@defai.digital/cli 13.4.3 → 13.4.5

package/bundled/workflows/refactoring.yaml

@@ -0,0 +1,105 @@
+workflowId: refactoring
+version: "1.0.0"
+name: Code Refactoring Workflow
+description: Systematic code refactoring with safety checks
+
+steps:
+  - stepId: scan-opportunities
+    type: tool
+    name: Scan for Refactoring Opportunities
+    timeout: 120000
+    config:
+      tool: refactor_scan
+      args:
+        types:
+          - extract-function
+          - extract-variable
+          - simplify-conditional
+          - remove-duplication
+          - improve-types
+          - modernize-syntax
+        minConfidence: 0.7
+
+  - stepId: prioritize-refactoring
+    type: prompt
+    name: Prioritize Refactoring Tasks
+    timeout: 60000
+    config:
+      agentId: architecture
+      prompt: |
+        Prioritize refactoring opportunities:
+        1. Impact on maintainability
+        2. Risk level (breaking changes)
+        3. Effort required
+        4. Dependencies affected
+
+  - stepId: create-safety-net
+    type: tool
+    name: Ensure Test Coverage
+    timeout: 120000
+    config:
+      tool: guard_check
+      args:
+        policyId: test-coverage
+        threshold: 80
+        scope: affected-files
+
+  - stepId: apply-refactoring
+    type: tool
+    name: Apply Refactoring
+    timeout: 180000
+    retryPolicy:
+      maxAttempts: 1
+      backoffMs: 1000
+    config:
+      tool: refactor_apply
+      args:
+        dryRun: false
+        createBackup: true
+        runTests: true
+
+  - stepId: verify-behavior
+    type: tool
+    name: Verify Behavior Unchanged
+    timeout: 120000
+    config:
+      tool: guard_check
+      args:
+        policyId: test-pass
+        compareBaseline: true
+
+  - stepId: review-changes
+    type: prompt
+    name: Review Refactored Code
+    timeout: 60000
+    config:
+      agentId: quality
+      prompt: |
+        Review refactored code:
+        1. Verify readability improved
+        2. Check for new issues
+        3. Validate patterns applied correctly
+        4. Ensure documentation updated
+
+  - stepId: update-documentation
+    type: prompt
+    name: Update Documentation
+    timeout: 30000
+    config:
+      agentId: writer
+      prompt: |
+        Update affected documentation:
+        1. API changes
+        2. Architecture changes
+        3. Migration notes if needed
+
+metadata:
+  category: maintenance
+  tags:
+    - refactoring
+    - code-quality
+    - maintenance
+  requiredAbilities:
+    - clean-code
+    - design-patterns
+    - testing-strategy

package/bundled/workflows/security-audit.yaml

@@ -0,0 +1,135 @@
+workflowId: security-audit
+version: "1.0.0"
+name: Security Audit Workflow
+description: Comprehensive security audit and vulnerability assessment
+
+steps:
+  - stepId: define-scope
+    type: prompt
+    name: Define Audit Scope
+    timeout: 30000
+    config:
+      agentId: security
+      prompt: |
+        Define security audit scope:
+        1. Systems and components to audit
+        2. Compliance requirements
+        3. Previous audit findings
+        4. Known vulnerabilities to check
+
+  - stepId: dependency-scan
+    type: tool
+    name: Scan Dependencies
+    timeout: 120000
+    config:
+      tool: bugfix_scan
+      args:
+        categories:
+          - security
+        paths:
+          - package.json
+          - pnpm-lock.yaml
+
+  - stepId: code-security-scan
+    type: tool
+    name: Static Security Analysis
+    timeout: 180000
+    config:
+      tool: bugfix_scan
+      args:
+        categories:
+          - security
+          - injection
+          - authentication
+        minSeverity: low
+        useAst: true
+
+  - stepId: authentication-review
+    type: prompt
+    name: Review Authentication
+    timeout: 90000
+    config:
+      agentId: security
+      prompt: |
+        Review authentication mechanisms:
+        1. Password policies and storage
+        2. Session management
+        3. Token handling
+        4. MFA implementation
+        5. OAuth/OIDC configuration
+
+  - stepId: authorization-review
+    type: prompt
+    name: Review Authorization
+    timeout: 90000
+    config:
+      agentId: security
+      prompt: |
+        Review authorization mechanisms:
+        1. Role-based access control
+        2. Permission enforcement
+        3. Resource ownership checks
+        4. API endpoint protection
+
+  - stepId: data-protection-review
+    type: prompt
+    name: Review Data Protection
+    timeout: 90000
+    config:
+      agentId: security
+      prompt: |
+        Review data protection:
+        1. Encryption at rest
+        2. Encryption in transit
+        3. PII handling
+        4. Data retention policies
+        5. Backup security
+
+  - stepId: infrastructure-review
+    type: prompt
+    name: Review Infrastructure Security
+    timeout: 90000
+    config:
+      agentId: devops
+      prompt: |
+        Review infrastructure security:
+        1. Network segmentation
+        2. Firewall rules
+        3. Container security
+        4. Secret management
+        5. Logging and monitoring
+
+  - stepId: generate-report
+    type: prompt
+    name: Generate Security Report
+    timeout: 120000
+    config:
+      agentId: security
+      prompt: |
+        Generate security audit report:
+        1. Executive summary
+        2. Findings by severity
+        3. Risk assessment
+        4. Remediation recommendations
+        5. Compliance status
+
+  - stepId: create-remediation-tasks
+    type: tool
+    name: Create Remediation Tasks
+    timeout: 30000
+    config:
+      tool: task_create
+      args:
+        type: security-remediation
+        priority: severity-based
+
+metadata:
+  category: security
+  tags:
+    - security
+    - audit
+    - compliance
+  requiredAbilities:
+    - security
+    - infrastructure
+    - compliance

