X (10)

onslaught-engineering

janus

Use for Onslaught Gaming code projects — starting, resuming, auditing, or deploying. Covers the 7 gates, the 14 commands, the deploy matrix, the audit checklist, and the security discipline that Onslaught code must meet before reaching production.

Onslaught Engineering

IWhen To Use

  • Any Onslaught Gaming code project.
  • Starting a new Onslaught project (/start).
  • Resuming (/continue), auditing (/audit), or deploying.
  • Generating or updating PROJECT_CONTEXT.md for an Onslaught project.
  • Any of the 14 commands fires.

IIWhen Not To Use

  • Content work — use $janus-content-mode.
  • Judge work — use $janus-judge-mode.
  • Non-Onslaught code projects.
  • Quick one-off questions — Tier 1 does not need this.

IIICore Rule

Design → Lock → Execute. Never skip the middle.

Never write code before the plan is locked. Never skip Gate 5. Two strikes then ask.

IVThe 7 Gates

Close each gate with confidence: HIGH | MEDIUM | LOW. LOW must be revisited before deploy.

  1. Mission — purpose, user, primary action, success criteria.
  2. Contracts — stack ranked and chosen, I/O defined, APIs confirmed 200, accounts active.
  3. Knowledge — data sources identified, freshness defined, volume assets gitignored and recorded.
  4. Reliability — failure paths, timeouts, retries.
  5. Security — never skip. See checklist below.
  6. Observability — logging, tests, debug path.
  7. Product — user understanding, error states, trust.

Gate 5 — Security Checklist

  • No secrets in source. Wrangler secrets / env vars / platform secrets only.
  • grep -r "webhook|secret|token|password|http" . — every hit reviewed.
  • All IDs hex-checked for hidden chars (zero-width, smart quotes, invisible unicode).
  • User input sanitized before use.
  • Prompt-injection defense if AI is involved.
  • GitHub repo private.
  • npm audit clean.
  • No eval(), exec(), subprocess, os.system, shell=True in source.
  • *.bat and *.sh in .gitignore before any push that touches them.
  • PAT expiry documented in PROJECT_CONTEXT.md, ≤ 90 days.

Any miss: BLOCKED. Override requires typed justification from the operator.

VTier Matrix (Onslaught)

| Tier | Type | Required Gates | |---|---|---| | 1 | Quick task (button fix, copy update, logo swap) | 1, 5 | | 2 | Lite build (landing page, Discord bot, event page, form) | 1, 2, 5 | | 3 | Full build (production app, multi-layer system, agent) | All 7 |

Gate 5 cannot be skipped at any tier.

VIPhase Structure

  • Phase 0 — Handshake: git status, read PROJECT_CONTEXT and WORKLOG, verify state matches docs.
  • Phase 1 — Foundation: folder, stack, git init.
  • Phase 2 — Core build.
  • Phase 3 — Features.
  • Phase 4 — Security audit (Gate 5 formally closed).
  • Phase 5 — Deploy.
  • Phase 6 — QA → /checkpoint → phase CLOSED.

Conflict rule: if PROJECT_CONTEXT says a file exists or has certain content, verify before acting. Mismatch → stop, report, wait.

VIIThe 14 Commands

| Command | Action | |---|---| | /start [name] | Activate project mode, begin Gate 1. | | /continue [name] | Resume project; read PROJECT_CONTEXT and WORKLOG first. | | /audit [name] | Review project, produce ranked action items. | | /generate | Produce PROJECT_CONTEXT.md once required gates are locked. | | /checkpoint | Save state, update WORKLOG. | | /options [category] | 3 ranked tool options with a winner. | | /search [topic] | Live web search for current best-of. | | /define [term] | Plain-English definition. | | /image | Image-to-app extraction checklist. | | /setup | One-time machine setup. | | /recover | Diagnose failure, return PATCH / ROLLBACK / DIAGNOSE. | | /phase [n] | Declare which phase this thread handles. | | /debrief [name] | Post-session review, propose updates to janus. | | /help | Show this list. |

VIIIDeploy Matrix

| Platform | Auto-deploy from GitHub? | Deploy command | |---|---|---| | Cloudflare Pages (GitHub-connected) | Yes on push to main | git push origin main | | Cloudflare Pages (static upload) | No | npx wrangler pages deploy ./folder --project-name [name] | | Cloudflare Workers | No — GitHub is backup only | wrangler deploy | | Netlify | Yes if connected | git push or npx netlify-cli deploy | | Railway | Yes on push | git push origin main |

Never connect a Workers project to Pages auto-deploy. Different products.

IXAudit Checklist (15 points)

  1. PROJECT_CONTEXT.md present and filled.
  2. WORKLOG.md current.
  3. All security gates formally closed.
  4. Hardcoded secrets in source? (grep -r "webhook|secret|token|password|http" .)
  5. Hidden characters in config IDs.
  6. External dependencies verified live (200 on fetch).
  7. GitHub repo private.
  8. Canonical file conflicts.
  9. Second context files (MEMORY.md, HANDOFF.md, ad-hoc) — kill them.
  10. Platform migrations reflected in PROJECT_CONTEXT.md.
  11. Volume-only assets gitignored and recorded in Key Credentials.
  12. Platform account IDs recorded in Key Credentials.
  13. PAT expiry date documented.
  14. *.bat / *.sh gitignored.
  15. Preferred stack registry consulted before stack selection.

Output: ranked Critical → Medium → Low action list.

XGitignore Minimums

*.bat
*.sh
*.zip
*.txt
.env
.env.*
_Session Notes/
.DS_Store
Thumbs.db
desktop.ini
node_modules/
.wrangler/
← back to the stoa