check in current worktree snapshot

Author: jmbish04

.agent/rules/ai-provider-standards.md

@@ -1,20 +1,64 @@
-# Rule: AI Provider Standards (Antigravity)
-
-## 1. Zod Supremacy
-- Every structured AI call (`generateStructuredResponse`, `generateStructuredWithTools`) MUST accept a `z.ZodType<T>` payload.
-- Weak interfaces (`any` or `Record<string, unknown>`) are forbidden for output generation.
-- Use `zod-to-json-schema` to natively pipe the schema into the payload's `response_format` for supported compat endpoints.
-- Always call `schema.parse(rawParsed)` on the final JSON result to guarantee structural integrity.
-
-## 2. Universal File Context
-- Any method ending in `*FromFiles` must handle payloads consisting of `FileInput` objects (`{ name, type, data, isBase64 }`).
-- Providers with native file processing (e.g., Gemini's `inlineData`) should construct standard multi-part arrays.
-- Providers without native large-file limits (e.g., Worker AI) MUST use the transparent Vectorize RAG chunking algorithm if the total string length exceeds 6,000 characters to prevent hitting input limits.
-
-## 3. Jules SDK Integration
-- Since Jules operates via long-running chat streams, large structured responses should be handled by getting broad context from Jules, and piping its output into `worker-ai` `generateStructuredResponse` to enforce strict formatting.
-- Explicit reasoning and agent orchestration features (`analyzeRepo`, `completeTask`, `createPlan`) should exclusively utilize Jules.
-
-## 4. No Vercel AI SDK
-- Under no circumstances will you import `ai` or `@ai-sdk/`. It has been banned due to edge runtime parsing inconsistencies on Workers. 
-- Use the native `fetch` API against the Cloudflare AI Gateway instead.
+# AI Provider Standards
+
+## URL Construction (CRITICAL)
+
+**NEVER** manually construct AI Gateway URLs or append endpoint paths. Use `AIGateway.getBaseUrl()` with the `endpoint` option — it returns the **full URL** ready for `fetch()`.
+
+```typescript
+// ✅ CORRECT — endpoint specified, baseUrl is the complete URL
+const { baseUrl } = await AIGateway.getBaseUrl(env, { provider: 'openai', endpoint: 'chat' });
+const res = await fetch(baseUrl, { ... });
+
+// ✅ CORRECT — raw base for Gemini's custom native path
+const { baseUrl } = await AIGateway.getBaseUrl(env, { provider: 'gemini' });
+const res = await fetch(`${baseUrl}/v1beta/models/${model}:generateContent`, { ... });
+
+// ❌ FORBIDDEN — manual path appending defeats centralization
+const { baseUrl } = await AIGateway.getBaseUrl(env, { provider: 'openai' });
+const res = await fetch(`${baseUrl}/v1/chat/completions`, { ... });
+```
+
+### Endpoint Options
+- `endpoint: 'chat'` → appends `/v1/chat/completions`
+- `endpoint: 'models'` → appends `/v1/models`
+- No endpoint → raw gateway URL (for Gemini native path only)
+
+## Authentication
+
+- **BYOK Mode** (`AI_GATEWAY_TOKEN` set): Only send `cf-aig-authorization: Bearer {token}`. Do NOT send `Authorization` header — the gateway injects stored provider keys.
+- **Direct Mode** (`AI_GATEWAY_TOKEN` absent): Send `Authorization: Bearer {apiKey}` as usual.
+
+## Imports
+
+- **Canonical**: `import { AIGateway } from '@/ai/providers/ai-gateway'`
+- **Legacy re-export**: `@/ai/utils/ai-gateway` still works but is deprecated
+
+## Logging
+
+All AI providers MUST use the `Logger` class from `src/lib/logger.ts` (NOT raw `console.log`/`console.error`).
+
+> See `.agent/rules/traceability-logging.md` for full enforcement rules.
+
+Standard source overrides:
+
+| Provider | Source Override |
+|----------|----------------|
+| AI Gateway | `'AIGateway'` |
+| Workers AI | `'WorkerAI'` |
+| OpenAI | `'OpenAI'` |
+| Anthropic | `'Anthropic'` |
+| Gemini | `'Gemini'` |
+| Router | `'AIRouter'` |
+| Health | `'GatewayHealth'` |
+| Diagnostician | `'Diagnostician'` |
+
+## Provider Files
+
+| Provider | File | Status |
+|----------|------|--------|
+| Gateway | `src/ai/providers/ai-gateway.ts` | Source of truth |
+| Config | `src/ai/providers/config.ts` | Model resolution only — NO gateway URLs |
+| Workers AI | `src/ai/providers/worker-ai.ts` | Uses gateway client |
+| OpenAI | `src/ai/providers/openai.ts` | Uses gateway client |
+| Anthropic | `src/ai/providers/anthropic.ts` | Uses gateway client |
+| Gemini | `src/ai/providers/gemini.ts` | Uses native client via `getBaseUrl()` |

