@rrgarciach/flow-spec 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/init.js +91 -0
- package/package.json +28 -0
- package/template/.cursor/rules/use-base-rules.mdc +37 -0
- package/template/ai-specs/agents/backend-developer.md +121 -0
- package/template/ai-specs/agents/frontend-developer.md +134 -0
- package/template/ai-specs/agents/product-strategy-analyst.md +53 -0
- package/template/ai-specs/flow-spec-instructions.md +389 -0
- package/template/ai-specs/scripts/code_review.sh +35 -0
- package/template/ai-specs/skills/code-auditing/SKILL.md +155 -0
- package/template/ai-specs/skills/code-auditing/references/audit-methodology.md +371 -0
- package/template/ai-specs/skills/code-auditing/references/dead-code-methodology.md +261 -0
- package/template/ai-specs/skills/commit/SKILL.md +101 -0
- package/template/ai-specs/skills/enrich-us/SKILL.md +42 -0
- package/template/ai-specs/skills/explain/SKILL.md +84 -0
- package/template/ai-specs/skills/meta-prompt/SKILL.md +19 -0
- package/template/ai-specs/skills/update-docs/SKILL.md +13 -0
- package/template/ai-specs/skills/using-git-worktrees/SKILL.md +375 -0
- package/template/ai-specs/skills/writing-skills/SKILL.md +655 -0
- package/template/ai-specs/skills/writing-skills/anthropic-best-practices.md +1150 -0
- package/template/ai-specs/skills/writing-skills/examples/CLAUDE_MD_TESTING.md +189 -0
- package/template/ai-specs/skills/writing-skills/graphviz-conventions.dot +172 -0
- package/template/ai-specs/skills/writing-skills/persuasion-principles.md +187 -0
- package/template/ai-specs/skills/writing-skills/render-graphs.js +168 -0
- package/template/ai-specs/skills/writing-skills/testing-skills-with-subagents.md +384 -0
- package/template/docs/api-spec.yml +29 -0
- package/template/docs/backend-standards.md +53 -0
- package/template/docs/base-standards.md +114 -0
- package/template/docs/data-model.md +26 -0
- package/template/docs/development_guide.md +36 -0
- package/template/docs/documentation-standards.md +49 -0
- package/template/docs/frontend-standards.md +45 -0
|
@@ -0,0 +1,389 @@
|
|
|
1
|
+
# Flow Spec: a spec-driven toolkit for AI coding agents
|
|
2
|
+
|
|
3
|
+
<!-- TODO: add a project logo/banner here -->
|
|
4
|
+
|
|
5
|
+
Bring OpenSpec's spec-driven discipline into any codebase and hand your coding agent a full toolkit to work with.
|
|
6
|
+
|
|
7
|
+
This repository bundles a curated set of engineering rules, technical standards, and AI agent configuration meant to run consistently across several coding copilots. Drop the whole structure into a project and it starts producing AI-assisted work that follows the same conventions every time.
|
|
8
|
+
|
|
9
|
+
Pairs naturally with spec-driven frameworks such as [OpenSpec](https://github.com/Fission-AI/OpenSpec).
|
|
10
|
+
|
|
11
|
+
## 📁 Repository Structure
|
|
12
|
+
|
|
13
|
+
```
|
|
14
|
+
.
|
|
15
|
+
├── docs/ # Development standards and specifications
|
|
16
|
+
│ ├── base-standards.md # Core development rules (single source of truth)
|
|
17
|
+
│ ├── backend-standards.md
|
|
18
|
+
│ ├── frontend-standards.md
|
|
19
|
+
│ ├── documentation-standards.md
|
|
20
|
+
│ ├── api-spec.yml # OpenAPI specification
|
|
21
|
+
│ ├── data-model.md # Database and domain models
|
|
22
|
+
│ ├── development_guide.md
|
|
23
|
+
├── ai-specs/
|
|
24
|
+
│ ├── agents/ # Agent role definitions (backend, frontend, analyst, etc.)
|
|
25
|
+
│ └── skills/ # Reusable skill prompts/workflows
|
|
26
|
+
│
|
|
27
|
+
├── AGENTS.md # Generic agent configuration
|
|
28
|
+
├── CLAUDE.md # Claude-specific configuration
|
|
29
|
+
├── codex.md # GitHub Copilot/Codex configuration
|
|
30
|
+
└── GEMINI.md # Gemini-specific configuration
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## 🤖 Multi-Copilot Support
|
|
34
|
+
|
|
35
|
+
Rather than maintaining separate rule sets per tool, this repo relies on **symlinks and file-naming conventions** so multiple AI copilots can share one source of truth:
|
|
36
|
+
|
|
37
|
+
- **`AGENTS.md`** → generic instructions most copilots pick up
|
|
38
|
+
- **`CLAUDE.md`** → the file Claude Code / Cursor look for
|
|
39
|
+
- **`codex.md`** → the file GitHub Copilot / Codex look for
|
|
40
|
+
- **`GEMINI.md`** → the file Google Gemini looks for
|
|
41
|
+
|
|
42
|
+
Every one of these is a symlink pointing at `docs/base-standards.md`, so editing the rules once updates every tool at the same time.
