@relipa/ai-flow-kit 0.0.6-beta.0 → 0.0.7-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/README.md +33 -13
  2. package/bin/aiflow.js +58 -2
  3. package/custom/mcp-presets/gitnexus.json +8 -0
  4. package/custom/rules/java/spring-boot-examples.md +329 -329
  5. package/custom/skills/generate-spec/SKILL.md +7 -0
  6. package/custom/skills/impact-analysis/SKILL.md +10 -0
  7. package/custom/skills/read-study-requirement/SKILL.md +11 -0
  8. package/custom/skills/review-plan/SKILL.md +15 -0
  9. package/custom/templates/spring-boot.md +224 -224
  10. package/docs/common/AIFLOW.md +12 -6
  11. package/docs/common/CHANGELOG.md +49 -5
  12. package/docs/common/QUICK_START.md +13 -11
  13. package/docs/common/cli-reference.md +23 -0
  14. package/package.json +2 -7
  15. package/scripts/checkpoint.js +46 -0
  16. package/scripts/doctor.js +192 -89
  17. package/scripts/gitnexus-worker.js +94 -0
  18. package/scripts/guide.js +42 -51
  19. package/scripts/hooks/session-start.js +274 -244
  20. package/scripts/hooks/session-stop.js +55 -0
  21. package/scripts/init.js +293 -18
  22. package/scripts/prompt.js +2 -2
  23. package/scripts/remove.js +54 -0
  24. package/scripts/task.js +446 -384
  25. package/scripts/update.js +14 -4
  26. package/scripts/use.js +41 -0
  27. package/upstream/.claude-plugin/marketplace.json +4 -4
  28. package/upstream/.claude-plugin/plugin.json +2 -4
  29. package/upstream/.cursor-plugin/plugin.json +2 -4
  30. package/upstream/docs/plans/2025-11-22-opencode-support-design.md +1 -1
  31. package/upstream/docs/plans/2025-11-28-skills-improvements-from-user-feedback.md +2 -2
  32. package/upstream/docs/testing.md +2 -2
  33. package/upstream/skills/subagent-driven-development/SKILL.md +5 -6
  34. package/upstream/skills/subagent-driven-development/implementer-prompt.md +2 -3
  35. package/upstream/skills/systematic-debugging/CREATION-LOG.md +1 -1
  36. package/upstream/skills/systematic-debugging/root-cause-tracing.md +1 -1
  37. package/upstream/skills/tdd-lean/SKILL.md +127 -0
  38. package/upstream/skills/using-git-worktrees/SKILL.md +4 -5
  39. package/upstream/skills/writing-plans/SKILL.md +3 -9
  40. package/upstream/tests/brainstorm-server/package-lock.json +36 -0
@@ -20,6 +20,16 @@ keywords: impact, refactor, breaking change, scope
20
20
 
21
21
  ### Step 1: Find all usage (Dependency Map)
22
22
 
23
+ **Preferred — If GitNexus MCP is available** (`.mcp.json` has `gitnexus` entry):
24
+ ```
25
+ impact("ClassName") → structured blast radius: callers, dependents, risk score
26
+ detect_changes() → reads current git diff, maps changed lines → affected symbols
27
+ ```
28
+ - Use `impact()` when you know the class/function name being modified.
29
+ - Use `detect_changes()` when starting Gate 4 review — it auto-detects what changed from git diff without needing to specify names.
30
+ - One call replaces all grep commands below. Proceed directly to Step 2 with the result.
31
+
32
+ **Fallback — grep manually** (if GitNexus not configured):
23
33
  ```bash
24
34
  # Find all files importing/calling the class/function being modified
25
35
  grep -r "ClassName\|functionName\|methodName" --include="*.php" .
@@ -28,6 +28,13 @@ Check `mode` in `.aiflow/context/current.json` before starting:
28
28
 
29
29
  > Target: Gate 1 complete in **< 5 minutes**, minimum token usage.
30
30
 
31
+ ## Fast Mode Output Rules (CRITICAL)
32
+
33
+ When creating `plan/[ticket-id]/summary.md` during Gate 1:
34
+ - You must create the `summary.md` file after Gate 1 is APPROVED, to track session progress.
35
+ - Keep `summary.md` concise. Only include short bullet points tracking Gates.
36
+ - Do not write verbose implementation details in `summary.md` at Gate 1.
