@fredericboyer/dev-team 0.1.2 → 0.3.0

package/templates/hooks/dev-team-tdd-enforce.js

@@ -12,13 +12,21 @@
  * Exit 2 = block, exit 0 = allow.
  */
 
-'use strict';
+"use strict";
 
-const { execFileSync } = require('child_process');
-const path = require('path');
+const { execFileSync } = require("child_process");
+const path = require("path");
 
-const input = JSON.parse(process.argv[2] || '{}');
-const filePath = (input.tool_input && (input.tool_input.file_path || input.tool_input.path)) || '';
+let input = {};
+try {
+  input = JSON.parse(process.argv[2] || "{}");
+} catch (err) {
+  console.warn(
+    `[dev-team tdd-enforce] Warning: Failed to parse hook input, allowing operation. ${err.message}`,
+  );
+  process.exit(0);
+}
+const filePath = (input.tool_input && (input.tool_input.file_path || input.tool_input.path)) || "";
 
 if (!filePath) {
   process.exit(0);
@@ -28,20 +36,27 @@ const basename = path.basename(filePath);
 const ext = path.extname(filePath);
 
 // Skip non-code files
-const SKIP_EXTENSIONS = ['.md', '.json', '.yml', '.yaml', '.toml', '.txt', '.css', '.svg', '.png', '.jpg', '.gif', '.ico', '.lock'];
+const SKIP_EXTENSIONS = [
+  ".md",
+  ".json",
+  ".yml",
+  ".yaml",
+  ".toml",
+  ".txt",
+  ".css",
+  ".svg",
+  ".png",
+  ".jpg",
+  ".gif",
+  ".ico",
+  ".lock",
+];
 if (SKIP_EXTENSIONS.includes(ext)) {
   process.exit(0);
 }
 
 // Skip if the file IS a test file
-const TEST_PATTERNS = [
-  /\.test\./,
-  /\.spec\./,
-  /_test\./,
-  /\/__tests__\//,
-  /\/test\//,
-  /\/tests\//,
-];
+const TEST_PATTERNS = [/\.test\./, /\.spec\./, /_test\./, /\/__tests__\//, /\/test\//, /\/tests\//];
 
 if (TEST_PATTERNS.some((p) => p.test(filePath))) {
   process.exit(0);
@@ -64,10 +79,10 @@ if (SKIP_PATTERNS.some((p) => p.test(filePath))) {
 }
 
 // Check if any test file has been modified in this session
-let changedFiles = '';
+let changedFiles = "";
 try {
-  changedFiles = execFileSync('git', ['diff', '--name-only'], {
-    encoding: 'utf-8',
+  changedFiles = execFileSync("git", ["diff", "--name-only"], {
+    encoding: "utf-8",
     timeout: 5000,
   });
 } catch {
@@ -76,7 +91,7 @@ try {
 }
 
 const hasTestChanges = changedFiles
-  .split('\n')
+  .split("\n")
   .filter(Boolean)
   .some((f) => TEST_PATTERNS.some((p) => p.test(f)));
 
@@ -88,19 +103,23 @@ if (hasTestChanges) {
 // No test changes — check if a corresponding test file already exists.
 // This allows refactoring (modifying existing tested code) without
 // requiring the test file to also be modified.
-const fs = require('fs');
+const fs = require("fs");
 const dir = path.dirname(filePath);
 const name = path.basename(filePath, ext);
 
 const CANDIDATE_PATTERNS = [
   path.join(dir, `${name}.test${ext}`),
   path.join(dir, `${name}.spec${ext}`),
-  path.join(dir, '__tests__', `${name}${ext}`),
-  path.join(dir, '__tests__', `${name}.test${ext}`),
+  path.join(dir, "__tests__", `${name}${ext}`),
+  path.join(dir, "__tests__", `${name}.test${ext}`),
 ];
 
 const hasExistingTests = CANDIDATE_PATTERNS.some((candidate) => {
-  try { return fs.statSync(candidate).isFile(); } catch { return false; }
+  try {
+    return fs.statSync(candidate).isFile();
+  } catch {
+    return false;
+  }
 });
 
 if (hasExistingTests) {
@@ -110,6 +129,6 @@ if (hasExistingTests) {
 
 // No test changes AND no existing test file — block
 console.error(
-  `[dev-team tdd-enforce] TDD violation: "${basename}" modified but no corresponding test file exists. Write tests first.`
+  `[dev-team tdd-enforce] TDD violation: "${basename}" modified but no corresponding test file exists. Write tests first.`,
 );
 process.exit(2);