.agent/rules/ai-providers.md

@@ -1,12 +1,49 @@
 # Protocol: AI Provider Routing & Resolution
 
-**MANDATORY IMPORT PATH**: Agents must _always and exclusively_ import AI functions from `@/ai/providers`.
-**FORBIDDEN IMPORTS**: It is _never_ acceptable to import directly from specific provider files (e.g., `ai/providers/openai`, `ai/providers/gemini`) or the index file explicitly (e.g., `ai/providers/index`).
+**`@/ai/providers/index.ts`** is the **single public API** for all AI generation.
 
-**FUNCTION USAGE**: When using functions like `generateText`, `generateStructuredResponse`, etc., the agent should specify the `provider` and `model` arguments when known.
+## Mandatory Import Path
 
-**FALLBACK BEHAVIOR**:
+Callers must _always and exclusively_ import AI functions from `@/ai/providers`:
 
-- If no provider or model is provided by the caller, the system relies on the `index.ts` routing to default to `worker-ai`, which then utilizes its internal business logic to select the correct fallback model.
-- Similarly, if a provider is specified but no model is provided, the specific provider module's logic determines the default model.
-- Agents should not hardcode default models unless explicitly required by the business logic.
+```typescript
+// ✅ CORRECT
+import { generateText, generateStructuredResponse } from "@/ai/providers";
+const result = await generateText(env, prompt, system);
+
+// ❌ FORBIDDEN — pre-resolving provider/model
+import { resolveDefaultAiProvider, resolveDefaultAiModel } from "@/ai/agents/support/agent-ai";
+const provider = resolveDefaultAiProvider(env);
+const model = resolveDefaultAiModel(env, provider);
+const result = await AIGateway.runTextWithFallback(env, provider, model, system, prompt);
+
+// ❌ FORBIDDEN — direct provider imports
+import { generateText } from "@/ai/providers/openai";
+
+// ❌ FORBIDDEN — config imports in external code
+import { resolveDefaultAiModel } from "@/ai/providers/ai-gateway/config";
+```
+
+## Resolution Behavior
+
+- If **no provider or model** is passed, the system defaults to `worker-ai` via `resolveInvocation()`.
+- If a **provider** is specified but no model, the default model for that provider is resolved internally.
+- If a **model** is specified via `AIOptions.model`, it is passed through; provider defaults to `worker-ai`.
+
+## Forbidden Imports (External Code)
+
+External code (routes, services, automations, workflows) must **NEVER** import:
+
+1. `resolveDefaultAiProvider` or `resolveDefaultAiModel` from anywhere
+2. `AIGateway` class directly
+3. Individual provider modules (`@/ai/providers/openai`, `@/ai/providers/gemini`, etc.)
+4. `@/ai/providers/ai-gateway/config`
+
+## Allowed Exceptions
+
+These files are **internal** to the AI subsystem and may import resolvers:
+
+- `ai/agents/support/inference.ts` — internal agent helpers
+- `ai/agents/support/agent-ai.ts` — legacy compat layer
+- `ai/agents/runtime/openai.ts` — Agent SDK compat shim
+- `routes/api/agents/models.ts` — model listing endpoint (needs `resolveDefaultAiModel` for defaults display)

.agent/rules/error-handling.md

@@ -7,9 +7,25 @@ When an error occurs anywhere in the stack, we must ensure it is persistently lo
 Whenever a backend tool, AI agent, or API action fails, you **MUST** record the failure into the D1 `system_logs` table.
 
 - **Import the Logger**: `import { Logger } from '@/lib/logger'` 
-- **Initialize**: `const logger = new Logger(env, 'ContextName');`
-- **Record**: `logger.error("Description", { details: error.message, ...context })`
-- **Mandatory Flush**: Call `await logger.flush()` before the request terminates to commit the array of logs to the database.
+- **Initialize**: 
+  ```typescript
+  import { Logger } from '@/lib/logger';
+  // Example inside a class
+  constructor(protected readonly env: Env, loggerNamespace = 'orchestration/base') {
+    this.logger = new Logger(env, loggerNamespace);
+  }
+  ```
+- **Record**: `this.logger.error("Description", { details: error.message, ...context })`
+- **Mandatory Flush**: Call `await this.logger.flush()` before the request terminates to commit the array of logs to the database.
+
+### No Error Truncation (Strictly Enforced)
+We never want to truncate error messages or inputs. Truncated data hides root causes and is useless for debugging.
+
+```typescript
+❌ this.logger.debug(`Running orchestration for: ${input.slice(0, 100)}...`); // we never want to truncate the error message, why would that be helpful when debugging? it wouldnt. 
+
+✅ this.logger.debug(`Running orchestration for: ${input}`);
+```
 
