From 67f1566a315f959d3ce4572e67ccce76550caf68 Mon Sep 17 00:00:00 2001 From: deepagent-ai Date: Fri, 10 Jul 2026 12:03:46 +0800 Subject: [PATCH 1/4] fix(session): turn-token footer shows spend, not cached context (#45) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The per-turn footer summed input + output + reasoning + cache read + cache write, so a short prompt over a large cached context read as if it "spent" ~120K tokens when nearly all of that was a cache re-read (billed at a fraction of full price). Show the newly-consumed figure (non-cached input + output + reasoning) as the primary number, with the full per-category split — including cache read/write and the provider's raw total — in a hover tooltip. - Add TokenBreakdown + addTokenBreakdown/getSubagentTokenBreakdown to session-context-metrics; turnTokens becomes turnTokenBreakdown. - Footer renders `spend` under a dashed-underline tooltip trigger. - New i18n keys (en + zh) for the breakdown rows. - Tests cover the reported 120,667 → spend 1,300 case. ### Issue for this PR Closes # ### Type of change - [ ] Bug fix - [ ] New feature - [ ] Refactor / code improvement - [ ] Documentation ### What does this PR do? Please provide a description of the issue, the changes you made to fix it, and why they work. It is expected that you understand why your changes work and if you do not understand why at least say as much so a maintainer knows how much to value the PR. **If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!** ### How did you verify your code works? ### Screenshots / recordings _If this is a UI change, please include a screenshot or recording._ ### Checklist - [ ] I have tested my changes locally - [ ] I have not included unrelated changes in this PR _If you do not follow this template your PR will be automatically rejected._ Co-authored-by: Claude Opus 4.8 --- .../session/session-context-metrics.test.ts | 55 ++++++++++++++- .../session/session-context-metrics.ts | 46 +++++++++++++ packages/app/src/i18n/en.ts | 9 +++ packages/app/src/i18n/zh.ts | 9 +++ .../src/pages/session/message-timeline.tsx | 69 ++++++++++++++----- 5 files changed, 171 insertions(+), 17 deletions(-) diff --git a/packages/app/src/components/session/session-context-metrics.test.ts b/packages/app/src/components/session/session-context-metrics.test.ts index 9aedd3da..63181d21 100644 --- a/packages/app/src/components/session/session-context-metrics.test.ts +++ b/packages/app/src/components/session/session-context-metrics.test.ts @@ -1,6 +1,13 @@ import { describe, expect, test } from "bun:test" import type { Message, Session } from "@deepagent-code/sdk/v2/client" -import { getConversationTokens, getSessionContextMetrics, getSubagentTokens } from "./session-context-metrics" +import { + getConversationTokens, + getSessionContextMetrics, + getSubagentTokens, + getSubagentTokenBreakdown, + addTokenBreakdown, + emptyTokenBreakdown, +} from "./session-context-metrics" const assistant = ( id: string, @@ -128,6 +135,52 @@ describe("getSubagentTokens", () => { }) }) +describe("token breakdown", () => { + test("spend excludes cache read/write; total includes everything", () => { + // Mirrors the reported case: a short prompt over a large cached context. spend is small even + // though total is dominated by the re-read cache. + const acc = addTokenBreakdown(emptyTokenBreakdown(), { + input: 800, + output: 400, + reasoning: 100, + cache: { read: 119_000, write: 367 }, + }) + expect(acc.spend).toBe(1300) // 800 + 400 + 100 — no cache + expect(acc.total).toBe(120_667) // + 119_000 read + 367 write + expect(acc.cacheRead).toBe(119_000) + expect(acc.cacheWrite).toBe(367) + }) + + test("addTokenBreakdown accumulates across multiple messages", () => { + const acc = emptyTokenBreakdown() + addTokenBreakdown(acc, { input: 10, output: 5, reasoning: 2, cache: { read: 3, write: 1 } }) + addTokenBreakdown(acc, { input: 20, output: 10, reasoning: 0, cache: { read: 6, write: 0 } }) + expect(acc.input).toBe(30) + expect(acc.output).toBe(15) + expect(acc.reasoning).toBe(2) + expect(acc.cacheRead).toBe(9) + expect(acc.cacheWrite).toBe(1) + expect(acc.spend).toBe(47) // (10+5+2) + (20+10+0) + expect(acc.total).toBe(57) // spend + 9 read + 1 write + }) + + test("getSubagentTokenBreakdown rolls a child session into the accumulator", () => { + const acc = emptyTokenBreakdown() + const s = session("s1", undefined, { input: 100, output: 40, reasoning: 10, read: 5, write: 5 }) + getSubagentTokenBreakdown(acc, s) + expect(acc.spend).toBe(150) // 100 + 40 + 10 + expect(acc.total).toBe(160) // + 5 + 5 — matches getSubagentTokens + expect(acc.total).toBe(getSubagentTokens(s)) + }) + + test("getSubagentTokenBreakdown with undefined session is a no-op", () => { + const acc = emptyTokenBreakdown() + getSubagentTokenBreakdown(acc, undefined) + expect(acc.total).toBe(0) + expect(acc.spend).toBe(0) + }) +}) + describe("getConversationTokens", () => { test("sums root + all descendant subagent sessions", () => { const sessions = [ diff --git a/packages/app/src/components/session/session-context-metrics.ts b/packages/app/src/components/session/session-context-metrics.ts index d0299f6f..e42f494c 100644 --- a/packages/app/src/components/session/session-context-metrics.ts +++ b/packages/app/src/components/session/session-context-metrics.ts @@ -128,3 +128,49 @@ export function getConversationTokens(sessions: Session[] = [], rootSessionID?: export function getSubagentTokens(session: Session | undefined): number { return session ? sessionTokensUsed(session) : 0 } + +// Per-category token breakdown. `spend` is the tokens NEWLY consumed this turn (non-cached input + +// output + reasoning); `cacheRead`/`cacheWrite` are the cached context re-read/written for the same +// request (billed at a fraction of full price). `total` is the sum of all five — the raw figure the +// provider reports. Surfacing the split stops a short prompt over a large cached context from looking +// like it "spent" 120K when almost all of that is a cache hit. +export type TokenBreakdown = { + input: number + output: number + reasoning: number + cacheRead: number + cacheWrite: number + spend: number + total: number +} + +export const emptyTokenBreakdown = (): TokenBreakdown => ({ + input: 0, + output: 0, + reasoning: 0, + cacheRead: 0, + cacheWrite: 0, + spend: 0, + total: 0, +}) + +export function addTokenBreakdown( + acc: TokenBreakdown, + t: { input: number; output: number; reasoning: number; cache: { read: number; write: number } }, +): TokenBreakdown { + acc.input += t.input + acc.output += t.output + acc.reasoning += t.reasoning + acc.cacheRead += t.cache.read + acc.cacheWrite += t.cache.write + acc.spend += t.input + t.output + t.reasoning + acc.total += t.input + t.output + t.reasoning + t.cache.read + t.cache.write + return acc +} + +// Breakdown of a single subagent (child) session's persisted running total, mirroring +// {@link getSubagentTokens} but split by category so it can roll into a parent turn's tooltip. +export function getSubagentTokenBreakdown(acc: TokenBreakdown, session: Session | undefined): TokenBreakdown { + if (!session?.tokens) return acc + return addTokenBreakdown(acc, session.tokens) +} diff --git a/packages/app/src/i18n/en.ts b/packages/app/src/i18n/en.ts index 9b090664..2d8d4de9 100644 --- a/packages/app/src/i18n/en.ts +++ b/packages/app/src/i18n/en.ts @@ -534,6 +534,14 @@ export const dict = { "context.usage.totalTokens": "Conversation Tokens", "context.usage.clickToView": "Click to view context", "context.usage.view": "View context usage", + "context.usage.input": "Input", + "context.usage.output": "Output", + "context.usage.reasoning": "Reasoning", + "context.usage.cacheRead": "Cache read", + "context.usage.cacheWrite": "Cache write", + + "session.turn.tokens.spend": "Spent this turn", + "session.turn.tokens.total": "Total (incl. cache)", "language.en": "English", "language.zh": "简体中文", @@ -595,6 +603,7 @@ export const dict = { "toast.project.rootRefused.title": "Can't open the filesystem root", "toast.project.rootRefused.description": "This conversation points at the filesystem root (\"/\"), which can't be opened for safety. It's likely leftover data — remove or re-target it.", + "toast.project.rootRecoveryFailed.title": "Couldn't recover this folder-less conversation", "toast.update.title": "Update available", "toast.update.description": "A new version of DeepAgent Code ({{version}}) is now available to install.", diff --git a/packages/app/src/i18n/zh.ts b/packages/app/src/i18n/zh.ts index c41becbf..0e2008c6 100644 --- a/packages/app/src/i18n/zh.ts +++ b/packages/app/src/i18n/zh.ts @@ -483,6 +483,14 @@ export const dict = { "context.usage.totalTokens": "对话总 token", "context.usage.clickToView": "点击查看上下文", "context.usage.view": "查看上下文用量", + "context.usage.input": "输入", + "context.usage.output": "输出", + "context.usage.reasoning": "推理", + "context.usage.cacheRead": "缓存读取", + "context.usage.cacheWrite": "缓存写入", + + "session.turn.tokens.spend": "本轮消耗", + "session.turn.tokens.total": "总计(含缓存)", "language.en": "English", "language.zh": "简体中文", @@ -1071,6 +1079,7 @@ export const dict = { "toast.project.reloadFailed.title": "无法重新加载 {{project}}", "toast.project.rootRefused.title": "无法打开文件系统根目录", "toast.project.rootRefused.description": "该对话指向文件系统根目录(“/”),出于安全考虑无法打开。这多半是遗留数据,请删除或改指到具体目录。", + "toast.project.rootRecoveryFailed.title": "无法恢复该无项目对话", "error.server.invalidConfiguration": "配置无效", "common.moreCountSuffix": " (还有 {{count}} 个)", "common.time.justNow": "刚刚", diff --git a/packages/app/src/pages/session/message-timeline.tsx b/packages/app/src/pages/session/message-timeline.tsx index 8e701d2b..da3a871b 100644 --- a/packages/app/src/pages/session/message-timeline.tsx +++ b/packages/app/src/pages/session/message-timeline.tsx @@ -56,8 +56,14 @@ import { normalize } from "@deepagent-code/ui/session-diff" import { useFileComponent } from "@deepagent-code/ui/context/file" import { shouldMarkBoundaryGesture, normalizeWheelDelta } from "@/pages/session/message-gesture" import { SessionContextUsage } from "@/components/session-context-usage" -import { getSubagentTokens } from "@/components/session/session-context-metrics" +import { + getSubagentTokenBreakdown, + addTokenBreakdown, + emptyTokenBreakdown, + type TokenBreakdown, +} from "@/components/session/session-context-metrics" import { useDialog } from "@deepagent-code/ui/context/dialog" +import { Tooltip } from "@deepagent-code/ui/tooltip" import { createResizeObserver } from "@solid-primitives/resize-observer" import { useLanguage } from "@/context/language" import { useSessionKey } from "@/pages/session/session-layout" @@ -1041,15 +1047,16 @@ export function MessageTimeline(props: { return turnDurationMs(userMessageID) } - // Total tokens USED by a turn (input + output + reasoning + cache), summed across the turn's - // assistant messages. Distinct from the top-right retained-context number. Advances as each - // tool-loop step finishes (providers report usage per step, not per token). - const turnTokens = (userMessageID: string) => { - let total = 0 + // Token usage for a turn, split by category (see TokenBreakdown). The footer surfaces `spend` + // (newly-consumed = non-cached input + output + reasoning) as its primary figure, with the full + // split — including cache read/write — in a tooltip. This keeps a short prompt over a large cached + // context from reading as if it "spent" 120K when nearly all of that is a cache re-read. Advances as + // each tool-loop step finishes (providers report usage per step, not per token). + const turnTokenBreakdown = (userMessageID: string): TokenBreakdown => { + const acc = emptyTokenBreakdown() const childIds = new Set() for (const message of assistantMessagesByParent().get(userMessageID) ?? emptyAssistantMessages) { - const t = message.tokens - total += t.input + t.output + t.reasoning + t.cache.read + t.cache.write + addTokenBreakdown(acc, message.tokens) // Roll in subagent usage: each `task` tool-call in this turn spawns a child session whose // persisted total we add. Dedupe by child sessionId so a resumed/multi-call child isn't // double-counted. @@ -1061,8 +1068,8 @@ export function MessageTimeline(props: { if (childId) childIds.add(childId) } } - for (const childId of childIds) total += getSubagentTokens(sessionByID().get(childId)) - return total + for (const childId of childIds) getSubagentTokenBreakdown(acc, sessionByID().get(childId)) + return acc } const assistantCopyPartID = (userMessageID: string) => { @@ -1301,11 +1308,39 @@ export function MessageTimeline(props: { if (typeof ms !== "number") return "" return formatDuration(ms, language.t, (n) => n.toLocaleString(language.intl())) } - const tokens = () => turnTokens(id()) + const breakdown = () => turnTokenBreakdown(id()) + // Primary footer figure = tokens newly consumed this turn. The provider's full total (which + // includes the re-read cached context) lives in the tooltip so a short prompt over a large + // cached window doesn't read as if it "spent" the whole context. + const spend = () => breakdown().spend + const fmt = (n: number) => n.toLocaleString(language.intl()) + const tokenTooltip = () => { + const b = breakdown() + const row = (labelKey: string, value: number) => ( +
+ {language.t(labelKey)} + {fmt(value)} +
+ ) + return ( +
+ {row("session.turn.tokens.spend", b.spend)} + {row("context.usage.input", b.input)} + {row("context.usage.output", b.output)} + 0}>{row("context.usage.reasoning", b.reasoning)} + 0}>{row("context.usage.cacheRead", b.cacheRead)} + 0}>{row("context.usage.cacheWrite", b.cacheWrite)} +
+ {language.t("session.turn.tokens.total")} + {fmt(b.total)} +
+
+ ) + } return (
- 0}> + 0}>
@@ -1313,13 +1348,15 @@ export function MessageTimeline(props: { {elapsed()} - 0}> + 0}> - - {tokens().toLocaleString(language.intl())} {language.t("context.usage.tokens")} - + + + {fmt(spend())} {language.t("context.usage.tokens")} + +
From 7e8725679e4739fcaa9256dae7748caa884c1495 Mon Sep 17 00:00:00 2001 From: deepagent-ai Date: Fri, 10 Jul 2026 12:04:21 +0800 Subject: [PATCH 2/4] Feat/v3.9 panel goal UI (#46) ### Issue for this PR Closes # ### Type of change - [ ] Bug fix - [ ] New feature - [ ] Refactor / code improvement - [ ] Documentation ### What does this PR do? Please provide a description of the issue, the changes you made to fix it, and why they work. It is expected that you understand why your changes work and if you do not understand why at least say as much so a maintainer knows how much to value the PR. **If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!** ### How did you verify your code works? ### Screenshots / recordings _If this is a UI change, please include a screenshot or recording._ ### Checklist - [ ] I have tested my changes locally - [ ] I have not included unrelated changes in this PR _If you do not follow this template your PR will be automatically rejected._ --------- Co-authored-by: Claude Opus 4.8 --- .../components/deepagent/goal-status-bar.tsx | 110 +++++ .../src/components/deepagent/panel-button.tsx | 105 +++++ .../deepagent/panel-goal-contract.test.ts | 133 ++++++ .../components/deepagent/panel-goal.api.ts | 175 ++++++++ .../deepagent/panel-verdict-dialog.tsx | 66 +++ packages/app/src/components/prompt-input.tsx | 14 + .../src/components/settings-v2/general.tsx | 12 + .../app/src/context/global-sync/bootstrap.ts | 3 + .../context/global-sync/event-reducer.test.ts | 56 ++- .../src/context/global-sync/event-reducer.ts | 26 +- packages/app/src/context/global-sync/types.ts | 13 + packages/app/src/context/server-sync.tsx | 30 +- packages/app/src/context/settings.tsx | 11 + packages/app/src/i18n/en.ts | 3 + .../composer/session-composer-region.tsx | 4 + packages/core/src/deepagent/session-state.ts | 78 ++++ packages/core/src/flag/flag.ts | 8 + .../session-state-panel-goal.test.ts | 107 +++++ packages/deepagent-code/src/agent/agent.ts | 31 ++ .../src/agent/prompt/goal-mode.txt | 13 + .../deepagent-code/src/effect/app-runtime.ts | 2 + packages/deepagent-code/src/panel/consult.ts | 79 ++++ .../src/panel/panelist-runner.ts | 108 +++++ .../instance/httpapi/groups/deepagent.ts | 188 ++++++++- .../routes/instance/httpapi/groups/global.ts | 3 + .../instance/httpapi/handlers/deepagent.ts | 159 +++++++ .../instance/httpapi/handlers/global.ts | 7 + .../server/routes/instance/httpapi/server.ts | 2 + .../deepagent-code/src/session/goal-driver.ts | 169 ++++++++ .../deepagent-code/src/session/goal-event.ts | 37 ++ .../src/session/goal-loop-wiring.ts | 106 ++--- .../src/session/goal-manager.ts | 394 ++++++++++++++++++ packages/deepagent-code/src/settings/store.ts | 6 + .../test/agent/goal-mode-agent.test.ts | 66 +++ .../deepagent-code/test/panel/consult.test.ts | 110 +++++ .../test/server/httpapi-control-plane.test.ts | 2 + .../test/server/httpapi-global.test.ts | 14 + .../test/session/goal-driver.test.ts | 208 +++++++++ .../test/settings/store.test.ts | 19 + packages/tui/src/component/prompt/index.tsx | 77 ++++ 40 files changed, 2669 insertions(+), 85 deletions(-) create mode 100644 packages/app/src/components/deepagent/goal-status-bar.tsx create mode 100644 packages/app/src/components/deepagent/panel-button.tsx create mode 100644 packages/app/src/components/deepagent/panel-goal-contract.test.ts create mode 100644 packages/app/src/components/deepagent/panel-goal.api.ts create mode 100644 packages/app/src/components/deepagent/panel-verdict-dialog.tsx create mode 100644 packages/core/test/deepagent/session-state-panel-goal.test.ts create mode 100644 packages/deepagent-code/src/agent/prompt/goal-mode.txt create mode 100644 packages/deepagent-code/src/panel/consult.ts create mode 100644 packages/deepagent-code/src/panel/panelist-runner.ts create mode 100644 packages/deepagent-code/src/session/goal-driver.ts create mode 100644 packages/deepagent-code/src/session/goal-event.ts create mode 100644 packages/deepagent-code/src/session/goal-manager.ts create mode 100644 packages/deepagent-code/test/agent/goal-mode-agent.test.ts create mode 100644 packages/deepagent-code/test/panel/consult.test.ts create mode 100644 packages/deepagent-code/test/session/goal-driver.test.ts diff --git a/packages/app/src/components/deepagent/goal-status-bar.tsx b/packages/app/src/components/deepagent/goal-status-bar.tsx new file mode 100644 index 00000000..f8838a6d --- /dev/null +++ b/packages/app/src/components/deepagent/goal-status-bar.tsx @@ -0,0 +1,110 @@ +import { Show, createMemo, createSignal } from "solid-js" +import { Button } from "@deepagent-code/ui/button" +import { Icon } from "@deepagent-code/ui/icon" +import { useServerSync } from "@/context/server-sync" +import { useSDK } from "@/context/sdk" +import { pauseGoal, resumeGoal, stopGoal, type PanelGoalClient } from "./panel-goal.api" + +/** + * V3.9 §D — the Goal status bar. Renders above the composer when a goal is running for this session + * (Codex thread-goal style): the phase, a live token/tick budget readout, and pause/resume/stop + * controls. Reads the persistent session_goal store fed by the goal.updated event, so it stays visible + * while the background loop ticks and after a terminal phase (until the user starts a new goal). + */ + +const PHASE_LABEL: Record = { + running: "Running", + paused: "Paused", + done: "Complete", + needs_human: "Needs you", + rolled_back: "Rolled back", + stopped: "Stopped", +} + +const PHASE_ICON: Record[0]["name"]> = { + running: "status-active", + paused: "circle-ban-sign", + done: "circle-check", + needs_human: "circle-x", + rolled_back: "arrow-undo-down", + stopped: "circle-x", +} + +const isTerminal = (phase: string) => + phase === "done" || phase === "rolled_back" || phase === "stopped" || phase === "needs_human" + +export function GoalStatusBar(props: { sessionID: string }) { + const serverSync = useServerSync() + const sdk = useSDK() + const [busy, setBusy] = createSignal(false) + + const goal = createMemo(() => (props.sessionID ? serverSync.data.session_goal[props.sessionID] : undefined)) + const client = () => sdk.client as unknown as PanelGoalClient + + const running = () => goal()?.phase === "running" + const paused = () => goal()?.phase === "paused" + const terminal = () => { + const g = goal() + return g ? isTerminal(g.phase) : false + } + + const withBusy = (fn: () => Promise) => async () => { + if (busy()) return + setBusy(true) + try { + await fn() + } finally { + setBusy(false) + } + } + + const onPause = withBusy(() => pauseGoal(client(), props.sessionID)) + const onResume = withBusy(() => resumeGoal(client(), props.sessionID)) + const onStop = withBusy(() => stopGoal(client(), props.sessionID)) + const onDismiss = () => serverSync.goal.set(props.sessionID, undefined) + + const tokens = () => goal()?.ledger.tokens ?? 0 + const ticks = () => goal()?.ledger.ticks ?? 0 + + return ( + + {(g) => ( +
+ + {PHASE_LABEL[g().phase] ?? g().phase} + + {ticks()} {ticks() === 1 ? "tick" : "ticks"} · {tokens().toLocaleString()} tokens + + 0}> + — {g().gaps[0]} + +
+ + + + + + + + + + + + +
+
+ )} +
+ ) +} diff --git a/packages/app/src/components/deepagent/panel-button.tsx b/packages/app/src/components/deepagent/panel-button.tsx new file mode 100644 index 00000000..282b5b14 --- /dev/null +++ b/packages/app/src/components/deepagent/panel-button.tsx @@ -0,0 +1,105 @@ +import { Show, createSignal, createResource } from "solid-js" +import { Button } from "@deepagent-code/ui/button" +import { Icon } from "@deepagent-code/ui/icon" +import { Tooltip } from "@deepagent-code/ui/tooltip" +import { useDialog } from "@deepagent-code/ui/context/dialog" +import { useSDK } from "@/context/sdk" +import { armPanel, consultPanel, fetchPanelStatus, type PanelGoalClient } from "./panel-goal.api" +import { PanelVerdictDialog } from "./panel-verdict-dialog" + +/** + * V3.9 §C — the Expert Panel toggle button for the composer toolbar. + * + * Activation semantics (per the product spec): + * - Armed state is per-conversation, seeded from the global `expertPanelDefault` setting. + * - OFF → ON (user arms mid-conversation): immediately convene a panel on the CURRENT context and + * show the verdict, then go quiet ("等待唤醒") — no per-turn re-runs. + * - While ON, pressing again re-convenes on demand. + * - ON → OFF: disarm (no consult). + * The button reflects armed state; a spinner-ish disabled state covers the in-flight consult. + */ +export function PanelButton(props: { sessionID: string }) { + const sdk = useSDK() + const dialog = useDialog() + const [busy, setBusy] = createSignal(false) + const [armedOverride, setArmedOverride] = createSignal(undefined) + + const client = () => sdk.client as unknown as PanelGoalClient + + // Seed the armed state from the SERVER's effective status (explicit toggle, else global default), + // so the button reflects the server-configured default rather than a client-side guess. A local + // override wins once the user toggles this session. + const [status] = createResource( + () => props.sessionID || undefined, + (sessionID) => fetchPanelStatus(client(), sessionID), + ) + const armed = () => armedOverride() ?? status()?.armed ?? false + + const consultNow = async () => { + const verdict = await consultPanel(client(), { sessionID: props.sessionID }) + if (verdict) dialog.show(() => ) + } + + const onClick = async () => { + if (busy() || !props.sessionID) return + setBusy(true) + try { + if (!armed()) { + // OFF → ON: arm, then convene once on the current context. + await armPanel(client(), props.sessionID, true) + setArmedOverride(true) + await consultNow() + } else { + // Already armed: a press re-convenes on demand (stays armed). + await consultNow() + } + } finally { + setBusy(false) + } + } + + const onDisarm = async (e: MouseEvent) => { + e.stopPropagation() + if (busy() || !props.sessionID) return + setBusy(true) + try { + await armPanel(client(), props.sessionID, false) + setArmedOverride(false) + } finally { + setBusy(false) + } + } + + return ( + +
+ + + + +
+
+ ) +} diff --git a/packages/app/src/components/deepagent/panel-goal-contract.test.ts b/packages/app/src/components/deepagent/panel-goal-contract.test.ts new file mode 100644 index 00000000..f1458e6f --- /dev/null +++ b/packages/app/src/components/deepagent/panel-goal-contract.test.ts @@ -0,0 +1,133 @@ +import { describe, expect, test } from "bun:test" +import { + consultPanel, + armPanel, + fetchPanelStatus, + startGoal, + pauseGoal, + resumeGoal, + stopGoal, + goalStatus, + fetchCapabilities, +} from "./panel-goal.api" + +// V3.9 §C/§D route contract: the Expert Panel + Goal Loop UI talks to the raw-request escape-hatch +// routes (NOT the generated SDK). These lock the exact method/url/body so a backend rename of +// /deepagent/panel/* or /deepagent/goal/* breaks CI here instead of shipping a dead UI. Mirrors the +// backend group schemas in server/routes/instance/httpapi/groups/deepagent.ts. +type Recorded = { method: string; url: string; body?: unknown; headers?: Record } + +function client(calls: Recorded[], data: unknown) { + return { + client: { + request: async (options: Recorded): Promise<{ data?: TData }> => { + calls.push(options) + return { data: data as TData } + }, + }, + } +} + +const JSON_HEADERS = { "Content-Type": "application/json" } + +describe("Expert Panel route contract (§C)", () => { + test("consultPanel POSTs /deepagent/panel/consult with the frozen question", async () => { + const calls: Recorded[] = [] + const verdict = { decision: "approve" as const, confidence: 0.9, rounds: 1, evidence: [], dissent: [] } + const result = await consultPanel(client(calls, verdict), { + sessionID: "ses_1", + question: "safe?", + lenses: ["security"], + policy: "security", + }) + expect(calls).toEqual([ + { + method: "POST", + url: "/deepagent/panel/consult", + body: { sessionID: "ses_1", question: "safe?", lenses: ["security"], policy: "security" }, + headers: JSON_HEADERS, + }, + ]) + expect(result).toEqual(verdict) + }) + + test("armPanel POSTs /deepagent/panel/arm and returns the effective armed state", async () => { + const calls: Recorded[] = [] + const armed = await armPanel(client(calls, { sessionID: "ses_1", armed: true }), "ses_1", true) + expect(calls).toEqual([ + { method: "POST", url: "/deepagent/panel/arm", body: { sessionID: "ses_1", armed: true }, headers: JSON_HEADERS }, + ]) + expect(armed).toBe(true) + }) + + test("fetchPanelStatus GETs /deepagent/panel/status and reports armed + explicit", async () => { + const calls: Recorded[] = [] + const status = await fetchPanelStatus(client(calls, { armed: true, explicit: false }), "ses 1") + expect(calls).toEqual([{ method: "GET", url: "/deepagent/panel/status?sessionID=ses%201" }]) + expect(status).toEqual({ armed: true, explicit: false }) + }) + + test("fetchPanelStatus tolerates a missing body (disarmed, not explicit)", async () => { + const calls: Recorded[] = [] + expect(await fetchPanelStatus(client(calls, {}), "ses_1")).toEqual({ armed: false, explicit: false }) + }) +}) + +describe("Goal Loop route contract (§D)", () => { + test("startGoal POSTs /deepagent/goal/start and returns the snapshot", async () => { + const calls: Recorded[] = [] + const snap = { goalId: "goal_1", planDocId: "plan_1", phase: "running", running: true } + const result = await startGoal(client(calls, snap), { sessionID: "ses_1" }) + expect(calls).toEqual([ + { method: "POST", url: "/deepagent/goal/start", body: { sessionID: "ses_1" }, headers: JSON_HEADERS }, + ]) + expect(result).toEqual(snap) + }) + + test("pause/resume/stop POST the matching lifecycle route with { sessionID }", async () => { + for (const [fn, action] of [ + [pauseGoal, "pause"], + [resumeGoal, "resume"], + [stopGoal, "stop"], + ] as const) { + const calls: Recorded[] = [] + const ok = await fn(client(calls, { ok: true }), "ses_1") + expect(calls).toEqual([ + { method: "POST", url: `/deepagent/goal/${action}`, body: { sessionID: "ses_1" }, headers: JSON_HEADERS }, + ]) + expect(ok).toBe(true) + } + }) + + test("goalStatus GETs /deepagent/goal/status with the sessionID query and unwraps goal", async () => { + const calls: Recorded[] = [] + const snap = { goalId: "goal_1", planDocId: "plan_1", phase: "paused", running: false } + const result = await goalStatus(client(calls, { goal: snap }), "ses 1") + expect(calls).toEqual([{ method: "GET", url: "/deepagent/goal/status?sessionID=ses%201" }]) + expect(result).toEqual(snap) + }) + + test("goalStatus tolerates a null goal", async () => { + const calls: Recorded[] = [] + expect(await goalStatus(client(calls, { goal: null }), "ses_1")).toBeNull() + }) +}) + +describe("capabilities gating", () => { + test("fetchCapabilities GETs /global/capabilities and reads the feature flags", async () => { + const calls: Recorded[] = [] + const caps = await fetchCapabilities(client(calls, { features: { expertPanel: true, goalLoop: false } })) + expect(calls).toEqual([{ method: "GET", url: "/global/capabilities" }]) + expect(caps).toEqual({ expertPanel: true, goalLoop: false }) + }) + + test("fetchCapabilities treats a server that omits the fields as disabled", async () => { + const calls: Recorded[] = [] + expect(await fetchCapabilities(client(calls, { features: {} }))).toEqual({ + expertPanel: false, + goalLoop: false, + }) + // and a server with no features object at all + expect(await fetchCapabilities(client(calls, {}))).toEqual({ expertPanel: false, goalLoop: false }) + }) +}) diff --git a/packages/app/src/components/deepagent/panel-goal.api.ts b/packages/app/src/components/deepagent/panel-goal.api.ts new file mode 100644 index 00000000..af4e1416 --- /dev/null +++ b/packages/app/src/components/deepagent/panel-goal.api.ts @@ -0,0 +1,175 @@ +// Pure HTTP client functions + types for the V3.9 Expert Panel (§C) + Goal Loop (§D) UI. Split from +// any .tsx so it carries NO UI imports (the route-contract test imports THIS module). Mirrors the +// review dialog's raw-request pattern (client.client.request by path; POST bodies via `body`). + +export type PanelLens = "correctness" | "security" | "performance" | "architecture" | "repro" + +export type PanelFinding = { + severity: string + category: string + file?: string | null + line?: number | null + summary: string + failureScenario: string + confidence: number +} +export type PanelDissent = { + lens: string + verdict: string + confidence: number + findings: PanelFinding[] +} +export type PanelVerdict = { + decision: "approve" | "revise" | "block" | "needs_human" + confidence: number + rounds: number + evidence: string[] + dissent: PanelDissent[] +} + +export type GoalSnapshot = { + goalId: string + planDocId: string + phase: string + running: boolean +} + +type RawSdkClient = { + client: { + request(options: { + method: string + url: string + body?: unknown + headers?: Record + }): Promise<{ data?: TData }> + } +} + +export type PanelGoalClient = RawSdkClient + +/** Which V3.9 experimental subsystems this server has enabled (from /global/capabilities.features). */ +export type DeepAgentCapabilities = { + expertPanel: boolean + goalLoop: boolean +} + +/** + * Read the server's experimental capabilities so the UI can independently gate the panel button and + * goal mode. Fetched via the raw path (no SDK regen); tolerant of an older server that omits the + * fields (treated as disabled). + */ +export const fetchCapabilities = async (client: PanelGoalClient): Promise => { + const response = await client.client.request<{ features?: Partial }>({ + method: "GET", + url: "/global/capabilities", + }) + return { + expertPanel: response.data?.features?.expertPanel ?? false, + goalLoop: response.data?.features?.goalLoop ?? false, + } +} + +const JSON_HEADERS = { "Content-Type": "application/json" } + +// ── Expert Panel (§C) ──────────────────────────────────────────────────────── + +/** Convene the Expert Panel on the current session context; returns the deterministic verdict. */ +export const consultPanel = async ( + client: PanelGoalClient, + input: { + sessionID: string + question?: string + codeRefs?: string[] + lenses?: PanelLens[] + maxRounds?: number + policy?: "default" | "security" + }, +): Promise => { + const response = await client.client.request({ + method: "POST", + url: "/deepagent/panel/consult", + body: input, + headers: JSON_HEADERS, + }) + return response.data +} + +/** Set the per-session panel armed flag (the button toggle). Returns the effective armed state. */ +export const armPanel = async ( + client: PanelGoalClient, + sessionID: string, + armed: boolean, +): Promise => { + const response = await client.client.request<{ sessionID: string; armed: boolean }>({ + method: "POST", + url: "/deepagent/panel/arm", + body: { sessionID, armed }, + headers: JSON_HEADERS, + }) + return response.data?.armed ?? armed +} + +/** + * Resolve the EFFECTIVE armed state for a session: the explicit per-session toggle if set, else the + * server's global expertPanelDefault. Lets the button seed from the server default without the client + * guessing (the client setting is only a hint; the server is authoritative). + */ +export const fetchPanelStatus = async ( + client: PanelGoalClient, + sessionID: string, +): Promise<{ armed: boolean; explicit: boolean }> => { + const response = await client.client.request<{ armed: boolean; explicit: boolean }>({ + method: "GET", + url: `/deepagent/panel/status?sessionID=${encodeURIComponent(sessionID)}`, + }) + return { armed: response.data?.armed ?? false, explicit: response.data?.explicit ?? false } +} + +// ── Goal Loop (§D) ─────────────────────────────────────────────────────────── + +export const startGoal = async ( + client: PanelGoalClient, + input: { + sessionID: string + criteria?: { kind: string; commands?: string[]; maxSeverity?: string; severityAtMost?: string }[] + limits?: { maxTicks?: number; maxTokens?: number; maxWallclockMs?: number; maxCost?: number } + stallThreshold?: number + }, +): Promise => { + const response = await client.client.request({ + method: "POST", + url: "/deepagent/goal/start", + body: input, + headers: JSON_HEADERS, + }) + return response.data +} + +const goalMutate = async ( + client: PanelGoalClient, + action: "pause" | "resume" | "stop", + sessionID: string, +): Promise => { + const response = await client.client.request<{ ok: boolean }>({ + method: "POST", + url: `/deepagent/goal/${action}`, + body: { sessionID }, + headers: JSON_HEADERS, + }) + return response.data?.ok ?? false +} + +export const pauseGoal = (client: PanelGoalClient, sessionID: string) => goalMutate(client, "pause", sessionID) +export const resumeGoal = (client: PanelGoalClient, sessionID: string) => goalMutate(client, "resume", sessionID) +export const stopGoal = (client: PanelGoalClient, sessionID: string) => goalMutate(client, "stop", sessionID) + +export const goalStatus = async ( + client: PanelGoalClient, + sessionID: string, +): Promise => { + const response = await client.client.request<{ goal: GoalSnapshot | null }>({ + method: "GET", + url: `/deepagent/goal/status?sessionID=${encodeURIComponent(sessionID)}`, + }) + return response.data?.goal ?? null +} diff --git a/packages/app/src/components/deepagent/panel-verdict-dialog.tsx b/packages/app/src/components/deepagent/panel-verdict-dialog.tsx new file mode 100644 index 00000000..f8b0253d --- /dev/null +++ b/packages/app/src/components/deepagent/panel-verdict-dialog.tsx @@ -0,0 +1,66 @@ +import { For, Show } from "solid-js" +import { Dialog } from "@deepagent-code/ui/v2/dialog-v2" +import type { PanelVerdict } from "./panel-goal.api" + +/** + * V3.9 §C — renders the Expert Panel verdict from a standalone consult. Shows the decision, the + * arbiter's confidence + round count, the grounding evidence, and any preserved dissent (§C.8 不丢信息). + */ + +const DECISION_LABEL: Record = { + approve: "Approve", + revise: "Revise", + block: "Block", + needs_human: "Needs a human", +} + +export function PanelVerdictDialog(props: { verdict: PanelVerdict }) { + const v = () => props.verdict + return ( + +
+
+ {DECISION_LABEL[v().decision]} + + {(v().confidence * 100).toFixed(0)}% confidence · {v().rounds} {v().rounds === 1 ? "round" : "rounds"} + +
+ + 0}> +
+ Evidence +
    + + {(e) =>
  • {e}
  • } +
    +
+
+
+ + 0}> +
+ Dissent (overruled) + + {(d) => ( +
+ + {d.lens} — {d.verdict} ({(d.confidence * 100).toFixed(0)}%) + + + {(f) => ( +
+ {f.summary} + — {f.file}{f.line != null ? `:${f.line}` : ""} +
{f.failureScenario}
+
+ )} +
+
+ )} +
+
+
+
+
+ ) +} diff --git a/packages/app/src/components/prompt-input.tsx b/packages/app/src/components/prompt-input.tsx index a2d21b1d..580fd9a3 100644 --- a/packages/app/src/components/prompt-input.tsx +++ b/packages/app/src/components/prompt-input.tsx @@ -54,6 +54,8 @@ import { usePlatform } from "@/context/platform" import { serverAttachmentFile } from "./prompt-input/server-attachment" import { useSessionLayout } from "@/pages/session/session-layout" import { createSessionTabs } from "@/pages/session/helpers" +import { PanelButton } from "@/components/deepagent/panel-button" +import { fetchCapabilities } from "@/components/deepagent/panel-goal.api" import { createTextFragment, getCursorPosition, setCursorPosition, setRangeEdge } from "./prompt-input/editor-dom" import { createPromptAttachments } from "./prompt-input/attachments" import { ACCEPTED_FILE_TYPES, pickAttachmentFiles } from "./prompt-input/files" @@ -691,6 +693,15 @@ export const PromptInput: Component = (props) => { .map((agent): AtOption => ({ type: "agent", name: agent.name, display: agent.name })), ) const agentNames = createMemo(() => local.agent.list().map((agent) => agent.name)) + // V3.9 §C/§D: gate the panel button on the server's advertised capabilities (/global/capabilities), + // so the Expert Panel (§C) and Goal Loop (§D) flags are honoured INDEPENDENTLY — the panel button + // appears iff expertPanel is enabled, regardless of goal mode. (goal mode gates itself: the `goal` + // primary agent is only registered when goalLoop is on, so it self-appears in the switcher.) + const [capabilities] = createResource( + () => (params.id ? "capabilities" : undefined), + () => fetchCapabilities(sdk.client as never), + ) + const panelAvailable = createMemo(() => capabilities()?.expertPanel === true) const handleAtSelect = (option: AtOption | undefined) => { if (!option) return @@ -1885,6 +1896,9 @@ export const PromptInput: Component = (props) => {
+ + +
{ />
+ + +
+ settings.general.setExpertPanelDefault(checked)} + /> +
+
) diff --git a/packages/app/src/context/global-sync/bootstrap.ts b/packages/app/src/context/global-sync/bootstrap.ts index fe66bb35..6d0f32c5 100644 --- a/packages/app/src/context/global-sync/bootstrap.ts +++ b/packages/app/src/context/global-sync/bootstrap.ts @@ -28,6 +28,9 @@ type GlobalStore = { session_plan: { [sessionID: string]: import("./types").SessionPlan } + session_goal: { + [sessionID: string]: import("./types").SessionGoal + } provider: NormalizedProviderListResponse provider_auth: ProviderAuthResponse config: Config diff --git a/packages/app/src/context/global-sync/event-reducer.test.ts b/packages/app/src/context/global-sync/event-reducer.test.ts index b896ab31..160ace11 100644 --- a/packages/app/src/context/global-sync/event-reducer.test.ts +++ b/packages/app/src/context/global-sync/event-reducer.test.ts @@ -3,7 +3,7 @@ import type { Message, Part, PermissionRequest, Project, QuestionRequest, Sessio import { createRoot } from "solid-js" import { isServer } from "solid-js/web" import { createStore, reconcile, unwrap } from "solid-js/store" -import type { SessionPlan, State } from "./types" +import type { SessionGoal, SessionPlan, State } from "./types" import { applyDirectoryEvent, applyGlobalEvent, cleanupDroppedSessionCaches } from "./event-reducer" const rootSession = (input: { id: string; parentID?: string; archived?: number }) => @@ -748,3 +748,57 @@ describe("plan.updated reconcile (session_plan)", () => { // the plan system: the backend no longer emits `todo.updated` (both todowrite tool writers were // removed) and the reducer no longer handles it. The plan panel's live-update coverage lives in the // `plan.updated reconcile (session_plan)` describe block below. + +// V3.9 §D: the goal.updated event feeds the live Goal status bar via a session_goal store (analogous +// to session_plan). Verifies the reducer routes the payload to setSessionGoal and that consecutive +// ticks advance the phase + ledger. +describe("goal.updated reducer (session_goal)", () => { + const goalEvent = (sessionID: string, phase: string, tokens: number) => ({ + type: "goal.updated", + properties: { + sessionID, + goalId: "goal_1", + planDocId: "plan_1", + phase, + ledger: { ticks: tokens / 10, tokens, cost: 0, wallclockMs: 1000 }, + stallCount: 0, + gaps: phase === "needs_human" ? ["reviewer_clean unmet"] : [], + }, + }) + + const dispatch = (setSessionGoal: (sid: string, g: SessionGoal | undefined) => void, event: unknown) => { + const [store, setStore] = createStore(baseState()) + applyDirectoryEvent({ + event: event as never, + store, + setStore, + push() {}, + directory: "/tmp", + loadLsp() {}, + setSessionGoal, + }) + } + + test("routes goal.updated to setSessionGoal and advances phase + ledger", () => { + createRoot((dispose) => { + const [goalStore, setGoalStore] = createStore<{ g: Record }>({ g: {} }) + const setSessionGoal = (sid: string, goal: SessionGoal | undefined) => { + if (!goal) return + setGoalStore("g", sid, reconcile(goal) as never) + } + + dispatch(setSessionGoal, goalEvent("ses_1", "running", 10)) + expect(goalStore.g.ses_1.phase).toBe("running") + expect(goalStore.g.ses_1.ledger.tokens).toBe(10) + + dispatch(setSessionGoal, goalEvent("ses_1", "running", 120)) + expect(goalStore.g.ses_1.ledger.tokens).toBe(120) + + dispatch(setSessionGoal, goalEvent("ses_1", "needs_human", 200)) + expect(goalStore.g.ses_1.phase).toBe("needs_human") + expect(goalStore.g.ses_1.gaps).toEqual(["reviewer_clean unmet"]) + + dispose() + }) + }) +}) diff --git a/packages/app/src/context/global-sync/event-reducer.ts b/packages/app/src/context/global-sync/event-reducer.ts index 107bc593..a41e9c2b 100644 --- a/packages/app/src/context/global-sync/event-reducer.ts +++ b/packages/app/src/context/global-sync/event-reducer.ts @@ -10,7 +10,7 @@ import type { SessionStatus, SnapshotFileDiff, } from "@deepagent-code/sdk/v2/client" -import type { State, VcsCache, SessionPlan } from "./types" +import type { State, VcsCache, SessionPlan, SessionGoal } from "./types" import { trimSessions } from "./session-trim" import { dropSessionCaches } from "./session-cache" import { diffs as list, message as clean } from "@/utils/diffs" @@ -85,6 +85,7 @@ export function applyDirectoryEvent(input: { loadLsp: () => void vcsCache?: VcsCache setSessionPlan?: (sessionID: string, plan: SessionPlan | undefined) => void + setSessionGoal?: (sessionID: string, goal: SessionGoal | undefined) => void retainedLimit?: number }) { const event = input.event @@ -187,6 +188,29 @@ export function applyDirectoryEvent(input: { }) break } + case "goal.updated": { + // V3.9 §D: the live Goal Loop status from the driver. Stored under a distinct session_goal key + // (like session_plan) so the status bar persists while the session is idle between ticks. A + // terminal phase does NOT clear it — the UI shows the final state until the user dismisses/restarts. + const props = event.properties as { + sessionID: string + goalId: string + planDocId: string + phase: string + ledger: SessionGoal["ledger"] + stallCount: number + gaps: string[] + } + input.setSessionGoal?.(props.sessionID, { + goalId: props.goalId, + planDocId: props.planDocId, + phase: props.phase, + ledger: props.ledger, + stallCount: props.stallCount, + gaps: props.gaps, + }) + break + } case "session.status": { const props = event.properties as { sessionID: string; status: SessionStatus } input.setStore("session_status", props.sessionID, reconcile(props.status)) diff --git a/packages/app/src/context/global-sync/types.ts b/packages/app/src/context/global-sync/types.ts index 858b9dfe..0260548c 100644 --- a/packages/app/src/context/global-sync/types.ts +++ b/packages/app/src/context/global-sync/types.ts @@ -49,6 +49,19 @@ export type SessionPlan = { total: number } +// V3.9 §D: live Goal Loop status mirrored from the backend goal.updated event. Declared here (not in +// server-sync) so both the reducer and the sync context import it without a cycle. Mirrors the +// GoalManager snapshot + budget ledger the status bar renders. +export type SessionGoal = { + goalId: string + planDocId: string + // running | paused | done | needs_human | rolled_back | stopped + phase: string + ledger: { ticks: number; tokens: number; cost: number; wallclockMs: number } + stallCount: number + gaps: string[] +} + export type State = { status: "loading" | "partial" | "complete" agent: Agent[] diff --git a/packages/app/src/context/server-sync.tsx b/packages/app/src/context/server-sync.tsx index b5ae1dac..423d73de 100644 --- a/packages/app/src/context/server-sync.tsx +++ b/packages/app/src/context/server-sync.tsx @@ -45,9 +45,9 @@ import { retry } from "@deepagent-code/core/util/retry" import type { ServerScope } from "@/utils/server-scope" import { persisted } from "@/utils/persist" import { toggleMcp } from "./global-sync/mcp" -import type { SessionPlan, SessionPlanStep } from "./global-sync/types" +import type { SessionPlan, SessionPlanStep, SessionGoal } from "./global-sync/types" -export type { SessionPlan, SessionPlanStep } +export type { SessionPlan, SessionPlanStep, SessionGoal } // True when `dir` is a filesystem root: posix "/" or a Windows drive/UNC root ("C:\", "C:/", "\\"). // Rooting an instance here is refused server-side (assertSafeInstanceRoot); we check on the client @@ -72,6 +72,11 @@ type GlobalStore = { session_plan: { [sessionID: string]: SessionPlan } + // V3.9 §D: the live Goal Loop status per session, pushed by the goal.updated event. Persistent like + // session_plan so the status bar survives the session going idle between background ticks. + session_goal: { + [sessionID: string]: SessionGoal + } provider: NormalizedProviderListResponse provider_auth: ProviderAuthResponse config: Config @@ -145,6 +150,7 @@ export function createServerSyncContextInner(_serverSDK?: ServerSDK) { }, project: [], session_plan: {}, + session_goal: {}, provider_auth: {}, get path() { const EMPTY: Path = { @@ -270,6 +276,22 @@ export function createServerSyncContextInner(_serverSDK?: ServerSDK) { setGlobalStore("session_plan", sessionID, reconcile(plan, { key: "step_id" })) } + // V3.9 §D: set/clear the live goal status for a session (mirrors setSessionPlan). The goal object is + // a single record per session; reconcile keeps field-level updates minimal-diff. + const setSessionGoal = (sessionID: string, goal: SessionGoal | undefined) => { + if (!sessionID) return + if (!goal) { + setGlobalStore( + "session_goal", + produce((draft) => { + delete draft[sessionID] + }), + ) + return + } + setGlobalStore("session_goal", sessionID, reconcile(goal)) + } + const paused = () => untrack(() => globalStore.reload) !== undefined const queue = createRefreshQueue({ @@ -487,6 +509,7 @@ export function createServerSyncContextInner(_serverSDK?: ServerSDK) { setStore, push: queue.push, setSessionPlan, + setSessionGoal, retainedLimit: sessionMeta.get(key)?.limit, vcsCache: children.vcsCache.get(key), loadLsp: () => { @@ -637,6 +660,9 @@ export function createServerSyncContextInner(_serverSDK?: ServerSDK) { plan: { set: setSessionPlan, }, + goal: { + set: setSessionGoal, + }, mcp: { toggle: async (directory: string, name: string) => { const key = directoryKey(directory) diff --git a/packages/app/src/context/settings.tsx b/packages/app/src/context/settings.tsx index 7e170946..4874b77f 100644 --- a/packages/app/src/context/settings.tsx +++ b/packages/app/src/context/settings.tsx @@ -27,6 +27,9 @@ export interface Settings { shellToolPartsExpanded: boolean editToolPartsExpanded: boolean showSessionProgressBar: boolean + // V3.9 §C: whether new conversations start with the Expert Panel armed. Client-side default that + // the panel button seeds from; the per-session armed state is tracked server-side. + expertPanelDefault: boolean } appearance: { fontSize: number @@ -104,6 +107,7 @@ const defaultSettings: Settings = { shellToolPartsExpanded: false, editToolPartsExpanded: false, showSessionProgressBar: true, + expertPanelDefault: false, }, appearance: { fontSize: 14, @@ -201,6 +205,13 @@ export const { use: useSettings, provider: SettingsProvider } = createSimpleCont setShowSessionProgressBar(value: boolean) { setStore("general", "showSessionProgressBar", value) }, + expertPanelDefault: withFallback( + () => store.general?.expertPanelDefault, + defaultSettings.general.expertPanelDefault, + ), + setExpertPanelDefault(value: boolean) { + setStore("general", "expertPanelDefault", value) + }, }, appearance: { fontSize: withFallback(() => store.appearance?.fontSize, defaultSettings.appearance.fontSize), diff --git a/packages/app/src/i18n/en.ts b/packages/app/src/i18n/en.ts index 2d8d4de9..bdc0ea4c 100644 --- a/packages/app/src/i18n/en.ts +++ b/packages/app/src/i18n/en.ts @@ -1124,6 +1124,9 @@ export const dict = { "settings.general.row.showSessionProgressBar.title": "Show session progress bar", "settings.general.row.showSessionProgressBar.description": "Display the animated progress bar at the top of the session when the agent is working", + "settings.general.row.expertPanelDefault.title": "Arm expert panel by default", + "settings.general.row.expertPanelDefault.description": + "Start new conversations with the expert panel armed, so its button convenes a review of the current context on demand", "settings.general.row.newLayoutDesigns.title": "New layout and designs", "settings.general.row.newLayoutDesigns.description": "Enable the redesigned layout, home, composer, and session UI", "settings.general.row.pinchZoom.title": "Pinch to zoom", diff --git a/packages/app/src/pages/session/composer/session-composer-region.tsx b/packages/app/src/pages/session/composer/session-composer-region.tsx index 7d6b92f7..beac62b5 100644 --- a/packages/app/src/pages/session/composer/session-composer-region.tsx +++ b/packages/app/src/pages/session/composer/session-composer-region.tsx @@ -15,6 +15,7 @@ import { SessionFollowupDock } from "@/pages/session/composer/session-followup-d import { SessionRevertDock } from "@/pages/session/composer/session-revert-dock" import type { SessionComposerState } from "@/pages/session/composer/session-composer-state" import { SessionTodoDock } from "@/pages/session/composer/session-todo-dock" +import { GoalStatusBar } from "@/components/deepagent/goal-status-bar" import type { FollowupDraft } from "@/components/prompt-input/submit" import { createResizeObserver } from "@solid-primitives/resize-observer" @@ -248,6 +249,9 @@ export function SessionComposerRegion(props: { "margin-top": `${-lift()}px`, }} > + + + () @@ -86,6 +110,8 @@ export const getOrCreate = (sessionId: string, mode: AgentMode): SessionRunState plan: null, mutationsSinceReport: 0, validationPassedSinceReport: false, + panelArmed: null, + activeGoal: null, createdAt: new Date().toISOString(), completedAt: null, } @@ -171,6 +197,54 @@ export const setPlan = (sessionId: string, plan: PlanDoc): void => { export const getPlan = (sessionId: string): PlanDoc | null => sessions.get(sessionId)?.plan ?? null +// V3.9 §C — Expert Panel per-session arming. +// The raw per-session toggle (null = never explicitly toggled). setPanelArmed writes an explicit +// user choice; resolvePanelArmed resolves the EFFECTIVE state, falling back to the global default when +// the session has no explicit choice. This keeps the global `expertPanelDefault` setting authoritative +// for new conversations while an explicit toggle always wins. +export const setPanelArmed = (sessionId: string, armed: boolean): void => { + const state = sessions.get(sessionId) + if (!state) return + state.panelArmed = armed + saveToDisk() +} + +/** The raw explicit toggle, or null when the session has never toggled it. */ +export const panelArmedChoice = (sessionId: string): boolean | null => sessions.get(sessionId)?.panelArmed ?? null + +/** + * Effective armed state: the explicit per-session choice if set, else the supplied global default. Pass + * the resolved `expertPanelDefault` setting so the fallback reflects the server's configured default. + */ +export const resolvePanelArmed = (sessionId: string, globalDefault: boolean): boolean => { + const choice = sessions.get(sessionId)?.panelArmed + return choice ?? globalDefault +} + +/** Back-compat: effective armed state with a hard `false` fallback (no global default available). */ +export const isPanelArmed = (sessionId: string): boolean => sessions.get(sessionId)?.panelArmed ?? false + +// V3.9 §D — active-goal pointer. The GoalLoop status doc in the DocumentStore is authoritative; this +// pointer is the session-local index the server/UI use to find and reflect the running goal. +export const setActiveGoal = (sessionId: string, pointer: ActiveGoalPointer | null): void => { + const state = sessions.get(sessionId) + if (!state) return + state.activeGoal = pointer + saveToDisk() +} + +export const getActiveGoal = (sessionId: string): ActiveGoalPointer | null => + sessions.get(sessionId)?.activeGoal ?? null + +// Patch just the phase of the active-goal pointer (driver transitions running↔paused, terminal states). +// No-op when there is no active goal (a stale transition after stop must not resurrect a pointer). +export const setActiveGoalPhase = (sessionId: string, phase: GoalPointerPhase): void => { + const state = sessions.get(sessionId) + if (!state || state.activeGoal == null) return + state.activeGoal = { ...state.activeGoal, phase } + saveToDisk() +} + // U10: count one mutating tool call toward the progress-nudge budget. Called after a mutating tool // executes. No-op when there is no plan (the nudge only applies once the model has a plan to report // against). @@ -290,6 +364,10 @@ function normalizeState(state: SessionRunState): SessionRunState { // Backfill: sessions persisted before U10 have no counter on disk. mutationsSinceReport: state.mutationsSinceReport ?? 0, validationPassedSinceReport: state.validationPassedSinceReport ?? false, + // Backfill: sessions persisted before V3.9 §C/§D have neither slot on disk. panelArmed backfills to + // null (= not explicitly toggled → follows the global default), NOT false. + panelArmed: state.panelArmed ?? null, + activeGoal: state.activeGoal ?? null, } sessions.set(state.sessionId, normalized) return normalized diff --git a/packages/core/src/flag/flag.ts b/packages/core/src/flag/flag.ts index 330238ba..9c209fd4 100644 --- a/packages/core/src/flag/flag.ts +++ b/packages/core/src/flag/flag.ts @@ -47,6 +47,14 @@ export const Flag = { DEEPAGENT_CODE_WORKSPACE_ID: process.env["DEEPAGENT_CODE_WORKSPACE_ID"], DEEPAGENT_CODE_EXPERIMENTAL_WORKSPACES: enabledByExperimental("DEEPAGENT_CODE_EXPERIMENTAL_WORKSPACES"), DEEPAGENT_CODE_EXPERIMENTAL_SESSION_SWITCHER: enabledByExperimental("DEEPAGENT_CODE_EXPERIMENTAL_SESSION_SWITCHER"), + // V3.9 §C/§D — mirror the server RuntimeFlags so the TUI can gate the /panel and /goal slash + // commands (evaluated at access time so the CLI/tests can set the env at runtime). + get DEEPAGENT_CODE_EXPERIMENTAL_EXPERT_PANEL() { + return enabledByExperimental("DEEPAGENT_CODE_EXPERIMENTAL_EXPERT_PANEL") + }, + get DEEPAGENT_CODE_EXPERIMENTAL_GOAL_LOOP() { + return enabledByExperimental("DEEPAGENT_CODE_EXPERIMENTAL_GOAL_LOOP") + }, // Evaluated at access time (not module load) because tests, the CLI, and // external tooling set these env vars at runtime. diff --git a/packages/core/test/deepagent/session-state-panel-goal.test.ts b/packages/core/test/deepagent/session-state-panel-goal.test.ts new file mode 100644 index 00000000..43435f4e --- /dev/null +++ b/packages/core/test/deepagent/session-state-panel-goal.test.ts @@ -0,0 +1,107 @@ +import { describe, expect, test, beforeEach } from "bun:test" +import { mkdtempSync } from "node:fs" +import { tmpdir } from "node:os" +import path from "node:path" +import * as SessionState from "../../src/deepagent/session-state" + +// V3.9 §C/§D: the per-session Expert Panel arming flag and the active-goal pointer. These are the +// server/UI seams for the panel toggle and the goal status bar. Verifies default-off, explicit toggle, +// global-default seeding, and that the goal pointer phase patch is a no-op once the goal is cleared. + +describe("session-state panel arming (§C)", () => { + beforeEach(() => { + SessionState.configure(mkdtempSync(path.join(tmpdir(), "panel-arm-"))) + }) + + test("a new session has no explicit choice → follows the global default", () => { + SessionState.getOrCreate("panel-s1", "high") + expect(SessionState.panelArmedChoice("panel-s1")).toBeNull() + // effective state falls back to the supplied global default (both directions) + expect(SessionState.resolvePanelArmed("panel-s1", false)).toBe(false) + expect(SessionState.resolvePanelArmed("panel-s1", true)).toBe(true) + }) + + test("an explicit toggle overrides the global default", () => { + SessionState.getOrCreate("panel-s2", "high") + SessionState.setPanelArmed("panel-s2", false) + // explicit false wins even when the global default is true + expect(SessionState.panelArmedChoice("panel-s2")).toBe(false) + expect(SessionState.resolvePanelArmed("panel-s2", true)).toBe(false) + + SessionState.setPanelArmed("panel-s2", true) + expect(SessionState.resolvePanelArmed("panel-s2", false)).toBe(true) + }) + + test("arming an unknown session is a no-op", () => { + expect(SessionState.panelArmedChoice("panel-missing")).toBeNull() + SessionState.setPanelArmed("panel-missing", true) // must not throw / create state + expect(SessionState.panelArmedChoice("panel-missing")).toBeNull() + expect(SessionState.resolvePanelArmed("panel-missing", false)).toBe(false) + }) +}) + +describe("session-state active-goal pointer (§D)", () => { + beforeEach(() => { + SessionState.configure(mkdtempSync(path.join(tmpdir(), "goal-ptr-"))) + }) + + test("a new session has no active goal", () => { + SessionState.getOrCreate("goal-s1", "high") + expect(SessionState.getActiveGoal("goal-s1")).toBeNull() + }) + + test("setActiveGoal stores the pointer, getActiveGoal returns it", () => { + SessionState.getOrCreate("goal-s2", "high") + SessionState.setActiveGoal("goal-s2", { + goalId: "goal_abc", + planDocId: "plan_1", + phase: "running", + startedAt: new Date().toISOString(), + }) + const ptr = SessionState.getActiveGoal("goal-s2") + expect(ptr?.goalId).toBe("goal_abc") + expect(ptr?.phase).toBe("running") + }) + + test("setActiveGoalPhase patches only the phase", () => { + SessionState.getOrCreate("goal-s3", "high") + SessionState.setActiveGoal("goal-s3", { + goalId: "goal_abc", + planDocId: "plan_1", + phase: "running", + startedAt: "2026-07-09T00:00:00.000Z", + }) + SessionState.setActiveGoalPhase("goal-s3", "paused") + const ptr = SessionState.getActiveGoal("goal-s3") + expect(ptr?.phase).toBe("paused") + expect(ptr?.startedAt).toBe("2026-07-09T00:00:00.000Z") // untouched + }) + + test("setActiveGoalPhase is a no-op once the goal is cleared (no resurrection)", () => { + SessionState.getOrCreate("goal-s4", "high") + SessionState.setActiveGoal("goal-s4", { + goalId: "goal_abc", + planDocId: "plan_1", + phase: "running", + startedAt: new Date().toISOString(), + }) + SessionState.setActiveGoal("goal-s4", null) + SessionState.setActiveGoalPhase("goal-s4", "done") + expect(SessionState.getActiveGoal("goal-s4")).toBeNull() + }) + + test("both slots survive normalize (disk backfill) for a pre-V3.9 session", () => { + SessionState.getOrCreate("goal-s5", "high") + SessionState.setPanelArmed("goal-s5", true) + SessionState.setActiveGoal("goal-s5", { + goalId: "goal_x", + planDocId: "plan_x", + phase: "running", + startedAt: new Date().toISOString(), + }) + // getOrCreate on an existing session runs normalizeState — the slots must be preserved. + SessionState.getOrCreate("goal-s5", "high") + expect(SessionState.panelArmedChoice("goal-s5")).toBe(true) + expect(SessionState.getActiveGoal("goal-s5")?.goalId).toBe("goal_x") + }) +}) diff --git a/packages/deepagent-code/src/agent/agent.ts b/packages/deepagent-code/src/agent/agent.ts index 8adb96a3..7660539f 100644 --- a/packages/deepagent-code/src/agent/agent.ts +++ b/packages/deepagent-code/src/agent/agent.ts @@ -1,5 +1,6 @@ import { PermissionV1 } from "@deepagent-code/core/v1/permission" import { Config } from "@/config/config" +import { RuntimeFlags } from "@/effect/runtime-flags" import { serviceUse } from "@deepagent-code/core/effect/service-use" import { Provider } from "@/provider/provider" @@ -14,6 +15,7 @@ import PROMPT_EXPLORE from "./prompt/explore.txt" import PROMPT_RESEARCHER from "./prompt/researcher.txt" import PROMPT_REVIEWER from "./prompt/reviewer.txt" import PROMPT_GOAL_WORKER from "./prompt/goal-worker.txt" +import PROMPT_GOAL_MODE from "./prompt/goal-mode.txt" import { PLAN_WRITE_OWN_GOAL } from "./subagent-permissions" import PROMPT_SUMMARY from "./prompt/summary.txt" import PROMPT_TITLE from "./prompt/title.txt" @@ -128,6 +130,7 @@ export const layer = Layer.effect( const plugin = yield* Plugin.Service const skill = yield* Skill.Service const provider = yield* Provider.Service + const flags = yield* RuntimeFlags.Service const state = yield* InstanceState.make( Effect.fn("Agent.state")(function* (ctx) { @@ -203,6 +206,33 @@ export const layer = Layer.effect( mode: "primary", native: true, }, + // V3.9 §D: GOAL mode — the third primary agent (alongside build/plan). Selecting it is the + // entry point for defining a bounded, objectively-decidable goal and producing the plan the + // Goal Loop drives autonomously. Same working permission ruleset as build (goal setup reads + // and plans; the actual autonomous execution runs in goal-worker child sessions). Only + // registered when experimentalGoalLoop is on, so the mode never appears without a backend + // that can start a goal (the goal.start route also fail-closes when the flag is off). + ...(flags.experimentalGoalLoop + ? { + goal: { + name: "goal", + description: + "Goal mode (V3.9 §D). Define a bounded, objectively-decidable goal and produce a plan; the supervised Goal Loop then drives it to completion autonomously (plan→execute→verify per tick).", + permission: Permission.merge( + defaults, + Permission.fromConfig({ + question: "allow", + plan_enter: "allow", + }), + user, + ), + prompt: PROMPT_GOAL_MODE, + options: {}, + mode: "primary" as const, + native: true, + }, + } + : {}), general: { name: "general", description: `General-purpose agent for researching complex questions and executing multi-step tasks. Use this agent to execute multiple units of work in parallel.`, @@ -587,6 +617,7 @@ export const defaultLayer = layer.pipe( Layer.provide(Auth.defaultLayer), Layer.provide(Config.defaultLayer), Layer.provide(Skill.defaultLayer), + Layer.provide(RuntimeFlags.defaultLayer), ) export * as Agent from "./agent" diff --git a/packages/deepagent-code/src/agent/prompt/goal-mode.txt b/packages/deepagent-code/src/agent/prompt/goal-mode.txt new file mode 100644 index 00000000..3d126e60 --- /dev/null +++ b/packages/deepagent-code/src/agent/prompt/goal-mode.txt @@ -0,0 +1,13 @@ +You are in GOAL mode. In this mode you help the user define a long-running, autonomously-pursued objective and produce the plan that the Goal Loop will drive to completion. + +Goal mode is the setup phase for an autonomous run. You are NOT executing the whole goal yourself in this turn — you are turning the user's intent into a bounded, objectively-decidable goal plus a concrete plan. Once the user starts the goal, a supervised background loop advances one plan step per tick, grades progress against objective criteria (tests, diagnostics, reviewer, expert panel, plan completion), and stops on completion, budget exhaustion, no-progress, or a decision that needs a human. + +Your job in this mode: +- Clarify the objective until it is DECIDABLE. A goal must have a clear finish line you can check without opinion — e.g. "these tests pass", "no diagnostics above warning", "the reviewer finds nothing high-severity", "every plan step is done". If the user's request is vague ("make it better"), ask what "done" means, or propose concrete acceptance criteria and confirm them. +- Establish BOUNDS. A goal runs autonomously, so it must be bounded: a step budget, a token budget, a wallclock limit. Confirm the user is comfortable with the scope, or propose sensible limits. +- Produce a PLAN with the plan tool: an ordered list of steps, each with a title and, where possible, an acceptance criterion. The plan you write here is exactly what the Goal Loop consumes — the loop reads it, executes the active step, and writes evidence back. Keep steps small enough that one step is one coherent unit of progress. +- Surface RISK. If completing the goal will require destructive or hard-to-reverse actions, or touches production, say so and let the user decide before they start the run. + +Do not start executing the plan end-to-end in this turn. Get the goal and plan right, then let the user start the goal loop. If the user asks you to just do it now instead of running it as a goal, switch to normal execution. + +Ground everything in the actual codebase — read before you plan. A plan built on assumptions produces a goal loop that thrashes. diff --git a/packages/deepagent-code/src/effect/app-runtime.ts b/packages/deepagent-code/src/effect/app-runtime.ts index bf375935..e5d661b3 100644 --- a/packages/deepagent-code/src/effect/app-runtime.ts +++ b/packages/deepagent-code/src/effect/app-runtime.ts @@ -30,6 +30,7 @@ import { SessionCompaction } from "@/session/compaction" import { SessionRevert } from "@/session/revert" import { SessionSummary } from "@/session/summary" import { SessionPrompt } from "@/session/prompt" +import { GoalManager } from "@/session/goal-manager" import { Instruction } from "@/session/instruction" import { LLM } from "@/session/llm" import { LSP } from "@/lsp/lsp" @@ -87,6 +88,7 @@ export const AppLayer = Layer.mergeAll( SessionRevert.defaultLayer, SessionSummary.defaultLayer, SessionPrompt.defaultLayer, + GoalManager.defaultLayer, Instruction.defaultLayer, LLM.defaultLayer, LSP.defaultLayer, diff --git a/packages/deepagent-code/src/panel/consult.ts b/packages/deepagent-code/src/panel/consult.ts new file mode 100644 index 00000000..9da209c8 --- /dev/null +++ b/packages/deepagent-code/src/panel/consult.ts @@ -0,0 +1,79 @@ +import { Effect } from "effect" +import { runPanel, type PanelArchiver } from "./orchestrator" +import { buildPanelistRunner, type PanelTurnRunner } from "./panelist-runner" +import { + PANEL_LENSES, + DEFAULT_QUORUM_POLICY, + SECURITY_AUDIT_QUORUM_POLICY, + type PanelLens, + type PanelVerdict, + type QuorumPolicy, +} from "../agent/schema/panel" + +/** + * V3.9 §C — the STANDALONE Expert Panel entry (会诊), decoupled from the Goal Loop. + * + * The panel engine (`orchestrator.runPanel` + deterministic `arbiter`) is convened here directly by a + * user action (the chat-dialog panel button) instead of only as a goal-loop grader. The flow matches + * §C.4: freeze the question → fan out the lens panelists (mutually invisible) → optional debate rounds + * → deterministic arbitration → `PanelVerdict`. Activation semantics (§C, per the product spec): + * - The panel is "armed" per conversation (seeded from the global `expertPanelDefault` setting). + * - Arming mid-conversation (button OFF→ON) convenes ONE panel on the CURRENT context immediately, + * then goes quiet ("等待唤醒") — no per-turn re-runs. + * - A subsequent button press while armed re-convenes on demand. + * The server route owns the arm/disarm state (session-state.panelArmed) and the "run now" trigger; this + * module owns the convening itself so it is unit-testable without HTTP. + */ + +export type ConsultInput = { + /** The frozen question the panel answers (built from the current conversation context by the caller). */ + readonly question: string + /** Code references (file / file:line) the panelists ground findings in. May be empty. */ + readonly codeRefs: readonly string[] + /** Parent (conversation) session id — the TaskConcurrency semaphore key + panelist child parent. */ + readonly parentSessionID: string + /** The lens set to convene. Defaults to all five core lenses (§C.3). Deduped + capped by runPanel. */ + readonly lenses?: readonly PanelLens[] + /** Debate-round cap R (≥ 1). Round 1 always runs; 2..R are debate. Defaults to 1 (single round). */ + readonly maxRounds?: number + /** + * Which quorum policy governs arbitration. "default" = weighted majority / conservative-on-tie; + * "security" = any block blocks (§C.6 安全审计). Defaults to "default". A caller may also pass a full + * QuorumPolicy object for a custom event type. + */ + readonly policy?: "default" | "security" | QuorumPolicy +} + +export type ConsultDeps = { + /** The real subagent turn runner (a lens-prompted reviewer child session); tests inject a stub. */ + readonly runTurn: PanelTurnRunner + /** Optional archiver so each opinion is projected into the Document Graph (§B Wiki). */ + readonly archive?: PanelArchiver +} + +const resolvePolicy = (policy: ConsultInput["policy"]): QuorumPolicy => { + if (policy == null || policy === "default") return DEFAULT_QUORUM_POLICY + if (policy === "security") return SECURITY_AUDIT_QUORUM_POLICY + return policy +} + +/** + * Convene the Expert Panel on a frozen question and return the deterministic `PanelVerdict`. Never + * throws: a panel that cannot reach quorum (all panelists absent / below minQuorum) returns a + * `needs_human` verdict via the Arbiter, never a silent approve. + */ +export const consultPanel = (input: ConsultInput, deps: ConsultDeps): Effect.Effect => + runPanel({ + question: { + question: input.question, + codeRefs: input.codeRefs, + lenses: input.lenses ?? PANEL_LENSES, + maxRounds: input.maxRounds ?? 1, + policy: resolvePolicy(input.policy), + }, + runPanelist: buildPanelistRunner(deps.runTurn), + ...(deps.archive ? { archive: deps.archive } : {}), + parentSessionID: input.parentSessionID, + }) + +export * as PanelConsult from "./consult" diff --git a/packages/deepagent-code/src/panel/panelist-runner.ts b/packages/deepagent-code/src/panel/panelist-runner.ts new file mode 100644 index 00000000..8ab9a75c --- /dev/null +++ b/packages/deepagent-code/src/panel/panelist-runner.ts @@ -0,0 +1,108 @@ +import { Effect } from "effect" +import type { PanelistRunInput, PanelistRunner } from "./orchestrator" +import { type PanelLens, type PanelOpinion } from "../agent/schema/panel" +import { ReviewResult } from "../agent/schema/orchestration" +import { ToolJsonSchema } from "../tool/json-schema" +import PROMPT_CORRECTNESS from "../agent/prompt/panel/correctness.txt" +import PROMPT_SECURITY from "../agent/prompt/panel/security.txt" +import PROMPT_PERFORMANCE from "../agent/prompt/panel/performance.txt" +import PROMPT_ARCHITECTURE from "../agent/prompt/panel/architecture.txt" +import PROMPT_REPRO from "../agent/prompt/panel/repro.txt" + +/** + * V3.9 §C — the shared PANELIST RUNNER, extracted so BOTH the standalone Expert Panel entry + * (`panel/consult.ts`) and the Goal Loop's `panel_approves` grader (`session/goal-loop-wiring.ts`) + * convene panelists identically. A panelist is a lens-specialized reviewer subagent: it is driven with + * that lens's differentiated system prompt (`agent/prompt/panel/.txt`, §C.3 — this is what makes + * the panel genuinely differentiated rather than reviewer clones) and its structured `ReviewResult` + * becomes a `PanelOpinion`. An absent / failed / malformed turn ⇒ `null` (§C.8 缺席, never a fabricated + * opinion). + * + * The turn itself is injected as a `PanelTurnRunner` port so the caller supplies the real + * child-session subagent runner (production) or a deterministic stub (tests) — this module owns ONLY + * the panelist prompt + opinion mapping, never session creation. + */ + +/** The differentiated per-lens system-prompt guidance appended to each panelist turn. */ +const LENS_PROMPT: Record = { + correctness: PROMPT_CORRECTNESS, + security: PROMPT_SECURITY, + performance: PROMPT_PERFORMANCE, + architecture: PROMPT_ARCHITECTURE, + repro: PROMPT_REPRO, +} + +/** JSON Schema forcing a structured ReviewResult final turn (shared with the reviewer_clean gate). */ +export const REVIEWER_SCHEMA = ToolJsonSchema.fromSchema(ReviewResult) as unknown as Record + +/** + * The minimal turn seam a panelist needs. Mirrors the goal-loop `SubagentTurnRunner` shape but is + * declared here so this module does not depend on the goal-loop wiring (avoids a cycle: goal-loop-wiring + * imports THIS). `structured` is the parsed schema output; absent when the turn produced none. + */ +export type PanelTurnRunner = (input: { + readonly agentType: string + readonly prompt: string + readonly outputSchema?: Record +}) => Effect.Effect<{ readonly structured: unknown | undefined }> + +/** Parse a reviewer turn's structured output into a ReviewResult; malformed/absent ⇒ null (fail-closed). */ +export const parseReviewResult = (structured: unknown): ReviewResult | null => { + if (structured == null) return null + try { + return ReviewResult.make(structured as ReviewResult) + } catch { + // structured may already be a decoded object from a prior JSON round-trip; accept a shape-check. + const anyVal = structured as { findings?: unknown; verdict?: unknown } + if (Array.isArray(anyVal.findings) && typeof anyVal.verdict === "string") return anyVal as ReviewResult + return null + } +} + +/** Map a reviewer turn output → the panel's PanelOpinion shape. */ +export const opinionFromReview = (lens: PanelLens, review: ReviewResult | null): PanelOpinion | null => { + if (review == null) return null + // Confidence = max finding confidence (approve with no findings ⇒ full confidence in "approve"). + const confidence = + review.findings.length === 0 + ? 