keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
386 commits 3 branches 11 tags 12 MiB
Commit graph

56 commits

Author SHA1 Message Date
Parfii-bot
07eb0b83ea feat(wave19): kei-pet Day 2 — 8 pet gaps closed via substrate dogfood 
48 crates, 859 tests green (+58 kei-pet tests, was 801 at v0.35.0).

Full substrate pipeline test: all 8 agents launched via kei-agent-runtime
prepare → composed capability-fragment prompts → Agent tool invocations.
Zero file conflicts across disjoint scopes. Every agent self-verified
and landed files direct to main.

## A. memory (4 tests) — persistent conversations
- src/memory.rs — (user_id, pet_name)-scoped conversation log
- SQLite via rusqlite, index (user_id, pet_name, ts DESC)
- record_interaction / recent / search with LIKE-escape

## B. evolution (3 tests) — version diff + fork chain
- src/evolution.rs — PersonaVersion { version, parent_version, manifest }
- diff(old, new) → Vec<Change> (tone / directness / initiative / forbidden / humor)
- fork_version increments + links parent

## C. wizard (5 markdown phases) — /pet-init skill
- skills/pet-init/SKILL.md + 4 phases (identity / voice / edge / emit)
- AskUserQuestion-driven, no TOML editing for end users
- Writes ~/.claude/pet/<user_id>.toml + calls kei-pet keygen if needed

## D. templates (3 tests + 5 presets) — role-based personas
- templates/{friend,tutor,coach,therapist-companion,productivity-partner}.toml
- src/templates.rs — PetTemplate enum + load_template + list_templates
- Schema-enum mapping documented (dry→engineering-meta, etc) — schema.rs
  expansion is future work

## E. bridge (3 tests) — /spawn-agent pet overlay
- src/bridge.rs — compose_prompt_with_pet(base + persona overlay + task)
- skills/spawn-agent/phase-3-pet-overlay.md — interactive pet selector

## F. recall (4 tests) — "have we discussed this before?"
- src/recall.rs — wraps kei_dna_index::precedent with body_sha8()
- SHA-256 first 4 bytes → 8 hex lowercase (matches kei_shared width)
- Fetches started_ts per hit for honest sort-by-recency

## G. reflect (7 tests) — self-reflection threshold proposals
- src/reflect.rs — CorrectionSignal + ProposedChange
- Thresholds: 3× too_verbose → SetDirectness, 2× forbidden_topic → AddForbidden, etc
- Idempotent: no-op if manifest already in desired state

## H. fleet (6 tests) — multi-pet per user
- src/fleet.rs — PetFleet { user_id, pets, active_pet }
- add_pet / switch_active / load_fleet with toml persistence
- shared_memory_key vs per_pet_memory_key — one user scopes multiple pets

## Known follow-ups (not blockers)

- Phase-4-emit of /spawn-agent should read PET_MANIFEST_PATH from new
  phase-3-pet-overlay and pass to kei-spawn (wiring next wave)
- SKILL.md for spawn-agent should list new pet-overlay phase
- Schema enum expansion: humor_style "dry/witty", directness "direct/
  gentle/blunt", initiative "proactive/nudge" as first-class variants

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-24 00:37:24 +08:00
Parfii-bot
954b8c1f3e sanitize: remove patent-metadata from main tree (Tier 1+2+3) 
Pre-public-launch cleanup. 17 files touched. Grep verification confirms
only Tier 4 (intentional GTM attribution) remains: README + docs/PHILOSOPHY
credit to Denis Parfionovich / KeiLab.

## Tier 1 — INFRA-LEAKS (4 targets, 1 file)
- _blocks/ci-forgejo-actions.md: Tailscale IPs 100.91.246.53 removed,
  kgl-runner-01 → my-runner-01, SSH fingerprint line deleted, Forgejo
  topology description generalised to "private interface"

## Tier 2 — PATENT-FLAG PROSE (4 files, ~10 edits)
- _manifests/kei-{modal-runner,ml-implementer,infra-implementer}.toml:
  "proprietary/non-public-deploy" → "private/non-public-deploy"
- _blocks/ci-forgejo-actions.md: RULE 0.1 sensitive IP references softened
  to generic "sensitive IP / compliance / air-gap" framing

