@atlashub/smartstack-cli 1.23.0 → 1.24.0

package/templates/skills/refactor/SKILL.md

@@ -0,0 +1,219 @@
+---
+name: refactor
+description: Refactor code by finding files, grouping them, and launching parallel Snipper agents
+argument-hint: <search-pattern-or-description>
+---
+
+<objective>
+Refactor code matching the given pattern across the codebase using parallel Snipper agents for maximum speed.
+
+This skill finds all relevant files, creates ONE instruction file, then launches Snipper agents in parallel with batches of max 3 files each.
+</objective>
+
+<quick_start>
+```bash
+/refactor rename getUserData to fetchUserProfile
+/refactor replace console.log with logger.info
+/refactor convert class components to functional
+/refactor update deprecated API calls
+```
+</quick_start>
+
+<workflow>
+
+## Phase 1: Discovery
+
+### 1. Parse the Refactor Request
+
+Understand what the pattern means:
+- Could be: method name, component name, pattern, code smell, etc.
+- Identify the search strategy (Grep for code patterns, Glob for file patterns)
+
+### 2. Find All Affected Files
+
+```
+Use Grep to search for the pattern in the codebase
+Use Glob if searching by file name patterns
+Exclude: node_modules, .git, dist, build, bin, obj
+```
+
+### 3. Analyze Scope
+
+- Count total files found
+- If more than 15 files, ask user to confirm or narrow scope
+- Show preview of files to refactor
+
+## Phase 2: Create Instructions
+
+### 4. Create Task Folder
+
+```
+Generate unique ID: refactor-{timestamp}
+Create folder: .claude/tasks/refactor-{timestamp}/
+```
+
+### 5. Create ONE Instruction File
+
+Create `.claude/tasks/refactor-{id}/instructions.md`:
+
+```markdown
+# Refactor: {title}
+
+## Objective
+{What needs to be refactored - derived from user request}
+
+## Pattern to Find
+{Exact code pattern, method name, or structure to locate}
+
+## Transformation
+{How to transform the found pattern - be specific and adaptive}
+
+## Examples
+Before:
+{example of current code}
+
+After:
+{example of refactored code}
+
+## Constraints
+- Only modify code matching the pattern
+- Preserve all existing functionality
+- Follow codebase conventions
+- No comments unless necessary
+```
+
+**IMPORTANT**: Make instructions adaptive - they should work for ANY file in the list.
+
+## Phase 3: Group and Execute
+
+### 6. Group Files into Batches
+
+- Maximum 3 files per batch
+- Group by related functionality when possible
+
+### 7. Launch Snipper Agents in Parallel
+
+For EACH batch, use Task tool with `subagent_type='Snipper'`:
+
+```
+Using the instructions in .claude/tasks/refactor-{id}/instructions.md, refactor these files:
+- {file_1}
+- {file_2}
+- {file_3}
+```
+
+**CRITICAL**: Launch ALL batches in a SINGLE message with multiple Task calls.
+
+### 8. Wait for Completion
+
+- All Snipper agents run in parallel
+- Collect results from each
+
+## Phase 4: Verification
+
+### 9. Validate Changes
+
+```bash
+# For TypeScript/JavaScript
+pnpm lint || npm run lint
+pnpm tsc || npx tsc
+
+# For .NET
+dotnet build
+```
+
+Fix any errors immediately.
+
+### 10. Summary Report
+
+```
+Refactor Complete: {title}
+
+Files modified: {count}
+Batches executed: {count}
+Errors: {count}
+
+Modified files:
+- {file1}
+- {file2}
+...
+
+Next steps:
+- Review changes: git diff
+- Run tests: pnpm test
+- Commit: /gitflow:commit
+```
+
+</workflow>
+
+<instructions_template>
+
+Create ONE file at `.claude/tasks/refactor-{id}/instructions.md`:
+
+```markdown
+# Refactor: {title}
+
+## Objective
+{What needs to be refactored - derived from user request}
+
+## Pattern to Find
+{Exact code pattern, method name, or structure to locate}
+
+## Transformation
+{How to transform the found pattern - be specific and adaptive}
+
+## Examples
+Before:
+```
+{example of current code}
+```
+
+After:
+```
+{example of refactored code}
+```
+
+## Constraints
+- Only modify code matching the pattern
+- Preserve all existing functionality
+- Follow codebase conventions
+- No comments unless necessary
+```
+
+</instructions_template>
+
+<snipper_prompt_template>
+
+For each batch, call Snipper with:
+
+```
+Using the instructions in .claude/tasks/refactor-{id}/instructions.md, refactor these files:
+- {file_path_1}
+- {file_path_2}
+- {file_path_3}
+
+Read the instructions file first, then apply the refactor to each file.
+```
+
+</snipper_prompt_template>
+
+<execution_rules>
+
+- **PARALLEL EXECUTION**: Launch all Snipper batches simultaneously
+- **SINGLE INSTRUCTION FILE**: One instructions.md for all batches
+- **MAX 3 FILES PER BATCH**: Keep Snipper agents focused
+- **VALIDATE AFTER**: Run lint/typecheck after all batches complete
+- **PRESERVE FUNCTIONALITY**: Never break existing behavior
+
+</execution_rules>
+
+<success_criteria>
+
+- All target files identified
+- ONE instruction file created in `.claude/tasks/refactor-{id}/instructions.md`
+- Snipper agents launched in parallel (max 3 files per agent)
+- All batches completed successfully
+- Lint/type checks pass
+- Summary provided to user
+
+</success_criteria>

