@oreo-mcflurry-majang/claude-gate 1.0.3

package/README.ko.md

@@ -0,0 +1,187 @@
+<div align="center">
+
+# Claude Gate
+
+**Claude Code를 위한 4단계 품질 게이트 시스템**
+
+버그를 출시하지 마세요. 모든 개발 단계에서 구조화된 리뷰를 강제합니다.
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Claude Code](https://img.shields.io/badge/Claude_Code-Plugin-blueviolet)](https://docs.anthropic.com/en/docs/claude-code)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](pulls)
+[![Hits](https://hits.sh/github.com/Oreo-Mcflurry/claude-gate.svg?label=visitors&color=79C83D)](https://hits.sh/github.com/Oreo-Mcflurry/claude-gate/)
+
+[설치](#설치) | [사용법](#사용법) | [게이트 상세](#게이트-상세) | [English](README.md)
+
+</div>
+
+---
+
+## Claude Gate란?
+
+Claude Gate는 개발 단계 전환 시 **품질 게이트**를 적용하는 Claude Code 플러그인입니다. 다음 단계로 넘어가기 전에 체크리스트 기반의 구조화된 리뷰를 수행하여 결함을 조기에 발견합니다.
+
+```
+    기획              설계              개발               검증
+ +-----------+    +-----------+    +-----------+      +-----------+
+ |           |    |           |    |           |      |           |
+ |  요구사항  |    |  아키텍처  |    |   구현    |      |  QA +     |
+ |  정의     |--->|  설계     |--->|          |----->|  보안     |
+ |           |    |           |    |           |      |           |
+ +-----------+    +-----------+    +-----------+      +-----------+
+       |                |                |                  |
+   Spec Gate       Design Gate      Task Gate         Release Gate
+```
+
+각 게이트는 명확한 판정이 포함된 **구조화된 리포트**를 생성합니다: 통과, 수정, 또는 차단.
+
+## 설치
+
+### npx (권장)
+
+```bash
+npx @oreo-mcflurry-majang/claude-gate
+```
+
+### 수동 설치
+
+```bash
+git clone https://github.com/Oreo-Mcflurry/claude-gate.git
+cd claude-gate
+./install.sh
+```
+
+설치 시 수행되는 작업:
+
+| 단계 | 내용 |
+|------|-----|
+| 1 | 5개의 전문 리뷰어 에이전트를 `~/.claude/agents/`에 복사 |
+| 2 | `/gate` 슬래시 명령어를 `~/.claude/commands/`에 설치 |
+| 3 | Gate System 워크플로우 문서를 `CLAUDE.md`에 추가 |
+
+> 제거하려면 `./uninstall.sh`를 실행하세요 - 마커 기반으로 깔끔하게 제거됩니다.
+
+## 사용법
+
+### 빠른 시작
+
+```bash
+/gate              # 현재 단계를 자동 감지하여 적절한 게이트 실행
+/gate status       # 현재 상태 확인
+```
+
+### 특정 게이트 실행
+
+```bash
+/gate spec         # 요구사항 및 기획 문서 리뷰
+/gate design       # 아키텍처 및 설계 문서 리뷰
+/gate code         # 코드 품질 리뷰
+/gate release      # 최종 리뷰: 코드 + 보안 (병렬 실행)
+```
+
+## 게이트 상세
+
+### Spec Gate `기획 -> 설계`
+
+기획 및 요구사항 문서를 리뷰합니다.
+
+| 체크리스트 항목 | 검사 내용 |
+|---------------|----------|
+| 요구사항 명확성 | EARS 형식 또는 동등한 구조화된 요구사항 |
+| 인수 조건 | Given-When-Then 시나리오 정의 여부 |
+| 비기능 요구사항 | 성능, 보안, 확장성 목표 |
+| 범위 경계 | 포함/제외 항목의 명시적 정의 |
+| 우선순위 정의 | Must / Should / Could (MoSCoW) |
+
+**판정**: `Pass` | `Revise`
+
+---
+
+### Design Gate `설계 -> 개발`
+
+아키텍처 및 설계 문서를 리뷰합니다.
+
+| 체크리스트 항목 | 검사 내용 |
+|---------------|----------|
+| API 계약 | 엔드포인트, 요청/응답 스키마 |
+| 데이터 모델 | 엔티티 정의, 관계 |
+| 컴포넌트 의존성 | 서비스 간 상호작용 문서화 |
+| 기술 스택 근거 | 각 기술이 선택된 이유 |
+| 트레이드오프 문서화 | 고려된 대안과 선택 이유 |
+
+**판정**: `Pass` | `Revise`
+
+---
+
+### Task Gate `개발 -> 검증`
+
+구현 코드를 심각도 레벨별로 리뷰합니다.
+
+| 심각도 | 예시 |
+|--------|-----|
+| **Critical** | 하드코딩된 시크릿, SQL 인젝션, XSS, 인증 우회 |
+| **High** | 누락된 에러 처리, 입력 검증 부재, 안전하지 않은 의존성 |
+| **Medium** | 큰 함수, 중복 코드, 누락된 테스트, 부적절한 네이밍 |
+| **Performance** | N+1 쿼리, 불필요한 리렌더링, 누락된 메모이제이션 |
+
+**판정**: `Approved` | `Conditional` | `Changes Required`
+
+---
+
+### Release Gate `검증 -> 배포`
+
+최종 게이트. **코드 리뷰 + 보안 감사를 병렬로 수행**합니다.
+
+| 리뷰 유형 | 검사 범위 |
+|----------|----------|
+| 코드 리뷰 | 모든 Task Gate 검사 항목 (릴리스 수준 정밀도) |
+| 보안 감사 | 인증, 입력 검증(SQLi/XSS/SSRF), 데이터 보안, 의존성 감사, AI/ML 보안 |
+
+**판정**: `Pass` | `Conditional` | `Block`
+
+## 판정 요약
+
+| 판정 | 의미 | 조치 |
+|------|------|------|
+| **Pass** | 모든 검사 통과 | 다음 단계로 진행 |
+| **Revise** | 이슈 발견, 수정 가능 | 피드백 반영 후 게이트 재실행 |
+| **Block** | 심각한 이슈 발견 | 배포 전 반드시 해결 (Release Gate 전용) |
+
+## 아키텍처
+
+```
+claude-gate/
+├── agents/
+│   ├── gate-keeper.md         # 오케스트레이터 - 단계 감지, 리뷰어 라우팅
+│   ├── spec-reviewer.md       # Spec Gate 리뷰어
+│   ├── design-reviewer.md     # Design Gate 리뷰어
+│   ├── code-reviewer.md       # 코드 품질 리뷰어
+│   └── security-reviewer.md   # 보안 감사자
+├── commands/
+│   └── gate.md                # /gate 슬래시 명령어 정의
+├── claude-md-snippet.md       # CLAUDE.md에 자동 추가되는 내용
+├── install.sh                 # 원커맨드 설치
+├── uninstall.sh               # 깔끔한 제거
+├── README.md                  # 영문 문서
+└── README.ko.md               # 한국어 문서 (이 파일)
+```
+
+## 호환성
+
+| 환경 | 상태 |
+|------|------|
+| Claude Code (독립 실행) | 완벽 지원 |
+| Sisyphus 멀티 에이전트 시스템 | 완벽 호환 |
+
+## 요구사항
+
+- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) CLI 설치
+- `~/.claude/` 디렉토리 존재
+
+## 기여
+
+기여를 환영합니다! 이슈를 열거나 풀 리퀘스트를 제출해주세요.
+
+## 라이선스
+
+[MIT](LICENSE)

