vibe-forge 0.3.12 → 0.8.1

package/config/task-types.yaml

@@ -1,106 +1,111 @@
-# Vibe Forge Task Types
-# Used by Forge Master for routing decisions
-
-task_types:
-  frontend:
-    agent: anvil
-    description: "UI components, React/Vue/Svelte, CSS, client-side logic"
-    file_patterns:
-      - "src/components/**"
-      - "src/pages/**"
-      - "src/styles/**"
-      - "*.css"
-      - "*.scss"
-
-  backend:
-    agent: furnace
-    description: "API endpoints, server logic, database operations"
-    file_patterns:
-      - "src/api/**"
-      - "src/services/**"
-      - "src/models/**"
-      - "src/middleware/**"
-      - "prisma/**"
-
-  test:
-    agent: crucible
-    description: "Unit tests, integration tests, E2E tests, bug fixes"
-    file_patterns:
-      - "**/*.test.ts"
-      - "**/*.spec.ts"
-      - "tests/**"
-      - "e2e/**"
-
-  docs:
-    agent: scribe
-    description: "Documentation, README, API docs, inline comments"
-    file_patterns:
-      - "docs/**"
-      - "*.md"
-      - "openapi.yaml"
-
-  review:
-    agent: sentinel
-    description: "Code review, quality checks, PR review"
-    auto_assign: true  # All completed tasks auto-route here
-
-  release:
-    agent: herald
-    description: "Version bumps, changelog, deployment, release notes"
-    file_patterns:
-      - "CHANGELOG.md"
-      - "package.json (version)"
-      - ".github/workflows/**"
-
-  devops:
-    agent: ember
-    description: "Infrastructure, CI/CD, Docker, server management"
-    file_patterns:
-      - "Dockerfile"
-      - "docker-compose.yaml"
-      - ".github/workflows/**"
-      - "terraform/**"
-      - "k8s/**"
-
-  security:
-    agent: aegis
-    description: "Security audit, vulnerability fixes, auth hardening"
-    requires_approval: true  # Needs Planning Hub sign-off
-
-priorities:
-  critical:
-    sla_hours: 0
-    description: "Blocking other work, production issue"
-
-  high:
-    sla_hours: 8
-    description: "Sprint commitment, needed today"
-
-  medium:
-    sla_hours: 40
-    description: "Sprint goal, this sprint"
-
-  low:
-    sla_hours: null
-    description: "Nice to have, when available"
-
-complexity:
-  trivial:
-    estimated_minutes: 15
-    description: "Config change, typo fix"
-
-  low:
-    estimated_minutes: 30
-    description: "Simple function, minor feature"
-
-  medium:
-    estimated_minutes: 60
-    description: "New component, API endpoint"
-
-  high:
-    estimated_minutes: 180
-    description: "Complex feature, refactoring"
-
-  unknown:
-    estimated_minutes: null
-    description: "Needs investigation"
+# Vibe Forge Task Types
+# Used by Planning Hub for routing decisions
+
+task_types:
+  frontend:
+    agent: anvil
+    description: "UI components, React/Vue/Svelte, CSS, client-side logic"
+    file_patterns:
+      - "src/components/**"
+      - "src/pages/**"
+      - "src/styles/**"
+      - "*.css"
+      - "*.scss"
+
+  backend:
+    agent: furnace
+    description: "API endpoints, server logic, database operations"
+    file_patterns:
+      - "src/api/**"
+      - "src/services/**"
+      - "src/models/**"
+      - "src/middleware/**"
+      - "prisma/**"
+
+  test:
+    agent: crucible
+    description: "Unit tests, integration tests, E2E tests, bug fixes"
+    file_patterns:
+      - "**/*.test.ts"
+      - "**/*.spec.ts"
+      - "tests/**"
+      - "e2e/**"
+
+  docs:
+    agent: scribe
+    description: "Documentation, README, API docs, inline comments"
+    file_patterns:
+      - "docs/**"
+      - "*.md"
+      - "openapi.yaml"
+
+  review:
+    agent: sentinel
+    description: "Code review, quality checks, PR review"
+    auto_assign: true  # All completed tasks auto-route here
+
+  release:
+    agent: herald
+    description: "Version bumps, changelog, deployment, release notes"
+    file_patterns:
+      - "CHANGELOG.md"
+      - "package.json (version)"
+      - ".github/workflows/**"
+
+  devops:
+    agent: ember
+    description: "Infrastructure, CI/CD, Docker, server management"
+    file_patterns:
+      - "Dockerfile"
+      - "docker-compose.yaml"
+      - ".github/workflows/**"
+      - "terraform/**"
+      - "k8s/**"
+
+  security:
+    agent: aegis
+    description: "Security audit, vulnerability fixes, auth hardening"
+    requires_approval: true  # Needs Planning Hub sign-off
+
+  redteam:
+    agent: slag
+    description: "Offensive security testing, penetration testing, red team engagements"
+    requires_approval: true  # All red team actions need sign-off
+
+priorities:
+  critical:
+    sla_hours: 0
+    description: "Blocking other work, production issue"
+
+  high:
+    sla_hours: 8
+    description: "Sprint commitment, needed today"
+
+  medium:
+    sla_hours: 40
+    description: "Sprint goal, this sprint"
+
+  low:
+    sla_hours: null
+    description: "Nice to have, when available"
+
+complexity:
+  trivial:
+    estimated_minutes: 15
+    description: "Config change, typo fix"
+
+  low:
+    estimated_minutes: 30
+    description: "Simple function, minor feature"
+
+  medium:
+    estimated_minutes: 60
+    description: "New component, API endpoint"
+
+  high:
+    estimated_minutes: 180
+    description: "Complex feature, refactoring"
+
+  unknown:
+    estimated_minutes: null
+    description: "Needs investigation"

