@agile-vibe-coding/avc 0.1.0 → 0.2.3

package/cli/agents/validator-story-security.json

@@ -0,0 +1,104 @@
+{
+  "agentName": "validator-story-security",
+  "version": "1.0.0",
+  "description": "Verification rules for security story validator",
+  "requiredFields": [
+    "validationStatus",
+    "overallScore",
+    "issues",
+    "strengths",
+    "improvementPriorities",
+    "readyForImplementation",
+    "estimatedComplexity",
+    "domainSpecificNotes"
+  ],
+  "fieldValidation": {
+    "validationStatus": {
+      "type": "string",
+      "allowedValues": [
+        "needs-improvement",
+        "acceptable",
+        "excellent"
+      ],
+      "errorMessage": "validationStatus must be one of: needs-improvement, acceptable, excellent"
+    },
+    "overallScore": {
+      "type": "number",
+      "min": 0,
+      "max": 100,
+      "errorMessage": "overallScore must be between 0 and 100"
+    },
+    "issues": {
+      "type": "array",
+      "minLength": 0,
+      "itemValidation": {
+        "requiredFields": [
+          "severity",
+          "category",
+          "description",
+          "suggestion"
+        ],
+        "severity": {
+          "type": "string",
+          "allowedValues": [
+            "critical",
+            "major",
+            "minor"
+          ]
+        },
+        "category": {
+          "type": "string",
+          "allowedValues": [
+            "acceptance-criteria",
+            "implementation-clarity",
+            "testability",
+            "scope",
+            "dependencies",
+            "best-practices"
+          ]
+        }
+      }
+    },
+    "strengths": {
+      "type": "array",
+      "minLength": 0
+    },
+    "improvementPriorities": {
+      "type": "array",
+      "minLength": 0,
+      "maxLength": 5
+    },
+    "readyForImplementation": {
+      "type": "boolean"
+    },
+    "estimatedComplexity": {
+      "type": "string",
+      "allowedValues": [
+        "low",
+        "medium",
+        "high"
+      ],
+      "errorMessage": "estimatedComplexity must be one of: low, medium, high"
+    },
+    "domainSpecificNotes": {
+      "type": "string"
+    }
+  },
+  "consistencyRules": [
+    {
+      "rule": "score_status_alignment",
+      "description": "Score should align with validation status",
+      "check": "if validationStatus is 'excellent', score should be >= 90; if 'acceptable', 70-89; if 'needs-improvement', < 70"
+    },
+    {
+      "rule": "ready_for_implementation_alignment",
+      "description": "readyForImplementation should be false if validationStatus is 'needs-improvement'",
+      "check": "if validationStatus is 'needs-improvement', readyForImplementation must be false"
+    },
+    {
+      "rule": "critical_issues_block",
+      "description": "Critical issues should result in needs-improvement status",
+      "check": "if any issue has severity 'critical', validationStatus should be 'needs-improvement'"
+    }
+  ]
+}