|
|
43
|
+
|
|
44
|
+
### Why This Approach?
|
|
45
|
+
|
|
46
|
+
✅ **One source of truth**: rules live only in `base-standards.md`
|
|
47
|
+
✅ **No per-tool duplication**: each copilot just finds its expected filename
|
|
48
|
+
✅ **Works out of the box**: drop it into a project and it's already wired up
|
|
49
|
+
✅ **Cheap to maintain**: one edit propagates to every copilot
|
|
50
|
+
✅ **Fully portable**: reuse the same structure across any number of projects
|
|
51
|
+
|
|
52
|
+
## 🚀 Quick Start
|
|
53
|
+
|
|
54
|
+
### 1) Install and Initialize OpenSpec
|
|
55
|
+
|
|
56
|
+
This setup is designed to sit on top of OpenSpec, so install it first.
|
|
57
|
+
|
|
58
|
+
Requirement from OpenSpec's own docs:
|
|
59
|
+
|
|
60
|
+
- Node.js `20.19.0` or higher
|
|
61
|
+
|
|
62
|
+
Install the CLI globally:
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
npm install -g @fission-ai/openspec@latest
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
Then, from your project root:
|
|
69
|
+
|
|
70
|
+
```bash
|
|
71
|
+
cd your-project
|
|
72
|
+
openspec init
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
### 2) Bring Flow Spec Into Your Project
|
|
76
|
+
|
|
77
|
+
Copy this repo's contents into your project so `docs/` and `ai-specs/` exist before you touch OpenSpec's config:
|
|
78
|
+
|
|
79
|
+
```bash
|
|
80
|
+
# Clone or copy this repository into your project (`-n`: do not overwrite existing files so you keep project's original README)
|
|
81
|
+
cp -rn flow-spec/* your-project/
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
Claude Code users have a second option for this step:
|
|
85
|
+
|
|
86
|
+
- Install the Claude plugin and let it perform the import for you.
|
|
87
|
+
- Note this only changes **how the files get copied in** — it won't install OpenSpec, touch its config, or fill in `docs/` for you.
|
|
88
|
+
|
|
89
|
+
Or just run the installer directly:
|
|
90
|
+
|
|
91
|
+
```bash
|
|
92
|
+
npx @rrgarciach/flow-spec
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
It writes every template file into place and rebuilds the symlink layout automatically. Re-running it is harmless — it never clobbers files that already exist.
|
|
96
|
+
|
|
97
|
+
### 3) Fill In `docs/` With Your Own Context (Mandatory)
|
|
98
|
+
|
|
99
|
+
Don't skip this. Without it, your AI copilot keeps reasoning from placeholder context instead of your actual project.
|
|
100
|
+
|
|
101
|
+
Rewrite the files under `docs/` so they describe your real stack, architecture, domain vocabulary, API contracts, and data model.
|
|
102
|
+
|
|
103
|
+
See the [Customization](#-customization) section below for a ready-to-use prompt.
|
|
104
|
+
|
|
105
|
+
### 4) Wire OpenSpec's Config to Your `docs/` and `ai-specs/`
|
|
106
|
+
|
|
107
|
+
Once `openspec init` has run and the repo has been copied in, point your project's `config.yml` at the technical context living in `docs/`.
|
|
108
|
+
|
|
109
|
+
A prompt you can hand your copilot to do this automatically:
|
|
110
|
+
|
|
111
|
+
```text
|
|
112
|
+
Update my openspec config.yml context to reference this repository's docs and ai-specs structure.
|
|
113
|
+
|
|
114
|
+
Requirements:
|
|
115
|
+
- Use docs/base-standards.md as the single source of truth.
|
|
116
|
+
- Include docs/backend-standards.md, docs/frontend-standards.md, docs/documentation-standards.md.
|
|
117
|
+
- Include docs/api-spec.yml and docs/data-model.md.
|
|
118
|
+
- Tell the agent to adopt ai-specs/agents/backend-developer.md for backend work and ai-specs/agents/frontend-developer.md for frontend work.
|
|
119
|
+
- Mention ai-specs/skills as workflow guidance.
|
|
120
|
+
- Keep all paths relative to the project root.
