |
-
----
-
-## Authentication Testing
-
-### JWT Testing
-
-| Check | What to Test |
-|-------|--------------|
-| Algorithm | None, algorithm confusion |
-| Secret | Weak secrets, brute force |
-| Claims | Expiration, issuer, audience |
-| Signature | Manipulation, key injection |
-
-### Session Testing
-
-| Check | What to Test |
-|-------|--------------|
-| Generation | Predictability |
-| Storage | Client-side security |
-| Expiration | Timeout enforcement |
-| Invalidation | Logout effectiveness |
-
----
-
-## Authorization Testing
-
-| Test Type | Approach |
-|-----------|----------|
-| **Horizontal** | Access peer users' data |
-| **Vertical** | Access higher privilege functions |
-| **Context** | Access outside allowed scope |
-
-### BOLA/IDOR Testing
-
-1. Identify resource IDs in requests
-2. Capture request with user A's session
-3. Replay with user B's session
-4. Check for unauthorized access
-
----
-
-## Input Validation Testing
-
-| Injection Type | Test Focus |
-|----------------|------------|
-| SQL | Query manipulation |
-| NoSQL | Document queries |
-| Command | System commands |
-| LDAP | Directory queries |
-
-**Approach:** Test all parameters, try type coercion, test boundaries, check error messages.
-
----
-
-## Rate Limiting Testing
-
-| Aspect | Check |
-|--------|-------|
-| Existence | Is there any limit? |
-| Bypass | Headers, IP rotation |
-| Scope | Per-user, per-IP, global |
-
-**Bypass techniques:** X-Forwarded-For, different HTTP methods, case variations, API versioning.
-
----
-
-## GraphQL Security
-
-| Test | Focus |
-|------|-------|
-| Introspection | Schema disclosure |
-| Batching | Query DoS |
-| Nesting | Depth-based DoS |
-| Authorization | Field-level access |
-
----
-
-## Security Testing Checklist
-
-**Authentication:**
-- [ ] Test for bypass
-- [ ] Check credential strength
-- [ ] Verify token security
-
-**Authorization:**
-- [ ] Test BOLA/IDOR
-- [ ] Check privilege escalation
-- [ ] Verify function access
-
-**Input:**
-- [ ] Test all parameters
-- [ ] Check for injection
-
-**Config:**
-- [ ] Check CORS
-- [ ] Verify headers
-- [ ] Test error handling
-
----
-
-> **Remember:** APIs are the backbone of modern apps. Test them like attackers will.