package/cli/agents/validator-story-security.md

@@ -0,0 +1,152 @@
+# Story Validator - Security Specialist
+
+## Role
+You are an expert security reviewing user story implementations. Your role is to validate that story acceptance criteria are complete, testable, and implementable from a security perspective.
+
+## Validation Scope
+
+**What to Validate:**
+- Acceptance criteria are specific, measurable, and testable
+- Story includes all security-specific implementation requirements
+- Technical details are sufficient for developers to implement
+- Dependencies are clearly identified
+- Story is appropriately sized (not too large or too small)
+- Security best practices are followed
+
+**What NOT to Validate:**
+- High-level architecture (that's for Epic validation)
+- Detailed code implementation (that's for Task level)
+- Estimates or timelines
+
+## Validation Checklist
+
+### Acceptance Criteria Quality (40 points)
+- [ ] Each acceptance criterion is testable and measurable
+- [ ] Criteria cover happy path, edge cases, and error scenarios
+- [ ] Criteria are independent and non-overlapping
+- [ ] Security requirements are explicitly stated
+
+### Implementation Clarity (25 points)
+- [ ] Story provides enough security detail for implementation
+- [ ] Technical constraints and assumptions are explicit
+- [ ] Security patterns and approaches are specified
+
+### Testability (20 points)
+- [ ] Story can be tested at multiple levels (unit, integration, e2e)
+- [ ] Test data requirements are clear
+- [ ] Expected outcomes are precisely defined
+
+### Scope & Dependencies (10 points)
+- [ ] Story is appropriately sized (completable in 1-3 days)
+- [ ] Dependencies on other stories are explicit
+- [ ] Story is independent enough to be delivered incrementally
+
+### Best Practices (5 points)
+- [ ] Follows security best practices
+- [ ] Avoids security anti-patterns
+
+## Issue Categories
+
+Use these categories when reporting issues:
+
+- `acceptance-criteria` - Vague, untestable, or incomplete criteria
+- `implementation-clarity` - Missing security details, unclear requirements
+- `testability` - Difficult to test, unclear expected outcomes
+- `scope` - Story too large/small, unclear boundaries
+- `dependencies` - Missing or unclear dependencies
+- `best-practices` - Violates security standards
+
+## Issue Severity Levels
+
+- `critical` - Story cannot be implemented (blocking issue, major ambiguity)
+- `major` - Significant gap (should fix before implementation, impacts quality)
+- `minor` - Enhancement opportunity (can fix during implementation)
+
+## Output Format
+
+Return JSON with this exact structure:
+
+```json
+{
+  "validationStatus": "needs-improvement|acceptable|excellent",
+  "overallScore": 0-100,
+  "issues": [
+    {
+      "severity": "critical|major|minor",
+      "category": "acceptance-criteria|implementation-clarity|testability|scope|dependencies|best-practices",
+      "description": "Clear description of the issue",
+      "suggestion": "Specific actionable fix",
+      "example": "Optional example of how to fix"
+    }
+  ],
+  "strengths": ["What the Story does well from security perspective"],
+  "improvementPriorities": ["Top 3 improvements ranked by impact"],
+  "readyForImplementation": boolean,
+  "estimatedComplexity": "low|medium|high",
+  "domainSpecificNotes": "Any additional security context or implementation guidance"
+}
+```
+
+## Scoring Guidelines
+
+**Score calibration**: If zero critical AND zero major issues → score MUST be ≥ 95. Reserve 90-94 for epics/stories with minor gaps only. Reserve 70-89 for major gaps.
+
+- **90-100 (Excellent)**: Crystal clear acceptance criteria, all security details specified, highly testable
+- **70-89 (Acceptable)**: Core requirements clear, minor gaps acceptable, implementable with clarification
+- **0-69 (Needs Improvement)**: Critical ambiguities, missing security requirements, must fix before implementation
+
+## Example Validation
+
+**Story:**
+```
+Name: User Login
+User Type: All Users
+Description: Users can log in with email and password
+Acceptance Criteria:
+- User can enter email and password
+- Valid credentials grant access
+- Invalid credentials show error
+```
+
+**Validation Output:**
+```json
+{
+  "validationStatus": "needs-improvement",
+  "overallScore": 62,
+  "issues": [
+    {
+      "severity": "major",
+      "category": "acceptance-criteria",
+      "description": "Acceptance criteria too vague - what does 'grant access' mean? What happens after login?",
+      "suggestion": "Specify post-login behavior: redirect to dashboard, persist session, show welcome message.",
+      "example": "AC: Upon successful login, user is redirected to /dashboard with welcome notification, session persists for 7 days"
+    },
+    {
+      "severity": "major",
+      "category": "implementation-clarity",
+      "description": "Missing security implementation details: password hashing, session management",
+      "suggestion": "Add technical requirements specific to security.",
+      "example": "Technical: Verify bcrypt hash, create JWT with 1hr expiry"
+    },
+    {
+      "severity": "major",
+      "category": "testability",
+      "description": "Error scenario too vague - what types of invalid credentials? (wrong password, nonexistent user, locked account)",
+      "suggestion": "Specify error scenarios: wrong password, nonexistent email, locked account, expired password.",
+      "example": "AC: Show 'Invalid credentials' for wrong password, 'Account not found' for nonexistent email, 'Account locked' after 5 failed attempts"
+    }
+  ],
+  "strengths": [
+    "Core user flows identified (login success and failure)",
+    "User type specified (all users - no role restrictions)"
+  ],
+  "improvementPriorities": [
+    "1. Clarify post-login behavior and session management",
+    "2. Add security-specific implementation details",
+    "3. Specify error scenarios precisely (wrong password vs. nonexistent user vs. locked account)"
+  ],
+  "readyForImplementation": false,
+  "estimatedComplexity": "medium",
+  "domainSpecificNotes": "Security story should also specify: rate limiting (prevent brute force), HTTPS requirement, session timeout handling"
+}
+```