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
Example (`config.yml`):
|
|
124
|
+
|
|
125
|
+
```yml
|
|
126
|
+
context: |
|
|
127
|
+
Tech stack: TODO - your languages, frameworks, and key infrastructure (e.g. AWS)
|
|
128
|
+
Architecture: TODO - your architectural style (e.g. layered, hexagonal, serverless)
|
|
129
|
+
We use conventional commits
|
|
130
|
+
Domain: TODO - one line describing what this project does and for whom
|
|
131
|
+
All code, comments, documentation, and technical artifacts must be in English
|
|
132
|
+
|
|
133
|
+
Project specs (single source of truth): All artifact creation and implementation MUST follow the project's technical context in ai-specs/. Read and apply these when creating or implementing:
|
|
134
|
+
- docs/base-standards.md — core principles, TDD, language standards, links to backend/frontend/docs standards
|
|
135
|
+
- docs/backend-standards.md — API, database, testing, security (backend changes)
|
|
136
|
+
- docs/frontend-standards.md — React, UI/UX (frontend changes)
|
|
137
|
+
- docs/api-spec.yml — API contracts and endpoint definitions
|
|
138
|
+
- docs/data-model.md — domain and data model
|
|
139
|
+
- docs/documentation-standards.md — docs structure and maintenance
|
|
140
|
+
For implementation: adopt the relevant agent from ai-specs/agents/ (e.g. backend-developer.md for backend, frontend-developer.md for frontend). Use ai-specs/skills/ for workflow guidance when applicable.
|
|
141
|
+
|
|
142
|
+
# Per-artifact rules (optional)
|
|
143
|
+
# Add custom rules for specific artifacts.
|
|
144
|
+
rules:
|
|
145
|
+
# Global: apply ai-specs when creating any artifact
|
|
146
|
+
_global:
|
|
147
|
+
- Before creating any artifact, read and apply docs/base-standards.md
|
|
148
|
+
- For backend-related artifacts, read docs/backend-standards.md and adopt guidelines from ai-specs/agents/backend-developer.md
|
|
149
|
+
- For frontend-related artifacts, read docs/frontend-standards.md and adopt guidelines from ai-specs/agents/frontend-developer.md
|
|
150
|
+
- Use docs/api-spec.yml and docs/data-model.md for API and data consistency in specs and tasks
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
## ✅ Verify Configuration (Required)
|
|
154
|
+
|
|
155
|
+
Once the steps above are done, check that your copilot is actually picking things up.
|
|
156
|
+
|
|
157
|
+
It should automatically resolve:
|
|
158
|
+
|
|
159
|
+
- **Claude/Cursor**: `CLAUDE.md` → `docs/base-standards.md`
|
|
160
|
+
- **GitHub Copilot**: `codex.md` → `docs/base-standards.md`
|
|
161
|
+
- **Gemini**: `GEMINI.md` → `docs/base-standards.md`
|
|
162
|
+
|
|
163
|
+
No manual wiring needed beyond what's already in place.
|
|
164
|
+
|
|
165
|
+
## 💡 Usage: Official OpenSpec Workflow
|
|
166
|
+
|
|
167
|
+
This repo leans on OpenSpec's own commands to drive the day-to-day loop:
|
|
168
|
+
|
|
169
|
+
1. **`/enrich-us`** (optional): turn a rough idea or ticket into a well-specified user story
|
|
170
|
+
2. **`/new`**: start a new OpenSpec change (currently just an alias for `/ff`)
|
|
171
|
+
3. **`/ff`**: generate every required OpenSpec artifact (proposal, tasks, etc.)
|
|
172
|
+
- `/new` followed by `/ff` is functionally the same as the newer `/propose` command
|
|
173
|
+
4. **`/apply`**: work through the tasks one at a time
|
|
174
|
+
5. **`/verify`**: check the implementation against what the change actually specified
|
|
175
|
+
6. **`/adversarial-review`**: an independent, red-team-style pass before anything gets archived
|
|
176
|
+
7. **`/archive`**: close out the finished change
|
|
177
|
+
8. **`/commit`**: produce a focused commit and handle the Pull Request once verification is done
|
|
178
|
+
|
|
179
|
+
Workflow reference:
|
|
180
|
+
|
|
181
|
+
```mermaid
|
|
182
|
+
flowchart TB
|
|
183
|
+
subgraph TOP[" "]
|
|
184
|
+
direction LR
|
|
185
|
+
US["User Story"] -->|"/enrich-us"| RUS["Refined User Story"] -->|"/new + /ff"| PA["Proposal Artifacts"]
|
|
186
|
+
end
|
|
187
|
+
|
|
188
|
+
subgraph MID["/apply output"]
|
|
189
|
+
direction TB
|
|
190
|
+
BR["Branch"] --> TE["Tests"] --> DOC["Documentation"] --> CODE["Code"] --> TR["Testing Report"] --> PU["Proposal Update"]
|
|
191
|
+
end
|
|
192
|
+
|
|
193
|
+
subgraph BOTTOM[" "]
|
|
194
|
+
direction LR
|
|
195
|
+
READY["Feature Ready"] -->|"/archive + /commit"| PRFEAT["Feature for PR"] --> PUB["Feature Published"]
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
PA -->|"/apply"| BR
|
|
199
|
+
PU -.->|"/verify + /adversarial-review: implement changes"| BR
|
|
200
|
+
PU -->|"/verify + /adversarial-review: passes"| READY
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
### Optional: MCP Integrations (monday.com + Playwright)
|
|
204
|
+
|
|
205
|
+
A couple of MCP servers make parts of this workflow smoother. Both are optional — skip either one, or swap in whatever equivalent tool you already use.
