voidforge-build 23.9.1 → 23.10.0

package/dist/docs/methods/SPEC_HANDOFF.md

@@ -0,0 +1,53 @@
+# SPEC_HANDOFF — Cross-Session Implementation Hand-off
+## System Protocol · Introduced by: field reports #307, #308
+
+## When to Use
+
+When a session would benefit from offloading mechanical implementation work to a different session (separate context window, separate repo, separate worktree) while preserving the orchestrator's context for synthesis and review.
+
+Typical triggers:
+- Multi-repo campaign (e.g., scaffold methodology update + marketing-site content update)
+- Large-but-mechanical work (26-finding spec executed without back-and-forth — v23.9.x demonstrated this)
+- Executor needs fresh context; orchestrator needs to stay on high-level synthesis
+
+## The Pattern
+
+### Session A (orchestrator) produces the spec
+
+Spec doc lives at `docs/SITE_UPDATE_SPEC.md` or similar in the TARGET repo (so the executing session finds it by path).
+
+Required structure:
+1. **Title** with date and source.
+2. **Numbered findings** — each finding has ID, severity (Critical / High / Should / Nice-to-have), file:line citation, proposed change, and a `verified-against-commit: <SHA>` field. The verified-against-commit field lets Session B fast-skip any finding whose state hasn't changed since the spec was authored.
+3. **Phases** — group findings by logical phase (data fixes, new pages, content rewrite, test updates, typecheck/build). One commit per phase.
+4. **Nav-order requirements for new pages** — if the spec proposes creating new pages in a linear tutorial/flow, explicitly state `prev=<page>, next=<page>` for each new page. Without this, the executor guesses and often chooses the wrong direction (field report #308 RC-7).
+5. **Success criteria** — typecheck green, tests green, build green, optional per-phase smoke checks.
+
+### Session B (executor) receives the hand-off prompt
+
+Copy-pasteable prompt template:
+```
+Read docs/SITE_UPDATE_SPEC.md in this repo. Execute phases in order.
+Commit per phase with CHANGELOG entry. Run typecheck + test + build between phases.
+If you hit a blocker, stop and save state — do not improvise.
+```
+
+### Session B validates before acting
+
+For each finding: `git show <verified-against-commit>:<path>` and compare to local HEAD. If they match, the claimed state is current — execute as planned. If they differ, the state has moved; re-evaluate before applying.
+
+## Evidence
+
+- Field report #308: 23/26 items executed across 5 phases. 3 Must-Fix items slipped through (all related to spec gaps around nav direction and table captions). Net positive — saved ~20k tokens of orchestrator context.
+- Field report #307 F4: CAMPAIGN.md convention for `verified-against-commit: <SHA>` stamping.
+
+## Limitations
+
+- Executor may optimize for literal compliance over holistic UX (nav direction example above).
+- Spec must include nav order, table captions, and a11y requirements for new components explicitly.
+- Orchestrator MUST run a review pass (`/engage`) on the executor's output before considering the hand-off complete.
+
+## Handoffs
+
+- After executor completes, orchestrator runs `/engage` then `/assemble --fast` on the affected files to surface integration issues.
+- If the executor skipped findings whose `verified-against-commit` matched local HEAD, note which in the completion report — helps validate the SHA-skip heuristic.

package/dist/docs/methods/SYSTEMS_ARCHITECT.md

@@ -104,6 +104,19 @@ Use the Agent tool to run these in parallel — they are independent analysis ta
 - **ToS/API policy compatibility:** For ADRs selecting third-party services, verify the provider's Terms of Service and API usage policies permit the intended usage pattern (automation, bot-initiated transactions, reselling, volume). A service rejected on ToS grounds after building requires a full architecture pivot. (Field report #300)
 - **Riker reviews:** "Number One, does this hold up?" Riker challenges each ADR's trade-offs — are the alternatives truly worse? Are the consequences acceptable? Did we consider the second-order effects? **Riker also verifies the implementation scope is honest** — if an ADR says "fully implemented" but the code throws `'Implement...'`, that's a finding. Riker's review prevents architectural decisions made in a vacuum.
 