1 + : review.findings.reduce((m, f) => Math.max(m, Number.isFinite(f.confidence) ? f.confidence : 0), 0) + return { lens, verdict: review.verdict, findings: review.findings, confidence } +} + +/** + * Render the panelist turn prompt: the lens's differentiated system guidance, the frozen question, the + * code refs to ground findings in, and (in debate rounds) the anonymized peer verdicts. §C.8: peers are + * anonymized — no lens/seat identity crosses the boundary, only verdict/confidence. + */ +export const renderPanelistPrompt = (input: PanelistRunInput): string => { + const parts = [ + LENS_PROMPT[input.spec.lens], + "", + `Question (frozen): ${input.question.question}`, + input.question.codeRefs.length > 0 ? `Code references: ${input.question.codeRefs.join(", ")}` : "", + ].filter((s) => s.length > 0) + if (input.round > 1 && input.peers.length > 0) { + parts.push( + `Anonymized peer verdicts from the previous round: ${input.peers + .map((p) => `${p.verdict}(${p.confidence.toFixed(2)})`) + .join(", ")}. You may revise, but justify any change with reproducible evidence.`, + ) + } + return parts.join("\n") +} + +/** + * Build a `PanelistRunner` over an injected turn runner. Each seat is a lens-prompted reviewer subagent + * whose structured ReviewResult becomes a PanelOpinion. Absent / failed / malformed ⇒ null (§C.8). + */ +export const buildPanelistRunner = (runTurn: PanelTurnRunner): PanelistRunner => + (input: PanelistRunInput) => + runTurn({ + agentType: "reviewer", + prompt: renderPanelistPrompt(input), + outputSchema: REVIEWER_SCHEMA, + }).pipe( + Effect.map((turn) => opinionFromReview(input.spec.lens, parseReviewResult(turn.structured))), + Effect.catchCause(() => Effect.succeed(null as PanelOpinion | null)), + ) diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/groups/deepagent.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/groups/deepagent.ts index 7f80fafc..a1e8ae51 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/groups/deepagent.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/groups/deepagent.ts @@ -2,7 +2,11 @@ import { Schema } from "effect" import { HttpApi, HttpApiEndpoint, HttpApiGroup, OpenApi } from "effect/unstable/httpapi" import { Authorization } from "../middleware/authorization" import { InstanceContextMiddleware } from "../middleware/instance-context" -import { WorkspaceRoutingMiddleware, WorkspaceRoutingQuery } from "../middleware/workspace-routing" +import { + WorkspaceRoutingMiddleware, + WorkspaceRoutingQuery, + WorkspaceRoutingQueryFields, +} from "../middleware/workspace-routing" import { described } from "./metadata" const root = "/deepagent" @@ -223,6 +227,99 @@ export const DeepAgentEnvFactModifyInput = Schema.Struct({ }) export const DeepAgentEnvFactResult = Schema.Struct({ ok: Schema.Boolean, factId: Schema.String }) +// ── V3.9 §C Expert Panel + §D Goal Loop ───────────────────────────────────── +// Panel consult (会诊) is convened on demand for a session; the goal lifecycle drives the autonomous +// loop. Both are gated by their independent experimental flags server-side (the handler fail-closes). + +const PanelLensSchema = Schema.Literals(["correctness", "security", "performance", "architecture", "repro"]) + +/** POST /deepagent/panel/consult — convene the Expert Panel on the current session context. */ +export const DeepAgentPanelConsultInput = Schema.Struct({ + sessionID: Schema.String, + /** The frozen question. When omitted the handler builds one from the session's recent context. */ + question: Schema.optional(Schema.String), + codeRefs: Schema.optional(Schema.Array(Schema.String)), + lenses: Schema.optional(Schema.Array(PanelLensSchema)), + maxRounds: Schema.optional(Schema.Number), + policy: Schema.optional(Schema.Literals(["default", "security"])), +}) + +export const DeepAgentPanelFinding = Schema.Struct({ + severity: Schema.String, + category: Schema.String, + file: Schema.optional(Schema.NullOr(Schema.String)), + line: Schema.optional(Schema.NullOr(Schema.Number)), + summary: Schema.String, + failureScenario: Schema.String, + confidence: Schema.Number, +}) +export const DeepAgentPanelDissent = Schema.Struct({ + lens: Schema.String, + verdict: Schema.String, + confidence: Schema.Number, + findings: Schema.Array(DeepAgentPanelFinding), +}) +export const DeepAgentPanelVerdict = Schema.Struct({ + decision: Schema.Literals(["approve", "revise", "block", "needs_human"]), + confidence: Schema.Number, + rounds: Schema.Number, + evidence: Schema.Array(Schema.String), + dissent: Schema.Array(DeepAgentPanelDissent), +}) + +/** POST /deepagent/panel/arm — set the per-session armed flag (button toggle). */ +export const DeepAgentPanelArmInput = Schema.Struct({ + sessionID: Schema.String, + armed: Schema.Boolean, +}) +export const DeepAgentPanelArmResult = Schema.Struct({ sessionID: Schema.String, armed: Schema.Boolean }) + +/** GET /deepagent/panel/status — the EFFECTIVE armed state (explicit toggle, else global default). */ +export const DeepAgentPanelStatusResult = Schema.Struct({ + sessionID: Schema.String, + armed: Schema.Boolean, + // Whether `armed` came from an explicit per-session toggle (true) or the global default (false). + explicit: Schema.Boolean, +}) + +/** POST /deepagent/goal/start */ +export const DeepAgentGoalStartInput = Schema.Struct({ + sessionID: Schema.String, + // Optional free-text objective (CLI `/goal `); seeds a plan when the session has none. + objective: Schema.optional(Schema.String), + criteria: Schema.optional( + Schema.Array( + Schema.Struct({ + kind: Schema.Literals(["tests_pass", "no_diagnostics", "reviewer_clean", "panel_approves", "plan_complete"]), + commands: Schema.optional(Schema.Array(Schema.String)), + maxSeverity: Schema.optional(Schema.String), + severityAtMost: Schema.optional(Schema.String), + }), + ), + ), + limits: Schema.optional( + Schema.Struct({ + maxTicks: Schema.optional(Schema.Number), + maxTokens: Schema.optional(Schema.Number), + maxWallclockMs: Schema.optional(Schema.Number), + maxCost: Schema.optional(Schema.Number), + }), + ), + stallThreshold: Schema.optional(Schema.Number), +}) + +/** Goal lifecycle mutations that only need the session id. */ +export const DeepAgentGoalSessionInput = Schema.Struct({ sessionID: Schema.String }) + +export const DeepAgentGoalSnapshot = Schema.Struct({ + goalId: Schema.String, + planDocId: Schema.String, + phase: Schema.String, + running: Schema.Boolean, +}) +export const DeepAgentGoalStatusResult = Schema.Struct({ goal: Schema.NullOr(DeepAgentGoalSnapshot) }) +export const DeepAgentGoalMutateResult = Schema.Struct({ ok: Schema.Boolean }) + export const DeepAgentApi = HttpApi.make("deepagent").add( HttpApiGroup.make("deepagent") .add( @@ -399,6 +496,95 @@ export const DeepAgentApi = HttpApi.make("deepagent").add( }), ), ) + .add( + HttpApiEndpoint.post("panelConsult", `${root}/panel/consult`, { + query: WorkspaceRoutingQuery, + payload: DeepAgentPanelConsultInput, + success: described(DeepAgentPanelVerdict, "Expert Panel verdict for the convened question"), + error: DeepAgentPromotionError, + }).annotateMerge( + OpenApi.annotations({ + identifier: "deepagent.panel.consult", + summary: "Convene the Expert Panel (会诊)", + description: + "V3.9 §C: freeze the question, fan out the lens panelists (equal-footing debate), and return the deterministic arbiter verdict. Gated by the expert-panel flag.", + }), + ), + ) + .add( + HttpApiEndpoint.post("panelArm", `${root}/panel/arm`, { + query: WorkspaceRoutingQuery, + payload: DeepAgentPanelArmInput, + success: described(DeepAgentPanelArmResult, "The session's new panel armed state"), + error: DeepAgentPromotionError, + }).annotateMerge( + OpenApi.annotations({ + identifier: "deepagent.panel.arm", + summary: "Arm or disarm the Expert Panel for a session", + description: "V3.9 §C: per-conversation toggle for the panel button; seeded from the global default.", + }), + ), + ) + .add( + HttpApiEndpoint.get("panelStatus", `${root}/panel/status`, { + query: Schema.Struct({ ...WorkspaceRoutingQueryFields, sessionID: Schema.String }), + success: described(DeepAgentPanelStatusResult, "Effective panel armed state (explicit toggle or global default)"), + error: DeepAgentPromotionError, + }).annotateMerge( + OpenApi.annotations({ + identifier: "deepagent.panel.status", + summary: "Resolve the effective Expert Panel armed state", + description: + "V3.9 §C: returns the explicit per-session toggle if set, else the global expertPanelDefault — so the UI seeds the button from the server's default without guessing.", + }), + ), + ) + .add( + HttpApiEndpoint.post("goalStart", `${root}/goal/start`, { + query: WorkspaceRoutingQuery, + payload: DeepAgentGoalStartInput, + success: described(DeepAgentGoalSnapshot, "The started goal (goalId + initial phase)"), + error: DeepAgentPromotionError, + }).annotateMerge( + OpenApi.annotations({ + identifier: "deepagent.goal.start", + summary: "Start a Goal Loop from the session's plan", + description: + "V3.9 §D: materialize the session plan into the graded doc and drive the autonomous loop as a resident background task. Gated by the goal-loop flag.", + }), + ), + ) + .add( + HttpApiEndpoint.post("goalPause", `${root}/goal/pause`, { + query: WorkspaceRoutingQuery, + payload: DeepAgentGoalSessionInput, + success: described(DeepAgentGoalMutateResult, "Whether the goal was paused"), + error: DeepAgentPromotionError, + }), + ) + .add( + HttpApiEndpoint.post("goalResume", `${root}/goal/resume`, { + query: WorkspaceRoutingQuery, + payload: DeepAgentGoalSessionInput, + success: described(DeepAgentGoalMutateResult, "Whether the goal was resumed"), + error: DeepAgentPromotionError, + }), + ) + .add( + HttpApiEndpoint.post("goalStop", `${root}/goal/stop`, { + query: WorkspaceRoutingQuery, + payload: DeepAgentGoalSessionInput, + success: described(DeepAgentGoalMutateResult, "Whether the goal was stopped"), + error: DeepAgentPromotionError, + }), + ) + .add( + HttpApiEndpoint.get("goalStatus", `${root}/goal/status`, { + query: Schema.Struct({ ...WorkspaceRoutingQueryFields, sessionID: Schema.String }), + success: described(DeepAgentGoalStatusResult, "The active goal for the session, or null"), + error: DeepAgentPromotionError, + }), + ) .annotateMerge(OpenApi.annotations({ title: "deepagent", description: "DeepAgent setup routes." })) .middleware(InstanceContextMiddleware) .middleware(WorkspaceRoutingMiddleware) diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/groups/global.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/groups/global.ts index 1cc8fc61..2638602d 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/groups/global.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/groups/global.ts @@ -28,6 +28,9 @@ const GlobalCapabilities = Schema.Struct({ sessions: Schema.Boolean, pty: Schema.Boolean, workspaces: Schema.Boolean, + // V3.9 §C/§D — independently-gated experimental subsystems the client gates UI on. + expertPanel: Schema.Boolean, + goalLoop: Schema.Boolean, }), }) diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/deepagent.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/deepagent.ts index 2135d28b..bfedf421 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/deepagent.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/deepagent.ts @@ -11,12 +11,51 @@ import { AgentGateway } from "@deepagent-code/core/agent-gateway" import { InstanceHttpApi } from "../api" import { DeepAgentPromotionError } from "../groups/deepagent" import { WorkspaceRouteContext } from "../middleware/workspace-routing" +import { RuntimeFlags } from "@/effect/runtime-flags" +import { SettingsStore } from "@/settings/store" +import { Session } from "@/session/session" +import { Agent } from "@/agent/agent" +import { SessionPrompt } from "@/session/prompt" +import { Provider } from "@/provider/provider" +import { GoalManager } from "@/session/goal-manager" +import { SessionID } from "@/session/schema" +import { consultPanel } from "@/panel/consult" +import { makeTaskSubagentRunner } from "@/session/goal-loop-wiring" +import type { PanelTurnRunner } from "@/panel/panelist-runner" +import type { PanelVerdict } from "@/agent/schema/panel" +import type { CompletionCriterion } from "@deepagent-code/core/deepagent/goal-loop" const dbgLog = Log.create({ service: "deepagent.packs.debug" }) export const deepagentHandlers = HttpApiBuilder.group(InstanceHttpApi, "deepagent", (handlers) => Effect.gen(function* () { const config = yield* Config.Service + // V3.9 §C/§D services — provided by the app runtime the server executes in. + const flags = yield* RuntimeFlags.Service + const sessions = yield* Session.Service + const agents = yield* Agent.Service + const sessionPrompt = yield* SessionPrompt.Service + const provider = yield* Provider.Service + const goals = yield* GoalManager.Service + + // Build a reviewer-subagent turn runner scoped to a session — the panelist seam consultPanel needs. + // Reuses makeTaskSubagentRunner (the same child-session + permission-derivation path the goal loop + // and the task tool use) and adapts its SubagentTurnResult to the PanelTurnRunner shape. + const panelTurnRunnerFor = (sessionID: string): Effect.Effect => + Effect.gen(function* () { + const model = yield* provider.defaultModel().pipe(Effect.orDie) + const runTurn = makeTaskSubagentRunner({ + sessions, + agents, + sessionPrompt, + parentSessionID: SessionID.make(sessionID), + model: { providerID: model.providerID, modelID: model.modelID }, + }) + return (turnInput) => + runTurn({ agentType: turnInput.agentType, prompt: turnInput.prompt, outputSchema: turnInput.outputSchema }).pipe( + Effect.map((r) => ({ structured: r.structured })), + ) + }) const resolveReviewRunsDir = Effect.fn("DeepAgentHttpApi.resolveReviewRunsDir")(function* () { const route = yield* WorkspaceRouteContext @@ -402,6 +441,118 @@ export const deepagentHandlers = HttpApiBuilder.group(InstanceHttpApi, "deepagen }) }) + // ── V3.9 §C Expert Panel ──────────────────────────────────────────────── + const toVerdictResult = (v: PanelVerdict) => ({ + decision: v.decision, + confidence: v.confidence, + rounds: v.rounds, + evidence: [...v.evidence], + dissent: v.dissent.map((d) => ({ + lens: d.lens, + verdict: d.verdict, + confidence: d.confidence, + findings: d.findings.map((f) => ({ + severity: f.severity, + category: f.category, + file: f.file ?? null, + line: f.line ?? null, + summary: f.summary, + failureScenario: f.failureScenario, + confidence: f.confidence, + })), + })), + }) + + const panelConsult = Effect.fn("DeepAgentHttpApi.panelConsult")(function* (ctx) { + // §C: the panel is independently gated. Flag off ⇒ 400 (never silently run a disabled capability). + if (!flags.experimentalExpertPanel) + return yield* Effect.fail(new DeepAgentPromotionError({ message: "expert panel is disabled" })) + const { sessionID } = ctx.payload + const runTurn = yield* panelTurnRunnerFor(sessionID) + const verdict = yield* consultPanel( + { + question: + ctx.payload.question ?? "Review the current changes in this conversation for correctness, security, and design.", + codeRefs: ctx.payload.codeRefs ? [...ctx.payload.codeRefs] : [], + parentSessionID: sessionID, + ...(ctx.payload.lenses ? { lenses: [...ctx.payload.lenses] } : {}), + ...(ctx.payload.maxRounds != null ? { maxRounds: ctx.payload.maxRounds } : {}), + ...(ctx.payload.policy ? { policy: ctx.payload.policy } : {}), + }, + { runTurn }, + ) + return toVerdictResult(verdict) + }) + + // The global Expert Panel default (§C): the effective armed state falls back to this when a session + // has never explicitly toggled. Read from the first-party SettingsStore (expertPanelDefault). + const expertPanelDefault = () => + Effect.promise(() => SettingsStore.read()).pipe( + Effect.map((s) => s.deepagent?.expertPanelDefault ?? false), + ) + + const panelArm = Effect.fn("DeepAgentHttpApi.panelArm")(function* (ctx) { + const { sessionID, armed } = ctx.payload + AgentGateway.DeepAgentSessionState.setPanelArmed(sessionID, armed) + const globalDefault = yield* expertPanelDefault() + return { sessionID, armed: AgentGateway.DeepAgentSessionState.resolvePanelArmed(sessionID, globalDefault) } + }) + + const panelStatus = Effect.fn("DeepAgentHttpApi.panelStatus")(function* (ctx) { + const sessionID = ctx.urlParams.sessionID + const globalDefault = yield* expertPanelDefault() + const choice = AgentGateway.DeepAgentSessionState.panelArmedChoice(sessionID) + return { + sessionID, + armed: choice ?? globalDefault, + explicit: choice != null, + } + }) + + // ── V3.9 §D Goal Loop lifecycle ───────────────────────────────────────── + const goalStart = Effect.fn("DeepAgentHttpApi.goalStart")(function* (ctx) { + if (!flags.experimentalGoalLoop) + return yield* Effect.fail(new DeepAgentPromotionError({ message: "goal loop is disabled" })) + type CriterionPayload = { + kind: CompletionCriterion["kind"] + commands?: readonly string[] + maxSeverity?: string + severityAtMost?: string + } + const criteria = ctx.payload.criteria?.map( + (c: CriterionPayload) => + ({ + kind: c.kind, + ...(c.commands ? { commands: [...c.commands] } : {}), + ...(c.maxSeverity != null ? { maxSeverity: c.maxSeverity } : {}), + ...(c.severityAtMost != null ? { severityAtMost: c.severityAtMost } : {}), + }) as CompletionCriterion, + ) + const snapshot = yield* goals + .start({ + sessionID: ctx.payload.sessionID, + ...(ctx.payload.objective != null ? { objective: ctx.payload.objective } : {}), + ...(criteria ? { criteria } : {}), + ...(ctx.payload.limits ? { limits: ctx.payload.limits } : {}), + ...(ctx.payload.stallThreshold != null ? { stallThreshold: ctx.payload.stallThreshold } : {}), + }) + .pipe(Effect.mapError((e) => new DeepAgentPromotionError({ message: e.reason }))) + return snapshot + }) + + const goalPause = Effect.fn("DeepAgentHttpApi.goalPause")(function* (ctx) { + return { ok: yield* goals.pause(ctx.payload.sessionID) } + }) + const goalResume = Effect.fn("DeepAgentHttpApi.goalResume")(function* (ctx) { + return { ok: yield* goals.resume(ctx.payload.sessionID) } + }) + const goalStop = Effect.fn("DeepAgentHttpApi.goalStop")(function* (ctx) { + return { ok: yield* goals.stop(ctx.payload.sessionID) } + }) + const goalStatus = Effect.fn("DeepAgentHttpApi.goalStatus")(function* (ctx) { + return { goal: yield* goals.status(ctx.urlParams.sessionID) } + }) + return handlers .handle("reviews", reviews) .handle("promote", promote) @@ -417,5 +568,13 @@ export const deepagentHandlers = HttpApiBuilder.group(InstanceHttpApi, "deepagen .handle("envFacts", envFacts) .handle("envFactsDecide", envFactsDecide) .handle("envFactsModify", envFactsModify) + .handle("panelConsult", panelConsult) + .handle("panelArm", panelArm) + .handle("panelStatus", panelStatus) + .handle("goalStart", goalStart) + .handle("goalPause", goalPause) + .handle("goalResume", goalResume) + .handle("goalStop", goalStop) + .handle("goalStatus", goalStatus) }), ) diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/global.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/global.ts index b4ed4933..bf6ba7a0 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/global.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/global.ts @@ -1,4 +1,5 @@ import { Config } from "@/config/config" +import { RuntimeFlags } from "@/effect/runtime-flags" import { GlobalBus, type GlobalEvent as GlobalBusEvent } from "@/bus/global" import { EffectBridge } from "@/effect/bridge" import { EventV2 } from "@deepagent-code/core/event" @@ -79,6 +80,7 @@ export const globalHandlers = HttpApiBuilder.group(RootHttpApi, "global", (handl const installation = yield* Installation.Service const bridge = yield* EffectBridge.make() const { db } = yield* Database.Service + const flags = yield* RuntimeFlags.Service const health = Effect.fn("GlobalHttpApi.health")(function* () { return { healthy: true as const, version: InstallationVersion } @@ -93,6 +95,11 @@ export const globalHandlers = HttpApiBuilder.group(RootHttpApi, "global", (handl sessions: true, pty: true, workspaces: true, + // V3.9 §C/§D: advertise the independently-gated experimental subsystems so the client can + // gate their UI (panel button / goal mode) WITHOUT a proxy signal. Sourced from the same + // env-backed RuntimeFlags the routes fail-close on, so UI availability == route availability. + expertPanel: flags.experimentalExpertPanel, + goalLoop: flags.experimentalGoalLoop, }, } }) diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/server.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/server.ts index 3154f0b2..ed7ab85a 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/server.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/server.ts @@ -41,6 +41,7 @@ import { Session } from "@/session/session" import { SessionCompaction } from "@/session/compaction" import { LLM } from "@/session/llm" import { SessionPrompt } from "@/session/prompt" +import { GoalManager } from "@/session/goal-manager" import { SessionRevert } from "@/session/revert" import { SessionRunState } from "@/session/run-state" import { SessionStatus } from "@/session/status" @@ -283,6 +284,7 @@ export function createRoutes( Session.defaultLayer, SessionCompaction.defaultLayer, SessionPrompt.defaultLayer, + GoalManager.defaultLayer, SessionRevert.defaultLayer, SessionShare.defaultLayer, SessionRunState.defaultLayer, diff --git a/packages/deepagent-code/src/session/goal-driver.ts b/packages/deepagent-code/src/session/goal-driver.ts new file mode 100644 index 00000000..58296680 --- /dev/null +++ b/packages/deepagent-code/src/session/goal-driver.ts @@ -0,0 +1,169 @@ +import { Effect } from "effect" +import type { DocumentStore } from "@deepagent-code/core/deepagent/document-store" +import type { PlanDoc } from "@deepagent-code/core/deepagent/plan-controller" +import { + makeGoalLoop, + type ControllerDeps, + type GoalHandle, + type GoalSpec, + type GoalStatus, + type TickOutcome, + type CompletionCriterion, + type GoalLimits, +} from "@deepagent-code/core/deepagent/goal-loop" + +/** + * V3.9 §D — the GOAL DRIVER. `goal-loop.ts` (core) is a pure tick state machine; `goal-loop-wiring.ts` + * assembles its ports (`ControllerDeps`). Neither STARTS a goal or DRIVES the ticks — that missing + * production seam is here. The driver: + * 1. MATERIALIZES the goal's plan into a `type:"plan"` DocumentStore doc (`materializePlanDoc`) — the + * loop reads a store doc as the goal carrier, while the `plan` tool writes in-memory session-state + * (two disconnected stores). Per the product decision, a goal is started FROM a plan the user + * produced in plan mode: this snapshots that in-memory plan into the store doc the loop grades. + * 2. STARTS the loop (`makeGoalLoop(deps).start(spec)`), returning a GoalHandle. + * 3. DRIVES ticks in the background until a terminal outcome (`runToCompletion`), publishing status via + * injected ports (so the server wires the real GoalEvent + session-state pointer, and tests assert + * the loop mechanics with a stub). Pause is cooperative: the driver checks `shouldPause()` before + * each tick and suspends without tearing down the loop (the persisted run_context doc means an + * unpause resumes exactly). + * + * The driver never elevates permission and never executes tools itself — every step runs through the + * injected executor (a goal-worker child-session turn), exactly as the loop contract requires (§D.6). + */ + +/** A single completion criterion the user's goal must satisfy (mirrors the core union, re-exported for callers). */ +export type GoalCriterion = CompletionCriterion + +export type MaterializePlanInput = { + readonly store: DocumentStore + readonly sessionId: string + /** The in-memory plan (from the `plan` tool's session-state) to snapshot into the store. */ + readonly plan: PlanDoc +} + +/** planScope(sessionId) = "run:" — every goal doc co-locates under the session's run scope. */ +const planScope = (sessionId: string): string => `run:${sessionId}` + +/** + * Snapshot an in-memory PlanDoc into a `type:"plan"` store doc (the goal carrier). Idempotent per + * session: `upsert` keyed on the stable `plan-` slug returns the same doc id and is a no-op + * when the body is unchanged (INV-4), so re-materializing the same plan does not bump the version. + * Returns the plan doc id the GoalSpec references. + */ +export const materializePlanDoc = (input: MaterializePlanInput): string => { + const doc = input.store.upsert({ + type: "plan", + scope: planScope(input.sessionId), + description: `goal plan ${input.sessionId}`, + idSlug: `plan-${input.sessionId}`, + body: JSON.stringify(input.plan), + provenance: { source: "model", run_ref: planScope(input.sessionId) }, + }) + return doc.id +} + +/** Ports the driver publishes progress through — the server wires real ones; tests inject stubs. */ +export type GoalDriverPorts = { + /** Called with each new status after a tick (server → GoalEvent + session-state pointer). Best-effort. */ + readonly onStatus: (status: GoalStatus) => Effect.Effect + /** + * Cooperative pause check evaluated BEFORE each tick. When true, the driver suspends: it stops ticking + * and returns control WITHOUT marking the loop terminal (the persisted state resumes on the next + * runToCompletion). The server backs this with the session-state pointer phase === "paused". + */ + readonly shouldPause: () => Effect.Effect + /** True once the user requested a hard stop — the driver stops the loop and exits. */ + readonly shouldStop: () => Effect.Effect +} + +/** No-op ports (fire-and-forget usage / tests that only care about the terminal outcome). */ +export const noopPorts: GoalDriverPorts = { + onStatus: () => Effect.void, + shouldPause: () => Effect.succeed(false), + shouldStop: () => Effect.succeed(false), +} + +export type StartGoalInput = { + readonly deps: ControllerDeps + readonly planDocId: string + readonly criteria: readonly GoalCriterion[] + readonly limits: GoalLimits + readonly stallThreshold?: number +} + +/** Build the GoalSpec + start the loop. Surfaces the core InvalidGoalError to the caller (route → 400). */ +export const startGoal = (input: StartGoalInput) => { + const loop = makeGoalLoop(input.deps) + const spec: GoalSpec = { + planDocId: input.planDocId, + criteria: input.criteria, + limits: input.limits, + stallThreshold: input.stallThreshold ?? 3, + } + return Effect.map(loop.start(spec), (handle) => ({ loop, handle })) +} + +/** Whether an outcome is terminal (the loop is done / escalated / rolled back — not "continue"). */ +const isTerminalOutcome = (outcome: TickOutcome): boolean => outcome !== "continue" + +export type RunToCompletionInput = { + readonly deps: ControllerDeps + readonly handle: GoalHandle + readonly ports?: GoalDriverPorts + /** Hard cap on driver iterations as a belt-and-braces guard above the loop's own maxTicks. */ + readonly maxIterations?: number +} + +/** + * Drive ticks until a terminal outcome, a pause, or a hard stop. Returns the last outcome (or "continue" + * when it exited due to pause — the caller learns pause via the ports). Never throws: the loop's tick + * lives on `never`, and the driver wraps status/port calls so a defect cannot crash the background task. + */ +export const runToCompletion = (input: RunToCompletionInput): Effect.Effect => + Effect.gen(function* () { + const loop = makeGoalLoop(input.deps) + const ports = input.ports ?? noopPorts + const maxIterations = input.maxIterations ?? 10_000 + let last: TickOutcome = "continue" + + for (let i = 0; i < maxIterations; i++) { + if (yield* safeBool(ports.shouldStop())) { + yield* safe(loop.stop(input.handle)) + return "needs_human" + } + if (yield* safeBool(ports.shouldPause())) { + // Cooperative suspend: do NOT tick, do NOT mark terminal — the persisted state resumes later. + return "continue" + } + + last = yield* loop.tick(input.handle) + const status = yield* safeStatus(loop, input.handle) + if (status) yield* safe(ports.onStatus(status)) + + if (isTerminalOutcome(last)) return last + } + // Exhausted the driver guard without a terminal outcome — treat as needs_human (never loop forever). + return "needs_human" + }) + +// The loop's tick/status/stop already live on `never`, but the injected ports do not — wrap them so a +// port defect degrades to a safe default and never crashes the background driver. +const safe = (effect: Effect.Effect): Effect.Effect => + effect.pipe( + Effect.asVoid, + Effect.catchCause(() => Effect.void), + ) + +const safeBool = (effect: Effect.Effect): Effect.Effect => + effect.pipe(Effect.catchCause(() => Effect.succeed(false))) + +const safeStatus = ( + loop: ReturnType, + handle: GoalHandle, +): Effect.Effect => + loop.status(handle).pipe(Effect.catchCause(() => Effect.succeed(null as GoalStatus | null))) + +// Re-export the materialize helper's scope so the server route can co-locate other goal docs. +export { planScope as goalPlanScope } + +export * as GoalDriver from "./goal-driver" diff --git a/packages/deepagent-code/src/session/goal-event.ts b/packages/deepagent-code/src/session/goal-event.ts new file mode 100644 index 00000000..3dde724b --- /dev/null +++ b/packages/deepagent-code/src/session/goal-event.ts @@ -0,0 +1,37 @@ +import { Schema } from "effect" +import { EventV2 } from "@deepagent-code/core/event" +import { SessionID } from "./schema" + +/** + * V3.9 §D — the live Goal Loop event. Published whenever a goal's phase or ledger changes (start, each + * tick's status, pause/resume, terminal). Mirrors `plan.updated` so it flows through the same SSE + * stream the app already consumes; the app reducer projects it into a per-session goal status bar + * (Codex thread-goal style: Active / Paused / Blocked-ish (needs_human) / Complete). + * + * `phase` is the DRIVER-level phase (adds "paused" over the core GoalPhase). `ledger` is the observable + * budget accounting (ticks / tokens / cost / wallclock) so the UI can render a live "12k / 50k tokens" + * progress readout. `gaps` are the unmet-criterion descriptions when the loop escalates (needs_human). + */ +export const GoalLedgerEvent = Schema.Struct({ + ticks: Schema.Number, + tokens: Schema.Number, + cost: Schema.Number, + wallclockMs: Schema.Number, +}) + +export const GoalEvent = { + Updated: EventV2.define({ + type: "goal.updated", + schema: { + sessionID: SessionID, + goalId: Schema.String, + planDocId: Schema.String, + /** running | paused | done | needs_human | rolled_back | stopped (driver-level GoalPointerPhase). */ + phase: Schema.String, + ledger: GoalLedgerEvent, + stallCount: Schema.Number, + /** Unmet-criterion / gap descriptions surfaced when the loop escalates or completes. */ + gaps: Schema.Array(Schema.String), + }, + }), +} diff --git a/packages/deepagent-code/src/session/goal-loop-wiring.ts b/packages/deepagent-code/src/session/goal-loop-wiring.ts index 2769b23f..1a5ca887 100644 --- a/packages/deepagent-code/src/session/goal-loop-wiring.ts +++ b/packages/deepagent-code/src/session/goal-loop-wiring.ts @@ -13,10 +13,10 @@ import { ModelV2 } from "@deepagent-code/core/model" import { ProviderV2 } from "@deepagent-code/core/provider" import type * as LSPClient from "../lsp/client" import { LSP } from "../lsp/lsp" -import { runPanel, type PanelistRunInput, type PanelistRunner } from "../panel/orchestrator" -import { DEFAULT_QUORUM_POLICY, type PanelLens, type PanelOpinion, type PanelVerdict } from "../agent/schema/panel" +import { runPanel } from "../panel/orchestrator" +import { buildPanelistRunner, parseReviewResult, REVIEWER_SCHEMA } from "../panel/panelist-runner" +import { DEFAULT_QUORUM_POLICY, type PanelLens, type PanelVerdict } from "../agent/schema/panel" import { ReviewResult } from "../agent/schema/orchestration" -import { ToolJsonSchema } from "../tool/json-schema" import { RuntimeFlags } from "../effect/runtime-flags" import { SessionPrompt } from "./prompt" import { SessionRevert } from "./revert" @@ -157,32 +157,9 @@ export type PanelQuestionInput = { readonly maxRounds?: number } -// Parse a reviewer subagent's structured ReviewResult; a malformed / absent result is treated as -// "findings unknown" → the gate cannot confirm clean → NOT clean (fail-closed, never a silent pass). -const parseReviewResult = (structured: unknown): ReviewResult | null => { - if (structured == null) return null - try { - return ReviewResult.make(structured as ReviewResult) - } catch { - // structured may already be a decoded object from a prior JSON round-trip; accept a shape-check. - const anyVal = structured as { findings?: unknown; verdict?: unknown } - if (Array.isArray(anyVal.findings) && typeof anyVal.verdict === "string") return anyVal as ReviewResult - return null - } -} - -/** Map a reviewer turn output → the panel's PanelOpinion shape (for the panelist runner). */ -const opinionFromReview = (lens: PanelLens, review: ReviewResult | null): PanelOpinion | null => { - if (review == null) return null - // Confidence = max finding confidence (approve with no findings ⇒ full confidence in "approve"). - const confidence = - review.findings.length === 0 - ? 1 - : review.findings.reduce((m, f) => Math.max(m, Number.isFinite(f.confidence) ? f.confidence : 0), 0) - return { lens, verdict: review.verdict, findings: review.findings, confidence } -} - -const REVIEWER_SCHEMA = ToolJsonSchema.fromSchema(ReviewResult) as unknown as Record +// §C: parseReviewResult / REVIEWER_SCHEMA / the panelist runner are shared with the standalone Expert +// Panel entry via `panel/panelist-runner.ts` (single source of truth for how a lens panelist is driven +// and how its ReviewResult maps to a PanelOpinion). This module keeps only the goal-loop-specific glue. // Catch BOTH typed failures AND defects (die) so a port always resolves to a concrete result and // never crashes the loop (the ports live on the `never` channel — see goal-loop.ts). `orElseSucceed` @@ -218,59 +195,28 @@ export const buildGraderPorts = (deps: GraderPortsDeps): GraderPorts => ({ !deps.expertPanelEnabled ? Effect.succeed({ decision: "needs_human" }) : safe( - buildPanelistRunner(deps.runTurn).pipe( - Effect.flatMap((runPanelist) => { - const q = deps.panelQuestion() - return runPanel({ - question: { - question: q.question, - codeRefs: q.codeRefs, - lenses: q.lenses, - maxRounds: q.maxRounds ?? 1, - policy: DEFAULT_QUORUM_POLICY, - }, - runPanelist, - parentSessionID: deps.parentSessionID, - }) - }), - Effect.map((verdict: PanelVerdict) => ({ decision: verdict.decision })), - ), - // A panel that cannot run at all ⇒ escalate to a human, never a silent approve. - { decision: "needs_human" }, - ), + Effect.suspend(() => { + const q = deps.panelQuestion() + // The panelist runner is SHARED with the standalone Expert Panel entry (panelist-runner.ts): + // both convene identically-prompted lens panelists. deps.runTurn matches the PanelTurnRunner + // shape (agentType/prompt/outputSchema → { structured }). + return runPanel({ + question: { + question: q.question, + codeRefs: q.codeRefs, + lenses: q.lenses, + maxRounds: q.maxRounds ?? 1, + policy: DEFAULT_QUORUM_POLICY, + }, + runPanelist: buildPanelistRunner(deps.runTurn), + parentSessionID: deps.parentSessionID, + }) + }).pipe(Effect.map((verdict: PanelVerdict) => ({ decision: verdict.decision }))), + // A panel that cannot run at all ⇒ escalate to a human, never a silent approve. + { decision: "needs_human" }, + ), }) -// A panelist runner over the turn runner: each seat is a lens-prompted reviewer subagent whose -// structured ReviewResult becomes a PanelOpinion. Absent/failed ⇒ null (§C.8 缺席). -const buildPanelistRunner = (runTurn: SubagentTurnRunner): Effect.Effect => - Effect.sync( - () => (input: PanelistRunInput) => - runTurn({ - agentType: "reviewer", - prompt: renderPanelistPrompt(input), - outputSchema: REVIEWER_SCHEMA, - }).pipe( - Effect.map((turn) => opinionFromReview(input.spec.lens, parseReviewResult(turn.structured))), - Effect.catchCause(() => Effect.succeed(null as PanelOpinion | null)), - ), - ) - -const renderPanelistPrompt = (input: PanelistRunInput): string => { - const base = [ - `You are the ${input.spec.lens} expert on a review panel (round ${input.round}).`, - `Question (frozen): ${input.question.question}`, - input.question.codeRefs.length > 0 ? `Code references: ${input.question.codeRefs.join(", ")}` : "", - ].filter((s) => s.length > 0) - if (input.round > 1 && input.peers.length > 0) { - base.push( - `Anonymized peer opinions from the previous round: ${input.peers - .map((p) => `${p.verdict}(${p.confidence.toFixed(2)})`) - .join(", ")}. You may revise, but justify with reproducible evidence.`, - ) - } - return base.join("\n") -} - // --------------------------------------------------------------------------------------------------- // StepExecutor + RollbackPort builders. // --------------------------------------------------------------------------------------------------- diff --git a/packages/deepagent-code/src/session/goal-manager.ts b/packages/deepagent-code/src/session/goal-manager.ts new file mode 100644 index 00000000..327b6b5a --- /dev/null +++ b/packages/deepagent-code/src/session/goal-manager.ts @@ -0,0 +1,394 @@ +import { Effect, Layer, Context, SynchronizedRef } from "effect" +import path from "node:path" +import { Global } from "@deepagent-code/core/global" +import { AgentGateway } from "@deepagent-code/core/agent-gateway" +import { DocumentStore } from "@deepagent-code/core/deepagent/document-store" +import { createPlanDoc, type PlanDoc } from "@deepagent-code/core/deepagent/plan-controller" +import type { GoalStatus, GoalLimits, CompletionCriterion } from "@deepagent-code/core/deepagent/goal-loop" +import { InvalidGoalError } from "@deepagent-code/core/deepagent/goal-loop" +import { RuntimeFlags } from "../effect/runtime-flags" +import { EventV2Bridge } from "@/event-v2-bridge" +import { BackgroundJob } from "@/background/job" +import { Session } from "./session" +import { Agent } from "../agent/agent" +import { SessionPrompt } from "./prompt" +import { SessionRevert } from "./revert" +import { LSP } from "../lsp/lsp" +import { Provider } from "../provider/provider" +import { SessionID } from "./schema" +import { GoalEvent } from "./goal-event" +import { + GoalLoopWiring, + liveDiagnostics, + liveRollback, + makeTaskSubagentRunner, + type PanelQuestionInput, +} from "./goal-loop-wiring" +import { GoalDriver, type GoalDriverPorts } from "./goal-driver" + +/** + * V3.9 §D — the GOAL MANAGER service: the resident, in-process supervisor that OWNS running goals. + * + * This is the production seam that turns the built-but-unwired Goal Loop into a user-invocable mode. + * `startGoal` materializes the session's plan into the graded store doc, assembles the live + * `ControllerDeps` (via `makeGoalLoopWiring` — flag-gated), starts the driver as a BackgroundJob + * (a resident background Effect with cancellation), and tracks per-session control state so + * `pause` / `resume` / `stop` / `status` work while it runs. Each tick's status is published as a + * `goal.updated` event and mirrored into the session-state active-goal pointer so the UI stays live. + * + * Concurrency model (per the product decision — 服务内常驻后台任务): one goal per session at a time. + * The driver ticks in the background; the user's foreground conversation stays free. Pause is + * cooperative (the driver checks a flag before each tick and suspends without tearing down the loop); + * resume re-drives from the persisted run_context doc. + */ + +// The DocumentStore holding a session's goal docs. Co-located with the run graph under the agent data +// root, keyed by session id, so a restart re-opens the same store (the loop state is restart-recoverable). +const goalStoreRoot = (sessionID: string): string => + path.join(Global.Path.agent.data, "state", "goal", sessionID, "graph") + +// Per-session control state the driver ports read. Held in a SynchronizedRef so pause/stop from a route +// are observed by the running background driver without a lock. +type GoalControl = { + readonly goalId: string + readonly planDocId: string + jobId: string + paused: boolean + stopped: boolean +} + +export type StartGoalInput = { + readonly sessionID: string + /** + * An optional free-text objective (e.g. from the CLI `/goal `). When the session has no + * plan yet, this seeds a minimal single-step plan so the goal can start; the goal-worker refines it + * on the first tick. Ignored when a plan already exists (the existing plan is the goal carrier). + */ + readonly objective?: string + /** Objective completion criteria (AND). Defaults to plan_complete + no_diagnostics when omitted. */ + readonly criteria?: readonly CompletionCriterion[] + /** Hard bounds; a goal with no bounds is rejected by the core (InvalidGoalError). */ + readonly limits?: Partial + readonly stallThreshold?: number + /** The Expert Panel question convened at a decision point (§D.7). Defaults to a review of the diff. */ + readonly panelQuestion?: PanelQuestionInput +} + +export type GoalSnapshot = { + readonly goalId: string + readonly planDocId: string + readonly phase: string + readonly running: boolean +} + +export interface Interface { + readonly start: (input: StartGoalInput) => Effect.Effect + readonly pause: (sessionID: string) => Effect.Effect + readonly resume: (sessionID: string) => Effect.Effect + readonly stop: (sessionID: string) => Effect.Effect + readonly status: (sessionID: string) => Effect.Effect +} + +export class Service extends Context.Service()("@deepagent-code/GoalManager") {} + +const DEFAULT_LIMITS: GoalLimits = { maxTicks: 50, maxTokens: 500_000, maxWallclockMs: 60 * 60 * 1000 } +const DEFAULT_CRITERIA: readonly CompletionCriterion[] = [{ kind: "plan_complete" }, { kind: "no_diagnostics" }] + +export const layer = Layer.effect( + Service, + Effect.gen(function* () { + const sessions = yield* Session.Service + const agents = yield* Agent.Service + const sessionPrompt = yield* SessionPrompt.Service + const revert = yield* SessionRevert.Service + const events = yield* EventV2Bridge.Service + const background = yield* BackgroundJob.Service + const provider = yield* Provider.Service + const lsp = yield* LSP.Service + const flags = yield* RuntimeFlags.Service + + // Diagnostics accessor with LSP already provided, so the goal-loop wiring stays free of LSP in its + // requirement channel (liveDiagnostics needs LSP.Service; we satisfy it here at construction). + const diagnostics = () => liveDiagnostics().pipe(Effect.provideService(LSP.Service, lsp)) + + // Rollback port shared by start + resume (best-effort revert to the last message). + const rollback = liveRollback(revert, (sid) => + sessions + .messages({ sessionID: SessionID.make(sid) }) + .pipe( + Effect.map((msgs) => msgs.at(-1)?.info.id ?? null), + Effect.catchCause(() => Effect.succeed(null)), + ), + ) + + const defaultPanelQuestion = (): PanelQuestionInput => ({ + question: "Is the current change safe and correct enough to complete this goal?", + codeRefs: [], + lenses: ["correctness", "security", "architecture"], + }) + + // Per-session control state, observed by the running driver's ports. + const controls = yield* SynchronizedRef.make(new Map()) + + const getControl = (sessionID: string) => + SynchronizedRef.get(controls).pipe(Effect.map((m) => m.get(sessionID) ?? null)) + + const setControl = (sessionID: string, control: GoalControl | null) => + SynchronizedRef.update(controls, (m) => { + const next = new Map(m) + if (control) next.set(sessionID, control) + else next.delete(sessionID) + return next + }) + + const mutateControl = (sessionID: string, f: (c: GoalControl) => void) => + SynchronizedRef.update(controls, (m) => { + const c = m.get(sessionID) + if (c) f(c) + return m + }) + + // Publish a status → both the goal.updated event and the session-state active-goal pointer. + const publishStatus = (sessionID: string, status: GoalStatus) => + Effect.gen(function* () { + const phase = status.phase as string + AgentGateway.DeepAgentSessionState.setActiveGoalPhase(sessionID, phase as never) + yield* events + .publish(GoalEvent.Updated, { + sessionID: SessionID.make(sessionID), + goalId: status.goalId, + planDocId: status.planDocId, + phase, + ledger: { + ticks: status.ledger.ticks, + tokens: status.ledger.tokens, + cost: status.ledger.cost, + wallclockMs: status.ledger.wallclockMs, + }, + stallCount: status.stallCount, + gaps: status.gaps, + }) + .pipe(Effect.ignore) + }) + + const start: Interface["start"] = (input) => + Effect.gen(function* () { + const sessionID = input.sessionID + // The plan the user produced in plan mode lives in in-memory session-state — snapshot it into + // the graded store doc (the goal carrier). When there is no plan yet but the caller supplied a + // free-text objective (CLI `/goal `), seed a minimal single-step plan from it so the + // goal can start; the goal-worker refines the plan on its first tick. With neither a plan nor an + // objective, the core rejects the start (a goal must be objectively decidable). + const existing = AgentGateway.DeepAgentSessionState.getPlan(sessionID) as PlanDoc | null + const objective = input.objective?.trim() + const plan = + existing ?? + (objective + ? createPlanDoc(sessionID, objective, [ + { + step_id: "step_1", + title: objective, + status: "active", + acceptance: null, + assigned_agent: null, + evidence: [], + note: null, + }, + ]) + : null) + const store = new DocumentStore(goalStoreRoot(sessionID)) + const planDocId = + plan != null + ? GoalDriver.materializePlanDoc({ store, sessionId: sessionID, plan }) + : GoalDriver.goalPlanScope(sessionID) // no plan + no objective → startGoal rejects (no doc) + + const session = yield* sessions.get(SessionID.make(sessionID)).pipe(Effect.orDie) + const model = yield* provider.defaultModel().pipe(Effect.orDie) + + const runTurn = makeTaskSubagentRunner({ + sessions, + agents, + sessionPrompt, + parentSessionID: SessionID.make(sessionID), + model: { providerID: model.providerID, modelID: model.modelID }, + }) + + const deps = yield* GoalLoopWiring.makeGoalLoopWiring({ + store, + parentSessionID: sessionID, + cwd: session.directory ?? process.cwd(), + runTurn, + panelQuestion: () => input.panelQuestion ?? defaultPanelQuestion(), + diagnostics, + rollback, + }).pipe(Effect.provideService(RuntimeFlags.Service, flags)) + // Flag OFF ⇒ wiring is null ⇒ the goal loop is unavailable. Reject clearly. + if (deps == null) { + return yield* Effect.fail( + new InvalidGoalError({ reason: "goal loop is disabled (experimentalGoalLoop flag off)" }), + ) + } + + const { handle } = yield* GoalDriver.startGoal({ + deps, + planDocId, + criteria: input.criteria ?? DEFAULT_CRITERIA, + limits: { ...DEFAULT_LIMITS, ...input.limits }, + stallThreshold: input.stallThreshold, + }) + + // Register the session-state pointer so the UI reflects the goal even before the first tick. + AgentGateway.DeepAgentSessionState.setActiveGoal(sessionID, { + goalId: handle.goalId, + planDocId: handle.planDocId, + phase: "running", + startedAt: new Date().toISOString(), + }) + + // The driver ports read the per-session control flags (pause/stop) live. + const ports: GoalDriverPorts = { + onStatus: (status) => publishStatus(sessionID, status), + shouldPause: () => getControl(sessionID).pipe(Effect.map((c) => c?.paused ?? false)), + shouldStop: () => getControl(sessionID).pipe(Effect.map((c) => c?.stopped ?? false)), + } + + // Start the driver as a resident background task. onFinish clears the pointer / control state. + const job = yield* background.start({ + type: "goal-loop", + title: `goal ${handle.goalId}`, + metadata: { sessionID, goalId: handle.goalId }, + run: GoalDriver.runToCompletion({ deps, handle, ports }).pipe( + Effect.tap((outcome) => + Effect.sync(() => { + // A terminal outcome clears the running pointer to its terminal phase; a paused exit + // leaves the pointer for a later resume. + if (outcome !== "continue") { + AgentGateway.DeepAgentSessionState.setActiveGoalPhase(sessionID, outcome as never) + } + }), + ), + Effect.map((outcome) => `goal ${handle.goalId}: ${outcome}`), + Effect.catchCause(() => Effect.succeed(`goal ${handle.goalId}: driver defect`)), + ), + }) + + yield* setControl(sessionID, { + goalId: handle.goalId, + planDocId: handle.planDocId, + jobId: job.id, + paused: false, + stopped: false, + }) + + return { goalId: handle.goalId, planDocId: handle.planDocId, phase: "running", running: true } + }) + + const pause: Interface["pause"] = (sessionID) => + Effect.gen(function* () { + const c = yield* getControl(sessionID) + if (!c) return false + yield* mutateControl(sessionID, (ctrl) => (ctrl.paused = true)) + AgentGateway.DeepAgentSessionState.setActiveGoalPhase(sessionID, "paused") + return true + }) + + const resume: Interface["resume"] = (sessionID) => + Effect.gen(function* () { + const c = yield* getControl(sessionID) + if (!c || c.stopped) return false + yield* mutateControl(sessionID, (ctrl) => (ctrl.paused = false)) + AgentGateway.DeepAgentSessionState.setActiveGoalPhase(sessionID, "running") + // Re-drive: the persisted run_context doc resumes exactly where it paused. A fresh store handle + // over the same root re-reads the loop state. + const store = new DocumentStore(goalStoreRoot(sessionID)) + const model = yield* provider.defaultModel().pipe(Effect.orDie) + const session = yield* sessions.get(SessionID.make(sessionID)).pipe(Effect.orDie) + const runTurn = makeTaskSubagentRunner({ + sessions, + agents, + sessionPrompt, + parentSessionID: SessionID.make(sessionID), + model: { providerID: model.providerID, modelID: model.modelID }, + }) + const deps = yield* GoalLoopWiring.makeGoalLoopWiring({ + store, + parentSessionID: sessionID, + cwd: session.directory ?? process.cwd(), + runTurn, + panelQuestion: defaultPanelQuestion, + diagnostics, + rollback, + }).pipe(Effect.provideService(RuntimeFlags.Service, flags)) + if (deps == null) return false + const handle = { goalId: c.goalId, planDocId: c.planDocId, sessionId: sessionID } + const ports: GoalDriverPorts = { + onStatus: (status) => publishStatus(sessionID, status), + shouldPause: () => getControl(sessionID).pipe(Effect.map((ctrl) => ctrl?.paused ?? false)), + shouldStop: () => getControl(sessionID).pipe(Effect.map((ctrl) => ctrl?.stopped ?? false)), + } + const job = yield* background.start({ + type: "goal-loop", + title: `goal ${c.goalId} (resumed)`, + metadata: { sessionID, goalId: c.goalId }, + run: GoalDriver.runToCompletion({ deps, handle, ports }).pipe( + Effect.tap((outcome) => + Effect.sync(() => { + if (outcome !== "continue") + AgentGateway.DeepAgentSessionState.setActiveGoalPhase(sessionID, outcome as never) + }), + ), + Effect.map((outcome) => `goal ${c.goalId}: ${outcome}`), + Effect.catchCause(() => Effect.succeed(`goal ${c.goalId}: driver defect`)), + ), + }) + yield* mutateControl(sessionID, (ctrl) => (ctrl.jobId = job.id)) + return true + }) + + const stop: Interface["stop"] = (sessionID) => + Effect.gen(function* () { + const c = yield* getControl(sessionID) + if (!c) return false + yield* mutateControl(sessionID, (ctrl) => (ctrl.stopped = true)) + yield* background.cancel(c.jobId).pipe(Effect.ignore) + AgentGateway.DeepAgentSessionState.setActiveGoalPhase(sessionID, "stopped") + yield* setControl(sessionID, null) + return true + }) + + const status: Interface["status"] = (sessionID) => + Effect.gen(function* () { + const ptr = AgentGateway.DeepAgentSessionState.getActiveGoal(sessionID) + if (!ptr) return null + const c = yield* getControl(sessionID) + return { + goalId: ptr.goalId, + planDocId: ptr.planDocId, + phase: ptr.phase, + running: c != null && !c.paused && !c.stopped, + } + }) + + // Reference `flags` so an unused-var lint stays quiet; the real gate is makeGoalLoopWiring returning + // null when experimentalGoalLoop is off (checked in start/resume). + void flags + + return Service.of({ start, pause, resume, stop, status }) + }), +) + +export const defaultLayer = Layer.suspend(() => + layer.pipe( + Layer.provide(Session.defaultLayer), + Layer.provide(Agent.defaultLayer), + Layer.provide(SessionPrompt.defaultLayer), + Layer.provide(SessionRevert.defaultLayer), + Layer.provide(EventV2Bridge.defaultLayer), + Layer.provide(BackgroundJob.defaultLayer), + Layer.provide(Provider.defaultLayer), + Layer.provide(LSP.defaultLayer), + Layer.provide(RuntimeFlags.defaultLayer), + ), +) + +export * as GoalManager from "./goal-manager" diff --git a/packages/deepagent-code/src/settings/store.ts b/packages/deepagent-code/src/settings/store.ts index f06b25f3..79e9aa7e 100644 --- a/packages/deepagent-code/src/settings/store.ts +++ b/packages/deepagent-code/src/settings/store.ts @@ -36,6 +36,10 @@ export namespace SettingsStore { runsDir?: string allowProviderExecutedTools?: boolean allowProviderExecutedToolNames?: string[] + // V3.9 §C: the GLOBAL default for whether a new conversation starts with the Expert Panel + // "armed". A per-session toggle in the chat dialog overrides this per conversation; this only + // seeds the initial armed state. Undefined ≡ false (opt-in, grey rollout). + expertPanelDefault?: boolean } /** Transport tuning for a single official provider. Mirrors the transport keys the provider @@ -103,6 +107,8 @@ export namespace SettingsStore { if (apet !== undefined) out.allowProviderExecutedTools = apet const names = strArray(input.allowProviderExecutedToolNames) if (names) out.allowProviderExecutedToolNames = names + const epd = bool(input.expertPanelDefault) + if (epd !== undefined) out.expertPanelDefault = epd return Object.keys(out).length > 0 ? out : undefined } diff --git a/packages/deepagent-code/test/agent/goal-mode-agent.test.ts b/packages/deepagent-code/test/agent/goal-mode-agent.test.ts new file mode 100644 index 00000000..9742b5ef --- /dev/null +++ b/packages/deepagent-code/test/agent/goal-mode-agent.test.ts @@ -0,0 +1,66 @@ +import { expect } from "bun:test" +import { FSUtil } from "@deepagent-code/core/fs-util" +import { Effect, Layer } from "effect" +import { FetchHttpClient } from "effect/unstable/http" +import { Agent } from "../../src/agent/agent" +import { Config } from "../../src/config/config" +import { Env } from "../../src/env" +import { RuntimeFlags } from "../../src/effect/runtime-flags" +import { EventV2Bridge } from "../../src/event-v2-bridge" +import { Plugin } from "../../src/plugin" +import { AccountTest } from "../fake/account" +import { AuthTest } from "../fake/auth" +import { NpmTest } from "../fake/npm" +import { ProviderTest } from "../fake/provider" +import { SkillTest } from "../fake/skill" +import { testEffect } from "../lib/effect" + +// V3.9 §D: the `goal` primary agent is registered ONLY when experimentalGoalLoop is on, so goal mode +// never appears in the mode switcher without a backend that can start a goal. + +const provider = ProviderTest.fake() +const configLayer = Config.layer.pipe( + Layer.provide(FSUtil.defaultLayer), + Layer.provide(Env.defaultLayer), + Layer.provide(AuthTest.empty), + Layer.provide(AccountTest.empty), + Layer.provide(NpmTest.noop), + Layer.provide(FetchHttpClient.layer), +) + +const agentLayerWithFlags = (overrides: Parameters[0]) => { + const pluginLayer = Plugin.layer.pipe( + Layer.provide(EventV2Bridge.defaultLayer), + Layer.provide(configLayer), + Layer.provide(RuntimeFlags.layer(overrides)), + ) + return Agent.layer.pipe( + Layer.provide(configLayer), + Layer.provide(AuthTest.empty), + Layer.provide(SkillTest.empty), + Layer.provide(provider.layer), + Layer.provide(pluginLayer), + Layer.provide(RuntimeFlags.layer(overrides)), + ) +} + +const whenOn = testEffect(agentLayerWithFlags({ experimentalGoalLoop: true, disableDefaultPlugins: true })) +whenOn.instance("goal primary agent IS registered when experimentalGoalLoop is on", () => + Effect.gen(function* () { + const agents = yield* Agent.use.list() + const goal = agents.find((a) => a.name === "goal") + expect(goal).toBeDefined() + expect(goal?.mode).toBe("primary") + }), +) + +const whenOff = testEffect(agentLayerWithFlags({ experimentalGoalLoop: false, disableDefaultPlugins: true })) +whenOff.instance("goal primary agent is NOT registered when experimentalGoalLoop is off", () => + Effect.gen(function* () { + const agents = yield* Agent.use.list() + expect(agents.find((a) => a.name === "goal")).toBeUndefined() + // build + plan remain unconditionally. + expect(agents.find((a) => a.name === "build")).toBeDefined() + expect(agents.find((a) => a.name === "plan")).toBeDefined() + }), +) diff --git a/packages/deepagent-code/test/panel/consult.test.ts b/packages/deepagent-code/test/panel/consult.test.ts new file mode 100644 index 00000000..5094d45c --- /dev/null +++ b/packages/deepagent-code/test/panel/consult.test.ts @@ -0,0 +1,110 @@ +import { describe, expect, test } from "bun:test" +import { Effect } from "effect" +import { consultPanel, type ConsultDeps } from "../../src/panel/consult" +import type { PanelTurnRunner } from "../../src/panel/panelist-runner" +import type { ReviewResult } from "../../src/agent/schema/orchestration" + +/** + * V3.9 §C — the STANDALONE Expert Panel entry. These assert that convening the panel WITHOUT the goal + * loop produces a deterministic verdict from the shared panelist-runner + arbiter, and that graceful + * degradation (all panelists absent) yields needs_human, never a silent approve. + */ + +// A stub PanelTurnRunner: returns a ReviewResult keyed by which lens prompt it sees (the lens name is +// embedded in the differentiated prompt). Lets us drive per-lens verdicts deterministically. +const reviewFor = (verdict: ReviewResult["verdict"], withFinding: boolean): ReviewResult => ({ + verdict, + findings: withFinding + ? [ + { + severity: "high", + category: "correctness", + file: "src/x.ts", + line: 10, + summary: "bug", + failureScenario: "input A ⇒ wrong B", + confidence: 0.9, + }, + ] + : [], +}) + +const runnerReturning = (byLensKeyword: Record): PanelTurnRunner => (input) => { + // The prompt embeds the lens's differentiated system prompt; match on a keyword present in it. + const lower = input.prompt.toLowerCase() + for (const [keyword, review] of Object.entries(byLensKeyword)) { + if (lower.includes(keyword)) return Effect.succeed({ structured: review }) + } + return Effect.succeed({ structured: reviewFor("approve", false) }) +} + +const deps = (runTurn: PanelTurnRunner): ConsultDeps => ({ runTurn }) + +describe("consultPanel (§C standalone)", () => { + test("all lenses approve ⇒ verdict approve", async () => { + const runTurn = runnerReturning({}) // default: everyone approves + const verdict = await Effect.runPromise( + consultPanel( + { + question: "Is this change safe?", + codeRefs: ["src/x.ts:10"], + parentSessionID: "sess-1", + lenses: ["correctness", "security"], + }, + deps(runTurn), + ), + ) + expect(verdict.decision).toBe("approve") + }) + + test("a security block with evidence forces block under the security policy", async () => { + // security lens blocks with a reproducible finding; others approve. + const runTurn = runnerReturning({ security: reviewFor("block", true) }) + const verdict = await Effect.runPromise( + consultPanel( + { + question: "Does this expose a vuln?", + codeRefs: ["src/auth.ts:5"], + parentSessionID: "sess-2", + lenses: ["correctness", "security", "performance"], + policy: "security", + }, + deps(runTurn), + ), + ) + expect(verdict.decision).toBe("block") + }) + + test("all panelists absent ⇒ needs_human (never a silent approve)", async () => { + // A runner that always dies ⇒ every panelist is absent ⇒ below quorum ⇒ needs_human. (The + // PanelTurnRunner lives on the `never` channel; a real failure surfaces as a defect, which + // buildPanelistRunner catches to null.) + const runTurn: PanelTurnRunner = () => Effect.die(new Error("panelist down")) + const verdict = await Effect.runPromise( + consultPanel( + { + question: "anything", + codeRefs: [], + parentSessionID: "sess-3", + lenses: ["correctness", "security"], + }, + deps(runTurn), + ), + ) + expect(verdict.decision).toBe("needs_human") + }) + + test("defaults to all five core lenses when none specified", async () => { + const seen = new Set() + const runTurn: PanelTurnRunner = (input) => { + for (const lens of ["correctness", "security", "performance", "architecture", "repro"]) { + if (input.prompt.toLowerCase().includes(lens)) seen.add(lens) + } + return Effect.succeed({ structured: reviewFor("approve", false) }) + } + await Effect.runPromise( + consultPanel({ question: "q", codeRefs: [], parentSessionID: "sess-4" }, deps(runTurn)), + ) + expect(seen.size).toBe(5) + }) +}) diff --git a/packages/deepagent-code/test/server/httpapi-control-plane.test.ts b/packages/deepagent-code/test/server/httpapi-control-plane.test.ts index 80aad13a..ac9f809f 100644 --- a/packages/deepagent-code/test/server/httpapi-control-plane.test.ts +++ b/packages/deepagent-code/test/server/httpapi-control-plane.test.ts @@ -11,6 +11,7 @@ import { Config } from "../../src/config/config" import { Database } from "@deepagent-code/core/database/database" import { Installation } from "../../src/installation" import { ServerAuth } from "../../src/server/auth" +import { RuntimeFlags } from "../../src/effect/runtime-flags" import { RootHttpApi } from "../../src/server/routes/instance/httpapi/api" import { controlHandlers } from "../../src/server/routes/instance/httpapi/handlers/control" import { controlPlaneHandlers } from "../../src/server/routes/instance/httpapi/handlers/control-plane" @@ -47,6 +48,7 @@ const apiLayer = HttpRouter.serve( ), Layer.provide(ServerAuth.Config.layer({ password: Option.none(), username: "deepagent-code" })), Layer.provide(Database.layerFromPath(":memory:")), + Layer.provide(RuntimeFlags.layer({})), ) const it = testEffect(apiLayer) diff --git a/packages/deepagent-code/test/server/httpapi-global.test.ts b/packages/deepagent-code/test/server/httpapi-global.test.ts index 48d3d337..e9a7d51a 100644 --- a/packages/deepagent-code/test/server/httpapi-global.test.ts +++ b/packages/deepagent-code/test/server/httpapi-global.test.ts @@ -9,6 +9,7 @@ import { Database } from "@deepagent-code/core/database/database" import { Installation } from "../../src/installation" import { MoveSession } from "@deepagent-code/core/control-plane/move-session" import { ServerAuth } from "../../src/server/auth" +import { RuntimeFlags } from "../../src/effect/runtime-flags" import { RootHttpApi } from "../../src/server/routes/instance/httpapi/api" import { GlobalPaths } from "../../src/server/routes/instance/httpapi/groups/global" import { controlHandlers } from "../../src/server/routes/instance/httpapi/handlers/control" @@ -41,6 +42,7 @@ const apiLayer = HttpRouter.serve( ), Layer.provide(ServerAuth.Config.layer({ password: Option.none(), username: "deepagent-code" })), Layer.provide(Database.layerFromPath(":memory:")), + Layer.provide(RuntimeFlags.layer({ experimentalExpertPanel: true, experimentalGoalLoop: true })), ) const it = testEffect(apiLayer) @@ -65,4 +67,16 @@ describe("global HttpApi", () => { expect(yield* response.json).toEqual({ success: false, error: "Invalid request body" }) }), ) + + // V3.9 §C/§D: capabilities advertise the independently-gated experimental subsystems from + // RuntimeFlags (both true in this harness), so the client can gate the panel button + goal mode. + it.live("capabilities advertise expertPanel + goalLoop from RuntimeFlags", () => + Effect.gen(function* () { + const response = yield* HttpClient.get(GlobalPaths.capabilities) + expect(response.status).toBe(200) + const body = (yield* response.json) as { features: Record } + expect(body.features.expertPanel).toBe(true) + expect(body.features.goalLoop).toBe(true) + }), + ) }) diff --git a/packages/deepagent-code/test/session/goal-driver.test.ts b/packages/deepagent-code/test/session/goal-driver.test.ts new file mode 100644 index 00000000..21f3f8a1 --- /dev/null +++ b/packages/deepagent-code/test/session/goal-driver.test.ts @@ -0,0 +1,208 @@ +import { describe, expect, test, beforeEach, afterEach } from "bun:test" +import { mkdtempSync, rmSync } from "node:fs" +import { tmpdir } from "node:os" +import path from "node:path" +import { Effect } from "effect" +import { DocumentStore } from "@deepagent-code/core/deepagent/document-store" +import { createPlanDoc, type PlanDoc, type PlanStep } from "@deepagent-code/core/deepagent/plan-controller" +import type { + ControllerDeps, + GraderPorts, + StepExecutor, + RollbackPort, + GoalStatus, +} from "@deepagent-code/core/deepagent/goal-loop" +import { + materializePlanDoc, + startGoal, + runToCompletion, + noopPorts, + type GoalDriverPorts, +} from "../../src/session/goal-driver" + +/** + * V3.9 §D — the Goal Driver. Verifies the production seam that goal-loop.ts + goal-loop-wiring.ts left + * open: materialize the plan into a store doc, start the loop, drive ticks to a terminal outcome, and + * observe status + cooperative pause/stop through the ports. The loop mechanics themselves are covered + * by core/goal-loop.test.ts; here we assert the DRIVER wraps them correctly. + */ + +let root: string +let store: DocumentStore +const SESSION = "drv-session-1" + +beforeEach(() => { + root = mkdtempSync(path.join(tmpdir(), "goal-driver-")) + store = new DocumentStore(root) +}) +afterEach(() => rmSync(root, { recursive: true, force: true })) + +const clock = () => { + let t = 1_000 + return { now: () => t, advance: (ms: number) => (t += ms) } +} + +const step = (id: string, status: PlanStep["status"]): PlanStep => ({ + step_id: id, + title: id, + status, + acceptance: null, + assigned_agent: null, + evidence: [], + note: null, +}) + +const plan = (steps: PlanStep[]): PlanDoc => createPlanDoc(SESSION, "reach the goal", steps) + +const passingPorts = (): GraderPorts => ({ + runTests: () => Effect.succeed({ pass: true }), + diagnostics: () => Effect.succeed({ maxSeverity: null }), + reviewerClean: () => Effect.succeed({ pass: true }), + panelApproves: () => Effect.succeed({ decision: "approve" }), +}) + +const noopExecutor: StepExecutor = () => Effect.succeed({ tokensUsed: 10 }) +const noopRollback: RollbackPort = () => Effect.void + +const controllerDeps = (over: Partial = {}): ControllerDeps => ({ + store, + ports: passingPorts(), + executor: noopExecutor, + rollback: noopRollback, + now: clock().now, + ...over, +}) + +describe("materializePlanDoc", () => { + test("snapshots an in-memory plan into a type:plan store doc", () => { + const id = materializePlanDoc({ store, sessionId: SESSION, plan: plan([step("a", "pending")]) }) + const doc = store.get(id) + expect(doc?.type).toBe("plan") + expect(doc?.scope).toBe(`run:${SESSION}`) + const parsed = JSON.parse(doc!.body) as PlanDoc + expect(parsed.steps[0].step_id).toBe("a") + }) + + test("is idempotent: re-materializing the SAME plan does not bump the version (INV-4)", () => { + const p = plan([step("a", "pending")]) + const id1 = materializePlanDoc({ store, sessionId: SESSION, plan: p }) + const v1 = store.get(id1)!.version + const id2 = materializePlanDoc({ store, sessionId: SESSION, plan: p }) + expect(id2).toBe(id1) + expect(store.get(id2)!.version).toBe(v1) + }) + + test("an objective-seeded single-step plan is a valid goal carrier (CLI /goal )", async () => { + // Mirrors GoalManager's seed path: no prior plan + a free-text objective → one active step. + const seeded = createPlanDoc(SESSION, "migrate the payment module", [ + { + step_id: "step_1", + title: "migrate the payment module", + status: "active", + acceptance: null, + assigned_agent: null, + evidence: [], + note: null, + }, + ]) + const planDocId = materializePlanDoc({ store, sessionId: SESSION, plan: seeded }) + const parsed = JSON.parse(store.get(planDocId)!.body) as PlanDoc + expect(parsed.goal).toBe("migrate the payment module") + expect(parsed.active_step_id).toBe("step_1") + + // The goal starts from it and drives to done once the (stub) executor marks the step done. + const deps = controllerDeps({ + executor: () => + Effect.sync(() => { + store.update(planDocId, JSON.stringify(plan([step("step_1", "done")]))) + return { tokensUsed: 5 } + }), + }) + const { handle } = await Effect.runPromise( + startGoal({ + deps, + planDocId, + criteria: [{ kind: "plan_complete" }], + limits: { maxTicks: 10, maxTokens: 10_000, maxWallclockMs: 10_000 }, + }), + ) + expect(await Effect.runPromise(runToCompletion({ deps, handle }))).toBe("done") + }) +}) + +describe("startGoal + runToCompletion", () => { + test("a plan already complete + all criteria met ⇒ done", async () => { + const planDocId = materializePlanDoc({ store, sessionId: SESSION, plan: plan([step("a", "done")]) }) + const deps = controllerDeps() + const { handle } = await Effect.runPromise( + startGoal({ + deps, + planDocId, + criteria: [{ kind: "plan_complete" }], + limits: { maxTicks: 10, maxTokens: 10_000, maxWallclockMs: 10_000 }, + }), + ) + const outcome = await Effect.runPromise(runToCompletion({ deps, handle })) + expect(outcome).toBe("done") + }) + + test("onStatus port is called with the loop status after a tick", async () => { + const planDocId = materializePlanDoc({ store, sessionId: SESSION, plan: plan([step("a", "done")]) }) + const deps = controllerDeps() + const seen: GoalStatus[] = [] + const ports: GoalDriverPorts = { + ...noopPorts, + onStatus: (s) => Effect.sync(() => void seen.push(s)), + } + const { handle } = await Effect.runPromise( + startGoal({ + deps, + planDocId, + criteria: [{ kind: "plan_complete" }], + limits: { maxTicks: 10, maxTokens: 10_000, maxWallclockMs: 10_000 }, + }), + ) + await Effect.runPromise(runToCompletion({ deps, handle, ports })) + expect(seen.length).toBeGreaterThan(0) + expect(seen[seen.length - 1].phase).toBe("done") + }) + + test("shouldStop halts the driver before ticking ⇒ needs_human", async () => { + const planDocId = materializePlanDoc({ store, sessionId: SESSION, plan: plan([step("a", "pending")]) }) + const deps = controllerDeps() + const ports: GoalDriverPorts = { ...noopPorts, shouldStop: () => Effect.succeed(true) } + const { handle } = await Effect.runPromise( + startGoal({ + deps, + planDocId, + criteria: [{ kind: "plan_complete" }], + limits: { maxTicks: 10, maxTokens: 10_000, maxWallclockMs: 10_000 }, + }), + ) + const outcome = await Effect.runPromise(runToCompletion({ deps, handle, ports })) + expect(outcome).toBe("needs_human") + }) + + test("shouldPause suspends without a terminal outcome (resumes on next run)", async () => { + const planDocId = materializePlanDoc({ store, sessionId: SESSION, plan: plan([step("a", "pending")]) }) + const deps = controllerDeps() + let paused = true + const ports: GoalDriverPorts = { ...noopPorts, shouldPause: () => Effect.succeed(paused) } + const { handle } = await Effect.runPromise( + startGoal({ + deps, + planDocId, + criteria: [{ kind: "plan_complete" }], + limits: { maxTicks: 10, maxTokens: 10_000, maxWallclockMs: 10_000 }, + }), + ) + // Paused ⇒ the driver returns "continue" without marking terminal. + const first = await Effect.runPromise(runToCompletion({ deps, handle, ports })) + expect(first).toBe("continue") + // Unpause + complete the plan ⇒ resuming drives to done. + paused = false + store.update(planDocId, JSON.stringify(plan([step("a", "done")]))) + const second = await Effect.runPromise(runToCompletion({ deps, handle, ports })) + expect(second).toBe("done") + }) +}) diff --git a/packages/deepagent-code/test/settings/store.test.ts b/packages/deepagent-code/test/settings/store.test.ts index c28ea325..0118080f 100644 --- a/packages/deepagent-code/test/settings/store.test.ts +++ b/packages/deepagent-code/test/settings/store.test.ts @@ -98,6 +98,25 @@ describe("SettingsStore", () => { expect((await SettingsStore.read()).deepagent).toEqual({ agentMode: "high" }) }) + // V3.9 §C: the global Expert Panel default seeds each new conversation's armed state. + test("expertPanelDefault round-trips (write → read back)", async () => { + const w = await SettingsStore.update({ deepagent: { expertPanelDefault: true } }) + expect(w.changed).toBe(true) + expect(w.settings.deepagent).toEqual({ expertPanelDefault: true }) + + SettingsStore.invalidate() + expect((await SettingsStore.read()).deepagent).toEqual({ expertPanelDefault: true }) + }) + + test("non-boolean expertPanelDefault is dropped on read", async () => { + await fs.writeFile( + settingsFile(), + JSON.stringify({ deepagent: { expertPanelDefault: "yes", agentMode: "high" } }), + ) + SettingsStore.invalidate() + expect((await SettingsStore.read()).deepagent).toEqual({ agentMode: "high" }) + }) + test("keeps transport only for official providers", async () => { const result = await SettingsStore.update({ providers: { diff --git a/packages/tui/src/component/prompt/index.tsx b/packages/tui/src/component/prompt/index.tsx index dbdad25b..899e2094 100644 --- a/packages/tui/src/component/prompt/index.tsx +++ b/packages/tui/src/component/prompt/index.tsx @@ -155,6 +155,14 @@ export function Prompt(props: PromptProps) { const terminalEnvironment = useTuiTerminalEnvironment() const clipboard = useClipboard() const sdk = useSDK() + // V3.9 §C/§D: raw-path request escape hatch for the /panel and /goal slash commands. These routes + // (/deepagent/panel/*, /deepagent/goal/*) are served by path and are NOT in the typed generated SDK, + // so we reach the low-level HTTP client (sdk.client.client) that exposes request(). Cast is scoped + // to this helper. + const rawRequest = (options: { method: string; url: string; body?: unknown; headers?: Record }) => + (sdk.client as unknown as { client: { request(o: typeof options): Promise<{ data?: D }> } }).client.request( + options, + ) const editor = useEditorContext() const route = useRoute() const project = useProject() @@ -543,6 +551,75 @@ export function Prompt(props: PromptProps) { workspace.open() }, }, + { + title: "Expert panel", + desc: "Convene the expert panel (会诊) on the current conversation", + name: "deepagent.panel", + category: "Session", + slashName: "panel", + enabled: Flag.DEEPAGENT_CODE_EXPERIMENTAL_EXPERT_PANEL, + run: async () => { + const sessionID = props.sessionID + if (!sessionID) return + toast.show({ variant: "info", message: "Convening expert panel…", duration: 3000 }) + try { + const res = await rawRequest<{ decision: string; confidence: number; rounds: number }>({ + method: "POST", + url: "/deepagent/panel/consult", + body: { sessionID }, + headers: { "Content-Type": "application/json" }, + }) + const v = res.data + toast.show({ + variant: v?.decision === "block" ? "warning" : "success", + message: v ? `Panel verdict: ${v.decision} (${Math.round(v.confidence * 100)}%, ${v.rounds}r)` : "Panel returned no verdict", + duration: 6000, + }) + } catch { + toast.show({ variant: "warning", message: "Expert panel failed", duration: 3000 }) + } + }, + }, + { + title: "Start goal", + desc: "Drive the current plan to completion as an autonomous goal", + name: "deepagent.goal", + category: "Session", + slashName: "goal", + enabled: Flag.DEEPAGENT_CODE_EXPERIMENTAL_GOAL_LOOP, + run: async () => { + const sessionID = props.sessionID + if (!sessionID) return + // `/goal ` — the text after the command word is the objective. When present it + // seeds a plan server-side (used when the session has no plan yet); otherwise the goal loop + // drives the session's existing plan. + const objective = store.prompt.input.replace(/^\/goal\b\s*/, "").trim() + try { + const res = await rawRequest<{ goalId: string; phase: string }>({ + method: "POST", + url: "/deepagent/goal/start", + body: { sessionID, ...