package/templates/hooks/dev-team-watch-list.js

@@ -0,0 +1,84 @@
+#!/usr/bin/env node
+
+/**
+ * dev-team-watch-list.js
+ * PostToolUse hook on Edit/Write.
+ *
+ * Reads configurable file-pattern-to-agent mappings from .claude/dev-team.json
+ * and outputs structured spawn recommendations when patterns match.
+ * Advisory only — always exits 0.
+ *
+ * Config format in dev-team.json:
+ * {
+ *   "watchLists": [
+ *     { "pattern": "src/db/", "agents": ["dev-team-codd"], "reason": "database code changed" },
+ *     { "pattern": "\\.graphql$", "agents": ["dev-team-mori", "dev-team-voss"], "reason": "API schema changed" }
+ *   ]
+ * }
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+
+let input = {};
+try {
+  input = JSON.parse(process.argv[2] || "{}");
+} catch (err) {
+  console.warn(
+    `[dev-team watch-list] Warning: Failed to parse hook input, allowing operation. ${err.message}`,
+  );
+  process.exit(0);
+}
+
+const filePath = (input.tool_input && (input.tool_input.file_path || input.tool_input.path)) || "";
+
+if (!filePath) {
+  process.exit(0);
+}
+
+// Read watch list config
+let watchLists = [];
+try {
+  const prefsPath = path.join(process.cwd(), ".claude", "dev-team.json");
+  const prefs = JSON.parse(fs.readFileSync(prefsPath, "utf-8"));
+  watchLists = prefs.watchLists || [];
+} catch {
+  // No config or invalid — skip silently
+  process.exit(0);
+}
+
+if (watchLists.length === 0) {
+  process.exit(0);
+}
+
+const matches = [];
+
+for (const entry of watchLists) {
+  if (!entry.pattern || !entry.agents) continue;
+
+  try {
+    const regex = new RegExp(entry.pattern);
+    if (regex.test(filePath)) {
+      for (const agent of entry.agents) {
+        if (!matches.some((m) => m.agent === agent)) {
+          matches.push({
+            agent,
+            reason: entry.reason || `file matched pattern: ${entry.pattern}`,
+          });
+        }
+      }
+    }
+  } catch {
+    // Invalid regex — skip this entry
+    continue;
+  }
+}
+
+if (matches.length > 0) {
+  const agentList = matches.map((m) => `@${m.agent} (${m.reason})`).join(", ");
+  console.log(`[dev-team watch-list] Spawn recommended: ${agentList}`);
+}
+
+process.exit(0);

package/templates/settings.json

@@ -11,6 +11,10 @@
           {
             "type": "command",
             "command": "node .claude/hooks/dev-team-tdd-enforce.js"
+          },
+          {
+            "type": "command",
+            "command": "node .claude/hooks/dev-team-watch-list.js"
           }
         ]
       }

package/templates/skills/dev-team-audit/SKILL.md

@@ -0,0 +1,85 @@
+---
+name: dev-team:audit
+description: Full codebase audit combining security, quality, and tooling assessments. Use to run a comprehensive scan with Szabo (security), Knuth (quality), and Deming (tooling) in parallel. Can be scoped to specific directories or file patterns.
+---
+
+Run a comprehensive audit of: $ARGUMENTS
+
+## Setup
+
+1. Determine the audit scope:
+   - If a directory or file pattern is given, scope the audit to those paths
+   - If no argument, audit the entire codebase
+   - Respect `.gitignore` — skip `node_modules/`, `dist/`, build artifacts
+
+2. The audit always spawns three specialist agents:
+   - **@dev-team-szabo** — Security audit
+   - **@dev-team-knuth** — Quality and correctness audit
+   - **@dev-team-deming** — Tooling and automation audit
+
+## Execution
+
+1. Spawn all three agents as **parallel background subagents** using the Agent tool with `subagent_type: "general-purpose"`.
+
+2. Each agent's prompt must include:
+   - The agent's full definition (read from `.claude/agents/<agent>.md`)
+   - The scope (directory/pattern or "full codebase")
+   - Instruction to produce classified findings: `[DEFECT]`, `[RISK]`, `[QUESTION]`, `[SUGGESTION]`
+   - Instruction to read the actual code and tests for full context
+
+3. Agent-specific instructions:
+
+   **Szabo (Security)**:
+   - Map all trust boundaries and entry points
+   - Check for OWASP Top 10 vulnerabilities
+   - Audit auth/authz flows end-to-end
+   - Review secret management and dependency vulnerabilities
+
+   **Knuth (Quality)**:
+   - Identify untested code paths and coverage gaps
+   - Find boundary conditions without tests
+   - Check assertion quality in existing tests
+   - Map test-to-requirement traceability
+
+   **Deming (Tooling)**:
+   - Inventory current tooling (linters, formatters, SAST, CI)
+   - Identify missing automation opportunities
+   - Check for stale dependencies and known vulnerabilities
+   - Evaluate CI pipeline efficiency
+
+4. Wait for all agents to complete.
+
+## Report
+
+Produce a consolidated audit report:
+
+### Executive summary
+
+One paragraph summarizing the overall health of the codebase across all three domains.
+
+### Security findings (@dev-team-szabo)
+
+List all findings, grouped by classification:
+- `[DEFECT]` — must fix
+- `[RISK]` — should address
+- `[QUESTION]` / `[SUGGESTION]` — consider
+
+### Quality findings (@dev-team-knuth)
+
+Same grouping. Include specific files and line references.
+
+### Tooling findings (@dev-team-deming)
+
+Same grouping. Include actionable recommendations.
+
+### Priority matrix
+
+| Priority | Finding | Agent | Action |
+|----------|---------|-------|--------|
+| P0 (fix now) | `[DEFECT]` items | ... | ... |
+| P1 (fix soon) | `[RISK]` items | ... | ... |
+| P2 (improve) | `[SUGGESTION]` items | ... | ... |
+
+### Recommended next steps
+
+Numbered list of concrete actions, ordered by priority. Each action should reference the specific finding it addresses.