## Tier 3 — INTERNAL PROJECT NAMES (8 files)
- kei-provision/tests/backend_smoke.rs: kgl-* fixtures → test-srv-*/test-vultr
- kei-auth/tests/integration.rs: project: "kgl" → "demo"
- kei-memory/src/coaccess.rs: "PROJECT-C/Genesis" origin → "in-house implementation"
- _primitives/{tomd.sh,README.md}: PROJECT-D provenance removed
- _bridges/README.md: PROJECT-D cross-ref line deleted
- skills/site-create/: keiagent/fal.ai → generic AI-asset generator
- skills/self-audit/: hardcoded project paths → ~/Projects/my-project
- skills/compose-solution/: hardcoded ~/Projects/PROJECT-E →
  ${KEISEI_BUNDLE_PATH:-} env-conditional lookup
- skills/sleep-setup/: forgejo.example.com → forgejo.example.com

## Phase 2 — Regenerated 3 root .md (Option B manual)
Assembler invocation blocked by sandbox; fell back to manual Edit on
kei-ml-implementer.md + kei-infra-implementer.md + kei-modal-runner.md
with same Tier-2 replacements as their source manifests.

## Known residual (Phase 3 pending user decision)
Git history still contains 619+ patent-term hits (pre-rewrite). Filter-repo
on /tmp/keisei-mirror.git prepared by separate agent; force-push
pending user approval because `genesis-scan` / `genesis-leak-guard` are
intentional kit features — naive rewrite would break them.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 19:20:16 +08:00
Parfii-bot
eac6a7e58c feat(w9c): /spawn-agent Claude Code skill — click-only wizard for kei-spawn 
5-phase skill wrapping kei-spawn CLI: role pick → task desc → scope
preset → confirm → emit composed Agent-tool invocation.

Pattern matches existing skills/site-create + skills/new-agent.
4 AskUserQuestion minimum, sole free-text is task description.

RULE 0.13 / 0.12 / 0.5 / ZERO enforced. Ready for /spawn-agent
invocation once kei-spawn binary built via install.sh.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 13:32:01 +08:00
Parfii-bot
1afb4bafa3 feat(convergence/u1): shared blocks + 3 skill deprecations + /animate gateway 
Pre-unlock wave U1. Non-breaking DRY refactor per CONVERGENCE-PLAN tasks 1/2/4/5/6.

Created (5 files):
- _blocks/pipeline-5phase-template.md (54 LOC) — shared preamble for
  ci-scaffold / auth-setup / observability-setup / docs-scaffold /
  schema-design
- _blocks/rule-pure-click-contract.md (42 LOC) — AskUserQuestion
  contract referenced across 5+ skills
- skills/animate/SKILL.md (67 LOC) — gateway router; AskUserQuestion
  picks scroll / motion / web-effects / ai-animation, hands off to
  picked skill
- skills/competitor-analysis/SKILL.md (35 LOC) — redirect stub to
  /research --angle=competitors (did not exist; stub documents the
  preset path per RULE -1 Constructive)
- skills/design-inspiration/SKILL.md (38 LOC) — same pattern,
  --angle=design-refs

Deprecation headers added (3 skills):
- skills/site-builder/SKILL.md → "use /site-create" (subset)
- skills/competitor-analysis/SKILL.md → preset stub
- skills/design-inspiration/SKILL.md → preset stub

Reference blocks added (5 pipeline skills):
- skills/ci-scaffold, auth-setup, observability-setup, docs-scaffold,
  schema-design — each +4 LOC pointer to pipeline-5phase-template.md
- skills/research — +18 LOC --angle presets table

LOC saved via shared blocks: ~96

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-23 03:43:40 +08:00
Parfii-bot
249733c164 feat(v0.17.1): orchestrator-dirty-check hook — prevent uncommitted-output compounding 
PreToolUse:Agent advisory — warns orchestrator if git status is dirty
before spawning next agent. Closes the workflow gap that caused 28
uncommitted files across 5 bundles on main (2026-04-22 incident).

