tribunal-kit 4.2.0 → 4.3.1

package/.agent/skills/webapp-testing/SKILL.md

@@ -121,7 +121,7 @@ describe('calculateTax()', () => {
 
 ---
 
-## 🤖 LLM-Specific Traps
+
 
 AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
 
@@ -133,7 +133,7 @@ AI coding assistants often fall into specific bad habits when dealing with this
 
 ---
 
-## 🏛️ Tribunal Integration (Anti-Hallucination)
+
 
 **Slash command: `/review` or `/tribunal-full`**
 **Active reviewers: `logic-reviewer` · `security-auditor`**
@@ -144,7 +144,7 @@ AI coding assistants often fall into specific bad habits when dealing with this
 2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
 3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
 
-### ✅ Pre-Flight Self-Audit
+
 
 Review these questions before confirming output:
 ```
@@ -158,4 +158,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/skills/whimsy-injector/SKILL.md

@@ -277,7 +277,7 @@ Every file with animations MUST include:
 
 ---
 
-## 🤖 LLM-Specific Traps
+
 
 AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
 
@@ -289,7 +289,7 @@ AI coding assistants often fall into specific bad habits when dealing with this
 
 ---
 
-## 🏛️ Tribunal Integration (Anti-Hallucination)
+
 
 **Slash command: `/review` or `/tribunal-full`**
 **Active reviewers: `logic-reviewer` · `security-auditor`**
@@ -300,7 +300,7 @@ AI coding assistants often fall into specific bad habits when dealing with this
 2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
 3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
 
-### ✅ Pre-Flight Self-Audit
+
 
 Review these questions before confirming output:
 ```
@@ -314,4 +314,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/skills/workflow-optimizer/SKILL.md

@@ -181,7 +181,7 @@ Before analyzing, check for these common quick wins:
 
 ---
 
-## 🤖 LLM-Specific Traps
+
 
 AI coding assistants often fall into specific bad habits when dealing with this domain. These are strictly forbidden:
 
@@ -193,7 +193,7 @@ AI coding assistants often fall into specific bad habits when dealing with this
 
 ---
 
-## 🏛️ Tribunal Integration (Anti-Hallucination)
+
 
 **Slash command: `/review` or `/tribunal-full`**
 **Active reviewers: `logic-reviewer` · `security-auditor`**
@@ -204,7 +204,7 @@ AI coding assistants often fall into specific bad habits when dealing with this
 2. **Silent Degradation:** Catching and suppressing errors without logging or handling.
 3. **Context Amnesia:** Forgetting the user's constraints and offering generic advice instead of tailored solutions.
 
-### ✅ Pre-Flight Self-Audit
+
 
 Review these questions before confirming output:
 ```
@@ -218,4 +218,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/workflows/audit.md

@@ -26,25 +26,25 @@ Security failures early in the pipeline halt subsequent steps. Lint/test failure
 
 ```
 Priority 1 — Security (HALT if critical finding)
-  python .agent/scripts/security_scan.py .
+  node .agent/scripts/security_scan.js .
 
 Priority 2 — Dependencies (HALT if exploitable CVE found)
-  python .agent/scripts/dependency_analyzer.py . --audit
+  node .agent/scripts/dependency_analyzer.js . --audit
 
 Priority 3 — Type Checking (CONTINUE but flag)
   npx tsc --noEmit
 
 Priority 4 — Lint (CONTINUE but flag as deployment blocker)
-  python .agent/scripts/lint_runner.py .
+  node .agent/scripts/lint_runner.js .
 
 Priority 5 — Schema Validation (CONTINUE but flag)
-  python .agent/scripts/schema_validator.py .
+  node .agent/scripts/schema_validator.js .
 
 Priority 6 — Tests (CONTINUE but mark incomplete)
-  python .agent/scripts/test_runner.py . --coverage
+  node .agent/scripts/test_runner.js . --coverage
 
