@codeharbor/agent-playbook 0.1.0 → 0.1.1

package/skills/auto-trigger/SKILL.md

@@ -0,0 +1,183 @@
+---
+name: auto-trigger
+description: Workflow automation hooks for agent-playbook skills. This skill defines automatic triggers between skills - DO NOT use directly, it's a configuration skill that other skills reference.
+allowed-tools: Read, Write, Edit
+---
+
+# Auto-Trigger Hooks
+
+This skill defines automatic trigger relationships between skills. When a skill completes its workflow, it should automatically trigger the next skill in the chain.
+
+## Hook Definitions
+
+### PRD Creation Chain
+
+```yaml
+prd_complete:
+  triggers:
+    - skill: self-improving-agent
+      mode: background
+      condition: PRD file exists and is complete
+    - skill: session-logger
+      mode: auto
+      context: "PRD created for {feature_name}"
+
+prd_implemented:
+  triggers:
+    - skill: session-logger
+      mode: auto
+      context: "Implemented PRD: {feature_name}"
+```
+
+### Implementation Chain
+
+```yaml
+implementation_complete:
+  triggers:
+    - skill: code-reviewer
+      mode: ask_first
+      message: "Implementation complete. Run code review?"
+    - skill: create-pr
+      mode: auto
+      condition: changes_staged
+```
+
+### Session Management
+
+```yaml
+session_start:
+  auto_triggers:
+    - skill: session-logger
+      action: create_session_file
+
+session_end:
+  auto_triggers:
+    - skill: session-logger
+      action: update_session_file
+```
+
+## Hook Format in Skills
+
+To add auto-trigger capability to a skill, add to its front matter:
+
+```yaml
+---
+name: my-skill
+description: Skill description
+allowed-tools: Read, Write, Edit
+hooks:
+  before_start:
+    - trigger: session-logger
+      mode: auto
+      context: "Start {skill_name}"
+  after_complete:
+    - trigger: self-improving-agent
+      mode: background
+    - trigger: session-logger
+      mode: auto
+  on_error:
+    - trigger: self-improving-agent
+      mode: background
+---
+```
+
+## Implementation Guide
+
+When a skill completes its workflow:
+
+1. **Check `hooks`** in its own front matter (`before_start`, `after_complete`, `on_error`, `on_progress`)
+2. **For each hook:**
+   - If `mode: auto`, trigger immediately
+   - If `mode: background`, trigger without waiting
+   - If `mode: ask_first`, ask user before triggering
+   - If `condition:` exists, check it first
+3. **Pass context** to the triggered skill
+
+## Example Integration
+
+### prd-planner should add:
+
+```yaml
+---
+name: prd-planner
+description: Creates PRDs using persistent file-based planning...
+allowed-tools: Read, Write, Edit, Bash, Grep, Glob, AskUserQuestion, WebSearch
+hooks:
+  after_complete:
+    - trigger: self-improving-agent
+      mode: background
+      context: "PRD created at {prd_file}"
+    - trigger: session-logger
+      mode: auto
+      context: "PRD creation complete"
+---
+```
+
+### self-improving-agent already has:
+
+```yaml
+---
+name: self-improving-agent
+description: Universal self-improvement that learns from all skill experiences...
+allowed-tools: Read, Write,Edit, Bash, Grep, Glob, WebSearch
+hooks:
+  after_complete:
+    - trigger: create-pr
+      mode: ask_first
+      condition: skills_modified
+    - trigger: session-logger
+      mode: auto
+      context: "Self-improvement cycle complete"
+  on_error:
+    - trigger: self-improving-agent
+      mode: background
+---
+```
+
+### create-pr should add:
+
+```yaml
+---
+name: create-pr
+description: Creates pull requests with bilingual documentation updates...
+allowed-tools: Read, Write, Edit, Bash, Grep, AskUserQuestion
+hooks:
+  after_complete:
+    - trigger: session-logger
+      mode: auto
+      context: "PR created: {pr_title}"
+---
+```
+
+## Chain Visualization
+
+```
+┌──────────────┐
+│ prd-planner  │
+└──────┬───────┘
+       │ after_complete
+       ├──→ self-improving-agent (background)
+       │         └──→ create-pr (ask_first)
+       │                  └──→ session-logger (auto)
+       └──→ session-logger (auto)
+```
+
+## Error Correction Chain
+
+```yaml
+on_error:
+  triggers:
+    - skill: self-improving-agent
+      mode: background
+      context: "Error occurred in {skill_name}"
+    - skill: session-logger
+      mode: auto
+      context: "Error captured for {skill_name}"
+```
+
+## Important Rules
+
+1. **Don't create infinite loops** - Ensure chains terminate
+2. **Ask before major actions** - Use `mode: ask_first` for PRs, deployments
+3. **Background tasks** - Use `mode: background` for non-blocking tasks
+4. **Pass context** - Always include relevant context to triggered skills