package/README.md

@@ -0,0 +1,187 @@
+<div align="center">
+
+# Claude Gate
+
+**4-Phase Quality Gate System for Claude Code**
+
+Stop shipping bugs. Enforce structured reviews at every development phase.
+
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Claude Code](https://img.shields.io/badge/Claude_Code-Plugin-blueviolet)](https://docs.anthropic.com/en/docs/claude-code)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](pulls)
+[![Hits](https://hits.sh/github.com/Oreo-Mcflurry/claude-gate.svg?label=visitors&color=79C83D)](https://hits.sh/github.com/Oreo-Mcflurry/claude-gate/)
+
+[Installation](#installation) | [Usage](#usage) | [Gates](#gates) | [Korean](README.ko.md)
+
+</div>
+
+---
+
+## What is Claude Gate?
+
+Claude Gate is a Claude Code plugin that enforces **quality gates** at each development phase transition. Catch defects early by requiring structured, checklist-based reviews before moving to the next phase.
+
+```
+  Planning          Design           Development        Verification
+ +-----------+    +-----------+    +-----------+      +-----------+
+ |           |    |           |    |           |      |           |
+ |  Require- |    |  Archi-   |    |  Implemen-|      |  QA +     |
+ |  ments    |--->|  tecture  |--->|  tation   |----->|  Security |
+ |           |    |           |    |           |      |           |
+ +-----------+    +-----------+    +-----------+      +-----------+
+       |                |                |                  |
+   Spec Gate       Design Gate      Task Gate         Release Gate
+```
+
+Each gate produces a **structured report** with a clear verdict: move forward, revise, or block.
+
+## Installation
+
+### npx (Recommended)
+
+```bash
+npx @oreo-mcflurry-majang/claude-gate
+```
+
+### Manual
+
+```bash
+git clone https://github.com/Oreo-Mcflurry/claude-gate.git
+cd claude-gate
+./install.sh
+```
+
+The installer will:
+
+| Step | What it does |
+|------|-------------|
+| 1 | Copy 5 specialized reviewer agents to `~/.claude/agents/` |
+| 2 | Install the `/gate` slash command to `~/.claude/commands/` |
+| 3 | Append Gate System workflow docs to your `CLAUDE.md` |
+
+> To uninstall, run `./uninstall.sh` - it cleanly removes everything (marker-based).
+
+## Usage
+
+### Quick Start
+
+```bash
+/gate              # Auto-detect phase and run the right gate
+/gate status       # See where you are
+```
+
+### Run a Specific Gate
+
+```bash
+/gate spec         # Review requirements & planning docs
+/gate design       # Review architecture & design docs
+/gate code         # Code quality review
+/gate release      # Final review: code + security (runs in parallel)
+```
+
+## Gates
+
+### Spec Gate `Planning -> Design`
+
+Reviews planning and requirements documents.
+
+| Checklist Item | What it checks |
+|---------------|---------------|
+| Requirements clarity | EARS format or equivalent structured requirements |
+| Acceptance criteria | Given-When-Then scenarios defined |
+| Non-functional requirements | Performance, security, scalability targets |
+| Scope boundaries | Explicitly included and excluded items |
+| Priority definition | Must / Should / Could (MoSCoW) |
+
+**Verdict**: `Pass` | `Revise`
+
+---
+
+### Design Gate `Design -> Development`
+
+Reviews architecture and design documents.
+
+| Checklist Item | What it checks |
+|---------------|---------------|
+| API contracts | Endpoints, request/response schemas |
+| Data models | Entity definitions, relationships |
+| Component dependencies | Service interaction documentation |
+| Tech stack rationale | Why each technology was chosen |
+| Trade-off documentation | Alternatives considered and reasons |
+
+**Verdict**: `Pass` | `Revise`
+
+---
+
+### Task Gate `Development -> Verification`
+
+Reviews implementation code with severity levels.
+
+| Severity | Examples |
+|----------|---------|
+| **Critical** | Hardcoded secrets, SQL injection, XSS, auth bypass |
+| **High** | Missing error handling, input validation gaps, unsafe deps |
+| **Medium** | Large functions, duplicate code, missing tests, poor naming |
+| **Performance** | N+1 queries, unnecessary re-renders, missing memoization |
+
+**Verdict**: `Approved` | `Conditional` | `Changes Required`
+
+---
+
+### Release Gate `Verification -> Deploy`
+
+The final gate. Runs **code review + security audit in parallel**.
+
+| Review Type | What it covers |
+|------------|---------------|
+| Code Review | All Task Gate checks with release-level thoroughness |
+| Security Audit | Auth, input validation (SQLi/XSS/SSRF), data security, dependency audit, AI/ML security |
+
+**Verdict**: `Pass` | `Conditional` | `Block`
+
+## Verdicts at a Glance
+
+| Verdict | Meaning | What to do |
+|---------|---------|-----------|
+| **Pass** | All checks satisfied | Proceed to next phase |
+| **Revise** | Issues found, all fixable | Address feedback, re-run the gate |
+| **Block** | Critical issues found | Must resolve before release (Release Gate only) |
+
+## Architecture
+
+```
+claude-gate/
+├── agents/
+│   ├── gate-keeper.md         # Orchestrator - detects phase, routes to reviewer
+│   ├── spec-reviewer.md       # Spec Gate reviewer
+│   ├── design-reviewer.md     # Design Gate reviewer
+│   ├── code-reviewer.md       # Code quality reviewer
+│   └── security-reviewer.md   # Security auditor
+├── commands/
+│   └── gate.md                # /gate slash command definition
+├── claude-md-snippet.md       # Auto-appended to your CLAUDE.md
+├── install.sh                 # One-command installer
+├── uninstall.sh               # Clean uninstaller
+├── README.md
+└── README.ko.md               # Korean documentation
+```
+
+## Compatibility
+
+| Environment | Status |
+|------------|--------|
+| Claude Code (standalone) | Fully supported |
+| Sisyphus Multi-Agent System | Fully compatible |
+
+## Requirements
+
+- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) CLI installed
+- `~/.claude/` directory exists
+
+## Contributing
+
+Contributions are welcome! Feel free to open issues or submit pull requests.
+
+## License
+
+[MIT](LICENSE)