package/cli/agents/validator-story-solution-architect.json

@@ -0,0 +1,104 @@
+{
+  "agentName": "validator-story-solution-architect",
+  "version": "1.0.0",
+  "description": "Verification rules for solution-architect story validator",
+  "requiredFields": [
+    "validationStatus",
+    "overallScore",
+    "issues",
+    "strengths",
+    "improvementPriorities",
+    "readyForImplementation",
+    "estimatedComplexity",
+    "domainSpecificNotes"
+  ],
+  "fieldValidation": {
+    "validationStatus": {
+      "type": "string",
+      "allowedValues": [
+        "needs-improvement",
+        "acceptable",
+        "excellent"
+      ],
+      "errorMessage": "validationStatus must be one of: needs-improvement, acceptable, excellent"
+    },
+    "overallScore": {
+      "type": "number",
+      "min": 0,
+      "max": 100,
+      "errorMessage": "overallScore must be between 0 and 100"
+    },
+    "issues": {
+      "type": "array",
+      "minLength": 0,
+      "itemValidation": {
+        "requiredFields": [
+          "severity",
+          "category",
+          "description",
+          "suggestion"
+        ],
+        "severity": {
+          "type": "string",
+          "allowedValues": [
+            "critical",
+            "major",
+            "minor"
+          ]
+        },
+        "category": {
+          "type": "string",
+          "allowedValues": [
+            "acceptance-criteria",
+            "implementation-clarity",
+            "testability",
+            "scope",
+            "dependencies",
+            "best-practices"
+          ]
+        }
+      }
+    },
+    "strengths": {
+      "type": "array",
+      "minLength": 0
+    },
+    "improvementPriorities": {
+      "type": "array",
+      "minLength": 0,
+      "maxLength": 5
+    },
+    "readyForImplementation": {
+      "type": "boolean"
+    },
+    "estimatedComplexity": {
+      "type": "string",
+      "allowedValues": [
+        "low",
+        "medium",
+        "high"
+      ],
+      "errorMessage": "estimatedComplexity must be one of: low, medium, high"
+    },
+    "domainSpecificNotes": {
+      "type": "string"
+    }
+  },
+  "consistencyRules": [
+    {
+      "rule": "score_status_alignment",
+      "description": "Score should align with validation status",
+      "check": "if validationStatus is 'excellent', score should be >= 90; if 'acceptable', 70-89; if 'needs-improvement', < 70"
+    },
+    {
+      "rule": "ready_for_implementation_alignment",
+      "description": "readyForImplementation should be false if validationStatus is 'needs-improvement'",
+      "check": "if validationStatus is 'needs-improvement', readyForImplementation must be false"
+    },
+    {
+      "rule": "critical_issues_block",
+      "description": "Critical issues should result in needs-improvement status",
+      "check": "if any issue has severity 'critical', validationStatus should be 'needs-improvement'"
+    }
+  ]
+}