hooks/orchestrator-dirty-check.sh (51 LOC, POSIX sh):
  - Sources _lib/gate.sh, respects KEI_DISABLED_HOOKS
  - Reads git status --porcelain at repo root
  - Emits stderr advisory with modified/untracked counts + sample
  - Exit 0 always (advisory, not blocking)
  - Bypass: ORCHESTRATOR_META=1 (existing RULE 0.13 flag) or
    ORCHESTRATOR_DIRTY_OK=1 (new, explicit)
  - Severity: warn — per RULE 0.10 ladder; upgrade to enforce
    only after 2nd recurrence

hooks/_lib/test-orchestrator-dirty-check.sh (60 LOC):
  - 5 test cases with mocked git PATH shim
  - Clean / dirty-modified / dirty-untracked / env-bypass /
    gate-bypass
  - PASS 5/5 (existing gate.sh tests unchanged — 11/11)

Wired into hooks/hooks.json (plugin format) and settings-snippet.json
(classic install) at PreToolUse/Agent matcher.

skills/hooks-control/SKILL.md — hook list 9 → 10.
README.md — hook table gains 1 row; count marker left at 9 for
scripts/regen-counts.sh to update post-merge.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:42:11 +08:00
Parfii-bot
4c77b9a79b Merge feat/v0.17-sleep-setup-hybrid — local/remote/hybrid mode wizard 2026-04-22 15:13:54 +08:00
Parfii-bot
bbe1d79c53 feat(v0.17): sleep-setup local/remote/hybrid mode + time picker 
Extends /sleep-setup wizard with three deployment modes and
user-picked nightly time. Pure-click except existing free-text
(repo URL; custom time if chosen).

New phases:
  phase-0-mode.md (64 LOC) — 3 options: local-only (CronCreate,
    full filesystem access, real /self-audit skill) / remote-only
    (existing cloud-agent + git-repo flow) / hybrid (both;
    redundancy if Mac asleep).
  phase-0b-time.md (79 LOC) — 6 options: 03:00 REM peak /
    00:00 / 05:00 / 23:00 / 21:00 / Custom (freeText with
    HH:MM regex + 3-retry fallback to 03:00).

phase-5-trigger.md — octal-safe $SLEEP_TIME_LOCAL parsing
  (10# prefix), branches on $SLEEP_MODE:
    local-only → CronCreate only, local time (no UTC conversion)
    remote-only → /schedule create only (UTC-converted)
    hybrid → both, two sequential AskUserQuestion

phase-3b-deep-sleep.md — adds plan+local-patch option when
  SLEEP_MODE=local-only (apply patches to ~/.claude/ directly
  after morning confirm, no git branch).

SKILL.md — pipeline table 6 → 8 rows, AskUserQuestion minimum
  9 → 11 (remote/hybrid) or 6 (local-only); final report shows
  Mode + Time fields adapted per mode.

Verify: new user picks local-only + Custom 05:00 → zero git,
cron 0 5 * * * registered with /self-audit body referencing
~/.claude/memory/audit-backlog.md and sleep-report-DATE.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:13:54 +08:00
Parfii-bot
1c054860e0 Merge fix/v0.17-test-matrix-yaml — YAML frontmatter quoting 2026-04-22 15:13:33 +08:00
Parfii-bot
cedf22ece8 fix(v0.17): test-matrix SKILL.md YAML frontmatter quoting 
Plugin-format agent flagged: description value contains 'Pure-click:'
mid-string; unquoted colon breaks yaml.safe_load strict parse —
blocks claude plugin validate on the entire kit.

Fix: wrap description in double quotes. Content unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:13:33 +08:00
Parfii-bot
14ae1af585 Merge feat/v0.16.1-polish — dynamic schema + mode matrix Phase 3.6 2026-04-22 15:13:05 +08:00
Parfii-bot
d95a3ba48c feat(v0.16.1): dynamic schema SSoT + KNOWN_SCHEMAS drift-test + mode-matrix Phase 3.6 
Three polish items from post-audit parallel agent.

1. Dynamic schema whitelist (drops hardcoded const drift)
   _assembler/src/schemas_export.rs (NEW, 136 LOC) — loader cube,
     priority path $AGENT_ROOT/artifacts/schemas.json →
     ~/.claude/agents/artifacts/schemas.json → BUILTIN fallback.
     Hand-rolled JSON parser (no serde_json dep).
   _assembler/src/validator.rs delegates to schemas_export::load,
     keeps KNOWN_ARTIFACT_SCHEMAS alias for back-compat.
   _primitives/_rust/kei-artifact/src/export.rs (NEW, 82 LOC) —
     write() + render() + default_path().
   _primitives/_rust/kei-artifact/src/cli_cmds.rs (NEW, 126 LOC) —
     extracted cmd_emit/get/list/chain so main stays <200 LOC.
   ExportSchemas + ListSchemas subcommands; cmd_register
     auto-refreshes export file (best-effort).

