@accelerationguy/accel 1.0.0

package/modules/radar/commands/status.md

@@ -0,0 +1,148 @@
+---
+name: radar:status
+description: Display current Radar audit state and progress
+allowed-tools: [Read, Glob, Grep]
+---
+
+<objective>
+Displays the current state of a Radar diagnostic audit without modifying anything. Shows phase-by-phase progress, finding counts, disagreement status, and suggests the next action.
+
+This is a read-only command — it never modifies .radar/ state or audit artifacts.
+
+If no active audit exists, reports that and suggests /radar:audit.
+</objective>
+
+<execution_context>
+<!-- Read-only command: no workflow delegation required -->
+</execution_context>
+
+<context>
+@.radar/STATE.md
+</context>
+
+<process>
+
+## Step 1: Check for Active Audit
+
+Check if .radar/STATE.md exists:
+
+- If NO:
+  ```
+  ════════════════════════════════════════
+  NO ACTIVE AUDIT
+  ════════════════════════════════════════
+
+  No .radar/ directory found in the current repository.
+
+  To start an audit, run: /radar:audit
+  ════════════════════════════════════════
+  ```
+  Exit.
+
+- If YES: proceed to Step 2
+
+## Step 2: Read Audit State
+
+Read .radar/STATE.md and extract all fields:
+- Audit info: target, started, current phase, status
+- Phase progress: per-phase status, agents, finding counts, timestamps
+- Summary: total findings, disagreements (open/resolved), domains covered
+- Resume info: last action, next action
+
+Also check the filesystem for additional context:
+- Count files in .radar/findings/*/ for actual finding counts
+- Count files in .radar/signals/*/ for signal counts
+- Check .radar/report/ existence for report status
+- Check .radar/review/ existence for adversarial review status
+
+## Step 3: Display Full Status
+
+```
+════════════════════════════════════════
+Radar AUDIT STATUS
+════════════════════════════════════════
+
+Target: [repository path]
+Started: [timestamp]
+Status: [in_progress / paused / complete]
+Radar Version: [from MANIFEST.md]
+
+────────────────────────────────────────
+PHASE PROGRESS
+────────────────────────────────────────
+
+┌───────┬──────────────────────────────┬──────────┬──────────┬──────────┬───────────┐
+│ Phase │ Name                         │ Status   │ Agents   │ Findings │ Completed │
+├───────┼──────────────────────────────┼──────────┼──────────┼──────────┼───────────┤
+│   0   │ Context & Threat Modeling    │ [status] │ [count]  │ -        │ [time]    │
+│   1   │ Automated Signal Gathering   │ [status] │ (tools)  │ -        │ [time]    │
+│   2   │ Deep Domain Audits           │ [status] │ [n of m] │ [count]  │ [time]    │
+│   3   │ Cross-Domain Synthesis       │ [status] │ [n of m] │ [count]  │ [time]    │
+│   4   │ Adversarial Review           │ [status] │ [count]  │ [count]  │ [time]    │
+│   5   │ Synthesis & Report           │ [status] │ [count]  │ -        │ [time]    │
+└───────┴──────────────────────────────┴──────────┴──────────┴──────────┴───────────┘
+
+────────────────────────────────────────
+SUMMARY
+────────────────────────────────────────
+
+Total findings: [N]
+  Critical: [N]  High: [N]  Medium: [N]  Low: [N]  Info: [N]
+Disagreements: [N] total (open: [N], resolved: [N])
+Domains covered: [N] of 14
+Sessions completed: [N]
+
+────────────────────────────────────────
+ESTIMATED REMAINING WORK
+────────────────────────────────────────
+
+[Show for each pending phase:]
+Phase [N] — [Name]: ~[N] session(s)
+
+Estimates per phase:
+  Phase 0: 1 session (single agent — Principal Engineer)
+  Phase 1: 1 session (tool orchestration — no reasoning agents)
+  Phase 2: 1-8 sessions (8 parallel domain specialists)
+  Phase 3: 1-2 sessions (2 sequential agents — Staff Engineer, Reality Gap Analyst)
+  Phase 4: 1 session (single agent — Devil's Advocate)
+  Phase 5: 1 session (single agent — Principal Engineer)
+
+Total estimated remaining: [N]-[M] sessions
+
+────────────────────────────────────────
+```
+
+Note: Session estimates are based on phase agent counts. Actual sessions may vary based on context budget and agent complexity. Only show remaining estimates for phases with status "pending" — omit completed and active phases from the estimate. Read Sessions count from .radar/STATE.md Session Tracking section (default to "-" if section missing).
