@northbridge-security/secureai 0.1.13 → 0.2.1

package/.claude/README.md

@@ -119,4 +119,3 @@ Strict setup:
 - Disable MCP servers outside of Secure AI
 - Allow searching and fetching web content
 - Do not read or edit .env secret files
-

package/.claude/commands/catchup.md

@@ -5,6 +5,7 @@ After `/clear` or new session, understand recent changes and context. This comma
 ## Automation
 
 This command is triggered automatically on session start:
+
 - Hook checks for `.tmp/session.keep` flag
 - If flag missing: runs catchup and creates flag
 - If flag exists: skips (already caught up this session)
@@ -87,4 +88,4 @@ Check .tmp/session.keep
                     │
                     ▼
               /clear → New session
-```
+```

package/.claude/commands/code.md

@@ -2,13 +2,45 @@ Implement a feature from its PRD specification.
 
 ## Input
 
-PRD path: $ARGUMENTS
+Requirement path or task identifier: $ARGUMENTS
 
-Resolve the PRD file path. The PRD is always under `docs/requirements/`. Accept both formats:
+Resolve the requirement file using this priority:
+
+### 1. PRD in docs/requirements/
+
+Accept both formats:
 - Full path: `docs/requirements/prd.feature-name.md`
 - Short name: `prd.feature-name.md` (prepend `docs/requirements/`)
 
-Read the PRD file. If it does not exist, stop and tell the user.
+If the file exists, use it and proceed to Phase 1.
+
+### 2. Plan in ~/.claude/plans/
+
+Accept both formats:
+- Full path: `~/.claude/plans/feature-name.md`
+- Short name: `feature-name.md` (prepend `~/.claude/plans/`)
+
+If the file exists, use it and proceed to Phase 1.
+
+### 3. TODO task in docs/TODO.md
+
+If no file found in steps 1-2, search `docs/TODO.md` for a matching task section:
+- Read the entire TODO.md file
+- Search for headers (lines starting with `##` or `###`) that contain the search text (case-insensitive)
+- If found, extract the full task section including:
+  - The task header
+  - All task items (lines starting with `- [ ]` or `- [x]`)
+  - Any PRD references in the header (e.g., "PRD: prd.feature-name.md")
+- If a PRD reference exists, read that PRD file from `docs/requirements/`
+- If no PRD reference, use the task section content as the requirement specification
+
+### 4. Not Found
+
+If none of the above resolve, stop and tell the user:
+- List the paths checked
+- Suggest running `/todo` to see available tasks
+- Suggest checking `docs/requirements/` for available PRDs
+- Suggest going in to plan mode and refine a new plan to work on
 
 ## Phase 1: Discovery
 
@@ -70,28 +102,37 @@ Create the `*.system.ts` entry point file (excluded from coverage):
 Quality and security verification per `docs/QA.md` and `docs/SECURITY.md`.
 
 ### 6.1 Lint
+
 ```bash
 bunx biome check src/ tests/
 ```
+
 Fix all errors. Zero errors required.
 
 ### 6.2 Type Check
+
 ```bash
 bunx tsc --noEmit
 ```
+
 Fix all errors. Zero errors required.
 
 ### 6.3 Full Test Suite
+
 ```bash
 bun test tests/unit/
 ```
+
 All tests must pass. Zero failures. Coverage thresholds from `bunfig.toml`:
+
 - Line: 80%
 - Statement: 80%
 - Function: 60%
 
 ### 6.4 Security Review
+
 Verify against `docs/SECURITY.md` checklist:
+
 - No `console.log` in production code (Semgrep: `no-console-log-in-production`)
 - No secrets, API keys, or credentials in source (Semgrep: `no-secrets-in-code`)
 - No hardcoded credentials (Semgrep: `no-hardcoded-credentials`)
@@ -100,7 +141,9 @@ Verify against `docs/SECURITY.md` checklist:
 - Managed identity for Azure services (no connection strings in business logic)
 
 ### 6.5 Architecture Review
+
 Verify against `AGENTS.md` clean architecture rules:
+
 - Dependencies point inward (business logic does not import system files)
 - Every external dependency has an `I{Name}` interface
 - System files (`*.system.ts`) contain only thin wrappers

package/.claude/commands/pr.md

@@ -434,16 +434,16 @@ The workflow runs autonomously except:
 
 This command expects these tasks (create stubs if missing):
 
-| Task                           | Purpose          | Required                                       |
-| ------------------------------ | ---------------- | ---------------------------------------------- |
-| `task test` or `task qa`       | Run tests        | Yes                                            |
-| `task lint`                    | Run linting      | Optional                                       |
-| `task deploy`                  | Deploy to stage  | Optional                                       |
-| `task git`                     | List git tasks   | Used for detection (see 2.5)                   |
-| `task git:pr:create FILE=path` | Create PR        | If detected, always used instead of MCP        |
-| `task git:pr:update`           | Update PR        | If detected, always used instead of MCP        |
-| `task git:pr:comments`         | Fetch comments   | Optional (MCP fallback)                        |
-| `task git:runs:log`            | Download CI logs | Optional                                       |
+| Task                           | Purpose          | Required                                |
+| ------------------------------ | ---------------- | --------------------------------------- |
+| `task test` or `task qa`       | Run tests        | Yes                                     |
+| `task lint`                    | Run linting      | Optional                                |
+| `task deploy`                  | Deploy to stage  | Optional                                |
+| `task git`                     | List git tasks   | Used for detection (see 2.5)            |
+| `task git:pr:create FILE=path` | Create PR        | If detected, always used instead of MCP |
+| `task git:pr:update`           | Update PR        | If detected, always used instead of MCP |
+| `task git:pr:comments`         | Fetch comments   | Optional (MCP fallback)                 |
+| `task git:runs:log`            | Download CI logs | Optional                                |
 