37
+
31
38
  1. Read `.aiflow/context/current.json` — ticket title, description, acceptance criteria
32
39
  2. Identify **directly affected files** from ticket text and file names only.
33
40
  DO NOT trace data flow or read unrelated source files.
@@ -73,6 +80,10 @@ Check `mode` in `.aiflow/context/current.json` before starting:
73
80
  1. Read `.aiflow/context/current.json` — ticket info from Backlog/Jira
74
81
  2. Read `CLAUDE.md` — understand project architecture, tech stack, conventions
75
82
  3. Read related source files — trace data flow, identify patterns, dependencies
83
+ - **If GitNexus MCP is available** (`.mcp.json` has `gitnexus` entry): invoke GitNexus MCP tools instead of reading files directly — one call returns full context without multi-file exploration:
84
+ - `gitnexus: context("ClassName")` → 360° view of a symbol (dependencies, callers, methods)
85
+ - `gitnexus: query("keyword or description")` → hybrid search across codebase
86
+ - Saves ~50% of token cost at this step vs reading files manually
76
87
  - **If task is a Bug Fix:** Invoke `superpowers:systematic-debugging` to trace root cause before proposing fixes.
77
88
  4. Read ticket comments — additional context from PM/team
78
89
 
@@ -41,6 +41,21 @@ Assess impact by reasoning about the changed files only:
41
41
  - [ ] No hardcoded credentials or secrets
42
42
  - [ ] No SQL injection risk in new queries
43
43
 
44
+ ## Fast Mode Output Rules (CRITICAL)
45
+
46
+ When creating `plan/[ticket-id]/summary.md` in **fast mode**:
47
+ - **Do not write long explanations or descriptions.**
48
+ - **List format only:** Bullet points with `[NEW]`, `[MODIFIED]`, `[DELETED]`.
49
+ - **Purpose:** Next to each file, write exactly 1 sentence explaining the *purpose* (the "why"), not the implementation details.
50
+
51
+ **Example summary.md block:**
52
+ ```markdown
53
+ ### Gate 3 — Code
54
+ - ✅ **Implemented batch endpoints**
55
+ - \`[NEW] src/controllers/BatchController.ts\`: Handle bulk export requests
56
+ - \`[MODIFIED] src/services/ExportService.ts\`: Added S3 upload integration
57
+ ```
58
+
44
59
  ---
45
60
 
46
61
  ## Process
@@ -1,224 +1,224 @@
1
- # Spring Boot AI System Prompt
2
-
3
- You are an expert Java Spring Boot developer. Follow these specific rules when generating or modifying code in this project.
4
-
5
- > **Code examples:** See `.rules/java/spring-boot-examples.md` — read it when generating code for a specific layer.
6
-
7
- ---
8
-
9
- ## Project Stack
10
-
11
- - **Java:** 17+
12
- - **Spring Boot:** 3.x
13
- - **Build Tool:** Maven (prefer) or Gradle
14
- - **ORM:** Spring Data JPA + Hibernate
15
- - **Database:** MySQL / PostgreSQL
16
- - **Testing:** JUnit 5 + Mockito + AssertJ
17
- - **Utilities:** Lombok, MapStruct
18
- - **API Style:** RESTful JSON
19
-
20
- ---
21
-
22
- ## Architecture
23
-
24
- Follow strict **Layered Architecture**:
25
-
26
- ```
27
- Controller (HTTP layer)
28
-
29
- Service (Business logic)
30
-
31
- Repository (Data access - Spring Data JPA)
32
-
33
- Entity / Domain Model
34
- ```
35
-
36
- ### Package Structure
37
-
38
- ```
39
- com.company.project/
40
- ├── controller/ # \@RestController — HTTP endpoints only
41
- ├── service/
42
- │ ├── impl/ # \@Service — business logic implementation
43
- │ └── [Interface].java
44
- ├── repository/ # \@Repository — extends JpaRepository
45
- ├── entity/ # \@Entity — JPA entities
46
- ├── dto/
47
- │ ├── request/ # Input DTOs (e.g. CreateUserRequest)
48
- │ └── response/ # Output DTOs (e.g. UserResponse)
49
- ├── mapper/ # MapStruct mappers (Entity ↔ DTO)
50
- ├── exception/
51