+
+## Step 4: Suggest Next Action
+
+Based on the current state, suggest exactly one next action:
+
+| State | Suggestion |
+|-------|------------|
+| All phases complete, no report | "Run /radar:report to generate the final audit report." |
+| All phases complete, report exists | "Core audit complete. Run /radar:transform to start the remediation pipeline." |
+| A phase is active (in progress) | "Resume with /radar:resume to continue Phase [N]." |
+| A phase is pending (next in sequence) | "Resume with /radar:resume to start Phase [N]." |
+| Audit paused | "Resume with /radar:resume to continue from [last action]." |
+
+```
+────────────────────────────────────────
+NEXT ACTION
+────────────────────────────────────────
+
+▶ [suggested command and description]
+
+════════════════════════════════════════
+```
+
+</process>
+
+<success_criteria>
+- [ ] .radar/STATE.md read successfully
+- [ ] Phase progress displayed with accurate counts
+- [ ] Finding summary displayed with severity breakdown
+- [ ] Disagreement status displayed
+- [ ] Exactly one next action suggested based on current state
+- [ ] No state files modified (read-only command)
+</success_criteria>

package/modules/radar/commands/transform.md

@@ -0,0 +1,205 @@
+---
+name: radar:transform
+description: Initiate the full Radar Transform pipeline on a completed audit
+allowed-tools: [Read, Write, Edit, Bash, Glob, Grep, Task, AskUserQuestion]
+---
+
+<objective>
+Initiates the full Radar Transform pipeline (Phases 6-8) on a completed Core audit. Guides the user through scope selection, displays intervention level distribution and confidence information, and requires explicit confirmation before producing any Transform output.
+
+This is the master entry point for all Transform operations. For targeted operations, use /radar:remediate, /radar:playbook, or /radar:guardrails instead.
+
+Produces: Layer B remediation knowledge (playbooks, patterns, guardrails) and Layer C execution plans (change graph, risk scores, Drive project).
+</objective>
+
+<execution_context>
+@~/.claude/radar/transform/workflows/phase-6-remediation.md
+@~/.claude/radar/transform/workflows/phase-7-risk-validation.md
+@~/.claude/radar/transform/workflows/phase-8-execution-planning.md
+@~/.claude/radar/transform/workflows/transform-safety.md
+</execution_context>
+
+<context>
+@.radar/STATE.md
+@.radar/report/
+@.radar/findings/
+</context>
+
+<process>
+
+## Step 1: Check Prerequisites
+
+Check if .radar/report/ exists with completed Core audit:
+
+- If .radar/ does not exist:
+  ```
+  ════════════════════════════════════════
+  NO ACTIVE AUDIT
+  ════════════════════════════════════════
+
+  No .radar/ directory found. A completed Core audit is required
+  before Transform can run.
+
+  [1] Start new audit → runs /radar:audit
+  [2] Cancel
+  ════════════════════════════════════════
+  ```
+
+- If .radar/ exists but .radar/report/ is missing or incomplete:
+  ```
+  ════════════════════════════════════════
+  CORE AUDIT INCOMPLETE
+  ════════════════════════════════════════
+
+  Transform requires a completed Layer A record (all Core phases 0-5).
+
+  Current progress:
+    Phase 0 (Context): [status]
+    Phase 1 (Signals): [status]
+    Phase 2 (Domain Audits): [status]
+    Phase 3 (Cross-Domain): [status]
+    Phase 4 (Adversarial Review): [status]
+    Phase 5 (Report): [status]
+
+  [1] Resume audit to complete remaining phases → runs /radar:resume
+  [2] Cancel
+  ════════════════════════════════════════
+  ```
+
+- If Layer A complete: proceed to Step 2
+
+## Step 2: Analyze Transform Scope
+
+Read all findings from .radar/findings/ and compute:
+- Total finding count across all domains
+- Finding distribution by severity (critical/high/medium/low/info)
+- Confidence distribution across findings
+- Estimated playbook count
+- Maximum intervention level available (based on confidence distribution)
+
+Display:
+```
+════════════════════════════════════════
+Radar TRANSFORM — PIPELINE OVERVIEW
+════════════════════════════════════════
+
+Core Audit: Complete
+Findings: [N] across [M] domains
+
+Severity distribution:
+  Critical: [N]  High: [N]  Medium: [N]  Low: [N]  Info: [N]
+
+Confidence distribution:
+  High (4-5): [N] findings
+  Medium (3): [N] findings
+  Low (1-2): [N] findings
+
+Estimated playbook count: ~[N]
+Maximum intervention level: [Suggesting / Planning / Authorizing]
+════════════════════════════════════════
+```
+
+## Step 3: Select Transform Scope
+
+```
+════════════════════════════════════════
+TRANSFORM SCOPE
+════════════════════════════════════════
+
+[1] Full Transform — all findings, all phases (6-8) (recommended)
+[2] Selective — choose specific domains or severity levels
+[3] Playbooks only — Phase 6 only (remediation knowledge, no risk scoring or execution planning)
+[4] Cancel
+════════════════════════════════════════
+```
+
+If [2] (Selective) selected, present filter options:
+```
+Filter by:
+
+[1] Domain — select specific domains to remediate
+[2] Severity — minimum severity threshold (e.g., high and above)
+[3] Back
+```
+
+If domain filter: present domain checklist with finding counts per domain.
