@curdx/flow 1.1.11 → 2.0.0-beta.10

package/commands/qa.md

@@ -1,118 +0,0 @@
----
-name: qa
-description: Real-browser QA — run user flows with chrome-devtools MCP, capturing bugs / performance / accessibility. Dispatches flow-qa-engineer (Oliver).
-argument-hint: "[spec-name] [--url=<dev-url>]"
-allowed-tools: [Read, Write, Bash, Task, WebFetch]
----
-
-# Flow QA — Real-Browser Testing
-
-Dispatches `flow-qa-engineer` (Oliver) to run user flows in real Chrome using **chrome-devtools MCP**.
-
-## Step 1: Preflight check
-
-```bash
-[ ! -d ".flow" ] && { echo "✗ Not a CurDX-Flow project"; exit 1; }
-
-ARGS="$ARGUMENTS"
-URL=""
-case "$ARGS" in
-    *--url=*)
-        URL=$(echo "$ARGS" | grep -oE -- '--url=[^[:space:]]+' | cut -d= -f2)
-        ;;
-esac
-SPEC_NAME=$(echo "$ARGS" | sed 's/--url=[^ ]*//g' | xargs)
-[ -z "$SPEC_NAME" ] && SPEC_NAME=$(cat .flow/.active-spec 2>/dev/null)
-[ -z "$SPEC_NAME" ] && { echo "✗ No active spec"; exit 1; }
-```
-
-## Step 2: Detect chrome-devtools MCP
-
-```bash
-# If MCP is not up, flow-qa-engineer will fall back to static QA
-# Do not block here; the agent will handle it
-```
-
-## Step 3: Confirm dev server URL
-
-If `--url` is not given, ask:
-```
-AskUserQuestion:
-  question: "What is your dev server URL?"
-  options:
-    - http://localhost:3000 (common)
-    - http://localhost:5173 (Vite)
-    - Other (custom)
-```
-
-## Step 4: Dispatch Oliver
-
-```
-Task:
-  subagent_type: general-purpose
-  description: "QA: $SPEC_NAME"
-  prompt: |
-    You are the flow-qa-engineer agent (Oliver). Full definition:
-    ${CLAUDE_PLUGIN_ROOT}/agents/flow-qa-engineer.md
-    
-    Target:
-    spec_name: $SPEC_NAME
-    URL: $URL
-    
-    Prerequisites:
-    - .flow/specs/$SPEC_NAME/requirements.md (AC list)
-    - .flow/specs/$SPEC_NAME/design.md (error paths + NFR)
-    
-    Workflow:
-    1. Detect chrome-devtools MCP (mcp__chrome-devtools__*)
-       - Available → real-browser QA
-       - Unavailable → static QA, clearly inform the user
-    2. Run the happy path (once per AC)
-    3. Run edge cases (at least 4 of the 7 categories in edge-case-gate)
-    4. Performance trace (LCP / INP / CLS)
-    5. Accessibility scan
-    6. Save screenshots to .flow/specs/$SPEC_NAME/qa-screenshots/
-    7. Generate .flow/specs/$SPEC_NAME/qa-report.md
-    
-    Return to me:
-    - Bug count (categorized by severity)
-    - Performance data (measured, not estimated)
-    - Accessibility warnings
-    - Recommended next steps
-```
-
-## Step 5: Read + report
-
-```bash
-REPORT=".flow/specs/$SPEC_NAME/qa-report.md"
-[ ! -f "$REPORT" ] && { echo "⚠ QA report was not generated"; exit 1; }
-
-HIGH_BUGS=$(grep -c "\[high\]" "$REPORT" || echo 0)
-MED_BUGS=$(grep -c "\[medium\]" "$REPORT" || echo 0)
-LOW_BUGS=$(grep -c "\[low\]" "$REPORT" || echo 0)
-```
-
-## Step 6: Output to user
-
-```
-🔬 QA complete: $SPEC_NAME
-
-Findings:
-  [high]: $HIGH_BUGS
-  [medium]: $MED_BUGS
-  [low]: $LOW_BUGS
-
-Report: .flow/specs/$SPEC_NAME/qa-report.md
-Screenshots: .flow/specs/$SPEC_NAME/qa-screenshots/
-
-Next steps:
-- Fix high-severity bugs → /curdx-flow:implement --task=QA-fix
-- Or add tasks to Phase 3.X in tasks.md
-- Retest: /curdx-flow:qa
-```
-
-## Error recovery
-
-- chrome-devtools MCP not installed → recommend `/curdx-flow:install-deps` or `claude mcp add chrome-devtools`
-- Dev server not running → prompt the user to start it and rerun
-- URL not accessible → prompt to check (`curl -I $URL`)

package/commands/requirements.md

@@ -1,146 +0,0 @@
----
-name: requirements
-description: Run the requirements stage — dispatch the flow-product-designer agent to generate user stories + FR/NFR, producing requirements.md
-argument-hint: "[spec-name]"
-allowed-tools: [Read, Write, Bash, Task, AskUserQuestion]
----
-
-# Requirements Stage
-
-Dispatch the `flow-product-designer` agent to translate research directions into user stories.
