@curdx/flow 2.1.0 → 2.2.0

package/schemas/skill-frontmatter.schema.json

@@ -0,0 +1,72 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://curdx-flow.dev/schemas/skill-frontmatter.schema.json",
+  "title": "CurdX-Flow Skill Frontmatter",
+  "description": "Supported YAML frontmatter fields for skills/<name>/SKILL.md.",
+  "type": "object",
+  "required": ["name", "description"],
+  "additionalProperties": false,
+  "properties": {
+    "name": {
+      "type": "string",
+      "pattern": "^[a-z0-9][a-z0-9-]{0,63}$"
+    },
+    "description": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Concise trigger summary. Keep detailed trigger phrases in when_to_use."
+    },
+    "when_to_use": {
+      "type": "string",
+      "description": "Additional trigger phrases appended to description in the skill listing."
+    },
+    "argument-hint": {
+      "type": "string"
+    },
+    "arguments": {
+      "oneOf": [
+        { "type": "string" },
+        { "type": "array", "items": { "type": "string" } }
+      ]
+    },
+    "disable-model-invocation": {
+      "type": "boolean"
+    },
+    "user-invocable": {
+      "type": "boolean"
+    },
+    "allowed-tools": {
+      "oneOf": [
+        { "type": "string" },
+        { "type": "array", "items": { "type": "string" } }
+      ]
+    },
+    "model": {
+      "type": "string"
+    },
+    "effort": {
+      "type": "string",
+      "enum": ["low", "medium", "high", "xhigh", "max"]
+    },
+    "context": {
+      "type": "string",
+      "enum": ["fork"]
+    },
+    "agent": {
+      "type": "string"
+    },
+    "hooks": {
+      "type": "object"
+    },
+    "paths": {
+      "oneOf": [
+        { "type": "string" },
+        { "type": "array", "items": { "type": "string" } }
+      ]
+    },
+    "shell": {
+      "type": "string",
+      "enum": ["bash", "powershell"]
+    }
+  }
+}

package/schemas/spec-state.schema.json

@@ -17,7 +17,7 @@
     },
     "goal": {
       "type": "string",
-      "description": "One-sentence goal from /flow-start"
+      "description": "One-sentence goal from /curdx-flow:start"
     },
     "mode": {
       "type": "string",
@@ -29,6 +29,11 @@
       "enum": ["auto", "subagent", "stop-hook", "wave", "linear"],
       "default": "auto"
     },
+    "quickMode": {
+      "type": "boolean",
+      "default": false,
+      "description": "When true, execution hooks block AskUserQuestion and agents must record assumptions instead of asking."
+    },
     "phase": {
       "type": "string",
       "enum": [

package/skills/brownfield-index/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: brownfield-index
-description: Invoke when the user is new to an unfamiliar / legacy / brownfield codebase and wants a structural understanding — module map, component inventory, API surface, data flow. Triggers on "legacy code", "brownfield", "unfamiliar", "new to this code", "new to this project", "just joined", "inherited codebase", "explore codebase", "understand structure", "index code", "map modules", "tour", "onboard", "what is this project".
+description: Use when the user needs structural understanding of an unfamiliar, inherited, legacy, or brownfield codebase.
+when_to_use: Triggers on "legacy code", "brownfield", "unfamiliar", "new to this code", "new to this project", "just joined", "inherited codebase", "explore codebase", "understand structure", "index code", "map modules", "tour", "onboard", "what is this project".
 allowed-tools: [Read, Grep, Glob, Bash]
 ---
 

package/skills/browser-qa/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: browser-qa
-description: Invoke when the user wants to test a UI/frontend in a real browser — accessibility, performance, console errors, network traffic, visual regression. Triggers on "browser test", "test in browser", "UI test", "e2e test", "frontend test", "accessibility", "a11y", "WCAG", "lighthouse", "performance audit", "console error", "network request", "cross-browser", "responsive", "mobile test", "visual regression", "screenshot".
+description: Use when the user needs real-browser QA for a UI or frontend flow.
+when_to_use: Triggers on "browser test", "test in browser", "UI test", "e2e test", "frontend test", "accessibility", "a11y", "WCAG", "lighthouse", "performance audit", "console error", "network request", "cross-browser", "responsive", "mobile test", "visual regression", "screenshot".
 allowed-tools: [Read, Write, Bash, Grep, Glob, WebFetch]
 ---
 
@@ -10,7 +11,7 @@ You are invoked when the user wants real-browser QA of a UI flow.
 
