tribunal-kit 4.3.0 → 4.4.0

package/.agent/skills/intelligent-routing/SKILL.md

@@ -164,35 +164,35 @@ This file contains all available skills and workflows as a condensed index for t
 |`web-design-guidelines`|Review UI code for Next-Generation Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".|
 |`webapp-testing`|Web application testing principles. E2E, Playwright, deep audit strategies.|
 |`whimsy-injector`|Micro-delight generator for frontend interfaces. Suggests and implements subtle animations, playful transitions, and interaction polish across any frontend stack.|
-|`workflow-optimizer`|Analyzes agent tool-calling patterns and task execution efficiency to suggest process improvements.|
-|`api-architect`|API contract design agent. Builds robust REST/GraphQL/tRPC endpoints with RFC 9457 error formats, idempotency, pagination, and versioning. Use when designing new API routes or reviewing API contracts.|
-|`resilience-reviewer`|Fault tolerance reviewer. Audits for swallowed errors, naked Promises, missing retries/timeouts, absent circuit breakers, and missing React error boundaries. Use when reviewing backend or full-stack code for reliability.|
-|`schema-reviewer`|Input validation reviewer. Enforces strict Zod/Pydantic validation at all trust boundaries (API, env, query params). Catches `z.any()`, missing `.parse()`, and unvalidated external data. Use when reviewing data ingestion or API input handling.|
-|`gsap-core`|GSAP core animation API — gsap.to(), from(), fromTo(), easing, stagger, defaults, matchMedia(). Use for JavaScript animation with GSAP.|
-|`gsap-scrolltrigger`|GSAP ScrollTrigger plugin — scroll-driven animations, pinning, snapping. Use when building scroll-linked animation.|
-|`gsap-timeline`|GSAP timeline sequencing — Timeline API, position parameters, labels, nesting. Use for multi-step animation choreography.|
-|`gsap-react`|GSAP in React — useGSAP hook, ref-based targeting, cleanup, context scoping. Use when animating React components with GSAP.|
-|`gsap-plugins`|GSAP plugins — Flip, Draggable, MorphSVG, SplitText, MotionPath, DrawSVG. Use for advanced GSAP effects.|
-|`gsap-performance`|GSAP performance — will-change, GPU compositing, lazy MediaQuery, reduced motion. Use when optimizing GSAP animations.|
-|`gsap-utils`|GSAP utility methods — toArray, clamp, mapRange, interpolate, distribute. Use for GSAP helper functions.|
-|`gsap-frameworks`|GSAP framework integration — Vue, Svelte, Astro, Angular, Webflow. Use when integrating GSAP outside React.|
-|`error-resilience`|Error resilience patterns. Retry strategies, circuit breakers, graceful degradation, timeout policies.|
-|`data-validation-schemas`|Data validation with Zod, Pydantic, and JSON Schema. Use when building validation layers.|
-|`monorepo-management`|Monorepo tooling and workspace management. Turborepo, Nx, pnpm workspaces.|
-|`typescript-advanced`|Advanced TypeScript patterns. Generics, conditional types, template literals, discriminated unions.|
-|`game-developer`|Game development orchestrator. Routes to platform-specific skills (Unity/C#, Godot/GDScript, WebGL). Use when building games or game engines.|
-|`documentation-writer`|Technical documentation specialist. README files, API docs, code comments, architecture docs, and AI-friendly documentation. Use when writing or reviewing documentation.|
-|`test-engineer`|Test generation and strategy specialist. Creates tests using the Testing Trophy (unit → integration → E2E). Use when generating tests or designing test architecture.|
-|`qa-automation-engineer`|QA automation specialist. End-to-end testing pipelines, Playwright/Cypress configuration, CI test integration, visual regression. Use when building automated QA systems.|
-|`code-archaeologist`|Legacy code exploration specialist. Navigates unfamiliar codebases, identifies patterns, maps dependencies, documents tribal knowledge. Use when exploring or understanding legacy code.|
-|`project-planner`|Project planning specialist. 4-phase methodology (Analyze → Plan → Solution → Implement). Use when planning features, roadmaps, or multi-step implementations.|
-|`product-manager`|Product strategy specialist. Feature prioritization, roadmap planning, stakeholder alignment, competitive analysis. Use when making product decisions or prioritizing features.|
-|`product-owner`|User story and backlog management specialist. Writing acceptance criteria, sprint planning, backlog grooming. Use when defining user stories or managing backlogs.|
-|`seo-specialist`|SEO optimization specialist. Technical SEO, meta tags, structured data (JSON-LD), Core Web Vitals impact on search ranking, sitemap/robots configuration. Use when optimizing search visibility.|
-|`throughput-optimizer`|Throughput and latency optimization specialist. Load testing, connection pooling, queue management, batch processing, caching strategies. Use when optimizing system throughput or reducing latency.|
-|`vitals-reviewer`|Core Web Vitals specialist. LCP, CLS, INP measurement and optimization, Lighthouse auditing, real user monitoring. Use when auditing or improving web performance metrics.|
-|`penetration-tester`|Penetration testing and red team specialist. MITRE ATT&CK mapping, attack surface analysis, exploitation paths, vulnerability chaining. Use when pen testing applications or assessing attack surfaces.|