package/bundled/workflows/std/analysis.yaml

@@ -0,0 +1,190 @@
+workflowId: std/analysis
+version: "1.0.0"
+name: Standard Analysis
+description: |
+  General analysis workflow for investigating code, systems, or problems.
+  Provides structured approach to understanding and documenting findings.
+
+metadata:
+  category: analysis
+  tags:
+    - analysis
+    - investigation
+    - research
+  estimatedDuration: 90000
+
+steps:
+  - stepId: gather
+    name: Gather Information
+    type: prompt
+    config:
+      prompt: |
+        You are conducting an analysis. First, gather and organize relevant information.
+
+        ## Analysis Subject
+        ${input.subject}
+
+        ## Analysis Goals
+        ${input.goals}
+
+        ## Context
+        ${input.context}
+
+        Gather information on:
+
+        1. **Subject Overview**
+           - What are we analyzing?
+           - Scope and boundaries
+           - Key components/aspects
+
+        2. **Current State**
+           - How does it work now?
+           - Key characteristics
+           - Known issues or concerns
+
+        3. **Historical Context**
+           - How did we get here?
+           - Previous decisions
+           - Evolution over time
+
+        4. **Stakeholders**
+           - Who is affected?
+           - Who cares about this?
+           - Different perspectives
+
+        5. **Constraints**
+           - Technical limitations
+           - Business constraints
+           - Resource limitations
+
+        6. **Success Criteria**
+           - What makes this analysis successful?
+           - Decisions to be made
+           - Actions to be taken
+    timeoutMs: 45000
+
+  - stepId: analyze
+    name: Deep Analysis
+    type: prompt
+    dependencies:
+      - gather
+    config:
+      prompt: |
+        Based on gathered information:
+        ${previousOutputs.gather}
+
+        Conduct deep analysis:
+
+        ## Findings
+
+        ### Strengths
+        What's working well?
+        - Strength 1: [Description and evidence]
+        - Strength 2: [Description and evidence]
+
+        ### Weaknesses
+        What's not working or could be better?
+        - Weakness 1: [Description, impact, evidence]
+        - Weakness 2: [Description, impact, evidence]
+
+        ### Opportunities
+        What could be improved or leveraged?
+        - Opportunity 1: [Description and potential value]
+        - Opportunity 2: [Description and potential value]
+
+        ### Risks/Threats
+        What could go wrong?
+        - Risk 1: [Description, likelihood, impact]
+        - Risk 2: [Description, likelihood, impact]
+
+        ## Patterns Observed
+        - Pattern 1: [Description]
+        - Pattern 2: [Description]
+
+        ## Comparisons
+        How does this compare to alternatives or best practices?
+
+        ## Root Causes
+        For identified issues, what are the underlying causes?
+    timeoutMs: 60000
+
+  - stepId: recommend
+    name: Recommendations
+    type: prompt
+    dependencies:
+      - analyze
+    config:
+      prompt: |
+        Based on your analysis:
+        ${previousOutputs.analyze}
+
+        Provide recommendations:
+
+        ## Key Insights
+        Most important takeaways from the analysis:
+        1. [Insight 1]
+        2. [Insight 2]
+        3. [Insight 3]
+
+        ## Recommendations
+
+        ### High Priority
+        Actions that should be taken soon:
+        - **Recommendation 1**
+          - What: [Action]
+          - Why: [Justification]
+          - How: [Approach]
+          - Effort: [Estimate]
+
+        ### Medium Priority
+        Actions to plan for:
+        - **Recommendation 2**
+          - What, Why, How, Effort
+
+        ### Low Priority / Future Consideration
+        Ideas for later:
+        - **Recommendation 3**
+          - What, Why, How, Effort
+
+        ## Trade-offs
+        Key trade-offs to consider in decision-making.
+
+        ## Next Steps
+        Immediate actions to take based on this analysis.
+    timeoutMs: 45000
+
+  - stepId: summary
+    name: Create Summary
+    type: prompt
+    dependencies:
+      - recommend
+    config:
+      prompt: |
+        Summarize the analysis:
+        ${previousOutputs.recommend}
+
+        ## Executive Summary
+        2-3 paragraph summary of the analysis and key findings.
+
+        ## Key Findings
+        1. [Finding 1]
+        2. [Finding 2]
+        3. [Finding 3]
+
+        ## Recommendations Summary
+        | Priority | Recommendation | Effort | Impact |
+        |----------|---------------|--------|--------|
+        | High | [Rec 1] | Low/Med/High | Low/Med/High |
+        | Medium | [Rec 2] | ... | ... |
+        | Low | [Rec 3] | ... | ... |
+
+        ## Decision Points
+        Decisions that need to be made based on this analysis.
+
+        ## Action Items
+        - [ ] [Action 1] - [Owner] - [Due]
+        - [ ] [Action 2] - [Owner] - [Due]
+
+        ## Follow-up
+        When/how to revisit this analysis.
+    timeoutMs: 30000