+### Npm-name availability pre-flight (ADR authoring)
+
+When an ADR proposes a published npm package name or scope, the architect MUST verify availability via BOTH:
+
+1. **Registry query** — `npm view <name>` returns E404 (or equivalent "not found" signal)
+2. **Org-create form** — if scoped (e.g., `@foo/bar`), visit npmjs.com/org/create and attempt to create the org. npm has no CLI-level `npm org create`; scope availability in the registry does NOT imply org-create availability.
+
+Do not canonicalize the name in docs, code, or CHANGELOG entries until BOTH checks pass. Checklist item in the ADR's Decision section:
+
+> "Npm-name availability confirmed: registry E404 ✓, scope create-form accepts ✓."
+
+Field report evidence: #308 RC-1 documents v23.9.0 → v23.9.1 mid-flight pivot from `@voidforge/cli` to unscoped `voidforge-build` because `voidforge` org creation was rejected after docs had already canonicalized the scoped name. Related: LRN-4, LRN-7 in docs/LEARNINGS.md; ADR-061 §13.
+
 ### `--adr-only` Lightweight Mode
 
 When architecture work is deferred (e.g., designing auth that won't be built for months), skip the full parallel analysis (Steps 1-4) and go straight to Step 5:

package/dist/docs/methods/TROUBLESHOOTING.md

@@ -263,3 +263,30 @@ Before clearing, deleting, or modifying database fields to "fix" missing files o
 5. **NEVER clear a DB field to work around a missing file.** Restore the file first, or confirm the regeneration cost is acceptable BEFORE deleting the reference.
 
 (Field report #103: 251 avatarUrl fields cleared to "fix" missing files, triggering ~$10 in DALL-E regeneration + 50 minutes downtime. The files existed on the VPS — they were deleted by `rsync --delete`, not lost. Restoring from backup would have been free.)
+
+---
+
+## Cloudflare / Wrangler Gotchas
+
+### `wrangler pages deploy` in Direct Upload mode ignores `.gitignore`
+
+`.gitignore` semantics differ between Git-integrated and Direct Upload Pages projects. Direct Upload uploads EVERY file in the target directory, including `.env`, `.pem`, `.key`, and anything else `.gitignore` would normally hide. Always deploy from a dedicated subdirectory (`dist/`, `public/`, `site/`) — never repo root. See `docs/methods/DEVOPS_ENGINEER.md` §Deploy Surface Boundary.
+
+Evidence: field report #305 — 32-day live credential leak via `wrangler pages deploy .` from repo root.
+
+### `wrangler pages deployment delete --force` doesn't force aliased deployments
+
+For aliased deployments (preview URLs attached to branch names), the CLI's `--force` flag does NOT pass `force=true` to the underlying API. Result: error code 8000035 "deployment is aliased and cannot be deleted." Workaround: call the Cloudflare API directly with `force=true` in the request body.
+
+### Cloudflare Pages Dev Mode + Purge Everything may not evict all cache
+
+Dev Mode and Purge Everything are both best-effort across Cloudflare's PoP network. For time-critical evictions (e.g., post-credential-rotation):
+
+1. Purge Everything in the dashboard.
+2. Run Custom Purge by URL for the specific asset.
+3. Enable Dev Mode.
+4. Wait at least TTL + 60 seconds before asserting eviction.
+
+If the stale content persists after step 4, a second Custom Purge + TTL wait is often required. Do not assume a single purge is sufficient.
+
+Evidence: field report #305 — credential-leak remediation required multiple purge passes before all PoPs served the rotated content.