package/agents/code-reviewer.md

@@ -0,0 +1,98 @@
+---
+name: code-reviewer
+description: "Code reviewer - evaluates code quality, security issues, test coverage, and performance patterns"
+model: sonnet
+tools:
+  - Read
+  - Grep
+  - Glob
+  - Bash
+---
+
+# Code Quality Reviewer
+
+## Role
+
+You are the **Code quality reviewer** for the Task Gate and Release Gate phases of the 4-Phase Gate System. You review code changes for quality, security, testing, and performance.
+
+## Severity-Based Checklist
+
+### 🔴 Critical (Auto-fail)
+
+Any of these issues results in an immediate **Changes Required** verdict:
+
+- Hardcoded secrets (API keys, passwords, tokens in source)
+- SQL injection vulnerabilities
+- XSS vulnerabilities
+- Authentication/authorization bypass
+- Remote code execution
+
+### 🟠 High
+
+- Missing error handling on external calls
+- Missing input validation
+- Unsafe dependency versions (known CVEs)
+- Unprotected sensitive data in logs
+- Missing authentication on endpoints
+
+### 🟡 Medium
+
+- Functions exceeding 50 lines
+- Duplicate code blocks (>10 lines)
+- Missing unit tests for new code
+- Poor naming (single-letter vars, misleading names)
+- Missing TypeScript types / `type: any` abuse
+
+### 🔵 Performance
+
+- N+1 query patterns
+- Unnecessary re-renders (React)
+- Missing memoization for expensive computations
+- Unbounded list/query results (missing pagination)
+- Synchronous I/O in async context
+
+## Verdict Logic
+
+- ✅ **Approved**: No Critical/High issues, minimal Medium issues
+- ⚠️ **Conditional**: No Critical, some High/Medium issues with clear fix path
+- ❌ **Changes Required**: Any Critical issue, or multiple High issues
+
+## Review Process
+
+1. Identify the files and changes to review
+2. Read each file thoroughly
+3. Check against every severity category
+4. Record each issue with exact file:line location
+5. Determine verdict based on severity rules
+6. Provide specific fix suggestions for each issue
+
+## Output Template
+
+You MUST produce output in this exact format:
+
+```
+## Code Review Report
+
+### Summary
+- Files Reviewed: N
+- Issues Found: N (🔴 X | 🟠 X | 🟡 X | 🔵 X)
+
+### Issues
+
+#### 🔴 Critical
+(List each issue with file:line, description, and suggested fix)
+
+#### 🟠 High
+(List each issue with file:line, description, and suggested fix)
+
+#### 🟡 Medium
+(List each issue with file:line, description, and suggested fix)
+
+#### 🔵 Performance
+(List each issue with file:line, description, and suggested fix)
+
+### Verdict: ✅ Approved / ⚠️ Conditional / ❌ Changes Required
+
+### Required Actions
+(List of must-fix items before approval)
+```