 ---
 
@@ -454,7 +454,7 @@ This command expects these tasks (create stubs if missing):
 | Tests fail              | Analyze, fix, retry                       |
 | Deploy fails            | Analyze infrastructure errors, fix, retry |
 | GoTask not available    | Use GitHub MCP (detected in step 2.5)     |
-| PR creation fails       | Report error and ask user for guidance     |
+| PR creation fails       | Report error and ask user for guidance    |
 | CI fails                | Download logs, fix, ask user to push      |
 | Review comments unclear | Ask user for decision                     |
 

package/.claude/commands/todo.md

@@ -8,11 +8,61 @@ List or add todos in `docs/TODO.md`. This file is gitignored - personal task tra
 - **Git status**: Ignored (add to `.gitignore` if not present)
 - **Scope**: Personal/local - not shared with team
 
+## Requirement Document References
+
+When referencing requirement documents in TODO.md, follow these path rules:
+
+### No Path Required
+
+- **Global Claude plans**: `~/.claude/plans/*.md` - Just use filename: `plan-feature.md`
+- **Project requirements**: `docs/requirements/*.md` - Just use filename: `prd.feature.md`
+- **Self-contained tasks**: All information in TODO.md - No reference needed
+
+**Examples**:
+```markdown
+## Feature Implementation
+PRD: prd.auth-system.md
+- [ ] Implement OAuth2 flow
+
+## Database Migration
+Plan: migration-plan.md
+- [ ] Update schema
+```
+
+### Path MUST Be Provided
+
+- **Other repo locations**: Provide repo-relative path
+- **Outside repo**: Provide full filesystem path or URL
+
+**Examples**:
+```markdown
+## Infrastructure Update
+Spec: infrastructure/specs/k8s-migration.md
+- [ ] Migrate to Kubernetes
+
+## External Integration
+API Docs: https://api.example.com/docs/v2
+- [ ] Implement webhook handler
+
+## Shared Documentation
+Guide: /Users/team/shared-docs/security-guidelines.md
+- [ ] Apply security standards
+```
+
+### Validation
+
+The `/code` command will:
+1. Check `~/.claude/plans/` for plan files
+2. Check `docs/requirements/` for PRD files
+3. Check repo-relative paths if provided
+4. Fail with clear error if document not found
+
 ## Tasks
 
 ### Prerequisites
 
 - If `docs/TODO.md` doesn't exist: Create it with template:
+
   ```markdown
   # Project TODOs
 
@@ -21,17 +71,17 @@ List or add todos in `docs/TODO.md`. This file is gitignored - personal task tra
   ## In Progress
 
   | Task | Priority | Notes |
-  |------|----------|-------|
+  | ---- | -------- | ----- |
 
   ## Backlog
 
   | Task | Priority | Notes |
-  |------|----------|-------|
+  | ---- | -------- | ----- |
 
   ## Done
 
   | Task | Completed | Notes |
-  |------|-----------|-------|
+  | ---- | --------- | ----- |
   ```
 
 - If `docs/TODO.md` not in `.gitignore`: Add `docs/TODO.md` to `.gitignore`
@@ -71,11 +121,11 @@ List or add todos in `docs/TODO.md`. This file is gitignored - personal task tra
 
 ## Priority Guidelines
 
-| Priority | When |
-|----------|------|
-| High | Blocking other work, urgent |
-| Medium | Next planned work |
-| Low | Nice to have, future idea |
+| Priority | When                        |
+| -------- | --------------------------- |
+| High     | Blocking other work, urgent |
+| Medium   | Next planned work           |
+| Low      | Nice to have, future idea   |
 
 ## Examples
 
@@ -96,4 +146,4 @@ List or add todos in `docs/TODO.md`. This file is gitignored - personal task tra
 
 /todo done Fix login timeout bug
 → Moved to Done (2024-02-03)
-```
+```

package/.claude/commands/wrapup.md

@@ -76,8 +76,8 @@ Decisions are numbered sequentially (ADR-001, ADR-002, etc.).
 
 ## Index
 
-| ADR | Title | Date | Status |
-|-----|-------|------|--------|
+| ADR     | Title            | Date       | Status   |
+| ------- | ---------------- | ---------- | -------- |
 | ADR-001 | Example decision | 2024-01-15 | Accepted |
 
 ---
@@ -89,15 +89,15 @@ Decisions are numbered sequentially (ADR-001, ADR-002, etc.).
 
 ## What Qualifies as an ADR?
 
-| Include | Exclude |
-|---------|---------|
-| Technology choices | Bug fixes |
-| Architecture patterns | Implementation details |
-| Breaking changes | Temporary workarounds |
-| API design decisions | Style preferences |
-| Security policies | Config tweaks |
-| Data model changes | Dependency updates (minor) |
+| Include               | Exclude                    |
+| --------------------- | -------------------------- |
+| Technology choices    | Bug fixes                  |
+| Architecture patterns | Implementation details     |
+| Breaking changes      | Temporary workarounds      |
+| API design decisions  | Style preferences          |
+| Security policies     | Config tweaks              |
+| Data model changes    | Dependency updates (minor) |
 
 ## Note
 
-After this command, manually run `/clear` to start fresh.
+After this command, manually run `/clear` to start fresh.

package/package.json

@@ -123,7 +123,7 @@
     "validate-commit": "bun run packages/secureai-cli/src/cli.ts validate-commit"
   },
   "type": "module",
-  "version": "0.1.13",
+  "version": "0.2.1",
   "workspaces": [
     "packages/*"
   ]