(objective ? { objective } : {}) }, + headers: { "Content-Type": "application/json" }, + }) + // Clear the composer once the objective has been consumed by the goal. + if (objective) { + input.setText("") + setStore("prompt", { input: "", parts: [] }) + } + toast.show({ + variant: "success", + message: res.data ? `Goal started (${res.data.phase})` : "Goal started", + duration: 4000, + }) + } catch { + toast.show({ + variant: "warning", + message: "Could not start goal — describe an objective (/goal ...) or make a plan first", + duration: 4000, + }) + } + }, + }, { title: "Move session", desc: "Move the session to another project directory", From 8a9edfe7abb1474b0fa64e196f9d2da033979c87 Mon Sep 17 00:00:00 2001 From: deepagent-ai Date: Fri, 10 Jul 2026 12:58:26 +0800 Subject: [PATCH 3/4] Feat/intelligence stream prepare (#48) ### Issue for this PR Closes # ### Type of change - [ ] Bug fix - [ ] New feature - [ ] Refactor / code improvement - [ ] Documentation ### What does this PR do? Please provide a description of the issue, the changes you made to fix it, and why they work. It is expected that you understand why your changes work and if you do not understand why at least say as much so a maintainer knows how much to value the PR. **If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!** ### How did you verify your code works? ### Screenshots / recordings _If this is a UI change, please include a screenshot or recording._ ### Checklist - [ ] I have tested my changes locally - [ ] I have not included unrelated changes in this PR _If you do not follow this template your PR will be automatically rejected._ --------- Co-authored-by: Claude Opus 4.8 --- .../components/dialog-connect-provider.tsx | 7 +- packages/app/src/components/prompt-input.tsx | 113 ++++++- .../components/prompt-input/submit.test.ts | 93 +++++- .../app/src/components/prompt-input/submit.ts | 79 ++++- .../components/settings-v2/import-history.tsx | 4 +- packages/app/src/components/terminal.tsx | 14 +- packages/app/src/context/directory-sync.ts | 2 +- .../app/src/context/global-sync/queue.test.ts | 20 ++ packages/app/src/context/global-sync/queue.ts | 2 + .../app/src/context/notification-state.ts | 35 ++ packages/app/src/context/notification.test.ts | 15 + packages/app/src/context/notification.tsx | 30 +- packages/app/src/context/server-sync.tsx | 26 +- packages/app/src/context/server.test.ts | 17 + packages/app/src/context/server.tsx | 36 +- packages/app/src/i18n/en.ts | 4 + packages/app/src/i18n/zh.ts | 4 + packages/app/src/pages/directory-layout.tsx | 56 +++- packages/app/src/pages/layout.tsx | 4 +- .../app/src/utils/filesystem-root.test.ts | 103 ++++++ packages/app/src/utils/filesystem-root.ts | 55 +++ .../core/src/control-plane/move-session.ts | 42 ++- packages/core/test/move-session.test.ts | 62 ++++ packages/deepagent-code/script/build-node.ts | 16 +- .../routes/instance/httpapi/groups/session.ts | 16 +- .../instance/httpapi/handlers/session.ts | 72 +++- packages/deepagent-code/src/session/prompt.ts | 93 ++++-- .../deepagent-code/src/tool/shell/prompt.ts | 4 +- .../test/cli/serve/prompt-prepare.test.ts | 50 ++- .../test/server/httpapi-sdk.test.ts | 31 +- .../test/session/prompt.test.ts | 6 +- packages/desktop/electron-builder.config.ts | 11 +- .../desktop/scripts/audit-package.test.ts | 47 +++ packages/desktop/scripts/audit-package.ts | 62 ++++ packages/desktop/scripts/prebuild.ts | 8 + .../domain-packs/code/architecture/README.md | 2 +- .../architecture-astronomy.json | 2 +- .../failure_dossiers/shared-everything.json | 2 +- .../documents/knowledge/adr-not-spec.json | 2 +- .../architecture-is-change-cost.json | 2 +- .../knowledge/shared-kernel-risk.json | 2 +- .../methodologies/adr-materialization.json | 2 +- .../methodologies/architecture-scan.json | 2 +- .../methodologies/cycle-risk-review.json | 2 +- .../skills/produce-architecture-map.json | 2 +- .../strategies/boundary-ownership.json | 2 +- .../documents/strategies/decision-record.json | 2 +- .../strategies/dependency-direction.json | 2 +- .../strategies/small-surface-integration.json | 2 +- .../domain-packs/code/benchmarking/README.md | 2 +- .../changed-workload-comparison.json | 2 +- .../failure_dossiers/single-run-claim.json | 2 +- .../benchmark-needs-correctness.json | 2 +- .../environment-is-part-of-result.json | 2 +- .../knowledge/thresholds-prevent-noise.json | 2 +- .../bench-harness-validation.json | 2 +- .../benchmark-regression-protocol.json | 2 +- .../methodologies/outlier-review.json | 2 +- .../skills/run-benchmark-protocol.json | 2 +- .../documents/strategies/baseline-lock.json | 2 +- .../strategies/regression-threshold.json | 2 +- .../strategies/repeat-and-variance.json | 2 +- .../documents/strategies/warmup-control.json | 2 +- packages/domain-packs/code/c/README.md | 2 +- .../knowledge/manual-memory-contract.json | 2 +- .../domain-packs/code/ci-triage/README.md | 2 +- .../failure_dossiers/last-error-only.json | 2 +- .../rerun-without-evidence.json | 2 +- .../knowledge/ci-is-evidence-source.json | 2 +- .../knowledge/skipped-checks-are-risk.json | 2 +- .../knowledge/workflow-changes-are-code.json | 2 +- .../methodologies/ci-evidence-adapter.json | 2 +- .../methodologies/matrix-failure-slice.json | 2 +- .../regression-classification.json | 2 +- .../documents/skills/classify-ci-failure.json | 2 +- .../documents/skills/parse-ci-log.json | 2 +- .../strategies/ci-diff-correlation.json | 2 +- .../strategies/first-failing-command.json | 2 +- .../strategies/provider-neutral-status.json | 2 +- .../strategies/retry-once-for-flake.json | 2 +- packages/domain-packs/code/cpp/README.md | 2 +- .../knowledge/abi-and-ownership.json | 2 +- .../strategy-before-diagnosis.json | 2 +- .../diagnosis-result-normalization.json | 2 +- .../evidence-first-diagnosis.json | 2 +- .../skills/collect-diagnostic-evidence.json | 2 +- packages/domain-packs/code/docs/README.md | 2 +- .../doc-claim-without-source.json | 2 +- .../format-filed-by-source.json | 2 +- .../knowledge/audience-changes-detail.json | 2 +- .../knowledge/diagram-needs-source.json | 2 +- .../documents/knowledge/docs-drift-fast.json | 2 +- .../methodologies/adr-writing-flow.json | 2 +- .../methodologies/doc-consistency-pass.json | 2 +- .../documentation-materialization.json | 2 +- .../skills/validate-doc-example.json | 2 +- .../strategies/changelog-impact.json | 2 +- .../strategies/docs-as-artifact.json | 2 +- .../strategies/examples-must-run.json | 2 +- .../strategies/reader-task-first.json | 2 +- .../domain-packs/code/environment/README.md | 2 +- .../failure_dossiers/fix-without-check.json | 2 +- .../failure_dossiers/hung-health-check.json | 2 +- .../knowledge/auto-fix-needs-retest.json | 2 +- .../knowledge/environment-evidence-local.json | 2 +- .../documents/knowledge/skip-not-fail.json | 2 +- .../environment-drift-check.json | 2 +- .../methodologies/restart-health-check.json | 2 +- .../methodologies/smoke-test-loop.json | 2 +- .../documents/skills/run-smoke-check.json | 2 +- .../strategies/doctor-before-fix.json | 2 +- .../strategies/idempotent-bootstrap.json | 2 +- .../strategies/test-before-auto-fix.json | 2 +- .../strategies/timeout-external-checks.json | 2 +- .../code/frontend.accessibility/README.md | 2 +- .../failure_dossiers/aria-coverup.json | 2 +- .../failure_dossiers/focus-lost-on-close.json | 2 +- .../knowledge/accessible-name-source.json | 2 +- .../knowledge/aria-does-not-add-behavior.json | 2 +- .../knowledge/focus-visible-required.json | 2 +- .../accessibility-runtime-pass.json | 2 +- .../contrast-and-motion-check.json | 2 +- .../methodologies/focus-management-check.json | 2 +- .../documents/skills/run-a11y-smoke.json | 2 +- .../a11y-regression-in-browser.json | 2 +- .../strategies/keyboard-complete.json | 2 +- .../documents/strategies/name-role-state.json | 2 +- .../strategies/prefer-native-semantics.json | 2 +- .../code/frontend.performance/README.md | 2 +- .../failure_dossiers/bundle-only-claim.json | 2 +- .../unbounded-third-party.json | 2 +- .../documents/knowledge/hydration-cost.json | 2 +- .../knowledge/layout-shift-user-impact.json | 2 +- .../knowledge/third-party-script-risk.json | 2 +- .../methodologies/bundle-delta-review.json | 2 +- .../methodologies/frontend-profile-pass.json | 2 +- .../methodologies/web-vitals-regression.json | 2 +- .../skills/capture-browser-performance.json | 2 +- .../documents/strategies/asset-budget.json | 2 +- .../strategies/avoid-render-churn.json | 2 +- .../strategies/measure-user-path.json | 2 +- .../strategies/profile-long-tasks.json | 2 +- packages/domain-packs/code/go/README.md | 2 +- .../knowledge/context-cancellation.json | 2 +- packages/domain-packs/code/java-jvm/README.md | 2 +- .../documents/knowledge/build-tool-scope.json | 2 +- packages/domain-packs/code/mcp/README.md | 2 +- .../tool-with-broad-shell.json | 2 +- .../unstructured-tool-result.json | 2 +- .../knowledge/external-tool-supply-chain.json | 2 +- .../tool-output-needs-structure.json | 2 +- .../knowledge/tool-schema-is-contract.json | 2 +- .../methodologies/external-tool-review.json | 2 +- .../methodologies/mcp-server-validation.json | 2 +- .../methodologies/tool-audit-flow.json | 2 +- .../documents/skills/validate-mcp-tool.json | 2 +- .../strategies/artifact-backed-tools.json | 2 +- .../strategies/lazy-load-external-tools.json | 2 +- .../strategies/permission-minimal-tools.json | 2 +- .../strategies/tool-contract-first.json | 2 +- .../domain-packs/code/migration/README.md | 2 +- .../failure_dossiers/big-bang-migration.json | 2 +- .../codemod-without-review.json | 2 +- .../knowledge/codemods-overmatch.json | 2 +- .../knowledge/migration-is-stateful.json | 2 +- .../version-upgrade-breaks-transitives.json | 2 +- .../methodologies/codemod-safety-loop.json | 2 +- .../methodologies/compat-cleanup-gate.json | 2 +- .../migration-precheck-plan-execute.json | 2 +- .../skills/run-migration-inventory.json | 2 +- .../documents/strategies/compat-first.json | 2 +- .../strategies/deprecation-window.json | 2 +- .../strategies/inventory-before-codemod.json | 2 +- .../documents/strategies/phase-upgrade.json | 2 +- packages/domain-packs/code/mobile/README.md | 2 +- .../failure_dossiers/online-only-mobile.json | 2 +- .../permission-happy-path-only.json | 2 +- .../app-lifecycle-breaks-assumptions.json | 2 +- .../knowledge/device-data-privacy.json | 2 +- .../mobile-permissions-are-state.json | 2 +- .../methodologies/mobile-smoke-matrix.json | 2 +- .../methodologies/offline-sync-check.json | 2 +- .../methodologies/permission-flow-check.json | 2 +- .../skills/run-mobile-flow-check.json | 2 +- .../strategies/lifecycle-aware-state.json | 2 +- .../strategies/offline-and-retry.json | 2 +- .../strategies/permission-before-use.json | 2 +- .../strategies/privacy-by-device-data.json | 2 +- .../domain-packs/code/observability/README.md | 2 +- .../failure_dossiers/log-everything.json | 2 +- .../metric-without-action.json | 2 +- .../knowledge/high-cardinality-cost.json | 2 +- .../documents/knowledge/logs-can-leak.json | 2 +- .../documents/knowledge/traces-show-path.json | 2 +- .../methodologies/incident-evidence-pack.json | 2 +- .../methodologies/instrumentation-review.json | 2 +- .../methodologies/trace-search-flow.json | 2 +- .../skills/build-diagnostic-timeline.json | 2 +- .../strategies/correlation-first.json | 2 +- .../strategies/metric-with-owner.json | 2 +- .../documents/strategies/safe-telemetry.json | 2 +- .../documents/strategies/structured-logs.json | 2 +- .../domain-packs/code/performance/README.md | 2 +- .../average-only-performance.json | 2 +- .../optimize-without-baseline.json | 2 +- .../cache-invalidates-complexity.json | 2 +- .../knowledge/io-bound-vs-cpu-bound.json | 2 +- .../knowledge/microbench-not-product.json | 2 +- .../allocation-regression-check.json | 2 +- .../methodologies/latency-budget-review.json | 2 +- .../profile-baseline-patch-compare.json | 2 +- .../skills/compare-performance-result.json | 2 +- .../documents/skills/run-profile-pass.json | 2 +- .../strategies/hot-path-minimality.json | 2 +- .../strategies/measure-before-optimizing.json | 2 +- .../strategies/tail-latency-awareness.json | 2 +- .../strategies/tradeoff-explicitness.json | 2 +- packages/domain-packs/code/python/README.md | 2 +- .../documents/knowledge/venv-is-boundary.json | 2 +- packages/domain-packs/code/refactor/README.md | 2 +- .../behavior-change-called-refactor.json | 2 +- .../failure_dossiers/extract-everything.json | 2 +- .../documents/knowledge/abstraction-cost.json | 2 +- .../refactor-can-change-behavior.json | 2 +- .../tests-define-refactor-safety.json | 2 +- .../methodologies/caller-impact-scan.json | 2 +- .../methodologies/refactor-safety-loop.json | 2 +- .../methodologies/rename-move-check.json | 2 +- .../skills/scan-refactor-callers.json | 2 +- .../behavior-preserving-contract.json | 2 +- .../strategies/call-graph-before-move.json | 2 +- .../strategies/name-real-concept.json | 2 +- .../strategies/small-batch-refactor.json | 2 +- packages/domain-packs/code/release/README.md | 2 +- .../failure_dossiers/no-rollback-plan.json | 2 +- .../publish-before-artifact-check.json | 2 +- .../knowledge/changelog-user-impact.json | 2 +- .../knowledge/green-tests-not-release.json | 2 +- .../published-artifacts-persist.json | 2 +- .../methodologies/artifact-validation.json | 2 +- .../methodologies/post-release-monitor.json | 2 +- .../methodologies/pre-release-gate.json | 2 +- .../skills/build-release-evidence.json | 2 +- .../strategies/release-evidence-bundle.json | 2 +- .../strategies/rollback-before-publish.json | 2 +- .../strategies/supply-chain-release-gate.json | 2 +- .../strategies/version-contract.json | 2 +- .../review-without-evidence-audit.json | 2 +- .../independent-review-worker-profile.json | 2 +- .../skills/produce-blocker-summary.json | 2 +- .../evidence-completeness-review.json | 2 +- packages/domain-packs/code/rust/README.md | 2 +- .../documents/knowledge/ownership-is-api.json | 2 +- packages/domain-packs/code/sdk/README.md | 2 +- .../breaking-change-as-fix.json | 2 +- .../hand-edit-generated-sdk.json | 2 +- .../knowledge/defaults-are-contract.json | 2 +- .../knowledge/generated-do-not-hand-edit.json | 2 +- .../knowledge/sdk-errors-are-api.json | 2 +- .../sdk-breaking-change-review.json | 2 +- .../methodologies/sdk-contract-test.json | 2 +- .../methodologies/sdk-doc-example-pass.json | 2 +- .../skills/validate-sdk-contract.json | 2 +- .../compat-shim-before-removal.json | 2 +- .../documents/strategies/example-as-test.json | 2 +- .../strategies/generated-client-contract.json | 2 +- .../documents/strategies/semver-surface.json | 2 +- packages/domain-packs/code/shell/README.md | 2 +- .../knowledge/quoting-is-correctness.json | 2 +- packages/domain-packs/code/sql/README.md | 2 +- .../knowledge/query-plan-matters.json | 2 +- packages/domain-packs/code/swift/README.md | 2 +- .../knowledge/main-actor-boundary.json | 2 +- .../validation-without-artifacts.json | 2 +- .../acceptance-criteria-gate.json | 2 +- .../executable-validation-contract.json | 2 +- .../replayable-scenario-task.json | 2 +- .../skills/normalize-validation-result.json | 2 +- .../old-effect-api-memory.json | 2 +- .../knowledge/effect-source-of-truth.json | 2 +- .../effect-service-validation-loop.json | 2 +- .../documents/skills/run-effect-test.json | 2 +- .../strategies/effect-schema-boundaries.json | 2 +- .../domain-packs/platform/cloud/README.md | 2 +- .../failure_dossiers/broad-iam-fix.json | 2 +- .../failure_dossiers/deploy-to-debug.json | 2 +- .../knowledge/cloud-errors-often-policy.json | 2 +- .../knowledge/cloud-logs-sensitive.json | 2 +- .../resource-names-are-contract.json | 2 +- .../methodologies/cloud-failure-triage.json | 2 +- .../methodologies/cloud-preflight.json | 2 +- .../documents/methodologies/iac-review.json | 2 +- .../skills/cloud-preflight-report.json | 2 +- .../strategies/cost-and-quota-awareness.json | 2 +- .../strategies/diagnostic-query-record.json | 2 +- .../strategies/iam-least-privilege.json | 2 +- .../strategies/preflight-before-deploy.json | 2 +- .../domain-packs/platform/docker/README.md | 2 +- .../failure_dossiers/copy-dot-root.json | 2 +- .../failure_dossiers/secret-in-arg.json | 2 +- .../knowledge/dockerignore-security.json | 2 +- .../knowledge/layers-retain-secrets.json | 2 +- .../knowledge/root-container-risk.json | 2 +- .../methodologies/compose-dev-check.json | 2 +- .../methodologies/dockerfile-review.json | 2 +- .../methodologies/image-smoke-test.json | 2 +- .../skills/validate-docker-build.json | 2 +- .../strategies/healthcheck-meaningful.json | 2 +- .../strategies/multi-stage-runtime.json | 2 +- .../strategies/no-secrets-in-image.json | 2 +- .../strategies/small-build-context.json | 2 +- .../domain-packs/platform/local-dev/README.md | 2 +- .../production-secret-local.json | 2 +- .../failure_dossiers/server-left-running.json | 2 +- .../env-defaults-help-onboarding.json | 2 +- .../generated-files-need-command.json | 2 +- .../knowledge/localhost-not-production.json | 2 +- .../methodologies/dev-server-startup.json | 2 +- .../methodologies/local-bootstrap-check.json | 2 +- .../methodologies/port-conflict-triage.json | 2 +- .../documents/skills/start-dev-smoke.json | 2 +- .../strategies/env-file-boundary.json | 2 +- .../strategies/port-and-process-check.json | 2 +- .../documents/strategies/watcher-scope.json | 2 +- .../domain-packs/risk/supply-chain/README.md | 2 +- .../failure_dossiers/blind-install.json | 2 +- .../failure_dossiers/license-ignored.json | 2 +- .../script-hidden-in-lockfile.json | 2 +- .../knowledge/generated-low-provenance.json | 2 +- .../knowledge/license-missing-is-risk.json | 2 +- .../knowledge/scripts-are-execution.json | 2 +- .../dependency-incident-check.json | 2 +- .../external-skill-promotion.json | 2 +- .../supply-chain-rereview-gate.json | 2 +- .../skills/review-dependency-delta.json | 2 +- .../strategies/lockfile-delta-review.json | 2 +- .../strategies/rereview-external-change.json | 2 +- .../strategies/script-permission-gate.json | 2 +- .../strategies/source-trust-tier.json | 2 +- packages/sdk/js/script/build.ts | 4 +- packages/sdk/js/src/gen/client/client.gen.ts | 260 +++++++------- packages/sdk/js/src/gen/client/types.gen.ts | 16 +- packages/sdk/js/src/gen/client/utils.gen.ts | 20 +- .../sdk/js/src/gen/core/bodySerializer.gen.ts | 12 +- packages/sdk/js/src/gen/core/params.gen.ts | 10 +- .../js/src/gen/core/serverSentEvents.gen.ts | 7 +- packages/sdk/js/src/gen/core/types.gen.ts | 2 +- packages/sdk/js/src/gen/core/utils.gen.ts | 2 +- packages/sdk/js/src/gen/sdk.gen.ts | 316 +++++++++++------- packages/sdk/js/src/gen/types.gen.ts | 106 ++++-- .../sdk/js/src/v2/gen/client/client.gen.ts | 260 +++++++------- .../sdk/js/src/v2/gen/client/types.gen.ts | 14 +- .../sdk/js/src/v2/gen/client/utils.gen.ts | 20 +- .../js/src/v2/gen/core/bodySerializer.gen.ts | 12 +- packages/sdk/js/src/v2/gen/core/params.gen.ts | 10 +- .../src/v2/gen/core/serverSentEvents.gen.ts | 7 +- packages/sdk/js/src/v2/gen/core/types.gen.ts | 2 +- packages/sdk/js/src/v2/gen/core/utils.gen.ts | 2 +- packages/sdk/js/src/v2/gen/sdk.gen.ts | 316 +++++++++++------- packages/sdk/js/src/v2/gen/types.gen.ts | 106 ++++-- 360 files changed, 2238 insertions(+), 1113 deletions(-) create mode 100644 packages/app/src/context/notification-state.ts create mode 100644 packages/app/src/context/notification.test.ts create mode 100644 packages/app/src/utils/filesystem-root.test.ts create mode 100644 packages/app/src/utils/filesystem-root.ts create mode 100644 packages/desktop/scripts/audit-package.test.ts create mode 100644 packages/desktop/scripts/audit-package.ts diff --git a/packages/app/src/components/dialog-connect-provider.tsx b/packages/app/src/components/dialog-connect-provider.tsx index acb86383..0a76cefc 100644 --- a/packages/app/src/components/dialog-connect-provider.tsx +++ b/packages/app/src/components/dialog-connect-provider.tsx @@ -748,7 +748,9 @@ export function DialogConnectProvider(props: { provider: string }) { const result = await serverSDK.client.provider.oauth .callback({ providerID: props.provider, - method: store.methodIndex, + // This view only renders under an oauth method (see method()?.type gate), so methodIndex + // is always set here; default to 0 to satisfy the required-number API type. + method: store.methodIndex ?? 0, code, }) .then((value) => (value.error ? { ok: false as const, error: value.error } : { ok: true as const })) @@ -801,7 +803,8 @@ export function DialogConnectProvider(props: { provider: string }) { const result = await serverSDK.client.provider.oauth .callback({ providerID: props.provider, - method: store.methodIndex, + // Reached only via the oauth "auto" method branch, so methodIndex is set; default to 0. + method: store.methodIndex ?? 0, }) .then((value) => (value.error ? { ok: false as const, error: value.error } : { ok: true as const })) .catch((error) => ({ ok: false as const, error })) diff --git a/packages/app/src/components/prompt-input.tsx b/packages/app/src/components/prompt-input.tsx index 580fd9a3..1f0895e9 100644 --- a/packages/app/src/components/prompt-input.tsx +++ b/packages/app/src/components/prompt-input.tsx @@ -37,6 +37,7 @@ import { useServer } from "@/context/server" import { useSync } from "@/context/sync" import { useComments } from "@/context/comments" import { Button } from "@deepagent-code/ui/button" +import { Spinner } from "@deepagent-code/ui/spinner" import { DockShellForm, DockTray } from "@deepagent-code/ui/dock-surface" import { Icon, type IconProps } from "@deepagent-code/ui/icon" import { ProviderIcon } from "@deepagent-code/ui/provider-icon" @@ -155,6 +156,10 @@ export const PromptInput: Component = (props) => { let draftPreparePrompt: { prompt: Prompt; cursor: number } | undefined const [draftPreparing, setDraftPreparing] = createSignal(false) + // Live text streamed from intelligence refinement. Shown in a panel BELOW the editor while the raw + // user input stays untouched in the editor above. Preserved on cancel so the user keeps both their + // input and whatever draft was generated so far; cleared only on approved submit or explicit dismiss. + const [draftPreview, setDraftPreview] = createSignal("") const [draftReview, setDraftReview] = createSignal< | { draft: DeepAgentPromptPrepareResult @@ -240,10 +245,11 @@ export const PromptInput: Component = (props) => { draftPreparePrompt = { prompt: current, cursor: prompt.cursor() ?? promptLength(current) } } setDraftPreparing(true) + // Reset any leftover preview so the panel starts clean, then show a generating placeholder until + // the first delta arrives. The raw user input stays in the editor above — we do NOT overwrite it. + setDraftPreview("") setStore("mode", "normal") setStore("popover", null) - const text = language.t("prompt.generating") - prompt.set(makeTextPrompt(text), text.length) requestAnimationFrame(() => { editorRef.blur() queueScroll() @@ -252,12 +258,41 @@ export const PromptInput: Component = (props) => { const stopDraftPrepare = () => { setDraftPreparing(false) + // Keep the raw input reference around while a draft (partial or reviewable) is still on screen so + // the user can restore it; only drop it once nothing references the original prompt anymore. requestAnimationFrame(() => { - if (draftReview()) return + if (draftReview() || draftPreview()) return draftPreparePrompt = undefined }) } + const updateDraftPrepare = (preview: string) => { + if (!draftPreparing() || !preview) return + setDraftPreview(preview) + queueScroll() + } + + // Dismiss a preserved partial draft (from a canceled preparation) without touching the editor input. + const dismissDraftPreview = () => { + setDraftPreview("") + if (!draftReview() && !draftPreparing()) draftPreparePrompt = undefined + } + + // Copy the preserved partial draft into the editor so the user can edit and resubmit it. A canceled + // stream has no server-persisted draft id, so it can't be submitted as an intelligence draft directly. + const useDraftPreview = () => { + const preview = draftPreview().trim() + if (!preview) return + prompt.set(makeTextPrompt(preview), preview.length) + setDraftPreview("") + draftPreparePrompt = undefined + requestAnimationFrame(() => { + editorRef.focus() + setCursorPosition(editorRef, preview.length) + queueScroll() + }) + } + const activeFileTab = createSessionTabs({ tabs, pathFromTab: files.pathFromTab, @@ -389,7 +424,7 @@ export const PromptInput: Component = (props) => { .join("") return text.trim().length === 0 && imageAttachments().length === 0 && commentCount() === 0 }) - const stopping = createMemo(() => working() && blank()) + const stopping = createMemo(() => draftPreparing() || (working() && blank())) const tip = () => { if (stopping()) { return ( @@ -1243,6 +1278,9 @@ export const PromptInput: Component = (props) => { const editable = draft.preview.trim() || draft.goal.trim() draftReviewResolve = resolve setDraftPreparing(false) + // Preparation succeeded and produced a persisted, submittable draft: transition from the live + // preview panel to the editable review. The editor now holds the draft for the user to approve. + setDraftPreview("") setDraftReview({ draft, originalPrompt: original.prompt, originalCursor: original.cursor }) setStore("mode", "normal") setStore("popover", null) @@ -1277,6 +1315,7 @@ export const PromptInput: Component = (props) => { onAbort: props.onAbort, onSubmit: props.onSubmit, onPromptPrepareStart: startDraftPrepare, + onPromptPrepareProgress: updateDraftPrepare, onPromptPrepareEnd: stopDraftPrepare, confirmPromptDraft, }) @@ -1287,7 +1326,12 @@ export const PromptInput: Component = (props) => { event.preventDefault() return } - if (draftPreparing() || composing()) { + if (draftPreparing()) { + event.preventDefault() + void abort() + return + } + if (composing()) { event.preventDefault() return } @@ -1296,11 +1340,14 @@ export const PromptInput: Component = (props) => { confirmCurrentDraft() return } + // A fresh submission supersedes any paused draft from a prior canceled preparation. + if (draftPreview()) setDraftPreview("") handleSubmit(event) } const handleKeyDown = (event: KeyboardEvent) => { if (draftPreparing()) { + if (event.key === "Escape" || (event.ctrlKey && event.code === "KeyG")) void abort() event.preventDefault() event.stopPropagation() return @@ -1616,6 +1663,53 @@ export const PromptInput: Component = (props) => { onPress: () => void addProject(), })) + // Live/paused draft panel shown BELOW the editor. While preparing it streams the refined prompt; + // after a cancel it stays as a preserved partial draft the user can adopt (→ editor) or dismiss. + const draftPreviewPanel = () => ( + 0}> +
+
+ + + + + {draftPreparing() + ? language.t("prompt.draft.preview.streaming") + : language.t("prompt.draft.preview.paused")} + +
+
+ {draftPreview().trim() || language.t("prompt.generating")} +
+ 0}> +
+ + +
+
+
+
+ ) + const draftReviewBar = () => ( {(_review) => ( @@ -1758,7 +1852,9 @@ export const PromptInput: Component = (props) => { "[&_[data-type=file]]:text-syntax-property": true, "[&_[data-type=agent]]:text-syntax-type": true, "font-mono!": store.mode === "shell", - "cursor-wait text-text-weak": draftPreparing(), + // Editor keeps the raw user input during preparation (the streamed draft shows in the + // panel below), so it reads normally — locked to edits, not greyed as a placeholder. + "cursor-wait": draftPreparing(), }} style={{ "padding-bottom": space }} /> @@ -1797,11 +1893,11 @@ export const PromptInput: Component = (props) => {
- + = (props) => {
+ {draftPreviewPanel()} diff --git a/packages/app/src/components/prompt-input/submit.test.ts b/packages/app/src/components/prompt-input/submit.test.ts index 50935f36..1eb5e2da 100644 --- a/packages/app/src/components/prompt-input/submit.test.ts +++ b/packages/app/src/components/prompt-input/submit.test.ts @@ -29,6 +29,7 @@ const preparedDrafts: Array<{ }> = [] const sentPromptAsync: Array<{ directory: string; metadata?: unknown; text?: string }> = [] const promptPrepareEvents: string[] = [] +const promptPrepareProgress: string[] = [] let params: { id?: string } = {} let selected = "/repo/worktree-a" @@ -72,8 +73,10 @@ const clientFor = (directory: string) => { }, client: { request: async (payload: { + url?: string path?: { sessionID?: string } body?: { mode?: string; output_language?: string; parts?: Array<{ type: string; text?: string }> } + signal?: AbortSignal }) => { const text = payload.body?.parts?.find((part) => part.type === "text")?.text preparedDrafts.push({ @@ -91,16 +94,43 @@ const clientFor = (directory: string) => { }, }) } + if (text === "prepare waits") { + return { + data: new ReadableStream({ + start(controller) { + payload.signal?.addEventListener( + "abort", + () => controller.error(new DOMException("Aborted", "AbortError")), + { once: true }, + ) + }, + }), + } + } + const result = { + prompt_draft_id: "prompt_draft:test:1", + context_plan_id: "context_plan:test:1", + state: "draft_ready", + mode: payload.body?.mode ?? "intelligence", + route: text === "hello" ? "general" : "code", + goal: "Prepared goal", + preview: "# Prepared prompt", + } return { - data: { - prompt_draft_id: "prompt_draft:test:1", - context_plan_id: "context_plan:test:1", - state: "draft_ready", - mode: payload.body?.mode ?? "intelligence", - route: text === "hello" ? "general" : "code", - goal: "Prepared goal", - preview: "# Prepared prompt", - }, + data: new ReadableStream({ + start(controller) { + controller.enqueue( + new TextEncoder().encode( + [ + `data: ${JSON.stringify({ type: "progress", preview: "Prepared" })}\n\n`, + `data: ${JSON.stringify({ type: "progress", preview: "Prepared goal" })}\n\n`, + `data: ${JSON.stringify({ type: "result", result })}\n\n`, + ].join(""), + ), + ) + controller.close() + }, + }), } }, }, @@ -283,6 +313,7 @@ beforeEach(() => { preparedDrafts.length = 0 sentPromptAsync.length = 0 promptPrepareEvents.length = 0 + promptPrepareProgress.length = 0 promptValue[0] = { type: "text", content: "ls", start: 0, end: 2 } selected = "/repo/worktree-a" variant = undefined @@ -439,6 +470,7 @@ describe("prompt submit worktree selection", () => { setMode: () => undefined, setPopover: () => undefined, onPromptPrepareStart: () => promptPrepareEvents.push("start"), + onPromptPrepareProgress: (preview) => promptPrepareProgress.push(preview), onPromptPrepareEnd: () => promptPrepareEvents.push("end"), confirmPromptDraft: async () => ({ editedGoal: "Edited prepared goal" }), onSubmit: () => undefined, @@ -450,6 +482,7 @@ describe("prompt submit worktree selection", () => { await flushAsyncSubmit() expect(promptPrepareEvents).toEqual(["start", "end"]) + expect(promptPrepareProgress).toEqual(["Prepared", "Prepared goal"]) expect(preparedDrafts).toEqual([ { directory: "/repo/main", sessionID: "session-1", mode: "intelligence", outputLanguage: "english", text: "ls" }, ]) @@ -532,7 +565,13 @@ describe("prompt submit worktree selection", () => { expect(confirms).toEqual([]) expect(preparedDrafts).toEqual([ - { directory: "/repo/main", sessionID: "session-1", mode: "intelligence", outputLanguage: "english", text: "hello" }, + { + directory: "/repo/main", + sessionID: "session-1", + mode: "intelligence", + outputLanguage: "english", + text: "hello", + }, ]) expect(sentPromptAsync[0]?.text).toBe("hello") expect(sentPromptAsync[0]?.metadata).toEqual({ @@ -585,4 +624,38 @@ describe("prompt submit worktree selection", () => { expect(sentPromptAsync).toEqual([]) promptValue[0] = { type: "text", content: "ls", start: 0, end: 2 } }) + + test("stops intelligence prompt preparation without submitting", async () => { + params = { id: "session-1" } + promptMode = "intelligence" + promptValue[0] = { type: "text", content: "prepare waits", start: 0, end: 13 } + + const submit = createPromptSubmit({ + info: () => ({ id: "session-1" }), + imageAttachments: () => [], + commentCount: () => 0, + autoAccept: () => false, + mode: () => "normal", + working: () => false, + editor: () => undefined, + queueScroll: () => undefined, + promptLength: (value) => value.reduce((sum, part) => sum + ("content" in part ? part.content.length : 0), 0), + addToHistory: () => undefined, + resetHistoryNavigation: () => undefined, + setMode: () => undefined, + setPopover: () => undefined, + onPromptPrepareStart: () => promptPrepareEvents.push("start"), + onPromptPrepareEnd: () => promptPrepareEvents.push("end"), + onSubmit: () => undefined, + }) + + await submit.handleSubmit({ preventDefault: () => undefined } as unknown as Event) + await flushAsyncSubmit() + await submit.abort() + await flushAsyncSubmit() + + expect(promptPrepareEvents).toEqual(["start", "end"]) + expect(sentPromptAsync).toEqual([]) + promptValue[0] = { type: "text", content: "ls", start: 0, end: 2 } + }) }) diff --git a/packages/app/src/components/prompt-input/submit.ts b/packages/app/src/components/prompt-input/submit.ts index baa67555..7e98fdf9 100644 --- a/packages/app/src/components/prompt-input/submit.ts +++ b/packages/app/src/components/prompt-input/submit.ts @@ -77,10 +77,17 @@ type RawSdkClient = { path?: Record body?: unknown headers?: Record + parseAs?: "stream" + signal?: AbortSignal }): Promise<{ data?: TData }> } } +type DeepAgentPromptPrepareStreamEvent = + | { type: "progress"; preview: string } + | { type: "result"; result: DeepAgentPromptPrepareResult } + | { type: "error"; message: string } + type FollowupSendInput = { client: ReturnType["client"] serverSync: ReturnType @@ -91,7 +98,9 @@ type FollowupSendInput = { before?: () => Promise | boolean onBeforeSubmit?: () => void onPromptPrepareStart?: () => void + onPromptPrepareProgress?: (preview: string) => void onPromptPrepareEnd?: () => void + promptPrepareSignal?: AbortSignal promptOutputLanguage?: DeepAgentPromptOutputLanguage confirmPromptDraft?: (draft: DeepAgentPromptPrepareResult) => Promise } @@ -111,11 +120,13 @@ async function prepareDeepAgentPromptDraft(input: { mode: DeepAgentPromptModeForConfirmation outputLanguage: DeepAgentPromptOutputLanguage parts: SessionPromptAsyncInput["parts"] + signal?: AbortSignal + onProgress?: (preview: string) => void }) { const raw = input.client as unknown as RawSdkClient - const response = await raw.client.request({ + const response = await raw.client.request>({ method: "POST", - url: "/session/{sessionID}/prompt_prepare", + url: "/session/{sessionID}/prompt_prepare_stream", path: { sessionID: input.sessionID }, body: { mode: input.mode, @@ -125,9 +136,43 @@ async function prepareDeepAgentPromptDraft(input: { headers: { "Content-Type": "application/json", }, + parseAs: "stream", + signal: input.signal, }) - if (!response.data) throw new Error("Prompt draft prepare returned no data") - return response.data + if (!response.data) throw new Error("Prompt draft prepare returned no stream") + + const decoder = new TextDecoder() + const reader = response.data.getReader() + let buffer = "" + let prepared: DeepAgentPromptPrepareResult | undefined + const readEvent = (block: string) => { + const data = block + .split("\n") + .filter((line) => line.startsWith("data:")) + .map((line) => line.slice(5).trimStart()) + .join("\n") + if (!data) return + const event = JSON.parse(data) as DeepAgentPromptPrepareStreamEvent + if (event.type === "progress") { + input.onProgress?.(event.preview) + return + } + if (event.type === "error") throw new Error(event.message) + prepared = event.result + } + + while (true) { + const part = await reader.read() + if (part.done) break + buffer += decoder.decode(part.value, { stream: true }) + const blocks = buffer.split("\n\n") + buffer = blocks.pop() ?? "" + blocks.forEach(readEvent) + } + buffer += decoder.decode() + if (buffer.trim()) readEvent(buffer) + if (!prepared) throw new Error("Prompt draft prepare returned no result") + return prepared } export type DeepAgentPromptSuggestion = { @@ -240,10 +285,13 @@ export async function sendFollowupDraft(input: FollowupSendInput) { mode, outputLanguage: input.promptOutputLanguage ?? "english", parts: preparedParts.requestParts, + signal: input.promptPrepareSignal, + onProgress: input.onPromptPrepareProgress, }) } catch (err) { setIdle() input.onPromptPrepareEnd?.() + if (input.promptPrepareSignal?.aborted) return false throw err } input.onPromptPrepareEnd?.() @@ -354,6 +402,7 @@ type PromptSubmitInput = { onAbort?: () => void onSubmit?: () => void onPromptPrepareStart?: () => void + onPromptPrepareProgress?: (preview: string) => void onPromptPrepareEnd?: () => void confirmPromptDraft?: (draft: DeepAgentPromptPrepareResult) => Promise } @@ -381,6 +430,7 @@ export function createPromptSubmit(input: PromptSubmitInput) { const language = useLanguage() const params = useParams() const pendingKey = (sessionID: string) => ScopedKey.from(sdk.scope, sessionID) + let activePreparation: { sessionID: string; controller: AbortController } | undefined const errorMessage = (err: unknown) => { if (err && typeof err === "object" && "data" in err) { @@ -392,7 +442,7 @@ export function createPromptSubmit(input: PromptSubmitInput) { } const abort = async () => { - const sessionID = params.id + const sessionID = activePreparation?.sessionID ?? params.id if (!sessionID) return Promise.resolve() // D3: any stop resets the scenario to `direct` and pauses scenario automation for this @@ -402,6 +452,12 @@ export function createPromptSubmit(input: PromptSubmitInput) { input.onAbort?.() + if (activePreparation) { + activePreparation.controller.abort() + activePreparation = undefined + return Promise.resolve() + } + const key = pendingKey(sessionID) const queued = pending.get(key) if (queued) { @@ -678,6 +734,7 @@ export function createPromptSubmit(input: PromptSubmitInput) { const commentItems = context.filter((item) => item.type === "file" && !!item.comment?.trim()) const messageID = Identifier.ascending("message") const preparesPromptDraft = promptPipelineMode(draft.metadata) === "intelligence" + const preparationAbort = preparesPromptDraft ? new AbortController() : undefined const removeOptimisticMessage = () => { sync.session.optimistic.remove({ @@ -700,7 +757,7 @@ export function createPromptSubmit(input: PromptSubmitInput) { sync.set("session_status", session.id, { type: "busy" }) } - const controller = new AbortController() + const controller = preparationAbort ?? new AbortController() const cleanup = () => { if (sessionDirectory === projectDirectory) { sync.set("session_status", session.id, { type: "idle" }) @@ -749,6 +806,12 @@ export function createPromptSubmit(input: PromptSubmitInput) { return true } + if (preparationAbort) activePreparation = { sessionID: session.id, controller: preparationAbort } + const clearActivePreparation = () => { + if (activePreparation?.controller !== preparationAbort) return + activePreparation = undefined + } + void sendFollowupDraft({ client, sync, @@ -759,11 +822,14 @@ export function createPromptSubmit(input: PromptSubmitInput) { before: waitForWorktree, onBeforeSubmit: input.onSubmit, onPromptPrepareStart: input.onPromptPrepareStart, + onPromptPrepareProgress: input.onPromptPrepareProgress, onPromptPrepareEnd: input.onPromptPrepareEnd, + promptPrepareSignal: preparationAbort?.signal, promptOutputLanguage: promptOutputLanguage(language.locale()), confirmPromptDraft: input.confirmPromptDraft, }) .then((sent) => { + clearActivePreparation() pending.delete(pendingKey(session.id)) if (sent) { if (preparesPromptDraft) { @@ -780,6 +846,7 @@ export function createPromptSubmit(input: PromptSubmitInput) { restoreInput() }) .catch((err) => { + clearActivePreparation() pending.delete(pendingKey(session.id)) if (sessionDirectory === projectDirectory) { sync.set("session_status", session.id, { type: "idle" }) diff --git a/packages/app/src/components/settings-v2/import-history.tsx b/packages/app/src/components/settings-v2/import-history.tsx index 918c30d8..976cb2d3 100644 --- a/packages/app/src/components/settings-v2/import-history.tsx +++ b/packages/app/src/components/settings-v2/import-history.tsx @@ -228,7 +228,7 @@ export const ImportSection: Component = () => { value={customPath()} onInput={(e) => setCustomPath(e.currentTarget.value)} disabled={running()} - placeholder="/Users/you/.codex_backup" + placeholder="~/.codex_backup" spellcheck={false} autocorrect="off" autocomplete="off" @@ -296,7 +296,7 @@ export const ImportSection: Component = () => { value={cwdFilter()} onInput={(e) => setCwdFilter(e.currentTarget.value)} disabled={running()} - placeholder="/Users/you/projects/..." + placeholder="~/projects/..." spellcheck={false} autocorrect="off" autocomplete="off" diff --git a/packages/app/src/components/terminal.tsx b/packages/app/src/components/terminal.tsx index 70f487a4..cdc35621 100644 --- a/packages/app/src/components/terminal.tsx +++ b/packages/app/src/components/terminal.tsx @@ -491,7 +491,7 @@ export const Terminal = (props: TerminalProps) => { const gone = () => client.pty .get({ ptyID: id }, { throwOnError: false }) - .then((result) => result.response.status === 404) + .then((result) => result.response?.status === 404) .catch((err) => { debugTerminal("failed to inspect terminal session", err) return false @@ -511,11 +511,15 @@ export const Terminal = (props: TerminalProps) => { throw err }) if (!result) return - if (result.response.status === 200 && result.data?.ticket) return result.data.ticket - if (result.response.status === 404 || result.response.status === 405) return - if (result.response.status === 403) + // With throwOnError:false a completed request always carries a response; the SDK types it + // optional (it can be absent when the request itself failed to build), so guard once. + const response = result.response + if (!response) throw new Error("PTY connect ticket failed: no response from server") + if (response.status === 200 && result.data?.ticket) return result.data.ticket + if (response.status === 404 || response.status === 405) return + if (response.status === 403) throw new Error("PTY connect ticket rejected by origin or CSRF checks. Check the server CORS config.") - throw new Error(`PTY connect ticket failed with ${result.response.status}`) + throw new Error(`PTY connect ticket failed with ${response.status}`) } const retry = (err: unknown) => { diff --git a/packages/app/src/context/directory-sync.ts b/packages/app/src/context/directory-sync.ts index 7663c2cf..417e2f8b 100644 --- a/packages/app/src/context/directory-sync.ts +++ b/packages/app/src/context/directory-sync.ts @@ -300,7 +300,7 @@ export const createDirSyncContext = ( const items = (messages.data ?? []).filter((x) => !!x?.info?.id) const session = items.map((x) => clean(x.info)).sort((a, b) => cmp(a.id, b.id)) const part = items.map((message) => ({ id: message.info.id, part: sortParts(message.parts) })) - const cursor = messages.response.headers.get("x-next-cursor") ?? undefined + const cursor = messages.response?.headers.get("x-next-cursor") ?? undefined return { session, part, diff --git a/packages/app/src/context/global-sync/queue.test.ts b/packages/app/src/context/global-sync/queue.test.ts index c9919855..647bccb0 100644 --- a/packages/app/src/context/global-sync/queue.test.ts +++ b/packages/app/src/context/global-sync/queue.test.ts @@ -43,4 +43,24 @@ describe("createRefreshQueue", () => { expect(calls).toEqual(["C:\\tmp\\demo"]) queue.dispose() }) + + test("does not enqueue rejected directories", async () => { + const calls: string[] = [] + const queue = createRefreshQueue({ + paused: () => false, + accept: (directory) => directory !== "/", + bootstrap: async () => {}, + bootstrapInstance: (directory) => { + calls.push(directory) + }, + }) + + queue.push("/") + queue.push("/project") + + await tick() + + expect(calls).toEqual(["/project"]) + queue.dispose() + }) }) diff --git a/packages/app/src/context/global-sync/queue.ts b/packages/app/src/context/global-sync/queue.ts index 947e31ac..b5653717 100644 --- a/packages/app/src/context/global-sync/queue.ts +++ b/packages/app/src/context/global-sync/queue.ts @@ -3,6 +3,7 @@ type QueueInput = { bootstrap: () => Promise bootstrapInstance: (directory: string) => Promise | void key?: (directory: string) => string + accept?: (directory: string) => boolean } export function createRefreshQueue(input: QueueInput) { @@ -36,6 +37,7 @@ export function createRefreshQueue(input: QueueInput) { const push = (directory: string) => { if (!directory) return + if (input.accept && !input.accept(directory)) return queued.set(key(directory), directory) if (input.paused()) return schedule() diff --git a/packages/app/src/context/notification-state.ts b/packages/app/src/context/notification-state.ts new file mode 100644 index 00000000..14f68470 --- /dev/null +++ b/packages/app/src/context/notification-state.ts @@ -0,0 +1,35 @@ +import { EventSessionError } from "@deepagent-code/sdk/v2" +import { isFilesystemRootDir } from "@/utils/filesystem-root" + +type NotificationBase = { + directory?: string + session?: string + metadata?: unknown + time: number + viewed: boolean +} + +type TurnCompleteNotification = NotificationBase & { + type: "turn-complete" +} + +type ErrorNotification = NotificationBase & { + type: "error" + error: EventSessionError["properties"]["error"] +} + +export type Notification = TurnCompleteNotification | ErrorNotification + +const MAX_NOTIFICATIONS = 500 +const NOTIFICATION_TTL_MS = 1000 * 60 * 60 * 24 * 30 + +export function pruneNotifications(list: Notification[]) { + const cutoff = Date.now() - NOTIFICATION_TTL_MS + const pruned = list.filter((notification) => { + if (notification.time < cutoff) return false + if (notification.directory && isFilesystemRootDir(notification.directory)) return false + return true + }) + if (pruned.length <= MAX_NOTIFICATIONS) return pruned + return pruned.slice(pruned.length - MAX_NOTIFICATIONS) +} diff --git a/packages/app/src/context/notification.test.ts b/packages/app/src/context/notification.test.ts new file mode 100644 index 00000000..f8581d9f --- /dev/null +++ b/packages/app/src/context/notification.test.ts @@ -0,0 +1,15 @@ +import { describe, expect, test } from "bun:test" +import { pruneNotifications, type Notification } from "./notification-state" + +describe("pruneNotifications", () => { + test("drops legacy filesystem-root notifications", () => { + const time = Date.now() + const notifications: Notification[] = [ + { type: "turn-complete", directory: "/", session: "root", time, viewed: true }, + { type: "turn-complete", directory: "C:\\", session: "drive", time, viewed: true }, + { type: "turn-complete", directory: "/project", session: "safe", time, viewed: true }, + ] + + expect(pruneNotifications(notifications)).toEqual([notifications[2]]) + }) +}) diff --git a/packages/app/src/context/notification.tsx b/packages/app/src/context/notification.tsx index 6aed2145..292fd5f8 100644 --- a/packages/app/src/context/notification.tsx +++ b/packages/app/src/context/notification.tsx @@ -13,25 +13,9 @@ import { decode64 } from "@/utils/base64" import { EventSessionError } from "@deepagent-code/sdk/v2" import { Persist, persisted } from "@/utils/persist" import { playSoundById } from "@/utils/sound" +import { pruneNotifications, type Notification } from "./notification-state" -type NotificationBase = { - directory?: string - session?: string - metadata?: unknown - time: number - viewed: boolean -} - -type TurnCompleteNotification = NotificationBase & { - type: "turn-complete" -} - -type ErrorNotification = NotificationBase & { - type: "error" - error: EventSessionError["properties"]["error"] -} - -export type Notification = TurnCompleteNotification | ErrorNotification +export type { Notification } from "./notification-state" type NotificationIndex = { session: { @@ -48,16 +32,6 @@ type NotificationIndex = { } } -const MAX_NOTIFICATIONS = 500 -const NOTIFICATION_TTL_MS = 1000 * 60 * 60 * 24 * 30 - -function pruneNotifications(list: Notification[]) { - const cutoff = Date.now() - NOTIFICATION_TTL_MS - const pruned = list.filter((n) => n.time >= cutoff) - if (pruned.length <= MAX_NOTIFICATIONS) return pruned - return pruned.slice(pruned.length - MAX_NOTIFICATIONS) -} - function createNotificationIndex(): NotificationIndex { return { session: { diff --git a/packages/app/src/context/server-sync.tsx b/packages/app/src/context/server-sync.tsx index 423d73de..91f79cc5 100644 --- a/packages/app/src/context/server-sync.tsx +++ b/packages/app/src/context/server-sync.tsx @@ -44,23 +44,12 @@ import { ServerConnection, useServer } from "./server" import { retry } from "@deepagent-code/core/util/retry" import type { ServerScope } from "@/utils/server-scope" import { persisted } from "@/utils/persist" +import { isFilesystemRootDir } from "@/utils/filesystem-root" import { toggleMcp } from "./global-sync/mcp" import type { SessionPlan, SessionPlanStep, SessionGoal } from "./global-sync/types" export type { SessionPlan, SessionPlanStep, SessionGoal } -// True when `dir` is a filesystem root: posix "/" or a Windows drive/UNC root ("C:\", "C:/", "\\"). -// Rooting an instance here is refused server-side (assertSafeInstanceRoot); we check on the client -// too so we never fire the doomed boot. Kept dependency-free (no node:path in the renderer). -function isFilesystemRootDir(dir: string): boolean { - const trimmed = dir.trim() - if (!trimmed) return false - const normalized = trimmed.replace(/\\/g, "/").replace(/\/+$/, "") - if (normalized === "") return true // was "/" or "\" (all separators) - if (/^[A-Za-z]:$/.test(normalized)) return true // "C:" (drive root after trailing-slash strip) - return false -} - type GlobalStore = { ready: boolean error?: InitError @@ -297,6 +286,7 @@ export function createServerSyncContextInner(_serverSDK?: ServerSDK) { const queue = createRefreshQueue({ paused, key: directoryKey, + accept: (directory) => !isFilesystemRootDir(directory), bootstrap: () => queryClient.fetchQuery({ queryKey: [serverSDK.scope, "bootstrap"] }), bootstrapInstance, }) @@ -422,18 +412,8 @@ export function createServerSyncContextInner(_serverSDK?: ServerSDK) { async function bootstrapInstance(directory: string) { const key = directoryKey(directory) if (!key) return - // Fail-closed against a filesystem-root directory. The server refuses to boot an instance - // rooted at "/" (assertSafeInstanceRoot — it would make the file-tool permission boundary the - // whole disk), so a stored session/route pointing at "/" would otherwise trigger an endless - // boot→fail→retry storm surfacing only as "unexpected server error". Mirror the guard here so - // the doomed request is never sent and the user gets a clear reason instead. Legacy "/" data - // (pre-guard) is the only way to reach this now that the boot path rejects it. if (isFilesystemRootDir(directory)) { - showToast({ - variant: "error", - title: language.t("toast.project.rootRefused.title"), - description: language.t("toast.project.rootRefused.description"), - }) + children.disposeDirectory(key) return } const pending = booting.get(key) diff --git a/packages/app/src/context/server.test.ts b/packages/app/src/context/server.test.ts index ae34e3a1..cd21a182 100644 --- a/packages/app/src/context/server.test.ts +++ b/packages/app/src/context/server.test.ts @@ -118,6 +118,23 @@ describe("createServerProjects", () => { }) describe("migrateCanonicalLocalServerState", () => { + test("removes persisted filesystem-root projects and last-project pointers", () => { + expect( + migrateCanonicalLocalServerState({ + projects: { + local: [ + { worktree: "/", expanded: true }, + { worktree: "/project", expanded: true }, + ], + }, + lastProject: { local: "/", remote: "/project" }, + }), + ).toEqual({ + projects: { local: [{ worktree: "/project", expanded: true }] }, + lastProject: { remote: "/project" }, + }) + }) + test("moves an existing canonical web bucket into local scope", () => { expect( migrateCanonicalLocalServerState( diff --git a/packages/app/src/context/server.tsx b/packages/app/src/context/server.tsx index 1efe91a0..41f68cd6 100644 --- a/packages/app/src/context/server.tsx +++ b/packages/app/src/context/server.tsx @@ -3,6 +3,7 @@ import { type Accessor, batch, createMemo } from "solid-js" import { createStore, type SetStoreFunction, type Store } from "solid-js/store" import { Persist, persisted } from "@/utils/persist" import { ServerScope } from "@/utils/server-scope" +import { isFilesystemRootDir } from "@/utils/filesystem-root" type StoredProject = { worktree: string; expanded: boolean } type StoredServer = string | ServerConnection.HttpBase | ServerConnection.Http | ServerConnection.Server @@ -32,6 +33,10 @@ function isRecord(value: unknown): value is Record { } export function migrateCanonicalLocalServerState(value: unknown, canonicalLocalServer?: ServerConnection.Key) { + return removeFilesystemRootServerState(migrateCanonicalServerScope(value, canonicalLocalServer)) +} + +function migrateCanonicalServerScope(value: unknown, canonicalLocalServer?: ServerConnection.Key) { if (!canonicalLocalServer || canonicalLocalServer === "local") return value if (!isRecord(value)) return value const projects = isRecord(value.projects) ? value.projects : undefined @@ -65,6 +70,31 @@ export function migrateCanonicalLocalServerState(value: unknown, canonicalLocalS return next } +function removeFilesystemRootServerState(value: unknown) { + if (!isRecord(value)) return value + const projects = isRecord(value.projects) + ? Object.fromEntries( + Object.entries(value.projects).map(([scope, entries]) => [ + scope, + Array.isArray(entries) + ? entries.filter( + (project) => + !isRecord(project) || typeof project.worktree !== "string" || !isFilesystemRootDir(project.worktree), + ) + : entries, + ]), + ) + : value.projects + const lastProject = isRecord(value.lastProject) + ? Object.fromEntries( + Object.entries(value.lastProject).filter( + ([, directory]) => typeof directory !== "string" || !isFilesystemRootDir(directory), + ), + ) + : value.lastProject + return { ...value, projects, lastProject } +} + export function createServerProjects(input: { scope: Accessor store: Store @@ -271,11 +301,7 @@ export const { use: useServer, provider: ServerProvider } = createSimpleContext( // Normalize a stored entry to a typed connection so we can key it uniformly // (Http keys by url, Server keys by `server:`). const toConnection = (x: StoredServer): ServerConnection.Any => - typeof x === "string" - ? { type: "http", http: { url: x } } - : "type" in x - ? x - : { type: "http", http: x } + typeof x === "string" ? { type: "http", http: { url: x } } : "type" in x ? x : { type: "http", http: x } const allServers = createMemo((): Array => { return resolveServerList({ stored: store.list, props: props.servers }) diff --git a/packages/app/src/i18n/en.ts b/packages/app/src/i18n/en.ts index bdc0ea4c..a06cae54 100644 --- a/packages/app/src/i18n/en.ts +++ b/packages/app/src/i18n/en.ts @@ -309,6 +309,10 @@ export const dict = { "prompt.action.attachFile": "Add files", "prompt.attachment.remove": "Remove attachment", "prompt.generating": "Generating prompt...", + "prompt.draft.preview.streaming": "Preparing prompt draft", + "prompt.draft.preview.paused": "Draft paused", + "prompt.draft.preview.dismiss": "Dismiss", + "prompt.draft.preview.use": "Use this draft", "prompt.action.send": "Send", "prompt.action.stop": "Stop", "prompt.scenario.label": "Scenario mode", diff --git a/packages/app/src/i18n/zh.ts b/packages/app/src/i18n/zh.ts index 0e2008c6..b378e388 100644 --- a/packages/app/src/i18n/zh.ts +++ b/packages/app/src/i18n/zh.ts @@ -328,6 +328,10 @@ export const dict = { "prompt.action.attachFile": "附加文件", "prompt.attachment.remove": "移除附件", "prompt.generating": "提示生成中...", + "prompt.draft.preview.streaming": "正在准备提示草稿", + "prompt.draft.preview.paused": "草稿已暂停", + "prompt.draft.preview.dismiss": "丢弃", + "prompt.draft.preview.use": "使用此草稿", "prompt.action.send": "发送", "prompt.action.stop": "停止", "prompt.scenario.label": "情景模式", diff --git a/packages/app/src/pages/directory-layout.tsx b/packages/app/src/pages/directory-layout.tsx index abef9f0b..5f6517aa 100644 --- a/packages/app/src/pages/directory-layout.tsx +++ b/packages/app/src/pages/directory-layout.tsx @@ -4,10 +4,16 @@ import { base64Encode } from "@deepagent-code/core/util/encode" import { useLocation, useNavigate, useParams } from "@solidjs/router" import { createEffect, createMemo, createResource, type ParentProps, Show } from "solid-js" import { useLanguage } from "@/context/language" +import { useLayout } from "@/context/layout" import { LocalProvider } from "@/context/local" import { SDKProvider } from "@/context/sdk" +import { useServer } from "@/context/server" +import { useServerSDK } from "@/context/server-sdk" +import { useServerSync } from "@/context/server-sync" import { useSync } from "@/context/sync" import { decode64 } from "@/utils/base64" +import { isFilesystemRootDir, recoverFilesystemRootRoute } from "@/utils/filesystem-root" +import { formatServerError } from "@/utils/server-errors" import { Schema } from "effect" function DirectoryDataProvider(props: ParentProps<{ directory: string }>) { @@ -53,8 +59,13 @@ export function decodeDirectory(dir: string): ProjectDirString | undefined { export default function Layout(props: ParentProps) { const params = useParams() const language = useLanguage() + const layout = useLayout() const navigate = useNavigate() + const server = useServer() + const serverSDK = useServerSDK() + const serverSync = useServerSync() let invalid = "" + let recovering = "" const resolved = createMemo(() => { if (!params.dir) return "" @@ -78,8 +89,51 @@ export default function Layout(props: ParentProps) { navigate("/", { replace: true }) }) + createEffect(() => { + const directory = resolved() + if (!directory || !isFilesystemRootDir(directory)) return + const dataDir = serverSync.data.path.data + if (!dataDir) return + const key = `${params.dir}/${params.id ?? ""}` + if (recovering === key) return + recovering = key + + void recoverFilesystemRootRoute({ + dataDir, + sessionID: params.id, + getSession: (sessionID) => + serverSDK.client.session + .get({ sessionID }) + .then((response) => response.data) + .catch(() => undefined), + mkdir: async (destination) => { + await serverSDK.createClient({ directory: destination, throwOnError: true }).file.mkdir({ path: "." }) + }, + moveSession: async (sessionID, destination) => { + await serverSDK.client.experimental.controlPlane.moveSession({ + sessionID, + destination: { directory: destination }, + }) + }, + }) + .then((result) => { + layout.projects.open(result.directory) + server.projects.touch(result.directory) + const session = result.sessionID ? `/session/${result.sessionID}` : "/session" + navigate(`/${base64Encode(result.directory)}${session}`, { replace: true }) + }) + .catch((error) => { + showToast({ + variant: "error", + title: language.t("toast.project.rootRecoveryFailed.title"), + description: formatServerError(error, language.t), + }) + navigate("/", { replace: true }) + }) + }) + return ( - + {(resolved) => ( {props.children} diff --git a/packages/app/src/pages/layout.tsx b/packages/app/src/pages/layout.tsx index 40f0c5b0..7234e755 100644 --- a/packages/app/src/pages/layout.tsx +++ b/packages/app/src/pages/layout.tsx @@ -70,6 +70,7 @@ import { ServerConnection, useServer } from "@/context/server" import { useLanguage, type Locale } from "@/context/language" import type { UpdaterState } from "@/updater" import { pathKey } from "@/utils/path-key" +import { isFilesystemRootDir } from "@/utils/filesystem-root" import { displayName, effectiveWorkspaceOrder, @@ -140,6 +141,7 @@ export default function Layout(props: ParentProps) { if (!slug) return { slug, dir: "" } const dir = decode64(slug) if (!dir) return { slug, dir: "" } + if (isFilesystemRootDir(dir)) return { slug, dir: "" } const store = serverSync.peek(dir, { bootstrap: false }) return { slug, @@ -762,7 +764,7 @@ export default function Layout(props: ParentProps) { const next = items.map((x) => x.info).filter((m): m is Message => !!m?.id) const sorted = mergeByID([], next) const stale = markPrefetched(directory, sessionID) - const cursor = messages.response.headers.get("x-next-cursor") ?? undefined + const cursor = messages.response?.headers.get("x-next-cursor") ?? undefined const meta = { limit: sorted.length, cursor, diff --git a/packages/app/src/utils/filesystem-root.test.ts b/packages/app/src/utils/filesystem-root.test.ts new file mode 100644 index 00000000..676e27fe --- /dev/null +++ b/packages/app/src/utils/filesystem-root.test.ts @@ -0,0 +1,103 @@ +import { describe, expect, test } from "bun:test" +import { isFilesystemRootDir, recoverFilesystemRootRoute } from "./filesystem-root" + +describe("isFilesystemRootDir", () => { + test("recognizes POSIX, drive, and UNC roots", () => { + expect(isFilesystemRootDir("/")).toBe(true) + expect(isFilesystemRootDir("///")).toBe(true) + expect(isFilesystemRootDir("C:\\")).toBe(true) + expect(isFilesystemRootDir("c:/")).toBe(true) + expect(isFilesystemRootDir("\\\\server\\share\\")).toBe(true) + }) + + test("rejects concrete directories", () => { + expect(isFilesystemRootDir("/Users/example")).toBe(false) + expect(isFilesystemRootDir("C:\\Users\\example")).toBe(false) + expect(isFilesystemRootDir("\\\\server\\share\\folder")).toBe(false) + expect(isFilesystemRootDir("")).toBe(false) + }) +}) + +describe("recoverFilesystemRootRoute", () => { + const dataDir = "/home/user/.deepagent/code" + + test("creates a folder-less sandbox for a bare root route", async () => { + const created: string[] = [] + const result = await recoverFilesystemRootRoute({ + dataDir, + getSession: async () => undefined, + mkdir: async (directory) => { + created.push(directory) + }, + moveSession: async () => {}, + }) + + expect(result.directory).toStartWith(`${dataDir}/workspaces/`) + expect(result.sessionID).toBeUndefined() + expect(created).toEqual([result.directory]) + }) + + test("moves a root session into a stable sandbox based on its conversation root", async () => { + const sessions = new Map([ + ["parent", { id: "parent", directory: "/" }], + ["child", { id: "child", parentID: "parent", directory: "/" }], + ]) + const moved: Array<[string, string]> = [] + const first = await recoverFilesystemRootRoute({ + dataDir, + sessionID: "child", + getSession: async (sessionID) => sessions.get(sessionID), + mkdir: async () => {}, + moveSession: async (sessionID, directory) => { + moved.push([sessionID, directory]) + }, + }) + const second = await recoverFilesystemRootRoute({ + dataDir, + sessionID: "parent", + getSession: async (sessionID) => sessions.get(sessionID), + mkdir: async () => {}, + moveSession: async () => {}, + }) + + expect(first.directory).toBe(second.directory) + expect(first.directory).toStartWith(`${dataDir}/workspaces/recovered-`) + expect(moved).toEqual([["child", first.directory]]) + }) + + test("reuses an already recovered parent sandbox", async () => { + const recovered = `${dataDir}/workspaces/recovered-parent` + const result = await recoverFilesystemRootRoute({ + dataDir, + sessionID: "child", + getSession: async (sessionID) => + sessionID === "child" + ? { id: "child", parentID: "parent", directory: "/" } + : { id: "parent", directory: recovered }, + mkdir: async () => {}, + moveSession: async () => {}, + }) + + expect(result.directory).toBe(recovered) + }) + + test("redirects a stale root URL to the session's current directory", async () => { + let mkdir = false + let move = false + const result = await recoverFilesystemRootRoute({ + dataDir, + sessionID: "session", + getSession: async () => ({ id: "session", directory: "/repo" }), + mkdir: async () => { + mkdir = true + }, + moveSession: async () => { + move = true + }, + }) + + expect(result).toEqual({ directory: "/repo", sessionID: "session" }) + expect(mkdir).toBe(false) + expect(move).toBe(false) + }) +}) diff --git a/packages/app/src/utils/filesystem-root.ts b/packages/app/src/utils/filesystem-root.ts new file mode 100644 index 00000000..3761c862 --- /dev/null +++ b/packages/app/src/utils/filesystem-root.ts @@ -0,0 +1,55 @@ +import { checksum } from "@deepagent-code/core/util/encode" +import { isSandboxDir, sandboxDir } from "@/utils/sandbox" + +export function isFilesystemRootDir(dir: string): boolean { + const normalized = dir.trim().replaceAll("\\", "/") + if (!normalized) return false + const trimmed = normalized.replace(/\/+$/, "") + if (!trimmed) return true + if (/^[A-Za-z]:$/.test(trimmed)) return true + if (!normalized.startsWith("//")) return false + return trimmed.slice(2).split("/").filter(Boolean).length <= 2 +} + +type RecoverableSession = { + id: string + parentID?: string + directory: string +} + +export async function recoverFilesystemRootRoute(input: { + dataDir: string + sessionID?: string + getSession: (sessionID: string) => Promise + mkdir: (directory: string) => Promise + moveSession: (sessionID: string, directory: string) => Promise +}) { + const current = input.sessionID ? await input.getSession(input.sessionID) : undefined + if (current && !isFilesystemRootDir(current.directory)) { + return { directory: current.directory, sessionID: current.id } + } + + const visited = new Set() + let root = current + let existingSandbox: string | undefined + while (root?.parentID && !visited.has(root.parentID)) { + visited.add(root.id) + const parent = await input.getSession(root.parentID) + if (!parent) break + if (!isFilesystemRootDir(parent.directory) && isSandboxDir(input.dataDir, parent.directory)) { + existingSandbox = parent.directory + break + } + root = parent + } + + const directory = + existingSandbox ?? + sandboxDir( + input.dataDir, + root ? `recovered-${checksum(root.id) ?? root.id.replace(/[^A-Za-z0-9_-]/g, "-")}` : undefined, + ) + await input.mkdir(directory) + if (current) await input.moveSession(current.id, directory) + return { directory, sessionID: current?.id } +} diff --git a/packages/core/src/control-plane/move-session.ts b/packages/core/src/control-plane/move-session.ts index 8369ac8c..e1c2575d 100644 --- a/packages/core/src/control-plane/move-session.ts +++ b/packages/core/src/control-plane/move-session.ts @@ -96,12 +96,21 @@ export const layer = Layer.effect( .pipe(Effect.mapError((error) => new ApplyChangesError({ message: error.message }))) } - yield* events.publish(SessionEvent.Moved, { - sessionID: input.sessionID, - location: Location.Ref.make({ directory }), - subdirectory: RelativePath.make(path.relative(destination.directory, directory).replaceAll("\\", "/")), - timestamp: yield* DateTime.now, - }) + const sessions = isFilesystemRoot(current.location.directory) + ? conversationTree(current, yield* session.list({ directory: current.location.directory })) + : [current] + const timestamp = yield* DateTime.now + yield* Effect.forEach( + sessions, + (item) => + events.publish(SessionEvent.Moved, { + sessionID: item.id, + location: Location.Ref.make({ directory }), + subdirectory: RelativePath.make(path.relative(destination.directory, directory).replaceAll("\\", "/")), + timestamp, + }), + { discard: true }, + ) if (patch) { yield* git.softResetChanges(current.location.directory).pipe( @@ -121,6 +130,27 @@ export const layer = Layer.effect( }), ) +function isFilesystemRoot(directory: string) { + const resolved = path.resolve(directory) + return path.dirname(resolved) === resolved +} + +function conversationTree(current: SessionSchema.Info, sessions: SessionSchema.Info[]) { + const byID = new Map(sessions.map((session) => [session.id, session])) + const root = sessions.reduce( + (session) => (session.parentID ? (byID.get(session.parentID) ?? session) : session), + current, + ) + const result: SessionSchema.Info[] = [] + const append = (session: SessionSchema.Info) => { + if (result.some((item) => item.id === session.id)) return + result.push(session) + sessions.filter((item) => item.parentID === session.id).forEach(append) + } + append(root) + return result +} + export const defaultLayer = layer.pipe( Layer.provide(Git.defaultLayer), Layer.provide(EventV2.defaultLayer), diff --git a/packages/core/test/move-session.test.ts b/packages/core/test/move-session.test.ts index 63e44fb3..97ef070c 100644 --- a/packages/core/test/move-session.test.ts +++ b/packages/core/test/move-session.test.ts @@ -246,4 +246,66 @@ describe("MoveSession", () => { expect(yield* Effect.promise(() => fs.readFile(path.join(source, "untracked.txt"), "utf8"))).toBe("unrelated\n") }), ) + + it.live("recovers a filesystem-root conversation tree without moving unrelated root sessions", () => + Effect.gen(function* () { + const root = yield* Effect.acquireRelease( + Effect.promise(() => tmpdir()), + (dir) => Effect.promise(() => dir[Symbol.asyncDispose]()), + ) + const destination = abs(path.join(root.path, "workspaces", "recovered")) + yield* Effect.promise(() => fs.mkdir(destination, { recursive: true })) + const projectID = Project.ID.global + const parent = SessionV2.ID.make("ses_root_parent") + const child = SessionV2.ID.make("ses_root_child") + const sibling = SessionV2.ID.make("ses_root_sibling") + const unrelated = SessionV2.ID.make("ses_root_unrelated") + const { db } = yield* Database.Service + yield* db + .insert(ProjectTable) + .values({ id: projectID, worktree: abs("/"), sandboxes: [], time_created: 1, time_updated: 1 }) + .onConflictDoNothing() + .run() + .pipe(Effect.orDie) + yield* db + .insert(SessionTable) + .values( + [ + { id: parent, parent_id: null, title: "parent" }, + { id: child, parent_id: parent, title: "child" }, + { id: sibling, parent_id: parent, title: "sibling" }, + { id: unrelated, parent_id: null, title: "unrelated" }, + ].map((session) => ({ + ...session, + project_id: projectID, + slug: session.id, + directory: abs("/"), + version: "test", + time_created: 1, + time_updated: 1, + })), + ) + .run() + .pipe(Effect.orDie) + + yield* MoveSession.Service.use((service) => + service.moveSession({ sessionID: child, destination: { directory: destination } }), + ) + + expect( + yield* db + .select({ id: SessionTable.id, directory: SessionTable.directory }) + .from(SessionTable) + .where(eq(SessionTable.project_id, projectID)) + .all(), + ).toEqual( + expect.arrayContaining([ + { id: parent, directory: destination }, + { id: child, directory: destination }, + { id: sibling, directory: destination }, + { id: unrelated, directory: abs("/") }, + ]), + ) + }), + ) }) diff --git a/packages/deepagent-code/script/build-node.ts b/packages/deepagent-code/script/build-node.ts index 92514cf4..e605ce37 100755 --- a/packages/deepagent-code/script/build-node.ts +++ b/packages/deepagent-code/script/build-node.ts @@ -12,7 +12,7 @@ process.chdir(dir) const generated = await import("./generate.ts") -await Bun.build({ +const result = await Bun.build({ target: "node", entrypoints: ["./src/node.ts"], outdir: "./dist/node", @@ -27,5 +27,19 @@ await Bun.build({ "deepagent-code-web-ui.gen.ts": "", }, }) +if (!result.success) throw new AggregateError(result.logs, "Failed to build the Node server") + +// Bun preserves CommonJS __dirname/__filename values for bundled dependencies. Those values point +// at the build machine and are unusable after installation, so make the bundle reproducible and +// keep local usernames/workspace paths out of release artifacts. +const buildRoot = path.resolve(dir, "../..") +const bundle = Bun.file("./dist/node/node.js") +await Bun.write( + bundle, + (await bundle.text()) + .replaceAll(buildRoot, "/__deepagent_build__") + .replaceAll(buildRoot.replaceAll("\\", "/"), "/__deepagent_build__") + .replaceAll(buildRoot.replaceAll("\\", "\\\\"), "/__deepagent_build__"), +) console.log("Build complete") diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/groups/session.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/groups/session.ts index 6d41df49..9404eee3 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/groups/session.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/groups/session.ts @@ -118,6 +118,7 @@ export const SessionPaths = { summarize: `${root}/:sessionID/summarize`, prompt: `${root}/:sessionID/message`, promptPrepare: `${root}/:sessionID/prompt_prepare`, + promptPrepareStream: `${root}/:sessionID/prompt_prepare_stream`, promptSuggestion: `${root}/:sessionID/prompt_suggestion`, promptAsync: `${root}/:sessionID/prompt_async`, command: `${root}/:sessionID/command`, @@ -363,8 +364,21 @@ export const SessionApi = HttpApi.make("session") OpenApi.annotations({ identifier: "session.prompt_prepare", summary: "Prepare prompt draft", + description: "Create a DeepAgent intelligence prompt draft for user confirmation before task submission.", + }), + ), + HttpApiEndpoint.post("promptPrepareStream", SessionPaths.promptPrepareStream, { + params: { sessionID: SessionID }, + query: WorkspaceRoutingQuery, + payload: PromptPreparePayload, + success: Schema.String, + error: [HttpApiError.BadRequest, InvalidRequestError, ApiNotFoundError], + }).annotateMerge( + OpenApi.annotations({ + identifier: "session.prompt_prepare_stream", + summary: "Stream prompt draft preparation", description: - "Create a DeepAgent intelligence prompt draft for user confirmation before task submission.", + "Create a DeepAgent intelligence prompt draft and stream progressive preview updates as server-sent events.", }), ), HttpApiEndpoint.get("promptSuggestion", SessionPaths.promptSuggestion, { diff --git a/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/session.ts b/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/session.ts index dabd91a8..a7fa8cf6 100644 --- a/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/session.ts +++ b/packages/deepagent-code/src/server/routes/instance/httpapi/handlers/session.ts @@ -16,10 +16,11 @@ import { SessionSummary } from "@/session/summary" import { Todo } from "@/session/todo" import { MessageID, PartID, SessionID } from "@/session/schema" import { NamedError } from "@deepagent-code/core/util/error" -import { Cause, Effect, Option, Schema, Scope } from "effect" +import { Cause, Effect, Option, Queue, Schema, Scope } from "effect" import * as Stream from "effect/Stream" import { HttpServerRequest, HttpServerResponse } from "effect/unstable/http" import { HttpApiBuilder, HttpApiError, HttpApiSchema } from "effect/unstable/httpapi" +import * as Sse from "effect/unstable/encoding/Sse" import { InstanceHttpApi } from "../api" import { CommandPayload, @@ -50,6 +51,16 @@ type PromptPreparePart = (typeof SessionPrompt.PromptInput.Type)["parts"][number const promptText = (parts: readonly PromptPreparePart[]) => parts.map((part) => (part.type === "text" ? part.text : "")).join("") +const promptPrepareEvent = (data: unknown): Sse.Event => ({ + _tag: "Event", + event: "message", + id: undefined, + data: JSON.stringify(data), +}) + +const isPromptPrepareTerminal = (event: unknown) => + typeof event === "object" && event !== null && "type" in event && (event.type === "result" || event.type === "error") + export const sessionHandlers = HttpApiBuilder.group(InstanceHttpApi, "session", (handlers) => Effect.gen(function* () { const session = yield* Session.Service @@ -314,18 +325,19 @@ export const sessionHandlers = HttpApiBuilder.group(InstanceHttpApi, "session", }) }) - const promptPrepare = Effect.fn("SessionHttpApi.promptPrepare")(function* (ctx: { - params: { sessionID: SessionID } - payload: typeof PromptPreparePayload.Type + const preparePromptDraft = Effect.fn("SessionHttpApi.preparePromptDraft")(function* (input: { + ctx: { params: { sessionID: SessionID }; payload: typeof PromptPreparePayload.Type } + onProgress?: (preview: string) => void }) { - yield* requireSession(ctx.params.sessionID) - const rawInput = promptText(ctx.payload.parts) + yield* requireSession(input.ctx.params.sessionID) + const rawInput = promptText(input.ctx.payload.parts) if (!rawInput.trim()) return yield* new HttpApiError.BadRequest({}) return yield* promptSvc .refineIntelligenceDraft({ - sessionID: ctx.params.sessionID, + sessionID: input.ctx.params.sessionID, rawInput, - outputLanguage: ctx.payload.output_language ?? "english", + outputLanguage: input.ctx.payload.output_language ?? "english", + onProgress: input.onProgress, }) .pipe( // Fail soft: refinement is an enhancement, not a gate. If the model can't produce a @@ -340,7 +352,7 @@ export const sessionHandlers = HttpApiBuilder.group(InstanceHttpApi, "session", Effect.catch((error: unknown) => Effect.logWarning("intelligence prompt prepare degraded to direct").pipe( Effect.annotateLogs({ - sessionID: ctx.params.sessionID, + sessionID: input.ctx.params.sessionID, reason: error instanceof Error ? error.message : String(error), }), Effect.as({ @@ -357,6 +369,47 @@ export const sessionHandlers = HttpApiBuilder.group(InstanceHttpApi, "session", ) }) + const promptPrepare = Effect.fn("SessionHttpApi.promptPrepare")(function* (ctx: { + params: { sessionID: SessionID } + payload: typeof PromptPreparePayload.Type + }) { + return yield* preparePromptDraft({ ctx }) + }) + + const promptPrepareStream = Effect.fn("SessionHttpApi.promptPrepareStream")(function* (ctx: { + params: { sessionID: SessionID } + payload: typeof PromptPreparePayload.Type + }) { + const queue = yield* Queue.unbounded() + yield* preparePromptDraft({ + ctx, + onProgress: (preview) => Queue.offerUnsafe(queue, { type: "progress", preview }), + }).pipe( + Effect.tap((result) => Effect.sync(() => Queue.offerUnsafe(queue, { type: "result", result }))), + Effect.catchCause((cause) => + Effect.sync(() => Queue.offerUnsafe(queue, { type: "error", message: Cause.pretty(cause) })), + ), + Effect.forkScoped({ startImmediately: true }), + ) + return HttpServerResponse.stream( + Stream.fromQueue(queue).pipe( + Stream.takeUntil(isPromptPrepareTerminal), + Stream.map(promptPrepareEvent), + Stream.pipeThroughChannel(Sse.encode()), + Stream.encodeText, + Stream.ensuring(Queue.shutdown(queue)), + ), + { + contentType: "text/event-stream", + headers: { + "Cache-Control": "no-cache, no-transform", + "X-Accel-Buffering": "no", + "X-Content-Type-Options": "nosniff", + }, + }, + ) + }) + const promptSuggestion = Effect.fn("SessionHttpApi.promptSuggestion")(function* (ctx: { params: { sessionID: SessionID } }) { @@ -489,6 +542,7 @@ export const sessionHandlers = HttpApiBuilder.group(InstanceHttpApi, "session", .handle("summarize", summarize) .handle("prompt", prompt) .handle("promptPrepare", promptPrepare) + .handle("promptPrepareStream", promptPrepareStream) .handle("promptSuggestion", promptSuggestion) .handle("promptAsync", promptAsync) .handle("command", command) diff --git a/packages/deepagent-code/src/session/prompt.ts b/packages/deepagent-code/src/session/prompt.ts index 4d84a06d..be6f1432 100644 --- a/packages/deepagent-code/src/session/prompt.ts +++ b/packages/deepagent-code/src/session/prompt.ts @@ -15,7 +15,7 @@ import { ProviderTransform } from "@/provider/transform" import { Auth } from "@/auth" import { configureGateway } from "@/deepagent/config" -import { type Tool as AITool, tool, jsonSchema, generateText, streamText, type ModelMessage } from "ai" +import { type Tool as AITool, tool, jsonSchema, streamText, type ModelMessage } from "ai" import type { JSONSchema7 } from "@ai-sdk/provider" import { SessionCompaction } from "./compaction" import { SystemPrompt } from "./system" @@ -122,6 +122,7 @@ export interface Interface { sessionID: SessionID rawInput: string outputLanguage?: AgentGateway.DeepAgentPromptPipeline.IntelligenceRefinementOutputLanguage + onProgress?: (preview: string) => void }) => Effect.Effect< { prompt_draft_id: string @@ -813,10 +814,47 @@ export const layer = Layer.effect( return undefined } + const partialIntelligencePrompt = (text: string) => { + const match = /"refined_prompt"\s*:\s*"/.exec(text) + if (!match) return + const escapes: Record = { + '"': '"', + "\\": "\\", + "/": "/", + b: "\b", + f: "\f", + n: "\n", + r: "\r", + t: "\t", + } + let preview = "" + for (let index = match.index + match[0].length; index < text.length; index++) { + const character = text[index]! + if (character === '"') return preview + if (character !== "\\") { + preview += character + continue + } + const escaped = text[index + 1] + if (!escaped) return preview + if (escaped !== "u") { + preview += escapes[escaped] ?? escaped + index++ + continue + } + const code = text.slice(index + 2, index + 6) + if (!/^[0-9a-f]{4}$/i.test(code)) return preview + preview += String.fromCharCode(Number.parseInt(code, 16)) + index += 5 + } + return preview + } + const generateIntelligenceRefinement = Effect.fnUntraced(function* (input: { sessionID: SessionID rawInput: string outputLanguage?: AgentGateway.DeepAgentPromptPipeline.IntelligenceRefinementOutputLanguage + onProgress?: (preview: string) => void }) { const cfg = yield* config.get() const model = yield* intelligenceRefinementModel(input.sessionID) @@ -827,7 +865,9 @@ export const layer = Layer.effect( const modelAuth = modelAuthID ? yield* auth.get(modelAuthID).pipe(Effect.orDie) : undefined const authInfo = model.providerID === "deepagent" ? (modelAuth ?? providerAuth) : providerAuth const isOpenaiOauth = (model.providerID === "openai" || modelAuthID === "openai") && authInfo?.type === "oauth" - const system = AgentGateway.DeepAgentPromptPipeline.intelligenceRefinementSystemPrompt(input.outputLanguage ?? "english") + const system = AgentGateway.DeepAgentPromptPipeline.intelligenceRefinementSystemPrompt( + input.outputLanguage ?? "english", + ) // Feed the refiner the recent conversation so it reuses already-stated facts (target // directory, paths, prior decisions) instead of guessing them and emitting misleading @@ -859,7 +899,7 @@ export const layer = Layer.effect( { role: "user", content: input.rawInput }, ], model: language, - } satisfies Parameters[0] + } satisfies Parameters[0] const run = { callKind: "auxiliary_ai_call" as const, feature: "intelligence_prompt_prepare", @@ -874,29 +914,33 @@ export const layer = Layer.effect( }, } - if (isOpenaiOauth) { - return yield* AgentGateway.runAuxiliary( - run, - Effect.tryPromise(async () => { - const result = streamText({ - ...params, - providerOptions: ProviderTransform.providerOptions(resolved, { instructions: system, store: false }), - onError: () => {}, - }) - let text = "" - for await (const part of result.fullStream) { - if (part.type === "error") throw part.error - if (part.type === "text-delta") text += part.text - } - return extractIntelligenceJson(text) - }), - ) - } - - configureGateway(cfg) + if (!isOpenaiOauth) configureGateway(cfg) return yield* AgentGateway.runAuxiliary( run, - Effect.tryPromise(() => generateText(params).then((r) => extractIntelligenceJson(r.text))), + Effect.tryPromise(async (signal) => { + const result = streamText({ + ...params, + ...(isOpenaiOauth + ? { + providerOptions: ProviderTransform.providerOptions(resolved, { instructions: system, store: false }), + onError: () => {}, + } + : {}), + abortSignal: signal, + }) + let text = "" + let preview = "" + for await (const part of result.fullStream) { + if (part.type === "error") throw part.error + if (part.type !== "text-delta") continue + text += part.text + const next = partialIntelligencePrompt(text) + if (!next || next === preview) continue + preview = next + input.onProgress?.(preview) + } + return extractIntelligenceJson(text) + }), ) }) @@ -910,6 +954,7 @@ export const layer = Layer.effect( sessionID: SessionID rawInput: string outputLanguage?: AgentGateway.DeepAgentPromptPipeline.IntelligenceRefinementOutputLanguage + onProgress?: (preview: string) => void }) { const ctx = yield* InstanceState.context const home = new AgentGateway.DeepAgentWorkspace.DeepAgentCodeHome(Global.Path.agent.data) diff --git a/packages/deepagent-code/src/tool/shell/prompt.ts b/packages/deepagent-code/src/tool/shell/prompt.ts index 92def987..5bae8f04 100644 --- a/packages/deepagent-code/src/tool/shell/prompt.ts +++ b/packages/deepagent-code/src/tool/shell/prompt.ts @@ -93,8 +93,8 @@ function bashCommandSection(chain: string, limits: Limits, defaultTimeoutMs: num 2. Command Execution: - Always quote file paths that contain spaces with double quotes (e.g., rm "path with spaces/file.txt") - Examples of proper quoting: - - mkdir "/Users/name/My Documents" (correct) - - mkdir /Users/name/My Documents (incorrect - will fail) + - mkdir "$HOME/My Documents" (correct) + - mkdir $HOME/My Documents (incorrect - will fail) - python "/path/with spaces/script.py" (correct) - python /path/with spaces/script.py (incorrect - will fail) - After ensuring proper quoting, execute the command. diff --git a/packages/deepagent-code/test/cli/serve/prompt-prepare.test.ts b/packages/deepagent-code/test/cli/serve/prompt-prepare.test.ts index b7dc1158..a6900ac9 100644 --- a/packages/deepagent-code/test/cli/serve/prompt-prepare.test.ts +++ b/packages/deepagent-code/test/cli/serve/prompt-prepare.test.ts @@ -6,18 +6,20 @@ function wishConfig(llmUrl: string) { return { formatter: false, lsp: false, - model: "deepseek/deepseek-v4-flash", + model: "deepagent/deepseek-v4-flash", provider: { - deepseek: { - name: "DeepSeek", - options: { baseURL: llmUrl }, + deepagent: { + name: "DeepAgent", models: { "deepseek-v4-flash": { id: "deepseek-v4-flash", name: "DeepSeek V4 Flash", reasoning: true, provider: { npm: "@ai-sdk/openai-compatible", api: llmUrl }, - options: {}, + options: { + authProviderID: "deepseek", + upstreamProviderID: "deepseek", + }, tool_call: true, limit: { context: 100_000, output: 10_000 }, }, @@ -36,6 +38,18 @@ function requestJson(url: string, init: RequestInit) { }) } +function requestEvents(url: string, init: RequestInit) { + return Effect.tryPromise(async () => { + const response = await fetch(url, init) + const text = await response.text() + if (!response.ok) throw new Error(`${init.method ?? "GET"} ${url} failed ${response.status}: ${text}`) + return text + .split("\n\n") + .flatMap((block) => block.split("\n").filter((line) => line.startsWith("data:"))) + .map((line) => JSON.parse(line.slice(5).trim()) as T) + }) +} + cliIt.live( "serves wish prompt_prepare through DeepSeek auth with partial JSON output", ({ deepagentCode, home, llm }) => @@ -81,7 +95,31 @@ cliIt.live( expect(prepared.route).toBe("code") expect(prepared.goal).toContain("登录测试") expect(prepared.preview).toContain("登录测试") - expect(yield* llm.calls).toBe(1) + yield* llm.text( + JSON.stringify({ + route: "code", + refined_prompt: "请流式定位登录测试失败原因,修复实现,并运行对应测试验证。", + assumptions: [], + }), + ) + + const streamed = yield* requestEvents< + | { type: "progress"; preview: string } + | { type: "result"; result: { route: string; goal: string; preview: string } } + >(`${server.url}/session/${session.id}/prompt_prepare_stream`, { + method: "POST", + headers, + body: JSON.stringify({ + mode: "intelligence", + output_language: "chinese", + parts: [{ type: "text", text: "流式修复登录测试" }], + }), + }) + + expect(streamed.some((event) => event.type === "progress" && event.preview.includes("登录测试"))).toBe(true) + const result = streamed.find((event) => event.type === "result") + expect(result?.type === "result" && result.result.preview.includes("登录测试")).toBe(true) + expect(yield* llm.calls).toBe(2) expect(JSON.stringify((yield* llm.hits)[0]?.body)).toContain("in Chinese") expect((yield* llm.hits)[0]?.headers.authorization).toBe("Bearer upstream-test-key") }), diff --git a/packages/deepagent-code/test/server/httpapi-sdk.test.ts b/packages/deepagent-code/test/server/httpapi-sdk.test.ts index e6e521dc..eba96f4c 100644 --- a/packages/deepagent-code/test/server/httpapi-sdk.test.ts +++ b/packages/deepagent-code/test/server/httpapi-sdk.test.ts @@ -49,7 +49,10 @@ const original = { type ServerPath = "default" | "raw" type Sdk = ReturnType -type SdkResult = { response: Response; data?: unknown; error?: unknown } +// The generated SDK now types `response`/`request` as optional (an error can originate from building +// the request itself, before any response exists). These helpers only run against completed requests, +// so response is present in practice — match the optional contract and assert it at the read site. +type SdkResult = { response?: Response; data?: unknown; error?: unknown } type Captured = { status: number; data?: unknown; error?: unknown } type ProjectFixture = { sdk: Sdk; directory: string } type LlmProjectFixture = ProjectFixture & { llm: TestLLMServer["Service"] } @@ -118,7 +121,7 @@ function call(request: () => Promise) { function capture(request: () => Promise) { return call(request).pipe( Effect.map((result) => ({ - status: result.response.status, + status: result.response?.status ?? 0, data: result.data, error: result.error, })), @@ -135,9 +138,9 @@ function captureThrown(request: () => Promise) { }) } -function expectStatus(request: () => Promise<{ response: Response }>, status: number) { +function expectStatus(request: () => Promise<{ response?: Response }>, status: number) { return call(request).pipe( - Effect.tap((result) => Effect.sync(() => expect(result.response.status).toBe(status))), + Effect.tap((result) => Effect.sync(() => expect(result.response?.status).toBe(status))), Effect.asVoid, ) } @@ -375,12 +378,12 @@ describe("HttpApi SDK", () => { const health = yield* call(() => sdk.global.health()) const log = yield* call(() => sdk.app.log({ service: "httpapi-sdk-test", level: "info", message: "hello" })) - expect(health.response.status).toBe(200) + expect(health.response?.status).toBe(200) expect(health.data).toMatchObject({ healthy: true }) expect(yield* firstEvent((signal) => sdk.global.event({ signal }))).toMatchObject({ payload: { type: "server.connected" }, }) - expect(log.response.status).toBe(200) + expect(log.response?.status).toBe(200) expect(log.data).toBe(true) yield* expectStatus(() => sdk.auth.set({ providerID: "test" }), 400) }), @@ -395,11 +398,11 @@ describe("HttpApi SDK", () => { const session = yield* call(() => sdk.session.create({ title: "sdk" })) const listed = yield* call(() => sdk.session.list({ roots: true, limit: 10 })) - expect(file.response.status).toBe(200) + expect(file.response?.status).toBe(200) expect(file.data).toMatchObject({ content: "hello" }) - expect(session.response.status).toBe(200) + expect(session.response?.status).toBe(200) expect(session.data).toMatchObject({ title: "sdk" }) - expect(listed.response.status).toBe(200) + expect(listed.response?.status).toBe(200) expect(listed.data?.map((item) => item.id)).toContain(session.data?.id) yield* Effect.all([ @@ -417,7 +420,7 @@ describe("HttpApi SDK", () => { ({ sdk }) => Effect.gen(function* () { const reviews = yield* call(() => sdk.deepagent.reviews()) - expect(reviews.response.status).toBe(200) + expect(reviews.response?.status).toBe(200) expect(reviews.data).toMatchObject({ reviews: expect.any(Array) }) const candidate = { @@ -438,7 +441,7 @@ describe("HttpApi SDK", () => { approval: { approver: "sdk-test", approved: true, note: "generated client route" }, }), ) - expect(promoted.response.status).toBe(200) + expect(promoted.response?.status).toBe(200) expect(promoted.data).toMatchObject({ promoted: expect.objectContaining({ source_candidate_id: candidate.candidate_id }), }) @@ -449,7 +452,7 @@ describe("HttpApi SDK", () => { reason: "sdk reject test", }), ) - expect(rejected.response.status).toBe(200) + expect(rejected.response?.status).toBe(200) expect(rejected.data).toMatchObject({ rejected: expect.objectContaining({ reason: "sdk reject test" }) }) }), ) @@ -467,7 +470,7 @@ describe("HttpApi SDK", () => { const reviews = yield* call(() => sdk.deepagent.reviews({ directory })) - expect(reviews.response.status).toBe(200) + expect(reviews.response?.status).toBe(200) expect(reviews.data).toMatchObject({ reviews: [ expect.objectContaining({ @@ -500,7 +503,7 @@ describe("HttpApi SDK", () => { const file = yield* call(() => sdk.v2.fs.read({ path: "hello.txt" })) const url = new URL(request!.url) - expect(file.response.status).toBe(200) + expect(file.response?.status).toBe(200) expect(file.data).toMatchObject({ data: { content: "hello" } }) expect(url.searchParams.get("directory")).toBe(directory) expect(url.searchParams.get("workspace")).toBe(workspaceID) diff --git a/packages/deepagent-code/test/session/prompt.test.ts b/packages/deepagent-code/test/session/prompt.test.ts index 7f4a321b..e57aa37d 100644 --- a/packages/deepagent-code/test/session/prompt.test.ts +++ b/packages/deepagent-code/test/session/prompt.test.ts @@ -207,8 +207,7 @@ const stubRuntimeBaseLayer = Layer.succeed( // Fully-inert DebugService (D1) stub. The real DebugService.layer runs InstanceState.make // + registers a scope finalizer at registry-build time, perturbing the instance-context // lifecycle these prompt tests rely on. The debug tool is never invoked here. -const debugStubDie =
(): Effect.Effect => - Effect.die("DebugService stub (not used in prompt tests)") +const debugStubDie = (): Effect.Effect => Effect.die("DebugService stub (not used in prompt tests)") const stubDebugServiceLayer = Layer.succeed( DebugService.Service, DebugService.Service.of({ @@ -2512,6 +2511,7 @@ it.instance( const prompt = yield* SessionPrompt.Service const sessions = yield* Session.Service const session = yield* sessions.create({}) + const progress: string[] = [] yield* llm.text( JSON.stringify({ @@ -2530,6 +2530,7 @@ it.instance( sessionID: session.id, rawInput: "修复登录测试", outputLanguage: "chinese", + onProgress: (preview) => progress.push(preview), }) .pipe(Effect.exit) @@ -2542,6 +2543,7 @@ it.instance( expect(JSON.stringify((yield* llm.hits)[0]?.body)).toContain("in Chinese") expect((yield* llm.hits)[0]?.headers.authorization).toBe("Bearer upstream-test-key") expect(yield* llm.misses).toEqual([]) + expect(progress.at(-1)).toContain("登录测试") }), 30_000, ) diff --git a/packages/desktop/electron-builder.config.ts b/packages/desktop/electron-builder.config.ts index 3ff554dc..ba308c7e 100644 --- a/packages/desktop/electron-builder.config.ts +++ b/packages/desktop/electron-builder.config.ts @@ -4,6 +4,7 @@ import { fileURLToPath } from "node:url" import { promisify } from "node:util" import type { Configuration } from "electron-builder" +import { auditPackageInputs } from "./scripts/audit-package" const execFileAsync = promisify(execFile) const rootDir = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../..") @@ -53,7 +54,15 @@ const getBase = (): Configuration => ({ output: "dist", buildResources: "resources", }, - files: ["out/**/*", "resources/**/*"], + files: [ + "out/**/*", + "!out/**/*.map", + "resources/icons/**/*", + "resources/entitlements.plist", + "resources/*.metainfo.xml", + "resources/deepagent-code-cli*", + ], + beforePack: () => auditPackageInputs(path.dirname(fileURLToPath(import.meta.url))), extraResources: [ { from: "native/", diff --git a/packages/desktop/scripts/audit-package.test.ts b/packages/desktop/scripts/audit-package.test.ts new file mode 100644 index 00000000..7ad913a2 --- /dev/null +++ b/packages/desktop/scripts/audit-package.test.ts @@ -0,0 +1,47 @@ +import { describe, expect, test } from "bun:test" +import { mkdtemp, mkdir, rm, symlink, writeFile } from "node:fs/promises" +import { tmpdir } from "node:os" +import path from "node:path" +import { auditPackageInputs } from "./audit-package" + +async function fixture() { + const root = await mkdtemp(path.join(tmpdir(), "deepagent-package-audit-")) + await mkdir(path.join(root, "out", "main", "domain-packs"), { recursive: true }) + await mkdir(path.join(root, "resources"), { recursive: true }) + await writeFile(path.join(root, "out", "main", "index.js"), "export {}") + return { + root, + [Symbol.asyncDispose]: () => rm(root, { recursive: true, force: true }), + } +} + +describe("auditPackageInputs", () => { + test("accepts generated application assets", async () => { + await using root = await fixture() + await expect(auditPackageInputs(root.root)).resolves.toBeUndefined() + }) + + test("rejects runtime databases", async () => { + await using root = await fixture() + await writeFile(path.join(root.root, "out", "deepagent-code.db"), "history") + await expect(auditPackageInputs(root.root)).rejects.toThrow("runtime user-data file") + }) + + test("rejects personal paths in bundled domain packs", async () => { + await using root = await fixture() + await writeFile(path.join(root.root, "out", "main", "domain-packs", "pack.json"), "/Users/alice/skills") + await expect(auditPackageInputs(root.root)).rejects.toThrow("absolute user home path") + }) + + test("rejects personal paths in generated JavaScript", async () => { + await using root = await fixture() + await writeFile(path.join(root.root, "out", "main", "index.js"), 'const root = "/home/alice/project"') + await expect(auditPackageInputs(root.root)).rejects.toThrow("absolute user home path") + }) + + test("rejects symlinks in package inputs", async () => { + await using root = await fixture() + await symlink(path.join(root.root, "out", "main", "index.js"), path.join(root.root, "resources", "linked.js")) + await expect(auditPackageInputs(root.root)).rejects.toThrow("symbolic link") + }) +}) diff --git a/packages/desktop/scripts/audit-package.ts b/packages/desktop/scripts/audit-package.ts new file mode 100644 index 00000000..e4b38c03 --- /dev/null +++ b/packages/desktop/scripts/audit-package.ts @@ -0,0 +1,62 @@ +import { lstat, readdir, readFile } from "node:fs/promises" +import path from "node:path" + +const forbiddenNames = new Set([ + "account.json", + "auth.json", + "deepagent-code.db", + "deepagent-code-local.db", + "deepagent.global.dat", + "settings.json", +]) + +const forbiddenExtensions = [".dat", ".db", ".db-shm", ".db-wal", ".sqlite", ".log", ".jsonl"] +const absoluteHome = /(?:\/Users\/[^/\s]+|\/home\/[^/\s]+|[A-Za-z]:\\Users\\[^\\\s]+)/ +const runtimeDataPath = + /(?:Library\/Application Support\/ai\.deepagent-code|\.deepagent\/code|AppData\\Roaming\\ai\.deepagent-code)/ +const textExtensions = new Set([".cjs", ".js", ".json", ".md", ".mjs", ".plist", ".txt", ".xml", ".yaml", ".yml"]) + +async function files(directory: string): Promise { + return ( + await Promise.all( + (await readdir(directory, { withFileTypes: true }).catch(() => [])) + .map((entry) => { + const file = path.join(directory, entry.name) + if (entry.isSymbolicLink()) return [file] + return entry.isDirectory() ? files(file) : [file] + }), + ) + ).flat() +} + +export async function auditPackageInputs(desktopDir: string) { + const failures = ( + await Promise.all( + (await Promise.all([files(path.join(desktopDir, "out")), files(path.join(desktopDir, "resources"))])) + .flatMap((entries) => entries) + .map(async (file) => { + const relative = path.relative(desktopDir, file).replaceAll("\\", "/") + const lower = path.basename(file).toLowerCase() + const symbolicLink = (await lstat(file)).isSymbolicLink() + const reasons = [ + symbolicLink ? "symbolic link" : undefined, + forbiddenNames.has(lower) || forbiddenExtensions.some((extension) => lower.endsWith(extension)) + ? "runtime user-data file" + : undefined, + ] + if (!symbolicLink && textExtensions.has(path.extname(lower)) && !lower.endsWith(".map")) { + const contents = await readFile(file, "utf8").catch(() => "") + if (absoluteHome.test(contents)) reasons.push("absolute user home path") + if ( + (relative.startsWith("out/main/domain-packs/") || relative.startsWith("resources/")) && + runtimeDataPath.test(contents) + ) + reasons.push("runtime user-data path") + } + return reasons.filter((reason): reason is string => !!reason).map((reason) => `${relative}: ${reason}`) + }), + ) + ).flat() + if (failures.length === 0) return + throw new Error(`Refusing to package unsafe files:\n${failures.join("\n")}`) +} diff --git a/packages/desktop/scripts/prebuild.ts b/packages/desktop/scripts/prebuild.ts index 6d47cb76..383def1c 100644 --- a/packages/desktop/scripts/prebuild.ts +++ b/packages/desktop/scripts/prebuild.ts @@ -1,9 +1,17 @@ #!/usr/bin/env bun import { $ } from "bun" +import { readdir, rm } from "node:fs/promises" import { resolveChannel } from "./utils" const channel = resolveChannel() +await rm("out", { recursive: true, force: true }) +await rm("resources/icons", { recursive: true, force: true }) +await Promise.all( + (await readdir("resources").catch(() => [])) + .filter((file) => file.endsWith(".metainfo.xml")) + .map((file) => rm(`resources/${file}`, { force: true })), +) await $`bun ./scripts/copy-icons.ts ${channel}` await $`bun ./scripts/copy-metainfo.ts ${channel}` diff --git a/packages/domain-packs/code/architecture/README.md b/packages/domain-packs/code/architecture/README.md index af901877..a0be918d 100644 --- a/packages/domain-packs/code/architecture/README.md +++ b/packages/domain-packs/code/architecture/README.md @@ -10,7 +10,7 @@ Does not replace domain-specific implementation packs or organization governance ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/architecture/documents/failure_dossiers/architecture-astronomy.json b/packages/domain-packs/code/architecture/documents/failure_dossiers/architecture-astronomy.json index 846a4c1a..78151d1b 100644 --- a/packages/domain-packs/code/architecture/documents/failure_dossiers/architecture-astronomy.json +++ b/packages/domain-packs/code/architecture/documents/failure_dossiers/architecture-astronomy.json @@ -2,7 +2,7 @@ "ref_id": "failure:architecture:architecture-astronomy", "type": "failure_dossier", "description": "Abstract diagrams without code or runtime evidence do not guide implementation.", - "body": "Tie architecture claims to files, APIs, tests, or deployment facts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Tie architecture claims to files, APIs, tests, or deployment facts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "architecture", "scope_hint": "code.architecture:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/failure_dossiers/shared-everything.json b/packages/domain-packs/code/architecture/documents/failure_dossiers/shared-everything.json index ddf1bce3..6e67244d 100644 --- a/packages/domain-packs/code/architecture/documents/failure_dossiers/shared-everything.json +++ b/packages/domain-packs/code/architecture/documents/failure_dossiers/shared-everything.json @@ -2,7 +2,7 @@ "ref_id": "failure:architecture:shared-everything", "type": "failure_dossier", "description": "Putting domain policy in generic helpers creates broad coupling.", - "body": "Keep domain rules near owners.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Keep domain rules near owners.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "architecture", "scope_hint": "code.architecture:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/knowledge/adr-not-spec.json b/packages/domain-packs/code/architecture/documents/knowledge/adr-not-spec.json index f2067579..1658fbaa 100644 --- a/packages/domain-packs/code/architecture/documents/knowledge/adr-not-spec.json +++ b/packages/domain-packs/code/architecture/documents/knowledge/adr-not-spec.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:architecture:adr-not-spec", "type": "knowledge", "description": "An ADR records a decision, not all requirements.", - "body": "Keep ADRs concise and link to specs or tests for detailed behavior.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Keep ADRs concise and link to specs or tests for detailed behavior.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/knowledge/architecture-is-change-cost.json b/packages/domain-packs/code/architecture/documents/knowledge/architecture-is-change-cost.json index 7e3ab3b4..69c600f4 100644 --- a/packages/domain-packs/code/architecture/documents/knowledge/architecture-is-change-cost.json +++ b/packages/domain-packs/code/architecture/documents/knowledge/architecture-is-change-cost.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:architecture:architecture-is-change-cost", "type": "knowledge", "description": "Architecture quality shows up as change cost and failure isolation.", - "body": "A design is not good because it is abstract; it is good when it localizes changes and failures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A design is not good because it is abstract; it is good when it localizes changes and failures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/knowledge/shared-kernel-risk.json b/packages/domain-packs/code/architecture/documents/knowledge/shared-kernel-risk.json index 738e085b..cce6cbba 100644 --- a/packages/domain-packs/code/architecture/documents/knowledge/shared-kernel-risk.json +++ b/packages/domain-packs/code/architecture/documents/knowledge/shared-kernel-risk.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:architecture:shared-kernel-risk", "type": "knowledge", "description": "Shared helpers can become hidden coupling across domains.", - "body": "Utilities that encode domain policy should belong to the domain, not a generic shared module.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Utilities that encode domain policy should belong to the domain, not a generic shared module.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/methodologies/adr-materialization.json b/packages/domain-packs/code/architecture/documents/methodologies/adr-materialization.json index 777d0898..3625f177 100644 --- a/packages/domain-packs/code/architecture/documents/methodologies/adr-materialization.json +++ b/packages/domain-packs/code/architecture/documents/methodologies/adr-materialization.json @@ -2,7 +2,7 @@ "ref_id": "methodology:architecture:adr-materialization", "type": "methodology", "description": "Write decision, alternatives, consequences, and validation for durable architecture changes.", - "body": "Steps: state context; list options; choose one; state consequences; define validation and revisit conditions.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: state context; list options; choose one; state consequences; define validation and revisit conditions.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/methodologies/architecture-scan.json b/packages/domain-packs/code/architecture/documents/methodologies/architecture-scan.json index 3da7a568..29362072 100644 --- a/packages/domain-packs/code/architecture/documents/methodologies/architecture-scan.json +++ b/packages/domain-packs/code/architecture/documents/methodologies/architecture-scan.json @@ -2,7 +2,7 @@ "ref_id": "methodology:architecture:architecture-scan", "type": "methodology", "description": "Map modules, dependencies, data flow, and ownership before proposing changes.", - "body": "Steps: list components; identify dependencies; trace data flow; find ownership of invariants; compare proposed change with existing architecture.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: list components; identify dependencies; trace data flow; find ownership of invariants; compare proposed change with existing architecture.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/methodologies/cycle-risk-review.json b/packages/domain-packs/code/architecture/documents/methodologies/cycle-risk-review.json index bc3bff1b..0536281e 100644 --- a/packages/domain-packs/code/architecture/documents/methodologies/cycle-risk-review.json +++ b/packages/domain-packs/code/architecture/documents/methodologies/cycle-risk-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:architecture:cycle-risk-review", "type": "methodology", "description": "Find cycles and hidden dependency inversions.", - "body": "Steps: inspect imports, runtime calls, shared types, and generated clients; decide whether cycle is accidental or intentional.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: inspect imports, runtime calls, shared types, and generated clients; decide whether cycle is accidental or intentional.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/skills/produce-architecture-map.json b/packages/domain-packs/code/architecture/documents/skills/produce-architecture-map.json index 7ba23032..6900cf4c 100644 --- a/packages/domain-packs/code/architecture/documents/skills/produce-architecture-map.json +++ b/packages/domain-packs/code/architecture/documents/skills/produce-architecture-map.json @@ -2,7 +2,7 @@ "ref_id": "skill:architecture:produce-architecture-map", "type": "skill", "description": "Summarize components, ownership, dependencies, and risk hotspots.", - "body": "Inputs: repository paths or design doc. Output: architecture map with boundaries, dependency risks, and validation gaps.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: repository paths or design doc. Output: architecture map with boundaries, dependency risks, and validation gaps.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/strategies/boundary-ownership.json b/packages/domain-packs/code/architecture/documents/strategies/boundary-ownership.json index 27903bf2..5d2c7760 100644 --- a/packages/domain-packs/code/architecture/documents/strategies/boundary-ownership.json +++ b/packages/domain-packs/code/architecture/documents/strategies/boundary-ownership.json @@ -2,7 +2,7 @@ "ref_id": "strategy:architecture:boundary-ownership", "type": "strategy", "description": "Assign each invariant to one owning boundary.", - "body": "Architecture reviews should identify where contracts, validation, persistence, and side effects belong. Duplicate ownership causes drift.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Architecture reviews should identify where contracts, validation, persistence, and side effects belong. Duplicate ownership causes drift.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/strategies/decision-record.json b/packages/domain-packs/code/architecture/documents/strategies/decision-record.json index 71282a08..7896f51c 100644 --- a/packages/domain-packs/code/architecture/documents/strategies/decision-record.json +++ b/packages/domain-packs/code/architecture/documents/strategies/decision-record.json @@ -2,7 +2,7 @@ "ref_id": "strategy:architecture:decision-record", "type": "strategy", "description": "Record architectural tradeoffs when choices affect future work.", - "body": "Use concise ADR-style notes for alternatives, decision, consequences, and rollback conditions when architecture changes are durable.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Use concise ADR-style notes for alternatives, decision, consequences, and rollback conditions when architecture changes are durable.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/strategies/dependency-direction.json b/packages/domain-packs/code/architecture/documents/strategies/dependency-direction.json index 9f24dd75..e2c19cac 100644 --- a/packages/domain-packs/code/architecture/documents/strategies/dependency-direction.json +++ b/packages/domain-packs/code/architecture/documents/strategies/dependency-direction.json @@ -2,7 +2,7 @@ "ref_id": "strategy:architecture:dependency-direction", "type": "strategy", "description": "Keep dependencies flowing from high-level policy to lower-level mechanisms intentionally.", - "body": "Unexpected reverse dependencies and cross-layer imports make changes harder and create cycles.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Unexpected reverse dependencies and cross-layer imports make changes harder and create cycles.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/architecture/documents/strategies/small-surface-integration.json b/packages/domain-packs/code/architecture/documents/strategies/small-surface-integration.json index 5e1e0d73..b50d2f4f 100644 --- a/packages/domain-packs/code/architecture/documents/strategies/small-surface-integration.json +++ b/packages/domain-packs/code/architecture/documents/strategies/small-surface-integration.json @@ -2,7 +2,7 @@ "ref_id": "strategy:architecture:small-surface-integration", "type": "strategy", "description": "Integrate systems through narrow contracts instead of shared internals.", - "body": "A narrow boundary limits blast radius and makes testing and replacement easier.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A narrow boundary limits blast radius and makes testing and replacement easier.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Software Architecture work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "architecture", "scope_hint": "code.architecture:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/README.md b/packages/domain-packs/code/benchmarking/README.md index 8bd9cf98..fa6aa669 100644 --- a/packages/domain-packs/code/benchmarking/README.md +++ b/packages/domain-packs/code/benchmarking/README.md @@ -10,7 +10,7 @@ Does not choose product performance priorities; it supplies evidence discipline. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/benchmarking/documents/failure_dossiers/changed-workload-comparison.json b/packages/domain-packs/code/benchmarking/documents/failure_dossiers/changed-workload-comparison.json index 61bae3db..789098a7 100644 --- a/packages/domain-packs/code/benchmarking/documents/failure_dossiers/changed-workload-comparison.json +++ b/packages/domain-packs/code/benchmarking/documents/failure_dossiers/changed-workload-comparison.json @@ -2,7 +2,7 @@ "ref_id": "failure:benchmarking:changed-workload-comparison", "type": "failure_dossier", "description": "Changing workload invalidates before/after comparison.", - "body": "Keep input and environment fixed.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Keep input and environment fixed.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "benchmarking", "scope_hint": "code.benchmarking:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/failure_dossiers/single-run-claim.json b/packages/domain-packs/code/benchmarking/documents/failure_dossiers/single-run-claim.json index 529be397..e183ebc1 100644 --- a/packages/domain-packs/code/benchmarking/documents/failure_dossiers/single-run-claim.json +++ b/packages/domain-packs/code/benchmarking/documents/failure_dossiers/single-run-claim.json @@ -2,7 +2,7 @@ "ref_id": "failure:benchmarking:single-run-claim", "type": "failure_dossier", "description": "One benchmark run is insufficient evidence.", - "body": "Repeat and compare variance.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Repeat and compare variance.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "benchmarking", "scope_hint": "code.benchmarking:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/knowledge/benchmark-needs-correctness.json b/packages/domain-packs/code/benchmarking/documents/knowledge/benchmark-needs-correctness.json index ef5566a9..55b53066 100644 --- a/packages/domain-packs/code/benchmarking/documents/knowledge/benchmark-needs-correctness.json +++ b/packages/domain-packs/code/benchmarking/documents/knowledge/benchmark-needs-correctness.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:benchmarking:benchmark-needs-correctness", "type": "knowledge", "description": "A faster wrong result is a correctness failure, not optimization.", - "body": "Performance gates must pair with correctness validation for the measured workload.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Performance gates must pair with correctness validation for the measured workload.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/knowledge/environment-is-part-of-result.json b/packages/domain-packs/code/benchmarking/documents/knowledge/environment-is-part-of-result.json index 4b70ade8..83ffc3a5 100644 --- a/packages/domain-packs/code/benchmarking/documents/knowledge/environment-is-part-of-result.json +++ b/packages/domain-packs/code/benchmarking/documents/knowledge/environment-is-part-of-result.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:benchmarking:environment-is-part-of-result", "type": "knowledge", "description": "Benchmark results are tied to hardware, runtime, flags, and load.", - "body": "Record environment details or the result is hard to reproduce.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Record environment details or the result is hard to reproduce.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/knowledge/thresholds-prevent-noise.json b/packages/domain-packs/code/benchmarking/documents/knowledge/thresholds-prevent-noise.json index 15d922f0..26c63882 100644 --- a/packages/domain-packs/code/benchmarking/documents/knowledge/thresholds-prevent-noise.json +++ b/packages/domain-packs/code/benchmarking/documents/knowledge/thresholds-prevent-noise.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:benchmarking:thresholds-prevent-noise", "type": "knowledge", "description": "Explicit thresholds prevent noisy benchmark churn.", - "body": "Benchmark CI gates should encode tolerances that match metric variability.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Benchmark CI gates should encode tolerances that match metric variability.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/methodologies/bench-harness-validation.json b/packages/domain-packs/code/benchmarking/documents/methodologies/bench-harness-validation.json index f2189c7f..e94cd1bc 100644 --- a/packages/domain-packs/code/benchmarking/documents/methodologies/bench-harness-validation.json +++ b/packages/domain-packs/code/benchmarking/documents/methodologies/bench-harness-validation.json @@ -2,7 +2,7 @@ "ref_id": "methodology:benchmarking:bench-harness-validation", "type": "methodology", "description": "Validate benchmark harness before trusting numbers.", - "body": "Steps: confirm workload exercises target path; prevent dead-code elimination; verify result correctness; check timers and units.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Steps: confirm workload exercises target path; prevent dead-code elimination; verify result correctness; check timers and units.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/methodologies/benchmark-regression-protocol.json b/packages/domain-packs/code/benchmarking/documents/methodologies/benchmark-regression-protocol.json index 83351ef4..a01577d2 100644 --- a/packages/domain-packs/code/benchmarking/documents/methodologies/benchmark-regression-protocol.json +++ b/packages/domain-packs/code/benchmarking/documents/methodologies/benchmark-regression-protocol.json @@ -2,7 +2,7 @@ "ref_id": "methodology:benchmarking:benchmark-regression-protocol", "type": "methodology", "description": "Prepare environment, run repeated baseline/candidate, compare trend, attribute regression.", - "body": "Steps: verify environment readiness; run baseline repeats; run candidate repeats; compute delta and variance; inspect outliers; run correctness checks; record artifacts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Steps: verify environment readiness; run baseline repeats; run candidate repeats; compute delta and variance; inspect outliers; run correctness checks; record artifacts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/methodologies/outlier-review.json b/packages/domain-packs/code/benchmarking/documents/methodologies/outlier-review.json index cbea5f09..21e5a696 100644 --- a/packages/domain-packs/code/benchmarking/documents/methodologies/outlier-review.json +++ b/packages/domain-packs/code/benchmarking/documents/methodologies/outlier-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:benchmarking:outlier-review", "type": "methodology", "description": "Classify outliers before including or excluding them.", - "body": "Steps: inspect system load, cold start, network, GC, thermal throttling, or runner noise; report inclusion decision and reason.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Steps: inspect system load, cold start, network, GC, thermal throttling, or runner noise; report inclusion decision and reason.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/skills/run-benchmark-protocol.json b/packages/domain-packs/code/benchmarking/documents/skills/run-benchmark-protocol.json index 6a267947..3e7d7c9b 100644 --- a/packages/domain-packs/code/benchmarking/documents/skills/run-benchmark-protocol.json +++ b/packages/domain-packs/code/benchmarking/documents/skills/run-benchmark-protocol.json @@ -2,7 +2,7 @@ "ref_id": "skill:benchmarking:run-benchmark-protocol", "type": "skill", "description": "Run repeated benchmark and produce normalized comparison evidence.", - "body": "Inputs: baseline command and candidate command. Output: metric table, variance, outlier notes, and verdict.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Inputs: baseline command and candidate command. Output: metric table, variance, outlier notes, and verdict.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/strategies/baseline-lock.json b/packages/domain-packs/code/benchmarking/documents/strategies/baseline-lock.json index 490616b4..beef992d 100644 --- a/packages/domain-packs/code/benchmarking/documents/strategies/baseline-lock.json +++ b/packages/domain-packs/code/benchmarking/documents/strategies/baseline-lock.json @@ -2,7 +2,7 @@ "ref_id": "strategy:benchmarking:baseline-lock", "type": "strategy", "description": "Compare against a pinned baseline and identical workload.", - "body": "Benchmark claims require baseline revision, command, environment, and input. Changing workload and code together invalidates comparison.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Benchmark claims require baseline revision, command, environment, and input. Changing workload and code together invalidates comparison.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/strategies/regression-threshold.json b/packages/domain-packs/code/benchmarking/documents/strategies/regression-threshold.json index 6cbb5665..2fc0da6b 100644 --- a/packages/domain-packs/code/benchmarking/documents/strategies/regression-threshold.json +++ b/packages/domain-packs/code/benchmarking/documents/strategies/regression-threshold.json @@ -2,7 +2,7 @@ "ref_id": "strategy:benchmarking:regression-threshold", "type": "strategy", "description": "Use explicit thresholds for fail/pass decisions.", - "body": "A benchmark gate needs a tolerance and metric name. Without a threshold, small noise becomes subjective.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "A benchmark gate needs a tolerance and metric name. Without a threshold, small noise becomes subjective.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/strategies/repeat-and-variance.json b/packages/domain-packs/code/benchmarking/documents/strategies/repeat-and-variance.json index f4a7a55c..a088983e 100644 --- a/packages/domain-packs/code/benchmarking/documents/strategies/repeat-and-variance.json +++ b/packages/domain-packs/code/benchmarking/documents/strategies/repeat-and-variance.json @@ -2,7 +2,7 @@ "ref_id": "strategy:benchmarking:repeat-and-variance", "type": "strategy", "description": "Use repeated runs and variance instead of single-run claims.", - "body": "Single benchmark results are noisy. Record repetitions, environment, mean/median, variance, and outliers before declaring improvement.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Single benchmark results are noisy. Record repetitions, environment, mean/median, variance, and outliers before declaring improvement.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/benchmarking/documents/strategies/warmup-control.json b/packages/domain-packs/code/benchmarking/documents/strategies/warmup-control.json index 80fac766..780929f1 100644 --- a/packages/domain-packs/code/benchmarking/documents/strategies/warmup-control.json +++ b/packages/domain-packs/code/benchmarking/documents/strategies/warmup-control.json @@ -2,7 +2,7 @@ "ref_id": "strategy:benchmarking:warmup-control", "type": "strategy", "description": "Account for JIT, cache, disk, network, and GPU warmup effects.", - "body": "Warmup can dominate early runs. Separate warmup from measured iterations when the runtime needs it.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Warmup can dominate early runs. Separate warmup from measured iterations when the runtime needs it.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Benchmarking work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "benchmarking", "scope_hint": "code.benchmarking:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/c/README.md b/packages/domain-packs/code/c/README.md index 07e01903..8a7b3c3f 100644 --- a/packages/domain-packs/code/c/README.md +++ b/packages/domain-packs/code/c/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/c/documents/knowledge/manual-memory-contract.json b/packages/domain-packs/code/c/documents/knowledge/manual-memory-contract.json index b4696b0d..e3dc898f 100644 --- a/packages/domain-packs/code/c/documents/knowledge/manual-memory-contract.json +++ b/packages/domain-packs/code/c/documents/knowledge/manual-memory-contract.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:c:manual-memory-contract", "type": "knowledge", "description": "C code needs explicit ownership, allocation, and error cleanup contracts.", - "body": "Memory ownership must be documented or enforced by conventions and tests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when C work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Memory ownership must be documented or enforced by conventions and tests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when C work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "c", "scope_hint": "code.c:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/README.md b/packages/domain-packs/code/ci-triage/README.md index b83b90e7..a6927cf4 100644 --- a/packages/domain-packs/code/ci-triage/README.md +++ b/packages/domain-packs/code/ci-triage/README.md @@ -10,7 +10,7 @@ Does not own production deployment or provider-specific cloud authorization. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/ci-triage/documents/failure_dossiers/last-error-only.json b/packages/domain-packs/code/ci-triage/documents/failure_dossiers/last-error-only.json index db6d8e57..0b021b8a 100644 --- a/packages/domain-packs/code/ci-triage/documents/failure_dossiers/last-error-only.json +++ b/packages/domain-packs/code/ci-triage/documents/failure_dossiers/last-error-only.json @@ -2,7 +2,7 @@ "ref_id": "failure:ci_triage:last-error-only", "type": "failure_dossier", "description": "Using the final log line can miss the first real failure.", - "body": "Wrapper failures often appear after the actionable command has already failed.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Wrapper failures often appear after the actionable command has already failed.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "ci_triage", "scope_hint": "code.ci-triage:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/failure_dossiers/rerun-without-evidence.json b/packages/domain-packs/code/ci-triage/documents/failure_dossiers/rerun-without-evidence.json index 4a440052..a6135e35 100644 --- a/packages/domain-packs/code/ci-triage/documents/failure_dossiers/rerun-without-evidence.json +++ b/packages/domain-packs/code/ci-triage/documents/failure_dossiers/rerun-without-evidence.json @@ -2,7 +2,7 @@ "ref_id": "failure:ci_triage:rerun-without-evidence", "type": "failure_dossier", "description": "Repeated CI reruns without changed hypothesis waste time and hide deterministic failures.", - "body": "Treat uncontrolled reruns as an anti-pattern.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Treat uncontrolled reruns as an anti-pattern.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "ci_triage", "scope_hint": "code.ci-triage:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/knowledge/ci-is-evidence-source.json b/packages/domain-packs/code/ci-triage/documents/knowledge/ci-is-evidence-source.json index 305ac240..f8e24ee0 100644 --- a/packages/domain-packs/code/ci-triage/documents/knowledge/ci-is-evidence-source.json +++ b/packages/domain-packs/code/ci-triage/documents/knowledge/ci-is-evidence-source.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:ci_triage:ci-is-evidence-source", "type": "knowledge", "description": "CI output is evidence only when command and artifact refs are preserved.", - "body": "A red check without log, command, and step details is insufficient for root cause. Normalized CI evidence should be replayable or inspectable.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A red check without log, command, and step details is insufficient for root cause. Normalized CI evidence should be replayable or inspectable.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/knowledge/skipped-checks-are-risk.json b/packages/domain-packs/code/ci-triage/documents/knowledge/skipped-checks-are-risk.json index 9e02563d..4d38695b 100644 --- a/packages/domain-packs/code/ci-triage/documents/knowledge/skipped-checks-are-risk.json +++ b/packages/domain-packs/code/ci-triage/documents/knowledge/skipped-checks-are-risk.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:ci_triage:skipped-checks-are-risk", "type": "knowledge", "description": "A green run with skipped required checks may not validate the change.", - "body": "Skipped jobs, path filters, conditional expressions, and cancelled matrix legs can hide missing validation.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Skipped jobs, path filters, conditional expressions, and cancelled matrix legs can hide missing validation.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/knowledge/workflow-changes-are-code.json b/packages/domain-packs/code/ci-triage/documents/knowledge/workflow-changes-are-code.json index 29ea6e6e..cfd47d3c 100644 --- a/packages/domain-packs/code/ci-triage/documents/knowledge/workflow-changes-are-code.json +++ b/packages/domain-packs/code/ci-triage/documents/knowledge/workflow-changes-are-code.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:ci_triage:workflow-changes-are-code", "type": "knowledge", "description": "CI workflow edits can break validation without source-code defects.", - "body": "YAML, cache, secret, runner image, and matrix changes are part of the executable system. They require review like source changes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "YAML, cache, secret, runner image, and matrix changes are part of the executable system. They require review like source changes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/methodologies/ci-evidence-adapter.json b/packages/domain-packs/code/ci-triage/documents/methodologies/ci-evidence-adapter.json index 2b30405e..c7161633 100644 --- a/packages/domain-packs/code/ci-triage/documents/methodologies/ci-evidence-adapter.json +++ b/packages/domain-packs/code/ci-triage/documents/methodologies/ci-evidence-adapter.json @@ -2,7 +2,7 @@ "ref_id": "methodology:ci_triage:ci-evidence-adapter", "type": "methodology", "description": "Collect workflow status, logs, run URL, duration, artifact refs, and first failing command.", - "body": "Steps: identify failing job; fetch or inspect logs; extract first failing command; classify error type; connect to changed files; report artifact refs and residual unknowns.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: identify failing job; fetch or inspect logs; extract first failing command; classify error type; connect to changed files; report artifact refs and residual unknowns.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/methodologies/matrix-failure-slice.json b/packages/domain-packs/code/ci-triage/documents/methodologies/matrix-failure-slice.json index 4c9daf36..b1d02374 100644 --- a/packages/domain-packs/code/ci-triage/documents/methodologies/matrix-failure-slice.json +++ b/packages/domain-packs/code/ci-triage/documents/methodologies/matrix-failure-slice.json @@ -2,7 +2,7 @@ "ref_id": "methodology:ci_triage:matrix-failure-slice", "type": "methodology", "description": "Reduce matrix failures to environment-specific or universal failures.", - "body": "Steps: group failures by OS/runtime/version; find common command; identify single-axis failures; avoid patching code until environment specificity is known.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: group failures by OS/runtime/version; find common command; identify single-axis failures; avoid patching code until environment specificity is known.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/methodologies/regression-classification.json b/packages/domain-packs/code/ci-triage/documents/methodologies/regression-classification.json index 4fe6fa7f..a1a4dd52 100644 --- a/packages/domain-packs/code/ci-triage/documents/methodologies/regression-classification.json +++ b/packages/domain-packs/code/ci-triage/documents/methodologies/regression-classification.json @@ -2,7 +2,7 @@ "ref_id": "methodology:ci_triage:regression-classification", "type": "methodology", "description": "Classify failures as regression, stale test, flake, new test, or infra.", - "body": "Steps: compare recent diff and test ownership; inspect whether test changed; retry known flakes once; check dependency or environment drift; assign one class with evidence.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: compare recent diff and test ownership; inspect whether test changed; retry known flakes once; check dependency or environment drift; assign one class with evidence.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/skills/classify-ci-failure.json b/packages/domain-packs/code/ci-triage/documents/skills/classify-ci-failure.json index 2303197f..9720f65f 100644 --- a/packages/domain-packs/code/ci-triage/documents/skills/classify-ci-failure.json +++ b/packages/domain-packs/code/ci-triage/documents/skills/classify-ci-failure.json @@ -2,7 +2,7 @@ "ref_id": "skill:ci_triage:classify-ci-failure", "type": "skill", "description": "Classify CI failure as regression, stale, flake, new, or infra.", - "body": "Inputs: failure evidence plus diff context. Output: failure class, confidence, and next validation command.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: failure evidence plus diff context. Output: failure class, confidence, and next validation command.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/skills/parse-ci-log.json b/packages/domain-packs/code/ci-triage/documents/skills/parse-ci-log.json index bc47e5b4..7d2be000 100644 --- a/packages/domain-packs/code/ci-triage/documents/skills/parse-ci-log.json +++ b/packages/domain-packs/code/ci-triage/documents/skills/parse-ci-log.json @@ -2,7 +2,7 @@ "ref_id": "skill:ci_triage:parse-ci-log", "type": "skill", "description": "Extract first failing command, job metadata, and artifact refs from CI output.", - "body": "Inputs: raw CI log or URL summary. Output: normalized evidence record with job, step, command, exit code, primary diagnostic, artifact refs, and suspected category.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: raw CI log or URL summary. Output: normalized evidence record with job, step, command, exit code, primary diagnostic, artifact refs, and suspected category.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/strategies/ci-diff-correlation.json b/packages/domain-packs/code/ci-triage/documents/strategies/ci-diff-correlation.json index d1ac249d..6ebe1e01 100644 --- a/packages/domain-packs/code/ci-triage/documents/strategies/ci-diff-correlation.json +++ b/packages/domain-packs/code/ci-triage/documents/strategies/ci-diff-correlation.json @@ -2,7 +2,7 @@ "ref_id": "strategy:ci_triage:ci-diff-correlation", "type": "strategy", "description": "Correlate failing checks with recent code, test, dependency, and workflow changes.", - "body": "A failed check is not automatically an implementation regression. Compare touched files, workflow edits, lockfile changes, and known flake signatures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A failed check is not automatically an implementation regression. Compare touched files, workflow edits, lockfile changes, and known flake signatures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/strategies/first-failing-command.json b/packages/domain-packs/code/ci-triage/documents/strategies/first-failing-command.json index 8b483d8d..f797d30a 100644 --- a/packages/domain-packs/code/ci-triage/documents/strategies/first-failing-command.json +++ b/packages/domain-packs/code/ci-triage/documents/strategies/first-failing-command.json @@ -2,7 +2,7 @@ "ref_id": "strategy:ci_triage:first-failing-command", "type": "strategy", "description": "Normalize CI logs around the earliest actionable failing command.", - "body": "CI logs contain setup noise, retries, and downstream failures. Capture job, step, command, exit code, log URL or artifact, and first actionable diagnostic before proposing fixes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "CI logs contain setup noise, retries, and downstream failures. Capture job, step, command, exit code, log URL or artifact, and first actionable diagnostic before proposing fixes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/strategies/provider-neutral-status.json b/packages/domain-packs/code/ci-triage/documents/strategies/provider-neutral-status.json index 34db269e..114226d4 100644 --- a/packages/domain-packs/code/ci-triage/documents/strategies/provider-neutral-status.json +++ b/packages/domain-packs/code/ci-triage/documents/strategies/provider-neutral-status.json @@ -2,7 +2,7 @@ "ref_id": "strategy:ci_triage:provider-neutral-status", "type": "strategy", "description": "Model CI state independent of GitHub, GitLab, Jenkins, or Azure syntax.", - "body": "Keep status, duration, artifacts, command, and failure category normalized so domain logic does not depend on provider-specific fields.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Keep status, duration, artifacts, command, and failure category normalized so domain logic does not depend on provider-specific fields.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/ci-triage/documents/strategies/retry-once-for-flake.json b/packages/domain-packs/code/ci-triage/documents/strategies/retry-once-for-flake.json index 000e29fd..01ce485e 100644 --- a/packages/domain-packs/code/ci-triage/documents/strategies/retry-once-for-flake.json +++ b/packages/domain-packs/code/ci-triage/documents/strategies/retry-once-for-flake.json @@ -2,7 +2,7 @@ "ref_id": "strategy:ci_triage:retry-once-for-flake", "type": "strategy", "description": "Retry only when evidence points to infrastructure or nondeterminism.", - "body": "One controlled retry can distinguish transient failure from deterministic regression. Repeated retries without new evidence are a diagnostic failure.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "One controlled retry can distinguish transient failure from deterministic regression. Repeated retries without new evidence are a diagnostic failure.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when CI Triage work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ci_triage", "scope_hint": "code.ci-triage:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/cpp/README.md b/packages/domain-packs/code/cpp/README.md index e47454b7..0d7d558a 100644 --- a/packages/domain-packs/code/cpp/README.md +++ b/packages/domain-packs/code/cpp/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/cpp/documents/knowledge/abi-and-ownership.json b/packages/domain-packs/code/cpp/documents/knowledge/abi-and-ownership.json index 40788003..4467ce57 100644 --- a/packages/domain-packs/code/cpp/documents/knowledge/abi-and-ownership.json +++ b/packages/domain-packs/code/cpp/documents/knowledge/abi-and-ownership.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:cpp:abi-and-ownership", "type": "knowledge", "description": "C++ API changes can affect ABI and memory ownership.", - "body": "Review lifetime, ownership, exceptions, and binary compatibility for exported boundaries.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when C++ work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Review lifetime, ownership, exceptions, and binary compatibility for exported boundaries.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when C++ work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "cpp", "scope_hint": "code.cpp:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/debugging/documents/failure_dossiers/strategy-before-diagnosis.json b/packages/domain-packs/code/debugging/documents/failure_dossiers/strategy-before-diagnosis.json index e3b310ca..a708f200 100644 --- a/packages/domain-packs/code/debugging/documents/failure_dossiers/strategy-before-diagnosis.json +++ b/packages/domain-packs/code/debugging/documents/failure_dossiers/strategy-before-diagnosis.json @@ -2,7 +2,7 @@ "ref_id": "failure:debugging:failure", "type": "failure_dossier", "description": "Strategy Before Diagnosis", - "body": "Choosing a fix strategy before collecting evidence repeats failures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Choosing a fix strategy before collecting evidence repeats failures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "debugging", "scope_hint": "code.debugging:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/debugging/documents/methodologies/diagnosis-result-normalization.json b/packages/domain-packs/code/debugging/documents/methodologies/diagnosis-result-normalization.json index badbee76..40127919 100644 --- a/packages/domain-packs/code/debugging/documents/methodologies/diagnosis-result-normalization.json +++ b/packages/domain-packs/code/debugging/documents/methodologies/diagnosis-result-normalization.json @@ -2,7 +2,7 @@ "ref_id": "methodology:debugging:diagnosis-result-normalization", "type": "methodology", "description": "Diagnosis Result Normalization", - "body": "Normalize symptoms, evidence refs, suspected cause, blocked refs, and next action.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Debugging work touches reproduction steps, stack traces, logs, state transitions, and controlled hypotheses. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include minimal repro, before/after trace, regression test, and command output. Risk boundary: escalate or stop when the task involves blind retries, wrapper fixes, broad rewrites, and unproven root cause, missing owner evidence, or live external state.", + "body": "Normalize symptoms, evidence refs, suspected cause, blocked refs, and next action.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Debugging work touches reproduction steps, stack traces, logs, state transitions, and controlled hypotheses. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include minimal repro, before/after trace, regression test, and command output. Risk boundary: escalate or stop when the task involves blind retries, wrapper fixes, broad rewrites, and unproven root cause, missing owner evidence, or live external state.", "domain": "debugging", "scope_hint": "code.debugging:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/debugging/documents/methodologies/evidence-first-diagnosis.json b/packages/domain-packs/code/debugging/documents/methodologies/evidence-first-diagnosis.json index 6055b591..4a8501ec 100644 --- a/packages/domain-packs/code/debugging/documents/methodologies/evidence-first-diagnosis.json +++ b/packages/domain-packs/code/debugging/documents/methodologies/evidence-first-diagnosis.json @@ -2,7 +2,7 @@ "ref_id": "methodology:debugging:evidence-first-diagnosis", "type": "methodology", "description": "Evidence First Diagnosis", - "body": "Collect evidence and artifact refs before proposing next action.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Debugging work touches reproduction steps, stack traces, logs, state transitions, and controlled hypotheses. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include minimal repro, before/after trace, regression test, and command output. Risk boundary: escalate or stop when the task involves blind retries, wrapper fixes, broad rewrites, and unproven root cause, missing owner evidence, or live external state.", + "body": "Collect evidence and artifact refs before proposing next action.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Debugging work touches reproduction steps, stack traces, logs, state transitions, and controlled hypotheses. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include minimal repro, before/after trace, regression test, and command output. Risk boundary: escalate or stop when the task involves blind retries, wrapper fixes, broad rewrites, and unproven root cause, missing owner evidence, or live external state.", "domain": "debugging", "scope_hint": "code.debugging:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/debugging/documents/skills/collect-diagnostic-evidence.json b/packages/domain-packs/code/debugging/documents/skills/collect-diagnostic-evidence.json index 0ec706d7..754f8ecf 100644 --- a/packages/domain-packs/code/debugging/documents/skills/collect-diagnostic-evidence.json +++ b/packages/domain-packs/code/debugging/documents/skills/collect-diagnostic-evidence.json @@ -2,7 +2,7 @@ "ref_id": "skill:debugging:skill", "type": "skill", "description": "Collect Diagnostic Evidence", - "body": "Collect structured evidence for a failing path before patching.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Debugging work touches reproduction steps, stack traces, logs, state transitions, and controlled hypotheses. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include minimal repro, before/after trace, regression test, and command output. Risk boundary: escalate or stop when the task involves blind retries, wrapper fixes, broad rewrites, and unproven root cause, missing owner evidence, or live external state.", + "body": "Collect structured evidence for a failing path before patching.