@fredericboyer/dev-team 0.4.1 → 0.6.0

package/templates/skills/dev-team-audit/SKILL.md

@@ -83,3 +83,9 @@ Same grouping. Include actionable recommendations.
 ### Recommended next steps
 
 Numbered list of concrete actions, ordered by priority. Each action should reference the specific finding it addresses.
+
+### Completion
+
+After the audit report is delivered:
+1. Spawn **@dev-team-borges** (Librarian) to review memory freshness and capture learnings from the audit findings. This is mandatory.
+2. Include Borges's recommendations in the final report.

package/templates/skills/dev-team-review/SKILL.md

@@ -66,3 +66,9 @@ Group by severity:
 - **Request changes** — `[DEFECT]` findings must be resolved.
 
 State the verdict clearly. List what must be fixed for approval if requesting changes.
+
+### Completion
+
+After the review report is delivered:
+1. Spawn **@dev-team-borges** (Librarian) to review memory freshness and capture any learnings from the review findings. This is mandatory.
+2. Include Borges's recommendations in the final report.

package/templates/skills/dev-team-security-status/SKILL.md

@@ -0,0 +1,43 @@
+---
+name: security-status
+description: Check GitHub security signals — code scanning, Dependabot, secret scanning, and compliance status. Use at session start and before releases.
+user_invocable: true
+---
+
+# Security Status Check
+
+Proactively monitor all GitHub Advanced Security signals for this repository.
+
+## Steps
+
+1. **Run all checks in parallel** using the Bash tool with `gh api`. Derive {owner}/{repo} from `gh repo view --json nameWithOwner --jq .nameWithOwner`:
+
+   - Code scanning alerts (CodeQL, code quality): `gh api --paginate repos/{owner}/{repo}/code-scanning/alerts?state=open`
+   - Dependabot alerts (vulnerable dependencies): `gh api --paginate repos/{owner}/{repo}/dependabot/alerts?state=open`
+   - Secret scanning alerts: `gh api --paginate repos/{owner}/{repo}/secret-scanning/alerts?state=open`
+   - Pending Dependabot PRs: `gh pr list --label dependencies`
+   - Copilot review status on open PRs: check reviews on each open PR
+
+2. **Report findings** in a summary table:
+
+| Signal | Status | Details |
+|--------|--------|---------|
+| Code Scanning (CodeQL) | X open alerts | severity breakdown |
+| Dependabot Security | X open alerts | affected packages |
+| Dependabot Updates | X pending PRs | age of oldest |
+| Secret Scanning | X open alerts | types |
+| Copilot Review | X comments on open PRs | blocking? |
+
+3. **Classify findings:**
+   - `[DEFECT]` — Critical/high severity security alerts, exposed secrets
+   - `[RISK]` — Medium severity alerts, stale Dependabot PRs (>7 days)
+   - `[SUGGESTION]` — Low severity, informational
+
+4. **Recommend actions** for any open alerts — who should fix, urgency, and whether it blocks the current work.
+
+## When to run
+
+- **Every session start** — quick baseline check
+- **Before creating a release** — compliance gate
+- **After merging Dependabot PRs** — verify alerts resolved
+- **On request** — `/dev-team:security-status`

package/templates/skills/dev-team-task/SKILL.md

@@ -50,6 +50,48 @@ Each iteration:
 
 The Stop hook (`dev-team-task-loop.js`) manages iteration counting and re-injection.
 
+## Parallel mode
+
+When multiple issues are being addressed in a single session, the task loop switches to parallel orchestration (see ADR-019). Drucker coordinates all phases.
+
+### Phase 0: Brooks pre-assessment (batch)
+Spawn @dev-team-brooks once with all issues. Brooks identifies:
+- **File independence**: which issues touch overlapping files (conflict groups that must run sequentially)
+- **ADR needs** across the batch
+- **Architectural interactions** between issues
+
+Issues in the same conflict group execute sequentially. Independent issues proceed in parallel.
+
+### Phase 1: Parallel implementation
+Drucker spawns one implementing agent per independent issue, each on its own branch (`feat/<issue>-<description>`). Agents work concurrently without awareness of each other. Track state in `.claude/dev-team-parallel.json`:
+```json
+{
+  "mode": "parallel",
+  "issues": [
+    { "issue": 42, "branch": "feat/42-add-auth", "agent": "dev-team-voss", "status": "implementing" },
+    { "issue": 43, "branch": "feat/43-fix-nav", "agent": "dev-team-mori", "status": "implementing" }
+  ],
+  "phase": "implementation",
+  "conflictGroups": [[42, 55]],
+  "reviewWave": null
+}
+```
+
+### Phase 2: Review wave
+Reviews do **not** start until **all** implementation agents have completed. Once all are done, spawn review agents (Szabo + Knuth, plus conditional reviewers) in parallel across all branches simultaneously. Each reviewer receives the diff for one specific branch and produces classified findings scoped to that branch.
+
+### Phase 3: Defect routing
+Collect all findings. Route `[DEFECT]` items back to the original implementing agent for each branch. Agents fix defects on their own branch. After fixes, another review wave runs. Continue until no `[DEFECT]` findings remain or the per-branch iteration limit is reached.
+
+### Phase 4: Borges completion
+Borges runs **once** across all branches after the final review wave clears. This ensures cross-branch coherence: memory files are consistent, learnings are not duplicated, and system improvement recommendations consider the full batch.
+
+### Convergence criteria
+Parallel mode is complete when:
+1. All branches have zero `[DEFECT]` findings, OR the per-branch iteration limit (default: 10) is reached
+2. Borges has run across all branches
+3. `.claude/dev-team-parallel.json` is deleted
+
 ## Completion
 
 When the loop exits: