@northbridge-security/secureai 0.1.13

package/.claude/commands/fmea.md

@@ -0,0 +1,275 @@
+---
+description: Generate FMEA report for workflow failures or tool issues
+argument-hint: [failure description]
+allowed-tools:
+  - Read
+  - Write
+  - Grep
+  - Glob
+  - AskUserQuestion
+plan-mode: false
+---
+
+# FMEA Report: $ARGUMENTS
+
+Generate a Failure Mode and Effects Analysis report for workflow deviations, tool failures, or skill execution issues.
+
+## Context
+
+The user has identified a problem with:
+
+- An AI agent missing steps in a workflow
+- A CLI tool, MCP server, or slash command failing
+- A deviation from expected behavior
+
+Your job: Analyze the conversation history and generate a structured FMEA report at `.tmp/fmea.md`.
+
+## Information Gathering
+
+### Step 1: Get Repository Context
+
+```bash
+git remote get-url origin | sed 's/.*[:/]\([^/]*\/[^/]*\)\.git/\1/'
+git branch --show-current
+```
+
+Use these to populate the frontmatter `repository` and `branch` fields.
+
+### Step 2: Identify the Failure
+
+From conversation history, determine:
+
+1. **What tool/workflow failed?** (CLI, MCP, slash command, agent behavior)
+2. **What was the expected behavior?**
+3. **What actually happened?**
+4. **At what point did the deviation occur?**
+
+### Step 3: Clarify if Needed
+
+If the failure is unclear from context, ask the user:
+
+```
+I see there was an issue with [tool/workflow]. To create an accurate FMEA report, I need to understand:
+
+1. What were you trying to accomplish?
+2. What step or command failed or was skipped?
+3. What did you observe that indicated something was wrong?
+```
+
+Use AskUserQuestion for quick clarification if context is ambiguous.
+
+## FMEA Report Structure
+
+Create `.tmp/fmea.md` with the following structure:
+
+````markdown
+---
+title: [Brief Title]
+date: [ISO date]
+context: [Tool/workflow that failed]
+repository: [owner/repo from git remote]
+branch: [current branch name]
+reporter: User via /fmea command
+---
+
+# FMEA Report: [Brief Title]
+
+## 1. Failure Description
+
+### What Happened
+
+[Chronological sequence of events, including:]
+
+- Commands run and their outputs
+- Decisions made by the agent
+- Points where deviation occurred
+
+### Expected Behavior
+
+[What should have happened according to documentation/workflow]
+
+### Commands Skipped or Misused
+
+| Command   | Purpose          | What Happened          |
+| --------- | ---------------- | ---------------------- |
+| `command` | Expected purpose | Skipped/failed/misused |
+
+---
+
+## 2. Effects Analysis
+
+### Severity Assessment
+
+| Area   | Effect                       | Severity (1-10) |
+| ------ | ---------------------------- | --------------- |
+| [area] | [what broke or was impacted] | [score]         |
+
+**Severity Scale:**
+
+- 1-3: Minor inconvenience, easily recoverable
+- 4-6: Moderate impact, requires manual intervention
+- 7-9: Significant impact, data loss or major rework
+- 10: Critical failure, security risk or unrecoverable
+
+### Downstream Impact
+
+- [What this failure affects going forward]
+- [What state is now inconsistent]
+- [What user expectations were violated]
+
+---
+
+## 3. Root Cause Analysis
+
+### Contributing Factors
+
+| Factor                     | Description     | Likelihood (1-10) |
+| -------------------------- | --------------- | ----------------- |
+| **Ambiguous instructions** | [if applicable] |                   |
+| **Missing enforcement**    | [if applicable] |                   |
+| **Tool error**             | [if applicable] |                   |
+| **Context loss**           | [if applicable] |                   |
+
+### Detection Difficulty
+
+How easy is it to detect this failure before impact?