|
|
206
|
+
|
|
207
|
+
- **monday.com MCP (used by `/enrich-us`)**: lets the agent pull item details straight from a board instead of you copy-pasting them in. Keep a custom text column on the board holding a readable key (e.g. `PROJ-123`) so items can be looked up by that value rather than the internal numeric item id.
|
|
208
|
+
- **Playwright MCP (for E2E checks)**: gives the agent a real browser to drive when validating user-facing flows.
|
|
209
|
+
|
|
210
|
+
To set these up:
|
|
211
|
+
|
|
212
|
+
- **Cursor**: register the MCP servers under Cursor's settings, then supply the credentials each one needs (e.g. a monday.com API token).
|
|
213
|
+
- **Other tools/IDEs**: follow that tool's own MCP setup docs to add the monday.com and Playwright servers.
|
|
214
|
+
|
|
215
|
+
Not using monday.com, or don't want automated E2E checks? Just adjust the affected skills and the rest of the OpenSpec flow keeps working as-is.
|
|
216
|
+
|
|
217
|
+
### Example: End-to-End Flow
|
|
218
|
+
|
|
219
|
+
A typical run through the commands, in order:
|
|
220
|
+
|
|
221
|
+
It's worth spinning up a dedicated worktree first (the `using-git-worktrees` skill handles this) and tearing it down once you're done.
|
|
222
|
+
|
|
223
|
+
```bash
|
|
224
|
+
/enrich-us SCRUM-10
|
|
225
|
+
/ff SCRUM-10
|
|
226
|
+
/apply SCRUM-10
|
|
227
|
+
/verify SCRUM-10
|
|
228
|
+
/adversarial-review SCRUM-10
|
|
229
|
+
/archive SCRUM-10
|
|
230
|
+
/commit
|
|
231
|
+
```
|
|
232
|
+
|
|
233
|
+
OpenSpec's own directories track every artifact produced along the way, including the testing reports generated during the run.
|
|
234
|
+
|
|
235
|
+
### Useful Skills
|
|
236
|
+
|
|
237
|
+
Skills are defined once under `ai-specs/skills/` and exposed to every copilot via relative symlinks in `.claude/skills/` and `.cursor/skills/`. Whichever agent you're running, it picks up a skill automatically once a request matches that skill's description (see `AGENTS.md` §4). The ones you'll reach for most often are **`enrich-us`**, **`using-git-worktrees`**, **`writing-skills`**, and **`code-auditing`**:
|
|
238
|
+
|
|
239
|
+
- **`enrich-us`** — Turns a thin user story (pulled from monday.com, or just an idea typed in chat) into something implementation-ready: acceptance criteria, technical detail, edge cases. Run this **before** planning so the team and the agent start from the same understanding of scope.
|
|
240
|
+
- **`using-git-worktrees`** — Spins up an isolated workspace before you start a feature or run a plan: safe creation, baseline checks, copying over local Claude settings, and a full teardown once the work is merged.
|
|
241
|
+
- **`writing-skills`** — Guides you through authoring or refactoring a skill with TDD-style validation before it ships. Reach for this whenever you're touching `ai-specs/skills/`.
|
|
242
|
+
- **`code-auditing`** — Walks a codebase through a 6-phase quality pass (security, performance, type safety, dead code, library health) and ends with a ranked action list. Good fit for pre-release checks or a technical-debt sweep.
|
|
243
|
+
|
|
244
|
+
The repo also ships `commit`, `explain`, `meta-prompt`, and `update-docs` as active skills — check each `ai-specs/skills/<name>/SKILL.md` for specifics.