2. KNOWN_SCHEMAS SSoT — documented-dual-const + drift-test
   (Option "simpler than new crate"). SSoT in kei-artifact's
   BUILTIN; schemas_export::BUILTIN is a documented mirror;
   builtin_schemas_do_not_drift_from_kei_artifact test in
   validator.rs parses the primitive's source at test time and
   diffs. <30 LOC change. No workspace structural change —
   assembler stays decoupled from runtime primitive.

3. Agent-to-mode matrix + wizard Phase 3.6
   _blocks/mode-matrix.md (NEW, 24 LOC) — 11-row table mapping
     agent role × recommended mode blocks.
   skills/new-agent/SKILL.md — new Phase 3.6 (between name-confirm
     3.5 and manifest-write 4). AskUserQuestion with 5
     cognitive-mode options (skeptic/devils-advocate/minimalist/
     maximalist/first-principles, multiSelect). Appends picked
     labels to manifest's blocks array. Defaults to NONE.
   _blocks/README.md adds one-line reference to the matrix.
   _assembler/tests/mode_blocks.rs (NEW, 78 LOC) — 3 integration
     tests lock the wiring.

README.md — all accumulated count + pre-built-binaries + plugin
section edits from the v0.16 cycle consolidated here (will be
replaced by markers in v0.17 counts-autogen refactor).

Tests: assembler 24 → 33 (+9), kei-artifact 24 → 31 (+7), total
48 → 64. cargo check --workspace clean.

Constructor Pattern: largest new file validator.rs 180 LOC.

Pre-existing flagged for separate refactor: kei-artifact
validate.rs 268 LOC (not touched by this polish).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:10:46 +08:00
Parfii-bot
f77c1b7fdc fix(v0.15.1): RED-1 CVE + typed-handoff + schema minItems 
Security hotfix — v0.15.1 Wave 1 fixes from 4-parallel audit.

RED-1 (CVE): KEI_DISABLED_HOOKS tokenized match — was `*all*`
substring-glob (trivially bypassable via "install", "wall-clock", etc.),
now exact-token split on comma/space. Patched in all 9 hooks:
no-hand-edit-agents, assemble-agents, assemble-validate, tomd-preread,
agent-fork-logger, site-wysiwyd-check, error-spike-detector,
milestone-commit-hook, session-end-dump.

RED-2 (observability): minimal profile whitelist now includes
agent-fork-logger and session-end-dump (ledger + trace paths) so
observability is not silently lost on minimal installs.

HIGH: review.json schema minItems:1 on findings — rejects empty
reviews; new Rust test review_schema_rejects_empty_findings.

HIGH: typed-handoff wire-up — produces_artifact declared at top
level on 5 manifests (kei-security-auditor, kei-validator,
kei-architect, kei-code-implementer, kei-critic); duplicate
per-handoff declarations removed.

MED: kei-artifact validate.rs gains warn_unsupported_keywords —
non-fatal stderr warning when schema uses keywords outside the
hand-rolled 2020-12 subset.

LOW: CI Node matrix dropped 18, now ['20','22'].

Doc drift: skills/hooks-control/SKILL.md reflects tokenized-match
semantics and updated minimal-profile hook list.

Tests: 191 Rust workspace + 30 assembler (both pass). RED-1
reproducer 10/10 (4 former-CVE vectors blocked, 5 legit vectors
accepted, empty passes).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 15:08:51 +08:00
Parfii-bot
59725ae021 Merge branch 'feat/v0.15-artifact-handoff' — kei-artifact typed handoff pipeline 
# Conflicts:
#	_primitives/MANIFEST.toml
 2026-04-22 14:15:17 +08:00
Parfii-bot
34ace50183 Merge branch 'feat/v0.14.2-hook-runtime' — runtime hook controls (KEI_DISABLED_HOOKS + profiles) 
# Conflicts:
#	hooks/git-pre-commit-genesis.sh
 2026-04-22 14:14:26 +08:00
Parfii-bot
24c584ee50 fix: remove genesis-scan from public kit (internal tool, Bundle-only) 
Per user decision: publishing the sensitive IP pattern blocklist via public
scanner is leak of the blocklist itself (attack surface). genesis-scan
remains in PROJECT-E (private); user-global
~/.claude/hooks/genesis-leak-guard.sh (runtime hook) separate.