+
+| Detection Method | Effectiveness (1-10) |
+| ---------------- | -------------------- |
+| [method]         | [score]              |
+
+**Detection Scale:**
+
+- 1-3: Obvious failure, immediate feedback
+- 4-6: Requires checking output or state
+- 7-9: Subtle, only noticed by downstream effects
+- 10: Undetectable until major impact
+
+---
+
+## 4. Risk Priority Number (RPN)
+
+| Metric     | Score     | Rationale                         |
+| ---------- | --------- | --------------------------------- |
+| Severity   | /10       |                                   |
+| Occurrence | /10       | How likely to happen again        |
+| Detection  | /10       | How hard to detect                |
+| **RPN**    | **/1000** | Severity × Occurrence × Detection |
+
+**RPN Interpretation:**
+
+- < 100: Low priority, monitor
+- 100-300: Medium priority, improve when convenient
+- 300-500: High priority, address soon
+- > 500: Critical, address immediately
+
+---
+
+## 5. Recommended Actions
+
+### Immediate Recovery
+
+[Steps to recover from this specific failure]
+
+1. [action]
+2. [action]
+
+### Preventive Improvements
+
+#### For Documentation/Skills
+
+```markdown
+[Specific text to add or change in the skill/documentation]
+```
+````
+
+#### For Tooling
+
+[Changes to CLI, MCP, or other tools that would prevent this]
+
+#### For Workflow
+
+[Process changes that would catch this earlier]
+
+### Verification
+
+After implementing fixes, verify by:
+
+- [ ] [Test case or scenario to validate]
+- [ ] [Another verification step]
+
+---
+
+## Summary
+
+| Question            | Answer |
+| ------------------- | ------ |
+| What failed?        |        |
+| Impact severity?    | /10    |
+| Root cause?         |        |
+| RPN score?          | /1000  |
+| Top recommendation? |        |
+
+```
+
+## Report Guidelines
+
+### Be Specific
+
+- Quote actual commands and outputs
+- Reference specific line numbers in documentation
+- Include timestamps if relevant
+
+### Be Constructive
+
+- Focus on systemic improvements, not blame
+- Propose concrete changes with examples
+- Consider multiple contributing factors
+
+### Be Actionable
+
+- Recommendations should be implementable
+- Include verification steps
+- Prioritize by RPN score
+
+## After Creating Report
+
+1. Write the report to `.tmp/fmea.md`
+2. Summarize key findings for the user:
+
+```
+
+FMEA Report created at .tmp/fmea.md
+
+Summary:
+
+- Failure: [brief description]
+- RPN Score: [X]/1000 ([priority level])
+- Top recommendation: [most impactful fix]
+
+Would you like me to implement any of the recommended improvements?
+
+```
+
+## Common Failure Patterns
+
+### Workflow Deviation
+- Agent skipped required CLI commands
+- Used manual approach instead of automated tool
+- Didn't verify state before proceeding
+
+### Tool Failure
+- CLI command returned error
+- MCP server not responding
+- Permission denied
+
+### Context Loss
+- Agent forgot earlier instructions
+- Didn't read relevant documentation
+- Missed skill instructions
+
+### Ambiguous Instructions
+- Multiple valid interpretations
+- Missing negative instructions (what NOT to do)
+- Unclear gate requirements
+```

package/.claude/commands/kaizen.md

@@ -0,0 +1,312 @@
+---
+description: Review FMEA report and implement continuous improvements
+argument-hint: [--apply | --plan]
+allowed-tools:
+  - Bash
+  - Read
+  - Write
+  - Edit
+  - Glob
+  - Grep
+  - AskUserQuestion
+  - Skill
+plan-mode: false
+---
+
+# Kaizen: Continuous Improvement from FMEA
+
+Review the FMEA report at `.tmp/fmea.md` and implement improvements through incremental fixes or structured planning.
+
+## Prerequisites
+
+This command requires an FMEA report at `.tmp/fmea.md`. If missing:
+
+```
+No FMEA report found at .tmp/fmea.md
+
+Run /fmea first to document the failure, then return here to implement fixes.
+```
+
+## Phase 1: Review FMEA Report
+
+### 1.1 Load Report
+
+```bash
+cat .tmp/fmea.md
+```
+
+Parse the YAML frontmatter and extract:
+
+- `title`: What failed
+- `context`: Tool/workflow affected
+- `repository` and `branch`: Where to apply fixes
+
+### 1.2 Extract Recommendations
+
+From section "5. Recommended Actions", identify:
+
+| Priority | Action        | Complexity         |
+| -------- | ------------- | ------------------ |
+| HIGH     | [from report] | Small/Medium/Large |
+| MEDIUM   | [from report] | Small/Medium/Large |
+| LOW      | [from report] | Small/Medium/Large |
+
+### 1.3 Assess RPN Score
+
+From section "4. Risk Priority Number":
+
+- **RPN < 100**: Low priority - improvements optional
+- **RPN 100-300**: Medium priority - address when convenient
+- **RPN 300-500**: High priority - address soon
+- **RPN > 500**: Critical - address immediately
+
+## Phase 2: Propose Technical Solutions
+
+For each recommended action, propose a concrete technical solution:
+
+````markdown
+## Proposed Fixes
+
+### Fix 1: [Action from FMEA]
+
+**Priority:** HIGH | **Complexity:** Small
+
+**Files to modify:**
+
+- `path/to/file.md` - Add gate requirements
+
+**Changes:**
+
+```diff
++ ### CRITICAL: Do Not Proceed Without These Steps
++
++ **STOP** - You MUST run these commands...
+```
+````
+
+**Estimated scope:** 1 file, ~20 lines
+
+```
+
+### Complexity Assessment
+
+| Complexity | Criteria | Approach |
+|------------|----------|----------|
+| **Small** | Single file, <50 lines, no tests needed | Direct edit |
+| **Medium** | 2-3 files, <200 lines, may need tests | Direct edit with verification |
+| **Large** | 4+ files, >200 lines, requires tests | Use `/planner` workflow |
+
+## Phase 3: User Review
+
+Present the proposed fixes and ask the user:
+
+```
+
+Based on the FMEA report (RPN: [score]/1000), I've identified [N] improvements:
+
+1. [HIGH] Add gate requirements to /planner skill
+   Complexity: Small (1 file, ~30 lines)
+
+2. [HIGH] Add negative instructions section
+   Complexity: Small (1 file, ~15 lines)
+
+3. [MEDIUM] Add state verification steps
+   Complexity: Medium (1 file, ~25 lines)
+
+How would you like to proceed?