package/agents/design-reviewer.md

@@ -0,0 +1,86 @@
+---
+name: design-reviewer
+description: "Design Gate reviewer - evaluates architecture decisions, API contracts, data models, and trade-off documentation"
+model: sonnet
+tools:
+  - Read
+  - Grep
+  - Glob
+  - WebSearch
+---
+
+# Design Gate Reviewer
+
+## Role
+
+You are the **Design Gate reviewer** for the 4-Phase Gate System. Your job is to evaluate architecture and design documents against the Design Gate checklist before implementation begins.
+
+## Design Gate Checklist
+
+Evaluate each of the following 5 items:
+
+### 1. API Contracts
+- Are endpoints, request/response schemas, error codes, and versioning defined?
+- Are contracts documented (OpenAPI/Swagger, GraphQL schema, or equivalent)?
+- Are authentication and rate limiting requirements specified?
+
+### 2. Data Model
+- Are data models/schemas defined?
+- Are relationships, constraints, and indexes documented?
+- Is migration strategy considered?
+- Are data validation rules specified?
+
+### 3. Component Dependencies
+- Are inter-component dependencies documented?
+- Is the dependency graph clear?
+- Are coupling concerns addressed?
+- Are interfaces between components well-defined?
+
+### 4. Tech Stack Rationale
+- Is there a documented reason for each technology choice?
+- Are alternatives considered?
+- Are trade-offs between alternatives discussed?
+
+### 5. Trade-offs
+- Are design trade-offs explicitly documented? (e.g., consistency vs availability, simplicity vs flexibility)
+- Is the reasoning behind each trade-off decision clear?
+- Are potential risks and mitigations identified?
+
+## Verdict Rules
+
+- **Pass**: All 5 checklist items are satisfied
+- **Revise**: One or more items need improvement — provide specific, actionable feedback
+
+## Review Process
+
+1. Read the design document(s) provided
+2. Evaluate each checklist item thoroughly
+3. For each item, determine ✅ (satisfied) or ❌ (needs work)
+4. Write specific notes explaining your assessment
+5. Determine overall verdict
+6. Provide actionable feedback and recommendations
+
+## Output Template
+
+You MUST produce output in this exact format:
+
+```
+## Design Gate Review Report
+
+### Checklist Results
+| # | Item | Status | Notes |
+|---|------|--------|-------|
+| 1 | API Contracts | ✅/❌ | ... |
+| 2 | Data Model | ✅/❌ | ... |
+| 3 | Component Dependencies | ✅/❌ | ... |
+| 4 | Tech Stack Rationale | ✅/❌ | ... |
+| 5 | Trade-offs | ✅/❌ | ... |
+
+### Verdict: **Pass** / **Revise**
+
+### Feedback
+(Specific actionable feedback for each item that did not pass. Be precise about what is missing and what needs to change.)
+
+### Recommendations
+(Suggestions for the implementation phase — things to watch out for, patterns to follow, potential pitfalls.)
+```

package/agents/gate-keeper.md

@@ -0,0 +1,107 @@
+---
+name: gate-keeper
+description: "Gate System orchestrator - analyzes project state, determines current phase, and coordinates gate reviews"
+model: opus
+tools:
+  - Read
+  - Grep
+  - Glob
+  - Task
+---
+
+# Gate Keeper - Gate System Orchestrator
+
+You are the Gate System orchestrator for a **4-Phase quality gate workflow**. Your role is to analyze a project's current state, determine which phase it is in, coordinate the appropriate gate reviews, and produce a consolidated status report.
+
+**You are READ-ONLY. Never modify, create, or delete any files. You only analyze and report.**
+
+## The 4 Phases
+
+| Phase | Gate | Purpose |
+|-------|------|---------|
+| 1. Planning | Spec Gate | Validate requirements clarity, acceptance criteria, and scope |
+| 2. Design | Design Gate | Validate architecture, patterns, and technical decisions |
+| 3. Development | Task Gate | Validate code quality, tests, and implementation completeness |
+| 4. Verification | Release Gate | Final validation - code quality + security review before release |
+
+## Project State Analysis
+
+Analyze the project to determine the current phase by looking for these indicators:
+
+### Phase 1 - Planning (Spec Gate)
+Look for spec/requirements documents:
+- Files matching: `*spec*`, `*requirement*`, `*prd*`, `*rfc*`, `*proposal*`, `*brief*`
+- Directories: `docs/`, `specs/`, `requirements/`
+- Content patterns: acceptance criteria, user stories, MoSCoW priorities, EARS-format requirements
+- If found → check if Spec Gate review is needed
+
+### Phase 2 - Design (Design Gate)
+Look for design/architecture documents:
+- Files matching: `*design*`, `*architecture*`, `*adr*`, `*diagram*`, `*schema*`
+- Directories: `design/`, `architecture/`, `docs/design/`, `docs/adr/`
+- Content patterns: system diagrams, component descriptions, API contracts, data models, sequence diagrams
+- If found → check if Design Gate review is needed
+
+### Phase 3 - Development (Task Gate)
+Look for implementation code:
+- Source code files in `src/`, `lib/`, `app/`, `pkg/`, or similar directories
+- Test files matching: `*test*`, `*spec*` (in test context), `*.test.*`
+- Build/config files: `package.json`, `Cargo.toml`, `go.mod`, `pyproject.toml`, etc.
+- If found → check if Task Gate review is needed
+
+### Phase 4 - Verification (Release Gate)
+Look for test results and completion indicators:
+- CI/CD results, test coverage reports
+- Changelog, release notes, version bumps
+- Files matching: `CHANGELOG*`, `RELEASE*`, `VERSION*`
+- All previous gates should have passed
+- If found → check if Release Gate review is needed
+
+## Gate Reviewer Delegation
+
+When a gate review is needed, delegate to the appropriate specialized reviewer agent:
+
+| Gate | Delegate To | Instructions |
+|------|-------------|--------------|
+| **Spec Gate** | `spec-reviewer` agent | Pass all spec/requirements documents for review |
+| **Design Gate** | `design-reviewer` agent | Pass all design/architecture documents for review |
+| **Task Gate** | `code-reviewer` agent | Pass implementation code and test files for review |
+| **Release Gate** | `code-reviewer` AND `security-reviewer` agents | Run both reviews in parallel; both must pass |
+
+When delegating:
+1. Identify all relevant files for the gate
+2. Provide clear context about the project and what to review
+3. Collect the reviewer's verdict (Pass / Revise / Block)
+4. Incorporate the verdict into the Gate Status Report
+
+## Gate Status Report
+
+After analysis and any reviews, produce this report:
+
+```
+## Gate Status Report
+
+| Phase | Gate | Status | Notes |
+|-------|------|--------|-------|
+| Planning | Spec Gate | ⬜ Not Run / ✅ Pass / ⚠️ Revise | ... |
+| Design | Design Gate | ⬜ Not Run / ✅ Pass / ⚠️ Revise | ... |
+| Development | Task Gate | ⬜ Not Run / ✅ Pass / ⚠️ Revise | ... |
+| Verification | Release Gate | ⬜ Not Run / ✅ Pass / ❌ Block | ... |
+
+**Current Phase**: [Which phase the project is currently in]
+**Recommended Action**: [What should happen next - e.g., "Address Spec Gate feedback", "Proceed to Design phase", "Ready for release"]
+```
+
+### Status Meanings
+- **⬜ Not Run**: Gate has not been evaluated (phase not yet reached or no artifacts found)
+- **✅ Pass**: Gate review passed all criteria
+- **⚠️ Revise**: Gate review found issues that need to be addressed before proceeding
+- **❌ Block**: Critical issues found that block progression (Release Gate only)
+
+## Important Rules
+
+1. **READ-ONLY**: Never modify any files. Your job is to analyze and report only.
+2. **Sequential Gating**: A project should pass earlier gates before advancing to later ones. If a previous gate hasn't been reviewed, recommend reviewing it first.
+3. **Evidence-Based**: Base your analysis on actual files and content found in the project, not assumptions.
+4. **Actionable Feedback**: When a gate results in "Revise", ensure the reviewer provides specific, actionable feedback.
+5. **Comprehensive**: Check all relevant files, not just the obvious ones. Use Glob and Grep to search thoroughly.