+If severity filter: present threshold selector (critical only / high+ / medium+ / all).
+
+## Step 4: Safety Confirmation
+
+Display intervention level information and require explicit confirmation:
+```
+════════════════════════════════════════
+SAFETY REVIEW
+════════════════════════════════════════
+
+Transform will produce remediation at these intervention levels:
+
+  Suggesting:  [N] findings — advisory only, no changes proposed
+  Planning:    [N] findings — specific changes proposed, human review required
+  Authorizing: [N] findings — changes ready for execution with approval
+
+Confidence summary:
+  [N] findings have high confidence (reliable remediation)
+  [N] findings have medium confidence (review recommended)
+  [N] findings have low confidence (will be capped at Suggesting level)
+
+IMPORTANT: Radar Transform produces plans only. No changes will
+be applied to your codebase without explicit execution through Drive.
+
+[1] Confirm — proceed with Transform (recommended)
+[2] Modify scope
+[3] Cancel
+════════════════════════════════════════
+```
+
+If [1]: proceed to Step 5
+If [2]: return to Step 3
+If [3]: exit
+
+## Step 5: Execute Transform Pipeline
+
+1. Update .radar/STATE.md with Transform initiation
+2. Delegate to phase-6-remediation workflow (Layer B: playbooks + patterns)
+3. After Phase 6 completes:
+   - If scope includes Phases 7-8: delegate to phase-7-risk-validation workflow
+   - If playbooks-only scope: skip to Step 6
+4. After Phase 7 completes: delegate to phase-8-execution-planning workflow (Layer C)
+5. Transform safety workflow is invoked automatically by each phase workflow at safety checkpoints
+
+## Step 6: Transform Complete
+
+```
+════════════════════════════════════════
+TRANSFORM COMPLETE
+════════════════════════════════════════
+
+Layer B — Remediation Knowledge:
+  Playbooks: [N] in .radar/remediation/playbooks/
+  Patterns: [N] in .radar/remediation/patterns/
+  Guardrails: .radar/remediation/guardrails/
+
+Layer C — Execution Planning:
+  Change graph: .radar/execution/change-graph.yaml
+  Risk scores: .radar/execution/risk-scores.yaml
+  Drive project: .radar/execution/drive-project/
+
+Next steps:
+  - Review playbooks in .radar/remediation/playbooks/
+  - Review guardrails in .radar/remediation/guardrails/
+  - Execute remediation via Drive using .radar/execution/drive-project/
+
+════════════════════════════════════════
+```
+
+</process>
+
+<success_criteria>
+- [ ] Layer A prerequisite validated (Core audit complete)
+- [ ] Transform scope selected and confirmed by user
+- [ ] Intervention levels and confidence displayed before any output
+- [ ] Explicit user confirmation obtained before Transform proceeds
+- [ ] Transform workflows delegated to in correct sequence (6 → 7 → 8)
+- [ ] Transform output locations clearly communicated
+- [ ] Cancellation available at every decision point
+</success_criteria>

package/modules/radar/commands/validate.md

@@ -0,0 +1,177 @@
+---
+name: radar:validate
+description: Test Radar tool installation and framework integrity
+allowed-tools: [Read, Bash, Glob, Grep]
+---
+
+<objective>
+Tests the Radar installation by verifying framework files, slash commands, and each OSS analysis tool. Reports pass/fail per component with troubleshooting guidance for any failures.
+
+This is a read-only command — it never modifies files or installs anything. Safe to run anytime.
+</objective>
+
+<execution_context>
+<!-- Read-only command: no workflow delegation required -->
+</execution_context>
+
+<context>
+@.radar/STATE.md
+</context>
+
+<process>
+
+## Step 1: Check Framework Installation
+
+Verify the Radar framework is installed:
+
+1. Check `~/.claude/radar/` exists:
+   - If YES: count files in key subdirectories (domains/, schemas/, rules/, tools/, core/, transform/)
+   - If NO: report "Framework not installed" and suggest `install.sh`
+
+2. Check `~/.claude/commands/radar/` exists:
+   - If YES: list command files, count them
+   - If NO: report "Commands not installed" and suggest `install.sh`
+
+Record results for summary.
+
+## Step 2: Test Each OSS Tool
+
+For each tool, run the appropriate version/detection command. Handle multiple installation methods (PATH, venv, Docker).
