@paulduvall/claude-dev-toolkit 0.0.1-alpha.2 → 0.0.1-alpha.21

package/commands/experiments/xevaluate.md

@@ -0,0 +1,111 @@
+---
+description: Comprehensive evaluation and assessment tools for code quality and project health
+tags: [evaluation, assessment, quality, metrics, analysis]
+---
+
+Perform comprehensive evaluation and assessment based on the arguments provided in $ARGUMENTS.
+
+First, examine the project structure and available metrics:
+!find . -name "*.py" -o -name "*.js" -o -name "*.ts" | head -15
+!ls -la | grep -E "(test|spec|coverage|metrics)"
+!git log --oneline -10 2>/dev/null || echo "No git repository found"
+
+Based on $ARGUMENTS, perform the appropriate evaluation:
+
+## 1. Code Quality Assessment
+
+If evaluating quality (--quality):
+!python -m flake8 . --count 2>/dev/null || echo "No Python linting available"
+!eslint . --format compact 2>/dev/null || echo "No JavaScript linting available"
+!find . -name "*.py" -exec wc -l {} \; | awk '{sum+=$1} END {print "Total Python lines:", sum}'
+
+Analyze code quality metrics:
+- Code complexity and maintainability
+- Test coverage percentage
+- Linting and style violations
+- Documentation coverage
+- Technical debt indicators
+
+## 2. Project Health Evaluation
+
+If evaluating project health (--project):
+!git log --since="30 days ago" --pretty=format:"%h %s" | wc -l
+!git log --since="30 days ago" --pretty=format:"%an" | sort | uniq -c | sort -nr
+!find . -name "TODO" -o -name "FIXME" | xargs grep -i "todo\|fixme" | wc -l 2>/dev/null || echo "0"
+
+Assess project health indicators:
+- Development velocity and commit frequency
+- Issue resolution rate
+- Technical debt accumulation
+- Team collaboration patterns
+- Release readiness
+
+## 3. Team Performance Assessment
+
+If evaluating team performance (--team):
+!git shortlog -sn --since="30 days ago" 2>/dev/null || echo "No git history available"
+!git log --since="7 days ago" --pretty=format:"%ad" --date=short | sort | uniq -c
+
+Evaluate team metrics:
+- Individual and team velocity
+- Code review participation
+- Knowledge sharing patterns
+- Skill development indicators
+- Collaboration effectiveness
+
+## 4. Process Effectiveness Analysis
+
+If evaluating process (--process):
+!find . -name "*.yml" -o -name "*.yaml" | grep -E "(ci|pipeline|workflow)" | head -5
+!ls -la .github/workflows/ 2>/dev/null || echo "No GitHub workflows found"
+!find . -name "*test*" | wc -l
+
+Analyze development processes:
+- CI/CD pipeline effectiveness
+- Testing process maturity
+- Code review process efficiency
+- Release management effectiveness
+- Incident response capabilities
+
+## 5. Comprehensive Reporting
+
+If generating reports (--report):
+!date
+!uptime
+!df -h . | tail -1
+
+Generate evaluation metrics:
+- Overall project health score
+- Quality trend analysis
+- Risk assessment summary
+- Improvement recommendations
+- Benchmarking against industry standards
+
+Think step by step about the evaluation results and provide:
+
+1. **Current Status Assessment**:
+   - Overall health score (0-100)
+   - Key strengths identified
+   - Critical areas for improvement
+   - Risk factors and mitigation strategies
+
+2. **Trend Analysis**:
+   - Performance trends over time
+   - Quality trajectory
+   - Team productivity patterns
+   - Process improvement opportunities
+
+3. **Actionable Recommendations**:
+   - Prioritized improvement actions
+   - Resource allocation suggestions
+   - Timeline for improvements
+   - Success metrics and KPIs
+
+4. **Benchmarking Results**:
+   - Industry standard comparisons
+   - Best practice alignment
+   - Competitive positioning
+   - Excellence opportunities
+
+Generate comprehensive evaluation report with specific, actionable insights and improvement roadmap.
+