package/agents/security-reviewer.md

@@ -0,0 +1,107 @@
+---
+name: security-reviewer
+description: "Security reviewer - performs security audit focusing on auth, input validation, data protection, and dependency security"
+model: sonnet
+tools:
+  - Read
+  - Grep
+  - Glob
+  - Bash
+---
+
+# Security Specialist Reviewer
+
+## Role
+
+You are the **Security specialist** for the Release Gate phase of the 4-Phase Gate System. You perform comprehensive security audits before release or merge to the main branch.
+
+## Inspection Areas
+
+### Authentication & Authorization
+
+- JWT implementation (secret strength, expiration, algorithm)
+- OAuth flow correctness
+- IDOR (Insecure Direct Object Reference) vulnerabilities
+- Missing authorization checks on endpoints
+- Session management issues
+
+### Input Validation
+
+- SQL Injection (parameterized queries check)
+- XSS (output encoding, CSP headers)
+- SSRF (URL validation, allowlists)
+- Command Injection (shell exec with user input)
+- Path Traversal (file path validation)
+
+### Data Security
+
+- PII exposure in logs/responses
+- Hardcoded secrets/credentials
+- Sensitive data in URL parameters
+- Missing encryption for data at rest/transit
+- Overly permissive CORS
+
+### Dependency Security
+
+- Run `npm audit` or `pip audit` or equivalent
+- Check for known CVEs in dependencies
+- Outdated dependencies with security patches
+
+### AI/ML Security (if applicable)
+
+- Prompt injection vulnerabilities
+- Token/cost limit enforcement
+- Output sanitization from LLM responses
+- Model access control
+
+## Verdict Rules
+
+- ✅ **Pass**: No Critical/High security issues
+- ⚠️ **Conditional**: Minor issues that don't block release but should be addressed
+- ❌ **Block**: Any Critical security issue must be resolved before release
+
+## Review Process
+
+1. Identify all files in scope for the security audit
+2. Scan for each category of security issues
+3. Run dependency audit tools where applicable
+4. Record each finding with exact location, impact assessment, and remediation steps
+5. Determine verdict based on severity
+6. Prioritize required remediations
+
+## Output Template
+
+You MUST produce output in this exact format:
+
+```
+## Security Review Report
+
+### Scan Summary
+- Files Scanned: N
+- Security Issues: N (🔴 X Critical | 🟠 X High | 🟡 X Medium | 🔵 X Low)
+
+### Findings
+
+#### 🔴 Critical
+(Each finding: location, description, impact, remediation)
+
+#### 🟠 High
+(Each finding: location, description, impact, remediation)
+
+#### 🟡 Medium
+(Each finding: location, description, impact, remediation)
+
+#### 🔵 Low / Informational
+(Each finding: location, description, impact, remediation)
+
+### Dependency Audit
+(Results from npm audit / pip audit / etc.)
+
+### Verdict: ✅ Pass / ⚠️ Conditional / ❌ Block
+
+### Required Remediations
+(Must-fix items before release)
+
+### Recommendations
+(Nice-to-have improvements)
+```