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Debugging work touches reproduction steps, stack traces, logs, state transitions, and controlled hypotheses. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include minimal repro, before/after trace, regression test, and command output. Risk boundary: escalate or stop when the task involves blind retries, wrapper fixes, broad rewrites, and unproven root cause, missing owner evidence, or live external state.", "domain": "debugging", "scope_hint": "code.debugging:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/README.md b/packages/domain-packs/code/docs/README.md index 9430e66a..bca5f388 100644 --- a/packages/domain-packs/code/docs/README.md +++ b/packages/domain-packs/code/docs/README.md @@ -10,7 +10,7 @@ Does not invent product claims or replace legal/compliance text. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/docs/documents/failure_dossiers/doc-claim-without-source.json b/packages/domain-packs/code/docs/documents/failure_dossiers/doc-claim-without-source.json index ff706f1c..3c8054a6 100644 --- a/packages/domain-packs/code/docs/documents/failure_dossiers/doc-claim-without-source.json +++ b/packages/domain-packs/code/docs/documents/failure_dossiers/doc-claim-without-source.json @@ -2,7 +2,7 @@ "ref_id": "failure:docs:doc-claim-without-source", "type": "failure_dossier", "description": "Documentation claims without code or command evidence can mislead maintainers.", - "body": "Tie claims to source or mark as conceptual.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Tie claims to source or mark as conceptual.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "docs", "scope_hint": "code.docs:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/failure_dossiers/format-filed-by-source.json b/packages/domain-packs/code/docs/documents/failure_dossiers/format-filed-by-source.json index 6ef15d92..6342c303 100644 --- a/packages/domain-packs/code/docs/documents/failure_dossiers/format-filed-by-source.json +++ b/packages/domain-packs/code/docs/documents/failure_dossiers/format-filed-by-source.json @@ -2,7 +2,7 @@ "ref_id": "failure:docs:format-filed-by-source", "type": "failure_dossier", "description": "Filing docs by input format instead of subject makes them hard to find.", - "body": "File docs by primary subject or reader task.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "File docs by primary subject or reader task.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "docs", "scope_hint": "code.docs:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/knowledge/audience-changes-detail.json b/packages/domain-packs/code/docs/documents/knowledge/audience-changes-detail.json index e66d6fda..97ba3bcf 100644 --- a/packages/domain-packs/code/docs/documents/knowledge/audience-changes-detail.json +++ b/packages/domain-packs/code/docs/documents/knowledge/audience-changes-detail.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:docs:audience-changes-detail", "type": "knowledge", "description": "Operator, contributor, API user, and maintainer docs need different detail levels.", - "body": "A dense implementation note can be wrong for onboarding, while a quickstart may omit maintainer invariants.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A dense implementation note can be wrong for onboarding, while a quickstart may omit maintainer invariants.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/knowledge/diagram-needs-source.json b/packages/domain-packs/code/docs/documents/knowledge/diagram-needs-source.json index 4e714504..6aab99c9 100644 --- a/packages/domain-packs/code/docs/documents/knowledge/diagram-needs-source.json +++ b/packages/domain-packs/code/docs/documents/knowledge/diagram-needs-source.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:docs:diagram-needs-source", "type": "knowledge", "description": "A diagram should be grounded in actual components and paths.", - "body": "Architecture diagrams without source anchors become decorative and stale.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Architecture diagrams without source anchors become decorative and stale.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/knowledge/docs-drift-fast.json b/packages/domain-packs/code/docs/documents/knowledge/docs-drift-fast.json index 2a84b6bd..07860875 100644 --- a/packages/domain-packs/code/docs/documents/knowledge/docs-drift-fast.json +++ b/packages/domain-packs/code/docs/documents/knowledge/docs-drift-fast.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:docs:docs-drift-fast", "type": "knowledge", "description": "Docs that duplicate executable truth drift faster than docs that link to it.", - "body": "Prefer links to scripts, schemas, generated references, or tests when details are executable.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Prefer links to scripts, schemas, generated references, or tests when details are executable.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/methodologies/adr-writing-flow.json b/packages/domain-packs/code/docs/documents/methodologies/adr-writing-flow.json index 023f625e..3b51615a 100644 --- a/packages/domain-packs/code/docs/documents/methodologies/adr-writing-flow.json +++ b/packages/domain-packs/code/docs/documents/methodologies/adr-writing-flow.json @@ -2,7 +2,7 @@ "ref_id": "methodology:docs:adr-writing-flow", "type": "methodology", "description": "Capture context, alternatives, decision, consequences, and revisit trigger.", - "body": "Steps: describe problem; list options; state decision; describe consequences; link validation or follow-up.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: describe problem; list options; state decision; describe consequences; link validation or follow-up.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/methodologies/doc-consistency-pass.json b/packages/domain-packs/code/docs/documents/methodologies/doc-consistency-pass.json index b92993f6..821c8ee8 100644 --- a/packages/domain-packs/code/docs/documents/methodologies/doc-consistency-pass.json +++ b/packages/domain-packs/code/docs/documents/methodologies/doc-consistency-pass.json @@ -2,7 +2,7 @@ "ref_id": "methodology:docs:doc-consistency-pass", "type": "methodology", "description": "Check docs against code, config, and tests before finalizing.", - "body": "Steps: verify commands; verify paths; verify option names; check outdated screenshots or diagrams; run examples where possible.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: verify commands; verify paths; verify option names; check outdated screenshots or diagrams; run examples where possible.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/methodologies/documentation-materialization.json b/packages/domain-packs/code/docs/documents/methodologies/documentation-materialization.json index d79bd229..e814c204 100644 --- a/packages/domain-packs/code/docs/documents/methodologies/documentation-materialization.json +++ b/packages/domain-packs/code/docs/documents/methodologies/documentation-materialization.json @@ -2,7 +2,7 @@ "ref_id": "methodology:docs:documentation-materialization", "type": "methodology", "description": "Produce docs, diagrams, and PR summaries as declared evidence-linked artifacts.", - "body": "Steps: identify audience; collect source evidence; draft artifact; validate examples/links; record changed paths and residual gaps.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: identify audience; collect source evidence; draft artifact; validate examples/links; record changed paths and residual gaps.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/skills/validate-doc-example.json b/packages/domain-packs/code/docs/documents/skills/validate-doc-example.json index 2ad64d0a..c370baa1 100644 --- a/packages/domain-packs/code/docs/documents/skills/validate-doc-example.json +++ b/packages/domain-packs/code/docs/documents/skills/validate-doc-example.json @@ -2,7 +2,7 @@ "ref_id": "skill:docs:validate-doc-example", "type": "skill", "description": "Check documentation examples, commands, paths, and links against the repository.", - "body": "Inputs: changed docs. Output: validated examples, stale references, and commands not run.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: changed docs. Output: validated examples, stale references, and commands not run.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/strategies/changelog-impact.json b/packages/domain-packs/code/docs/documents/strategies/changelog-impact.json index e44a5023..55ff7041 100644 --- a/packages/domain-packs/code/docs/documents/strategies/changelog-impact.json +++ b/packages/domain-packs/code/docs/documents/strategies/changelog-impact.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docs:changelog-impact", "type": "strategy", "description": "Changelog entries should state user-visible impact, not just implementation detail.", - "body": "Release notes should help users decide whether action is needed.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Release notes should help users decide whether action is needed.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/strategies/docs-as-artifact.json b/packages/domain-packs/code/docs/documents/strategies/docs-as-artifact.json index e84a2850..1477f0de 100644 --- a/packages/domain-packs/code/docs/documents/strategies/docs-as-artifact.json +++ b/packages/domain-packs/code/docs/documents/strategies/docs-as-artifact.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docs:docs-as-artifact", "type": "strategy", "description": "Treat generated docs as declared artifacts tied to source evidence.", - "body": "Documentation materialization should cite code paths, schemas, commands, or decisions rather than free-floating prose.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Documentation materialization should cite code paths, schemas, commands, or decisions rather than free-floating prose.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/strategies/examples-must-run.json b/packages/domain-packs/code/docs/documents/strategies/examples-must-run.json index 99145e25..2fdccee6 100644 --- a/packages/domain-packs/code/docs/documents/strategies/examples-must-run.json +++ b/packages/domain-packs/code/docs/documents/strategies/examples-must-run.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docs:examples-must-run", "type": "strategy", "description": "Code examples should be validated or marked illustrative.", - "body": "Stale snippets mislead users. Link examples to tests or package commands where possible.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Stale snippets mislead users. Link examples to tests or package commands where possible.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/docs/documents/strategies/reader-task-first.json b/packages/domain-packs/code/docs/documents/strategies/reader-task-first.json index 11c05250..38b45056 100644 --- a/packages/domain-packs/code/docs/documents/strategies/reader-task-first.json +++ b/packages/domain-packs/code/docs/documents/strategies/reader-task-first.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docs:reader-task-first", "type": "strategy", "description": "Organize docs around what the reader needs to do.", - "body": "Setup, usage, troubleshooting, API behavior, and maintenance docs serve different readers. File and structure docs by primary subject and task.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Setup, usage, troubleshooting, API behavior, and maintenance docs serve different readers. File and structure docs by primary subject and task.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Documentation work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "docs", "scope_hint": "code.docs:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/README.md b/packages/domain-packs/code/environment/README.md index 05f9d0cc..90d04665 100644 --- a/packages/domain-packs/code/environment/README.md +++ b/packages/domain-packs/code/environment/README.md @@ -10,7 +10,7 @@ Does not provision production infrastructure or approve cloud access. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/environment/documents/failure_dossiers/fix-without-check.json b/packages/domain-packs/code/environment/documents/failure_dossiers/fix-without-check.json index b95e0e16..d93a6d45 100644 --- a/packages/domain-packs/code/environment/documents/failure_dossiers/fix-without-check.json +++ b/packages/domain-packs/code/environment/documents/failure_dossiers/fix-without-check.json @@ -2,7 +2,7 @@ "ref_id": "failure:environment:fix-without-check", "type": "failure_dossier", "description": "Applying setup fixes before proving breakage can damage a working environment.", - "body": "Always test first.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Always test first.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "environment", "scope_hint": "code.environment:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/failure_dossiers/hung-health-check.json b/packages/domain-packs/code/environment/documents/failure_dossiers/hung-health-check.json index 99cc18da..39d1c49a 100644 --- a/packages/domain-packs/code/environment/documents/failure_dossiers/hung-health-check.json +++ b/packages/domain-packs/code/environment/documents/failure_dossiers/hung-health-check.json @@ -2,7 +2,7 @@ "ref_id": "failure:environment:hung-health-check", "type": "failure_dossier", "description": "Unbounded health checks can block the entire run.", - "body": "Use timeouts for service and network checks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use timeouts for service and network checks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "environment", "scope_hint": "code.environment:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/knowledge/auto-fix-needs-retest.json b/packages/domain-packs/code/environment/documents/knowledge/auto-fix-needs-retest.json index f8960630..ee2eb440 100644 --- a/packages/domain-packs/code/environment/documents/knowledge/auto-fix-needs-retest.json +++ b/packages/domain-packs/code/environment/documents/knowledge/auto-fix-needs-retest.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:environment:auto-fix-needs-retest", "type": "knowledge", "description": "An automatic fix is not valid until the failing check passes afterward.", - "body": "Fix-then-report without retest can claim success while the environment remains broken.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Fix-then-report without retest can claim success while the environment remains broken.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/knowledge/environment-evidence-local.json b/packages/domain-packs/code/environment/documents/knowledge/environment-evidence-local.json index 2c4f1572..382cbbd3 100644 --- a/packages/domain-packs/code/environment/documents/knowledge/environment-evidence-local.json +++ b/packages/domain-packs/code/environment/documents/knowledge/environment-evidence-local.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:environment:environment-evidence-local", "type": "knowledge", "description": "Environment diagnosis is tied to machine state and can drift quickly.", - "body": "Record exact commands and current values because the same repo may behave differently elsewhere.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Record exact commands and current values because the same repo may behave differently elsewhere.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/knowledge/skip-not-fail.json b/packages/domain-packs/code/environment/documents/knowledge/skip-not-fail.json index ebab0906..c181b2fe 100644 --- a/packages/domain-packs/code/environment/documents/knowledge/skip-not-fail.json +++ b/packages/domain-packs/code/environment/documents/knowledge/skip-not-fail.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:environment:skip-not-fail", "type": "knowledge", "description": "Missing optional prerequisite is a skip, not a failed system.", - "body": "Health checks should distinguish unavailable optional components from broken required components.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Health checks should distinguish unavailable optional components from broken required components.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/methodologies/environment-drift-check.json b/packages/domain-packs/code/environment/documents/methodologies/environment-drift-check.json index 59641ae0..07ceb410 100644 --- a/packages/domain-packs/code/environment/documents/methodologies/environment-drift-check.json +++ b/packages/domain-packs/code/environment/documents/methodologies/environment-drift-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:environment:environment-drift-check", "type": "methodology", "description": "Compare current runtime, dependency, and env state against project expectations.", - "body": "Steps: inspect lockfiles, runtime versions, env vars, service ports, local databases, and generated artifacts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: inspect lockfiles, runtime versions, env vars, service ports, local databases, and generated artifacts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/methodologies/restart-health-check.json b/packages/domain-packs/code/environment/documents/methodologies/restart-health-check.json index b9d7188b..b1166745 100644 --- a/packages/domain-packs/code/environment/documents/methodologies/restart-health-check.json +++ b/packages/domain-packs/code/environment/documents/methodologies/restart-health-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:environment:restart-health-check", "type": "methodology", "description": "After container or service restart, verify critical dependencies before coding.", - "body": "Steps: check runtime, CLI load, database, workers, API keys, and repo paths; skip optional dependencies explicitly.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: check runtime, CLI load, database, workers, API keys, and repo paths; skip optional dependencies explicitly.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/methodologies/smoke-test-loop.json b/packages/domain-packs/code/environment/documents/methodologies/smoke-test-loop.json index bcb5a7b3..1751d2d1 100644 --- a/packages/domain-packs/code/environment/documents/methodologies/smoke-test-loop.json +++ b/packages/domain-packs/code/environment/documents/methodologies/smoke-test-loop.json @@ -2,7 +2,7 @@ "ref_id": "methodology:environment:smoke-test-loop", "type": "methodology", "description": "Check critical services, auto-fix known safe issues, then retest.", - "body": "Steps: run fast checks; classify pass/fail/skip; apply only known idempotent fixes; retest; report remaining failures with logs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: run fast checks; classify pass/fail/skip; apply only known idempotent fixes; retest; report remaining failures with logs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/skills/run-smoke-check.json b/packages/domain-packs/code/environment/documents/skills/run-smoke-check.json index 16d96c70..1a162a53 100644 --- a/packages/domain-packs/code/environment/documents/skills/run-smoke-check.json +++ b/packages/domain-packs/code/environment/documents/skills/run-smoke-check.json @@ -2,7 +2,7 @@ "ref_id": "skill:environment:run-smoke-check", "type": "skill", "description": "Run a bounded environment smoke test and classify pass/fail/skip.", - "body": "Inputs: project health checks. Output: result table, auto-fix attempts, and remaining failures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: project health checks. Output: result table, auto-fix attempts, and remaining failures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/strategies/doctor-before-fix.json b/packages/domain-packs/code/environment/documents/strategies/doctor-before-fix.json index bdaab9cc..52455483 100644 --- a/packages/domain-packs/code/environment/documents/strategies/doctor-before-fix.json +++ b/packages/domain-packs/code/environment/documents/strategies/doctor-before-fix.json @@ -2,7 +2,7 @@ "ref_id": "strategy:environment:doctor-before-fix", "type": "strategy", "description": "Run lightweight environment checks before editing code for setup failures.", - "body": "Many failures are missing runtimes, env vars, services, ports, or dependencies. Diagnose environment before patching source.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Many failures are missing runtimes, env vars, services, ports, or dependencies. Diagnose environment before patching source.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/strategies/idempotent-bootstrap.json b/packages/domain-packs/code/environment/documents/strategies/idempotent-bootstrap.json index e54121a1..f309d9ee 100644 --- a/packages/domain-packs/code/environment/documents/strategies/idempotent-bootstrap.json +++ b/packages/domain-packs/code/environment/documents/strategies/idempotent-bootstrap.json @@ -2,7 +2,7 @@ "ref_id": "strategy:environment:idempotent-bootstrap", "type": "strategy", "description": "Bootstrap commands should be safe to repeat.", - "body": "Setup scripts should tolerate existing directories, installed deps, and running services.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Setup scripts should tolerate existing directories, installed deps, and running services.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/strategies/test-before-auto-fix.json b/packages/domain-packs/code/environment/documents/strategies/test-before-auto-fix.json index edbab724..c878c62c 100644 --- a/packages/domain-packs/code/environment/documents/strategies/test-before-auto-fix.json +++ b/packages/domain-packs/code/environment/documents/strategies/test-before-auto-fix.json @@ -2,7 +2,7 @@ "ref_id": "strategy:environment:test-before-auto-fix", "type": "strategy", "description": "Confirm a setup check is broken before applying any automatic fix.", - "body": "Smoke-test skills emphasize pass/fail detection before remediation and retest after remediation.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Smoke-test skills emphasize pass/fail detection before remediation and retest after remediation.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/environment/documents/strategies/timeout-external-checks.json b/packages/domain-packs/code/environment/documents/strategies/timeout-external-checks.json index 2b1cb9dd..074f2200 100644 --- a/packages/domain-packs/code/environment/documents/strategies/timeout-external-checks.json +++ b/packages/domain-packs/code/environment/documents/strategies/timeout-external-checks.json @@ -2,7 +2,7 @@ "ref_id": "strategy:environment:timeout-external-checks", "type": "strategy", "description": "Any environment check that can hang needs a timeout.", - "body": "Network, process, and service checks can stall. Bound them to keep diagnostics usable.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Network, process, and service checks can stall. Bound them to keep diagnostics usable.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Development Environment work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "environment", "scope_hint": "code.environment:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/README.md b/packages/domain-packs/code/frontend.accessibility/README.md index 4b7b0e6d..165e78d2 100644 --- a/packages/domain-packs/code/frontend.accessibility/README.md +++ b/packages/domain-packs/code/frontend.accessibility/README.md @@ -10,7 +10,7 @@ Does not certify legal compliance; it supplies engineering checks and risk evide ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/aria-coverup.json b/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/aria-coverup.json index c0b20997..c43be296 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/aria-coverup.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/aria-coverup.json @@ -2,7 +2,7 @@ "ref_id": "failure:frontend_accessibility:aria-coverup", "type": "failure_dossier", "description": "Adding ARIA to non-interactive elements without behavior creates false accessibility.", - "body": "Use native controls or implement full behavior.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use native controls or implement full behavior.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/focus-lost-on-close.json b/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/focus-lost-on-close.json index a9af8b71..c735c462 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/focus-lost-on-close.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/failure_dossiers/focus-lost-on-close.json @@ -2,7 +2,7 @@ "ref_id": "failure:frontend_accessibility:focus-lost-on-close", "type": "failure_dossier", "description": "Closing modal/menu without restoring focus disorients keyboard users.", - "body": "Restore focus to invoking control.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Restore focus to invoking control.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/knowledge/accessible-name-source.json b/packages/domain-packs/code/frontend.accessibility/documents/knowledge/accessible-name-source.json index 50c6f8cd..ba70d5e1 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/knowledge/accessible-name-source.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/knowledge/accessible-name-source.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:frontend_accessibility:accessible-name-source", "type": "knowledge", "description": "Accessible names come from text, labels, aria-label, or referenced content.", - "body": "Icon-only controls need a non-visual name.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Icon-only controls need a non-visual name.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/knowledge/aria-does-not-add-behavior.json b/packages/domain-packs/code/frontend.accessibility/documents/knowledge/aria-does-not-add-behavior.json index 0357a8cb..b9818f21 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/knowledge/aria-does-not-add-behavior.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/knowledge/aria-does-not-add-behavior.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:frontend_accessibility:aria-does-not-add-behavior", "type": "knowledge", "description": "ARIA changes semantics but does not implement interaction.", - "body": "Keyboard handlers and focus management still need implementation for custom controls.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Keyboard handlers and focus management still need implementation for custom controls.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/knowledge/focus-visible-required.json b/packages/domain-packs/code/frontend.accessibility/documents/knowledge/focus-visible-required.json index 55541da3..0199f4a2 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/knowledge/focus-visible-required.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/knowledge/focus-visible-required.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:frontend_accessibility:focus-visible-required", "type": "knowledge", "description": "Keyboard users need visible focus location.", - "body": "Removing outlines without replacement breaks navigation.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Removing outlines without replacement breaks navigation.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/methodologies/accessibility-runtime-pass.json b/packages/domain-packs/code/frontend.accessibility/documents/methodologies/accessibility-runtime-pass.json index cad13d4f..2c1a24f7 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/methodologies/accessibility-runtime-pass.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/methodologies/accessibility-runtime-pass.json @@ -2,7 +2,7 @@ "ref_id": "methodology:frontend_accessibility:accessibility-runtime-pass", "type": "methodology", "description": "Render page, inspect roles/names, navigate keyboard, and check states.", - "body": "Steps: open route; list interactive roles; tab through controls; activate; inspect ARIA states; record failures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Steps: open route; list interactive roles; tab through controls; activate; inspect ARIA states; record failures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/methodologies/contrast-and-motion-check.json b/packages/domain-packs/code/frontend.accessibility/documents/methodologies/contrast-and-motion-check.json index 740a5a83..14580d4f 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/methodologies/contrast-and-motion-check.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/methodologies/contrast-and-motion-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:frontend_accessibility:contrast-and-motion-check", "type": "methodology", "description": "Check contrast and reduced-motion behavior for changed surfaces.", - "body": "Steps: inspect color pairs; test disabled/loading states; check animation opt-out if relevant.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Steps: inspect color pairs; test disabled/loading states; check animation opt-out if relevant.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/methodologies/focus-management-check.json b/packages/domain-packs/code/frontend.accessibility/documents/methodologies/focus-management-check.json index 5f7765b0..cc9b0832 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/methodologies/focus-management-check.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/methodologies/focus-management-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:frontend_accessibility:focus-management-check", "type": "methodology", "description": "Verify focus entry, movement, trap, restore, and visibility.", - "body": "Steps: open modal/menu; check initial focus; navigate; close; verify focus returns.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Steps: open modal/menu; check initial focus; navigate; close; verify focus returns.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/skills/run-a11y-smoke.json b/packages/domain-packs/code/frontend.accessibility/documents/skills/run-a11y-smoke.json index 9a8c5882..cae2ba59 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/skills/run-a11y-smoke.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/skills/run-a11y-smoke.json @@ -2,7 +2,7 @@ "ref_id": "skill:frontend_accessibility:run-a11y-smoke", "type": "skill", "description": "Perform a browser accessibility smoke pass for changed UI.", - "body": "Inputs: URL and changed controls. Output: role/name/focus findings and screenshot refs if available.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Inputs: URL and changed controls. Output: role/name/focus findings and screenshot refs if available.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/strategies/a11y-regression-in-browser.json b/packages/domain-packs/code/frontend.accessibility/documents/strategies/a11y-regression-in-browser.json index feb1859e..bb4bb8fb 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/strategies/a11y-regression-in-browser.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/strategies/a11y-regression-in-browser.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_accessibility:a11y-regression-in-browser", "type": "strategy", "description": "A11y checks should run in actual rendered browser state.", - "body": "Static markup checks miss dynamic focus and state bugs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Static markup checks miss dynamic focus and state bugs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/strategies/keyboard-complete.json b/packages/domain-packs/code/frontend.accessibility/documents/strategies/keyboard-complete.json index cb4bec6d..b85f0d3c 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/strategies/keyboard-complete.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/strategies/keyboard-complete.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_accessibility:keyboard-complete", "type": "strategy", "description": "Interactive workflows must be reachable and operable by keyboard.", - "body": "Keyboard access includes focus order, visible focus, activation, escape/cancel, and modal containment.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Keyboard access includes focus order, visible focus, activation, escape/cancel, and modal containment.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/strategies/name-role-state.json b/packages/domain-packs/code/frontend.accessibility/documents/strategies/name-role-state.json index f83bef0a..04292cc1 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/strategies/name-role-state.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/strategies/name-role-state.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_accessibility:name-role-state", "type": "strategy", "description": "Controls need correct accessible name, role, and state.", - "body": "ARIA should describe state truthfully. Incorrect ARIA is worse than missing decoration.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "ARIA should describe state truthfully. Incorrect ARIA is worse than missing decoration.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.accessibility/documents/strategies/prefer-native-semantics.json b/packages/domain-packs/code/frontend.accessibility/documents/strategies/prefer-native-semantics.json index 5dc0558a..117ec9e8 100644 --- a/packages/domain-packs/code/frontend.accessibility/documents/strategies/prefer-native-semantics.json +++ b/packages/domain-packs/code/frontend.accessibility/documents/strategies/prefer-native-semantics.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_accessibility:prefer-native-semantics", "type": "strategy", "description": "Native controls carry semantics and keyboard behavior by default.", - "body": "Use buttons, links, inputs, labels, and fieldsets before custom div controls.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Use buttons, links, inputs, labels, and fieldsets before custom div controls.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Accessibility work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "accessibility", "scope_hint": "code.frontend.accessibility:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/README.md b/packages/domain-packs/code/frontend.performance/README.md index c37b8082..2e8999a6 100644 --- a/packages/domain-packs/code/frontend.performance/README.md +++ b/packages/domain-packs/code/frontend.performance/README.md @@ -10,7 +10,7 @@ Does not replace general backend/database performance packs. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/bundle-only-claim.json b/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/bundle-only-claim.json index 1a538367..7a3d3c7a 100644 --- a/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/bundle-only-claim.json +++ b/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/bundle-only-claim.json @@ -2,7 +2,7 @@ "ref_id": "failure:frontend_performance:bundle-only-claim", "type": "failure_dossier", "description": "Claiming performance improvement from bundle size alone can miss runtime regressions.", - "body": "Measure user path too.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Measure user path too.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "performance", "scope_hint": "code.frontend.performance:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/unbounded-third-party.json b/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/unbounded-third-party.json index 7e2be43a..7d4d5404 100644 --- a/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/unbounded-third-party.json +++ b/packages/domain-packs/code/frontend.performance/documents/failure_dossiers/unbounded-third-party.json @@ -2,7 +2,7 @@ "ref_id": "failure:frontend_performance:unbounded-third-party", "type": "failure_dossier", "description": "Adding third-party scripts without budget or failure handling risks performance and privacy.", - "body": "Review load behavior and data flow.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Review load behavior and data flow.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "performance", "scope_hint": "code.frontend.performance:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/knowledge/hydration-cost.json b/packages/domain-packs/code/frontend.performance/documents/knowledge/hydration-cost.json index 787368f6..57856453 100644 --- a/packages/domain-packs/code/frontend.performance/documents/knowledge/hydration-cost.json +++ b/packages/domain-packs/code/frontend.performance/documents/knowledge/hydration-cost.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:frontend_performance:hydration-cost", "type": "knowledge", "description": "Hydration can create main-thread work and mismatch failures.", - "body": "SSR apps need both server output and client activation checks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "SSR apps need both server output and client activation checks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/knowledge/layout-shift-user-impact.json b/packages/domain-packs/code/frontend.performance/documents/knowledge/layout-shift-user-impact.json index 570706c3..a4232c3e 100644 --- a/packages/domain-packs/code/frontend.performance/documents/knowledge/layout-shift-user-impact.json +++ b/packages/domain-packs/code/frontend.performance/documents/knowledge/layout-shift-user-impact.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:frontend_performance:layout-shift-user-impact", "type": "knowledge", "description": "Layout shifts harm usability even when final DOM is correct.", - "body": "Reserve space for images, fonts, and dynamic content.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Reserve space for images, fonts, and dynamic content.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/knowledge/third-party-script-risk.json b/packages/domain-packs/code/frontend.performance/documents/knowledge/third-party-script-risk.json index bae0b4de..a5ca0a6f 100644 --- a/packages/domain-packs/code/frontend.performance/documents/knowledge/third-party-script-risk.json +++ b/packages/domain-packs/code/frontend.performance/documents/knowledge/third-party-script-risk.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:frontend_performance:third-party-script-risk", "type": "knowledge", "description": "Third-party scripts add network, execution, privacy, and failure risk.", - "body": "Load only when needed and isolate where possible.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Load only when needed and isolate where possible.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/methodologies/bundle-delta-review.json b/packages/domain-packs/code/frontend.performance/documents/methodologies/bundle-delta-review.json index 59a556db..1a3beb45 100644 --- a/packages/domain-packs/code/frontend.performance/documents/methodologies/bundle-delta-review.json +++ b/packages/domain-packs/code/frontend.performance/documents/methodologies/bundle-delta-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:frontend_performance:bundle-delta-review", "type": "methodology", "description": "Review bundle diff and lazy-loading impact for dependency/UI changes.", - "body": "Steps: build; inspect bundle stats; identify new heavy deps; consider lazy load; run smoke path.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Steps: build; inspect bundle stats; identify new heavy deps; consider lazy load; run smoke path.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/methodologies/frontend-profile-pass.json b/packages/domain-packs/code/frontend.performance/documents/methodologies/frontend-profile-pass.json index 58ef20b4..772a1e75 100644 --- a/packages/domain-packs/code/frontend.performance/documents/methodologies/frontend-profile-pass.json +++ b/packages/domain-packs/code/frontend.performance/documents/methodologies/frontend-profile-pass.json @@ -2,7 +2,7 @@ "ref_id": "methodology:frontend_performance:frontend-profile-pass", "type": "methodology", "description": "Record browser performance trace for changed interaction or page load.", - "body": "Steps: open route; capture trace; inspect long tasks, layout shifts, network; patch; recapture same flow.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Steps: open route; capture trace; inspect long tasks, layout shifts, network; patch; recapture same flow.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/methodologies/web-vitals-regression.json b/packages/domain-packs/code/frontend.performance/documents/methodologies/web-vitals-regression.json index d0dd7680..7794dec1 100644 --- a/packages/domain-packs/code/frontend.performance/documents/methodologies/web-vitals-regression.json +++ b/packages/domain-packs/code/frontend.performance/documents/methodologies/web-vitals-regression.json @@ -2,7 +2,7 @@ "ref_id": "methodology:frontend_performance:web-vitals-regression", "type": "methodology", "description": "Compare web vitals before and after on representative viewport/network.", - "body": "Steps: define viewport/network; capture baseline; run candidate; compare LCP/CLS/INP or local equivalents.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Steps: define viewport/network; capture baseline; run candidate; compare LCP/CLS/INP or local equivalents.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/skills/capture-browser-performance.json b/packages/domain-packs/code/frontend.performance/documents/skills/capture-browser-performance.json index 42cf390e..1ad21829 100644 --- a/packages/domain-packs/code/frontend.performance/documents/skills/capture-browser-performance.json +++ b/packages/domain-packs/code/frontend.performance/documents/skills/capture-browser-performance.json @@ -2,7 +2,7 @@ "ref_id": "skill:frontend_performance:capture-browser-performance", "type": "skill", "description": "Capture browser performance evidence for a changed route or interaction.", - "body": "Inputs: URL and flow. Output: trace summary, long tasks, network and layout risks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Inputs: URL and flow. Output: trace summary, long tasks, network and layout risks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/strategies/asset-budget.json b/packages/domain-packs/code/frontend.performance/documents/strategies/asset-budget.json index 3ed32966..e2bb09be 100644 --- a/packages/domain-packs/code/frontend.performance/documents/strategies/asset-budget.json +++ b/packages/domain-packs/code/frontend.performance/documents/strategies/asset-budget.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_performance:asset-budget", "type": "strategy", "description": "Images, fonts, and third-party scripts need explicit budgets.", - "body": "Large media and third-party scripts often dominate page performance.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Large media and third-party scripts often dominate page performance.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/strategies/avoid-render-churn.json b/packages/domain-packs/code/frontend.performance/documents/strategies/avoid-render-churn.json index e705b6ba..82d78380 100644 --- a/packages/domain-packs/code/frontend.performance/documents/strategies/avoid-render-churn.json +++ b/packages/domain-packs/code/frontend.performance/documents/strategies/avoid-render-churn.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_performance:avoid-render-churn", "type": "strategy", "description": "Prevent unnecessary rerenders and layout recalculation in hot UI paths.", - "body": "State granularity, memoization, layout reads/writes, and DOM size affect interaction latency.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "State granularity, memoization, layout reads/writes, and DOM size affect interaction latency.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/strategies/measure-user-path.json b/packages/domain-packs/code/frontend.performance/documents/strategies/measure-user-path.json index 27bf25a4..286c69ad 100644 --- a/packages/domain-packs/code/frontend.performance/documents/strategies/measure-user-path.json +++ b/packages/domain-packs/code/frontend.performance/documents/strategies/measure-user-path.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_performance:measure-user-path", "type": "strategy", "description": "Measure frontend performance on the user path, not only bundle size.", - "body": "Bundle size matters, but user impact also includes network, hydration, rendering, long tasks, and layout shifts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "Bundle size matters, but user impact also includes network, hydration, rendering, long tasks, and layout shifts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/frontend.performance/documents/strategies/profile-long-tasks.json b/packages/domain-packs/code/frontend.performance/documents/strategies/profile-long-tasks.json index 4cfc0116..12f8e641 100644 --- a/packages/domain-packs/code/frontend.performance/documents/strategies/profile-long-tasks.json +++ b/packages/domain-packs/code/frontend.performance/documents/strategies/profile-long-tasks.json @@ -2,7 +2,7 @@ "ref_id": "strategy:frontend_performance:profile-long-tasks", "type": "strategy", "description": "Use browser performance tools to identify long tasks and main-thread stalls.", - "body": "User interaction can fail even when network is fast.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", + "body": "User interaction can fail even when network is fast.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Frontend Performance work touches visible UI behavior, browser console output, DOM state, assets, viewport behavior, and interaction evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include browser smoke, component tests, viewport screenshots, console/network checks, and accessibility assertions. Risk boundary: escalate or stop when the task involves visual regressions, inaccessible interaction, hydration mismatch, and browser-only failures, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.frontend.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/go/README.md b/packages/domain-packs/code/go/README.md index 59573243..afe191cc 100644 --- a/packages/domain-packs/code/go/README.md +++ b/packages/domain-packs/code/go/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/go/documents/knowledge/context-cancellation.json b/packages/domain-packs/code/go/documents/knowledge/context-cancellation.json index 1223d1ba..ff01e0ff 100644 --- a/packages/domain-packs/code/go/documents/knowledge/context-cancellation.json +++ b/packages/domain-packs/code/go/documents/knowledge/context-cancellation.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:go:context-cancellation", "type": "knowledge", "description": "Go context propagation controls cancellation and deadlines.", - "body": "Long-running IO and goroutines should respect context where appropriate.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Go work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Long-running IO and goroutines should respect context where appropriate.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Go work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "go", "scope_hint": "code.go:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/java-jvm/README.md b/packages/domain-packs/code/java-jvm/README.md index 1ba24ff5..ec9a2098 100644 --- a/packages/domain-packs/code/java-jvm/README.md +++ b/packages/domain-packs/code/java-jvm/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/java-jvm/documents/knowledge/build-tool-scope.json b/packages/domain-packs/code/java-jvm/documents/knowledge/build-tool-scope.json index a610f6c2..d42d6fcb 100644 --- a/packages/domain-packs/code/java-jvm/documents/knowledge/build-tool-scope.json +++ b/packages/domain-packs/code/java-jvm/documents/knowledge/build-tool-scope.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:java_jvm:build-tool-scope", "type": "knowledge", "description": "Maven and Gradle module scope affects tests and dependencies.", - "body": "Run the module-level build that owns the changed code.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Java JVM work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Run the module-level build that owns the changed code.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Java JVM work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "java_jvm", "scope_hint": "code.java-jvm:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/README.md b/packages/domain-packs/code/mcp/README.md index 03981fb6..5100398a 100644 --- a/packages/domain-packs/code/mcp/README.md +++ b/packages/domain-packs/code/mcp/README.md @@ -10,7 +10,7 @@ Does not bypass runtime permission gates or import external tool servers blindly ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/mcp/documents/failure_dossiers/tool-with-broad-shell.json b/packages/domain-packs/code/mcp/documents/failure_dossiers/tool-with-broad-shell.json index 81a69f6e..35920e39 100644 --- a/packages/domain-packs/code/mcp/documents/failure_dossiers/tool-with-broad-shell.json +++ b/packages/domain-packs/code/mcp/documents/failure_dossiers/tool-with-broad-shell.json @@ -2,7 +2,7 @@ "ref_id": "failure:mcp:tool-with-broad-shell", "type": "failure_dossier", "description": "A tool with unconstrained shell access can bypass runtime intent.", - "body": "Constrain commands and approvals.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Constrain commands and approvals.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "mcp", "scope_hint": "code.mcp:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/failure_dossiers/unstructured-tool-result.json b/packages/domain-packs/code/mcp/documents/failure_dossiers/unstructured-tool-result.json index 3135d6e6..9631a7f5 100644 --- a/packages/domain-packs/code/mcp/documents/failure_dossiers/unstructured-tool-result.json +++ b/packages/domain-packs/code/mcp/documents/failure_dossiers/unstructured-tool-result.json @@ -2,7 +2,7 @@ "ref_id": "failure:mcp:unstructured-tool-result", "type": "failure_dossier", "description": "Free-form tool output cannot reliably drive validation.", - "body": "Return structured evidence.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Return structured evidence.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "mcp", "scope_hint": "code.mcp:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/knowledge/external-tool-supply-chain.json b/packages/domain-packs/code/mcp/documents/knowledge/external-tool-supply-chain.json index 6d3b4f41..0fc392fd 100644 --- a/packages/domain-packs/code/mcp/documents/knowledge/external-tool-supply-chain.json +++ b/packages/domain-packs/code/mcp/documents/knowledge/external-tool-supply-chain.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:mcp:external-tool-supply-chain", "type": "knowledge", "description": "External tools carry dependency and script risk.", - "body": "Do not enable tool packages without provenance and permission review.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Do not enable tool packages without provenance and permission review.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/knowledge/tool-output-needs-structure.json b/packages/domain-packs/code/mcp/documents/knowledge/tool-output-needs-structure.json index b104450e..3eab9792 100644 --- a/packages/domain-packs/code/mcp/documents/knowledge/tool-output-needs-structure.json +++ b/packages/domain-packs/code/mcp/documents/knowledge/tool-output-needs-structure.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:mcp:tool-output-needs-structure", "type": "knowledge", "description": "Structured tool output enables validation and replay.", - "body": "Free-form output is hard to gate or compare.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Free-form output is hard to gate or compare.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/knowledge/tool-schema-is-contract.json b/packages/domain-packs/code/mcp/documents/knowledge/tool-schema-is-contract.json index e7d71ed4..e947673a 100644 --- a/packages/domain-packs/code/mcp/documents/knowledge/tool-schema-is-contract.json +++ b/packages/domain-packs/code/mcp/documents/knowledge/tool-schema-is-contract.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:mcp:tool-schema-is-contract", "type": "knowledge", "description": "Tool schemas are executable contracts between model and runtime.", - "body": "Ambiguous schemas cause bad calls and unsafe assumptions.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Ambiguous schemas cause bad calls and unsafe assumptions.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/methodologies/external-tool-review.json b/packages/domain-packs/code/mcp/documents/methodologies/external-tool-review.json index c80cfd6d..9e45e160 100644 --- a/packages/domain-packs/code/mcp/documents/methodologies/external-tool-review.json +++ b/packages/domain-packs/code/mcp/documents/methodologies/external-tool-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:mcp:external-tool-review", "type": "methodology", "description": "Review provenance, license, dependencies, scripts, and permissions before enabling external tools.", - "body": "Steps: inspect source; check install scripts; review dependencies; check network writes; run sandbox fixture.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: inspect source; check install scripts; review dependencies; check network writes; run sandbox fixture.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/methodologies/mcp-server-validation.json b/packages/domain-packs/code/mcp/documents/methodologies/mcp-server-validation.json index df3cd9e9..233c9c18 100644 --- a/packages/domain-packs/code/mcp/documents/methodologies/mcp-server-validation.json +++ b/packages/domain-packs/code/mcp/documents/methodologies/mcp-server-validation.json @@ -2,7 +2,7 @@ "ref_id": "methodology:mcp:mcp-server-validation", "type": "methodology", "description": "Validate schema, fixture calls, errors, and permission behavior.", - "body": "Steps: inspect manifest/schema; run fixture call; test invalid input; test denied permission; record artifacts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: inspect manifest/schema; run fixture call; test invalid input; test denied permission; record artifacts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/methodologies/tool-audit-flow.json b/packages/domain-packs/code/mcp/documents/methodologies/tool-audit-flow.json index b9b284fa..7afcb058 100644 --- a/packages/domain-packs/code/mcp/documents/methodologies/tool-audit-flow.json +++ b/packages/domain-packs/code/mcp/documents/methodologies/tool-audit-flow.json @@ -2,7 +2,7 @@ "ref_id": "methodology:mcp:tool-audit-flow", "type": "methodology", "description": "Record tool invocation, inputs summary, permission decision, output refs, and errors.", - "body": "Steps: capture invocation metadata; scrub secrets; record artifacts; connect failures to DiagnosisResult.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: capture invocation metadata; scrub secrets; record artifacts; connect failures to DiagnosisResult.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/skills/validate-mcp-tool.json b/packages/domain-packs/code/mcp/documents/skills/validate-mcp-tool.json index 34ff2b08..d0695951 100644 --- a/packages/domain-packs/code/mcp/documents/skills/validate-mcp-tool.json +++ b/packages/domain-packs/code/mcp/documents/skills/validate-mcp-tool.json @@ -2,7 +2,7 @@ "ref_id": "skill:mcp:validate-mcp-tool", "type": "skill", "description": "Run fixture validation for an MCP tool contract and permissions.", - "body": "Inputs: tool manifest and fixture. Output: schema verdict, permission verdict, and artifact refs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: tool manifest and fixture. Output: schema verdict, permission verdict, and artifact refs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/strategies/artifact-backed-tools.json b/packages/domain-packs/code/mcp/documents/strategies/artifact-backed-tools.json index 90182641..66527669 100644 --- a/packages/domain-packs/code/mcp/documents/strategies/artifact-backed-tools.json +++ b/packages/domain-packs/code/mcp/documents/strategies/artifact-backed-tools.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mcp:artifact-backed-tools", "type": "strategy", "description": "Tool calls should return structured artifacts or evidence refs, not vague prose.", - "body": "Structured output makes validation and replay possible.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Structured output makes validation and replay possible.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/strategies/lazy-load-external-tools.json b/packages/domain-packs/code/mcp/documents/strategies/lazy-load-external-tools.json index 8294fb63..b74c7d65 100644 --- a/packages/domain-packs/code/mcp/documents/strategies/lazy-load-external-tools.json +++ b/packages/domain-packs/code/mcp/documents/strategies/lazy-load-external-tools.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mcp:lazy-load-external-tools", "type": "strategy", "description": "Load external tools only when activated and permitted.", - "body": "Skill survey highlighted lazy loading and audit as part of skill runtime contracts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Skill survey highlighted lazy loading and audit as part of skill runtime contracts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/strategies/permission-minimal-tools.json b/packages/domain-packs/code/mcp/documents/strategies/permission-minimal-tools.json index 82d0adcd..317bf3ec 100644 --- a/packages/domain-packs/code/mcp/documents/strategies/permission-minimal-tools.json +++ b/packages/domain-packs/code/mcp/documents/strategies/permission-minimal-tools.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mcp:permission-minimal-tools", "type": "strategy", "description": "Grant tools the smallest filesystem, network, and shell scope needed.", - "body": "Tool servers can become privilege expansion points. Keep allowed operations explicit.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Tool servers can become privilege expansion points. Keep allowed operations explicit.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mcp/documents/strategies/tool-contract-first.json b/packages/domain-packs/code/mcp/documents/strategies/tool-contract-first.json index a8b343a0..87a88d10 100644 --- a/packages/domain-packs/code/mcp/documents/strategies/tool-contract-first.json +++ b/packages/domain-packs/code/mcp/documents/strategies/tool-contract-first.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mcp:tool-contract-first", "type": "strategy", "description": "Define tool input/output schema before implementation.", - "body": "MCP tools need explicit schemas, errors, permissions, and side effects so callers can reason safely.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "MCP tools need explicit schemas, errors, permissions, and side effects so callers can reason safely.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when MCP Integration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "mcp", "scope_hint": "code.mcp:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/README.md b/packages/domain-packs/code/migration/README.md index 62d3b808..b4882256 100644 --- a/packages/domain-packs/code/migration/README.md +++ b/packages/domain-packs/code/migration/README.md @@ -10,7 +10,7 @@ Does not own database destructive migration policy or production rollout approva ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/migration/documents/failure_dossiers/big-bang-migration.json b/packages/domain-packs/code/migration/documents/failure_dossiers/big-bang-migration.json index 32f95200..4784373b 100644 --- a/packages/domain-packs/code/migration/documents/failure_dossiers/big-bang-migration.json +++ b/packages/domain-packs/code/migration/documents/failure_dossiers/big-bang-migration.json @@ -2,7 +2,7 @@ "ref_id": "failure:migration:big-bang-migration", "type": "failure_dossier", "description": "Changing all layers at once makes failures hard to attribute.", - "body": "Use phases and compatibility windows.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use phases and compatibility windows.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "migration", "scope_hint": "code.migration:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/failure_dossiers/codemod-without-review.json b/packages/domain-packs/code/migration/documents/failure_dossiers/codemod-without-review.json index 07f4e300..126ab9ae 100644 --- a/packages/domain-packs/code/migration/documents/failure_dossiers/codemod-without-review.json +++ b/packages/domain-packs/code/migration/documents/failure_dossiers/codemod-without-review.json @@ -2,7 +2,7 @@ "ref_id": "failure:migration:codemod-without-review", "type": "failure_dossier", "description": "Applying codemod output without sampling can introduce widespread semantic bugs.", - "body": "Review representative diffs first.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Review representative diffs first.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "migration", "scope_hint": "code.migration:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/knowledge/codemods-overmatch.json b/packages/domain-packs/code/migration/documents/knowledge/codemods-overmatch.json index f2aa79d0..9c416f87 100644 --- a/packages/domain-packs/code/migration/documents/knowledge/codemods-overmatch.json +++ b/packages/domain-packs/code/migration/documents/knowledge/codemods-overmatch.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:migration:codemods-overmatch", "type": "knowledge", "description": "Codemods can change syntactically similar but semantically different code.", - "body": "Review representative diffs and use tests to catch semantic mismatch.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Review representative diffs and use tests to catch semantic mismatch.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/knowledge/migration-is-stateful.json b/packages/domain-packs/code/migration/documents/knowledge/migration-is-stateful.json index 30214bd6..df0b92b8 100644 --- a/packages/domain-packs/code/migration/documents/knowledge/migration-is-stateful.json +++ b/packages/domain-packs/code/migration/documents/knowledge/migration-is-stateful.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:migration:migration-is-stateful", "type": "knowledge", "description": "Migration correctness depends on intermediate states, not only final code.", - "body": "During rollout, old and new versions may coexist. Validate transitional behavior.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "During rollout, old and new versions may coexist. Validate transitional behavior.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/knowledge/version-upgrade-breaks-transitives.json b/packages/domain-packs/code/migration/documents/knowledge/version-upgrade-breaks-transitives.json index ae28437b..d4b8dfe8 100644 --- a/packages/domain-packs/code/migration/documents/knowledge/version-upgrade-breaks-transitives.json +++ b/packages/domain-packs/code/migration/documents/knowledge/version-upgrade-breaks-transitives.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:migration:version-upgrade-breaks-transitives", "type": "knowledge", "description": "Dependency upgrades can break transitive APIs and generated artifacts.", - "body": "Lockfile and generated output changes need review.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Lockfile and generated output changes need review.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/methodologies/codemod-safety-loop.json b/packages/domain-packs/code/migration/documents/methodologies/codemod-safety-loop.json index 9352a9a5..f9d7ab41 100644 --- a/packages/domain-packs/code/migration/documents/methodologies/codemod-safety-loop.json +++ b/packages/domain-packs/code/migration/documents/methodologies/codemod-safety-loop.json @@ -2,7 +2,7 @@ "ref_id": "methodology:migration:codemod-safety-loop", "type": "methodology", "description": "Dry-run, sample review, apply, then run targeted tests.", - "body": "Steps: run codemod on sample; inspect diff; apply to scoped files; run typecheck/tests; revert or refine if pattern overmatches.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: run codemod on sample; inspect diff; apply to scoped files; run typecheck/tests; revert or refine if pattern overmatches.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/methodologies/compat-cleanup-gate.json b/packages/domain-packs/code/migration/documents/methodologies/compat-cleanup-gate.json index 3f5345d0..4217b0b3 100644 --- a/packages/domain-packs/code/migration/documents/methodologies/compat-cleanup-gate.json +++ b/packages/domain-packs/code/migration/documents/methodologies/compat-cleanup-gate.json @@ -2,7 +2,7 @@ "ref_id": "methodology:migration:compat-cleanup-gate", "type": "methodology", "description": "Remove old paths only after usage and tests prove migration complete.", - "body": "Steps: search remaining callers; run compatibility tests; remove old code; run broad regression; document breaking changes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: search remaining callers; run compatibility tests; remove old code; run broad regression; document breaking changes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/methodologies/migration-precheck-plan-execute.json b/packages/domain-packs/code/migration/documents/methodologies/migration-precheck-plan-execute.json index e168c4cb..0bb10ef4 100644 --- a/packages/domain-packs/code/migration/documents/methodologies/migration-precheck-plan-execute.json +++ b/packages/domain-packs/code/migration/documents/methodologies/migration-precheck-plan-execute.json @@ -2,7 +2,7 @@ "ref_id": "methodology:migration:migration-precheck-plan-execute", "type": "methodology", "description": "Precheck versions, plan changes, execute narrow batches, validate, summarize.", - "body": "Steps: identify current/new versions; inventory breakages; plan batches; run codemod/manual changes; validate per batch; summarize residual compatibility.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: identify current/new versions; inventory breakages; plan batches; run codemod/manual changes; validate per batch; summarize residual compatibility.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/skills/run-migration-inventory.json b/packages/domain-packs/code/migration/documents/skills/run-migration-inventory.json index e9c0ea8e..e01143a2 100644 --- a/packages/domain-packs/code/migration/documents/skills/run-migration-inventory.json +++ b/packages/domain-packs/code/migration/documents/skills/run-migration-inventory.json @@ -2,7 +2,7 @@ "ref_id": "skill:migration:run-migration-inventory", "type": "skill", "description": "Find impacted files, APIs, generated artifacts, and tests for a migration.", - "body": "Inputs: migration target and repo. Output: affected patterns, risk buckets, and validation plan.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: migration target and repo. Output: affected patterns, risk buckets, and validation plan.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/strategies/compat-first.json b/packages/domain-packs/code/migration/documents/strategies/compat-first.json index c72d8795..4adfbac2 100644 --- a/packages/domain-packs/code/migration/documents/strategies/compat-first.json +++ b/packages/domain-packs/code/migration/documents/strategies/compat-first.json @@ -2,7 +2,7 @@ "ref_id": "strategy:migration:compat-first", "type": "strategy", "description": "Add compatibility before switching callers where possible.", - "body": "Migrations are safer when old and new paths coexist during transition. Remove compatibility only after validation.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Migrations are safer when old and new paths coexist during transition. Remove compatibility only after validation.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/strategies/deprecation-window.json b/packages/domain-packs/code/migration/documents/strategies/deprecation-window.json index ad0305ce..7fb8a7c8 100644 --- a/packages/domain-packs/code/migration/documents/strategies/deprecation-window.json +++ b/packages/domain-packs/code/migration/documents/strategies/deprecation-window.json @@ -2,7 +2,7 @@ "ref_id": "strategy:migration:deprecation-window", "type": "strategy", "description": "Keep user-facing or cross-package changes behind explicit deprecation windows.", - "body": "Internal callers can migrate atomically; external or generated clients usually cannot.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Internal callers can migrate atomically; external or generated clients usually cannot.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/strategies/inventory-before-codemod.json b/packages/domain-packs/code/migration/documents/strategies/inventory-before-codemod.json index c10afc58..1024c74e 100644 --- a/packages/domain-packs/code/migration/documents/strategies/inventory-before-codemod.json +++ b/packages/domain-packs/code/migration/documents/strategies/inventory-before-codemod.json @@ -2,7 +2,7 @@ "ref_id": "strategy:migration:inventory-before-codemod", "type": "strategy", "description": "Inventory affected files and patterns before bulk edits.", - "body": "A codemod without scope inventory can miss variants or change unintended code.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A codemod without scope inventory can miss variants or change unintended code.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/migration/documents/strategies/phase-upgrade.json b/packages/domain-packs/code/migration/documents/strategies/phase-upgrade.json index e5d950c9..03b3dd14 100644 --- a/packages/domain-packs/code/migration/documents/strategies/phase-upgrade.json +++ b/packages/domain-packs/code/migration/documents/strategies/phase-upgrade.json @@ -2,7 +2,7 @@ "ref_id": "strategy:migration:phase-upgrade", "type": "strategy", "description": "Use precheck, plan, execute, summarize phases for upgrades.", - "body": "Skill survey upgrade workflows repeatedly split migration into precheck, plan, execution, and evidence summary.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Skill survey upgrade workflows repeatedly split migration into precheck, plan, execution, and evidence summary.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Migration work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "migration", "scope_hint": "code.migration:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/README.md b/packages/domain-packs/code/mobile/README.md index f2a1b28d..d0d3be2e 100644 --- a/packages/domain-packs/code/mobile/README.md +++ b/packages/domain-packs/code/mobile/README.md @@ -10,7 +10,7 @@ Does not replace iOS/Android language-specific packs or app-store legal review. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/mobile/documents/failure_dossiers/online-only-mobile.json b/packages/domain-packs/code/mobile/documents/failure_dossiers/online-only-mobile.json index e90a3ac5..d19e0543 100644 --- a/packages/domain-packs/code/mobile/documents/failure_dossiers/online-only-mobile.json +++ b/packages/domain-packs/code/mobile/documents/failure_dossiers/online-only-mobile.json @@ -2,7 +2,7 @@ "ref_id": "failure:mobile:online-only-mobile", "type": "failure_dossier", "description": "Ignoring offline state breaks common mobile usage.", - "body": "Add offline fallback or clear user feedback.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Add offline fallback or clear user feedback.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "ios", "scope_hint": "code.mobile:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/failure_dossiers/permission-happy-path-only.json b/packages/domain-packs/code/mobile/documents/failure_dossiers/permission-happy-path-only.json index 6a2d5fcb..ff7eb5bc 100644 --- a/packages/domain-packs/code/mobile/documents/failure_dossiers/permission-happy-path-only.json +++ b/packages/domain-packs/code/mobile/documents/failure_dossiers/permission-happy-path-only.json @@ -2,7 +2,7 @@ "ref_id": "failure:mobile:permission-happy-path-only", "type": "failure_dossier", "description": "Testing only granted permission misses denial failures.", - "body": "Test denied and revoked states.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Test denied and revoked states.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "ios", "scope_hint": "code.mobile:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/knowledge/app-lifecycle-breaks-assumptions.json b/packages/domain-packs/code/mobile/documents/knowledge/app-lifecycle-breaks-assumptions.json index 1e54d456..9439102f 100644 --- a/packages/domain-packs/code/mobile/documents/knowledge/app-lifecycle-breaks-assumptions.json +++ b/packages/domain-packs/code/mobile/documents/knowledge/app-lifecycle-breaks-assumptions.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:mobile:app-lifecycle-breaks-assumptions", "type": "knowledge", "description": "Mobile OS can pause or kill apps between operations.", - "body": "Persist critical state and handle resume.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Persist critical state and handle resume.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/knowledge/device-data-privacy.json b/packages/domain-packs/code/mobile/documents/knowledge/device-data-privacy.json index 749606ad..08dbd041 100644 --- a/packages/domain-packs/code/mobile/documents/knowledge/device-data-privacy.json +++ b/packages/domain-packs/code/mobile/documents/knowledge/device-data-privacy.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:mobile:device-data-privacy", "type": "knowledge", "description": "Location, contacts, device IDs, and notifications carry privacy risk.", - "body": "Apply privacy minimization and consent.