package/commands/experiments/xfootnote.md

@@ -0,0 +1,12 @@
+---
+description: Track machine-readable requirement links for SpecDriven AI development
+tags: [requirements, traceability, specifications, footnotes, coverage]
+---
+
+Track and manage requirement links based on the arguments provided in $ARGUMENTS.
+
+First, verify this is a SpecDriven AI project structure:
+!ls -la specs/ 2>/dev/null || echo "No specs directory found"
+!find specs/specifications/ -name "*.md" 2>/dev/null | head -5 || echo "No specifications found"
+
+Based on $ARGUMENTS, perform the appropriate footnote operation:\n\n## 1. Find Requirements by ID\n\nIf finding requirements (--find):\n!grep -r \"#{#$footnote_id\" specs/specifications/ 2>/dev/null || echo \"Footnote ID not found\"\n!grep -r \"authority=\" specs/specifications/ | grep \"$footnote_id\" | head -1\n\nSearch for:\n- Specification containing the footnote ID\n- Authority level (system/platform/developer)\n- Context and description\n- Related requirements\n\n## 2. Generate Next Available ID\n\nIf generating next ID (--next):\n!find specs/specifications/ -name \"*.md\" -exec grep -o \"#{#[a-z]\\{3\\}[0-9][a-z]\" {} \\; 2>/dev/null | sort | tail -5\n\nGenerate next footnote ID:\n- Extract component prefix (first 3 chars)\n- Find highest existing sequence number\n- Generate next available ID with proper format\n- Validate format: ^[a-z]{3}[0-9][a-z]\n\n## 3. Trace Test Implementations\n\nIf tracing implementations (--trace):\n!grep -r \"$footnote_id\" specs/tests/ 2>/dev/null || echo \"No tests found for $footnote_id\"\n!grep -r \"$footnote_id\" . --exclude-dir=specs --exclude-dir=.git 2>/dev/null | head -5\n\nTrace requirement implementation:\n- Find tests referencing the footnote ID\n- Locate code implementing the requirement\n- Check traceability links\n- Count implementation coverage\n\n## 4. Validate ID Format\n\nIf validating format (--validate):\n!echo \"$footnote_id\" | grep -E \"^[a-z]{3}[0-9][a-z]$\" >/dev/null && echo \"Valid format\" || echo \"Invalid format\"\n\nValidate footnote ID:\n- Check format compliance (3 letters + 1 digit + 1 letter)\n- Extract component prefix\n- Verify sequence number\n- Confirm version suffix\n\n## 5. Check Authority Level\n\nIf checking authority (--authority):\n!grep -r \"#{#$footnote_id.*authority=\" specs/specifications/ 2>/dev/null | grep -o \"authority=[^}]*\"\n\nDetermine authority level:\n- system: Critical system requirements (highest)\n- platform: Framework/infrastructure requirements (medium)\n- developer: Application/feature requirements (lowest)\n\n## 6. Dual Coverage Analysis\n\nIf checking coverage (--coverage):\n!grep -r \"$footnote_id\" specs/tests/ >/dev/null && echo \"✓ Has tests\" || echo \"✗ No tests\"\n!python -m pytest specs/tests/ --cov=. -q 2>/dev/null | grep \"TOTAL\" || echo \"Coverage analysis not available\"\n\nAnalyze dual coverage:\n- Specification coverage (tests exist for requirement)\n- Code coverage (tests execute relevant code)\n- Traceability coverage (links between spec-test-code)\n\nThink step by step about requirement traceability and provide:\n\n1. **Requirement Status**:\n   - Specification exists and is well-defined\n   - Authority level and compliance requirements\n   - Implementation completeness\n\n2. **Test Coverage**:\n   - Tests exist for the requirement\n   - Test quality and completeness\n   - Code coverage achieved by tests\n\n3. **Traceability Links**:\n   - Clear links from specification to tests\n   - Code references to requirement ID\n   - End-to-end traceability validation\n\n4. **Recommendations**:\n   - Missing tests or implementations\n   - Coverage improvement opportunities\n   - Traceability enhancement suggestions\n\nGenerate requirement traceability report with coverage metrics and improvement recommendations.\n\nIf no specific operation is provided, show available footnote IDs and their status.

