@dv.nghiem/flowdeck 0.3.2 → 0.3.4

package/src/commands/fd-verify.md

@@ -0,0 +1,126 @@
+---
+description: Verify feature completion — run full test suite, reviewer, and deploy check against the current phase
+argument-hint: [--phase=N] [--env=staging|production]
+---
+
+# Verify
+
+Run the full verification pipeline for the current feature: tests, code review, and deploy check.
+
+**Input:** $ARGUMENTS — optional `--phase=N` to target a specific phase, `--env` for deploy check environment
+
+## Pre-flight
+
+1. Check `.planning/STATE.md` exists — if not, error: "Run /fd-new-project first."
+2. Read current phase N from STATE.md.
+3. Confirm `steps_complete` in STATE.md is non-empty — if empty, warn: "No steps completed yet. Run /fd-execute first."
+
+## Process
+
+### Step 1: Gather Scope
+
+Collect files changed in the current feature:
+```bash
+git diff --name-only HEAD
+```
+
+If no changed files, use all files in the current phase directory as scope.
+
+### Step 2: Run Checks in Parallel
+
+Launch all four checks simultaneously:
+
+**Check A: Full Test Suite (@tester)**
+```bash
+npm test
+```
+All tests must pass. No failures, no unexplained skips.
+
+**Check B: Code Review (@reviewer)**
+Review all changed files:
+- Security: secrets, injection vulnerabilities, auth gaps
+- Quality: critical bugs, missing error handling, TDD discipline
+- Conventions: naming, patterns, import style
+- Test coverage >= 80% for changed files — flag as HIGH if below
+
+**Check C: Security Scan (@security-auditor)**
+- No hardcoded secrets
+- Input validation at trust boundaries
+- Auth/authz on all protected routes
+- No CRITICAL or HIGH vulnerabilities
+
+**Check D: Deploy Check**
+Run pre-deployment suite:
+```bash
+npm audit --audit-level=high
+npm run build
+```
+No HIGH/CRITICAL CVEs. Build must succeed.
+
+### Step 3: Aggregate Results
+
+Present consolidated report:
+
+```
+════════════════════════════════════════════════════
+VERIFICATION: Phase <N> — <feature name>
+════════════════════════════════════════════════════
+
+| Check         | Status           | Details              |
+|---------------|------------------|----------------------|
+| Tests         | ✅ PASS / ❌ FAIL | N/N passed           |
+| Code Review   | ✅ PASS / ❌ FAIL | [findings summary]   |
+| Security      | ✅ PASS / ❌ FAIL | [findings summary]   |
+| CVE Audit     | ✅ PASS / ❌ FAIL | [vulnerabilities]    |
+| Build         | ✅ PASS / ❌ FAIL | [errors]             |
+
+────────────────────────────────────────────────────
+Verdict: ✅ VERIFIED | ❌ NOT VERIFIED
+════════════════════════════════════════════════════
+```
+
+### Step 4: Go / No-Go
+
+**✅ VERIFIED** — all checks pass:
+- Update STATE.md: set `status` to `verified`, `last_action` to `"Phase N verified"`
+- Report next steps (deploy, increment phase, etc.)
+
+**❌ NOT VERIFIED** — one or more checks failed:
+```
+Verdict: NOT VERIFIED
+
+Required fixes:
+- [ ] [fix 1]
+- [ ] [fix 2]
+
+Run /fd-verify again after fixing.
+```
+Do NOT update STATE.md to verified status.
+
+## No-Go Conditions (automatic)
+
+Any of these → automatic NOT VERIFIED:
+- Test failures
+- CRITICAL security vulnerability
+- HIGH/CRITICAL CVE unpatched
+- Build error
+- Code review CRITICAL finding
+
+## State Update on Success
+
+```yaml
+status: verified
+last_action: "Phase N verified — all checks passed"
+verified_at: "<timestamp>"
+```
+
+## Error Handling
+
+- If `.planning/` not found: error "Run /fd-new-project first."
+- If STATE.md not found: error "Project not initialized."
+- If test runner not found: error with remediation (e.g., "No test script in package.json")
+- No partial state update on error.
+
+## Completion
+
+Report: verification result, check statuses, any required fixes, and suggested next step.

package/src/rules/README.md

@@ -6,6 +6,16 @@ Coding standards for projects using FlowDeck. These define conventions that Flow
 
 Rules are loaded **automatically** by the FlowDeck plugin. No manual configuration is needed — when FlowDeck is installed, all rule files in this directory are injected into OpenCode's `instructions` at startup.
 
+## Rule Precedence
+
+When guidance conflicts, FlowDeck resolves precedence in this order:
+
+1. Repository governance files (`AGENTS.md`, `CLAUDE.md`)
+2. FlowDeck plugin rules from `src/rules/**`
+3. Runtime policies from `.codebase/POLICIES.json`
+
+This keeps repository-specific expectations authoritative while still allowing runtime policy learning.
+
 ## Selective Rules (Optional)
 