- │ ├── GlobalExceptionHandler.java # \@RestControllerAdvice
52
- │ └── [CustomException].java
53
- ├── config/ # \@Configuration classes
54
- └── util/ # Pure utility helpers (stateless)
55
- ```
56
-
57
- ---
58
-
59
- ## Controller Rules
60
-
61
- - Annotate with `\@RestController` + `\@RequestMapping`
62
- - **Only** handle HTTP concerns: parse request, call service, return response
63
- - Never put business logic in Controller
64
- - Always use DTOs — never expose Entity directly
65
- - Use `ResponseEntity<T>` for explicit HTTP status control
66
- - Validate input with `\@Valid` + Bean Validation annotations
67
-
68
- ---
69
-
70
- ## Service Rules
71
-
72
- - Always define an **interface**, implement in the `impl/` package
73
- - Annotate implementation with `\@Service`
74
- - All business logic lives here
75
- - Use `\@Transactional` at the method level (not class level)
76
- - Throw specific custom exceptions, not generic `RuntimeException`
77
- - Never return an Entity — always convert to DTO via Mapper
78
-
79
- ---
80
-
81
- ## Repository Rules
82
-
83
- - Extend `JpaRepository<Entity, ID>`
84
- - Use **method name queries** for simple queries
85
- - Use `\@Query` (JPQL) for complex queries — avoid native SQL unless necessary
86
- - Never add business logic here
87
- - Use `\@EntityGraph` to solve N+1 problems
88
-
89
- ---
90
-
91
- ## Entity Rules
92
-
93
- - Use Lombok: `\@Getter`, `\@Setter`, `\@NoArgsConstructor`, `\@AllArgsConstructor`, `\@Builder`
94
- - Avoid `\@Data` on entities (causes issues with `equals/hashCode` + lazy loading)
95
- - Always use `\@Table(name = "snake_case_table_name")`
96
- - Use `\@Column(name = "snake_case_column_name")` explicitly
97
- - For soft delete: add `deleted` boolean + `deletedAt` timestamp
98
- - Extend `BaseEntity` for audit fields (`createdAt`, `updatedAt`)
99
-
100
- ---
101
-
102
- ## DTO Rules
103
-
104
- - Use separate DTOs for **Request** and **Response** — never share
105
- - Use Lombok: `\@Getter`, `\@Builder`, `\@AllArgsConstructor`, `\@NoArgsConstructor`
106
- - Validate in the Request DTO with Bean Validation (`\@NotBlank`, `\@Email`, `\@NotNull`, `\@Size`)
107
- - Never expose internal fields (password hash, audit timestamps) in the Response DTO
108
-
109
- ---
110
-
111
- ## MapStruct Mapper Rules
112
-
113
- - Use `\@Mapper(componentModel = "spring")` — inject as a Spring bean
114
- - Define explicit mappings with `\@Mapping` when field names differ
115
- - Never do manual mapping (`new DTO(); dto.setField(entity.getField())`)
116
-
117
- ---
118
-
119
- ## Exception Handling
120
-
121
- - Create custom exceptions extending `RuntimeException`
122
- - Handle all exceptions in one `\@RestControllerAdvice` class
123
- - Return a consistent error response format
124
- - Never expose stack traces to the client
125
-
126
- ---
127
-
128
- ## Testing Rules
129
-
130
- ### Unit Tests (Service layer)
131
- - Test class: `[ServiceImpl]Test.java`
132
- - Mock all dependencies with `\@ExtendWith(MockitoExtension.class)` + `\@Mock`
133
- - Test happy path + edge cases + exception scenarios
134
- - Use AssertJ: `assertThat(result).isEqualTo(expected)`
135
-
136
- ### Integration Tests (Controller layer)
137
- - Use `\@SpringBootTest` + `\@AutoConfigureMockMvc`
138
- - Test full HTTP flow with `MockMvc`
139
- - Use `\@Sql` or Testcontainers for database state
140
-
141
- ---
142
-
143
- ## Naming Conventions
144
-
145
- | Element | Convention | Example |
146
- |---------|-----------|---------|
147
- | Class | PascalCase | `UserService`, `OrderController` |
148
- | Method | camelCase | `findById`, `createOrder` |
149
- | Variable | camelCase | `userResponse`, `orderId` |