Deleted:
- _primitives/_rust/genesis-scan/ (whole crate, 5 files)
- hooks/git-pre-commit-genesis.sh (scanner companion)

Modified:
- workspace Cargo.toml -1 member (24→23)
- MANIFEST.toml — removed [primitive.genesis-scan] + core/full profile refs
- .github/workflows/ci.yml — removed genesis-scan job
- README.md — 7 count/description edits (24→23 rust, 10→9 hooks, 37→36 full)
- install.sh — 5 edits (--help + menus)
- mcp-server tool-registry.ts + test — scanner removed from MCP surface
- kei-sleep-queue.sh — removed scan_prompt() pre-submit hook
- 2 sleep-on-it skill phases — removed genesis-scan references

Tests: 160 Rust (was 167, -7 genesis-scan tests as expected), 24 assembler unchanged.
 2026-04-22 14:11:22 +08:00
Parfii-bot
537589e6a7 feat(primitives): kei-artifact typed handoff pipeline (BMAD-style doc passthrough) 
- kei-artifact Rust crate (25th): schema registry + artifact store + SHA-256 id + chain walker
- 5 schemas (JSON Schema 2020-12 strict): spec / plan / patch / review / research
- Manifest extension: optional produces_artifact + expects_artifact per handoff (non-breaking)
- Validator extension: KNOWN_ARTIFACT_SCHEMAS whitelist check + 4 new tests
- 3 kei-* manifests updated with typed handoff (architect→code-implementer→critic chain)
- compose-solution phase-5 cross-ref to kei-artifact

Tests: 189 Rust workspace (was 167, +22 artifact tests) + 24 assembler (was 20, +4 validator tests)
 2026-04-22 14:10:08 +08:00
Parfii-bot
da0f2cb42b feat(hooks): runtime controls via KEI_DISABLED_HOOKS + KEI_HOOK_PROFILE (v0.14.2) 
10 hooks get 21-line guard block: env-var short-circuit, 4 profiles (full/advisory-off/minimal/off), per-hook disable.

Safety-critical preserved in 'minimal': no-hand-edit-agents, assemble-validate, git-pre-commit-genesis.
Advisory off list: recurrence-suggest, citation-verify, error-spike-detector, milestone-commit-hook.