package/bundled/workflows/std/code-review.yaml

@@ -0,0 +1,117 @@
+workflowId: std/code-review
+version: "1.0.0"
+name: Standard Code Review
+description: |
+  Multi-step code review workflow with analysis and recommendations.
+  Analyzes code changes for quality, bugs, security, and performance.
+
+metadata:
+  category: review
+  tags:
+    - code-review
+    - quality
+    - security
+  estimatedDuration: 120000
+
+steps:
+  - stepId: analyze
+    name: Analyze Changes
+    type: prompt
+    config:
+      prompt: |
+        You are conducting a thorough code review. Analyze the code for:
+
+        1. **Code Quality**
+           - Adherence to best practices and coding standards
+           - Code organization and structure
+           - Naming conventions and readability
+           - DRY principles and code reuse
+
+        2. **Potential Bugs**
+           - Logic errors and edge cases
+           - Null/undefined handling
+           - Error handling completeness
+           - Race conditions or concurrency issues
+
+        3. **Security Considerations**
+           - Input validation
+           - Authentication/authorization
+           - Data sanitization
+           - Sensitive data exposure
+
+        4. **Performance**
+           - Algorithm efficiency
+           - Memory usage
+           - Database query optimization
+           - Caching opportunities
+
+        Context and code to review:
+        ${input.context}
+
+        Focus areas (if specified): ${input.scope}
+
+        Provide a detailed analysis organized by category.
+    timeoutMs: 120000
+
+  - stepId: findings
+    name: Generate Findings
+    type: prompt
+    dependencies:
+      - analyze
+    config:
+      prompt: |
+        Based on your code analysis:
+        ${previousOutputs.analyze}
+
+        Generate structured, actionable findings organized by priority:
+
+        ## Critical Issues (Must Fix)
+        Issues that would cause bugs, security vulnerabilities, or data loss.
+        Each issue should include:
+        - Description of the problem
+        - Location in code (if known)
+        - Recommended fix
+        - Why it's critical
+
+        ## Recommendations (Should Consider)
+        Issues that affect maintainability, performance, or code quality.
+        Each recommendation should include:
+        - Description
+        - Impact if not addressed
+        - Suggested improvement
+
+        ## Suggestions (Nice to Have)
+        Minor improvements or style suggestions.
+        Each suggestion should include:
+        - Description
+        - Benefit
+
+        Format each item as an actionable task the author can address.
+    timeoutMs: 60000
+
+  - stepId: summary
+    name: Create Summary
+    type: prompt
+    dependencies:
+      - findings
+    config:
+      prompt: |
+        Create a concise review summary based on your findings:
+        ${previousOutputs.findings}
+
+        Include:
+
+        ## Overall Assessment
+        Choose one: APPROVE / REQUEST_CHANGES / NEEDS_DISCUSSION
+        Brief justification for the assessment.
+
+        ## Key Points for the Author
+        - Most important items to address (max 3-5 bullet points)
+        - What was done well (if applicable)
+
+        ## Suggested Next Steps
+        - Prioritized list of actions
+        - Any follow-up discussions needed
+
+        Keep the summary concise but informative.
+    timeoutMs: 30000