package/commands/experiments/xgenerate.md

@@ -0,0 +1,117 @@
+---
+description: Auto-generate code, tests, and documentation from specifications using AI
+tags: [generation, ai, code, tests, documentation, automation]
+---
+
+Generate code, tests, and documentation based on the arguments provided in $ARGUMENTS.
+
+First, examine the project structure and identify generation targets:
+!find . -name "*.py" -o -name "*.js" -o -name "*.ts" | head -10
+!ls -la specs/ 2>/dev/null || echo "No specs directory found"
+!find specs/specifications/ -name "*.md" 2>/dev/null | head -5 || echo "No specifications found"
+
+Based on $ARGUMENTS, perform the appropriate code generation:
+
+## 1. Generate Tests from Specifications
+
+If generating tests (--test):
+!find specs/specifications/ -name "*.md" -exec grep -l "$spec_id" {} \; 2>/dev/null || echo "Specification not found"
+@specs/specifications/$specification_file 2>/dev/null || echo "Unable to read specification"
+
+Generate test file:
+- Extract requirements from specification
+- Create test cases covering all scenarios
+- Include proper traceability links to specification ID
+- Follow testing framework conventions (pytest, jest, etc.)
+- Add assertion patterns based on specification authority
+
+## 2. Generate Implementation Code
+
+If generating code (--code):
+!find . -name "*test*" | grep "$test_name" | head -1
+@$test_file 2>/dev/null || echo "Test file not found"
+
+Generate minimal implementation:
+- Analyze test requirements and assertions
+- Create minimal code to satisfy all tests
+- Follow project coding standards
+- Include proper error handling
+- Add docstrings and type hints
+
+## 3. Generate Schema Definitions
+
+If generating schema (--schema):
+!find . -name "*.py" -exec grep -l "$model_name" {} \; | head -3
+!python -c "import inspect; print('Python inspection available')" 2>/dev/null || echo "Python not available"
+
+Generate Pydantic schema:
+- Extract field definitions from existing models
+- Add proper type annotations
+- Include validation rules
+- Add field descriptions and examples
+- Handle relationships and dependencies
+
+## 4. Generate Documentation
+
+If generating documentation (--docs):
+!find . -name "*.py" -o -name "*.js" -o -name "*.ts" | xargs grep -l "$component" | head -5
+!python -c "import ast; print('AST parsing available')" 2>/dev/null || echo "AST parsing not available"
+
+Generate component documentation:
+- Extract docstrings and comments
+- Generate API reference documentation
+- Create usage examples
+- Add parameter and return type documentation
+- Include integration examples
+
+## 5. Generate Configuration Files
+
+If generating config (--config):
+!ls -la | grep -E "(config|env|yml|yaml|json|toml)"
+!find . -name "*.example" -o -name "*.template" | head -3
+
+Generate configuration:
+- Create environment-specific config files
+- Add validation schemas
+- Include default values and examples
+- Add documentation comments
+- Handle sensitive data properly
+
+## 6. Template-Based Generation
+
+Check for existing templates:
+!find . -name "*template*" -o -name "*scaffold*" | head -5
+!ls -la templates/ 2>/dev/null || echo "No templates directory"
+
+Use templates when available:
+- Load appropriate template for generation type
+- Replace placeholders with actual values
+- Customize based on project structure
+- Maintain consistent formatting
+
+Think step by step about the generation requirements and:
+
+1. **Analyze Input**:
+   - Understand the specification or test requirements
+   - Identify the target output format and structure
+   - Determine dependencies and relationships
+
+2. **Generate Content**:
+   - Create minimal, focused implementation
+   - Follow established patterns and conventions
+   - Include proper error handling and validation
+   - Add comprehensive documentation
+
+3. **Ensure Quality**:
+   - Validate generated code syntax
+   - Check compliance with project standards
+   - Verify traceability links are maintained
+   - Test generated code functionality
+
+4. **Integration**:
+   - Place generated files in appropriate locations
+   - Update imports and dependencies
+   - Integrate with existing codebase
+   - Maintain project structure consistency
+
+Generate high-quality, well-documented code that follows SpecDriven AI principles and integrates seamlessly with the existing project structure.