package/config/templates/handoff-template.md

@@ -0,0 +1,40 @@
+---
+task_id: {{TASK_ID}}
+agent: {{AGENT}}
+handoff_reason: context_limit | task_too_large | blocked | shift_change
+created: {{ISO_TIMESTAMP}}
+status: pending
+---
+
+# Session Handoff: {{TASK_ID}}
+
+## What Was Done
+
+- [ ] List completed subtasks or acceptance criteria
+
+## What Remains
+
+- [ ] List remaining subtasks or acceptance criteria
+
+## Current State
+
+Describe the exact state of the work so the next agent can resume:
+
+- **Last file touched:** `path/to/file.ts`
+- **Pattern being used:** (e.g., "React Hook Form with Zod validation")
+- **Branch:** `task/TASK-XXX-description`
+- **Commits so far:** (list or count)
+
+## Key Context
+
+Anything the next agent needs to know that isn't in the task file:
+
+- Decisions made during this session
+- Gotchas discovered
+- Dependencies or blockers encountered
+
+## Resume Instructions
+
+1. Read this handoff file
+2. Check out branch `task/TASK-XXX-description`
+3. Continue from [specific file/function/line]

package/context/agent-overrides/README.md

@@ -0,0 +1,41 @@
+# Agent Overrides
+
+Place per-agent override files here to customize agent behavior for this project.
+
+## How It Works
+
+When Planning Hub spawns a worker, it appends the contents of
+`context/agent-overrides/<agent-name>.md` to the agent's system prompt.
+This lets you add project-specific rules without modifying the global
+personality files.
+
+## File Naming
+
+Use the canonical agent name (matching `config/agents.json`):
+
+```
+context/agent-overrides/
+  anvil.md        # Frontend-specific project rules
+  furnace.md      # Backend-specific project rules
+  crucible.md     # Testing conventions for this project
+  ...
+```
+
+## What to Put Here
+
+- Tech stack constraints ("Use React Query, not SWR")
+- Naming conventions specific to this project
+- Files or directories the agent should never touch
+- Patterns the agent should follow or avoid
+- Project-specific testing requirements
+
+## Example
+
+```markdown
+# Anvil Overrides
+
+- Use Tailwind CSS utility classes, no custom CSS files
+- All components must be in `src/components/` with PascalCase naming
+- Use `shadcn/ui` for base components, don't reinvent
+- Never import from `@/lib/legacy/` (deprecated)
+```

package/context/architecture.md

@@ -0,0 +1,42 @@
+# Project Architecture
+
+This file contains project-specific architectural decisions and guardrails.
+Agents read this during planning and task execution to stay aligned.
+
+For Vibe Forge's own architecture, see [docs/architecture.md](../docs/architecture.md).
+
+---
+
+## Key Decisions
+
+<!-- Add project-specific architectural decisions here -->
+<!-- Example:
+- **Auth:** JWT with httpOnly cookies, refresh token rotation
+- **Database:** PostgreSQL via Prisma ORM, no raw SQL outside migrations
+- **API:** REST for CRUD, WebSocket for real-time updates
+-->
+
+## Patterns
+
+<!-- Document patterns agents should follow -->
+<!-- Example:
+- Repository pattern for data access (no direct DB queries in handlers)
+- Error boundaries at route level, not in services
+- All new endpoints require OpenAPI spec before implementation
+-->
+
+## Guardrails
+
+<!-- Things agents must NOT do -->
+<!-- Example:
+- Never modify schema files without running `prisma migrate dev`
+- No new dependencies without architect approval
+- No `any` types in TypeScript
+-->
+
+## ADR Index
+
+<!-- Link to Architecture Decision Records as they're created -->
+<!-- Example:
+- [ADR-001](../docs/adr/ADR-001-daemon-module-extraction.md) - Daemon module extraction
+-->