skills/hooks-control/SKILL.md — click-only toggle emitting shell export commands.
README +27 LOC 'Runtime hook controls' section with examples.
 2026-04-22 13:51:48 +08:00
Parfii-bot
cab78d68f7 Merge branch 'feat/v0.13-deep-sleep' — NREM deep-sleep pipeline + store trait (5 backends) 2026-04-22 08:50:09 +08:00
Parfii-bot
88a59f017f feat(integration): deep-sleep wired into MANIFEST + sleep-setup Phase 3b + README 2026-04-22 08:28:22 +08:00
Parfii-bot
293e96af5d feat(skills): /onboard auto-project-analyze with 3-mode apply (full-auto/step-by-step/full-manual) 2026-04-22 04:22:20 +08:00
Parfii-bot
3d928b41db feat(skills): /sleep-on-it 6-phase wizard + kei-sleep-queue CRUD + incubation prompt 
Priority-scaled time budgets (quick/standard/deep/marathon/weekly),
marathon-mode for hard derivations (skips Phase B REM for one task),
checkpointing every N minutes via partial commits.
 2026-04-22 02:30:04 +08:00
Parfii-bot
8e9c05272f feat(skills): /sleep-setup 5-phase wizard (click + 1 free-text URL) 2026-04-22 01:34:42 +08:00
Parfii-bot
139d2f0325 feat(skills): /self-audit 5-phase triage pipeline 2026-04-22 00:50:04 +08:00
Parfii-bot
7bffcdf037 docs(compose-solution): prior-art grep paths + phase-5 cross-refs for 10 pipelines + 21 primitives 2026-04-21 21:33:11 +08:00
Parfii-bot
c89352c87c Merge branch 'feat/frontend-v040' — 4 stacks + 3 Rust + 5 shell + 17 skills + /site-create (partial) 
Cargo.lock regenerated after 8-crate workspace merge.
 2026-04-21 21:17:19 +08:00
Parfii-bot
19850e1a45 Merge branch 'feat/v0.5-vm-security' — 7 blocks + 3 shell + 2 Rust + /vm-provision 
Workspace Cargo.toml reconciled: all 8 crates (kei-ledger, kei-migrate, kei-changelog, ssh-check, firewall-diff, mock-render, visual-diff, tokens-sync) as members.
 2026-04-21 21:15:49 +08:00
Parfii-bot
e5d565a11e Merge branch 'feat/v0.7-docs' — 5 blocks + kei-docs-scaffold + kei-changelog Rust + /docs-scaffold 2026-04-21 21:15:05 +08:00
Parfii-bot
f205a12348 Merge branch 'feat/v0.6-database' — 5 blocks + kei-migrate Rust + /schema-design 2026-04-21 21:14:50 +08:00
Parfii-bot
62e28450bc Merge branch 'feat/rule-0.12-agent-git-model' — kei-ledger Rust + hook + /new-project 2026-04-21 21:13:40 +08:00
Parfii-bot
0081bc8f46 Merge branch 'feat/v0.7-auth-iam' — 4 blocks + /auth-setup 2026-04-21 21:11:39 +08:00
Parfii-bot
6d382ee939 Merge branch 'feat/v0.7-api-design' — 4 blocks + /api-design 2026-04-21 21:11:17 +08:00
Parfii-bot
5d61866618 Merge branch 'feat/v0.6-cicd' — 4 blocks + kei-ci-lint + /ci-scaffold 2026-04-21 21:11:17 +08:00
Parfii-bot
40d11e7dac Merge branch 'feat/v0.7-testing-matrix' — 4 blocks + /test-matrix 2026-04-21 21:11:17 +08:00
Parfii-bot
5d5362db3e feat(skills): /site-create pipeline (phases 0-4 — phases 5-6 deferred) 2026-04-21 21:08:14 +08:00
Parfii-bot
fd81aae515 feat(skills): port 17 generic frontend skills from ~/.claude/skills/ (a11y-audit, design-system, figma-to-code, form-builder, frontend-design, landing-page, motion-design, perf-audit, responsive-audit, scroll-animation, seo-audit, site-builder, site-teardown, ui-component, web-assets, web-deploy, web-effects) 2026-04-21 21:08:14 +08:00
Parfii-bot
63b6b07c06 feat(skills): /docs-scaffold 5-phase pipeline 2026-04-21 21:01:28 +08:00
Parfii-bot
eee5eecc20 feat(skills): /vm-provision 6-phase pipeline 
Hub-and-spoke skill:
- SKILL.md (index) + phase-1-select-provider, phase-2-plan,
  phase-3-provision, phase-4-harden, phase-5-verify, phase-6-handoff.

Pipeline: select provider → Plan Mode doc → provision (hetzner/vultr
primitives, SSH first-contact TOFU) → harden-base.sh over SSH →
ssh-check + firewall-diff HARD GATE → artefact ledger + optional
/web-deploy handoff.

Invariants:
- ≥ 6 AskUserQuestion calls (Phase 1×2, 2×1, 3×1, 4×1, 5×1).
- Hard gate: Phase 6 refuses to run unless ssh-check AND firewall-diff
  both exit 0. "Ignore and proceed" is BLOCKED by design.
- RULE 0.8 (secrets ENV-ref only), RULE 0.4 (cite provider specifics),
  RULE 0.5 (plan.md written to <run-dir>/plan.md before provisioning),
  RULE -1 (every failure branch returns 2-3 constructive paths).