package/templates/skills/review-code/SKILL.md

@@ -25,62 +25,90 @@ Based on research from Google, Microsoft, OWASP, and academic studies on code re
 </detection>
 
 <mcp_validation>
-**If SmartStack detected, run MCP validation FIRST:**
+**If SmartStack detected, run comprehensive code review via MCP:**
 
-1. **Validate conventions** (BLOCKING issues):
-   ```
-   mcp__smartstack__validate_conventions
-   checks: ["all"]
-   ```
-
-2. **Validate security** (when available):
-   ```
-   mcp__smartstack__validate_security
-   checks: ["all"]
-   ```
-
-3. **Analyze code quality** (when available):
-   ```
-   mcp__smartstack__analyze_code_quality
-   metrics: ["all"]
-   ```
+**Primary tool - `review_code`** (NEW - unified review):
+```
+mcp__smartstack__review_code
+scope: "changed"   # or "all" or "staged"
+checks: ["all"]    # 9 categories covered
+severity: "all"    # blocking, critical, warning, info
+```
 
-4. **Validate test conventions**:
-   ```
-   mcp__smartstack__validate_test_conventions
-   checks: ["all"]
-   ```
+**This single tool covers ALL categories:**
+- Security (OWASP, secrets, SQL injection, XSS)
+- Architecture (layer violations, DI bypass)
+- Hardcoded values (magic numbers, URLs, feature flags)
+- Tests (missing tests, test quality)
+- AI Hallucinations (non-existent imports, phantom methods)
+- Performance (N+1 queries, over-fetching)
+- Dead Code (unused imports, functions)
+- i18n (non-translated UI text)
+- Accessibility (missing alt, ARIA issues)
+
+**Optional: Additional convention checks:**
+```
+mcp__smartstack__validate_conventions
+checks: ["all"]
+```
 </mcp_validation>
 