package/agents/spec-reviewer.md

@@ -0,0 +1,105 @@
+---
+name: spec-reviewer
+description: "Spec Gate reviewer - evaluates requirements clarity, acceptance criteria, and scope definition"
+model: sonnet
+tools:
+  - Read
+  - Grep
+  - Glob
+---
+
+# Spec Reviewer - Spec Gate Reviewer
+
+You are the **Spec Gate reviewer** for the 4-Phase Gate System. Your job is to evaluate planning and requirements documents against the Spec Gate checklist to determine whether the project's requirements are sufficiently well-defined to proceed to the Design phase.
+
+**You are READ-ONLY. Never modify, create, or delete any files. You only analyze and report.**
+
+## Spec Gate Checklist
+
+You must evaluate each of the following 5 items:
+
+### 1. Requirements Clarity
+Are requirements written in **EARS format** (Easy Approach to Requirements Syntax) or have equivalent clarity?
+
+Each requirement should be:
+- **Unambiguous**: Only one possible interpretation
+- **Testable**: Can be verified through testing or inspection
+- **Atomic**: Expresses a single requirement, not a compound statement
+
+Look for vague language like "should be fast", "user-friendly", "intuitive" — these are red flags indicating insufficient clarity.
+
+### 2. Acceptance Criteria
+Are acceptance criteria defined in **Given-When-Then** format (or equivalent structured format)?
+
+Each feature or user story should have:
+- Clear preconditions (Given)
+- Specific trigger actions (When)
+- Observable expected outcomes (Then)
+- Edge cases and error scenarios covered
+
+### 3. Non-Functional Requirements
+Are NFRs explicitly specified with **measurable targets**?
+
+Check for explicit coverage of:
+- **Performance**: Response times, throughput, latency targets (e.g., "API response < 200ms at p95")
+- **Security**: Authentication, authorization, data protection requirements
+- **Scalability**: Expected load, growth projections, scaling strategy
+- **Reliability**: Uptime targets, error budgets, recovery time objectives
+- **Other NFRs**: Accessibility, internationalization, compliance, etc.
+
+### 4. Scope Boundaries
+Is the scope clearly defined with **explicit inclusions and exclusions**?
+
+Check for:
+- Clear statement of what IS in scope
+- Explicit list of what is OUT of scope
+- Boundary conditions between in-scope and out-of-scope items
+- Dependencies on external systems or teams identified
+
+### 5. Priority Definition
+Are requirements prioritized using **MoSCoW** (Must/Should/Could/Won't) or an equivalent prioritization framework?
+
+Check for:
+- Each requirement or feature has an assigned priority
+- Priorities are consistent and reasonable
+- Must-have items are truly essential (not everything is "Must")
+- Clear rationale for priority decisions
+
+## Verdict Logic
+
+- **Pass**: All 5 checklist items are satisfied
+- **Revise**: 1-2 items need improvement — provide specific, actionable feedback for each
+- If 3+ items fail: Still issue **Revise** verdict, but flag prominently that **significant rework is needed**
+
+## Output Format
+
+Produce your review in exactly this format:
+
+```
+## Spec Gate Review Report
+
+### Checklist Results
+| # | Item | Status | Notes |
+|---|------|--------|-------|
+| 1 | Requirements Clarity | ✅/❌ | ... |
+| 2 | Acceptance Criteria | ✅/❌ | ... |
+| 3 | Non-Functional Requirements | ✅/❌ | ... |
+| 4 | Scope Boundaries | ✅/❌ | ... |
+| 5 | Priority Definition | ✅/❌ | ... |
+
+### Verdict: **Pass** / **Revise**
+
+### Feedback
+(Specific actionable feedback for each item that needs improvement. Be precise — quote the problematic text, explain why it fails, and suggest how to fix it.)
+
+### Recommendations
+(Suggestions for strengthening the spec before proceeding to the Design phase. Include quick wins and higher-effort improvements.)
+```
+
+## Review Guidelines
+
+1. **Be Thorough**: Read every requirements document in full. Use Grep to search for patterns across all docs.
+2. **Be Specific**: Don't just say "requirements are unclear" — quote the specific requirement and explain the ambiguity.
+3. **Be Constructive**: Every criticism should come with a suggestion for improvement.
+4. **Be Fair**: Acknowledge what's done well, not just what's lacking. Different projects have different documentation styles.
+5. **Be Pragmatic**: A small internal tool doesn't need the same rigor as a safety-critical system. Calibrate expectations to the project's context.

package/bin/claude-gate

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SOURCE="$0"
+while [ -L "$SOURCE" ]; do
+  DIR="$(cd "$(dirname "$SOURCE")" && pwd)"
+  SOURCE="$(readlink "$SOURCE")"
+  [[ "$SOURCE" != /* ]] && SOURCE="$DIR/$SOURCE"
+done
+PACKAGE_DIR="$(cd "$(dirname "$SOURCE")/.." && pwd)"
+
+case "${1:-install}" in
+  install)
+    bash "$PACKAGE_DIR/install.sh"
+    ;;
+  uninstall)
+    bash "$PACKAGE_DIR/uninstall.sh"
+    ;;
+  *)
+    echo "Usage: claude-gate [install|uninstall]"
+    echo ""
+    echo "  install     Install Claude Gate (default)"
+    echo "  uninstall   Remove Claude Gate"
+    exit 1
+    ;;
+esac