Defensive-only — no scanning tools, no CVE probes, no third-party
attack-surface analysis. Every phase file ≤ 200 LOC per Constructor
Pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-21 21:00:14 +08:00
Parfii-bot
cd7a983f98 feat(skills): /ci-scaffold 5-phase pipeline 2026-04-21 20:56:24 +08:00
Parfii-bot
2262cc3f69 feat(skills): /api-design 6-phase pipeline 2026-04-21 20:54:54 +08:00
Parfii-bot
4178147b0f feat(skills): /new-project 4-phase pipeline 
Hub-and-spoke orchestrator for RULE 0.12 at project scale. SKILL.md
indexes 4 phase files: intake, fork-skeleton, parallel-exec, merge-
ceremony.

Flow:
  Phase 1 — 1 free-text line (GOAL) + 1 batch of 5 AskUserQuestion
            (type, theory, fanout, main-agent, DB mode).
  Phase 2 — project/<slug> branch, kei-ledger fork root, theoretical
            sub-agent spawn confirmation click.
  Phase 3 — poll kei-ledger list --status running, aggregate
            progress.json, steering click (continue / add / kill /
            merge / pause).
  Phase 4 — kei-ledger validate per bundle, per-branch merge verdict
            click (merge --no-ff / squash / reject / defer), final
            integration + NO-DOWNGRADE close click if any rejected /
            deferred.

>=6 AskUserQuestion calls minimum (1 batch Phase 1 + 1 Phase 2 + 1
Phase 3 + >=2 per-branch Phase 4 + 1 close).

Constructor Pattern: SKILL.md 109 LOC, phase files 80-108 LOC each —
all under 150 LOC.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-21 20:52:49 +08:00
Parfii-bot
505e727dcf feat(skills): /auth-setup 5-phase pipeline 
Hub-and-spoke skill that converts "I need auth for app X" into a
reviewable plan across 5 phases: intake (flows/stack/storage/MFA),
identity-provider pick + env scaffold, session strategy + cookies,
authorization model + permission matrix, and threats + mitigations.

- 8 AskUserQuestion calls total (≥6 hub-and-spoke contract; 4 in Phase 1
  + 1 each in Phases 2–5).
- Reads all four _blocks/auth-*.md; never writes production code or
  secret values.
- RULE 0.8 (Secrets SSoT): emits env VARIABLE NAMES only; storage path
  is secrets/auth.env per domain-has-secrets.md.
- Constructor Pattern: 6 files, largest 115 LOC (<200 limit).
- Fail-closed default + NO DOWNGRADE on unsafe combinations
  (passkey-only without recovery → return recovery-path options, not
  "not supported").

Evidence grade [E2] — pipeline mirrors OWASP ASVS v4.0.3 chapters 2–4.
 2026-04-21 20:47:21 +08:00
Parfii-bot
c10e169806 feat(skills): /schema-design 5-phase pipeline 
Hub-and-spoke skill that converts "I need a database for app X" into a
designed relational schema + first migration + optional seed.

Pipeline (5 phases, 9 AskUserQuestion calls total, pure-click after intake):
- Phase 1 — batched DB/ORM/scale/style/migration-control click
- Phase 2 — entity list + relations matrix (auto-junction tables)
- Phase 3 — generate DDL with indexes, FKs, constraints; review/revise loop
- Phase 4 — scaffold migrations/ + first timestamped migration + kei-migrate wiring
- Phase 5 — optional seed (smoke / rich / test fixtures / skip)