package/commands/experiments/xgovernance.md

@@ -0,0 +1,149 @@
+---
+description: Comprehensive development governance framework for policies, audits, and compliance
+tags: [governance, policies, audits, compliance, controls, standards]
+---
+
+Manage development governance based on the arguments provided in $ARGUMENTS.
+
+First, examine current governance structure and documentation:
+!find . -name "*policy*" -o -name "*governance*" -o -name "*compliance*" | head -10
+!ls -la | grep -E "(POLICY|COMPLIANCE|GOVERNANCE)"
+!find . -name "*.md" | grep -E "(policy|standard|procedure)" | head -5
+
+Based on $ARGUMENTS, perform the appropriate governance operation:
+
+## 1. Policy Management
+
+If managing policies (--policy):
+!find . -name "POLICY.md" -o -name "policies/" | head -3
+!grep -r "policy" . --include="*.md" | head -5
+
+Policy operations:
+- Create new development policies
+- Validate existing policy compliance
+- Update policies based on requirements
+- Track policy exceptions and approvals
+- Enforce policy across projects
+
+## 2. Governance Audit
+
+If running audit (--audit):
+!git log --since="30 days ago" --pretty=format:"%h %s" | head -10
+!find . -name "*audit*" -o -name "*review*" | head -5
+!ls -la .github/ 2>/dev/null || echo "No GitHub configuration found"
+
+Audit activities:
+- Review code quality standards compliance
+- Check security policy adherence
+- Validate development process maturity
+- Assess risk management effectiveness
+- Generate audit findings and recommendations
+
+## 3. Compliance Assessment
+
+If checking compliance (--compliance):
+!grep -r "compliance" . --include="*.md" --include="*.yml" | head -5
+!find . -name "*cert*" -o -name "*standard*" | head -3
+
+Compliance checks:
+- SOC 2 compliance validation
+- ISO 27001 adherence assessment
+- GDPR data protection compliance
+- Industry-specific regulatory requirements
+- Certification readiness evaluation
+
+## 4. Controls Implementation
+
+If managing controls (--controls):
+!find . -name "*.yml" -o -name "*.yaml" | grep -E "(workflow|action|pipeline)" | head -5
+!ls -la .github/workflows/ 2>/dev/null || echo "No CI/CD workflows found"
+
+Governance controls:
+- Implement automated compliance checks
+- Set up governance monitoring
+- Configure approval workflows
+- Establish access controls
+- Monitor control effectiveness
+
+## 5. Standards Management
+
+If managing standards (--standards):
+!find . -name "*standard*" -o -name "*guideline*" | head -5
+!python -m flake8 --version 2>/dev/null || echo "No Python linting standards"
+!eslint --version 2>/dev/null || echo "No JavaScript linting standards"
+
+Standards enforcement:
+- Define coding standards
+- Implement documentation standards
+- Establish security standards
+- Create architecture guidelines
+- Monitor standards compliance
+
+## 6. Review Processes
+
+If managing reviews (--review):
+!git log --grep="review" --oneline | head -5
+!find . -name "CODEOWNERS" -o -name "*review*" | head -3
+
+Review governance:
+- Code review requirements and processes
+- Architecture review checkpoints
+- Security review mandatory gates
+- Compliance review procedures
+- Approval workflow management
+
+## 7. Gap Analysis
+
+If performing gap analysis (--gap-analysis):
+!find . -name "*.md" | xargs grep -l "requirement" | head -5
+!grep -r "TODO\|FIXME" . --include="*.py" --include="*.js" | wc -l
+
+Identify gaps in:
+- Policy coverage and implementation
+- Compliance requirements fulfillment
+- Control effectiveness
+- Process maturity
+- Documentation completeness
+
+## 8. Metrics and Reporting
+
+If generating reports (--metrics, --dashboard):
+!git shortlog -sn --since="30 days ago" | head -10
+!find . -name "*test*" | wc -l
+!uptime
+
+Governance metrics:
+- Policy compliance rates
+- Audit finding resolution time
+- Control effectiveness measures
+- Process maturity indicators
+- Risk exposure levels
+
+Think step by step about governance requirements and provide:
+
+1. **Current State Assessment**:
+   - Existing governance structure
+   - Policy coverage and gaps
+   - Compliance status
+   - Control effectiveness
+
+2. **Risk Analysis**:
+   - Governance risk exposure
+   - Compliance risks
+   - Process risks
+   - Technology risks
+
+3. **Improvement Plan**:
+   - Priority governance actions
+   - Policy updates needed
+   - Control enhancements
+   - Process improvements
+
+4. **Implementation Roadmap**:
+   - Phased implementation approach
+   - Resource requirements
+   - Timeline and milestones
+   - Success metrics
+
+Generate comprehensive governance assessment with actionable recommendations for improving organizational governance maturity.
+