 ## Preconditions
 
-1. `chrome-devtools` MCP is available (`mcp__chrome-devtools__*`). If missing, fall back to a manual checklist.
+1. `chrome-devtools` MCP is available (`mcp__chrome_devtools__*`). If missing, fall back to a manual checklist.
 2. A URL (dev server or deployed) is available. Prompt for it if not provided.
 
 ## Workflow
@@ -25,8 +26,8 @@ Confirm with the user:
 ### Step 2: Dispatch `flow-qa-engineer`
 
 Delegate to the `flow-qa-engineer` agent. It will:
-1. Open the target URL via `mcp__chrome-devtools__new_page`
-2. Drive the flow with `mcp__chrome-devtools__click` / `fill` / `navigate`
+1. Open the target URL via `mcp__chrome_devtools__new_page`
+2. Drive the flow with `mcp__chrome_devtools__click` / `fill` / `navigate_page`
 3. Capture `list_console_messages`, `list_network_requests`, `take_screenshot`, optionally `lighthouse_audit`
 4. Compare against expected behavior
 

package/skills/debug/SKILL.md

@@ -2,6 +2,7 @@
 name: debug
 description: Systematic debugging — 4-phase methodology (root cause → pattern → hypothesis → fix); three failures trigger architectural questioning. Routes to flow-debugger.
 argument-hint: "\"<bug description>\""
+disable-model-invocation: true
 context: fork
 agent: flow-debugger
 ---

package/skills/epic/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: epic
-description: Invoke when user wants to break a large feature into multiple smaller specs with a dependency graph. Triggers on "epic", "big feature", "too big", "decompose", "break down", "break into", "split into", "multi-spec", "multiple features", "sub-features", "vertical slice", "parent feature", "large scope", "won't fit in one sprint", "needs splitting".
+description: Use when the user needs to decompose a large feature into smaller vertical-slice specs with dependencies.
+when_to_use: Triggers on "epic", "big feature", "too big", "decompose", "break down", "break into", "split into", "multi-spec", "multiple features", "sub-features", "vertical slice", "parent feature", "large scope", "won't fit in one sprint", "needs splitting".
 allowed-tools: [Read, Write, Grep, Glob, Bash]
 ---
 

package/skills/fast/SKILL.md

@@ -2,7 +2,8 @@
 name: fast
 description: Ultra-fast execution — skip all spec phases and implement directly per the description. Suited for one-shot small tasks.
 argument-hint: "\"<task description>\""
-allowed-tools: [Read, Write, Edit, Bash, Grep, Glob, Task]
+disable-model-invocation: true
+allowed-tools: [Read, Write, Edit, Bash, Grep, Glob, Agent]
 ---
 
 # Flow Fast — Ultra-Fast Execution

package/skills/help/SKILL.md

@@ -2,6 +2,7 @@
 name: help
 description: Show CurdX-Flow command list, workflow overview, or troubleshooting guide. With a command name, show that command's detail.
 argument-hint: "[<command-name> | workflow | troubleshoot]"
+disable-model-invocation: true
 allowed-tools: [Read, Bash]
 ---
 

package/skills/implement/SKILL.md

@@ -2,7 +2,8 @@
 name: implement
 description: Execute spec tasks — the Strategy Router picks linear/subagent/stop-hook/wave based on task characteristics. Atomic commit per task.
 argument-hint: "[spec-name] [--strategy=auto|linear|subagent|stop-hook|wave] [--task=<id>] [--quick]"
-allowed-tools: [Read, Write, Edit, Bash, Task, Grep, Glob]
+disable-model-invocation: true
+allowed-tools: [Read, Write, Edit, Bash, Agent, Grep, Glob]
 ---
 
 # Flow Implement — Execute Spec
@@ -77,7 +78,7 @@ echo "✓ Selected strategy: $STRATEGY"
 
 **Decision tree explanation**:
 - Few tasks / strong dependencies → `linear` (main agent executes sequentially)
-- Many parallel opportunities → `wave` (parallel Task dispatch within a wave)
+- Many parallel opportunities → `wave` (parallel Agent dispatch within a wave)
 - Long chain + quick mode → `stop-hook` (auto-loop, requires hook support)
 - Medium scale → `subagent` (isolated context per task)
 