Cross-refs the five db-* blocks + the kei-migrate Rust primitive added in
commits f884891 and df85792 on this branch. Emits ENV-VAR NAMES only for
DATABASE_URL (RULE 0.8 secrets SSoT). Every file ≤ 121 LOC.
 2026-04-21 20:46:32 +08:00
Parfii-bot
56ddccfddb feat(skills): /test-matrix 5-phase pipeline 
Adds hub-and-spoke testing-matrix skill complementing /test-gen:
SKILL.md index + phase-1-intake (language/coverage/critical/CI),
phase-2-matrix (test-type × language multi-select), phase-3-scaffold
(config + corpus + fixtures per cell), phase-4-ci-wire (per-type
failure policy + artifacts), phase-5-triage (crash/regression runbook).
Cross-refs _blocks/test-fuzz.md, test-property.md, test-load.md,
test-e2e.md. Adds "complements" note to skills/test-gen/SKILL.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-21 20:46:02 +08:00
Parfii-bot
0d3b4efd30 feat(skills): /observability-setup 5-phase pipeline 2026-04-21 20:41:17 +08:00
Parfii-bot
ab70b8344d fix(audit-l): agent count drift in install.sh and compose-solution 
- L1: install.sh post-install banners '~14 generated agents' → '12 generated agents'
  (both the activated-path and the manual-merge-path copies).
- L2: skills/compose-solution/SKILL.md handoff reference '14 kit agents' → '12 kit agents'.
- L3: README /new-agent section rephrases 'via option-pickers' to call out that
  the 6 questions are grouped into multiple option-picker batches (two
  AskUserQuestion calls) rather than six separate prompts.
 2026-04-21 20:10:04 +08:00
Parfii-bot
d155afc554 fix(audit-m): tomd cache path-salt; bridges respects rollback; rollback rm-rf guard; placeholder URLs; research skill role-tag note; stack frontend-gap doc 
- M1 (RULE 0.4): replace fabricated URLs 'https://example.invalid/PROJECT-D'
  and 'https://…/PROJECT-D' with plain text ('user's personal CLI predecessor').
- M2: tomd-preread cache key = basename + mtime + 8-char shasum of full path,
  so two files with the same basename+mtime at different paths no longer
  collide. Portable shasum shim; falls back to 'nohash' if shasum absent.
- M3: install.sh --with-bridges gated on ROLLED_BACK=0 so bridges are NOT
  emitted into $PWD after an ERR-trap rollback.
- M4: rollback() guards rm -rf "$orig" behind an existence check.
- M5: skills/research/SKILL.md front-matter note — role tags like
  'web-researcher' / 'meta-critic' are ad-hoc prompt labels for the generic
  kei-researcher subagent, NOT separate manifests. Prevents fruitless
  grep in _manifests/.
- M6: README adds a 'Frontend-stack coverage gap' callout listing the
  planned-but-not-shipped frameworks (React-Vite, Vue-Nuxt, SvelteKit,
  Astro, Angular, plain-web).
- M7: no-hand-edit-agents.sh documents at case block that the GENERATED
  marker is the SOLE source of truth — legacy unmarked .md files pass
  silently by design; re-run the assembler to adopt them.
 2026-04-21 20:09:24 +08:00
Parfii-bot
a23cde32a8 fix(audit-h2,h3): remove bare-name bypass in compose-solution phase-2; backup settings.json in activate_hooks 
- phase-2-decompose.md: delete 'or researcher if that agent is present in the user's
  global fleet' clause that silently bypassed the kei-namespace. Replace with an
  explicit prefer-kei note warning that bare 'researcher' matches only the user's
  personal fleet and may have divergent handoffs.
- install.sh activate_hooks(): call backup_file "$target" on the merge path
  (after the 'create new' early-return) so ERR-trap rollback can restore the
  pre-merge settings.json. Previously an ERR in the jq-merge or mv left no
  backup pair to restore.
 2026-04-21 20:07:42 +08:00
Parfii-bot
a9abc6cace docs: primitives section + compose-solution phase-3/5 cross-refs 
- README.md: new 'Primitives' section between Cross-tool bridges and
  Meta-composer. Explains _primitives/ vs _blocks/, lists tomd, names
  the PreToolUse(Read) hook, notes /compose-solution auto-discovery
- phase-3-prior-art.md: extend grep target list to include _primitives/
- phase-5-architecture.md: one-paragraph note on referencing tomd
  primitive instead of rolling custom binary-format parsing (reuse
  over rewrite)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-21 19:45:20 +08:00
Parfii-bot
a103614c46 refactor(compose-solution): remove patent examples from phase files 
After merging feat/compose-solution, 3 phase files still referenced
patent-scale research / patent block suffix / sensitive IP question. Strip
those generic-kit-incompatible examples:
- phase-2-decompose.md: "patent-scale" → "deep-domain"
- phase-6-block-augment.md: "<slug>-patent" disambiguator → "<slug>-embedded"
- phase-7-assemble.md: drop sensitive IP from fields passed to new-agent wizard

Final grep for "patent" in main tree: zero hits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-21 19:13:02 +08:00
Parfii-bot
4e8542a0d5 Merge branch 'feat/compose-solution' into refactor/drop-restricted agents 2026-04-21 19:10:42 +08:00