-|`db-latency-auditor`|Database performance specialist. Slow query analysis, EXPLAIN ANALYZE, index optimization, N+1 detection, connection pool tuning. Use when debugging database performance issues.|
+|`workflow-optimizer`|Analyzes agent tool-calling patterns and task execution efficiency to suggest process improvements.|
+|`api-architect`|API contract design agent. Builds robust REST/GraphQL/tRPC endpoints with RFC 9457 error formats, idempotency, pagination, and versioning. Use when designing new API routes or reviewing API contracts.|
+|`resilience-reviewer`|Fault tolerance reviewer. Audits for swallowed errors, naked Promises, missing retries/timeouts, absent circuit breakers, and missing React error boundaries. Use when reviewing backend or full-stack code for reliability.|
+|`schema-reviewer`|Input validation reviewer. Enforces strict Zod/Pydantic validation at all trust boundaries (API, env, query params). Catches `z.any()`, missing `.parse()`, and unvalidated external data. Use when reviewing data ingestion or API input handling.|
+|`gsap-core`|GSAP core animation API — gsap.to(), from(), fromTo(), easing, stagger, defaults, matchMedia(). Use for JavaScript animation with GSAP.|
+|`gsap-scrolltrigger`|GSAP ScrollTrigger plugin — scroll-driven animations, pinning, snapping. Use when building scroll-linked animation.|
+|`gsap-timeline`|GSAP timeline sequencing — Timeline API, position parameters, labels, nesting. Use for multi-step animation choreography.|
+|`gsap-react`|GSAP in React — useGSAP hook, ref-based targeting, cleanup, context scoping. Use when animating React components with GSAP.|
+|`gsap-plugins`|GSAP plugins — Flip, Draggable, MorphSVG, SplitText, MotionPath, DrawSVG. Use for advanced GSAP effects.|
+|`gsap-performance`|GSAP performance — will-change, GPU compositing, lazy MediaQuery, reduced motion. Use when optimizing GSAP animations.|
+|`gsap-utils`|GSAP utility methods — toArray, clamp, mapRange, interpolate, distribute. Use for GSAP helper functions.|
+|`gsap-frameworks`|GSAP framework integration — Vue, Svelte, Astro, Angular, Webflow. Use when integrating GSAP outside React.|
+|`error-resilience`|Error resilience patterns. Retry strategies, circuit breakers, graceful degradation, timeout policies.|
+|`data-validation-schemas`|Data validation with Zod, Pydantic, and JSON Schema. Use when building validation layers.|
+|`monorepo-management`|Monorepo tooling and workspace management. Turborepo, Nx, pnpm workspaces.|
+|`typescript-advanced`|Advanced TypeScript patterns. Generics, conditional types, template literals, discriminated unions.|
+|`game-developer`|Game development orchestrator. Routes to platform-specific skills (Unity/C#, Godot/GDScript, WebGL). Use when building games or game engines.|
+|`documentation-writer`|Technical documentation specialist. README files, API docs, code comments, architecture docs, and AI-friendly documentation. Use when writing or reviewing documentation.|
+|`test-engineer`|Test generation and strategy specialist. Creates tests using the Testing Trophy (unit → integration → E2E). Use when generating tests or designing test architecture.|
+|`qa-automation-engineer`|QA automation specialist. End-to-end testing pipelines, Playwright/Cypress configuration, CI test integration, visual regression. Use when building automated QA systems.|
+|`code-archaeologist`|Legacy code exploration specialist. Navigates unfamiliar codebases, identifies patterns, maps dependencies, documents tribal knowledge. Use when exploring or understanding legacy code.|
+|`project-planner`|Project planning specialist. 4-phase methodology (Analyze → Plan → Solution → Implement). Use when planning features, roadmaps, or multi-step implementations.|
+|`product-manager`|Product strategy specialist. Feature prioritization, roadmap planning, stakeholder alignment, competitive analysis. Use when making product decisions or prioritizing features.|
+|`product-owner`|User story and backlog management specialist. Writing acceptance criteria, sprint planning, backlog grooming. Use when defining user stories or managing backlogs.|
+|`seo-specialist`|SEO optimization specialist. Technical SEO, meta tags, structured data (JSON-LD), Core Web Vitals impact on search ranking, sitemap/robots configuration. Use when optimizing search visibility.|
+|`throughput-optimizer`|Throughput and latency optimization specialist. Load testing, connection pooling, queue management, batch processing, caching strategies. Use when optimizing system throughput or reducing latency.|
+|`vitals-reviewer`|Core Web Vitals specialist. LCP, CLS, INP measurement and optimization, Lighthouse auditing, real user monitoring. Use when auditing or improving web performance metrics.|
+|`penetration-tester`|Penetration testing and red team specialist. MITRE ATT&CK mapping, attack surface analysis, exploitation paths, vulnerability chaining. Use when pen testing applications or assessing attack surfaces.|
+|`db-latency-auditor`|Database performance specialist. Slow query analysis, EXPLAIN ANALYZE, index optimization, N+1 detection, connection pool tuning. Use when debugging database performance issues.|
 |`ai-code-reviewer`|AI/LLM integration code reviewer. Hallucinated model names, invented API parameters, prompt injection vulnerabilities, missing rate limits, streaming error handling. Use when reviewing code that calls LLM APIs.|
 