+
+**Tool checks in order:**
+
+### Semgrep
+```bash
+# Try PATH first
+semgrep --version 2>/dev/null
+# Fallback: check venv
+~/.local/share/radar/venvs/semgrep/bin/semgrep --version 2>/dev/null
+```
+- Pass: report version number and location (PATH or venv)
+- Fail: "Semgrep not found. Re-run install.sh or: python3 -m venv ~/.local/share/radar/venvs/semgrep && ~/.local/share/radar/venvs/semgrep/bin/pip install semgrep"
+
+### Trivy
+```bash
+trivy --version 2>/dev/null
+```
+- Pass: report version
+- Fail: "Trivy not found. Re-run install.sh or visit https://aquasecurity.github.io/trivy"
+
+### SonarQube
+```bash
+# Check 1: Native scanner CLI
+sonar-scanner --version 2>/dev/null
+
+# Check 2: Docker scanner image
+docker image inspect sonarsource/sonar-scanner-cli >/dev/null 2>&1
+
+# Check 3: Docker server container
+docker ps --filter "ancestor=sonarqube:community" --format "{{.Names}}" 2>/dev/null
+
+# Check 4: Localhost server
+curl -s -o /dev/null -w "%{http_code}" http://localhost:9000/api/system/status 2>/dev/null
+```
+- Pass if ANY check succeeds: report which mode detected (native CLI / Docker scanner / Docker server / localhost)
+- Fail: "SonarQube not detected. Options: Docker (docker pull sonarqube:community) or SonarQube Cloud (sonarcloud.io). Re-run install.sh for guided setup."
+
+### Gitleaks
+```bash
+gitleaks version 2>/dev/null
+```
+- Pass: report version
+- Fail: "Gitleaks not found. Re-run install.sh or visit https://github.com/gitleaks/gitleaks"
+
+### Checkov
+```bash
+# Try PATH first
+checkov --version 2>/dev/null
+# Fallback: check venv
+~/.local/share/radar/venvs/checkov/bin/checkov --version 2>/dev/null
+```
+- Pass: report version and location
+- Fail: "Checkov not found. Re-run install.sh or: python3 -m venv ~/.local/share/radar/venvs/checkov && ~/.local/share/radar/venvs/checkov/bin/pip install checkov"
+
+### Syft
+```bash
+syft version 2>/dev/null
+```
+- Pass: report version
+- Fail: "Syft not found. Re-run install.sh or: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b ~/.local/bin"
+
+### Grype
+```bash
+grype version 2>/dev/null
+```
+- Pass: report version
+- Fail: "Grype not found. Re-run install.sh or: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ~/.local/bin"
+
+### Git (built-in)
+```bash
+git --version 2>/dev/null
+```
+- Pass: report version (should always pass)
+- Fail: "Git not found — this is unexpected. Install git for your platform."
+
+## Step 3: Check Project State (if applicable)
+
+If `.radar/STATE.md` exists in the current directory:
+1. Read STATE.md
+2. Report project status:
+   ```
+   Project: {repo-name}
+   Status: {overall status}
+   Phase: {current phase}
+   ```
+3. Note which tools the project's audit is configured to use (if audit has started)
+
+If no `.radar/`: skip this section silently.
+
+## Step 4: Display Validation Report
+
+```
+════════════════════════════════════════
+Radar Validation Report
+════════════════════════════════════════
+
+Framework:
+  {✓/✗} ~/.claude/radar/         ({N} files)
+  {✓/✗} ~/.claude/commands/radar/ ({M} commands)
+
+Tools:
+  {✓/✗} semgrep       {version}  {(venv) if applicable}
+  {✓/✗} trivy          {version}
+  {✓/✗} sonarqube      {mode: native/docker/localhost}
+  {✓/✗} gitleaks       {version}
+  {✓/✗} checkov        {version}  {(venv) if applicable}
+  {✓/✗} syft           {version}
+  {✓/✗} grype          {version}
+  {✓/✗} git            {version}  (built-in)
+
+Result: {pass_count}/{total} tools available
+
+{If any failures:}
+────────────────────────────────────────
+Troubleshooting:
+
+  {tool}: {specific fix instruction}
+  {tool}: {specific fix instruction}
+
+General: Re-run install.sh to fix most issues.
+────────────────────────────────────────
+
+{If .radar/ exists:}
+Project: {repo-name} — {status}
+
+════════════════════════════════════════
+```
+
+</process>
+
+<success_criteria>
+- [ ] Framework installation verified (files + commands)
+- [ ] All 7 OSS tools + git tested with version commands
+- [ ] Venv-installed tools checked at both PATH and venv locations
+- [ ] Docker-based SonarQube detected via image/container/localhost
+- [ ] Clear pass/fail per tool with troubleshooting for failures
+- [ ] Project state shown if .radar/ exists
+</success_criteria>