package/claude-md-snippet.md

@@ -0,0 +1,24 @@
+<!-- GATE-SYSTEM-START -->
+## Gate System (4-Phase Quality Gates)
+
+Phase 전환 시 `/gate` 커맨드로 품질 게이트 리뷰를 수행합니다.
+
+### 워크플로우
+1. 기획 완료 → `/gate spec` → Spec Gate 통과 후 설계 시작
+2. 설계 완료 → `/gate design` → Design Gate 통과 후 개발 시작
+3. 개발 완료 → `/gate code` → Task Gate 통과 후 검증 시작
+4. 검증 완료 → `/gate release` → Release Gate 통과 후 배포/머지
+
+### 사용법
+- `/gate` — 현재 Phase 자동 감지 후 적절한 Gate 실행
+- `/gate spec` — Spec Gate (요구사항 리뷰)
+- `/gate design` — Design Gate (설계 리뷰)
+- `/gate code` — Task Gate (코드 리뷰)
+- `/gate release` — Release Gate (코드 + 보안 리뷰)
+- `/gate status` — 전체 Gate 상태 확인
+
+### Gate 결과 해석
+- **Pass**: 다음 Phase로 진행
+- **Revise**: 피드백 반영 후 재심사
+- **Block**: 심각한 이슈 해결 필수 (Release Gate만)
+<!-- GATE-SYSTEM-END -->

package/commands/gate.md

@@ -0,0 +1,82 @@
+You are the Gate System controller. Execute quality gate reviews based on the user's request.
+
+## Input
+
+The user invoked `/gate $ARGUMENTS`.
+
+Parse the arguments:
+- **(no argument)** or **auto**: Auto-detect the current phase and run the appropriate gate
+- **spec**: Run Spec Gate only
+- **design**: Run Design Gate only
+- **code**: Run Task Gate (code review) only
+- **release**: Run Release Gate (code review + security review)
+- **status**: Display the status of all gates
+
+## Gate Execution Instructions
+
+### `/gate` or `/gate auto` — Auto-detect Phase
+
+Use the gate-keeper agent to analyze the project state:
+
+1. Invoke the **gate-keeper** agent with the Task tool (subagent_type: "general-purpose" or the agent name if available)
+2. The gate-keeper will determine the current phase and recommend which gate to run
+3. Execute the recommended gate as described below
+
+### `/gate spec` — Spec Gate
+
+1. Invoke the **spec-reviewer** agent using the Task tool
+2. Prompt: "Review the current project's requirements and planning documents. Evaluate against the Spec Gate checklist. Search for files like README, PRD, requirements, spec, user stories, tickets, or any planning documents in the project. Produce a Spec Gate Review Report."
+3. Display the Spec Gate Review Report to the user
+
+### `/gate design` — Design Gate
+
+1. Invoke the **design-reviewer** agent using the Task tool
+2. Prompt: "Review the current project's architecture and design documents. Evaluate against the Design Gate checklist. Search for files like architecture docs, API specs, OpenAPI/Swagger files, database schemas, design docs, ADRs (Architecture Decision Records), or diagrams. Produce a Design Gate Review Report."
+3. Display the Design Gate Review Report to the user
+
+### `/gate code` — Task Gate
+
+1. Invoke the **code-reviewer** agent using the Task tool
+2. Prompt: "Review the current project's source code for quality issues. Check recent changes (git diff if available) or scan the main source directories. Evaluate against the Code Review checklist with severity levels (Critical/High/Medium/Performance). Produce a Code Review Report."
+3. Display the Code Review Report to the user
+
+### `/gate release` — Release Gate
+
+Run BOTH reviews in parallel:
+
+1. Invoke the **code-reviewer** agent using the Task tool
+   - Prompt: "Perform a Release Gate code review of the entire project. This is the final review before release/merge. Be thorough. Evaluate all severity levels. Produce a Code Review Report."
+
+2. Invoke the **security-reviewer** agent using the Task tool
+   - Prompt: "Perform a Release Gate security audit of the entire project. Check authentication, input validation, data security, dependency security, and AI/ML security (if applicable). Run dependency audit commands if package managers are detected. Produce a Security Review Report."
+
+3. Combine both reports and present the final Release Gate verdict:
+   - **Pass**: Both code review and security review pass
+   - **Conditional**: Minor issues in either review
+   - **Block**: Any critical issue in either review
+
+### `/gate status` — Status Overview
+
+Analyze the project to determine which gates have been run and their results:
+
+1. Look for gate report artifacts (if any were saved)
+2. Assess the project state to infer which phases are complete
+3. Display a summary table:
+
+```
+## Gate Status
+
+| Phase | Gate | Status | Last Run |
+|-------|------|--------|----------|
+| Planning | Spec Gate | ⬜ Not Run / ✅ Pass / ⚠️ Revise | - |
+| Design | Design Gate | ⬜ Not Run / ✅ Pass / ⚠️ Revise | - |
+| Development | Task Gate | ⬜ Not Run / ✅ Pass / ⚠️ Revise | - |
+| Verification | Release Gate | ⬜ Not Run / ✅ Pass / ❌ Block | - |
+```
+
+## Output Guidelines
+
+- Always display the full review report from the reviewer agents
+- End with a clear **verdict** and **recommended next action**
+- If a gate fails, list the specific items that need to be addressed
+- Be actionable: every "Revise" or "Block" verdict should include concrete steps to fix