 
@@ -235,4 +235,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/skills/knowledge-graph/SKILL.md

@@ -0,0 +1,52 @@
+---
+name: Knowledge Graph Analyzer
+description: Understands the architecture, risk blast radius, and dependencies of the codebase without token bloat. Now includes Context Snapshots for 27x token reduction.
+version: 3.0.0
+---
+
+# /graph — Knowledge Graph Skill v3.0
+
+Use this skill when the user types `/graph` or when you need to deeply understand the architecture of an unfamiliar codebase without suffering from context-window bloat.
+
+## The Token Reduction Protocol (Option C)
+
+**DO NOT READ RAW SOURCE FILES IF A SNAPSHOT EXISTS.**
+Reading raw project files wastes up to 50,000 tokens per edit. You must use the pre-computed Context Snapshots instead. These snapshots contain the file's content, resolved imports, dependent files, and risk scores all in one JSON blob.
+
+## Pre-Flight Checklist
+- [ ] Have I run the Macro Mapper to generate the latest Context Snapshots?
+- [ ] Am I reading from `.agent/history/snapshots/` instead of directly grepping the project?
+- [ ] Have I respected the `blastRadius` before modifying a file?
+
+## Execution Protocol
+
+1. **Step 1: The Macro Map (Blast Radius & Snapshot Engine)**
+   Execute the graph builder to map module boundaries and compute downstream risk scores. This also automatically generates a Context Snapshot for every file.
+   ```bash
+   node .agent/scripts/graph_builder.js
+   ```
+
+2. **Step 2: Read Context Snapshots (MANDATORY)**
+   Instead of using `cat` or `grep` to read a file, read its snapshot. Snapshots are stored in `.agent/history/snapshots/` with slashes replaced by `__`.
+   *Example:* To edit `src/middleware/auth.js`, read `.agent/history/snapshots/src__middleware__auth.js.json`.
+   
+   This gives you:
+   - The full source code of the target file.
+   - The exported symbols of every file it imports.
+   - The list of files that depend on it.
+   - Its exact `riskScore` and `blastRadius`.
+
+3. **Step 3: Interactive Visualization (For Humans)**
+   The user can view a sleek, zero-dependency visualizer of the codebase. You can prompt them to run:
+   ```bash
+   npx tribunal-kit graph
+   ```
+
+4. **Step 4: The Micro Zoom (Legacy Street View)**
+   If a snapshot is unavailable or too large, you can fall back to the zoomer to get its structural skeleton:
+   ```bash
+   node .agent/scripts/graph_zoom.js --focus <path_to_file>
+   ```
+
+## VBC Protocol (Verification-Before-Completion)
+You are explicitly forbidden from guessing or "hallucinating" what functions, props, or variables exist inside a file. You MUST read the Context Snapshot (or use `graph_zoom.js`) to verify a component's exact signature before you attempt to call it, mock it, or rewrite it. Always respect the Blast Radius Risk Score before deleting or mutating files.

package/.agent/skills/lint-and-validate/SKILL.md

@@ -250,4 +250,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/skills/llm-engineering/SKILL.md

@@ -383,4 +383,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/skills/local-first/SKILL.md

@@ -167,4 +167,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.

package/.agent/skills/mcp-builder/SKILL.md

@@ -131,4 +131,12 @@ Review these questions before confirming output:
 
 **CRITICAL:** You must follow a strict "evidence-based closeout" state machine.
 - ❌ **Forbidden:** Declaring a task complete because the output "looks correct."
-- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+- ✅ **Required:** You are explicitly forbidden from finalizing any task without providing **concrete evidence** (terminal output, passing tests, compile success, or equivalent proof) that your output works as intended.
+
+
+## Pre-Flight Checklist
+- [ ] Have I reviewed the user's specific constraints and requests?
+- [ ] Have I checked the environment for relevant existing implementations?
+
+## VBC Protocol (Verification-Before-Completion)
+You MUST verify existing code signatures and variables before attempting to modify or call them. No hallucination is permitted.