package/dist/docs/patterns/deploy-preflight.ts

@@ -0,0 +1,195 @@
+/**
+ * Deploy Preflight — Pre-deploy secret and sensitive-path scan
+ *
+ * Reference implementation for .claude/commands/deploy.md Step 2.5.
+ * Scans the deploy artifact directory BEFORE upload. Exits non-zero on any hit.
+ *
+ * Evidence: field reports #305 (32-day credential leak), #303 (methodology exposure).
+ *
+ * Key principles:
+ * - Scan the deploy payload directory, NOT the repo root.
+ * - Never auto-filter — a hit means the operator must investigate.
+ * - Never print secret content; only paths + pattern IDs.
+ * - Allowlist escape hatch via DEPLOY_PREFLIGHT_ALLOW (comma-separated globs).
+ *
+ * Usage:
+ *   npx tsx docs/patterns/deploy-preflight.ts ./dist
+ *   DEPLOY_PREFLIGHT_ALLOW='fixtures/*,public/ok.env.example' npx tsx docs/patterns/deploy-preflight.ts ./dist
+ *
+ * CI step example (before wrangler/vercel/firebase):
+ *   - run: npx tsx docs/patterns/deploy-preflight.ts ./dist
+ */
+
+import { readdirSync, readFileSync, statSync } from 'node:fs';
+import { extname, join, relative, sep } from 'node:path';
+import { argv, env, exit } from 'node:process';
+
+// ---------- forbidden filename patterns ----------
+const FORBIDDEN_NAME_PATTERNS: { id: string; test: (name: string, rel: string) => boolean }[] = [
+  { id: 'env-file', test: (n) => /^\.env(\..+)?$/.test(n) && !/\.(example|template|sample)$/.test(n) },
+  { id: 'pem-file', test: (n) => n.endsWith('.pem') },
+  { id: 'key-file', test: (n) => n.endsWith('.key') },
+  { id: 'ssh-private-key', test: (n) => /^id_(rsa|ed25519|ecdsa|dsa)(\..+)?$/.test(n) && !n.endsWith('.pub') },
+  { id: 'pkcs12', test: (n) => n.endsWith('.p12') || n.endsWith('.pfx') },
+  { id: 'methodology-claude', test: (_, rel) => rel.split(sep)[0] === '.claude' },
+  { id: 'methodology-docs-methods', test: (_, rel) => rel.startsWith(`docs${sep}methods${sep}`) },
+  { id: 'methodology-docs-patterns', test: (_, rel) => rel.startsWith(`docs${sep}patterns${sep}`) },
+  { id: 'methodology-holocron', test: (n) => n === 'HOLOCRON.md' },
+  { id: 'methodology-changelog', test: (n) => n === 'CHANGELOG.md' },
+  { id: 'methodology-version', test: (n) => n === 'VERSION.md' },
+  { id: 'build-logs', test: (_, rel) => rel.split(sep)[0] === 'logs' },
+];
+
+// ---------- forbidden content patterns (scanned in text-ish files only) ----------
+const FORBIDDEN_CONTENT_PATTERNS: { id: string; re: RegExp }[] = [
+  { id: 'aws-access-key', re: /\bAKIA[0-9A-Z]{16}\b/ },
+  { id: 'cloudflare-token', re: /\b[0-9a-f]{40}\b/ },
+  { id: 'github-pat', re: /\bgh[pousr]_[A-Za-z0-9]{36,}\b/ },
+  { id: 'private-key-block', re: /-----BEGIN (?:RSA |EC |OPENSSH |DSA |PGP )?PRIVATE KEY-----/ },
+];
+
+const TEXT_EXTENSIONS = new Set([
+  '.html', '.htm', '.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx',
+  '.json', '.map', '.txt', '.md', '.xml', '.yml', '.yaml', '.env',
+  '.css', '.svg',
+]);
+
+interface Hit {
+  kind: 'name' | 'content';
+  path: string;
+  patternId: string;
+}
+
+function globToRegex(glob: string): RegExp {
+  const escaped = glob
+    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+    .replace(/\*/g, '.*')
+    .replace(/\?/g, '.');
+  return new RegExp(`^${escaped}$`);
+}
+
+function loadAllowlist(): RegExp[] {
+  const raw = env.DEPLOY_PREFLIGHT_ALLOW ?? '';
+  return raw
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean)