package/bundled/workflows/std/debugging.yaml

@@ -0,0 +1,155 @@
+workflowId: std/debugging
+version: "1.0.0"
+name: Standard Debugging
+description: |
+  Systematic debugging workflow for investigating and resolving issues.
+  Follows a structured approach: reproduce, analyze, hypothesize, fix, verify.
+
+metadata:
+  category: debugging
+  tags:
+    - debugging
+    - bug-fix
+    - troubleshooting
+  estimatedDuration: 180000
+
+steps:
+  - stepId: understand
+    name: Understand the Issue
+    type: prompt
+    config:
+      prompt: |
+        You are investigating a bug or issue. First, understand the problem thoroughly.
+
+        ## Issue Details
+        ${input.errorMessage}
+
+        ## Additional Context
+        ${input.context}
+
+        ## Stack Trace (if available)
+        ${input.stackTrace}
+
+        Analyze and answer:
+
+        1. **What is the expected behavior?**
+           - What should happen under normal circumstances?
+
+        2. **What is the actual behavior?**
+           - What is actually happening?
+           - Is the error consistent or intermittent?
+
+        3. **When does it occur?**
+           - Specific conditions or triggers
+           - User actions that lead to the issue
+
+        4. **What is the scope of impact?**
+           - Which features/users are affected?
+           - Is this blocking critical functionality?
+
+        5. **Initial observations**
+           - Any patterns in the error message/stack trace
+           - Similar issues you've seen before
+    timeoutMs: 60000
+
+  - stepId: investigate
+    name: Root Cause Analysis
+    type: prompt
+    dependencies:
+      - understand
+    config:
+      prompt: |
+        Based on your understanding of the issue:
+        ${previousOutputs.understand}
+
+        Conduct a root cause analysis:
+
+        ## Hypotheses
+        List 2-4 potential root causes, ranked by likelihood:
+        1. Most likely cause and reasoning
+        2. Second most likely cause
+        3. Other possibilities
+
+        ## Evidence Needed
+        For each hypothesis, what evidence would confirm or refute it?
+        - Code to examine
+        - Logs to check
+        - Tests to run
+        - Data to inspect
+
+        ## Investigation Plan
+        Step-by-step plan to identify the root cause:
+        1. First thing to check
+        2. What to do based on findings
+        3. How to narrow down if initial checks inconclusive
+
+        ## Related Code Areas
+        List files/functions that are likely involved based on the error.
+    timeoutMs: 90000
+
+  - stepId: solution
+    name: Propose Solution
+    type: prompt
+    dependencies:
+      - investigate
+    config:
+      prompt: |
+        Based on your investigation:
+        ${previousOutputs.investigate}
+
+        Propose a solution:
+
+        ## Recommended Fix
+        - Description of the fix
+        - Why this addresses the root cause
+        - Code changes needed (be specific)
+
+        ## Alternative Approaches
+        If applicable, list other ways to fix this with pros/cons.
+
+        ## Testing Strategy
+        How to verify the fix works:
+        - Manual testing steps
+        - Unit/integration tests to add
+        - Edge cases to cover
+
+        ## Potential Side Effects
+        - What else might this change affect?
+        - Any regressions to watch for?
+
+        ## Prevention
+        How can we prevent similar issues in the future?
+        - Code patterns to adopt
+        - Tests to add
+        - Monitoring/alerting
+    timeoutMs: 60000
+
+  - stepId: summary
+    name: Create Summary
+    type: prompt
+    dependencies:
+      - solution
+    config:
+      prompt: |
+        Create a debugging summary based on your analysis:
+        ${previousOutputs.solution}
+
+        ## Bug Summary
+        One-sentence description of the bug.
+
+        ## Root Cause
+        Brief explanation of what caused the issue.
+
+        ## Fix
+        Concise description of the solution.
+
+        ## Files to Modify
+        List of files that need changes.
+
+        ## Next Steps
+        1. Immediate action items
+        2. Follow-up tasks
+
+        ## Estimated Effort
+        Simple/Medium/Complex and brief justification.
+    timeoutMs: 30000