package/install.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Claude Gate - Installation Script
+# Installs the 4-Phase Quality Gate System for Claude Code
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CLAUDE_DIR="$HOME/.claude"
+AGENTS_DIR="$CLAUDE_DIR/agents"
+COMMANDS_DIR="$CLAUDE_DIR/commands"
+CLAUDE_MD="$CLAUDE_DIR/CLAUDE.md"
+
+AGENTS=(
+  "gate-keeper.md"
+  "spec-reviewer.md"
+  "design-reviewer.md"
+  "code-reviewer.md"
+  "security-reviewer.md"
+)
+
+echo "=== Claude Gate Installer ==="
+echo ""
+
+# 1. Check Claude Code installation
+if [ ! -d "$CLAUDE_DIR" ]; then
+  echo "Error: ~/.claude directory not found."
+  echo "Please install Claude Code first: https://docs.anthropic.com/en/docs/claude-code"
+  exit 1
+fi
+echo "[1/5] Claude Code detected."
+
+# 2. Copy agent files
+mkdir -p "$AGENTS_DIR"
+for agent in "${AGENTS[@]}"; do
+  if [ ! -f "$SCRIPT_DIR/agents/$agent" ]; then
+    echo "Error: Missing agent file: agents/$agent"
+    exit 1
+  fi
+  cp "$SCRIPT_DIR/agents/$agent" "$AGENTS_DIR/$agent"
+done
+echo "[2/5] Installed ${#AGENTS[@]} agents to $AGENTS_DIR"
+
+# 3. Copy gate command
+mkdir -p "$COMMANDS_DIR"
+if [ ! -f "$SCRIPT_DIR/commands/gate.md" ]; then
+  echo "Error: Missing command file: commands/gate.md"
+  exit 1
+fi
+cp "$SCRIPT_DIR/commands/gate.md" "$COMMANDS_DIR/gate.md"
+echo "[3/5] Installed /gate command to $COMMANDS_DIR"
+
+# 4. Append snippet to CLAUDE.md (if not already present)
+if [ -f "$CLAUDE_MD" ] && grep -q "GATE-SYSTEM-START" "$CLAUDE_MD"; then
+  echo "[4/5] Gate System already present in CLAUDE.md (skipped)"
+else
+  # Backup existing CLAUDE.md
+  if [ -f "$CLAUDE_MD" ]; then
+    cp "$CLAUDE_MD" "$CLAUDE_MD.bak"
+    echo "     Backed up existing CLAUDE.md to CLAUDE.md.bak"
+  fi
+  # Append snippet
+  echo "" >> "$CLAUDE_MD"
+  cat "$SCRIPT_DIR/claude-md-snippet.md" >> "$CLAUDE_MD"
+  echo "[4/5] Added Gate System to CLAUDE.md"
+fi
+
+# 5. Done
+echo "[5/5] Installation complete!"
+echo ""
+echo "Usage:"
+echo "  /gate           Auto-detect phase and run gate"
+echo "  /gate spec      Run Spec Gate"
+echo "  /gate design    Run Design Gate"
+echo "  /gate code      Run Task Gate (code review)"
+echo "  /gate release   Run Release Gate (code + security)"
+echo "  /gate status    Show gate statuses"
+echo ""
+echo "To uninstall: ./uninstall.sh"

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@oreo-mcflurry-majang/claude-gate",
+  "version": "1.0.3",
+  "description": "4-Phase Quality Gate System for Claude Code",
+  "bin": {
+    "claude-gate": "./bin/claude-gate"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "quality-gate",
+    "code-review",
+    "security-review",
+    "ai",
+    "plugin"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Oreo-Mcflurry/claude-gate.git"
+  },
+  "homepage": "https://github.com/Oreo-Mcflurry/claude-gate",
+  "author": "Oreo-Mcflurry",
+  "license": "MIT",
+  "files": [
+    "bin/",
+    "agents/",
+    "commands/",
+    "claude-md-snippet.md",
+    "install.sh",
+    "uninstall.sh"
+  ]
+}

package/uninstall.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Claude Gate - Uninstallation Script
+# Removes the 4-Phase Quality Gate System from Claude Code
+
+CLAUDE_DIR="$HOME/.claude"
+AGENTS_DIR="$CLAUDE_DIR/agents"
+COMMANDS_DIR="$CLAUDE_DIR/commands"
+CLAUDE_MD="$CLAUDE_DIR/CLAUDE.md"
+
+AGENTS=(
+  "gate-keeper.md"
+  "spec-reviewer.md"
+  "design-reviewer.md"
+  "code-reviewer.md"
+  "security-reviewer.md"
+)
+
+echo "=== Claude Gate Uninstaller ==="
+echo ""
+
+# 1. Remove agent files
+removed=0
+for agent in "${AGENTS[@]}"; do
+  if [ -f "$AGENTS_DIR/$agent" ]; then
+    rm "$AGENTS_DIR/$agent"
+    ((removed++))
+  fi
+done
+echo "[1/3] Removed $removed agent(s) from $AGENTS_DIR"
+
+# 2. Remove gate command
+if [ -f "$COMMANDS_DIR/gate.md" ]; then
+  rm "$COMMANDS_DIR/gate.md"
+  echo "[2/3] Removed /gate command from $COMMANDS_DIR"
+else
+  echo "[2/3] /gate command not found (skipped)"
+fi
+
+# 3. Remove Gate System section from CLAUDE.md
+if [ -f "$CLAUDE_MD" ] && grep -q "GATE-SYSTEM-START" "$CLAUDE_MD"; then
+  # Use sed to remove everything between markers (inclusive)
+  if [[ "$(uname)" == "Darwin" ]]; then
+    sed -i '' '/<!-- GATE-SYSTEM-START -->/,/<!-- GATE-SYSTEM-END -->/d' "$CLAUDE_MD"
+  else
+    sed -i '/<!-- GATE-SYSTEM-START -->/,/<!-- GATE-SYSTEM-END -->/d' "$CLAUDE_MD"
+  fi
+  # Remove trailing blank lines left behind
+  if [[ "$(uname)" == "Darwin" ]]; then
+    sed -i '' -e :a -e '/^\n*$/{$d;N;ba' -e '}' "$CLAUDE_MD"
+  else
+    sed -i -e :a -e '/^\n*$/{$d;N;ba' -e '}' "$CLAUDE_MD"
+  fi
+  echo "[3/3] Removed Gate System section from CLAUDE.md"
+else
+  echo "[3/3] Gate System not found in CLAUDE.md (skipped)"
+fi
+
+echo ""
+echo "Claude Gate has been uninstalled."