+    .map(globToRegex);
+}
+
+function isAllowed(relPath: string, allowlist: RegExp[]): boolean {
+  return allowlist.some((re) => re.test(relPath));
+}
+
+function* walk(root: string, current = root): Generator<string> {
+  let entries;
+  try {
+    entries = readdirSync(current, { withFileTypes: true });
+  } catch {
+    return;
+  }
+  for (const e of entries) {
+    const full = join(current, e.name);
+    if (e.isSymbolicLink()) continue;
+    if (e.isDirectory()) {
+      yield* walk(root, full);
+    } else if (e.isFile()) {
+      yield full;
+    }
+  }
+}
+
+function scanName(fullPath: string, relPath: string): string | null {
+  const base = relPath.split(sep).pop() ?? '';
+  for (const p of FORBIDDEN_NAME_PATTERNS) {
+    if (p.test(base, relPath)) return p.id;
+  }
+  return null;
+}
+
+function scanContent(fullPath: string): string | null {
+  const ext = extname(fullPath).toLowerCase();
+  if (!TEXT_EXTENSIONS.has(ext)) return null;
+  let stats;
+  try {
+    stats = statSync(fullPath);
+  } catch {
+    return null;
+  }
+  // skip files >2MB to keep the scan fast; secrets are typically short
+  if (stats.size > 2_000_000) return null;
+  let buf: string;
+  try {
+    buf = readFileSync(fullPath, 'utf8');
+  } catch {
+    return null;
+  }
+  for (const p of FORBIDDEN_CONTENT_PATTERNS) {
+    if (p.re.test(buf)) return p.id;
+  }
+  return null;
+}
+
+function main(): void {
+  const target = argv[2];
+  if (!target) {
+    console.error('[deploy-preflight] Usage: deploy-preflight <deploy-dir>');
+    exit(2);
+  }
+
+  let rootStat;
+  try {
+    rootStat = statSync(target);
+  } catch {
+    console.error(`[deploy-preflight] target does not exist: ${target}`);
+    exit(2);
+  }
+  if (!rootStat.isDirectory()) {
+    console.error(`[deploy-preflight] target is not a directory: ${target}`);
+    exit(2);
+  }
+
+  const allowlist = loadAllowlist();
+  const hits: Hit[] = [];
+  let scanned = 0;
+
+  for (const fullPath of walk(target)) {
+    const relPath = relative(target, fullPath);
+    if (isAllowed(relPath, allowlist)) continue;
+    scanned += 1;
+
+    const nameHit = scanName(fullPath, relPath);
+    if (nameHit) {
+      hits.push({ kind: 'name', path: relPath, patternId: nameHit });
+      continue; // skip content scan on already-forbidden names
+    }
+
+    const contentHit = scanContent(fullPath);
+    if (contentHit) {
+      hits.push({ kind: 'content', path: relPath, patternId: contentHit });
+    }
+  }
+
+  const summary = {
+    action: 'deploy-preflight',
+    target,
+    scanned,
+    hits: hits.length,
+    allowlist: allowlist.length,
+  };
+  console.log(JSON.stringify(summary));
+
+  if (hits.length > 0) {
+    console.error(`[deploy-preflight] ${hits.length} forbidden path(s) in deploy payload:`);
+    for (const h of hits) {
+      console.error(`  - [${h.kind}:${h.patternId}] ${h.path}`);
+    }
+    console.error('[deploy-preflight] ABORTED. Remove offending files or fix deploy surface configuration.');
+    exit(1);
+  }
+
+  console.log('[deploy-preflight] clean');
+  exit(0);
+}
+
+main();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "voidforge-build",
-  "version": "23.9.1",
+  "version": "23.10.0",
   "description": "From nothing, everything. A methodology framework for building with Claude Code.",
   "type": "module",
   "engines": {