 ## 2. Frontend Error UI (Shadcn + Copy)
 When a frontend component catches an error, you **MUST** pass the literal error string to the centralized error service. This service invokes a Shadcn Sonner toast that includes the raw error stack and a "Copy to Clipboard" button.
@@ -28,7 +44,12 @@ When a frontend component catches an error, you **MUST** pass the literal error
       handleGlobalError(err);
   }
   ```
-- **Forbidden**: Do not use `console.error(err)` or raw `toast.error()` directly for system or API errors. Do not write local `<Alert variant="destructive">` blocks for API failures unless it's a localized form validation constraint. Use `handleGlobalError()` exclusively, which handles deduplication and backend metric dispatching automatically.
+- **Forbidden**: Do not use `console.error(err)` or raw `toast.error()` directly for system or API errors. Do not write local `<Alert variant="destructive">` blocks for API failures unless it's a localized form validation constraint. Use `handleGlobalError()` exclusively, which handles deduplication and backend metric dispatching automatically. This is strictly enforced and mandatory.
+
+  ```tsx
+  import { handleGlobalError } from "@/lib/error-handler";
+  handleGlobalError(`Failed to apply decision. ${res}`);
+  ```
 
 ## 3. Strict Passthrough
 Agents must ensure that backend routes return the actual error string generated by the failed service (e.g. GitHub API 404s, Stripe 402s). 

.agent/rules/globals.md

@@ -1,4 +1,15 @@
-# Rule: Global Env Type Enforcement
+---
+trigger: always_on
+---
+
+# Rule: Global Env Type and Hono Bindings Enforcement
+
+
+- **Strict Prohibition**: You are forbidden from using `import { Bindings } from '@utils/hono';`.
+- **Global Context**: The `Env` type is generated by `wrangler types` and made global via `tsconfig.json`. 
+- **Usage Pattern**:
+  - ✅ `const app = new Hono<{ Bindings: Env }>();`
+  - ❌ `import { Bindings } ... const app = new Hono<{ Bindings: Bindings }>();`
 
 ## 1. Global Definition
 

.agent/rules/infrastructure-standards.md

@@ -0,0 +1,9 @@
+# Infrastructure & Package Management Standards
+
+- **Package Manager**: `pnpm` is the mandatory package manager for this project.
+- **CLI Execution**: 
+    - Never use `npx`. 
+    - Always use `pnpm dlx wrangler@latest` for Cloudflare Workers/Pages interactions to prevent version mismatch.
+    - Use `pnpm exec` for locally installed binary execution that does not require the `@latest` check.
+- **Configuration**: The `.npmrc` file must remain clean of keys that cause warnings in standard Node.js environments.
+- **Agent Awareness**: All implementation plans generated by the agent must default to `pnpm` commands.

.agent/rules/stitch-loop-next-prompt.md

@@ -0,0 +1,65 @@
+---
+trigger: always_on
+---
+
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "title": "Stitch Baton Prompt Schema",
+  "description": "Schema for the .stitch/next-prompt.md file to ensure agent compliance with the Monolith Design System.",
+  "type": "object",
+  "required": ["page", "status", "prompt_content"],
+  "properties": {
+    "page": {
+      "type": "string",
+      "description": "The target filename without extension (e.g., 'dashboard'). Must exist in SITE.md."
+    },
+    "status": {
+      "type": "string",
+      "enum": ["todo", "in-progress", "review", "done"],
+      "default": "todo"
+    },
+    "prompt_content": {
+      "type": "object",
+      "required": ["description", "design_system", "page_structure", "technical_requirements"],
+      "properties": {
+        "description": {
+          "type": "string",
+          "description": "One-line purpose with vibe keywords (Brutalist, Obsidian, Tonal, Asymmetric)."
+        },
+        "design_system": {
+          "type": "object",
+          "description": "Strict adherence to DESIGN.md Section 6.",
+          "required": ["constraints", "palette"],
+          "properties": {
+            "constraints": {
+              "type": "array",
+              "items": { "type": "string" },
+              "default": [
+                "Strict No-Line Rule: Forbidden to use 1px solid borders for containment.",
+                "System-First Interface: NO user icons or profiles anywhere.",
+                "No Search: Layout must be intuitive enough that search inputs are unnecessary.",