package/commands/experiments/xgreen.md

@@ -0,0 +1,66 @@
+---
+description: Make failing tests pass following TDD Green phase principles with minimal implementation
+tags: [tdd, testing, green-phase, minimal-implementation, specifications]
+---
+
+# /xgreen — Make Tests Pass
+
+Implement minimal code to make failing tests pass following TDD Green phase principles.
+
+Think step by step:
+1. Check for SpecDriven AI project structure and existing tests
+2. Identify currently failing tests and their requirements
+3. Guide minimal implementation to make tests pass
+4. Verify all tests pass before proceeding to refactor phase
+
+## Usage
+
+```bash
+/xgreen --minimal            # Implement just enough to pass
+/xgreen --check              # Verify tests pass
+```
+
+## Implementation Steps
+
+When implementing code to make tests pass:
+
+1. **For minimal implementation (--minimal)**:
+   - Check if SpecDriven AI project structure exists (specs/ directory)
+   - If not found, suggest running `!xsetup --env` to initialize
+   - Verify that failing tests exist in @specs/tests/
+   - If no tests found, suggest creating tests first with `/xred --spec <spec-id>`
+   - Run test suite to identify failing tests and their requirements
+   - Provide guidance on GREEN phase principles for minimal implementation
+   - After implementation, verify tests pass with detailed output
+
+2. **For verification (--check)**:
+   - Run comprehensive test suite with detailed reporting
+   - Show test coverage information if available
+   - Provide clear pass/fail status for GREEN phase completion
+   - Guide next steps in TDD workflow based on results
+
+3. **Error handling**:
+   - Validate project structure and test environment
+   - Handle cases where tests are already passing
+   - Provide clear feedback on test failures and requirements
+   - Suggest appropriate next steps based on current state
+
+## GREEN Phase Principles
+
+Guide implementation following these principles:
+- Make tests pass with MINIMAL code only
+- Don't worry about code quality or elegance yet
+- Hardcode values if necessary to make tests pass
+- Focus on making tests green, not perfect code
+- Avoid adding extra functionality beyond test requirements
+- Save optimization and refactoring for the next phase
+
+## Expected Outputs
+
+- Clear identification of failing tests and requirements
+- Guidance for minimal implementation strategies
+- Verification that all tests pass after implementation
+- Test coverage reporting when available
+- Next steps in TDD workflow (refactor or commit)
+
+Use $ARGUMENTS to handle command-line parameters and `!` prefix for running test commands and coverage analysis.