package/dist/wizard/lib/anomaly-detection.d.ts

@@ -1,59 +0,0 @@
-/**
- * Anomaly Detection — Spend spikes, traffic drops, conversion changes (§9.17).
- *
- * Runs hourly as a heartbeat daemon scheduled job.
- * Compares current metrics against rolling averages.
- * Alerts when deviations exceed thresholds.
- *
- * PRD Reference: §9.7 (hourly anomaly detection), §9.17 (thresholds)
- */
-type Cents = number & {
-    readonly __brand: 'Cents';
-};
-type AnomalyType = 'spend_spike' | 'traffic_drop' | 'conversion_change' | 'roas_drop';
-type AnomalySeverity = 'warning' | 'alert' | 'critical';
-interface Anomaly {
-    type: AnomalyType;
-    severity: AnomalySeverity;
-    platform?: string;
-    metric: string;
-    currentValue: number;
-    expectedValue: number;
-    deviationPercent: number;
-    message: string;
-    timestamp: string;
-}
-declare const THRESHOLDS: {
-    spendSpikeWarning: number;
-    spendSpikeAlert: number;
-    spendSpikeCritical: number;
-    trafficDropWarning: number;
-    trafficDropAlert: number;
-    trafficDropCritical: number;
-    conversionChangeThreshold: number;
-    roasDropWarning: number;
-    roasDropAlert: number;
-};
-/** Run all anomaly checks for the current period */
-export declare function runAnomalyDetection(metrics: {
-    spendByPlatform: Array<{
-        platform: string;
-        currentHour: Cents;
-        avgHourly: Cents;
-    }>;
-    traffic: {
-        currentDay: number;
-        avgDaily: number;
-    };
-    conversion: {
-        currentRate: number;
-        avgRate: number;
-    };
-    roasByPlatform: Array<{
-        platform: string;
-        current: number;
-        avg: number;
-    }>;
-}): Anomaly[];
-export type { Anomaly, AnomalyType, AnomalySeverity };
-export { THRESHOLDS };