-
-## Step 1: Resolve spec + preflight checks
-
-```bash
-SPEC_NAME="${ARGUMENTS:-$(cat .flow/.active-spec 2>/dev/null)}"
-
-[ -z "$SPEC_NAME" ] && { echo "❌ Run /curdx-flow:start first"; exit 1; }
-[ ! -f ".flow/specs/$SPEC_NAME/research.md" ] && {
-    echo "❌ research.md missing. Run /curdx-flow:research first"
-    exit 1
-}
-```
-
-Verify the status of research:
-
-```bash
-python3 -c "
-import re
-fm = open('.flow/specs/$SPEC_NAME/research.md').read()[:500]
-m = re.search(r'status:\s*(\w+)', fm)
-status = m.group(1) if m else 'unknown'
-if status not in ('completed', 'approved'):
-    print(f'⚠ research status: {status}')
-    print('Recommend completing the research stage before continuing')
-"
-```
-
-## Step 2: Open question check
-
-If research.md lists open questions but no user answers are visible, prompt:
-
-```
-⚠ research.md has unanswered open questions:
-  Q1: ...
-  Q2: ...
-
-You can:
-  1. Answer the questions first (write them to STATE.md or state them), then run /curdx-flow:requirements
-  2. Let the agent continue based on reasonable assumptions (assumptions will be listed explicitly in requirements.md)
-
-Continue? (continue / answer / skip)
-```
-
-Use AskUserQuestion.
-
-## Step 3: Update state + dispatch agent
-
-```python
-# Mark in_progress
-import json
-s = json.load(open(f'.flow/specs/{SPEC_NAME}/.state.json'))
-s.setdefault('phase_status',{})['requirements']='in_progress'
-s['phase']='requirements'
-json.dump(s, open(f'.flow/specs/{SPEC_NAME}/.state.json','w'), indent=2, ensure_ascii=False)
-```
-
-Task dispatch:
-
-```
-Task:
-  subagent_type: general-purpose
-  description: "Requirements design $SPEC_NAME"
-  prompt: |
-    You are the flow-product-designer agent. Full definition at:
-    ${CLAUDE_PLUGIN_ROOT}/agents/flow-product-designer.md
-    
-    Prerequisite files:
-    - .flow/specs/$SPEC_NAME/research.md (must read)
-    - .flow/PROJECT.md
-    - .flow/CONTEXT.md
-    
-    Template:
-    ${CLAUDE_PLUGIN_ROOT}/templates/requirements.md.tmpl
-    
-    Output:
-    .flow/specs/$SPEC_NAME/requirements.md
-    
-    Workflow:
-    1. Read research.md to understand recommended directions
-    2. Generate user stories (US-NN) — at least 2
-    3. At least 3 acceptance criteria per US (AC-X.Y), must cover happy path + edges + errors
-    4. Extract FR (functional requirements) + NFR (at least performance and security)
-    5. Explicit Out of Scope (at least 3 items)
-    6. List open questions (if user decisions are needed)
-    7. Update .state.json and .progress.md
-    
-    If multiple reasonable interpretations exist, you MUST AskUserQuestion — do not silently pick a direction.