150
- | Constant | UPPER_SNAKE_CASE | `MAX_RETRY_COUNT` |
151
- | Package | lowercase | `com.company.project.service` |
152
- | DB Table | snake_case | `user_orders`, `product_items` |
153
- | DB Column | snake_case | `created_at`, `user_id` |
154
- | REST endpoint | kebab-case | `/api/v1/user-profiles` |
155
- | Request DTO | `[Action][Resource]Request` | `CreateOrderRequest` |
156
- | Response DTO | `[Resource]Response` | `OrderResponse` |
157
-
158
- ---
159
-
160
- ## API Design
161
-
162
- - Version all APIs: `/api/v1/...`
163
- - Use plural nouns for resources: `/users`, `/orders`
164
- - HTTP methods: `GET` (read), `POST` (create), `PUT` (full update), `PATCH` (partial), `DELETE`
165
- - Return `201 Created` for POST, `200 OK` for GET/PUT/PATCH, `204 No Content` for DELETE
166
- - Use consistent pagination: `?page=0&size=20&sort=createdAt,desc`
167
-
168
- ```
169
- GET /api/v1/users → 200 list
170
- POST /api/v1/users → 201 created
171
- GET /api/v1/users/{id} → 200 or 404
172
- PUT /api/v1/users/{id} → 200 or 404
173
- DELETE /api/v1/users/{id} → 204 or 404
174
- GET /api/v1/users/{id}/orders → 200 nested resource
175
- ```
176
-
177
- ---
178
-
179
- ## Performance Rules
180
-
181
- - Always use pagination — never return unbounded lists
182
- - Avoid N+1: use `\@EntityGraph` or `JOIN FETCH` in JPQL
183
- - Add database indexes on frequently queried columns
184
- - Use `\@Transactional(readOnly = true)` on read-only service methods
185
- - For heavy read operations, consider projection interfaces
186
-
187
- ---
188
-
189
- ## Security Rules
190
-
191
- - Never log passwords, tokens, or sensitive PII
192
- - Hash passwords with BCrypt: `passwordEncoder.encode(rawPassword)`
193
- - Validate and sanitize all user inputs via Bean Validation
194
- - Use `\@PreAuthorize` for method-level security
195
- - Never return stack traces to API consumers
196
- - Store secrets in environment variables / Vault — never in code
197
-
198
- ---
199
-
200
- ## Logging Rules
201
-
202
- - Use SLF4J with Lombok `\@Slf4j`
203
- - `log.info` — normal business events
204
- - `log.warn` — recoverable issues (not found, validation fail)
205
- - `log.error` — unexpected exceptions (always include `ex` as the second argument)
206
- - Never log sensitive data (password, credit card, token)
207
-
208
- ---
209
-
210
- ## Common Anti-Patterns to Avoid
211
-
212
- - ❌ `\@Autowired` field injection → use constructor injection (Lombok `\@RequiredArgsConstructor`)
213
- - ❌ `\@Data` on JPA entities → use `\@Getter \@Setter` separately
214
- - ❌ Returning `Entity` directly from Controller → always use DTO
215
- - ❌ `SELECT *` or unbounded `findAll()` → always paginate
216
- - ❌ Business logic in Controller → move to Service
217
- - ❌ Catching and swallowing exceptions → handle properly or rethrow
218
- - ❌ `new RuntimeException("something")` → create a specific custom exception
219
- - ❌ Hardcoding config values → use `\@Value` or `\@ConfigurationProperties`
220
- - ❌ `\@Transactional` on Controller → only on Service methods
221
-
222
- ---
223
-
224
- When explaining changes, refer to the [Spring Boot Official Documentation](https://docs.spring.io/spring-boot/docs/current/reference/html/) and [Spring Data JPA](https://docs.spring.io/spring-data/jpa/docs/current/reference/html/) conventions.
1
+ # Spring Boot AI System Prompt
2
+
3
+ You are an expert Java Spring Boot developer. Follow these specific rules when generating or modifying code in this project.
4
+
5
+ > **Code examples:** See `.rules/java/spring-boot-examples.md` — read it when generating code for a specific layer.