package/dist/wizard/lib/anomaly-detection.js

@@ -1,122 +0,0 @@
-/**
- * Anomaly Detection — Spend spikes, traffic drops, conversion changes (§9.17).
- *
- * Runs hourly as a heartbeat daemon scheduled job.
- * Compares current metrics against rolling averages.
- * Alerts when deviations exceed thresholds.
- *
- * PRD Reference: §9.7 (hourly anomaly detection), §9.17 (thresholds)
- */
-// ── Thresholds ────────────────────────────────────────
-const THRESHOLDS = {
-    // Spend spike: current hour spend > X% of daily average hourly spend
-    spendSpikeWarning: 50, // 50% above average
-    spendSpikeAlert: 100, // 100% above average (double)
-    spendSpikeCritical: 200, // 200% above average (triple)
-    // Traffic drop: current day traffic > X% below 7-day average
-    trafficDropWarning: 20, // 20% below average
-    trafficDropAlert: 40, // 40% below average
-    trafficDropCritical: 60, // 60% below average
-    // Conversion rate change: > X% from 7-day average
-    conversionChangeThreshold: 20, // 20% change in either direction
-    // ROAS drop: current < X% of 7-day average
-    roasDropWarning: 20, // 20% below average
-    roasDropAlert: 40, // 40% below average
-};
-// ── Detection Functions ───────────────────────────────
-function detectSpendSpike(currentHourSpend, avgHourlySpend, platform) {
-    if (avgHourlySpend === 0)
-        return null;
-    const deviation = ((currentHourSpend - avgHourlySpend) / avgHourlySpend) * 100;
-    if (deviation < THRESHOLDS.spendSpikeWarning)
-        return null;
-    const severity = deviation >= THRESHOLDS.spendSpikeCritical ? 'critical' :
-        deviation >= THRESHOLDS.spendSpikeAlert ? 'alert' : 'warning';
-    return {
-        type: 'spend_spike',
-        severity,
-        platform,
-        metric: 'hourly_spend',
-        currentValue: currentHourSpend,
-        expectedValue: avgHourlySpend,
-        deviationPercent: Math.round(deviation),
-        message: `Spend spike on ${platform}: $${(currentHourSpend / 100).toFixed(2)}/hr vs $${(avgHourlySpend / 100).toFixed(2)}/hr average (+${Math.round(deviation)}%)`,
-        timestamp: new Date().toISOString(),
-    };
-}
-function detectTrafficDrop(currentDayTraffic, avgDailyTraffic) {
-    if (avgDailyTraffic === 0)
-        return null;
-    const deviation = ((avgDailyTraffic - currentDayTraffic) / avgDailyTraffic) * 100;
-    if (deviation < THRESHOLDS.trafficDropWarning)
-        return null;
-    const severity = deviation >= THRESHOLDS.trafficDropCritical ? 'critical' :
-        deviation >= THRESHOLDS.trafficDropAlert ? 'alert' : 'warning';
-    return {
-        type: 'traffic_drop',
-        severity,
-        metric: 'daily_traffic',
-        currentValue: currentDayTraffic,
-        expectedValue: avgDailyTraffic,
-        deviationPercent: -Math.round(deviation),
-        message: `Traffic drop: ${currentDayTraffic} visitors today vs ${avgDailyTraffic} average (-${Math.round(deviation)}%)`,
-        timestamp: new Date().toISOString(),
-    };
-}
-function detectConversionChange(currentRate, avgRate) {
-    if (avgRate === 0)
-        return null;
-    const deviation = ((currentRate - avgRate) / avgRate) * 100;
-    if (Math.abs(deviation) < THRESHOLDS.conversionChangeThreshold)
-        return null;
-    return {
-        type: 'conversion_change',
-        severity: Math.abs(deviation) >= 40 ? 'alert' : 'warning',
-        metric: 'conversion_rate',
-        currentValue: currentRate,
-        expectedValue: avgRate,
-        deviationPercent: Math.round(deviation),
-        message: `Conversion rate ${deviation > 0 ? 'increase' : 'decrease'}: ${currentRate.toFixed(1)}% vs ${avgRate.toFixed(1)}% average (${deviation > 0 ? '+' : ''}${Math.round(deviation)}%)`,
-        timestamp: new Date().toISOString(),
-    };
-}
-function detectRoasDrop(currentRoas, avgRoas, platform) {
-    if (avgRoas === 0)
-        return null;
-    const deviation = ((avgRoas - currentRoas) / avgRoas) * 100;
-    if (deviation < THRESHOLDS.roasDropWarning)
-        return null;
-    return {
-        type: 'roas_drop',
-        severity: deviation >= THRESHOLDS.roasDropAlert ? 'alert' : 'warning',
-        platform,
-        metric: 'roas',
-        currentValue: currentRoas,
-        expectedValue: avgRoas,
-        deviationPercent: -Math.round(deviation),
-        message: `ROAS drop on ${platform}: ${currentRoas.toFixed(1)}x vs ${avgRoas.toFixed(1)}x average (-${Math.round(deviation)}%)`,
-        timestamp: new Date().toISOString(),
-    };
-}
-/** Run all anomaly checks for the current period */
-export function runAnomalyDetection(metrics) {
-    const anomalies = [];
-    for (const s of metrics.spendByPlatform) {
-        const a = detectSpendSpike(s.currentHour, s.avgHourly, s.platform);
-        if (a)
-            anomalies.push(a);
-    }
-    const td = detectTrafficDrop(metrics.traffic.currentDay, metrics.traffic.avgDaily);
-    if (td)
-        anomalies.push(td);
-    const cc = detectConversionChange(metrics.conversion.currentRate, metrics.conversion.avgRate);
-    if (cc)
-        anomalies.push(cc);
-    for (const r of metrics.roasByPlatform) {
-        const a = detectRoasDrop(r.current, r.avg, r.platform);
-        if (a)
-            anomalies.push(a);
-    }
-    return anomalies;
-}
-export { THRESHOLDS };