|
|
245
|
+
|
|
246
|
+
## 📖 Core Development Rules
|
|
247
|
+
|
|
248
|
+
Everything here flows from the principles in `docs/base-standards.md`:
|
|
249
|
+
|
|
250
|
+
### Key Principles
|
|
251
|
+
|
|
252
|
+
1. **Small Tasks, One at a Time**: move in small, reviewable steps — never several stages ahead
|
|
253
|
+
2. **Test-Driven Development (TDD)**: red before green, every time
|
|
254
|
+
3. **Type Safety**: no untyped code paths (TypeScript throughout)
|
|
255
|
+
4. **Clear Naming**: names should explain themselves
|
|
256
|
+
5. **English Only**: code, comments, docs, and commit messages, no exceptions
|
|
257
|
+
6. **90%+ Test Coverage**: across every layer, not just the happy path
|
|
258
|
+
7. **Incremental Changes**: keep diffs small and easy to review
|
|
259
|
+
|
|
260
|
+
### Specific Standards
|
|
261
|
+
|
|
262
|
+
- **Backend Standards**: `docs/backend-standards.md`
|
|
263
|
+
- API development patterns
|
|
264
|
+
- Database best practices
|
|
265
|
+
- Security guidelines
|
|
266
|
+
- Testing requirements
|
|
267
|
+
- **Frontend Standards**: `docs/frontend-standards.md`
|
|
268
|
+
- React component patterns
|
|
269
|
+
- UI/UX guidelines
|
|
270
|
+
- State management
|
|
271
|
+
- Component testing
|
|
272
|
+
- **Documentation Standards**: `docs/documentation-standards.md`
|
|
273
|
+
- Technical documentation structure
|
|
274
|
+
- API documentation (OpenAPI)
|
|
275
|
+
- Code documentation
|
|
276
|
+
- Maintenance guidelines
|
|
277
|
+
|
|
278
|
+
## 🎯 Benefits
|
|
279
|
+
|
|
280
|
+
### For Developers
|
|
281
|
+
|
|
282
|
+
- ✅ **Consistent Code Quality**: the agent applies the same rules run after run
|
|
283
|
+
- ✅ **Comprehensive Testing**: 90%+ coverage across layers, without chasing it manually
|
|
284
|
+
- ✅ **Complete Documentation**: API specs stay current as part of the flow
|
|
285
|
+
- ✅ **Faster Onboarding**: newcomers read the same rules the agent already follows
|
|
286
|
+
- ✅ **Reduced Review Time**: output already matches established patterns
|
|
287
|
+
|
|
288
|
+
### For Teams
|
|
289
|
+
|
|
290
|
+
- ✅ **Copilot Flexibility**: everyone keeps using the AI tool they prefer
|
|
291
|
+
- ✅ **Knowledge Preservation**: standards live in files, not in someone's head
|
|
292
|
+
- ✅ **Quality Consistency**: the same bar applies no matter who — or what — wrote the code
|
|
293
|
+
- ✅ **Easier Code Reviews**: expectations are explicit going in
|
|
294
|
+
- ✅ **Scalable Practices**: the rules scale with headcount, the docs don't need to
|
|
295
|
+
|
|
296
|
+
### For Projects
|
|
297
|
+
|
|
298
|
+
- ✅ **Maintainable Codebase**: clean architecture, clear layering
|
|
299
|
+
- ✅ **Production-Ready Code**: TDD, error handling, and validation baked in from the start
|
|
300
|
+
- ✅ **Living Documentation**: specs and data models stay in sync with reality
|
|
301
|
+
- ✅ **Faster Feature Development**: the agent can implement autonomously from a plan
|
|
302
|
+
- ✅ **Lower Technical Debt**: good practices are the default, not an afterthought
|
|
303
|
+
|
|
304
|
+
## 🔧 Customization
|
|
305
|
+
|
|
306
|
+
### Adapting to Your Project
|
|
307
|
+
|
|
308
|
+
1. **Rewrite the technical context**: go through everything under `docs/` and replace the principles, conventions, business rules, and reference material with your project's own:
|
|
309
|
+
- backend/frontend/testing/documentation standards
|
|
310
|
+
- installation guide
|
|
311
|
+
- data model
|
|
312
|
+
- API docs
|
|
313
|
+
- ...
|
|
314
|
+
2. **Adjust the agent roles in `ai-specs/agents`**: match them to how your team actually splits responsibilities
|
|
315
|
+
3. **Grow the skill library in `ai-specs/skills`**: capture proven prompts and workflows as reusable skills
|
|
316
|
+
4. **Wire up external resources**: connect project docs or ticket systems through MCPs
|
|
317
|
+
5. **Preserve the symlink layout**: keep `.claude` and `.cursor` pointing at `ai-specs/agents` and `ai-specs/skills` via relative symlinks so nothing drifts out of sync
|
|
318
|
+
|
|
319
|
+
### Prompt Example: Adapt Technical Context
|
|
320
|
+
|
|
321
|
+
A prompt you can hand your copilot to rewrite `docs/` while keeping the same layout:
|
|
322
|
+
|
|
323
|
+
```text
|
|
324
|
+
Following the same base structure already present in docs/, update all technical context documents according to this project's specifics.