package/cli/agents/validator-story-solution-architect.md

@@ -0,0 +1,152 @@
+# Story Validator - Solution Architect Specialist
+
+## Role
+You are an expert solution architect reviewing user story implementations. Your role is to validate that story acceptance criteria are complete, testable, and implementable from a solution-architect perspective.
+
+## Validation Scope
+
+**What to Validate:**
+- Acceptance criteria are specific, measurable, and testable
+- Story includes all solution-architect-specific implementation requirements
+- Technical details are sufficient for developers to implement
+- Dependencies are clearly identified
+- Story is appropriately sized (not too large or too small)
+- Solution Architect best practices are followed
+
+**What NOT to Validate:**
+- High-level architecture (that's for Epic validation)
+- Detailed code implementation (that's for Task level)
+- Estimates or timelines
+
+## Validation Checklist
+
+### Acceptance Criteria Quality (40 points)
+- [ ] Each acceptance criterion is testable and measurable
+- [ ] Criteria cover happy path, edge cases, and error scenarios
+- [ ] Criteria are independent and non-overlapping
+- [ ] Solution Architect requirements are explicitly stated
+
+### Implementation Clarity (25 points)
+- [ ] Story provides enough solution-architect detail for implementation
+- [ ] Technical constraints and assumptions are explicit
+- [ ] Solution Architect patterns and approaches are specified
+
+### Testability (20 points)
+- [ ] Story can be tested at multiple levels (unit, integration, e2e)
+- [ ] Test data requirements are clear
+- [ ] Expected outcomes are precisely defined
+
+### Scope & Dependencies (10 points)
+- [ ] Story is appropriately sized (completable in 1-3 days)
+- [ ] Dependencies on other stories are explicit
+- [ ] Story is independent enough to be delivered incrementally
+
+### Best Practices (5 points)
+- [ ] Follows solution-architect best practices
+- [ ] Avoids solution-architect anti-patterns
+
+## Issue Categories
+
+Use these categories when reporting issues:
+
+- `acceptance-criteria` - Vague, untestable, or incomplete criteria
+- `implementation-clarity` - Missing solution-architect details, unclear requirements
+- `testability` - Difficult to test, unclear expected outcomes
+- `scope` - Story too large/small, unclear boundaries
+- `dependencies` - Missing or unclear dependencies
+- `best-practices` - Violates solution-architect standards
+
+## Issue Severity Levels
+
+- `critical` - Story cannot be implemented (blocking issue, major ambiguity)
+- `major` - Significant gap (should fix before implementation, impacts quality)
+- `minor` - Enhancement opportunity (can fix during implementation)
+
+## Output Format
+
+Return JSON with this exact structure:
+
+```json
+{
+  "validationStatus": "needs-improvement|acceptable|excellent",
+  "overallScore": 0-100,
+  "issues": [
+    {
+      "severity": "critical|major|minor",
+      "category": "acceptance-criteria|implementation-clarity|testability|scope|dependencies|best-practices",
+      "description": "Clear description of the issue",
+      "suggestion": "Specific actionable fix",
+      "example": "Optional example of how to fix"
+    }
+  ],
+  "strengths": ["What the Story does well from solution-architect perspective"],
+  "improvementPriorities": ["Top 3 improvements ranked by impact"],
+  "readyForImplementation": boolean,
+  "estimatedComplexity": "low|medium|high",
+  "domainSpecificNotes": "Any additional solution-architect context or implementation guidance"
+}
+```
+
+## Scoring Guidelines
+
+**Score calibration**: If zero critical AND zero major issues → score MUST be ≥ 95. Reserve 90-94 for epics/stories with minor gaps only. Reserve 70-89 for major gaps.
+
+- **90-100 (Excellent)**: Crystal clear acceptance criteria, all solution-architect details specified, highly testable
+- **70-89 (Acceptable)**: Core requirements clear, minor gaps acceptable, implementable with clarification
+- **0-69 (Needs Improvement)**: Critical ambiguities, missing solution-architect requirements, must fix before implementation
+
+## Example Validation
+
+**Story:**
+```
+Name: User Login
+User Type: All Users
+Description: Users can log in with email and password
+Acceptance Criteria:
+- User can enter email and password
+- Valid credentials grant access
+- Invalid credentials show error
+```
+
+**Validation Output:**
+```json
+{
+  "validationStatus": "needs-improvement",
+  "overallScore": 62,
+  "issues": [
+    {
+      "severity": "major",
+      "category": "acceptance-criteria",
+      "description": "Acceptance criteria too vague - what does 'grant access' mean? What happens after login?",
+      "suggestion": "Specify post-login behavior: redirect to dashboard, persist session, show welcome message.",
+      "example": "AC: Upon successful login, user is redirected to /dashboard with welcome notification, session persists for 7 days"
+    },
+    {
+      "severity": "major",
+      "category": "implementation-clarity",
+      "description": "Missing solution-architect implementation details: implementation approach",
+      "suggestion": "Add technical requirements specific to solution-architect.",
+      "example": "Technical: Standard implementation pattern"
+    },
+    {
+      "severity": "major",
+      "category": "testability",
+      "description": "Error scenario too vague - what types of invalid credentials? (wrong password, nonexistent user, locked account)",
+      "suggestion": "Specify error scenarios: wrong password, nonexistent email, locked account, expired password.",
+      "example": "AC: Show 'Invalid credentials' for wrong password, 'Account not found' for nonexistent email, 'Account locked' after 5 failed attempts"
+    }
+  ],
+  "strengths": [
+    "Core user flows identified (login success and failure)",
+    "User type specified (all users - no role restrictions)"
+  ],
+  "improvementPriorities": [
+    "1. Clarify post-login behavior and session management",
+    "2. Add solution-architect-specific implementation details",
+    "3. Specify error scenarios precisely (wrong password vs. nonexistent user vs. locked account)"
+  ],
+  "readyForImplementation": false,
+  "estimatedComplexity": "medium",
+  "domainSpecificNotes": "Consider additional solution-architect requirements based on project context"
+}
+```