package/dist/wizard/lib/asset-scanner.d.ts

@@ -1,23 +0,0 @@
-/**
- * PRD asset scanner — identifies image/visual requirements from PRD prose.
- * Used by Celebrimbor's /imagine command to find what needs generating.
- * Pure text analysis — no API calls, no side effects.
- */
-export interface AssetRequirement {
-    description: string;
-    category: string;
-    context: string;
-    width: number;
-    height: number;
-    section: string;
-}
-/**
- * Scan a PRD document for visual asset requirements.
- * Returns a list of assets that need generating.
- */
-export declare function scanPrdForAssets(prdContent: string): AssetRequirement[];
-/**
- * Extract brand/style keywords from the PRD for style prefix generation.
- * Looks for Section 14 (Brand) or any section mentioning "brand", "style", "aesthetic".
- */
-export declare function extractBrandStyle(prdContent: string): string[];

package/dist/wizard/lib/asset-scanner.js

@@ -1,107 +0,0 @@
-/**
- * PRD asset scanner — identifies image/visual requirements from PRD prose.
- * Used by Celebrimbor's /imagine command to find what needs generating.
- * Pure text analysis — no API calls, no side effects.
- */
-/** Patterns that indicate a visual asset requirement in PRD prose. */
-const ASSET_PATTERNS = [
-    { pattern: /illustrat(?:ion|ed|e)/i, category: 'illustration' },
-    { pattern: /portrait/i, category: 'portrait' },
-    { pattern: /silhouette/i, category: 'portrait' },
-    { pattern: /avatar/i, category: 'portrait' },
-    { pattern: /(?:custom\s+)?\bicon\b/i, category: 'icon' },
-    { pattern: /og[:\s-]image/i, category: 'og-image' },
-    { pattern: /social\s+(?:sharing\s+)?image/i, category: 'og-image' },
-    { pattern: /hero\s+(?:image|banner|art)/i, category: 'hero' },
-    { pattern: /splash\s+(?:page|screen)/i, category: 'hero' },
-    { pattern: /background\s+image/i, category: 'background' },
-    { pattern: /cover\s+image/i, category: 'background' },
-    { pattern: /\blogo\b/i, category: 'logo' },
-    { pattern: /\bfavicon\b/i, category: 'icon' },
-    { pattern: /comic\s+strip/i, category: 'illustration' },
-    { pattern: /comic\s+panel/i, category: 'illustration' },
-    { pattern: /screenshot/i, category: 'screenshot' },
-    { pattern: /mockup/i, category: 'screenshot' },
-];
-/** Default dimensions per asset category. */
-const CATEGORY_DIMENSIONS = {
-    'portrait': { width: 1024, height: 1024 },
-    'illustration': { width: 1024, height: 1024 },
-    'og-image': { width: 1200, height: 630 },
-    'hero': { width: 1792, height: 1024 },
-    'background': { width: 1792, height: 1024 },
-    'logo': { width: 512, height: 512 },
-    'icon': { width: 512, height: 512 },
-    'screenshot': { width: 1280, height: 720 },
-};
-/**
- * Scan a PRD document for visual asset requirements.
- * Returns a list of assets that need generating.
- */
-export function scanPrdForAssets(prdContent) {
-    const assets = [];
-    const lines = prdContent.split('\n');
-    let currentSection = '';
-    for (let i = 0; i < lines.length; i++) {
-        const line = lines[i];
-        // Track section headers
-        const headerMatch = line.match(/^#{1,4}\s+(.+)/);
-        if (headerMatch) {
-            currentSection = headerMatch[1].trim();
-            continue;
-        }
-        // Check each line against asset patterns
-        for (const { pattern, category } of ASSET_PATTERNS) {
-            if (pattern.test(line)) {
-                // Extract surrounding context (current line + next line for description)