package/context/modern-conventions.md

@@ -1,129 +1,129 @@
-# Modern Development Conventions
-
-Reference for up-to-date tooling and naming conventions. Knowledge cutoffs can cause outdated suggestions - prefer these modern approaches.
-
-## Docker & Containers
-
-### Compose (V2+, 2021)
-
-- **File name:** `compose.yml` or `compose.yaml` (NOT `docker-compose.yml`)
-- **Command:** `docker compose` (NOT `docker-compose`)
-- Compose V2 is built into Docker CLI, no separate install needed
-- `docker-compose` (hyphenated) is legacy V1
-
-```yaml
-# compose.yml (modern)
-services:
-  app:
-    build: .
-    ports:
-      - "3000:3000"
-```
-
-### Docker Best Practices
-
-- Use multi-stage builds for smaller images
-- Prefer `COPY` over `ADD` unless extracting archives
-- Use `.dockerignore` to exclude node_modules, .git, etc.
-- Pin base image versions (e.g., `node:20-alpine`, not `node:latest`)
-
-## Package Managers
-
-### Node.js
-
-- **npm:** v7+ supports workspaces, lockfile v2
-- **pnpm:** Preferred for monorepos, faster, stricter
-- **Bun:** Fast runtime + package manager, growing adoption
-
-### Python
-
-- **uv:** Modern, fast replacement for pip/pip-tools (2024+)
-- **poetry:** Dependency management + packaging
-- **pipx:** For CLI tools (don't pip install globally)
-
-## TypeScript
-
-- **Config:** `tsconfig.json` with `"moduleResolution": "bundler"` for modern bundlers
-- **Strict mode:** Always enable `"strict": true`
-- **Node types:** `@types/node` version should match Node.js version
-
-## Testing
-
-### JavaScript/TypeScript
-
-- **Vitest:** Modern, fast, Vite-native (preferred for new projects)
-- **Jest:** Still widely used, v30+ reduces deprecated deps
-- **Playwright:** E2E testing, cross-browser
-
-### Python
-
-- **pytest:** Standard, use over unittest
-- **pytest-cov:** Coverage reporting
-
-## CI/CD
-
-### GitHub Actions
-
-- Use `actions/checkout@v4`, `actions/setup-node@v4` (latest major versions)
-- Prefer `npm ci` over `npm install` in CI
-- Use job matrices for cross-platform testing
-
-## Linting & Formatting
-
-### JavaScript/TypeScript
-
-- **ESLint v9+:** Flat config (`eslint.config.js`, not `.eslintrc`)
-- **Prettier:** Code formatting (or use ESLint with stylistic rules)
-- **Biome:** Fast all-in-one linter + formatter (Rust-based)
-
-### Python
-
-- **Ruff:** Fast linter + formatter (replaces flake8, black, isort)
-- **mypy:** Type checking
-
-## API Design
-
-### REST
-
-- Use plural nouns for collections (`/users`, not `/user`)
-- HTTP methods: GET (read), POST (create), PUT/PATCH (update), DELETE
-- Status codes: 200 OK, 201 Created, 400 Bad Request, 404 Not Found, 500 Server Error
-
-### Authentication
-
-- **JWTs:** Short expiry + refresh tokens, store in httpOnly cookies (not localStorage)
-- **OAuth 2.0 / OIDC:** For third-party auth
-- **Passkeys/WebAuthn:** Modern passwordless option
-
-## Database
-
-### ORMs
-
-- **Prisma:** Type-safe, great DX for Node.js/TypeScript
-- **Drizzle:** Lightweight, SQL-like syntax
-- **SQLAlchemy 2.0:** Python standard (note: 2.0 syntax differs from 1.x)
-
-### Migrations
-
-- Always use migrations, never manual schema changes in production
-- Version control migration files
-
-## Frontend
-
-### React
-
-- **React 18+:** Concurrent features, Suspense
-- Prefer function components + hooks over class components
-- Use React Server Components where appropriate (Next.js 13+)
-
-### State Management
-
-- Start with React Context + useReducer
-- **Zustand:** Simple, minimal boilerplate
-- **TanStack Query:** For server state (caching, refetching)
-
-## Monorepos
-
-- **Turborepo:** Fast builds, caching
-- **Nx:** Full-featured, good for enterprise