-    
-    Success criteria:
-    - At least 2 US, all from the user's perspective (non-technical language)
-    - Each AC testable (can be written as curl / assert)
-    - At least 3 FR, NFR covers at least P and S
-    - Out of Scope lists at least 3 items
-    
-    Return a brief when finished.
-```
-
-## Step 4: Output verification
-
-```bash
-REQ_FILE=".flow/specs/$SPEC_NAME/requirements.md"
-
-# Count US / FR / AC
-US_COUNT=$(grep -c "^### US-" "$REQ_FILE" || echo 0)
-FR_COUNT=$(grep -c "^- \*\*FR-" "$REQ_FILE" || echo 0)
-AC_COUNT=$(grep -c "^- AC-" "$REQ_FILE" || echo 0)
-
-echo "  US: $US_COUNT, FR: $FR_COUNT, AC: $AC_COUNT"
-
-# Minimum requirements
-[ "$US_COUNT" -lt 2 ] && echo "⚠ Fewer than 2 user stories"
-[ "$FR_COUNT" -lt 3 ] && echo "⚠ Fewer than 3 functional requirements"
-[ "$AC_COUNT" -lt 6 ] && echo "⚠ Fewer than 6 acceptance criteria (average < 3 per US)"
-```
-
-## Step 5: Output
-
-```
-✓ requirements stage complete
-
-File:                .flow/specs/$SPEC_NAME/requirements.md
-User stories:        N
-Functional reqs:     M
-Acceptance criteria: K
-
-Next steps:
-  - Review requirements.md
-  - If the agent listed open questions, answer them before entering design
-  - /curdx-flow:design  — enter design stage
-```
-
-## Error recovery
-
-- research.md missing → prompt to run /curdx-flow:research first
-- Agent times out → requirements may be too complex, consider splitting into an Epic (/curdx-flow:triage, see Phase 4)
-- Agent made a major interpretation without asking the user → the user can annotate requirements.md and request a correction

package/commands/research.md

@@ -1,141 +0,0 @@
----
-name: research
-description: Run the research stage — dispatch the flow-researcher agent to deeply explore the problem, producing research.md
-argument-hint: "[spec-name]"
-allowed-tools: [Read, Write, Bash, Task]
----
-
-# Research Stage
-
-Dispatch the `flow-researcher` agent to complete the research stage of a spec.
-
-## Step 1: Resolve target spec
-
-```bash
-# Use the argument if provided; otherwise use the active spec
-if [ -n "$ARGUMENTS" ]; then
-    SPEC_NAME="$ARGUMENTS"
-else
-    SPEC_NAME=$(cat .flow/.active-spec 2>/dev/null)
-fi
-
-if [ -z "$SPEC_NAME" ] || [ ! -d ".flow/specs/$SPEC_NAME" ]; then
-    echo "❌ Spec does not exist. Use /curdx-flow:start <name> \"<goal>\" to create a new spec"
-    exit 1
-fi
-```
-
-## Step 2: Preflight checks
-
-```bash
-# The research stage has no prerequisites; just verify the spec directory is ready
-if [ ! -f ".flow/specs/$SPEC_NAME/.state.json" ]; then
-    echo "❌ Spec state file missing. Run /curdx-flow:start to re-initialize"
-    exit 1
-fi
-```
-
-If research.md already exists with status=completed:
-- Ask the user whether to overwrite (AskUserQuestion)
-- Default: do not overwrite; suggest `/curdx-flow:requirements` to move to the next step
-
-## Step 3: Update state
-
-```bash
-# Mark the research stage as in_progress
-python3 <<'EOF'
-import json
-from pathlib import Path
-state_file = Path(f".flow/specs/$SPEC_NAME/.state.json")
-state = json.loads(state_file.read_text())
-state.setdefault("phase_status", {})["research"] = "in_progress"
-state["phase"] = "research"
-state_file.write_text(json.dumps(state, indent=2, ensure_ascii=False))
-EOF
-```
-
-## Step 4: Dispatch the flow-researcher agent
-
-Using the Task tool:
-
-```
-Task:
-  subagent_type: general-purpose
-  description: "Research $SPEC_NAME"
-  prompt: |
-    You are the flow-researcher agent. Your full responsibilities and workflow are at:
-    ${CLAUDE_PLUGIN_ROOT}/agents/flow-researcher.md
-    
-    Spec prerequisites to read:
-    - .flow/specs/$SPEC_NAME/.state.json (goal + state)
-    - .flow/PROJECT.md
-    - .flow/CONTEXT.md  
-    - .flow/STATE.md
-    
-    Template (you must populate and write to research.md):
-    ${CLAUDE_PLUGIN_ROOT}/templates/research.md.tmpl
-    
-    Output file:
-    .flow/specs/$SPEC_NAME/research.md
-    
-    Workflow requirements:
-    1. Load context (Step 1)
-    2. Call mcp__claude_mem__search to retrieve history (Step 2)
-    3. sequential-thinking 5+ rounds for problem understanding (Step 3)
-    4. Glob/Grep to scan existing code (Step 4)
-    5. context7 to look up the latest docs for 2-3 technical options (Step 5)
-    6. WebSearch to supplement (Step 6, if needed)
-    7. Write research.md (based on the template, replacing placeholders)
-    8. Update .state.json and .progress.md (Step 8)
-    
-    Success criteria:
-    - research.md exists and matches the template structure
-    - Problem understanding section has 3+ explicit assumptions
-    - 2-3 technical options, each referencing context7 results
-    - Code analysis includes actual file paths found
-    - Recommended direction + rationale is clear
-    - At least 1 open question (unless the research is fully unambiguous)
-    
-    Forbidden:
-    - Writing library APIs from memory
-    - Skipping context7 queries
-    - sequentialthinking < 5 rounds
-    - Creating any new files outside research.md
-    
-    When done, return a brief (findings, recommendations, open questions).
-```
-
-## Step 5: After the agent completes
-
-Read the agent-generated research.md and verify that key sections exist:
-
-```bash
-for section in "Problem Understanding" "Technical Options" "Existing Code Analysis" "Feasibility" "Recommended Direction"; do
-    if ! grep -q "$section" ".flow/specs/$SPEC_NAME/research.md" 2>/dev/null; then
-        echo "⚠ research.md missing section: $section"
-    fi
-done
-```
-
-If any section is missing, emit a warning but do not block (the user decides whether to re-run).
-
-## Step 6: Output suggestions
-
-```
-✓ research stage complete
-
-File:     .flow/specs/$SPEC_NAME/research.md
-
-Next steps:
-  - Read research.md and confirm the recommended direction is reasonable
-  - Answer the open questions listed by the agent (if any)
-  - /curdx-flow:requirements  — enter the requirements stage
-  
-  To re-research, just run /curdx-flow:research again
-```
-
-## Error recovery
-
-- research.md generation fails → check MCP status (/curdx-flow:doctor), retry
-- Agent exceeds 40 turns → the research is too complex, narrow the target scope
-- context7 unavailable → the agent falls back to WebSearch, but must explicitly inform the user

package/commands/security.md

@@ -1,109 +0,0 @@
----
-name: security
-description: Security audit — OWASP Top 10 + STRIDE + dependency CVEs. Dispatches flow-security-auditor (Serena).
-argument-hint: "[spec-name]"
-allowed-tools: [Read, Write, Bash, Task, Grep, Glob, WebSearch]
----
-
-# Flow Security — Security Audit
-
-@${CLAUDE_PLUGIN_ROOT}/gates/security-gate.md
-
-Dispatches `flow-security-auditor` (Serena) to perform a full security audit.