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Apply privacy minimization and consent.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/knowledge/mobile-permissions-are-state.json b/packages/domain-packs/code/mobile/documents/knowledge/mobile-permissions-are-state.json index 5f96847c..45817acc 100644 --- a/packages/domain-packs/code/mobile/documents/knowledge/mobile-permissions-are-state.json +++ b/packages/domain-packs/code/mobile/documents/knowledge/mobile-permissions-are-state.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:mobile:mobile-permissions-are-state", "type": "knowledge", "description": "Permission status is part of app state and can change outside the app.", - "body": "Users can revoke permissions in settings.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Users can revoke permissions in settings.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/methodologies/mobile-smoke-matrix.json b/packages/domain-packs/code/mobile/documents/methodologies/mobile-smoke-matrix.json index abf03e05..1ff05888 100644 --- a/packages/domain-packs/code/mobile/documents/methodologies/mobile-smoke-matrix.json +++ b/packages/domain-packs/code/mobile/documents/methodologies/mobile-smoke-matrix.json @@ -2,7 +2,7 @@ "ref_id": "methodology:mobile:mobile-smoke-matrix", "type": "methodology", "description": "Test core flow across device size, OS version, lifecycle, and permission states.", - "body": "Steps: run simulator/device; test happy path; deny permission; background/restore; rotate; test offline if relevant.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: run simulator/device; test happy path; deny permission; background/restore; rotate; test offline if relevant.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/methodologies/offline-sync-check.json b/packages/domain-packs/code/mobile/documents/methodologies/offline-sync-check.json index 4f6c88d7..eef5e88e 100644 --- a/packages/domain-packs/code/mobile/documents/methodologies/offline-sync-check.json +++ b/packages/domain-packs/code/mobile/documents/methodologies/offline-sync-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:mobile:offline-sync-check", "type": "methodology", "description": "Verify offline writes, retry, conflict, and user feedback.", - "body": "Steps: disable network; perform action; restore network; inspect sync and conflict behavior.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: disable network; perform action; restore network; inspect sync and conflict behavior.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/methodologies/permission-flow-check.json b/packages/domain-packs/code/mobile/documents/methodologies/permission-flow-check.json index e9f8fd34..e14a1ba3 100644 --- a/packages/domain-packs/code/mobile/documents/methodologies/permission-flow-check.json +++ b/packages/domain-packs/code/mobile/documents/methodologies/permission-flow-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:mobile:permission-flow-check", "type": "methodology", "description": "Verify request, denial, limited access, settings change, and retry behavior.", - "body": "Steps: reset permissions; request; deny; continue with fallback; re-enable; verify state.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: reset permissions; request; deny; continue with fallback; re-enable; verify state.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/skills/run-mobile-flow-check.json b/packages/domain-packs/code/mobile/documents/skills/run-mobile-flow-check.json index 288f36fe..7f2043bd 100644 --- a/packages/domain-packs/code/mobile/documents/skills/run-mobile-flow-check.json +++ b/packages/domain-packs/code/mobile/documents/skills/run-mobile-flow-check.json @@ -2,7 +2,7 @@ "ref_id": "skill:mobile:run-mobile-flow-check", "type": "skill", "description": "Plan and record a mobile smoke matrix for changed flow.", - "body": "Inputs: flow and platform. Output: device matrix, permission states, and observed gaps.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: flow and platform. Output: device matrix, permission states, and observed gaps.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/strategies/lifecycle-aware-state.json b/packages/domain-packs/code/mobile/documents/strategies/lifecycle-aware-state.json index c8135d93..0fa4dd0b 100644 --- a/packages/domain-packs/code/mobile/documents/strategies/lifecycle-aware-state.json +++ b/packages/domain-packs/code/mobile/documents/strategies/lifecycle-aware-state.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mobile:lifecycle-aware-state", "type": "strategy", "description": "Mobile flows must handle background, foreground, rotation, and process death.", - "body": "Mobile apps face lifecycle transitions that desktop/web flows may not.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Mobile apps face lifecycle transitions that desktop/web flows may not.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/strategies/offline-and-retry.json b/packages/domain-packs/code/mobile/documents/strategies/offline-and-retry.json index 30feef4b..67c2b172 100644 --- a/packages/domain-packs/code/mobile/documents/strategies/offline-and-retry.json +++ b/packages/domain-packs/code/mobile/documents/strategies/offline-and-retry.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mobile:offline-and-retry", "type": "strategy", "description": "Mobile network behavior must handle offline and intermittent connectivity.", - "body": "Retry, cache, and sync logic should be explicit.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Retry, cache, and sync logic should be explicit.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/strategies/permission-before-use.json b/packages/domain-packs/code/mobile/documents/strategies/permission-before-use.json index 5630f162..75289f5d 100644 --- a/packages/domain-packs/code/mobile/documents/strategies/permission-before-use.json +++ b/packages/domain-packs/code/mobile/documents/strategies/permission-before-use.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mobile:permission-before-use", "type": "strategy", "description": "Device capabilities require explicit permission and fallback behavior.", - "body": "Camera, location, contacts, notifications, and storage need user permission and denied states.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Camera, location, contacts, notifications, and storage need user permission and denied states.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/mobile/documents/strategies/privacy-by-device-data.json b/packages/domain-packs/code/mobile/documents/strategies/privacy-by-device-data.json index d18315cf..bb2d4004 100644 --- a/packages/domain-packs/code/mobile/documents/strategies/privacy-by-device-data.json +++ b/packages/domain-packs/code/mobile/documents/strategies/privacy-by-device-data.json @@ -2,7 +2,7 @@ "ref_id": "strategy:mobile:privacy-by-device-data", "type": "strategy", "description": "Device identifiers and location are privacy-sensitive.", - "body": "Treat device metadata as personal or sensitive when it can identify a user.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Treat device metadata as personal or sensitive when it can identify a user.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Mobile Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "ios", "scope_hint": "code.mobile:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/README.md b/packages/domain-packs/code/observability/README.md index b5ed1f78..3948c299 100644 --- a/packages/domain-packs/code/observability/README.md +++ b/packages/domain-packs/code/observability/README.md @@ -10,7 +10,7 @@ Does not own vendor-specific cloud operations or privacy/legal approval. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/observability/documents/failure_dossiers/log-everything.json b/packages/domain-packs/code/observability/documents/failure_dossiers/log-everything.json index 4ca054ee..936e03f2 100644 --- a/packages/domain-packs/code/observability/documents/failure_dossiers/log-everything.json +++ b/packages/domain-packs/code/observability/documents/failure_dossiers/log-everything.json @@ -2,7 +2,7 @@ "ref_id": "failure:observability:log-everything", "type": "failure_dossier", "description": "Logging every value creates noise and data exposure risk.", - "body": "Log intentional, redacted, structured fields.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Log intentional, redacted, structured fields.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "observability", "scope_hint": "code.observability:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/failure_dossiers/metric-without-action.json b/packages/domain-packs/code/observability/documents/failure_dossiers/metric-without-action.json index bf6b58ce..ea423acb 100644 --- a/packages/domain-packs/code/observability/documents/failure_dossiers/metric-without-action.json +++ b/packages/domain-packs/code/observability/documents/failure_dossiers/metric-without-action.json @@ -2,7 +2,7 @@ "ref_id": "failure:observability:metric-without-action", "type": "failure_dossier", "description": "Metrics without thresholds or owners create alert fatigue.", - "body": "Define action path.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Define action path.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "observability", "scope_hint": "code.observability:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/knowledge/high-cardinality-cost.json b/packages/domain-packs/code/observability/documents/knowledge/high-cardinality-cost.json index 6b70fdf3..17eca6be 100644 --- a/packages/domain-packs/code/observability/documents/knowledge/high-cardinality-cost.json +++ b/packages/domain-packs/code/observability/documents/knowledge/high-cardinality-cost.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:observability:high-cardinality-cost", "type": "knowledge", "description": "High-cardinality metric labels can overload observability systems.", - "body": "User IDs, request IDs, and raw paths can explode metric series.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "User IDs, request IDs, and raw paths can explode metric series.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/knowledge/logs-can-leak.json b/packages/domain-packs/code/observability/documents/knowledge/logs-can-leak.json index b3eb69de..bf12a3fc 100644 --- a/packages/domain-packs/code/observability/documents/knowledge/logs-can-leak.json +++ b/packages/domain-packs/code/observability/documents/knowledge/logs-can-leak.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:observability:logs-can-leak", "type": "knowledge", "description": "Logs can leak secrets and personal data.", - "body": "Telemetry sinks often outlive primary data and are broadly accessible.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Telemetry sinks often outlive primary data and are broadly accessible.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/knowledge/traces-show-path.json b/packages/domain-packs/code/observability/documents/knowledge/traces-show-path.json index c3be9e5d..ab8d2953 100644 --- a/packages/domain-packs/code/observability/documents/knowledge/traces-show-path.json +++ b/packages/domain-packs/code/observability/documents/knowledge/traces-show-path.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:observability:traces-show-path", "type": "knowledge", "description": "Distributed traces show path and timing, not automatically root cause.", - "body": "Interpret traces with logs, errors, and domain invariants.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Interpret traces with logs, errors, and domain invariants.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/methodologies/incident-evidence-pack.json b/packages/domain-packs/code/observability/documents/methodologies/incident-evidence-pack.json index 76beb560..2455dec2 100644 --- a/packages/domain-packs/code/observability/documents/methodologies/incident-evidence-pack.json +++ b/packages/domain-packs/code/observability/documents/methodologies/incident-evidence-pack.json @@ -2,7 +2,7 @@ "ref_id": "methodology:observability:incident-evidence-pack", "type": "methodology", "description": "Collect logs, metrics, traces, commands, and timeline for failure diagnosis.", - "body": "Steps: capture timeline; collect correlated artifacts; classify symptom/cause; identify missing instrumentation.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: capture timeline; collect correlated artifacts; classify symptom/cause; identify missing instrumentation.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/methodologies/instrumentation-review.json b/packages/domain-packs/code/observability/documents/methodologies/instrumentation-review.json index a57e5fb4..ae3fb8ee 100644 --- a/packages/domain-packs/code/observability/documents/methodologies/instrumentation-review.json +++ b/packages/domain-packs/code/observability/documents/methodologies/instrumentation-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:observability:instrumentation-review", "type": "methodology", "description": "Review new telemetry for cardinality, sensitivity, and usefulness.", - "body": "Steps: inspect fields; check high-cardinality labels; redact secrets/PII; verify dashboards or alerts consume it.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: inspect fields; check high-cardinality labels; redact secrets/PII; verify dashboards or alerts consume it.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/methodologies/trace-search-flow.json b/packages/domain-packs/code/observability/documents/methodologies/trace-search-flow.json index 1d23bf94..5c71fdd6 100644 --- a/packages/domain-packs/code/observability/documents/methodologies/trace-search-flow.json +++ b/packages/domain-packs/code/observability/documents/methodologies/trace-search-flow.json @@ -2,7 +2,7 @@ "ref_id": "methodology:observability:trace-search-flow", "type": "methodology", "description": "Search traces/logs by correlation, time window, and boundary events.", - "body": "Steps: identify time window; find correlation id; inspect boundary spans; compare expected and observed transitions; record query and artifact refs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: identify time window; find correlation id; inspect boundary spans; compare expected and observed transitions; record query and artifact refs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/skills/build-diagnostic-timeline.json b/packages/domain-packs/code/observability/documents/skills/build-diagnostic-timeline.json index 4452d666..52b7a0c6 100644 --- a/packages/domain-packs/code/observability/documents/skills/build-diagnostic-timeline.json +++ b/packages/domain-packs/code/observability/documents/skills/build-diagnostic-timeline.json @@ -2,7 +2,7 @@ "ref_id": "skill:observability:build-diagnostic-timeline", "type": "skill", "description": "Build a failure timeline from logs, traces, metrics, and commands.", - "body": "Inputs: artifact refs and time window. Output: ordered events, gaps, and suspected cause.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: artifact refs and time window. Output: ordered events, gaps, and suspected cause.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/strategies/correlation-first.json b/packages/domain-packs/code/observability/documents/strategies/correlation-first.json index 978fc2f6..aa60b937 100644 --- a/packages/domain-packs/code/observability/documents/strategies/correlation-first.json +++ b/packages/domain-packs/code/observability/documents/strategies/correlation-first.json @@ -2,7 +2,7 @@ "ref_id": "strategy:observability:correlation-first", "type": "strategy", "description": "Use request IDs, trace IDs, or run IDs to connect events.", - "body": "Uncorrelated logs are hard to debug. Propagate correlation across boundaries.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Uncorrelated logs are hard to debug. Propagate correlation across boundaries.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/strategies/metric-with-owner.json b/packages/domain-packs/code/observability/documents/strategies/metric-with-owner.json index 58f05b0d..09cab3bb 100644 --- a/packages/domain-packs/code/observability/documents/strategies/metric-with-owner.json +++ b/packages/domain-packs/code/observability/documents/strategies/metric-with-owner.json @@ -2,7 +2,7 @@ "ref_id": "strategy:observability:metric-with-owner", "type": "strategy", "description": "Metrics need owner, interpretation, and action threshold.", - "body": "A metric no one understands or responds to creates noise.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "A metric no one understands or responds to creates noise.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/strategies/safe-telemetry.json b/packages/domain-packs/code/observability/documents/strategies/safe-telemetry.json index 30e5959c..1de85294 100644 --- a/packages/domain-packs/code/observability/documents/strategies/safe-telemetry.json +++ b/packages/domain-packs/code/observability/documents/strategies/safe-telemetry.json @@ -2,7 +2,7 @@ "ref_id": "strategy:observability:safe-telemetry", "type": "strategy", "description": "Telemetry must avoid secrets and personal data by default.", - "body": "Observability is data processing. Redact sensitive values before emission.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Observability is data processing. Redact sensitive values before emission.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/observability/documents/strategies/structured-logs.json b/packages/domain-packs/code/observability/documents/strategies/structured-logs.json index fe6cc631..da3f0734 100644 --- a/packages/domain-packs/code/observability/documents/strategies/structured-logs.json +++ b/packages/domain-packs/code/observability/documents/strategies/structured-logs.json @@ -2,7 +2,7 @@ "ref_id": "strategy:observability:structured-logs", "type": "strategy", "description": "Prefer structured events over free-form strings for diagnostic data.", - "body": "Structured logs preserve fields and support filtering without parsing fragile text.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Structured logs preserve fields and support filtering without parsing fragile text.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Observability work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "observability", "scope_hint": "code.observability:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/README.md b/packages/domain-packs/code/performance/README.md index ba77422f..70f28cb3 100644 --- a/packages/domain-packs/code/performance/README.md +++ b/packages/domain-packs/code/performance/README.md @@ -10,7 +10,7 @@ Does not own GPU-specific kernel optimization or database-specific query tuning ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/performance/documents/failure_dossiers/average-only-performance.json b/packages/domain-packs/code/performance/documents/failure_dossiers/average-only-performance.json index 853c8c6f..139609f6 100644 --- a/packages/domain-packs/code/performance/documents/failure_dossiers/average-only-performance.json +++ b/packages/domain-packs/code/performance/documents/failure_dossiers/average-only-performance.json @@ -2,7 +2,7 @@ "ref_id": "failure:performance:average-only-performance", "type": "failure_dossier", "description": "Reporting only average latency can hide tail regressions.", - "body": "Use percentiles when user-facing latency matters.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use percentiles when user-facing latency matters.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "performance", "scope_hint": "code.performance:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/failure_dossiers/optimize-without-baseline.json b/packages/domain-packs/code/performance/documents/failure_dossiers/optimize-without-baseline.json index 5814f340..babf6105 100644 --- a/packages/domain-packs/code/performance/documents/failure_dossiers/optimize-without-baseline.json +++ b/packages/domain-packs/code/performance/documents/failure_dossiers/optimize-without-baseline.json @@ -2,7 +2,7 @@ "ref_id": "failure:performance:optimize-without-baseline", "type": "failure_dossier", "description": "Optimizing without a baseline cannot prove improvement.", - "body": "Require a baseline and same workload comparison.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Require a baseline and same workload comparison.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "performance", "scope_hint": "code.performance:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/knowledge/cache-invalidates-complexity.json b/packages/domain-packs/code/performance/documents/knowledge/cache-invalidates-complexity.json index 89d5bd20..b07a2806 100644 --- a/packages/domain-packs/code/performance/documents/knowledge/cache-invalidates-complexity.json +++ b/packages/domain-packs/code/performance/documents/knowledge/cache-invalidates-complexity.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:performance:cache-invalidates-complexity", "type": "knowledge", "description": "Caching improves repeated reads only if invalidation and freshness are handled.", - "body": "A cache without invalidation, TTL, or ownership can return stale data and create correctness failures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "A cache without invalidation, TTL, or ownership can return stale data and create correctness failures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/knowledge/io-bound-vs-cpu-bound.json b/packages/domain-packs/code/performance/documents/knowledge/io-bound-vs-cpu-bound.json index 1d35ea97..7bae80c8 100644 --- a/packages/domain-packs/code/performance/documents/knowledge/io-bound-vs-cpu-bound.json +++ b/packages/domain-packs/code/performance/documents/knowledge/io-bound-vs-cpu-bound.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:performance:io-bound-vs-cpu-bound", "type": "knowledge", "description": "Optimization depends on whether the bottleneck is CPU, IO, lock, network, or allocation.", - "body": "Different bottlenecks require different tools and fixes. CPU tuning will not help a network wait.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Different bottlenecks require different tools and fixes. CPU tuning will not help a network wait.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/knowledge/microbench-not-product.json b/packages/domain-packs/code/performance/documents/knowledge/microbench-not-product.json index e576162d..e22d1804 100644 --- a/packages/domain-packs/code/performance/documents/knowledge/microbench-not-product.json +++ b/packages/domain-packs/code/performance/documents/knowledge/microbench-not-product.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:performance:microbench-not-product", "type": "knowledge", "description": "Microbenchmarks do not replace product workload validation.", - "body": "Microbenchmarks isolate a mechanism. Product impact still requires representative workload or integration measurement.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Microbenchmarks isolate a mechanism. Product impact still requires representative workload or integration measurement.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/methodologies/allocation-regression-check.json b/packages/domain-packs/code/performance/documents/methodologies/allocation-regression-check.json index ac33d670..29929468 100644 --- a/packages/domain-packs/code/performance/documents/methodologies/allocation-regression-check.json +++ b/packages/domain-packs/code/performance/documents/methodologies/allocation-regression-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:performance:allocation-regression-check", "type": "methodology", "description": "Inspect allocation and memory pressure for changes in hot paths.", - "body": "Steps: identify allocation-heavy path; run memory/profiler tool where available; patch; compare allocations and GC or memory pressure.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Steps: identify allocation-heavy path; run memory/profiler tool where available; patch; compare allocations and GC or memory pressure.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/methodologies/latency-budget-review.json b/packages/domain-packs/code/performance/documents/methodologies/latency-budget-review.json index 5073285a..d78dce19 100644 --- a/packages/domain-packs/code/performance/documents/methodologies/latency-budget-review.json +++ b/packages/domain-packs/code/performance/documents/methodologies/latency-budget-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:performance:latency-budget-review", "type": "methodology", "description": "Break end-to-end latency into component budgets.", - "body": "Steps: split request/UI pipeline; measure components; identify dominant segment; optimize the segment that affects target metric.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Steps: split request/UI pipeline; measure components; identify dominant segment; optimize the segment that affects target metric.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/methodologies/profile-baseline-patch-compare.json b/packages/domain-packs/code/performance/documents/methodologies/profile-baseline-patch-compare.json index 01df372e..3e37d9a8 100644 --- a/packages/domain-packs/code/performance/documents/methodologies/profile-baseline-patch-compare.json +++ b/packages/domain-packs/code/performance/documents/methodologies/profile-baseline-patch-compare.json @@ -2,7 +2,7 @@ "ref_id": "methodology:performance:profile-baseline-patch-compare", "type": "methodology", "description": "Capture baseline, identify hotspot, patch minimally, and compare results.", - "body": "Steps: define workload; record baseline; profile; identify bottleneck; patch; rerun same workload; compare metric and variance; run correctness tests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Steps: define workload; record baseline; profile; identify bottleneck; patch; rerun same workload; compare metric and variance; run correctness tests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/skills/compare-performance-result.json b/packages/domain-packs/code/performance/documents/skills/compare-performance-result.json index ec2eb68b..105f1fc2 100644 --- a/packages/domain-packs/code/performance/documents/skills/compare-performance-result.json +++ b/packages/domain-packs/code/performance/documents/skills/compare-performance-result.json @@ -2,7 +2,7 @@ "ref_id": "skill:performance:compare-performance-result", "type": "skill", "description": "Compare before/after benchmark or profile evidence with variance.", - "body": "Inputs: baseline and candidate results. Output: regression/improvement/inconclusive decision with metric deltas.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Inputs: baseline and candidate results. Output: regression/improvement/inconclusive decision with metric deltas.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/skills/run-profile-pass.json b/packages/domain-packs/code/performance/documents/skills/run-profile-pass.json index a90e7db6..0f41d8c6 100644 --- a/packages/domain-packs/code/performance/documents/skills/run-profile-pass.json +++ b/packages/domain-packs/code/performance/documents/skills/run-profile-pass.json @@ -2,7 +2,7 @@ "ref_id": "skill:performance:run-profile-pass", "type": "skill", "description": "Collect baseline and profiler evidence for a suspected performance path.", - "body": "Inputs: command/workload and metric. Output: baseline, hotspot summary, artifact refs, and suggested next narrow experiment.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Inputs: command/workload and metric. Output: baseline, hotspot summary, artifact refs, and suggested next narrow experiment.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/strategies/hot-path-minimality.json b/packages/domain-packs/code/performance/documents/strategies/hot-path-minimality.json index 8579c457..a42c6e9a 100644 --- a/packages/domain-packs/code/performance/documents/strategies/hot-path-minimality.json +++ b/packages/domain-packs/code/performance/documents/strategies/hot-path-minimality.json @@ -2,7 +2,7 @@ "ref_id": "strategy:performance:hot-path-minimality", "type": "strategy", "description": "Keep hot-path changes small and measurable.", - "body": "Large refactors can obscure whether latency improved or correctness regressed. Change one bottleneck at a time and preserve tests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Large refactors can obscure whether latency improved or correctness regressed. Change one bottleneck at a time and preserve tests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/strategies/measure-before-optimizing.json b/packages/domain-packs/code/performance/documents/strategies/measure-before-optimizing.json index 806a01d4..4e13467b 100644 --- a/packages/domain-packs/code/performance/documents/strategies/measure-before-optimizing.json +++ b/packages/domain-packs/code/performance/documents/strategies/measure-before-optimizing.json @@ -2,7 +2,7 @@ "ref_id": "strategy:performance:measure-before-optimizing", "type": "strategy", "description": "Optimize only after establishing baseline and bottleneck evidence.", - "body": "Performance work needs current baseline, workload, environment, metric, and profiler or timing evidence. Guess-driven optimization often moves cost or adds complexity.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Performance work needs current baseline, workload, environment, metric, and profiler or timing evidence. Guess-driven optimization often moves cost or adds complexity.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/strategies/tail-latency-awareness.json b/packages/domain-packs/code/performance/documents/strategies/tail-latency-awareness.json index 4fa34280..5a8cf802 100644 --- a/packages/domain-packs/code/performance/documents/strategies/tail-latency-awareness.json +++ b/packages/domain-packs/code/performance/documents/strategies/tail-latency-awareness.json @@ -2,7 +2,7 @@ "ref_id": "strategy:performance:tail-latency-awareness", "type": "strategy", "description": "Check p95/p99 behavior when user experience depends on worst cases.", - "body": "Average latency can improve while tail latency worsens. Use percentiles for request and UI flows where rare stalls matter.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "Average latency can improve while tail latency worsens. Use percentiles for request and UI flows where rare stalls matter.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/performance/documents/strategies/tradeoff-explicitness.json b/packages/domain-packs/code/performance/documents/strategies/tradeoff-explicitness.json index a5aeedbf..aa756bf3 100644 --- a/packages/domain-packs/code/performance/documents/strategies/tradeoff-explicitness.json +++ b/packages/domain-packs/code/performance/documents/strategies/tradeoff-explicitness.json @@ -2,7 +2,7 @@ "ref_id": "strategy:performance:tradeoff-explicitness", "type": "strategy", "description": "Record latency, throughput, memory, correctness, and complexity tradeoffs.", - "body": "A performance improvement may increase memory, reduce maintainability, weaken consistency, or hurt tail latency. State the tradeoff explicitly.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", + "body": "A performance improvement may increase memory, reduce maintainability, weaken consistency, or hurt tail latency. State the tradeoff explicitly.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Performance work touches baseline metrics, profiler output, workload shape, resource budgets, and variance. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include repeatable benchmarks, profiler traces, threshold comparisons, and correctness checks before speed claims. Risk boundary: escalate or stop when the task involves benchmark noise, optimizing the wrong workload, correctness loss, and resource regressions, missing owner evidence, or live external state.", "domain": "performance", "scope_hint": "code.performance:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/python/README.md b/packages/domain-packs/code/python/README.md index 94a24c33..d5e53e2e 100644 --- a/packages/domain-packs/code/python/README.md +++ b/packages/domain-packs/code/python/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/python/documents/knowledge/venv-is-boundary.json b/packages/domain-packs/code/python/documents/knowledge/venv-is-boundary.json index de72884f..f7a0a008 100644 --- a/packages/domain-packs/code/python/documents/knowledge/venv-is-boundary.json +++ b/packages/domain-packs/code/python/documents/knowledge/venv-is-boundary.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:python:venv-is-boundary", "type": "knowledge", "description": "Python environment and dependency resolver are part of reproducibility.", - "body": "Record interpreter, venv, and lock/requirements source for validation.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Python work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Record interpreter, venv, and lock/requirements source for validation.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Python work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "python", "scope_hint": "code.python:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/README.md b/packages/domain-packs/code/refactor/README.md index fd1d8450..1368363d 100644 --- a/packages/domain-packs/code/refactor/README.md +++ b/packages/domain-packs/code/refactor/README.md @@ -10,7 +10,7 @@ Does not justify behavior changes under a refactor label. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/refactor/documents/failure_dossiers/behavior-change-called-refactor.json b/packages/domain-packs/code/refactor/documents/failure_dossiers/behavior-change-called-refactor.json index a1a23977..fbef2600 100644 --- a/packages/domain-packs/code/refactor/documents/failure_dossiers/behavior-change-called-refactor.json +++ b/packages/domain-packs/code/refactor/documents/failure_dossiers/behavior-change-called-refactor.json @@ -2,7 +2,7 @@ "ref_id": "failure:refactor:behavior-change-called-refactor", "type": "failure_dossier", "description": "Shipping behavior changes under refactor hides review risk.", - "body": "Call out behavior deltas explicitly.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Call out behavior deltas explicitly.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "refactor", "scope_hint": "code.refactor:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/failure_dossiers/extract-everything.json b/packages/domain-packs/code/refactor/documents/failure_dossiers/extract-everything.json index fd92fdf3..73ed5343 100644 --- a/packages/domain-packs/code/refactor/documents/failure_dossiers/extract-everything.json +++ b/packages/domain-packs/code/refactor/documents/failure_dossiers/extract-everything.json @@ -2,7 +2,7 @@ "ref_id": "failure:refactor:extract-everything", "type": "failure_dossier", "description": "Excessive single-use helpers reduce readability.", - "body": "Extract only meaningful concepts.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Extract only meaningful concepts.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "refactor", "scope_hint": "code.refactor:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/knowledge/abstraction-cost.json b/packages/domain-packs/code/refactor/documents/knowledge/abstraction-cost.json index 96369d90..0c870bfe 100644 --- a/packages/domain-packs/code/refactor/documents/knowledge/abstraction-cost.json +++ b/packages/domain-packs/code/refactor/documents/knowledge/abstraction-cost.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:refactor:abstraction-cost", "type": "knowledge", "description": "Every abstraction adds navigation and naming cost.", - "body": "Only add abstraction when reuse, complexity hiding, or boundary naming pays for the cost.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Only add abstraction when reuse, complexity hiding, or boundary naming pays for the cost.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/knowledge/refactor-can-change-behavior.json b/packages/domain-packs/code/refactor/documents/knowledge/refactor-can-change-behavior.json index 0e4c361e..ea124cf5 100644 --- a/packages/domain-packs/code/refactor/documents/knowledge/refactor-can-change-behavior.json +++ b/packages/domain-packs/code/refactor/documents/knowledge/refactor-can-change-behavior.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:refactor:refactor-can-change-behavior", "type": "knowledge", "description": "Structural edits can accidentally change timing, identity, ordering, or errors.", - "body": "Even when intent is cleanup, runtime behavior can shift.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Even when intent is cleanup, runtime behavior can shift.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/knowledge/tests-define-refactor-safety.json b/packages/domain-packs/code/refactor/documents/knowledge/tests-define-refactor-safety.json index 3817eff8..08879ff7 100644 --- a/packages/domain-packs/code/refactor/documents/knowledge/tests-define-refactor-safety.json +++ b/packages/domain-packs/code/refactor/documents/knowledge/tests-define-refactor-safety.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:refactor:tests-define-refactor-safety", "type": "knowledge", "description": "Refactor confidence depends on behavior tests around the changed surface.", - "body": "Without tests, refactor review relies on manual reasoning.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Without tests, refactor review relies on manual reasoning.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/methodologies/caller-impact-scan.json b/packages/domain-packs/code/refactor/documents/methodologies/caller-impact-scan.json index 5d9fc9ff..e4e4a30e 100644 --- a/packages/domain-packs/code/refactor/documents/methodologies/caller-impact-scan.json +++ b/packages/domain-packs/code/refactor/documents/methodologies/caller-impact-scan.json @@ -2,7 +2,7 @@ "ref_id": "methodology:refactor:caller-impact-scan", "type": "methodology", "description": "Scan direct and indirect callers before changing shared API.", - "body": "Steps: search references; classify call patterns; update types/docs/tests; run caller package tests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: search references; classify call patterns; update types/docs/tests; run caller package tests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/methodologies/refactor-safety-loop.json b/packages/domain-packs/code/refactor/documents/methodologies/refactor-safety-loop.json index 1b0fe695..6e1ab79b 100644 --- a/packages/domain-packs/code/refactor/documents/methodologies/refactor-safety-loop.json +++ b/packages/domain-packs/code/refactor/documents/methodologies/refactor-safety-loop.json @@ -2,7 +2,7 @@ "ref_id": "methodology:refactor:refactor-safety-loop", "type": "methodology", "description": "Capture behavior, change structure, verify unchanged outputs.", - "body": "Steps: identify public behavior; run focused tests; refactor narrow slice; rerun tests; inspect diff for unintended behavior changes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: identify public behavior; run focused tests; refactor narrow slice; rerun tests; inspect diff for unintended behavior changes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/methodologies/rename-move-check.json b/packages/domain-packs/code/refactor/documents/methodologies/rename-move-check.json index 924be487..f7edf05a 100644 --- a/packages/domain-packs/code/refactor/documents/methodologies/rename-move-check.json +++ b/packages/domain-packs/code/refactor/documents/methodologies/rename-move-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:refactor:rename-move-check", "type": "methodology", "description": "Validate imports, generated artifacts, docs, and package exports after moves.", - "body": "Steps: update source; run typecheck/build; search stale paths; update docs and tests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: update source; run typecheck/build; search stale paths; update docs and tests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/skills/scan-refactor-callers.json b/packages/domain-packs/code/refactor/documents/skills/scan-refactor-callers.json index c0e220b1..83936cd2 100644 --- a/packages/domain-packs/code/refactor/documents/skills/scan-refactor-callers.json +++ b/packages/domain-packs/code/refactor/documents/skills/scan-refactor-callers.json @@ -2,7 +2,7 @@ "ref_id": "skill:refactor:scan-refactor-callers", "type": "skill", "description": "Find callers and behavior surfaces for a proposed refactor.", - "body": "Inputs: symbol/path. Output: callers, risk surfaces, and validation command suggestions.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: symbol/path. Output: callers, risk surfaces, and validation command suggestions.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/strategies/behavior-preserving-contract.json b/packages/domain-packs/code/refactor/documents/strategies/behavior-preserving-contract.json index cf221019..62fb8ae4 100644 --- a/packages/domain-packs/code/refactor/documents/strategies/behavior-preserving-contract.json +++ b/packages/domain-packs/code/refactor/documents/strategies/behavior-preserving-contract.json @@ -2,7 +2,7 @@ "ref_id": "strategy:refactor:behavior-preserving-contract", "type": "strategy", "description": "A refactor must keep externally visible behavior stable unless stated otherwise.", - "body": "Tests, snapshots, API responses, and persisted formats should remain unchanged for pure refactors.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Tests, snapshots, API responses, and persisted formats should remain unchanged for pure refactors.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/strategies/call-graph-before-move.json b/packages/domain-packs/code/refactor/documents/strategies/call-graph-before-move.json index d5ce857c..4c1b353d 100644 --- a/packages/domain-packs/code/refactor/documents/strategies/call-graph-before-move.json +++ b/packages/domain-packs/code/refactor/documents/strategies/call-graph-before-move.json @@ -2,7 +2,7 @@ "ref_id": "strategy:refactor:call-graph-before-move", "type": "strategy", "description": "Inspect callers before moving or renaming shared code.", - "body": "Shared helpers may have hidden contracts. Call graph inspection prevents breaking less obvious users.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Shared helpers may have hidden contracts. Call graph inspection prevents breaking less obvious users.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/strategies/name-real-concept.json b/packages/domain-packs/code/refactor/documents/strategies/name-real-concept.json index 61c2f9b6..5874fafe 100644 --- a/packages/domain-packs/code/refactor/documents/strategies/name-real-concept.json +++ b/packages/domain-packs/code/refactor/documents/strategies/name-real-concept.json @@ -2,7 +2,7 @@ "ref_id": "strategy:refactor:name-real-concept", "type": "strategy", "description": "Extract helpers only when they name a reusable concept or hide real complexity.", - "body": "Single-use helpers can make code harder to read if they only move simple expressions.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Single-use helpers can make code harder to read if they only move simple expressions.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/refactor/documents/strategies/small-batch-refactor.json b/packages/domain-packs/code/refactor/documents/strategies/small-batch-refactor.json index 9ea18565..63f0a0ae 100644 --- a/packages/domain-packs/code/refactor/documents/strategies/small-batch-refactor.json +++ b/packages/domain-packs/code/refactor/documents/strategies/small-batch-refactor.json @@ -2,7 +2,7 @@ "ref_id": "strategy:refactor:small-batch-refactor", "type": "strategy", "description": "Refactor in small batches with validation between them.", - "body": "Large structural edits make regressions hard to isolate.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Large structural edits make regressions hard to isolate.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Refactor work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "refactor", "scope_hint": "code.refactor:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/README.md b/packages/domain-packs/code/release/README.md index 717b6110..7d39cd1e 100644 --- a/packages/domain-packs/code/release/README.md +++ b/packages/domain-packs/code/release/README.md @@ -10,7 +10,7 @@ Does not deploy production or approve regulated release decisions automatically. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/release/documents/failure_dossiers/no-rollback-plan.json b/packages/domain-packs/code/release/documents/failure_dossiers/no-rollback-plan.json index 02ffd221..41ea1a62 100644 --- a/packages/domain-packs/code/release/documents/failure_dossiers/no-rollback-plan.json +++ b/packages/domain-packs/code/release/documents/failure_dossiers/no-rollback-plan.json @@ -2,7 +2,7 @@ "ref_id": "failure:release:no-rollback-plan", "type": "failure_dossier", "description": "Shipping risky changes without rollback plan increases incident impact.", - "body": "Require mitigation path.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Require mitigation path.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "release", "scope_hint": "code.release:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/failure_dossiers/publish-before-artifact-check.json b/packages/domain-packs/code/release/documents/failure_dossiers/publish-before-artifact-check.json index cb730111..6439e8a1 100644 --- a/packages/domain-packs/code/release/documents/failure_dossiers/publish-before-artifact-check.json +++ b/packages/domain-packs/code/release/documents/failure_dossiers/publish-before-artifact-check.json @@ -2,7 +2,7 @@ "ref_id": "failure:release:publish-before-artifact-check", "type": "failure_dossier", "description": "Publishing before inspecting artifact contents can leak wrong files or secrets.", - "body": "Inspect package contents first.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Inspect package contents first.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "release", "scope_hint": "code.release:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/knowledge/changelog-user-impact.json b/packages/domain-packs/code/release/documents/knowledge/changelog-user-impact.json index 6c1f03f5..80dd2c80 100644 --- a/packages/domain-packs/code/release/documents/knowledge/changelog-user-impact.json +++ b/packages/domain-packs/code/release/documents/knowledge/changelog-user-impact.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:release:changelog-user-impact", "type": "knowledge", "description": "Changelog entries should state user-visible impact and action.", - "body": "Users need to know what changed and whether they must do anything.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Users need to know what changed and whether they must do anything.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/knowledge/green-tests-not-release.json b/packages/domain-packs/code/release/documents/knowledge/green-tests-not-release.json index 7f5e6cd5..f077c8bc 100644 --- a/packages/domain-packs/code/release/documents/knowledge/green-tests-not-release.json +++ b/packages/domain-packs/code/release/documents/knowledge/green-tests-not-release.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:release:green-tests-not-release", "type": "knowledge", "description": "Passing tests are necessary but not sufficient for release readiness.", - "body": "Artifacts, metadata, docs, and rollback also matter.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Artifacts, metadata, docs, and rollback also matter.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/knowledge/published-artifacts-persist.json b/packages/domain-packs/code/release/documents/knowledge/published-artifacts-persist.json index 0cd137f9..b831dfa6 100644 --- a/packages/domain-packs/code/release/documents/knowledge/published-artifacts-persist.json +++ b/packages/domain-packs/code/release/documents/knowledge/published-artifacts-persist.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:release:published-artifacts-persist", "type": "knowledge", "description": "Published packages may be hard or impossible to fully retract.", - "body": "Validate before publish.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Validate before publish.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/methodologies/artifact-validation.json b/packages/domain-packs/code/release/documents/methodologies/artifact-validation.json index eeefc24f..bc8e372c 100644 --- a/packages/domain-packs/code/release/documents/methodologies/artifact-validation.json +++ b/packages/domain-packs/code/release/documents/methodologies/artifact-validation.json @@ -2,7 +2,7 @@ "ref_id": "methodology:release:artifact-validation", "type": "methodology", "description": "Validate generated package or binary contents before publishing.", - "body": "Steps: inspect included files; verify version; run smoke test from artifact; check secrets and source maps as appropriate.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: inspect included files; verify version; run smoke test from artifact; check secrets and source maps as appropriate.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/methodologies/post-release-monitor.json b/packages/domain-packs/code/release/documents/methodologies/post-release-monitor.json index d5f87970..5fac857f 100644 --- a/packages/domain-packs/code/release/documents/methodologies/post-release-monitor.json +++ b/packages/domain-packs/code/release/documents/methodologies/post-release-monitor.json @@ -2,7 +2,7 @@ "ref_id": "methodology:release:post-release-monitor", "type": "methodology", "description": "After release, monitor errors, adoption, and rollback signals.", - "body": "Steps: watch CI/deploy status; inspect error metrics; check user-facing smoke path; decide continue/rollback.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: watch CI/deploy status; inspect error metrics; check user-facing smoke path; decide continue/rollback.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/methodologies/pre-release-gate.json b/packages/domain-packs/code/release/documents/methodologies/pre-release-gate.json index 3fd8294d..cd4f10dd 100644 --- a/packages/domain-packs/code/release/documents/methodologies/pre-release-gate.json +++ b/packages/domain-packs/code/release/documents/methodologies/pre-release-gate.json @@ -2,7 +2,7 @@ "ref_id": "methodology:release:pre-release-gate", "type": "methodology", "description": "Check tests, build, artifacts, changelog, version, and rollback.", - "body": "Steps: run required tests; build release artifact; verify package metadata; update changelog; check dependency delta; record rollback plan.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: run required tests; build release artifact; verify package metadata; update changelog; check dependency delta; record rollback plan.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/skills/build-release-evidence.json b/packages/domain-packs/code/release/documents/skills/build-release-evidence.json index a479e1c4..4c710e20 100644 --- a/packages/domain-packs/code/release/documents/skills/build-release-evidence.json +++ b/packages/domain-packs/code/release/documents/skills/build-release-evidence.json @@ -2,7 +2,7 @@ "ref_id": "skill:release:build-release-evidence", "type": "skill", "description": "Create a release evidence summary from tests, artifacts, version, and rollback inputs.", - "body": "Inputs: release diff and validation outputs. Output: readiness report and blockers.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Inputs: release diff and validation outputs. Output: readiness report and blockers.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/strategies/release-evidence-bundle.json b/packages/domain-packs/code/release/documents/strategies/release-evidence-bundle.json index 96518910..f362a1cb 100644 --- a/packages/domain-packs/code/release/documents/strategies/release-evidence-bundle.json +++ b/packages/domain-packs/code/release/documents/strategies/release-evidence-bundle.json @@ -2,7 +2,7 @@ "ref_id": "strategy:release:release-evidence-bundle", "type": "strategy", "description": "A release should carry tests, artifact, changelog, and rollback evidence.", - "body": "Release readiness is not just green tests. Bundle exact commands, build artifacts, version changes, changelog, and rollback notes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Release readiness is not just green tests. Bundle exact commands, build artifacts, version changes, changelog, and rollback notes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/strategies/rollback-before-publish.json b/packages/domain-packs/code/release/documents/strategies/rollback-before-publish.json index dcd076e1..1fa7d20b 100644 --- a/packages/domain-packs/code/release/documents/strategies/rollback-before-publish.json +++ b/packages/domain-packs/code/release/documents/strategies/rollback-before-publish.json @@ -2,7 +2,7 @@ "ref_id": "strategy:release:rollback-before-publish", "type": "strategy", "description": "Define rollback or mitigation before publishing risky changes.", - "body": "If release fails after publishing, the team needs a known revert, feature flag, migration rollback, or remediation path.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "If release fails after publishing, the team needs a known revert, feature flag, migration rollback, or remediation path.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/strategies/supply-chain-release-gate.json b/packages/domain-packs/code/release/documents/strategies/supply-chain-release-gate.json index 7e8e85b2..d4827484 100644 --- a/packages/domain-packs/code/release/documents/strategies/supply-chain-release-gate.json +++ b/packages/domain-packs/code/release/documents/strategies/supply-chain-release-gate.json @@ -2,7 +2,7 @@ "ref_id": "strategy:release:supply-chain-release-gate", "type": "strategy", "description": "Dependency, script, and package metadata changes need rereview before release.", - "body": "External package changes can alter install-time behavior or license/security risk.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "External package changes can alter install-time behavior or license/security risk.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/release/documents/strategies/version-contract.json b/packages/domain-packs/code/release/documents/strategies/version-contract.json index 657caf1e..2c7ad42e 100644 --- a/packages/domain-packs/code/release/documents/strategies/version-contract.json +++ b/packages/domain-packs/code/release/documents/strategies/version-contract.json @@ -2,7 +2,7 @@ "ref_id": "strategy:release:version-contract", "type": "strategy", "description": "Version changes should match compatibility impact.", - "body": "Semver or project version policy must reflect breaking changes, features, and fixes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Semver or project version policy must reflect breaking changes, features, and fixes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Release work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "release", "scope_hint": "code.release:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/review/documents/failure_dossiers/review-without-evidence-audit.json b/packages/domain-packs/code/review/documents/failure_dossiers/review-without-evidence-audit.json index 892230a0..1c5c8dc5 100644 --- a/packages/domain-packs/code/review/documents/failure_dossiers/review-without-evidence-audit.json +++ b/packages/domain-packs/code/review/documents/failure_dossiers/review-without-evidence-audit.json @@ -2,7 +2,7 @@ "ref_id": "failure:review:failure", "type": "failure_dossier", "description": "Review Without Evidence Audit", - "body": "Reviewing code while ignoring validation claims can miss release blockers.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Reviewing code while ignoring validation claims can miss release blockers.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "review", "scope_hint": "code.review:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/review/documents/methodologies/independent-review-worker-profile.json b/packages/domain-packs/code/review/documents/methodologies/independent-review-worker-profile.json index 8425951a..13d92a5f 100644 --- a/packages/domain-packs/code/review/documents/methodologies/independent-review-worker-profile.json +++ b/packages/domain-packs/code/review/documents/methodologies/independent-review-worker-profile.json @@ -2,7 +2,7 @@ "ref_id": "methodology:review:methodology", "type": "methodology", "description": "Independent Review Worker Profile", - "body": "Use a separate review pass to assess evidence completeness and risk.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Review work touches diff hunks, line evidence, tests, contracts, and blast radius. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include file/line citations, failing or missing tests, reproduced behavior, and residual-risk notes. Risk boundary: escalate or stop when the task involves unsupported findings, severity inflation, hidden fixes, and ignoring user constraints, missing owner evidence, or live external state.", + "body": "Use a separate review pass to assess evidence completeness and risk.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Review work touches diff hunks, line evidence, tests, contracts, and blast radius. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include file/line citations, failing or missing tests, reproduced behavior, and residual-risk notes. Risk boundary: escalate or stop when the task involves unsupported findings, severity inflation, hidden fixes, and ignoring user constraints, missing owner evidence, or live external state.", "domain": "review", "scope_hint": "code.review:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/review/documents/skills/produce-blocker-summary.json b/packages/domain-packs/code/review/documents/skills/produce-blocker-summary.json index e410fdc0..3eb4fd86 100644 --- a/packages/domain-packs/code/review/documents/skills/produce-blocker-summary.json +++ b/packages/domain-packs/code/review/documents/skills/produce-blocker-summary.json @@ -2,7 +2,7 @@ "ref_id": "skill:review:skill", "type": "skill", "description": "Produce Blocker Summary", - "body": "Produce PR/release blocker summary tied to findings and evidence refs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Review work touches diff hunks, line evidence, tests, contracts, and blast radius. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include file/line citations, failing or missing tests, reproduced behavior, and residual-risk notes. Risk boundary: escalate or stop when the task involves unsupported findings, severity inflation, hidden fixes, and ignoring user constraints, missing owner evidence, or live external state.", + "body": "Produce PR/release blocker summary tied to findings and evidence refs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Review work touches diff hunks, line evidence, tests, contracts, and blast radius. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include file/line citations, failing or missing tests, reproduced behavior, and residual-risk notes. Risk boundary: escalate or stop when the task involves unsupported findings, severity inflation, hidden fixes, and ignoring user constraints, missing owner evidence, or live external state.", "domain": "review", "scope_hint": "code.review:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/review/documents/strategies/evidence-completeness-review.json b/packages/domain-packs/code/review/documents/strategies/evidence-completeness-review.json index de99cb83..5243af13 100644 --- a/packages/domain-packs/code/review/documents/strategies/evidence-completeness-review.json +++ b/packages/domain-packs/code/review/documents/strategies/evidence-completeness-review.json @@ -2,7 +2,7 @@ "ref_id": "strategy:review:strategy", "type": "strategy", "description": "Evidence Completeness Review", - "body": "Review whether claims have commands, artifacts, and source refs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Review work touches diff hunks, line evidence, tests, contracts, and blast radius. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include file/line citations, failing or missing tests, reproduced behavior, and residual-risk notes. Risk boundary: escalate or stop when the task involves unsupported findings, severity inflation, hidden fixes, and ignoring user constraints, missing owner evidence, or live external state.", + "body": "Review whether claims have commands, artifacts, and source refs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Review work touches diff hunks, line evidence, tests, contracts, and blast radius. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include file/line citations, failing or missing tests, reproduced behavior, and residual-risk notes. Risk boundary: escalate or stop when the task involves unsupported findings, severity inflation, hidden fixes, and ignoring user constraints, missing owner evidence, or live external state.", "domain": "review", "scope_hint": "code.review:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/rust/README.md b/packages/domain-packs/code/rust/README.md index d5f435d9..8dfcd523 100644 --- a/packages/domain-packs/code/rust/README.md +++ b/packages/domain-packs/code/rust/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/rust/documents/knowledge/ownership-is-api.json b/packages/domain-packs/code/rust/documents/knowledge/ownership-is-api.json index 88ab0943..48de1220 100644 --- a/packages/domain-packs/code/rust/documents/knowledge/ownership-is-api.json +++ b/packages/domain-packs/code/rust/documents/knowledge/ownership-is-api.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:rust:ownership-is-api", "type": "knowledge", "description": "Rust ownership and lifetimes express API constraints.", - "body": "Avoid cloning or unsafe code just to silence borrow errors without understanding ownership.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Rust work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Avoid cloning or unsafe code just to silence borrow errors without understanding ownership.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Rust work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "rust", "scope_hint": "code.rust:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/README.md b/packages/domain-packs/code/sdk/README.md index 085b3188..3979e92e 100644 --- a/packages/domain-packs/code/sdk/README.md +++ b/packages/domain-packs/code/sdk/README.md @@ -10,7 +10,7 @@ Does not own server API semantics beyond client contract evidence. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/sdk/documents/failure_dossiers/breaking-change-as-fix.json b/packages/domain-packs/code/sdk/documents/failure_dossiers/breaking-change-as-fix.json index 32bd38e4..48072da4 100644 --- a/packages/domain-packs/code/sdk/documents/failure_dossiers/breaking-change-as-fix.json +++ b/packages/domain-packs/code/sdk/documents/failure_dossiers/breaking-change-as-fix.json @@ -2,7 +2,7 @@ "ref_id": "failure:sdk:breaking-change-as-fix", "type": "failure_dossier", "description": "Shipping breaking SDK behavior as a patch surprises users.", - "body": "Classify version impact.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Classify version impact.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "api", "scope_hint": "code.sdk:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/failure_dossiers/hand-edit-generated-sdk.json b/packages/domain-packs/code/sdk/documents/failure_dossiers/hand-edit-generated-sdk.json index 97eca024..a3d59110 100644 --- a/packages/domain-packs/code/sdk/documents/failure_dossiers/hand-edit-generated-sdk.json +++ b/packages/domain-packs/code/sdk/documents/failure_dossiers/hand-edit-generated-sdk.json @@ -2,7 +2,7 @@ "ref_id": "failure:sdk:hand-edit-generated-sdk", "type": "failure_dossier", "description": "Manual edits to generated SDKs create drift.", - "body": "Regenerate from schema.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Regenerate from schema.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "api", "scope_hint": "code.sdk:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/knowledge/defaults-are-contract.json b/packages/domain-packs/code/sdk/documents/knowledge/defaults-are-contract.json index ceef0cb2..ac06f4fe 100644 --- a/packages/domain-packs/code/sdk/documents/knowledge/defaults-are-contract.json +++ b/packages/domain-packs/code/sdk/documents/knowledge/defaults-are-contract.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:sdk:defaults-are-contract", "type": "knowledge", "description": "SDK default timeouts, retries, and endpoints affect users.", - "body": "Changing defaults can be breaking.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Changing defaults can be breaking.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/knowledge/generated-do-not-hand-edit.json b/packages/domain-packs/code/sdk/documents/knowledge/generated-do-not-hand-edit.json index a00b8b5c..6a00bf3e 100644 --- a/packages/domain-packs/code/sdk/documents/knowledge/generated-do-not-hand-edit.json +++ b/packages/domain-packs/code/sdk/documents/knowledge/generated-do-not-hand-edit.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:sdk:generated-do-not-hand-edit", "type": "knowledge", "description": "Generated SDK files should be regenerated from source schema.", - "body": "Manual edits drift and are overwritten.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Manual edits drift and are overwritten.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/knowledge/sdk-errors-are-api.json b/packages/domain-packs/code/sdk/documents/knowledge/sdk-errors-are-api.json index 57b8f824..19fd1dfb 100644 --- a/packages/domain-packs/code/sdk/documents/knowledge/sdk-errors-are-api.json +++ b/packages/domain-packs/code/sdk/documents/knowledge/sdk-errors-are-api.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:sdk:sdk-errors-are-api", "type": "knowledge", "description": "SDK error classes, codes, and messages can be user contract.", - "body": "Consumers catch and branch on errors.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Consumers catch and branch on errors.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/methodologies/sdk-breaking-change-review.json b/packages/domain-packs/code/sdk/documents/methodologies/sdk-breaking-change-review.json index 7ebbd04b..bef0b91e 100644 --- a/packages/domain-packs/code/sdk/documents/methodologies/sdk-breaking-change-review.json +++ b/packages/domain-packs/code/sdk/documents/methodologies/sdk-breaking-change-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:sdk:sdk-breaking-change-review", "type": "methodology", "description": "Classify SDK changes as patch, feature, or breaking.", - "body": "Steps: inspect exported API diff; check docs/examples; decide version impact; add migration notes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: inspect exported API diff; check docs/examples; decide version impact; add migration notes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/methodologies/sdk-contract-test.json b/packages/domain-packs/code/sdk/documents/methodologies/sdk-contract-test.json index b980fa59..185e6495 100644 --- a/packages/domain-packs/code/sdk/documents/methodologies/sdk-contract-test.json +++ b/packages/domain-packs/code/sdk/documents/methodologies/sdk-contract-test.json @@ -2,7 +2,7 @@ "ref_id": "methodology:sdk:sdk-contract-test", "type": "methodology", "description": "Generate client, run examples, and compare server contract.", - "body": "Steps: regenerate; inspect diff; run type/build tests; run example against fixture server; verify error handling.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: regenerate; inspect diff; run type/build tests; run example against fixture server; verify error handling.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/methodologies/sdk-doc-example-pass.json b/packages/domain-packs/code/sdk/documents/methodologies/sdk-doc-example-pass.json index 0443a5d1..9c79e5ff 100644 --- a/packages/domain-packs/code/sdk/documents/methodologies/sdk-doc-example-pass.json +++ b/packages/domain-packs/code/sdk/documents/methodologies/sdk-doc-example-pass.json @@ -2,7 +2,7 @@ "ref_id": "methodology:sdk:sdk-doc-example-pass", "type": "methodology", "description": "Validate README and docs snippets against current SDK.", - "body": "Steps: run examples; update imports; verify options and errors.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Steps: run examples; update imports; verify options and errors.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/skills/validate-sdk-contract.json b/packages/domain-packs/code/sdk/documents/skills/validate-sdk-contract.json index 217d6d0f..2c3a38c7 100644 --- a/packages/domain-packs/code/sdk/documents/skills/validate-sdk-contract.json +++ b/packages/domain-packs/code/sdk/documents/skills/validate-sdk-contract.json @@ -2,7 +2,7 @@ "ref_id": "skill:sdk:validate-sdk-contract", "type": "skill", "description": "Validate generated SDK contract, examples, and public API diff.", - "body": "Inputs: SDK package and schema. Output: diff, tests, examples, version-risk classification.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inputs: SDK package and schema. Output: diff, tests, examples, version-risk classification.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/strategies/compat-shim-before-removal.json b/packages/domain-packs/code/sdk/documents/strategies/compat-shim-before-removal.json index 339510b1..8b1d1cd6 100644 --- a/packages/domain-packs/code/sdk/documents/strategies/compat-shim-before-removal.json +++ b/packages/domain-packs/code/sdk/documents/strategies/compat-shim-before-removal.json @@ -2,7 +2,7 @@ "ref_id": "strategy:sdk:compat-shim-before-removal", "type": "strategy", "description": "Deprecate and shim before removing public SDK APIs.", - "body": "Users need migration time.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Users need migration time.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/strategies/example-as-test.json b/packages/domain-packs/code/sdk/documents/strategies/example-as-test.json index df9436bc..7808f1d8 100644 --- a/packages/domain-packs/code/sdk/documents/strategies/example-as-test.json +++ b/packages/domain-packs/code/sdk/documents/strategies/example-as-test.json @@ -2,7 +2,7 @@ "ref_id": "strategy:sdk:example-as-test", "type": "strategy", "description": "SDK examples should run or be covered by tests.", - "body": "Examples are user-facing contracts and should not be stale.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Examples are user-facing contracts and should not be stale.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/strategies/generated-client-contract.json b/packages/domain-packs/code/sdk/documents/strategies/generated-client-contract.json index 0b887016..12ce478f 100644 --- a/packages/domain-packs/code/sdk/documents/strategies/generated-client-contract.json +++ b/packages/domain-packs/code/sdk/documents/strategies/generated-client-contract.json @@ -2,7 +2,7 @@ "ref_id": "strategy:sdk:generated-client-contract", "type": "strategy", "description": "Generated clients must match server schema and examples.", - "body": "SDK drift breaks users even when server tests pass.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "SDK drift breaks users even when server tests pass.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sdk/documents/strategies/semver-surface.json b/packages/domain-packs/code/sdk/documents/strategies/semver-surface.json index d80904c4..60a71581 100644 --- a/packages/domain-packs/code/sdk/documents/strategies/semver-surface.json +++ b/packages/domain-packs/code/sdk/documents/strategies/semver-surface.json @@ -2,7 +2,7 @@ "ref_id": "strategy:sdk:semver-surface", "type": "strategy", "description": "Public SDK names, types, errors, and defaults are semver surface.", - "body": "Changing defaults or error types can be breaking.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Changing defaults or error types can be breaking.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SDK Engineering work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "api", "scope_hint": "code.sdk:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/shell/README.md b/packages/domain-packs/code/shell/README.md index 4664f896..88a2fed0 100644 --- a/packages/domain-packs/code/shell/README.md +++ b/packages/domain-packs/code/shell/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/shell/documents/knowledge/quoting-is-correctness.json b/packages/domain-packs/code/shell/documents/knowledge/quoting-is-correctness.json index 7e490868..ffd55337 100644 --- a/packages/domain-packs/code/shell/documents/knowledge/quoting-is-correctness.json +++ b/packages/domain-packs/code/shell/documents/knowledge/quoting-is-correctness.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:shell:quoting-is-correctness", "type": "knowledge", "description": "Shell quoting controls word splitting, globbing, and injection risk.", - "body": "Treat quoting and arrays as correctness and security concerns.