@@ -127,7 +128,7 @@ If there are 5 failures, stop + TASK_FAILED.
 For each remaining task, dispatch flow-executor:
 
 ```
-Task:
+Agent:
   subagent_type: general-purpose
   description: "Execute $SPEC_NAME task $TASK_ID"
   prompt: |
@@ -162,11 +163,11 @@ After the agent completes, read the output marker:
 See `skills/implement/references/wave-execution.md` for the full walkthrough.
 Knowledge-layer canonical algorithm: `@${CLAUDE_PLUGIN_ROOT}/knowledge/wave-execution.md`.
 
-**Core**: consecutive `[P]` tasks form a wave; dispatch multiple Tasks in parallel within a single response; serial across waves. The execution loop is:
+**Core**: consecutive `[P]` tasks form a wave; dispatch multiple Agent calls in parallel within a single response; serial across waves. The execution loop is:
 
 1. **DAG analysis** — group remaining `[ ]` tasks by `[P]` / `[SEQUENTIAL]` / `[VERIFY]` tags; conflicting `Files` sets split into a new wave.
 2. **Pre-conflict detection** — within each wave, assert per-task `Files` are disjoint; auto-split if not.
-3. **Dispatch** — list multiple `Task(...)` tool calls in a single main-agent response (splitting across responses = serial degradation; nested `Task` dispatches forbidden). Each Task prompt follows the subagent strategy's uniform format (see `references/wave-execution.md` Step 3).
+3. **Dispatch** — list multiple `Agent(...)` tool calls in a single main-agent response (splitting across responses = serial degradation; nested `Agent` dispatches forbidden). Each Agent prompt follows the subagent strategy's uniform format (see `references/wave-execution.md` Step 3).
 4. **Aggregate** — parse each result for `TASK_COMPLETE` / `TASK_FAILED`; run post-hoc conflict detection via git diff to confirm executors only touched declared files.
 5. **Failure handling** — 0 failed → next wave; 1 failed → `config.wave_fail_policy` (`continue-on-single` or `stop-on-any`); ≥2 failed → likely environment issue, stop immediately; cumulative `failed_attempts >= 3` → stop, user intervention.
 6. **Progress feedback** — print a wave summary after each wave (see `references/wave-execution.md` Step 6).

package/skills/implement/references/wave-execution.md

@@ -5,7 +5,7 @@ implement skill routes to the `wave` strategy. The knowledge-layer canonical
 algorithm lives in `@${CLAUDE_PLUGIN_ROOT}/knowledge/wave-execution.md`;
 this file is the walkthrough the skill itself embeds for implementers.
 
-**Core**: consecutive `[P]` tasks form a wave, dispatch multiple Tasks in
+**Core**: consecutive `[P]` tasks form a wave, dispatch multiple Agent calls in
 parallel within a single message, serial across waves.
 
 ## Step 1: DAG Analysis
@@ -51,13 +51,13 @@ If the planner mis-tagged `[P]` (modifies the same file), split the wave automat
 ## Step 3: Dispatch a Single Wave (key: within a single response)
 
 ```
-# List multiple Task tool calls in one response of the main agent:
-Task(description="Execute 1.1", prompt=<...flow-executor + task_id=1.1...>)
-Task(description="Execute 1.2", prompt=<...flow-executor + task_id=1.2...>)
-Task(description="Execute 1.3", prompt=<...flow-executor + task_id=1.3...>)
+# List multiple Agent tool calls in one response of the main agent:
+Agent(description="Execute 1.1", prompt=<...flow-executor + task_id=1.1...>)
+Agent(description="Execute 1.2", prompt=<...flow-executor + task_id=1.2...>)
+Agent(description="Execute 1.3", prompt=<...flow-executor + task_id=1.3...>)
 ```
 
-Each Task prompt follows a uniform format (similar to subagent strategy):
+Each Agent prompt follows a uniform format (similar to subagent strategy):
 
 ```
 You are the flow-executor agent. Full definition:
@@ -82,12 +82,12 @@ Output:
 ```
 
 **Not allowed**:
-- Splitting multiple Task calls across multiple responses (that is serial degradation)
-- Nesting another Task dispatch inside a Task
+- Splitting multiple Agent calls across multiple responses (that is serial degradation)
+- Nesting another Agent dispatch inside an Agent
 
 ## Step 4: Aggregate Wave Results
 
-Wait for all Tasks to return:
+Wait for all Agent calls to return:
 