|
|
325
|
+
|
|
326
|
+
Requirements:
|
|
327
|
+
- Keep the same document set and file names in docs/.
|
|
328
|
+
- Replace generic content with this project's real stack, architecture patterns, coding conventions, and domain terminology.
|
|
329
|
+
- Update backend, frontend, and documentation standards to reflect actual practices used by this team.
|
|
330
|
+
- Update docs/api-spec.yml and docs/data-model.md so they match the real endpoints and entities of this project.
|
|
331
|
+
- Ensure all references are internally consistent and aligned across docs/.
|
|
332
|
+
- Keep everything in English and make guidance implementation-ready for AI agents.
|
|
333
|
+
```
|
|
334
|
+
|
|
335
|
+
### Maintaining Standards
|
|
336
|
+
|
|
337
|
+
- **Single Source of Truth**: `base-standards.md` gets updated first, always
|
|
338
|
+
- **Version Control**: treat standards changes like any other code change
|
|
339
|
+
- **Team Review**: run changes to the standards through review, same as a PR
|
|
340
|
+
- **Documentation**: keep the examples honest with what's actually implemented
|
|
341
|
+
- **Symlink Integrity**: renaming or moving a file means checking every symlink that points at it
|
|
342
|
+
- **Canonical Placement**: `ai-specs` stays the canonical source; `.claude`/`.cursor` only ever hold symlinks into it
|
|
343
|
+
|
|
344
|
+
## 📚 Technical context
|
|
345
|
+
|
|
346
|
+
### `docs/` Templates (Fill These In)
|
|
347
|
+
|
|
348
|
+
The files below ship as **empty skeletons**: the section headers show what to cover, but every `_TODO_` needs your project's real content before an agent can use it as context:
|
|
349
|
+
|
|
350
|
+
- **API Specification**: `docs/api-spec.yml` (OpenAPI 3.0 format)
|
|
351
|
+
- *Document your actual endpoints here instead*
|
|
352
|
+
- **Data Models**: `docs/data-model.md` (Database schemas, domain models)
|
|
353
|
+
- *Describe your real database structure and domain entities*
|
|
354
|
+
- **Development Guide**: `docs/development_guide.md` (Setup, workflows)
|
|
355
|
+
- *Write the setup steps that match your actual tech stack*
|
|
356
|
+
|
|
357
|
+
## 🤝 Contributing
|
|
358
|
+
|
|
359
|
+
When changing the standards themselves:
|
|
360
|
+
|
|
361
|
+
1. Update `base-standards.md` first — it's the single source of truth
|
|
362
|
+
2. Confirm the change still works across the AI copilots you support
|
|
363
|
+
3. Refresh any generated examples under `changes/` that are now out of date
|
|
364
|
+
4. Call out breaking changes explicitly
|
|
365
|
+
5. Hold the standards documents to the same bar they set for everything else
|
|
366
|
+
|
|
367
|
+
## 📄 License
|
|
368
|
+
|
|
369
|
+
Copyright (c) 2026 Ruy Garcia
|
|
370
|
+
Licensed under the MIT License
|
|
371
|
+
|
|
372
|
+
---
|
|
373
|
+
|
|
374
|
+
## 🙏 Acknowledgements
|
|
375
|
+
|
|
376
|
+
Several workflow and skill patterns here draw on the Superpowers framework, particularly:
|
|
377
|
+
|
|
378
|
+
- `using-git-worktrees`
|
|
379
|
+
- `writing-skills`
|
|
380
|
+
|
|
381
|
+
Superpowers project: [obra/superpowers](https://github.com/obra/superpowers/tree/main)
|
|
382
|
+
|
|
383
|
+
Additional attribution:
|
|
384
|
+
|
|
385
|
+
- `code-auditing` skill: adapted from [jeffrigby/somepulp-agents](https://github.com/jeffrigby/somepulp-agents/tree/main)
|
|
386
|
+
|
|
387
|
+
**Made with 🤖 by Flow Spec**
|
|
388
|
+
|
|
389
|
+
Questions, issues, or suggestions? Open an issue on the Flow Spec repository.