-
-## When to use
-
-- Specs touching authentication / authorization / payments / PII
-- Pre-release gate
-- After adding new API endpoints
-- After dependency upgrades
-
-## Step 1: Preflight
-
-```bash
-SPEC_NAME="${ARGUMENTS:-$(cat .flow/.active-spec 2>/dev/null)}"
-
-# Can still run without an active spec (global security scan)
-if [ -z "$SPEC_NAME" ]; then
-    echo "ℹ No active spec; running a security scan across the entire codebase"
-    SPEC_NAME="_global"
-fi
-```
-
-## Step 2: Dispatch Serena
-
-```
-Task:
-  subagent_type: general-purpose
-  description: "Security Audit: $SPEC_NAME"
-  prompt: |
-    You are the flow-security-auditor agent (Serena). Full definition:
-    ${CLAUDE_PLUGIN_ROOT}/agents/flow-security-auditor.md
-    
-    Audit scope:
-    $([ "$SPEC_NAME" = "_global" ] && echo "Entire codebase" || echo ".flow/specs/$SPEC_NAME/ + related code")
-    
-    Prerequisites:
-    - OWASP Top 10 (2021) checklist
-    - STRIDE threat modeling
-    - package.json (npm audit)
-    - Project auth / data-layer code
-    
-    Workflow:
-    1. Scan OWASP 10 categories in parallel
-       - A01: Broken access control
-       - A02: Cryptography
-       - A03: Injection
-       - A04: Insecure Design
-       - A05: Misconfiguration
-       - A06: CVE (npm audit)
-       - A07: Auth failures
-       - A08: Integrity
-       - A09: Logging
-       - A10: SSRF
-    2. STRIDE threat modeling (≥6 rounds of sequential-thinking)
-    3. context7 to check CVEs for critical dependencies
-    4. Manual review of suspicious areas
-    5. Generate security-audit.md
-    
-    Output:
-    - .flow/specs/$SPEC_NAME/security-audit.md (or .flow/security-audit-global.md)
-    
-    Return to me:
-    - Findings classified by risk (high/medium/low)
-    - Number of must-fix items
-    - Recommended order
-```
-
-## Step 3: Output
-
-```bash
-REPORT=".flow/specs/$SPEC_NAME/security-audit.md"
-[ "$SPEC_NAME" = "_global" ] && REPORT=".flow/security-audit-global.md"
-
-HIGH=$(grep -c "\[High\]" "$REPORT" || echo 0)
-MED=$(grep -c "\[Medium\]" "$REPORT" || echo 0)
-LOW=$(grep -c "\[Low\]" "$REPORT" || echo 0)
-```
-
-```
-🔒 Security Audit complete
-
-Risk distribution:
-  High:   $HIGH (must fix, blocks release)
-  Medium: $MED (recommended to fix)
-  Low:    $LOW (as needed)
-
-Report: $REPORT
-
-Next steps:
-- High risk → /curdx-flow:implement adds fix tasks
-- Or STATE.md explicitly waives + commits to a fix timeline
-- After fixing → /curdx-flow:security to re-audit
-```
-
-## Error recovery
-
-- npm audit requires package.json → non-Node projects skip this class
-- context7 unavailable → use WebSearch to supplement CVE queries
-- No active spec → global scan mode

package/commands/sketch.md

@@ -1,118 +0,0 @@
----
-name: sketch
-description: UI design sketch — invokes the frontend-design skill to generate multiple HTML variants. Dispatches flow-ux-designer (Emma).
-argument-hint: "[spec-name] [\"<description>\"]"
-allowed-tools: [Read, Write, Bash, Task, WebSearch, AskUserQuestion]
----
-
-# Flow Sketch — UI Sketch
-
-Dispatches `flow-ux-designer` (Emma) to use the **frontend-design skill** to generate tasteful UI variants.