 <mcp_checks>
-**SmartStack-specific checks via MCP:**
-
-| Category | MCP Tool | What it validates |
-|----------|----------|-------------------|
-| **Tables** | `validate_conventions` | Préfixes (auth_, nav_, cfg_), schemas (core/extensions) |
-| **Migrations** | `validate_conventions` | Nommage `{context}_v{version}_{sequence}_{Description}` |
-| **Services** | `validate_conventions` | Interfaces I*Service |
-| **Entities** | `validate_conventions` | ITenantEntity, factory methods, private constructors |
-| **Controllers** | `validate_conventions` | [NavRoute] attributes, route format |
-| **Multi-tenant** | `validate_conventions` | TenantId isolation, no cross-tenant access |
-| **Tests** | `validate_test_conventions` | Naming, structure, patterns AAA |
+**SmartStack code review categories via MCP `review_code`:**
+
+| Category | Check ID | What it detects |
+|----------|----------|-----------------|
+| **Security** | SEC-xxx | Hardcoded secrets, SQL injection, XSS, missing [Authorize] |
+| **Architecture** | ARCH-xxx | Layer violations (Domain→Infrastructure), DI bypass |
+| **Hardcoded** | HARD-xxx | Magic numbers, hardcoded URLs, feature flags |
+| **Tests** | TEST-xxx | Missing tests, useless assertions, no coverage |
+| **AI Hallucinations** | AI-xxx | Non-existent imports, phantom methods, placeholders |
+| **Performance** | PERF-xxx | N+1 queries, ToList before Where, over-fetching |
+| **Dead Code** | DEAD-xxx | Unused imports, functions, commented code, TODOs |
+| **i18n** | I18N-xxx | Hardcoded UI text, missing translations |
+| **Accessibility** | A11Y-xxx | Missing alt, no aria-label, focus issues |
+
+**Severity levels:**
+- `blocking` → Must fix before merge (security, hallucinations)
+- `critical` → Should fix ASAP (architecture, tests)
+- `warning` → Recommended fix (performance, dead code)
+- `info` → Nice to have (i18n, a11y)
 </mcp_checks>
 
 <output_integration>
-**Merge MCP results into review output:**
+**Merge MCP `review_code` results into review output:**
 
-```markdown
-## SmartStack Conventions (via MCP)
+The MCP tool returns a structured report. Display it as-is or integrate key findings:
 