package/skills/code-reviewer/README.md

@@ -0,0 +1,59 @@
+# Code Reviewer
+
+> A Claude Code skill for comprehensive code review of pull requests and code changes.
+
+## Installation
+
+This skill is part of the [agent-playbook](https://github.com/Charon-Fan/agent-playbook) collection.
+
+## Usage
+
+When reviewing code, simply ask:
+
+```
+You: Review this PR
+You: Check my changes
+You: Review the code in src/auth/
+```
+
+The skill will:
+1. Analyze the changes
+2. Check against security best practices
+3. Evaluate code quality
+4. Review test coverage
+5. Provide structured feedback
+
+## Review Categories
+
+| Category | Description |
+|----------|-------------|
+| **Correctness** | Logic, edge cases, error handling |
+| **Security** | OWASP Top 10, secrets, injection prevention |
+| **Performance** | N+1 queries, caching, algorithms |
+| **Code Quality** | DRY, KISS, naming, abstractions |
+| **Testing** | Coverage, edge cases, meaningful assertions |
+| **Documentation** | Comments, API docs, README |
+| **Maintainability** | Modularity, separation of concerns |
+
+## Output Format
+
+Reviews are structured with severity levels:
+
+- **Critical**: Must fix before merge
+- **High**: Should fix before merge
+- **Medium**: Consider fixing
+- **Low**: Nice to have improvements
+
+## Scripts
+
+Generate a review checklist:
+
+```bash
+python scripts/review_checklist.py
+```
+
+## References
+
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
+- [Google Engineering Practices](https://google.github.io/eng-practices/review/)
+- [Clean Code](https://www.amazon.com/Clean-Code-Handbook-Software-Craftsmanship/dp/0132350882)