package/templates/skills/dev-team-review/SKILL.md

@@ -0,0 +1,68 @@
+---
+name: dev-team:review
+description: Orchestrated multi-agent parallel review. Use to review a PR, branch, or set of changes with multiple specialist agents simultaneously. Spawns agents based on changed file patterns and produces a unified review summary.
+---
+
+Run a multi-agent parallel review of: $ARGUMENTS
+
+## Setup
+
+1. Determine what to review:
+   - If a PR number or branch is given, use `git diff` to get the changed files
+   - If a directory or file pattern is given, review those files
+   - If no argument, review all uncommitted changes (`git diff HEAD`)
+
+2. Categorize changed files by domain to determine which agents to spawn:
+
+| File pattern | Agent | Reason |
+|---|---|---|
+| `auth`, `login`, `password`, `token`, `session`, `crypto`, `secret`, `permission`, `oauth`, `jwt`, `cors`, `csrf` | @dev-team-szabo | Security surface |
+| `/api/`, `/routes/`, `schema`, `.graphql`, `.proto`, `openapi` | @dev-team-mori | API/UI contract |
+| `docker`, `.env`, `config`, `migration`, `database`, `.sql`, `deploy` | @dev-team-voss | Infrastructure |
+| `.github/workflows`, `.claude/`, `tsconfig`, `eslint`, `prettier`, `package.json` | @dev-team-deming | Tooling |
+| `readme`, `changelog`, `.md`, `/docs/` | @dev-team-docs | Documentation |
+| `/adr/`, `architecture`, `/core/`, `/domain/` | @dev-team-architect | Architecture |
+| `package.json`, `version`, `changelog`, release workflows | @dev-team-release | Release artifacts |
+| Any `.js`, `.ts`, `.py`, `.go`, `.java`, `.rs` (non-test) | @dev-team-knuth | Quality/coverage |
+
+3. Always include @dev-team-szabo and @dev-team-knuth — they review all code changes.
+
+## Execution
+
+1. Spawn each selected agent as a **parallel background subagent** using the Agent tool with `subagent_type: "general-purpose"`.
+
+2. Each agent's prompt must include:
+   - The agent's full definition (read from `.claude/agents/<agent>.md`)
+   - The list of changed files relevant to their domain
+   - Instruction to produce classified findings: `[DEFECT]`, `[RISK]`, `[QUESTION]`, `[SUGGESTION]`
+   - Instruction to read the actual code — not just the diff — for full context
+
+3. Wait for all agents to complete.
+
+## Report
+
+Produce a unified review summary:
+
+### Blocking findings ([DEFECT])
+
+List all `[DEFECT]` findings from all agents. These must be resolved before merge.
+
+Format each as:
+```
+**[DEFECT]** @agent-name — file:line
+Description of the defect and why it blocks.
+```
+
+### Advisory findings
+
+Group by severity:
+- **[RISK]** — likely failure modes
+- **[QUESTION]** — decisions needing justification
+- **[SUGGESTION]** — specific improvements
+
+### Verdict
+
+- **Approve** — No `[DEFECT]` findings. Advisory items noted.
+- **Request changes** — `[DEFECT]` findings must be resolved.
+
+State the verdict clearly. List what must be fixed for approval if requesting changes.