package/commands/experiments/xiac.md

@@ -0,0 +1,118 @@
+---
+description: Comprehensive Infrastructure as Code management with focus on AWS IAM, Terraform, CloudFormation, and infrastructure validation
+tags: [infrastructure, terraform, cloudformation, iam, aws, security, compliance]
+---
+
+Manage Infrastructure as Code operations based on the arguments provided in $ARGUMENTS.
+
+First, examine the current IaC setup:
+!find . -name "*.tf" -o -name "*.yml" -o -name "*.yaml" | grep -E "(terraform|cloudformation|infra)" | head -10
+!ls -la terraform/ cloudformation/ infrastructure/ iac/ 2>/dev/null || echo "No IaC directories found"
+!which terraform 2>/dev/null && terraform version || echo "Terraform not available"
+!which aws 2>/dev/null && aws --version || echo "AWS CLI not available"
+!docker --version 2>/dev/null || echo "Docker not available"
+
+Based on $ARGUMENTS, perform the appropriate Infrastructure as Code operation:
+
+## 1. Infrastructure Scanning and Discovery
+
+If scanning infrastructure (--scan, --discover, --inventory):
+!find . -name "*.tf" | head -10
+!find . -name "*.yml" -o -name "*.yaml" | xargs grep -l "Resources\|AWSTemplateFormatVersion" 2>/dev/null | head -5
+!aws sts get-caller-identity 2>/dev/null || echo "AWS credentials not configured"
+!aws iam list-roles --max-items 5 2>/dev/null || echo "No AWS access or roles not accessible"
+
+Scan and discover infrastructure:
+- Analyze existing IaC files and configurations
+- Discover cloud resources and dependencies
+- Generate infrastructure inventory
+- Detect configuration drift
+- Map resource relationships
+
+## 2. Terraform Operations
+
+If managing Terraform (--terraform, --tf-validate, --tf-plan):
+!terraform version 2>/dev/null || echo "Terraform not installed"
+!ls -la *.tf terraform/ 2>/dev/null || echo "No Terraform files found"
+!terraform init -backend=false 2>/dev/null || echo "Terraform not initialized"
+!terraform validate 2>/dev/null || echo "Terraform validation failed"
+
+Manage Terraform infrastructure:
+- Validate and format Terraform configurations
+- Plan and apply infrastructure changes
+- Manage Terraform state and modules
+- Handle provider configurations
+- Perform terraform operations safely
+
+## 3. CloudFormation Operations
+
+If managing CloudFormation (--cloudformation, --cf-validate, --cf-deploy):
+!find . -name "*.yml" -o -name "*.yaml" -o -name "*.json" | xargs grep -l "AWSTemplateFormatVersion" 2>/dev/null | head -5
+!aws cloudformation validate-template --template-body file://template.yml 2>/dev/null || echo "No valid CloudFormation templates found"
+!aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE UPDATE_COMPLETE 2>/dev/null | head -10 || echo "No CloudFormation access"
+
+Manage CloudFormation infrastructure:
+- Validate and lint CloudFormation templates
+- Deploy and manage CloudFormation stacks
+- Handle stack updates and rollbacks
+- Manage nested stacks and dependencies
+- Monitor stack events and status
+
+## 4. IAM Security Management
+
+If managing IAM (--iam-roles, --iam-policies, --iam-validate):
+!find . -name "*.tf" -o -name "*.yml" -o -name "*.yaml" | xargs grep -l "iam\|IAM" 2>/dev/null | head -5
+!aws iam list-roles --max-items 10 2>/dev/null || echo "IAM access not available"
+!grep -r "aws_iam\|AWS::IAM" . --include="*.tf" --include="*.yml" --include="*.yaml" | head -5 2>/dev/null
+
+Manage IAM security:
+- Analyze and validate IAM roles and policies
+- Check least privilege compliance
+- Scan for overly permissive policies
+- Validate IAM policy syntax and logic
+- Assess security posture and risks
+
+## 5. Security and Compliance Scanning
+
+If performing security analysis (--security-scan, --compliance, --secrets-scan):
+!pip install checkov 2>/dev/null || echo "Install checkov: pip install checkov"
+!checkov -f . --framework terraform cloudformation 2>/dev/null || echo "Checkov not available"
+!grep -r "password\|secret\|key" . --include="*.tf" --include="*.yml" --include="*.yaml" | grep -v "example\|template" | head -5 2>/dev/null
+
+Perform security analysis:
+- Scan for security vulnerabilities
+- Check compliance with security standards
+- Detect hardcoded secrets and credentials
+- Validate encryption and security controls
+- Generate security assessment reports
+
+Think step by step about Infrastructure as Code requirements and provide:
+
+1. **Current State Assessment**:
+   - Existing IaC tool usage and maturity
+   - Infrastructure security posture
+   - Compliance gaps and risks
+   - Resource organization and management
+
+2. **IaC Strategy**:
+   - Tool selection and standardization
+   - Module and template design patterns
+   - State management and collaboration
+   - Security and compliance integration
+
+3. **Implementation Plan**:
+   - IaC adoption and migration strategy
+   - CI/CD pipeline integration
+   - Testing and validation framework
+   - Team training and knowledge transfer
+
+4. **Operational Excellence**:
+   - Monitoring and drift detection
+   - Cost optimization strategies
+   - Disaster recovery and backup
+   - Continuous security assessment
+
+Generate comprehensive Infrastructure as Code management plan with security controls, compliance checks, automation strategies, and operational best practices.
+
+If no specific operation is provided, perform IaC readiness assessment and recommend implementation strategy based on current infrastructure setup and organizational needs.
+