6
+
7
+ ---
8
+
9
+ ## Project Stack
10
+
11
+ - **Java:** 17+
12
+ - **Spring Boot:** 3.x
13
+ - **Build Tool:** Maven (prefer) or Gradle
14
+ - **ORM:** Spring Data JPA + Hibernate
15
+ - **Database:** MySQL / PostgreSQL
16
+ - **Testing:** JUnit 5 + Mockito + AssertJ
17
+ - **Utilities:** Lombok, MapStruct
18
+ - **API Style:** RESTful JSON
19
+
20
+ ---
21
+
22
+ ## Architecture
23
+
24
+ Follow strict **Layered Architecture**:
25
+
26
+ ```
27
+ Controller (HTTP layer)
28
+
29
+ Service (Business logic)
30
+
31
+ Repository (Data access - Spring Data JPA)
32
+
33
+ Entity / Domain Model
34
+ ```
35
+
36
+ ### Package Structure
37
+
38
+ ```
39
+ com.company.project/
40
+ ├── controller/ # \@RestController — HTTP endpoints only
41
+ ├── service/
42
+ │ ├── impl/ # \@Service — business logic implementation
43
+ │ └── [Interface].java
44
+ ├── repository/ # \@Repository — extends JpaRepository
45
+ ├── entity/ # \@Entity — JPA entities
46
+ ├── dto/
47
+ │ ├── request/ # Input DTOs (e.g. CreateUserRequest)
48
+ │ └── response/ # Output DTOs (e.g. UserResponse)
49
+ ├── mapper/ # MapStruct mappers (Entity ↔ DTO)
50
+ ├── exception/
51
+ │ ├── GlobalExceptionHandler.java # \@RestControllerAdvice
52
+ │ └── [CustomException].java
53
+ ├── config/ # \@Configuration classes
54
+ └── util/ # Pure utility helpers (stateless)
55
+ ```
56
+
57
+ ---
58
+
59
+ ## Controller Rules
60
+
61
+ - Annotate with `\@RestController` + `\@RequestMapping`
62
+ - **Only** handle HTTP concerns: parse request, call service, return response
63
+ - Never put business logic in Controller
64
+ - Always use DTOs — never expose Entity directly
65
+ - Use `ResponseEntity<T>` for explicit HTTP status control
66
+ - Validate input with `\@Valid` + Bean Validation annotations
67
+
68
+ ---
69
+
70
+ ## Service Rules
71
+
72
+ - Always define an **interface**, implement in the `impl/` package
73
+ - Annotate implementation with `\@Service`
74
+ - All business logic lives here
75
+ - Use `\@Transactional` at the method level (not class level)
76
+ - Throw specific custom exceptions, not generic `RuntimeException`
77
+ - Never return an Entity — always convert to DTO via Mapper
78
+
79
+ ---
80
+
81
+ ## Repository Rules
82
+
83
+ - Extend `JpaRepository<Entity, ID>`
84
+ - Use **method name queries** for simple queries
85
+ - Use `\@Query` (JPQL) for complex queries — avoid native SQL unless necessary
86
+ - Never add business logic here
87
+ - Use `\@EntityGraph` to solve N+1 problems
88
+
89
+ ---
90
+
91
+ ## Entity Rules
92
+
93
+ - Use Lombok: `\@Getter`, `\@Setter`, `\@NoArgsConstructor`, `\@AllArgsConstructor`, `\@Builder`
94
+ - Avoid `\@Data` on entities (causes issues with `equals/hashCode` + lazy loading)
95
+ - Always use `\@Table(name = "snake_case_table_name")`
96
+ - Use `\@Column(name = "snake_case_column_name")` explicitly
97
+ - For soft delete: add `deleted` boolean + `deletedAt` timestamp
98
+ - Extend `BaseEntity` for audit fields (`createdAt`, `updatedAt`)
99
+
100
+ ---
101
+
102
+ ## DTO Rules
103
+
104
+ - Use separate DTOs for **Request** and **Response** — never share
105
+ - Use Lombok: `\@Getter`, `\@Builder`, `\@AllArgsConstructor`, `\@NoArgsConstructor`
106
+ - Validate in the Request DTO with Bean Validation (`\@NotBlank`, `\@Email`, `\@NotNull`, `\@Size`)
107
+ - Never expose internal fields (password hash, audit timestamps) in the Response DTO
108
+
109
+ ---
110
+
111
+ ## MapStruct Mapper Rules
112
+
113
+ - Use `\@Mapper(componentModel = "spring")` — inject as a Spring bean
114
+ - Define explicit mappings with `\@Mapping` when field names differ
115
+ - Never do manual mapping (`new DTO(); dto.setField(entity.getField())`)
116
+
117
+ ---
118
+
119
+ ## Exception Handling
120
+
121
+ - Create custom exceptions extending `RuntimeException`
122
+ - Handle all exceptions in one `\@RestControllerAdvice` class
123
+ - Return a consistent error response format
124
+ - Never expose stack traces to the client
125
+
126
+ ---
127
+
128
+ ## Testing Rules
129
+
130
+ ### Unit Tests (Service layer)
131