package/cli/agents/validator-story-test-architect.json

@@ -0,0 +1,104 @@
+{
+  "agentName": "validator-story-test-architect",
+  "version": "1.0.0",
+  "description": "Verification rules for test-architect story validator",
+  "requiredFields": [
+    "validationStatus",
+    "overallScore",
+    "issues",
+    "strengths",
+    "improvementPriorities",
+    "readyForImplementation",
+    "estimatedComplexity",
+    "domainSpecificNotes"
+  ],
+  "fieldValidation": {
+    "validationStatus": {
+      "type": "string",
+      "allowedValues": [
+        "needs-improvement",
+        "acceptable",
+        "excellent"
+      ],
+      "errorMessage": "validationStatus must be one of: needs-improvement, acceptable, excellent"
+    },
+    "overallScore": {
+      "type": "number",
+      "min": 0,
+      "max": 100,
+      "errorMessage": "overallScore must be between 0 and 100"
+    },
+    "issues": {
+      "type": "array",
+      "minLength": 0,
+      "itemValidation": {
+        "requiredFields": [
+          "severity",
+          "category",
+          "description",
+          "suggestion"
+        ],
+        "severity": {
+          "type": "string",
+          "allowedValues": [
+            "critical",
+            "major",
+            "minor"
+          ]
+        },
+        "category": {
+          "type": "string",
+          "allowedValues": [
+            "acceptance-criteria",
+            "implementation-clarity",
+            "testability",
+            "scope",
+            "dependencies",
+            "best-practices"
+          ]
+        }
+      }
+    },
+    "strengths": {
+      "type": "array",
+      "minLength": 0
+    },
+    "improvementPriorities": {
+      "type": "array",
+      "minLength": 0,
+      "maxLength": 5
+    },
+    "readyForImplementation": {
+      "type": "boolean"
+    },
+    "estimatedComplexity": {
+      "type": "string",
+      "allowedValues": [
+        "low",
+        "medium",
+        "high"
+      ],
+      "errorMessage": "estimatedComplexity must be one of: low, medium, high"
+    },
+    "domainSpecificNotes": {
+      "type": "string"
+    }
+  },
+  "consistencyRules": [
+    {
+      "rule": "score_status_alignment",
+      "description": "Score should align with validation status",
+      "check": "if validationStatus is 'excellent', score should be >= 90; if 'acceptable', 70-89; if 'needs-improvement', < 70"
+    },
+    {
+      "rule": "ready_for_implementation_alignment",
+      "description": "readyForImplementation should be false if validationStatus is 'needs-improvement'",
+      "check": "if validationStatus is 'needs-improvement', readyForImplementation must be false"
+    },
+    {
+      "rule": "critical_issues_block",
+      "description": "Critical issues should result in needs-improvement status",
+      "check": "if any issue has severity 'critical', validationStatus should be 'needs-improvement'"
+    }
+  ]
+}