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
# code_review.sh - Basic code review report
|
|
3
|
+
|
|
4
|
+
set -euo pipefail
|
|
5
|
+
|
|
6
|
+
echo "Starting code review..."
|
|
7
|
+
|
|
8
|
+
if ! command -v agent >/dev/null 2>&1; then
|
|
9
|
+
echo "Error: 'agent' command not found in PATH."
|
|
10
|
+
exit 1
|
|
11
|
+
fi
|
|
12
|
+
|
|
13
|
+
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
14
|
+
TIMESTAMP="$(date +%Y%m%d_%H%M%S)"
|
|
15
|
+
OUTPUT_FILE="${SCRIPT_DIR}/review_${TIMESTAMP}.txt"
|
|
16
|
+
|
|
17
|
+
if agent -p --output-format text \
|
|
18
|
+
"Review the recent code changes and provide feedback on:
|
|
19
|
+
- Code quality and readability
|
|
20
|
+
- Possible bugs or issues
|
|
21
|
+
- Security considerations
|
|
22
|
+
- Best-practices compliance
|
|
23
|
+
|
|
24
|
+
Provide specific improvement suggestions." > "${OUTPUT_FILE}"; then
|
|
25
|
+
if [[ -s "${OUTPUT_FILE}" ]]; then
|
|
26
|
+
echo "Code review completed successfully."
|
|
27
|
+
echo "Review saved to: ${OUTPUT_FILE}"
|
|
28
|
+
else
|
|
29
|
+
echo "Code review failed: output file is empty."
|
|
30
|
+
exit 1
|
|
31
|
+
fi
|
|
32
|
+
else
|
|
33
|
+
echo "Code review failed while running 'agent'."
|
|
34
|
+
exit 1
|
|
35
|
+
fi
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: code-auditing
|
|
3
|
+
description: Task-focused project skill.
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
---
|
|
6
|
+
# Code Auditing Skill
|
|
7
|
+
|
|
8
|
+
Comprehensive methodology for systematic code quality audits.
|
|
9
|
+
|
|
10
|
+
## When to Use
|
|
11
|
+
|
|
12
|
+
- Comprehensive code quality audits
|
|
13
|
+
- Security vulnerability assessments
|
|
14
|
+
- Technical debt identification
|
|
15
|
+
- Pre-release code reviews
|
|
16
|
+
- Best practices verification
|
|
17
|
+
- Library and dependency audits
|
|
18
|
+
|
|
19
|
+
## Audit Phases
|
|
20
|
+
|
|
21
|
+
### Phase 0: Pre-Analysis Setup
|
|
22
|
+
1. Check for project configuration files (package.json, tsconfig.json, etc.)
|
|
23
|
+
2. Identify tech stack and main libraries
|
|
24
|
+
3. Check for linting/formatting configs
|
|
25
|
+
4. Run existing linting/testing commands as baseline
|
|
26
|
+
5. Load documentation for identified core libraries
|
|
27
|
+
|
|
28
|
+
### Phase 1: Discovery
|
|
29
|
+
1. Find all code files by type
|
|
30
|
+
2. Create tracking list for each file
|
|
31
|
+
3. Group files by module/feature for contextual analysis
|
|
32
|
+
|
|
33
|
+
### Phase 2: File-by-File Analysis
|
|
34
|
+
For each file, analyze for:
|
|
35
|
+
- Dead code (unused functions, variables, imports)
|
|
36
|
+
- Code smells and anti-patterns
|
|
37
|
+
- Custom implementations that could use established libraries
|
|
38
|
+
- Security vulnerabilities
|
|
39
|
+
- Performance issues
|
|
40
|
+
- Outdated patterns or deprecated APIs
|
|
41
|
+
- Missing error handling
|
|
42
|
+
- Overly complex functions
|
|
43
|
+
- Duplicate code
|
|
44
|
+
|
|
45
|
+
### Phase 3: Best Practices Verification
|
|
46
|
+
For every library and framework:
|
|
47
|
+
1. Retrieve official documentation
|
|
48
|
+
2. Compare implementation against official patterns
|
|
49
|
+
3. Identify deviations from recommendations
|
|
50
|
+
4. Note outdated usage patterns
|
|
51
|
+
5. Flag discouraged anti-patterns
|
|
52
|
+
|
|
53
|
+
### Phase 4: Pattern Detection
|
|
54
|
+
Look for recurring issues:
|
|
55
|
+
- Common anti-patterns across files
|
|
56
|
+
- Duplicated logic that could be abstracted
|
|
57
|
+
- Inconsistent coding styles
|
|
58
|
+
- Missing error handling patterns
|
|
59
|
+
|
|
60
|
+
### Phase 5: Library Recommendations
|
|
61
|
+
For custom implementations:
|
|
62
|
+
1. Check if current libraries provide the functionality
|
|
63
|
+
2. Search for mature ecosystem packages
|
|
64
|
+
3. Verify library health (commits, issues, activity)
|
|
65
|
+
4. Check compatibility with project setup
|
|
66
|
+
|
|
67
|
+
### Phase 6: Comprehensive Report
|
|
68
|
+
Generate detailed report with:
|
|
69
|
+
- Executive summary
|
|
70
|
+
- Critical issues requiring immediate attention
|
|
71
|
+
- File-by-file findings
|
|
72
|
+
- Prioritized action plan
|
|
73
|
+
- Effort estimates
|
|
74
|
+
- Library recommendations
|
|
75
|
+
|
|
76
|
+
## Issue Priority Levels
|
|
77
|
+
|
|
78
|
+
- **Critical** - Security vulnerabilities, broken functionality
|
|
79
|
+
- **High Priority** - Performance bottlenecks, unmaintainable code
|
|
80
|
+
- **Medium Priority** - Code quality, best practices deviations
|
|
81
|
+
- **Low Priority** - Style, minor improvements
|
|
82
|
+
- **Quick Wins** - Less than 30 minutes to fix
|
|
83
|
+
|
|
84
|
+
## Analysis Categories
|
|
85
|
+
|
|
86
|
+
### Security
|
|
87
|
+
- Hardcoded secrets
|
|
88
|
+
- SQL injection risks
|
|
89
|
+
- XSS vulnerabilities
|
|
90
|
+
- Missing input validation
|
|
91
|
+
- Exposed sensitive data
|
|
92
|
+
|
|
93
|
+
### Performance
|
|
94
|
+
- Inefficient algorithms
|
|
95
|
+
- Blocking operations
|
|
96
|
+
- Memory leaks
|
|
97
|
+
- Missing caching opportunities
|
|
98
|
+
- N+1 query patterns
|
|
99
|
+
|
|
100
|
+
### TypeScript/Type Safety
|
|
101
|
+
- Missing type annotations
|
|
102
|
+
- Use of `any` type
|
|
103
|
+
- Custom types duplicating official types
|
|
104
|
+
- Missing @types packages
|
|
105
|
+
|
|
106
|
+
### Async/Promise Issues
|
|
107
|
+
- Missing await keywords
|
|
108
|
+
- Unhandled promise rejections
|
|
109
|
+
- Callback hell
|
|
110
|
+
|
|
111
|
+
### Dead Code
|
|
112
|
+
- Unused imports and exports
|
|
113
|
+
- Unused functions, classes, and methods
|
|
114
|
+
- Unused variables and types
|
|
115
|
+
- Unreachable code blocks
|
|
116
|
+
- Unused files (not imported anywhere)
|
|
117
|
+
- Unused dependencies
|
|
118
|
+
|
|
119
|
+
**Tools:**
|
|
120
|
+
- JavaScript/TypeScript: `npx knip --reporter json`
|
|
121
|
+
- Python: `deadcode . --dry`
|
|
122
|
+
|
|
123
|
+
**Important:** Always verify tool findings before reporting. Check for:
|
|
124
|
+
- Dynamic imports (`import(variable)`)
|
|
125
|
+
- Framework patterns (React components, decorators)
|
|
126
|
+
- Re-exports for public API
|
|
127
|
+
- Entry points (CLI scripts, serverless handlers)
|
|
128
|
+
|
|
129
|
+
## Resources
|
|
130
|
+
|
|
131
|
+
See the reference documents for complete methodologies:
|
|
132
|
+
|
|
133
|
+
- `references/audit-methodology.md` - Full 6-phase audit process with detailed checklists
|
|
134
|
+
- `references/dead-code-methodology.md` - Dead code detection tools, verification, and cleanup workflows
|
|
135
|
+
|
|
136
|
+
## Quick Reference
|
|
137
|
+
|
|
138
|
+
### Before Starting
|
|
139
|
+
- [ ] Read project configuration files
|
|
140
|
+
- [ ] Identify tech stack and libraries
|
|
141
|
+
- [ ] Run existing linters as baseline
|
|
142
|
+
- [ ] Create file tracking list
|
|
143
|
+
|
|
144
|
+
### During Audit
|
|
145
|
+
- [ ] Mark files as in-progress
|
|
146
|
+
- [ ] Analyze each category systematically
|
|
147
|
+
- [ ] Note specific line numbers
|
|
148
|
+
- [ ] Document before/after examples
|
|
149
|
+
- [ ] Mark files as completed
|
|
150
|
+
|
|
151
|
+
### After Audit
|
|
152
|
+
- [ ] Categorize all findings by priority
|
|
153
|
+
- [ ] Generate comprehensive report
|
|
154
|
+
- [ ] Save report to project root
|
|
155
|
+
- [ ] Provide brief console summary
|