-
-## Step 1: Parse arguments
-
-```bash
-ARGS="$ARGUMENTS"
-# The first word may be spec-name (if such a spec exists); otherwise it is the description
-
-SPEC_NAME=""
-DESCRIPTION=""
-
-FIRST_WORD=$(echo "$ARGS" | awk '{print $1}')
-if [ -d ".flow/specs/$FIRST_WORD" ]; then
-    SPEC_NAME="$FIRST_WORD"
-    DESCRIPTION=$(echo "$ARGS" | sed "s/^$FIRST_WORD//" | sed 's/^["\x27]//;s/["\x27]$//' | xargs)
-else
-    DESCRIPTION=$(echo "$ARGS" | sed 's/^["\x27]//;s/["\x27]$//')
-fi
-
-[ -z "$SPEC_NAME" ] && SPEC_NAME=$(cat .flow/.active-spec 2>/dev/null)
-```
-
-## Step 2: Preflight checks
-
-```bash
-# Requires at least an active spec (to read CONTEXT.md)
-if [ -z "$SPEC_NAME" ] && [ -z "$DESCRIPTION" ]; then
-    echo "Usage: /curdx-flow:sketch [spec] \"<description of what to sketch>\""
-    echo "Example: /curdx-flow:sketch \"login form\""
-    exit 1
-fi
-
-# Check frontend-design skill (if unavailable, fall back)
-```
-
-## Step 3: Ask for the variant count
-
-```
-AskUserQuestion:
-  Question: "How many variants to generate?"
-  Options:
-    - 2 (compare minimalist vs distinctive)
-    - 3 (recommended — adds a dense variant)
-    - Custom
-```
-
-## Step 4: Dispatch Emma
-
-```
-Task:
-  subagent_type: general-purpose
-  description: "UI Sketch: $DESCRIPTION"
-  prompt: |
-    You are the flow-ux-designer agent (Emma). Full definition:
-    ${CLAUDE_PLUGIN_ROOT}/agents/flow-ux-designer.md
-    
-    Task:
-    - Description: $DESCRIPTION
-    - Spec: $SPEC_NAME (optional)
-    - Variant count: $VARIANT_COUNT
-    
-    Prerequisites:
-    - .flow/CONTEXT.md (user UI preferences)
-    - .flow/specs/$SPEC_NAME/requirements.md (if present)
-    - .flow/specs/$SPEC_NAME/design.md (if present)
-    - .flow/specs/$SPEC_NAME/ui-research.md (if /curdx-flow:ui-research has been run)
-    
-    Workflow:
-    1. Detect the frontend-design skill
-       - Available: activate it to guide design choices
-       - Unavailable: use Tailwind + shadcn defaults and explicitly announce the fallback
-    2. Read user preferences (CONTEXT.md)
-    3. Generate N variant HTMLs (each a single file, zero dependencies, CDN Tailwind)
-    4. Generate an index.html comparison page (iframes side by side)
-    5. Generate decisions.md explaining the rationale for each variant
-    
-    Output directory:
-    .flow/specs/$SPEC_NAME/ui-sketch/ (or .flow/sketches/<slug>/)
-    
-    Return to me:
-    - The list of generated variants + what distinguishes each
-    - Recommended direction (based on CONTEXT.md)
-    - Preview command (how to open index.html)
-```
-
-## Step 5: Output
-
-```
-🎨 Sketch complete
-
-Variants:
-  variant-a-minimalist.html   (system font + whitespace)
-  variant-b-distinctive.html  (custom font + micro animations)
-  variant-c-dense.html        (information-dense — suited for admin)
-
-Decisions: .flow/specs/<name>/ui-sketch/decisions.md
-Comparison page: open .flow/specs/<name>/ui-sketch/index.html
-
-Next steps:
-- Pick a variant → tell me → I'll convert the HTML into production components
-- Or /curdx-flow:qa to verify interactions in the browser
-- Clone another reference → /curdx-flow:ui-research <feature>
-```
-
-## Error recovery
-
-- frontend-design skill not installed → Emma falls back and announces it
-- Variants are too similar → ask the user to re-run with more specific guidance
-- No spec and no description → at least one must be supplied