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Shell Scripting work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Treat quoting and arrays as correctness and security concerns.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Shell Scripting work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "shell", "scope_hint": "code.shell:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/sql/README.md b/packages/domain-packs/code/sql/README.md index 81773779..e0bcc5f7 100644 --- a/packages/domain-packs/code/sql/README.md +++ b/packages/domain-packs/code/sql/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/sql/documents/knowledge/query-plan-matters.json b/packages/domain-packs/code/sql/documents/knowledge/query-plan-matters.json index df67e78c..24031574 100644 --- a/packages/domain-packs/code/sql/documents/knowledge/query-plan-matters.json +++ b/packages/domain-packs/code/sql/documents/knowledge/query-plan-matters.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:sql:query-plan-matters", "type": "knowledge", "description": "SQL correctness and performance depend on schema, data distribution, and plan.", - "body": "Validate important queries with representative schema and explain output.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SQL work touches schema deltas, query shape, transaction ownership, constraints, locks, and data volume. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include migration dry-runs, rollback checks, EXPLAIN output, constraint tests, and fixture data comparisons. Risk boundary: escalate or stop when the task involves data loss, long locks, non-rollbackable writes, silent query-plan regressions, and unsafe backfills, missing owner evidence, or live external state.", + "body": "Validate important queries with representative schema and explain output.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when SQL work touches schema deltas, query shape, transaction ownership, constraints, locks, and data volume. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include migration dry-runs, rollback checks, EXPLAIN output, constraint tests, and fixture data comparisons. Risk boundary: escalate or stop when the task involves data loss, long locks, non-rollbackable writes, silent query-plan regressions, and unsafe backfills, missing owner evidence, or live external state.", "domain": "sql", "scope_hint": "code.sql:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/swift/README.md b/packages/domain-packs/code/swift/README.md index 5b19e6b0..b462444f 100644 --- a/packages/domain-packs/code/swift/README.md +++ b/packages/domain-packs/code/swift/README.md @@ -10,7 +10,7 @@ Framework, platform, database, and security-specific behavior belongs to more sp ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/code/swift/documents/knowledge/main-actor-boundary.json b/packages/domain-packs/code/swift/documents/knowledge/main-actor-boundary.json index f7283507..51db597e 100644 --- a/packages/domain-packs/code/swift/documents/knowledge/main-actor-boundary.json +++ b/packages/domain-packs/code/swift/documents/knowledge/main-actor-boundary.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:swift:main-actor-boundary", "type": "knowledge", "description": "Swift UI updates need actor/thread boundary awareness.", - "body": "Async code touching UI state should respect MainActor or platform UI threading rules.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Swift work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Async code touching UI state should respect MainActor or platform UI threading rules.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Swift work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "swift", "scope_hint": "code.swift:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/testing/documents/failure_dossiers/validation-without-artifacts.json b/packages/domain-packs/code/testing/documents/failure_dossiers/validation-without-artifacts.json index bad33618..e5102173 100644 --- a/packages/domain-packs/code/testing/documents/failure_dossiers/validation-without-artifacts.json +++ b/packages/domain-packs/code/testing/documents/failure_dossiers/validation-without-artifacts.json @@ -2,7 +2,7 @@ "ref_id": "failure:testing:failure", "type": "failure_dossier", "description": "Validation Without Artifacts", - "body": "Claiming validation without command or artifact refs cannot be audited.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Claiming validation without command or artifact refs cannot be audited.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "testing", "scope_hint": "code.testing:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/testing/documents/methodologies/acceptance-criteria-gate.json b/packages/domain-packs/code/testing/documents/methodologies/acceptance-criteria-gate.json index c1d8615e..dce1546a 100644 --- a/packages/domain-packs/code/testing/documents/methodologies/acceptance-criteria-gate.json +++ b/packages/domain-packs/code/testing/documents/methodologies/acceptance-criteria-gate.json @@ -2,7 +2,7 @@ "ref_id": "methodology:testing:acceptance-criteria-gate", "type": "methodology", "description": "Acceptance Criteria Gate", - "body": "Turn natural-language acceptance criteria into structured validation expectations.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", + "body": "Turn natural-language acceptance criteria into structured validation expectations.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", "domain": "testing", "scope_hint": "code.testing:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/testing/documents/methodologies/executable-validation-contract.json b/packages/domain-packs/code/testing/documents/methodologies/executable-validation-contract.json index 37cf94ad..5bdff272 100644 --- a/packages/domain-packs/code/testing/documents/methodologies/executable-validation-contract.json +++ b/packages/domain-packs/code/testing/documents/methodologies/executable-validation-contract.json @@ -2,7 +2,7 @@ "ref_id": "methodology:testing:executable-validation-contract", "type": "methodology", "description": "Executable Validation Contract", - "body": "Validation should be runnable, expected, interpreted, and artifact-backed.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", + "body": "Validation should be runnable, expected, interpreted, and artifact-backed.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", "domain": "testing", "scope_hint": "code.testing:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/testing/documents/methodologies/replayable-scenario-task.json b/packages/domain-packs/code/testing/documents/methodologies/replayable-scenario-task.json index e17ba097..e6503437 100644 --- a/packages/domain-packs/code/testing/documents/methodologies/replayable-scenario-task.json +++ b/packages/domain-packs/code/testing/documents/methodologies/replayable-scenario-task.json @@ -2,7 +2,7 @@ "ref_id": "methodology:testing:replayable-scenario-task", "type": "methodology", "description": "Replayable Scenario Task", - "body": "Convert scenario material into setup, steps, expected result, and pass/fail criteria.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", + "body": "Convert scenario material into setup, steps, expected result, and pass/fail criteria.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", "domain": "testing", "scope_hint": "code.testing:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/testing/documents/skills/normalize-validation-result.json b/packages/domain-packs/code/testing/documents/skills/normalize-validation-result.json index 10d887fe..e0c7eb26 100644 --- a/packages/domain-packs/code/testing/documents/skills/normalize-validation-result.json +++ b/packages/domain-packs/code/testing/documents/skills/normalize-validation-result.json @@ -2,7 +2,7 @@ "ref_id": "skill:testing:skill", "type": "skill", "description": "Normalize Validation Result", - "body": "Produce EvalEnvelope-like validation evidence from commands and logs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", + "body": "Produce EvalEnvelope-like validation evidence from commands and logs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Code Testing work touches test runner output, fixture intent, coverage boundaries, flake history, and negative paths. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include focused test output, regression tests, fixture assertions, and rerun evidence. Risk boundary: escalate or stop when the task involves testing implementation details only, masking flakes, and claiming coverage without behavior proof, missing owner evidence, or live external state.", "domain": "testing", "scope_hint": "code.testing:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/typescript/documents/failure_dossiers/old-effect-api-memory.json b/packages/domain-packs/code/typescript/documents/failure_dossiers/old-effect-api-memory.json index 029eba8f..01801f9f 100644 --- a/packages/domain-packs/code/typescript/documents/failure_dossiers/old-effect-api-memory.json +++ b/packages/domain-packs/code/typescript/documents/failure_dossiers/old-effect-api-memory.json @@ -2,7 +2,7 @@ "ref_id": "failure:typescript:failure", "type": "failure_dossier", "description": "Old Effect API Memory", - "body": "Using remembered old Effect APIs can introduce wrong code.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Using remembered old Effect APIs can introduce wrong code.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "javascript", "scope_hint": "code.typescript:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/typescript/documents/knowledge/effect-source-of-truth.json b/packages/domain-packs/code/typescript/documents/knowledge/effect-source-of-truth.json index cf7c30f1..c5ef3b12 100644 --- a/packages/domain-packs/code/typescript/documents/knowledge/effect-source-of-truth.json +++ b/packages/domain-packs/code/typescript/documents/knowledge/effect-source-of-truth.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:typescript:knowledge", "type": "knowledge", "description": "Effect Source Of Truth", - "body": "Effect API guidance should be verified against current local Effect source and repo patterns.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Effect API guidance should be verified against current local Effect source and repo patterns.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "javascript", "scope_hint": "code.typescript:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/typescript/documents/methodologies/effect-service-validation-loop.json b/packages/domain-packs/code/typescript/documents/methodologies/effect-service-validation-loop.json index 5718367b..c61c30b0 100644 --- a/packages/domain-packs/code/typescript/documents/methodologies/effect-service-validation-loop.json +++ b/packages/domain-packs/code/typescript/documents/methodologies/effect-service-validation-loop.json @@ -2,7 +2,7 @@ "ref_id": "methodology:typescript:methodology", "type": "methodology", "description": "Effect Service Validation Loop", - "body": "Inspect local Effect patterns, implement thin handlers/services, then run package-local tests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Inspect local Effect patterns, implement thin handlers/services, then run package-local tests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "javascript", "scope_hint": "code.typescript:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/typescript/documents/skills/run-effect-test.json b/packages/domain-packs/code/typescript/documents/skills/run-effect-test.json index 3d967244..c177b0fb 100644 --- a/packages/domain-packs/code/typescript/documents/skills/run-effect-test.json +++ b/packages/domain-packs/code/typescript/documents/skills/run-effect-test.json @@ -2,7 +2,7 @@ "ref_id": "skill:typescript:skill", "type": "skill", "description": "Run Effect Test", - "body": "Run package-local Effect tests with explicit layers and live fixtures when needed.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Run package-local Effect tests with explicit layers and live fixtures when needed.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "javascript", "scope_hint": "code.typescript:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/code/typescript/documents/strategies/effect-schema-boundaries.json b/packages/domain-packs/code/typescript/documents/strategies/effect-schema-boundaries.json index 5bf491a2..4d270344 100644 --- a/packages/domain-packs/code/typescript/documents/strategies/effect-schema-boundaries.json +++ b/packages/domain-packs/code/typescript/documents/strategies/effect-schema-boundaries.json @@ -2,7 +2,7 @@ "ref_id": "strategy:typescript:strategy", "type": "strategy", "description": "Effect Schema Boundaries", - "body": "Use Effect Schema at API and domain boundaries in Effect-heavy TypeScript code.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", + "body": "Use Effect Schema at API and domain boundaries in Effect-heavy TypeScript code.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when TypeScript / JavaScript work touches repository conventions, toolchain files, changed symbols, validation commands, and runtime output. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include package-local checks, focused tests, build output, smoke runs, and command logs. Risk boundary: escalate or stop when the task involves broad rewrites, generated-file drift, stale assumptions, and unvalidated behavior changes, missing owner evidence, or live external state.", "domain": "javascript", "scope_hint": "code.typescript:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/README.md b/packages/domain-packs/platform/cloud/README.md index 8908ee4e..d8567e3e 100644 --- a/packages/domain-packs/platform/cloud/README.md +++ b/packages/domain-packs/platform/cloud/README.md @@ -10,7 +10,7 @@ Does not create or mutate cloud resources without explicit user approval and run ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/platform/cloud/documents/failure_dossiers/broad-iam-fix.json b/packages/domain-packs/platform/cloud/documents/failure_dossiers/broad-iam-fix.json index 8df94c8a..fb25e7e3 100644 --- a/packages/domain-packs/platform/cloud/documents/failure_dossiers/broad-iam-fix.json +++ b/packages/domain-packs/platform/cloud/documents/failure_dossiers/broad-iam-fix.json @@ -2,7 +2,7 @@ "ref_id": "failure:cloud:broad-iam-fix", "type": "failure_dossier", "description": "Granting broad IAM to clear an error creates security debt.", - "body": "Find minimum required permission.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Find minimum required permission.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "cloud", "scope_hint": "platform.cloud:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/failure_dossiers/deploy-to-debug.json b/packages/domain-packs/platform/cloud/documents/failure_dossiers/deploy-to-debug.json index a34779ed..b58471dd 100644 --- a/packages/domain-packs/platform/cloud/documents/failure_dossiers/deploy-to-debug.json +++ b/packages/domain-packs/platform/cloud/documents/failure_dossiers/deploy-to-debug.json @@ -2,7 +2,7 @@ "ref_id": "failure:cloud:deploy-to-debug", "type": "failure_dossier", "description": "Deploying repeatedly without classifying cloud failure burns cost and risk.", - "body": "Collect diagnostic evidence first.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Collect diagnostic evidence first.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "cloud", "scope_hint": "platform.cloud:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/knowledge/cloud-errors-often-policy.json b/packages/domain-packs/platform/cloud/documents/knowledge/cloud-errors-often-policy.json index 01943feb..1bb05c6e 100644 --- a/packages/domain-packs/platform/cloud/documents/knowledge/cloud-errors-often-policy.json +++ b/packages/domain-packs/platform/cloud/documents/knowledge/cloud-errors-often-policy.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:cloud:cloud-errors-often-policy", "type": "knowledge", "description": "Many cloud failures are policy, quota, or identity issues rather than source bugs.", - "body": "Do not patch app code before checking cloud prerequisites.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Do not patch app code before checking cloud prerequisites.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/knowledge/cloud-logs-sensitive.json b/packages/domain-packs/platform/cloud/documents/knowledge/cloud-logs-sensitive.json index baa393b7..19683506 100644 --- a/packages/domain-packs/platform/cloud/documents/knowledge/cloud-logs-sensitive.json +++ b/packages/domain-packs/platform/cloud/documents/knowledge/cloud-logs-sensitive.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:cloud:cloud-logs-sensitive", "type": "knowledge", "description": "Cloud logs can include request and identity data.", - "body": "Apply privacy/security redaction rules to diagnostic exports.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Apply privacy/security redaction rules to diagnostic exports.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/knowledge/resource-names-are-contract.json b/packages/domain-packs/platform/cloud/documents/knowledge/resource-names-are-contract.json index 2421e83c..f7175340 100644 --- a/packages/domain-packs/platform/cloud/documents/knowledge/resource-names-are-contract.json +++ b/packages/domain-packs/platform/cloud/documents/knowledge/resource-names-are-contract.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:cloud:resource-names-are-contract", "type": "knowledge", "description": "Cloud resource names can be referenced by scripts, DNS, IAM, and dashboards.", - "body": "Renaming resources may break external references.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Renaming resources may break external references.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/methodologies/cloud-failure-triage.json b/packages/domain-packs/platform/cloud/documents/methodologies/cloud-failure-triage.json index 12b31dbf..42f6f683 100644 --- a/packages/domain-packs/platform/cloud/documents/methodologies/cloud-failure-triage.json +++ b/packages/domain-packs/platform/cloud/documents/methodologies/cloud-failure-triage.json @@ -2,7 +2,7 @@ "ref_id": "methodology:cloud:cloud-failure-triage", "type": "methodology", "description": "Classify cloud failure as auth, quota, network, service, config, or app.", - "body": "Steps: capture error; inspect activity logs; check identity; check quota; correlate app logs; recommend next evidence.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: capture error; inspect activity logs; check identity; check quota; correlate app logs; recommend next evidence.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/methodologies/cloud-preflight.json b/packages/domain-packs/platform/cloud/documents/methodologies/cloud-preflight.json index 3520e030..0e89069b 100644 --- a/packages/domain-packs/platform/cloud/documents/methodologies/cloud-preflight.json +++ b/packages/domain-packs/platform/cloud/documents/methodologies/cloud-preflight.json @@ -2,7 +2,7 @@ "ref_id": "methodology:cloud:cloud-preflight", "type": "methodology", "description": "Check subscription/project, region, quota, identity, network, and secrets before deployment.", - "body": "Steps: inspect config; validate identity; check quota/region; verify dependencies; record blockers.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: inspect config; validate identity; check quota/region; verify dependencies; record blockers.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/methodologies/iac-review.json b/packages/domain-packs/platform/cloud/documents/methodologies/iac-review.json index 4ab049a7..3279643b 100644 --- a/packages/domain-packs/platform/cloud/documents/methodologies/iac-review.json +++ b/packages/domain-packs/platform/cloud/documents/methodologies/iac-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:cloud:iac-review", "type": "methodology", "description": "Review Terraform/Bicep/CloudFormation diffs for IAM, network, secrets, cost, and destructive changes.", - "body": "Steps: inspect plan/diff; identify creates/updates/deletes; review IAM/network/secrets; require approval for destructive changes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: inspect plan/diff; identify creates/updates/deletes; review IAM/network/secrets; require approval for destructive changes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/skills/cloud-preflight-report.json b/packages/domain-packs/platform/cloud/documents/skills/cloud-preflight-report.json index cbe9203d..4fcac307 100644 --- a/packages/domain-packs/platform/cloud/documents/skills/cloud-preflight-report.json +++ b/packages/domain-packs/platform/cloud/documents/skills/cloud-preflight-report.json @@ -2,7 +2,7 @@ "ref_id": "skill:cloud:cloud-preflight-report", "type": "skill", "description": "Produce a preflight report for cloud deployment readiness.", - "body": "Inputs: IaC/config and intended environment. Output: blockers, approval requirements, and evidence refs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Inputs: IaC/config and intended environment. Output: blockers, approval requirements, and evidence refs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/strategies/cost-and-quota-awareness.json b/packages/domain-packs/platform/cloud/documents/strategies/cost-and-quota-awareness.json index cad9375a..5d68c488 100644 --- a/packages/domain-packs/platform/cloud/documents/strategies/cost-and-quota-awareness.json +++ b/packages/domain-packs/platform/cloud/documents/strategies/cost-and-quota-awareness.json @@ -2,7 +2,7 @@ "ref_id": "strategy:cloud:cost-and-quota-awareness", "type": "strategy", "description": "Cloud changes need quota and cost awareness.", - "body": "Autoscaling, logs, storage, and GPU/compute resources can create unexpected cost or quota failures.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Autoscaling, logs, storage, and GPU/compute resources can create unexpected cost or quota failures.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/strategies/diagnostic-query-record.json b/packages/domain-packs/platform/cloud/documents/strategies/diagnostic-query-record.json index 987b2ae8..e70dbdaa 100644 --- a/packages/domain-packs/platform/cloud/documents/strategies/diagnostic-query-record.json +++ b/packages/domain-packs/platform/cloud/documents/strategies/diagnostic-query-record.json @@ -2,7 +2,7 @@ "ref_id": "strategy:cloud:diagnostic-query-record", "type": "strategy", "description": "Record cloud diagnostic queries and time windows as evidence.", - "body": "Cloud diagnostics should be replayable with query, scope, and time range.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Cloud diagnostics should be replayable with query, scope, and time range.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/strategies/iam-least-privilege.json b/packages/domain-packs/platform/cloud/documents/strategies/iam-least-privilege.json index 0241a6ea..0eceaf2e 100644 --- a/packages/domain-packs/platform/cloud/documents/strategies/iam-least-privilege.json +++ b/packages/domain-packs/platform/cloud/documents/strategies/iam-least-privilege.json @@ -2,7 +2,7 @@ "ref_id": "strategy:cloud:iam-least-privilege", "type": "strategy", "description": "Cloud identities should receive only needed actions and scopes.", - "body": "Cloud misconfiguration can expose data or infrastructure. Review identity, scope, and action boundaries.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Cloud misconfiguration can expose data or infrastructure. Review identity, scope, and action boundaries.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/cloud/documents/strategies/preflight-before-deploy.json b/packages/domain-packs/platform/cloud/documents/strategies/preflight-before-deploy.json index 7bce8c72..bdd43d03 100644 --- a/packages/domain-packs/platform/cloud/documents/strategies/preflight-before-deploy.json +++ b/packages/domain-packs/platform/cloud/documents/strategies/preflight-before-deploy.json @@ -2,7 +2,7 @@ "ref_id": "strategy:cloud:preflight-before-deploy", "type": "strategy", "description": "Validate region, quotas, identities, and dependencies before deployment.", - "body": "Cloud failures often come from missing prerequisites rather than code defects.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Cloud failures often come from missing prerequisites rather than code defects.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Cloud Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "cloud", "scope_hint": "platform.cloud:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/README.md b/packages/domain-packs/platform/docker/README.md index ea6fdf2c..4b70ce11 100644 --- a/packages/domain-packs/platform/docker/README.md +++ b/packages/domain-packs/platform/docker/README.md @@ -10,7 +10,7 @@ Does not approve production Kubernetes or cloud IAM changes. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/platform/docker/documents/failure_dossiers/copy-dot-root.json b/packages/domain-packs/platform/docker/documents/failure_dossiers/copy-dot-root.json index da187364..f4149769 100644 --- a/packages/domain-packs/platform/docker/documents/failure_dossiers/copy-dot-root.json +++ b/packages/domain-packs/platform/docker/documents/failure_dossiers/copy-dot-root.json @@ -2,7 +2,7 @@ "ref_id": "failure:docker:copy-dot-root", "type": "failure_dossier", "description": "COPY . can include secrets, caches, and unrelated files.", - "body": "Use .dockerignore and explicit copies.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use .dockerignore and explicit copies.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "docker", "scope_hint": "platform.docker:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/failure_dossiers/secret-in-arg.json b/packages/domain-packs/platform/docker/documents/failure_dossiers/secret-in-arg.json index 1fd9de62..aedc426b 100644 --- a/packages/domain-packs/platform/docker/documents/failure_dossiers/secret-in-arg.json +++ b/packages/domain-packs/platform/docker/documents/failure_dossiers/secret-in-arg.json @@ -2,7 +2,7 @@ "ref_id": "failure:docker:secret-in-arg", "type": "failure_dossier", "description": "Build args can leak through image history.", - "body": "Use secret mounts or runtime injection.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use secret mounts or runtime injection.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "docker", "scope_hint": "platform.docker:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/knowledge/dockerignore-security.json b/packages/domain-packs/platform/docker/documents/knowledge/dockerignore-security.json index fc565709..b57482e3 100644 --- a/packages/domain-packs/platform/docker/documents/knowledge/dockerignore-security.json +++ b/packages/domain-packs/platform/docker/documents/knowledge/dockerignore-security.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:docker:dockerignore-security", "type": "knowledge", "description": "A .dockerignore file is both performance and security control.", - "body": "It prevents unnecessary or sensitive files from entering build context.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "It prevents unnecessary or sensitive files from entering build context.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/knowledge/layers-retain-secrets.json b/packages/domain-packs/platform/docker/documents/knowledge/layers-retain-secrets.json index 10926720..19e9d62a 100644 --- a/packages/domain-packs/platform/docker/documents/knowledge/layers-retain-secrets.json +++ b/packages/domain-packs/platform/docker/documents/knowledge/layers-retain-secrets.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:docker:layers-retain-secrets", "type": "knowledge", "description": "Secrets copied into image layers can remain after later deletion.", - "body": "Never copy secrets into build layers.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Never copy secrets into build layers.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/knowledge/root-container-risk.json b/packages/domain-packs/platform/docker/documents/knowledge/root-container-risk.json index 7abcfce1..e044ffe8 100644 --- a/packages/domain-packs/platform/docker/documents/knowledge/root-container-risk.json +++ b/packages/domain-packs/platform/docker/documents/knowledge/root-container-risk.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:docker:root-container-risk", "type": "knowledge", "description": "Running as root in containers increases blast radius.", - "body": "Use non-root runtime users where practical.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Use non-root runtime users where practical.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/methodologies/compose-dev-check.json b/packages/domain-packs/platform/docker/documents/methodologies/compose-dev-check.json index 741245b1..e195f1bd 100644 --- a/packages/domain-packs/platform/docker/documents/methodologies/compose-dev-check.json +++ b/packages/domain-packs/platform/docker/documents/methodologies/compose-dev-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:docker:compose-dev-check", "type": "methodology", "description": "Validate compose services, volumes, env vars, health checks, and network names.", - "body": "Steps: inspect services; identify persistent volumes; verify env defaults; check dependencies and health checks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: inspect services; identify persistent volumes; verify env defaults; check dependencies and health checks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/methodologies/dockerfile-review.json b/packages/domain-packs/platform/docker/documents/methodologies/dockerfile-review.json index ad46a1bc..e61c005b 100644 --- a/packages/domain-packs/platform/docker/documents/methodologies/dockerfile-review.json +++ b/packages/domain-packs/platform/docker/documents/methodologies/dockerfile-review.json @@ -2,7 +2,7 @@ "ref_id": "methodology:docker:dockerfile-review", "type": "methodology", "description": "Review base image, context, layers, users, ports, secrets, and runtime command.", - "body": "Steps: inspect Dockerfile; inspect .dockerignore; check user; check exposed ports; build if needed; inspect image contents.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: inspect Dockerfile; inspect .dockerignore; check user; check exposed ports; build if needed; inspect image contents.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/methodologies/image-smoke-test.json b/packages/domain-packs/platform/docker/documents/methodologies/image-smoke-test.json index fd01f0fd..f7f32254 100644 --- a/packages/domain-packs/platform/docker/documents/methodologies/image-smoke-test.json +++ b/packages/domain-packs/platform/docker/documents/methodologies/image-smoke-test.json @@ -2,7 +2,7 @@ "ref_id": "methodology:docker:image-smoke-test", "type": "methodology", "description": "Build image, run container, and execute a minimal health path.", - "body": "Steps: build; run with minimal env; check logs; call health endpoint or command; stop and clean up.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: build; run with minimal env; check logs; call health endpoint or command; stop and clean up.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/skills/validate-docker-build.json b/packages/domain-packs/platform/docker/documents/skills/validate-docker-build.json index 5e6d6ead..ef620590 100644 --- a/packages/domain-packs/platform/docker/documents/skills/validate-docker-build.json +++ b/packages/domain-packs/platform/docker/documents/skills/validate-docker-build.json @@ -2,7 +2,7 @@ "ref_id": "skill:docker:validate-docker-build", "type": "skill", "description": "Inspect and optionally build a Docker image with evidence output.", - "body": "Inputs: Dockerfile path. Output: risk findings, build command, health evidence.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Inputs: Dockerfile path. Output: risk findings, build command, health evidence.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/strategies/healthcheck-meaningful.json b/packages/domain-packs/platform/docker/documents/strategies/healthcheck-meaningful.json index 64597d7e..091fef50 100644 --- a/packages/domain-packs/platform/docker/documents/strategies/healthcheck-meaningful.json +++ b/packages/domain-packs/platform/docker/documents/strategies/healthcheck-meaningful.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docker:healthcheck-meaningful", "type": "strategy", "description": "Container health checks should verify real readiness, not only process existence.", - "body": "A running process may still be unable to serve requests.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "A running process may still be unable to serve requests.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/strategies/multi-stage-runtime.json b/packages/domain-packs/platform/docker/documents/strategies/multi-stage-runtime.json index 06fd2a45..9b37cf3e 100644 --- a/packages/domain-packs/platform/docker/documents/strategies/multi-stage-runtime.json +++ b/packages/domain-packs/platform/docker/documents/strategies/multi-stage-runtime.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docker:multi-stage-runtime", "type": "strategy", "description": "Use build stages to keep runtime images small and free of build secrets.", - "body": "Build tooling and credentials should not remain in runtime layers.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Build tooling and credentials should not remain in runtime layers.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/strategies/no-secrets-in-image.json b/packages/domain-packs/platform/docker/documents/strategies/no-secrets-in-image.json index fc02b399..df824ac4 100644 --- a/packages/domain-packs/platform/docker/documents/strategies/no-secrets-in-image.json +++ b/packages/domain-packs/platform/docker/documents/strategies/no-secrets-in-image.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docker:no-secrets-in-image", "type": "strategy", "description": "Do not bake secrets into image layers or compose files.", - "body": "Image layers are persistent and shareable. Secrets need runtime injection through approved mechanisms.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Image layers are persistent and shareable. Secrets need runtime injection through approved mechanisms.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/docker/documents/strategies/small-build-context.json b/packages/domain-packs/platform/docker/documents/strategies/small-build-context.json index 7b551a6c..480fe97f 100644 --- a/packages/domain-packs/platform/docker/documents/strategies/small-build-context.json +++ b/packages/domain-packs/platform/docker/documents/strategies/small-build-context.json @@ -2,7 +2,7 @@ "ref_id": "strategy:docker:small-build-context", "type": "strategy", "description": "Keep Docker build context minimal and intentional.", - "body": "Large contexts leak files and slow builds. Use .dockerignore and explicit copies.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Large contexts leak files and slow builds. Use .dockerignore and explicit copies.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Docker Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "docker", "scope_hint": "platform.docker:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/README.md b/packages/domain-packs/platform/local-dev/README.md index 33c7d628..c557abbc 100644 --- a/packages/domain-packs/platform/local-dev/README.md +++ b/packages/domain-packs/platform/local-dev/README.md @@ -10,7 +10,7 @@ Does not mutate production services or secrets. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/platform/local-dev/documents/failure_dossiers/production-secret-local.json b/packages/domain-packs/platform/local-dev/documents/failure_dossiers/production-secret-local.json index f0e4cbed..0d6221cb 100644 --- a/packages/domain-packs/platform/local-dev/documents/failure_dossiers/production-secret-local.json +++ b/packages/domain-packs/platform/local-dev/documents/failure_dossiers/production-secret-local.json @@ -2,7 +2,7 @@ "ref_id": "failure:local_dev:production-secret-local", "type": "failure_dossier", "description": "Using production secrets for local smoke tests increases blast radius.", - "body": "Use dev credentials or mocks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Use dev credentials or mocks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "local_dev", "scope_hint": "platform.local-dev:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/failure_dossiers/server-left-running.json b/packages/domain-packs/platform/local-dev/documents/failure_dossiers/server-left-running.json index 896aca92..df93899a 100644 --- a/packages/domain-packs/platform/local-dev/documents/failure_dossiers/server-left-running.json +++ b/packages/domain-packs/platform/local-dev/documents/failure_dossiers/server-left-running.json @@ -2,7 +2,7 @@ "ref_id": "failure:local_dev:server-left-running", "type": "failure_dossier", "description": "Leaving unmanaged dev servers can conflict with later runs.", - "body": "Record session or stop when done.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Record session or stop when done.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "local_dev", "scope_hint": "platform.local-dev:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/knowledge/env-defaults-help-onboarding.json b/packages/domain-packs/platform/local-dev/documents/knowledge/env-defaults-help-onboarding.json index 8dcb33fb..cfd8b7ec 100644 --- a/packages/domain-packs/platform/local-dev/documents/knowledge/env-defaults-help-onboarding.json +++ b/packages/domain-packs/platform/local-dev/documents/knowledge/env-defaults-help-onboarding.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:local_dev:env-defaults-help-onboarding", "type": "knowledge", "description": "Safe local defaults reduce setup friction.", - "body": "Provide placeholders for secrets and mocks where possible.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Provide placeholders for secrets and mocks where possible.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/knowledge/generated-files-need-command.json b/packages/domain-packs/platform/local-dev/documents/knowledge/generated-files-need-command.json index c0da9bdb..ed2fdd4a 100644 --- a/packages/domain-packs/platform/local-dev/documents/knowledge/generated-files-need-command.json +++ b/packages/domain-packs/platform/local-dev/documents/knowledge/generated-files-need-command.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:local_dev:generated-files-need-command", "type": "knowledge", "description": "Generated local artifacts need reproducible commands.", - "body": "Document how to regenerate them.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Document how to regenerate them.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/knowledge/localhost-not-production.json b/packages/domain-packs/platform/local-dev/documents/knowledge/localhost-not-production.json index 2b69041a..647ca36f 100644 --- a/packages/domain-packs/platform/local-dev/documents/knowledge/localhost-not-production.json +++ b/packages/domain-packs/platform/local-dev/documents/knowledge/localhost-not-production.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:local_dev:localhost-not-production", "type": "knowledge", "description": "Local dev behavior may differ from deployed environment.", - "body": "Do not generalize local-only results without environment notes.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Do not generalize local-only results without environment notes.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/methodologies/dev-server-startup.json b/packages/domain-packs/platform/local-dev/documents/methodologies/dev-server-startup.json index dbb1de2c..2853d7a6 100644 --- a/packages/domain-packs/platform/local-dev/documents/methodologies/dev-server-startup.json +++ b/packages/domain-packs/platform/local-dev/documents/methodologies/dev-server-startup.json @@ -2,7 +2,7 @@ "ref_id": "methodology:local_dev:dev-server-startup", "type": "methodology", "description": "Start local service, inspect logs, open route, and run smoke path.", - "body": "Steps: install deps if needed; check port; start server; inspect logs; run browser or HTTP smoke; stop or report session.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: install deps if needed; check port; start server; inspect logs; run browser or HTTP smoke; stop or report session.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/methodologies/local-bootstrap-check.json b/packages/domain-packs/platform/local-dev/documents/methodologies/local-bootstrap-check.json index 6222fb74..c8552bfa 100644 --- a/packages/domain-packs/platform/local-dev/documents/methodologies/local-bootstrap-check.json +++ b/packages/domain-packs/platform/local-dev/documents/methodologies/local-bootstrap-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:local_dev:local-bootstrap-check", "type": "methodology", "description": "Validate runtime, package manager, lockfile, env vars, and generated files.", - "body": "Steps: inspect lockfile; check runtime version; install deps if required; generate artifacts; run typecheck/smoke.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: inspect lockfile; check runtime version; install deps if required; generate artifacts; run typecheck/smoke.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/methodologies/port-conflict-triage.json b/packages/domain-packs/platform/local-dev/documents/methodologies/port-conflict-triage.json index 0a14f64d..48204b79 100644 --- a/packages/domain-packs/platform/local-dev/documents/methodologies/port-conflict-triage.json +++ b/packages/domain-packs/platform/local-dev/documents/methodologies/port-conflict-triage.json @@ -2,7 +2,7 @@ "ref_id": "methodology:local_dev:port-conflict-triage", "type": "methodology", "description": "Find and resolve local port conflicts safely.", - "body": "Steps: identify desired port; list process; decide reuse, stop, or choose alternate port; record final URL.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Steps: identify desired port; list process; decide reuse, stop, or choose alternate port; record final URL.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/skills/start-dev-smoke.json b/packages/domain-packs/platform/local-dev/documents/skills/start-dev-smoke.json index 3b43bfff..8aad767d 100644 --- a/packages/domain-packs/platform/local-dev/documents/skills/start-dev-smoke.json +++ b/packages/domain-packs/platform/local-dev/documents/skills/start-dev-smoke.json @@ -2,7 +2,7 @@ "ref_id": "skill:local_dev:start-dev-smoke", "type": "skill", "description": "Start local dev server and verify a smoke route.", - "body": "Inputs: package dir and route. Output: URL, logs, smoke result, and cleanup note.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Inputs: package dir and route. Output: URL, logs, smoke result, and cleanup note.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/strategies/env-file-boundary.json b/packages/domain-packs/platform/local-dev/documents/strategies/env-file-boundary.json index c9f8eca7..765ea6ad 100644 --- a/packages/domain-packs/platform/local-dev/documents/strategies/env-file-boundary.json +++ b/packages/domain-packs/platform/local-dev/documents/strategies/env-file-boundary.json @@ -2,7 +2,7 @@ "ref_id": "strategy:local_dev:env-file-boundary", "type": "strategy", "description": "Separate local env defaults from secrets and production config.", - "body": "Local setup should not require production secrets.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Local setup should not require production secrets.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/strategies/port-and-process-check.json b/packages/domain-packs/platform/local-dev/documents/strategies/port-and-process-check.json index 4a75c6e3..bb84a74c 100644 --- a/packages/domain-packs/platform/local-dev/documents/strategies/port-and-process-check.json +++ b/packages/domain-packs/platform/local-dev/documents/strategies/port-and-process-check.json @@ -2,7 +2,7 @@ "ref_id": "strategy:local_dev:port-and-process-check", "type": "strategy", "description": "Check ports and existing processes before starting dev servers.", - "body": "A dev server failure may be port collision or stale process.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "A dev server failure may be port collision or stale process.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/platform/local-dev/documents/strategies/watcher-scope.json b/packages/domain-packs/platform/local-dev/documents/strategies/watcher-scope.json index 95291a78..e2c8699c 100644 --- a/packages/domain-packs/platform/local-dev/documents/strategies/watcher-scope.json +++ b/packages/domain-packs/platform/local-dev/documents/strategies/watcher-scope.json @@ -2,7 +2,7 @@ "ref_id": "strategy:local_dev:watcher-scope", "type": "strategy", "description": "Keep file watchers scoped to project paths.", - "body": "Broad watchers slow dev loops and can trigger on generated files.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", + "body": "Broad watchers slow dev loops and can trigger on generated files.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when Local Development Platform work touches environment state, artifacts, permissions, logs, deployment descriptors, and rollback evidence. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include dry-run output, local smoke, artifact checks, config diffs, and rollback notes. Risk boundary: escalate or stop when the task involves external state drift, secret exposure, irreversible changes, and unowned operational impact, missing owner evidence, or live external state.", "domain": "local_dev", "scope_hint": "platform.local-dev:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/README.md b/packages/domain-packs/risk/supply-chain/README.md index 50371492..935ee364 100644 --- a/packages/domain-packs/risk/supply-chain/README.md +++ b/packages/domain-packs/risk/supply-chain/README.md @@ -10,7 +10,7 @@ Does not provide legal advice or automatically approve external code execution. ## Source Basis -Derived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form. +Derived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form. ## Composition diff --git a/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/blind-install.json b/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/blind-install.json index 185069a1..0c778eca 100644 --- a/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/blind-install.json +++ b/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/blind-install.json @@ -2,7 +2,7 @@ "ref_id": "failure:supply_chain:blind-install", "type": "failure_dossier", "description": "Installing external packages or skills without provenance review expands attack surface.", - "body": "Review before enabling.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Review before enabling.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/license-ignored.json b/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/license-ignored.json index da697475..7e02a627 100644 --- a/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/license-ignored.json +++ b/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/license-ignored.json @@ -2,7 +2,7 @@ "ref_id": "failure:supply_chain:license-ignored", "type": "failure_dossier", "description": "Ignoring missing or restrictive licenses can block distribution.", - "body": "Treat license gaps as blockers.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Treat license gaps as blockers.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/script-hidden-in-lockfile.json b/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/script-hidden-in-lockfile.json index b140388b..6cd8096f 100644 --- a/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/script-hidden-in-lockfile.json +++ b/packages/domain-packs/risk/supply-chain/documents/failure_dossiers/script-hidden-in-lockfile.json @@ -2,7 +2,7 @@ "ref_id": "failure:supply_chain:script-hidden-in-lockfile", "type": "failure_dossier", "description": "Transitive package scripts can execute during install.", - "body": "Inspect package lifecycle hooks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", + "body": "Inspect package lifecycle hooks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nDiagnostic use only: keep this out of index.json and use it only as a blocked/do-not-use signal.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:failure_dossiers", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/knowledge/generated-low-provenance.json b/packages/domain-packs/risk/supply-chain/documents/knowledge/generated-low-provenance.json index 94150143..36cb189c 100644 --- a/packages/domain-packs/risk/supply-chain/documents/knowledge/generated-low-provenance.json +++ b/packages/domain-packs/risk/supply-chain/documents/knowledge/generated-low-provenance.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:supply_chain:generated-low-provenance", "type": "knowledge", "description": "Generated or low-provenance catalogs need quarantine or manual review.", - "body": "Do not promote generated skill content directly into active packs.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Do not promote generated skill content directly into active packs.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/knowledge/license-missing-is-risk.json b/packages/domain-packs/risk/supply-chain/documents/knowledge/license-missing-is-risk.json index 5b71e925..c4e73e0a 100644 --- a/packages/domain-packs/risk/supply-chain/documents/knowledge/license-missing-is-risk.json +++ b/packages/domain-packs/risk/supply-chain/documents/knowledge/license-missing-is-risk.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:supply_chain:license-missing-is-risk", "type": "knowledge", "description": "Missing or restrictive license is a promotion blocker for reusable package content.", - "body": "The local skill inventory marks license_missing and license_restrictive as trust risks.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "The local skill inventory marks license_missing and license_restrictive as trust risks.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/knowledge/scripts-are-execution.json b/packages/domain-packs/risk/supply-chain/documents/knowledge/scripts-are-execution.json index 047eb220..863bddb8 100644 --- a/packages/domain-packs/risk/supply-chain/documents/knowledge/scripts-are-execution.json +++ b/packages/domain-packs/risk/supply-chain/documents/knowledge/scripts-are-execution.json @@ -2,7 +2,7 @@ "ref_id": "knowledge:supply_chain:scripts-are-execution", "type": "knowledge", "description": "Install and hook scripts are executable code, not metadata.", - "body": "Treat scripts as permissioned operations that need review.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Treat scripts as permissioned operations that need review.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: use the fact to constrain the change and test plan; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:knowledge", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/methodologies/dependency-incident-check.json b/packages/domain-packs/risk/supply-chain/documents/methodologies/dependency-incident-check.json index 0ba6d459..7c3a3553 100644 --- a/packages/domain-packs/risk/supply-chain/documents/methodologies/dependency-incident-check.json +++ b/packages/domain-packs/risk/supply-chain/documents/methodologies/dependency-incident-check.json @@ -2,7 +2,7 @@ "ref_id": "methodology:supply_chain:dependency-incident-check", "type": "methodology", "description": "When a dependency appears risky, find exposure and mitigation path.", - "body": "Steps: identify installed version; locate usage; inspect advisories; decide update, pin, remove, or isolate.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Steps: identify installed version; locate usage; inspect advisories; decide update, pin, remove, or isolate.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/methodologies/external-skill-promotion.json b/packages/domain-packs/risk/supply-chain/documents/methodologies/external-skill-promotion.json index e6a3c76a..11ccef32 100644 --- a/packages/domain-packs/risk/supply-chain/documents/methodologies/external-skill-promotion.json +++ b/packages/domain-packs/risk/supply-chain/documents/methodologies/external-skill-promotion.json @@ -2,7 +2,7 @@ "ref_id": "methodology:supply_chain:external-skill-promotion", "type": "methodology", "description": "Promote external skills only through reviewed candidate path.", - "body": "Steps: parse metadata; classify domain; deduplicate; check risk flags; run conformance; keep bodies out of active registry until approved.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Steps: parse metadata; classify domain; deduplicate; check risk flags; run conformance; keep bodies out of active registry until approved.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/methodologies/supply-chain-rereview-gate.json b/packages/domain-packs/risk/supply-chain/documents/methodologies/supply-chain-rereview-gate.json index 2956dde6..45ab1d0e 100644 --- a/packages/domain-packs/risk/supply-chain/documents/methodologies/supply-chain-rereview-gate.json +++ b/packages/domain-packs/risk/supply-chain/documents/methodologies/supply-chain-rereview-gate.json @@ -2,7 +2,7 @@ "ref_id": "methodology:supply_chain:supply-chain-rereview-gate", "type": "methodology", "description": "Check license, dependency delta, scripts, permissions, provenance, and runtime behavior.", - "body": "Steps: identify new external code; inspect license/provenance; review lockfile; inspect scripts/hooks; run sandbox validation; record approval or quarantine.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Steps: identify new external code; inspect license/provenance; review lockfile; inspect scripts/hooks; run sandbox validation; record approval or quarantine.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: follow the ordered review, edit, and validation sequence; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:methodologies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/skills/review-dependency-delta.json b/packages/domain-packs/risk/supply-chain/documents/skills/review-dependency-delta.json index 27f03e15..c85524fa 100644 --- a/packages/domain-packs/risk/supply-chain/documents/skills/review-dependency-delta.json +++ b/packages/domain-packs/risk/supply-chain/documents/skills/review-dependency-delta.json @@ -2,7 +2,7 @@ "ref_id": "skill:supply_chain:review-dependency-delta", "type": "skill", "description": "Inspect dependency and lockfile changes for supply-chain risk.", - "body": "Inputs: diff and manifests. Output: new packages, scripts, license/provenance risks, and required gates.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Inputs: diff and manifests. Output: new packages, scripts, license/provenance risks, and required gates.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSkill contract: expose this as an index-visible capability for high/max/ultra, but load body only when triggers and permissions match. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: run the documented inspection and validation workflow; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:skills", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/strategies/lockfile-delta-review.json b/packages/domain-packs/risk/supply-chain/documents/strategies/lockfile-delta-review.json index 564f4714..a414d6d8 100644 --- a/packages/domain-packs/risk/supply-chain/documents/strategies/lockfile-delta-review.json +++ b/packages/domain-packs/risk/supply-chain/documents/strategies/lockfile-delta-review.json @@ -2,7 +2,7 @@ "ref_id": "strategy:supply_chain:lockfile-delta-review", "type": "strategy", "description": "Review lockfile changes as executable supply-chain changes.", - "body": "Transitive dependencies and install scripts can change behavior without source edits.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Transitive dependencies and install scripts can change behavior without source edits.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/strategies/rereview-external-change.json b/packages/domain-packs/risk/supply-chain/documents/strategies/rereview-external-change.json index 294621d2..4546aea2 100644 --- a/packages/domain-packs/risk/supply-chain/documents/strategies/rereview-external-change.json +++ b/packages/domain-packs/risk/supply-chain/documents/strategies/rereview-external-change.json @@ -2,7 +2,7 @@ "ref_id": "strategy:supply_chain:rereview-external-change", "type": "strategy", "description": "External skill, plugin, or package changes trigger provenance and permission rereview.", - "body": "Reviewed skill rules call out license, dependency, script, permission, and provenance checks before promotion.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Reviewed skill rules call out license, dependency, script, permission, and provenance checks before promotion.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/strategies/script-permission-gate.json b/packages/domain-packs/risk/supply-chain/documents/strategies/script-permission-gate.json index 10b3e2f7..23a9d1ae 100644 --- a/packages/domain-packs/risk/supply-chain/documents/strategies/script-permission-gate.json +++ b/packages/domain-packs/risk/supply-chain/documents/strategies/script-permission-gate.json @@ -2,7 +2,7 @@ "ref_id": "strategy:supply_chain:script-permission-gate", "type": "strategy", "description": "Inspect install, postinstall, hook, and generated scripts before enabling.", - "body": "Scripts can write network, filesystem, credentials, or generated code.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Scripts can write network, filesystem, credentials, or generated code.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:strategies", "evidence_strength": "medium", diff --git a/packages/domain-packs/risk/supply-chain/documents/strategies/source-trust-tier.json b/packages/domain-packs/risk/supply-chain/documents/strategies/source-trust-tier.json index d8f3de96..b0a10857 100644 --- a/packages/domain-packs/risk/supply-chain/documents/strategies/source-trust-tier.json +++ b/packages/domain-packs/risk/supply-chain/documents/strategies/source-trust-tier.json @@ -2,7 +2,7 @@ "ref_id": "strategy:supply_chain:source-trust-tier", "type": "strategy", "description": "Apply stricter gates to unknown, generated, or license-missing sources.", - "body": "Trust metadata should affect whether a candidate is admitted, quarantined, or escalated.\n\nDerived from local skill survey outputs under /Users/xiuranli/code/agent/skill, especially reviewed canonical rules, coverage reports, and trusted local skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", + "body": "Trust metadata should affect whether a candidate is admitted, quarantined, or escalated.\n\nDerived from reviewed skill survey outputs, including canonical rules, coverage reports, and trusted skill notes. Paraphrased into domain-pack seed form.\n\nSource rule: this is a generalized, paraphrased seed from local skill survey material; apply only with current repository evidence and more specific pack precedence. Use when software supply-chain risk work touches lockfile deltas, registry provenance, install scripts, dependency ownership, licenses, and build artifacts. Do not use this guidance to override a more specific pack, user instruction, or repository contract. Actions: choose the smallest direction that preserves the domain contract; inspect the current files first, keep the change scoped to the owning boundary, and record what evidence changed the decision. Validation signals include lockfile review, package metadata checks, reproducible install output, license scan evidence, and CI artifact comparison. Risk boundary: escalate or stop when the task involves untrusted install scripts, typosquatting, broad upgrades, license surprises, and unverifiable generated artifacts, missing owner evidence, or live external state.", "domain": "supply_chain", "scope_hint": "risk.supply-chain:strategies", "evidence_strength": "medium", diff --git a/packages/sdk/js/script/build.ts b/packages/sdk/js/script/build.ts index 797f2a3e..47924213 100755 --- a/packages/sdk/js/script/build.ts +++ b/packages/sdk/js/script/build.ts @@ -65,10 +65,10 @@ const sseTypesPatched = sseTypesSource.replace( "=> Promise>", "=> Promise>", ) -if (sseTypesPatched === sseTypesSource) { +if (sseTypesPatched === sseTypesSource && !sseTypesSource.includes("=> Promise>")) { throw new Error(`SseFn patch did not apply; @hey-api/openapi-ts output may have changed (${sseTypesPath})`) } -await Bun.write(sseTypesPath, sseTypesPatched) +if (sseTypesPatched !== sseTypesSource) await Bun.write(sseTypesPath, sseTypesPatched) await $`bun prettier --write src/gen` await $`bun prettier --write src/v2` diff --git a/packages/sdk/js/src/gen/client/client.gen.ts b/packages/sdk/js/src/gen/client/client.gen.ts index 627e98ec..0092e144 100644 --- a/packages/sdk/js/src/gen/client/client.gen.ts +++ b/packages/sdk/js/src/gen/client/client.gen.ts @@ -31,20 +31,24 @@ export const createClient = (config: Config = {}): Client => { const interceptors = createInterceptors() - const beforeRequest = async (options: RequestOptions) => { + const beforeRequest = async < + TData = unknown, + TResponseStyle extends "data" | "fields" = "fields", + ThrowOnError extends boolean = boolean, + Url extends string = string, + >( + options: RequestOptions, + ) => { const opts = { ..._config, ...options, fetch: options.fetch ?? _config.fetch ?? globalThis.fetch, headers: mergeHeaders(_config.headers, options.headers), - serializedBody: undefined, + serializedBody: undefined as string | undefined, } if (opts.security) { - await setAuthParams({ - ...opts, - security: opts.security, - }) + await setAuthParams(opts) } if (opts.requestValidator) { @@ -52,7 +56,7 @@ export const createClient = (config: Config = {}): Client => { } if (opts.body !== undefined && opts.bodySerializer) { - opts.serializedBody = opts.bodySerializer(opts.body) + opts.serializedBody = opts.bodySerializer(opts.body) as string | undefined } // remove Content-Type header if body is empty to avoid sending invalid requests @@ -60,176 +64,159 @@ export const createClient = (config: Config = {}): Client => { opts.headers.delete("Content-Type") } - const url = buildUrl(opts) + const resolvedOpts = opts as typeof opts & ResolvedRequestOptions + const url = buildUrl(resolvedOpts) - return { opts, url } + return { opts: resolvedOpts, url } } const request: Client["request"] = async (options) => { - // @ts-expect-error - const { opts, url } = await beforeRequest(options) - const requestInit: ReqInit = { - redirect: "follow", - ...opts, - body: getValidRequestBody(opts), - } + const throwOnError = options.throwOnError ?? _config.throwOnError + const responseStyle = options.responseStyle ?? _config.responseStyle - let request = new Request(url, requestInit) + let request: Request | undefined + let response: Response | undefined - for (const fn of interceptors.request.fns) { - if (fn) { - request = await fn(request, opts) + try { + const { opts, url } = await beforeRequest(options) + const requestInit: ReqInit = { + redirect: "follow", + ...opts, + body: getValidRequestBody(opts), } - } - // fetch must be assigned here, otherwise it would throw the error: - // TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation - const _fetch = opts.fetch! - let response: Response + request = new Request(url, requestInit) - try { - response = await _fetch(request) - } catch (error) { - // Handle fetch exceptions (AbortError, network errors, etc.) - let finalError = error - - for (const fn of interceptors.error.fns) { + for (const fn of interceptors.request.fns) { if (fn) { - finalError = (await fn(error, undefined as any, request, opts)) as unknown + request = await fn(request, opts) } } - finalError = finalError || ({} as unknown) + // fetch must be assigned here, otherwise it would throw the error: + // TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation + const _fetch = opts.fetch! - if (opts.throwOnError) { - throw finalError - } - - // Return error response - return opts.responseStyle === "data" - ? undefined - : { - error: finalError, - request, - response: undefined as any, - } - } + response = await _fetch(request) - for (const fn of interceptors.response.fns) { - if (fn) { - response = await fn(response, request, opts) + for (const fn of interceptors.response.fns) { + if (fn) { + response = await fn(response, request, opts) + } } - } - const result = { - request, - response, - } + const result = { + request, + response, + } - if (response.ok) { - const parseAs = - (opts.parseAs === "auto" ? getParseAs(response.headers.get("Content-Type")) : opts.parseAs) ?? "json" + if (response.ok) { + const parseAs = + (opts.parseAs === "auto" ? getParseAs(response.headers.get("Content-Type")) : opts.parseAs) ?? "json" + + if (response.status === 204 || response.headers.get("Content-Length") === "0") { + let emptyData: any + switch (parseAs) { + case "arrayBuffer": + case "blob": + case "text": + emptyData = await response[parseAs]() + break + case "formData": + emptyData = new FormData() + break + case "stream": + emptyData = response.body + break + case "json": + default: + emptyData = {} + break + } + return opts.responseStyle === "data" + ? emptyData + : { + data: emptyData, + ...result, + } + } - if (response.status === 204 || response.headers.get("Content-Length") === "0") { - let emptyData: any + let data: any switch (parseAs) { case "arrayBuffer": case "blob": + case "formData": case "text": - emptyData = await response[parseAs]() + data = await response[parseAs]() break - case "formData": - emptyData = new FormData() + case "json": { + // Some servers return 200 with no Content-Length and empty body. + // response.json() would throw; read as text and parse if non-empty. + const text = await response.text() + data = text ? JSON.parse(text) : {} break + } case "stream": - emptyData = response.body - break - case "json": - default: - emptyData = {} - break + return opts.responseStyle === "data" + ? response.body + : { + data: response.body, + ...result, + } + } + + if (parseAs === "json") { + if (opts.responseValidator) { + await opts.responseValidator(data) + } + + if (opts.responseTransformer) { + data = await opts.responseTransformer(data) + } } + return opts.responseStyle === "data" - ? emptyData + ? data : { - data: emptyData, + data, ...result, } } - let data: any - switch (parseAs) { - case "arrayBuffer": - case "blob": - case "formData": - case "text": - data = await response[parseAs]() - break - case "json": { - // Some servers return 200 with no Content-Length and empty body. - // response.json() would throw; read as text and parse if non-empty. - const text = await response.text() - data = text ? JSON.parse(text) : {} - break - } - case "stream": - return opts.responseStyle === "data" - ? response.body - : { - data: response.body, - ...result, - } + const textError = await response.text() + let jsonError: unknown + + try { + jsonError = JSON.parse(textError) + } catch { + // noop } - if (parseAs === "json") { - if (opts.responseValidator) { - await opts.responseValidator(data) - } + throw jsonError ?? textError + } catch (error) { + let finalError = error - if (opts.responseTransformer) { - data = await opts.responseTransformer(data) + for (const fn of interceptors.error.fns) { + if (fn) { + finalError = await fn(finalError, response, request, options as ResolvedRequestOptions) } } - return opts.responseStyle === "data" - ? data - : { - data, - ...result, - } - } - - const textError = await response.text() - let jsonError: unknown + finalError = finalError || {} - try { - jsonError = JSON.parse(textError) - } catch { - // noop - } - - const error = jsonError ?? textError - let finalError = error - - for (const fn of interceptors.error.fns) { - if (fn) { - finalError = (await fn(error, response, request, opts)) as string + if (throwOnError) { + throw finalError } - } - finalError = finalError || ({} as string) - - if (opts.throwOnError) { - throw finalError + // TODO: we probably want to return error and improve types + return responseStyle === "data" + ? undefined + : { + error: finalError, + request, + response, + } } - - // TODO: we probably want to return error and improve types - return opts.responseStyle === "data" - ? undefined - : { - error: finalError, - ...result, - } } const makeMethodFn = (method: Uppercase) => (options: RequestOptions) => request({ ...options, method }) @@ -239,7 +226,6 @@ export const createClient = (config: Config = {}): Client => { return createSseClient({ ...opts, body: opts.body as BodyInit | null | undefined, - headers: opts.headers as unknown as Record, method, onRequest: async (url, init) => { let request = new Request(url, init) @@ -255,8 +241,10 @@ export const createClient = (config: Config = {}): Client => { }) } + const _buildUrl: Client["buildUrl"] = (options) => buildUrl({ ..._config, ...options }) + return { - buildUrl, + buildUrl: _buildUrl, connect: makeMethodFn("CONNECT"), delete: makeMethodFn("DELETE"), get: makeMethodFn("GET"), diff --git a/packages/sdk/js/src/gen/client/types.gen.ts b/packages/sdk/js/src/gen/client/types.gen.ts index e053aa40..d03f2cfa 100644 --- a/packages/sdk/js/src/gen/client/types.gen.ts +++ b/packages/sdk/js/src/gen/client/types.gen.ts @@ -62,7 +62,7 @@ export interface RequestOptions< }>, Pick< ServerSentEventsOptions, - "onSseError" | "onSseEvent" | "sseDefaultRetryDelay" | "sseMaxRetryAttempts" | "sseMaxRetryDelay" + "onRequest" | "onSseError" | "onSseEvent" | "sseDefaultRetryDelay" | "sseMaxRetryAttempts" | "sseMaxRetryDelay" > { /** * Any body that you want to add to your request. @@ -84,6 +84,7 @@ export interface ResolvedRequestOptions< ThrowOnError extends boolean = boolean, Url extends string = string, > extends RequestOptions { + headers: Headers serializedBody?: string } @@ -117,8 +118,10 @@ export type RequestResult< error: TError extends Record ? TError[keyof TError] : TError } ) & { - request: Request - response: Response + /** request may be undefined, because error may be from building the request object itself */ + request?: Request + /** response may be undefined, because error may be from building the request object itself or from a network error */ + response?: Response } > @@ -139,12 +142,13 @@ type MethodFn = < type SseFn = < TData = unknown, - TError = unknown, + // eslint-disable-next-line @typescript-eslint/no-unused-vars + _TError = unknown, ThrowOnError extends boolean = false, TResponseStyle extends ResponseStyle = "fields", >( - options: Omit, "method">, -) => Promise> + options: Omit, "method">, +) => Promise> type RequestFn = < TData = unknown, diff --git a/packages/sdk/js/src/gen/client/utils.gen.ts b/packages/sdk/js/src/gen/client/utils.gen.ts index 3b1dfb78..23059250 100644 --- a/packages/sdk/js/src/gen/client/utils.gen.ts +++ b/packages/sdk/js/src/gen/client/utils.gen.ts @@ -105,14 +105,12 @@ const checkForExistence = ( return false } -export const setAuthParams = async ({ - security, - ...options -}: Pick, "security"> & - Pick & { +export async function setAuthParams( + options: Pick & { headers: Headers - }) => { - for (const auth of security) { + }, +): Promise { + for (const auth of options.security ?? []) { if (checkForExistence(options, auth.name)) { continue } @@ -189,7 +187,7 @@ export const mergeHeaders = (...headers: Array["headers"] | und mergedHeaders.append(key, v as string) } } else if (value !