+ - Test class: `[ServiceImpl]Test.java`
132
+ - Mock all dependencies with `\@ExtendWith(MockitoExtension.class)` + `\@Mock`
133
+ - Test happy path + edge cases + exception scenarios
134
+ - Use AssertJ: `assertThat(result).isEqualTo(expected)`
135
+
136
+ ### Integration Tests (Controller layer)
137
+ - Use `\@SpringBootTest` + `\@AutoConfigureMockMvc`
138
+ - Test full HTTP flow with `MockMvc`
139
+ - Use `\@Sql` or Testcontainers for database state
140
+
141
+ ---
142
+
143
+ ## Naming Conventions
144
+
145
+ | Element | Convention | Example |
146
+ |---------|-----------|---------|
147
+ | Class | PascalCase | `UserService`, `OrderController` |
148
+ | Method | camelCase | `findById`, `createOrder` |
149
+ | Variable | camelCase | `userResponse`, `orderId` |
150
+ | Constant | UPPER_SNAKE_CASE | `MAX_RETRY_COUNT` |
151
+ | Package | lowercase | `com.company.project.service` |
152
+ | DB Table | snake_case | `user_orders`, `product_items` |
153
+ | DB Column | snake_case | `created_at`, `user_id` |
154
+ | REST endpoint | kebab-case | `/api/v1/user-profiles` |
155
+ | Request DTO | `[Action][Resource]Request` | `CreateOrderRequest` |
156
+ | Response DTO | `[Resource]Response` | `OrderResponse` |
157
+
158
+ ---
159
+
160
+ ## API Design
161
+
162
+ - Version all APIs: `/api/v1/...`
163
+ - Use plural nouns for resources: `/users`, `/orders`
164
+ - HTTP methods: `GET` (read), `POST` (create), `PUT` (full update), `PATCH` (partial), `DELETE`
165
+ - Return `201 Created` for POST, `200 OK` for GET/PUT/PATCH, `204 No Content` for DELETE
166
+ - Use consistent pagination: `?page=0&size=20&sort=createdAt,desc`
167
+
168
+ ```
169
+ GET /api/v1/users → 200 list
170
+ POST /api/v1/users → 201 created
171
+ GET /api/v1/users/{id} → 200 or 404
172
+ PUT /api/v1/users/{id} → 200 or 404
173
+ DELETE /api/v1/users/{id} → 204 or 404
174
+ GET /api/v1/users/{id}/orders → 200 nested resource
175
+ ```
176
+
177
+ ---
178
+
179
+ ## Performance Rules
180
+
181
+ - Always use pagination — never return unbounded lists
182
+ - Avoid N+1: use `\@EntityGraph` or `JOIN FETCH` in JPQL
183
+ - Add database indexes on frequently queried columns
184
+ - Use `\@Transactional(readOnly = true)` on read-only service methods
185
+ - For heavy read operations, consider projection interfaces
186
+
187
+ ---
188
+
189
+ ## Security Rules
190
+
191
+ - Never log passwords, tokens, or sensitive PII
192
+ - Hash passwords with BCrypt: `passwordEncoder.encode(rawPassword)`
193
+ - Validate and sanitize all user inputs via Bean Validation
194
+ - Use `\@PreAuthorize` for method-level security
195
+ - Never return stack traces to API consumers
196
+ - Store secrets in environment variables / Vault — never in code
197
+
198
+ ---
199
+
200
+ ## Logging Rules
201
+
202
+ - Use SLF4J with Lombok `\@Slf4j`
203
+ - `log.info` — normal business events
204
+ - `log.warn` — recoverable issues (not found, validation fail)
205
+ - `log.error` — unexpected exceptions (always include `ex` as the second argument)
206
+ - Never log sensitive data (password, credit card, token)
207
+
208
+ ---
209
+
210
+ ## Common Anti-Patterns to Avoid
211
+
212
+ - ❌ `\@Autowired` field injection → use constructor injection (Lombok `\@RequiredArgsConstructor`)
213
+ - ❌ `\@Data` on JPA entities → use `\@Getter \@Setter` separately
214
+ - ❌ Returning `Entity` directly from Controller → always use DTO
215
+ - ❌ `SELECT *` or unbounded `findAll()` → always paginate
216
+ - ❌ Business logic in Controller → move to Service
217
+ - ❌ Catching and swallowing exceptions → handle properly or rethrow
218
+ - ❌ `new RuntimeException("something")` → create a specific custom exception
219
+ - ❌ Hardcoding config values → use `\@Value` or `\@ConfigurationProperties`
220
+ - ❌ `\@Transactional` on Controller → only on Service methods
221
+
222
+ ---
223
+
224
+ When explaining changes, refer to the [Spring Boot Official Documentation](https://docs.spring.io/spring-boot/docs/current/reference/html/) and [Spring Data JPA](https://docs.spring.io/spring-data/jpa/docs/current/reference/html/) conventions.