 ```python
 completed = []; failed = []

package/skills/init/SKILL.md

@@ -2,6 +2,7 @@
 name: init
 description: Initialize the CurdX-Flow project structure (create the .flow/ directory and core files)
 argument-hint: "[--force]"
+disable-model-invocation: true
 allowed-tools: [Read, Write, Bash, AskUserQuestion]
 ---
 

package/skills/review/SKILL.md

@@ -2,7 +2,8 @@
 name: review
 description: Two-stage code review — Stage 1 spec compliance, Stage 2 code quality. Optional flags add adversarial review, edge-case hunting, or developer-experience audit.
 argument-hint: "[--stage=<1|2|both>] [--adversarial] [--edge-case] [--devex]"
-allowed-tools: [Read, Bash, Task, Grep, Glob]
+disable-model-invocation: true
+allowed-tools: [Read, Bash, Agent, Grep, Glob]
 ---
 
 # Two-Stage Code Review

package/skills/security-audit/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: security-audit
-description: Invoke when the user wants a security review — OWASP Top 10, STRIDE threat modeling, credential handling, injection, secrets, sensitive data handling. Triggers on "security", "auth", "authentication", "credential", "password", "secret", "API key", "token", "OWASP", "STRIDE", "CVE", "vulnerability", "injection", "XSS", "CSRF", "SSRF", "SQL injection", "hardcoded secret", "sensitive data", "leak", "will my API key leak", "is this safe".
+description: Use when the user needs security review of code, specs, credentials, sensitive data, or dependency risk.
+when_to_use: Triggers on "security", "auth", "authentication", "credential", "password", "secret", "API key", "token", "OWASP", "STRIDE", "CVE", "vulnerability", "injection", "XSS", "CSRF", "SSRF", "SQL injection", "hardcoded secret", "sensitive data", "leak", "will my API key leak", "is this safe".
 allowed-tools: [Read, Grep, Glob, Bash, WebSearch]
 ---
 

package/skills/spec/SKILL.md

@@ -2,7 +2,8 @@
 name: spec
 description: Generate or refresh a feature specification. By default runs research → requirements → design → tasks in sequence. Flags let you target a single phase, stop early, regenerate, or tack on a multi-dimensional planning review.
 argument-hint: "[--phase=<X[,Y,...]>] [--until=<X>] [--review[=<dim[,dim]>]] [--regenerate] [--resume]"
-allowed-tools: [Read, Write, Bash, Task, AskUserQuestion]
+disable-model-invocation: true
+allowed-tools: [Read, Write, Bash, Agent, AskUserQuestion]
 ---
 
 # Generate or Refresh the Active Spec
@@ -70,7 +71,7 @@ Read and update `.state.json.phase` after each phase succeeds.
 
 ## Phase execution
 
-For each phase in the resolved list, dispatch a sub-agent via the `Task` tool:
+For each phase in the resolved list, dispatch a subagent via the `Agent` tool:
 
 ### research → `flow-researcher`
 Inputs: spec goal + one-line description from `.state.json`.
@@ -176,7 +177,7 @@ If `--review` (or `--review=<dims>`) is present:
 
 1. **Precondition**: `design.md` must exist. If missing, error: "Design missing. Run `/curdx-flow:spec --phase=design` first."
 2. Parse the dims: `all` expands to `ceo,eng,design,dx`.
-3. Dispatch review agents in parallel via `Task` (one per dim):
+3. Dispatch review agents in parallel via `Agent` (one per dim):
 
 | Dim | Agent | Focus |
 |-----|-------|-------|

package/skills/start/SKILL.md

@@ -2,7 +2,8 @@
 name: start
 description: Smart entry point — create a new spec, resume an existing one, or switch between specs. Replaces v1's /start + /switch.
 argument-hint: "[<spec-name>] [\"<one-line goal>\"] [--resume] [--list] [--mode=<fast|standard|enterprise>]"
-allowed-tools: [Read, Write, Bash, AskUserQuestion, Task]
+disable-model-invocation: true
+allowed-tools: [Read, Write, Bash, AskUserQuestion, Agent]
 ---
 