== undefined) { - // assume object headers are meant to be JSON stringified, i.e. their + // assume object headers are meant to be JSON stringified, i.e., their // content value in OpenAPI specification is 'application/json' mergedHeaders.set(key, typeof value === "object" ? JSON.stringify(value) : (value as string)) } @@ -200,8 +198,10 @@ export const mergeHeaders = (...headers: Array["headers"] | und type ErrInterceptor = ( error: Err, - response: Res, - request: Req, + /** response may be undefined due to a network error where no response object is produced */ + response: Res | undefined, + /** request may be undefined, because error may be from building the request object itself */ + request: Req | undefined, options: Options, ) => Err | Promise diff --git a/packages/sdk/js/src/gen/core/bodySerializer.gen.ts b/packages/sdk/js/src/gen/core/bodySerializer.gen.ts index 9678fb08..25e34938 100644 --- a/packages/sdk/js/src/gen/core/bodySerializer.gen.ts +++ b/packages/sdk/js/src/gen/core/bodySerializer.gen.ts @@ -4,7 +4,7 @@ import type { ArrayStyle, ObjectStyle, SerializerOptions } from "./pathSerialize export type QuerySerializer = (query: Record) => string -export type BodySerializer = (body: any) => any +export type BodySerializer = (body: unknown) => unknown type QuerySerializerOptionsObject = { allowReserved?: boolean @@ -39,10 +39,10 @@ const serializeUrlSearchParamsPair = (data: URLSearchParams, key: string, value: } export const formDataBodySerializer = { - bodySerializer: | Array>>(body: T): FormData => { + bodySerializer: (body: unknown): FormData => { const data = new FormData() - Object.entries(body).forEach(([key, value]) => { + Object.entries(body as Record).forEach(([key, value]) => { if (value === undefined || value === null) { return } @@ -58,15 +58,15 @@ export const formDataBodySerializer = { } export const jsonBodySerializer = { - bodySerializer: (body: T): string => + bodySerializer: (body: unknown): string => JSON.stringify(body, (_key, value) => (typeof value === "bigint" ? value.toString() : value)), } export const urlSearchParamsBodySerializer = { - bodySerializer: | Array>>(body: T): string => { + bodySerializer: (body: unknown): string => { const data = new URLSearchParams() - Object.entries(body).forEach(([key, value]) => { + Object.entries(body as Record).forEach(([key, value]) => { if (value === undefined || value === null) { return } diff --git a/packages/sdk/js/src/gen/core/params.gen.ts b/packages/sdk/js/src/gen/core/params.gen.ts index 6e9d0b9a..7cbe4d62 100644 --- a/packages/sdk/js/src/gen/core/params.gen.ts +++ b/packages/sdk/js/src/gen/core/params.gen.ts @@ -96,7 +96,7 @@ interface Params { const stripEmptySlots = (params: Params) => { for (const [slot, value] of Object.entries(params)) { - if (value && typeof value === "object" && !Object.keys(value).length) { + if (value && typeof value === "object" && !Array.isArray(value) && !Object.keys(value).length) { delete params[slot as Slot] } } @@ -104,10 +104,10 @@ const stripEmptySlots = (params: Params) => { export const buildClientParams = (args: ReadonlyArray, fields: FieldsConfig) => { const params: Params = { - body: {}, - headers: {}, - path: {}, - query: {}, + body: Object.create(null), + headers: Object.create(null), + path: Object.create(null), + query: Object.create(null), } const map = buildKeyMap(fields) diff --git a/packages/sdk/js/src/gen/core/serverSentEvents.gen.ts b/packages/sdk/js/src/gen/core/serverSentEvents.gen.ts index 056a8125..348c3c8c 100644 --- a/packages/sdk/js/src/gen/core/serverSentEvents.gen.ts +++ b/packages/sdk/js/src/gen/core/serverSentEvents.gen.ts @@ -75,7 +75,7 @@ export type ServerSentEventsResult ? TData[keyof TData] : TData, TReturn, TNext> } -export const createSseClient = ({ +export function createSseClient({ onRequest, onSseError, onSseEvent, @@ -87,7 +87,7 @@ export const createSseClient = ({ sseSleepFn, url, ...options -}: ServerSentEventsOptions): ServerSentEventsResult => { +}: ServerSentEventsOptions): ServerSentEventsResult { let lastEventId: string | undefined const sleep = sseSleepFn ?? ((ms: number) => new Promise((resolve) => setTimeout(resolve, ms))) @@ -151,8 +151,7 @@ export const createSseClient = ({ const { done, value } = await reader.read() if (done) break buffer += value - // Normalize line endings: CRLF -> LF, then CR -> LF - buffer = buffer.replace(/\r\n/g, "\n").replace(/\r/g, "\n") + buffer = buffer.replace(/\r\n?/g, "\n") // normalize line endings const chunks = buffer.split("\n\n") buffer = chunks.pop() ?? "" diff --git a/packages/sdk/js/src/gen/core/types.gen.ts b/packages/sdk/js/src/gen/core/types.gen.ts index bfa77b8a..25987e6a 100644 --- a/packages/sdk/js/src/gen/core/types.gen.ts +++ b/packages/sdk/js/src/gen/core/types.gen.ts @@ -62,7 +62,7 @@ export interface Config { requestValidator?: (data: unknown) => Promise /** * A function transforming response data before it's returned. This is useful - * for post-processing data, e.g. converting ISO strings into Date objects. + * for post-processing data, e.g., converting ISO strings into Date objects. */ responseTransformer?: (data: unknown) => Promise /** diff --git a/packages/sdk/js/src/gen/core/utils.gen.ts b/packages/sdk/js/src/gen/core/utils.gen.ts index 8a45f726..cf0604bd 100644 --- a/packages/sdk/js/src/gen/core/utils.gen.ts +++ b/packages/sdk/js/src/gen/core/utils.gen.ts @@ -123,7 +123,7 @@ export function getValidRequestBody(options: { return hasSerializedBody ? options.serializedBody : null } - // not all clients implement a serializedBody property (i.e. client-axios) + // not all clients implement a serializedBody property (i.e., client-axios) return options.body !== "" ? options.body : null } diff --git a/packages/sdk/js/src/gen/sdk.gen.ts b/packages/sdk/js/src/gen/sdk.gen.ts index ccfcc971..94b79c44 100644 --- a/packages/sdk/js/src/gen/sdk.gen.ts +++ b/packages/sdk/js/src/gen/sdk.gen.ts @@ -80,6 +80,7 @@ import type { DeepagentPacksUnpinResponses, DeepagentReviewsErrors, DeepagentReviewsResponses, + EventSubscribeResponse, EventSubscribeResponses, EventTuiCommandExecute, EventTuiPromptAppend, @@ -166,11 +167,14 @@ import type { GlobalDisposeErrors, GlobalDisposeResponses, GlobalEventErrors, + GlobalEventResponse, GlobalEventResponses, GlobalHealthErrors, GlobalHealthResponses, GlobalImportErrors, GlobalImportResponses, + GlobalProjectDeleteErrors, + GlobalProjectDeleteResponses, GlobalProjectsErrors, GlobalProjectsResponses, GlobalUpgradeErrors, @@ -338,6 +342,8 @@ import type { SessionPromptErrors, SessionPromptPrepareErrors, SessionPromptPrepareResponses, + SessionPromptPrepareStreamErrors, + SessionPromptPrepareStreamResponses, SessionPromptResponses, SessionPromptSuggestionErrors, SessionPromptSuggestionResponses, @@ -404,6 +410,7 @@ import type { V2CommandListErrors, V2CommandListResponses, V2EventSubscribeErrors, + V2EventSubscribeResponse, V2EventSubscribeResponses, V2FsListErrors, V2FsListResponses, @@ -481,10 +488,11 @@ import type { WorktreeSummaryResponses, } from "./types.gen.js" -export type Options = Options2< - TData, - ThrowOnError -> & { +export type Options< + TData extends TDataShape = TDataShape, + ThrowOnError extends boolean = boolean, + TResponse = unknown, +> = Options2 & { /** * You can provide a client instance returned by `createClient()` instead of * individual options. This might be also useful if you want to implement a @@ -587,12 +595,12 @@ export class App extends HeyApiClient { * Write a log entry to the server logs with specified level and metadata. */ public log( - parameters?: { + parameters: { directory?: string workspace?: string - service?: string - level?: "debug" | "info" | "error" | "warn" - message?: string + service: string + level: "debug" | "info" | "error" | "warn" + message: string extra?: { [key: string]: unknown } @@ -694,9 +702,9 @@ export class ControlPlane extends HeyApiClient { * Move a session to another project directory, optionally transferring local changes. */ public moveSession( - parameters?: { - sessionID?: string - destination?: MoveSessionDestination + parameters: { + sessionID: string + destination: MoveSessionDestination moveChanges?: boolean }, options?: Options, @@ -805,11 +813,11 @@ export class Console extends HeyApiClient { * Persist a new active Console account/org selection for the current local DeepAgent Code state. */ public switchOrg( - parameters?: { + parameters: { directory?: string workspace?: string - accountID?: string - orgID?: string + accountID: string + orgID: string }, options?: Options, ) { @@ -969,8 +977,8 @@ export class ProjectCopy extends HeyApiClient { parameters: { projectID: string workspace?: string - directory?: string - force?: boolean + directory: string + force: boolean }, options?: Options, ) { @@ -1012,8 +1020,8 @@ export class ProjectCopy extends HeyApiClient { parameters: { projectID: string workspace?: string - strategy?: "git_worktree" - directory?: string + strategy: "git_worktree" + directory: string name?: string context?: string }, @@ -1164,11 +1172,11 @@ export class Workspace extends HeyApiClient { * Create a workspace for the current project. */ public create( - parameters?: { + parameters: { directory?: string workspace?: string id?: string - type?: string + type: string branch?: string | null extra?: unknown | null }, @@ -1315,11 +1323,11 @@ export class Workspace extends HeyApiClient { * Move a session's sync history into the target workspace, or detach it to the local project. */ public warp( - parameters?: { + parameters: { directory?: string workspace?: string - id?: string | null - sessionID?: string + id: string | null + sessionID: string copyChanges?: boolean }, options?: Options, @@ -1460,7 +1468,7 @@ export class Global extends HeyApiClient { * * Subscribe to global events from the DeepAgent Code system using server-sent events. */ - public event(options?: Options) { + public event(options?: Options) { return (options?.client ?? this.client).sse.get({ url: "/global/event", ...options, @@ -1527,13 +1535,36 @@ export class Global extends HeyApiClient { }) } + /** + * Delete a project + * + * Permanently delete a project row and, by database cascade, all of its sessions, messages, and parts. Any running instances rooted at the project's known directories are disposed first. Idempotent: deleting an unknown project succeeds. Does NOT touch files on disk — only the DeepAgent Code database record. + */ + public projectDelete( + parameters: { + projectID: string + }, + options?: Options, + ) { + const params = buildClientParams([parameters], [{ args: [{ in: "path", key: "projectID" }] }]) + return (options?.client ?? this.client).delete< + GlobalProjectDeleteResponses, + GlobalProjectDeleteErrors, + ThrowOnError + >({ + url: "/global/projects/{projectID}", + ...options, + ...params, + }) + } + private _config?: Config get config(): Config { return (this._config ??= new Config({ client: this.client })) } } -export class Event extends HeyApiClient { +export class Event_ extends HeyApiClient { /** * Subscribe to events * @@ -1544,7 +1575,7 @@ export class Event extends HeyApiClient { directory?: string workspace?: string }, - options?: Options, + options?: Options, ) { const params = buildClientParams( [parameters], @@ -2101,10 +2132,10 @@ export class Knowledge extends HeyApiClient { * Apply the V3 promotion gate and persist a human-approved candidate as durable retrievable knowledge. */ public promote( - parameters?: { + parameters: { directory?: string workspace?: string - candidate?: { + candidate: { candidate_id: string type: "memory" | "strategy" | "methodology" status: "staged" @@ -2114,13 +2145,13 @@ export class Knowledge extends HeyApiClient { evidence_refs: Array confidence: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" } - origin?: "run_local" | "external_trace" | "sealed" + origin: "run_local" | "external_trace" | "sealed" verdict?: { pass: boolean reason?: string evidence: Array } - approval?: { + approval: { approver: string approved: boolean note?: string @@ -2165,10 +2196,10 @@ export class Knowledge extends HeyApiClient { * Record a reviewed candidate fingerprint in the V3 rejection buffer so it is not relearned. */ public reject( - parameters?: { + parameters: { directory?: string workspace?: string - candidate?: { + candidate: { candidate_id: string type: "memory" | "strategy" | "methodology" status: "staged" @@ -2178,7 +2209,7 @@ export class Knowledge extends HeyApiClient { evidence_refs: Array confidence: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" } - reason?: string + reason: string }, options?: Options, ) { @@ -2251,10 +2282,10 @@ export class Knowledge extends HeyApiClient { * Flag durable knowledge entries as approved (retrievable). Reversible; does not move files. */ public approve( - parameters?: { + parameters: { directory?: string workspace?: string - ids?: Array + ids: Array }, options?: Options, ) { @@ -2292,10 +2323,10 @@ export class Knowledge extends HeyApiClient { * Flag durable knowledge entries as rejected (not retrievable). Reversible; does not move files. */ public rejectIds( - parameters?: { + parameters: { directory?: string workspace?: string - ids?: Array + ids: Array }, options?: Options, ) { @@ -2333,16 +2364,16 @@ export class Knowledge extends HeyApiClient { * CI/eval posts measured per-group/per-task metrics; if MAX regresses vs HIGH the candidate refs are demoted (rejected) so misleading knowledge cannot ship (docs/30 §7). */ public shipGate( - parameters?: { + parameters: { directory?: string workspace?: string - tasks?: Array - metrics?: Array<{ + tasks: Array + metrics: Array<{ group: "general" | "high" | "max" task: string metric: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" }> - candidateRefs?: Array + candidateRefs: Array tolerance?: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" repeats?: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" }, @@ -2422,11 +2453,11 @@ export class EnvFacts extends HeyApiClient { * V3.8.1 §G.5: adopt (silently use in this project, never ask again) or reject (never ask again here; other projects unaffected). */ public decide( - parameters?: { + parameters: { directory?: string workspace?: string - factId?: string - decision?: "adopt" | "reject" + factId: string + decision: "adopt" | "reject" }, options?: Options, ) { @@ -2465,12 +2496,12 @@ export class EnvFacts extends HeyApiClient { * V3.8.1 §G.5: edit a fact then adopt it. mode=global corrects the shared fact for all projects; mode=project writes a project-local override, leaving the global fact untouched. */ public modify( - parameters?: { + parameters: { directory?: string workspace?: string - factId?: string - description?: string - body?: { + factId: string + description: string + body: { host?: string port?: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" container?: string @@ -2480,7 +2511,7 @@ export class EnvFacts extends HeyApiClient { notes?: string } domain?: string - mode?: "global" | "project" + mode: "global" | "project" }, options?: Options, ) { @@ -2603,10 +2634,10 @@ export class Deepagent extends HeyApiClient { } public packsPin( - parameters?: { + parameters: { directory?: string workspace?: string - packId?: string + packId: string }, options?: Options, ) { @@ -2635,10 +2666,10 @@ export class Deepagent extends HeyApiClient { } public packsUnpin( - parameters?: { + parameters: { directory?: string workspace?: string - packId?: string + packId: string }, options?: Options, ) { @@ -3285,7 +3316,7 @@ export class Lock extends HeyApiClient { } } -export class File extends HeyApiClient { +export class File_ extends HeyApiClient { /** * List files * @@ -3727,11 +3758,11 @@ export class Groups extends HeyApiClient { * Create a new IM group. */ public create( - parameters?: { + parameters: { directory?: string workspace?: string - name?: string - type?: "project" | "system" + name: string + type: "project" | "system" projectID?: string }, options?: Options, @@ -3810,9 +3841,9 @@ export class Messages extends HeyApiClient { groupId: string directory?: string workspace?: string - senderType?: "user" | "agent" | "system" - type?: "text" | "code" | "file" | "agent_status" | "system" - content?: string + senderType: "user" | "agent" | "system" + type: "text" | "code" | "file" | "agent_status" | "system" + content: string mentions?: Array metadata?: | { @@ -4241,10 +4272,10 @@ export class Vcs extends HeyApiClient { * Apply a raw patch to the current working tree. */ public apply( - parameters?: { + parameters: { directory?: string workspace?: string - patch?: string + patch: string }, options?: Options, ) { @@ -4417,7 +4448,7 @@ export class Auth2 extends HeyApiClient { name: string directory?: string workspace?: string - code?: string + code: string }, options?: Options, ) { @@ -4518,11 +4549,11 @@ export class Mcp extends HeyApiClient { * Dynamically add a new Model Context Protocol (MCP) server to the system. */ public add( - parameters?: { + parameters: { directory?: string workspace?: string - name?: string - config?: McpLocalConfig | McpRemoteConfig + name: string + config: McpLocalConfig | McpRemoteConfig }, options?: Options, ) { @@ -4587,14 +4618,14 @@ export class Mcp extends HeyApiClient { * Instantiate a preset catalog entry (with filled params + secure-storage credential references) into a cfg.mcp entry and connect it. */ public catalogEnable( - parameters?: { + parameters: { directory?: string workspace?: string - id?: string - params?: { + id: string + params: { [key: string]: string | Array } - credentialRefs?: { + credentialRefs: { [key: string]: string } }, @@ -5194,7 +5225,7 @@ export class Question extends HeyApiClient { requestID: string directory?: string workspace?: string - answers?: Array + answers: Array }, options?: Options, ) { @@ -5297,7 +5328,7 @@ export class Permission extends HeyApiClient { requestID: string directory?: string workspace?: string - reply?: "once" | "always" | "reject" + reply: "once" | "always" | "reject" message?: string }, options?: Options, @@ -5341,7 +5372,7 @@ export class Permission extends HeyApiClient { permissionID: string directory?: string workspace?: string - response?: "once" | "always" | "reject" + response: "once" | "always" | "reject" }, options?: Options, ) { @@ -5379,11 +5410,11 @@ export class Models extends HeyApiClient { * Probe a provider /models endpoint and return discovered chat models. */ public discover( - parameters?: { + parameters: { directory?: string workspace?: string - providerID?: string - baseURL?: string + providerID: string + baseURL: string apiKey?: string authProviderID?: string modelID?: string @@ -5440,7 +5471,7 @@ export class Oauth extends HeyApiClient { providerID: string directory?: string workspace?: string - method?: number + method: number inputs?: { [key: string]: string } @@ -5487,7 +5518,7 @@ export class Oauth extends HeyApiClient { providerID: string directory?: string workspace?: string - method?: number + method: number code?: string }, options?: Options, @@ -6028,7 +6059,7 @@ export class Session2 extends HeyApiClient { [key: string]: unknown } variant?: string - parts?: Array + parts: Array }, options?: Options, ) { @@ -6231,9 +6262,9 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - modelID?: string - providerID?: string - messageID?: string + modelID: string + providerID: string + messageID: string }, options?: Options, ) { @@ -6338,8 +6369,8 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - providerID?: string - modelID?: string + providerID: string + modelID: string auto?: boolean }, options?: Options, @@ -6381,9 +6412,9 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - mode?: "wish" | "intelligence" + mode: "wish" | "intelligence" output_language?: "chinese" | "english" - parts?: Array + parts: Array }, options?: Options, ) { @@ -6418,6 +6449,53 @@ export class Session2 extends HeyApiClient { }) } + /** + * Stream prompt draft preparation + * + * Create a DeepAgent intelligence prompt draft and stream progressive preview updates as server-sent events. + */ + public promptPrepareStream( + parameters: { + sessionID: string + directory?: string + workspace?: string + mode: "wish" | "intelligence" + output_language?: "chinese" | "english" + parts: Array + }, + options?: Options, + ) { + const params = buildClientParams( + [parameters], + [ + { + args: [ + { in: "path", key: "sessionID" }, + { in: "query", key: "directory" }, + { in: "query", key: "workspace" }, + { in: "body", key: "mode" }, + { in: "body", key: "output_language" }, + { in: "body", key: "parts" }, + ], + }, + ], + ) + return (options?.client ?? this.client).post< + SessionPromptPrepareStreamResponses, + SessionPromptPrepareStreamErrors, + ThrowOnError + >({ + url: "/session/{sessionID}/prompt_prepare_stream", + ...options, + ...params, + headers: { + "Content-Type": "application/json", + ...options?.headers, + ...params.headers, + }, + }) + } + /** * Get latest next-round suggestion * @@ -6480,7 +6558,7 @@ export class Session2 extends HeyApiClient { [key: string]: unknown } variant?: string - parts?: Array + parts: Array }, options?: Options, ) { @@ -6531,8 +6609,8 @@ export class Session2 extends HeyApiClient { messageID?: string agent?: string model?: string - arguments?: string - command?: string + arguments: string + command: string variant?: string parts?: Array<{ id?: string @@ -6587,12 +6665,12 @@ export class Session2 extends HeyApiClient { directory?: string workspace?: string messageID?: string - agent?: string + agent: string model?: { providerID: string modelID: string } - command?: string + command: string }, options?: Options, ) { @@ -6634,7 +6712,7 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - messageID?: string + messageID: string partID?: string }, options?: Options, @@ -6853,11 +6931,11 @@ export class Sync extends HeyApiClient { * Validate and replay a complete sync event history. */ public replay( - parameters?: { + parameters: { query_directory?: string workspace?: string - body_directory?: string - events?: Array<{ + body_directory: string + events: Array<{ id: string aggregateID: string seq: number @@ -6908,10 +6986,10 @@ export class Sync extends HeyApiClient { * Update a session to belong to the current workspace through the sync event system. */ public steal( - parameters?: { + parameters: { directory?: string workspace?: string - sessionID?: string + sessionID: string }, options?: Options, ) { @@ -7021,10 +7099,10 @@ export class Tui extends HeyApiClient { * Append prompt to the TUI. */ public appendPrompt( - parameters?: { + parameters: { directory?: string workspace?: string - text?: string + text: string }, options?: Options, ) { @@ -7238,10 +7316,10 @@ export class Tui extends HeyApiClient { * Execute a TUI command. */ public executeCommand( - parameters?: { + parameters: { directory?: string workspace?: string - command?: string + command: string }, options?: Options, ) { @@ -7275,12 +7353,12 @@ export class Tui extends HeyApiClient { * Show a toast notification in the TUI. */ public showToast( - parameters?: { + parameters: { directory?: string workspace?: string title?: string - message?: string - variant?: "info" | "success" | "warning" | "error" + message: string + variant: "info" | "success" | "warning" | "error" duration?: number }, options?: Options, @@ -7355,10 +7433,10 @@ export class Tui extends HeyApiClient { * Navigate the TUI to display the specified session. */ public selectSession( - parameters?: { + parameters: { directory?: string workspace?: string - sessionID?: string + sessionID: string }, options?: Options, ) { @@ -7463,7 +7541,7 @@ export class Permission2 extends HeyApiClient { parameters: { sessionID: string requestID: string - reply?: PermissionV2Reply + reply: PermissionV2Reply message?: string }, options?: Options, @@ -7627,7 +7705,7 @@ export class Session3 extends HeyApiClient { parameters: { sessionID: string id?: string - prompt?: Prompt + prompt: Prompt delivery?: "steer" | "queue" resume?: boolean }, @@ -7842,7 +7920,7 @@ export class Provider2 extends HeyApiClient { } } -export class Request extends HeyApiClient { +export class Request_ extends HeyApiClient { /** * List pending permission requests * @@ -7919,9 +7997,9 @@ export class Saved extends HeyApiClient { } export class Permission3 extends HeyApiClient { - private _request?: Request - get request(): Request { - return (this._request ??= new Request({ client: this.client })) + private _request?: Request_ + get request(): Request_ { + return (this._request ??= new Request_({ client: this.client })) } private _saved?: Saved @@ -8063,7 +8141,7 @@ export class Event2 extends HeyApiClient { workspace?: string } }, - options?: Options, + options?: Options, ) { const params = buildClientParams([parameters], [{ args: [{ in: "query", key: "location" }] }]) return (options?.client ?? this.client).sse.get({ @@ -8194,9 +8272,9 @@ export class DeepAgentCodeClient extends HeyApiClient { return (this._global ??= new Global({ client: this.client })) } - private _event?: Event - get event(): Event { - return (this._event ??= new Event({ client: this.client })) + private _event?: Event_ + get event(): Event_ { + return (this._event ??= new Event_({ client: this.client })) } private _config?: Config2 @@ -8234,9 +8312,9 @@ export class DeepAgentCodeClient extends HeyApiClient { return (this._find ??= new Find({ client: this.client })) } - private _file?: File - get file(): File { - return (this._file ??= new File({ client: this.client })) + private _file?: File_ + get file(): File_ { + return (this._file ??= new File_({ client: this.client })) } private _lsp?: Lsp diff --git a/packages/sdk/js/src/gen/types.gen.ts b/packages/sdk/js/src/gen/types.gen.ts index 2e2c2493..298afe4d 100644 --- a/packages/sdk/js/src/gen/types.gen.ts +++ b/packages/sdk/js/src/gen/types.gen.ts @@ -1821,38 +1821,7 @@ export type AgentConfig = { writablePaths?: Array toolWhitelist?: Array } - [key: string]: - | unknown - | string - | number - | { - [key: string]: boolean - } - | boolean - | "subagent" - | "primary" - | "all" - | { - [key: string]: unknown - } - | string - | "primary" - | "secondary" - | "accent" - | "success" - | "warning" - | "error" - | "info" - | number - | PermissionConfig - | { - maxConcurrency?: number - maxTokensPerTurn?: number - maxTurnDurationMs?: number - writablePaths?: Array - toolWhitelist?: Array - } - | undefined + [key: string]: unknown } export type ProviderConfig = { @@ -1877,7 +1846,7 @@ export type ProviderConfig = { */ headerTimeout?: number | false chunkTimeout?: number - [key: string]: unknown | string | boolean | number | false | number | false | number | undefined + [key: string]: unknown } models?: { [key: string]: { @@ -1933,7 +1902,7 @@ export type ProviderConfig = { variants?: { [key: string]: { disabled?: boolean - [key: string]: unknown | boolean | undefined + [key: string]: unknown } } } @@ -2043,9 +2012,6 @@ export type Config = { > share?: "manual" | "auto" | "disabled" autoshare?: boolean - /** - * Base URL of the server used for session sharing. When set, overrides the default share endpoint. Falls back to the enterprise URL and then the built-in default when unset. - */ share_url?: string /** * Automatically update to the latest version. Set to true to auto-update, false to disable, or 'notify' to show update notifications @@ -6174,6 +6140,33 @@ export type GlobalProjectsResponses = { export type GlobalProjectsResponse = GlobalProjectsResponses[keyof GlobalProjectsResponses] +export type GlobalProjectDeleteData = { + body?: never + path: { + projectID: string + } + query?: never + url: "/global/projects/{projectID}" +} + +export type GlobalProjectDeleteErrors = { + /** + * Bad request + */ + 400: BadRequestError +} + +export type GlobalProjectDeleteError = GlobalProjectDeleteErrors[keyof GlobalProjectDeleteErrors] + +export type GlobalProjectDeleteResponses = { + /** + * + */ + 204: void +} + +export type GlobalProjectDeleteResponse = GlobalProjectDeleteResponses[keyof GlobalProjectDeleteResponses] + export type EventSubscribeData = { body?: never path?: never @@ -11165,6 +11158,45 @@ export type SessionPromptPrepareResponses = { export type SessionPromptPrepareResponse = SessionPromptPrepareResponses[keyof SessionPromptPrepareResponses] +export type SessionPromptPrepareStreamData = { + body?: { + mode: "wish" | "intelligence" + output_language?: "chinese" | "english" + parts: Array + } + path: { + sessionID: string + } + query?: { + directory?: string + workspace?: string + } + url: "/session/{sessionID}/prompt_prepare_stream" +} + +export type SessionPromptPrepareStreamErrors = { + /** + * BadRequest | InvalidRequestError + */ + 400: EffectHttpApiErrorBadRequest | InvalidRequestError + /** + * NotFoundError + */ + 404: NotFoundError +} + +export type SessionPromptPrepareStreamError = SessionPromptPrepareStreamErrors[keyof SessionPromptPrepareStreamErrors] + +export type SessionPromptPrepareStreamResponses = { + /** + * Success + */ + 200: string +} + +export type SessionPromptPrepareStreamResponse = + SessionPromptPrepareStreamResponses[keyof SessionPromptPrepareStreamResponses] + export type SessionPromptSuggestionData = { body?: never path: { diff --git a/packages/sdk/js/src/v2/gen/client/client.gen.ts b/packages/sdk/js/src/v2/gen/client/client.gen.ts index 627e98ec..0092e144 100644 --- a/packages/sdk/js/src/v2/gen/client/client.gen.ts +++ b/packages/sdk/js/src/v2/gen/client/client.gen.ts @@ -31,20 +31,24 @@ export const createClient = (config: Config = {}): Client => { const interceptors = createInterceptors() - const beforeRequest = async (options: RequestOptions) => { + const beforeRequest = async < + TData = unknown, + TResponseStyle extends "data" | "fields" = "fields", + ThrowOnError extends boolean = boolean, + Url extends string = string, + >( + options: RequestOptions, + ) => { const opts = { ..._config, ...options, fetch: options.fetch ?? _config.fetch ?? globalThis.fetch, headers: mergeHeaders(_config.headers, options.headers), - serializedBody: undefined, + serializedBody: undefined as string | undefined, } if (opts.security) { - await setAuthParams({ - ...opts, - security: opts.security, - }) + await setAuthParams(opts) } if (opts.requestValidator) { @@ -52,7 +56,7 @@ export const createClient = (config: Config = {}): Client => { } if (opts.body !== undefined && opts.bodySerializer) { - opts.serializedBody = opts.bodySerializer(opts.body) + opts.serializedBody = opts.bodySerializer(opts.body) as string | undefined } // remove Content-Type header if body is empty to avoid sending invalid requests @@ -60,176 +64,159 @@ export const createClient = (config: Config = {}): Client => { opts.headers.delete("Content-Type") } - const url = buildUrl(opts) + const resolvedOpts = opts as typeof opts & ResolvedRequestOptions + const url = buildUrl(resolvedOpts) - return { opts, url } + return { opts: resolvedOpts, url } } const request: Client["request"] = async (options) => { - // @ts-expect-error - const { opts, url } = await beforeRequest(options) - const requestInit: ReqInit = { - redirect: "follow", - ...opts, - body: getValidRequestBody(opts), - } + const throwOnError = options.throwOnError ?? _config.throwOnError + const responseStyle = options.responseStyle ?? _config.responseStyle - let request = new Request(url, requestInit) + let request: Request | undefined + let response: Response | undefined - for (const fn of interceptors.request.fns) { - if (fn) { - request = await fn(request, opts) + try { + const { opts, url } = await beforeRequest(options) + const requestInit: ReqInit = { + redirect: "follow", + ...opts, + body: getValidRequestBody(opts), } - } - // fetch must be assigned here, otherwise it would throw the error: - // TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation - const _fetch = opts.fetch! - let response: Response + request = new Request(url, requestInit) - try { - response = await _fetch(request) - } catch (error) { - // Handle fetch exceptions (AbortError, network errors, etc.) - let finalError = error - - for (const fn of interceptors.error.fns) { + for (const fn of interceptors.request.fns) { if (fn) { - finalError = (await fn(error, undefined as any, request, opts)) as unknown + request = await fn(request, opts) } } - finalError = finalError || ({} as unknown) + // fetch must be assigned here, otherwise it would throw the error: + // TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation + const _fetch = opts.fetch! - if (opts.throwOnError) { - throw finalError - } - - // Return error response - return opts.responseStyle === "data" - ? undefined - : { - error: finalError, - request, - response: undefined as any, - } - } + response = await _fetch(request) - for (const fn of interceptors.response.fns) { - if (fn) { - response = await fn(response, request, opts) + for (const fn of interceptors.response.fns) { + if (fn) { + response = await fn(response, request, opts) + } } - } - const result = { - request, - response, - } + const result = { + request, + response, + } - if (response.ok) { - const parseAs = - (opts.parseAs === "auto" ? getParseAs(response.headers.get("Content-Type")) : opts.parseAs) ?? "json" + if (response.ok) { + const parseAs = + (opts.parseAs === "auto" ? getParseAs(response.headers.get("Content-Type")) : opts.parseAs) ?? "json" + + if (response.status === 204 || response.headers.get("Content-Length") === "0") { + let emptyData: any + switch (parseAs) { + case "arrayBuffer": + case "blob": + case "text": + emptyData = await response[parseAs]() + break + case "formData": + emptyData = new FormData() + break + case "stream": + emptyData = response.body + break + case "json": + default: + emptyData = {} + break + } + return opts.responseStyle === "data" + ? emptyData + : { + data: emptyData, + ...result, + } + } - if (response.status === 204 || response.headers.get("Content-Length") === "0") { - let emptyData: any + let data: any switch (parseAs) { case "arrayBuffer": case "blob": + case "formData": case "text": - emptyData = await response[parseAs]() + data = await response[parseAs]() break - case "formData": - emptyData = new FormData() + case "json": { + // Some servers return 200 with no Content-Length and empty body. + // response.json() would throw; read as text and parse if non-empty. + const text = await response.text() + data = text ? JSON.parse(text) : {} break + } case "stream": - emptyData = response.body - break - case "json": - default: - emptyData = {} - break + return opts.responseStyle === "data" + ? response.body + : { + data: response.body, + ...result, + } + } + + if (parseAs === "json") { + if (opts.responseValidator) { + await opts.responseValidator(data) + } + + if (opts.responseTransformer) { + data = await opts.responseTransformer(data) + } } + return opts.responseStyle === "data" - ? emptyData + ? data : { - data: emptyData, + data, ...result, } } - let data: any - switch (parseAs) { - case "arrayBuffer": - case "blob": - case "formData": - case "text": - data = await response[parseAs]() - break - case "json": { - // Some servers return 200 with no Content-Length and empty body. - // response.json() would throw; read as text and parse if non-empty. - const text = await response.text() - data = text ? JSON.parse(text) : {} - break - } - case "stream": - return opts.responseStyle === "data" - ? response.body - : { - data: response.body, - ...result, - } + const textError = await response.text() + let jsonError: unknown + + try { + jsonError = JSON.parse(textError) + } catch { + // noop } - if (parseAs === "json") { - if (opts.responseValidator) { - await opts.responseValidator(data) - } + throw jsonError ?? textError + } catch (error) { + let finalError = error - if (opts.responseTransformer) { - data = await opts.responseTransformer(data) + for (const fn of interceptors.error.fns) { + if (fn) { + finalError = await fn(finalError, response, request, options as ResolvedRequestOptions) } } - return opts.responseStyle === "data" - ? data - : { - data, - ...result, - } - } - - const textError = await response.text() - let jsonError: unknown + finalError = finalError || {} - try { - jsonError = JSON.parse(textError) - } catch { - // noop - } - - const error = jsonError ?? textError - let finalError = error - - for (const fn of interceptors.error.fns) { - if (fn) { - finalError = (await fn(error, response, request, opts)) as string + if (throwOnError) { + throw finalError } - } - finalError = finalError || ({} as string) - - if (opts.throwOnError) { - throw finalError + // TODO: we probably want to return error and improve types + return responseStyle === "data" + ? undefined + : { + error: finalError, + request, + response, + } } - - // TODO: we probably want to return error and improve types - return opts.responseStyle === "data" - ? undefined - : { - error: finalError, - ...result, - } } const makeMethodFn = (method: Uppercase) => (options: RequestOptions) => request({ ...options, method }) @@ -239,7 +226,6 @@ export const createClient = (config: Config = {}): Client => { return createSseClient({ ...opts, body: opts.body as BodyInit | null | undefined, - headers: opts.headers as unknown as Record, method, onRequest: async (url, init) => { let request = new Request(url, init) @@ -255,8 +241,10 @@ export const createClient = (config: Config = {}): Client => { }) } + const _buildUrl: Client["buildUrl"] = (options) => buildUrl({ ..._config, ...options }) + return { - buildUrl, + buildUrl: _buildUrl, connect: makeMethodFn("CONNECT"), delete: makeMethodFn("DELETE"), get: makeMethodFn("GET"), diff --git a/packages/sdk/js/src/v2/gen/client/types.gen.ts b/packages/sdk/js/src/v2/gen/client/types.gen.ts index 99d7e7f8..d03f2cfa 100644 --- a/packages/sdk/js/src/v2/gen/client/types.gen.ts +++ b/packages/sdk/js/src/v2/gen/client/types.gen.ts @@ -62,7 +62,7 @@ export interface RequestOptions< }>, Pick< ServerSentEventsOptions, - "onSseError" | "onSseEvent" | "sseDefaultRetryDelay" | "sseMaxRetryAttempts" | "sseMaxRetryDelay" + "onRequest" | "onSseError" | "onSseEvent" | "sseDefaultRetryDelay" | "sseMaxRetryAttempts" | "sseMaxRetryDelay" > { /** * Any body that you want to add to your request. @@ -84,6 +84,7 @@ export interface ResolvedRequestOptions< ThrowOnError extends boolean = boolean, Url extends string = string, > extends RequestOptions { + headers: Headers serializedBody?: string } @@ -117,8 +118,10 @@ export type RequestResult< error: TError extends Record ? TError[keyof TError] : TError } ) & { - request: Request - response: Response + /** request may be undefined, because error may be from building the request object itself */ + request?: Request + /** response may be undefined, because error may be from building the request object itself or from a network error */ + response?: Response } > @@ -139,11 +142,12 @@ type MethodFn = < type SseFn = < TData = unknown, - TError = unknown, + // eslint-disable-next-line @typescript-eslint/no-unused-vars + _TError = unknown, ThrowOnError extends boolean = false, TResponseStyle extends ResponseStyle = "fields", >( - options: Omit, "method">, + options: Omit, "method">, ) => Promise> type RequestFn = < diff --git a/packages/sdk/js/src/v2/gen/client/utils.gen.ts b/packages/sdk/js/src/v2/gen/client/utils.gen.ts index 3b1dfb78..23059250 100644 --- a/packages/sdk/js/src/v2/gen/client/utils.gen.ts +++ b/packages/sdk/js/src/v2/gen/client/utils.gen.ts @@ -105,14 +105,12 @@ const checkForExistence = ( return false } -export const setAuthParams = async ({ - security, - ...options -}: Pick, "security"> & - Pick & { +export async function setAuthParams( + options: Pick & { headers: Headers - }) => { - for (const auth of security) { + }, +): Promise { + for (const auth of options.security ?? []) { if (checkForExistence(options, auth.name)) { continue } @@ -189,7 +187,7 @@ export const mergeHeaders = (...headers: Array["headers"] | und mergedHeaders.append(key, v as string) } } else if (value !== undefined) { - // assume object headers are meant to be JSON stringified, i.e. their + // assume object headers are meant to be JSON stringified, i.e., their // content value in OpenAPI specification is 'application/json' mergedHeaders.set(key, typeof value === "object" ? JSON.stringify(value) : (value as string)) } @@ -200,8 +198,10 @@ export const mergeHeaders = (...headers: Array["headers"] | und type ErrInterceptor = ( error: Err, - response: Res, - request: Req, + /** response may be undefined due to a network error where no response object is produced */ + response: Res | undefined, + /** request may be undefined, because error may be from building the request object itself */ + request: Req | undefined, options: Options, ) => Err | Promise diff --git a/packages/sdk/js/src/v2/gen/core/bodySerializer.gen.ts b/packages/sdk/js/src/v2/gen/core/bodySerializer.gen.ts index 9678fb08..25e34938 100644 --- a/packages/sdk/js/src/v2/gen/core/bodySerializer.gen.ts +++ b/packages/sdk/js/src/v2/gen/core/bodySerializer.gen.ts @@ -4,7 +4,7 @@ import type { ArrayStyle, ObjectStyle, SerializerOptions } from "./pathSerialize export type QuerySerializer = (query: Record) => string -export type BodySerializer = (body: any) => any +export type BodySerializer = (body: unknown) => unknown type QuerySerializerOptionsObject = { allowReserved?: boolean @@ -39,10 +39,10 @@ const serializeUrlSearchParamsPair = (data: URLSearchParams, key: string, value: } export const formDataBodySerializer = { - bodySerializer: | Array>>(body: T): FormData => { + bodySerializer: (body: unknown): FormData => { const data = new FormData() - Object.entries(body).forEach(([key, value]) => { + Object.entries(body as Record).forEach(([key, value]) => { if (value === undefined || value === null) { return } @@ -58,15 +58,15 @@ export const formDataBodySerializer = { } export const jsonBodySerializer = { - bodySerializer: (body: T): string => + bodySerializer: (body: unknown): string => JSON.stringify(body, (_key, value) => (typeof value === "bigint" ? value.toString() : value)), } export const urlSearchParamsBodySerializer = { - bodySerializer: | Array>>(body: T): string => { + bodySerializer: (body: unknown): string => { const data = new URLSearchParams() - Object.entries(body).forEach(([key, value]) => { + Object.entries(body as Record).forEach(([key, value]) => { if (value === undefined || value === null) { return } diff --git a/packages/sdk/js/src/v2/gen/core/params.gen.ts b/packages/sdk/js/src/v2/gen/core/params.gen.ts index 6e9d0b9a..7cbe4d62 100644 --- a/packages/sdk/js/src/v2/gen/core/params.gen.ts +++ b/packages/sdk/js/src/v2/gen/core/params.gen.ts @@ -96,7 +96,7 @@ interface Params { const stripEmptySlots = (params: Params) => { for (const [slot, value] of Object.entries(params)) { - if (value && typeof value === "object" && !Object.keys(value).length) { + if (value && typeof value === "object" && !Array.isArray(value) && !Object.keys(value).length) { delete params[slot as Slot] } } @@ -104,10 +104,10 @@ const stripEmptySlots = (params: Params) => { export const buildClientParams = (args: ReadonlyArray, fields: FieldsConfig) => { const params: Params = { - body: {}, - headers: {}, - path: {}, - query: {}, + body: Object.create(null), + headers: Object.create(null), + path: Object.create(null), + query: Object.create(null), } const map = buildKeyMap(fields) diff --git a/packages/sdk/js/src/v2/gen/core/serverSentEvents.gen.ts b/packages/sdk/js/src/v2/gen/core/serverSentEvents.gen.ts index 056a8125..348c3c8c 100644 --- a/packages/sdk/js/src/v2/gen/core/serverSentEvents.gen.ts +++ b/packages/sdk/js/src/v2/gen/core/serverSentEvents.gen.ts @@ -75,7 +75,7 @@ export type ServerSentEventsResult ? TData[keyof TData] : TData, TReturn, TNext> } -export const createSseClient = ({ +export function createSseClient({ onRequest, onSseError, onSseEvent, @@ -87,7 +87,7 @@ export const createSseClient = ({ sseSleepFn, url, ...options -}: ServerSentEventsOptions): ServerSentEventsResult => { +}: ServerSentEventsOptions): ServerSentEventsResult { let lastEventId: string | undefined const sleep = sseSleepFn ?? ((ms: number) => new Promise((resolve) => setTimeout(resolve, ms))) @@ -151,8 +151,7 @@ export const createSseClient = ({ const { done, value } = await reader.read() if (done) break buffer += value - // Normalize line endings: CRLF -> LF, then CR -> LF - buffer = buffer.replace(/\r\n/g, "\n").replace(/\r/g, "\n") + buffer = buffer.replace(/\r\n?/g, "\n") // normalize line endings const chunks = buffer.split("\n\n") buffer = chunks.pop() ?? "" diff --git a/packages/sdk/js/src/v2/gen/core/types.gen.ts b/packages/sdk/js/src/v2/gen/core/types.gen.ts index bfa77b8a..25987e6a 100644 --- a/packages/sdk/js/src/v2/gen/core/types.gen.ts +++ b/packages/sdk/js/src/v2/gen/core/types.gen.ts @@ -62,7 +62,7 @@ export interface Config { requestValidator?: (data: unknown) => Promise /** * A function transforming response data before it's returned. This is useful - * for post-processing data, e.g. converting ISO strings into Date objects. + * for post-processing data, e.g., converting ISO strings into Date objects. */ responseTransformer?: (data: unknown) => Promise /** diff --git a/packages/sdk/js/src/v2/gen/core/utils.gen.ts b/packages/sdk/js/src/v2/gen/core/utils.gen.ts index 8a45f726..cf0604bd 100644 --- a/packages/sdk/js/src/v2/gen/core/utils.gen.ts +++ b/packages/sdk/js/src/v2/gen/core/utils.gen.ts @@ -123,7 +123,7 @@ export function getValidRequestBody(options: { return hasSerializedBody ? options.serializedBody : null } - // not all clients implement a serializedBody property (i.e. client-axios) + // not all clients implement a serializedBody property (i.e., client-axios) return options.body !== "" ? options.body : null } diff --git a/packages/sdk/js/src/v2/gen/sdk.gen.ts b/packages/sdk/js/src/v2/gen/sdk.gen.ts index ccfcc971..94b79c44 100644 --- a/packages/sdk/js/src/v2/gen/sdk.gen.ts +++ b/packages/sdk/js/src/v2/gen/sdk.gen.ts @@ -80,6 +80,7 @@ import type { DeepagentPacksUnpinResponses, DeepagentReviewsErrors, DeepagentReviewsResponses, + EventSubscribeResponse, EventSubscribeResponses, EventTuiCommandExecute, EventTuiPromptAppend, @@ -166,11 +167,14 @@ import type { GlobalDisposeErrors, GlobalDisposeResponses, GlobalEventErrors, + GlobalEventResponse, GlobalEventResponses, GlobalHealthErrors, GlobalHealthResponses, GlobalImportErrors, GlobalImportResponses, + GlobalProjectDeleteErrors, + GlobalProjectDeleteResponses, GlobalProjectsErrors, GlobalProjectsResponses, GlobalUpgradeErrors, @@ -338,6 +342,8 @@ import type { SessionPromptErrors, SessionPromptPrepareErrors, SessionPromptPrepareResponses, + SessionPromptPrepareStreamErrors, + SessionPromptPrepareStreamResponses, SessionPromptResponses, SessionPromptSuggestionErrors, SessionPromptSuggestionResponses, @@ -404,6 +410,7 @@ import type { V2CommandListErrors, V2CommandListResponses, V2EventSubscribeErrors, + V2EventSubscribeResponse, V2EventSubscribeResponses, V2FsListErrors, V2FsListResponses, @@ -481,10 +488,11 @@ import type { WorktreeSummaryResponses, } from "./types.gen.js" -export type Options = Options2< - TData, - ThrowOnError -> & { +export type Options< + TData extends TDataShape = TDataShape, + ThrowOnError extends boolean = boolean, + TResponse = unknown, +> = Options2 & { /** * You can provide a client instance returned by `createClient()` instead of * individual options. This might be also useful if you want to implement a @@ -587,12 +595,12 @@ export class App extends HeyApiClient { * Write a log entry to the server logs with specified level and metadata. */ public log( - parameters?: { + parameters: { directory?: string workspace?: string - service?: string - level?: "debug" | "info" | "error" | "warn" - message?: string + service: string + level: "debug" | "info" | "error" | "warn" + message: string extra?: { [key: string]: unknown } @@ -694,9 +702,9 @@ export class ControlPlane extends HeyApiClient { * Move a session to another project directory, optionally transferring local changes. */ public moveSession( - parameters?: { - sessionID?: string - destination?: MoveSessionDestination + parameters: { + sessionID: string + destination: MoveSessionDestination moveChanges?: boolean }, options?: Options, @@ -805,11 +813,11 @@ export class Console extends HeyApiClient { * Persist a new active Console account/org selection for the current local DeepAgent Code state. */ public switchOrg( - parameters?: { + parameters: { directory?: string workspace?: string - accountID?: string - orgID?: string + accountID: string + orgID: string }, options?: Options, ) { @@ -969,8 +977,8 @@ export class ProjectCopy extends HeyApiClient { parameters: { projectID: string workspace?: string - directory?: string - force?: boolean + directory: string + force: boolean }, options?: Options, ) { @@ -1012,8 +1020,8 @@ export class ProjectCopy extends HeyApiClient { parameters: { projectID: string workspace?: string - strategy?: "git_worktree" - directory?: string + strategy: "git_worktree" + directory: string name?: string context?: string }, @@ -1164,11 +1172,11 @@ export class Workspace extends HeyApiClient { * Create a workspace for the current project. */ public create( - parameters?: { + parameters: { directory?: string workspace?: string id?: string - type?: string + type: string branch?: string | null extra?: unknown | null }, @@ -1315,11 +1323,11 @@ export class Workspace extends HeyApiClient { * Move a session's sync history into the target workspace, or detach it to the local project. */ public warp( - parameters?: { + parameters: { directory?: string workspace?: string - id?: string | null - sessionID?: string + id: string | null + sessionID: string copyChanges?: boolean }, options?: Options, @@ -1460,7 +1468,7 @@ export class Global extends HeyApiClient { * * Subscribe to global events from the DeepAgent Code system using server-sent events. */ - public event(options?: Options) { + public event(options?: Options) { return (options?.client ?? this.client).sse.get({ url: "/global/event", ...options, @@ -1527,13 +1535,36 @@ export class Global extends HeyApiClient { }) } + /** + * Delete a project + * + * Permanently delete a project row and, by database cascade, all of its sessions, messages, and parts. Any running instances rooted at the project's known directories are disposed first. Idempotent: deleting an unknown project succeeds. Does NOT touch files on disk — only the DeepAgent Code database record. + */ + public projectDelete( + parameters: { + projectID: string + }, + options?: Options, + ) { + const params = buildClientParams([parameters], [{ args: [{ in: "path", key: "projectID" }] }]) + return (options?.client ?? this.client).delete< + GlobalProjectDeleteResponses, + GlobalProjectDeleteErrors, + ThrowOnError + >({ + url: "/global/projects/{projectID}", + ...options, + ...params, + }) + } + private _config?: Config get config(): Config { return (this._config ??= new Config({ client: this.client })) } } -export class Event extends HeyApiClient { +export class Event_ extends HeyApiClient { /** * Subscribe to events * @@ -1544,7 +1575,7 @@ export class Event extends HeyApiClient { directory?: string workspace?: string }, - options?: Options, + options?: Options, ) { const params = buildClientParams( [parameters], @@ -2101,10 +2132,10 @@ export class Knowledge extends HeyApiClient { * Apply the V3 promotion gate and persist a human-approved candidate as durable retrievable knowledge. */ public promote( - parameters?: { + parameters: { directory?: string workspace?: string - candidate?: { + candidate: { candidate_id: string type: "memory" | "strategy" | "methodology" status: "staged" @@ -2114,13 +2145,13 @@ export class Knowledge extends HeyApiClient { evidence_refs: Array confidence: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" } - origin?: "run_local" | "external_trace" | "sealed" + origin: "run_local" | "external_trace" | "sealed" verdict?: { pass: boolean reason?: string evidence: Array } - approval?: { + approval: { approver: string approved: boolean note?: string @@ -2165,10 +2196,10 @@ export class Knowledge extends HeyApiClient { * Record a reviewed candidate fingerprint in the V3 rejection buffer so it is not relearned. */ public reject( - parameters?: { + parameters: { directory?: string workspace?: string - candidate?: { + candidate: { candidate_id: string type: "memory" | "strategy" | "methodology" status: "staged" @@ -2178,7 +2209,7 @@ export class Knowledge extends HeyApiClient { evidence_refs: Array confidence: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" } - reason?: string + reason: string }, options?: Options, ) { @@ -2251,10 +2282,10 @@ export class Knowledge extends HeyApiClient { * Flag durable knowledge entries as approved (retrievable). Reversible; does not move files. */ public approve( - parameters?: { + parameters: { directory?: string workspace?: string - ids?: Array + ids: Array }, options?: Options, ) { @@ -2292,10 +2323,10 @@ export class Knowledge extends HeyApiClient { * Flag durable knowledge entries as rejected (not retrievable). Reversible; does not move files. */ public rejectIds( - parameters?: { + parameters: { directory?: string workspace?: string - ids?: Array + ids: Array }, options?: Options, ) { @@ -2333,16 +2364,16 @@ export class Knowledge extends HeyApiClient { * CI/eval posts measured per-group/per-task metrics; if MAX regresses vs HIGH the candidate refs are demoted (rejected) so misleading knowledge cannot ship (docs/30 §7). */ public shipGate( - parameters?: { + parameters: { directory?: string workspace?: string - tasks?: Array - metrics?: Array<{ + tasks: Array + metrics: Array<{ group: "general" | "high" | "max" task: string metric: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" }> - candidateRefs?: Array + candidateRefs: Array tolerance?: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" repeats?: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" }, @@ -2422,11 +2453,11 @@ export class EnvFacts extends HeyApiClient { * V3.8.1 §G.5: adopt (silently use in this project, never ask again) or reject (never ask again here; other projects unaffected). */ public decide( - parameters?: { + parameters: { directory?: string workspace?: string - factId?: string - decision?: "adopt" | "reject" + factId: string + decision: "adopt" | "reject" }, options?: Options, ) { @@ -2465,12 +2496,12 @@ export class EnvFacts extends HeyApiClient { * V3.8.1 §G.5: edit a fact then adopt it. mode=global corrects the shared fact for all projects; mode=project writes a project-local override, leaving the global fact untouched. */ public modify( - parameters?: { + parameters: { directory?: string workspace?: string - factId?: string - description?: string - body?: { + factId: string + description: string + body: { host?: string port?: number | "NaN" | "Infinity" | "-Infinity" | "Infinity" | "-Infinity" | "NaN" container?: string @@ -2480,7 +2511,7 @@ export class EnvFacts extends HeyApiClient { notes?: string } domain?: string - mode?: "global" | "project" + mode: "global" | "project" }, options?: Options, ) { @@ -2603,10 +2634,10 @@ export class Deepagent extends HeyApiClient { } public packsPin( - parameters?: { + parameters: { directory?: string workspace?: string - packId?: string + packId: string }, options?: Options, ) { @@ -2635,10 +2666,10 @@ export class Deepagent extends HeyApiClient { } public packsUnpin( - parameters?: { + parameters: { directory?: string workspace?: string - packId?: string + packId: string }, options?: Options, ) { @@ -3285,7 +3316,7 @@ export class Lock extends HeyApiClient { } } -export class File extends HeyApiClient { +export class File_ extends HeyApiClient { /** * List files * @@ -3727,11 +3758,11 @@ export class Groups extends HeyApiClient { * Create a new IM group. */ public create( - parameters?: { + parameters: { directory?: string workspace?: string - name?: string - type?: "project" | "system" + name: string + type: "project" | "system" projectID?: string }, options?: Options, @@ -3810,9 +3841,9 @@ export class Messages extends HeyApiClient { groupId: string directory?: string workspace?: string - senderType?: "user" | "agent" | "system" - type?: "text" | "code" | "file" | "agent_status" | "system" - content?: string + senderType: "user" | "agent" | "system" + type: "text" | "code" | "file" | "agent_status" | "system" + content: string mentions?: Array metadata?: | { @@ -4241,10 +4272,10 @@ export class Vcs extends HeyApiClient { * Apply a raw patch to the current working tree. */ public apply( - parameters?: { + parameters: { directory?: string workspace?: string - patch?: string + patch: string }, options?: Options, ) { @@ -4417,7 +4448,7 @@ export class Auth2 extends HeyApiClient { name: string directory?: string workspace?: string - code?: string + code: string }, options?: Options, ) { @@ -4518,11 +4549,11 @@ export class Mcp extends HeyApiClient { * Dynamically add a new Model Context Protocol (MCP) server to the system. */ public add( - parameters?: { + parameters: { directory?: string workspace?: string - name?: string - config?: McpLocalConfig | McpRemoteConfig + name: string + config: McpLocalConfig | McpRemoteConfig }, options?: Options, ) { @@ -4587,14 +4618,14 @@ export class Mcp extends HeyApiClient { * Instantiate a preset catalog entry (with filled params + secure-storage credential references) into a cfg.mcp entry and connect it. */ public catalogEnable( - parameters?: { + parameters: { directory?: string workspace?: string - id?: string - params?: { + id: string + params: { [key: string]: string | Array } - credentialRefs?: { + credentialRefs: { [key: string]: string } }, @@ -5194,7 +5225,7 @@ export class Question extends HeyApiClient { requestID: string directory?: string workspace?: string - answers?: Array + answers: Array }, options?: Options, ) { @@ -5297,7 +5328,7 @@ export class Permission extends HeyApiClient { requestID: string directory?: string workspace?: string - reply?: "once" | "always" | "reject" + reply: "once" | "always" | "reject" message?: string }, options?: Options, @@ -5341,7 +5372,7 @@ export class Permission extends HeyApiClient { permissionID: string directory?: string workspace?: string - response?: "once" | "always" | "reject" + response: "once" | "always" | "reject" }, options?: Options, ) { @@ -5379,11 +5410,11 @@ export class Models extends HeyApiClient { * Probe a provider /models endpoint and return discovered chat models. */ public discover( - parameters?: { + parameters: { directory?: string workspace?: string - providerID?: string - baseURL?: string + providerID: string + baseURL: string apiKey?: string authProviderID?: string modelID?: string @@ -5440,7 +5471,7 @@ export class Oauth extends HeyApiClient { providerID: string directory?: string workspace?: string - method?: number + method: number inputs?: { [key: string]: string } @@ -5487,7 +5518,7 @@ export class Oauth extends HeyApiClient { providerID: string directory?: string workspace?: string - method?: number + method: number code?: string }, options?: Options, @@ -6028,7 +6059,7 @@ export class Session2 extends HeyApiClient { [key: string]: unknown } variant?: string - parts?: Array + parts: Array }, options?: Options, ) { @@ -6231,9 +6262,9 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - modelID?: string - providerID?: string - messageID?: string + modelID: string + providerID: string + messageID: string }, options?: Options, ) { @@ -6338,8 +6369,8 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - providerID?: string - modelID?: string + providerID: string + modelID: string auto?: boolean }, options?: Options, @@ -6381,9 +6412,9 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - mode?: "wish" | "intelligence" + mode: "wish" | "intelligence" output_language?: "chinese" | "english" - parts?: Array + parts: Array }, options?: Options, ) { @@ -6418,6 +6449,53 @@ export class Session2 extends HeyApiClient { }) } + /** + * Stream prompt draft preparation + * + * Create a DeepAgent intelligence prompt draft and stream progressive preview updates as server-sent events. + */ + public promptPrepareStream( + parameters: { + sessionID: string + directory?: string + workspace?: string + mode: "wish" | "intelligence" + output_language?: "chinese" | "english" + parts: Array + }, + options?: Options, + ) { + const params = buildClientParams( + [parameters], + [ + { + args: [ + { in: "path", key: "sessionID" }, + { in: "query", key: "directory" }, + { in: "query", key: "workspace" }, + { in: "body", key: "mode" }, + { in: "body", key: "output_language" }, + { in: "body", key: "parts" }, + ], + }, + ], + ) + return (options?.client ?? this.client).post< + SessionPromptPrepareStreamResponses, + SessionPromptPrepareStreamErrors, + ThrowOnError + >({ + url: "/session/{sessionID}/prompt_prepare_stream", + ...options, + ...params, + headers: { + "Content-Type": "application/json", + ...options?.headers, + ...params.headers, + }, + }) + } + /** * Get latest next-round suggestion * @@ -6480,7 +6558,7 @@ export class Session2 extends HeyApiClient { [key: string]: unknown } variant?: string - parts?: Array + parts: Array }, options?: Options, ) { @@ -6531,8 +6609,8 @@ export class Session2 extends HeyApiClient { messageID?: string agent?: string model?: string - arguments?: string - command?: string + arguments: string + command: string variant?: string parts?: Array<{ id?: string @@ -6587,12 +6665,12 @@ export class Session2 extends HeyApiClient { directory?: string workspace?: string messageID?: string - agent?: string + agent: string model?: { providerID: string modelID: string } - command?: string + command: string }, options?: Options, ) { @@ -6634,7 +6712,7 @@ export class Session2 extends HeyApiClient { sessionID: string directory?: string workspace?: string - messageID?: string + messageID: string partID?: string }, options?: Options, @@ -6853,11 +6931,11 @@ export class Sync extends HeyApiClient { * Validate and replay a complete sync event history. */ public replay( - parameters?: { + parameters: { query_directory?: string workspace?: string - body_directory?: string - events?: Array<{ + body_directory: string + events: Array<{ id: string aggregateID: string seq: number @@ -6908,10 +6986,10 @@ export class Sync extends HeyApiClient { * Update a session to belong to the current workspace through the sync event system. */ public steal( - parameters?: { + parameters: { directory?: string workspace?: string - sessionID?: string + sessionID: string }, options?: Options, ) { @@ -7021,10 +7099,10 @@ export class Tui extends HeyApiClient { * Append prompt to the TUI. */ public appendPrompt( - parameters?: { + parameters: { directory?: string workspace?: string - text?: string + text: string }, options?: Options, ) { @@ -7238,10 +7316,10 @@ export class Tui extends HeyApiClient { * Execute a TUI command. */ public executeCommand( - parameters?: { + parameters: { directory?: string workspace?: string - command?: string + command: string }, options?: Options, ) { @@ -7275,12 +7353,12 @@ export class Tui extends HeyApiClient { * Show a toast notification in the TUI. */ public showToast( - parameters?: { + parameters: { directory?: string workspace?: string title?: string - message?: string - variant?: "info" | "success" | "warning" | "error" + message: string + variant: "info" | "success" | "warning" | "error" duration?: number }, options?: Options, @@ -7355,10 +7433,10 @@ export class Tui extends HeyApiClient { * Navigate the TUI to display the specified session. */ public selectSession( - parameters?: { + parameters: { directory?: string workspace?: string - sessionID?: string + sessionID: string }, options?: Options, ) { @@ -7463,7 +7541,7 @@ export class Permission2 extends HeyApiClient { parameters: { sessionID: string requestID: string - reply?: PermissionV2Reply + reply: PermissionV2Reply message?: string }, options?: Options, @@ -7627,7 +7705,7 @@ export class Session3 extends HeyApiClient { parameters: { sessionID: string id?: string - prompt?: Prompt + prompt: Prompt delivery?: "steer" | "queue" resume?: boolean }, @@ -7842,7 +7920,7 @@ export class Provider2 extends HeyApiClient { } } -export class Request extends HeyApiClient { +export class Request_ extends HeyApiClient { /** * List pending permission requests * @@ -7919,9 +7997,9 @@ export class Saved extends HeyApiClient { } export class Permission3 extends HeyApiClient { - private _request?: Request - get request(): Request { - return (this._request ??= new Request({ client: this.client })) + private _request?: Request_ + get request(): Request_ { + return (this._request ??= new Request_({ client: this.client })) } private _saved?: Saved @@ -8063,7 +8141,7 @@ export class Event2 extends HeyApiClient { workspace?: string } }, - options?: Options, + options?: Options, ) { const params = buildClientParams([parameters], [{ args: [{ in: "query", key: "location" }] }]) return (options?.client ?? this.client).sse.get({ @@ -8194,9 +8272,9 @@ export class DeepAgentCodeClient extends HeyApiClient { return (this._global ??= new Global({ client: this.client })) } - private _event?: Event - get event(): Event { - return (this._event ??= new Event({ client: this.client })) + private _event?: Event_ + get event(): Event_ { + return (this._event ??= new Event_({ client: this.client })) } private _config?: Config2 @@ -8234,9 +8312,9 @@ export class DeepAgentCodeClient extends HeyApiClient { return (this._find ??= new Find({ client: this.client })) } - private _file?: File - get file(): File { - return (this._file ??= new File({ client: this.client })) + private _file?: File_ + get file(): File_ { + return (this._file ??= new File_({ client: this.client })) } private _lsp?: Lsp diff --git a/packages/sdk/js/src/v2/gen/types.gen.ts b/packages/sdk/js/src/v2/gen/types.gen.ts index 2e2c2493..298afe4d 100644 --- a/packages/sdk/js/src/v2/gen/types.gen.ts +++ b/packages/sdk/js/src/v2/gen/types.gen.ts @@ -1821,38 +1821,7 @@ export type AgentConfig = { writablePaths?: Array toolWhitelist?: Array } - [key: string]: - | unknown - | string - | number - | { - [key: string]: boolean - } - | boolean - | "subagent" - | "primary" - | "all" - | { - [key: string]: unknown - } - | string - | "primary" - | "secondary" - | "accent" - | "success" - | "warning" - | "error" - | "info" - | number - | PermissionConfig - | { - maxConcurrency?: number - maxTokensPerTurn?: number - maxTurnDurationMs?: number - writablePaths?: Array - toolWhitelist?: Array - } - | undefined + [key: string]: unknown } export type ProviderConfig = { @@ -1877,7 +1846,7 @@ export type ProviderConfig = { */ headerTimeout?: number | false chunkTimeout?: number - [key: string]: unknown | string | boolean | number | false | number | false | number | undefined + [key: string]: unknown } models?: { [key: string]: { @@ -1933,7 +1902,7 @@ export type ProviderConfig = { variants?: { [key: string]: { disabled?: boolean - [key: string]: unknown | boolean | undefined + [key: string]: unknown } } } @@ -2043,9 +2012,6 @@ export type Config = { > share?: "manual" | "auto" | "disabled" autoshare?: boolean - /** - * Base URL of the server used for session sharing. When set, overrides the default share endpoint. Falls back to the enterprise URL and then the built-in default when unset. - */ share_url?: string /** * Automatically update to the latest version. Set to true to auto-update, false to disable, or 'notify' to show update notifications @@ -6174,6 +6140,33 @@ export type GlobalProjectsResponses = { export type GlobalProjectsResponse = GlobalProjectsResponses[keyof GlobalProjectsResponses] +export type GlobalProjectDeleteData = { + body?: never + path: { + projectID: string + } + query?: never + url: "/global/projects/{projectID}" +} + +export type GlobalProjectDeleteErrors = { + /** + * Bad request + */ + 400: BadRequestError +} + +export type GlobalProjectDeleteError = GlobalProjectDeleteErrors[keyof GlobalProjectDeleteErrors] + +export type GlobalProjectDeleteResponses = { + /** + * + */ + 204: void +} + +export type GlobalProjectDeleteResponse = GlobalProjectDeleteResponses[keyof GlobalProjectDeleteResponses] + export type EventSubscribeData = { body?: never path?: never @@ -11165,6 +11158,45 @@ export type SessionPromptPrepareResponses = { export type SessionPromptPrepareResponse = SessionPromptPrepareResponses[keyof SessionPromptPrepareResponses] +export type SessionPromptPrepareStreamData = { + body?: { + mode: "wish" | "intelligence" + output_language?: "chinese" | "english" + parts: Array + } + path: { + sessionID: string + } + query?: { + directory?: string + workspace?: string + } + url: "/session/{sessionID}/prompt_prepare_stream" +} + +export type SessionPromptPrepareStreamErrors = { + /** + * BadRequest | InvalidRequestError + */ + 400: EffectHttpApiErrorBadRequest | InvalidRequestError + /** + * NotFoundError + */ + 404: NotFoundError +} + +export type SessionPromptPrepareStreamError = SessionPromptPrepareStreamErrors[keyof SessionPromptPrepareStreamErrors] + +export type SessionPromptPrepareStreamResponses = { + /** + * Success + */ + 200: string +} + +export type SessionPromptPrepareStreamResponse = + SessionPromptPrepareStreamResponses[keyof SessionPromptPrepareStreamResponses] + export type SessionPromptSuggestionData = { body?: never path: { From 591e00746d7d270d5ed4cf06029c9efbe7d9cf30 Mon Sep 17 00:00:00 2001 From: deepagent-ai Date: Fri, 10 Jul 2026 13:07:32 +0800 Subject: [PATCH 4/4] fix(app): composer approval control + settings cleanups (#49) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Four settings/composer UX fixes, rebased cleanly onto the latest `dev` (supersedes #47, whose first 5 commits already landed via #46). ## Changes 1. **Share URL i18n** — the Sharing settings section was English-only; added zh + zht translations and backfilled all 15 non-English locales so the settings-key parity test passes. 2. **Approval control → composer** — removed the auto-accept row from settings; added an `ApprovalControl` next to the build/plan agent selector (Codex-style two-option picker: "Request approval" default / "Auto-approve"), directory-scoped, backed by the existing permission context. 3. **Servers tab** — merged the duplicate "Add server" + "Connect to server" buttons into one "Add server" menu with two items. 4. **Import** — the run button is now a full-width bar button under the options (Cancel beside it while running). ## Verification - App suite: 540 pass - i18n parity: green - Typecheck: clean (15/15 tasks in pre-push) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: deepagent-ai Co-authored-by: Claude Opus 4.8 --- .../components/deepagent-settings-ux.test.ts | 18 +++++- .../components/deepagent/approval-control.tsx | 56 +++++++++++++++++++ packages/app/src/components/prompt-input.tsx | 6 ++ .../src/components/settings-v2/general.tsx | 38 ------------- .../components/settings-v2/import-history.tsx | 26 +++++---- .../src/components/settings-v2/servers.tsx | 24 ++++++-- .../components/settings-v2/settings-v2.css | 13 +++++ packages/app/src/i18n/ar.ts | 6 ++ packages/app/src/i18n/br.ts | 6 ++ packages/app/src/i18n/bs.ts | 6 ++ packages/app/src/i18n/da.ts | 6 ++ packages/app/src/i18n/de.ts | 6 ++ packages/app/src/i18n/en.ts | 3 + packages/app/src/i18n/es.ts | 6 ++ packages/app/src/i18n/fr.ts | 6 ++ packages/app/src/i18n/ja.ts | 6 ++ packages/app/src/i18n/ko.ts | 6 ++ packages/app/src/i18n/no.ts | 6 ++ packages/app/src/i18n/pl.ts | 6 ++ packages/app/src/i18n/ru.ts | 6 ++ packages/app/src/i18n/th.ts | 6 ++ packages/app/src/i18n/tr.ts | 6 ++ packages/app/src/i18n/uk.ts | 6 ++ packages/app/src/i18n/zh.ts | 9 +++ packages/app/src/i18n/zht.ts | 10 ++++ 25 files changed, 235 insertions(+), 58 deletions(-) create mode 100644 packages/app/src/components/deepagent/approval-control.tsx diff --git a/packages/app/src/components/deepagent-settings-ux.test.ts b/packages/app/src/components/deepagent-settings-ux.test.ts index 870cab56..8c2d60b5 100644 --- a/packages/app/src/components/deepagent-settings-ux.test.ts +++ b/packages/app/src/components/deepagent-settings-ux.test.ts @@ -23,9 +23,21 @@ describe("DeepAgent settings UX", () => { expect(v2.indexOf('data-action="settings-deepagent-prompt-mode"')).toBeLessThan( v2.indexOf('data-action="settings-deepagent-intelligence-model"'), ) - expect(v2.indexOf('data-action="settings-deepagent-intelligence-model"')).toBeLessThan( - v2.indexOf('data-action="settings-auto-accept-permissions"'), - ) + }) + + test("moves the permission approval control out of settings into the composer toolbar", async () => { + const v2 = await readFile(path.join(here, "settings-v2/general.tsx"), "utf8") + const composer = await readFile(path.join(here, "prompt-input.tsx"), "utf8") + const control = await readFile(path.join(here, "deepagent/approval-control.tsx"), "utf8") + + // The auto-accept toggle no longer lives in settings… + expect(v2).not.toContain('data-action="settings-auto-accept-permissions"') + // …it is a composer control next to the agent selector, backed by directory-level auto-accept. + expect(composer).toContain("ApprovalControl") + expect(control).toContain('"data-action": "prompt-approval"') + expect(control).toContain("toggleAutoAcceptDirectory") + expect(control).toContain("composer.approval.request") + expect(control).toContain("composer.approval.auto") }) test("routes the legacy settings dialog import to the unified settings page", async () => { diff --git a/packages/app/src/components/deepagent/approval-control.tsx b/packages/app/src/components/deepagent/approval-control.tsx new file mode 100644 index 00000000..5654f8ba --- /dev/null +++ b/packages/app/src/components/deepagent/approval-control.tsx @@ -0,0 +1,56 @@ +import { createMemo, type JSX } from "solid-js" +import { Select } from "@deepagent-code/ui/select" +import { useLanguage } from "@/context/language" +import { usePermission } from "@/context/permission" + +/** + * Approval-mode control for the composer toolbar, next to the agent (build/plan) selector. + * + * Mirrors Codex's approval selector UX, simplified to two options: the button shows the CURRENT mode + * ("Request approval" by default, "Auto-approve" when armed); clicking opens a small picker to switch. + * The mode is DIRECTORY-scoped (persists across sessions in the same workspace), backed by the existing + * permission context (isAutoAcceptingDirectory / toggleAutoAcceptDirectory) — the same state the old + * settings toggle drove, now surfaced where the user acts. + */ + +type ApprovalMode = "request" | "auto" + +export function ApprovalControl(props: { directory: string; triggerStyle?: JSX.CSSProperties; onAfter?: () => void }) { + const language = useLanguage() + const permission = usePermission() + + const auto = createMemo(() => (props.directory ? permission.isAutoAcceptingDirectory(props.directory) : false)) + const current = createMemo(() => (auto() ? "auto" : "request")) + + const options: ApprovalMode[] = ["request", "auto"] + const label = (mode: ApprovalMode) => + mode === "auto" + ? language.t("composer.approval.auto") + : language.t("composer.approval.request") + + const onSelect = (mode: ApprovalMode | undefined) => { + if (!mode || !props.directory) return + const isAuto = mode === "auto" + if (isAuto === auto()) return + // toggleAutoAcceptDirectory flips the directory-level state; only call it when the target differs. + permission.toggleAutoAcceptDirectory(props.directory) + props.onAfter?.() + } + + return ( +