package/lib/files.js

@@ -1,160 +0,0 @@
-'use strict';
-
-const fs = require('fs');
-const path = require('path');
-
-/**
- * Returns the absolute path to the templates/ directory within the package.
- */
-function templateDir() {
-  return path.join(__dirname, '..', 'templates');
-}
-
-/**
- * Copies a file from src to dest, creating parent directories as needed.
- * Returns true if the file was written, false if skipped.
- */
-function copyFile(src, dest) {
-  const dir = path.dirname(dest);
-  fs.mkdirSync(dir, { recursive: true });
-  fs.copyFileSync(src, dest);
-  return true;
-}
-
-/**
- * Checks if a file exists.
- */
-function fileExists(absPath) {
-  try {
-    return fs.statSync(absPath).isFile();
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Checks if a directory exists.
- */
-function dirExists(absPath) {
-  try {
-    return fs.statSync(absPath).isDirectory();
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Reads a file and returns its content, or null if it doesn't exist.
- */
-function readFile(absPath) {
-  try {
-    return fs.readFileSync(absPath, 'utf-8');
-  } catch {
-    return null;
-  }
-}
-
-/**
- * Writes content to a file, creating parent directories as needed.
- */
-function writeFile(absPath, content) {
-  const dir = path.dirname(absPath);
-  fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(absPath, content);
-}
-
-/**
- * Deep merges hook configurations from source into target settings.
- * Additive only — never removes existing hooks.
- */
-function mergeSettings(existingPath, newFragment) {
-  let existing = {};
-  try {
-    existing = JSON.parse(fs.readFileSync(existingPath, 'utf-8'));
-  } catch {
-    // File doesn't exist or is invalid — start fresh
-  }
-
-  if (!existing.hooks) {
-    existing.hooks = {};
-  }
-
-  for (const [event, entries] of Object.entries(newFragment.hooks || {})) {
-    if (!existing.hooks[event]) {
-      existing.hooks[event] = entries;
-    } else {
-      // Add entries that don't already exist (by command string)
-      for (const newEntry of entries) {
-        const newCommands = (newEntry.hooks || []).map((h) => h.command);
-        const alreadyExists = existing.hooks[event].some((existingEntry) => {
-          const existingCommands = (existingEntry.hooks || []).map((h) => h.command);
-          return newCommands.every((cmd) => existingCommands.includes(cmd));
-        });
-        if (!alreadyExists) {
-          existing.hooks[event].push(newEntry);
-        }
-      }
-    }
-  }
-
-  fs.writeFileSync(existingPath, JSON.stringify(existing, null, 2) + '\n');
-}
-
-/**
- * Appends content to a file with dev-team markers.
- * If markers already exist, replaces content between them.
- * If file doesn't exist, creates it with just the content.
- */
-function mergeClaudeMd(filePath, newContent) {
-  const BEGIN_MARKER = '<!-- dev-team:begin -->';
-  const END_MARKER = '<!-- dev-team:end -->';
-
-  const existing = readFile(filePath);
-
-  if (!existing) {
-    // File doesn't exist — create with content
-    writeFile(filePath, newContent);
-    return 'created';
-  }
-
-  if (existing.includes(BEGIN_MARKER)) {
-    // Markers exist — replace between them
-    const beforeMarker = existing.substring(0, existing.indexOf(BEGIN_MARKER));
-    const afterMarker = existing.substring(existing.indexOf(END_MARKER) + END_MARKER.length);
-    writeFile(filePath, beforeMarker + newContent + afterMarker);
-    return 'replaced';
-  }
-
-  // No markers — append
-  writeFile(filePath, existing.trimEnd() + '\n\n' + newContent + '\n');
-  return 'appended';
-}
-
-/**
- * Lists all files in a directory recursively.
- */
-function listFilesRecursive(dir) {
-  const results = [];
-  const entries = fs.readdirSync(dir, { withFileTypes: true });
-  for (const entry of entries) {
-    const fullPath = path.join(dir, entry.name);
-    if (entry.isDirectory()) {
-      results.push(...listFilesRecursive(fullPath));
-    } else {
-      results.push(fullPath);
-    }
-  }
-  return results;
-}
-
-module.exports = {
-  templateDir,
-  copyFile,
-  fileExists,
-  dirExists,
-  readFile,
-  writeFile,
-  mergeSettings,
-  mergeClaudeMd,
-  listFilesRecursive,
-};