 Priority 7 — Bundle Analysis (INFORM only)
-  python .agent/scripts/bundle_analyzer.py . --build
+  node .agent/scripts/bundle_analyzer.js . --build
 ```
 
 ### Cascade Failure Rules

package/.agent/workflows/deploy.md

@@ -34,7 +34,7 @@ Every step is logged. Every step has a rollback path. No surprises.
 # T-minus safety sequence (in exact order)
 
 # 1. Security: halt on critical
-python .agent/scripts/security_scan.py . --level=critical
+node .agent/scripts/security_scan.js . --level=critical
 
 # 2. Dependencies: no exploitable CVEs
 npm audit --audit-level=high

package/.agent/workflows/generate.md

@@ -25,6 +25,14 @@ $ARGUMENTS
 Your request
     │
     ▼
+[Phase 6] Context Broker — Skill Selection
+├── Scores all 90+ skills against your task keywords
+├── Level 0 (Essential): top skills — full content, injected first
+├── Level 1 (Supplementary): medium relevance — key rules only
+├── Level 2 (Available): listed for reference only
+└── Large models: Essential + Supplementary | Small models: Essential only
+    │
+    ▼
 Context scan (MANDATORY before first line of code)
 ├── Read package.json → verify all imports exist
 ├── Read tsconfig.json → understand strictness, paths aliases
@@ -39,7 +47,17 @@ Maker generates at temperature 0.1
 └── No full application generation — modules only
     │
     ▼
-Reviewers run in parallel (auto-selected by keyword)
+[Phase 6] Inner-Loop Validator (AUTO — runs before you see the code)
+├── Scans generated snippet for OWASP patterns (critical/high/medium/low)
+├── Runs structural heuristics (empty catch, throw strings, env without fallback)
+├── Verdict: APPROVED / WARNING / REJECTED
+│   ├── APPROVED → continues to Tribunal Review
+│   ├── WARNING  → noted, continues with flag
+│   └── REJECTED → Maker auto-corrects (up to 2 inner-loop attempts)
+└── Only clean code reaches the Tribunal reviewers
+    │
+    ▼
+Tribunal Reviewers run in parallel (auto-selected by keyword)
     │
     ▼
 Human Gate — verdicts shown + unified diff
@@ -84,13 +102,14 @@ security-auditor   → OWASP vulnerabilities, hardcoded secrets, injection
 |:---|:---|
 | `api`, `route`, `endpoint`, `handler`, `server action` | `dependency-reviewer` + `type-safety-reviewer` |
 | `sql`, `query`, `database`, `prisma`, `drizzle`, `orm` | `sql-reviewer` |
-| `component`, `hook`, `react`, `vue`, `jsx`, `tsx` | `frontend-reviewer` + `type-safety-reviewer` |
-| `animation`, `gsap`, `framer`, `motion`, `scroll` | `frontend-reviewer` + `performance-reviewer` |
+| `component`, `hook`, `react`, `vue`, `jsx`, `tsx` | `frontend-reviewer` + `type-safety-reviewer` + `ui-ux-auditor` |
+| `ui`, `design`, `landing`, `page`, `layout`, `style`, `css` | `ui-ux-auditor` + `accessibility-reviewer` |
+| `animation`, `gsap`, `framer`, `motion`, `scroll` | `frontend-reviewer` + `performance-reviewer` + `ui-ux-auditor` |
 | `test`, `spec`, `vitest`, `jest`, `playwright` | `test-coverage-reviewer` |
 | `slow`, `optimize`, `cache`, `performance`, `bundle` | `performance-reviewer` |
 | `mobile`, `react native`, `expo` | `mobile-reviewer` |
 | `llm`, `openai`, `anthropic`, `gemini`, `embedding`, `ai` | `ai-code-reviewer` |
-| `aria`, `wcag`, `a11y`, `accessibility` | `accessibility-reviewer` |
+| `aria`, `wcag`, `a11y`, `accessibility` | `accessibility-reviewer` + `ui-ux-auditor` |
 | `import`, `package`, `npm`, `require` | `dependency-reviewer` |
 
 > For maximum safety on critical code: use `/tribunal-full` for all 11 reviewers simultaneously.
@@ -136,8 +155,6 @@ Write to disk?  Y = approve | N = discard | R = revise with feedback
 
 ---
 
-## Cross-Workflow Navigation
-
 | After /generate shows... | Go to |
 |:---|:---|
 | Multiple files need changing | `/enhance` for impact-zone analysis |

package/.agent/workflows/session.md

@@ -23,11 +23,11 @@ $ARGUMENTS
 ## Execution
 
 ```bash
-python .agent/scripts/session_manager.py save
-python .agent/scripts/session_manager.py restore
-python .agent/scripts/session_manager.py status
-python .agent/scripts/session_manager.py new
-python .agent/scripts/session_manager.py list
+node .agent/scripts/session_manager.js save
+node .agent/scripts/session_manager.js restore
+node .agent/scripts/session_manager.js status
+node .agent/scripts/session_manager.js new
+node .agent/scripts/session_manager.js list
 ```
 
 ---

package/.agent/workflows/swarm.md

@@ -1,5 +1,5 @@
 ---
-description: Multi-Agent Swarm Orchestration. Supervisor decomposes a complex goal into sub-tasks, dispatches to specialist Workers via structured JSON contracts, collects results via allSettled fan-in, and synthesizes a unified deliverable. Validates payloads via swarm_dispatcher.py before dispatch.
+description: Multi-Agent Swarm Orchestration. Supervisor decomposes a complex goal into sub-tasks, dispatches to specialist Workers via structured JSON contracts, collects results via allSettled fan-in, and synthesizes a unified deliverable. Validates payloads via swarm_dispatcher.js before dispatch.
 ---
 
 # /swarm — Multi-Agent Swarm Execution
@@ -69,7 +69,7 @@ Every worker receives a structured JSON contract (not natural language):
 Before dispatching, validate all worker contracts:
 
 ```bash
-python .agent/scripts/swarm_dispatcher.py --file payload.json
+node .agent/scripts/swarm_dispatcher.js --file payload.json
 ```
 
 If validation passes → dispatch workers in parallel.