-                const contextLines = lines.slice(Math.max(0, i - 1), Math.min(lines.length, i + 3));
-                const context = contextLines.join(' ').trim();
-                const dims = CATEGORY_DIMENSIONS[category] || { width: 1024, height: 1024 };
-                assets.push({
-                    description: line.trim(),
-                    category,
-                    context,
-                    width: dims.width,
-                    height: dims.height,
-                    section: currentSection,
-                });
-                break; // One match per line is enough
-            }
-        }
-    }
-    // Deduplicate by description similarity
-    const seen = new Set();
-    return assets.filter(a => {
-        const key = a.description.toLowerCase().slice(0, 60);
-        if (seen.has(key))
-            return false;
-        seen.add(key);
-        return true;
-    });
-}
-/**
- * Extract brand/style keywords from the PRD for style prefix generation.
- * Looks for Section 14 (Brand) or any section mentioning "brand", "style", "aesthetic".
- */
-export function extractBrandStyle(prdContent) {
-    const keywords = [];
-    const lines = prdContent.split('\n');
-    let inBrandSection = false;
-    for (const line of lines) {
-        const headerMatch = line.match(/^#{1,4}\s+(.+)/);
-        if (headerMatch) {
-            const title = headerMatch[1].toLowerCase();
-            inBrandSection = title.includes('brand') || title.includes('style') || title.includes('aesthetic') || title.includes('design') || title.includes('personality');
-            continue;
-        }
-        if (inBrandSection && line.trim()) {
-            // Extract adjectives and style keywords
-            const styleWords = line.match(/\b(minimal|bold|playful|professional|elegant|modern|retro|vintage|comic|pulp|neon|dark|light|cinematic|warm|cool|vibrant|muted|halftone|watercolor|photorealistic|illustration|flat|gradient|geometric|organic)\b/gi);
-            if (styleWords) {
-                keywords.push(...styleWords.map(w => w.toLowerCase()));
-            }
-        }
-    }
-    // Deduplicate
-    return [...new Set(keywords)];
-}

package/dist/wizard/lib/build-analytics.d.ts

@@ -1,39 +0,0 @@
-/**
- * Build analytics — tracks metrics across projects for trend analysis.
- * Stored at ~/.voidforge/analytics.json. No external dependencies.
- *
- * Wong guards the knowledge. The Sanctum grows.
- */
-export interface PhaseMetric {
-    phase: string;
-    findingsCount: number;
-    fixesApplied: number;
-    /** Duration in seconds (optional — only if measurable) */
-    durationSeconds?: number;
-}
-export interface BuildRecord {
-    projectName: string;
-    framework: string;
-    database: string;
-    deployTarget: string;
-    timestamp: string;
-    version: string;
-    phases: PhaseMetric[];
-    totalFindings: number;
-    totalFixes: number;
-    testCount?: number;
-    lessonsExtracted: number;
-}
-export interface AnalyticsStore {
-    builds: BuildRecord[];
-}
-/** Record a completed build. */
-export declare function recordBuild(record: BuildRecord): Promise<void>;
-/** Surface trends across past builds. Returns human-readable insights. */
-export declare function surfaceTrends(currentFramework?: string): Promise<string[]>;
-/** Get a summary of all recorded builds. */
-export declare function getBuildHistory(): Promise<{
-    count: number;
-    frameworks: string[];
-    latestBuild: string | null;
-}>;