package/skills/code-reviewer/SKILL.md

@@ -0,0 +1,220 @@
+---
+name: code-reviewer
+description: Reviews pull requests and code changes for quality, security, and best practices. Use when user asks for code review, PR review, or mentions reviewing changes.
+allowed-tools: Read, Grep, Glob, Bash, WebFetch, WebSearch
+---
+
+# Code Reviewer
+
+A comprehensive code review skill that analyzes pull requests and code changes for quality, security, maintainability, and best practices.
+
+## When This Skill Activates
+
+This skill activates when you:
+- Ask for a code review
+- Request a PR review
+- Mention reviewing changes
+- Say "review this" or "check this code"
+
+## Review Process
+
+### Phase 1: Context Gathering
+
+1. **Get changed files**
+   ```bash
+   git diff main...HEAD --name-only
+   git log main...HEAD --oneline
+   ```
+
+2. **Get the diff**
+   ```bash
+   git diff main...HEAD
+   ```
+
+3. **Understand project context**
+   - Read relevant documentation
+   - Check existing patterns in similar files
+   - Identify project-specific conventions
+
+### Phase 2: Analysis Categories
+
+#### 1. Correctness
+- [ ] Logic is sound and matches requirements
+- [ ] Edge cases are handled
+- [ ] Error handling is appropriate
+- [ ] No obvious bugs or typos
+
+#### 2. Security
+- [ ] No hardcoded secrets or credentials
+- [ ] Input validation and sanitization
+- [ ] SQL injection prevention
+- [ ] XSS prevention (for frontend)
+- [ ] Authentication/authorization checks
+- [ ] Safe handling of user data
+
+#### 3. Performance
+- [ ] No N+1 queries
+- [ ] Appropriate caching
+- [ ] Efficient algorithms
+- [ ] No unnecessary computations
+- [ ] Memory efficiency
+
+#### 4. Code Quality
+- [ ] Follows DRY principle
+- [ ] Follows KISS principle
+- [ ] Appropriate abstractions
+- [ ] Clear naming conventions
+- [ ] Proper typing (if TypeScript)
+- [ ] No commented-out code
+
+#### 5. Testing
+- [ ] Tests cover new functionality
+- [ ] Tests cover edge cases
+- [ ] Test assertions are meaningful
+- [ ] No brittle tests
+
+#### 6. Documentation
+- [ ] Complex logic is explained
+- [ ] Public APIs have documentation
+- [ ] JSDoc/TSDoc for functions
+- [ ] README updated if needed
+
+#### 7. Maintainability
+- [ ] Code is readable
+- [ ] Consistent style
+- [ ] Modular design
+- [ ] Separation of concerns
+
+### Phase 3: Output Format
+
+Use this structured format for review feedback:
+
+```markdown
+# Code Review
+
+## Summary
+Brief overview of the changes (2-3 sentences).
+
+## Issues by Severity
+
+### Critical
+Must fix before merge.
+
+- [ ] **Issue Title**: Description with file:line reference
+
+### High
+Should fix before merge unless there's a good reason.
+
+- [ ] **Issue Title**: Description with file:line reference
+
+### Medium
+Consider fixing, can be done in follow-up.
+
+- [ ] **Issue Title**: Description with file:line reference
+
+### Low
+Nice to have improvements.
+
+- [ ] **Issue Title**: Description with file:line reference
+
+## Positive Highlights
+What was done well in this PR.
+
+## Suggestions
+Optional improvements that don't require immediate action.
+
+## Approval Status
+- [ ] Approved
+- [ ] Approved with suggestions
+- [ ] Request changes
+```
+
+## Common Issues to Check
+
+### Security Issues
+
+| Issue | Pattern | Recommendation |
+|-------|----------|----------------|
+| Hardcoded secrets | `const API_KEY = "sk-"` | Use environment variables |
+| SQL injection | `\"SELECT * FROM...\" + user_input` | Use parameterized queries |
+| XSS vulnerability | `innerHTML = user_input` | Sanitize or use textContent |
+| Missing auth check | New endpoint without `@RequireAuth` | Add authentication middleware |
+
+### Performance Issues
+
+| Issue | Pattern | Recommendation |
+|-------|----------|----------------|
+| N+1 query | Loop with database call | Use eager loading or batch queries |
+| Unnecessary re-render | Missing dependencies in `useEffect` | Fix dependency array |
+| Memory leak | Event listener not removed | Add cleanup in useEffect return |
+| Inefficient loop | Nested loops O(n²) | Consider hash map or different algorithm |
+
+### Code Quality Issues
+
+| Issue | Pattern | Recommendation |
+|-------|----------|----------------|
+| Duplicate code | Similar blocks repeated | Extract to function |
+| Magic number | `if (status === 5)` | Use named constant |
+| Long function | Function >50 lines | Split into smaller functions |
+| Complex condition | `a && b || c && d` | Extract to variable with descriptive name |
+
+### Testing Issues
+
+| Issue | Pattern | Recommendation |
+|-------|----------|----------------|
+| No tests | New feature without test file | Add unit tests |
+| Untested edge case | Test only covers happy path | Add edge case tests |
+| Brittle test | Test relies on implementation details | Test behavior, not implementation |
+| Missing assertion | Test doesn't assert anything | Add proper assertions |
+
+## Language-Specific Guidelines
+
+### TypeScript
+- Use `unknown` instead of `any` for untyped values
+- Prefer `interface` for public APIs, `type` for unions
+- Use strict mode settings
+- Avoid `as` assertions when possible
+
+### React
+- Follow Hooks rules
+- Use `useCallback`/`useMemo` appropriately (not prematurely)
+- Prefer function components
+- Use proper key props in lists
+- Avoid prop drilling with Context
+
+### Python
+- Follow PEP 8 style guide
+- Use type hints
+- Use f-strings for formatting
+- Prefer list comprehensions over map/filter
+- Use context managers for resources
+
+### Go
+- Handle errors explicitly
+- Use named returns for clarity
+- Keep goroutines simple
+- Use channels for communication
+- Avoid package-level state
+
+## Before Approving
+
+Confirm the following:
+- [ ] All critical issues are addressed
+- [ ] Tests pass locally
+- [ ] No merge conflicts
+- [ ] Commit messages are clear
+- [ ] Documentation is updated
+- [ ] Breaking changes are documented
+
+## Scripts
+
+Run the review checklist script:
+```bash
+python scripts/review_checklist.py <pr-number>
+```
+
+## References
+
+- `references/checklist.md` - Complete review checklist
+- `references/security.md` - Security review guidelines
+- `references/patterns.md` - Common patterns and anti-patterns