-- **pnpm workspaces:** Native package manager support
+# Modern Development Conventions
+
+Reference for up-to-date tooling and naming conventions. Knowledge cutoffs can cause outdated suggestions - prefer these modern approaches.
+
+## Docker & Containers
+
+### Compose (V2+, 2021)
+
+- **File name:** `compose.yml` or `compose.yaml` (NOT `docker-compose.yml`)
+- **Command:** `docker compose` (NOT `docker-compose`)
+- Compose V2 is built into Docker CLI, no separate install needed
+- `docker-compose` (hyphenated) is legacy V1
+
+```yaml
+# compose.yml (modern)
+services:
+  app:
+    build: .
+    ports:
+      - "3000:3000"
+```
+
+### Docker Best Practices
+
+- Use multi-stage builds for smaller images
+- Prefer `COPY` over `ADD` unless extracting archives
+- Use `.dockerignore` to exclude node_modules, .git, etc.
+- Pin base image versions (e.g., `node:20-alpine`, not `node:latest`)
+
+## Package Managers
+
+### Node.js
+
+- **npm:** v7+ supports workspaces, lockfile v2
+- **pnpm:** Preferred for monorepos, faster, stricter
+- **Bun:** Fast runtime + package manager, growing adoption
+
+### Python
+
+- **uv:** Modern, fast replacement for pip/pip-tools (2024+)
+- **poetry:** Dependency management + packaging
+- **pipx:** For CLI tools (don't pip install globally)
+
+## TypeScript
+
+- **Config:** `tsconfig.json` with `"moduleResolution": "bundler"` for modern bundlers
+- **Strict mode:** Always enable `"strict": true`
+- **Node types:** `@types/node` version should match Node.js version
+
+## Testing
+
+### JavaScript/TypeScript
+
+- **Vitest:** Modern, fast, Vite-native (preferred for new projects)
+- **Jest:** Still widely used, v30+ reduces deprecated deps
+- **Playwright:** E2E testing, cross-browser
+
+### Python
+
+- **pytest:** Standard, use over unittest
+- **pytest-cov:** Coverage reporting
+
+## CI/CD
+
+### GitHub Actions
+
+- Use `actions/checkout@v4`, `actions/setup-node@v4` (latest major versions)
+- Prefer `npm ci` over `npm install` in CI
+- Use job matrices for cross-platform testing
+
+## Linting & Formatting
+
+### JavaScript/TypeScript
+
+- **ESLint v9+:** Flat config (`eslint.config.js`, not `.eslintrc`)
+- **Prettier:** Code formatting (or use ESLint with stylistic rules)
+- **Biome:** Fast all-in-one linter + formatter (Rust-based)
+
+### Python
+
+- **Ruff:** Fast linter + formatter (replaces flake8, black, isort)
+- **mypy:** Type checking
+
+## API Design
+
+### REST
+
+- Use plural nouns for collections (`/users`, not `/user`)
+- HTTP methods: GET (read), POST (create), PUT/PATCH (update), DELETE
+- Status codes: 200 OK, 201 Created, 400 Bad Request, 404 Not Found, 500 Server Error
+
+### Authentication
+
+- **JWTs:** Short expiry + refresh tokens, store in httpOnly cookies (not localStorage)
+- **OAuth 2.0 / OIDC:** For third-party auth
+- **Passkeys/WebAuthn:** Modern passwordless option
+
+## Database
+
+### ORMs
+
+- **Prisma:** Type-safe, great DX for Node.js/TypeScript
+- **Drizzle:** Lightweight, SQL-like syntax
+- **SQLAlchemy 2.0:** Python standard (note: 2.0 syntax differs from 1.x)
+
+### Migrations
+
+- Always use migrations, never manual schema changes in production
+- Version control migration files
+
+## Frontend
+
+### React
+
+- **React 18+:** Concurrent features, Suspense
+- Prefer function components + hooks over class components
+- Use React Server Components where appropriate (Next.js 13+)
+
+### State Management
+
+- Start with React Context + useReducer
+- **Zustand:** Simple, minimal boilerplate
+- **TanStack Query:** For server state (caching, refetching)
+
+## Monorepos
+
+- **Turborepo:** Fast builds, caching
+- **Nx:** Full-featured, good for enterprise
+- **pnpm workspaces:** Native package manager support