+                "Collapsible Sidebar: The shadcn/ui sidebar must be available and collapsible on every page."
+              ]
+            },
+            "palette": {
+              "type": "string",
+              "default": "Zinc Dark / Obsidian scale using OKLCH(0.145 0 0) background."
+            }
+          }
+        },
+        "page_structure": {
+          "type": "array",
+          "description": "Numbered sections to build.",
+          "items": { "type": "string" },
+          "minItems": 3
+        },
+        "technical_requirements": {
+          "type": "array",
+          "description": "Specific Shadcn components or Cloudflare bindings.",
+          "items": { "type": "string" },
+          "default": ["shadcn/ui Sidebar (Collapsible)", "assistant-ui Thread (if applicable)"]
+        }
+      }
+    }
+  }
+}

.agent/rules/traceability-logging.md

@@ -0,0 +1,81 @@
+# Rule: Mandatory Traceability & Structured Logging
+
+## Core Mandate (Non-Negotiable)
+
+**ALL backend code MUST use the `Logger` class from `src/lib/logger.ts` for logging.** This class outputs structured JSON to console AND mirrors every log entry to D1 (`system_logs` table) for persistence and auditability.
+
+### Forbidden Patterns
+
+```typescript
+// ❌ FORBIDDEN — raw console calls bypass D1 mirroring
+console.log("something happened");
+console.error("something failed:", error);
+console.warn("warning");
+
+// ❌ FORBIDDEN — truncating error messages or inputs hides root cause
+this.logger.debug(`Running orchestration for: ${input.slice(0, 100)}...`); 
+logger.error(`failed`, { body: errBody.substring(0, 200) });
+```
+
+### Required Pattern
+
+```typescript
+import { Logger } from '@/lib/logger';
+
+// ✅ CORRECT — Logger instance per class, with source override
+constructor(protected readonly env: Env, loggerNamespace = 'orchestration/base') {
+  this.logger = new Logger(env, loggerNamespace);
+}
+this.logger.debug(`Running orchestration for: ${input}`);
+this.logger.error('Operation failed', { error: error.message, stack: error.stack, responseBody: fullBody });
+await this.logger.flush(); // MUST flush before returning or throwing
+```
+
+### Full Error Bodies (MANDATORY)
+
+When logging error responses or inputs, you MUST log the **complete** string or error body. Truncating with `.slice()`, `.substring()`, or any other method is **strictly forbidden**. Truncated strings are useless for debugging and hide root causes.
+
+```typescript
+// ❌ WRONG
+this.logger.debug(`Running orchestration for: ${input.slice(0, 100)}...`); 
+const body = await res.text();
+logger.error('API failed', { body: body.slice(0, 200) });
+
+// ✅ CORRECT
+this.logger.debug(`Running orchestration for: ${input}`);
+const body = await res.text();
+logger.error('API failed', { status: res.status, body });
+```
+
+## Agent Evaluation Duty (MANDATORY)
+
+Every time an agent evaluates, reviews, modifies, or creates code, it MUST also evaluate:
+
+1. **Traceability Coverage**: Does every significant code path (entry points, error handlers, external API calls, state transitions) have adequate logging?
+2. **Logger Usage**: Is the code using `Logger` from `src/lib/logger.ts`? If it uses raw `console.log`/`console.error`/`console.warn`, the agent MUST migrate it.
+3. **Error Completeness**: Are error messages logged in full, without `.slice()`, `.substring()`, or truncation?
+4. **Flush Discipline**: Is `await logger.flush()` called before every early return, throw, or function exit in error paths?
+
+### When to Add Logging
+
+- **New features**: Every public function must log entry with key parameters
+- **Error handlers**: Every `catch` block must log the full error with stack trace
+- **External calls**: Every `fetch()` to an external API must log the request (URL, method) and response (status, body on failure)
+- **State transitions**: Workflow steps, agent state changes, and provider switches must be logged
+
+### Standard Source Overrides
+
+| Component | Source Override |
+|-----------|----------------|
+| AI Gateway | `'AIGateway'` |
+| Workers AI | `'WorkerAI'` |
+| OpenAI | `'OpenAI'` |
+| Anthropic | `'Anthropic'` |
+| Gemini | `'Gemini'` |
+| AI Router | `'AIRouter'` |
+| Gateway Health | `'GatewayHealth'` |
+| Diagnostician | `'Diagnostician'` |
+| Webhook handler | `'Webhooks'` |
+| Health checks | `'HealthCheck'` |
+| MCP tools | `'MCP:<ToolName>'` |
+| Workflows | `'Workflow:<Name>'` |