+
+```
+
+Use AskUserQuestion:
+
+```
+
+question: "Which improvements should I implement?"
+options:
+
+- "All fixes now" - Implement all in order of priority
+- "HIGH priority only" - Only critical fixes
+- "Review each fix" - Step through one at a time
+- "Create plan first" - Use /planner for structured approach
+
+````
+
+## Phase 4: Implementation
+
+### 4.1 Small/Medium Fixes (Direct Edit)
+
+For each approved fix:
+
+1. Read the target file
+2. Apply the change using Edit tool
+3. Verify the change
+4. Report completion
+
+```markdown
+### Fix Applied: [Title]
+
+**File:** `path/to/file.md`
+**Lines changed:** 25-47
+**Status:** Complete
+
+Next fix: [Title] or "All fixes complete"
+````
+
+### 4.2 Large Fixes (Use Planner)
+
+If any fix is Large complexity OR total changes exceed 200 lines:
+
+```
+This improvement requires significant changes across multiple files.
+Switching to /planner workflow for structured implementation.
+```
+
+Invoke the planner skill:
+
+```
+/planner .tmp/kaizen-prd.md
+```
+
+Before invoking, create `.tmp/kaizen-prd.md`:
+
+```markdown
+---
+version: 0.1.0
+status: draft
+created: [ISO timestamp]
+ticket: KAIZEN-[date]
+source: FMEA report
+---
+
+# Kaizen Improvement: [Title from FMEA]
+
+## Problem Statement
+
+[From FMEA section 1: Failure Description]
+
+## Root Cause
+
+[From FMEA section 3: Root Cause Analysis]
+
+## Proposed Solution
+
+[From Phase 2 technical solutions]
+
+## Acceptance Criteria
+
+- [ ] [Verification item from FMEA]
+- [ ] [Another verification item]
+- [ ] RPN score reduced after implementation
+
+## Test Strategy
+
+Verify by:
+
+1. [Test case from FMEA recommendations]
+2. Manual testing of affected workflow
+```
+
+## Phase 5: Verification
+
+After all fixes are applied:
+
+### 5.1 Run Verification Steps
+
+Execute any verification commands from the FMEA report:
+
+```bash
+# Example: Test the fixed workflow
+secureai plan status --json
+```
+
+### 5.2 Update FMEA Report
+
+Add a resolution section to `.tmp/fmea.md`:
+
+```markdown
+---
+
+## 6. Resolution
+
+**Date:** [ISO date]
+**Applied by:** /kaizen command
+
+### Fixes Implemented
+
+| Fix                       | Status   | Commit |
+| ------------------------- | -------- | ------ |
+| Add gate requirements     | Complete | [sha]  |
+| Add negative instructions | Complete | [sha]  |
+
+### Post-Fix RPN Assessment
+
+| Metric     | Before  | After  | Rationale                                    |
+| ---------- | ------- | ------ | -------------------------------------------- |
+| Severity   | 6/10    | 6/10   | Unchanged - failure impact same if it occurs |
+| Occurrence | 8/10    | 3/10   | Reduced - explicit gates prevent deviation   |
+| Detection  | 6/10    | 2/10   | Reduced - state verification catches early   |
+| **RPN**    | **288** | **36** | 87% reduction                                |
+
+### Verification Results
+
+- [x] Ran /planner on test branch - followed correct workflow
+- [x] TodoWrite not used during planning phase
+- [x] secureai plan status shows correct state
+```
+
+### 5.3 Summary
+
+```
+Kaizen Complete
+
+FMEA: [Title]
+Fixes applied: [N]
+RPN reduction: [before] → [after] ([%] improvement)
+
+Files modified:
+- path/to/file1.md
+- path/to/file2.md
+
+Commit ready. Run `git status` to review changes.
+```
+
+## Error Handling
+
+### No FMEA Report
+
+```
+No FMEA report found at .tmp/fmea.md
+
+To create one:
+1. Run /fmea to document the failure
+2. Return here with /kaizen to implement fixes
+```
+
+### User Declines All Fixes
+
+```
+No fixes selected. The FMEA report remains at .tmp/fmea.md for future reference.
+
+You can return later with /kaizen to implement improvements.
+```
+
+### Fix Fails to Apply
+
+```
+Failed to apply fix: [Title]
+
+Error: [details]
+
+Options:
+1. Skip this fix and continue
+2. Manually review and fix
+3. Abort kaizen process
+```
+
+## Quick Reference
+
+| Argument  | Effect                                          |
+| --------- | ----------------------------------------------- |
+| (none)    | Interactive mode - review and select fixes      |
+| `--apply` | Apply all HIGH priority fixes without prompting |
+| `--plan`  | Create PRD and use /planner for all fixes       |