 If you want to override the default set and load only specific rules, add them to `opencode.json` under `instructions`:

package/src/rules/common/agent-orchestration.md

@@ -15,7 +15,7 @@ FlowDeck provides 23 specialist agents. Each has a specific role. Using the righ
 | `@discusser` | Extract requirements via Q&A | Starting a new feature or phase |
 | `@doc-updater` | Update docs after code changes | After implementation completes |
 | `@plan-checker` | Review PLAN.md before execution | Before executing any plan |
-| `@mapper` | Map codebase to .codebase/ docs | Running /map-codebase |
+| `@mapper` | Map codebase to .codebase/ docs | Running /fd-map-codebase |
 | `@orchestrator` | Coordinate multi-agent execution | Managing a full feature delivery |
 | `@parallel-coordinator` | Run parallel agent workstreams | When tasks can run simultaneously |
 | `@performance-optimizer` | Profile and fix performance issues | When app is slow or before release |
@@ -76,9 +76,9 @@ discuss → plan → execute → review
 
 | Phase | Agent | Command |
 |-------|-------|---------|
-| discuss | `@discusser` | `/discuss` |
-| plan | `@planner` → `@plan-checker` | `/plan` |
-| execute | `@orchestrator` → `@coder`, `@tester`, etc. | `/new-feature` |
-| review | `@reviewer` + `@security-auditor` | `/review-code` |
+| discuss | `@discusser` | `/fd-discuss` |
+| plan | `@planner` → `@plan-checker` | `/fd-plan` |
+| execute | `@orchestrator` → `@coder`, `@tester`, etc. | `/fd-new-feature` |
+| review | `@reviewer` + `@security-auditor` | `/fd-review-code` |
 
 Do not skip phases. The orchestrator enforces phase gating automatically.

package/src/rules/common/coding-style.md

@@ -2,6 +2,23 @@
 
 Language-agnostic coding conventions followed by all FlowDeck agents.
 
+## Core Principles
+
+| # | Rule | Description |
+|---|------|-------------|
+| 1 | **No Redundant Code** | No redundant arguments, methods, or attributes. Each piece of code must serve a purpose. |
+| 2 | **Simplicity** | Code should be simple and easy to understand. Prefer clarity over cleverness. |
+| 3 | **Clear Commands** | Code should have clear, explicit commands. No ambiguity in intent. |
+| 4 | **Extensibility** | Prefer minimal designs for current requirements. Add extension points only when required by active scope. |
+| 5 | **Documentation** | Add comments when needed to explain non-obvious tradeoffs or constraints; avoid boilerplate file headers. |
+| 6 | **Information Security** | Comply with information security best practices. No secrets, no injections, no XSS. |
+| 7 | **Memory Optimization** | Optimize memory usage to the minimum possible. Avoid unnecessary allocations. |
+| 8 | **Speed** | Process speed should be as fast as possible. Prefer efficient algorithms and data structures. |
+| 9 | **Single Responsibility** | Each function/class does one thing well. Easier to test, debug, and extend. |
+| 10 | **Testability** | Code should be easy to test in isolation. Avoid hidden dependencies and global state. |
+| 11 | **Consistency** | Follow existing patterns in the codebase. Consistency over personal preference. |
+| 12 | **Resource Cleanup** | Always release resources (connections, file handles, timers). Use try-finally or defer. |
+
 ## Immutability
 
 Always create new objects and arrays. Never mutate parameters.

package/src/rules/typescript/patterns.md

@@ -102,7 +102,7 @@ class UserService {
 
 ## Result Types for Error Handling
 
-Never throw in business logic. Use Result types.
+Prefer explicit error contracts (Result types or typed exceptions) for business logic. Use one pattern consistently within a module.
 
 ```typescript
 type Ok<T> = { ok: true; value: T };

package/src/skills/backend-patterns/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: backend-patterns
+description: Backend architecture patterns for services, APIs, data access, and middleware design.
+origin: FlowDeck
+---
+
 # backend-patterns
 
 ## When to Activate

package/src/skills/clean-architecture/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: clean-architecture
+description: Apply Clean Architecture boundaries to keep domain logic isolated from frameworks and infrastructure.
+origin: FlowDeck
+---
+
 # clean-architecture
 
 ## When to Activate

package/src/skills/cqrs/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: cqrs
+description: Command Query Responsibility Segregation patterns for separating write and read models.
+origin: FlowDeck
+---
+
 # CQRS (Command Query Responsibility Segregation)
 
 ## When to Activate

package/src/skills/ddd-architecture/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: ddd-architecture
+description: Domain-Driven Design patterns for bounded contexts, aggregates, and ubiquitous language.
+origin: FlowDeck
+---
+
 # ddd-architecture
 
 ## When to Activate

package/src/skills/event-driven-architecture/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: event-driven-architecture
+description: Event-driven architecture patterns for asynchronous workflows and decoupled services.
+origin: FlowDeck
+---
+
 # Event-Driven Architecture
 
 ## When to Activate

package/src/skills/hexagonal-architecture/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: hexagonal-architecture
+description: Ports-and-adapters architecture patterns for testable, framework-independent domain logic.
+origin: FlowDeck
+---
+
 # hexagonal-architecture
 
 ## When to Activate

package/src/skills/layered-architecture/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: layered-architecture
+description: Layered architecture patterns for separating presentation, application, domain, and data layers.
+origin: FlowDeck
+---
+
 # layered-architecture
 
 ## When to Activate

package/src/skills/postgres-patterns/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: postgres-patterns
+description: PostgreSQL schema, query, indexing, and performance patterns.
+origin: FlowDeck
+---
+
 # postgres-patterns
 
 ## When to Activate

package/src/skills/saga-architecture/SKILL.md

@@ -1,3 +1,9 @@
+---
+name: saga-architecture
+description: Saga coordination patterns for distributed transactions with compensating actions.
+origin: FlowDeck
+---
+
 # saga-architecture
 
 ## When to Activate