@@ -28,7 +28,7 @@ PM writes ticket on Backlog/Jira
28
28
 
29
29
  ⛩️ GATE 3 — Code Generation (TDD) [AI]
30
30
  AI writes tests first → implement → tests pass
31
- Commit each small step
31
+ Verify implementation works
32
32
  │ Code done
33
33
 
34
34
  ⛩️ GATE 4 — AI Self-Review [AI + DEV]
@@ -65,6 +65,7 @@ AI Flow Kit allows you to manage multiple tasks in the same repository without l
65
65
  - **`aiflow task pause`**: Save current context and gate progress to `.aiflow/tasks/<taskId>/`.
66
66
  - **`aiflow task switch <id>`**: Pause current task and switch to another.
67
67
  - **`aiflow task resume <id>`**: Restore context and gate state. AI auto-resumes from the correct gate.
68
+ - **`aiflow task next`**: Approve the current gate, clear context, and prepare the task for a fresh session (saves tokens).
68
69
 
69
70
  ---
70
71
 
@@ -182,7 +183,7 @@ Summary:
182
183
  1. Read the approved requirement document
183
184
  2. **Invoke** `superpowers:writing-plans` → create detailed implementation plan
184
185
  3. Break down into TDD tasks: test first → implement → verify
185
- 4. Define commit strategy (small, focused commits)
186
+ 4. Define verification strategy (evidence before claims)
186
187
  5. Present plan and wait for APPROVED
187
188
 
188
189
  **Implementation Plan Structure:**
@@ -193,7 +194,6 @@ Summary:
193
194
  │ ├── Task 2: Implement [component]
194
195
  │ ├── Task 3: Write test for [next scenario]
195
196
  │ └── ...
196
- ├── Commit Strategy
197
197
  └── Test Commands
198
198
  ```
199
199
 
@@ -202,7 +202,7 @@ Summary:
202
202
  ```
203
203
  ⏸️ GATE 2: IMPLEMENTATION PLAN READY
204
204
 
205
- Tasks: [N] | Commits: [N] | Test-first tasks: [N]
205
+ Tasks: [N] | Verification: [N] | Test-first tasks: [N]
206
206
 
207
207
  → Type APPROVED to start coding
208
208
  → Or provide feedback to adjust
@@ -227,7 +227,7 @@ Tasks: [N] | Commits: [N] | Test-first tasks: [N]
227
227
  2. `superpowers:test-driven-development` — write tests FIRST
228
228
  3. Run tests → confirm FAIL
229
229
  4. Implement code → tests PASS
230
- 5. Commit each small step
230
+ 5. Verify implementation works
231
231
 
232
232
  #### Bug fix task (extra):
233
233
  1. `superpowers:systematic-debugging` — trace root cause, NO guessing
@@ -238,10 +238,16 @@ Tasks: [N] | Commits: [N] | Test-first tasks: [N]
238
238
  1. Ensure tests cover current behavior
239
239
  2. Refactor in small steps — keep tests green continuously
240
240
 
241
+ **Fast Mode (tdd-lean):**
242
+ In fast mode, AI uses the `tdd-lean` skill instead of per-test TDD to save massive token costs:
243
+ 1. **Batch Red:** Write ALL tests at once. Run once. (Confirm all fail).
244
+ 2. **Batch Green:** Implement ALL code at once. Run once. (Confirm all pass).
245
+ 3. **Discipline:** After every run, discard full stack traces and keep ONLY the summary line.
246
+
241
247
  **Gate 3 Output:**
242
248
  - Code implementation finished
243
249
  - All tests PASS
244
- - Committed
250
+ - Verified (evidence provided)
245
251
 
246
252
  ---
247
253