 # Start or Resume a Feature Spec

package/skills/ui-sketch/SKILL.md

@@ -1,6 +1,7 @@
 ---
 name: ui-sketch
-description: Invoke when the user wants UI design drafts — components, layouts, variants, mockups, CSS/theme/styling decisions. Triggers on "design UI", "UI design", "component layout", "variants", "wireframe", "mockup", "prototype", "sketch", "draft layout", "visual design", "styling", "CSS", "theming", "dark mode", "responsive design", "color scheme", "build me a UI", "show several variants", "try different colors".
+description: Use when the user needs UI design drafts, layout variants, mockups, prototypes, or styling direction.
+when_to_use: Triggers on "design UI", "UI design", "component layout", "variants", "wireframe", "mockup", "prototype", "sketch", "draft layout", "visual design", "styling", "CSS", "theming", "dark mode", "responsive design", "color scheme", "build me a UI", "show several variants", "try different colors".
 allowed-tools: [Read, Write, Bash, WebSearch]
 ---
 

package/skills/verify/SKILL.md

@@ -2,6 +2,7 @@
 name: verify
 description: Goal-backward verification — trace from every FR / AC / AD in the active spec to the code and tests, detect stubs and fake completions. The differentiator command. Optionally adds multi-source coverage audit with --strict.
 argument-hint: "[--strict]"
+disable-model-invocation: true
 context: fork
 agent: flow-verifier
 ---
@@ -35,7 +36,7 @@ For EACH assertion in the spec, walk goal-backward:
 2. For **code-only**: grep the codebase for matching symbols, find the
    implementing file + line, find a test that exercises it, run the test
    (`npm test` or the declared `Verify` command), capture pass/fail.
-3. For **UI-facing**: browser verification via `mcp__chrome-devtools__*`
+3. For **UI-facing**: browser verification via `mcp__chrome_devtools__*`
    is required. `jsdom` / `happy-dom` unit tests are insufficient. If the
    browser MCP isn't available, mark the AC **unverified — browser MCP
    missing** and include a CRITICAL section in the report; do NOT

package/templates/CONTEXT.md.tmpl

@@ -50,4 +50,4 @@
 
 ---
 
-_Generated by `/flow-init` on {{CREATED_DATE}}. Update to match your actual preferences._
+_Generated by `/curdx-flow:init` on {{CREATED_DATE}}. Update to match your actual preferences._

package/templates/PROJECT.md.tmpl

@@ -56,4 +56,4 @@ TODO:
 
 ---
 
-_Generated by `/flow-init` on {{CREATED_DATE}}. Maintainer: {{USER_NAME}}_
+_Generated by `/curdx-flow:init` on {{CREATED_DATE}}. Maintainer: {{USER_NAME}}_

package/templates/config.json.tmpl

@@ -2,13 +2,14 @@
   "$schema": "https://raw.githubusercontent.com/wdx/curdx-flow/main/schemas/config.schema.json",
   "version": "1.0",
   "mode": "standard",
-  "_mode_options": "sketch | fast | standard | enterprise | autonomous",
+  "_mode_options": "fast | standard | enterprise",
 
   "execution": {
     "strategy": "auto",
     "_strategy_options": "auto | subagent | stop-hook | wave | linear",
     "max_parallel": 5,
-    "subagent_threshold": 8
+    "subagent_threshold": 8,
+    "wave_fail_policy": "continue-on-single"
   },
 
   "gates": {
@@ -18,14 +19,13 @@
     ],
     "standard_mode": [
       "tdd-gate",
-      "coverage-audit-gate",
-      "simplicity-gate"
+      "coverage-audit-gate"
     ],
     "enterprise_mode": [
       "adversarial-review-gate",
       "edge-case-gate",
-      "hard-gate",
-      "security-gate"
+      "security-gate",
+      "devex-gate"
     ]
   },
 

package/templates/progress.md.tmpl

@@ -45,7 +45,7 @@ _(none)_
 
 <!-- What to do next. Must be filled in before ending the session. -->
 
-- [ ] Enter the research phase: run `/flow-research`
+- [ ] Enter the research phase: run `/curdx-flow:spec --phase=research`
 
 ## Questions for User
 
@@ -55,4 +55,4 @@ _(none)_
 
 ---
 
-_Spec initialized on {{CREATED_DATE}}._
+_Spec initialized by `/curdx-flow:start` on {{CREATED_DATE}}._