-| Severity | Issue | Location | Fix |
-|----------|-------|----------|-----|
-| BLOCKING | {MCP error} | `file:line` | {MCP suggestion} |
-| WARNING | {MCP warning} | `file:line` | {MCP suggestion} |
+```markdown
+## Code Review Results (via MCP)
+
+### Summary
+| Metric | Value |
+|--------|-------|
+| Status | {PASSED/FAILED/WARNING} |
+| Score | {score}/100 |
+| Grade | {A/B/C/D/F} |
+
+### Blocking Issues ({count})
+| ID | Issue | File:Line | Fix |
+|----|-------|-----------|-----|
+| SEC-001 | {title} | `{file}:{line}` | {suggestion} |
+
+### Critical Issues ({count})
+| ID | Issue | File:Line | Fix |
+|----|-------|-----------|-----|
+| ARCH-001 | {title} | `{file}:{line}` | {suggestion} |
+
+### Warnings ({count})
+(List or summarize)
 ```
 
-**Priority mapping:**
-- MCP errors → `[BLOCKING]`
-- MCP warnings → `[SUGGESTION]`
+**Priority mapping from MCP:**
+- `blocking` → `[BLOCKING]` - Must fix before merge
+- `critical` → `[CRITICAL]` - Should fix ASAP
+- `warning` → `[SUGGESTION]` - Recommended
+- `info` → `[NIT]` - Nice to have
 </output_integration>
 </smartstack_integration>
 

package/templates/skills/review-code/references/smartstack-conventions.md

@@ -7,13 +7,39 @@ SmartStack-specific conventions and patterns. This reference is used when review
 <mcp_tools>
 ## MCP SmartStack Tools for Code Review
 
+### Primary Tool - Unified Code Review
+
+| Tool | Purpose | When to use |
+|------|---------|-------------|
+| `mcp__smartstack__review_code` | **Unified code review** covering 9 categories | Always use first |
+
+**Parameters:**
+```
+scope: "all" | "changed" | "staged"  # Which files to review
+checks: ["all"] | ["security", ...]   # Categories to check
+severity: "all" | "blocking"          # Filter by severity
+```
+
+**Categories covered:**
+| Category | ID Prefix | Severity | What it detects |
+|----------|-----------|----------|-----------------|
+| Security | SEC-xxx | blocking | Secrets, SQL injection, XSS, missing [Authorize] |
+| Architecture | ARCH-xxx | critical | Layer violations, DI bypass |
+| Hardcoded Values | HARD-xxx | warning | Magic numbers, URLs, feature flags |
+| Tests | TEST-xxx | critical | Missing tests, useless assertions |
+| AI Hallucinations | AI-xxx | blocking | Phantom imports, non-existent methods |
+| Performance | PERF-xxx | warning | N+1 queries, over-fetching |
+| Dead Code | DEAD-xxx | warning | Unused imports, commented code, TODOs |
+| i18n | I18N-xxx | info | Hardcoded UI text, missing translations |
+| Accessibility | A11Y-xxx | info | Missing alt, ARIA, focus issues |
+
+### Additional Tools (Optional)
+
 | Tool | Purpose | When to use |
 |------|---------|-------------|
-| `mcp__smartstack__validate_conventions` | Validate all SmartStack conventions | Always run first |
-| `mcp__smartstack__validate_test_conventions` | Validate test patterns | When tests are in scope |
-| `mcp__smartstack__validate_security` | Security-specific checks | Security-focused reviews |
-| `mcp__smartstack__analyze_code_quality` | Code metrics analysis | Quality-focused reviews |
-| `mcp__smartstack__check_migrations` | EF Core migration conflicts | When migrations are modified |
+| `mcp__smartstack__validate_conventions` | Detailed conventions validation | Deep convention checks |
+| `mcp__smartstack__validate_test_conventions` | Test patterns validation | Test structure review |
+| `mcp__smartstack__check_migrations` | EF Core migration conflicts | Migration changes |
 </mcp_tools>
 
 <architecture>
@@ -262,37 +288,71 @@ Tests/
 <review_checklist>
 ## SmartStack Code Review Checklist
 
-**Run MCP validation first:**
+**Run unified code review first:**
 ```
-mcp__smartstack__validate_conventions checks: ["all"]
+mcp__smartstack__review_code
+  scope: "changed"    # or "all" or "staged"
+  checks: ["all"]     # 9 categories
+  severity: "all"
 ```
 
-**Then verify manually:**
-
-<security_checks>
-### Security (BLOCKING)
-- [ ] No hardcoded credentials or secrets
-- [ ] TenantId isolation enforced
-- [ ] Authorization on all endpoints
-- [ ] Input validation present
-- [ ] No SQL injection risks (use EF Core properly)
-</security_checks>
-
-<architecture_checks>
-### Architecture (BLOCKING)
-- [ ] Entities use correct base class (BaseEntity/SystemEntity)
-- [ ] Services have interfaces
-- [ ] Controllers use [NavRoute]
-- [ ] Migrations follow naming convention
-</architecture_checks>
-
-<quality_checks>
-### Quality (SUGGESTION)
-- [ ] Tests exist for new functionality
-- [ ] Factory methods used for entity creation
-- [ ] DTOs used for API boundaries
-- [ ] Async methods have CancellationToken
-</quality_checks>
+**The tool automatically checks:**
+
+<blocking_checks>
+### Blocking Issues (Must fix before merge)
+**Security (SEC-xxx):**
+- Hardcoded credentials or secrets
+- SQL injection patterns
+- XSS vulnerabilities
+- Missing [Authorize] attributes
+
+**AI Hallucinations (AI-xxx):**
+- Non-existent imports/namespaces
+- Phantom method calls
+- Undefined types
+</blocking_checks>
+
+<critical_checks>
+### Critical Issues (Should fix ASAP)
+**Architecture (ARCH-xxx):**
+- Layer violations (Web → Infrastructure)
+- Direct DbContext usage in controllers
+- Service instantiation instead of DI
+
+**Tests (TEST-xxx):**
+- Missing tests for new entities/services
+- Tests without real assertions
+</critical_checks>
+
+<warning_checks>
+### Warnings (Recommended fixes)
+**Hardcoded Values (HARD-xxx):**
+- Magic numbers
+- Hardcoded URLs
+- Feature flags in code
+
+**Performance (PERF-xxx):**
+- N+1 queries
+- ToList() before Where()
+- Multiple API calls per page
+
+**Dead Code (DEAD-xxx):**
+- Unused imports
+- Commented code
+- Old TODOs
+</warning_checks>
+
+<info_checks>
+### Info (Nice to have)
+**i18n (I18N-xxx):**
+- Hardcoded UI text
+- Missing translations
+
+**Accessibility (A11Y-xxx):**
+- Missing alt attributes
+- Missing ARIA labels
+- Non-interactive click handlers
+</info_checks>
 </review_checklist>
 
 <sources>