package/skills/code-reviewer/references/checklist.md

@@ -0,0 +1,80 @@
+# Code Review Checklist
+
+Use this checklist for systematic code reviews.
+
+## Pre-Review
+
+- [ ] I understand what this PR is trying to achieve
+- [ ] I have read the linked issues/tickets
+- [ ] I have checked the base branch is correct
+- [ ] I have verified the PR is not a draft
+
+## Code Review
+
+### Correctness
+- [ ] Code implements the stated requirements
+- [ ] Edge cases are handled
+- [ ] Error handling is appropriate
+- [ ] No obvious bugs
+- [ ] Input validation is present
+
+### Security
+- [ ] No hardcoded secrets/credentials
+- [ ] User input is validated/sanitized
+- [ ] SQL/NoSQL injection prevention
+- [ ] XSS prevention (for web)
+- [ ] CSRF protection (for state-changing operations)
+- [ ] Authentication/authorization is correct
+- [ ] Sensitive data is handled securely
+
+### Performance
+- [ ] No N+1 queries
+- [ ] Appropriate caching (if applicable)
+- [ ] Efficient algorithm/data structure choice
+- [ ] No unnecessary database/network calls
+- [ ] Pagination for large datasets
+- [ ] Indexes used where appropriate
+
+### Code Quality
+- [ ] Code is readable and understandable
+- [ ] Naming is clear and consistent
+- [ ] No dead/commented-out code
+- [ ] No duplicate code
+- [ ] Appropriate abstractions
+- [ ] Follows DRY, KISS, YAGNI
+- [ ] Type definitions are accurate (if typed)
+
+### Testing
+- [ ] Tests cover new functionality
+- [ ] Tests cover edge cases
+- [ ] Tests are meaningful (not tautologies)
+- [ ] No hardcoded test data that makes tests brittle
+- [ ] All tests pass
+- [ ] Test coverage not decreased
+
+### Documentation
+- [ ] Complex logic has comments
+- [ ] Public APIs are documented
+- [ ] Breaking changes are noted
+- [ ] README/API docs updated if needed
+- [ ] Migration guide provided for breaking changes
+
+### Maintainability
+- [ ] Code is modular
+- [ ] Separation of concerns
+- [ ] Easy to modify
+- [ ] Easy to test
+- [ ] Follows project conventions
+
+### Style
+- [ ] Consistent formatting
+- [ ] Follows project style guide
+- [ ] No lint errors
+- [ ] No console.log/debugger left in
+
+## Post-Review
+
+- [ ] Provided clear, actionable feedback
+- [ ] Explained reasoning for suggestions
+- [ ] Flagged blocking issues separately from nice-to-haves
+- [ ] Recognized good work in the PR